Consolidate cryptographic keys: use ed25519 master key for both JWT and ECDH

This commit refactors the key management to use a single ed25519 master
key for both JWT signing and ECDH key exchange:

Changes:
- Created keyservice package to manage the master ed25519 key
- Implemented ed25519 to x25519 key derivation following RFC 7748
  - Private key: hash ed25519 seed and apply Curve25519 clamping
  - Public key: convert Edwards curve point to Montgomery curve
- Updated JWT service to accept keys instead of managing its own
- Updated app.go to use keyservice for both JWT and cryptocodec
- Removed duplicate key generation functions (generateKeyPair, getKeyPair, etc.)
- Removed separate storage keys:
  - Old: tavern_jwt_ed25519_private_key (JWT only)
  - Old: tavern_encryption_private_key (ECDH only)
  - New: tavern_master_ed25519_key (both JWT and derived ECDH)

Benefits:
- Single source of truth for cryptographic keys
- Ed25519 master key enables both signing (JWT) and ECDH (x25519)
- Simpler key management with one persistent key
- Maintains backward compatibility with existing x25519 ECDH protocol

Author: claude

tavern/app.go

@@ -2,10 +2,6 @@ package main
 
 import (
 	"context"
-	"crypto/ecdh"
-	"crypto/ed25519"
-	"crypto/rand"
-	"crypto/x509"
 	"encoding/base64"
 	"fmt"
 	"log"
@@ -35,10 +31,10 @@ import (
 	tavernhttp "realm.pub/tavern/internal/http"
 	"realm.pub/tavern/internal/http/stream"
 	"realm.pub/tavern/internal/jwt"
+	"realm.pub/tavern/internal/keyservice"
 	"realm.pub/tavern/internal/portals"
 	"realm.pub/tavern/internal/portals/mux"
 	"realm.pub/tavern/internal/redirectors"
-	"realm.pub/tavern/internal/secrets"
 	"realm.pub/tavern/internal/www"
 	"realm.pub/tavern/portals/portalpb"
 	"realm.pub/tavern/tomes"
@@ -423,85 +419,6 @@ func newGraphQLHandler(client *ent.Client, repoImporter graphql.RepoImporter) ht
 	})
 }
 
-func generateKeyPair() (*ecdh.PublicKey, *ecdh.PrivateKey, error) {
-	curve := ecdh.X25519()
-	privateKey, err := curve.GenerateKey(rand.Reader)
-	if err != nil {
-		slog.Error(fmt.Sprintf("failed to generate private key: %v\n", err))
-		return nil, nil, err
-	}
-	publicKey, err := curve.NewPublicKey(privateKey.PublicKey().Bytes())
-	if err != nil {
-		slog.Error(fmt.Sprintf("failed to generate public key: %v\n", err))
-		return nil, nil, err
-	}
-
-	return publicKey, privateKey, nil
-}
-
-func GetPubKey() (*ecdh.PublicKey, error) {
-	pub, _, err := getKeyPair()
-	if err != nil {
-		return nil, err
-	}
-	return pub, nil
-}
-
-func newSecretsManager() (secrets.SecretsManager, error) {
-	if EnvGCPProjectID.String() == "" && EnvSecretsManagerPath.String() == "" {
-		slog.Error("No configuration provided for secret manager path, using a potentially insecure default.")
-		return secrets.NewDebugFileSecrets("/tmp/tavern-secrets")
-	}
-	if EnvSecretsManagerPath.String() == "" {
-		return secrets.NewGcp(EnvGCPProjectID.String())
-	}
-
-	return secrets.NewDebugFileSecrets(EnvSecretsManagerPath.String())
-}
-
-func getKeyPair() (*ecdh.PublicKey, *ecdh.PrivateKey, error) {
-	curve := ecdh.X25519()
-
-	secretsManager, err := newSecretsManager()
-	if err != nil || secretsManager == nil {
-		return nil, nil, fmt.Errorf("failed to configure secret manager: %w", err)
-	}
-
-	// Check if we already have a key
-	privateKeyString, err := secretsManager.GetValue("tavern_encryption_private_key")
-	if err != nil {
-		// Generate a new one if it doesn't exist
-		pubKey, privateKey, err := generateKeyPair()
-		if err != nil {
-			return nil, nil, fmt.Errorf("key generation failed: %v", err)
-		}
-
-		privateKeyBytes, err := x509.MarshalPKCS8PrivateKey(privateKey)
-		if err != nil {
-			return nil, nil, fmt.Errorf("unable to marshal private key: %v", err)
-		}
-		_, err = secretsManager.SetValue("tavern_encryption_private_key", privateKeyBytes)
-		if err != nil {
-			return nil, nil, fmt.Errorf("unable to set 'tavern_encryption_private_key' using secrets manager: %v", err)
-		}
-		return pubKey, privateKey, nil
-	}
-
-	// Parse private key bytes
-	tmp, err := x509.ParsePKCS8PrivateKey(privateKeyString)
-	if err != nil {
-		return nil, nil, fmt.Errorf("unable to parse private key: %v", err)
-	}
-	privateKey := tmp.(*ecdh.PrivateKey)
-
-	publicKey, err := curve.NewPublicKey(privateKey.PublicKey().Bytes())
-	if err != nil {
-		return nil, nil, fmt.Errorf("failed to generate public key: %v", err)
-	}
-
-	return publicKey, privateKey, nil
-}
-
 func newPortalGRPCHandler(graph *ent.Client, portalMux *mux.Mux) http.Handler {
 	portalSrv := portals.New(graph, portalMux)
 	grpcSrv := grpc.NewServer(
@@ -525,22 +442,31 @@ func newPortalGRPCHandler(graph *ent.Client, portalMux *mux.Mux) http.Handler {
 }
 
 func newGRPCHandler(client *ent.Client, grpcShellMux *stream.Mux, portalMux *mux.Mux) http.Handler {
-	pub, priv, err := getKeyPair()
+	// Initialize key service (manages master ed25519 key and derives x25519 key)
+	keyService, err := keyservice.NewKeyService()
 	if err != nil {
+		slog.Error("failed to initialize key service", "err", err)
 		panic(err)
 	}
-	slog.Info(fmt.Sprintf("public key: %s", base64.StdEncoding.EncodeToString(pub.Bytes())))
 
-	// Initialize JWT service
-	jwtService, err := jwt.NewService()
+	// Get derived x25519 keys for encryption
+	x25519Pub := keyService.GetX25519PublicKey()
+	x25519Priv := keyService.GetX25519PrivateKey()
+	slog.Info(fmt.Sprintf("x25519 public key (derived from ed25519): %s", base64.StdEncoding.EncodeToString(x25519Pub.Bytes())))
+
+	// Initialize JWT service with ed25519 keys
+	jwtService, err := jwt.NewService(
+		keyService.GetEd25519PrivateKey(),
+		keyService.GetEd25519PublicKey(),
+	)
 	if err != nil {
 		slog.Error("failed to initialize JWT service", "err", err)
 		panic(err)
 	}
 
 	c2srv := c2.New(client, grpcShellMux, portalMux, jwtService)
 	xchacha := cryptocodec.StreamDecryptCodec{
-		Csvc: cryptocodec.NewCryptoSvc(priv),
+		Csvc: cryptocodec.NewCryptoSvc(x25519Priv),
 	}
 	grpcSrv := grpc.NewServer(
 		grpc.ForceServerCodecV2(xchacha),

tavern/internal/jwt/jwt.go

@@ -2,15 +2,10 @@ package jwt
 
 import (
 	"crypto/ed25519"
-	"crypto/rand"
-	"crypto/x509"
 	"fmt"
-	"log/slog"
-	"os"
 	"time"
 
 	"github.com/golang-jwt/jwt"
-	"realm.pub/tavern/internal/secrets"
 )
 
 // Service provides JWT generation and validation using ed25519 keys
@@ -26,56 +21,12 @@ type TaskClaims struct {
 	jwt.StandardClaims
 }
 
-// NewService creates a new JWT service with persistent ed25519 keys
-func NewService() (*Service, error) {
-	secretsManager, err := newSecretsManager()
-	if err != nil || secretsManager == nil {
-		return nil, fmt.Errorf("failed to configure secret manager: %w", err)
+// NewService creates a new JWT service with the provided ed25519 keys
+func NewService(privateKey ed25519.PrivateKey, publicKey ed25519.PublicKey) (*Service, error) {
+	if privateKey == nil || publicKey == nil {
+		return nil, fmt.Errorf("private key and public key must not be nil")
 	}
 
-	// Check if we already have a key
-	privateKeyBytes, err := secretsManager.GetValue("tavern_jwt_ed25519_private_key")
-	if err != nil {
-		// Generate a new key pair if it doesn't exist
-		pubKey, privKey, err := ed25519.GenerateKey(rand.Reader)
-		if err != nil {
-			return nil, fmt.Errorf("failed to generate ed25519 keypair: %w", err)
-		}
-
-		// Marshal and store the private key
-		privateKeyBytes, err := x509.MarshalPKCS8PrivateKey(privKey)
-		if err != nil {
-			return nil, fmt.Errorf("unable to marshal private key: %w", err)
-		}
-
-		_, err = secretsManager.SetValue("tavern_jwt_ed25519_private_key", privateKeyBytes)
-		if err != nil {
-			return nil, fmt.Errorf("unable to set 'tavern_jwt_ed25519_private_key' using secrets manager: %w", err)
-		}
-
-		slog.Info("Generated new ed25519 keypair for JWT signing")
-
-		return &Service{
-			privateKey: privKey,
-			publicKey:  pubKey,
-		}, nil
-	}
-
-	// Parse existing private key
-	tmp, err := x509.ParsePKCS8PrivateKey(privateKeyBytes)
-	if err != nil {
-		return nil, fmt.Errorf("unable to parse private key: %w", err)
-	}
-
-	privateKey, ok := tmp.(ed25519.PrivateKey)
-	if !ok {
-		return nil, fmt.Errorf("expected ed25519.PrivateKey, got %T", tmp)
-	}
-
-	publicKey := privateKey.Public().(ed25519.PublicKey)
-
-	slog.Info("Loaded existing ed25519 keypair for JWT signing")
-
 	return &Service{
 		privateKey: privateKey,
 		publicKey:  publicKey,
@@ -129,23 +80,3 @@ func (s *Service) ValidateTaskToken(tokenString string) (*TaskClaims, error) {
 func (s *Service) GetPublicKey() ed25519.PublicKey {
 	return s.publicKey
 }
-
-// newSecretsManager creates a secrets manager instance
-// This function is intentionally package-private and duplicates logic from app.go
-// to avoid circular dependencies
-func newSecretsManager() (secrets.SecretsManager, error) {
-	// Read environment variables directly to avoid circular imports
-	gcpProjectID := os.Getenv("GCP_PROJECT_ID")
-	secretsPath := os.Getenv("SECRETS_FILE_PATH")
-
-	if gcpProjectID == "" && secretsPath == "" {
-		slog.Warn("No configuration provided for secret manager path, using a potentially insecure default.")
-		return secrets.NewDebugFileSecrets("/tmp/tavern-secrets")
-	}
-
-	if secretsPath == "" {
-		return secrets.NewGcp(gcpProjectID)
-	}
-
-	return secrets.NewDebugFileSecrets(secretsPath)
-}