tka, types/key: add NLPublic.KeyID

This allows direct use of NLPublic with tka.Authority.KeyTrusted() and
similar without using tricks like converting the return value of Verifier.

Signed-off-by: Adrian Dewhurst <adrian@tailscale.com>

tka/tka_test.go

@@ -9,6 +9,7 @@
 	"testing"
 
 	"github.com/google/go-cmp/cmp"
+	"tailscale.com/types/key"
 	"tailscale.com/types/tkatype"
 )
 
@@ -437,3 +438,40 @@ func TestAuthorityInformLinear(t *testing.T) {
 		t.Fatal("authority did not converge to correct AUM")
 	}
 }
+
+func TestInteropWithNLKey(t *testing.T) {
+	priv1 := key.NewNLPrivate()
+	pub1 := priv1.Public()
+	pub2 := key.NewNLPrivate().Public()
+	pub3 := key.NewNLPrivate().Public()
+
+	a, _, err := Create(&Mem{}, State{
+		Keys: []Key{
+			{
+				Kind:   Key25519,
+				Votes:  1,
+				Public: pub1.KeyID(),
+			},
+			{
+				Kind:   Key25519,
+				Votes:  1,
+				Public: pub2.KeyID(),
+			},
+		},
+		DisablementSecrets: [][]byte{DisablementKDF([]byte{1, 2, 3})},
+	}, priv1)
+	if err != nil {
+		t.Errorf("tka.Create: %v", err)
+		return
+	}
+
+	if !a.KeyTrusted(pub1.KeyID()) {
+		t.Error("pub1 want trusted, got untrusted")
+	}
+	if !a.KeyTrusted(pub2.KeyID()) {
+		t.Error("pub2 want trusted, got untrusted")
+	}
+	if a.KeyTrusted(pub3.KeyID()) {
+		t.Error("pub3 want untrusted, got trusted")
+	}
+}

types/key/nl.go

@@ -125,3 +125,8 @@ func (k NLPublic) IsZero() bool {
 func (k NLPublic) Equal(other NLPublic) bool {
 	return subtle.ConstantTimeCompare(k.k[:], other.k[:]) == 1
 }
+
+// KeyID returns a tkatype.KeyID that can be used with a tka.Authority.
+func (k NLPublic) KeyID() tkatype.KeyID {
+	return k.k[:]
+}