tka
package
This package is not in the latest version of its module.
Details
Validgo.mod file
The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
- Redistributable license
Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
- Tagged version
Modules with tagged versions give importers more predictable builds.
- Stable version
When a project reaches major version v1 it is considered stable.
- Learn more about best practices
Repository
Links
Open Source Insights
Documentation¶
Overview¶
Package tka implements the Tailnet Key Authority (TKA) for Tailnet Lock.
Index¶
- Constants
- Variables
- func Create(storage Chonk, state State, signer Signer) (*Authority, AUM, error)
- func DisablementKDF(secret []byte) []byte
- func FromSyncOffer(offer SyncOffer) (head string, ancestors []string, err error)
- func ResignNKS(priv key.NLPrivate, nodeKey key.NodePublic, oldNKS tkatype.MarshaledSignature) (tkatype.MarshaledSignature, error)
- func SignByCredential(privKey []byte, wrapped *NodeKeySignature, nodeKey key.NodePublic) (tkatype.MarshaledSignature, error)
- type AUM
- type AUMHash
- type AUMKind
- type Authority
- func (a *Authority) Clone() *Authority
- func (a *Authority) Compact(storage CompactableChonk, o CompactionOptions) error
- func (a *Authority) Head() AUMHash
- func (a *Authority) Inform(storage Chonk, updates []AUM) error
- func (a *Authority) InformIdempotent(storage Chonk, updates []AUM) (Authority, error)
- func (a *Authority) KeyTrusted(keyID tkatype.KeyID) bool
- func (a *Authority) Keys() []Key
- func (a *Authority) MakeRetroactiveRevocation(storage Chonk, removeKeys []tkatype.KeyID, ourKey tkatype.KeyID, ...) (*AUM, error)
- func (a *Authority) MissingAUMs(storage Chonk, remoteOffer SyncOffer) ([]AUM, error)
- func (a *Authority) NewDeeplink(params NewDeeplinkParams) (string, error)
- func (a *Authority) NewUpdater(signer Signer) *UpdateBuilder
- func (a *Authority) NodeKeyAuthorized(nodeKey key.NodePublic, nodeKeySignature tkatype.MarshaledSignature) error
- func (a *Authority) NodeKeyAuthorizedWithDetails(nodeKey key.NodePublic, nodeKeySignature tkatype.MarshaledSignature) (*RotationDetails, error)
- func (a *Authority) StateIDs() (uint64, uint64)
- func (a *Authority) SyncOffer(storage Chonk) (SyncOffer, error)
- func (a *Authority) ValidDisablement(secret []byte) bool
- func (a *Authority) ValidateDeeplink(urlString string) DeeplinkValidationResult
- type Chonk
- type CompactableChonk
- type CompactionOptions
- type DeeplinkValidationResult
- type FS
- func (c *FS) AUM(hash AUMHash) (AUM, error)
- func (c *FS) AllAUMs() ([]AUMHash, error)
- func (c *FS) ChildAUMs(prevAUMHash AUMHash) ([]AUM, error)
- func (c *FS) CommitTime(h AUMHash) (time.Time, error)
- func (c *FS) CommitVerifiedAUMs(updates []AUM) error
- func (c *FS) Heads() ([]AUM, error)
- func (c *FS) LastActiveAncestor() (*AUMHash, error)
- func (c *FS) PurgeAUMs(hashes []AUMHash) error
- func (c *FS) RemoveAll() error
- func (c *FS) SetLastActiveAncestor(hash AUMHash) error
- type Key
- type KeyKind
- type Mem
- func (c *Mem) AUM(hash AUMHash) (AUM, error)
- func (c *Mem) AllAUMs() ([]AUMHash, error)
- func (c *Mem) ChildAUMs(prevAUMHash AUMHash) ([]AUM, error)
- func (c *Mem) CommitTime(h AUMHash) (time.Time, error)
- func (c *Mem) CommitVerifiedAUMs(updates []AUM) error
- func (c *Mem) Heads() ([]AUM, error)
- func (c *Mem) LastActiveAncestor() (*AUMHash, error)
- func (c *Mem) PurgeAUMs(hashes []AUMHash) error
- func (c *Mem) RemoveAll() error
- func (c *Mem) SetClock(clock tstime.Clock)
- func (c *Mem) SetLastActiveAncestor(hash AUMHash) error
- type NewDeeplinkParams
- type NodeKeySignature
- func (src *NodeKeySignature) Clone() *NodeKeySignature
- func (s *NodeKeySignature) Serialize() tkatype.MarshaledSignature
- func (s NodeKeySignature) SigHash() [blake2s.Size]byte
- func (s NodeKeySignature) String() string
- func (s *NodeKeySignature) Unserialize(data []byte) error
- func (s NodeKeySignature) UnverifiedAuthorizingKeyID() (tkatype.KeyID, error)
- func (s NodeKeySignature) UnverifiedWrappingPublic() (pub ed25519.PublicKey, ok bool)
- type PrevAUMHash
- type RotationDetails
- type SigKind
- type Signer
- type State
- type SyncOffer
- type UpdateBuilder
- func (b *UpdateBuilder) AddKey(key Key) error
- func (b *UpdateBuilder) Finalize(storage Chonk) ([]AUM, error)
- func (b *UpdateBuilder) RemoveKey(keyID tkatype.KeyID) error
- func (b *UpdateBuilder) SetKeyMeta(keyID tkatype.KeyID, meta map[string]string) error
- func (b *UpdateBuilder) SetKeyVote(keyID tkatype.KeyID, votes uint) error
Constants¶
const (DeeplinkTailscaleURLScheme = "tailscale"DeeplinkCommandSign = "sign-device")
Variables¶
var ErrNoIntersection =errors.New("no intersection")ErrNoIntersection is returned when a shared AUM couldnot be determined when evaluating a remote sync offer.
var ErrNoSuchKey =errors.New("key not found")ErrNoSuchKey is returned if the key referenced by a KeyID does not exist.
Functions¶
funcCreate¶added inv1.30.0
Create initializes a brand-new TKA, generating a genesis updateand committing it to the given storage.
The given signer must also be present in state as a trusted key.
Do not use this to initialize a TKA that already exists, use Open()or Bootstrap() instead.
funcDisablementKDF¶added inv1.32.0
DisablementKDF computes a public value which can be stored in akey authority, but cannot be reversed to find the input secret.
When the output of this function is stored in tka state (i.e. intka.State.DisablementSecrets) a call to Authority.ValidDisablement()with the input of this function as the argument will return true.
funcFromSyncOffer¶added inv1.92.0
FromSyncOffer marshals the fields of a SyncOffer so they can besent in a [tailcfg.TKASyncOfferRequest].
funcResignNKS¶added inv1.68.0
func ResignNKS(privkey.NLPrivate, nodeKeykey.NodePublic, oldNKStkatype.MarshaledSignature) (tkatype.MarshaledSignature,error)
ResignNKS re-signs a node-key signature for a new node-key.
This only matters on network-locked tailnets, because node-key signatures arehow other nodes know that a node-key is authentic. When the node-key isrotated then the existing signature becomes invalid, so this function isresponsible for generating a new wrapping signature to certify the new node-key.
The signature itself is a SigRotation signature, which embeds the old signatureand certifies the new node-key as a replacement for the old by signing the newsignature with RotationPubkey (which is the node's own network-lock key).
funcSignByCredential¶added inv1.68.2
func SignByCredential(privKey []byte, wrapped *NodeKeySignature, nodeKeykey.NodePublic) (tkatype.MarshaledSignature,error)
SignByCredential signs a node public key by a private key which has itssigning authority delegated by a SigCredential signature. This is used bywrapped auth keys.
Types¶
typeAUM¶
type AUM struct {MessageKindAUMKind `cbor:"1,keyasint"`PrevAUMHashPrevAUMHash `cbor:"2,keyasint"`// Key encodes a public key to be added to the key authority.// This field is used for AddKey AUMs.Key *Key `cbor:"3,keyasint,omitempty"`// KeyID references a public key which is part of the key authority.// This field is used for RemoveKey and UpdateKey AUMs.KeyIDtkatype.KeyID `cbor:"4,keyasint,omitempty"`// State describes the full state of the key authority.// This field is used for Checkpoint AUMs.State *State `cbor:"5,keyasint,omitempty"`// Votes and Meta describe properties of a key in the key authority.// These fields are used for UpdateKey AUMs.Votes *uint `cbor:"6,keyasint,omitempty"`Meta map[string]string `cbor:"7,keyasint,omitempty"`// Signatures lists the signatures over this AUM.// CBOR key 23 is the last key which can be encoded as a single byte.Signatures []tkatype.Signature `cbor:"23,keyasint,omitempty"`}AUM describes an Authority Update Message.
The rules for adding new types of AUMs (MessageKind):
- CBOR key IDs must never be changed.
- New AUM types must not change semantics that are manipulated by otherAUM types.
- The serialization of existing data cannot change (in other words, ifan existing serialization test in aum_test.go fails, you need to try adifferent approach).
The rules for adding new fields are as follows:
- Must all be optional.
- An unset value must not result in serialization overhead. This isnecessary so the serialization of older AUMs stays the same.
- New processing semantics of the new fields must be compatible with thebehavior of old clients (which will ignore the field).
- No floats!
func (*AUM)Parent¶
Parent returns the parent's AUM hash and true, or azero value and false if there was no parent.
func (*AUM)Serialize¶
func (a *AUM) Serialize()tkatype.MarshaledAUM
Serialize returns the given AUM in a serialized format.
We would implement encoding.BinaryMarshaler, except that wouldunfortunately get called by the cbor marshaller resulting in infiniterecursion.
func (AUM)SigHash¶
func (aAUM) SigHash()tkatype.AUMSigHash
SigHash returns the cryptographic digest which a signatureis over.
This is identical to Hash() except the Signatures are notserialized. Without this, the hash used for signatureswould be circularly dependent on the signatures.
func (*AUM)StaticValidate¶
StaticValidate returns a nil error if the AUM is well-formed.
func (*AUM)Unserialize¶added inv1.30.0
Unserialize decodes bytes representing a marshaled AUM.
We would implement encoding.BinaryUnmarshaler, except that wouldunfortunately get called by the cbor unmarshaller resulting in infiniterecursion.
typeAUMHash¶
AUMHash represents the BLAKE2s digest of an Authority Update Message (AUM).
funcCompact¶added inv1.38.0
func Compact(storageCompactableChonk, headAUMHash, optsCompactionOptions) (lastActiveAncestorAUMHash, errerror)
Compact deletes old AUMs from storage, based on the parameters given in opts.
func (AUMHash)AppendText¶added inv1.50.0
AppendText implements encoding.TextAppender.
func (AUMHash)MarshalText¶added inv1.30.0
MarshalText implements encoding.TextMarshaler.
func (AUMHash)String¶added inv1.30.0
String returns the AUMHash encoded as base32.This is suitable for use as a filename, and for storing in text-preferred media.
func (*AUMHash)UnmarshalText¶added inv1.30.0
UnmarshalText implements encoding.TextUnmarshaler.
typeAUMKind¶
type AUMKinduint8
AUMKind describes valid AUM types.
const (AUMInvalidAUMKind =iota// An AddKey AUM describes a new key trusted by the TKA.//// Only the Key optional field may be set.AUMAddKey// A RemoveKey AUM describes the removal of a key trusted by TKA.//// Only the KeyID optional field may be set.AUMRemoveKey// A NoOp AUM carries no information and is used in tests.AUMNoOp// A UpdateKey AUM updates the metadata or votes of an existing key.//// Only KeyID, along with either/or Meta or Votes optional fields// may be set.AUMUpdateKey// A Checkpoint AUM specifies the full state of the TKA.//// Only the State optional field may be set.AUMCheckpoint)
Valid AUM types. Do NOT reorder.
typeAuthority¶added inv1.30.0
type Authority struct {// contains filtered or unexported fields}Authority is a Tailnet Key Authority. This type is the main couplingpoint to the rest of the tailscale client.
Authority objects can either be created from an existing, non-emptytailchonk (via tka.Open()), or created from scratch using tka.Bootstrap()or tka.Create().
funcBootstrap¶added inv1.30.0
Bootstrap initializes a TKA based on the given checkpoint.
Call this when setting up a new nodes' TKA, but other nodeswith initialized TKA's exist.
Pass the returned genesis AUM from Create(), or a later checkpoint AUM.
TODO(tom): We should test an authority bootstrapped from a later checkpointworks fine with sync and everything.
funcOpen¶added inv1.30.0
Open initializes an existing TKA from the given tailchonk.
Only use this if the current node has initialized an Authority before.If a TKA exists on other nodes but there's nothing locally, use Bootstrap().If no TKA exists anywhere and you are creating it for the firsttime, use New().
func (*Authority)Compact¶added inv1.38.0
func (a *Authority) Compact(storageCompactableChonk, oCompactionOptions)error
Compact deletes historical AUMs based on the given compaction options.
func (*Authority)Head¶added inv1.30.0
Head returns the AUM digest of the latest update applied to the statemachine.
func (*Authority)Inform¶added inv1.30.0
Inform is the same as InformIdempotent, except the state of the Authorityis updated in-place.
func (*Authority)InformIdempotent¶added inv1.30.0
InformIdempotent returns a new Authority based on applying the givenupdates, with the given updates committed to storage.
If any of the updates could not be applied:
- An error is returned
- No changes to storage are made.
MissingAUMs() should be used to get a list of updates appropriate forthis function. In any case, updates should be ordered oldest to newest.
func (*Authority)KeyTrusted¶added inv1.30.0
KeyTrusted returns true if the given keyID is trusted by the tailnetkey authority.
func (*Authority)Keys¶added inv1.34.0
Keys returns the set of keys trusted by the tailnet key authority.
func (*Authority)MakeRetroactiveRevocation¶added inv1.48.0
func (a *Authority) MakeRetroactiveRevocation(storageChonk, removeKeys []tkatype.KeyID, ourKeytkatype.KeyID, forkFromAUMHash) (*AUM,error)
MakeRetroactiveRevocation generates a forking update which revokes the specified keys, insuch a manner that any malicious use of those keys is erased.
If forkFrom is specified, it is used as the parent AUM to fork from. If the zero value,the parent AUM is determined automatically.
The generated AUM must be signed with more signatures than the sum of key votes thatwere compromised, before being consumed by tka.Authority methods.
func (*Authority)MissingAUMs¶added inv1.30.0
MissingAUMs returns AUMs a remote may be missing based on theremotes' SyncOffer.
func (*Authority)NewDeeplink¶added inv1.44.0
func (a *Authority) NewDeeplink(paramsNewDeeplinkParams) (string,error)
NewDeeplink creates a signed deeplink using the authority's stateID as asecret. This deeplink can then be validated by ValidateDeeplink.
func (*Authority)NewUpdater¶added inv1.30.0
func (a *Authority) NewUpdater(signerSigner) *UpdateBuilder
NewUpdater returns a builder you can use to make changes tothe tailnet key authority.
The provided signer function, if non-nil, is called with each updateto compute and apply signatures.
Updates are specified by calling methods on the returned UpdatedBuilder.Call Finalize() when you are done to obtain the specific update messageswhich actuate the changes.
func (*Authority)NodeKeyAuthorized¶added inv1.30.0
func (a *Authority) NodeKeyAuthorized(nodeKeykey.NodePublic, nodeKeySignaturetkatype.MarshaledSignature)error
NodeKeyAuthorized checks if the provided nodeKeySignature authorizesthe given node key.
func (*Authority)NodeKeyAuthorizedWithDetails¶added inv1.68.0
func (a *Authority) NodeKeyAuthorizedWithDetails(nodeKeykey.NodePublic, nodeKeySignaturetkatype.MarshaledSignature) (*RotationDetails,error)
NodeKeyAuthorized checks if the provided nodeKeySignature authorizesthe given node key, and returns RotationDetails if the signature isa valid rotation signature.
func (*Authority)StateIDs¶added inv1.34.0
StateIDs returns the stateIDs for this tailnet key authority. Theseare values that are fixed for the lifetime of the authority: seecomments on the relevant fields in state.go.
func (*Authority)SyncOffer¶added inv1.30.0
SyncOffer returns an abbreviated description of the current AUMchain, which can be used to synchronize with another (untrusted)Authority instance.
The returned SyncOffer structure should be transmitted to the remoteAuthority, which should call MissingAUMs() using it to determineAUMs which need to be transmitted. This list of AUMs from the remotecan then be applied locally with Inform().
This SyncOffer + AUM exchange should be performed by both ends,because it's possible that either end has AUMs that the other needsto find out about.
func (*Authority)ValidDisablement¶added inv1.30.0
ValidDisablement returns true if the disablement secret was correct.
If this method returns true, the caller should shut down the authorityand purge all network-lock state.
func (*Authority)ValidateDeeplink¶added inv1.44.0
func (a *Authority) ValidateDeeplink(urlStringstring)DeeplinkValidationResult
ValidateDeeplink validates a device signing deeplink using the authority's stateID.The input urlString follows this structure:
tailscale://sign-device/v1/?nk=xxx&tp=xxx&dn=xxx&os=xxx&em=xxx&hm=xxx
where:- "nk" is the nodekey of the node being signed- "tp" is the tailnet lock public key- "dn" is the name of the node- "os" is the operating system of the node- "em" is the email address associated with the node- "hm" is a SHA-256 HMAC computed over the concatenation of the above fields, encoded as a hex string
typeChonk¶
type Chonk interface {// AUM returns the AUM with the specified digest.//// If the AUM does not exist, then os.ErrNotExist is returned.AUM(hashAUMHash) (AUM,error)// ChildAUMs returns all AUMs with a specified previous// AUM hash.ChildAUMs(prevAUMHashAUMHash) ([]AUM,error)// CommitVerifiedAUMs durably stores the provided AUMs.// Callers MUST ONLY provide AUMs which are verified (specifically,// a call to aumVerify() must return a nil error).// as the implementation assumes that only verified AUMs are stored.CommitVerifiedAUMs(updates []AUM)error// Heads returns AUMs for which there are no children. In other// words, the latest AUM in all possible chains (the 'leaves').Heads() ([]AUM,error)// SetLastActiveAncestor is called to record the oldest-known AUM// that contributed to the current state. This value is used as// a hint on next startup to determine which chain to pick when computing// the current state, if there are multiple distinct chains.SetLastActiveAncestor(hashAUMHash)error// LastActiveAncestor returns the oldest-known AUM that was (in a// previous run) an ancestor of the current state. This is used// as a hint to pick the correct chain in the event that the Chonk stores// multiple distinct chains.LastActiveAncestor() (*AUMHash,error)}Chonk implementations provide durable storage for AUMs and otherTKA state.
All methods must be thread-safe.
The name 'tailchonk' was coined by @catzkorn.
typeCompactableChonk¶added inv1.38.0
type CompactableChonk interface {Chonk// AllAUMs returns all AUMs stored in the chonk.AllAUMs() ([]AUMHash,error)// CommitTime returns the time at which the AUM was committed.//// If the AUM does not exist, then os.ErrNotExist is returned.CommitTime(hashAUMHash) (time.Time,error)// PurgeAUMs permanently and irrevocably deletes the specified// AUMs from storage.PurgeAUMs(hashes []AUMHash)error// RemoveAll permanently and completely clears the TKA state. This should// be called when the user disables Tailnet Lock.RemoveAll()error}CompactableChonk implementation are extensions of Chonk, which areable to be operated by compaction logic to deleted old AUMs.
typeCompactionOptions¶added inv1.38.0
type CompactionOptions struct {// The minimum number of ancestor AUMs to remember. The actual length// of the chain post-compaction may be longer to reach a Checkpoint AUM.MinChainint// The minimum duration to store an AUM before it is a candidate for deletion.MinAgetime.Duration}CompactionOptions describes tuneables to use when compacting a Chonk.
typeDeeplinkValidationResult¶added inv1.44.0
typeFS¶
type FS struct {// contains filtered or unexported fields}FS implements filesystem storage of TKA state.
FS implements the Chonk interface.
funcChonkDir¶added inv1.30.0
ChonkDir returns an implementation of Chonk which uses thegiven directory to store TKA state.
func (*FS)AUM¶
AUM returns the AUM with the specified digest.
If the AUM does not exist, then os.ErrNotExist is returned.
func (*FS)CommitTime¶added inv1.38.0
CommitTime returns the time at which the AUM was committed.
If the AUM does not exist, then os.ErrNotExist is returned.
func (*FS)CommitVerifiedAUMs¶
CommitVerifiedAUMs durably stores the provided AUMs.Callers MUST ONLY provide AUMs which are verified (specifically,a call to aumVerify must return a nil error), as theimplementation assumes that only verified AUMs are stored.
func (*FS)Heads¶
Heads returns AUMs for which there are no children. In otherwords, the latest AUM in all possible chains (the 'leaves').
Heads is expected to be called infrequently compared to AUM() orChildAUMs(), so we haven't put any work into maintaining an index.Instead, the full set of AUMs is scanned.
func (*FS)LastActiveAncestor¶
LastActiveAncestor returns the oldest-known AUM that was (in aprevious run) an ancestor of the current state. This is usedas a hint to pick the correct chain in the event that the Chonk storesmultiple distinct chains.
Nil is returned if no last-active ancestor is set.
func (*FS)SetLastActiveAncestor¶
SetLastActiveAncestor is called to record the oldest-known AUMthat contributed to the current state. This value is used asa hint on next startup to determine which chain to pick when computingthe current state, if there are multiple distinct chains.
typeKey¶
type Key struct {KindKeyKind `cbor:"1,keyasint"`// Votes describes the weight applied to signatures using this key.// Weighting is used to deterministically resolve branches in the AUM// chain (i.e. forks, where two AUMs exist with the same parent).Votesuint `cbor:"2,keyasint"`// Public encodes the public key of the key. For 25519 keys,// this is simply the point on the curve representing the public// key.Public []byte `cbor:"3,keyasint"`// Meta describes arbitrary metadata about the key. This could be// used to store the name of the key, for instance.Meta map[string]string `cbor:"12,keyasint,omitempty"`}Key describes the public components of a key known to network-lock.
func (Key)Clone¶
Clone makes an independent copy of Key.
NOTE: There is a difference between a nil slice and an empty slice for encoding purposes,so an implementation of Clone() must take care to preserve this.
func (Key)Ed25519¶added inv1.34.0
Ed25519 returns the ed25519 public key encoded by Key. An error isreturned for keys which do not represent ed25519 public keys.
func (Key)MustID¶added inv1.36.0
MustID returns the KeyID of the key, panicking if an error isencountered. This must only be used for tests.
func (Key)StaticValidate¶
typeMem¶
type Mem struct {// contains filtered or unexported fields}Mem implements in-memory storage of TKA state, suitable fortests or cases where filesystem storage is unavailable.
Mem implements the Chonk interface.
Mem is thread-safe.
funcChonkMem¶added inv1.92.0
func ChonkMem() *Mem
ChonkMem returns an implementation of Chonk which stores TKA statein-memory.
func (*Mem)CommitTime¶added inv1.90.7
CommitTime returns the time at which the AUM was committed.
If the AUM does not exist, then os.ErrNotExist is returned.
func (*Mem)CommitVerifiedAUMs¶
CommitVerifiedAUMs durably stores the provided AUMs.Callers MUST ONLY provide well-formed and verified AUMs,as the rest of the TKA implementation assumes that onlyverified AUMs are stored.
func (*Mem)Heads¶
Heads returns AUMs for which there are no children. In otherwords, the latest AUM in all chains (the 'leaf').
func (*Mem)LastActiveAncestor¶
func (*Mem)SetClock¶added inv1.92.0
SetClock sets the clock used byMem. This is only for use in tests,and will panic if called from non-test code.
func (*Mem)SetLastActiveAncestor¶
typeNewDeeplinkParams¶added inv1.44.0
typeNodeKeySignature¶added inv1.30.0
type NodeKeySignature struct {// SigKind identifies the variety of signature.SigKindSigKind `cbor:"1,keyasint"`// Pubkey identifies the key.NodePublic which is being authorized.// SigCredential signatures do not use this field.Pubkey []byte `cbor:"2,keyasint,omitempty"`// KeyID identifies which key in the tailnet key authority should// be used to verify this signature. Only set for SigDirect and// SigCredential signature kinds.KeyID []byte `cbor:"3,keyasint,omitempty"`// Signature is the packed (R, S) ed25519 signature over all other// fields of the structure.Signature []byte `cbor:"4,keyasint,omitempty"`// Nested describes a NodeKeySignature which authorizes the node-key// used as Pubkey. Only used for SigRotation signatures.Nested *NodeKeySignature `cbor:"5,keyasint,omitempty"`// WrappingPubkey specifies the ed25519 public key which must be used// to sign a Signature which embeds this one.//// For SigRotation signatures multiple levels deep, intermediate// signatures may omit this value, in which case the parent WrappingPubkey// is used.//// SigCredential signatures use this field to specify the public key// they are certifying, following the usual semanticsfor WrappingPubkey.WrappingPubkey []byte `cbor:"6,keyasint,omitempty"`}NodeKeySignature encapsulates a signature that authorizes a specificnode key, based on verification from keys in the tailnet key authority.
funcDecodeWrappedAuthkey¶added inv1.68.2
func DecodeWrappedAuthkey(wrappedAuthKeystring, logflogger.Logf) (authKeystring, isWrappedbool, sig *NodeKeySignature, prived25519.PrivateKey)
DecodeWrappedAuthkey separates wrapping information from an authkey, if any.In all cases the authkey is returned, sans wrapping information if any.
If the authkey is wrapped, isWrapped returns true, along with the wrapping signatureand private key.
func (*NodeKeySignature)Clone¶added inv1.74.0
func (src *NodeKeySignature) Clone() *NodeKeySignature
Clone makes a deep copy of NodeKeySignature.The result aliases no memory with the original.
func (*NodeKeySignature)Serialize¶added inv1.30.0
func (s *NodeKeySignature) Serialize()tkatype.MarshaledSignature
Serialize returns the given NKS in a serialized format.
We would implement encoding.BinaryMarshaler, except that wouldunfortunately get called by the cbor marshaller resulting in infiniterecursion.
func (NodeKeySignature)SigHash¶added inv1.30.0
func (sNodeKeySignature) SigHash() [blake2s.Size]byte
SigHash returns the cryptographic digest which a signatureis over.
This is a hash of the serialized structure, sans the signature.Without this exclusion, the hash used for the signaturewould be circularly dependent on the signature.
func (NodeKeySignature)String¶added inv1.68.0
func (sNodeKeySignature) String()string
String returns a human-readable representation of the NodeKeySignature,making it easy to see nested signatures.
func (*NodeKeySignature)Unserialize¶added inv1.30.0
func (s *NodeKeySignature) Unserialize(data []byte)error
Unserialize decodes bytes representing a marshaled NKS.
We would implement encoding.BinaryUnmarshaler, except that wouldunfortunately get called by the cbor unmarshaller resulting in infiniterecursion.
func (NodeKeySignature)UnverifiedAuthorizingKeyID¶added inv1.38.0
func (sNodeKeySignature) UnverifiedAuthorizingKeyID() (tkatype.KeyID,error)
UnverifiedAuthorizingKeyID returns the KeyID of the key which authorizesthis signature.
SAFETY: The caller MUST verify the signature usingAuthority.NodeKeyAuthorized if treating this as authentic information.
func (NodeKeySignature)UnverifiedWrappingPublic¶added inv1.38.0
func (sNodeKeySignature) UnverifiedWrappingPublic() (pubed25519.PublicKey, okbool)
UnverifiedWrappingPublic returns the public key which must sign asignature which embeds this one, if any.
See docs on NodeKeySignature.WrappingPubkey & SigRotation for documentationabout wrapping public keys.
SAFETY: The caller MUST verify the signature usingAuthority.NodeKeyAuthorized if treating this as authentic information.
typePrevAUMHash¶added inv1.92.0
type PrevAUMHash []byte
PrevAUMHash represents the BLAKE2s digest of an Authority Update Message (AUM).Unlike an AUMHash, this can be empty if there is no previous AUM hash(which occurs in the genesis AUM).
func (PrevAUMHash)String¶added inv1.92.0
func (hPrevAUMHash) String()string
String returns the PrevAUMHash encoded as base32.This is suitable for use as a filename, and for storing in text-preferred media.
typeRotationDetails¶added inv1.68.0
type RotationDetails struct {// PrevNodeKeys is a list of node keys which have been rotated out.PrevNodeKeys []key.NodePublic// InitialSig is the first signature in the chain which led to// this rotating signature.InitialSig *NodeKeySignature}RotationDetails holds additional information about a nodeKeySignatureof kind SigRotation.
typeSigKind¶added inv1.30.0
type SigKinduint8
SigKind describes valid NodeKeySignature types.
const (SigInvalidSigKind =iota// SigDirect describes a signature over a specific node key, signed// by a key in the tailnet key authority referenced by the specified keyID.SigDirect// SigRotation describes a signature over a specific node key, signed// by the rotation key authorized by a nested NodeKeySignature structure.//// While it is possible to nest rotations multiple times up to the CBOR// nesting limit, it is intended that nodes simply regenerate their outer// SigRotation signature and sign it again with their rotation key. That// way, SigRotation nesting should only be 2 deep in the common case.SigRotation// SigCredential describes a signature over a specific public key, signed// by a key in the tailnet key authority referenced by the specified keyID.// In effect, SigCredential delegates the ability to make a signature to// a different public/private key pair.//// It is intended that a different public/private key pair be generated// for each different SigCredential that is created. Implementors must// take care that the private side is only known to the entity that needs// to generate the wrapping SigRotation signature, and it is immediately// discarded after use.//// SigCredential is expected to be nested in a SigRotation signature.SigCredential)
typeSigner¶added inv1.30.0
type Signer interface {// SignAUM returns signatures for the AUM encoded by the given AUMSigHash.SignAUM(tkatype.AUMSigHash) ([]tkatype.Signature,error)}Types implementing Signer can sign update messages.
typeState¶
type State struct {// LastAUMHash is the blake2s digest of the last-applied AUM.// Because AUMs are strictly ordered and form a hash chain, we// check the previous AUM hash in an update we are applying// is the same as the LastAUMHash.LastAUMHash *AUMHash `cbor:"1,keyasint"`// DisablementSecrets are KDF-derived values which can be used// to turn off the TKA in the event of a consensus-breaking bug.DisablementSecrets [][]byte `cbor:"2,keyasint"`// Keys are the public keys of either://// 1. The signing nodes currently trusted by the TKA.// 2. Ephemeral keys that were used to generate pre-signed auth keys.Keys []Key `cbor:"3,keyasint"`// StateID's are nonce's, generated on enablement and fixed for// the lifetime of the Tailnet Key Authority. We generate 16-bytes// worth of keyspace here just in case we come up with a cool future// use for this.StateID1uint64 `cbor:"4,keyasint,omitempty"`StateID2uint64 `cbor:"5,keyasint,omitempty"`}State describes Tailnet Key Authority state at an instant in time.
State is mutated by applying Authority Update Messages (AUMs), resultingin a new State.
typeSyncOffer¶added inv1.30.0
SyncOffer conveys information about the current head & ancestor AUMs,for the purpose of synchronization with some remote end.
Ancestors should contain a subset of the ancestors of the chain.The last entry in that slice is the oldest-known AUM in the chain.
typeUpdateBuilder¶added inv1.30.0
type UpdateBuilder struct {// contains filtered or unexported fields}UpdateBuilder implements a builder for changes to the tailnetkey authority.
Finalize must be called to compute the update messages, whichmust then be applied to all Authority objects using Inform().
func (*UpdateBuilder)AddKey¶added inv1.30.0
func (b *UpdateBuilder) AddKey(keyKey)error
AddKey adds a new key to the authority.
func (*UpdateBuilder)Finalize¶added inv1.30.0
func (b *UpdateBuilder) Finalize(storageChonk) ([]AUM,error)
Finalize returns the set of update message to actuate the update.
func (*UpdateBuilder)RemoveKey¶added inv1.30.0
func (b *UpdateBuilder) RemoveKey(keyIDtkatype.KeyID)error
RemoveKey removes a key from the authority.
func (*UpdateBuilder)SetKeyMeta¶added inv1.30.0
SetKeyMeta updates key-value metadata stored against an existing key.
TODO(tom): Provide an API to update specific values rather than the wholemap.
func (*UpdateBuilder)SetKeyVote¶added inv1.30.0
func (b *UpdateBuilder) SetKeyVote(keyIDtkatype.KeyID, votesuint)error
SetKeyVote updates the number of votes of an existing key.
Source Files