extern/netbird
1
0
Fork 0
mirror of https://github.com/netbirdio/netbird.git synced 2025-08-13 17:07:30 +02:00
Code Issues Packages Projects Releases Wiki Activity

feat: add encryption of the payload exchanged via signal

Browse Source
This commit is contained in:
braginini
2021-05-01 18:29:59 +02:00
parent 4f3799ac65
commit 6cd44f1522
7 changed files with 321 additions and 137 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
connection/engine.go
View File

@ -40,17 +40,9 @@ func NewEngine(signal *signal.Client, stunsTurns []*ice.URL, wgIface string, wgA
}
}
func (e *Engine) Start(privateKey string, peers []Peer) error {
func (e *Engine) Start(myKey wgtypes.Key, peers []Peer) error {
// setup wireguard
myKey, err := wgtypes.ParseKey(privateKey)
myPubKey := myKey.PublicKey().String()
if err != nil {
log.Errorf("error parsing Wireguard key %s: [%s]", privateKey, err.Error())
return err
}
err = iface.Create(e.wgIface, e.wgIp)
err := iface.Create(e.wgIface, e.wgIp)
if err != nil {
log.Errorf("error while creating interface %s: [%s]", e.wgIface, err.Error())
return err
@ -68,7 +60,7 @@ func (e *Engine) Start(privateKey string, peers []Peer) error {
return err
}
e.receiveSignal(myPubKey)
e.receiveSignal(myKey.PublicKey().String())
// initialize peer agents
for _, peer := range peers {
@ -141,10 +133,12 @@ func (e *Engine) openPeerConnection(wgPort int, myKey wgtypes.Key, peer Peer) (*
func signalCandidate(candidate ice.Candidate, myKey wgtypes.Key, remoteKey wgtypes.Key, s *signal.Client) error {
err := s.Send(&sProto.Message{
Type: sProto.Message_CANDIDATE,
Key: myKey.PublicKey().String(),
RemoteKey: remoteKey.String(),
Body: candidate.Marshal(),
Body: &sProto.Body{
Type: sProto.Body_CANDIDATE,
Payload: candidate.Marshal(),
},
})
if err != nil {
log.Errorf("failed signaling candidate to the remote peer %s %s", remoteKey.String(), err)
@ -157,18 +151,18 @@ func signalCandidate(candidate ice.Candidate, myKey wgtypes.Key, remoteKey wgtyp
func signalAuth(uFrag string, pwd string, myKey wgtypes.Key, remoteKey wgtypes.Key, s *signal.Client, isAnswer bool) error {
var t sProto.Message_Type
var t sProto.Body_Type
if isAnswer {
t = sProto.Message_ANSWER
t = sProto.Body_ANSWER
} else {
t = sProto.Message_OFFER
t = sProto.Body_OFFER
}
msg := signal.MarshalCredential(myKey.PublicKey().String(), remoteKey.String(), &signal.Credential{
msg, err := signal.MarshalCredential(myKey, remoteKey, &signal.Credential{
UFrag: uFrag,
Pwd: pwd}, t)
err := s.Send(msg)
err = s.Send(msg)
if err != nil {
return err
}
@ -189,8 +183,8 @@ func (e *Engine) receiveSignal(localKey string) {
return fmt.Errorf("unknown peer %s", msg.Key)
}
switch msg.Type {
case sProto.Message_OFFER:
switch msg.GetBody().Type {
case sProto.Body_OFFER:
remoteCred, err := signal.UnMarshalCredential(msg)
if err != nil {
return err
@ -205,7 +199,7 @@ func (e *Engine) receiveSignal(localKey string) {
}
return nil
case sProto.Message_ANSWER:
case sProto.Body_ANSWER:
remoteCred, err := signal.UnMarshalCredential(msg)
if err != nil {
return err
@ -219,9 +213,9 @@ func (e *Engine) receiveSignal(localKey string) {
return err
}
case sProto.Message_CANDIDATE:
case sProto.Body_CANDIDATE:
candidate, err := ice.UnmarshalCandidate(msg.Body)
candidate, err := ice.UnmarshalCandidate(msg.GetBody().Payload)
if err != nil {
log.Errorf("failed on parsing remote candidate %s -> %s", candidate, err)
return err