Commit Graph

8 Commits (b76dffa594ebe4c3399b37a4d7e3b7ef06e76f20)

Author SHA1 Message Date
Tom DNetto 907f85cd67 cmd/tailscale,tka: make KeyID return an error instead of panicking
Signed-off-by: Tom DNetto <tom@tailscale.com>
2 years ago
Tom DNetto e8a11f6181 tka: make rotation signatures use nested keyID
Duplicating this at each layer doesnt make any sense, and is another
invariant where things could go wrong.

Signed-off-by: Tom DNetto <tom@tailscale.com>
2 years ago
Tom DNetto e9b98dd2e1 control/controlclient,ipn/ipnlocal: wire tka enable/disable
Signed-off-by: Tom DNetto <tom@tailscale.com>
2 years ago
Tom DNetto be95aebabd tka: implement credential signatures (key material delegation)
This will be needed to support preauth-keys with network lock in the future,
so getting the core mechanics out of the way now.

Signed-off-by: Tom DNetto <tom@tailscale.com>
2 years ago
Tom DNetto a78f8fa701 tka: support rotating node-keys in node-key signatures
Signed-off-by: Tom DNetto <tom@tailscale.com>
2 years ago
Tom DNetto facafd8819 client,cmd/tailscale,ipn,tka,types: implement tka initialization flow
This PR implements the client-side of initializing network-lock with the
Coordination server.

Signed-off-by: Tom DNetto <tom@tailscale.com>
2 years ago
Tom DNetto 06eac9bbff tka: Use strict decoding settings, implement Unserialize()
Signed-off-by: Tom DNetto <tom@tailscale.com>
2 years ago
Tom DNetto 8cfd775885 tka,types/key: implement direct node-key signatures
Signed-off-by: Tom DNetto <tom@tailscale.com>
2 years ago