VPN: Add method to retrieve wireguard private key

Signed-off-by: Malte Poll <mp@edgeless.systems>

coordinator/coordinator_test.go

@@ -322,6 +322,10 @@ func (*fakeVPN) Setup(privKey []byte) ([]byte, error) {
 	return nil, nil
 }
 
+func (*fakeVPN) GetPrivateKey() ([]byte, error) {
+	return nil, nil
+}
+
 func (*fakeVPN) GetPublicKey(privKey []byte) ([]byte, error) {
 	return nil, nil
 }

coordinator/core/vpn.go

@@ -10,6 +10,7 @@ import (
 
 type VPN interface {
 	Setup(privKey []byte) ([]byte, error)
+	GetPrivateKey() ([]byte, error)
 	GetPublicKey(privKey []byte) ([]byte, error)
 	GetInterfaceIP() (string, error)
 	SetInterfaceIP(ip string) error
@@ -21,15 +22,21 @@ type VPN interface {
 type stubVPN struct {
 	peers             []stubVPNPeer
 	interfaceIP       string
+	privateKey        []byte
 	addPeerErr        error
 	removePeerErr     error
 	getInterfaceIPErr error
+	getPrivateKeyErr  error
 }
 
 func (*stubVPN) Setup(privKey []byte) ([]byte, error) {
 	return []byte{2, 3, 4}, nil
 }
 
+func (v *stubVPN) GetPrivateKey() ([]byte, error) {
+	return v.privateKey, v.getPrivateKeyErr
+}
+
 func (*stubVPN) GetPublicKey(privKey []byte) ([]byte, error) {
 	if bytes.Equal(privKey, []byte{2, 3, 4}) {
 		return []byte{3, 4, 5}, nil

coordinator/wireguard/wireguard.go

@@ -54,6 +54,15 @@ func (w *Wireguard) Setup(privKey []byte) ([]byte, error) {
 	return key[:], nil
 }
 
+// GetPrivateKey returns the private key of the wireguard interface.
+func (w *Wireguard) GetPrivateKey() ([]byte, error) {
+	device, err := w.client.Device(netInterface)
+	if err != nil {
+		return nil, fmt.Errorf("unable to retrieve wireguard private key from device %v: %w", netInterface, err)
+	}
+	return device.PrivateKey[:], nil
+}
+
 func (w *Wireguard) GetPublicKey(privKey []byte) ([]byte, error) {
 	key, err := wgtypes.NewKey(privKey)
 	if err != nil {