Movatterモバイル変換

[0]ホーム
URL:

key

package
v1.92.2Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest Published: Dec 10, 2025 License:BSD-3-ClauseImports:24Imported by:156

Details

Repository

github.com/tailscale/tailscale

Links

Documentation

Overview

Package key contains types for different types of public and private keysused by Tailscale.

Index

Constants

View Source
const (// DiscoPublicRawLen is the length in bytes of a DiscoPublic, when// serialized with AppendTo, Raw32 or WriteRawWithoutAllocating.DiscoPublicRawLen = 32)
View Source
const (// NodePublicRawLen is the length in bytes of a NodePublic, when// serialized with AppendTo, Raw32 or WriteRawWithoutAllocating.NodePublicRawLen = 32)

Variables

View Source
var ErrInvalidMeshKey =errors.New("invalid mesh key")
View Source
var ErrUnsupported =fmt.Errorf("key type not supported on this platform")

Functions

funcPrivateTypesForTestadded inv1.92.0

func PrivateTypesForTest()set.Set[reflect.Type]

PrivateTypesForTest returns the set of private key typesin this package, for testing purposes.

funcRegisterHardwareAttestationKeyFnsadded inv1.88.0

func RegisterHardwareAttestationKeyFns(emptyFn func()HardwareAttestationKey, createFnHardwareAttestationKeyFn)

RegisterHardwareAttestationKeyFns registers a hardware attestationkey implementation for the current platform.

Types

typeChallengePrivateadded inv1.34.0

type ChallengePrivate struct {// contains filtered or unexported fields}

ChallengePrivate is a challenge key, used to test whether clients control akey they want to prove ownership of.

A ChallengePrivate is ephemeral and not serialized to the disk or network.

funcNewChallengeadded inv1.34.0

func NewChallenge()ChallengePrivate

NewChallenge creates and returns a new node private key.

func (ChallengePrivate)MarshalTextadded inv1.34.0

func (kChallengePrivate) MarshalText() ([]byte,error)

MarshalText implements encoding.TextMarshaler, but by returning an error.It shouldn't need to be marshalled anywhere.

func (ChallengePrivate)OpenFromadded inv1.34.0

func (kChallengePrivate) OpenFrom(pNodePublic, ciphertext []byte) (cleartext []byte, okbool)

OpenFrom opens the NaCl box ciphertext, which must be a valuecreated by NodePrivate.SealToChallenge, and returns the inner cleartext ifciphertext is a valid box from p to k.

func (ChallengePrivate)Publicadded inv1.34.0

Public returns the ChallengePublic for k.Panics if ChallengePublic is zero.

typeChallengePublicadded inv1.34.0

type ChallengePublic struct {// contains filtered or unexported fields}

ChallengePublic is the public portion of a ChallengePrivate.

func (ChallengePublic)AppendTextadded inv1.50.0

func (kChallengePublic) AppendText(b []byte) ([]byte,error)

AppendText implements encoding.TextAppender.

func (ChallengePublic)IsZeroadded inv1.34.0

func (kChallengePublic) IsZero()bool

IsZero reports whether k is the zero value.

func (ChallengePublic)MarshalTextadded inv1.34.0

func (kChallengePublic) MarshalText() ([]byte,error)

MarshalText implements encoding.TextMarshaler.

func (ChallengePublic)Stringadded inv1.34.0

func (kChallengePublic) String()string

String returns the output of MarshalText as a string.

func (*ChallengePublic)UnmarshalTextadded inv1.34.0

func (k *ChallengePublic) UnmarshalText(b []byte)error

UnmarshalText implements encoding.TextUnmarshaler.

typeControlPrivatedeprecatedadded inv1.16.0

type ControlPrivate struct {// contains filtered or unexported fields}

ControlPrivate is a Tailscale control plane private key.

It is functionally equivalent to a MachinePrivate, but serializesto JSON as a byte array rather than a typed string, because ourcontrol plane database stores the key that way.

Deprecated: this type should only be used in Tailscale's controlplane, where existing database serializations require thisless-good serialization format to persist. Other control planeimplementations can use MachinePrivate with no downsides.

funcNewControladded inv1.16.0

func NewControl()ControlPrivate

NewControl generates and returns a new control plane private key.

func (ControlPrivate)IsZeroadded inv1.16.0

func (kControlPrivate) IsZero()bool

IsZero reports whether k is the zero value.

func (ControlPrivate)MarshalJSONadded inv1.16.0

func (kControlPrivate) MarshalJSON() ([]byte,error)

MarshalJSON implements json.Marshaler.

func (ControlPrivate)OpenFromadded inv1.16.0

func (kControlPrivate) OpenFrom(pMachinePublic, ciphertext []byte) (cleartext []byte, okbool)

OpenFrom opens the NaCl box ciphertext, which must be a valuecreated by SealTo, and returns the inner cleartext if ciphertext isa valid box from p to k.

func (ControlPrivate)Publicadded inv1.16.0

Public returns the MachinePublic for k.Panics if ControlPrivate is zero.

func (ControlPrivate)SealToadded inv1.16.0

func (kControlPrivate) SealTo(pMachinePublic, cleartext []byte) (ciphertext []byte)

SealTo wraps cleartext into a NaCl box (seegolang.org/x/crypto/nacl) to p, authenticated from k, using arandom nonce.

The returned ciphertext is a 24-byte nonce concatenated with thebox value.

func (ControlPrivate)SharedKeyadded inv1.30.0

SharedKey returns the precomputed Nacl box shared key between k and p.

func (*ControlPrivate)UnmarshalJSONadded inv1.16.0

func (k *ControlPrivate) UnmarshalJSON(bs []byte)error

UnmarshalJSON implements json.Unmarshaler.

typeDERPMeshadded inv1.86.0

type DERPMesh struct {// contains filtered or unexported fields}

DERPMesh is a mesh key, used for inter-DERP-node communication and forprivileged DERP clients.

funcDERPMeshFromRaw32added inv1.86.0

func DERPMeshFromRaw32(rawmem.RO)DERPMesh

DERPMeshFromRaw32 parses a 32-byte raw value as a DERP mesh key.

funcParseDERPMeshadded inv1.86.0

func ParseDERPMesh(keystring) (DERPMesh,error)

ParseDERPMesh parses a DERP mesh key from a string.This function trims whitespace around the string.If the key is not a 64-digit hexadecimal number, ErrInvalidMeshKey is returned.

func (DERPMesh)Equaladded inv1.86.0

func (kDERPMesh) Equal(otherDERPMesh)bool

Equal reports whether k and other are the same key.

func (DERPMesh)IsZeroadded inv1.86.0

func (kDERPMesh) IsZero()bool

IsZero reports whether k is the zero value.

func (DERPMesh)MarshalJSONadded inv1.86.0

func (kDERPMesh) MarshalJSON() ([]byte,error)

MarshalJSON implements theencoding/json.Marshaler interface.

func (DERPMesh)Stringadded inv1.86.0

func (kDERPMesh) String()string

String returns k as a hex-encoded 64-digit number.

func (*DERPMesh)UnmarshalJSONadded inv1.86.0

func (k *DERPMesh) UnmarshalJSON(data []byte)error

UnmarshalJSON implements theencoding/json.Unmarshaler interface.

typeDiscoPrivateadded inv1.18.0

type DiscoPrivate struct {// contains filtered or unexported fields}

DiscoPrivate is a disco key, used for peer-to-peer path discovery.

funcNewDiscoadded inv1.18.0

func NewDisco()DiscoPrivate

NewDisco creates and returns a new disco private key.

func (DiscoPrivate)Equaladded inv1.18.0

func (kDiscoPrivate) Equal(otherDiscoPrivate)bool

Equal reports whether k and other are the same key.

func (DiscoPrivate)IsZeroadded inv1.18.0

func (kDiscoPrivate) IsZero()bool

IsZero reports whether k is the zero value.

func (DiscoPrivate)Publicadded inv1.18.0

func (kDiscoPrivate) Public()DiscoPublic

Public returns the DiscoPublic for k.Panics if DiscoPrivate is zero.

func (DiscoPrivate)Sharedadded inv1.18.0

Shared returns the DiscoShared for communication between k and p.

typeDiscoPublicadded inv1.18.0

type DiscoPublic struct {// contains filtered or unexported fields}

DiscoPublic is the public portion of a DiscoPrivate.

funcDiscoPublicFromRaw32added inv1.18.0

func DiscoPublicFromRaw32(rawmem.RO)DiscoPublic

DiscoPublicFromRaw32 parses a 32-byte raw value as a DiscoPublic.

This should be used only when deserializing a DiscoPublic from abinary protocol.

func (DiscoPublic)AppendTextadded inv1.50.0

func (kDiscoPublic) AppendText(b []byte) ([]byte,error)

AppendText implements encoding.TextAppender.

func (DiscoPublic)AppendToadded inv1.18.0

func (kDiscoPublic) AppendTo(buf []byte) []byte

AppendTo appends k, serialized as a 32-byte binary value, tobuf. Returns the new slice.

func (DiscoPublic)Compareadded inv1.60.0

func (kDiscoPublic) Compare(otherDiscoPublic)int

Compare returns an integer comparing DiscoPublic k and l lexicographically.The result will be 0 if k == other, -1 if k < other, and +1 if k > other.This is useful for situations requiring only one node in a pair to performsome operation, e.g. probing UDP path lifetime.

func (DiscoPublic)IsZeroadded inv1.18.0

func (kDiscoPublic) IsZero()bool

IsZero reports whether k is the zero value.

func (DiscoPublic)MarshalTextadded inv1.18.0

func (kDiscoPublic) MarshalText() ([]byte,error)

MarshalText implements encoding.TextMarshaler.

func (DiscoPublic)Raw32deprecatedadded inv1.18.0

func (kDiscoPublic) Raw32() [32]byte

Raw32 returns k encoded as 32 raw bytes.

Deprecated: only needed for a temporary compat shim in tailcfg, donot add more uses.

func (DiscoPublic)ShortStringadded inv1.18.0

func (kDiscoPublic) ShortString()string

ShortString returns the Tailscale conventional debug representationof a disco key.

func (DiscoPublic)Stringadded inv1.18.0

func (kDiscoPublic) String()string

String returns the output of MarshalText as a string.

func (*DiscoPublic)UnmarshalTextadded inv1.18.0

func (k *DiscoPublic) UnmarshalText(b []byte)error

MarshalText implements encoding.TextUnmarshaler.

typeDiscoSharedadded inv1.18.0

type DiscoShared struct {// contains filtered or unexported fields}

func (DiscoShared)Equaladded inv1.18.0

func (kDiscoShared) Equal(otherDiscoShared)bool

Equal reports whether k and other are the same key.

func (DiscoShared)IsZeroadded inv1.18.0

func (kDiscoShared) IsZero()bool

func (DiscoShared)Openadded inv1.18.0

func (kDiscoShared) Open(ciphertext []byte) (cleartext []byte, okbool)

Open opens the NaCl box ciphertext, which must be a value createdby Seal, and returns the inner cleartext if ciphertext is a validbox using shared secret k.

func (DiscoShared)Sealadded inv1.18.0

func (kDiscoShared) Seal(cleartext []byte) (ciphertext []byte)

Seal wraps cleartext into a NaCl box (seegolang.org/x/crypto/nacl), using k as the shared secret and arandom nonce.

typeHardwareAttestationKeyadded inv1.88.0

type HardwareAttestationKey interface {crypto.Signerjson.Marshalerjson.Unmarshalerio.CloserClone()HardwareAttestationKeyIsZero()bool}

HardwareAttestationKey describes a hardware-backed key that is used toidentify a node. Implementation details willvary based on the platform in use (SecureEnclave for Apple, TPM forWindows/Linux, Android Hardware-backed Keystore).This key can only be marshalled and unmarshaled on the same machine.

funcNewEmptyHardwareAttestationKeyadded inv1.88.0

func NewEmptyHardwareAttestationKey() (HardwareAttestationKey,error)

NewEmptyHardwareAttestationKey returns an empty HardwareAttestationKeysuitable for JSON unmarshaling.

funcNewHardwareAttestationKeyadded inv1.88.0

func NewHardwareAttestationKey() (HardwareAttestationKey,error)

NewHardwareAttestationKey returns a newly created HardwareAttestationKey forthe current platform.

typeHardwareAttestationKeyFnadded inv1.88.0

type HardwareAttestationKeyFn func() (HardwareAttestationKey,error)

HardwareAttestationKeyFn is a callback function type that returns a HardwareAttestationKeyand an error. It is used to register platform-specific implementations ofHardwareAttestationKey.

typeHardwareAttestationPublicadded inv1.90.0

type HardwareAttestationPublic struct {// contains filtered or unexported fields}

HardwareAttestationPublic is the public key counterpart toHardwareAttestationKey.

funcHardwareAttestationPublicFromPlatformKeyadded inv1.90.0

func HardwareAttestationPublicFromPlatformKey(kHardwareAttestationKey)HardwareAttestationPublic

HardwareAttestationPublicFromPlatformKey creates a HardwareAttestationPublicfor communicating the public component of the hardware attestation keywith control and other nodes.

func (HardwareAttestationPublic)AppendTextadded inv1.90.0

func (kHardwareAttestationPublic) AppendText(dst []byte) ([]byte,error)

func (*HardwareAttestationPublic)Cloneadded inv1.90.0

func (HardwareAttestationPublic)Equaladded inv1.90.0

func (HardwareAttestationPublic)IsZeroadded inv1.90.0

IsZero reports whether k is the zero value.

func (HardwareAttestationPublic)MarshalTextadded inv1.90.0

func (kHardwareAttestationPublic) MarshalText() ([]byte,error)

MarshalText implements encoding.TextMarshaler.

func (HardwareAttestationPublic)Stringadded inv1.90.0

String returns the hex-encoded public key with a type prefix.

func (*HardwareAttestationPublic)UnmarshalTextadded inv1.90.0

func (k *HardwareAttestationPublic) UnmarshalText(b []byte)error

UnmarshalText implements encoding.TextUnmarshaler. It expects a typed prefixfollowed by a hex encoded representation of k.

func (HardwareAttestationPublic)Verifieradded inv1.90.0

Verifier returns the ECDSA public key for verifying signatures made by k.

typeMachinePrecomputedSharedKeyadded inv1.30.0

type MachinePrecomputedSharedKey struct {// contains filtered or unexported fields}

MachinePrecomputedSharedKey is a precomputed shared NaCl box shared key.

func (MachinePrecomputedSharedKey)Openadded inv1.30.0

func (kMachinePrecomputedSharedKey) Open(ciphertext []byte) (cleartext []byte, okbool)

Open opens the NaCl box ciphertext, which must be a value created byMachinePrecomputedSharedKey.Seal or MachinePrivate.SealTo, and returns theinner cleartext if ciphertext is a valid box for the shared key k.

func (MachinePrecomputedSharedKey)Sealadded inv1.30.0

func (kMachinePrecomputedSharedKey) Seal(cleartext []byte) (ciphertext []byte)

Seal wraps cleartext into a NaCl box (seegolang.org/x/crypto/nacl) using the shared key k as generatedby MachinePrivate.SharedKey.

The returned ciphertext is a 24-byte nonce concatenated with thebox value.

typeMachinePrivateadded inv1.16.0

type MachinePrivate struct {// contains filtered or unexported fields}

MachinePrivate is a machine key, used for communication with theTailscale coordination server.

funcNewMachineadded inv1.16.0

func NewMachine()MachinePrivate

NewMachine creates and returns a new machine private key.

func (MachinePrivate)AppendTextadded inv1.50.0

func (kMachinePrivate) AppendText(b []byte) ([]byte,error)

AppendText implements encoding.TextAppender.

func (MachinePrivate)Equaladded inv1.16.0

Equal reports whether k and other are the same key.

func (MachinePrivate)IsZeroadded inv1.16.0

func (kMachinePrivate) IsZero()bool

IsZero reports whether k is the zero value.

func (MachinePrivate)MarshalTextadded inv1.16.0

func (kMachinePrivate) MarshalText() ([]byte,error)

MarshalText implements encoding.TextMarshaler.

func (MachinePrivate)OpenFromadded inv1.16.0

func (kMachinePrivate) OpenFrom(pMachinePublic, ciphertext []byte) (cleartext []byte, okbool)

OpenFrom opens the NaCl box ciphertext, which must be a valuecreated by SealTo, and returns the inner cleartext if ciphertext isa valid box from p to k.

func (MachinePrivate)Publicadded inv1.16.0

Public returns the MachinePublic for k.Panics if MachinePrivate is zero.

func (MachinePrivate)SealToadded inv1.16.0

func (kMachinePrivate) SealTo(pMachinePublic, cleartext []byte) (ciphertext []byte)

SealTo wraps cleartext into a NaCl box (seegolang.org/x/crypto/nacl) to p, authenticated from k, using arandom nonce.

The returned ciphertext is a 24-byte nonce concatenated with thebox value.

func (MachinePrivate)SharedKeyadded inv1.30.0

SharedKey returns the precomputed Nacl box shared key between k and p.

func (*MachinePrivate)UnmarshalTextadded inv1.16.0

func (k *MachinePrivate) UnmarshalText(b []byte)error

MarshalText implements encoding.TextUnmarshaler.

func (MachinePrivate)UntypedBytesdeprecatedadded inv1.18.0

func (kMachinePrivate) UntypedBytes() []byte

UntypedBytes returns k, encoded as an untyped 64-character hexstring.

Deprecated: this function is risky to use, because it producesserialized values that do not identify themselves as aMachinePrivate, allowing other code to potentially parse it back inas the wrong key type. For new uses that don't require thisspecific raw byte serialization, please useMarshalText/UnmarshalText.

typeMachinePublicadded inv1.16.0

type MachinePublic struct {// contains filtered or unexported fields}

MachinePublic is the public portion of a a MachinePrivate.

funcMachinePublicFromRaw32added inv1.18.0

func MachinePublicFromRaw32(rawmem.RO)MachinePublic

MachinePublicFromRaw32 parses a 32-byte raw value as a MachinePublic.

This should be used only when deserializing a MachinePublic from abinary protocol.

funcParseMachinePublicUntypeddeprecatedadded inv1.16.0

func ParseMachinePublicUntyped(rawmem.RO) (MachinePublic,error)

ParseMachinePublicUntyped parses an untyped 64-character hex valueas a MachinePublic.

Deprecated: this function is risky to use, because it cannot verifythat the hex string was intended to be a MachinePublic. This canlead to accidentally decoding one type of key as another. For newuses that don't require backwards compatibility with the untypedstring format, please use MarshalText/UnmarshalText.

func (MachinePublic)AppendTextadded inv1.50.0

func (kMachinePublic) AppendText(b []byte) ([]byte,error)

AppendText implements encoding.TextAppender.

func (MachinePublic)IsZeroadded inv1.16.0

func (kMachinePublic) IsZero()bool

IsZero reports whether k is the zero value.

func (MachinePublic)MarshalTextadded inv1.16.0

func (kMachinePublic) MarshalText() ([]byte,error)

MarshalText implements encoding.TextMarshaler.

func (MachinePublic)ShortStringadded inv1.16.0

func (kMachinePublic) ShortString()string

ShortString returns the Tailscale conventional debug representationof a public key: the first five base64 digits of the key, in squarebrackets.

func (MachinePublic)Stringadded inv1.16.0

func (kMachinePublic) String()string

String returns the output of MarshalText as a string.

func (*MachinePublic)UnmarshalTextadded inv1.16.0

func (k *MachinePublic) UnmarshalText(b []byte)error

MarshalText implements encoding.TextUnmarshaler.

func (MachinePublic)UntypedBytesdeprecatedadded inv1.18.0

func (kMachinePublic) UntypedBytes() []byte

UntypedBytes returns k, encoded as an untyped 64-character hexstring.

Deprecated: this function is risky to use, because it producesserialized values that do not identify themselves as aMachinePublic, allowing other code to potentially parse it back inas the wrong key type. For new uses that don't require thisspecific raw byte serialization, please useMarshalText/UnmarshalText.

func (MachinePublic)UntypedHexStringdeprecatedadded inv1.16.0

func (kMachinePublic) UntypedHexString()string

UntypedHexString returns k, encoded as an untyped 64-character hexstring.

Deprecated: this function is risky to use, because it producesserialized values that do not identify themselves as aMachinePublic, allowing other code to potentially parse it back inas the wrong key type. For new uses that don't require backwardscompatibility with the untyped string format, please useMarshalText/UnmarshalText.

typeNLPrivateadded inv1.30.0

type NLPrivate struct {// contains filtered or unexported fields}

NLPrivate is a node-managed network-lock key, used for signingnode-key signatures and authority update messages.

funcNewNLPrivateadded inv1.30.0

func NewNLPrivate()NLPrivate

NewNLPrivate creates and returns a new network-lock key.

func (NLPrivate)AppendTextadded inv1.50.0

func (kNLPrivate) AppendText(b []byte) ([]byte,error)

AppendText implements encoding.TextAppender.

func (NLPrivate)Equaladded inv1.34.0

func (kNLPrivate) Equal(otherNLPrivate)bool

Equal reports whether k and other are the same key.

func (NLPrivate)IsZeroadded inv1.30.0

func (kNLPrivate) IsZero()bool

IsZero reports whether k is the zero value.

func (NLPrivate)KeyIDadded inv1.30.0

func (kNLPrivate) KeyID()tkatype.KeyID

KeyID returns an identifier for this key.

func (NLPrivate)MarshalTextadded inv1.30.0

func (kNLPrivate) MarshalText() ([]byte,error)

MarshalText implements encoding.TextMarshaler.

func (NLPrivate)Publicadded inv1.30.0

func (kNLPrivate) Public()NLPublic

Public returns the public component of this key.

func (NLPrivate)SignAUMadded inv1.30.0

func (kNLPrivate) SignAUM(sigHashtkatype.AUMSigHash) ([]tkatype.Signature,error)

SignAUM implements tka.Signer.

func (NLPrivate)SignNKSadded inv1.30.0

func (kNLPrivate) SignNKS(sigHashtkatype.NKSSigHash) ([]byte,error)

SignNKS signs the tka.NodeKeySignature identified by sigHash.

func (*NLPrivate)UnmarshalTextadded inv1.30.0

func (k *NLPrivate) UnmarshalText(b []byte)error

MarshalText implements encoding.TextUnmarshaler.

typeNLPublicadded inv1.30.0

type NLPublic struct {// contains filtered or unexported fields}

NLPublic is the public portion of a a NLPrivate.

funcNLPublicFromEd25519Unsafeadded inv1.34.0

func NLPublicFromEd25519Unsafe(publiced25519.PublicKey)NLPublic

NLPublicFromEd25519Unsafe converts an ed25519 public key intoa type of NLPublic.

New uses of this function should be avoided, as its possible toaccidentally construct an NLPublic from a non network-lock key.

func (NLPublic)AppendTextadded inv1.50.0

func (kNLPublic) AppendText(b []byte) ([]byte,error)

AppendText implements encoding.TextAppender.

func (NLPublic)CLIStringadded inv1.34.0

func (kNLPublic) CLIString()string

CLIString returns a marshalled representation suitable for usewith tailnet lock commands, of the form tlpub:<hex> instead ofthe nlpub:<hex> form emitted by MarshalText. Both forms canbe decoded by UnmarshalText.

func (NLPublic)Equaladded inv1.30.0

func (kNLPublic) Equal(otherNLPublic)bool

Equal reports whether k and other are the same key.

func (NLPublic)IsZeroadded inv1.30.0

func (kNLPublic) IsZero()bool

IsZero reports whether k is the zero value.

func (NLPublic)KeyIDadded inv1.34.0

func (kNLPublic) KeyID()tkatype.KeyID

KeyID returns a tkatype.KeyID that can be used with a tka.Authority.

func (NLPublic)MarshalTextadded inv1.30.0

func (kNLPublic) MarshalText() ([]byte,error)

MarshalText implements encoding.TextMarshaler, emitting arepresentation of the form nlpub:<hex>.

func (*NLPublic)UnmarshalTextadded inv1.30.0

func (k *NLPublic) UnmarshalText(b []byte)error

UnmarshalText implements encoding.TextUnmarshaler. This functionis able to decode both the CLI form (tlpub:<hex>) & theregular form (nlpub:<hex>).

func (NLPublic)Verifieradded inv1.30.0

func (kNLPublic) Verifier()ed25519.PublicKey

Verifier returns a ed25519.PublicKey that can be used toverify signatures.

typeNodePrivateadded inv1.18.0

type NodePrivate struct {// contains filtered or unexported fields}

NodePrivate is a node key, used for WireGuard tunnels andcommunication with DERP servers.

funcNewNodeadded inv1.18.0

func NewNode()NodePrivate

NewNode creates and returns a new node private key.

funcNodePrivateFromRaw32deprecatedadded inv1.18.0

func NodePrivateFromRaw32(rawmem.RO)NodePrivate

NodePrivateFromRaw32 parses a 32-byte raw value as a NodePrivate.

Deprecated: only needed to cast from legacy node private key types,do not add more uses unrelated to #3206.

funcParseNodePrivateUntypedadded inv1.18.0

func ParseNodePrivateUntyped(rawmem.RO) (NodePrivate,error)

func (NodePrivate)AppendTextadded inv1.50.0

func (kNodePrivate) AppendText(b []byte) ([]byte,error)

AppendText implements encoding.TextAppender.

func (NodePrivate)Equaladded inv1.18.0

func (kNodePrivate) Equal(otherNodePrivate)bool

Equal reports whether k and other are the same key.

func (NodePrivate)IsZeroadded inv1.18.0

func (kNodePrivate) IsZero()bool

IsZero reports whether k is the zero value.

func (NodePrivate)MarshalTextadded inv1.18.0

func (kNodePrivate) MarshalText() ([]byte,error)

MarshalText implements encoding.TextMarshaler.

func (NodePrivate)OpenFromadded inv1.18.0

func (kNodePrivate) OpenFrom(pNodePublic, ciphertext []byte) (cleartext []byte, okbool)

OpenFrom opens the NaCl box ciphertext, which must be a valuecreated by SealTo, and returns the inner cleartext if ciphertext isa valid box from p to k.

func (NodePrivate)Publicadded inv1.18.0

func (kNodePrivate) Public()NodePublic

Public returns the NodePublic for k.Panics if NodePrivate is zero.

func (NodePrivate)SealToadded inv1.18.0

func (kNodePrivate) SealTo(pNodePublic, cleartext []byte) (ciphertext []byte)

SealTo wraps cleartext into a NaCl box (seegolang.org/x/crypto/nacl) to p, authenticated from k, using arandom nonce.

The returned ciphertext is a 24-byte nonce concatenated with thebox value.

func (NodePrivate)SealToChallengeadded inv1.34.0

func (kNodePrivate) SealToChallenge(pChallengePublic, cleartext []byte) (ciphertext []byte)

SealToChallenge is like SealTo, but for a ChallengePublic.

func (*NodePrivate)UnmarshalTextadded inv1.18.0

func (k *NodePrivate) UnmarshalText(b []byte)error

MarshalText implements encoding.TextUnmarshaler.

func (NodePrivate)UntypedHexStringadded inv1.18.0

func (kNodePrivate) UntypedHexString()string

typeNodePublicadded inv1.18.0

type NodePublic struct {// contains filtered or unexported fields}

NodePublic is the public portion of a NodePrivate.

funcNodePublicFromRaw32added inv1.18.0

func NodePublicFromRaw32(rawmem.RO)NodePublic

NodePublicFromRaw32 parses a 32-byte raw value as a NodePublic.

This should be used only when deserializing a NodePublic from abinary protocol.

funcNodePublicWithBadOldPrefixadded inv1.36.0

func NodePublicWithBadOldPrefix(kNodePublic)NodePublic

NodePublicWithBadOldPrefix returns a copy of k with its leading public keybytes mutated such that it base64's to a ShortString of [bad01] ("bad ol'"[expired node key]).

funcParseNodePublicUntypeddeprecatedadded inv1.18.0

func ParseNodePublicUntyped(rawmem.RO) (NodePublic,error)

ParseNodePublicUntyped parses an untyped 64-character hex valueas a NodePublic.

Deprecated: this function is risky to use, because it cannot verifythat the hex string was intended to be a NodePublic. This canlead to accidentally decoding one type of key as another. For newuses that don't require backwards compatibility with the untypedstring format, please use MarshalText/UnmarshalText.

func (NodePublic)AppendTextadded inv1.50.0

func (kNodePublic) AppendText(b []byte) ([]byte,error)

AppendText implements encoding.TextAppender. It appends a typed prefixfollowed by hex encoded represtation of k to b.

func (NodePublic)AppendToadded inv1.18.0

func (kNodePublic) AppendTo(buf []byte) []byte

AppendTo appends k, serialized as a 32-byte binary value, tobuf. Returns the new slice.

func (NodePublic)Compareadded inv1.50.0

func (pNodePublic) Compare(p2NodePublic)int

Compare returns -1, 0, or 1, depending on whether p orders before p2,using bytes.Compare on the bytes of the public key.

func (NodePublic)IsZeroadded inv1.18.0

func (kNodePublic) IsZero()bool

IsZero reports whether k is the zero value.

func (NodePublic)Lessadded inv1.18.0

func (kNodePublic) Less(otherNodePublic)bool

Less reports whether k orders before other, using an undocumenteddeterministic ordering.

func (NodePublic)MarshalBinaryadded inv1.30.0

func (kNodePublic) MarshalBinary() (data []byte, errerror)

MarshalBinary implements encoding.BinaryMarshaler.

func (NodePublic)MarshalTextadded inv1.18.0

func (kNodePublic) MarshalText() ([]byte,error)

MarshalText implements encoding.TextMarshaler. It returns a typed prefixfollowed by a hex encoded representation of k.

func (NodePublic)Raw32deprecatedadded inv1.18.0

func (kNodePublic) Raw32() [32]byte

Raw32 returns k encoded as 32 raw bytes.

Deprecated: only needed for a single legacy use in the controlserver and a few places in the wireguard-go API; don't addmore uses.

func (*NodePublic)ReadRawWithoutAllocatingadded inv1.18.0

func (k *NodePublic) ReadRawWithoutAllocating(br *bufio.Reader)error

ReadRawWithoutAllocating initializes k with bytes read from br.The reading is done ~4x slower than io.ReadFull, but in exchange isallocation-free.

func (NodePublic)Shardadded inv1.26.0

func (pNodePublic) Shard()uint8

Shard returns a uint8 number from a public key withmostly-uniform distribution, suitable for sharding.

func (NodePublic)ShortStringadded inv1.18.0

func (kNodePublic) ShortString()string

ShortString returns the Tailscale conventional debug representationof a public key: the first five base64 digits of the key, in squarebrackets.

func (NodePublic)Stringadded inv1.18.0

func (kNodePublic) String()string

String returns k as a hex-encoded string with a type prefix.

func (*NodePublic)UnmarshalBinaryadded inv1.30.0

func (k *NodePublic) UnmarshalBinary(in []byte)error

UnmarshalBinary implements encoding.BinaryUnmarshaler.

func (*NodePublic)UnmarshalTextadded inv1.18.0

func (k *NodePublic) UnmarshalText(b []byte)error

UnmarshalText implements encoding.TextUnmarshaler. It expects a typed prefixfollowed by a hex encoded representation of k.

func (NodePublic)UntypedHexStringdeprecatedadded inv1.18.0

func (kNodePublic) UntypedHexString()string

UntypedHexString returns k, encoded as an untyped 64-character hexstring.

Deprecated: this function is risky to use, because it producesserialized values that do not identify themselves as aNodePublic, allowing other code to potentially parse it back inas the wrong key type. For new uses that don't require backwardscompatibility with the untyped string format, please useMarshalText/UnmarshalText.

func (NodePublic)WireGuardGoStringadded inv1.18.0

func (kNodePublic) WireGuardGoString()string

WireGuardGoString prints k in the same format used by wireguard-go.

func (NodePublic)WriteRawWithoutAllocatingadded inv1.18.0

func (kNodePublic) WriteRawWithoutAllocating(bw *bufio.Writer)error

WriteRawWithoutAllocating writes out k as 32 bytes to bw.The writing is done ~3x slower than bw.Write, but in exchange isallocation-free.

typeSortedPairOfDiscoPublicadded inv1.86.0

type SortedPairOfDiscoPublic struct {// contains filtered or unexported fields}

SortedPairOfDiscoPublic is a lexicographically sorted container of twoDiscoPublic keys.

funcNewSortedPairOfDiscoPublicadded inv1.86.0

func NewSortedPairOfDiscoPublic(a, bDiscoPublic)SortedPairOfDiscoPublic

NewSortedPairOfDiscoPublic returns a SortedPairOfDiscoPublic from a and b.

func (SortedPairOfDiscoPublic)Equaladded inv1.86.0

Equal returns true if s and b are equal, otherwise it returns false.

func (SortedPairOfDiscoPublic)Getadded inv1.86.0

Get returns the underlying keys.

func (SortedPairOfDiscoPublic)Stringadded inv1.86.0

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f orF : Jump to
y orY : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic.Learn more.
[8]ページ先頭
©2009-2025 Movatter.jp