wgkey: new package

This is a replacement for the key-related parts
of the wireguard-go wgcfg package.

This is almost a straight copy/paste from the wgcfg package.
I have slightly changed some of the exported functions and types
to avoid stutter, added and tweaked some comments,
and removed some now-unused code.

To avoid having wireguard-go depend on this new package,
wgcfg will keep its key types.

We translate into and out of those types at the last minute.
These few remaining uses will be eliminated alongside
the rest of the wgcfg package.

Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>

wgengine/magicsock/legacy.go

@@ -20,6 +20,7 @@ import (
 	"tailscale.com/ipn/ipnstate"
 	"tailscale.com/types/key"
 	"tailscale.com/types/logger"
+	"tailscale.com/types/wgkey"
 )
 
 var errNoDestinations = errors.New("magicsock: no destinations")
@@ -387,7 +388,7 @@ func (a *addrSet) UpdateDst(new *net.UDPAddr) error {
 		}
 	}
 
-	publicKey := wgcfg.Key(a.publicKey)
+	publicKey := wgkey.Key(a.publicKey)
 	pk := publicKey.ShortString()
 	old := "<none>"
 	if a.curAddr >= 0 {

wgengine/magicsock/magicsock.go

@@ -52,6 +52,7 @@ import (
 	"tailscale.com/types/nettype"
 	"tailscale.com/types/opt"
 	"tailscale.com/types/structs"
+	"tailscale.com/types/wgkey"
 	"tailscale.com/version"
 )
 
@@ -1562,7 +1563,7 @@ Top:
 		} else if asEp != nil {
 			ep = asEp
 		} else {
-			key := wgcfg.Key(dm.src)
+			key := wgkey.Key(dm.src)
 			c.logf("magicsock: DERP packet from unknown key: %s", key.ShortString())
 			// TODO(danderson): after we fail to find a DERP endpoint, we
 			// seem to be falling through to passing the packet to
@@ -1952,7 +1953,7 @@ func (c *Conn) SetNetworkUp(up bool) {
 //
 // If the private key changes, any DERP connections are torn down &
 // recreated when needed.
-func (c *Conn) SetPrivateKey(privateKey wgcfg.PrivateKey) error {
+func (c *Conn) SetPrivateKey(privateKey wgkey.Private) error {
 	c.mu.Lock()
 	defer c.mu.Unlock()
 
@@ -2660,7 +2661,7 @@ func simpleDur(d time.Duration) time.Duration {
 }
 
 func peerShort(k key.Public) string {
-	k2 := wgcfg.Key(k)
+	k2 := wgkey.Key(k)
 	return k2.ShortString()
 }
 

wgengine/magicsock/magicsock_test.go

@@ -42,6 +42,7 @@ import (
 	"tailscale.com/types/key"
 	"tailscale.com/types/logger"
 	"tailscale.com/types/nettype"
+	"tailscale.com/types/wgkey"
 	"tailscale.com/wgengine/filter"
 	"tailscale.com/wgengine/tstun"
 )
@@ -119,7 +120,7 @@ func runDERPAndStun(t *testing.T, logf logger.Logf, l nettype.PacketListener, st
 // necessary to send and receive packets to test e2e wireguard
 // happiness.
 type magicStack struct {
-	privateKey wgcfg.PrivateKey
+	privateKey wgkey.Private
 	epCh       chan []string       // endpoint updates produced by this peer
 	conn       *Conn               // the magicsock itself
 	tun        *tuntest.ChannelTUN // TUN device to send/receive packets
@@ -133,7 +134,7 @@ type magicStack struct {
 func newMagicStack(t testing.TB, logf logger.Logf, l nettype.PacketListener, derpMap *tailcfg.DERPMap) *magicStack {
 	t.Helper()
 
-	privateKey, err := wgcfg.NewPrivateKey()
+	privateKey, err := wgkey.NewPrivate()
 	if err != nil {
 		t.Fatalf("generating private key: %v", err)
 	}
@@ -347,7 +348,7 @@ func TestNewConn(t *testing.T) {
 	}
 	defer conn.Close()
 	conn.SetDERPMap(stuntest.DERPMapOf(stunAddr.String()))
-	conn.SetPrivateKey(wgcfg.PrivateKey(key.NewPrivate()))
+	conn.SetPrivateKey(wgkey.Private(key.NewPrivate()))
 	conn.Start()
 
 	go func() {
@@ -457,11 +458,11 @@ func makeConfigs(t *testing.T, addrs []netaddr.IPPort) []wgcfg.Config {
 	var addresses [][]netaddr.IPPrefix
 
 	for i := range addrs {
-		privKey, err := wgcfg.NewPrivateKey()
+		privKey, err := wgkey.NewPrivate()
 		if err != nil {
 			t.Fatal(err)
 		}
-		privKeys = append(privKeys, privKey)
+		privKeys = append(privKeys, wgcfg.PrivateKey(privKey))
 
 		addresses = append(addresses, []netaddr.IPPrefix{
 			parseCIDR(t, fmt.Sprintf("1.0.0.%d/32", i+1)),