TheArchive/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2025-08-12 13:48:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

types/key: add a special key with custom serialization for control private keys (#2792)

Browse Source 
* Revert "Revert "types/key: add MachinePrivate and MachinePublic.""

This reverts commit 61c3b98a24.

Signed-off-by: David Anderson <danderson@tailscale.com>

* types/key: add ControlPrivate, with custom serialization.

ControlPrivate is just a MachinePrivate that serializes differently
in JSON, to be compatible with how the Tailscale control plane
historically serialized its private key.

Signed-off-by: David Anderson <danderson@tailscale.com>
This commit is contained in:
Dave Anderson
2021-09-03 13:17:46 -07:00
committed by GitHub
parent 61c3b98a24
commit 980acc38ba
26 changed files with 708 additions and 234 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
ipn/ipnlocal/local.go
View File

@@ -110,7 +110,7 @@ type LocalBackend struct {
userID string // current controlling user ID (for Windows, primarily)
prefs *ipn.Prefs
inServerMode bool
machinePrivKey wgkey.Private
machinePrivKey key.MachinePrivate
state ipn.State
capFileSharing bool // whether netMap contains the file sharing capability
// hostinfo is mutated in-place while mu is held.
@@ -293,7 +293,7 @@ func (b *LocalBackend) Prefs() *ipn.Prefs {
defer b.mu.Unlock()
p := b.prefs.Clone()
if p != nil && p.Persist != nil {
p.Persist.LegacyFrontendPrivateMachineKey = wgkey.Private{}
p.Persist.LegacyFrontendPrivateMachineKey = key.MachinePrivate{}
p.Persist.PrivateNodeKey = wgkey.Private{}
p.Persist.OldPrivateNodeKey = wgkey.Private{}
}
@@ -1239,22 +1239,22 @@ func (b *LocalBackend) popBrowserAuthNow() {
// For testing lazy machine key generation.
var panicOnMachineKeyGeneration, _ = strconv.ParseBool(os.Getenv("TS_DEBUG_PANIC_MACHINE_KEY"))
func (b *LocalBackend) createGetMachinePrivateKeyFunc() func() (wgkey.Private, error) {
func (b *LocalBackend) createGetMachinePrivateKeyFunc() func() (key.MachinePrivate, error) {
var cache atomic.Value
return func() (wgkey.Private, error) {
return func() (key.MachinePrivate, error) {
if panicOnMachineKeyGeneration {
panic("machine key generated")
}
if v, ok := cache.Load().(wgkey.Private); ok {
if v, ok := cache.Load().(key.MachinePrivate); ok {
return v, nil
}
b.mu.Lock()
defer b.mu.Unlock()
if v, ok := cache.Load().(wgkey.Private); ok {
if v, ok := cache.Load().(key.MachinePrivate); ok {
return v, nil
}
if err := b.initMachineKeyLocked(); err != nil {
return wgkey.Private{}, err
return key.MachinePrivate{}, err
}
cache.Store(b.machinePrivKey)
return b.machinePrivKey, nil
@@ -1272,7 +1272,7 @@ func (b *LocalBackend) initMachineKeyLocked() (err error) {
return nil
}
var legacyMachineKey wgkey.Private
var legacyMachineKey key.MachinePrivate
if b.prefs.Persist != nil {
legacyMachineKey = b.prefs.Persist.LegacyFrontendPrivateMachineKey
}
@@ -1285,7 +1285,7 @@ func (b *LocalBackend) initMachineKeyLocked() (err error) {
if b.machinePrivKey.IsZero() {
return fmt.Errorf("invalid zero key stored in %v key of %v", ipn.MachineKeyStateKey, b.store)
}
if !legacyMachineKey.IsZero() && !bytes.Equal(legacyMachineKey[:], b.machinePrivKey[:]) {
if !legacyMachineKey.IsZero() && !legacyMachineKey.Equal(b.machinePrivKey) {
b.logf("frontend-provided legacy machine key ignored; used value from server state")
}
return nil
@@ -1306,11 +1306,7 @@ func (b *LocalBackend) initMachineKeyLocked() (err error) {
b.machinePrivKey = legacyMachineKey
} else {
b.logf("generating new machine key")
var err error
b.machinePrivKey, err = wgkey.NewPrivate()
if err != nil {
return fmt.Errorf("initializing new machine key: %w", err)
}
b.machinePrivKey = key.NewMachine()
}
keyText, _ = b.machinePrivKey.MarshalText()
@@ -2604,7 +2600,7 @@ func (b *LocalBackend) OperatorUserID() string {
// TestOnlyPublicKeys returns the current machine and node public
// keys. Used in tests only to facilitate automated node authorization
// in the test harness.
func (b *LocalBackend) TestOnlyPublicKeys() (machineKey tailcfg.MachineKey, nodeKey tailcfg.NodeKey) {
func (b *LocalBackend) TestOnlyPublicKeys() (machineKey key.MachinePublic, nodeKey tailcfg.NodeKey) {
b.mu.Lock()
prefs := b.prefs
machinePrivKey := b.machinePrivKey
@@ -2616,7 +2612,7 @@ func (b *LocalBackend) TestOnlyPublicKeys() (machineKey tailcfg.MachineKey, node
mk := machinePrivKey.Public()
nk := prefs.Persist.PrivateNodeKey.Public()
return tailcfg.MachineKey(mk), tailcfg.NodeKey(nk)
return mk, tailcfg.NodeKey(nk)
}
func (b *LocalBackend) WaitingFiles() ([]apitype.WaitingFile, error) {