wireguard: make KeyPairs solid

Signed-off-by: Alejandro Mery <amery@jpi.io>
1 year ago · 30a7bceda3
3 changed files with 30 additions and 47 deletions
--- a/pkg/wireguard/keys.go
+++ b/pkg/wireguard/keys.go
@ -169,15 +169,13 @@ func (kp *KeyPair) Validate() error {
 }
 // NewKeyPair creates a new KeyPair for Wireguard
-func NewKeyPair() (*KeyPair, error) {
+func NewKeyPair() (KeyPair, error) {
-	key, err := NewPrivateKey()
+	var out KeyPair
 	if err != nil {
 		return nil, err
 	}
-	out := &KeyPair{
+	key, err := NewPrivateKey()
-		PrivateKey: key,
+	if err == nil {
-		PublicKey:  key.Public(),
+		out.PrivateKey = key
 		out.PublicKey = key.Public()
 	}
 	return out, nil
 }
--- a/pkg/zones/machine_rings.go
+++ b/pkg/zones/machine_rings.go
@ -11,25 +11,24 @@ import (
 )
 // GetWireguardKeys reads a wgN.key/wgN.pub files
-func (m *Machine) GetWireguardKeys(ring int) (*wireguard.KeyPair, error) {
+func (m *Machine) GetWireguardKeys(ring int) (wireguard.KeyPair, error) {
 	var (
 		data []byte
 		err  error
-		key  wireguard.PrivateKey
+		out  wireguard.KeyPair
 		pub  wireguard.PublicKey
 	)
 	data, err = m.ReadFile("wg%v.key", ring)
 	if err != nil {
 		// failed to read
-		return nil, err
+		return out, err
 	}
-	key, err = wireguard.PrivateKeyFromBase64(string(data))
+	out.PrivateKey, err = wireguard.PrivateKeyFromBase64(string(data))
 	if err != nil {
 		// bad key
 		err = core.Wrapf(err, "wg%v.key", ring)
-		return nil, err
+		return out, err
 	}
 	data, err = m.ReadFile("wg%v.pub", ring)
@ -38,27 +37,19 @@ func (m *Machine) GetWireguardKeys(ring int) (*wireguard.KeyPair, error) {
 		// no wgN.pub is fine
 	case err != nil:
 		// failed to read
-		return nil, err
+		return out, err
 	default:
 		// good read
-		pub, err = wireguard.PublicKeyFromBase64(string(data))
+		out.PublicKey, err = wireguard.PublicKeyFromBase64(string(data))
 		if err != nil {
 			// bad key
 			err = core.Wrapf(err, "wg%v.pub", ring)
-			return nil, err
+			return out, err
 		}
 	}
-	kp := &wireguard.KeyPair{
+	err = out.Validate()
-		PrivateKey: key,
+	return out, err
 		PublicKey:  pub,
 	}
 	if err = kp.Validate(); err != nil {
 		return nil, err
 	}
 	return kp, nil
 }
 func (m *Machine) tryReadWireguardKeys(ring int) error {
@ -157,7 +148,7 @@ func (m *Machine) applyWireguardInterfaceConfig(ring int, data wireguard.Interfa
 	ri := &RingInfo{
 		Ring:    ring,
 		Enabled: true,
-		Keys: &wireguard.KeyPair{
+		Keys: wireguard.KeyPair{
 			PrivateKey: data.PrivateKey,
 		},
 	}
@ -177,7 +168,7 @@ func (m *Machine) applyWireguardPeerConfig(ring int, pc wireguard.PeerConfig) er
 		ri := &RingInfo{
 			Ring:    ring,
 			Enabled: true,
-			Keys: &wireguard.KeyPair{
+			Keys: wireguard.KeyPair{
 				PublicKey: pc.PublicKey,
 			},
 		}
--- a/pkg/zones/rings.go
+++ b/pkg/zones/rings.go
@ -23,14 +23,16 @@ const (
 // RingInfo contains represents the Wireguard endpoint details
 // for a Machine on a particular ring
 type RingInfo struct {
-	Ring    int                `toml:"ring"`
+	Ring    int               `toml:"ring"`
-	Enabled bool               `toml:"enabled,omitempty"`
+	Enabled bool              `toml:"enabled,omitempty"`
-	Keys    *wireguard.KeyPair `toml:"keys,omitempty"`
+	Keys    wireguard.KeyPair `toml:"keys,omitempty"`
 }
 // Merge attempts to combine two RingInfo structs
 func (ri *RingInfo) Merge(alter *RingInfo) error {
 	switch {
 	case alter == nil:
 		return nil
 	case ri.Ring != alter.Ring:
 		// different ring
 		return fmt.Errorf("invalid %s: %v ≠ %v", "ring", ri.Ring, alter.Ring)
@ -51,27 +53,19 @@ func (ri *RingInfo) unsafeMerge(alter *RingInfo) error {
 		ri.Enabled = true
 	}
-	switch {
+	// fill the gaps on our keypair
-	case ri.Keys == nil:
+	if ri.Keys.PrivateKey.IsZero() {
-		// assign keypair
+		ri.Keys.PrivateKey = alter.Keys.PrivateKey
-		ri.Keys = alter.Keys
+	}
-	case alter.Keys != nil:
+	if ri.Keys.PublicKey.IsZero() {
-		// fill the gaps on our keypair
+		ri.Keys.PublicKey = alter.Keys.PublicKey
 		if ri.Keys.PrivateKey.IsZero() {
 			ri.Keys.PrivateKey = alter.Keys.PrivateKey
 		}
 		if ri.Keys.PublicKey.IsZero() {
 			ri.Keys.PublicKey = alter.Keys.PublicKey
 		}
 	}
 	return nil
 }
-func canMergeKeyPairs(p1, p2 *wireguard.KeyPair) bool {
+func canMergeKeyPairs(p1, p2 wireguard.KeyPair) bool {
 	switch {
 	case p1 == nil || p2 == nil:
 		return true
 	case !p1.PrivateKey.IsZero() && !p2.PrivateKey.IsZero() && !p1.PrivateKey.Equal(p2.PrivateKey):
 		return false
 	case !p1.PublicKey.IsZero() && !p2.PublicKey.IsZero() && !p1.PublicKey.Equal(p2.PublicKey):