derp: use new types/key package

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
5 years ago · 769e25e37b
parent a70a91521b
commit 769e25e37b
3 changed files with 42 additions and 10 deletions
--- a/derp/derp_client.go
+++ b/derp/derp_client.go
@ -6,35 +6,35 @@ package derp
 import (
 	"bufio"
-	"crypto/rand"
+	crand "crypto/rand"
 	"encoding/json"
 	"fmt"
 	"io"
 	"net"
 	"time"
 	"golang.org/x/crypto/curve25519"
 	"golang.org/x/crypto/nacl/box"
 	"tailscale.com/types/key"
 	"tailscale.com/types/logger"
 )
 type Client struct {
-	serverKey  [32]byte
+	serverKey  key.Public // of the DERP server; not a machine or node key
-	privateKey [32]byte // TODO(crawshaw): make this wgcfg.PrivateKey?
+	privateKey key.Private
-	publicKey  [32]byte
+	publicKey  key.Public // of privateKey
 	logf       logger.Logf
 	netConn    net.Conn
 	conn       *bufio.ReadWriter
 }
-func NewClient(privateKey [32]byte, netConn net.Conn, conn *bufio.ReadWriter, logf logger.Logf) (*Client, error) {
+func NewClient(privateKey key.Private, netConn net.Conn, conn *bufio.ReadWriter, logf logger.Logf) (*Client, error) {
 	c := &Client{
 		privateKey: privateKey,
 		publicKey:  privateKey.Public(),
 		logf:       logf,
 		netConn:    netConn,
 		conn:       conn,
 	}
 	curve25519.ScalarBaseMult(&c.publicKey, &c.privateKey)
 	if err := c.recvServerKey(); err != nil {
 		return nil, fmt.Errorf("derp.Client: failed to receive server key: %v", err)
@ -83,7 +83,7 @@ func (c *Client) recvServerInfo() (*serverInfo, error) {
 	if _, err := io.ReadFull(c.conn, msgbox); err != nil {
 		return nil, fmt.Errorf("msgbox: %v", err)
 	}
-	msg, ok := box.Open(nil, msgbox, &nonce, &c.serverKey, &c.privateKey)
+	msg, ok := box.Open(nil, msgbox, &nonce, c.serverKey.B32(), c.privateKey.B32())
 	if !ok {
 		return nil, fmt.Errorf("msgbox: cannot open len=%d with server key %x", msgLen, c.serverKey[:])
 	}
@ -96,11 +96,11 @@ func (c *Client) recvServerInfo() (*serverInfo, error) {
 func (c *Client) sendClientKey() error {
 	var nonce [24]byte
-	if _, err := rand.Read(nonce[:]); err != nil {
+	if _, err := crand.Read(nonce[:]); err != nil {
 		return err
 	}
 	msg := []byte("{}") // no clientInfo for now
-	msgbox := box.Seal(nil, msg, &nonce, &c.serverKey, &c.privateKey)
+	msgbox := box.Seal(nil, msg, &nonce, c.serverKey.B32(), c.privateKey.B32())
 	if _, err := c.conn.Write(c.publicKey[:]); err != nil {
 		return err
--- a/tailcfg/tailcfg.go
+++ b/tailcfg/tailcfg.go
@ -31,8 +31,10 @@ type RoleID ID
 type CapabilityID ID
 // MachineKey is the curve25519 public key for a machine.
 type MachineKey [32]byte
 // MachineKey is the curve25519 public key for a node.
 type NodeKey [32]byte
 type Group struct {
--- a/types/key/key.go
+++ b/types/key/key.go
@ -0,0 +1,30 @@
 // Copyright (c) 2020 Tailscale Inc & AUTHORS All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 // Package key defines some types related to curve25519 keys.
 package key
 import "golang.org/x/crypto/curve25519"
 // Private represents a curve25519 private key.
 type Private [32]byte
 // B32 returns k as the *[32]byte type that's used by the
 // golang.org/x/crypto packages. This allocates; it might
 // not be appropriate for performance-sensitive paths.
 func (k Private) B32() *[32]byte { return (*[32]byte)(&k) }
 // Public represents a curve25519 public key.
 type Public [32]byte
 // B32 returns k as the *[32]byte type that's used by the
 // golang.org/x/crypto packages. This allocates; it might
 // not be appropriate for performance-sensitive paths.
 func (k Public) B32() *[32]byte { return (*[32]byte)(&k) }
 func (k Private) Public() Public {
 	var pub [32]byte
 	curve25519.ScalarBaseMult(&pub, (*[32]byte)(&k))
 	return Public(pub)
 }