From fabb6eca2b6fd41dd8010d40eaac3f55cec1df2c Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Thu, 27 Apr 2017 11:10:50 +0200 Subject: noise: redesign preshared key mode Signed-off-by: Jason A. Donenfeld --- contrib/external-tests/go/main.go | 9 ++++++--- contrib/external-tests/haskell/src/Main.hs | 6 +++--- contrib/external-tests/rust/src/main.rs | 15 +++++++++------ contrib/json/wg-json | 6 +++--- 4 files changed, 21 insertions(+), 15 deletions(-) (limited to 'contrib') diff --git a/contrib/external-tests/go/main.go b/contrib/external-tests/go/main.go index 11c2f86..4b58891 100644 --- a/contrib/external-tests/go/main.go +++ b/contrib/external-tests/go/main.go @@ -37,16 +37,17 @@ func ipChecksum(buf []byte) uint16 { func main() { ourPrivate, _ := base64.StdEncoding.DecodeString("WAmgVYXkbT2bCtdcDwolI88/iVi/aV3/PHcUBTQSYmo=") ourPublic, _ := base64.StdEncoding.DecodeString("K5sF9yESrSBsOXPd6TcpKNgqoy1Ik3ZFKl4FolzrRyI=") - preshared, _ := base64.StdEncoding.DecodeString("FpCyhws9cxwWoV4xELtfJvjJN+zQVRPISllRWgeopVE=") theirPublic, _ := base64.StdEncoding.DecodeString("qRCwZSKInrMAq5sepfCdaCsRJaoLe5jhtzfiw7CjbwM=") + preshared, _ := base64.StdEncoding.DecodeString("FpCyhws9cxwWoV4xELtfJvjJN+zQVRPISllRWgeopVE=") cs := noise.NewCipherSuite(noise.DH25519, noise.CipherChaChaPoly, noise.HashBLAKE2s) hs := noise.NewHandshakeState(noise.Config{ CipherSuite: cs, Random: rand.Reader, Pattern: noise.HandshakeIK, Initiator: true, - Prologue: []byte("WireGuard v0 zx2c4 Jason@zx2c4.com"), + Prologue: []byte("WireGuard v1 zx2c4 Jason@zx2c4.com"), PresharedKey: preshared, + PresharedKeyPlacement: 2, StaticKeypair: noise.DHKey{Private: ourPrivate, Public: ourPublic}, PeerStatic: theirPublic, }) @@ -68,8 +69,10 @@ func main() { initiationPacket[3] = 0 // Reserved binary.LittleEndian.PutUint32(initiationPacket[4:], 28) // Sender index: 28 (arbitrary) initiationPacket, _, _ = hs.WriteMessage(initiationPacket, tai64n) - hasher, _ := blake2s.New(&blake2s.Config{Size: 16, Key: preshared}) + hasher, _ := blake2s.New(&blake2s.Config{Size: 32}) + hasher.Write([]byte("mac1----")) hasher.Write(theirPublic) + hasher, _ = blake2s.New(&blake2s.Config{Size: 16, Key: hasher.Sum(nil)}) hasher.Write(initiationPacket) initiationPacket = append(initiationPacket, hasher.Sum(nil)[:16]...) initiationPacket = append(initiationPacket, make([]byte, 16)...) diff --git a/contrib/external-tests/haskell/src/Main.hs b/contrib/external-tests/haskell/src/Main.hs index 820e2f1..8983e6c 100644 --- a/contrib/external-tests/haskell/src/Main.hs +++ b/contrib/external-tests/haskell/src/Main.hs @@ -34,7 +34,7 @@ w :: PublicKey Curve25519 -> IO () w theirPub (Plaintext myPSK) sock addr msg = do let x = "\x01\x00\x00\x00\x00\x00" `mappend` msg - mac = hash 16 myPSK (sbToBS' (curvePubToBytes theirPub) `mappend` sbToBS' x) + mac = hash 16 myPSK (sbToBS' (curvePubToBytes theirPub) `mappend` sbToBS' x) -- TODO: this should actually be blake2s(key=blake2s("mac1----" || theirPub), payload=blah) void $ NBS.sendTo sock (x `mappend` mac `mappend` replicate 16 '\0') addr r :: MVar ByteString -> Socket -> IO ByteString @@ -63,8 +63,8 @@ main = do serverkey' = curveBytesToPub . bsToSB' . either undefined id . B64.decode . pack $ serverkey :: PublicKey Curve25519 psk' = Plaintext . bsToSB' . either undefined id . B64.decode . pack $ psk hs = handshakeState $ HandshakeStateParams - noiseIK - "WireGuard v0 zx2c4 Jason@zx2c4.com" + noiseIK -- TODO: specify psk2 mode + "WireGuard v1 zx2c4 Jason@zx2c4.com" (Just psk') (Just mykey') Nothing diff --git a/contrib/external-tests/rust/src/main.rs b/contrib/external-tests/rust/src/main.rs index 232375c..ceb68b8 100644 --- a/contrib/external-tests/rust/src/main.rs +++ b/contrib/external-tests/rust/src/main.rs @@ -39,11 +39,12 @@ fn main() { owner.set_rs(&their_public); let mut cipherstate1 : CipherState = Default::default(); let mut cipherstate2 : CipherState = Default::default(); - let mut handshake = HandshakeState::new_from_owner(&mut owner, true, HandshakePattern::IK, "WireGuard v0 zx2c4 Jason@zx2c4.com".as_bytes(), Some(&my_preshared[..]), &mut cipherstate1, &mut cipherstate2); + //TODO: specify psk2 mode + let mut handshake = HandshakeState::new_from_owner(&mut owner, true, HandshakePattern::IK, "WireGuard v1 zx2c4 Jason@zx2c4.com".as_bytes(), Some(&my_preshared[..]), &mut cipherstate1, &mut cipherstate2); let now = time::get_time(); let mut tai64n = [0; 12]; - BigEndian::write_i64(&mut tai64n[0..], 4611686018427387914ULL + now.sec); + BigEndian::write_i64(&mut tai64n[0..], 4611686018427387914 + now.sec); BigEndian::write_i32(&mut tai64n[8..], now.nsec); let mut initiation_packet = [0; 148]; initiation_packet[0] = 1; /* Type: Initiation */ @@ -52,11 +53,13 @@ fn main() { initiation_packet[3] = 0; /* Reserved */ LittleEndian::write_u32(&mut initiation_packet[4..], 28); /* Sender index: 28 (arbitrary) */ handshake.write_message(&tai64n, &mut initiation_packet[8..]); - let mut mac_material = [0; 148]; - memcpy(&mut mac_material, &their_public); - memcpy(&mut mac_material[32..], &initiation_packet[0..116]); + let mut mac_key_input = [0; 40]; + let mut mac_key = [0; 32]; + memcpy(&mut mac_key_input, b"mac1----"); + memcpy(&mut mac_key_input[8..], &their_public); + Blake2s::blake2s(&mut mac_key, &mac_key_input, &[0; 0]); let mut mac = [0; 16]; - Blake2s::blake2s(&mut mac, &mac_material, &my_preshared); + Blake2s::blake2s(&mut mac, &initiation_packet[0..116], &mac_key); memcpy(&mut initiation_packet[116..], &mac); socket.send_to(&initiation_packet, &send_addr).unwrap(); diff --git a/contrib/json/wg-json b/contrib/json/wg-json index 90544e2..1b9a570 100755 --- a/contrib/json/wg-json +++ b/contrib/json/wg-json @@ -9,20 +9,20 @@ while read -r -d $'\t' device; do if [[ $device != "$last_device" ]]; then [[ -z $last_device ]] && printf '\n' || printf '%s,\n' "$end" last_device="$device" - read -r private_key public_key preshared_key listen_port fwmark + read -r private_key public_key listen_port fwmark printf '\t"%s": {' "$device" delim=$'\n' [[ $private_key == "(none)" ]] || { printf '%s\t\t"privateKey": "%s"' "$delim" "$private_key"; delim=$',\n'; } [[ $public_key == "(none)" ]] || { printf '%s\t\t"publicKey": "%s"' "$delim" "$public_key"; delim=$',\n'; } - [[ $preshared_key == "(none)" ]] || { printf '%s\t\t"presharedKey": "%s"' "$delim" "$preshared_key"; delim=$',\n'; } [[ $listen_port == "0" ]] || { printf '%s\t\t"listenPort": %u' "$delim" $(( $listen_port )); delim=$',\n'; } [[ $fwmark == "off" ]] || { printf '%s\t\t"fwmark": %u' "$delim" $(( $fwmark )); delim=$',\n'; } printf '%s\t\t"peers": {' "$delim"; end=$'\n\t\t}\n\t}' delim=$'\n' else - read -r public_key endpoint allowed_ips latest_handshake transfer_rx transfer_tx persistent_keepalive + read -r public_key preshared_key endpoint allowed_ips latest_handshake transfer_rx transfer_tx persistent_keepalive printf '%s\t\t\t"%s": {' "$delim" "$public_key" delim=$'\n' + [[ $preshared_key == "(none)" ]] || { printf '%s\t\t\t\t"presharedKey": "%s"' "$delim" "$preshared_key"; delim=$',\n'; } [[ $endpoint == "(none)" ]] || { printf '%s\t\t\t\t"endpoint": "%s"' "$delim" "$endpoint"; delim=$',\n'; } [[ $latest_handshake == "0" ]] || { printf '%s\t\t\t\t"latestHandshake": %u' "$delim" $(( $latest_handshake )); delim=$',\n'; } [[ $transfer_rx == "0" ]] || { printf '%s\t\t\t\t"transferRx": %u' "$delim" $(( $transfer_rx )); delim=$',\n'; } -- cgit v1.2.3-59-g8ed1b