From e525c41ca9bec1c4772d9cd09904e971868d2daf Mon Sep 17 00:00:00 2001
From: Rasmus Dahlberg <rasmus.dahlberg@kau.se>
Date: Tue, 3 Nov 2020 10:39:35 +0100
Subject: unified ed25519 signing key loading and parsing

---
 .type.go.swp             | Bin 0 -> 16384 bytes
 client/add-entry/main.go |  56 ++++++++++++++++++++++-------------------------
 x509.go                  |  19 +++++++++-------
 3 files changed, 37 insertions(+), 38 deletions(-)
 create mode 100644 .type.go.swp

diff --git a/.type.go.swp b/.type.go.swp
new file mode 100644
index 0000000..9599d98
Binary files /dev/null and b/.type.go.swp differ
diff --git a/client/add-entry/main.go b/client/add-entry/main.go
index 52a9d8b..b4f9f65 100644
--- a/client/add-entry/main.go
+++ b/client/add-entry/main.go
@@ -5,7 +5,6 @@ import (
 	"flag"
 	"fmt"
 
-	"crypto/ed25519"
 	"crypto/x509"
 	"encoding/base64"
 	"encoding/json"
@@ -14,6 +13,7 @@ import (
 	"net/http"
 
 	"github.com/golang/glog"
+	"github.com/system-transparency/stfe"
 	"github.com/system-transparency/stfe/client"
 	"github.com/system-transparency/stfe/server/descriptor"
 )
@@ -71,13 +71,9 @@ func setup() (*client.Client, error) {
 		return nil, fmt.Errorf("failed loading certificate chain: %v", err)
 	}
 
-	blob, err = ioutil.ReadFile(*key)
+	k, err := stfe.LoadEd25519SigningKey(*key)
 	if err != nil {
-		return nil, fmt.Errorf("failed reading ed25519 private key: %v", err)
-	}
-	k, err := parseEd25519PrivateKey(blob)
-	if err != nil {
-		return nil, fmt.Errorf("failed decoding ed25519 private key: %v", err)
+		return nil, fmt.Errorf("failed loading key: %v", err)
 	}
 
 	blob, err = ioutil.ReadFile(*operators)
@@ -101,29 +97,29 @@ func setup() (*client.Client, error) {
 	return client.NewClient(log, &http.Client{}, c, &k), nil
 }
 
-func parseEd25519PrivateKey(data []byte) (ed25519.PrivateKey, error) {
-	block, rest := pem.Decode(data)
-	if block == nil {
-		return nil, fmt.Errorf("pem block: is empty")
-	}
-	if block.Type != "PRIVATE KEY" {
-		return nil, fmt.Errorf("bad pem block type: %v", block.Type)
-	}
-	if len(rest) != 0 {
-		return nil, fmt.Errorf("pem block: trailing data")
-	}
-
-	key, err := x509.ParsePKCS8PrivateKey(block.Bytes)
-	if err != nil {
-		fmt.Errorf("x509 parser failed: %v", err)
-	}
-	switch t := key.(type) {
-	case ed25519.PrivateKey:
-		return key.(ed25519.PrivateKey), nil
-	default:
-		return nil, fmt.Errorf("unexpected signing key type: %v", t)
-	}
-}
+//func parseEd25519PrivateKey(data []byte) (ed25519.PrivateKey, error) {
+//	block, rest := pem.Decode(data)
+//	if block == nil {
+//		return nil, fmt.Errorf("pem block: is empty")
+//	}
+//	if block.Type != "PRIVATE KEY" {
+//		return nil, fmt.Errorf("bad pem block type: %v", block.Type)
+//	}
+//	if len(rest) != 0 {
+//		return nil, fmt.Errorf("pem block: trailing data")
+//	}
+//
+//	key, err := x509.ParsePKCS8PrivateKey(block.Bytes)
+//	if err != nil {
+//		fmt.Errorf("x509 parser failed: %v", err)
+//	}
+//	switch t := key.(type) {
+//	case ed25519.PrivateKey:
+//		return key.(ed25519.PrivateKey), nil
+//	default:
+//		return nil, fmt.Errorf("unexpected signing key type: %v", t)
+//	}
+//}
 
 func parseChain(rest []byte) ([]*x509.Certificate, error) {
 	var chain []*x509.Certificate
diff --git a/x509.go b/x509.go
index 46728f2..491c049 100644
--- a/x509.go
+++ b/x509.go
@@ -47,29 +47,32 @@ func LoadTrustAnchors(path string) ([]*x509.Certificate, *x509.CertPool, error)
 	return anchors, pool, nil
 }
 
+// LoadEd25519SigningKey loads an Ed25519 private key from a given path
 func LoadEd25519SigningKey(path string) (ed25519.PrivateKey, error) {
 	data, err := ioutil.ReadFile(path)
 	if err != nil {
 		return nil, fmt.Errorf("failed reading private key: %v", err)
 	}
+	return ParseEd25519PrivateKey(data)
+}
 
-	var block *pem.Block
-	block, data = pem.Decode(data)
+// ParseEd25519PrivateKey parses a PEM-encoded private key block
+func ParseEd25519PrivateKey(data []byte) (ed25519.PrivateKey, error) {
+	block, rest := pem.Decode(data)
 	if block == nil {
-		return nil, fmt.Errorf("private key not loaded")
+		return nil, fmt.Errorf("pem block: is empty")
 	}
 	if block.Type != "PRIVATE KEY" {
-		return nil, fmt.Errorf("unexpected PEM block type: %s", block.Type)
+		return nil, fmt.Errorf("bad pem block type: %v", block.Type)
 	}
-	if len(data) != 0 {
-		return nil, fmt.Errorf("trailing data found after key: %v", data)
+	if len(rest) != 0 {
+		return nil, fmt.Errorf("pem block: trailing data")
 	}
 
 	key, err := x509.ParsePKCS8PrivateKey(block.Bytes)
 	if err != nil {
-		return nil, fmt.Errorf("failed parsing signing key: %v", err)
+		fmt.Errorf("x509 parser failed: %v", err)
 	}
-
 	switch t := key.(type) {
 	case ed25519.PrivateKey:
 		return key.(ed25519.PrivateKey), nil
-- 
cgit v1.2.3