From c0f67c806457b20e71d9f9b99b0c995c5abf2909 Mon Sep 17 00:00:00 2001
From: Sergey Matveev <stargrave@stargrave.org>
Date: Sat, 10 Jan 2015 20:35:01 +0300
Subject: [PATCH] Specify PSK through the file, not as command line argument

Signed-off-by: Sergey Matveev <stargrave@stargrave.org>
---
 README   | 11 +++++++----
 govpn.go | 17 ++++++++++++-----
 2 files changed, 19 insertions(+), 9 deletions(-)

diff --git a/README b/README
index 938b60b..078c42e 100644
--- a/README
+++ b/README
@@ -65,6 +65,9 @@ transport. MTU for that wlan0 is 1500 bytes. GoVPN will say that maximum
 MTU for the link is 1476, however it does not take in account TAP's
 Ethernet frame header length, that in my case is 14 bytes long (1476 - 14).
 
+    common% umask 066
+    common% echo MYLONG64HEXKEY > key.txt
+
 GNU/Linux IPv4 client-server example:
 
     server% ip addr add 192.168.0.1/24 dev wlan0
@@ -72,7 +75,7 @@ GNU/Linux IPv4 client-server example:
     server% ip link set mtu 1462 dev tap10
     server% ip addr add 172.16.0.1/24 dev tap10
     server% ip link set up dev tap10
-    server% govpn -key KEY -iface tap10 -bind 192.168.0.1:1194
+    server% govpn -key key.txt -iface tap10 -bind 192.168.0.1:1194
 
     client% ip addr add 192.168.0.2/24 dev wlan0
     client% tunctl -t tap10
@@ -80,20 +83,20 @@ GNU/Linux IPv4 client-server example:
     client% ip addr add 172.16.0.2/24 dev tap10
     client% ip link set up dev tap10
     client% ip route add default via 172.16.0.1
-    client% while :; do govpn -key KEY -iface tap10 -remote 192.168.0.1:1194; done
+    client% while :; do govpn -key key.txt -iface tap10 -remote 192.168.0.1:1194; done
 
 FreeBSD IPv6 client-server example:
 
     server% ifconfig em0 inet6 fe80::1/64
     server% ifconfig tap10 create
     server% ifconfig tap10 inet6 fc00::1/96 mtu 1462 up
-    server% govpn -key KEY -face tap10 -bind fe80::1%em0
+    server% govpn -key key.txt -face tap10 -bind fe80::1%em0
 
     client% ifconfig me0 inet6 -ifdisabled auto_linklocal
     client% ifconfig tap10
     client% ifconfig tap10 inet6 fc00::2/96 mtu 1462 up
     client% route -6 add default fc00::1
-    client% while :; do govpn -key KEY -iface tap10 -remote [fe80::1%me0]:1194; done
+    client% while :; do govpn -key key.txt -iface tap10 -remote [fe80::1%me0]:1194; done
 
 If client won't finish handshake during -timeout, then it will exit.
 If no packets are received from remote side during timeout, then daemon
diff --git a/govpn.go b/govpn.go
index a06456d..b52c0a6 100644
--- a/govpn.go
+++ b/govpn.go
@@ -23,6 +23,7 @@ import (
 	"flag"
 	"fmt"
 	"io"
+	"io/ioutil"
 	"log"
 	"net"
 	"time"
@@ -35,7 +36,7 @@ var (
 	remoteAddr = flag.String("remote", "", "Remote server address")
 	bindAddr   = flag.String("bind", "", "Bind to address")
 	ifaceName  = flag.String("iface", "tap0", "TAP network interface")
-	keyHex     = flag.String("key", "", "Authentication key")
+	keyPath    = flag.String("key", "", "Path to authentication key file")
 	mtu        = flag.Int("mtu", 1500, "MTU")
 	timeout    = flag.Int("timeout", 60, "Timeout seconds")
 	verbose    = flag.Bool("v", false, "Increase verbosity")
@@ -70,15 +71,21 @@ func main() {
 	log.SetFlags(log.Ldate | log.Lmicroseconds | log.Lshortfile)
 
 	// Key decoding
-	if len(*keyHex) != 64 {
-		panic("Key is required argument (64 hex characters)")
+	keyData, err := ioutil.ReadFile(*keyPath)
+	if err != nil {
+		panic("Unable to read keyfile: " + err.Error())
+	}
+	if len(keyData) < 64 {
+		panic("Key must be 64 hex characters long")
 	}
-	keyDecoded, err := hex.DecodeString(*keyHex)
+	keyDecoded, err := hex.DecodeString(string(keyData[0:64]))
 	if err != nil {
-		panic(err)
+		panic("Unable to decode the key: " + err.Error())
 	}
 	key := new([KeySize]byte)
 	copy(key[:], keyDecoded)
+	keyDecoded = nil
+	keyData = nil
 
 	// Interface listening
 	maxIfacePktSize := *mtu - poly1305.TagSize - NonceSize
-- 
2.44.0