aramperes/onetun
1
0
Fork 0
mirror of https://github.com/aramperes/onetun.git synced 2025-09-09 06:38:32 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Update to new x25519 primitives

Browse source
This commit is contained in:
Aram 🍐 2023-12-24 11:52:07 -05:00
parent 0931ed496a
commit e23cfc3e7e
1 changed files with 26 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

43
src/config.rs
View file

@ -5,18 +5,18 @@ use std::fs::read_to_string;
use std::net::{IpAddr, SocketAddr, ToSocketAddrs}; use std::net::{IpAddr, SocketAddr, ToSocketAddrs};
use std::sync::Arc; use std::sync::Arc;
use anyhow::Context; use anyhow::{bail, Context};
pub use boringtun::crypto::{X25519PublicKey, X25519SecretKey}; pub use boringtun::x25519::{PublicKey, StaticSecret};
const DEFAULT_PORT_FORWARD_SOURCE: &str = "127.0.0.1"; const DEFAULT_PORT_FORWARD_SOURCE: &str = "127.0.0.1";
#[derive(Clone, Debug)] #[derive(Clone)]
pub struct Config { pub struct Config {
pub port_forwards: Vec<PortForwardConfig>, pub port_forwards: Vec<PortForwardConfig>,
#[allow(dead_code)] #[allow(dead_code)]
pub remote_port_forwards: Vec<PortForwardConfig>, pub remote_port_forwards: Vec<PortForwardConfig>,
pub private_key: Arc<X25519SecretKey>, pub private_key: Arc<StaticSecret>,
pub endpoint_public_key: Arc<X25519PublicKey>, pub endpoint_public_key: Arc<PublicKey>,
pub preshared_key: Option<[u8; 32]>, pub preshared_key: Option<[u8; 32]>,
pub endpoint_addr: SocketAddr, pub endpoint_addr: SocketAddr,
pub endpoint_bind_addr: SocketAddr, pub endpoint_bind_addr: SocketAddr,
@ -305,24 +305,33 @@ fn parse_ip(s: Option<&String>) -> anyhow::Result<IpAddr> {
.with_context(|| "Invalid IP address") .with_context(|| "Invalid IP address")
} }
fn parse_private_key(s: &str) -> anyhow::Result<X25519SecretKey> { fn parse_private_key(s: &str) -> anyhow::Result<StaticSecret> {
s.parse::<X25519SecretKey>() let decoded = base64::decode(s).with_context(|| "Failed to decode private key")?;
.map_err(|e| anyhow::anyhow!("{}", e)) if let Ok::<[u8; 32], _>(bytes) = decoded.try_into() {
Ok(StaticSecret::from(bytes))
} else {
bail!("Invalid private key")
}
} }
fn parse_public_key(s: Option<&String>) -> anyhow::Result<X25519PublicKey> { fn parse_public_key(s: Option<&String>) -> anyhow::Result<PublicKey> {
s.with_context(|| "Missing public key")? let encoded = s.with_context(|| "Missing public key")?;
.parse::<X25519PublicKey>() let decoded = base64::decode(encoded).with_context(|| "Failed to decode public key")?;
.map_err(|e| anyhow::anyhow!("{}", e)) if let Ok::<[u8; 32], _>(bytes) = decoded.try_into() {
.with_context(|| "Invalid public key") Ok(PublicKey::from(bytes))
} else {
bail!("Invalid public key")
}
} }
fn parse_preshared_key(s: Option<&String>) -> anyhow::Result<Option<[u8; 32]>> { fn parse_preshared_key(s: Option<&String>) -> anyhow::Result<Option<[u8; 32]>> {
if let Some(s) = s { if let Some(s) = s {
let psk = base64::decode(s).with_context(|| "Invalid pre-shared key")?; let decoded = base64::decode(s).with_context(|| "Failed to decode preshared key")?;
Ok(Some(psk.try_into().map_err(|_| { if let Ok::<[u8; 32], _>(bytes) = decoded.try_into() {
anyhow::anyhow!("Unsupported pre-shared key") Ok(Some(bytes))
})?)) } else {
bail!("Invalid preshared key")
}
} else { } else {
Ok(None) Ok(None)
} }