disco,types,wgengine: implement Knock,KnockReply disco messagestom/disco

EXTREME WIP, DO NOT SUBMIT Updates #1227
author: Tom DNetto <tom@tailscale.com> 2023-06-21 14:57:15 -0700
committer: Tom DNetto <tom@tailscale.com> 2023-06-21 14:57:15 -0700
commit: f205d232331579102ae22ff2eab727c6d7e42aba (patch)
tree: b8a4851a4435777a20eb4aee0215adf581547cfa /types/key
parent: c783f28228edcf15c22dc6a933bf96c2e7ae8895 (diff)
download: tailscale-tom/disco.tar.xz
tailscale-tom/disco.zip
1 files changed, 20 insertions, 0 deletions
diff --git a/types/key/node.go b/types/key/node.go
index a84057231..8d7b99d59 100644
--- a/types/key/node.go
+++ b/types/key/node.go
@@ -142,6 +142,26 @@ func (k NodePrivate) OpenFrom(p NodePublic, ciphertext []byte) (cleartext []byte
 	return box.Open(nil, ciphertext[len(nonce):], nonce, &p.k, &k.k)
 }
 
+// SealAnonymous seals the cleartext to the node key k.
+func (k NodePublic) SealAnonymous(cleartext []byte) (ciphertext []byte, err error) {
+	if k.IsZero() {
+		panic("can't seal with zero keys")
+	}
+	return box.SealAnonymous(nil, cleartext, &k.k, nil)
+}
+
+// OpenAnonymous opens the anonymous NaCl box ciphertext, which must be a value
+// created by SealAnonymous, and returns the inner cleartext if ciphertext is
+// a valid box to k.
+func (k NodePrivate) OpenAnonymous(ciphertext []byte) (cleartext []byte, ok bool) {
+	if k.IsZero() {
+		panic("can't open with zero keys")
+	}
+
+	p := k.Public()
+	return box.OpenAnonymous(nil, ciphertext, &p.k, &k.k)
+}
+
 func (k NodePrivate) UntypedHexString() string {
 	return hex.EncodeToString(k.k[:])
 }
author	Tom DNetto <tom@tailscale.com>	2023-06-21 14:57:15 -0700
committer	Tom DNetto <tom@tailscale.com>	2023-06-21 14:57:15 -0700
commit	f205d232331579102ae22ff2eab727c6d7e42aba (patch)
tree	b8a4851a4435777a20eb4aee0215adf581547cfa /types/key
parent	c783f28228edcf15c22dc6a933bf96c2e7ae8895 (diff)
download	tailscale-tom/disco.tar.xz tailscale-tom/disco.zip