@highstate/wireguard 0.4.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/config/index.js +16 -0
- package/dist/identity/index.js +32 -0
- package/dist/network/index.js +13 -0
- package/dist/shared-RypNC0-F.js +86 -0
- package/package.json +31 -0
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
import { wireguard } from '@highstate/library';
|
|
2
|
+
import { forUnit } from '@highstate/pulumi';
|
|
3
|
+
import { b as generateIdentityConfig } from '../shared-RypNC0-F.js';
|
|
4
|
+
import '@noble/curves/ed25519';
|
|
5
|
+
|
|
6
|
+
const { inputs, outputs } = forUnit(wireguard.config);
|
|
7
|
+
var index = outputs({
|
|
8
|
+
$representation: {
|
|
9
|
+
showQRCode: true,
|
|
10
|
+
content: inputs.apply(({ identity, peers }) => {
|
|
11
|
+
return generateIdentityConfig(identity, peers);
|
|
12
|
+
})
|
|
13
|
+
}
|
|
14
|
+
});
|
|
15
|
+
|
|
16
|
+
export { index as default };
|
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
import { wireguard } from '@highstate/library';
|
|
2
|
+
import { forUnit, getOrCreateSecret } from '@highstate/pulumi';
|
|
3
|
+
import { g as generateKey, a as generatePresharedKey, c as convertPrivateKeyToPublicKey } from '../shared-RypNC0-F.js';
|
|
4
|
+
import '@noble/curves/ed25519';
|
|
5
|
+
|
|
6
|
+
const { name, args, inputs, secrets, outputs } = forUnit(wireguard.identity);
|
|
7
|
+
const privateKey = getOrCreateSecret(secrets, "privateKey", generateKey);
|
|
8
|
+
const presharedKeyPart = getOrCreateSecret(secrets, "presharedKeyPart", () => {
|
|
9
|
+
return inputs.network.apply((network) => {
|
|
10
|
+
return network?.presharedKeyMode === "secure" ? generatePresharedKey() : undefined;
|
|
11
|
+
});
|
|
12
|
+
});
|
|
13
|
+
var index = outputs({
|
|
14
|
+
identity: {
|
|
15
|
+
name: args.peerName ?? name,
|
|
16
|
+
network: inputs.network,
|
|
17
|
+
address: args.address,
|
|
18
|
+
privateKey,
|
|
19
|
+
presharedKeyPart
|
|
20
|
+
},
|
|
21
|
+
peer: {
|
|
22
|
+
name: args.peerName ?? name,
|
|
23
|
+
network: inputs.network,
|
|
24
|
+
address: args.address,
|
|
25
|
+
publicKey: privateKey.apply(convertPrivateKeyToPublicKey),
|
|
26
|
+
allowedIps: args.allowedIps ?? [args.address],
|
|
27
|
+
endpoint: args.endpoint,
|
|
28
|
+
presharedKeyPart
|
|
29
|
+
}
|
|
30
|
+
});
|
|
31
|
+
|
|
32
|
+
export { index as default };
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
import { wireguard } from '@highstate/library';
|
|
2
|
+
import { forUnit } from '@highstate/pulumi';
|
|
3
|
+
|
|
4
|
+
const { args, secrets, outputs } = forUnit(wireguard.network);
|
|
5
|
+
var index = outputs({
|
|
6
|
+
network: {
|
|
7
|
+
backend: args.backend ?? "wireguard",
|
|
8
|
+
presharedKeyMode: args.presharedKeyMode ?? "none",
|
|
9
|
+
globalPresharedKey: secrets.globalPresharedKey
|
|
10
|
+
}
|
|
11
|
+
});
|
|
12
|
+
|
|
13
|
+
export { index as default };
|
|
@@ -0,0 +1,86 @@
|
|
|
1
|
+
import { ed25519 } from '@noble/curves/ed25519';
|
|
2
|
+
|
|
3
|
+
const crypto = typeof globalThis === 'object' && 'crypto' in globalThis ? globalThis.crypto : undefined;
|
|
4
|
+
|
|
5
|
+
/*! noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com) */
|
|
6
|
+
/**
|
|
7
|
+
* Utilities for hex, bytes, CSPRNG.
|
|
8
|
+
* @module
|
|
9
|
+
*/
|
|
10
|
+
// We use WebCrypto aka globalThis.crypto, which exists in browsers and node.js 16+.
|
|
11
|
+
// node.js versions earlier than v19 don't declare it in global scope.
|
|
12
|
+
// For node.js, package.json#exports field mapping rewrites import
|
|
13
|
+
// from `crypto` to `cryptoNode`, which imports native module.
|
|
14
|
+
// Makes the utils un-importable in browsers without a bundler.
|
|
15
|
+
// Once node.js 18 is deprecated (2025-04-30), we can just drop the import.
|
|
16
|
+
/**
|
|
17
|
+
* Secure PRNG. Uses `crypto.getRandomValues`, which defers to OS.
|
|
18
|
+
*/
|
|
19
|
+
function randomBytes(bytesLength = 32) {
|
|
20
|
+
if (crypto && typeof crypto.getRandomValues === 'function') {
|
|
21
|
+
return crypto.getRandomValues(new Uint8Array(bytesLength));
|
|
22
|
+
}
|
|
23
|
+
// Legacy Node.js compatibility
|
|
24
|
+
if (crypto && typeof crypto.randomBytes === 'function') {
|
|
25
|
+
return crypto.randomBytes(bytesLength);
|
|
26
|
+
}
|
|
27
|
+
throw new Error('crypto.getRandomValues must be defined');
|
|
28
|
+
}
|
|
29
|
+
|
|
30
|
+
function generateKey() {
|
|
31
|
+
const key = ed25519.utils.randomPrivateKey();
|
|
32
|
+
return Buffer.from(key).toString("base64");
|
|
33
|
+
}
|
|
34
|
+
function convertPrivateKeyToPublicKey(privateKey) {
|
|
35
|
+
const key = Buffer.from(privateKey, "base64");
|
|
36
|
+
return Buffer.from(ed25519.getPublicKey(key)).toString("base64");
|
|
37
|
+
}
|
|
38
|
+
function generatePresharedKey() {
|
|
39
|
+
const key = randomBytes(32);
|
|
40
|
+
return Buffer.from(key).toString("base64");
|
|
41
|
+
}
|
|
42
|
+
function combinePresharedKeyParts(part1, part2) {
|
|
43
|
+
const key1 = Buffer.from(part1, "base64");
|
|
44
|
+
const key2 = Buffer.from(part2, "base64");
|
|
45
|
+
const result = new Uint8Array(32);
|
|
46
|
+
for (let i = 0; i < 32; i++) {
|
|
47
|
+
result[i] = key1[i] ^ key2[i];
|
|
48
|
+
}
|
|
49
|
+
return Buffer.from(result).toString("base64");
|
|
50
|
+
}
|
|
51
|
+
function generatePeerConfig(identity, peer) {
|
|
52
|
+
const lines = [
|
|
53
|
+
"[Peer]",
|
|
54
|
+
`# ${peer.name}`,
|
|
55
|
+
`PublicKey = ${peer.publicKey}`,
|
|
56
|
+
`AllowedIPs = ${peer.allowedIps.join(", ")}`
|
|
57
|
+
];
|
|
58
|
+
if (peer.endpoint) {
|
|
59
|
+
lines.push(`Endpoint = ${peer.endpoint}`);
|
|
60
|
+
}
|
|
61
|
+
if (identity.presharedKeyPart && peer.presharedKeyPart) {
|
|
62
|
+
const presharedKey = combinePresharedKeyParts(identity.presharedKeyPart, peer.presharedKeyPart);
|
|
63
|
+
lines.push(`PresharedKey = ${presharedKey}`);
|
|
64
|
+
} else if (identity.network?.globalPresharedKey) {
|
|
65
|
+
if (identity.network.globalPresharedKey !== peer.network?.globalPresharedKey) {
|
|
66
|
+
throw new Error("The global preshared key must be the same for all peers.");
|
|
67
|
+
}
|
|
68
|
+
lines.push(`PresharedKey = ${identity.network.globalPresharedKey}`);
|
|
69
|
+
}
|
|
70
|
+
return lines.join("\n");
|
|
71
|
+
}
|
|
72
|
+
function generateIdentityConfig(identity, peers) {
|
|
73
|
+
const lines = [
|
|
74
|
+
"[Interface]",
|
|
75
|
+
`# ${identity.name}`,
|
|
76
|
+
`Address = ${identity.address}`,
|
|
77
|
+
`PrivateKey = ${identity.privateKey}`
|
|
78
|
+
];
|
|
79
|
+
for (const peer of peers) {
|
|
80
|
+
lines.push("");
|
|
81
|
+
lines.push(generatePeerConfig(identity, peer));
|
|
82
|
+
}
|
|
83
|
+
return lines.join("\n");
|
|
84
|
+
}
|
|
85
|
+
|
|
86
|
+
export { generatePresharedKey as a, generateIdentityConfig as b, convertPrivateKeyToPublicKey as c, generateKey as g };
|
package/package.json
ADDED
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
{
|
|
2
|
+
"name": "@highstate/wireguard",
|
|
3
|
+
"version": "0.4.2",
|
|
4
|
+
"type": "module",
|
|
5
|
+
"files": [
|
|
6
|
+
"dist"
|
|
7
|
+
],
|
|
8
|
+
"exports": {
|
|
9
|
+
"./network": "./dist/network/index.js",
|
|
10
|
+
"./identity": "./dist/identity/index.js",
|
|
11
|
+
"./config": "./dist/config/index.js"
|
|
12
|
+
},
|
|
13
|
+
"publishConfig": {
|
|
14
|
+
"access": "public"
|
|
15
|
+
},
|
|
16
|
+
"scripts": {
|
|
17
|
+
"build": "pkgroll --tsconfig=tsconfig.build.json"
|
|
18
|
+
},
|
|
19
|
+
"dependencies": {
|
|
20
|
+
"@highstate/pulumi": "^0.4.2",
|
|
21
|
+
"@noble/curves": "^1.8.0",
|
|
22
|
+
"@pulumi/command": "^1.0.1"
|
|
23
|
+
},
|
|
24
|
+
"peerDependencies": {
|
|
25
|
+
"@highstate/library": "workspace:^"
|
|
26
|
+
},
|
|
27
|
+
"devDependencies": {
|
|
28
|
+
"pkgroll": "^2.5.1"
|
|
29
|
+
},
|
|
30
|
+
"gitHead": "e88c7c588267cf028c054f694d402902dc057919"
|
|
31
|
+
}
|