From 8c09ae90322c27d9d506783ef4e1684239e11258 Mon Sep 17 00:00:00 2001 From: Adrian Dewhurst Date: Wed, 26 Oct 2022 15:14:01 -0400 Subject: [PATCH] tka, types/key: add NLPublic.KeyID This allows direct use of NLPublic with tka.Authority.KeyTrusted() and similar without using tricks like converting the return value of Verifier. Signed-off-by: Adrian Dewhurst --- tka/tka_test.go | 38 ++++++++++++++++++++++++++++++++++++++ types/key/nl.go | 5 +++++ 2 files changed, 43 insertions(+) diff --git a/tka/tka_test.go b/tka/tka_test.go index de7d777a7..6685e5d39 100644 --- a/tka/tka_test.go +++ b/tka/tka_test.go @@ -9,6 +9,7 @@ import ( "testing" "github.com/google/go-cmp/cmp" + "tailscale.com/types/key" "tailscale.com/types/tkatype" ) @@ -437,3 +438,40 @@ func TestAuthorityInformLinear(t *testing.T) { t.Fatal("authority did not converge to correct AUM") } } + +func TestInteropWithNLKey(t *testing.T) { + priv1 := key.NewNLPrivate() + pub1 := priv1.Public() + pub2 := key.NewNLPrivate().Public() + pub3 := key.NewNLPrivate().Public() + + a, _, err := Create(&Mem{}, State{ + Keys: []Key{ + { + Kind: Key25519, + Votes: 1, + Public: pub1.KeyID(), + }, + { + Kind: Key25519, + Votes: 1, + Public: pub2.KeyID(), + }, + }, + DisablementSecrets: [][]byte{DisablementKDF([]byte{1, 2, 3})}, + }, priv1) + if err != nil { + t.Errorf("tka.Create: %v", err) + return + } + + if !a.KeyTrusted(pub1.KeyID()) { + t.Error("pub1 want trusted, got untrusted") + } + if !a.KeyTrusted(pub2.KeyID()) { + t.Error("pub2 want trusted, got untrusted") + } + if a.KeyTrusted(pub3.KeyID()) { + t.Error("pub3 want untrusted, got trusted") + } +} diff --git a/types/key/nl.go b/types/key/nl.go index 5bede831b..6eb237ce8 100644 --- a/types/key/nl.go +++ b/types/key/nl.go @@ -125,3 +125,8 @@ func (k NLPublic) IsZero() bool { func (k NLPublic) Equal(other NLPublic) bool { return subtle.ConstantTimeCompare(k.k[:], other.k[:]) == 1 } + +// KeyID returns a tkatype.KeyID that can be used with a tka.Authority. +func (k NLPublic) KeyID() tkatype.KeyID { + return k.k[:] +}