Merge pull request #823 from tjko/ed25519_keygen

JacobBarthelmeh · web-flow · commit 04165fc24bf6 · 2025-08-01T10:42:47.000-06:00
Add ED25519 key generation support.
diff --git a/src/keygen.c b/src/keygen.c
@@ -187,6 +187,67 @@ int wolfSSH_MakeEcdsaKey(byte* out, word32 outSz, word32 size)
 }
 
 
+int wolfSSH_MakeEd25519Key(byte* out, word32 outSz, word32 size)
+{
+#ifndef WOLFSSH_NO_ED25519
+
+    int ret = WS_SUCCESS;
+    WC_RNG rng;
+
+    WLOG(WS_LOG_DEBUG, "Entering wolfSSH_MakeEd25519Key()");
+
+    if (wc_InitRng(&rng) != 0) {
+        WLOG(WS_LOG_DEBUG, "Couldn't create RNG");
+        ret = WS_CRYPTO_FAILED;
+    }
+
+    if (ret == WS_SUCCESS) {
+        ed25519_key key;
+
+        if (wc_ed25519_init(&key) != 0)
+            ret = WS_CRYPTO_FAILED;
+
+        if (ret == WS_SUCCESS) {
+            ret = wc_ed25519_make_key(&rng, size/8, &key);
+            if (ret != 0) {
+                WLOG(WS_LOG_DEBUG, "ED25519 key generation failed");
+                ret = WS_CRYPTO_FAILED;
+            }
+            else
+                ret = WS_SUCCESS;
+        }
+
+        if (ret == WS_SUCCESS) {
+            int keySz;
+
+            keySz = wc_Ed25519KeyToDer(&key, out, outSz);
+            if (keySz < 0) {
+                WLOG(WS_LOG_DEBUG, "ED25519 key to DER failed");
+                ret = WS_CRYPTO_FAILED;
+            }
+            else
+                ret = keySz;
+        }
+
+	wc_ed25519_free(&key);
+
+        if (wc_FreeRng(&rng) != 0) {
+            WLOG(WS_LOG_DEBUG, "Couldn't free RNG");
+            ret = WS_CRYPTO_FAILED;
+        }
+    }
+
+    WLOG(WS_LOG_DEBUG, "Leaving wolfSSH_MakeEd25519Key(), ret = %d", ret);
+    return ret;
+#else
+    WOLFSSH_UNUSED(out);
+    WOLFSSH_UNUSED(outSz);
+    WOLFSSH_UNUSED(size);
+    return WS_NOT_COMPILED;
+#endif
+}
+
+
 #else /* WOLFSSL_KEY_GEN */
     #error "wolfSSH keygen requires that keygen is enabled in wolfSSL, use --enable-keygen or #define WOLFSSL_KEY_GEN."
 #endif /* WOLFSSL_KEY_GEN */
diff --git a/tests/unit.c b/tests/unit.c
@@ -265,6 +265,23 @@ static int test_EcdsaKeyGen(void)
 }
 #endif
 
+#ifndef WOLFSSH_NO_ED25519
+static int test_Ed25519KeyGen(void)
+{
+    int result = 0;
+    byte der[1200];
+    int derSz;
+
+    derSz = wolfSSH_MakeEd25519Key(der, sizeof(der), WOLFSSH_ED25519KEY);
+    if (derSz < 0) {
+        printf("Ed25519KeyGen: MakeEd25519Key failed\n");
+        result = -105;
+    }
+
+    return result;
+}
+#endif
+
 #endif
 
 
@@ -350,6 +367,11 @@ int wolfSSH_UnitTest(int argc, char** argv)
     printf("EcdsaKeyGen: %s\n", (unitResult == 0 ? "SUCCESS" : "FAILED"));
     testResult = testResult || unitResult;
 #endif
+#ifndef WOLFSSH_NO_ED25519
+    unitResult = test_Ed25519KeyGen();
+    printf("Ed25519KeyGen: %s\n", (unitResult == 0 ? "SUCCESS" : "FAILED"));
+    testResult = testResult || unitResult;
+#endif
 #endif
 
     wolfSSH_Cleanup();
diff --git a/wolfssh/keygen.h b/wolfssh/keygen.h
@@ -41,11 +41,13 @@ extern "C" {
 #define WOLFSSH_ECDSAKEY_PRIME256 256
 #define WOLFSSH_ECDSAKEY_PRIME384 384
 #define WOLFSSH_ECDSAKEY_PRIME521 521
+#define WOLFSSH_ED25519KEY        256
 
 
 WOLFSSH_API int wolfSSH_MakeRsaKey(byte* out, word32 outSz,
         word32 size, word32 e);
 WOLFSSH_API int wolfSSH_MakeEcdsaKey(byte* out, word32 outSz, word32 size);
+WOLFSSH_API int wolfSSH_MakeEd25519Key(byte* out, word32 outSz, word32 size);
 
 
 #ifdef __cplusplus
