From 9cdfd5947618046df68047fd31375a9ae73586db Mon Sep 17 00:00:00 2001 From: Neil Alexander Date: Sat, 3 Sep 2022 12:34:29 +0100 Subject: [PATCH] Tidy up a bit, make sure to copy the private key at startup --- cmd/yggdrasil/main.go | 56 ++++--------------------------------------- src/core/core.go | 14 ++++++----- 2 files changed, 12 insertions(+), 58 deletions(-) diff --git a/cmd/yggdrasil/main.go b/cmd/yggdrasil/main.go index f239ed34..3235c4ca 100644 --- a/cmd/yggdrasil/main.go +++ b/cmd/yggdrasil/main.go @@ -81,48 +81,6 @@ func readConfig(log *log.Logger, useconf bool, useconffile string, normaliseconf if err := hjson.Unmarshal(conf, &dat); err != nil { panic(err) } - // Check if we have old field names - if _, ok := dat["TunnelRouting"]; ok { - log.Warnln("WARNING: Tunnel routing is no longer supported") - } - if old, ok := dat["SigningPrivateKey"]; ok { - log.Warnln("WARNING: The \"SigningPrivateKey\" configuration option has been renamed to \"PrivateKey\"") - if _, ok := dat["PrivateKey"]; !ok { - if privstr, err := hex.DecodeString(old.(string)); err == nil { - priv := ed25519.PrivateKey(privstr) - pub := priv.Public().(ed25519.PublicKey) - dat["PrivateKey"] = hex.EncodeToString(priv[:]) - dat["PublicKey"] = hex.EncodeToString(pub[:]) - } else { - log.Warnln("WARNING: The \"SigningPrivateKey\" configuration option contains an invalid value and will be ignored") - } - } - } - if oldmc, ok := dat["MulticastInterfaces"]; ok { - if oldmcvals, ok := oldmc.([]interface{}); ok { - var newmc []config.MulticastInterfaceConfig - for _, oldmcval := range oldmcvals { - if str, ok := oldmcval.(string); ok { - newmc = append(newmc, config.MulticastInterfaceConfig{ - Regex: str, - Beacon: true, - Listen: true, - }) - } - } - if newmc != nil { - if oldport, ok := dat["LinkLocalTCPPort"]; ok { - // numbers parse to float64 by default - if port, ok := oldport.(float64); ok { - for idx := range newmc { - newmc[idx].Port = uint16(port) - } - } - } - dat["MulticastInterfaces"] = newmc - } - } - } // Sanitise the config confJson, err := json.Marshal(dat) if err != nil { @@ -322,7 +280,6 @@ func run(args yggArgs, ctx context.Context, done chan struct{}) { fmt.Println(ipnet.String()) } return - default: } n := &node{} @@ -352,8 +309,7 @@ func run(args yggArgs, ctx context.Context, done chan struct{}) { } options = append(options, core.AllowedPublicKey(k[:])) } - n.core, err = core.New(sk[:], logger, options...) - if err != nil { + if n.core, err = core.New(sk[:], logger, options...); err != nil { panic(err) } } @@ -363,8 +319,7 @@ func run(args yggArgs, ctx context.Context, done chan struct{}) { options := []admin.SetupOption{ admin.ListenAddress(cfg.AdminListen), } - n.admin, err = admin.New(n.core, logger, options...) - if err != nil { + if n.admin, err = admin.New(n.core, logger, options...); err != nil { panic(err) } } @@ -380,8 +335,7 @@ func run(args yggArgs, ctx context.Context, done chan struct{}) { Port: intf.Port, }) } - n.multicast, err = multicast.New(n.core, logger, options...) - if err != nil { + if n.multicast, err = multicast.New(n.core, logger, options...); err != nil { panic(err) } if n.admin != nil { @@ -395,9 +349,7 @@ func run(args yggArgs, ctx context.Context, done chan struct{}) { tuntap.InterfaceName(cfg.IfName), tuntap.InterfaceMTU(cfg.IfMTU), } - rwc := ipv6rwc.NewReadWriteCloser(n.core) - n.tuntap, err = tuntap.New(rwc, logger, options...) - if err != nil { + if n.tuntap, err = tuntap.New(ipv6rwc.NewReadWriteCloser(n.core), logger, options...); err != nil { panic(err) } if n.admin != nil { diff --git a/src/core/core.go b/src/core/core.go index 47389a83..22baa58a 100644 --- a/src/core/core.go +++ b/src/core/core.go @@ -47,15 +47,17 @@ type Core struct { } func New(secret ed25519.PrivateKey, logger util.Logger, opts ...SetupOption) (*Core, error) { + c := &Core{ + log: logger, + } + c.ctx, c.cancel = context.WithCancel(context.Background()) + // Take a copy of the private key so that it is in our own memory space. if len(secret) != ed25519.PrivateKeySize { return nil, fmt.Errorf("private key is incorrect length") } - c := &Core{ - secret: secret, - public: secret.Public().(ed25519.PublicKey), - log: logger, - } - c.ctx, c.cancel = context.WithCancel(context.Background()) + c.secret = make(ed25519.PrivateKey, 0, ed25519.PrivateKeySize) + copy(c.secret, secret) + c.public = secret.Public().(ed25519.PublicKey) var err error if c.PacketConn, err = iwe.NewPacketConn(c.secret); err != nil { return nil, fmt.Errorf("error creating encryption: %w", err)