diff options
Diffstat (limited to 'control/keyfallback')
| -rw-r--r-- | control/keyfallback/control-key.json | 4 | ||||
| -rw-r--r-- | control/keyfallback/keyfallback.go | 32 | ||||
| -rw-r--r-- | control/keyfallback/keyfallback_test.go | 77 | ||||
| -rw-r--r-- | control/keyfallback/update.go | 47 |
4 files changed, 160 insertions, 0 deletions
diff --git a/control/keyfallback/control-key.json b/control/keyfallback/control-key.json new file mode 100644 index 000000000..a7ebf8e94 --- /dev/null +++ b/control/keyfallback/control-key.json @@ -0,0 +1,4 @@ +{ + "legacyPublicKey": "mkey:9e5156a4c65121306dd2d8ed8f92cb8d738e2533011344b522c5d28409bc4970", + "publicKey": "mkey:7d2792f9c98d753d2042471536801949104c247f95eac770f8fb321595e2173b" +}
\ No newline at end of file diff --git a/control/keyfallback/keyfallback.go b/control/keyfallback/keyfallback.go new file mode 100644 index 000000000..44a190f69 --- /dev/null +++ b/control/keyfallback/keyfallback.go @@ -0,0 +1,32 @@ +// Copyright (c) Tailscale Inc & AUTHORS +// SPDX-License-Identifier: BSD-3-Clause + +// Package keyfallback contains a fallback mechanism for starting up Tailscale +// when the control server cannot be reached to obtain the primary Noise key. +// +// The data is backed by a JSON file `control-key.json` that is updated by +// `update.go`: +// +// (cd control/keyfallback; go run update.go) +package keyfallback + +import ( + _ "embed" + "encoding/json" + + "tailscale.com/tailcfg" +) + +// Get returns the fallback control server public key that was baked into the +// binary at compile time. It is only valid for the main Tailscale control +// server instance. +func Get() (*tailcfg.OverTLSPublicKeyResponse, error) { + out := &tailcfg.OverTLSPublicKeyResponse{} + if err := json.Unmarshal(controlKeyJSON, out); err != nil { + return nil, err + } + return out, nil +} + +//go:embed control-key.json +var controlKeyJSON []byte diff --git a/control/keyfallback/keyfallback_test.go b/control/keyfallback/keyfallback_test.go new file mode 100644 index 000000000..92aa6b0e6 --- /dev/null +++ b/control/keyfallback/keyfallback_test.go @@ -0,0 +1,77 @@ +// Copyright (c) Tailscale Inc & AUTHORS +// SPDX-License-Identifier: BSD-3-Clause + +package keyfallback + +import ( + "context" + "encoding/json" + "fmt" + "io" + "net/http" + "reflect" + "testing" + "time" + + "tailscale.com/ipn" + "tailscale.com/tailcfg" + "tailscale.com/tstest/nettest" + "tailscale.com/util/must" +) + +func TestHasValidControlKey(t *testing.T) { + t.Parallel() + keys, err := Get() + if err != nil { + t.Fatalf("Get: %v", err) + } + if keys.PublicKey.IsZero() { + t.Fatalf("zero key") + } +} + +// TestKeyIsUpToDate fetches the control key from the control server and +// compares it to the baked-in key, to verify that it's up-to-date. If the +// control server is unreachable, the test is skipped. +func TestKeyIsUpToDate(t *testing.T) { + nettest.SkipIfNoNetwork(t) + + // Optimistically fetch the control key and check if it's up to date, + // but ignore if we don't have network access (e.g. running tests on an + // airplane). + ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second) + defer cancel() + keyURL := fmt.Sprintf("%v/key?v=%d", ipn.DefaultControlURL, tailcfg.CurrentCapabilityVersion) + req := must.Get(http.NewRequestWithContext(ctx, "GET", keyURL, nil)) + res, err := http.DefaultClient.Do(req) + if err != nil { + t.Logf("fetch control key: %v", err) + return + } + defer res.Body.Close() + + if res.StatusCode != 200 { + t.Fatalf("fetch control key: bad status; got %v, want 200", res.Status) + } + b, err := io.ReadAll(res.Body) + if err != nil { + t.Fatalf("read control key: %v", err) + } + + // Verify that the key is up to date and matches the baked-in key. + out := &tailcfg.OverTLSPublicKeyResponse{} + if err := json.Unmarshal(b, out); err != nil { + t.Fatalf("unmarshal control key: %v", err) + } + + keys, err := Get() + if err != nil { + t.Fatalf("Get: %v", err) + } + + if !reflect.DeepEqual(keys, out) { + t.Errorf("control key is out of date") + t.Logf("old key: %v", keys) + t.Logf("new key: %v", out) + } +} diff --git a/control/keyfallback/update.go b/control/keyfallback/update.go new file mode 100644 index 000000000..27bee37ad --- /dev/null +++ b/control/keyfallback/update.go @@ -0,0 +1,47 @@ +// Copyright (c) Tailscale Inc & AUTHORS +// SPDX-License-Identifier: BSD-3-Clause + +//go:build ignore + +package main + +import ( + "encoding/json" + "fmt" + "io" + "log" + "net/http" + "os" + + "tailscale.com/ipn" + "tailscale.com/tailcfg" +) + +func main() { + keyURL := fmt.Sprintf("%v/key?v=%d", ipn.DefaultControlURL, tailcfg.CurrentCapabilityVersion) + res, err := http.Get(keyURL) + if err != nil { + log.Fatalf("fetch control key: %v", err) + } + defer res.Body.Close() + b, err := io.ReadAll(io.LimitReader(res.Body, 64<<10)) + if err != nil { + log.Fatalf("read control key: %v", err) + } + if res.StatusCode != 200 { + log.Fatalf("fetch control key: bad status; got %v, want 200", res.Status) + } + + // Unmarshal to make sure it's valid. + var out tailcfg.OverTLSPublicKeyResponse + if err := json.Unmarshal(b, &out); err != nil { + log.Fatalf("unmarshal control key: %v", err) + } + if out.PublicKey.IsZero() { + log.Fatalf("control key is zero") + } + + if err := os.WriteFile("control-key.json", b, 0644); err != nil { + log.Fatalf("write control key: %v", err) + } +} |