Add support for ED25519 CA cert key

counterecryptor.go

@@ -4,6 +4,7 @@ import (
 	"crypto/aes"
 	"crypto/cipher"
 	"crypto/ecdsa"
+	"crypto/ed25519"
 	"crypto/rsa"
 	"crypto/sha256"
 	"crypto/x509"
@@ -26,8 +27,12 @@ func NewCounterEncryptorRandFromKey(key interface{}, seed []byte) (r CounterEncr
 		if keyBytes, err = x509.MarshalECPrivateKey(key); err != nil {
 			return
 		}
+	case ed25519.PrivateKey:
+		if keyBytes, err = x509.MarshalPKCS8PrivateKey(key); err != nil {
+			return
+		}
 	default:
-		err = errors.New("only RSA and ECDSA keys supported")
+		err = errors.New("only RSA, ED25519 and ECDSA keys supported")
 		return
 	}
 	h := sha256.New()

signer.go

@@ -3,12 +3,12 @@ package goproxy
 import (
 	"crypto"
 	"crypto/ecdsa"
+	"crypto/ed25519"
 	"crypto/elliptic"
 	"crypto/rsa"
 	"crypto/sha1"
 	"crypto/tls"
 	"crypto/x509"
-	"crypto/x509/pkix"
 	"fmt"
 	"math/big"
 	"math/rand"
@@ -53,11 +53,9 @@ func signHost(ca tls.Certificate, hosts []string) (cert *tls.Certificate, err er
 		// TODO(elazar): instead of this ugly hack, just encode the certificate and hash the binary form.
 		SerialNumber: serial,
 		Issuer:       x509ca.Subject,
-		Subject: pkix.Name{
-			Organization: []string{"GoProxy untrusted MITM proxy Inc"},
-		},
-		NotBefore: start,
-		NotAfter:  end,
+		Subject:      x509ca.Subject,
+		NotBefore:    start,
+		NotAfter:     end,
 
 		KeyUsage:              x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
 		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
@@ -88,6 +86,10 @@ func signHost(ca tls.Certificate, hosts []string) (cert *tls.Certificate, err er
 		if certpriv, err = ecdsa.GenerateKey(elliptic.P256(), &csprng); err != nil {
 			return
 		}
+	case ed25519.PrivateKey:
+		if _, certpriv, err = ed25519.GenerateKey(&csprng); err != nil {
+			return
+		}
 	default:
 		err = fmt.Errorf("unsupported key type %T", ca.PrivateKey)
 	}