Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[WIP] Generate preshared pairs on export #11

Closed
wants to merge 2 commits into from
Closed

[WIP] Generate preshared pairs on export #11

wants to merge 2 commits into from

Conversation

dimon222
Copy link
Collaborator

@dimon222 dimon222 commented Jan 12, 2021
edited
Loading

To fix #10
(this is purposefully Draft, as it requires some adjustments before it can suit real use)

This is very brief change that is targeted towards creation of preshared keys that are shared with each pair of nodes to further enhance security. Worth to mention that preshared key is apparently used always anyway, but in default state just defaulted to all 0s.

If an additional layer of symmetric-key crypto is required (for, say, post-quantum resistance), WireGuard also supports an optional pre-shared key that is mixed into the public key cryptography. When pre-shared key mode is not in use, the pre-shared key value used below is assumed to be an all-zero string of 32 bytes.

Taken from https://www.wireguard.com/protocol/

Tl;dr about what this ugly code does during export:

  1. Calculate possible unique pairs (permutations) between all configured peers
  2. Generate preshared keys and store them in hashmap with key as single permutation - JSON serialized sorted list (to exclude cases ['a','b'] and ['b','a'])
  3. Lookup keys from hashmap during export, and plug them in.

What should probably be improved in this PR before merging it in (if ever):

  1. This has to be made optional
  2. It could be theoretically be calculated on adding peers, however, the amount of preshared keys is changing not linearly. (I don't know if anyone is planning to use this for mesh of thousands of nodes... or maybe?), so instead I opted for "on export".
  3. Due to not going with 2, it generates all pairs of preshared keys on export, so not persisted anywhere (ex. database file), so not easily "adjustable" when u need to add more peers. Perhaps, database option could be improved.
  4. Code is ugly, perhaps there's better way, but I wrote it in rush and as long as it works (it does)...

@k4yt3x k4yt3x marked this pull request as ready for review January 13, 2021 22:15
@gerwim
Copy link

gerwim commented Oct 11, 2021

Is there an update on this PR? Do you need any help with it?

@gaby
Copy link

gaby commented Nov 8, 2021

@dimon222 Any updates on this?

@itoffshore itoffshore mentioned this pull request Jul 2, 2023
Open
@dimon222
Copy link
Collaborator Author

dimon222 commented Jul 2, 2023

Closing this, #35 is more complete

@dimon222 dimon222 closed this Jul 2, 2023
@dimon222 dimon222 deleted the feature/preshared_pairs branch July 2, 2023 23:35
@DerPhlipsi DerPhlipsi mentioned this pull request Mar 24, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Pre-shared key generation
3 participants
@dimon222 @gerwim @gaby