LoadKeys(): slog.Debug() + refactor

jtagcat · jtagcat · commit 763c2ae28e05 · 2023-10-16T04:28:05.000+03:00
* Now follows symlinks
* TPM file suffix is now .tpm, not tpm
diff --git a/agent/agent.go b/agent/agent.go
@@ -127,6 +127,7 @@ func (a *Agent) List() ([]*agent.Key, error) {
 			Comment: string(k.Comment),
 		})
 	}
+
 	return agentKeys, nil
 }
 
@@ -268,35 +269,46 @@ func (a *Agent) Unlock(passphrase []byte) error {
 }
 
 func LoadKeys(keyDir string) (map[string]*key.Key, error) {
-	keys := map[string]*key.Key{}
-	err := filepath.WalkDir(keyDir,
-		func(path string, d fs.DirEntry, err error) error {
-			if err != nil {
-				return err
-			}
-			if d.IsDir() {
-				return nil
-			}
-			if !strings.HasSuffix(path, "tpm") {
-				return nil
-			}
-			f, err := os.ReadFile(path)
-			if err != nil {
-				return fmt.Errorf("failed reading %s", path)
-			}
-			k, err := key.DecodeKey(f)
-			if err != nil {
-				slog.Debug("not a TPM-sealed key", slog.String("key_path", path), slog.String("error", err.Error()))
-				return nil
-			}
-			keys[k.Fingerprint()] = k
-			return nil
-		},
-	)
+	keyDir, err := filepath.EvalSymlinks(keyDir)
 	if err != nil {
 		return nil, err
 	}
-	return keys, nil
+
+	keys := make(map[string]*key.Key)
+
+	walkFunc := func(path string, d fs.DirEntry, err error) error {
+		if err != nil {
+			return err
+		}
+
+		if d.IsDir() {
+			return nil
+		}
+
+		if !strings.HasSuffix(path, ".tpm") {
+			slog.Debug("skipping key: does not have .tpm suffix", slog.String("name", path))
+			return nil
+		}
+
+		f, err := os.ReadFile(path)
+		if err != nil {
+			return fmt.Errorf("failed reading %s", path)
+		}
+
+		k, err := key.DecodeKey(f)
+		if err != nil {
+			slog.Debug("not a TPM sealed key", slog.String("key_path", path), slog.String("error", err.Error()))
+			return nil
+		}
+
+		keys[k.Fingerprint()] = k
+
+		slog.Debug("added TPM key", slog.String("name", path))
+		return nil
+	}
+
+	err = filepath.WalkDir(keyDir, walkFunc)
+	return keys, err
 }
 
 func NewAgent(listener *net.UnixListener, agents []agent.ExtendedAgent, tpmFetch func() transport.TPMCloser, pin func(*key.Key) ([]byte, error)) *Agent {
diff --git a/cmd/ssh-tpm-agent/main.go b/cmd/ssh-tpm-agent/main.go
@@ -165,15 +165,6 @@ func main() {
 		keyDir = utils.SSHDir()
 	}
 
-	fi, err := os.Lstat(keyDir)
-	if err != nil {
-		slog.Error(err.Error())
-		os.Exit(1)
-	}
-	if fi.Mode()&os.ModeSymlink == os.ModeSymlink {
-		slog.Info("Not following symbolic link", slog.String("key_directory", keyDir))
-	}
-
 	if term.IsTerminal(int(os.Stdin.Fd())) {
 		slog.Info("Warning: ssh-tpm-agent is meant to run as a background daemon.")
 		slog.Info("Running multiple instances is likely to lead to conflicts.")
@@ -227,7 +218,9 @@ func main() {
 	}()
 
 	if !noLoad {
-		agent.LoadKeys(keyDir)
+		if err := agent.LoadKeys(keyDir); err != nil {
+			slog.Error("loading keys", slog.String("error", err.Error()))
+		}
 	}
 
 	agent.Wait()
