From 6b27311f86c65cde3d44629015c6a6e49d31a794 Mon Sep 17 00:00:00 2001 From: hagbard Date: Mon, 27 Aug 2018 08:24:36 -0700 Subject: T793: generate and show psk implemented in python script --- src/op_mode/wireguard_key.py | 39 +++++++++++++++++++++++++++++++++++---- 1 file changed, 35 insertions(+), 4 deletions(-) (limited to 'src/op_mode') diff --git a/src/op_mode/wireguard_key.py b/src/op_mode/wireguard_key.py index 811cff1ca..6177853c4 100755 --- a/src/op_mode/wireguard_key.py +++ b/src/op_mode/wireguard_key.py @@ -19,17 +19,16 @@ import argparse import os import sys -import syslog as sl import subprocess +import syslog as sl from vyos import ConfigError dir = r'/config/auth/wireguard' pk = dir + '/private.key' pub = dir + '/public.key' +psk = dir + '/preshared.key' -### check_kmod may be removed in the future, -### once it's loaded automatically def check_kmod(): if not os.path.exists('/sys/module/wireguard'): sl.syslog(sl.LOG_NOTICE, "loading wirguard kmod") @@ -44,6 +43,13 @@ def generate_keypair(): else: sl.syslog(sl.LOG_NOTICE, "new keypair wireguard key generated in " + dir) +def generate_psk(): + ret = subprocess.call(['wg genpsk >' + psk ], shell=True) + if ret != 0: + raise ConfigError("wireguard preshared-key generation failed") + else: + sl.syslog(sl.LOG_NOTICE, "wireguard preshared-key sucessfully generated in " + dir) + def genkey(): ### if umask 077 makes trouble, 027 will work old_umask = os.umask(0o077) @@ -52,7 +58,8 @@ def genkey(): if choice == 'y' or choice == 'Y': generate_keypair() else: - os.mkdir(dir) + if not os.path.exists(dir): + os.mkdir(dir) generate_keypair() os.umask(old_umask) @@ -69,6 +76,24 @@ def showkey(key): else: print("no private key found") +def genpsk(): + old_umask = os.umask(0o077) + if os.path.exists(psk): + choice = input("You have a wireguard key-pair already, do you want to re-generate? [y/n] ") + if choice == 'y' or choice == 'Y': + generate_psk() + else: + if not os.path.exists(dir): + os.mkdir(dir) + generate_psk() + os.umask(old_umask) + +def showpsk(): + if os.path.exists(psk): + print (open(psk).read().strip()) + else: + print("no preshared key found") + if __name__ == '__main__': check_kmod() @@ -76,6 +101,8 @@ if __name__ == '__main__': parser.add_argument('--genkey', action="store_true", help='generate key-pair') parser.add_argument('--showpub', action="store_true", help='shows public key') parser.add_argument('--showpriv', action="store_true", help='shows private key') + parser.add_argument('--genpsk', action="store_true", help='generates preshared-key') + parser.add_argument('--showpsk', action="store_true", help='show preshared-key') args = parser.parse_args() try: @@ -85,6 +112,10 @@ if __name__ == '__main__': showkey("pub") if args.showpriv: showkey("pk") + if args.genpsk: + genpsk() + if args.showpsk: + showpsk() except ConfigError as e: print(e) -- cgit v1.2.3 From 00e809cd899cb8a9b55b1eb547ffa2e7d6e86a24 Mon Sep 17 00:00:00 2001 From: hagbard Date: Mon, 27 Aug 2018 08:35:39 -0700 Subject: T793: wiregurard preshared-key op-mode script and interface implementation --- op-mode-definitions/wireguard.xml | 12 ++++++++++++ src/op_mode/wireguard_key.py | 4 ++-- 2 files changed, 14 insertions(+), 2 deletions(-) (limited to 'src/op_mode') diff --git a/op-mode-definitions/wireguard.xml b/op-mode-definitions/wireguard.xml index a7e156d8d..75fb05228 100644 --- a/op-mode-definitions/wireguard.xml +++ b/op-mode-definitions/wireguard.xml @@ -14,6 +14,12 @@ ${vyos_op_scripts_dir}/wireguard_key.py --genkey + + + generate a wireguard preshared key + + ${vyos_op_scripts_dir}/wireguard_key.py --genpsk + @@ -34,6 +40,12 @@ ${vyos_op_scripts_dir}/wireguard_key.py --showpriv + + + show wireguard preshared key + + ${vyos_op_scripts_dir}/wireguard_key.py --showpsk + diff --git a/src/op_mode/wireguard_key.py b/src/op_mode/wireguard_key.py index 6177853c4..c7208843d 100755 --- a/src/op_mode/wireguard_key.py +++ b/src/op_mode/wireguard_key.py @@ -54,7 +54,7 @@ def genkey(): ### if umask 077 makes trouble, 027 will work old_umask = os.umask(0o077) if os.path.exists(pk) and os.path.exists(pub): - choice = input("You have a wireguard key-pair already, do you want to re-generate? [y/n] ") + choice = input("You already have a wireguard key-pair already, do you want to re-generate? [y/n] ") if choice == 'y' or choice == 'Y': generate_keypair() else: @@ -79,7 +79,7 @@ def showkey(key): def genpsk(): old_umask = os.umask(0o077) if os.path.exists(psk): - choice = input("You have a wireguard key-pair already, do you want to re-generate? [y/n] ") + choice = input("You already have a preshared-key, do you want to re-generate? [y/n] ") if choice == 'y' or choice == 'Y': generate_psk() else: -- cgit v1.2.3 From 7a28705b502a156f26564489512615429005f828 Mon Sep 17 00:00:00 2001 From: hagbard Date: Tue, 28 Aug 2018 09:12:22 -0700 Subject: T793: changed op-mode script from wireguard_key.py to wireguard.py --- op-mode-definitions/wireguard.xml | 2 +- src/op_mode/wireguard.py | 123 ++++++++++++++++++++++++++++++++++++++ src/op_mode/wireguard_key.py | 123 -------------------------------------- 3 files changed, 124 insertions(+), 124 deletions(-) create mode 100755 src/op_mode/wireguard.py delete mode 100755 src/op_mode/wireguard_key.py (limited to 'src/op_mode') diff --git a/op-mode-definitions/wireguard.xml b/op-mode-definitions/wireguard.xml index 75fb05228..ec4c02b3a 100644 --- a/op-mode-definitions/wireguard.xml +++ b/op-mode-definitions/wireguard.xml @@ -12,7 +12,7 @@ generate a wireguard keypair - ${vyos_op_scripts_dir}/wireguard_key.py --genkey + ${vyos_op_scripts_dir}/wireguard.py --genkey diff --git a/src/op_mode/wireguard.py b/src/op_mode/wireguard.py new file mode 100755 index 000000000..c7208843d --- /dev/null +++ b/src/op_mode/wireguard.py @@ -0,0 +1,123 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2018 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# +# + +import argparse +import os +import sys +import subprocess +import syslog as sl + +from vyos import ConfigError + +dir = r'/config/auth/wireguard' +pk = dir + '/private.key' +pub = dir + '/public.key' +psk = dir + '/preshared.key' + +def check_kmod(): + if not os.path.exists('/sys/module/wireguard'): + sl.syslog(sl.LOG_NOTICE, "loading wirguard kmod") + if os.system('sudo modprobe wireguard') != 0: + sl.syslog(sl.LOG_ERR, "modprobe wireguard failed") + raise ConfigError("modprobe wireguard failed") + +def generate_keypair(): + ret = subprocess.call(['wg genkey | tee ' + pk + '|wg pubkey > ' + pub], shell=True) + if ret != 0: + raise ConfigError("wireguard key-pair generation failed") + else: + sl.syslog(sl.LOG_NOTICE, "new keypair wireguard key generated in " + dir) + +def generate_psk(): + ret = subprocess.call(['wg genpsk >' + psk ], shell=True) + if ret != 0: + raise ConfigError("wireguard preshared-key generation failed") + else: + sl.syslog(sl.LOG_NOTICE, "wireguard preshared-key sucessfully generated in " + dir) + +def genkey(): + ### if umask 077 makes trouble, 027 will work + old_umask = os.umask(0o077) + if os.path.exists(pk) and os.path.exists(pub): + choice = input("You already have a wireguard key-pair already, do you want to re-generate? [y/n] ") + if choice == 'y' or choice == 'Y': + generate_keypair() + else: + if not os.path.exists(dir): + os.mkdir(dir) + generate_keypair() + os.umask(old_umask) + +def showkey(key): + if key == "pub": + if os.path.exists(pub): + print ( open(pub).read().strip() ) + else: + print("no public key found") + + if key == "pk": + if os.path.exists(pk): + print ( open(pk).read().strip() ) + else: + print("no private key found") + +def genpsk(): + old_umask = os.umask(0o077) + if os.path.exists(psk): + choice = input("You already have a preshared-key, do you want to re-generate? [y/n] ") + if choice == 'y' or choice == 'Y': + generate_psk() + else: + if not os.path.exists(dir): + os.mkdir(dir) + generate_psk() + os.umask(old_umask) + +def showpsk(): + if os.path.exists(psk): + print (open(psk).read().strip()) + else: + print("no preshared key found") + +if __name__ == '__main__': + check_kmod() + + parser = argparse.ArgumentParser(description='wireguard key management') + parser.add_argument('--genkey', action="store_true", help='generate key-pair') + parser.add_argument('--showpub', action="store_true", help='shows public key') + parser.add_argument('--showpriv', action="store_true", help='shows private key') + parser.add_argument('--genpsk', action="store_true", help='generates preshared-key') + parser.add_argument('--showpsk', action="store_true", help='show preshared-key') + args = parser.parse_args() + + try: + if args.genkey: + genkey() + if args.showpub: + showkey("pub") + if args.showpriv: + showkey("pk") + if args.genpsk: + genpsk() + if args.showpsk: + showpsk() + + except ConfigError as e: + print(e) + sys.exit(1) + diff --git a/src/op_mode/wireguard_key.py b/src/op_mode/wireguard_key.py deleted file mode 100755 index c7208843d..000000000 --- a/src/op_mode/wireguard_key.py +++ /dev/null @@ -1,123 +0,0 @@ -#!/usr/bin/env python3 -# -# Copyright (C) 2018 VyOS maintainers and contributors -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License version 2 or later as -# published by the Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . -# -# - -import argparse -import os -import sys -import subprocess -import syslog as sl - -from vyos import ConfigError - -dir = r'/config/auth/wireguard' -pk = dir + '/private.key' -pub = dir + '/public.key' -psk = dir + '/preshared.key' - -def check_kmod(): - if not os.path.exists('/sys/module/wireguard'): - sl.syslog(sl.LOG_NOTICE, "loading wirguard kmod") - if os.system('sudo modprobe wireguard') != 0: - sl.syslog(sl.LOG_ERR, "modprobe wireguard failed") - raise ConfigError("modprobe wireguard failed") - -def generate_keypair(): - ret = subprocess.call(['wg genkey | tee ' + pk + '|wg pubkey > ' + pub], shell=True) - if ret != 0: - raise ConfigError("wireguard key-pair generation failed") - else: - sl.syslog(sl.LOG_NOTICE, "new keypair wireguard key generated in " + dir) - -def generate_psk(): - ret = subprocess.call(['wg genpsk >' + psk ], shell=True) - if ret != 0: - raise ConfigError("wireguard preshared-key generation failed") - else: - sl.syslog(sl.LOG_NOTICE, "wireguard preshared-key sucessfully generated in " + dir) - -def genkey(): - ### if umask 077 makes trouble, 027 will work - old_umask = os.umask(0o077) - if os.path.exists(pk) and os.path.exists(pub): - choice = input("You already have a wireguard key-pair already, do you want to re-generate? [y/n] ") - if choice == 'y' or choice == 'Y': - generate_keypair() - else: - if not os.path.exists(dir): - os.mkdir(dir) - generate_keypair() - os.umask(old_umask) - -def showkey(key): - if key == "pub": - if os.path.exists(pub): - print ( open(pub).read().strip() ) - else: - print("no public key found") - - if key == "pk": - if os.path.exists(pk): - print ( open(pk).read().strip() ) - else: - print("no private key found") - -def genpsk(): - old_umask = os.umask(0o077) - if os.path.exists(psk): - choice = input("You already have a preshared-key, do you want to re-generate? [y/n] ") - if choice == 'y' or choice == 'Y': - generate_psk() - else: - if not os.path.exists(dir): - os.mkdir(dir) - generate_psk() - os.umask(old_umask) - -def showpsk(): - if os.path.exists(psk): - print (open(psk).read().strip()) - else: - print("no preshared key found") - -if __name__ == '__main__': - check_kmod() - - parser = argparse.ArgumentParser(description='wireguard key management') - parser.add_argument('--genkey', action="store_true", help='generate key-pair') - parser.add_argument('--showpub', action="store_true", help='shows public key') - parser.add_argument('--showpriv', action="store_true", help='shows private key') - parser.add_argument('--genpsk', action="store_true", help='generates preshared-key') - parser.add_argument('--showpsk', action="store_true", help='show preshared-key') - args = parser.parse_args() - - try: - if args.genkey: - genkey() - if args.showpub: - showkey("pub") - if args.showpriv: - showkey("pk") - if args.genpsk: - genpsk() - if args.showpsk: - showpsk() - - except ConfigError as e: - print(e) - sys.exit(1) - -- cgit v1.2.3 From 5d577637f8ced10a8cc769cf58c82fc069fd0669 Mon Sep 17 00:00:00 2001 From: hagbard Date: Fri, 31 Aug 2018 08:23:30 -0700 Subject: T793: preshared key op-mode parts --- op-mode-definitions/wireguard.xml | 6 ------ src/op_mode/wireguard.py | 33 ++++++--------------------------- 2 files changed, 6 insertions(+), 33 deletions(-) (limited to 'src/op_mode') diff --git a/op-mode-definitions/wireguard.xml b/op-mode-definitions/wireguard.xml index ec4c02b3a..a5e992f77 100644 --- a/op-mode-definitions/wireguard.xml +++ b/op-mode-definitions/wireguard.xml @@ -40,12 +40,6 @@ ${vyos_op_scripts_dir}/wireguard_key.py --showpriv - - - show wireguard preshared key - - ${vyos_op_scripts_dir}/wireguard_key.py --showpsk - diff --git a/src/op_mode/wireguard.py b/src/op_mode/wireguard.py index c7208843d..14ee66aaf 100755 --- a/src/op_mode/wireguard.py +++ b/src/op_mode/wireguard.py @@ -30,6 +30,7 @@ pub = dir + '/public.key' psk = dir + '/preshared.key' def check_kmod(): + """ check if kmod is loaded, if not load it """ if not os.path.exists('/sys/module/wireguard'): sl.syslog(sl.LOG_NOTICE, "loading wirguard kmod") if os.system('sudo modprobe wireguard') != 0: @@ -37,21 +38,15 @@ def check_kmod(): raise ConfigError("modprobe wireguard failed") def generate_keypair(): + """ generates a keypair which is stored in /config/auth/wireguard """ ret = subprocess.call(['wg genkey | tee ' + pk + '|wg pubkey > ' + pub], shell=True) if ret != 0: raise ConfigError("wireguard key-pair generation failed") else: sl.syslog(sl.LOG_NOTICE, "new keypair wireguard key generated in " + dir) -def generate_psk(): - ret = subprocess.call(['wg genpsk >' + psk ], shell=True) - if ret != 0: - raise ConfigError("wireguard preshared-key generation failed") - else: - sl.syslog(sl.LOG_NOTICE, "wireguard preshared-key sucessfully generated in " + dir) - def genkey(): - ### if umask 077 makes trouble, 027 will work + """ helper function to check, regenerate the keypair """ old_umask = os.umask(0o077) if os.path.exists(pk) and os.path.exists(pub): choice = input("You already have a wireguard key-pair already, do you want to re-generate? [y/n] ") @@ -64,6 +59,7 @@ def genkey(): os.umask(old_umask) def showkey(key): + """ helper function to show privkey or pubkey """ if key == "pub": if os.path.exists(pub): print ( open(pub).read().strip() ) @@ -77,22 +73,8 @@ def showkey(key): print("no private key found") def genpsk(): - old_umask = os.umask(0o077) - if os.path.exists(psk): - choice = input("You already have a preshared-key, do you want to re-generate? [y/n] ") - if choice == 'y' or choice == 'Y': - generate_psk() - else: - if not os.path.exists(dir): - os.mkdir(dir) - generate_psk() - os.umask(old_umask) - -def showpsk(): - if os.path.exists(psk): - print (open(psk).read().strip()) - else: - print("no preshared key found") + """ generates a preshared key and shows it on stdout, it's stroed only in the config """ + subprocess.call(['wg genpsk'], shell=True) if __name__ == '__main__': check_kmod() @@ -102,7 +84,6 @@ if __name__ == '__main__': parser.add_argument('--showpub', action="store_true", help='shows public key') parser.add_argument('--showpriv', action="store_true", help='shows private key') parser.add_argument('--genpsk', action="store_true", help='generates preshared-key') - parser.add_argument('--showpsk', action="store_true", help='show preshared-key') args = parser.parse_args() try: @@ -114,8 +95,6 @@ if __name__ == '__main__': showkey("pk") if args.genpsk: genpsk() - if args.showpsk: - showpsk() except ConfigError as e: print(e) -- cgit v1.2.3