all: implement preauth-key support with tailnet lock

Signed-off-by: Tom DNetto <tom@tailscale.com>
2025-12-01 17:49:02 +00:00 · 2023-03-02 13:24:26 -08:00
parent f4f8ed98d9
commit ce99474317
7 changed files with 251 additions and 3 deletions
--- a/control/controlclient/direct.go
+++ b/control/controlclient/direct.go
@@ -7,6 +7,8 @@ import (
 	"bufio"
 	"bytes"
 	"context"
+	"crypto/ed25519"
+	"encoding/base64"
 	"encoding/binary"
 	"encoding/json"
 	"errors"
@@ -424,7 +426,7 @@ func (c *Direct) doLogin(ctx context.Context, opt loginOpt) (mustRegen bool, new
 	tryingNewKey := c.tryingNewKey
 	serverKey := c.serverKey
 	serverNoiseKey := c.serverNoiseKey
-	authKey := c.authKey
+	authKey, isWrapped, wrappedSig, wrappedKey := decodeWrappedAuthkey(c.authKey, c.logf)
 	hi := c.hostInfoLocked()
 	backendLogID := hi.BackendLogID
 	expired := c.expiry != nil && !c.expiry.IsZero() && c.expiry.Before(c.timeNow())
@@ -510,6 +512,22 @@ func (c *Direct) doLogin(ctx context.Context, opt loginOpt) (mustRegen bool, new
 		if nodeKeySignature, err = resignNKS(persist.NetworkLockKey, tryingNewKey.Public(), opt.OldNodeKeySignature); err != nil {
 			c.logf("Failed re-signing node-key signature: %v", err)
 		}
+	} else if isWrapped {
+		// We were given a wrapped pre-auth key, which means that in addition
+		// to being a regular pre-auth key there was a suffix with information to
+		// generate a tailnet-lock signature.
+		nk, err := tryingNewKey.Public().MarshalBinary()
+		if err != nil {
+			return false, "", nil, fmt.Errorf("marshalling node-key: %w", err)
+		}
+		sig := &tka.NodeKeySignature{
+			SigKind: tka.SigRotation,
+			Pubkey:  nk,
+			Nested:  wrappedSig,
+		}
+		sigHash := sig.SigHash()
+		sig.Signature = ed25519.Sign(wrappedKey, sigHash[:])
+		nodeKeySignature = sig.Serialize()
 	}

 	if backendLogID == "" {
@@ -1713,6 +1731,43 @@ func (c *Direct) ReportHealthChange(sys health.Subsystem, sysErr error) {
 	res.Body.Close()
 }

+// decodeWrappedAuthkey separates wrapping information from an authkey, if any.
+// In all cases the authkey is returned, sans wrapping information if any.
+//
+// If the authkey is wrapped, isWrapped returns true, along with the wrapping signature
+// and private key.
+func decodeWrappedAuthkey(key string, logf logger.Logf) (authKey string, isWrapped bool, sig *tka.NodeKeySignature, priv ed25519.PrivateKey) {
+	authKey, suffix, found := strings.Cut(key, "--TL")
+	if !found {
+		return key, false, nil, nil
+	}
+	sigBytes, privBytes, found := strings.Cut(suffix, "-")
+	if !found {
+		logf("decoding wrapped auth-key: did not find delimiter")
+		return key, false, nil, nil
+	}
+
+	rawSig, err := base64.RawStdEncoding.DecodeString(sigBytes)
+	if err != nil {
+		logf("decoding wrapped auth-key: signature decode: %v", err)
+		return key, false, nil, nil
+	}
+	rawPriv, err := base64.RawStdEncoding.DecodeString(privBytes)
+	if err != nil {
+		logf("decoding wrapped auth-key: priv decode: %v", err)
+		return key, false, nil, nil
+	}
+
+	sig = new(tka.NodeKeySignature)
+	if err := sig.Unserialize([]byte(rawSig)); err != nil {
+		logf("decoding wrapped auth-key: signature: %v", err)
+		return key, false, nil, nil
+	}
+	priv = ed25519.PrivateKey(rawPriv)
+
+	return authKey, true, sig, priv
+}
+
 var (
 	metricMapRequestsActive = clientmetric.NewGauge("controlclient_map_requests_active")

--- a/control/controlclient/direct_test.go
+++ b/control/controlclient/direct_test.go
@@ -4,6 +4,7 @@
 package controlclient

 import (
+	"crypto/ed25519"
 	"encoding/json"
 	"net/http"
 	"net/http/httptest"
@@ -142,3 +143,42 @@ func TestTsmpPing(t *testing.T) {
 		t.Fatal(err)
 	}
 }
+
+func TestDecodeWrappedAuthkey(t *testing.T) {
+	k, isWrapped, sig, priv := decodeWrappedAuthkey("tskey-32mjsdkdsffds9o87dsfkjlh", nil)
+	if want := "tskey-32mjsdkdsffds9o87dsfkjlh"; k != want {
+		t.Errorf("decodeWrappedAuthkey(<unwrapped-key>).key = %q, want %q", k, want)
+	}
+	if isWrapped {
+		t.Error("decodeWrappedAuthkey(<unwrapped-key>).isWrapped = true, want false")
+	}
+	if sig != nil {
+		t.Errorf("decodeWrappedAuthkey(<unwrapped-key>).sig = %v, want nil", sig)
+	}
+	if priv != nil {
+		t.Errorf("decodeWrappedAuthkey(<unwrapped-key>).priv = %v, want nil", priv)
+	}
+
+	k, isWrapped, sig, priv = decodeWrappedAuthkey("tskey-auth-k7UagY1CNTRL-ZZZZZ--TLpAEDA1ggnXuw4/fWnNWUwcoOjLemhOvml1juMl5lhLmY5sBUsj8EWEAfL2gdeD9g8VDw5tgcxCiHGlEb67BgU2DlFzZApi4LheLJraA+pYjTGChVhpZz1iyiBPD+U2qxDQAbM3+WFY0EBlggxmVqG53Hu0Rg+KmHJFMlUhfgzo+AQP6+Kk9GzvJJOs4-k36RdoSFqaoARfQo0UncHAV0t3YTqrkD5r/z2jTrE43GZWobnce7RGD4qYckUyVSF+DOj4BA/r4qT0bO8kk6zg", nil)
+	if want := "tskey-auth-k7UagY1CNTRL-ZZZZZ"; k != want {
+		t.Errorf("decodeWrappedAuthkey(<wrapped-key>).key = %q, want %q", k, want)
+	}
+	if !isWrapped {
+		t.Error("decodeWrappedAuthkey(<wrapped-key>).isWrapped = false, want true")
+	}
+
+	if sig == nil {
+		t.Fatal("decodeWrappedAuthkey(<wrapped-key>).sig = nil, want non-nil signature")
+	}
+	sigHash := sig.SigHash()
+	if !ed25519.Verify(sig.KeyID, sigHash[:], sig.Signature) {
+		t.Error("signature failed to verify")
+	}
+
+	// Make sure the private is correct by using it.
+	someSig := ed25519.Sign(priv, []byte{1, 2, 3, 4})
+	if !ed25519.Verify(sig.WrappingPubkey, []byte{1, 2, 3, 4}, someSig) {
+		t.Error("failed to use priv")
+	}
+
+}