From 105dfa1efaee74533c92719a23ce8c0d32a3b099 Mon Sep 17 00:00:00 2001 From: Brad Fitzpatrick Date: Sat, 5 Mar 2022 20:43:49 -0800 Subject: [PATCH] tailcfg: add OverTLSPublicKeyResponse for the new response from /key Updates #3488 Change-Id: I8729cb3fb7f6dda1a874f8ae2d9570311ed158db Signed-off-by: Brad Fitzpatrick --- tailcfg/tailcfg.go | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/tailcfg/tailcfg.go b/tailcfg/tailcfg.go index aa4d14191..939a28142 100644 --- a/tailcfg/tailcfg.go +++ b/tailcfg/tailcfg.go @@ -1596,3 +1596,27 @@ type SSHAction struct { // value. HoldAndDelegate string `json:"holdAndDelegate,omitempty"` } + +// OverTLSPublicKeyResponse is the JSON response to /key?v= +// over HTTPS (regular TLS) to the Tailscale control plane server, +// where the 'v' argument is the client's current capability version +// (previously known as the "MapRequest version"). +// +// The "OverTLS" prefix is to loudly declare that this exchange +// doesn't happen over Noise and can be intercepted/MITM'ed by +// enterprise/corp proxies where the orgnanization can put TLS roots +// on devices. +type OverTLSPublicKeyResponse struct { + // LegacyPublic specifies the control plane server's original + // NaCl crypto_box machine key. + // It will be zero for sufficiently new clients, based on their + // advertised "v" parameter (the CurrentMapRequestVersion). + // In that case, only the newer Noise-based transport may be used + // using the PublicKey field. + LegacyPublicKey key.MachinePublic `json:"legacyPublicKey"` + + // PublicKey specifies the server's public key for the + // Noise-based control plane protocol. (see packages + // control/controlbase and control/controlhttp) + PublicKey key.MachinePublic `json:"publicKey"` +}