From 05547861b65100279027a64f58793caea1143a30 Mon Sep 17 00:00:00 2001
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
Date: Fri, 8 Feb 2019 00:44:14 +0100
Subject: Key: Constant time encoding

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---
 .../PacketTunnelSettingsGenerator.swift            | 23 +++++++++++-----------
 1 file changed, 11 insertions(+), 12 deletions(-)

(limited to 'WireGuard/WireGuardNetworkExtension')

diff --git a/WireGuard/WireGuardNetworkExtension/PacketTunnelSettingsGenerator.swift b/WireGuard/WireGuardNetworkExtension/PacketTunnelSettingsGenerator.swift
index 02588c3..a4ff7dd 100644
--- a/WireGuard/WireGuardNetworkExtension/PacketTunnelSettingsGenerator.swift
+++ b/WireGuard/WireGuardNetworkExtension/PacketTunnelSettingsGenerator.swift
@@ -17,7 +17,9 @@ class PacketTunnelSettingsGenerator {
     func endpointUapiConfiguration() -> String {
         var wgSettings = ""
         for (index, peer) in tunnelConfiguration.peers.enumerated() {
-            wgSettings.append("public_key=\(peer.publicKey.hexEncodedString())\n")
+            if let publicKey = peer.publicKey.hexKey() {
+                wgSettings.append("public_key=\(publicKey)\n")
+            }
             if let endpoint = resolvedEndpoints[index]?.withReresolvedIP() {
                 if case .name(_, _) = endpoint.host { assert(false, "Endpoint is not resolved") }
                 wgSettings.append("endpoint=\(endpoint.stringRepresentation)\n")
@@ -28,8 +30,9 @@ class PacketTunnelSettingsGenerator {
 
     func uapiConfiguration() -> String {
         var wgSettings = ""
-        let privateKey = tunnelConfiguration.interface.privateKey.hexEncodedString()
-        wgSettings.append("private_key=\(privateKey)\n")
+        if let privateKey = tunnelConfiguration.interface.privateKey.hexKey() {
+            wgSettings.append("private_key=\(privateKey)\n")
+        }
         if let listenPort = tunnelConfiguration.interface.listenPort {
             wgSettings.append("listen_port=\(listenPort)\n")
         }
@@ -38,9 +41,11 @@ class PacketTunnelSettingsGenerator {
         }
         assert(tunnelConfiguration.peers.count == resolvedEndpoints.count)
         for (index, peer) in tunnelConfiguration.peers.enumerated() {
-            wgSettings.append("public_key=\(peer.publicKey.hexEncodedString())\n")
-            if let preSharedKey = peer.preSharedKey {
-                wgSettings.append("preshared_key=\(preSharedKey.hexEncodedString())\n")
+            if let publicKey = peer.publicKey.hexKey() {
+                wgSettings.append("public_key=\(publicKey)\n")
+            }
+            if let preSharedKey = peer.preSharedKey?.hexKey() {
+                wgSettings.append("preshared_key=\(preSharedKey)\n")
             }
             if let endpoint = resolvedEndpoints[index]?.withReresolvedIP() {
                 if case .name(_, _) = endpoint.host { assert(false, "Endpoint is not resolved") }
@@ -149,9 +154,3 @@ class PacketTunnelSettingsGenerator {
         return (ipv4IncludedRoutes, ipv6IncludedRoutes)
     }
 }
-
-private extension Data {
-    func hexEncodedString() -> String {
-        return self.map { String(format: "%02x", $0) }.joined()
-    }
-}
-- 
cgit v1.2.3-59-g8ed1b