Documentation ¶
Index ¶
- Constants
- type ControlPrivatedeprecated
- func (k ControlPrivate) IsZero() bool
- func (k ControlPrivate) MarshalJSON() ([]byte, error)
- func (k ControlPrivate) OpenFrom(p MachinePublic, ciphertext []byte) (cleartext []byte, ok bool)
- func (k ControlPrivate) Public() MachinePublic
- func (k ControlPrivate) SealTo(p MachinePublic, cleartext []byte) (ciphertext []byte)
- func (k ControlPrivate) SharedKey(p MachinePublic) MachinePrecomputedSharedKey
- func (k *ControlPrivate) UnmarshalJSON(bs []byte) error
- type DiscoPrivate
- type DiscoPublic
- func (k DiscoPublic) AppendTo(buf []byte) []byte
- func (k DiscoPublic) IsZero() bool
- func (k DiscoPublic) MarshalText() ([]byte, error)
- func (k DiscoPublic) Raw32() [32]bytedeprecated
- func (k DiscoPublic) ShortString() string
- func (k DiscoPublic) String() string
- func (k *DiscoPublic) UnmarshalText(b []byte) error
- type DiscoShared
- type MachinePrecomputedSharedKey
- type MachinePrivate
- func (k MachinePrivate) Equal(other MachinePrivate) bool
- func (k MachinePrivate) IsZero() bool
- func (k MachinePrivate) MarshalText() ([]byte, error)
- func (k MachinePrivate) OpenFrom(p MachinePublic, ciphertext []byte) (cleartext []byte, ok bool)
- func (k MachinePrivate) Public() MachinePublic
- func (k MachinePrivate) SealTo(p MachinePublic, cleartext []byte) (ciphertext []byte)
- func (k MachinePrivate) SharedKey(p MachinePublic) MachinePrecomputedSharedKey
- func (k *MachinePrivate) UnmarshalText(b []byte) error
- func (k MachinePrivate) UntypedBytes() []bytedeprecated
- type MachinePublic
- func (k MachinePublic) IsZero() bool
- func (k MachinePublic) MarshalText() ([]byte, error)
- func (k MachinePublic) ShortString() string
- func (k MachinePublic) String() string
- func (k *MachinePublic) UnmarshalText(b []byte) error
- func (k MachinePublic) UntypedBytes() []bytedeprecated
- func (k MachinePublic) UntypedHexString() stringdeprecated
- type NLPrivate
- func (k NLPrivate) IsZero() bool
- func (k NLPrivate) KeyID() tkatype.KeyID
- func (k NLPrivate) MarshalText() ([]byte, error)
- func (k NLPrivate) Public() NLPublic
- func (k NLPrivate) SignAUM(sigHash tkatype.AUMSigHash) ([]tkatype.Signature, error)
- func (k NLPrivate) SignNKS(sigHash tkatype.NKSSigHash) ([]byte, error)
- func (k *NLPrivate) UnmarshalText(b []byte) error
- type NLPublic
- type NodePrivate
- func (k NodePrivate) Equal(other NodePrivate) bool
- func (k NodePrivate) IsZero() bool
- func (k NodePrivate) MarshalText() ([]byte, error)
- func (k NodePrivate) OpenFrom(p NodePublic, ciphertext []byte) (cleartext []byte, ok bool)
- func (k NodePrivate) Public() NodePublic
- func (k NodePrivate) SealTo(p NodePublic, cleartext []byte) (ciphertext []byte)
- func (k *NodePrivate) UnmarshalText(b []byte) error
- func (k NodePrivate) UntypedHexString() string
- type NodePublic
- func (k NodePublic) AppendTo(buf []byte) []byte
- func (k NodePublic) IsZero() bool
- func (k NodePublic) Less(other NodePublic) bool
- func (k NodePublic) MarshalBinary() (data []byte, err error)
- func (k NodePublic) MarshalText() ([]byte, error)
- func (k NodePublic) Raw32() [32]bytedeprecated
- func (k *NodePublic) ReadRawWithoutAllocating(br *bufio.Reader) error
- func (p NodePublic) Shard() uint8
- func (k NodePublic) ShortString() string
- func (k NodePublic) String() string
- func (k *NodePublic) UnmarshalBinary(in []byte) error
- func (k *NodePublic) UnmarshalText(b []byte) error
- func (k NodePublic) UntypedHexString() stringdeprecated
- func (k NodePublic) WireGuardGoString() string
- func (k NodePublic) WriteRawWithoutAllocating(bw *bufio.Writer) error
Constants ¶
const ( // DiscoPublicRawLen is the length in bytes of a DiscoPublic, when // serialized with AppendTo, Raw32 or WriteRawWithoutAllocating. DiscoPublicRawLen = 32 )
const ( // NodePublicRawLen is the length in bytes of a NodePublic, when // serialized with AppendTo, Raw32 or WriteRawWithoutAllocating. NodePublicRawLen = 32 )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ControlPrivate
deprecated
added in
v1.16.0
type ControlPrivate struct {
// contains filtered or unexported fields
}
ControlPrivate is a Tailscale control plane private key.
It is functionally equivalent to a MachinePrivate, but serializes to JSON as a byte array rather than a typed string, because our control plane database stores the key that way.
Deprecated: this type should only be used in Tailscale's control plane, where existing database serializations require this less-good serialization format to persist. Other control plane implementations can use MachinePrivate with no downsides.
func NewControl ¶ added in v1.16.0
func NewControl() ControlPrivate
NewControl generates and returns a new control plane private key.
func (ControlPrivate) IsZero ¶ added in v1.16.0
func (k ControlPrivate) IsZero() bool
IsZero reports whether k is the zero value.
func (ControlPrivate) MarshalJSON ¶ added in v1.16.0
func (k ControlPrivate) MarshalJSON() ([]byte, error)
MarshalJSON implements json.Marshaler.
func (ControlPrivate) OpenFrom ¶ added in v1.16.0
func (k ControlPrivate) OpenFrom(p MachinePublic, ciphertext []byte) (cleartext []byte, ok bool)
OpenFrom opens the NaCl box ciphertext, which must be a value created by SealTo, and returns the inner cleartext if ciphertext is a valid box from p to k.
func (ControlPrivate) Public ¶ added in v1.16.0
func (k ControlPrivate) Public() MachinePublic
Public returns the MachinePublic for k. Panics if ControlPrivate is zero.
func (ControlPrivate) SealTo ¶ added in v1.16.0
func (k ControlPrivate) SealTo(p MachinePublic, cleartext []byte) (ciphertext []byte)
SealTo wraps cleartext into a NaCl box (see golang.org/x/crypto/nacl) to p, authenticated from k, using a random nonce.
The returned ciphertext is a 24-byte nonce concatenated with the box value.
func (ControlPrivate) SharedKey ¶ added in v1.30.0
func (k ControlPrivate) SharedKey(p MachinePublic) MachinePrecomputedSharedKey
SharedKey returns the precomputed Nacl box shared key between k and p.
func (*ControlPrivate) UnmarshalJSON ¶ added in v1.16.0
func (k *ControlPrivate) UnmarshalJSON(bs []byte) error
UnmarshalJSON implements json.Unmarshaler.
type DiscoPrivate ¶ added in v1.18.0
type DiscoPrivate struct {
// contains filtered or unexported fields
}
DiscoPrivate is a disco key, used for peer-to-peer path discovery.
func NewDisco ¶ added in v1.18.0
func NewDisco() DiscoPrivate
NewDisco creates and returns a new disco private key.
func (DiscoPrivate) Equal ¶ added in v1.18.0
func (k DiscoPrivate) Equal(other DiscoPrivate) bool
Equal reports whether k and other are the same key.
func (DiscoPrivate) IsZero ¶ added in v1.18.0
func (k DiscoPrivate) IsZero() bool
IsZero reports whether k is the zero value.
func (DiscoPrivate) Public ¶ added in v1.18.0
func (k DiscoPrivate) Public() DiscoPublic
Public returns the DiscoPublic for k. Panics if DiscoPrivate is zero.
func (DiscoPrivate) Shared ¶ added in v1.18.0
func (k DiscoPrivate) Shared(p DiscoPublic) DiscoShared
Shared returns the DiscoShared for communication between k and p.
type DiscoPublic ¶ added in v1.18.0
type DiscoPublic struct {
// contains filtered or unexported fields
}
DiscoPublic is the public portion of a DiscoPrivate.
func DiscoPublicFromRaw32 ¶ added in v1.18.0
func DiscoPublicFromRaw32(raw mem.RO) DiscoPublic
DiscoPublicFromRaw32 parses a 32-byte raw value as a DiscoPublic.
This should be used only when deserializing a DiscoPublic from a binary protocol.
func (DiscoPublic) AppendTo ¶ added in v1.18.0
func (k DiscoPublic) AppendTo(buf []byte) []byte
AppendTo appends k, serialized as a 32-byte binary value, to buf. Returns the new slice.
func (DiscoPublic) IsZero ¶ added in v1.18.0
func (k DiscoPublic) IsZero() bool
IsZero reports whether k is the zero value.
func (DiscoPublic) MarshalText ¶ added in v1.18.0
func (k DiscoPublic) MarshalText() ([]byte, error)
MarshalText implements encoding.TextMarshaler.
func (DiscoPublic) Raw32
deprecated
added in
v1.18.0
func (k DiscoPublic) Raw32() [32]byte
Raw32 returns k encoded as 32 raw bytes.
Deprecated: only needed for a temporary compat shim in tailcfg, do not add more uses.
func (DiscoPublic) ShortString ¶ added in v1.18.0
func (k DiscoPublic) ShortString() string
ShortString returns the Tailscale conventional debug representation of a disco key.
func (DiscoPublic) String ¶ added in v1.18.0
func (k DiscoPublic) String() string
String returns the output of MarshalText as a string.
func (*DiscoPublic) UnmarshalText ¶ added in v1.18.0
func (k *DiscoPublic) UnmarshalText(b []byte) error
MarshalText implements encoding.TextUnmarshaler.
type DiscoShared ¶ added in v1.18.0
type DiscoShared struct {
// contains filtered or unexported fields
}
func (DiscoShared) Equal ¶ added in v1.18.0
func (k DiscoShared) Equal(other DiscoShared) bool
Equal reports whether k and other are the same key.
func (DiscoShared) IsZero ¶ added in v1.18.0
func (k DiscoShared) IsZero() bool
func (DiscoShared) Open ¶ added in v1.18.0
func (k DiscoShared) Open(ciphertext []byte) (cleartext []byte, ok bool)
Open opens the NaCl box ciphertext, which must be a value created by Seal, and returns the inner cleartext if ciphertext is a valid box using shared secret k.
func (DiscoShared) Seal ¶ added in v1.18.0
func (k DiscoShared) Seal(cleartext []byte) (ciphertext []byte)
Seal wraps cleartext into a NaCl box (see golang.org/x/crypto/nacl), using k as the shared secret and a random nonce.
type MachinePrecomputedSharedKey ¶ added in v1.30.0
type MachinePrecomputedSharedKey struct {
// contains filtered or unexported fields
}
MachinePrecomputedSharedKey is a precomputed shared NaCl box shared key.
func (MachinePrecomputedSharedKey) Open ¶ added in v1.30.0
func (k MachinePrecomputedSharedKey) Open(ciphertext []byte) (cleartext []byte, ok bool)
Open opens the NaCl box ciphertext, which must be a value created by MachinePrecomputedSharedKey.Seal or MachinePrivate.SealTo, and returns the inner cleartext if ciphertext is a valid box for the shared key k.
func (MachinePrecomputedSharedKey) Seal ¶ added in v1.30.0
func (k MachinePrecomputedSharedKey) Seal(cleartext []byte) (ciphertext []byte)
Seal wraps cleartext into a NaCl box (see golang.org/x/crypto/nacl) using the shared key k as generated by MachinePrivate.SharedKey.
The returned ciphertext is a 24-byte nonce concatenated with the box value.
type MachinePrivate ¶ added in v1.16.0
type MachinePrivate struct {
// contains filtered or unexported fields
}
MachinePrivate is a machine key, used for communication with the Tailscale coordination server.
func NewMachine ¶ added in v1.16.0
func NewMachine() MachinePrivate
NewMachine creates and returns a new machine private key.
func (MachinePrivate) Equal ¶ added in v1.16.0
func (k MachinePrivate) Equal(other MachinePrivate) bool
Equal reports whether k and other are the same key.
func (MachinePrivate) IsZero ¶ added in v1.16.0
func (k MachinePrivate) IsZero() bool
IsZero reports whether k is the zero value.
func (MachinePrivate) MarshalText ¶ added in v1.16.0
func (k MachinePrivate) MarshalText() ([]byte, error)
MarshalText implements encoding.TextMarshaler.
func (MachinePrivate) OpenFrom ¶ added in v1.16.0
func (k MachinePrivate) OpenFrom(p MachinePublic, ciphertext []byte) (cleartext []byte, ok bool)
OpenFrom opens the NaCl box ciphertext, which must be a value created by SealTo, and returns the inner cleartext if ciphertext is a valid box from p to k.
func (MachinePrivate) Public ¶ added in v1.16.0
func (k MachinePrivate) Public() MachinePublic
Public returns the MachinePublic for k. Panics if MachinePrivate is zero.
func (MachinePrivate) SealTo ¶ added in v1.16.0
func (k MachinePrivate) SealTo(p MachinePublic, cleartext []byte) (ciphertext []byte)
SealTo wraps cleartext into a NaCl box (see golang.org/x/crypto/nacl) to p, authenticated from k, using a random nonce.
The returned ciphertext is a 24-byte nonce concatenated with the box value.
func (MachinePrivate) SharedKey ¶ added in v1.30.0
func (k MachinePrivate) SharedKey(p MachinePublic) MachinePrecomputedSharedKey
SharedKey returns the precomputed Nacl box shared key between k and p.
func (*MachinePrivate) UnmarshalText ¶ added in v1.16.0
func (k *MachinePrivate) UnmarshalText(b []byte) error
MarshalText implements encoding.TextUnmarshaler.
func (MachinePrivate) UntypedBytes
deprecated
added in
v1.18.0
func (k MachinePrivate) UntypedBytes() []byte
UntypedBytes returns k, encoded as an untyped 64-character hex string.
Deprecated: this function is risky to use, because it produces serialized values that do not identify themselves as a MachinePrivate, allowing other code to potentially parse it back in as the wrong key type. For new uses that don't require this specific raw byte serialization, please use MarshalText/UnmarshalText.
type MachinePublic ¶ added in v1.16.0
type MachinePublic struct {
// contains filtered or unexported fields
}
MachinePublic is the public portion of a a MachinePrivate.
func MachinePublicFromRaw32 ¶ added in v1.18.0
func MachinePublicFromRaw32(raw mem.RO) MachinePublic
MachinePublicFromRaw32 parses a 32-byte raw value as a MachinePublic.
This should be used only when deserializing a MachinePublic from a binary protocol.
func ParseMachinePublicUntyped
deprecated
added in
v1.16.0
func ParseMachinePublicUntyped(raw mem.RO) (MachinePublic, error)
ParseMachinePublicUntyped parses an untyped 64-character hex value as a MachinePublic.
Deprecated: this function is risky to use, because it cannot verify that the hex string was intended to be a MachinePublic. This can lead to accidentally decoding one type of key as another. For new uses that don't require backwards compatibility with the untyped string format, please use MarshalText/UnmarshalText.
func (MachinePublic) IsZero ¶ added in v1.16.0
func (k MachinePublic) IsZero() bool
IsZero reports whether k is the zero value.
func (MachinePublic) MarshalText ¶ added in v1.16.0
func (k MachinePublic) MarshalText() ([]byte, error)
MarshalText implements encoding.TextMarshaler.
func (MachinePublic) ShortString ¶ added in v1.16.0
func (k MachinePublic) ShortString() string
ShortString returns the Tailscale conventional debug representation of a public key: the first five base64 digits of the key, in square brackets.
func (MachinePublic) String ¶ added in v1.16.0
func (k MachinePublic) String() string
String returns the output of MarshalText as a string.
func (*MachinePublic) UnmarshalText ¶ added in v1.16.0
func (k *MachinePublic) UnmarshalText(b []byte) error
MarshalText implements encoding.TextUnmarshaler.
func (MachinePublic) UntypedBytes
deprecated
added in
v1.18.0
func (k MachinePublic) UntypedBytes() []byte
UntypedBytes returns k, encoded as an untyped 64-character hex string.
Deprecated: this function is risky to use, because it produces serialized values that do not identify themselves as a MachinePublic, allowing other code to potentially parse it back in as the wrong key type. For new uses that don't require this specific raw byte serialization, please use MarshalText/UnmarshalText.
func (MachinePublic) UntypedHexString
deprecated
added in
v1.16.0
func (k MachinePublic) UntypedHexString() string
UntypedHexString returns k, encoded as an untyped 64-character hex string.
Deprecated: this function is risky to use, because it produces serialized values that do not identify themselves as a MachinePublic, allowing other code to potentially parse it back in as the wrong key type. For new uses that don't require backwards compatibility with the untyped string format, please use MarshalText/UnmarshalText.
type NLPrivate ¶ added in v1.30.0
type NLPrivate struct {
// contains filtered or unexported fields
}
NLPrivate is a node-managed network-lock key, used for signing node-key signatures and authority update messages.
func NewNLPrivate ¶ added in v1.30.0
func NewNLPrivate() NLPrivate
NewNLPrivate creates and returns a new network-lock key.
func (NLPrivate) MarshalText ¶ added in v1.30.0
MarshalText implements encoding.TextMarshaler.
func (NLPrivate) SignNKS ¶ added in v1.30.0
func (k NLPrivate) SignNKS(sigHash tkatype.NKSSigHash) ([]byte, error)
SignNKS signs the tka.NodeKeySignature identified by sigHash.
func (*NLPrivate) UnmarshalText ¶ added in v1.30.0
MarshalText implements encoding.TextUnmarshaler.
type NLPublic ¶ added in v1.30.0
type NLPublic struct {
// contains filtered or unexported fields
}
NLPublic is the public portion of a a NLPrivate.
func (NLPublic) MarshalText ¶ added in v1.30.0
MarshalText implements encoding.TextMarshaler.
func (*NLPublic) UnmarshalText ¶ added in v1.30.0
MarshalText implements encoding.TextUnmarshaler.
type NodePrivate ¶ added in v1.18.0
type NodePrivate struct {
// contains filtered or unexported fields
}
NodePrivate is a node key, used for WireGuard tunnels and communication with DERP servers.
func NewNode ¶ added in v1.18.0
func NewNode() NodePrivate
NewNode creates and returns a new node private key.
func NodePrivateFromRaw32
deprecated
added in
v1.18.0
func NodePrivateFromRaw32(raw mem.RO) NodePrivate
NodePrivateFromRaw32 parses a 32-byte raw value as a NodePrivate.
Deprecated: only needed to cast from legacy node private key types, do not add more uses unrelated to #3206.
func ParseNodePrivateUntyped ¶ added in v1.18.0
func ParseNodePrivateUntyped(raw mem.RO) (NodePrivate, error)
func (NodePrivate) Equal ¶ added in v1.18.0
func (k NodePrivate) Equal(other NodePrivate) bool
Equal reports whether k and other are the same key.
func (NodePrivate) IsZero ¶ added in v1.18.0
func (k NodePrivate) IsZero() bool
IsZero reports whether k is the zero value.
func (NodePrivate) MarshalText ¶ added in v1.18.0
func (k NodePrivate) MarshalText() ([]byte, error)
MarshalText implements encoding.TextMarshaler.
func (NodePrivate) OpenFrom ¶ added in v1.18.0
func (k NodePrivate) OpenFrom(p NodePublic, ciphertext []byte) (cleartext []byte, ok bool)
OpenFrom opens the NaCl box ciphertext, which must be a value created by SealTo, and returns the inner cleartext if ciphertext is a valid box from p to k.
func (NodePrivate) Public ¶ added in v1.18.0
func (k NodePrivate) Public() NodePublic
Public returns the NodePublic for k. Panics if NodePrivate is zero.
func (NodePrivate) SealTo ¶ added in v1.18.0
func (k NodePrivate) SealTo(p NodePublic, cleartext []byte) (ciphertext []byte)
SealTo wraps cleartext into a NaCl box (see golang.org/x/crypto/nacl) to p, authenticated from k, using a random nonce.
The returned ciphertext is a 24-byte nonce concatenated with the box value.
func (*NodePrivate) UnmarshalText ¶ added in v1.18.0
func (k *NodePrivate) UnmarshalText(b []byte) error
MarshalText implements encoding.TextUnmarshaler.
func (NodePrivate) UntypedHexString ¶ added in v1.18.0
func (k NodePrivate) UntypedHexString() string
type NodePublic ¶ added in v1.18.0
type NodePublic struct {
// contains filtered or unexported fields
}
NodePublic is the public portion of a NodePrivate.
func NodePublicFromRaw32 ¶ added in v1.18.0
func NodePublicFromRaw32(raw mem.RO) NodePublic
NodePublicFromRaw32 parses a 32-byte raw value as a NodePublic.
This should be used only when deserializing a NodePublic from a binary protocol.
func ParseNodePublicUntyped
deprecated
added in
v1.18.0
func ParseNodePublicUntyped(raw mem.RO) (NodePublic, error)
ParseNodePublicUntyped parses an untyped 64-character hex value as a NodePublic.
Deprecated: this function is risky to use, because it cannot verify that the hex string was intended to be a NodePublic. This can lead to accidentally decoding one type of key as another. For new uses that don't require backwards compatibility with the untyped string format, please use MarshalText/UnmarshalText.
func (NodePublic) AppendTo ¶ added in v1.18.0
func (k NodePublic) AppendTo(buf []byte) []byte
AppendTo appends k, serialized as a 32-byte binary value, to buf. Returns the new slice.
func (NodePublic) IsZero ¶ added in v1.18.0
func (k NodePublic) IsZero() bool
IsZero reports whether k is the zero value.
func (NodePublic) Less ¶ added in v1.18.0
func (k NodePublic) Less(other NodePublic) bool
Less reports whether k orders before other, using an undocumented deterministic ordering.
func (NodePublic) MarshalBinary ¶ added in v1.30.0
func (k NodePublic) MarshalBinary() (data []byte, err error)
MarshalBinary implements encoding.BinaryMarshaler.
func (NodePublic) MarshalText ¶ added in v1.18.0
func (k NodePublic) MarshalText() ([]byte, error)
MarshalText implements encoding.TextMarshaler.
func (NodePublic) Raw32
deprecated
added in
v1.18.0
func (k NodePublic) Raw32() [32]byte
Raw32 returns k encoded as 32 raw bytes.
Deprecated: only needed for a single legacy use in the control server, don't add more uses.
func (*NodePublic) ReadRawWithoutAllocating ¶ added in v1.18.0
func (k *NodePublic) ReadRawWithoutAllocating(br *bufio.Reader) error
ReadRawWithoutAllocating initializes k with bytes read from br. The reading is done ~4x slower than io.ReadFull, but in exchange is allocation-free.
func (NodePublic) Shard ¶ added in v1.26.0
func (p NodePublic) Shard() uint8
Shard returns a uint8 number from a public key with mostly-uniform distribution, suitable for sharding.
func (NodePublic) ShortString ¶ added in v1.18.0
func (k NodePublic) ShortString() string
ShortString returns the Tailscale conventional debug representation of a public key: the first five base64 digits of the key, in square brackets.
func (NodePublic) String ¶ added in v1.18.0
func (k NodePublic) String() string
String returns the output of MarshalText as a string.
func (*NodePublic) UnmarshalBinary ¶ added in v1.30.0
func (k *NodePublic) UnmarshalBinary(in []byte) error
UnmarshalBinary implements encoding.BinaryUnmarshaler.
func (*NodePublic) UnmarshalText ¶ added in v1.18.0
func (k *NodePublic) UnmarshalText(b []byte) error
MarshalText implements encoding.TextUnmarshaler.
func (NodePublic) UntypedHexString
deprecated
added in
v1.18.0
func (k NodePublic) UntypedHexString() string
UntypedHexString returns k, encoded as an untyped 64-character hex string.
Deprecated: this function is risky to use, because it produces serialized values that do not identify themselves as a NodePublic, allowing other code to potentially parse it back in as the wrong key type. For new uses that don't require backwards compatibility with the untyped string format, please use MarshalText/UnmarshalText.
func (NodePublic) WireGuardGoString ¶ added in v1.18.0
func (k NodePublic) WireGuardGoString() string
WireGuardGoString prints k in the same format used by wireguard-go.
func (NodePublic) WriteRawWithoutAllocating ¶ added in v1.18.0
func (k NodePublic) WriteRawWithoutAllocating(bw *bufio.Writer) error
WriteRawWithoutAllocating writes out k as 32 bytes to bw. The writing is done ~3x slower than bw.Write, but in exchange is allocation-free.