Updates #3206 Signed-off-by: David Anderson <danderson@tailscale.com>main
David Anderson
5 years ago
parent
eeb97fd89f
commit
b43362852c
@ -1,119 +0,0 @@ |
||||
// Copyright (c) 2020 Tailscale Inc & AUTHORS All rights reserved.
|
||||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
// Package key defines some types for the various keys Tailscale uses.
|
||||
package key |
||||
|
||||
import ( |
||||
"encoding/base64" |
||||
"errors" |
||||
"fmt" |
||||
|
||||
"go4.org/mem" |
||||
"golang.org/x/crypto/curve25519" |
||||
) |
||||
|
||||
// Private represents a curve25519 private key of unspecified purpose.
|
||||
//
|
||||
// Deprecated: this key type has been used for several different
|
||||
// keypairs, which are used in different protocols. This makes it easy
|
||||
// to accidentally use the wrong key for a particular purpose, because
|
||||
// the type system doesn't protect you. Please define dedicated key
|
||||
// types for each purpose (e.g. communication with control, disco,
|
||||
// wireguard...) instead, even if they are a Curve25519 value under
|
||||
// the hood.
|
||||
type Private [32]byte |
||||
|
||||
// Private reports whether p is the zero value.
|
||||
func (p Private) IsZero() bool { return p == Private{} } |
||||
|
||||
// NewPrivate returns a new private key.
|
||||
func NewPrivate() Private { |
||||
var p Private |
||||
rand(p[:]) |
||||
clamp25519Private(p[:]) |
||||
return p |
||||
} |
||||
|
||||
// B32 returns k as the *[32]byte type that's used by the
|
||||
// golang.org/x/crypto packages. This allocates; it might
|
||||
// not be appropriate for performance-sensitive paths.
|
||||
func (k Private) B32() *[32]byte { return (*[32]byte)(&k) } |
||||
|
||||
// Public represents a curve25519 public key.
|
||||
//
|
||||
// Deprecated: this key type has been used for several different
|
||||
// keypairs, which are used in different protocols. This makes it easy
|
||||
// to accidentally use the wrong key for a particular purpose, because
|
||||
// the type system doesn't protect you. Please define dedicated key
|
||||
// types for each purpose (e.g. communication with control, disco,
|
||||
// wireguard...) instead, even if they are a Curve25519 value under
|
||||
// the hood.
|
||||
type Public [32]byte |
||||
|
||||
// Public reports whether p is the zero value.
|
||||
func (p Public) IsZero() bool { return p == Public{} } |
||||
|
||||
// ShortString returns the Tailscale conventional debug representation
|
||||
// of a public key: the first five base64 digits of the key, in square
|
||||
// brackets.
|
||||
func (p Public) ShortString() string { |
||||
return "[" + base64.StdEncoding.EncodeToString(p[:])[:5] + "]" |
||||
} |
||||
|
||||
func (p Public) MarshalText() ([]byte, error) { |
||||
buf := make([]byte, base64.StdEncoding.EncodedLen(len(p))) |
||||
base64.StdEncoding.Encode(buf, p[:]) |
||||
return buf, nil |
||||
} |
||||
|
||||
func (p *Public) UnmarshalText(txt []byte) error { |
||||
if *p != (Public{}) { |
||||
return errors.New("refusing to unmarshal into non-zero key.Public") |
||||
} |
||||
n, err := base64.StdEncoding.Decode(p[:], txt) |
||||
if err != nil { |
||||
return err |
||||
} |
||||
if n != 32 { |
||||
return fmt.Errorf("short decode of %d; want 32", n) |
||||
} |
||||
return nil |
||||
} |
||||
|
||||
// B32 returns k as the *[32]byte type that's used by the
|
||||
// golang.org/x/crypto packages. This allocates; it might
|
||||
// not be appropriate for performance-sensitive paths.
|
||||
func (k Public) B32() *[32]byte { return (*[32]byte)(&k) } |
||||
|
||||
func (k Private) Public() Public { |
||||
var pub [32]byte |
||||
curve25519.ScalarBaseMult(&pub, (*[32]byte)(&k)) |
||||
return Public(pub) |
||||
} |
||||
|
||||
func (k Private) SharedSecret(pub Public) (ss [32]byte) { |
||||
apk := (*[32]byte)(&pub) |
||||
ask := (*[32]byte)(&k) |
||||
curve25519.ScalarMult(&ss, ask, apk) |
||||
return ss |
||||
} |
||||
|
||||
// NewPublicFromHexMem parses a public key in its hex form, given in m.
|
||||
// The provided m must be exactly 64 bytes in length.
|
||||
func NewPublicFromHexMem(m mem.RO) (Public, error) { |
||||
if m.Len() != 64 { |
||||
return Public{}, errors.New("invalid length") |
||||
} |
||||
var p Public |
||||
for i := range p { |
||||
a, ok1 := fromHexChar(m.At(i*2 + 0)) |
||||
b, ok2 := fromHexChar(m.At(i*2 + 1)) |
||||
if !ok1 || !ok2 { |
||||
return Public{}, errors.New("invalid hex character") |
||||
} |
||||
p[i] = (a << 4) | b |
||||
} |
||||
return p, nil |
||||
} |
||||
@ -1,74 +0,0 @@ |
||||
// Copyright (c) 2020 Tailscale Inc & AUTHORS All rights reserved.
|
||||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package key |
||||
|
||||
import ( |
||||
"bytes" |
||||
"encoding" |
||||
"reflect" |
||||
"testing" |
||||
) |
||||
|
||||
type tmu interface { |
||||
encoding.TextMarshaler |
||||
encoding.TextUnmarshaler |
||||
} |
||||
|
||||
func TestTextMarshal(t *testing.T) { |
||||
// Check that keys roundtrip correctly through marshaling, and
|
||||
// cannot be unmarshaled as other key types.
|
||||
type keyMaker func() (random, zero tmu) |
||||
keys := []keyMaker{ |
||||
func() (tmu, tmu) { k := NewMachine(); return &k, &MachinePrivate{} }, |
||||
func() (tmu, tmu) { k := NewMachine().Public(); return &k, &MachinePublic{} }, |
||||
func() (tmu, tmu) { k := NewPrivate().Public(); return &k, &Public{} }, |
||||
} |
||||
for i, kf := range keys { |
||||
k1, k2 := kf() |
||||
// Sanity check: both k's should have the same type, k2 should
|
||||
// be the zero value.
|
||||
if t1, t2 := reflect.ValueOf(k1).Elem().Type(), reflect.ValueOf(k2).Elem().Type(); t1 != t2 { |
||||
t.Fatalf("got two keys of different types %T and %T", t1, t2) |
||||
} |
||||
if !reflect.ValueOf(k2).Elem().IsZero() { |
||||
t.Fatal("k2 is not the zero value") |
||||
} |
||||
|
||||
// All keys should marshal successfully.
|
||||
t1, err := k1.MarshalText() |
||||
if err != nil { |
||||
t.Fatalf("MarshalText(%#v): %v", k1, err) |
||||
} |
||||
|
||||
// Marshalling should round-trip.
|
||||
if err := k2.UnmarshalText(t1); err != nil { |
||||
t.Fatalf("UnmarshalText(MarshalText(%#v)): %v", k1, err) |
||||
} |
||||
if !reflect.DeepEqual(k1, k2) { |
||||
t.Fatalf("UnmarshalText(MarshalText(k1)) changed\n old: %#v\n new: %#v", k1, k2) |
||||
} |
||||
|
||||
// And the text representation should also roundtrip.
|
||||
t2, err := k2.MarshalText() |
||||
if err != nil { |
||||
t.Fatalf("MarshalText(%#v): %v", k2, err) |
||||
} |
||||
if !bytes.Equal(t1, t2) { |
||||
t.Fatal("MarshalText(k1) != MarshalText(k2)") |
||||
} |
||||
|
||||
// No other key type should be able to unmarshal the text of a
|
||||
// different key.
|
||||
for j, otherkf := range keys { |
||||
if i == j { |
||||
continue |
||||
} |
||||
_, otherk := otherkf() |
||||
if err := otherk.UnmarshalText(t1); err == nil { |
||||
t.Fatalf("key %#v can unmarshal as %#v (marshaled form %q)", k1, otherk, t1) |
||||
} |
||||
} |
||||
} |
||||
} |
||||
Loading…
Reference in new issue