TheArchive/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2025-10-27 11:41:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

tailcfg: add HardwareAttestationKey to MapRequest (#17102)

Browse Source 
Extend the client state management to generate a hardware attestation
key if none exists.

Extend MapRequest with HardwareAttestationKey{,Signature} fields that
optionally contain the public component of the hardware attestation key
and a signature of the node's node key using it. This will be used by
control to associate hardware attesation keys with node identities on a
TOFU basis.

Updates tailscale/corp#31269

Signed-off-by: Patrick O'Doherty <patrick@tailscale.com>
This commit is contained in:
Patrick O'Doherty
2025-09-15 10:11:38 -07:00
committed by GitHub
parent 17ffa80138
commit 510830ca7a
2 changed files with 102 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
tailcfg/tailcfg.go
View File

@@ -1360,6 +1360,13 @@ type MapRequest struct {
NodeKey key.NodePublic
DiscoKey key.DiscoPublic
// HardwareAttestationKey is the public key of the node's hardware-backed
// identity attestation key, if any.
HardwareAttestationKey key.HardwareAttestationPublic `json:",omitzero"`
// HardwareAttestationKeySignature is the signature of the NodeKey
// serialized using MarshalText using its hardware attestation key, if any.
HardwareAttestationKeySignature []byte `json:",omitempty"`
// Stream is whether the client wants to receive multiple MapResponses over
// the same HTTP connection.
//