wesher/wireguard.go

package main

import (
	"fmt"
	"hash/fnv"
	"net"
	"os"
	"os/exec"
	"strings"
	"text/template"
)

const wgConfPath = "/etc/wireguard/%s.conf"
const wgConfTpl = `
# this file was generated automatically by wesher - DO NOT MODIFY
[Interface]
PrivateKey = {{ .PrivKey }}
Address = {{ .OverlayAddr }}
ListenPort = {{ .Port }}

{{ range .Nodes }}
[Peer]
PublicKey = {{ .PubKey }}
Endpoint = {{ .Addr }}:{{ $.Port }}
AllowedIPs = {{ .OverlayAddr }}/32
{{ end }}`

type wgState struct {
	iface       string
	OverlayAddr net.IP
	Port        int
	PrivKey     string
	PubKey      string
}

var wgPath = "wg"
var wgQuickPath = "wg-quick"

func newWGConfig(iface string, port int) (*wgState, error) {
	if err := exec.Command(wgPath).Run(); err != nil {
		return nil, fmt.Errorf("could not exec wireguard: %s", err)
	}

	privKey, pubKey, err := wgKeyPair()
	if err != nil {
		return nil, err
	}

	wgState := wgState{
		iface:   iface,
		Port:    port,
		PrivKey: privKey,
		PubKey:  pubKey,
	}
	return &wgState, nil
}

func (wg *wgState) assignOverlayAddr(ipnet *net.IPNet, name string) {
	// TODO: this is way too brittle and opaque
	bits, size := ipnet.Mask.Size()
	ip := make([]byte, net.IPv6len)
	copy(ip, []byte(ipnet.IP))

	h := fnv.New128a()
	h.Write([]byte(name))
	hb := h.Sum(nil)

	for i := 1; i <= (size-bits)/8; i++ {
		ip[len(ip)-i] = hb[len(hb)-i]
	}

	wg.OverlayAddr = net.IP(ip)
}

func (wg *wgState) writeConf(nodes []node) error {
	tpl := template.Must(template.New("wgconf").Parse(wgConfTpl))
	out, err := os.OpenFile(
		fmt.Sprintf(wgConfPath, wg.iface),
		os.O_WRONLY|os.O_CREATE|os.O_TRUNC,
		0600,
	)
	if err != nil {
		return err
	}
	return tpl.Execute(out, struct {
		*wgState
		Nodes []node
	}{wg, nodes})
}

func (wg *wgState) downInterface() error {
	if err := exec.Command(wgPath, "show", wg.iface).Run(); err != nil {
		return nil // assume a failure means the interface is not there
	}
	return exec.Command(wgQuickPath, "down", wg.iface).Run()
}

func (wg *wgState) upInterface() error {
	return exec.Command(wgQuickPath, "up", wg.iface).Run()
}

func wgKeyPair() (string, string, error) {
	cmd := exec.Command(wgPath, "genkey")
	outPriv := strings.Builder{}
	cmd.Stdout = &outPriv
	if err := cmd.Run(); err != nil {
		return "", "", err
	}

	cmd = exec.Command(wgPath, "pubkey")
	outPub := strings.Builder{}
	cmd.Stdout = &outPub
	cmd.Stdin = strings.NewReader(outPriv.String())
	if err := cmd.Run(); err != nil {
		return "", "", err
	}

	return strings.TrimSpace(outPriv.String()), strings.TrimSpace(outPub.String()), nil
}
first working PoC 2019-03-25 01:02:10 +01:00			`package main`

			`import (`
			`"fmt"`
change ip assignment to support ipv6 overlay 2019-03-28 20:27:08 +01:00			`"hash/fnv"`
first working PoC 2019-03-25 01:02:10 +01:00			`"net"`
			`"os"`
			`"os/exec"`
			`"strings"`
			`"text/template"`
			`)`

			`const wgConfPath = "/etc/wireguard/%s.conf"`
			const wgConfTpl = `
			`# this file was generated automatically by wesher - DO NOT MODIFY`
			`[Interface]`
			`PrivateKey = {{ .PrivKey }}`
			`Address = {{ .OverlayAddr }}`
			`ListenPort = {{ .Port }}`

			`{{ range .Nodes }}`
			`[Peer]`
			`PublicKey = {{ .PubKey }}`
			`Endpoint = {{ .Addr }}:{{ $.Port }}`
			`AllowedIPs = {{ .OverlayAddr }}/32`
			{{ end }}`

			`type wgState struct {`
			`iface string`
			`OverlayAddr net.IP`
			`Port int`
			`PrivKey string`
			`PubKey string`
			`}`

change ip assignment to support ipv6 overlay 2019-03-28 20:27:08 +01:00			`var wgPath = "wg"`
			`var wgQuickPath = "wg-quick"`

first working PoC 2019-03-25 01:02:10 +01:00			`func newWGConfig(iface string, port int) (*wgState, error) {`
change ip assignment to support ipv6 overlay 2019-03-28 20:27:08 +01:00			`if err := exec.Command(wgPath).Run(); err != nil {`
first working PoC 2019-03-25 01:02:10 +01:00			`return nil, fmt.Errorf("could not exec wireguard: %s", err)`
			`}`

			`privKey, pubKey, err := wgKeyPair()`
			`if err != nil {`
			`return nil, err`
			`}`

			`wgState := wgState{`
			`iface: iface,`
			`Port: port,`
			`PrivKey: privKey,`
			`PubKey: pubKey,`
			`}`
			`return &wgState, nil`
			`}`

minor: assignIP → assignOverlayAddr 2019-03-27 21:37:54 +01:00			`func (wg wgState) assignOverlayAddr(ipnet net.IPNet, name string) {`
first working PoC 2019-03-25 01:02:10 +01:00			`// TODO: this is way too brittle and opaque`
			`bits, size := ipnet.Mask.Size()`
change ip assignment to support ipv6 overlay 2019-03-28 20:27:08 +01:00			`ip := make([]byte, net.IPv6len)`
			`copy(ip, []byte(ipnet.IP))`
first working PoC 2019-03-25 01:02:10 +01:00
change ip assignment to support ipv6 overlay 2019-03-28 20:27:08 +01:00			`h := fnv.New128a()`
first working PoC 2019-03-25 01:02:10 +01:00			`h.Write([]byte(name))`
			`hb := h.Sum(nil)`

change ip assignment to support ipv6 overlay 2019-03-28 20:27:08 +01:00			`for i := 1; i <= (size-bits)/8; i++ {`
			`ip[len(ip)-i] = hb[len(hb)-i]`
first working PoC 2019-03-25 01:02:10 +01:00			`}`
change ip assignment to support ipv6 overlay 2019-03-28 20:27:08 +01:00
first working PoC 2019-03-25 01:02:10 +01:00			`wg.OverlayAddr = net.IP(ip)`
			`}`

			`func (wg *wgState) writeConf(nodes []node) error {`
			`tpl := template.Must(template.New("wgconf").Parse(wgConfTpl))`
			`out, err := os.OpenFile(`
			`fmt.Sprintf(wgConfPath, wg.iface),`
			`os.O_WRONLY\|os.O_CREATE\|os.O_TRUNC,`
			`0600,`
			`)`
			`if err != nil {`
			`return err`
			`}`
			`return tpl.Execute(out, struct {`
			`*wgState`
			`Nodes []node`
			`}{wg, nodes})`
			`}`

			`func (wg *wgState) downInterface() error {`
change ip assignment to support ipv6 overlay 2019-03-28 20:27:08 +01:00			`if err := exec.Command(wgPath, "show", wg.iface).Run(); err != nil {`
avoid downing non-existent iface 2019-03-27 22:48:54 +01:00			`return nil // assume a failure means the interface is not there`
			`}`
change ip assignment to support ipv6 overlay 2019-03-28 20:27:08 +01:00			`return exec.Command(wgQuickPath, "down", wg.iface).Run()`
first working PoC 2019-03-25 01:02:10 +01:00			`}`

			`func (wg *wgState) upInterface() error {`
change ip assignment to support ipv6 overlay 2019-03-28 20:27:08 +01:00			`return exec.Command(wgQuickPath, "up", wg.iface).Run()`
first working PoC 2019-03-25 01:02:10 +01:00			`}`

			`func wgKeyPair() (string, string, error) {`
change ip assignment to support ipv6 overlay 2019-03-28 20:27:08 +01:00			`cmd := exec.Command(wgPath, "genkey")`
first working PoC 2019-03-25 01:02:10 +01:00			`outPriv := strings.Builder{}`
			`cmd.Stdout = &outPriv`
			`if err := cmd.Run(); err != nil {`
			`return "", "", err`
			`}`

change ip assignment to support ipv6 overlay 2019-03-28 20:27:08 +01:00			`cmd = exec.Command(wgPath, "pubkey")`
first working PoC 2019-03-25 01:02:10 +01:00			`outPub := strings.Builder{}`
			`cmd.Stdout = &outPub`
			`cmd.Stdin = strings.NewReader(outPriv.String())`
			`if err := cmd.Run(); err != nil {`
			`return "", "", err`
			`}`

			`return strings.TrimSpace(outPriv.String()), strings.TrimSpace(outPub.String()), nil`
			`}`