key

package
v1.34.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 5, 2022 License: BSD-3-Clause Imports: 16 Imported by: 149

Documentation

Index

Constants

View Source
const (

	// DiscoPublicRawLen is the length in bytes of a DiscoPublic, when
	// serialized with AppendTo, Raw32 or WriteRawWithoutAllocating.
	DiscoPublicRawLen = 32
)
View Source
const (

	// NodePublicRawLen is the length in bytes of a NodePublic, when
	// serialized with AppendTo, Raw32 or WriteRawWithoutAllocating.
	NodePublicRawLen = 32
)

Variables

This section is empty.

Functions

This section is empty.

Types

type ChallengePrivate added in v1.34.0

type ChallengePrivate struct {
	// contains filtered or unexported fields
}

ChallengePrivate is a challenge key, used to test whether clients control a key they want to prove ownership of.

A ChallengePrivate is ephemeral and not serialized to the disk or network.

func NewChallenge added in v1.34.0

func NewChallenge() ChallengePrivate

NewChallenge creates and returns a new node private key.

func (ChallengePrivate) MarshalText added in v1.34.0

func (k ChallengePrivate) MarshalText() ([]byte, error)

MarshalText implements encoding.TextMarshaler, but by returning an error. It shouldn't need to be marshalled anywhere.

func (ChallengePrivate) OpenFrom added in v1.34.0

func (k ChallengePrivate) OpenFrom(p NodePublic, ciphertext []byte) (cleartext []byte, ok bool)

OpenFrom opens the NaCl box ciphertext, which must be a value created by NodePrivate.SealToChallenge, and returns the inner cleartext if ciphertext is a valid box from p to k.

func (ChallengePrivate) Public added in v1.34.0

func (k ChallengePrivate) Public() ChallengePublic

Public returns the ChallengePublic for k. Panics if ChallengePublic is zero.

type ChallengePublic added in v1.34.0

type ChallengePublic struct {
	// contains filtered or unexported fields
}

ChallengePublic is the public portion of a ChallengePrivate.

func (ChallengePublic) IsZero added in v1.34.0

func (k ChallengePublic) IsZero() bool

IsZero reports whether k is the zero value.

func (ChallengePublic) MarshalText added in v1.34.0

func (k ChallengePublic) MarshalText() ([]byte, error)

MarshalText implements encoding.TextMarshaler.

func (ChallengePublic) String added in v1.34.0

func (k ChallengePublic) String() string

String returns the output of MarshalText as a string.

func (*ChallengePublic) UnmarshalText added in v1.34.0

func (k *ChallengePublic) UnmarshalText(b []byte) error

UnmarshalText implements encoding.TextUnmarshaler.

type ControlPrivate deprecated added in v1.16.0

type ControlPrivate struct {
	// contains filtered or unexported fields
}

ControlPrivate is a Tailscale control plane private key.

It is functionally equivalent to a MachinePrivate, but serializes to JSON as a byte array rather than a typed string, because our control plane database stores the key that way.

Deprecated: this type should only be used in Tailscale's control plane, where existing database serializations require this less-good serialization format to persist. Other control plane implementations can use MachinePrivate with no downsides.

func NewControl added in v1.16.0

func NewControl() ControlPrivate

NewControl generates and returns a new control plane private key.

func (ControlPrivate) IsZero added in v1.16.0

func (k ControlPrivate) IsZero() bool

IsZero reports whether k is the zero value.

func (ControlPrivate) MarshalJSON added in v1.16.0

func (k ControlPrivate) MarshalJSON() ([]byte, error)

MarshalJSON implements json.Marshaler.

func (ControlPrivate) OpenFrom added in v1.16.0

func (k ControlPrivate) OpenFrom(p MachinePublic, ciphertext []byte) (cleartext []byte, ok bool)

OpenFrom opens the NaCl box ciphertext, which must be a value created by SealTo, and returns the inner cleartext if ciphertext is a valid box from p to k.

func (ControlPrivate) Public added in v1.16.0

func (k ControlPrivate) Public() MachinePublic

Public returns the MachinePublic for k. Panics if ControlPrivate is zero.

func (ControlPrivate) SealTo added in v1.16.0

func (k ControlPrivate) SealTo(p MachinePublic, cleartext []byte) (ciphertext []byte)

SealTo wraps cleartext into a NaCl box (see golang.org/x/crypto/nacl) to p, authenticated from k, using a random nonce.

The returned ciphertext is a 24-byte nonce concatenated with the box value.

func (ControlPrivate) SharedKey added in v1.30.0

SharedKey returns the precomputed Nacl box shared key between k and p.

func (*ControlPrivate) UnmarshalJSON added in v1.16.0

func (k *ControlPrivate) UnmarshalJSON(bs []byte) error

UnmarshalJSON implements json.Unmarshaler.

type DiscoPrivate added in v1.18.0

type DiscoPrivate struct {
	// contains filtered or unexported fields
}

DiscoPrivate is a disco key, used for peer-to-peer path discovery.

func NewDisco added in v1.18.0

func NewDisco() DiscoPrivate

NewDisco creates and returns a new disco private key.

func (DiscoPrivate) Equal added in v1.18.0

func (k DiscoPrivate) Equal(other DiscoPrivate) bool

Equal reports whether k and other are the same key.

func (DiscoPrivate) IsZero added in v1.18.0

func (k DiscoPrivate) IsZero() bool

IsZero reports whether k is the zero value.

func (DiscoPrivate) Public added in v1.18.0

func (k DiscoPrivate) Public() DiscoPublic

Public returns the DiscoPublic for k. Panics if DiscoPrivate is zero.

func (DiscoPrivate) Shared added in v1.18.0

func (k DiscoPrivate) Shared(p DiscoPublic) DiscoShared

Shared returns the DiscoShared for communication between k and p.

type DiscoPublic added in v1.18.0

type DiscoPublic struct {
	// contains filtered or unexported fields
}

DiscoPublic is the public portion of a DiscoPrivate.

func DiscoPublicFromRaw32 added in v1.18.0

func DiscoPublicFromRaw32(raw mem.RO) DiscoPublic

DiscoPublicFromRaw32 parses a 32-byte raw value as a DiscoPublic.

This should be used only when deserializing a DiscoPublic from a binary protocol.

func (DiscoPublic) AppendTo added in v1.18.0

func (k DiscoPublic) AppendTo(buf []byte) []byte

AppendTo appends k, serialized as a 32-byte binary value, to buf. Returns the new slice.

func (DiscoPublic) IsZero added in v1.18.0

func (k DiscoPublic) IsZero() bool

IsZero reports whether k is the zero value.

func (DiscoPublic) MarshalText added in v1.18.0

func (k DiscoPublic) MarshalText() ([]byte, error)

MarshalText implements encoding.TextMarshaler.

func (DiscoPublic) Raw32 deprecated added in v1.18.0

func (k DiscoPublic) Raw32() [32]byte

Raw32 returns k encoded as 32 raw bytes.

Deprecated: only needed for a temporary compat shim in tailcfg, do not add more uses.

func (DiscoPublic) ShortString added in v1.18.0

func (k DiscoPublic) ShortString() string

ShortString returns the Tailscale conventional debug representation of a disco key.

func (DiscoPublic) String added in v1.18.0

func (k DiscoPublic) String() string

String returns the output of MarshalText as a string.

func (*DiscoPublic) UnmarshalText added in v1.18.0

func (k *DiscoPublic) UnmarshalText(b []byte) error

MarshalText implements encoding.TextUnmarshaler.

type DiscoShared added in v1.18.0

type DiscoShared struct {
	// contains filtered or unexported fields
}

func (DiscoShared) Equal added in v1.18.0

func (k DiscoShared) Equal(other DiscoShared) bool

Equal reports whether k and other are the same key.

func (DiscoShared) IsZero added in v1.18.0

func (k DiscoShared) IsZero() bool

func (DiscoShared) Open added in v1.18.0

func (k DiscoShared) Open(ciphertext []byte) (cleartext []byte, ok bool)

Open opens the NaCl box ciphertext, which must be a value created by Seal, and returns the inner cleartext if ciphertext is a valid box using shared secret k.

func (DiscoShared) Seal added in v1.18.0

func (k DiscoShared) Seal(cleartext []byte) (ciphertext []byte)

Seal wraps cleartext into a NaCl box (see golang.org/x/crypto/nacl), using k as the shared secret and a random nonce.

type MachinePrecomputedSharedKey added in v1.30.0

type MachinePrecomputedSharedKey struct {
	// contains filtered or unexported fields
}

MachinePrecomputedSharedKey is a precomputed shared NaCl box shared key.

func (MachinePrecomputedSharedKey) Open added in v1.30.0

func (k MachinePrecomputedSharedKey) Open(ciphertext []byte) (cleartext []byte, ok bool)

Open opens the NaCl box ciphertext, which must be a value created by MachinePrecomputedSharedKey.Seal or MachinePrivate.SealTo, and returns the inner cleartext if ciphertext is a valid box for the shared key k.

func (MachinePrecomputedSharedKey) Seal added in v1.30.0

func (k MachinePrecomputedSharedKey) Seal(cleartext []byte) (ciphertext []byte)

Seal wraps cleartext into a NaCl box (see golang.org/x/crypto/nacl) using the shared key k as generated by MachinePrivate.SharedKey.

The returned ciphertext is a 24-byte nonce concatenated with the box value.

type MachinePrivate added in v1.16.0

type MachinePrivate struct {
	// contains filtered or unexported fields
}

MachinePrivate is a machine key, used for communication with the Tailscale coordination server.

func NewMachine added in v1.16.0

func NewMachine() MachinePrivate

NewMachine creates and returns a new machine private key.

func (MachinePrivate) Equal added in v1.16.0

func (k MachinePrivate) Equal(other MachinePrivate) bool

Equal reports whether k and other are the same key.

func (MachinePrivate) IsZero added in v1.16.0

func (k MachinePrivate) IsZero() bool

IsZero reports whether k is the zero value.

func (MachinePrivate) MarshalText added in v1.16.0

func (k MachinePrivate) MarshalText() ([]byte, error)

MarshalText implements encoding.TextMarshaler.

func (MachinePrivate) OpenFrom added in v1.16.0

func (k MachinePrivate) OpenFrom(p MachinePublic, ciphertext []byte) (cleartext []byte, ok bool)

OpenFrom opens the NaCl box ciphertext, which must be a value created by SealTo, and returns the inner cleartext if ciphertext is a valid box from p to k.

func (MachinePrivate) Public added in v1.16.0

func (k MachinePrivate) Public() MachinePublic

Public returns the MachinePublic for k. Panics if MachinePrivate is zero.

func (MachinePrivate) SealTo added in v1.16.0

func (k MachinePrivate) SealTo(p MachinePublic, cleartext []byte) (ciphertext []byte)

SealTo wraps cleartext into a NaCl box (see golang.org/x/crypto/nacl) to p, authenticated from k, using a random nonce.

The returned ciphertext is a 24-byte nonce concatenated with the box value.

func (MachinePrivate) SharedKey added in v1.30.0

SharedKey returns the precomputed Nacl box shared key between k and p.

func (*MachinePrivate) UnmarshalText added in v1.16.0

func (k *MachinePrivate) UnmarshalText(b []byte) error

MarshalText implements encoding.TextUnmarshaler.

func (MachinePrivate) UntypedBytes deprecated added in v1.18.0

func (k MachinePrivate) UntypedBytes() []byte

UntypedBytes returns k, encoded as an untyped 64-character hex string.

Deprecated: this function is risky to use, because it produces serialized values that do not identify themselves as a MachinePrivate, allowing other code to potentially parse it back in as the wrong key type. For new uses that don't require this specific raw byte serialization, please use MarshalText/UnmarshalText.

type MachinePublic added in v1.16.0

type MachinePublic struct {
	// contains filtered or unexported fields
}

MachinePublic is the public portion of a a MachinePrivate.

func MachinePublicFromRaw32 added in v1.18.0

func MachinePublicFromRaw32(raw mem.RO) MachinePublic

MachinePublicFromRaw32 parses a 32-byte raw value as a MachinePublic.

This should be used only when deserializing a MachinePublic from a binary protocol.

func ParseMachinePublicUntyped deprecated added in v1.16.0

func ParseMachinePublicUntyped(raw mem.RO) (MachinePublic, error)

ParseMachinePublicUntyped parses an untyped 64-character hex value as a MachinePublic.

Deprecated: this function is risky to use, because it cannot verify that the hex string was intended to be a MachinePublic. This can lead to accidentally decoding one type of key as another. For new uses that don't require backwards compatibility with the untyped string format, please use MarshalText/UnmarshalText.

func (MachinePublic) IsZero added in v1.16.0

func (k MachinePublic) IsZero() bool

IsZero reports whether k is the zero value.

func (MachinePublic) MarshalText added in v1.16.0

func (k MachinePublic) MarshalText() ([]byte, error)

MarshalText implements encoding.TextMarshaler.

func (MachinePublic) ShortString added in v1.16.0

func (k MachinePublic) ShortString() string

ShortString returns the Tailscale conventional debug representation of a public key: the first five base64 digits of the key, in square brackets.

func (MachinePublic) String added in v1.16.0

func (k MachinePublic) String() string

String returns the output of MarshalText as a string.

func (*MachinePublic) UnmarshalText added in v1.16.0

func (k *MachinePublic) UnmarshalText(b []byte) error

MarshalText implements encoding.TextUnmarshaler.

func (MachinePublic) UntypedBytes deprecated added in v1.18.0

func (k MachinePublic) UntypedBytes() []byte

UntypedBytes returns k, encoded as an untyped 64-character hex string.

Deprecated: this function is risky to use, because it produces serialized values that do not identify themselves as a MachinePublic, allowing other code to potentially parse it back in as the wrong key type. For new uses that don't require this specific raw byte serialization, please use MarshalText/UnmarshalText.

func (MachinePublic) UntypedHexString deprecated added in v1.16.0

func (k MachinePublic) UntypedHexString() string

UntypedHexString returns k, encoded as an untyped 64-character hex string.

Deprecated: this function is risky to use, because it produces serialized values that do not identify themselves as a MachinePublic, allowing other code to potentially parse it back in as the wrong key type. For new uses that don't require backwards compatibility with the untyped string format, please use MarshalText/UnmarshalText.

type NLPrivate added in v1.30.0

type NLPrivate struct {
	// contains filtered or unexported fields
}

NLPrivate is a node-managed network-lock key, used for signing node-key signatures and authority update messages.

func NewNLPrivate added in v1.30.0

func NewNLPrivate() NLPrivate

NewNLPrivate creates and returns a new network-lock key.

func (NLPrivate) Equal added in v1.34.0

func (k NLPrivate) Equal(other NLPrivate) bool

Equal reports whether k and other are the same key.

func (NLPrivate) IsZero added in v1.30.0

func (k NLPrivate) IsZero() bool

IsZero reports whether k is the zero value.

func (NLPrivate) KeyID added in v1.30.0

func (k NLPrivate) KeyID() tkatype.KeyID

KeyID returns an identifier for this key.

func (NLPrivate) MarshalText added in v1.30.0

func (k NLPrivate) MarshalText() ([]byte, error)

MarshalText implements encoding.TextMarshaler.

func (NLPrivate) Public added in v1.30.0

func (k NLPrivate) Public() NLPublic

Public returns the public component of this key.

func (NLPrivate) SignAUM added in v1.30.0

func (k NLPrivate) SignAUM(sigHash tkatype.AUMSigHash) ([]tkatype.Signature, error)

SignAUM implements tka.Signer.

func (NLPrivate) SignNKS added in v1.30.0

func (k NLPrivate) SignNKS(sigHash tkatype.NKSSigHash) ([]byte, error)

SignNKS signs the tka.NodeKeySignature identified by sigHash.

func (*NLPrivate) UnmarshalText added in v1.30.0

func (k *NLPrivate) UnmarshalText(b []byte) error

MarshalText implements encoding.TextUnmarshaler.

type NLPublic added in v1.30.0

type NLPublic struct {
	// contains filtered or unexported fields
}

NLPublic is the public portion of a a NLPrivate.

func NLPublicFromEd25519Unsafe added in v1.34.0

func NLPublicFromEd25519Unsafe(public ed25519.PublicKey) NLPublic

NLPublicFromEd25519Unsafe converts an ed25519 public key into a type of NLPublic.

New uses of this function should be avoided, as its possible to accidentally construct an NLPublic from a non network-lock key.

func (NLPublic) CLIString added in v1.34.0

func (k NLPublic) CLIString() string

CLIString returns a marshalled representation suitable for use with tailnet lock commands, of the form tlpub:<hex> instead of the nlpub:<hex> form emitted by MarshalText. Both forms can be decoded by UnmarshalText.

func (NLPublic) Equal added in v1.30.0

func (k NLPublic) Equal(other NLPublic) bool

Equal reports whether k and other are the same key.

func (NLPublic) IsZero added in v1.30.0

func (k NLPublic) IsZero() bool

IsZero reports whether k is the zero value.

func (NLPublic) KeyID added in v1.34.0

func (k NLPublic) KeyID() tkatype.KeyID

KeyID returns a tkatype.KeyID that can be used with a tka.Authority.

func (NLPublic) MarshalText added in v1.30.0

func (k NLPublic) MarshalText() ([]byte, error)

MarshalText implements encoding.TextMarshaler, emitting a representation of the form nlpub:<hex>.

func (*NLPublic) UnmarshalText added in v1.30.0

func (k *NLPublic) UnmarshalText(b []byte) error

UnmarshalText implements encoding.TextUnmarshaler. This function is able to decode both the CLI form (tlpub:<hex>) & the regular form (nlpub:<hex>).

func (NLPublic) Verifier added in v1.30.0

func (k NLPublic) Verifier() ed25519.PublicKey

Verifier returns a ed25519.PublicKey that can be used to verify signatures.

type NodePrivate added in v1.18.0

type NodePrivate struct {
	// contains filtered or unexported fields
}

NodePrivate is a node key, used for WireGuard tunnels and communication with DERP servers.

func NewNode added in v1.18.0

func NewNode() NodePrivate

NewNode creates and returns a new node private key.

func NodePrivateFromRaw32 deprecated added in v1.18.0

func NodePrivateFromRaw32(raw mem.RO) NodePrivate

NodePrivateFromRaw32 parses a 32-byte raw value as a NodePrivate.

Deprecated: only needed to cast from legacy node private key types, do not add more uses unrelated to #3206.

func ParseNodePrivateUntyped added in v1.18.0

func ParseNodePrivateUntyped(raw mem.RO) (NodePrivate, error)

func (NodePrivate) Equal added in v1.18.0

func (k NodePrivate) Equal(other NodePrivate) bool

Equal reports whether k and other are the same key.

func (NodePrivate) IsZero added in v1.18.0

func (k NodePrivate) IsZero() bool

IsZero reports whether k is the zero value.

func (NodePrivate) MarshalText added in v1.18.0

func (k NodePrivate) MarshalText() ([]byte, error)

MarshalText implements encoding.TextMarshaler.

func (NodePrivate) OpenFrom added in v1.18.0

func (k NodePrivate) OpenFrom(p NodePublic, ciphertext []byte) (cleartext []byte, ok bool)

OpenFrom opens the NaCl box ciphertext, which must be a value created by SealTo, and returns the inner cleartext if ciphertext is a valid box from p to k.

func (NodePrivate) Public added in v1.18.0

func (k NodePrivate) Public() NodePublic

Public returns the NodePublic for k. Panics if NodePrivate is zero.

func (NodePrivate) SealTo added in v1.18.0

func (k NodePrivate) SealTo(p NodePublic, cleartext []byte) (ciphertext []byte)

SealTo wraps cleartext into a NaCl box (see golang.org/x/crypto/nacl) to p, authenticated from k, using a random nonce.

The returned ciphertext is a 24-byte nonce concatenated with the box value.

func (NodePrivate) SealToChallenge added in v1.34.0

func (k NodePrivate) SealToChallenge(p ChallengePublic, cleartext []byte) (ciphertext []byte)

SealToChallenge is like SealTo, but for a ChallengePublic.

func (*NodePrivate) UnmarshalText added in v1.18.0

func (k *NodePrivate) UnmarshalText(b []byte) error

MarshalText implements encoding.TextUnmarshaler.

func (NodePrivate) UntypedHexString added in v1.18.0

func (k NodePrivate) UntypedHexString() string

type NodePublic added in v1.18.0

type NodePublic struct {
	// contains filtered or unexported fields
}

NodePublic is the public portion of a NodePrivate.

func NodePublicFromRaw32 added in v1.18.0

func NodePublicFromRaw32(raw mem.RO) NodePublic

NodePublicFromRaw32 parses a 32-byte raw value as a NodePublic.

This should be used only when deserializing a NodePublic from a binary protocol.

func ParseNodePublicUntyped deprecated added in v1.18.0

func ParseNodePublicUntyped(raw mem.RO) (NodePublic, error)

ParseNodePublicUntyped parses an untyped 64-character hex value as a NodePublic.

Deprecated: this function is risky to use, because it cannot verify that the hex string was intended to be a NodePublic. This can lead to accidentally decoding one type of key as another. For new uses that don't require backwards compatibility with the untyped string format, please use MarshalText/UnmarshalText.

func (NodePublic) AppendTo added in v1.18.0

func (k NodePublic) AppendTo(buf []byte) []byte

AppendTo appends k, serialized as a 32-byte binary value, to buf. Returns the new slice.

func (NodePublic) IsZero added in v1.18.0

func (k NodePublic) IsZero() bool

IsZero reports whether k is the zero value.

func (NodePublic) Less added in v1.18.0

func (k NodePublic) Less(other NodePublic) bool

Less reports whether k orders before other, using an undocumented deterministic ordering.

func (NodePublic) MarshalBinary added in v1.30.0

func (k NodePublic) MarshalBinary() (data []byte, err error)

MarshalBinary implements encoding.BinaryMarshaler.

func (NodePublic) MarshalText added in v1.18.0

func (k NodePublic) MarshalText() ([]byte, error)

MarshalText implements encoding.TextMarshaler.

func (NodePublic) Raw32 deprecated added in v1.18.0

func (k NodePublic) Raw32() [32]byte

Raw32 returns k encoded as 32 raw bytes.

Deprecated: only needed for a single legacy use in the control server, don't add more uses.

func (*NodePublic) ReadRawWithoutAllocating added in v1.18.0

func (k *NodePublic) ReadRawWithoutAllocating(br *bufio.Reader) error

ReadRawWithoutAllocating initializes k with bytes read from br. The reading is done ~4x slower than io.ReadFull, but in exchange is allocation-free.

func (NodePublic) Shard added in v1.26.0

func (p NodePublic) Shard() uint8

Shard returns a uint8 number from a public key with mostly-uniform distribution, suitable for sharding.

func (NodePublic) ShortString added in v1.18.0

func (k NodePublic) ShortString() string

ShortString returns the Tailscale conventional debug representation of a public key: the first five base64 digits of the key, in square brackets.

func (NodePublic) String added in v1.18.0

func (k NodePublic) String() string

String returns the output of MarshalText as a string.

func (*NodePublic) UnmarshalBinary added in v1.30.0

func (k *NodePublic) UnmarshalBinary(in []byte) error

UnmarshalBinary implements encoding.BinaryUnmarshaler.

func (*NodePublic) UnmarshalText added in v1.18.0

func (k *NodePublic) UnmarshalText(b []byte) error

MarshalText implements encoding.TextUnmarshaler.

func (NodePublic) UntypedHexString deprecated added in v1.18.0

func (k NodePublic) UntypedHexString() string

UntypedHexString returns k, encoded as an untyped 64-character hex string.

Deprecated: this function is risky to use, because it produces serialized values that do not identify themselves as a NodePublic, allowing other code to potentially parse it back in as the wrong key type. For new uses that don't require backwards compatibility with the untyped string format, please use MarshalText/UnmarshalText.

func (NodePublic) WireGuardGoString added in v1.18.0

func (k NodePublic) WireGuardGoString() string

WireGuardGoString prints k in the same format used by wireguard-go.

func (NodePublic) WriteRawWithoutAllocating added in v1.18.0

func (k NodePublic) WriteRawWithoutAllocating(bw *bufio.Writer) error

WriteRawWithoutAllocating writes out k as 32 bytes to bw. The writing is done ~3x slower than bw.Write, but in exchange is allocation-free.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL