Certain private keys being mangled by wg on FreeBSD

Jason A. Donenfeld Jason at zx2c4.com
Sun Jun 6 15:09:01 UTC 2021

It looks like whatever is generating those private keys is not
clamping them. Specifically, all private keys should undergo this

        key[0] &= 248;
        key[31] = (key[31] & 127) | 64;

In your case, your `Lm` prefix (first byte: 0x2c) is being anded with
248, and thus turns into KG (first byte: 0x28).

The kernel properly clamps the keys on input, though, in case
generators forget to clamp them. So what you're seeing is correct

More information about the WireGuard mailing list