diff options
| author | Max Zettlmeißl <max@zettlmeissl.de> | 2024-07-18 10:20:14 +0200 |
|---|---|---|
| committer | Linus Färnstrand <faern@faern.net> | 2024-07-23 13:09:01 +0200 |
| commit | 527f900375f28433c017f4d5003d9f2f8c45f2f8 (patch) | |
| tree | 67259b81c2e9f7dfe3dc1acdbca80da291a1b64f | |
| parent | 5b9a6eb97fd6e0a23516d0814ad849603ff84427 (diff) | |
| download | mullvadvpn-527f900375f28433c017f4d5003d9f2f8c45f2f8.tar.xz mullvadvpn-527f900375f28433c017f4d5003d9f2f8c45f2f8.zip | |
Improve variable names, comments and error messages
Briefly explain the usage.
Make it clearer that the program does not work with an IPv6.
Remove the somewhat confusing usage of `trim`. The IP is not trimmed
either and it would only protect from a purposefully wrong argument
(With quoted or escaped spaces.)
Explain what the boolean parameters stand for.
Explain why the PSK has to be printed with `fmt::Debug`.
| -rw-r--r-- | talpid-tunnel-config-client/examples/psk-exchange.rs | 26 |
1 files changed, 16 insertions, 10 deletions
diff --git a/talpid-tunnel-config-client/examples/psk-exchange.rs b/talpid-tunnel-config-client/examples/psk-exchange.rs index bda08f3187..48643805fc 100644 --- a/talpid-tunnel-config-client/examples/psk-exchange.rs +++ b/talpid-tunnel-config-client/examples/psk-exchange.rs @@ -1,6 +1,9 @@ //! Example client implementing the quantum resistant tunnel PSK exchange. //! Useful to test this crate's implementation. +// Usage: ./psk-exchange <tuncfg_server_ip> <wireguard_public_key> +// e. g. ./psk-exchange 10.64.0.1 NkECLsf+VbZUjve7RVN6sE3NYUcYUmUn8qpFugqbXFk= + use std::net::IpAddr; use talpid_types::net::wireguard::{PrivateKey, PublicKey}; @@ -11,23 +14,26 @@ async fn main() { .next() .expect("Give tuncfg server IP as first argument") .parse() - .expect("tuncfg ip argument not a valid IP"); - let pubkey_string = args + .expect("tuncfg IP argument not a valid IPv4"); + let public_key_string = args .next() .expect("Give WireGuard public key as second argument"); - let pubkey = PublicKey::from_base64(pubkey_string.trim()).expect("Invalid public key"); - let private_key = PrivateKey::new_from_random(); + let public_key = PublicKey::from_base64(&public_key_string).expect("Invalid public key"); + // The ephemeral peer requires an ephemeral public WireGuard key, + // which can also be provided by other means. + let ephemeral_private_key = PrivateKey::new_from_random(); let ephemeral_peer = talpid_tunnel_config_client::request_ephemeral_peer( tuncfg_server_ip, - pubkey, - private_key.public_key(), - true, - false, + public_key, // Parent connection's public key. + ephemeral_private_key.public_key(), + true, // Whether to negotiate a "PQ-safe" PSK. + false, // Whether to use DAITA (Does not work with Linux kernel WireGuard.) ) .await .unwrap(); - println!("private key: {private_key:?}"); - println!("psk: {:?}", ephemeral_peer.psk.unwrap()); + println!("Private key: {ephemeral_private_key}"); + // Use fmt::Debug since Serialize is not implemented for PresharedKey. + println!("PSK: {:?}", ephemeral_peer.psk.unwrap()); } |