webnet/tailscale
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

tka,types/key: implement direct node-key signatures

Browse Source 
Signed-off-by: Tom DNetto <tom@tailscale.com>
This commit is contained in:
Tom DNetto
2022-07-21 14:45:43 -07:00
committed by Tom
parent c13fab2a67
commit 8cfd775885
5 changed files with 191 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
tka/tka.go
+17
View File
@@ -11,6 +11,8 @@ import (
"fmt"
"os"
"sort"
"github.com/fxamacker/cbor/v2"
)
// Authority is a Tailnet Key Authority. This type is the main coupling
@@ -586,3 +588,18 @@ func (a *Authority) Inform(updates []AUM) error {
a.state = c.state
return nil
}
// VerifySignature returns true if the provided nodeKeySignature is signed
// correctly by a trusted key.
func (a *Authority) VerifySignature(nodeKeySignature []byte) error {
var decoded NodeKeySignature
if err := cbor.Unmarshal(nodeKeySignature, &decoded); err != nil {
return fmt.Errorf("unmarshal: %v", err)
}
key, err := a.state.GetKey(decoded.KeyID)
if err != nil {
return fmt.Errorf("key: %v", err)
}
return decoded.verifySignature(key)
}