| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Define the HardwareAttestionKey interface describing a platform-specific
hardware backed node identity attestation key. Clients will register the
key type implementations for their platform.
Updates tailscale/corp#31269
Signed-off-by: Patrick O'Doherty <patrick@tailscale.com>
|
|
(#16603)
Updates tailscale/corp#30583
Updates tailscale/corp#30534
Updates tailscale/corp#30557
Signed-off-by: Dylan Bargatze <dylan@tailscale.com>
Signed-off-by: Jordan Whited <jordan@tailscale.com>
Co-authored-by: Dylan Bargatze <dylan@tailscale.com>
|
|
Add mesh key support to derpprobe for
probing derpers with verify set to true.
Move MeshKey checking to central point for code reuse.
Fix a bad error fmt msg.
Fixes tailscale/corp#27294
Fixes tailscale/corp#25756
Signed-off-by: Mike O'Driscoll <mikeo@tailscale.com>
|
|
To authenticate mesh keys, the DERP servers used a simple == comparison,
which is susceptible to a side channel timing attack.
By extracting the mesh key for a DERP server, an attacker could DoS it
by forcing disconnects using derp.Client.ClosePeer. They could also
enumerate the public Wireguard keys, IP addresses and ports for nodes
connected to that DERP server.
DERP servers configured without mesh keys deny all such requests.
This patch also extracts the mesh key logic into key.DERPMesh, to
prevent this from happening again.
Security bulletin: https://tailscale.com/security-bulletins#ts-2025-003
Fixes tailscale/corp#28720
Signed-off-by: Simon Law <sfllaw@tailscale.com>
|
|
Fixes tailscale/corp#19442
Signed-off-by: Erisa A <erisa@tailscale.com>
|
|
Updates #cleanup
Change-Id: Ic4304e909d2131a95a38b26911f49e7b1729aaef
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Updates #11058
Change-Id: I35e7ef9b90e83cac04ca93fd964ad00ed5b48430
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
It's unnecessary. Returning an array value is already a copy.
Updates #cleanup
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
Change-Id: If7f350b61003ea08f16a531b7b4e8ae483617939
|
|
Updates #cleanup
Signed-off-by: Joe Tsai <joetsai@digital-static.net>
|
|
This commit implements probing of UDP path lifetime on the tail end of
an active direct connection. Probing configuration has two parts -
Cliffs, which are various timeout cliffs of interest, and
CycleCanStartEvery, which limits how often a probing cycle can start,
per-endpoint. Initially a statically defined default configuration will
be used. The default configuration has cliffs of 10s, 30s, and 60s,
with a CycleCanStartEvery of 24h. Probing results are communicated via
clientmetric counters. Probing is off by default, and can be enabled
via control knob. Probing is purely informational and does not yet
drive any magicsock behaviors.
Updates #540
Signed-off-by: Jordan Whited <jordan@tailscale.com>
|
|
Updates #cleanup
Signed-off-by: James Tucker <james@tailscale.com>
|
|
Updates #cleanup
Change-Id: I34938bca70a95571cc62ce1f76eaab5db8c2c3ef
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
This eventually allows encoding packages that may respect
the proposed encoding.TextAppender interface.
The performance gains from this is between 10-30%.
Updates tailscale/corp#14379
Signed-off-by: Joe Tsai <joetsai@digital-static.net>
|
|
Updates #cleanup
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Updates #7123
Updates #6257 (more to do in other repos)
Change-Id: I073e2a6d81a5d7fbecc29caddb7e057ff65239d0
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
This updates all source files to use a new standard header for copyright
and license declaration. Notably, copyright no longer includes a date,
and we now use the standard SPDX-License-Identifier header.
This commit was done almost entirely mechanically with perl, and then
some minimal manual fixes.
Updates #6865
Signed-off-by: Will Norris <will@tailscale.com>
|
|
Nodes that are expired, taking into account the time delta calculated
from MapResponse.ControlTime have the newly-added Expired boolean set.
For additional defense-in-depth, also replicate what control does and
clear the Endpoints and DERP fields, and additionally set the node key
to a bogus value.
Updates #6932
Signed-off-by: Andrew Dunham <andrew@du.nham.ca>
Change-Id: Ia2bd6b56064416feee28aef5699ca7090940662a
|
|
Signed-off-by: Tom DNetto <tom@tailscale.com>
|
|
This moves the NetworkLock key from a dedicated StateKey to be part of the persist.Persist struct.
This struct is stored as part for ipn.Prefs and is also the place where we store the NodeKey.
It also moves the ChonkDir from "/tka" to "/tka-profile/<profile-id>". The rename was intentional
to be able to delete the "/tka" dir if it exists.
This means that we will have a unique key per profile, and a unique directory per profile.
Note: `tailscale logout` will delete the entire profile, including any keys. It currently does not
delete the ChonkDir.
Signed-off-by: Maisem Ali <maisem@tailscale.com>
|
|
* Fix broken add/remove key commands
* Make lock status display whether the node is signed
Signed-off-by: Tom DNetto <tom@tailscale.com>
|
|
Fixes #5972
Change-Id: Ic33a93d3613ac5dbf172d6a8a459ca06a7f9e547
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Forgot it when adding the Challenge types earlier.
Change-Id: Ie0872c4e6dc25e5d832aa58c7b3f66d450bf6b71
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
This allows direct use of NLPublic with tka.Authority.KeyTrusted() and
similar without using tricks like converting the return value of Verifier.
Signed-off-by: Adrian Dewhurst <adrian@tailscale.com>
|
|
Updates #5972
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
|
|
Signed-off-by: Tom DNetto <tom@tailscale.com>
|
|
This PR implements the client-side of initializing network-lock with the
Coordination server.
Signed-off-by: Tom DNetto <tom@tailscale.com>
|
|
Following the pattern elsewhere, we create a new tka-specific types package for the types
that need to couple between the serialized structure types, and tka.
Signed-off-by: Tom DNetto <tom@tailscale.com>
|
|
Signed-off-by: Maisem Ali <maisem@tailscale.com>
|
|
Signed-off-by: Tom DNetto <tom@tailscale.com>
|
|
- A network-lock key is generated if it doesn't already exist, and stored in the StateStore. The public component is communicated to control during registration.
- If TKA state exists on the filesystem, a tailnet key authority is initialized (but nothing is done with it for now).
Signed-off-by: Tom DNetto <tom@tailscale.com>
|
|
Forgot that I would need that in control. Oops.
Signed-off-by: Tom DNetto <tom@tailscale.com>
|
|
Signed-off-by: Tom DNetto <tom@tailscale.com>
|
|
Updates #5162
Change-Id: Id7bdec303b25471f69d542f8ce43805328d56c12
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Follow-up to cfdb8626738d
Updates tailscale/corp#1709
Change-Id: I7af931a2cb55f9006e1029381663ac21d1794242
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Follow-up to cfdb8626738da.
Change-Id: Iab610d761f1e6d88e8bcb584d9c02cafe48fc377
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
So the control plane can stop doing precomputations on each naclbox
message.
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Needed for an experiment in Control.
Signed-off-by: Tom DNetto <tom@tailscale.com>
|
|
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
Fixes #3206
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
This leaves behind a type alias and associated constructor, to allow
for gradual switchover.
Updates #3206.
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
Updates #3206
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
Updates #3206.
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
Updates #3206
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
Needed for #3206 to remove final uses of key.{Public,Private}.
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
Updates #3206
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
Updates #3206
Signed-off-by: David Anderson <danderson@tailscale.com>
|
