public-mirrors
/
innernet
mirror of https://github.com/tonarino/innernet.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

wgctrl-rs: no longer expose bytes of Key publicly

pull/151/head
Jake McGinty 2021-09-13 02:05:57 +09:00
parent fa52dade2e
commit c652a8f799
3 changed files with 11 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
server/src/main.rs
View File

@ -615,7 +615,7 @@ fn get_session(
.ok_or(ServerError::Unauthorized)?; .ok_or(ServerError::Unauthorized)?;
let pubkey = pubkey.to_str().map_err(|_| ServerError::Unauthorized)?; let pubkey = pubkey.to_str().map_err(|_| ServerError::Unauthorized)?;
let pubkey = Key::from_base64(pubkey).map_err(|_| ServerError::Unauthorized)?; let pubkey = Key::from_base64(pubkey).map_err(|_| ServerError::Unauthorized)?;
if pubkey.0.ct_eq(&context.public_key.0).into() { if pubkey.ct_eq(&context.public_key).into() {
let peer = DatabasePeer::get_from_ip(&context.db.lock(), addr).map_err(|e| match e { let peer = DatabasePeer::get_from_ip(&context.db.lock(), addr).map_err(|e| match e {
rusqlite::Error::QueryReturnedNoRows => ServerError::Unauthorized, rusqlite::Error::QueryReturnedNoRows => ServerError::Unauthorized,
e => ServerError::Database(e), e => ServerError::Database(e),

2
wgctrl-rs/src/backends/kernel.rs
View File

@ -418,7 +418,7 @@ pub fn delete_interface(iface: &InterfaceName) -> io::Result<()> {
/// `Key`s, especially ones created from external data. /// `Key`s, especially ones created from external data.
#[cfg(target_os = "linux")] #[cfg(target_os = "linux")]
#[derive(PartialEq, Eq, Clone)] #[derive(PartialEq, Eq, Clone)]
pub struct Key(pub wgctrl_sys::wg_key); pub struct Key(wgctrl_sys::wg_key);
#[cfg(target_os = "linux")] #[cfg(target_os = "linux")]
impl Key { impl Key {

13
wgctrl-rs/src/backends/userspace.rs
View File

@ -1,4 +1,5 @@
use curve25519_dalek::scalar::Scalar; use curve25519_dalek::scalar::Scalar;
use subtle::ConstantTimeEq;
use crate::{Backend, Device, DeviceUpdate, InterfaceName, PeerConfig, PeerInfo, PeerStats}; use crate::{Backend, Device, DeviceUpdate, InterfaceName, PeerConfig, PeerInfo, PeerStats};
@ -392,7 +393,13 @@ pub fn apply(builder: &DeviceUpdate, iface: &InterfaceName) -> io::Result<()> {
/// `Key`s, especially ones created from external data. /// `Key`s, especially ones created from external data.
#[cfg(not(target_os = "linux"))] #[cfg(not(target_os = "linux"))]
#[derive(PartialEq, Eq, Clone)] #[derive(PartialEq, Eq, Clone)]
pub struct Key(pub [u8; 32]); pub struct Key([u8; 32]);
impl ConstantTimeEq for Key {
fn ct_eq(&self, other: &Self) -> subtle::Choice {
self.0.ct_eq(&other.0).into()
}
}
#[cfg(not(target_os = "linux"))] #[cfg(not(target_os = "linux"))]
impl Key { impl Key {
@ -436,9 +443,7 @@ impl Key {
/// Checks if this key is all-zero. /// Checks if this key is all-zero.
pub fn is_zero(&self) -> bool { pub fn is_zero(&self) -> bool {
use subtle::ConstantTimeEq; self.ct_eq(&Self::zero()).into()
self.0.ct_eq(&[0u8; 32]).into()
} }
/// Converts the key to a standardized base64 representation, as used by the `wg` utility and `wg-quick`. /// Converts the key to a standardized base64 representation, as used by the `wg` utility and `wg-quick`.