From 97273a0f9bdb0bc04815967dc986736292723141 Mon Sep 17 00:00:00 2001
From: Appu Goundan <appu@google.com>
Date: Tue, 27 Feb 2024 14:50:21 -0500
Subject: [PATCH] parse ed25519 raw keys

Signed-off-by: Appu Goundan <appu@google.com>
---
 .../java/dev/sigstore/encryption/Keys.java    | 19 +++++++++++++++-
 .../dev/sigstore/encryption/KeysTest.java     | 22 +++++++++++++++++++
 2 files changed, 40 insertions(+), 1 deletion(-)

diff --git a/sigstore-java/src/main/java/dev/sigstore/encryption/Keys.java b/sigstore-java/src/main/java/dev/sigstore/encryption/Keys.java
index 1a5d90e1..564c6b88 100644
--- a/sigstore-java/src/main/java/dev/sigstore/encryption/Keys.java
+++ b/sigstore-java/src/main/java/dev/sigstore/encryption/Keys.java
@@ -34,6 +34,8 @@
 import java.util.List;
 import org.bouncycastle.asn1.ASN1Integer;
 import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.edec.EdECObjectIdentifiers;
+import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
 import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
 import org.bouncycastle.jce.ECNamedCurveTable;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
@@ -137,9 +139,24 @@ public static PublicKey constructTufPublicKey(byte[] contents, String scheme)
       case "ed25519":
         {
           final KeyFactory kf = KeyFactory.getInstance("Ed25519");
-          final X509EncodedKeySpec keySpec = new X509EncodedKeySpec(contents);
+          X509EncodedKeySpec keySpec;
+          // tuf allows raw keys only for ed25519 (non PEM):
+          // https://github.com/theupdateframework/specification/blob/c51875f445d8a57efca9dadfbd5dbdece06d87e6/tuf-spec.md#key-objects--file-formats-keys
+          if (contents.length == 32) {
+            var params =
+                new SubjectPublicKeyInfo(
+                    new AlgorithmIdentifier(EdECObjectIdentifiers.id_Ed25519), contents);
+            try {
+              keySpec = new X509EncodedKeySpec(params.getEncoded());
+            } catch (IOException e) {
+              throw new RuntimeException(e);
+            }
+          } else {
+            keySpec = new X509EncodedKeySpec(contents);
+          }
           return kf.generatePublic(keySpec);
         }
+      case "ecdsa":
       case "ecdsa-sha2-nistp256":
         {
           // spec for P-256 curve
diff --git a/sigstore-java/src/test/java/dev/sigstore/encryption/KeysTest.java b/sigstore-java/src/test/java/dev/sigstore/encryption/KeysTest.java
index fed8c3c8..6d4f4df1 100644
--- a/sigstore-java/src/test/java/dev/sigstore/encryption/KeysTest.java
+++ b/sigstore-java/src/test/java/dev/sigstore/encryption/KeysTest.java
@@ -163,6 +163,28 @@ void parseTufPublicKey_ed25519_lteJava14()
     assertEquals("Ed25519", key.getAlgorithm());
   }
 
+  @Test
+  @EnabledForJreRange(min = JRE.JAVA_15)
+  void parseTufPublicKey_ed25519_rawBytes_java15plus() throws Exception {
+    PublicKey key =
+        Keys.constructTufPublicKey(
+            Hex.decode("2d7218ce609f85de4b0d29d9e679cfd73e96756652f7069a0cf00acb752e5d3c"),
+            "ed25519");
+    assertNotNull(key);
+    assertEquals("EdDSA", key.getAlgorithm());
+  }
+
+  @Test
+  @EnabledForJreRange(max = JRE.JAVA_14)
+  void parseTufPublicKey_ed25519_rawBytes_lteJava14() throws Exception {
+    PublicKey key =
+        Keys.constructTufPublicKey(
+            Hex.decode("2d7218ce609f85de4b0d29d9e679cfd73e96756652f7069a0cf00acb752e5d3c"),
+            "ed25519");
+    assertNotNull(key);
+    assertEquals("Ed25519", key.getAlgorithm());
+  }
+
   @Test
   void parseTufPublicKey_ed25519Bad() {
     Assertions.assertThrows(