mirror of https://github.com/tailscale/tailscale/
types/key: add ChallengePublic, ChallengePrivate, NewChallenge
Updates #5972 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>pull/5996/head
Brad Fitzpatrick
2 years ago
committed by
Brad Fitzpatrick
parent
d0b7a44840
commit
18c61afeb9
@ -0,0 +1,78 @@
|
||||
// Copyright (c) 2022 Tailscale Inc & AUTHORS All rights reserved.
|
||||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package key
|
||||
|
||||
import (
|
||||
"errors"
|
||||
|
||||
"tailscale.com/types/structs"
|
||||
)
|
||||
|
||||
const (
|
||||
// chalPublicHexPrefix is the prefix used to identify a
|
||||
// hex-encoded challenge public key.
|
||||
//
|
||||
// This prefix is used in the control protocol, so cannot be
|
||||
// changed.
|
||||
chalPublicHexPrefix = "chalpub:"
|
||||
)
|
||||
|
||||
// ChallengePrivate is a challenge key, used to test whether clients control a
|
||||
// key they want to prove ownership of.
|
||||
//
|
||||
// A ChallengePrivate is ephemeral and not serialized to the disk or network.
|
||||
type ChallengePrivate struct {
|
||||
_ structs.Incomparable // because == isn't constant-time
|
||||
k [32]byte
|
||||
}
|
||||
|
||||
// NewChallenge creates and returns a new node private key.
|
||||
func NewChallenge() ChallengePrivate {
|
||||
return ChallengePrivate(NewNode())
|
||||
}
|
||||
|
||||
// Public returns the ChallengePublic for k.
|
||||
// Panics if ChallengePublic is zero.
|
||||
func (k ChallengePrivate) Public() ChallengePublic {
|
||||
pub := NodePrivate(k).Public()
|
||||
return ChallengePublic(pub)
|
||||
}
|
||||
|
||||
// MarshalText implements encoding.TextMarshaler, but by returning an error.
|
||||
// It shouldn't need to be marshalled anywhere.
|
||||
func (k ChallengePrivate) MarshalText() ([]byte, error) {
|
||||
return nil, errors.New("refusing to marshal")
|
||||
}
|
||||
|
||||
// SealToChallenge is like SealTo, but for a ChallengePublic.
|
||||
func (k NodePrivate) SealToChallenge(p ChallengePublic, cleartext []byte) (ciphertext []byte) {
|
||||
return k.SealTo(NodePublic(p), cleartext)
|
||||
}
|
||||
|
||||
// OpenFrom opens the NaCl box ciphertext, which must be a value
|
||||
// created by NodePrivate.SealToChallenge, and returns the inner cleartext if
|
||||
// ciphertext is a valid box from p to k.
|
||||
func (k ChallengePrivate) OpenFrom(p NodePublic, ciphertext []byte) (cleartext []byte, ok bool) {
|
||||
return NodePrivate(k).OpenFrom(p, ciphertext)
|
||||
}
|
||||
|
||||
// ChallengePublic is the public portion of a ChallengePrivate.
|
||||
type ChallengePublic struct {
|
||||
k [32]byte
|
||||
}
|
||||
|
||||
// String returns the output of MarshalText as a string.
|
||||
func (k ChallengePublic) String() string {
|
||||
bs, err := k.MarshalText()
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
return string(bs)
|
||||
}
|
||||
|
||||
// MarshalText implements encoding.TextMarshaler.
|
||||
func (k ChallengePublic) MarshalText() ([]byte, error) {
|
||||
return toHex(k.k[:], chalPublicHexPrefix), nil
|
||||
}
|
||||
Loading…
Reference in New Issue