tka, types/key: add NLPublic.KeyID

This allows direct use of NLPublic with tka.Authority.KeyTrusted() and
similar without using tricks like converting the return value of Verifier.

Signed-off-by: Adrian Dewhurst <adrian@tailscale.com>
This commit is contained in:
Adrian Dewhurst 2022-10-26 15:14:01 -04:00 committed by Adrian Dewhurst
parent 944f43f1c8
commit 8c09ae9032
2 changed files with 43 additions and 0 deletions

View File

@ -9,6 +9,7 @@
"testing"
"github.com/google/go-cmp/cmp"
"tailscale.com/types/key"
"tailscale.com/types/tkatype"
)
@ -437,3 +438,40 @@ func TestAuthorityInformLinear(t *testing.T) {
t.Fatal("authority did not converge to correct AUM")
}
}
func TestInteropWithNLKey(t *testing.T) {
priv1 := key.NewNLPrivate()
pub1 := priv1.Public()
pub2 := key.NewNLPrivate().Public()
pub3 := key.NewNLPrivate().Public()
a, _, err := Create(&Mem{}, State{
Keys: []Key{
{
Kind: Key25519,
Votes: 1,
Public: pub1.KeyID(),
},
{
Kind: Key25519,
Votes: 1,
Public: pub2.KeyID(),
},
},
DisablementSecrets: [][]byte{DisablementKDF([]byte{1, 2, 3})},
}, priv1)
if err != nil {
t.Errorf("tka.Create: %v", err)
return
}
if !a.KeyTrusted(pub1.KeyID()) {
t.Error("pub1 want trusted, got untrusted")
}
if !a.KeyTrusted(pub2.KeyID()) {
t.Error("pub2 want trusted, got untrusted")
}
if a.KeyTrusted(pub3.KeyID()) {
t.Error("pub3 want untrusted, got trusted")
}
}

View File

@ -125,3 +125,8 @@ func (k NLPublic) IsZero() bool {
func (k NLPublic) Equal(other NLPublic) bool {
return subtle.ConstantTimeCompare(k.k[:], other.k[:]) == 1
}
// KeyID returns a tkatype.KeyID that can be used with a tka.Authority.
func (k NLPublic) KeyID() tkatype.KeyID {
return k.k[:]
}