From 05547861b65100279027a64f58793caea1143a30 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Fri, 8 Feb 2019 00:44:14 +0100 Subject: Key: Constant time encoding Signed-off-by: Jason A. Donenfeld --- WireGuard/WireGuard/UI/TunnelViewModel.swift | 26 ++++++++++++---------- .../TunnelEditTableViewController.swift | 2 +- .../ViewController/TunnelEditViewController.swift | 12 +++++----- 3 files changed, 21 insertions(+), 19 deletions(-) (limited to 'WireGuard/WireGuard/UI') diff --git a/WireGuard/WireGuard/UI/TunnelViewModel.swift b/WireGuard/WireGuard/UI/TunnelViewModel.swift index 5de6cab..35dd98b 100644 --- a/WireGuard/WireGuard/UI/TunnelViewModel.swift +++ b/WireGuard/WireGuard/UI/TunnelViewModel.swift @@ -105,9 +105,9 @@ class TunnelViewModel { scratchpad[field] = stringValue } if field == .privateKey { - if stringValue.count == TunnelViewModel.keyLengthInBase64, let privateKey = Data(base64Encoded: stringValue), privateKey.count == TunnelConfiguration.keyLength { - let publicKey = Curve25519.generatePublicKey(fromPrivateKey: privateKey) - scratchpad[.publicKey] = publicKey.base64EncodedString() + if stringValue.count == TunnelViewModel.keyLengthInBase64, let privateKey = Data(base64Key: stringValue), privateKey.count == TunnelConfiguration.keyLength { + let publicKey = Curve25519.generatePublicKey(fromPrivateKey: privateKey).base64Key() ?? "" + scratchpad[.publicKey] = publicKey } else { scratchpad.removeValue(forKey: .publicKey) } @@ -124,8 +124,8 @@ class TunnelViewModel { private static func createScratchPad(from config: InterfaceConfiguration, name: String) -> [InterfaceField: String] { var scratchpad = [InterfaceField: String]() scratchpad[.name] = name - scratchpad[.privateKey] = config.privateKey.base64EncodedString() - scratchpad[.publicKey] = config.publicKey.base64EncodedString() + scratchpad[.privateKey] = config.privateKey.base64Key() ?? "" + scratchpad[.publicKey] = config.publicKey.base64Key() ?? "" if !config.addresses.isEmpty { scratchpad[.addresses] = config.addresses.map { $0.stringRepresentation }.joined(separator: ", ") } @@ -155,7 +155,7 @@ class TunnelViewModel { fieldsWithError.insert(.privateKey) return .error(tr("alertInvalidInterfaceMessagePrivateKeyRequired")) } - guard let privateKey = Data(base64Encoded: privateKeyString), privateKey.count == TunnelConfiguration.keyLength else { + guard let privateKey = Data(base64Key: privateKeyString), privateKey.count == TunnelConfiguration.keyLength else { fieldsWithError.insert(.privateKey) return .error(tr("alertInvalidInterfaceMessagePrivateKeyInvalid")) } @@ -255,7 +255,7 @@ class TunnelViewModel { return validatedConfiguration.publicKey } if let scratchPadPublicKey = scratchpad[.publicKey] { - return Data(base64Encoded: scratchPadPublicKey) + return Data(base64Key: scratchPadPublicKey) } return nil } @@ -300,9 +300,11 @@ class TunnelViewModel { private static func createScratchPad(from config: PeerConfiguration) -> [PeerField: String] { var scratchpad = [PeerField: String]() - scratchpad[.publicKey] = config.publicKey.base64EncodedString() - if let preSharedKey = config.preSharedKey { - scratchpad[.preSharedKey] = preSharedKey.base64EncodedString() + if let publicKey = config.publicKey.base64Key() { + scratchpad[.publicKey] = publicKey + } + if let preSharedKey = config.preSharedKey?.base64Key() { + scratchpad[.preSharedKey] = preSharedKey } if !config.allowedIPs.isEmpty { scratchpad[.allowedIPs] = config.allowedIPs.map { $0.stringRepresentation }.joined(separator: ", ") @@ -335,14 +337,14 @@ class TunnelViewModel { fieldsWithError.insert(.publicKey) return .error(tr("alertInvalidPeerMessagePublicKeyRequired")) } - guard let publicKey = Data(base64Encoded: publicKeyString), publicKey.count == TunnelConfiguration.keyLength else { + guard let publicKey = Data(base64Key: publicKeyString), publicKey.count == TunnelConfiguration.keyLength else { fieldsWithError.insert(.publicKey) return .error(tr("alertInvalidPeerMessagePublicKeyInvalid")) } var config = PeerConfiguration(publicKey: publicKey) var errorMessages = [String]() if let preSharedKeyString = scratchpad[.preSharedKey] { - if let preSharedKey = Data(base64Encoded: preSharedKeyString), preSharedKey.count == TunnelConfiguration.keyLength { + if let preSharedKey = Data(base64Key: preSharedKeyString), preSharedKey.count == TunnelConfiguration.keyLength { config.preSharedKey = preSharedKey } else { fieldsWithError.insert(.preSharedKey) diff --git a/WireGuard/WireGuard/UI/iOS/ViewController/TunnelEditTableViewController.swift b/WireGuard/WireGuard/UI/iOS/ViewController/TunnelEditTableViewController.swift index f4bf157..01fed49 100644 --- a/WireGuard/WireGuard/UI/iOS/ViewController/TunnelEditTableViewController.swift +++ b/WireGuard/WireGuard/UI/iOS/ViewController/TunnelEditTableViewController.swift @@ -213,7 +213,7 @@ extension TunnelEditTableViewController { cell.onTapped = { [weak self] in guard let self = self else { return } - self.tunnelViewModel.interfaceData[.privateKey] = Curve25519.generatePrivateKey().base64EncodedString() + self.tunnelViewModel.interfaceData[.privateKey] = Curve25519.generatePrivateKey().base64Key() ?? "" if let privateKeyRow = self.interfaceFieldsBySection[indexPath.section].firstIndex(of: .privateKey), let publicKeyRow = self.interfaceFieldsBySection[indexPath.section].firstIndex(of: .publicKey) { let privateKeyIndex = IndexPath(row: privateKeyRow, section: indexPath.section) diff --git a/WireGuard/WireGuard/UI/macOS/ViewController/TunnelEditViewController.swift b/WireGuard/WireGuard/UI/macOS/ViewController/TunnelEditViewController.swift index 27d60c7..395eeb4 100644 --- a/WireGuard/WireGuard/UI/macOS/ViewController/TunnelEditViewController.swift +++ b/WireGuard/WireGuard/UI/macOS/ViewController/TunnelEditViewController.swift @@ -104,8 +104,8 @@ class TunnelEditViewController: NSViewController { let tunnelConfiguration = tunnel.tunnelConfiguration! nameRow.value = tunnel.name textView.string = tunnelConfiguration.asWgQuickConfig() - publicKeyRow.value = tunnelConfiguration.interface.publicKey.base64EncodedString() - textView.privateKeyString = tunnelConfiguration.interface.privateKey.base64EncodedString() + publicKeyRow.value = tunnelConfiguration.interface.publicKey.base64Key() ?? "" + textView.privateKeyString = tunnelConfiguration.interface.privateKey.base64Key() ?? "" if tunnel.activateOnDemandSetting.isActivateOnDemandEnabled { selectedActivateOnDemandOption = tunnel.activateOnDemandSetting.activateOnDemandOption } else { @@ -115,17 +115,17 @@ class TunnelEditViewController: NSViewController { // Creating a new tunnel let privateKey = Curve25519.generatePrivateKey() let publicKey = Curve25519.generatePublicKey(fromPrivateKey: privateKey) - let bootstrappingText = "[Interface]\nPrivateKey = \(privateKey.base64EncodedString())\n" - publicKeyRow.value = publicKey.base64EncodedString() + let bootstrappingText = "[Interface]\nPrivateKey = \(privateKey.base64Key() ?? "")\n" + publicKeyRow.value = publicKey.base64Key() ?? "" textView.string = bootstrappingText selectedActivateOnDemandOption = .none } privateKeyObservationToken = textView.observe(\.privateKeyString) { [weak publicKeyRow] textView, _ in if let privateKeyString = textView.privateKeyString, - let privateKey = Data(base64Encoded: privateKeyString), + let privateKey = Data(base64Key: privateKeyString), privateKey.count == TunnelConfiguration.keyLength { let publicKey = Curve25519.generatePublicKey(fromPrivateKey: privateKey) - publicKeyRow?.value = publicKey.base64EncodedString() + publicKeyRow?.value = publicKey.base64Key() ?? "" } else { publicKeyRow?.value = "" } -- cgit v1.2.3-59-g8ed1b