adelorenzo
/
kilo
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #151 from squat/improve-public-key-validation 

pkg/k8s/apis/kilo/v1alpha1/types.go: add public key validation
This commit is contained in:
Lucas Servén Marín 2021-04-30 22:08:38 +02:00 committed by GitHub
parent 166094b5ad 64ea86436f
commit 298a772d68
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
pkg/k8s/apis/kilo/v1alpha1/types.go
View File

@ -15,6 +15,7 @@
package v1alpha1
import (
"encoding/base64"
"encoding/json"
"errors"
"fmt"
@ -133,7 +134,7 @@ func (p *Peer) Copy() *Peer {
func (p *Peer) Validate() error {
for _, ip := range p.Spec.AllowedIPs {
if _, n, err := net.ParseCIDR(ip); err != nil {
return fmt.Errorf("failed to parse %q as a valid IP address: %v", ip, err)
return fmt.Errorf("failed to parse %q as a valid IP address: %w", ip, err)
} else if n == nil {
return fmt.Errorf("got invalid IP address for %q", ip)
}
@ -157,8 +158,11 @@ func (p *Peer) Validate() error {
if p.Spec.PersistentKeepalive < 0 {
return fmt.Errorf("persistent keepalive must be greater than or equal to zero; got %q", p.Spec.PersistentKeepalive)
}
if len(p.Spec.PublicKey) == 0 {
return errors.New("public keys cannot be empty")
if b, err := base64.StdEncoding.DecodeString(p.Spec.PublicKey); err != nil {
return fmt.Errorf("WireGuard public key is not base64 encoded: %w", err)
// Since WireGuard is using Curve25519 for the key exchange, the key length of 256 bits should not change in the near future.
} else if len(b) != 32 {
return errors.New("WireGuard public key has invalid length")
}
return nil
}