all: update more references to Tailnet/Network Lock
Updates tailscale/corp#37904 Change-Id: I09e73b3248b9ddf86dafe33dfb621bd560f6596d Signed-off-by: Alex Chan <alexc@tailscale.com>
This commit is contained in:
Alex Chan
Alex Chan
+1
-1
@@ -32,7 +32,7 @@ func (k KeyKind) String() string {
|
||||
}
|
||||
}
|
||||
|
||||
// Key describes the public components of a key known to network-lock.
|
||||
// Key describes the public components of a key known to tailnet-lock.
|
||||
type Key struct {
|
||||
Kind KeyKind `cbor:"1,keyasint"`
|
||||
|
||||
|
||||
+3
-3
@@ -178,7 +178,7 @@ func (s NodeKeySignature) UnverifiedAuthorizingKeyID() (tkatype.KeyID, error) {
|
||||
return s.authorizingKeyID()
|
||||
}
|
||||
|
||||
// authorizingKeyID returns the KeyID of the key trusted by network-lock which authorizes
|
||||
// authorizingKeyID returns the KeyID of the key trusted by tailnet-lock which authorizes
|
||||
// this signature.
|
||||
func (s NodeKeySignature) authorizingKeyID() (tkatype.KeyID, error) {
|
||||
switch s.SigKind {
|
||||
@@ -349,14 +349,14 @@ func (s *NodeKeySignature) rotationDetails() (*RotationDetails, error) {
|
||||
|
||||
// ResignNKS re-signs a node-key signature for a new node-key.
|
||||
//
|
||||
// This only matters on network-locked tailnets, because node-key signatures are
|
||||
// This only matters on tailnet-locked tailnets, because node-key signatures are
|
||||
// how other nodes know that a node-key is authentic. When the node-key is
|
||||
// rotated then the existing signature becomes invalid, so this function is
|
||||
// responsible for generating a new wrapping signature to certify the new node-key.
|
||||
//
|
||||
// The signature itself is a SigRotation signature, which embeds the old signature
|
||||
// and certifies the new node-key as a replacement for the old by signing the new
|
||||
// signature with RotationPubkey (which is the node's own network-lock key).
|
||||
// signature with RotationPubkey (which is the node's own tailnet-lock key).
|
||||
func ResignNKS(priv key.NLPrivate, nodeKey key.NodePublic, oldNKS tkatype.MarshaledSignature) (tkatype.MarshaledSignature, error) {
|
||||
var oldSig NodeKeySignature
|
||||
if err := oldSig.Unserialize(oldNKS); err != nil {
|
||||
|
||||
+6
-6
@@ -51,7 +51,7 @@ func TestSigDirect(t *testing.T) {
|
||||
}
|
||||
|
||||
func TestSigNested(t *testing.T) {
|
||||
// Network-lock key (the key used to sign the nested sig)
|
||||
// tailnet-lock key (the key used to sign the nested sig)
|
||||
pub, priv := testingKey25519(t, 1)
|
||||
k := Key{Kind: Key25519, Public: pub, Votes: 2}
|
||||
// Rotation key (the key used to sign the outer sig)
|
||||
@@ -64,7 +64,7 @@ func TestSigNested(t *testing.T) {
|
||||
nodeKeyPub, _ := node.Public().MarshalBinary()
|
||||
|
||||
// The original signature for the old node key, signed by
|
||||
// the network-lock key.
|
||||
// the tailnet-lock key.
|
||||
nestedSig := NodeKeySignature{
|
||||
SigKind: SigDirect,
|
||||
KeyID: k.MustID(),
|
||||
@@ -127,7 +127,7 @@ func TestSigNested(t *testing.T) {
|
||||
}
|
||||
|
||||
func TestSigNested_DeepNesting(t *testing.T) {
|
||||
// Network-lock key (the key used to sign the nested sig)
|
||||
// tailnet-lock key (the key used to sign the nested sig)
|
||||
pub, priv := testingKey25519(t, 1)
|
||||
k := Key{Kind: Key25519, Public: pub, Votes: 2}
|
||||
// Rotation key (the key used to sign the outer sig)
|
||||
@@ -137,7 +137,7 @@ func TestSigNested_DeepNesting(t *testing.T) {
|
||||
oldPub, _ := oldNode.Public().MarshalBinary()
|
||||
|
||||
// The original signature for the old node key, signed by
|
||||
// the network-lock key.
|
||||
// the tailnet-lock key.
|
||||
nestedSig := NodeKeySignature{
|
||||
SigKind: SigDirect,
|
||||
KeyID: k.MustID(),
|
||||
@@ -196,7 +196,7 @@ func TestSigNested_DeepNesting(t *testing.T) {
|
||||
}
|
||||
|
||||
func TestSigCredential(t *testing.T) {
|
||||
// Network-lock key (the key used to sign the nested sig)
|
||||
// tailnet-lock key (the key used to sign the nested sig)
|
||||
pub, priv := testingKey25519(t, 1)
|
||||
k := Key{Kind: Key25519, Public: pub, Votes: 2}
|
||||
// 'credential' key (the one being delegated to)
|
||||
@@ -513,7 +513,7 @@ func TestResignNKS(t *testing.T) {
|
||||
origPub, _ := origNode.Public().MarshalBinary()
|
||||
|
||||
// The original signature for the old node key, signed by
|
||||
// the network-lock key.
|
||||
// the tailnet-lock key.
|
||||
directSig := NodeKeySignature{
|
||||
SigKind: SigDirect,
|
||||
KeyID: authKey.MustID(),
|
||||
|
||||
+1
-1
@@ -567,7 +567,7 @@ func Bootstrap(storage Chonk, bootstrap AUM) (*Authority, error) {
|
||||
// ValidDisablement returns true if the disablement secret was correct.
|
||||
//
|
||||
// If this method returns true, the caller should shut down the authority
|
||||
// and purge all network-lock state.
|
||||
// and purge all tailnet-lock state.
|
||||
func (a *Authority) ValidDisablement(secret []byte) bool {
|
||||
return a.state.checkDisablement(secret)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user