On Sat, Dec 26, 2020 at 12:38 AM Matthias May <matthias....@westermo.com> wrote: > > On 25/12/2020 10:10, Nico Schottelius wrote: > > > > Good morning Adam and Jason, > > > > thanks for your qualified and fast answers! It's nice to see Dan's > > website still referenced in almost 2021 and also that it can be easily > > enough verified. > > > > For reference and if anyone ever looks up this thread, I am using > > the following code within the Django Rest Framework [0]: > > > > -------------------------------------------------------------------------------- > > def validate_wireguard_public_key(self, value): > > msg = _("Supplied key is not a valid wireguard public key") > > > > """ > > Verify wireguard key. > > See > > https://urldefense.com/v3/__https://lists.zx2c4.com/pipermail/wireguard/2020-December/006221.html__;!!I9LPvj3b!XDmxiY_v3yY5wQI9GfFvshrCIUcqg4vvKg35qvL0fFajgNHTwr3LcySSqHrNgCByOzQ$ > > """ > > > > try: > > decoded_key = base64.standard_b64decode(value) > > except Exception as e: > > raise serializers.ValidationError(msg) > > > > if not len(decoded_key) == 32: > > raise serializers.ValidationError(msg) > > > > return value > > -------------------------------------------------------------------------------- > > > > Thanks again and enjoy the quite time over Christmas! > > > > Best regards, > > > > Nico > > > > [0] > > https://urldefense.com/v3/__https://code.ungleich.ch/uncloud/uncloud/-/blob/master/uncloud_net/serializers.py*L37__;Iw!!I9LPvj3b!XDmxiY_v3yY5wQI9GfFvshrCIUcqg4vvKg35qvL0fFajgNHTwr3LcySSqHrNb-aKgNg$ > > > > > > Adam Stiles <ajsti...@gmail.com> writes: > > > >> Hi Nico, > >> > >> WireGuard uses Curve25519 keys. A Curve25519 secret key is a random 32 > >> byte value with a few special bits flipped, and a public key is > >> calculated from a secret key. > >> > >> There's some good info here > >> (https://urldefense.com/v3/__https://cr.yp.to/ecdh.html__;!!I9LPvj3b!XDmxiY_v3yY5wQI9GfFvshrCIUcqg4vvKg35qvL0fFajgNHTwr3LcySSqHrNDoxdskk$ > >> ), including > >> this questions and answer: > >> > >> "How do I validate Curve25519 public keys?" > >> > >> "Don't. The Curve25519 function was carefully designed to allow all > >> 32-byte strings as Diffie-Hellman public keys." > >> > >> I just saw Jason's response, and so this is a bit redundant, but the > >> reference above is a good one. > >> > >> Best, > >> > >> Adam > >> > >> > >> On Thu, Dec 24, 2020 at 3:21 PM Nico Schottelius > >> <nico.schottel...@ungleich.ch> wrote: > >>> > >>> > >>> Good morning, > >>> > >>> I am currently extending uncloud [0] to support wireguard tunnels and > >>> keys. At the moment it is not entirely clear how to verify that a > >>> certain string is a valid wireguard key. > >>> > >>> I first tried checking that it is valid base64, but not all base64 > >>> strings are valid wireguard keys. > >>> > >>> Then I tried using `echo $key | wg pubkey && echo ok` - which seems to > >>> check the key format, however the intended behaviour here is misused. > >>> > >>> Does anyone have a pointer on how to reliably identify wireguard public > >>> keys? > >>> > >>> Is the wireguard key always 32 bytes when decoded from base64? Tests > >>> with a number of public keys seems to indicate that. > >>> > >>> Best regards, > >>> > >>> Nico > >>> > >>> > >>> [0] > >>> https://urldefense.com/v3/__https://code.ungleich.ch/uncloud/uncloud__;!!I9LPvj3b!XDmxiY_v3yY5wQI9GfFvshrCIUcqg4vvKg35qvL0fFajgNHTwr3LcySSqHrNE6JpRjQ$ > >>> > >>> -- > >>> Modern, affordable, Swiss Virtual Machines. Visit > >>> https://urldefense.com/v3/__http://www.datacenterlight.ch__;!!I9LPvj3b!XDmxiY_v3yY5wQI9GfFvshrCIUcqg4vvKg35qvL0fFajgNHTwr3LcySSqHrNmbUvisY$ > > > > > > -- > > Modern, affordable, Swiss Virtual Machines. Visit > > https://urldefense.com/v3/__http://www.datacenterlight.ch__;!!I9LPvj3b!XDmxiY_v3yY5wQI9GfFvshrCIUcqg4vvKg35qvL0fFajgNHTwr3LcySSqHrNmbUvisY$ > > > > > Hi > On this topic, i recently implemented a check if a key is valid in cpp with > the following rather crude code: > > bool isValidWgKey(const string& usage, const string& key) > { > /* Wireguard keys are BASE64 encoded */ > unsigned int _key_length = 44; > unsigned int _key_offset = _key_length -1; > if (key.length() != _key_length) { > log("Wireguard " + usage + " has wrong length (" + > to_string(key.length()) + " instead of 44)!"); > return false; > } > size_t found = > key.substr(0,_key_offset).find_first_not_of("abcdefghijklmnopqrstuvwxyz" > > "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/"); > if (found != std::string::npos) { > log("Wireguard " + usage + " contains invalid character '" + > key.substr(found, 1) + "'"); > return false; > } > if (key.substr(_key_offset,1) != "=") { > log("Wireguard " + usage + " ends with invalid character '" + > key.substr(found, 1) + "' instead of '='"); > return false; > } > return true; > }
This code is incorrect because it allows keys that are up to 258bits, instead of being exactly 256bits. See my post a few messages ago about different rules for the penultimate character. https://lists.zx2c4.com/pipermail/wireguard/2020-December/006222.html Jason