X-Git-Url: http://www.git.stargrave.org/?p=tofuproxy.git;a=blobdiff_plain;f=x509.go;h=f18b2195dbd9c4acffefb1a356aebe7a6027f6b2;hp=f818af2ee162951d8ec2937a3316548d6991b508;hb=HEAD;hpb=4473383b88399bbc5433a9292847d954087c8d61 diff --git a/x509.go b/x509.go index f818af2..780c26c 100644 --- a/x509.go +++ b/x509.go @@ -1,25 +1,25 @@ -/* -tofuproxy -- HTTP proxy with TLS certificates management -Copyright (C) 2021 Sergey Matveev - -This program is free software: you can redistribute it and/or modify -it under the terms of the GNU General Public License as published by -the Free Software Foundation, version 3 of the License. - -This program is distributed in the hope that it will be useful, -but WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -GNU General Public License for more details. - -You should have received a copy of the GNU General Public License -along with this program. If not, see . -*/ +// tofuproxy -- flexible HTTP/HTTPS proxy, TLS terminator, X.509 TOFU +// manager, WARC/geminispace browser +// Copyright (C) 2021-2024 Sergey Matveev +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, version 3 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . package tofuproxy import ( "crypto" "crypto/ecdsa" + "crypto/ed25519" "crypto/elliptic" "crypto/rand" "crypto/x509" @@ -30,15 +30,16 @@ import ( "time" ) -type Keypair struct { +type X509Keypair struct { cert *x509.Certificate prv crypto.PrivateKey } var ( - hostCerts = make(map[string]*Keypair) + hostCerts = make(map[string]*X509Keypair) hostCertsM sync.Mutex Serial *big.Int + X509Algo string ) func init() { @@ -51,16 +52,33 @@ func init() { } } -func newKeypair( +func NewKeypair(ai string) (pub, prv any) { + switch ai { + case "ecdsa": + prvEcdsa, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + if err != nil { + log.Fatalln(err) + } + prv = prvEcdsa + pub = prvEcdsa.Public() + case "eddsa": + var err error + pub, prv, err = ed25519.GenerateKey(rand.Reader) + if err != nil { + log.Fatalln(err) + } + default: + log.Fatalln("unknown algorithm specified") + } + return +} + +func newX509Keypair( host string, caCert *x509.Certificate, caPrv crypto.PrivateKey, -) *Keypair { - prv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) - if err != nil { - log.Fatalln(err) - } - pub := prv.Public() +) *X509Keypair { + pub, prv := NewKeypair(X509Algo) notBefore := time.Now() notAfter := notBefore.Add(24 * time.Hour) Serial = Serial.Add(Serial, big.NewInt(1)) @@ -81,5 +99,5 @@ func newKeypair( if err != nil { log.Fatalln(err) } - return &Keypair{cert, prv} + return &X509Keypair{cert, prv} }