Certain private keys being mangled by wg on FreeBSD
Jason A. Donenfeld
Jason at zx2c4.com
Sun Jun 6 15:09:01 UTC 2021
It looks like whatever is generating those private keys is not
clamping them. Specifically, all private keys should undergo this
transformation:
key[0] &= 248;
key[31] = (key[31] & 127) | 64;
In your case, your `Lm` prefix (first byte: 0x2c) is being anded with
248, and thus turns into KG (first byte: 0x28).
The kernel properly clamps the keys on input, though, in case
generators forget to clamp them. So what you're seeing is correct
behavior.
More information about the WireGuard
mailing list