From c1c986922b1efa5daa27dd2d8ff83ad4cd8fe794 Mon Sep 17 00:00:00 2001
From: Mariano Cano <mariano.cano@gmail.com>
Date: Thu, 6 May 2021 18:09:40 -0700
Subject: [PATCH 1/2] Show Ed25519 in the public-key log field.

---
 api/api.go      | 4 +++-
 api/api_test.go | 6 ++++++
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/api/api.go b/api/api.go
index 2ae6e6e8..6a0a7e8f 100644
--- a/api/api.go
+++ b/api/api.go
@@ -5,6 +5,7 @@ import (
 	"crypto"
 	"crypto/dsa" //nolint
 	"crypto/ecdsa"
+	"crypto/ed25519"
 	"crypto/rsa"
 	"crypto/x509"
 	"encoding/asn1"
@@ -437,7 +438,6 @@ func parseCursor(r *http.Request) (cursor string, limit int, err error) {
 	return
 }
 
-// TODO: add support for Ed25519 once it's supported
 func fmtPublicKey(cert *x509.Certificate) string {
 	var params string
 	switch pk := cert.PublicKey.(type) {
@@ -445,6 +445,8 @@ func fmtPublicKey(cert *x509.Certificate) string {
 		params = pk.Curve.Params().Name
 	case *rsa.PublicKey:
 		params = strconv.Itoa(pk.Size() * 8)
+	case ed25519.PublicKey:
+		return cert.PublicKeyAlgorithm.String()
 	case *dsa.PublicKey:
 		params = strconv.Itoa(pk.Q.BitLen() * 8)
 	default:
diff --git a/api/api_test.go b/api/api_test.go
index 944927ff..62ef7740 100644
--- a/api/api_test.go
+++ b/api/api_test.go
@@ -6,6 +6,7 @@ import (
 	"crypto"
 	"crypto/dsa" //nolint
 	"crypto/ecdsa"
+	"crypto/ed25519"
 	"crypto/elliptic"
 	"crypto/rand"
 	"crypto/rsa"
@@ -1285,6 +1286,10 @@ func Test_fmtPublicKey(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
+	edPub, edPriv, err := ed25519.GenerateKey(rand.Reader)
+	if err != nil {
+		t.Fatal(err)
+	}
 	var dsa2048 dsa.PrivateKey
 	if err := dsa.GenerateParameters(&dsa2048.Parameters, rand.Reader, dsa.L2048N256); err != nil {
 		t.Fatal(err)
@@ -1304,6 +1309,7 @@ func Test_fmtPublicKey(t *testing.T) {
 	}{
 		{"p256", args{p256.Public(), p256, nil}, "ECDSA P-256"},
 		{"rsa1024", args{rsa1024.Public(), rsa1024, nil}, "RSA 1024"},
+		{"ed25519", args{edPub, edPriv, nil}, "Ed25519"},
 		{"dsa2048", args{cert: &x509.Certificate{PublicKeyAlgorithm: x509.DSA, PublicKey: &dsa2048.PublicKey}}, "DSA 2048"},
 		{"unknown", args{cert: &x509.Certificate{PublicKeyAlgorithm: x509.ECDSA, PublicKey: []byte("12345678")}}, "ECDSA unknown"},
 	}

From 26e7cc6177f6a51176908bb376eaa6702af51f3b Mon Sep 17 00:00:00 2001
From: Mariano Cano <mariano.cano@gmail.com>
Date: Thu, 6 May 2021 18:10:12 -0700
Subject: [PATCH 2/2] Allow to use the SDK with ed25519 keys.

---
 ca/tls.go | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/ca/tls.go b/ca/tls.go
index 2d9b8f92..e4f585fe 100644
--- a/ca/tls.go
+++ b/ca/tls.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"crypto"
 	"crypto/ecdsa"
+	"crypto/ed25519"
 	"crypto/rsa"
 	"crypto/tls"
 	"crypto/x509"
@@ -325,6 +326,13 @@ func getPEM(i interface{}) ([]byte, error) {
 		if err != nil {
 			return nil, errors.Wrap(err, "error marshaling private key")
 		}
+	case ed25519.PrivateKey:
+		var err error
+		block.Type = "PRIVATE KEY"
+		block.Bytes, err = x509.MarshalPKCS8PrivateKey(i)
+		if err != nil {
+			return nil, errors.Wrap(err, "error marshaling private key")
+		}
 	default:
 		return nil, errors.Errorf("unsupported key type %T", i)
 	}