Home Explore Help
Sign In
Tailscale
/
tailscale
mirror of https://github.com/tailscale/tailscale.git
2
0
Fork 0
Files Issues 0 Wiki
Tree: 61dd2662ec
Branches Tags
tailscale
/
types
/
key
/
control.go

control.go 2.2 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768 
  1. // Copyright (c) Tailscale Inc & AUTHORS
    2. 

  2. // SPDX-License-Identifier: BSD-3-Clause
    3. 

  3. 

  4. package key
    5. 

  5. 

  6. import "encoding/json"
    7. 

  7. 

  8. // ControlPrivate is a Tailscale control plane private key.
    9. 

  9. //
    10. 

  10. // It is functionally equivalent to a MachinePrivate, but serializes
    11. 

  11. // to JSON as a byte array rather than a typed string, because our
    12. 

  12. // control plane database stores the key that way.
    13. 

  13. //
    14. 

  14. // Deprecated: this type should only be used in Tailscale's control
    15. 

  15. // plane, where existing database serializations require this
    16. 

  16. // less-good serialization format to persist. Other control plane
    17. 

  17. // implementations can use MachinePrivate with no downsides.
    18. 

  18. type ControlPrivate struct {
    19. 

  19. 	mkey MachinePrivate // unexported so we can limit the API surface to only exactly what we need
    20. 

  20. }
    21. 

  21. 

  22. // NewControl generates and returns a new control plane private key.
    23. 

  23. func NewControl() ControlPrivate {
    24. 

  24. 	return ControlPrivate{NewMachine()}
    25. 

  25. }
    26. 

  26. 

  27. // IsZero reports whether k is the zero value.
    28. 

  28. func (k ControlPrivate) IsZero() bool {
    29. 

  29. 	return k.mkey.IsZero()
    30. 

  30. }
    31. 

  31. 

  32. // Public returns the MachinePublic for k.
    33. 

  33. // Panics if ControlPrivate is zero.
    34. 

  34. func (k ControlPrivate) Public() MachinePublic {
    35. 

  35. 	return k.mkey.Public()
    36. 

  36. }
    37. 

  37. 

  38. // MarshalJSON implements json.Marshaler.
    39. 

  39. func (k ControlPrivate) MarshalJSON() ([]byte, error) {
    40. 

  40. 	return json.Marshal(k.mkey.k)
    41. 

  41. }
    42. 

  42. 

  43. // UnmarshalJSON implements json.Unmarshaler.
    44. 

  44. func (k *ControlPrivate) UnmarshalJSON(bs []byte) error {
    45. 

  45. 	return json.Unmarshal(bs, &k.mkey.k)
    46. 

  46. }
    47. 

  47. 

  48. // SealTo wraps cleartext into a NaCl box (see
    49. 

  49. // golang.org/x/crypto/nacl) to p, authenticated from k, using a
    50. 

  50. // random nonce.
    51. 

  51. //
    52. 

  52. // The returned ciphertext is a 24-byte nonce concatenated with the
    53. 

  53. // box value.
    54. 

  54. func (k ControlPrivate) SealTo(p MachinePublic, cleartext []byte) (ciphertext []byte) {
    55. 

  55. 	return k.mkey.SealTo(p, cleartext)
    56. 

  56. }
    57. 

  57. 

  58. // SharedKey returns the precomputed Nacl box shared key between k and p.
    59. 

  59. func (k ControlPrivate) SharedKey(p MachinePublic) MachinePrecomputedSharedKey {
    60. 

  60. 	return k.mkey.SharedKey(p)
    61. 

  61. }
    62. 

  62. 

  63. // OpenFrom opens the NaCl box ciphertext, which must be a value
    64. 

  64. // created by SealTo, and returns the inner cleartext if ciphertext is
    65. 

  65. // a valid box from p to k.
    66. 

  66. func (k ControlPrivate) OpenFrom(p MachinePublic, ciphertext []byte) (cleartext []byte, ok bool) {
    67. 

  67. 	return k.mkey.OpenFrom(p, ciphertext)
    68. 

  68. }
    69.