client,cmd/tailscale,ipn,tka,types: implement tka initialization flow

This PR implements the client-side of initializing network-lock with the
Coordination server.

Signed-off-by: Tom DNetto <tom@tailscale.com>

types/key/nl.go

@@ -82,7 +82,7 @@ func (k NLPrivate) KeyID() tkatype.KeyID {
 	return pub[:]
 }
 
-// SignAUM implements tka.UpdateSigner.
+// SignAUM implements tka.Signer.
 func (k NLPrivate) SignAUM(sigHash tkatype.AUMSigHash) ([]tkatype.Signature, error) {
 	return []tkatype.Signature{{
 		KeyID:     k.KeyID(),
@@ -90,6 +90,11 @@ func (k NLPrivate) SignAUM(sigHash tkatype.AUMSigHash) ([]tkatype.Signature, err
 	}}, nil
 }
 
+// SignNKS signs the tka.NodeKeySignature identified by sigHash.
+func (k NLPrivate) SignNKS(sigHash tkatype.NKSSigHash) ([]byte, error) {
+	return ed25519.Sign(ed25519.PrivateKey(k.k[:]), sigHash[:]), nil
+}
+
 // NLPublic is the public portion of a a NLPrivate.
 type NLPublic struct {
 	k [ed25519.PublicKeySize]byte

types/tkatype/tkatype.go

@@ -22,10 +22,17 @@ type KeyID []byte
 // MarshaledSignature represents a marshaled tka.NodeKeySignature.
 type MarshaledSignature []byte
 
+// MarshaledAUM represents a marshaled tka.AUM.
+type MarshaledAUM []byte
+
 // AUMSigHash represents the BLAKE2s digest of an Authority Update
 // Message (AUM), sans any signatures.
 type AUMSigHash [32]byte
 
+// NKSSigHash represents the BLAKE2s digest of a Node-Key Signature (NKS),
+// sans the Signature field if present.
+type NKSSigHash [32]byte
+
 // Signature describes a signature over an AUM, which can be verified
 // using the key referenced by KeyID.
 type Signature struct {

types/tkatype/tkatype_test.go

@@ -14,4 +14,9 @@ func TestSigHashSize(t *testing.T) {
 	if len(sigHash) != blake2s.Size {
 		t.Errorf("AUMSigHash is wrong size: got %d, want %d", len(sigHash), blake2s.Size)
 	}
+
+	var nksHash NKSSigHash
+	if len(nksHash) != blake2s.Size {
+		t.Errorf("NKSSigHash is wrong size: got %d, want %d", len(nksHash), blake2s.Size)
+	}
 }