Get ed25519 dkim signature working

rust/program/ed25519-helper/Cargo.toml

@@ -0,0 +1,13 @@
+[package]
+name = "ed25519-helper"
+edition = "2024"
+version = "1.0.0"
+metadata.crane.name = "ed25519-helper"
+
+[dependencies]
+anyhow = { workspace = true }
+clap = { workspace = true }
+common = { path = "../../lib/common" }
+log = { workspace = true }
+libsodium-rs = { workspace = true }
+hakari = { version = "0.1", path = "../../lib/hakari" }

rust/program/ed25519-helper/src/main.rs

@@ -0,0 +1,47 @@
+use std::{io::Write, path::PathBuf};
+
+use clap::{Parser, Subcommand};
+
+fn main() {
+    common::entrypoint(program);
+}
+
+#[derive(Parser, Debug)]
+#[command(version, about, long_about = None)]
+pub struct Args {
+    #[command(subcommand)]
+    pub command: Commands,
+}
+
+#[derive(Debug, Subcommand)]
+pub enum Commands {
+    /// Outputs the raw bytes of a libsodium private key part (as used by rspamd) from a PEM encoded
+    /// private key. For use with rspamd, base64 encode the output
+    PemPrivateKeyToSodiumPrivateKey(PemPrivateKeyToSodiumPrivateKey),
+}
+
+#[derive(Debug, Clone, clap::Args)]
+pub struct PemPrivateKeyToSodiumPrivateKey {
+    /// Path to the file holding the PEM key
+    pem_file: PathBuf,
+}
+
+fn program() -> anyhow::Result<()> {
+    let args = Args::parse();
+    match args.command {
+        Commands::PemPrivateKeyToSodiumPrivateKey(p) => pem_private_key_to_sodium_private_key(p),
+    }
+}
+
+fn pem_private_key_to_sodium_private_key(p: PemPrivateKeyToSodiumPrivateKey) -> anyhow::Result<()> {
+    let mut proc = common::proc::Command::new("openssl");
+    proc.args(["pkey", "-in"]);
+    proc.arg(p.pem_file.as_path().display().to_string());
+    proc.args(["-outform", "DER"]);
+    let result = proc.try_spawn_to_bytes()?;
+    let libsodium_seed = &result[16..48];
+    let keypair = libsodium_rs::crypto_sign::KeyPair::from_seed(libsodium_seed)?;
+    let mut stdout = std::io::stdout();
+    stdout.write(keypair.secret_key.as_bytes())?;
+    Ok(())
+}