wgengine/magicsock: remove uses of tailcfg.DiscoKey.
Updates #3206 Signed-off-by: David Anderson <danderson@tailscale.com>
This commit is contained in:
parent
3eda4ff877
commit
ad0735303d
|
@ -94,6 +94,15 @@ func NodeKeyFromNodePublic(k key.NodePublic) NodeKey {
|
||||||
// It's never written to disk or reused between network start-ups.
|
// It's never written to disk or reused between network start-ups.
|
||||||
type DiscoKey [32]byte
|
type DiscoKey [32]byte
|
||||||
|
|
||||||
|
// NodeKeyFromNodePublic returns k converted to a DiscoKey.
|
||||||
|
//
|
||||||
|
// Deprecated: exists only as a compatibility bridge while DiscoKey
|
||||||
|
// gets removed from the codebase. Do not introduce new uses that
|
||||||
|
// aren't related to #3206.
|
||||||
|
func DiscoKeyFromDiscoPublic(k key.DiscoPublic) DiscoKey {
|
||||||
|
return k.Raw32()
|
||||||
|
}
|
||||||
|
|
||||||
// User is an IPN user.
|
// User is an IPN user.
|
||||||
//
|
//
|
||||||
// A user can have multiple logins associated with it (e.g. gmail and github oauth).
|
// A user can have multiple logins associated with it (e.g. gmail and github oauth).
|
||||||
|
|
|
@ -92,6 +92,14 @@ func (k DiscoPublic) IsZero() bool {
|
||||||
return k == DiscoPublic{}
|
return k == DiscoPublic{}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Raw32 returns k encoded as 32 raw bytes.
|
||||||
|
//
|
||||||
|
// Deprecated: only needed for a temporary compat shim in tailcfg, do
|
||||||
|
// not add more uses.
|
||||||
|
func (k DiscoPublic) Raw32() [32]byte {
|
||||||
|
return k.k
|
||||||
|
}
|
||||||
|
|
||||||
// ShortString returns the Tailscale conventional debug representation
|
// ShortString returns the Tailscale conventional debug representation
|
||||||
// of a disco key.
|
// of a disco key.
|
||||||
func (k DiscoPublic) ShortString() string {
|
func (k DiscoPublic) ShortString() string {
|
||||||
|
|
|
@ -28,7 +28,6 @@ import (
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"go4.org/mem"
|
"go4.org/mem"
|
||||||
"golang.org/x/crypto/nacl/box"
|
|
||||||
"golang.zx2c4.com/wireguard/conn"
|
"golang.zx2c4.com/wireguard/conn"
|
||||||
"inet.af/netaddr"
|
"inet.af/netaddr"
|
||||||
"tailscale.com/control/controlclient"
|
"tailscale.com/control/controlclient"
|
||||||
|
@ -98,14 +97,14 @@ type peerMap struct {
|
||||||
|
|
||||||
// nodesOfDisco are contains the set of nodes that are using a
|
// nodesOfDisco are contains the set of nodes that are using a
|
||||||
// DiscoKey. Usually those sets will be just one node.
|
// DiscoKey. Usually those sets will be just one node.
|
||||||
nodesOfDisco map[tailcfg.DiscoKey]map[tailcfg.NodeKey]bool
|
nodesOfDisco map[key.DiscoPublic]map[tailcfg.NodeKey]bool
|
||||||
}
|
}
|
||||||
|
|
||||||
func newPeerMap() peerMap {
|
func newPeerMap() peerMap {
|
||||||
return peerMap{
|
return peerMap{
|
||||||
byNodeKey: map[tailcfg.NodeKey]*peerInfo{},
|
byNodeKey: map[tailcfg.NodeKey]*peerInfo{},
|
||||||
byIPPort: map[netaddr.IPPort]*peerInfo{},
|
byIPPort: map[netaddr.IPPort]*peerInfo{},
|
||||||
nodesOfDisco: map[tailcfg.DiscoKey]map[tailcfg.NodeKey]bool{},
|
nodesOfDisco: map[key.DiscoPublic]map[tailcfg.NodeKey]bool{},
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -116,7 +115,7 @@ func (m *peerMap) nodeCount() int {
|
||||||
|
|
||||||
// anyEndpointForDiscoKey reports whether there exists any
|
// anyEndpointForDiscoKey reports whether there exists any
|
||||||
// peers in the netmap with dk as their DiscoKey.
|
// peers in the netmap with dk as their DiscoKey.
|
||||||
func (m *peerMap) anyEndpointForDiscoKey(dk tailcfg.DiscoKey) bool {
|
func (m *peerMap) anyEndpointForDiscoKey(dk key.DiscoPublic) bool {
|
||||||
return len(m.nodesOfDisco[dk]) > 0
|
return len(m.nodesOfDisco[dk]) > 0
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -150,7 +149,7 @@ func (m *peerMap) forEachEndpoint(f func(ep *endpoint)) {
|
||||||
|
|
||||||
// forEachEndpointWithDiscoKey invokes f on every endpoint in m
|
// forEachEndpointWithDiscoKey invokes f on every endpoint in m
|
||||||
// that has the provided DiscoKey.
|
// that has the provided DiscoKey.
|
||||||
func (m *peerMap) forEachEndpointWithDiscoKey(dk tailcfg.DiscoKey, f func(ep *endpoint)) {
|
func (m *peerMap) forEachEndpointWithDiscoKey(dk key.DiscoPublic, f func(ep *endpoint)) {
|
||||||
for nk := range m.nodesOfDisco[dk] {
|
for nk := range m.nodesOfDisco[dk] {
|
||||||
pi, ok := m.byNodeKey[nk]
|
pi, ok := m.byNodeKey[nk]
|
||||||
if !ok {
|
if !ok {
|
||||||
|
@ -356,15 +355,15 @@ type Conn struct {
|
||||||
// discoPrivate is the private naclbox key used for active
|
// discoPrivate is the private naclbox key used for active
|
||||||
// discovery traffic. It's created once near (but not during)
|
// discovery traffic. It's created once near (but not during)
|
||||||
// construction.
|
// construction.
|
||||||
discoPrivate key.Private
|
discoPrivate key.DiscoPrivate
|
||||||
discoPublic tailcfg.DiscoKey // public of discoPrivate
|
discoPublic key.DiscoPublic // public of discoPrivate
|
||||||
discoShort string // ShortString of discoPublic (to save logging work later)
|
discoShort string // ShortString of discoPublic (to save logging work later)
|
||||||
// nodeOfDisco tracks the networkmap Node entity for each peer
|
// nodeOfDisco tracks the networkmap Node entity for each peer
|
||||||
// discovery key.
|
// discovery key.
|
||||||
peerMap peerMap
|
peerMap peerMap
|
||||||
|
|
||||||
// discoInfo is the state for an active DiscoKey.
|
// discoInfo is the state for an active DiscoKey.
|
||||||
discoInfo map[tailcfg.DiscoKey]*discoInfo
|
discoInfo map[key.DiscoPublic]*discoInfo
|
||||||
|
|
||||||
// netInfoFunc is a callback that provides a tailcfg.NetInfo when
|
// netInfoFunc is a callback that provides a tailcfg.NetInfo when
|
||||||
// discovered network conditions change.
|
// discovered network conditions change.
|
||||||
|
@ -529,7 +528,7 @@ func newConn() *Conn {
|
||||||
derpStarted: make(chan struct{}),
|
derpStarted: make(chan struct{}),
|
||||||
peerLastDerp: make(map[key.NodePublic]int),
|
peerLastDerp: make(map[key.NodePublic]int),
|
||||||
peerMap: newPeerMap(),
|
peerMap: newPeerMap(),
|
||||||
discoInfo: make(map[tailcfg.DiscoKey]*discoInfo),
|
discoInfo: make(map[key.DiscoPublic]*discoInfo),
|
||||||
}
|
}
|
||||||
c.bind = &connBind{Conn: c, closed: true}
|
c.bind = &connBind{Conn: c, closed: true}
|
||||||
c.muCond = sync.NewCond(&c.mu)
|
c.muCond = sync.NewCond(&c.mu)
|
||||||
|
@ -931,13 +930,13 @@ func (c *Conn) derpRegionCodeLocked(regionID int) string {
|
||||||
}
|
}
|
||||||
|
|
||||||
// DiscoPublicKey returns the discovery public key.
|
// DiscoPublicKey returns the discovery public key.
|
||||||
func (c *Conn) DiscoPublicKey() tailcfg.DiscoKey {
|
func (c *Conn) DiscoPublicKey() key.DiscoPublic {
|
||||||
c.mu.Lock()
|
c.mu.Lock()
|
||||||
defer c.mu.Unlock()
|
defer c.mu.Unlock()
|
||||||
if c.discoPrivate.IsZero() {
|
if c.discoPrivate.IsZero() {
|
||||||
priv := key.NewPrivate()
|
priv := key.NewDisco()
|
||||||
c.discoPrivate = priv
|
c.discoPrivate = priv
|
||||||
c.discoPublic = tailcfg.DiscoKey(priv.Public())
|
c.discoPublic = priv.Public()
|
||||||
c.discoShort = c.discoPublic.ShortString()
|
c.discoShort = c.discoPublic.ShortString()
|
||||||
c.logf("magicsock: disco key = %v", c.discoShort)
|
c.logf("magicsock: disco key = %v", c.discoShort)
|
||||||
}
|
}
|
||||||
|
@ -1747,7 +1746,7 @@ const (
|
||||||
//
|
//
|
||||||
// The dstKey should only be non-zero if the dstDisco key
|
// The dstKey should only be non-zero if the dstDisco key
|
||||||
// unambiguously maps to exactly one peer.
|
// unambiguously maps to exactly one peer.
|
||||||
func (c *Conn) sendDiscoMessage(dst netaddr.IPPort, dstKey tailcfg.NodeKey, dstDisco tailcfg.DiscoKey, m disco.Message, logLevel discoLogLevel) (sent bool, err error) {
|
func (c *Conn) sendDiscoMessage(dst netaddr.IPPort, dstKey tailcfg.NodeKey, dstDisco key.DiscoPublic, m disco.Message, logLevel discoLogLevel) (sent bool, err error) {
|
||||||
c.mu.Lock()
|
c.mu.Lock()
|
||||||
if c.closed {
|
if c.closed {
|
||||||
c.mu.Unlock()
|
c.mu.Unlock()
|
||||||
|
@ -1759,12 +1758,12 @@ func (c *Conn) sendDiscoMessage(dst netaddr.IPPort, dstKey tailcfg.NodeKey, dstD
|
||||||
}
|
}
|
||||||
pkt := make([]byte, 0, 512) // TODO: size it correctly? pool? if it matters.
|
pkt := make([]byte, 0, 512) // TODO: size it correctly? pool? if it matters.
|
||||||
pkt = append(pkt, disco.Magic...)
|
pkt = append(pkt, disco.Magic...)
|
||||||
pkt = append(pkt, c.discoPublic[:]...)
|
pkt = c.discoPublic.AppendTo(pkt)
|
||||||
pkt = append(pkt, nonce[:]...)
|
|
||||||
di := c.discoInfoLocked(dstDisco)
|
di := c.discoInfoLocked(dstDisco)
|
||||||
c.mu.Unlock()
|
c.mu.Unlock()
|
||||||
|
|
||||||
pkt = box.SealAfterPrecomputation(pkt, m.AppendMarshal(nil), &nonce, di.sharedKey)
|
box := di.sharedKey.Seal(m.AppendMarshal(nil))
|
||||||
|
pkt = append(pkt, box...)
|
||||||
sent, err = c.sendAddr(dst, key.NodePublicFromRaw32(mem.B(dstKey[:])), pkt)
|
sent, err = c.sendAddr(dst, key.NodePublicFromRaw32(mem.B(dstKey[:])), pkt)
|
||||||
if sent {
|
if sent {
|
||||||
if logLevel == discoLog || (logLevel == discoVerboseLog && debugDisco) {
|
if logLevel == discoLog || (logLevel == discoVerboseLog && debugDisco) {
|
||||||
|
@ -1799,7 +1798,7 @@ func (c *Conn) sendDiscoMessage(dst netaddr.IPPort, dstKey tailcfg.NodeKey, dstD
|
||||||
// it was received from at the DERP layer. derpNodeSrc is zero when received
|
// it was received from at the DERP layer. derpNodeSrc is zero when received
|
||||||
// over UDP.
|
// over UDP.
|
||||||
func (c *Conn) handleDiscoMessage(msg []byte, src netaddr.IPPort, derpNodeSrc tailcfg.NodeKey) (isDiscoMsg bool) {
|
func (c *Conn) handleDiscoMessage(msg []byte, src netaddr.IPPort, derpNodeSrc tailcfg.NodeKey) (isDiscoMsg bool) {
|
||||||
const headerLen = len(disco.Magic) + len(tailcfg.DiscoKey{}) + disco.NonceLen
|
headerLen := len(disco.Magic) + key.DiscoPublic{}.RawLen()
|
||||||
if len(msg) < headerLen || string(msg[:len(disco.Magic)]) != disco.Magic {
|
if len(msg) < headerLen || string(msg[:len(disco.Magic)]) != disco.Magic {
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
@ -1810,8 +1809,7 @@ func (c *Conn) handleDiscoMessage(msg []byte, src netaddr.IPPort, derpNodeSrc ta
|
||||||
// Use naked returns for all following paths.
|
// Use naked returns for all following paths.
|
||||||
isDiscoMsg = true
|
isDiscoMsg = true
|
||||||
|
|
||||||
var sender tailcfg.DiscoKey
|
sender := key.DiscoPublicFromRaw32(mem.B(msg[len(disco.Magic) : len(disco.Magic)+key.DiscoPublic{}.RawLen()]))
|
||||||
copy(sender[:], msg[len(disco.Magic):])
|
|
||||||
|
|
||||||
c.mu.Lock()
|
c.mu.Lock()
|
||||||
defer c.mu.Unlock()
|
defer c.mu.Unlock()
|
||||||
|
@ -1848,10 +1846,8 @@ func (c *Conn) handleDiscoMessage(msg []byte, src netaddr.IPPort, derpNodeSrc ta
|
||||||
|
|
||||||
di := c.discoInfoLocked(sender)
|
di := c.discoInfoLocked(sender)
|
||||||
|
|
||||||
var nonce [disco.NonceLen]byte
|
|
||||||
copy(nonce[:], msg[len(disco.Magic)+key.NodePublic{}.RawLen():])
|
|
||||||
sealedBox := msg[headerLen:]
|
sealedBox := msg[headerLen:]
|
||||||
payload, ok := box.OpenAfterPrecomputation(nil, sealedBox, &nonce, di.sharedKey)
|
payload, ok := di.sharedKey.Open(sealedBox)
|
||||||
if !ok {
|
if !ok {
|
||||||
// This might be have been intended for a previous
|
// This might be have been intended for a previous
|
||||||
// disco key. When we restart we get a new disco key
|
// disco key. When we restart we get a new disco key
|
||||||
|
@ -1931,7 +1927,7 @@ func (c *Conn) handleDiscoMessage(msg []byte, src netaddr.IPPort, derpNodeSrc ta
|
||||||
// derpNodeSrc is non-zero if the disco ping arrived via DERP.
|
// derpNodeSrc is non-zero if the disco ping arrived via DERP.
|
||||||
//
|
//
|
||||||
// c.mu must be held.
|
// c.mu must be held.
|
||||||
func (c *Conn) unambiguousNodeKeyOfPingLocked(dm *disco.Ping, dk tailcfg.DiscoKey, derpNodeSrc tailcfg.NodeKey) (nk tailcfg.NodeKey, ok bool) {
|
func (c *Conn) unambiguousNodeKeyOfPingLocked(dm *disco.Ping, dk key.DiscoPublic, derpNodeSrc tailcfg.NodeKey) (nk tailcfg.NodeKey, ok bool) {
|
||||||
if !derpNodeSrc.IsZero() {
|
if !derpNodeSrc.IsZero() {
|
||||||
if ep, ok := c.peerMap.endpointForNodeKey(derpNodeSrc); ok && ep.discoKey == dk {
|
if ep, ok := c.peerMap.endpointForNodeKey(derpNodeSrc); ok && ep.discoKey == dk {
|
||||||
return derpNodeSrc, true
|
return derpNodeSrc, true
|
||||||
|
@ -2070,15 +2066,14 @@ func (c *Conn) enqueueCallMeMaybe(derpAddr netaddr.IPPort, de *endpoint) {
|
||||||
// discoInfoLocked returns the previous or new discoInfo for k.
|
// discoInfoLocked returns the previous or new discoInfo for k.
|
||||||
//
|
//
|
||||||
// c.mu must be held.
|
// c.mu must be held.
|
||||||
func (c *Conn) discoInfoLocked(k tailcfg.DiscoKey) *discoInfo {
|
func (c *Conn) discoInfoLocked(k key.DiscoPublic) *discoInfo {
|
||||||
di, ok := c.discoInfo[k]
|
di, ok := c.discoInfo[k]
|
||||||
if !ok {
|
if !ok {
|
||||||
di = &discoInfo{
|
di = &discoInfo{
|
||||||
discoKey: k,
|
discoKey: k,
|
||||||
discoShort: k.ShortString(),
|
discoShort: k.ShortString(),
|
||||||
sharedKey: new([32]byte),
|
sharedKey: c.discoPrivate.Shared(k),
|
||||||
}
|
}
|
||||||
box.Precompute(di.sharedKey, key.Public(k).B32(), c.discoPrivate.B32())
|
|
||||||
c.discoInfo[k] = di
|
c.discoInfo[k] = di
|
||||||
}
|
}
|
||||||
return di
|
return di
|
||||||
|
@ -2274,7 +2269,7 @@ func (c *Conn) SetNetworkMap(nm *netmap.NetworkMap) {
|
||||||
endpointState: map[netaddr.IPPort]*endpointState{},
|
endpointState: map[netaddr.IPPort]*endpointState{},
|
||||||
}
|
}
|
||||||
if !n.DiscoKey.IsZero() {
|
if !n.DiscoKey.IsZero() {
|
||||||
ep.discoKey = n.DiscoKey
|
ep.discoKey = key.DiscoPublicFromRaw32(mem.B(n.DiscoKey[:]))
|
||||||
ep.discoShort = n.DiscoKey.ShortString()
|
ep.discoShort = n.DiscoKey.ShortString()
|
||||||
}
|
}
|
||||||
ep.wgEndpoint = key.NodePublicFromRaw32(mem.B(n.Key[:])).UntypedHexString()
|
ep.wgEndpoint = key.NodePublicFromRaw32(mem.B(n.Key[:])).UntypedHexString()
|
||||||
|
@ -3146,7 +3141,7 @@ type endpoint struct {
|
||||||
// mu protects all following fields.
|
// mu protects all following fields.
|
||||||
mu sync.Mutex // Lock ordering: Conn.mu, then endpoint.mu
|
mu sync.Mutex // Lock ordering: Conn.mu, then endpoint.mu
|
||||||
|
|
||||||
discoKey tailcfg.DiscoKey // for discovery messages. IsZero() if peer can't disco.
|
discoKey key.DiscoPublic // for discovery messages. IsZero() if peer can't disco.
|
||||||
discoShort string // ShortString of discoKey. Empty if peer can't disco.
|
discoShort string // ShortString of discoKey. Empty if peer can't disco.
|
||||||
|
|
||||||
heartBeatTimer *time.Timer // nil when idle
|
heartBeatTimer *time.Timer // nil when idle
|
||||||
|
@ -3615,9 +3610,10 @@ func (de *endpoint) updateFromNode(n *tailcfg.Node) {
|
||||||
de.mu.Lock()
|
de.mu.Lock()
|
||||||
defer de.mu.Unlock()
|
defer de.mu.Unlock()
|
||||||
|
|
||||||
if de.discoKey != n.DiscoKey {
|
tnk := key.DiscoPublicFromRaw32(mem.B(n.DiscoKey[:]))
|
||||||
|
if de.discoKey != tnk {
|
||||||
de.c.logf("[v1] magicsock: disco: node %s changed from discokey %s to %s", de.publicKey.ShortString(), de.discoKey, n.DiscoKey)
|
de.c.logf("[v1] magicsock: disco: node %s changed from discokey %s to %s", de.publicKey.ShortString(), de.discoKey, n.DiscoKey)
|
||||||
de.discoKey = n.DiscoKey
|
de.discoKey = tnk
|
||||||
de.discoShort = de.discoKey.ShortString()
|
de.discoShort = de.discoKey.ShortString()
|
||||||
de.resetLocked()
|
de.resetLocked()
|
||||||
}
|
}
|
||||||
|
@ -3915,7 +3911,7 @@ func (de *endpoint) stopAndReset() {
|
||||||
de.mu.Lock()
|
de.mu.Lock()
|
||||||
defer de.mu.Unlock()
|
defer de.mu.Unlock()
|
||||||
|
|
||||||
de.c.logf("[v1] magicsock: doing cleanup for discovery key %x", de.discoKey[:])
|
de.c.logf("[v1] magicsock: doing cleanup for discovery key %s", de.discoKey.ShortString())
|
||||||
|
|
||||||
de.resetLocked()
|
de.resetLocked()
|
||||||
if de.heartBeatTimer != nil {
|
if de.heartBeatTimer != nil {
|
||||||
|
@ -3968,17 +3964,17 @@ type discoInfo struct {
|
||||||
// discoKey is the same as the Conn.discoInfo map key,
|
// discoKey is the same as the Conn.discoInfo map key,
|
||||||
// just so you can pass around a *discoInfo alone.
|
// just so you can pass around a *discoInfo alone.
|
||||||
// Not modifed once initiazed.
|
// Not modifed once initiazed.
|
||||||
discoKey tailcfg.DiscoKey
|
discoKey key.DiscoPublic
|
||||||
|
|
||||||
// discoShort is discoKey.ShortString().
|
// discoShort is discoKey.ShortString().
|
||||||
// Not modifed once initiazed;
|
// Not modifed once initiazed;
|
||||||
discoShort string
|
discoShort string
|
||||||
|
|
||||||
// sharedKey is the precomputed nacl/box key for
|
// sharedKey is the precomputed key for communication with the
|
||||||
// communication with the peer that has the DiscoKey
|
// peer that has the DiscoKey used to look up this *discoInfo in
|
||||||
// used to look up this *discoInfo in Conn.discoInfo.
|
// Conn.discoInfo.
|
||||||
// Not modifed once initialized.
|
// Not modifed once initialized.
|
||||||
sharedKey *[32]byte
|
sharedKey key.DiscoShared
|
||||||
|
|
||||||
// Mutable fields follow, owned by Conn.mu:
|
// Mutable fields follow, owned by Conn.mu:
|
||||||
|
|
||||||
|
|
|
@ -25,7 +25,6 @@ import (
|
||||||
"unsafe"
|
"unsafe"
|
||||||
|
|
||||||
"go4.org/mem"
|
"go4.org/mem"
|
||||||
"golang.org/x/crypto/nacl/box"
|
|
||||||
"golang.zx2c4.com/wireguard/device"
|
"golang.zx2c4.com/wireguard/device"
|
||||||
"golang.zx2c4.com/wireguard/tun/tuntest"
|
"golang.zx2c4.com/wireguard/tun/tuntest"
|
||||||
"inet.af/netaddr"
|
"inet.af/netaddr"
|
||||||
|
@ -260,7 +259,7 @@ func meshStacks(logf logger.Logf, mutateNetmap func(idx int, nm *netmap.NetworkM
|
||||||
ID: tailcfg.NodeID(i + 1),
|
ID: tailcfg.NodeID(i + 1),
|
||||||
Name: fmt.Sprintf("node%d", i+1),
|
Name: fmt.Sprintf("node%d", i+1),
|
||||||
Key: tailcfg.NodeKeyFromNodePublic(peer.privateKey.Public()),
|
Key: tailcfg.NodeKeyFromNodePublic(peer.privateKey.Public()),
|
||||||
DiscoKey: peer.conn.DiscoPublicKey(),
|
DiscoKey: tailcfg.DiscoKeyFromDiscoPublic(peer.conn.DiscoPublicKey()),
|
||||||
Addresses: addrs,
|
Addresses: addrs,
|
||||||
AllowedIPs: addrs,
|
AllowedIPs: addrs,
|
||||||
Endpoints: epStrings(eps[i]),
|
Endpoints: epStrings(eps[i]),
|
||||||
|
@ -668,7 +667,7 @@ func TestDiscokeyChange(t *testing.T) {
|
||||||
// Start with some random discoKey that isn't actually m1's key,
|
// Start with some random discoKey that isn't actually m1's key,
|
||||||
// to simulate m2 coming up with knowledge of an old, expired
|
// to simulate m2 coming up with knowledge of an old, expired
|
||||||
// discokey. We'll switch to the correct one later in the test.
|
// discokey. We'll switch to the correct one later in the test.
|
||||||
m1DiscoKey = tailcfg.DiscoKey(key.NewPrivate().Public())
|
m1DiscoKey = key.NewDisco().Public()
|
||||||
)
|
)
|
||||||
setm1Key := func(idx int, nm *netmap.NetworkMap) {
|
setm1Key := func(idx int, nm *netmap.NetworkMap) {
|
||||||
if idx != 1 {
|
if idx != 1 {
|
||||||
|
@ -681,7 +680,7 @@ func TestDiscokeyChange(t *testing.T) {
|
||||||
}
|
}
|
||||||
mu.Lock()
|
mu.Lock()
|
||||||
defer mu.Unlock()
|
defer mu.Unlock()
|
||||||
nm.Peers[0].DiscoKey = m1DiscoKey
|
nm.Peers[0].DiscoKey = tailcfg.DiscoKeyFromDiscoPublic(m1DiscoKey)
|
||||||
}
|
}
|
||||||
|
|
||||||
cleanupMesh := meshStacks(t.Logf, setm1Key, m1, m2)
|
cleanupMesh := meshStacks(t.Logf, setm1Key, m1, m2)
|
||||||
|
@ -1138,11 +1137,11 @@ func TestDiscoMessage(t *testing.T) {
|
||||||
peer1Priv := c.discoPrivate
|
peer1Priv := c.discoPrivate
|
||||||
n := &tailcfg.Node{
|
n := &tailcfg.Node{
|
||||||
Key: tailcfg.NodeKey(key.NewPrivate().Public()),
|
Key: tailcfg.NodeKey(key.NewPrivate().Public()),
|
||||||
DiscoKey: peer1Pub,
|
DiscoKey: tailcfg.DiscoKeyFromDiscoPublic(peer1Pub),
|
||||||
}
|
}
|
||||||
c.peerMap.upsertEndpoint(&endpoint{
|
c.peerMap.upsertEndpoint(&endpoint{
|
||||||
publicKey: n.Key,
|
publicKey: n.Key,
|
||||||
discoKey: n.DiscoKey,
|
discoKey: key.DiscoPublicFromRaw32(mem.B(n.DiscoKey[:])),
|
||||||
})
|
})
|
||||||
|
|
||||||
const payload = "why hello"
|
const payload = "why hello"
|
||||||
|
@ -1150,10 +1149,10 @@ func TestDiscoMessage(t *testing.T) {
|
||||||
var nonce [24]byte
|
var nonce [24]byte
|
||||||
crand.Read(nonce[:])
|
crand.Read(nonce[:])
|
||||||
|
|
||||||
pkt := append([]byte("TS💬"), peer1Pub[:]...)
|
pkt := peer1Pub.AppendTo([]byte("TS💬"))
|
||||||
pkt = append(pkt, nonce[:]...)
|
|
||||||
|
|
||||||
pkt = box.Seal(pkt, []byte(payload), &nonce, c.discoPrivate.Public().B32(), peer1Priv.B32())
|
box := peer1Priv.Shared(c.discoPrivate.Public()).Seal([]byte(payload))
|
||||||
|
pkt = append(pkt, box...)
|
||||||
got := c.handleDiscoMessage(pkt, netaddr.IPPort{}, tailcfg.NodeKey{})
|
got := c.handleDiscoMessage(pkt, netaddr.IPPort{}, tailcfg.NodeKey{})
|
||||||
if !got {
|
if !got {
|
||||||
t.Error("failed to open it")
|
t.Error("failed to open it")
|
||||||
|
@ -1224,18 +1223,18 @@ func newTestConn(t testing.TB) *Conn {
|
||||||
// addTestEndpoint sets conn's network map to a single peer expected
|
// addTestEndpoint sets conn's network map to a single peer expected
|
||||||
// to receive packets from sendConn (or DERP), and returns that peer's
|
// to receive packets from sendConn (or DERP), and returns that peer's
|
||||||
// nodekey and discokey.
|
// nodekey and discokey.
|
||||||
func addTestEndpoint(tb testing.TB, conn *Conn, sendConn net.PacketConn) (tailcfg.NodeKey, tailcfg.DiscoKey) {
|
func addTestEndpoint(tb testing.TB, conn *Conn, sendConn net.PacketConn) (tailcfg.NodeKey, key.DiscoPublic) {
|
||||||
// Give conn just enough state that it'll recognize sendConn as a
|
// Give conn just enough state that it'll recognize sendConn as a
|
||||||
// valid peer and not fall through to the legacy magicsock
|
// valid peer and not fall through to the legacy magicsock
|
||||||
// codepath.
|
// codepath.
|
||||||
discoKey := tailcfg.DiscoKey{31: 1}
|
discoKey := key.DiscoPublicFromRaw32(mem.B([]byte{31: 1}))
|
||||||
nodeKey := key.NodePublicFromRaw32(mem.B([]byte{0: 'N', 1: 'K', 31: 0}))
|
nodeKey := key.NodePublicFromRaw32(mem.B([]byte{0: 'N', 1: 'K', 31: 0}))
|
||||||
tnk := tailcfg.NodeKeyFromNodePublic(nodeKey)
|
tnk := tailcfg.NodeKeyFromNodePublic(nodeKey)
|
||||||
conn.SetNetworkMap(&netmap.NetworkMap{
|
conn.SetNetworkMap(&netmap.NetworkMap{
|
||||||
Peers: []*tailcfg.Node{
|
Peers: []*tailcfg.Node{
|
||||||
{
|
{
|
||||||
Key: tnk,
|
Key: tnk,
|
||||||
DiscoKey: discoKey,
|
DiscoKey: tailcfg.DiscoKeyFromDiscoPublic(discoKey),
|
||||||
Endpoints: []string{sendConn.LocalAddr().String()},
|
Endpoints: []string{sendConn.LocalAddr().String()},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -1405,7 +1404,7 @@ func TestSetNetworkMapChangingNodeKey(t *testing.T) {
|
||||||
|
|
||||||
conn.SetPrivateKey(key.NodePrivateFromRaw32(mem.B([]byte{0: 1, 31: 0})))
|
conn.SetPrivateKey(key.NodePrivateFromRaw32(mem.B([]byte{0: 1, 31: 0})))
|
||||||
|
|
||||||
discoKey := tailcfg.DiscoKey{31: 1}
|
discoKey := key.DiscoPublicFromRaw32(mem.B([]byte{31: 1}))
|
||||||
nodeKey1 := tailcfg.NodeKey{0: 'N', 1: 'K', 2: '1'}
|
nodeKey1 := tailcfg.NodeKey{0: 'N', 1: 'K', 2: '1'}
|
||||||
nodeKey2 := tailcfg.NodeKey{0: 'N', 1: 'K', 2: '2'}
|
nodeKey2 := tailcfg.NodeKey{0: 'N', 1: 'K', 2: '2'}
|
||||||
|
|
||||||
|
@ -1413,7 +1412,7 @@ func TestSetNetworkMapChangingNodeKey(t *testing.T) {
|
||||||
Peers: []*tailcfg.Node{
|
Peers: []*tailcfg.Node{
|
||||||
{
|
{
|
||||||
Key: nodeKey1,
|
Key: nodeKey1,
|
||||||
DiscoKey: discoKey,
|
DiscoKey: tailcfg.DiscoKeyFromDiscoPublic(discoKey),
|
||||||
Endpoints: []string{"192.168.1.2:345"},
|
Endpoints: []string{"192.168.1.2:345"},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -1428,7 +1427,7 @@ func TestSetNetworkMapChangingNodeKey(t *testing.T) {
|
||||||
Peers: []*tailcfg.Node{
|
Peers: []*tailcfg.Node{
|
||||||
{
|
{
|
||||||
Key: nodeKey2,
|
Key: nodeKey2,
|
||||||
DiscoKey: discoKey,
|
DiscoKey: tailcfg.DiscoKeyFromDiscoPublic(discoKey),
|
||||||
Endpoints: []string{"192.168.1.2:345"},
|
Endpoints: []string{"192.168.1.2:345"},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
|
@ -331,7 +331,7 @@ func NewUserspaceEngine(logf logger.Logf, conf Config) (_ Engine, reterr error)
|
||||||
closePool.add(e.magicConn)
|
closePool.add(e.magicConn)
|
||||||
e.magicConn.SetNetworkUp(e.linkMon.InterfaceState().AnyInterfaceUp())
|
e.magicConn.SetNetworkUp(e.linkMon.InterfaceState().AnyInterfaceUp())
|
||||||
|
|
||||||
tsTUNDev.SetDiscoKey(e.magicConn.DiscoPublicKey())
|
tsTUNDev.SetDiscoKey(tailcfg.DiscoKeyFromDiscoPublic(e.magicConn.DiscoPublicKey()))
|
||||||
|
|
||||||
if conf.RespondToPing {
|
if conf.RespondToPing {
|
||||||
e.tundev.PostFilterIn = echoRespondToAll
|
e.tundev.PostFilterIn = echoRespondToAll
|
||||||
|
@ -842,7 +842,7 @@ func (e *userspaceEngine) Reconfig(cfg *wgcfg.Config, routerCfg *router.Config,
|
||||||
// and a second time with it.
|
// and a second time with it.
|
||||||
discoChanged := make(map[tailcfg.NodeKey]bool)
|
discoChanged := make(map[tailcfg.NodeKey]bool)
|
||||||
{
|
{
|
||||||
prevEP := make(map[tailcfg.NodeKey]tailcfg.DiscoKey)
|
prevEP := make(map[tailcfg.NodeKey]key.DiscoPublic)
|
||||||
for i := range e.lastCfgFull.Peers {
|
for i := range e.lastCfgFull.Peers {
|
||||||
if p := &e.lastCfgFull.Peers[i]; !p.DiscoKey.IsZero() {
|
if p := &e.lastCfgFull.Peers[i]; !p.DiscoKey.IsZero() {
|
||||||
prevEP[tailcfg.NodeKeyFromNodePublic(p.PublicKey)] = p.DiscoKey
|
prevEP[tailcfg.NodeKeyFromNodePublic(p.PublicKey)] = p.DiscoKey
|
||||||
|
@ -1232,7 +1232,7 @@ func (e *userspaceEngine) SetNetworkMap(nm *netmap.NetworkMap) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (e *userspaceEngine) DiscoPublicKey() tailcfg.DiscoKey {
|
func (e *userspaceEngine) DiscoPublicKey() tailcfg.DiscoKey {
|
||||||
return e.magicConn.DiscoPublicKey()
|
return tailcfg.DiscoKeyFromDiscoPublic(e.magicConn.DiscoPublicKey())
|
||||||
}
|
}
|
||||||
|
|
||||||
func (e *userspaceEngine) UpdateStatus(sb *ipnstate.StatusBuilder) {
|
func (e *userspaceEngine) UpdateStatus(sb *ipnstate.StatusBuilder) {
|
||||||
|
|
|
@ -9,7 +9,6 @@ package wgcfg
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"inet.af/netaddr"
|
"inet.af/netaddr"
|
||||||
"tailscale.com/tailcfg"
|
|
||||||
"tailscale.com/types/key"
|
"tailscale.com/types/key"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -55,7 +54,7 @@ func (src *Peer) Clone() *Peer {
|
||||||
// A compilation failure here means this code must be regenerated, with the command at the top of this file.
|
// A compilation failure here means this code must be regenerated, with the command at the top of this file.
|
||||||
var _PeerCloneNeedsRegeneration = Peer(struct {
|
var _PeerCloneNeedsRegeneration = Peer(struct {
|
||||||
PublicKey key.NodePublic
|
PublicKey key.NodePublic
|
||||||
DiscoKey tailcfg.DiscoKey
|
DiscoKey key.DiscoPublic
|
||||||
AllowedIPs []netaddr.IPPrefix
|
AllowedIPs []netaddr.IPPrefix
|
||||||
PersistentKeepalive uint16
|
PersistentKeepalive uint16
|
||||||
}{})
|
}{})
|
||||||
|
|
|
@ -7,7 +7,6 @@ package wgcfg
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"inet.af/netaddr"
|
"inet.af/netaddr"
|
||||||
"tailscale.com/tailcfg"
|
|
||||||
"tailscale.com/types/key"
|
"tailscale.com/types/key"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -26,7 +25,7 @@ type Config struct {
|
||||||
|
|
||||||
type Peer struct {
|
type Peer struct {
|
||||||
PublicKey key.NodePublic
|
PublicKey key.NodePublic
|
||||||
DiscoKey tailcfg.DiscoKey // present only so we can handle restarts within wgengine, not passed to WireGuard
|
DiscoKey key.DiscoPublic // present only so we can handle restarts within wgengine, not passed to WireGuard
|
||||||
AllowedIPs []netaddr.IPPrefix
|
AllowedIPs []netaddr.IPPrefix
|
||||||
PersistentKeepalive uint16
|
PersistentKeepalive uint16
|
||||||
}
|
}
|
||||||
|
|
|
@ -15,11 +15,11 @@ import (
|
||||||
"sync"
|
"sync"
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
|
"go4.org/mem"
|
||||||
"golang.zx2c4.com/wireguard/conn"
|
"golang.zx2c4.com/wireguard/conn"
|
||||||
"golang.zx2c4.com/wireguard/device"
|
"golang.zx2c4.com/wireguard/device"
|
||||||
"golang.zx2c4.com/wireguard/tun"
|
"golang.zx2c4.com/wireguard/tun"
|
||||||
"inet.af/netaddr"
|
"inet.af/netaddr"
|
||||||
"tailscale.com/tailcfg"
|
|
||||||
"tailscale.com/types/key"
|
"tailscale.com/types/key"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -125,7 +125,7 @@ func TestDeviceConfig(t *testing.T) {
|
||||||
})
|
})
|
||||||
|
|
||||||
t.Run("device1 modify peer", func(t *testing.T) {
|
t.Run("device1 modify peer", func(t *testing.T) {
|
||||||
cfg1.Peers[0].DiscoKey = tailcfg.DiscoKey{1}
|
cfg1.Peers[0].DiscoKey = key.DiscoPublicFromRaw32(mem.B([]byte{0: 1, 31: 0}))
|
||||||
if err := ReconfigDevice(device1, cfg1, t.Logf); err != nil {
|
if err := ReconfigDevice(device1, cfg1, t.Logf); err != nil {
|
||||||
t.Fatal(err)
|
t.Fatal(err)
|
||||||
}
|
}
|
||||||
|
@ -133,7 +133,7 @@ func TestDeviceConfig(t *testing.T) {
|
||||||
})
|
})
|
||||||
|
|
||||||
t.Run("device1 replace endpoint", func(t *testing.T) {
|
t.Run("device1 replace endpoint", func(t *testing.T) {
|
||||||
cfg1.Peers[0].DiscoKey = tailcfg.DiscoKey{2}
|
cfg1.Peers[0].DiscoKey = key.DiscoPublicFromRaw32(mem.B([]byte{0: 2, 31: 0}))
|
||||||
if err := ReconfigDevice(device1, cfg1, t.Logf); err != nil {
|
if err := ReconfigDevice(device1, cfg1, t.Logf); err != nil {
|
||||||
t.Fatal(err)
|
t.Fatal(err)
|
||||||
}
|
}
|
||||||
|
|
|
@ -74,7 +74,7 @@ func WGCfg(nm *netmap.NetworkMap, logf logger.Logf, flags netmap.WGConfigFlags,
|
||||||
}
|
}
|
||||||
cfg.Peers = append(cfg.Peers, wgcfg.Peer{
|
cfg.Peers = append(cfg.Peers, wgcfg.Peer{
|
||||||
PublicKey: key.NodePublicFromRaw32(mem.B(peer.Key[:])),
|
PublicKey: key.NodePublicFromRaw32(mem.B(peer.Key[:])),
|
||||||
DiscoKey: peer.DiscoKey,
|
DiscoKey: key.DiscoPublicFromRaw32(mem.B(peer.DiscoKey[:])),
|
||||||
})
|
})
|
||||||
cpeer := &cfg.Peers[len(cfg.Peers)-1]
|
cpeer := &cfg.Peers[len(cfg.Peers)-1]
|
||||||
if peer.KeepAlive {
|
if peer.KeepAlive {
|
||||||
|
|
Loading…
Reference in New Issue