Support public keys using the "ssh-ed25519" method.

[PuTTY.git] / sshecdsag.c

diff --git a/sshecdsag.c b/sshecdsag.c
index 049967d6acb5972576b6c46ee4c63902a943ad49..61376d886047fc13fe878f4a9881355db6b2561b 100644 (file)
--- a/sshecdsag.c
+++ b/sshecdsag.c
@@ -22,10 +22,48 @@ int ec_generate(struct ec_key *key, int bits, progfn_t pfn,
         return 0;
     }
 
-    key->privateKey = bignum_random_in_range(One, key->publicKey.curve->n);
+    key->privateKey = bignum_random_in_range(One, key->publicKey.curve->w.n);
     if (!key->privateKey) return 0;
 
-    publicKey = ecp_mul(&key->publicKey.curve->G, key->privateKey);
+    publicKey = ec_public(key->privateKey, key->publicKey.curve);
+    if (!publicKey) {
+        freebn(key->privateKey);
+        key->privateKey = NULL;
+        return 0;
+    }
+
+    key->publicKey.x = publicKey->x;
+    key->publicKey.y = publicKey->y;
+    key->publicKey.z = NULL;
+    sfree(publicKey);
+
+    return 1;
+}
+
+int ec_edgenerate(struct ec_key *key, int bits, progfn_t pfn,
+                  void *pfnparam)
+{
+    struct ec_point *publicKey;
+
+    if (bits == 256) {
+        key->publicKey.curve = ec_ed25519();
+    } else {
+        return 0;
+    }
+
+    {
+        /* EdDSA secret keys are just 32 bytes of hash preimage; the
+         * 64-byte SHA-512 hash of that key will be used when signing,
+         * but the form of the key stored on disk is the preimage
+         * only. */
+        Bignum privMax = bn_power_2(bits);
+        if (!privMax) return 0;
+        key->privateKey = bignum_random_in_range(Zero, privMax);
+        freebn(privMax);
+        if (!key->privateKey) return 0;
+    }
+
+    publicKey = ec_public(key->privateKey, key->publicKey.curve);
     if (!publicKey) {
         freebn(key->privateKey);
         key->privateKey = NULL;