aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRasmus Dahlberg <rasmus.dahlberg@kau.se>2020-11-03 10:39:35 +0100
committerRasmus Dahlberg <rasmus.dahlberg@kau.se>2020-11-03 10:39:35 +0100
commite525c41ca9bec1c4772d9cd09904e971868d2daf (patch)
tree6702762163a5263381dc2239bb955598765c7c3c
parentb6659c99aac8044b4ae7fbefc0f4398ca556c265 (diff)
unified ed25519 signing key loading and parsing
-rw-r--r--.type.go.swpbin0 -> 16384 bytes
-rw-r--r--client/add-entry/main.go56
-rw-r--r--x509.go19
3 files changed, 37 insertions, 38 deletions
diff --git a/.type.go.swp b/.type.go.swp
new file mode 100644
index 0000000..9599d98
--- /dev/null
+++ b/.type.go.swp
Binary files differ
diff --git a/client/add-entry/main.go b/client/add-entry/main.go
index 52a9d8b..b4f9f65 100644
--- a/client/add-entry/main.go
+++ b/client/add-entry/main.go
@@ -5,7 +5,6 @@ import (
"flag"
"fmt"
- "crypto/ed25519"
"crypto/x509"
"encoding/base64"
"encoding/json"
@@ -14,6 +13,7 @@ import (
"net/http"
"github.com/golang/glog"
+ "github.com/system-transparency/stfe"
"github.com/system-transparency/stfe/client"
"github.com/system-transparency/stfe/server/descriptor"
)
@@ -71,13 +71,9 @@ func setup() (*client.Client, error) {
return nil, fmt.Errorf("failed loading certificate chain: %v", err)
}
- blob, err = ioutil.ReadFile(*key)
+ k, err := stfe.LoadEd25519SigningKey(*key)
if err != nil {
- return nil, fmt.Errorf("failed reading ed25519 private key: %v", err)
- }
- k, err := parseEd25519PrivateKey(blob)
- if err != nil {
- return nil, fmt.Errorf("failed decoding ed25519 private key: %v", err)
+ return nil, fmt.Errorf("failed loading key: %v", err)
}
blob, err = ioutil.ReadFile(*operators)
@@ -101,29 +97,29 @@ func setup() (*client.Client, error) {
return client.NewClient(log, &http.Client{}, c, &k), nil
}
-func parseEd25519PrivateKey(data []byte) (ed25519.PrivateKey, error) {
- block, rest := pem.Decode(data)
- if block == nil {
- return nil, fmt.Errorf("pem block: is empty")
- }
- if block.Type != "PRIVATE KEY" {
- return nil, fmt.Errorf("bad pem block type: %v", block.Type)
- }
- if len(rest) != 0 {
- return nil, fmt.Errorf("pem block: trailing data")
- }
-
- key, err := x509.ParsePKCS8PrivateKey(block.Bytes)
- if err != nil {
- fmt.Errorf("x509 parser failed: %v", err)
- }
- switch t := key.(type) {
- case ed25519.PrivateKey:
- return key.(ed25519.PrivateKey), nil
- default:
- return nil, fmt.Errorf("unexpected signing key type: %v", t)
- }
-}
+//func parseEd25519PrivateKey(data []byte) (ed25519.PrivateKey, error) {
+// block, rest := pem.Decode(data)
+// if block == nil {
+// return nil, fmt.Errorf("pem block: is empty")
+// }
+// if block.Type != "PRIVATE KEY" {
+// return nil, fmt.Errorf("bad pem block type: %v", block.Type)
+// }
+// if len(rest) != 0 {
+// return nil, fmt.Errorf("pem block: trailing data")
+// }
+//
+// key, err := x509.ParsePKCS8PrivateKey(block.Bytes)
+// if err != nil {
+// fmt.Errorf("x509 parser failed: %v", err)
+// }
+// switch t := key.(type) {
+// case ed25519.PrivateKey:
+// return key.(ed25519.PrivateKey), nil
+// default:
+// return nil, fmt.Errorf("unexpected signing key type: %v", t)
+// }
+//}
func parseChain(rest []byte) ([]*x509.Certificate, error) {
var chain []*x509.Certificate
diff --git a/x509.go b/x509.go
index 46728f2..491c049 100644
--- a/x509.go
+++ b/x509.go
@@ -47,29 +47,32 @@ func LoadTrustAnchors(path string) ([]*x509.Certificate, *x509.CertPool, error)
return anchors, pool, nil
}
+// LoadEd25519SigningKey loads an Ed25519 private key from a given path
func LoadEd25519SigningKey(path string) (ed25519.PrivateKey, error) {
data, err := ioutil.ReadFile(path)
if err != nil {
return nil, fmt.Errorf("failed reading private key: %v", err)
}
+ return ParseEd25519PrivateKey(data)
+}
- var block *pem.Block
- block, data = pem.Decode(data)
+// ParseEd25519PrivateKey parses a PEM-encoded private key block
+func ParseEd25519PrivateKey(data []byte) (ed25519.PrivateKey, error) {
+ block, rest := pem.Decode(data)
if block == nil {
- return nil, fmt.Errorf("private key not loaded")
+ return nil, fmt.Errorf("pem block: is empty")
}
if block.Type != "PRIVATE KEY" {
- return nil, fmt.Errorf("unexpected PEM block type: %s", block.Type)
+ return nil, fmt.Errorf("bad pem block type: %v", block.Type)
}
- if len(data) != 0 {
- return nil, fmt.Errorf("trailing data found after key: %v", data)
+ if len(rest) != 0 {
+ return nil, fmt.Errorf("pem block: trailing data")
}
key, err := x509.ParsePKCS8PrivateKey(block.Bytes)
if err != nil {
- return nil, fmt.Errorf("failed parsing signing key: %v", err)
+ fmt.Errorf("x509 parser failed: %v", err)
}
-
switch t := key.(type) {
case ed25519.PrivateKey:
return key.(ed25519.PrivateKey), nil