wireguard: accept all-zero private-key, public-key and preshared-key

- For PSK, an all-zero PSK means to don't do symmetric encryption. As such, at first it seems a bit odd when the user sets - preshared-key-flags != "4 (not-required)" - preshared-key = AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= Here the user indicates that a PSK is required, but then provides an all-zero PSK that effectively disables it. Still, we should not reject such a configuration. This has the benefit that it allos the user for being prompted for a PSK, only to disable it by entering the all-zero key. - For the private-key (and consequently the public-key), "public-key-flags=4" is rejected by libnm. A private key is always required for NetworkManager to configure the link. However, let's not care for all-zero keys either. If the user configures that, we just set that key. It's a valid setting as far as WireGuard (the kernel module) is concerned, so we shouldn't reject it. (cherry picked from commit 78dccb8bb9)
2025-12-25 16:30:07 +01:00 · 2019-02-28 16:55:26 +01:00 · 2019-02-28 16:55:26 +01:00 · b680d64b47
commit b680d64b47
parent 5bd4f840fd
1 changed files with 0 additions and 5 deletions
--- a/libnm-core/nm-utils.c
+++ b/libnm-core/nm-utils.c
@ -6707,11 +6707,6 @@ _nm_utils_wireguard_decode_key (const char *base64_key,
 		return FALSE;
 	}

-	if (nm_utils_memeqzero (bin_arr, required_key_len)) {
-		/* an all zero key is not valid either. That is used to represet an unset key */
-		return FALSE;
-	}
-
 	if (out_key)
 		memcpy (out_key, bin_arr, required_key_len);