use ed25519 instead of RSA in tests and examples (#5050)

Also adds a golangci-lint depguard rules that forbids importing crypto/rsa.
2025-04-20 11:55:08 +08:00
parent 03e9359e38
commit d35b5ac187
6 changed files with 127 additions and 31 deletions
--- a/internal/handshake/crypto_setup_test.go
+++ b/internal/handshake/crypto_setup_test.go
@@ -2,8 +2,8 @@ package handshake

 import (
 	"context"
+	"crypto/ed25519"
 	"crypto/rand"
-	"crypto/rsa"
 	"crypto/tls"
 	"crypto/x509"
 	"crypto/x509/pkix"
@@ -252,17 +252,17 @@ func TestHelloRetryRequest(t *testing.T) {
 }

 func TestWithClientAuth(t *testing.T) {
-	priv, err := rsa.GenerateKey(rand.Reader, 2048)
+	pub, priv, err := ed25519.GenerateKey(rand.Reader)
 	require.NoError(t, err)
 	tmpl := &x509.Certificate{
 		SerialNumber:          big.NewInt(1),
 		Subject:               pkix.Name{},
-		SignatureAlgorithm:    x509.SHA256WithRSA,
+		SignatureAlgorithm:    x509.PureEd25519,
 		NotBefore:             time.Now(),
 		NotAfter:              time.Now().Add(time.Hour),
 		BasicConstraintsValid: true,
 	}
-	certDER, err := x509.CreateCertificate(rand.Reader, tmpl, tmpl, priv.Public(), priv)
+	certDER, err := x509.CreateCertificate(rand.Reader, tmpl, tmpl, pub, priv)
 	require.NoError(t, err)
 	clientCert := tls.Certificate{
 		PrivateKey:  priv,