types/persist: use new node key type.

Updates #3206

Signed-off-by: David Anderson <danderson@tailscale.com>

control/controlclient/auto.go

@@ -701,7 +701,7 @@ func (c *Auto) Shutdown() {
 // used exclusively in tests.
 func (c *Auto) TestOnlyNodePublicKey() wgkey.Key {
 	priv := c.direct.GetPersist()
-	return priv.PrivateNodeKey.Public()
+	return priv.PrivateNodeKey.Public().AsWGKey()
 }
 
 func (c *Auto) TestOnlySetAuthKey(authkey string) {

control/controlclient/direct.go

@@ -330,7 +330,7 @@ func (c *Direct) doLogin(ctx context.Context, opt loginOpt) (mustRegen bool, new
 	var oldNodeKey wgkey.Key
 	switch {
 	case opt.Logout:
-		tryingNewKey = persist.PrivateNodeKey
+		tryingNewKey = persist.PrivateNodeKey.AsWGPrivate()
 	case opt.URL != "":
 		// Nothing.
 	case regen || persist.PrivateNodeKey.IsZero():
@@ -344,10 +344,10 @@ func (c *Direct) doLogin(ctx context.Context, opt loginOpt) (mustRegen bool, new
 		tryingNewKey = key
 	default:
 		// Try refreshing the current key first
-		tryingNewKey = persist.PrivateNodeKey
+		tryingNewKey = persist.PrivateNodeKey.AsWGPrivate()
 	}
 	if !persist.OldPrivateNodeKey.IsZero() {
-		oldNodeKey = persist.OldPrivateNodeKey.Public()
+		oldNodeKey = persist.OldPrivateNodeKey.Public().AsWGKey()
 	}
 
 	if tryingNewKey.IsZero() {
@@ -468,7 +468,7 @@ func (c *Direct) doLogin(ctx context.Context, opt loginOpt) (mustRegen bool, new
 	c.mu.Lock()
 	if resp.AuthURL == "" {
 		// key rotation is complete
-		persist.PrivateNodeKey = tryingNewKey
+		persist.PrivateNodeKey = key.NodePrivateFromRaw32(mem.B(tryingNewKey[:]))
 	} else {
 		// save it for the retry-with-URL
 		c.tryingNewKey = tryingNewKey
@@ -600,7 +600,7 @@ func (c *Direct) sendMapRequest(ctx context.Context, maxPolls int, cb func(*netm
 	request := &tailcfg.MapRequest{
 		Version:       tailcfg.CurrentMapRequestVersion,
 		KeepAlive:     c.keepAlive,
-		NodeKey:       tailcfg.NodeKey(persist.PrivateNodeKey.Public()),
+		NodeKey:       tailcfg.NodeKeyFromNodePublic(persist.PrivateNodeKey.Public()),
 		DiscoKey:      c.discoPubKey,
 		Endpoints:     epStrs,
 		EndpointTypes: epTypes,
@@ -707,7 +707,7 @@ func (c *Direct) sendMapRequest(ctx context.Context, maxPolls int, cb func(*netm
 		}
 	}()
 
-	sess := newMapSession(persist.PrivateNodeKey)
+	sess := newMapSession(persist.PrivateNodeKey.AsWGPrivate())
 	sess.logf = c.logf
 	sess.vlogf = vlogf
 	sess.machinePubKey = machinePubKey

ipn/ipnlocal/local.go

@@ -47,7 +47,6 @@
 	"tailscale.com/types/netmap"
 	"tailscale.com/types/persist"
 	"tailscale.com/types/preftype"
-	"tailscale.com/types/wgkey"
 	"tailscale.com/util/deephash"
 	"tailscale.com/util/dnsname"
 	"tailscale.com/util/osshare"
@@ -294,8 +293,8 @@ func (b *LocalBackend) Prefs() *ipn.Prefs {
 	p := b.prefs.Clone()
 	if p != nil && p.Persist != nil {
 		p.Persist.LegacyFrontendPrivateMachineKey = key.MachinePrivate{}
-		p.Persist.PrivateNodeKey = wgkey.Private{}
+		p.Persist.PrivateNodeKey = key.NodePrivate{}
-		p.Persist.OldPrivateNodeKey = wgkey.Private{}
+		p.Persist.OldPrivateNodeKey = key.NodePrivate{}
 	}
 	return p
 }
@@ -2684,7 +2683,7 @@ func (b *LocalBackend) TestOnlyPublicKeys() (machineKey key.MachinePublic, nodeK
 
 	mk := machinePrivKey.Public()
 	nk := prefs.Persist.PrivateNodeKey.Public()
-	return mk, tailcfg.NodeKey(nk)
+	return mk, tailcfg.NodeKeyFromNodePublic(nk)
 }
 
 func (b *LocalBackend) WaitingFiles() ([]apitype.WaitingFile, error) {
@@ -2774,7 +2773,7 @@ func (b *LocalBackend) SetDNS(ctx context.Context, name, value string) error {
 	b.mu.Lock()
 	cc := b.cc
 	if prefs := b.prefs; prefs != nil {
-		req.NodeKey = tailcfg.NodeKey(prefs.Persist.PrivateNodeKey.Public())
+		req.NodeKey = tailcfg.NodeKeyFromNodePublic(prefs.Persist.PrivateNodeKey.Public())
 	}
 	b.mu.Unlock()
 	if cc == nil {

ipn/ipnlocal/state_test.go

@@ -21,7 +21,6 @@
 	"tailscale.com/types/logger"
 	"tailscale.com/types/netmap"
 	"tailscale.com/types/persist"
-	"tailscale.com/types/wgkey"
 	"tailscale.com/wgengine"
 )
 
@@ -122,7 +121,7 @@ func (cc *mockControl) populateKeys() (newKeys bool) {
 	if cc.persist.PrivateNodeKey.IsZero() {
 		cc.logf("Generating a new nodekey.")
 		cc.persist.OldPrivateNodeKey = cc.persist.PrivateNodeKey
-		cc.persist.PrivateNodeKey, _ = wgkey.NewPrivate()
+		cc.persist.PrivateNodeKey = key.NewNode()
 		newKeys = true
 	}
 

ipn/prefs_test.go

@@ -15,12 +15,13 @@
 	"testing"
 	"time"
 
+	"go4.org/mem"
 	"inet.af/netaddr"
 	"tailscale.com/tailcfg"
 	"tailscale.com/tstest"
+	"tailscale.com/types/key"
 	"tailscale.com/types/persist"
 	"tailscale.com/types/preftype"
-	"tailscale.com/types/wgkey"
 )
 
 func fieldsOf(t reflect.Type) (fields []string) {
@@ -404,7 +405,7 @@ func TestPrefsPretty(t *testing.T) {
 		{
 			Prefs{
 				Persist: &persist.Persist{
-					PrivateNodeKey: wgkey.Private{1: 1},
+					PrivateNodeKey: key.NodePrivateFromRaw32(mem.B([]byte{1: 1, 31: 0})),
 				},
 			},
 			"linux",

types/persist/persist.go

@@ -10,7 +10,6 @@
 
 	"tailscale.com/types/key"
 	"tailscale.com/types/structs"
-	"tailscale.com/types/wgkey"
 )
 
 //go:generate go run tailscale.com/cmd/cloner -type=Persist -output=persist_clone.go
@@ -31,8 +30,8 @@ type Persist struct {
 	// this field, lest the frontend persist it to disk.
 	LegacyFrontendPrivateMachineKey key.MachinePrivate `json:"PrivateMachineKey"`
 
-	PrivateNodeKey    wgkey.Private
+	PrivateNodeKey    key.NodePrivate
-	OldPrivateNodeKey wgkey.Private // needed to request key rotation
+	OldPrivateNodeKey key.NodePrivate // needed to request key rotation
 	Provider          string
 	LoginName         string
 }
@@ -55,7 +54,7 @@ func (p *Persist) Equals(p2 *Persist) bool {
 func (p *Persist) Pretty() string {
 	var (
 		mk     key.MachinePublic
-		ok, nk wgkey.Key
+		ok, nk key.NodePublic
 	)
 	if !p.LegacyFrontendPrivateMachineKey.IsZero() {
 		mk = p.LegacyFrontendPrivateMachineKey.Public()
@@ -66,12 +65,6 @@ func (p *Persist) Pretty() string {
 	if !p.PrivateNodeKey.IsZero() {
 		nk = p.PrivateNodeKey.Public()
 	}
-	ss := func(k wgkey.Key) string {
-		if k.IsZero() {
-			return ""
-		}
-		return k.ShortString()
-	}
 	return fmt.Sprintf("Persist{lm=%v, o=%v, n=%v u=%#v}",
-		mk.ShortString(), ss(ok), ss(nk), p.LoginName)
+		mk.ShortString(), ok.ShortString(), nk.ShortString(), p.LoginName)
 }

types/persist/persist_clone.go

@@ -10,7 +10,6 @@
 import (
 	"tailscale.com/types/key"
 	"tailscale.com/types/structs"
-	"tailscale.com/types/wgkey"
 )
 
 // Clone makes a deep copy of Persist.
@@ -28,8 +27,8 @@ func (src *Persist) Clone() *Persist {
 var _PersistCloneNeedsRegeneration = Persist(struct {
 	_                               structs.Incomparable
 	LegacyFrontendPrivateMachineKey key.MachinePrivate
-	PrivateNodeKey                  wgkey.Private
+	PrivateNodeKey                  key.NodePrivate
-	OldPrivateNodeKey               wgkey.Private
+	OldPrivateNodeKey               key.NodePrivate
 	Provider                        string
 	LoginName                       string
 }{})

types/persist/persist_test.go

@@ -9,7 +9,6 @@
 	"testing"
 
 	"tailscale.com/types/key"
-	"tailscale.com/types/wgkey"
 )
 
 func fieldsOf(t reflect.Type) (fields []string) {
@@ -28,15 +27,8 @@ func TestPersistEqual(t *testing.T) {
 			have, persistHandles)
 	}
 
-	newPrivate := func() wgkey.Private {
-		k, err := wgkey.NewPrivate()
-		if err != nil {
-			panic(err)
-		}
-		return k
-	}
 	m1 := key.NewMachine()
-	k1 := newPrivate()
+	k1 := key.NewNode()
 	tests := []struct {
 		a, b *Persist
 		want bool
@@ -59,7 +51,7 @@ func TestPersistEqual(t *testing.T) {
 
 		{
 			&Persist{PrivateNodeKey: k1},
-			&Persist{PrivateNodeKey: newPrivate()},
+			&Persist{PrivateNodeKey: key.NewNode()},
 			false,
 		},
 		{
@@ -70,7 +62,7 @@ func TestPersistEqual(t *testing.T) {
 
 		{
 			&Persist{OldPrivateNodeKey: k1},
-			&Persist{OldPrivateNodeKey: newPrivate()},
+			&Persist{OldPrivateNodeKey: key.NewNode()},
 			false,
 		},
 		{