Documentation ¶
Index ¶
- Constants
- type ChallengePrivate
- type ChallengePublic
- type ControlPrivatedeprecated
- func (k ControlPrivate) IsZero() bool
- func (k ControlPrivate) MarshalJSON() ([]byte, error)
- func (k ControlPrivate) OpenFrom(p MachinePublic, ciphertext []byte) (cleartext []byte, ok bool)
- func (k ControlPrivate) Public() MachinePublic
- func (k ControlPrivate) SealTo(p MachinePublic, cleartext []byte) (ciphertext []byte)
- func (k ControlPrivate) SharedKey(p MachinePublic) MachinePrecomputedSharedKey
- func (k *ControlPrivate) UnmarshalJSON(bs []byte) error
- type DiscoPrivate
- type DiscoPublic
- func (k DiscoPublic) AppendText(b []byte) ([]byte, error)
- func (k DiscoPublic) AppendTo(buf []byte) []byte
- func (k DiscoPublic) IsZero() bool
- func (k DiscoPublic) MarshalText() ([]byte, error)
- func (k DiscoPublic) Raw32() [32]bytedeprecated
- func (k DiscoPublic) ShortString() string
- func (k DiscoPublic) String() string
- func (k *DiscoPublic) UnmarshalText(b []byte) error
- type DiscoShared
- type MachinePrecomputedSharedKey
- type MachinePrivate
- func (k MachinePrivate) AppendText(b []byte) ([]byte, error)
- func (k MachinePrivate) Equal(other MachinePrivate) bool
- func (k MachinePrivate) IsZero() bool
- func (k MachinePrivate) MarshalText() ([]byte, error)
- func (k MachinePrivate) OpenFrom(p MachinePublic, ciphertext []byte) (cleartext []byte, ok bool)
- func (k MachinePrivate) Public() MachinePublic
- func (k MachinePrivate) SealTo(p MachinePublic, cleartext []byte) (ciphertext []byte)
- func (k MachinePrivate) SharedKey(p MachinePublic) MachinePrecomputedSharedKey
- func (k *MachinePrivate) UnmarshalText(b []byte) error
- func (k MachinePrivate) UntypedBytes() []bytedeprecated
- type MachinePublic
- func (k MachinePublic) AppendText(b []byte) ([]byte, error)
- func (k MachinePublic) IsZero() bool
- func (k MachinePublic) MarshalText() ([]byte, error)
- func (k MachinePublic) ShortString() string
- func (k MachinePublic) String() string
- func (k *MachinePublic) UnmarshalText(b []byte) error
- func (k MachinePublic) UntypedBytes() []bytedeprecated
- func (k MachinePublic) UntypedHexString() stringdeprecated
- type NLPrivate
- func (k NLPrivate) AppendText(b []byte) ([]byte, error)
- func (k NLPrivate) Equal(other NLPrivate) bool
- func (k NLPrivate) IsZero() bool
- func (k NLPrivate) KeyID() tkatype.KeyID
- func (k NLPrivate) MarshalText() ([]byte, error)
- func (k NLPrivate) Public() NLPublic
- func (k NLPrivate) SignAUM(sigHash tkatype.AUMSigHash) ([]tkatype.Signature, error)
- func (k NLPrivate) SignNKS(sigHash tkatype.NKSSigHash) ([]byte, error)
- func (k *NLPrivate) UnmarshalText(b []byte) error
- type NLPublic
- func (k NLPublic) AppendText(b []byte) ([]byte, error)
- func (k NLPublic) CLIString() string
- func (k NLPublic) Equal(other NLPublic) bool
- func (k NLPublic) IsZero() bool
- func (k NLPublic) KeyID() tkatype.KeyID
- func (k NLPublic) MarshalText() ([]byte, error)
- func (k *NLPublic) UnmarshalText(b []byte) error
- func (k NLPublic) Verifier() ed25519.PublicKey
- type NodePrivate
- func (k NodePrivate) AppendText(b []byte) ([]byte, error)
- func (k NodePrivate) Equal(other NodePrivate) bool
- func (k NodePrivate) IsZero() bool
- func (k NodePrivate) MarshalText() ([]byte, error)
- func (k NodePrivate) OpenFrom(p NodePublic, ciphertext []byte) (cleartext []byte, ok bool)
- func (k NodePrivate) Public() NodePublic
- func (k NodePrivate) SealTo(p NodePublic, cleartext []byte) (ciphertext []byte)
- func (k NodePrivate) SealToChallenge(p ChallengePublic, cleartext []byte) (ciphertext []byte)
- func (k *NodePrivate) UnmarshalText(b []byte) error
- func (k NodePrivate) UntypedHexString() string
- type NodePublic
- func (k NodePublic) AppendText(b []byte) ([]byte, error)
- func (k NodePublic) AppendTo(buf []byte) []byte
- func (p NodePublic) Compare(p2 NodePublic) int
- func (k NodePublic) IsZero() bool
- func (k NodePublic) Less(other NodePublic) bool
- func (k NodePublic) MarshalBinary() (data []byte, err error)
- func (k NodePublic) MarshalText() ([]byte, error)
- func (k NodePublic) Raw32() [32]bytedeprecated
- func (k *NodePublic) ReadRawWithoutAllocating(br *bufio.Reader) error
- func (p NodePublic) Shard() uint8
- func (k NodePublic) ShortString() string
- func (k NodePublic) String() string
- func (k *NodePublic) UnmarshalBinary(in []byte) error
- func (k *NodePublic) UnmarshalText(b []byte) error
- func (k NodePublic) UntypedHexString() stringdeprecated
- func (k NodePublic) WireGuardGoString() string
- func (k NodePublic) WriteRawWithoutAllocating(bw *bufio.Writer) error
Constants ¶
const ( // DiscoPublicRawLen is the length in bytes of a DiscoPublic, when // serialized with AppendTo, Raw32 or WriteRawWithoutAllocating. DiscoPublicRawLen = 32 )
const ( // NodePublicRawLen is the length in bytes of a NodePublic, when // serialized with AppendTo, Raw32 or WriteRawWithoutAllocating. NodePublicRawLen = 32 )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ChallengePrivate ¶ added in v1.34.0
type ChallengePrivate struct {
// contains filtered or unexported fields
}
ChallengePrivate is a challenge key, used to test whether clients control a key they want to prove ownership of.
A ChallengePrivate is ephemeral and not serialized to the disk or network.
func NewChallenge ¶ added in v1.34.0
func NewChallenge() ChallengePrivate
NewChallenge creates and returns a new node private key.
func (ChallengePrivate) MarshalText ¶ added in v1.34.0
func (k ChallengePrivate) MarshalText() ([]byte, error)
MarshalText implements encoding.TextMarshaler, but by returning an error. It shouldn't need to be marshalled anywhere.
func (ChallengePrivate) OpenFrom ¶ added in v1.34.0
func (k ChallengePrivate) OpenFrom(p NodePublic, ciphertext []byte) (cleartext []byte, ok bool)
OpenFrom opens the NaCl box ciphertext, which must be a value created by NodePrivate.SealToChallenge, and returns the inner cleartext if ciphertext is a valid box from p to k.
func (ChallengePrivate) Public ¶ added in v1.34.0
func (k ChallengePrivate) Public() ChallengePublic
Public returns the ChallengePublic for k. Panics if ChallengePublic is zero.
type ChallengePublic ¶ added in v1.34.0
type ChallengePublic struct {
// contains filtered or unexported fields
}
ChallengePublic is the public portion of a ChallengePrivate.
func (ChallengePublic) AppendText ¶ added in v1.50.0
func (k ChallengePublic) AppendText(b []byte) ([]byte, error)
AppendText implements encoding.TextAppender.
func (ChallengePublic) IsZero ¶ added in v1.34.0
func (k ChallengePublic) IsZero() bool
IsZero reports whether k is the zero value.
func (ChallengePublic) MarshalText ¶ added in v1.34.0
func (k ChallengePublic) MarshalText() ([]byte, error)
MarshalText implements encoding.TextMarshaler.
func (ChallengePublic) String ¶ added in v1.34.0
func (k ChallengePublic) String() string
String returns the output of MarshalText as a string.
func (*ChallengePublic) UnmarshalText ¶ added in v1.34.0
func (k *ChallengePublic) UnmarshalText(b []byte) error
UnmarshalText implements encoding.TextUnmarshaler.
type ControlPrivate
deprecated
added in
v1.16.0
type ControlPrivate struct {
// contains filtered or unexported fields
}
ControlPrivate is a Tailscale control plane private key.
It is functionally equivalent to a MachinePrivate, but serializes to JSON as a byte array rather than a typed string, because our control plane database stores the key that way.
Deprecated: this type should only be used in Tailscale's control plane, where existing database serializations require this less-good serialization format to persist. Other control plane implementations can use MachinePrivate with no downsides.
func NewControl ¶ added in v1.16.0
func NewControl() ControlPrivate
NewControl generates and returns a new control plane private key.
func (ControlPrivate) IsZero ¶ added in v1.16.0
func (k ControlPrivate) IsZero() bool
IsZero reports whether k is the zero value.
func (ControlPrivate) MarshalJSON ¶ added in v1.16.0
func (k ControlPrivate) MarshalJSON() ([]byte, error)
MarshalJSON implements json.Marshaler.
func (ControlPrivate) OpenFrom ¶ added in v1.16.0
func (k ControlPrivate) OpenFrom(p MachinePublic, ciphertext []byte) (cleartext []byte, ok bool)
OpenFrom opens the NaCl box ciphertext, which must be a value created by SealTo, and returns the inner cleartext if ciphertext is a valid box from p to k.
func (ControlPrivate) Public ¶ added in v1.16.0
func (k ControlPrivate) Public() MachinePublic
Public returns the MachinePublic for k. Panics if ControlPrivate is zero.
func (ControlPrivate) SealTo ¶ added in v1.16.0
func (k ControlPrivate) SealTo(p MachinePublic, cleartext []byte) (ciphertext []byte)
SealTo wraps cleartext into a NaCl box (see golang.org/x/crypto/nacl) to p, authenticated from k, using a random nonce.
The returned ciphertext is a 24-byte nonce concatenated with the box value.
func (ControlPrivate) SharedKey ¶ added in v1.30.0
func (k ControlPrivate) SharedKey(p MachinePublic) MachinePrecomputedSharedKey
SharedKey returns the precomputed Nacl box shared key between k and p.
func (*ControlPrivate) UnmarshalJSON ¶ added in v1.16.0
func (k *ControlPrivate) UnmarshalJSON(bs []byte) error
UnmarshalJSON implements json.Unmarshaler.
type DiscoPrivate ¶ added in v1.18.0
type DiscoPrivate struct {
// contains filtered or unexported fields
}
DiscoPrivate is a disco key, used for peer-to-peer path discovery.
func NewDisco ¶ added in v1.18.0
func NewDisco() DiscoPrivate
NewDisco creates and returns a new disco private key.
func (DiscoPrivate) Equal ¶ added in v1.18.0
func (k DiscoPrivate) Equal(other DiscoPrivate) bool
Equal reports whether k and other are the same key.
func (DiscoPrivate) IsZero ¶ added in v1.18.0
func (k DiscoPrivate) IsZero() bool
IsZero reports whether k is the zero value.
func (DiscoPrivate) Public ¶ added in v1.18.0
func (k DiscoPrivate) Public() DiscoPublic
Public returns the DiscoPublic for k. Panics if DiscoPrivate is zero.
func (DiscoPrivate) Shared ¶ added in v1.18.0
func (k DiscoPrivate) Shared(p DiscoPublic) DiscoShared
Shared returns the DiscoShared for communication between k and p.
type DiscoPublic ¶ added in v1.18.0
type DiscoPublic struct {
// contains filtered or unexported fields
}
DiscoPublic is the public portion of a DiscoPrivate.
func DiscoPublicFromRaw32 ¶ added in v1.18.0
func DiscoPublicFromRaw32(raw mem.RO) DiscoPublic
DiscoPublicFromRaw32 parses a 32-byte raw value as a DiscoPublic.
This should be used only when deserializing a DiscoPublic from a binary protocol.
func (DiscoPublic) AppendText ¶ added in v1.50.0
func (k DiscoPublic) AppendText(b []byte) ([]byte, error)
AppendText implements encoding.TextAppender.
func (DiscoPublic) AppendTo ¶ added in v1.18.0
func (k DiscoPublic) AppendTo(buf []byte) []byte
AppendTo appends k, serialized as a 32-byte binary value, to buf. Returns the new slice.
func (DiscoPublic) IsZero ¶ added in v1.18.0
func (k DiscoPublic) IsZero() bool
IsZero reports whether k is the zero value.
func (DiscoPublic) MarshalText ¶ added in v1.18.0
func (k DiscoPublic) MarshalText() ([]byte, error)
MarshalText implements encoding.TextMarshaler.
func (DiscoPublic) Raw32
deprecated
added in
v1.18.0
func (k DiscoPublic) Raw32() [32]byte
Raw32 returns k encoded as 32 raw bytes.
Deprecated: only needed for a temporary compat shim in tailcfg, do not add more uses.
func (DiscoPublic) ShortString ¶ added in v1.18.0
func (k DiscoPublic) ShortString() string
ShortString returns the Tailscale conventional debug representation of a disco key.
func (DiscoPublic) String ¶ added in v1.18.0
func (k DiscoPublic) String() string
String returns the output of MarshalText as a string.
func (*DiscoPublic) UnmarshalText ¶ added in v1.18.0
func (k *DiscoPublic) UnmarshalText(b []byte) error
MarshalText implements encoding.TextUnmarshaler.
type DiscoShared ¶ added in v1.18.0
type DiscoShared struct {
// contains filtered or unexported fields
}
func (DiscoShared) Equal ¶ added in v1.18.0
func (k DiscoShared) Equal(other DiscoShared) bool
Equal reports whether k and other are the same key.
func (DiscoShared) IsZero ¶ added in v1.18.0
func (k DiscoShared) IsZero() bool
func (DiscoShared) Open ¶ added in v1.18.0
func (k DiscoShared) Open(ciphertext []byte) (cleartext []byte, ok bool)
Open opens the NaCl box ciphertext, which must be a value created by Seal, and returns the inner cleartext if ciphertext is a valid box using shared secret k.
func (DiscoShared) Seal ¶ added in v1.18.0
func (k DiscoShared) Seal(cleartext []byte) (ciphertext []byte)
Seal wraps cleartext into a NaCl box (see golang.org/x/crypto/nacl), using k as the shared secret and a random nonce.
type MachinePrecomputedSharedKey ¶ added in v1.30.0
type MachinePrecomputedSharedKey struct {
// contains filtered or unexported fields
}
MachinePrecomputedSharedKey is a precomputed shared NaCl box shared key.
func (MachinePrecomputedSharedKey) Open ¶ added in v1.30.0
func (k MachinePrecomputedSharedKey) Open(ciphertext []byte) (cleartext []byte, ok bool)
Open opens the NaCl box ciphertext, which must be a value created by MachinePrecomputedSharedKey.Seal or MachinePrivate.SealTo, and returns the inner cleartext if ciphertext is a valid box for the shared key k.
func (MachinePrecomputedSharedKey) Seal ¶ added in v1.30.0
func (k MachinePrecomputedSharedKey) Seal(cleartext []byte) (ciphertext []byte)
Seal wraps cleartext into a NaCl box (see golang.org/x/crypto/nacl) using the shared key k as generated by MachinePrivate.SharedKey.
The returned ciphertext is a 24-byte nonce concatenated with the box value.
type MachinePrivate ¶ added in v1.16.0
type MachinePrivate struct {
// contains filtered or unexported fields
}
MachinePrivate is a machine key, used for communication with the Tailscale coordination server.
func NewMachine ¶ added in v1.16.0
func NewMachine() MachinePrivate
NewMachine creates and returns a new machine private key.
func (MachinePrivate) AppendText ¶ added in v1.50.0
func (k MachinePrivate) AppendText(b []byte) ([]byte, error)
AppendText implements encoding.TextAppender.
func (MachinePrivate) Equal ¶ added in v1.16.0
func (k MachinePrivate) Equal(other MachinePrivate) bool
Equal reports whether k and other are the same key.
func (MachinePrivate) IsZero ¶ added in v1.16.0
func (k MachinePrivate) IsZero() bool
IsZero reports whether k is the zero value.
func (MachinePrivate) MarshalText ¶ added in v1.16.0
func (k MachinePrivate) MarshalText() ([]byte, error)
MarshalText implements encoding.TextMarshaler.
func (MachinePrivate) OpenFrom ¶ added in v1.16.0
func (k MachinePrivate) OpenFrom(p MachinePublic, ciphertext []byte) (cleartext []byte, ok bool)
OpenFrom opens the NaCl box ciphertext, which must be a value created by SealTo, and returns the inner cleartext if ciphertext is a valid box from p to k.
func (MachinePrivate) Public ¶ added in v1.16.0
func (k MachinePrivate) Public() MachinePublic
Public returns the MachinePublic for k. Panics if MachinePrivate is zero.
func (MachinePrivate) SealTo ¶ added in v1.16.0
func (k MachinePrivate) SealTo(p MachinePublic, cleartext []byte) (ciphertext []byte)
SealTo wraps cleartext into a NaCl box (see golang.org/x/crypto/nacl) to p, authenticated from k, using a random nonce.
The returned ciphertext is a 24-byte nonce concatenated with the box value.
func (MachinePrivate) SharedKey ¶ added in v1.30.0
func (k MachinePrivate) SharedKey(p MachinePublic) MachinePrecomputedSharedKey
SharedKey returns the precomputed Nacl box shared key between k and p.
func (*MachinePrivate) UnmarshalText ¶ added in v1.16.0
func (k *MachinePrivate) UnmarshalText(b []byte) error
MarshalText implements encoding.TextUnmarshaler.
func (MachinePrivate) UntypedBytes
deprecated
added in
v1.18.0
func (k MachinePrivate) UntypedBytes() []byte
UntypedBytes returns k, encoded as an untyped 64-character hex string.
Deprecated: this function is risky to use, because it produces serialized values that do not identify themselves as a MachinePrivate, allowing other code to potentially parse it back in as the wrong key type. For new uses that don't require this specific raw byte serialization, please use MarshalText/UnmarshalText.
type MachinePublic ¶ added in v1.16.0
type MachinePublic struct {
// contains filtered or unexported fields
}
MachinePublic is the public portion of a a MachinePrivate.
func MachinePublicFromRaw32 ¶ added in v1.18.0
func MachinePublicFromRaw32(raw mem.RO) MachinePublic
MachinePublicFromRaw32 parses a 32-byte raw value as a MachinePublic.
This should be used only when deserializing a MachinePublic from a binary protocol.
func ParseMachinePublicUntyped
deprecated
added in
v1.16.0
func ParseMachinePublicUntyped(raw mem.RO) (MachinePublic, error)
ParseMachinePublicUntyped parses an untyped 64-character hex value as a MachinePublic.
Deprecated: this function is risky to use, because it cannot verify that the hex string was intended to be a MachinePublic. This can lead to accidentally decoding one type of key as another. For new uses that don't require backwards compatibility with the untyped string format, please use MarshalText/UnmarshalText.
func (MachinePublic) AppendText ¶ added in v1.50.0
func (k MachinePublic) AppendText(b []byte) ([]byte, error)
AppendText implements encoding.TextAppender.
func (MachinePublic) IsZero ¶ added in v1.16.0
func (k MachinePublic) IsZero() bool
IsZero reports whether k is the zero value.
func (MachinePublic) MarshalText ¶ added in v1.16.0
func (k MachinePublic) MarshalText() ([]byte, error)
MarshalText implements encoding.TextMarshaler.
func (MachinePublic) ShortString ¶ added in v1.16.0
func (k MachinePublic) ShortString() string
ShortString returns the Tailscale conventional debug representation of a public key: the first five base64 digits of the key, in square brackets.
func (MachinePublic) String ¶ added in v1.16.0
func (k MachinePublic) String() string
String returns the output of MarshalText as a string.
func (*MachinePublic) UnmarshalText ¶ added in v1.16.0
func (k *MachinePublic) UnmarshalText(b []byte) error
MarshalText implements encoding.TextUnmarshaler.
func (MachinePublic) UntypedBytes
deprecated
added in
v1.18.0
func (k MachinePublic) UntypedBytes() []byte
UntypedBytes returns k, encoded as an untyped 64-character hex string.
Deprecated: this function is risky to use, because it produces serialized values that do not identify themselves as a MachinePublic, allowing other code to potentially parse it back in as the wrong key type. For new uses that don't require this specific raw byte serialization, please use MarshalText/UnmarshalText.
func (MachinePublic) UntypedHexString
deprecated
added in
v1.16.0
func (k MachinePublic) UntypedHexString() string
UntypedHexString returns k, encoded as an untyped 64-character hex string.
Deprecated: this function is risky to use, because it produces serialized values that do not identify themselves as a MachinePublic, allowing other code to potentially parse it back in as the wrong key type. For new uses that don't require backwards compatibility with the untyped string format, please use MarshalText/UnmarshalText.
type NLPrivate ¶ added in v1.30.0
type NLPrivate struct {
// contains filtered or unexported fields
}
NLPrivate is a node-managed network-lock key, used for signing node-key signatures and authority update messages.
func NewNLPrivate ¶ added in v1.30.0
func NewNLPrivate() NLPrivate
NewNLPrivate creates and returns a new network-lock key.
func (NLPrivate) AppendText ¶ added in v1.50.0
AppendText implements encoding.TextAppender.
func (NLPrivate) MarshalText ¶ added in v1.30.0
MarshalText implements encoding.TextMarshaler.
func (NLPrivate) SignNKS ¶ added in v1.30.0
func (k NLPrivate) SignNKS(sigHash tkatype.NKSSigHash) ([]byte, error)
SignNKS signs the tka.NodeKeySignature identified by sigHash.
func (*NLPrivate) UnmarshalText ¶ added in v1.30.0
MarshalText implements encoding.TextUnmarshaler.
type NLPublic ¶ added in v1.30.0
type NLPublic struct {
// contains filtered or unexported fields
}
NLPublic is the public portion of a a NLPrivate.
func NLPublicFromEd25519Unsafe ¶ added in v1.34.0
NLPublicFromEd25519Unsafe converts an ed25519 public key into a type of NLPublic.
New uses of this function should be avoided, as its possible to accidentally construct an NLPublic from a non network-lock key.
func (NLPublic) AppendText ¶ added in v1.50.0
AppendText implements encoding.TextAppender.
func (NLPublic) CLIString ¶ added in v1.34.0
CLIString returns a marshalled representation suitable for use with tailnet lock commands, of the form tlpub:<hex> instead of the nlpub:<hex> form emitted by MarshalText. Both forms can be decoded by UnmarshalText.
func (NLPublic) KeyID ¶ added in v1.34.0
KeyID returns a tkatype.KeyID that can be used with a tka.Authority.
func (NLPublic) MarshalText ¶ added in v1.30.0
MarshalText implements encoding.TextMarshaler, emitting a representation of the form nlpub:<hex>.
func (*NLPublic) UnmarshalText ¶ added in v1.30.0
UnmarshalText implements encoding.TextUnmarshaler. This function is able to decode both the CLI form (tlpub:<hex>) & the regular form (nlpub:<hex>).
type NodePrivate ¶ added in v1.18.0
type NodePrivate struct {
// contains filtered or unexported fields
}
NodePrivate is a node key, used for WireGuard tunnels and communication with DERP servers.
func NewNode ¶ added in v1.18.0
func NewNode() NodePrivate
NewNode creates and returns a new node private key.
func NodePrivateFromRaw32
deprecated
added in
v1.18.0
func NodePrivateFromRaw32(raw mem.RO) NodePrivate
NodePrivateFromRaw32 parses a 32-byte raw value as a NodePrivate.
Deprecated: only needed to cast from legacy node private key types, do not add more uses unrelated to #3206.
func ParseNodePrivateUntyped ¶ added in v1.18.0
func ParseNodePrivateUntyped(raw mem.RO) (NodePrivate, error)
func (NodePrivate) AppendText ¶ added in v1.50.0
func (k NodePrivate) AppendText(b []byte) ([]byte, error)
AppendText implements encoding.TextAppender.
func (NodePrivate) Equal ¶ added in v1.18.0
func (k NodePrivate) Equal(other NodePrivate) bool
Equal reports whether k and other are the same key.
func (NodePrivate) IsZero ¶ added in v1.18.0
func (k NodePrivate) IsZero() bool
IsZero reports whether k is the zero value.
func (NodePrivate) MarshalText ¶ added in v1.18.0
func (k NodePrivate) MarshalText() ([]byte, error)
MarshalText implements encoding.TextMarshaler.
func (NodePrivate) OpenFrom ¶ added in v1.18.0
func (k NodePrivate) OpenFrom(p NodePublic, ciphertext []byte) (cleartext []byte, ok bool)
OpenFrom opens the NaCl box ciphertext, which must be a value created by SealTo, and returns the inner cleartext if ciphertext is a valid box from p to k.
func (NodePrivate) Public ¶ added in v1.18.0
func (k NodePrivate) Public() NodePublic
Public returns the NodePublic for k. Panics if NodePrivate is zero.
func (NodePrivate) SealTo ¶ added in v1.18.0
func (k NodePrivate) SealTo(p NodePublic, cleartext []byte) (ciphertext []byte)
SealTo wraps cleartext into a NaCl box (see golang.org/x/crypto/nacl) to p, authenticated from k, using a random nonce.
The returned ciphertext is a 24-byte nonce concatenated with the box value.
func (NodePrivate) SealToChallenge ¶ added in v1.34.0
func (k NodePrivate) SealToChallenge(p ChallengePublic, cleartext []byte) (ciphertext []byte)
SealToChallenge is like SealTo, but for a ChallengePublic.
func (*NodePrivate) UnmarshalText ¶ added in v1.18.0
func (k *NodePrivate) UnmarshalText(b []byte) error
MarshalText implements encoding.TextUnmarshaler.
func (NodePrivate) UntypedHexString ¶ added in v1.18.0
func (k NodePrivate) UntypedHexString() string
type NodePublic ¶ added in v1.18.0
type NodePublic struct {
// contains filtered or unexported fields
}
NodePublic is the public portion of a NodePrivate.
func NodePublicFromRaw32 ¶ added in v1.18.0
func NodePublicFromRaw32(raw mem.RO) NodePublic
NodePublicFromRaw32 parses a 32-byte raw value as a NodePublic.
This should be used only when deserializing a NodePublic from a binary protocol.
func NodePublicWithBadOldPrefix ¶ added in v1.36.0
func NodePublicWithBadOldPrefix(k NodePublic) NodePublic
NodePublicWithBadOldPrefix returns a copy of k with its leading public key bytes mutated such that it base64's to a ShortString of [bad01] ("bad ol'" [expired node key]).
func ParseNodePublicUntyped
deprecated
added in
v1.18.0
func ParseNodePublicUntyped(raw mem.RO) (NodePublic, error)
ParseNodePublicUntyped parses an untyped 64-character hex value as a NodePublic.
Deprecated: this function is risky to use, because it cannot verify that the hex string was intended to be a NodePublic. This can lead to accidentally decoding one type of key as another. For new uses that don't require backwards compatibility with the untyped string format, please use MarshalText/UnmarshalText.
func (NodePublic) AppendText ¶ added in v1.50.0
func (k NodePublic) AppendText(b []byte) ([]byte, error)
AppendText implements encoding.TextAppender.
func (NodePublic) AppendTo ¶ added in v1.18.0
func (k NodePublic) AppendTo(buf []byte) []byte
AppendTo appends k, serialized as a 32-byte binary value, to buf. Returns the new slice.
func (NodePublic) Compare ¶ added in v1.50.0
func (p NodePublic) Compare(p2 NodePublic) int
Compare returns -1, 0, or 1, depending on whether p orders before p2, using bytes.Compare on the bytes of the public key.
func (NodePublic) IsZero ¶ added in v1.18.0
func (k NodePublic) IsZero() bool
IsZero reports whether k is the zero value.
func (NodePublic) Less ¶ added in v1.18.0
func (k NodePublic) Less(other NodePublic) bool
Less reports whether k orders before other, using an undocumented deterministic ordering.
func (NodePublic) MarshalBinary ¶ added in v1.30.0
func (k NodePublic) MarshalBinary() (data []byte, err error)
MarshalBinary implements encoding.BinaryMarshaler.
func (NodePublic) MarshalText ¶ added in v1.18.0
func (k NodePublic) MarshalText() ([]byte, error)
MarshalText implements encoding.TextMarshaler.
func (NodePublic) Raw32
deprecated
added in
v1.18.0
func (k NodePublic) Raw32() [32]byte
Raw32 returns k encoded as 32 raw bytes.
Deprecated: only needed for a single legacy use in the control server, don't add more uses.
func (*NodePublic) ReadRawWithoutAllocating ¶ added in v1.18.0
func (k *NodePublic) ReadRawWithoutAllocating(br *bufio.Reader) error
ReadRawWithoutAllocating initializes k with bytes read from br. The reading is done ~4x slower than io.ReadFull, but in exchange is allocation-free.
func (NodePublic) Shard ¶ added in v1.26.0
func (p NodePublic) Shard() uint8
Shard returns a uint8 number from a public key with mostly-uniform distribution, suitable for sharding.
func (NodePublic) ShortString ¶ added in v1.18.0
func (k NodePublic) ShortString() string
ShortString returns the Tailscale conventional debug representation of a public key: the first five base64 digits of the key, in square brackets.
func (NodePublic) String ¶ added in v1.18.0
func (k NodePublic) String() string
String returns the output of MarshalText as a string.
func (*NodePublic) UnmarshalBinary ¶ added in v1.30.0
func (k *NodePublic) UnmarshalBinary(in []byte) error
UnmarshalBinary implements encoding.BinaryUnmarshaler.
func (*NodePublic) UnmarshalText ¶ added in v1.18.0
func (k *NodePublic) UnmarshalText(b []byte) error
MarshalText implements encoding.TextUnmarshaler.
func (NodePublic) UntypedHexString
deprecated
added in
v1.18.0
func (k NodePublic) UntypedHexString() string
UntypedHexString returns k, encoded as an untyped 64-character hex string.
Deprecated: this function is risky to use, because it produces serialized values that do not identify themselves as a NodePublic, allowing other code to potentially parse it back in as the wrong key type. For new uses that don't require backwards compatibility with the untyped string format, please use MarshalText/UnmarshalText.
func (NodePublic) WireGuardGoString ¶ added in v1.18.0
func (k NodePublic) WireGuardGoString() string
WireGuardGoString prints k in the same format used by wireguard-go.
func (NodePublic) WriteRawWithoutAllocating ¶ added in v1.18.0
func (k NodePublic) WriteRawWithoutAllocating(bw *bufio.Writer) error
WriteRawWithoutAllocating writes out k as 32 bytes to bw. The writing is done ~3x slower than bw.Write, but in exchange is allocation-free.