From b680d64b47b979f9984aafa18599247a70cff8d2 Mon Sep 17 00:00:00 2001 From: Thomas Haller Date: Thu, 28 Feb 2019 16:55:26 +0100 Subject: [PATCH] wireguard: accept all-zero private-key, public-key and preshared-key - For PSK, an all-zero PSK means to don't do symmetric encryption. As such, at first it seems a bit odd when the user sets - preshared-key-flags != "4 (not-required)" - preshared-key = AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= Here the user indicates that a PSK is required, but then provides an all-zero PSK that effectively disables it. Still, we should not reject such a configuration. This has the benefit that it allos the user for being prompted for a PSK, only to disable it by entering the all-zero key. - For the private-key (and consequently the public-key), "public-key-flags=4" is rejected by libnm. A private key is always required for NetworkManager to configure the link. However, let's not care for all-zero keys either. If the user configures that, we just set that key. It's a valid setting as far as WireGuard (the kernel module) is concerned, so we shouldn't reject it. (cherry picked from commit 78dccb8bb9123142773e824ea4cb1a1341b0992f) --- libnm-core/nm-utils.c | 5 ----- 1 file changed, 5 deletions(-) diff --git a/libnm-core/nm-utils.c b/libnm-core/nm-utils.c index 3e685abd0e..46dd1eba13 100644 --- a/libnm-core/nm-utils.c +++ b/libnm-core/nm-utils.c @@ -6707,11 +6707,6 @@ _nm_utils_wireguard_decode_key (const char *base64_key, return FALSE; } - if (nm_utils_memeqzero (bin_arr, required_key_len)) { - /* an all zero key is not valid either. That is used to represet an unset key */ - return FALSE; - } - if (out_key) memcpy (out_key, bin_arr, required_key_len);