From: Sergey Matveev <stargrave@stargrave.org>
Date: Sun, 19 Mar 2023 19:02:35 +0000 (+0300)
Subject: Use faster modern EdDSA-based certificates
X-Git-Tag: v0.1.0~5
X-Git-Url: http://www.git.stargrave.org/?p=tofuproxy.git;a=commitdiff_plain;h=edf6888e1b9dada613cd29ebb7ba6b6385cb3bcc

Use faster modern EdDSA-based certificates
---

diff --git a/cmd/certgen/main.go b/cmd/certgen/main.go
index fda7232..e9a5cb1 100644
--- a/cmd/certgen/main.go
+++ b/cmd/certgen/main.go
@@ -19,8 +19,7 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
 package main
 
 import (
-	"crypto/ecdsa"
-	"crypto/elliptic"
+	"crypto/ed25519"
 	"crypto/rand"
 	"crypto/x509"
 	"crypto/x509/pkix"
@@ -38,11 +37,10 @@ func main() {
 	flag.Parse()
 	log.SetFlags(log.Lshortfile)
 
-	prv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
+	pub, prv, err := ed25519.GenerateKey(rand.Reader)
 	if err != nil {
 		log.Fatalln(err)
 	}
-	pub := prv.Public()
 	notBefore := time.Now()
 	notAfter := notBefore.Add(365 * 24 * time.Hour)
 
diff --git a/x509.go b/x509.go
index 6c39232..4dafb90 100644
--- a/x509.go
+++ b/x509.go
@@ -20,8 +20,7 @@ package tofuproxy
 
 import (
 	"crypto"
-	"crypto/ecdsa"
-	"crypto/elliptic"
+	"crypto/ed25519"
 	"crypto/rand"
 	"crypto/x509"
 	"crypto/x509/pkix"
@@ -57,11 +56,10 @@ func newKeypair(
 	caCert *x509.Certificate,
 	caPrv crypto.PrivateKey,
 ) *Keypair {
-	prv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
+	pub, prv, err := ed25519.GenerateKey(rand.Reader)
 	if err != nil {
 		log.Fatalln(err)
 	}
-	pub := prv.Public()
 	notBefore := time.Now()
 	notAfter := notBefore.Add(24 * time.Hour)
 	Serial = Serial.Add(Serial, big.NewInt(1))