From e525c41ca9bec1c4772d9cd09904e971868d2daf Mon Sep 17 00:00:00 2001 From: Rasmus Dahlberg Date: Tue, 3 Nov 2020 10:39:35 +0100 Subject: unified ed25519 signing key loading and parsing --- .type.go.swp | Bin 0 -> 16384 bytes client/add-entry/main.go | 56 ++++++++++++++++++++++------------------------- x509.go | 19 +++++++++------- 3 files changed, 37 insertions(+), 38 deletions(-) create mode 100644 .type.go.swp diff --git a/.type.go.swp b/.type.go.swp new file mode 100644 index 0000000..9599d98 Binary files /dev/null and b/.type.go.swp differ diff --git a/client/add-entry/main.go b/client/add-entry/main.go index 52a9d8b..b4f9f65 100644 --- a/client/add-entry/main.go +++ b/client/add-entry/main.go @@ -5,7 +5,6 @@ import ( "flag" "fmt" - "crypto/ed25519" "crypto/x509" "encoding/base64" "encoding/json" @@ -14,6 +13,7 @@ import ( "net/http" "github.com/golang/glog" + "github.com/system-transparency/stfe" "github.com/system-transparency/stfe/client" "github.com/system-transparency/stfe/server/descriptor" ) @@ -71,13 +71,9 @@ func setup() (*client.Client, error) { return nil, fmt.Errorf("failed loading certificate chain: %v", err) } - blob, err = ioutil.ReadFile(*key) + k, err := stfe.LoadEd25519SigningKey(*key) if err != nil { - return nil, fmt.Errorf("failed reading ed25519 private key: %v", err) - } - k, err := parseEd25519PrivateKey(blob) - if err != nil { - return nil, fmt.Errorf("failed decoding ed25519 private key: %v", err) + return nil, fmt.Errorf("failed loading key: %v", err) } blob, err = ioutil.ReadFile(*operators) @@ -101,29 +97,29 @@ func setup() (*client.Client, error) { return client.NewClient(log, &http.Client{}, c, &k), nil } -func parseEd25519PrivateKey(data []byte) (ed25519.PrivateKey, error) { - block, rest := pem.Decode(data) - if block == nil { - return nil, fmt.Errorf("pem block: is empty") - } - if block.Type != "PRIVATE KEY" { - return nil, fmt.Errorf("bad pem block type: %v", block.Type) - } - if len(rest) != 0 { - return nil, fmt.Errorf("pem block: trailing data") - } - - key, err := x509.ParsePKCS8PrivateKey(block.Bytes) - if err != nil { - fmt.Errorf("x509 parser failed: %v", err) - } - switch t := key.(type) { - case ed25519.PrivateKey: - return key.(ed25519.PrivateKey), nil - default: - return nil, fmt.Errorf("unexpected signing key type: %v", t) - } -} +//func parseEd25519PrivateKey(data []byte) (ed25519.PrivateKey, error) { +// block, rest := pem.Decode(data) +// if block == nil { +// return nil, fmt.Errorf("pem block: is empty") +// } +// if block.Type != "PRIVATE KEY" { +// return nil, fmt.Errorf("bad pem block type: %v", block.Type) +// } +// if len(rest) != 0 { +// return nil, fmt.Errorf("pem block: trailing data") +// } +// +// key, err := x509.ParsePKCS8PrivateKey(block.Bytes) +// if err != nil { +// fmt.Errorf("x509 parser failed: %v", err) +// } +// switch t := key.(type) { +// case ed25519.PrivateKey: +// return key.(ed25519.PrivateKey), nil +// default: +// return nil, fmt.Errorf("unexpected signing key type: %v", t) +// } +//} func parseChain(rest []byte) ([]*x509.Certificate, error) { var chain []*x509.Certificate diff --git a/x509.go b/x509.go index 46728f2..491c049 100644 --- a/x509.go +++ b/x509.go @@ -47,29 +47,32 @@ func LoadTrustAnchors(path string) ([]*x509.Certificate, *x509.CertPool, error) return anchors, pool, nil } +// LoadEd25519SigningKey loads an Ed25519 private key from a given path func LoadEd25519SigningKey(path string) (ed25519.PrivateKey, error) { data, err := ioutil.ReadFile(path) if err != nil { return nil, fmt.Errorf("failed reading private key: %v", err) } + return ParseEd25519PrivateKey(data) +} - var block *pem.Block - block, data = pem.Decode(data) +// ParseEd25519PrivateKey parses a PEM-encoded private key block +func ParseEd25519PrivateKey(data []byte) (ed25519.PrivateKey, error) { + block, rest := pem.Decode(data) if block == nil { - return nil, fmt.Errorf("private key not loaded") + return nil, fmt.Errorf("pem block: is empty") } if block.Type != "PRIVATE KEY" { - return nil, fmt.Errorf("unexpected PEM block type: %s", block.Type) + return nil, fmt.Errorf("bad pem block type: %v", block.Type) } - if len(data) != 0 { - return nil, fmt.Errorf("trailing data found after key: %v", data) + if len(rest) != 0 { + return nil, fmt.Errorf("pem block: trailing data") } key, err := x509.ParsePKCS8PrivateKey(block.Bytes) if err != nil { - return nil, fmt.Errorf("failed parsing signing key: %v", err) + fmt.Errorf("x509 parser failed: %v", err) } - switch t := key.(type) { case ed25519.PrivateKey: return key.(ed25519.PrivateKey), nil -- cgit v1.2.3