Affected by GO-2022-1119 and 1 other vulnerabilities

GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

key

package

v1.16.2 Latest Latest Go to latest Published: Oct 29, 2021 License: BSD-3-Clause Imports: 12 Imported by: 152

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/tailscale/tailscale

Links

Open Source Insights

Documentation ¶

Overview ¶

Package key defines some types for the various keys Tailscale uses.

Index ¶

type ControlPrivatedeprecated
- func NewControl() ControlPrivate
type MachinePrivate
- func NewMachine() MachinePrivate
type MachinePublic
- func ParseMachinePublicUntyped(raw mem.RO) (MachinePublic, error)deprecated
type Privatedeprecated
- func NewPrivate() Private
type Publicdeprecated
- func NewPublicFromHexMem(m mem.RO) (Public, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type ControlPrivate deprecated added in v1.16.0

type ControlPrivate struct {
	// contains filtered or unexported fields
}

ControlPrivate is a Tailscale control plane private key.

It is functionally equivalent to a MachinePrivate, but serializes to JSON as a byte array rather than a typed string, because our control plane database stores the key that way.

Deprecated: this type should only be used in Tailscale's control plane, where existing database serializations require this less-good serialization format to persist. Other control plane implementations can use MachinePrivate with no downsides.

func NewControl ¶ added in v1.16.0

func NewControl() ControlPrivate

NewControl generates and returns a new control plane private key.

func (ControlPrivate) IsZero ¶ added in v1.16.0

func (k ControlPrivate) IsZero() bool

IsZero reports whether k is the zero value.

func (ControlPrivate) MarshalJSON ¶ added in v1.16.0

func (k ControlPrivate) MarshalJSON() ([]byte, error)

MarshalJSON implements json.Marshaler.

func (ControlPrivate) OpenFrom ¶ added in v1.16.0

func (k ControlPrivate) OpenFrom(p MachinePublic, ciphertext []byte) (cleartext []byte, ok bool)

OpenFrom opens the NaCl box ciphertext, which must be a value created by SealTo, and returns the inner cleartext if ciphertext is a valid box from p to k.

func (ControlPrivate) Public ¶ added in v1.16.0

func (k ControlPrivate) Public() MachinePublic

Public returns the MachinePublic for k. Panics if ControlPrivate is zero.

func (ControlPrivate) SealTo ¶ added in v1.16.0

func (k ControlPrivate) SealTo(p MachinePublic, cleartext []byte) (ciphertext []byte)

SealTo wraps cleartext into a NaCl box (see golang.org/x/crypto/nacl) to p, authenticated from k, using a random nonce.

The returned ciphertext is a 24-byte nonce concatenated with the box value.

func (*ControlPrivate) UnmarshalJSON ¶ added in v1.16.0

func (k *ControlPrivate) UnmarshalJSON(bs []byte) error

UnmarshalJSON implements json.Unmarshaler.

type MachinePrivate ¶ added in v1.16.0

type MachinePrivate struct {
	// contains filtered or unexported fields
}

MachinePrivate is a machine key, used for communication with the Tailscale coordination server.

func NewMachine ¶ added in v1.16.0

func NewMachine() MachinePrivate

NewMachine creates and returns a new machine private key.

func (MachinePrivate) Equal ¶ added in v1.16.0

func (k MachinePrivate) Equal(other MachinePrivate) bool

Equal reports whether k and other are the same key.

func (MachinePrivate) IsZero ¶ added in v1.16.0

func (k MachinePrivate) IsZero() bool

IsZero reports whether k is the zero value.

func (MachinePrivate) MarshalText ¶ added in v1.16.0

func (k MachinePrivate) MarshalText() ([]byte, error)

MarshalText implements encoding.TextMarshaler.

func (MachinePrivate) OpenFrom ¶ added in v1.16.0

func (k MachinePrivate) OpenFrom(p MachinePublic, ciphertext []byte) (cleartext []byte, ok bool)

OpenFrom opens the NaCl box ciphertext, which must be a value created by SealTo, and returns the inner cleartext if ciphertext is a valid box from p to k.

func (MachinePrivate) Public ¶ added in v1.16.0

func (k MachinePrivate) Public() MachinePublic

Public returns the MachinePublic for k. Panics if MachinePrivate is zero.

func (MachinePrivate) SealTo ¶ added in v1.16.0

func (k MachinePrivate) SealTo(p MachinePublic, cleartext []byte) (ciphertext []byte)

SealTo wraps cleartext into a NaCl box (see golang.org/x/crypto/nacl) to p, authenticated from k, using a random nonce.

The returned ciphertext is a 24-byte nonce concatenated with the box value.

func (*MachinePrivate) UnmarshalText ¶ added in v1.16.0

func (k *MachinePrivate) UnmarshalText(b []byte) error

MarshalText implements encoding.TextUnmarshaler.

type MachinePublic ¶ added in v1.16.0

type MachinePublic struct {
	// contains filtered or unexported fields
}

MachinePublic is the public portion of a a MachinePrivate.

func ParseMachinePublicUntyped deprecated added in v1.16.0

func ParseMachinePublicUntyped(raw mem.RO) (MachinePublic, error)

ParseMachinePublicUntyped parses an untyped 64-character hex value as a MachinePublic.

Deprecated: this function is risky to use, because it cannot verify that the hex string was intended to be a MachinePublic. This can lead to accidentally decoding one type of key as another. For new uses that don't require backwards compatibility with the untyped string format, please use MarshalText/UnmarshalText.

func (MachinePublic) IsZero ¶ added in v1.16.0

func (k MachinePublic) IsZero() bool

IsZero reports whether k is the zero value.

func (MachinePublic) MarshalText ¶ added in v1.16.0

func (k MachinePublic) MarshalText() ([]byte, error)

MarshalText implements encoding.TextMarshaler.

func (MachinePublic) ShortString ¶ added in v1.16.0

func (k MachinePublic) ShortString() string

ShortString returns the Tailscale conventional debug representation of a public key: the first five base64 digits of the key, in square brackets.

func (MachinePublic) String ¶ added in v1.16.0

func (k MachinePublic) String() string

String returns the output of MarshalText as a string.

func (*MachinePublic) UnmarshalText ¶ added in v1.16.0

func (k *MachinePublic) UnmarshalText(b []byte) error

MarshalText implements encoding.TextUnmarshaler.

func (MachinePublic) UntypedHexString deprecated added in v1.16.0

func (k MachinePublic) UntypedHexString() string

UntypedHexString returns k, encoded as an untyped 64-character hex string.

Deprecated: this function is risky to use, because it produces serialized values that do not identify themselves as a MachinePublic, allowing other code to potentially parse it back in as the wrong key type. For new uses that don't require backwards compatibility with the untyped string format, please use MarshalText/UnmarshalText.

type Private deprecated

type Private [32]byte

Private represents a curve25519 private key of unspecified purpose.

Deprecated: this key type has been used for several different keypairs, which are used in different protocols. This makes it easy to accidentally use the wrong key for a particular purpose, because the type system doesn't protect you. Please define dedicated key types for each purpose (e.g. communication with control, disco, wireguard...) instead, even if they are a Curve25519 value under the hood.

func NewPrivate ¶ added in v0.100.0

func NewPrivate() Private

NewPrivate returns a new private key.

func (Private) B32 ¶

func (k Private) B32() *[32]byte

B32 returns k as the *[32]byte type that's used by the golang.org/x/crypto packages. This allocates; it might not be appropriate for performance-sensitive paths.

func (Private) IsZero ¶

func (p Private) IsZero() bool

Private reports whether p is the zero value.

func (Private) Public ¶

func (k Private) Public() Public

func (Private) SharedSecret ¶ added in v1.4.0

func (k Private) SharedSecret(pub Public) (ss [32]byte)

type Public deprecated

type Public [32]byte

Public represents a curve25519 public key.

Deprecated: this key type has been used for several different keypairs, which are used in different protocols. This makes it easy to accidentally use the wrong key for a particular purpose, because the type system doesn't protect you. Please define dedicated key types for each purpose (e.g. communication with control, disco, wireguard...) instead, even if they are a Curve25519 value under the hood.

func NewPublicFromHexMem ¶ added in v0.98.0

func NewPublicFromHexMem(m mem.RO) (Public, error)

NewPublicFromHexMem parses a public key in its hex form, given in m. The provided m must be exactly 64 bytes in length.

func (Public) B32 ¶

func (k Public) B32() *[32]byte

B32 returns k as the *[32]byte type that's used by the golang.org/x/crypto packages. This allocates; it might not be appropriate for performance-sensitive paths.

func (Public) IsZero ¶

func (p Public) IsZero() bool

Public reports whether p is the zero value.

func (Public) MarshalText ¶ added in v0.98.0

func (p Public) MarshalText() ([]byte, error)

func (Public) ShortString ¶ added in v0.98.0

func (p Public) ShortString() string

ShortString returns the Tailscale conventional debug representation of a public key: the first five base64 digits of the key, in square brackets.

func (*Public) UnmarshalText ¶ added in v0.98.0

func (p *Public) UnmarshalText(txt []byte) error

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL