control/controlclient: update machine certificate signature version

This iterates on the original signature format.

Signed-off-by: Adrian Dewhurst <adrian@tailscale.com>

control/controlclient/sign.go

@@ -10,22 +10,34 @@ import (
 	"fmt"
 	"time"
 
+	"tailscale.com/tailcfg"
 	"tailscale.com/types/key"
 )
 
 var (
-	errNoCertStore              = errors.New("no certificate store")
-	errCertificateNotConfigured = errors.New("no certificate subject configured")
+	errNoCertStore                 = errors.New("no certificate store")
+	errCertificateNotConfigured    = errors.New("no certificate subject configured")
+	errUnsupportedSignatureVersion = errors.New("unsupported signature version")
 )
 
 // HashRegisterRequest generates the hash required sign or verify a
-// tailcfg.RegisterRequest with tailcfg.SignatureV1.
-func HashRegisterRequest(ts time.Time, serverURL string, deviceCert []byte, serverPubKey, machinePubKey key.MachinePublic) []byte {
+// tailcfg.RegisterRequest.
+func HashRegisterRequest(
+	version tailcfg.SignatureType, ts time.Time, serverURL string, deviceCert []byte,
+	serverPubKey, machinePubKey key.MachinePublic) ([]byte, error) {
 	h := crypto.SHA256.New()
 
 	// hash.Hash.Write never returns an error, so we don't check for one here.
-	fmt.Fprintf(h, "%s%s%s%s%s",
-		ts.UTC().Format(time.RFC3339), serverURL, deviceCert, serverPubKey, machinePubKey)
+	switch version {
+	case tailcfg.SignatureV1:
+		fmt.Fprintf(h, "%s%s%s%s%s",
+			ts.UTC().Format(time.RFC3339), serverURL, deviceCert, serverPubKey.ShortString(), machinePubKey.ShortString())
+	case tailcfg.SignatureV2:
+		fmt.Fprintf(h, "%s%s%s%s%s",
+			ts.UTC().Format(time.RFC3339), serverURL, deviceCert, serverPubKey, machinePubKey)
+	default:
+		return nil, errUnsupportedSignatureVersion
+	}
 
-	return h.Sum(nil)
+	return h.Sum(nil), nil
 }