-/*
-Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
+// tofuproxy -- flexible HTTP/HTTPS proxy, TLS terminator, X.509 TOFU
+// manager, WARC/geminispace browser
+// Copyright (C) 2021-2024 Sergey Matveev <stargrave@stargrave.org>
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, version 3 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with this program. If not, see <http://www.gnu.org/licenses/>.
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, version 3 of the License.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-package main
+package tofuproxy
import (
"crypto"
"crypto/ecdsa"
+ "crypto/ed25519"
"crypto/elliptic"
"crypto/rand"
"crypto/x509"
"time"
)
-type Keypair struct {
+type X509Keypair struct {
cert *x509.Certificate
prv crypto.PrivateKey
}
var (
- hostCerts = make(map[string]*Keypair)
+ hostCerts = make(map[string]*X509Keypair)
hostCertsM sync.Mutex
Serial *big.Int
+ X509Algo string
)
func init() {
}
}
-func newKeypair(
+func NewKeypair(ai string) (pub, prv any) {
+ switch ai {
+ case "ecdsa":
+ prvEcdsa, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
+ if err != nil {
+ log.Fatalln(err)
+ }
+ prv = prvEcdsa
+ pub = prvEcdsa.Public()
+ case "eddsa":
+ var err error
+ pub, prv, err = ed25519.GenerateKey(rand.Reader)
+ if err != nil {
+ log.Fatalln(err)
+ }
+ default:
+ log.Fatalln("unknown algorithm specified")
+ }
+ return
+}
+
+func newX509Keypair(
host string,
caCert *x509.Certificate,
caPrv crypto.PrivateKey,
-) *Keypair {
- prv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
- if err != nil {
- log.Fatalln(err)
- }
- pub := prv.Public()
+) *X509Keypair {
+ pub, prv := NewKeypair(X509Algo)
notBefore := time.Now()
notAfter := notBefore.Add(24 * time.Hour)
Serial = Serial.Add(Serial, big.NewInt(1))
if err != nil {
log.Fatalln(err)
}
- return &Keypair{cert, prv}
+ return &X509Keypair{cert, prv}
}