-
Notifications
You must be signed in to change notification settings - Fork 1.1k
/
wireguard.go
134 lines (107 loc) · 3.21 KB
/
wireguard.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
package certs
import (
"encoding/hex"
"errors"
"github.com/bishopfox/sliver/server/db"
"github.com/bishopfox/sliver/server/db/models"
"github.com/bishopfox/sliver/server/log"
"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
"gorm.io/gorm"
)
var (
wgKeysLog = log.NamedLogger("certs", "wg-keys")
ErrWGPeerDoesNotExist = errors.New("wg peer does not exist")
ErrWGServerKeysDoNotExist = errors.New("wg server keys do not exist")
)
// SetupWGKeys - Setup server keys
func SetupWGKeys() {
if _, _, err := GetWGServerKeys(); err != nil {
wgKeysLog.Info("No wg server keys detected")
GenerateWGKeys(false, "")
}
}
// ImplantGenerateWGKeys - Generate WG keys for implant
func ImplantGenerateWGKeys(wgPeerTunIP string) (string, string, error) {
isPeer := true
privKey, pubKey, err := GenerateWGKeys(isPeer, wgPeerTunIP)
if err != nil {
wgKeysLog.Errorf("Error generating wg keys for peer: %s", err)
wgKeysLog.Errorf("priv: %s", privKey)
wgKeysLog.Errorf("pub: %s", pubKey)
return "", "", err
}
return privKey, pubKey, nil
}
// GetWGSPeers - Get a map of Pubkey:TunIP for existing wg peers
func GetWGPeers() (map[string]string, error) {
peers := make(map[string]string)
wgPeerModels := []models.WGPeer{}
dbSession := db.Session()
err := dbSession.Where(&models.WGPeer{}).Find(&wgPeerModels).Error
if errors.Is(err, db.ErrRecordNotFound) {
return nil, ErrWGPeerDoesNotExist
} else if err != nil {
return nil, err
}
for _, v := range wgPeerModels {
peers[v.PubKey] = v.TunIP
}
return peers, nil
}
// GetWGServerKeys - Get existing wg server keys
func GetWGServerKeys() (string, string, error) {
wgKeysLog.Info("Getting wg keys for wg server")
wgKeysModel := models.WGKeys{}
dbSession := db.Session()
result := dbSession.First(&wgKeysModel)
if errors.Is(result.Error, db.ErrRecordNotFound) {
return "", "", ErrWGServerKeysDoNotExist
}
if result.Error != nil {
return "", "", result.Error
}
return wgKeysModel.PrivKey, wgKeysModel.PubKey, nil
}
// GenerateWGKeys - Generates and saves new wg keys
func GenerateWGKeys(isPeer bool, wgPeerTunIP string) (string, string, error) {
privKey, pubKey, err := genWGKeys()
if err != nil {
return "", "", err
}
if err := saveWGKeys(isPeer, wgPeerTunIP, privKey, pubKey); err != nil {
wgKeysLog.Error("Error Saving wg keys: ", err)
return "", "", err
}
return privKey, pubKey, nil
}
func genWGKeys() (string, string, error) {
wgKeysLog.Infof("Generating wg keys")
privateKey, err := wgtypes.GeneratePrivateKey()
if err != nil {
wgKeysLog.Warnf("Failed to generate private key: %s", err)
return "", "", err
}
publicKey := privateKey.PublicKey()
return hex.EncodeToString(privateKey[:]), hex.EncodeToString(publicKey[:]), nil
}
// saveWGKeys - Saves wg keys to the database
func saveWGKeys(isPeer bool, wgPeerTunIP string, privKey string, pubKey string) error {
wgKeysLog.Info("Saving wg keys")
dbSession := db.Session()
var result *gorm.DB
if isPeer {
wgPeerModels := &models.WGPeer{
PrivKey: privKey,
PubKey: pubKey,
TunIP: wgPeerTunIP,
}
result = dbSession.Create(&wgPeerModels)
} else {
wgKeysModel := &models.WGKeys{
PrivKey: privKey,
PubKey: pubKey,
}
result = dbSession.Create(&wgKeysModel)
}
return result.Error
}