tailscale/types/tkatype/tkatype.go

// Copyright (c) Tailscale Inc & AUTHORS
// SPDX-License-Identifier: BSD-3-Clause

// Package tkatype defines types for working with the tka package.
//
// Do not add extra dependencies to this package unless they are tiny,
// because this package encodes wire types that should be lightweight to use.
package tkatype

// KeyID references a verification key stored in the key authority. A keyID
// uniquely identifies a key. KeyIDs are all 32 bytes.
//
// For 25519 keys: We just use the 32-byte public key.
//
// Even though this is a 32-byte value, we use a byte slice because
// CBOR-encoded byte slices have a different prefix to CBOR-encoded arrays.
// Encoding as a byte slice allows us to change the size in the future if we
// ever need to.
type KeyID []byte

// MarshaledSignature represents a marshaled tka.NodeKeySignature.
type MarshaledSignature []byte

// MarshaledAUM represents a marshaled tka.AUM.
type MarshaledAUM []byte

// AUMSigHash represents the BLAKE2s digest of an Authority Update
// Message (AUM), sans any signatures.
type AUMSigHash [32]byte

// NKSSigHash represents the BLAKE2s digest of a Node-Key Signature (NKS),
// sans the Signature field if present.
type NKSSigHash [32]byte

// Signature describes a signature over an AUM, which can be verified
// using the key referenced by KeyID.
type Signature struct {
	KeyID     KeyID  `cbor:"1,keyasint"`
	Signature []byte `cbor:"2,keyasint"`
}
all: update copyright and license headers This updates all source files to use a new standard header for copyright and license declaration. Notably, copyright no longer includes a date, and we now use the standard SPDX-License-Identifier header. This commit was done almost entirely mechanically with perl, and then some minimal manual fixes. Updates #6865 Signed-off-by: Will Norris <will@tailscale.com> 2023-01-27 21:37:20 +00:00			`// Copyright (c) Tailscale Inc & AUTHORS`
			`// SPDX-License-Identifier: BSD-3-Clause`
tka,types/key: remove dependency for tailcfg & types/ packages on tka Following the pattern elsewhere, we create a new tka-specific types package for the types that need to couple between the serialized structure types, and tka. Signed-off-by: Tom DNetto <tom@tailscale.com> 2022-08-04 18:45:19 +00:00
			`// Package tkatype defines types for working with the tka package.`
			`//`
			`// Do not add extra dependencies to this package unless they are tiny,`
			`// because this package encodes wire types that should be lightweight to use.`
			`package tkatype`

			`// KeyID references a verification key stored in the key authority. A keyID`
			`// uniquely identifies a key. KeyIDs are all 32 bytes.`
			`//`
			`// For 25519 keys: We just use the 32-byte public key.`
			`//`
			`// Even though this is a 32-byte value, we use a byte slice because`
			`// CBOR-encoded byte slices have a different prefix to CBOR-encoded arrays.`
			`// Encoding as a byte slice allows us to change the size in the future if we`
			`// ever need to.`
			`type KeyID []byte`

			`// MarshaledSignature represents a marshaled tka.NodeKeySignature.`
			`type MarshaledSignature []byte`

client,cmd/tailscale,ipn,tka,types: implement tka initialization flow This PR implements the client-side of initializing network-lock with the Coordination server. Signed-off-by: Tom DNetto <tom@tailscale.com> 2022-08-11 17:43:09 +00:00			`// MarshaledAUM represents a marshaled tka.AUM.`
			`type MarshaledAUM []byte`

tka,types/key: remove dependency for tailcfg & types/ packages on tka Following the pattern elsewhere, we create a new tka-specific types package for the types that need to couple between the serialized structure types, and tka. Signed-off-by: Tom DNetto <tom@tailscale.com> 2022-08-04 18:45:19 +00:00			`// AUMSigHash represents the BLAKE2s digest of an Authority Update`
			`// Message (AUM), sans any signatures.`
			`type AUMSigHash [32]byte`

client,cmd/tailscale,ipn,tka,types: implement tka initialization flow This PR implements the client-side of initializing network-lock with the Coordination server. Signed-off-by: Tom DNetto <tom@tailscale.com> 2022-08-11 17:43:09 +00:00			`// NKSSigHash represents the BLAKE2s digest of a Node-Key Signature (NKS),`
			`// sans the Signature field if present.`
			`type NKSSigHash [32]byte`

tka,types/key: remove dependency for tailcfg & types/ packages on tka Following the pattern elsewhere, we create a new tka-specific types package for the types that need to couple between the serialized structure types, and tka. Signed-off-by: Tom DNetto <tom@tailscale.com> 2022-08-04 18:45:19 +00:00			`// Signature describes a signature over an AUM, which can be verified`
			`// using the key referenced by KeyID.`
			`type Signature struct {`
			KeyID KeyID `cbor:"1,keyasint"`
			Signature []byte `cbor:"2,keyasint"`
			`}`