Skip to content

wolfcrypt shim for wireguard userspace tools #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

wolfcrypt shim for wireguard userspace tools #1

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
09d369f
add wolfcrypto_shim.{c,h}, and tweaks to Makefile and curve25519.h, s…
douzzer Aug 6, 2020
e14715b
curve25519_generate_public_wolfshim(): update name of wc_curve25519_m…
douzzer Sep 18, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,3 +12,4 @@ src/wg.exe
*.til
*.pro.user
maint/
*~
11 changes: 10 additions & 1 deletion src/Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,11 @@ LDLIBS += -lws2_32
wg: wincompat/libc.o wincompat/init.o
endif

ifdef WOLFCRYPT
CFLAGS += -DUSE_WOLFCRYPT $(shell PKG_CONFIG_PATH=/usr/local/lib/pkgconfig:${PKG_CONFIG_PATH} $(PKG_CONFIG) --cflags wolfssl)
LDLIBS += $(shell PKG_CONFIG_PATH=/usr/local/lib/pkgconfig:${PKG_CONFIG_PATH} $(PKG_CONFIG) --libs wolfssl)
endif

ifneq ($(V),1)
BUILT_IN_LINK.o := $(LINK.o)
LINK.o = @echo " LD $@";
Expand All @@ -73,7 +78,11 @@ BUILT_IN_RM := $(RM)
RM := @a() { echo " CLEAN $$@"; $(BUILT_IN_RM) "$$@"; }; a
endif

wg: $(sort $(patsubst %.c,%.o,$(wildcard *.c)))
ifdef WOLFCRYPT
wg: $(sort $(patsubst %.c,%.o,wolfcrypto_shim.c $(filter-out curve25519.c genkey.c, $(wildcard *.c))))
else
wg: $(sort $(patsubst %.c,%.o,$(filter-out wolfcrypto_shim.c, $(wildcard *.c))))
endif

clean:
$(RM) wg *.o *.d
Expand Down
5 changes: 5 additions & 0 deletions src/curve25519.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,10 @@
#ifndef CURVE25519_H
#define CURVE25519_H

#ifdef USE_WOLFCRYPT
#include "wolfcrypto_shim.h"
#else

#include <stdint.h>
#include <sys/types.h>

Expand All @@ -22,3 +26,4 @@ static inline void curve25519_clamp_secret(uint8_t secret[static CURVE25519_KEY_
}

#endif
#endif
67 changes: 67 additions & 0 deletions src/wolfcrypto_shim.c
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,67 @@
#include "wolfcrypto_shim.h"
#include "encoding.h"
#include "subcommands.h"
#include "containers.h"

void curve25519_generate_public_wolfshim(uint8_t pub[static CURVE25519_KEY_SIZE], const uint8_t secret[static CURVE25519_KEY_SIZE]) {
uint8_t secret_copy[CURVE25519_KEY_SIZE]; /* pubkey_main() calls curve25519_generate_public() with pub == secret, which doesn't work for wc_curve25519_make_pub(). */
XMEMCPY(secret_copy, secret, CURVE25519_KEY_SIZE);
int ret = wc_curve25519_make_pub(CURVE25519_KEY_SIZE, pub, CURVE25519_KEY_SIZE, secret_copy);
if (ret) {
fprintf(stderr,"curve25519 public key calculation failed: %s\n", wc_GetErrorString(ret));
abort();
}
return;
}

int genkey_main(int argc, char *argv[]) {
WC_RNG gRng;
char base64[WG_KEY_LEN_BASE64];
struct stat stat;

if (argc != 1) {
fprintf(stderr, "Usage: %s %s\n", PROG_NAME, argv[0]);
return 1;
}

if (!fstat(STDOUT_FILENO, &stat) && S_ISREG(stat.st_mode) && stat.st_mode & S_IRWXO)
fputs("Warning: writing to world accessible file.\nConsider setting the umask to 077 and trying again.\n", stderr);

{
#ifndef HAVE_FIPS
int ret = wc_InitRng_ex(&gRng, NULL /* HEAP_HINT */, INVALID_DEVID);
#else
int ret = wc_InitRng(&gRng);
#endif
if (ret != 0) {
fprintf(stderr,"InitRNG failed: %s\n", wc_GetErrorString(ret));
return 1;
}
}

if (! strcmp(argv[0],"genkey")) {
curve25519_key key;
int ret = wc_curve25519_init(&key);
if (ret != 0) {
fprintf(stderr,"wc_curve25519_init failed: %s\n", wc_GetErrorString(ret));
return 1;
}
ret = wc_curve25519_make_key(&gRng, CURVE25519_KEY_SIZE, &key);
if (ret != 0) {
fprintf(stderr,"wc_curve25519_make_key failed: %s\n", wc_GetErrorString(ret));
return 1;
}
key_to_base64(base64, key.k.point);
} else {
uint8_t key[WG_KEY_LEN];
int ret = wc_RNG_GenerateBlock(&gRng, key, sizeof key);
if (ret != 0) {
fprintf(stderr,"wc_RNG_GenerateBlock failed: %s\n", wc_GetErrorString(ret));
return 1;
}
key_to_base64(base64, key);
}

puts(base64);
return 0;
}
17 changes: 17 additions & 0 deletions src/wolfcrypto_shim.h
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
#ifndef WOLFCRYPTO_SHIM_H
#define WOLFCRYPTO_SHIM_H

#include <stdint.h>
#include <sys/types.h>

#include <wolfssl/options.h>
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
#include <wolfssl/wolfcrypt/curve25519.h>

#define CURVE25519_KEY_SIZE CURVE25519_KEYSIZE

#define curve25519_generate_public curve25519_generate_public_wolfshim
void curve25519_generate_public_wolfshim(uint8_t pub[static CURVE25519_KEY_SIZE], const uint8_t secret[static CURVE25519_KEY_SIZE]);

#endif