pkg/k8s/apis: support for preshared keys in peers

This commit adds support for defining preshared keys when declaring a new Peer CRD. This preshared key will be used whenever the nodes in the Kilo mesh communicate with that peer. Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
2020-05-05 11:36:39 +02:00
parent e4829832c5
commit 0a10dc921c
9 changed files with 64 additions and 9 deletions
--- a/pkg/wireguard/conf.go
+++ b/pkg/wireguard/conf.go
@@ -37,6 +37,7 @@ const (
 	allowedIPsKey          key     = "AllowedIPs"
 	endpointKey            key     = "Endpoint"
 	persistentKeepaliveKey key     = "PersistentKeepalive"
+	presharedKeyKey        key     = "PresharedKey"
 	privateKeyKey          key     = "PrivateKey"
 	publicKeyKey           key     = "PublicKey"
 )
@@ -58,6 +59,7 @@ type Peer struct {
 	AllowedIPs          []*net.IPNet
 	Endpoint            *Endpoint
 	PersistentKeepalive int
+	PresharedKey        []byte
 	PublicKey           []byte
 }

@@ -220,6 +222,8 @@ func Parse(buf []byte) *Conf {
 					continue
 				}
 				peer.PersistentKeepalive = i
+			case presharedKeyKey:
+				peer.PresharedKey = []byte(v)
 			case publicKeyKey:
 				peer.PublicKey = []byte(v)
 			}
@@ -269,6 +273,9 @@ func (c *Conf) Bytes() ([]byte, error) {
 		if err = writeValue(buf, persistentKeepaliveKey, strconv.Itoa(p.PersistentKeepalive)); err != nil {
 			return nil, fmt.Errorf("failed to write persistent keepalive: %v", err)
 		}
+		if err = writePKey(buf, presharedKeyKey, p.PresharedKey); err != nil {
+			return nil, fmt.Errorf("failed to write preshared key: %v", err)
+		}
 		if err = writePKey(buf, publicKeyKey, p.PublicKey); err != nil {
 			return nil, fmt.Errorf("failed to write public key: %v", err)
 		}
@@ -318,7 +325,7 @@ func (c *Conf) Equal(b *Conf) bool {
 				return false
 			}
 		}
-		if c.Peers[i].PersistentKeepalive != b.Peers[i].PersistentKeepalive || !bytes.Equal(c.Peers[i].PublicKey, b.Peers[i].PublicKey) {
+		if c.Peers[i].PersistentKeepalive != b.Peers[i].PersistentKeepalive || !bytes.Equal(c.Peers[i].PresharedKey, b.Peers[i].PresharedKey) || !bytes.Equal(c.Peers[i].PublicKey, b.Peers[i].PublicKey) {
 			return false
 		}
 	}
--- a/pkg/wireguard/conf_test.go
+++ b/pkg/wireguard/conf_test.go
@@ -39,6 +39,7 @@ func TestCompareConf(t *testing.T) {

 		[Peer]
 		Endpoint = 10.1.0.2:51820
+		PresharedKey = psk
 		PublicKey = key
 		AllowedIPs = 10.2.2.0/24, 192.168.0.1/32, 10.2.3.0/24, 192.168.0.2/32, 10.4.0.2/32
 		`),
@@ -49,6 +50,7 @@ func TestCompareConf(t *testing.T) {
 		[Peer]
 		PublicKey = key
 		AllowedIPs = 192.168.0.1/32, 10.2.3.0/24, 192.168.0.2/32, 10.4.0.2/32, 10.2.2.0/24
+		PresharedKey = psk
 		Endpoint = 10.1.0.2:51820
 		`),
 			out: true,
@@ -61,6 +63,7 @@ func TestCompareConf(t *testing.T) {

 		[Peer]
 		Endpoint = 10.1.0.2:51820
+		PresharedKey = psk
 		PublicKey = key
 		AllowedIPs = 10.2.2.0/24, 192.168.0.1/32, 10.2.3.0/24, 192.168.0.2/32, 10.4.0.2/32
 		`),
@@ -69,6 +72,7 @@ func TestCompareConf(t *testing.T) {
 		ListenPort=51820
 		[Peer]
 		Endpoint=10.1.0.2:51820
+		PresharedKey = psk
 		PublicKey=key
 		AllowedIPs=10.2.2.0/24,192.168.0.1/32,10.2.3.0/24,192.168.0.2/32,10.4.0.2/32
 		`),
@@ -125,11 +129,13 @@ func TestCompareConf(t *testing.T) {

 		[Peer]
 		Endpoint = 10.1.0.2:51820
+		PresharedKey = psk
 		PublicKey = key
 		AllowedIPs = 10.2.2.0/24, 192.168.0.1/32, 10.2.3.0/24, 192.168.0.2/32, 10.4.0.2/32
 		`),
 			b: []byte(`[Peer]
 		Endpoint = 10.1.0.2:51820
+		PresharedKey = psk
 		PublicKey = key
 		AllowedIPs = 10.2.2.0/24, 192.168.0.1/32, 10.2.3.0/24, 192.168.0.2/32, 10.4.0.2/32

@@ -147,11 +153,13 @@ func TestCompareConf(t *testing.T) {

 		[Peer]
 		Endpoint = 10.1.0.2:51820
+		PresharedKey = psk2
 		PublicKey = key2
 		AllowedIPs = 10.2.2.0/24, 192.168.0.1/32, 10.2.3.0/24, 192.168.0.2/32, 10.4.0.2/32

 		[Peer]
 		Endpoint = 10.1.0.2:51820
+		PresharedKey = psk1
 		PublicKey = key1
 		AllowedIPs = 10.2.2.0/24, 192.168.0.1/32, 10.2.3.0/24, 192.168.0.2/32, 10.4.0.2/32
 		`),
@@ -161,11 +169,13 @@ func TestCompareConf(t *testing.T) {

 		[Peer]
 		Endpoint = 10.1.0.2:51820
+		PresharedKey = psk1
 		PublicKey = key1
 		AllowedIPs = 10.2.2.0/24, 192.168.0.1/32, 10.2.3.0/24, 192.168.0.2/32, 10.4.0.2/32

 		[Peer]
 		Endpoint = 10.1.0.2:51820
+		PresharedKey = psk2
 		PublicKey = key2
 		AllowedIPs = 10.2.2.0/24, 192.168.0.1/32, 10.2.3.0/24, 192.168.0.2/32, 10.4.0.2/32
 		`),
@@ -179,6 +189,7 @@ func TestCompareConf(t *testing.T) {

 		[Peer]
 		Endpoint = 10.1.0.2:51820
+		PresharedKey = psk
 		PublicKey = key
 		AllowedIPs = 10.2.2.0/24, 192.168.0.1/32, 10.2.3.0/24, 192.168.0.2/32, 10.4.0.2/32
 		`),