client,cmd/tailscale,ipn,tka,types: implement tka initialization flow

This PR implements the client-side of initializing network-lock with the Coordination server. Signed-off-by: Tom DNetto <tom@tailscale.com>
2025-08-11 21:27:31 +00:00 · 2022-08-11 10:43:09 -07:00
parent 18edd79421
commit facafd8819
18 changed files with 514 additions and 13 deletions
--- a/types/tkatype/tkatype.go
+++ b/types/tkatype/tkatype.go
@@ -22,10 +22,17 @@ type KeyID []byte
 // MarshaledSignature represents a marshaled tka.NodeKeySignature.
 type MarshaledSignature []byte

+// MarshaledAUM represents a marshaled tka.AUM.
+type MarshaledAUM []byte
+
 // AUMSigHash represents the BLAKE2s digest of an Authority Update
 // Message (AUM), sans any signatures.
 type AUMSigHash [32]byte

+// NKSSigHash represents the BLAKE2s digest of a Node-Key Signature (NKS),
+// sans the Signature field if present.
+type NKSSigHash [32]byte
+
 // Signature describes a signature over an AUM, which can be verified
 // using the key referenced by KeyID.
 type Signature struct {
--- a/types/tkatype/tkatype_test.go
+++ b/types/tkatype/tkatype_test.go
@@ -14,4 +14,9 @@ func TestSigHashSize(t *testing.T) {
 	if len(sigHash) != blake2s.Size {
 		t.Errorf("AUMSigHash is wrong size: got %d, want %d", len(sigHash), blake2s.Size)
 	}
+
+	var nksHash NKSSigHash
+	if len(nksHash) != blake2s.Size {
+		t.Errorf("NKSSigHash is wrong size: got %d, want %d", len(nksHash), blake2s.Size)
+	}
 }