X-Git-Url: http://www.git.stargrave.org/?a=blobdiff_plain;f=x509.go;h=f18b2195dbd9c4acffefb1a356aebe7a6027f6b2;hb=ac0e57015ad6f2cc18e9a60d4fc7d9887d4f4b04;hp=4dafb908383eb894ef68348c8804c77da4363756;hpb=3afd6d4718386c28a3e889b261cf047b8a3335cc;p=tofuproxy.git

diff --git a/x509.go b/x509.go
index 4dafb90..f18b219 100644
--- a/x509.go
+++ b/x509.go
@@ -20,7 +20,9 @@ package tofuproxy
 
 import (
 	"crypto"
+	"crypto/ecdsa"
 	"crypto/ed25519"
+	"crypto/elliptic"
 	"crypto/rand"
 	"crypto/x509"
 	"crypto/x509/pkix"
@@ -30,15 +32,16 @@ import (
 	"time"
 )
 
-type Keypair struct {
+type X509Keypair struct {
 	cert *x509.Certificate
 	prv  crypto.PrivateKey
 }
 
 var (
-	hostCerts  = make(map[string]*Keypair)
+	hostCerts  = make(map[string]*X509Keypair)
 	hostCertsM sync.Mutex
 	Serial     *big.Int
+	X509Algo   string
 )
 
 func init() {
@@ -51,15 +54,33 @@ func init() {
 	}
 }
 
-func newKeypair(
+func NewKeypair(ai string) (pub, prv any) {
+	switch ai {
+	case "ecdsa":
+		prvEcdsa, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
+		if err != nil {
+			log.Fatalln(err)
+		}
+		prv = prvEcdsa
+		pub = prvEcdsa.Public()
+	case "eddsa":
+		var err error
+		pub, prv, err = ed25519.GenerateKey(rand.Reader)
+		if err != nil {
+			log.Fatalln(err)
+		}
+	default:
+		log.Fatalln("unknown algorithm specified")
+	}
+	return
+}
+
+func newX509Keypair(
 	host string,
 	caCert *x509.Certificate,
 	caPrv crypto.PrivateKey,
-) *Keypair {
-	pub, prv, err := ed25519.GenerateKey(rand.Reader)
-	if err != nil {
-		log.Fatalln(err)
-	}
+) *X509Keypair {
+	pub, prv := NewKeypair(X509Algo)
 	notBefore := time.Now()
 	notAfter := notBefore.Add(24 * time.Hour)
 	Serial = Serial.Add(Serial, big.NewInt(1))
@@ -80,5 +101,5 @@ func newKeypair(
 	if err != nil {
 		log.Fatalln(err)
 	}
-	return &Keypair{cert, prv}
+	return &X509Keypair{cert, prv}
 }