This repository has been archived on 2024-01-23. You can view files and clone it, but cannot push or open issues or pull requests.
wireguard-tools/src/genkey.c

65 lines
1.6 KiB
C
Raw Normal View History

/* Copyright (C) 2015-2017 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved. */
#include <errno.h>
#include <stdio.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <string.h>
#include <fcntl.h>
wg: first additions of userspace integration This is designed to work with a server that follows this: struct sockaddr_un addr = { .sun_family = AF_UNIX, .sun_path = "/var/run/wireguard/wguserspace0.sock" }; int fd, ret; ssize_t len; socklen_t socklen; struct wgdevice *device; fd = socket(AF_UNIX, SOCK_DGRAM, 0); if (fd < 0) exit(1); if (bind(fd, (struct sockaddr *)&addr, sizeof(addr)) < 0) exit(1); for (;;) { /* First we look at how big the next message is, so we know how much to * allocate. Note on BSD you can instead use ioctl(fd, FIONREAD, &len). */ len = recv(fd, NULL, 0, MSG_PEEK | MSG_TRUNC); if (len < 0) { handle_error(); continue; } /* Next we allocate a buffer for the received data. */ device = NULL; if (len) { device = malloc(len); if (!device) { handle_error(); continue; } } /* Finally we receive the data, storing too the return address. */ socklen = sizeof(addr); len = recvfrom(fd, device, len, 0, (struct sockaddr *)&addr, (socklen_t *)&socklen); if (len < 0) { handle_error(); free(device); continue; } if (!len) { /* If len is zero, it's a "get" request, so we send our device back. */ device = get_current_wireguard_device(&len); sendto(fd, device, len, 0, (struct sockaddr *)&addr, socklen); } else { /* Otherwise, we just received a wgdevice, so we should "set" and send back the return status. */ ret = set_current_wireguard_device(device); sendto(fd, &ret, sizeof(ret), 0, (struct sockaddr *)&addr, socklen); free(device); } } Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-07-19 15:26:56 +02:00
#ifdef __linux
#include <sys/syscall.h>
wg: first additions of userspace integration This is designed to work with a server that follows this: struct sockaddr_un addr = { .sun_family = AF_UNIX, .sun_path = "/var/run/wireguard/wguserspace0.sock" }; int fd, ret; ssize_t len; socklen_t socklen; struct wgdevice *device; fd = socket(AF_UNIX, SOCK_DGRAM, 0); if (fd < 0) exit(1); if (bind(fd, (struct sockaddr *)&addr, sizeof(addr)) < 0) exit(1); for (;;) { /* First we look at how big the next message is, so we know how much to * allocate. Note on BSD you can instead use ioctl(fd, FIONREAD, &len). */ len = recv(fd, NULL, 0, MSG_PEEK | MSG_TRUNC); if (len < 0) { handle_error(); continue; } /* Next we allocate a buffer for the received data. */ device = NULL; if (len) { device = malloc(len); if (!device) { handle_error(); continue; } } /* Finally we receive the data, storing too the return address. */ socklen = sizeof(addr); len = recvfrom(fd, device, len, 0, (struct sockaddr *)&addr, (socklen_t *)&socklen); if (len < 0) { handle_error(); free(device); continue; } if (!len) { /* If len is zero, it's a "get" request, so we send our device back. */ device = get_current_wireguard_device(&len); sendto(fd, device, len, 0, (struct sockaddr *)&addr, socklen); } else { /* Otherwise, we just received a wgdevice, so we should "set" and send back the return status. */ ret = set_current_wireguard_device(device); sendto(fd, &ret, sizeof(ret), 0, (struct sockaddr *)&addr, socklen); free(device); } } Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-07-19 15:26:56 +02:00
#endif
#include "curve25519.h"
#include "base64.h"
#include "subcommands.h"
static inline ssize_t get_random_bytes(uint8_t *out, size_t len)
{
ssize_t ret;
int fd;
wg: first additions of userspace integration This is designed to work with a server that follows this: struct sockaddr_un addr = { .sun_family = AF_UNIX, .sun_path = "/var/run/wireguard/wguserspace0.sock" }; int fd, ret; ssize_t len; socklen_t socklen; struct wgdevice *device; fd = socket(AF_UNIX, SOCK_DGRAM, 0); if (fd < 0) exit(1); if (bind(fd, (struct sockaddr *)&addr, sizeof(addr)) < 0) exit(1); for (;;) { /* First we look at how big the next message is, so we know how much to * allocate. Note on BSD you can instead use ioctl(fd, FIONREAD, &len). */ len = recv(fd, NULL, 0, MSG_PEEK | MSG_TRUNC); if (len < 0) { handle_error(); continue; } /* Next we allocate a buffer for the received data. */ device = NULL; if (len) { device = malloc(len); if (!device) { handle_error(); continue; } } /* Finally we receive the data, storing too the return address. */ socklen = sizeof(addr); len = recvfrom(fd, device, len, 0, (struct sockaddr *)&addr, (socklen_t *)&socklen); if (len < 0) { handle_error(); free(device); continue; } if (!len) { /* If len is zero, it's a "get" request, so we send our device back. */ device = get_current_wireguard_device(&len); sendto(fd, device, len, 0, (struct sockaddr *)&addr, socklen); } else { /* Otherwise, we just received a wgdevice, so we should "set" and send back the return status. */ ret = set_current_wireguard_device(device); sendto(fd, &ret, sizeof(ret), 0, (struct sockaddr *)&addr, socklen); free(device); } } Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-07-19 15:26:56 +02:00
#if defined(__NR_getrandom) && defined(__linux__)
ret = syscall(__NR_getrandom, out, len, 0);
if (ret >= 0)
return ret;
#endif
fd = open("/dev/urandom", O_RDONLY);
if (fd < 0)
return fd;
ret = read(fd, out, len);
close(fd);
return ret;
}
int genkey_main(int argc, char *argv[])
{
unsigned char private_key[CURVE25519_POINT_SIZE];
char private_key_base64[b64_len(CURVE25519_POINT_SIZE)];
struct stat stat;
if (argc != 1) {
fprintf(stderr, "Usage: %s %s\n", PROG_NAME, argv[0]);
return 1;
}
if (!fstat(STDOUT_FILENO, &stat) && S_ISREG(stat.st_mode) && stat.st_mode & S_IRWXO)
fputs("Warning: writing to world accessible file.\nConsider setting the umask to 077 and trying again.\n", stderr);
if (get_random_bytes(private_key, CURVE25519_POINT_SIZE) != CURVE25519_POINT_SIZE) {
perror("getrandom");
return 1;
}
if (argc && !strcmp(argv[0], "genkey"))
curve25519_normalize_secret(private_key);
if (b64_ntop(private_key, sizeof(private_key), private_key_base64, sizeof(private_key_base64)) != sizeof(private_key_base64) - 1) {
fprintf(stderr, "%s: Could not convert key to base64\n", PROG_NAME);
return 1;
}
puts(private_key_base64);
return 0;
}