setup-python/node_modules/sshpk/lib/dhe.js

// Copyright 2017 Joyent, Inc.

module.exports = {
	DiffieHellman: DiffieHellman,
	generateECDSA: generateECDSA,
	generateED25519: generateED25519
};

var assert = require('assert-plus');
var crypto = require('crypto');
var Buffer = require('safer-buffer').Buffer;
var algs = require('./algs');
var utils = require('./utils');
var nacl = require('tweetnacl');

var Key = require('./key');
var PrivateKey = require('./private-key');

var CRYPTO_HAVE_ECDH = (crypto.createECDH !== undefined);

var ecdh = require('ecc-jsbn');
var ec = require('ecc-jsbn/lib/ec');
var jsbn = require('jsbn').BigInteger;

function DiffieHellman(key) {
	utils.assertCompatible(key, Key, [1, 4], 'key');
	this._isPriv = PrivateKey.isPrivateKey(key, [1, 3]);
	this._algo = key.type;
	this._curve = key.curve;
	this._key = key;
	if (key.type === 'dsa') {
		if (!CRYPTO_HAVE_ECDH) {
			throw (new Error('Due to bugs in the node 0.10 ' +
			    'crypto API, node 0.12.x or later is required ' +
			    'to use DH'));
		}
		this._dh = crypto.createDiffieHellman(
		    key.part.p.data, undefined,
		    key.part.g.data, undefined);
		this._p = key.part.p;
		this._g = key.part.g;
		if (this._isPriv)
			this._dh.setPrivateKey(key.part.x.data);
		this._dh.setPublicKey(key.part.y.data);

	} else if (key.type === 'ecdsa') {
		if (!CRYPTO_HAVE_ECDH) {
			this._ecParams = new X9ECParameters(this._curve);

			if (this._isPriv) {
				this._priv = new ECPrivate(
				    this._ecParams, key.part.d.data);
			}
			return;
		}

		var curve = {
			'nistp256': 'prime256v1',
			'nistp384': 'secp384r1',
			'nistp521': 'secp521r1'
		}[key.curve];
		this._dh = crypto.createECDH(curve);
		if (typeof (this._dh) !== 'object' ||
		    typeof (this._dh.setPrivateKey) !== 'function') {
			CRYPTO_HAVE_ECDH = false;
			DiffieHellman.call(this, key);
			return;
		}
		if (this._isPriv)
			this._dh.setPrivateKey(key.part.d.data);
		this._dh.setPublicKey(key.part.Q.data);

	} else if (key.type === 'curve25519') {
		if (this._isPriv) {
			utils.assertCompatible(key, PrivateKey, [1, 5], 'key');
			this._priv = key.part.k.data;
		}

	} else {
		throw (new Error('DH not supported for ' + key.type + ' keys'));
	}
}

DiffieHellman.prototype.getPublicKey = function () {
	if (this._isPriv)
		return (this._key.toPublic());
	return (this._key);
};

DiffieHellman.prototype.getPrivateKey = function () {
	if (this._isPriv)
		return (this._key);
	else
		return (undefined);
};
DiffieHellman.prototype.getKey = DiffieHellman.prototype.getPrivateKey;

DiffieHellman.prototype._keyCheck = function (pk, isPub) {
	assert.object(pk, 'key');
	if (!isPub)
		utils.assertCompatible(pk, PrivateKey, [1, 3], 'key');
	utils.assertCompatible(pk, Key, [1, 4], 'key');

	if (pk.type !== this._algo) {
		throw (new Error('A ' + pk.type + ' key cannot be used in ' +
		    this._algo + ' Diffie-Hellman'));
	}

	if (pk.curve !== this._curve) {
		throw (new Error('A key from the ' + pk.curve + ' curve ' +
		    'cannot be used with a ' + this._curve +
		    ' Diffie-Hellman'));
	}

	if (pk.type === 'dsa') {
		assert.deepEqual(pk.part.p, this._p,
		    'DSA key prime does not match');
		assert.deepEqual(pk.part.g, this._g,
		    'DSA key generator does not match');
	}
};

DiffieHellman.prototype.setKey = function (pk) {
	this._keyCheck(pk);

	if (pk.type === 'dsa') {
		this._dh.setPrivateKey(pk.part.x.data);
		this._dh.setPublicKey(pk.part.y.data);

	} else if (pk.type === 'ecdsa') {
		if (CRYPTO_HAVE_ECDH) {
			this._dh.setPrivateKey(pk.part.d.data);
			this._dh.setPublicKey(pk.part.Q.data);
		} else {
			this._priv = new ECPrivate(
			    this._ecParams, pk.part.d.data);
		}

	} else if (pk.type === 'curve25519') {
		var k = pk.part.k;
		if (!pk.part.k)
			k = pk.part.r;
		this._priv = k.data;
		if (this._priv[0] === 0x00)
			this._priv = this._priv.slice(1);
		this._priv = this._priv.slice(0, 32);
	}
	this._key = pk;
	this._isPriv = true;
};
DiffieHellman.prototype.setPrivateKey = DiffieHellman.prototype.setKey;

DiffieHellman.prototype.computeSecret = function (otherpk) {
	this._keyCheck(otherpk, true);
	if (!this._isPriv)
		throw (new Error('DH exchange has not been initialized with ' +
		    'a private key yet'));

	var pub;
	if (this._algo === 'dsa') {
		return (this._dh.computeSecret(
		    otherpk.part.y.data));

	} else if (this._algo === 'ecdsa') {
		if (CRYPTO_HAVE_ECDH) {
			return (this._dh.computeSecret(
			    otherpk.part.Q.data));
		} else {
			pub = new ECPublic(
			    this._ecParams, otherpk.part.Q.data);
			return (this._priv.deriveSharedSecret(pub));
		}

	} else if (this._algo === 'curve25519') {
		pub = otherpk.part.A.data;
		while (pub[0] === 0x00 && pub.length > 32)
			pub = pub.slice(1);
		var priv = this._priv;
		assert.strictEqual(pub.length, 32);
		assert.strictEqual(priv.length, 32);

		var secret = nacl.box.before(new Uint8Array(pub),
		    new Uint8Array(priv));

		return (Buffer.from(secret));
	}

	throw (new Error('Invalid algorithm: ' + this._algo));
};

DiffieHellman.prototype.generateKey = function () {
	var parts = [];
	var priv, pub;
	if (this._algo === 'dsa') {
		this._dh.generateKeys();

		parts.push({name: 'p', data: this._p.data});
		parts.push({name: 'q', data: this._key.part.q.data});
		parts.push({name: 'g', data: this._g.data});
		parts.push({name: 'y', data: this._dh.getPublicKey()});
		parts.push({name: 'x', data: this._dh.getPrivateKey()});
		this._key = new PrivateKey({
			type: 'dsa',
			parts: parts
		});
		this._isPriv = true;
		return (this._key);

	} else if (this._algo === 'ecdsa') {
		if (CRYPTO_HAVE_ECDH) {
			this._dh.generateKeys();

			parts.push({name: 'curve',
			    data: Buffer.from(this._curve)});
			parts.push({name: 'Q', data: this._dh.getPublicKey()});
			parts.push({name: 'd', data: this._dh.getPrivateKey()});
			this._key = new PrivateKey({
				type: 'ecdsa',
				curve: this._curve,
				parts: parts
			});
			this._isPriv = true;
			return (this._key);

		} else {
			var n = this._ecParams.getN();
			var r = new jsbn(crypto.randomBytes(n.bitLength()));
			var n1 = n.subtract(jsbn.ONE);
			priv = r.mod(n1).add(jsbn.ONE);
			pub = this._ecParams.getG().multiply(priv);

			priv = Buffer.from(priv.toByteArray());
			pub = Buffer.from(this._ecParams.getCurve().
			    encodePointHex(pub), 'hex');

			this._priv = new ECPrivate(this._ecParams, priv);

			parts.push({name: 'curve',
			    data: Buffer.from(this._curve)});
			parts.push({name: 'Q', data: pub});
			parts.push({name: 'd', data: priv});

			this._key = new PrivateKey({
				type: 'ecdsa',
				curve: this._curve,
				parts: parts
			});
			this._isPriv = true;
			return (this._key);
		}

	} else if (this._algo === 'curve25519') {
		var pair = nacl.box.keyPair();
		priv = Buffer.from(pair.secretKey);
		pub = Buffer.from(pair.publicKey);
		priv = Buffer.concat([priv, pub]);
		assert.strictEqual(priv.length, 64);
		assert.strictEqual(pub.length, 32);

		parts.push({name: 'A', data: pub});
		parts.push({name: 'k', data: priv});
		this._key = new PrivateKey({
			type: 'curve25519',
			parts: parts
		});
		this._isPriv = true;
		return (this._key);
	}

	throw (new Error('Invalid algorithm: ' + this._algo));
};
DiffieHellman.prototype.generateKeys = DiffieHellman.prototype.generateKey;

/* These are helpers for using ecc-jsbn (for node 0.10 compatibility). */

function X9ECParameters(name) {
	var params = algs.curves[name];
	assert.object(params);

	var p = new jsbn(params.p);
	var a = new jsbn(params.a);
	var b = new jsbn(params.b);
	var n = new jsbn(params.n);
	var h = jsbn.ONE;
	var curve = new ec.ECCurveFp(p, a, b);
	var G = curve.decodePointHex(params.G.toString('hex'));

	this.curve = curve;
	this.g = G;
	this.n = n;
	this.h = h;
}
X9ECParameters.prototype.getCurve = function () { return (this.curve); };
X9ECParameters.prototype.getG = function () { return (this.g); };
X9ECParameters.prototype.getN = function () { return (this.n); };
X9ECParameters.prototype.getH = function () { return (this.h); };

function ECPublic(params, buffer) {
	this._params = params;
	if (buffer[0] === 0x00)
		buffer = buffer.slice(1);
	this._pub = params.getCurve().decodePointHex(buffer.toString('hex'));
}

function ECPrivate(params, buffer) {
	this._params = params;
	this._priv = new jsbn(utils.mpNormalize(buffer));
}
ECPrivate.prototype.deriveSharedSecret = function (pubKey) {
	assert.ok(pubKey instanceof ECPublic);
	var S = pubKey._pub.multiply(this._priv);
	return (Buffer.from(S.getX().toBigInteger().toByteArray()));
};

function generateED25519() {
	var pair = nacl.sign.keyPair();
	var priv = Buffer.from(pair.secretKey);
	var pub = Buffer.from(pair.publicKey);
	assert.strictEqual(priv.length, 64);
	assert.strictEqual(pub.length, 32);

	var parts = [];
	parts.push({name: 'A', data: pub});
	parts.push({name: 'k', data: priv.slice(0, 32)});
	var key = new PrivateKey({
		type: 'ed25519',
		parts: parts
	});
	return (key);
}

/* Generates a new ECDSA private key on a given curve. */
function generateECDSA(curve) {
	var parts = [];
	var key;

	if (CRYPTO_HAVE_ECDH) {
		/*
		 * Node crypto doesn't expose key generation directly, but the
		 * ECDH instances can generate keys. It turns out this just
		 * calls into the OpenSSL generic key generator, and we can
		 * read its output happily without doing an actual DH. So we
		 * use that here.
		 */
		var osCurve = {
			'nistp256': 'prime256v1',
			'nistp384': 'secp384r1',
			'nistp521': 'secp521r1'
		}[curve];

		var dh = crypto.createECDH(osCurve);
		dh.generateKeys();

		parts.push({name: 'curve',
		    data: Buffer.from(curve)});
		parts.push({name: 'Q', data: dh.getPublicKey()});
		parts.push({name: 'd', data: dh.getPrivateKey()});

		key = new PrivateKey({
			type: 'ecdsa',
			curve: curve,
			parts: parts
		});
		return (key);
	} else {

		var ecParams = new X9ECParameters(curve);

		/* This algorithm taken from FIPS PUB 186-4 (section B.4.1) */
		var n = ecParams.getN();
		/*
		 * The crypto.randomBytes() function can only give us whole
		 * bytes, so taking a nod from X9.62, we round up.
		 */
		var cByteLen = Math.ceil((n.bitLength() + 64) / 8);
		var c = new jsbn(crypto.randomBytes(cByteLen));

		var n1 = n.subtract(jsbn.ONE);
		var priv = c.mod(n1).add(jsbn.ONE);
		var pub = ecParams.getG().multiply(priv);

		priv = Buffer.from(priv.toByteArray());
		pub = Buffer.from(ecParams.getCurve().
		    encodePointHex(pub), 'hex');

		parts.push({name: 'curve', data: Buffer.from(curve)});
		parts.push({name: 'Q', data: pub});
		parts.push({name: 'd', data: priv});

		key = new PrivateKey({
			type: 'ecdsa',
			curve: curve,
			parts: parts
		});
		return (key);
	}
}
Initial pass 2019-06-26 21:12:00 -04:00			`// Copyright 2017 Joyent, Inc.`

			`module.exports = {`
			`DiffieHellman: DiffieHellman,`
			`generateECDSA: generateECDSA,`
			`generateED25519: generateED25519`
			`};`

			`var assert = require('assert-plus');`
			`var crypto = require('crypto');`
			`var Buffer = require('safer-buffer').Buffer;`
			`var algs = require('./algs');`
			`var utils = require('./utils');`
			`var nacl = require('tweetnacl');`

			`var Key = require('./key');`
			`var PrivateKey = require('./private-key');`

			`var CRYPTO_HAVE_ECDH = (crypto.createECDH !== undefined);`

			`var ecdh = require('ecc-jsbn');`
			`var ec = require('ecc-jsbn/lib/ec');`
			`var jsbn = require('jsbn').BigInteger;`

			`function DiffieHellman(key) {`
			`utils.assertCompatible(key, Key, [1, 4], 'key');`
			`this._isPriv = PrivateKey.isPrivateKey(key, [1, 3]);`
			`this._algo = key.type;`
			`this._curve = key.curve;`
			`this._key = key;`
			`if (key.type === 'dsa') {`
			`if (!CRYPTO_HAVE_ECDH) {`
			`throw (new Error('Due to bugs in the node 0.10 ' +`
			`'crypto API, node 0.12.x or later is required ' +`
			`'to use DH'));`
			`}`
			`this._dh = crypto.createDiffieHellman(`
			`key.part.p.data, undefined,`
			`key.part.g.data, undefined);`
			`this._p = key.part.p;`
			`this._g = key.part.g;`
			`if (this._isPriv)`
			`this._dh.setPrivateKey(key.part.x.data);`
			`this._dh.setPublicKey(key.part.y.data);`

			`} else if (key.type === 'ecdsa') {`
			`if (!CRYPTO_HAVE_ECDH) {`
			`this._ecParams = new X9ECParameters(this._curve);`

			`if (this._isPriv) {`
			`this._priv = new ECPrivate(`
			`this._ecParams, key.part.d.data);`
			`}`
			`return;`
			`}`

			`var curve = {`
			`'nistp256': 'prime256v1',`
			`'nistp384': 'secp384r1',`
			`'nistp521': 'secp521r1'`
			`}[key.curve];`
			`this._dh = crypto.createECDH(curve);`
			`if (typeof (this._dh) !== 'object' \|\|`
			`typeof (this._dh.setPrivateKey) !== 'function') {`
			`CRYPTO_HAVE_ECDH = false;`
			`DiffieHellman.call(this, key);`
			`return;`
			`}`
			`if (this._isPriv)`
			`this._dh.setPrivateKey(key.part.d.data);`
			`this._dh.setPublicKey(key.part.Q.data);`

			`} else if (key.type === 'curve25519') {`
			`if (this._isPriv) {`
			`utils.assertCompatible(key, PrivateKey, [1, 5], 'key');`
			`this._priv = key.part.k.data;`
			`}`

			`} else {`
			`throw (new Error('DH not supported for ' + key.type + ' keys'));`
			`}`
			`}`

			`DiffieHellman.prototype.getPublicKey = function () {`
			`if (this._isPriv)`
			`return (this._key.toPublic());`
			`return (this._key);`
			`};`

			`DiffieHellman.prototype.getPrivateKey = function () {`
			`if (this._isPriv)`
			`return (this._key);`
			`else`
			`return (undefined);`
			`};`
			`DiffieHellman.prototype.getKey = DiffieHellman.prototype.getPrivateKey;`

			`DiffieHellman.prototype._keyCheck = function (pk, isPub) {`
			`assert.object(pk, 'key');`
			`if (!isPub)`
			`utils.assertCompatible(pk, PrivateKey, [1, 3], 'key');`
			`utils.assertCompatible(pk, Key, [1, 4], 'key');`

			`if (pk.type !== this._algo) {`
			`throw (new Error('A ' + pk.type + ' key cannot be used in ' +`
			`this._algo + ' Diffie-Hellman'));`
			`}`

			`if (pk.curve !== this._curve) {`
			`throw (new Error('A key from the ' + pk.curve + ' curve ' +`
			`'cannot be used with a ' + this._curve +`
			`' Diffie-Hellman'));`
			`}`

			`if (pk.type === 'dsa') {`
			`assert.deepEqual(pk.part.p, this._p,`
			`'DSA key prime does not match');`
			`assert.deepEqual(pk.part.g, this._g,`
			`'DSA key generator does not match');`
			`}`
			`};`

			`DiffieHellman.prototype.setKey = function (pk) {`
			`this._keyCheck(pk);`

			`if (pk.type === 'dsa') {`
			`this._dh.setPrivateKey(pk.part.x.data);`
			`this._dh.setPublicKey(pk.part.y.data);`

			`} else if (pk.type === 'ecdsa') {`
			`if (CRYPTO_HAVE_ECDH) {`
			`this._dh.setPrivateKey(pk.part.d.data);`
			`this._dh.setPublicKey(pk.part.Q.data);`
			`} else {`
			`this._priv = new ECPrivate(`
			`this._ecParams, pk.part.d.data);`
			`}`

			`} else if (pk.type === 'curve25519') {`
			`var k = pk.part.k;`
			`if (!pk.part.k)`
			`k = pk.part.r;`
			`this._priv = k.data;`
			`if (this._priv[0] === 0x00)`
			`this._priv = this._priv.slice(1);`
			`this._priv = this._priv.slice(0, 32);`
			`}`
			`this._key = pk;`
			`this._isPriv = true;`
			`};`
			`DiffieHellman.prototype.setPrivateKey = DiffieHellman.prototype.setKey;`

			`DiffieHellman.prototype.computeSecret = function (otherpk) {`
			`this._keyCheck(otherpk, true);`
			`if (!this._isPriv)`
			`throw (new Error('DH exchange has not been initialized with ' +`
			`'a private key yet'));`

			`var pub;`
			`if (this._algo === 'dsa') {`
			`return (this._dh.computeSecret(`
			`otherpk.part.y.data));`

			`} else if (this._algo === 'ecdsa') {`
			`if (CRYPTO_HAVE_ECDH) {`
			`return (this._dh.computeSecret(`
			`otherpk.part.Q.data));`
			`} else {`
			`pub = new ECPublic(`
			`this._ecParams, otherpk.part.Q.data);`
			`return (this._priv.deriveSharedSecret(pub));`
			`}`

			`} else if (this._algo === 'curve25519') {`
			`pub = otherpk.part.A.data;`
			`while (pub[0] === 0x00 && pub.length > 32)`
			`pub = pub.slice(1);`
			`var priv = this._priv;`
			`assert.strictEqual(pub.length, 32);`
			`assert.strictEqual(priv.length, 32);`

			`var secret = nacl.box.before(new Uint8Array(pub),`
			`new Uint8Array(priv));`

			`return (Buffer.from(secret));`
			`}`

			`throw (new Error('Invalid algorithm: ' + this._algo));`
			`};`

			`DiffieHellman.prototype.generateKey = function () {`
			`var parts = [];`
			`var priv, pub;`
			`if (this._algo === 'dsa') {`
			`this._dh.generateKeys();`

			`parts.push({name: 'p', data: this._p.data});`
			`parts.push({name: 'q', data: this._key.part.q.data});`
			`parts.push({name: 'g', data: this._g.data});`
			`parts.push({name: 'y', data: this._dh.getPublicKey()});`
			`parts.push({name: 'x', data: this._dh.getPrivateKey()});`
			`this._key = new PrivateKey({`
			`type: 'dsa',`
			`parts: parts`
			`});`
			`this._isPriv = true;`
			`return (this._key);`

			`} else if (this._algo === 'ecdsa') {`
			`if (CRYPTO_HAVE_ECDH) {`
			`this._dh.generateKeys();`

			`parts.push({name: 'curve',`
			`data: Buffer.from(this._curve)});`
			`parts.push({name: 'Q', data: this._dh.getPublicKey()});`
			`parts.push({name: 'd', data: this._dh.getPrivateKey()});`
			`this._key = new PrivateKey({`
			`type: 'ecdsa',`
			`curve: this._curve,`
			`parts: parts`
			`});`
			`this._isPriv = true;`
			`return (this._key);`

			`} else {`
			`var n = this._ecParams.getN();`
			`var r = new jsbn(crypto.randomBytes(n.bitLength()));`
			`var n1 = n.subtract(jsbn.ONE);`
			`priv = r.mod(n1).add(jsbn.ONE);`
			`pub = this._ecParams.getG().multiply(priv);`

			`priv = Buffer.from(priv.toByteArray());`
			`pub = Buffer.from(this._ecParams.getCurve().`
			`encodePointHex(pub), 'hex');`

			`this._priv = new ECPrivate(this._ecParams, priv);`

			`parts.push({name: 'curve',`
			`data: Buffer.from(this._curve)});`
			`parts.push({name: 'Q', data: pub});`
			`parts.push({name: 'd', data: priv});`

			`this._key = new PrivateKey({`
			`type: 'ecdsa',`
			`curve: this._curve,`
			`parts: parts`
			`});`
			`this._isPriv = true;`
			`return (this._key);`
			`}`

			`} else if (this._algo === 'curve25519') {`
			`var pair = nacl.box.keyPair();`
			`priv = Buffer.from(pair.secretKey);`
			`pub = Buffer.from(pair.publicKey);`
			`priv = Buffer.concat([priv, pub]);`
			`assert.strictEqual(priv.length, 64);`
			`assert.strictEqual(pub.length, 32);`

			`parts.push({name: 'A', data: pub});`
			`parts.push({name: 'k', data: priv});`
			`this._key = new PrivateKey({`
			`type: 'curve25519',`
			`parts: parts`
			`});`
			`this._isPriv = true;`
			`return (this._key);`
			`}`

			`throw (new Error('Invalid algorithm: ' + this._algo));`
			`};`
			`DiffieHellman.prototype.generateKeys = DiffieHellman.prototype.generateKey;`

			`/* These are helpers for using ecc-jsbn (for node 0.10 compatibility). */`

			`function X9ECParameters(name) {`
			`var params = algs.curves[name];`
			`assert.object(params);`

			`var p = new jsbn(params.p);`
			`var a = new jsbn(params.a);`
			`var b = new jsbn(params.b);`
			`var n = new jsbn(params.n);`
			`var h = jsbn.ONE;`
			`var curve = new ec.ECCurveFp(p, a, b);`
			`var G = curve.decodePointHex(params.G.toString('hex'));`

			`this.curve = curve;`
			`this.g = G;`
			`this.n = n;`
			`this.h = h;`
			`}`
			`X9ECParameters.prototype.getCurve = function () { return (this.curve); };`
			`X9ECParameters.prototype.getG = function () { return (this.g); };`
			`X9ECParameters.prototype.getN = function () { return (this.n); };`
			`X9ECParameters.prototype.getH = function () { return (this.h); };`

			`function ECPublic(params, buffer) {`
			`this._params = params;`
			`if (buffer[0] === 0x00)`
			`buffer = buffer.slice(1);`
			`this._pub = params.getCurve().decodePointHex(buffer.toString('hex'));`
			`}`

			`function ECPrivate(params, buffer) {`
			`this._params = params;`
			`this._priv = new jsbn(utils.mpNormalize(buffer));`
			`}`
			`ECPrivate.prototype.deriveSharedSecret = function (pubKey) {`
			`assert.ok(pubKey instanceof ECPublic);`
			`var S = pubKey._pub.multiply(this._priv);`
			`return (Buffer.from(S.getX().toBigInteger().toByteArray()));`
			`};`

			`function generateED25519() {`
			`var pair = nacl.sign.keyPair();`
			`var priv = Buffer.from(pair.secretKey);`
			`var pub = Buffer.from(pair.publicKey);`
			`assert.strictEqual(priv.length, 64);`
			`assert.strictEqual(pub.length, 32);`

			`var parts = [];`
			`parts.push({name: 'A', data: pub});`
			`parts.push({name: 'k', data: priv.slice(0, 32)});`
			`var key = new PrivateKey({`
			`type: 'ed25519',`
			`parts: parts`
			`});`
			`return (key);`
			`}`

			`/* Generates a new ECDSA private key on a given curve. */`
			`function generateECDSA(curve) {`
			`var parts = [];`
			`var key;`

			`if (CRYPTO_HAVE_ECDH) {`
			`/*`
			`* Node crypto doesn't expose key generation directly, but the`
			`* ECDH instances can generate keys. It turns out this just`
			`* calls into the OpenSSL generic key generator, and we can`
			`* read its output happily without doing an actual DH. So we`
			`* use that here.`
			`*/`
			`var osCurve = {`
			`'nistp256': 'prime256v1',`
			`'nistp384': 'secp384r1',`
			`'nistp521': 'secp521r1'`
			`}[curve];`

			`var dh = crypto.createECDH(osCurve);`
			`dh.generateKeys();`

			`parts.push({name: 'curve',`
			`data: Buffer.from(curve)});`
			`parts.push({name: 'Q', data: dh.getPublicKey()});`
			`parts.push({name: 'd', data: dh.getPrivateKey()});`

			`key = new PrivateKey({`
			`type: 'ecdsa',`
			`curve: curve,`
			`parts: parts`
			`});`
			`return (key);`
			`} else {`

			`var ecParams = new X9ECParameters(curve);`

			`/* This algorithm taken from FIPS PUB 186-4 (section B.4.1) */`
			`var n = ecParams.getN();`
			`/*`
			`* The crypto.randomBytes() function can only give us whole`
			`* bytes, so taking a nod from X9.62, we round up.`
			`*/`
			`var cByteLen = Math.ceil((n.bitLength() + 64) / 8);`
			`var c = new jsbn(crypto.randomBytes(cByteLen));`

			`var n1 = n.subtract(jsbn.ONE);`
			`var priv = c.mod(n1).add(jsbn.ONE);`
			`var pub = ecParams.getG().multiply(priv);`

			`priv = Buffer.from(priv.toByteArray());`
			`pub = Buffer.from(ecParams.getCurve().`
			`encodePointHex(pub), 'hex');`

			`parts.push({name: 'curve', data: Buffer.from(curve)});`
			`parts.push({name: 'Q', data: pub});`
			`parts.push({name: 'd', data: priv});`

			`key = new PrivateKey({`
			`type: 'ecdsa',`
			`curve: curve,`
			`parts: parts`
			`});`
			`return (key);`
			`}`
			`}`