From ae84c959ac42131329c1eccc6e939eb0cfbb9be7 Mon Sep 17 00:00:00 2001 From: Simon Tatham Date: Tue, 14 Jan 2020 06:39:32 +0000 Subject: [PATCH] PuTTYgen: permit and prefer 255 as bit count for ed25519. In setting up the ECC tests for cmdgen, I noticed that OpenSSH and PuTTYgen disagree on the bit length to put in a key fingerprint for an ed25519 key: we think 255, they think 256. On reflection, I think 255 is more accurate, which is why I bodged get_fp() in the test suite to ignore that difference when checking our key fingerprint against OpenSSH's. But having done that, it now seems silly that if you unnecessarily specify a bit count at ed25519 generation time, cmdgen will insist that it be 256! 255 is now permitted everywhere an ed25519 bit count is input. 256 is also still allowed for backwards compatibility but 255 is preferred by the error message if you give any other value. (cherry picked from commit 187cc8bfccaf9a3ddbe7b344adf5618ba524243e) --- cmdgen.c | 6 +++--- sshecc.c | 2 +- windows/winpgen.c | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/cmdgen.c b/cmdgen.c index 5c17ce2b..7ec6dbae 100644 --- a/cmdgen.c +++ b/cmdgen.c @@ -486,7 +486,7 @@ int main(int argc, char **argv) bits = 384; break; case ED25519: - bits = 256; + bits = 255; break; default: bits = DEFAULT_RSADSA_BITS; @@ -499,8 +499,8 @@ int main(int argc, char **argv) errs = true; } - if (keytype == ED25519 && (bits != 256)) { - fprintf(stderr, "puttygen: invalid bits for ED25519, choose 256\n"); + if (keytype == ED25519 && (bits != 255) && (bits != 256)) { + fprintf(stderr, "puttygen: invalid bits for ED25519, choose 255\n"); errs = true; } diff --git a/sshecc.c b/sshecc.c index dd9a7e3e..3005e288 100644 --- a/sshecc.c +++ b/sshecc.c @@ -1549,7 +1549,7 @@ bool ec_ed_alg_and_curve_by_bits( int bits, const struct ec_curve **curve, const ssh_keyalg **alg) { switch (bits) { - case 256: *alg = &ssh_ecdsa_ed25519; break; + case 255: case 256: *alg = &ssh_ecdsa_ed25519; break; default: return false; } *curve = ((struct ecsign_extra *)(*alg)->extra)->curve(); diff --git a/windows/winpgen.c b/windows/winpgen.c index 353caa02..efb9a392 100644 --- a/windows/winpgen.c +++ b/windows/winpgen.c @@ -365,7 +365,7 @@ static DWORD WINAPI generate_key_thread(void *param) ecdsa_generate(params->eckey, params->curve_bits, progress_update, &prog); else if (params->keytype == ED25519) - eddsa_generate(params->edkey, 256, progress_update, &prog); + eddsa_generate(params->edkey, 255, progress_update, &prog); else rsa_generate(params->key, params->key_bits, progress_update, &prog);