diff options
| author | Christian Breunig <christian@breunig.cc> | 2025-03-20 22:05:04 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-03-20 22:05:04 +0100 |
| commit | f2d427bd6b2a2a39d6eb086dd0abdfa099b78cdd (patch) | |
| tree | 89fa2eb4d29ed11892934ae8fc859a011f55cd94 /interface-definitions | |
| parent | 7eec4583bf7feb900fad02e009b9ded11b52fd5d (diff) | |
| parent | 8021bdd62e4142caf4a5e82000c8ca3da99fcae4 (diff) | |
| download | vyos-1x-f2d427bd6b2a2a39d6eb086dd0abdfa099b78cdd.tar.gz vyos-1x-f2d427bd6b2a2a39d6eb086dd0abdfa099b78cdd.zip | |
Merge pull request #4402 from c-po/wireguard-key-T7246
wireguard: T7246: verify Base64 encoded 32byte boundary on keys
Diffstat (limited to 'interface-definitions')
| -rw-r--r-- | interface-definitions/include/constraint/wireguard-keys.xml.i | 6 | ||||
| -rw-r--r-- | interface-definitions/interfaces_wireguard.xml.in | 19 |
2 files changed, 11 insertions, 14 deletions
diff --git a/interface-definitions/include/constraint/wireguard-keys.xml.i b/interface-definitions/include/constraint/wireguard-keys.xml.i new file mode 100644 index 000000000..f59c86087 --- /dev/null +++ b/interface-definitions/include/constraint/wireguard-keys.xml.i @@ -0,0 +1,6 @@ +<!-- include start from constraint/wireguard-keys.xml.i --> +<constraint> + <validator name="base64" argument="--decoded-len 32"/> +</constraint> +<constraintErrorMessage>Key must be Base64-encoded with 32 bytes in length</constraintErrorMessage> +<!-- include end --> diff --git a/interface-definitions/interfaces_wireguard.xml.in b/interface-definitions/interfaces_wireguard.xml.in index 4f8b6c751..33cb5864a 100644 --- a/interface-definitions/interfaces_wireguard.xml.in +++ b/interface-definitions/interfaces_wireguard.xml.in @@ -56,10 +56,7 @@ <leafNode name="private-key"> <properties> <help>Base64 encoded private key</help> - <constraint> - <validator name="base64"/> - </constraint> - <constraintErrorMessage>Key is not base64-encoded</constraintErrorMessage> + #include <include/constraint/wireguard-keys.xml.i> </properties> </leafNode> <tagNode name="peer"> @@ -75,20 +72,14 @@ #include <include/generic-description.xml.i> <leafNode name="public-key"> <properties> - <help>base64 encoded public key</help> - <constraint> - <validator name="base64"/> - </constraint> - <constraintErrorMessage>Key is not base64-encoded</constraintErrorMessage> + <help>Base64 encoded public key</help> + #include <include/constraint/wireguard-keys.xml.i> </properties> </leafNode> <leafNode name="preshared-key"> <properties> - <help>base64 encoded preshared key</help> - <constraint> - <validator name="base64"/> - </constraint> - <constraintErrorMessage>Key is not base64-encoded</constraintErrorMessage> + <help>Base64 encoded preshared key</help> + #include <include/constraint/wireguard-keys.xml.i> </properties> </leafNode> <leafNode name="allowed-ips"> |