ipn/ipnstate: use key.NodePublic instead of the generic key.Public.

Updates #3206.

Signed-off-by: David Anderson <danderson@tailscale.com>

derp/derp_server.go

@@ -1006,10 +1006,10 @@ func (s *Server) verifyClient(clientKey key.NodePublic, info *clientInfo) error
 	if err != nil {
 		return fmt.Errorf("failed to query local tailscaled status: %w", err)
 	}
-	if clientKey == key.NodePublicFromRaw32(mem.B(status.Self.PublicKey[:])) {
+	if clientKey == status.Self.PublicKey {
 		return nil
 	}
-	if _, exists := status.Peer[clientKey.AsPublic()]; !exists {
+	if _, exists := status.Peer[clientKey]; !exists {
 		return fmt.Errorf("client %v not in set of peers", clientKey)
 	}
 	// TODO(bradfitz): add policy for configurable bandwidth rate per client?

ipn/ipnlocal/local.go

@@ -26,6 +26,7 @@
 	"time"
 
 	"github.com/go-multierror/multierror"
+	"go4.org/mem"
 	"inet.af/netaddr"
 	"tailscale.com/client/tailscale/apitype"
 	"tailscale.com/control/controlclient"
@@ -388,7 +389,7 @@ func (b *LocalBackend) populatePeerStatusLocked(sb *ipnstate.StatusBuilder) {
 				tailscaleIPs = append(tailscaleIPs, addr.IP())
 			}
 		}
-		sb.AddPeer(key.Public(p.Key), &ipnstate.PeerStatus{
+		sb.AddPeer(key.NodePublicFromRaw32(mem.B(p.Key[:])), &ipnstate.PeerStatus{
 			InNetworkMap:       true,
 			ID:                 p.StableID,
 			UserID:             p.User,

ipn/ipnstate/ipnstate.go

@@ -8,7 +8,6 @@
 package ipnstate
 
 import (
-	"bytes"
 	"fmt"
 	"html"
 	"io"
@@ -57,16 +56,16 @@ type Status struct {
 	// trailing periods, and without any "_acme-challenge." prefix.
 	CertDomains []string
 
-	Peer map[key.Public]*PeerStatus
+	Peer map[key.NodePublic]*PeerStatus
 	User map[tailcfg.UserID]tailcfg.UserProfile
 }
 
-func (s *Status) Peers() []key.Public {
+func (s *Status) Peers() []key.NodePublic {
-	kk := make([]key.Public, 0, len(s.Peer))
+	kk := make([]key.NodePublic, 0, len(s.Peer))
 	for k := range s.Peer {
 		kk = append(kk, k)
 	}
-	sort.Slice(kk, func(i, j int) bool { return bytes.Compare(kk[i][:], kk[j][:]) < 0 })
+	sort.Slice(kk, func(i, j int) bool { return kk[i].Less(kk[j]) })
 	return kk
 }
 
@@ -78,7 +77,7 @@ type PeerStatusLite struct {
 
 type PeerStatus struct {
 	ID        tailcfg.StableNodeID
-	PublicKey key.Public
+	PublicKey key.NodePublic
 	HostName  string // HostInfo's Hostname (not a DNS name or necessarily unique)
 	DNSName   string
 	OS        string // HostInfo.OS
@@ -201,7 +200,7 @@ func (sb *StatusBuilder) AddTailscaleIP(ip netaddr.IP) {
 // AddPeer adds a peer node to the status.
 //
 // Its PeerStatus is mixed with any previous status already added.
-func (sb *StatusBuilder) AddPeer(peer key.Public, st *PeerStatus) {
+func (sb *StatusBuilder) AddPeer(peer key.NodePublic, st *PeerStatus) {
 	if st == nil {
 		panic("nil PeerStatus")
 	}
@@ -214,7 +213,7 @@ func (sb *StatusBuilder) AddPeer(peer key.Public, st *PeerStatus) {
 	}
 
 	if sb.st.Peer == nil {
-		sb.st.Peer = make(map[key.Public]*PeerStatus)
+		sb.st.Peer = make(map[key.NodePublic]*PeerStatus)
 	}
 	e, ok := sb.st.Peer[peer]
 	if !ok {
@@ -478,5 +477,6 @@ func sortKey(ps *PeerStatus) string {
 	if len(ps.TailscaleIPs) > 0 {
 		return ps.TailscaleIPs[0].String()
 	}
-	return string(ps.PublicKey[:])
+	raw := ps.PublicKey.Raw32()
+	return string(raw[:])
 }

wgengine/magicsock/magicsock.go

@@ -3081,7 +3081,11 @@ func (c *Conn) UpdateStatus(sb *ipnstate.StatusBuilder) {
 	}
 
 	sb.MutateSelfStatus(func(ss *ipnstate.PeerStatus) {
-		ss.PublicKey = c.privateKey.Public()
+		if !c.privateKey.IsZero() {
+			ss.PublicKey = key.NodePrivateFromRaw32(mem.B(c.privateKey[:])).Public()
+		} else {
+			ss.PublicKey = key.NodePublic{}
+		}
 		ss.Addrs = make([]string, 0, len(c.lastEndpoints))
 		for _, ep := range c.lastEndpoints {
 			ss.Addrs = append(ss.Addrs, ep.Addr.String())
@@ -3113,7 +3117,7 @@ func (c *Conn) UpdateStatus(sb *ipnstate.StatusBuilder) {
 		ps := &ipnstate.PeerStatus{InMagicSock: true}
 		//ps.Addrs = append(ps.Addrs, n.Endpoints...)
 		ep.populatePeerStatus(ps)
-		sb.AddPeer(key.Public(ep.publicKey), ps)
+		sb.AddPeer(key.NodePublicFromRaw32(mem.B(ep.publicKey[:])), ps)
 	})
 
 	c.foreachActiveDerpSortedLocked(func(node int, ad activeDerp) {

wgengine/magicsock/magicsock_test.go

@@ -205,8 +205,8 @@ func (s *magicStack) Close() {
 	s.conn.Close()
 }
 
-func (s *magicStack) Public() key.Public {
+func (s *magicStack) Public() key.NodePublic {
-	return s.privateKey.Public().AsPublic()
+	return s.privateKey.Public()
 }
 
 func (s *magicStack) Status() *ipnstate.Status {
@@ -995,10 +995,10 @@ func testTwoDevicePing(t *testing.T, d *devices) {
 
 	// Wait for magicsock to be told about peers from meshStacks.
 	tstest.WaitFor(10*time.Second, func() error {
-		if p := m1.Status().Peer[m2.privateKey.Public().AsPublic()]; p == nil || !p.InMagicSock {
+		if p := m1.Status().Peer[m2.Public()]; p == nil || !p.InMagicSock {
 			return errors.New("m1 not ready")
 		}
-		if p := m2.Status().Peer[m1.privateKey.Public().AsPublic()]; p == nil || !p.InMagicSock {
+		if p := m2.Status().Peer[m1.Public()]; p == nil || !p.InMagicSock {
 			return errors.New("m2 not ready")
 		}
 		return nil

wgengine/userspace.go

@@ -1242,7 +1242,7 @@ func (e *userspaceEngine) UpdateStatus(sb *ipnstate.StatusBuilder) {
 		return
 	}
 	for _, ps := range st.Peers {
-		sb.AddPeer(key.Public(ps.NodeKey), &ipnstate.PeerStatus{
+		sb.AddPeer(key.NodePublicFromRaw32(mem.B(ps.NodeKey[:])), &ipnstate.PeerStatus{
 			RxBytes:       int64(ps.RxBytes),
 			TxBytes:       int64(ps.TxBytes),
 			LastHandshake: ps.LastHandshake,