Certain private keys being mangled by wg on FreeBSD
Christian McDonald
rcmcdonald91 at gmail.com
Sun Jun 6 15:59:21 UTC 2021
Would it not be better for wg to just fail outright instead of
transforming a poorly generated key entered by a user, regardless of
where the key came from? Especially if that problematic key passes the
regex validation that was provided in another thread in this email
list? If not, what would be an appropriate solution to catch
situations like this and in turn alert users? This seems like it could
be a larger discussion on interoperability, especially when dealing
with keys that are being generated by VPN providers.
Granted, this certainly isn’t my area of expertise. Though, the
behavior is just unexpected (and confusing) from an end user
perspective.
On Sun, Jun 6, 2021 at 11:09 AM Jason A. Donenfeld <Jason at zx2c4.com> wrote:
>
> It looks like whatever is generating those private keys is not
> clamping them. Specifically, all private keys should undergo this
> transformation:
>
> key[0] &= 248;
> key[31] = (key[31] & 127) | 64;
>
> In your case, your `Lm` prefix (first byte: 0x2c) is being anded with
> 248, and thus turns into KG (first byte: 0x28).
>
> The kernel properly clamps the keys on input, though, in case
> generators forget to clamp them. So what you're seeing is correct
> behavior.
--
R. Christian McDonald
M: (616) 856-9291
E: rcmcdonald91 at gmail.com
More information about the WireGuard
mailing list