first pass

[PuTTY.git] / sshecdsag.c

diff --git a/sshecdsag.c b/sshecdsag.c
index 4bd9e8f74a394bc1e0fd02094d6d9bdae4d3b854..83eeeb0339f2770793eb82ccdc89404b3ec227f9 100644 (file)
--- a/sshecdsag.c
+++ b/sshecdsag.c
@@ -12,15 +12,9 @@ int ec_generate(struct ec_key *key, int bits, progfn_t pfn,
 {
     struct ec_point *publicKey;
 
-    if (bits == 256) {
-        key->publicKey.curve = ec_p256();
-    } else if (bits == 384) {
-        key->publicKey.curve = ec_p384();
-    } else if (bits == 521) {
-        key->publicKey.curve = ec_p521();
-    } else {
+    if (!ec_nist_alg_and_curve_by_bits(bits, &key->publicKey.curve,
+                                       &key->signalg))
         return 0;
-    }
 
     key->privateKey = bignum_random_in_range(One, key->publicKey.curve->w.n);
     if (!key->privateKey) return 0;
@@ -39,3 +33,39 @@ int ec_generate(struct ec_key *key, int bits, progfn_t pfn,
 
     return 1;
 }
+
+int ec_edgenerate(struct ec_key *key, int bits, progfn_t pfn,
+                  void *pfnparam)
+{
+    struct ec_point *publicKey;
+
+    if (!ec_ed_alg_and_curve_by_bits(bits, &key->publicKey.curve,
+                                     &key->signalg))
+        return 0;
+
+    {
+        /* EdDSA secret keys are just 32 bytes of hash preimage; the
+         * 64-byte SHA-512 hash of that key will be used when signing,
+         * but the form of the key stored on disk is the preimage
+         * only. */
+        Bignum privMax = bn_power_2(bits);
+        if (!privMax) return 0;
+        key->privateKey = bignum_random_in_range(Zero, privMax);
+        freebn(privMax);
+        if (!key->privateKey) return 0;
+    }
+
+    publicKey = ec_public(key->privateKey, key->publicKey.curve);
+    if (!publicKey) {
+        freebn(key->privateKey);
+        key->privateKey = NULL;
+        return 0;
+    }
+
+    key->publicKey.x = publicKey->x;
+    key->publicKey.y = publicKey->y;
+    key->publicKey.z = NULL;
+    sfree(publicKey);
+
+    return 1;
+}