Merge pull request #2432 from huwcbjones/huw/pkey-ctx-dsa-paramgen

pkey_ctx: add ability to generate DSA params & keys

Author: alex

openssl-sys/src/dsa.rs

@@ -0,0 +1,21 @@
+use libc::*;
+use std::ptr;
+
+use super::super::*;
+
+cfg_if! {
+    if #[cfg(not(ossl300))] {
+        pub unsafe fn EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx: *mut EVP_PKEY_CTX, nbits: c_int) -> c_int {
+            EVP_PKEY_CTX_ctrl(
+                ctx,
+                EVP_PKEY_DSA,
+                EVP_PKEY_OP_PARAMGEN,
+                EVP_PKEY_CTRL_DSA_PARAMGEN_BITS,
+                nbits,
+                ptr::null_mut(),
+            )
+        }
+    }
+}
+
+pub const EVP_PKEY_CTRL_DSA_PARAMGEN_BITS: c_int = EVP_PKEY_ALG_CTRL + 1;

openssl-sys/src/evp.rs

@@ -162,6 +162,7 @@ cfg_if! {
     }
 }
 
+pub const EVP_PKEY_OP_PARAMGEN: c_int = 1 << 1;
 pub const EVP_PKEY_OP_KEYGEN: c_int = 1 << 2;
 cfg_if! {
     if #[cfg(ossl300)] {

openssl-sys/src/handwritten/dsa.rs

@@ -2,6 +2,11 @@ use libc::*;
 
 use super::super::*;
 
+#[cfg(ossl300)]
+extern "C" {
+    pub fn EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx: *mut EVP_PKEY_CTX, nbits: c_int) -> c_int;
+}
+
 cfg_if! {
     if #[cfg(any(ossl110, libressl280))] {
         pub enum DSA_SIG {}

openssl-sys/src/handwritten/evp.rs

@@ -584,7 +584,9 @@ extern "C" {
         ...
     ) -> *mut EVP_PKEY;
     pub fn EVP_PKEY_keygen_init(ctx: *mut EVP_PKEY_CTX) -> c_int;
+    pub fn EVP_PKEY_paramgen_init(ctx: *mut EVP_PKEY_CTX) -> c_int;
     pub fn EVP_PKEY_keygen(ctx: *mut EVP_PKEY_CTX, key: *mut *mut EVP_PKEY) -> c_int;
+    pub fn EVP_PKEY_paramgen(ctx: *mut EVP_PKEY_CTX, key: *mut *mut EVP_PKEY) -> c_int;
 
     pub fn EVP_PKEY_sign_init(ctx: *mut EVP_PKEY_CTX) -> c_int;
     pub fn EVP_PKEY_sign(

openssl-sys/src/lib.rs

@@ -73,6 +73,7 @@ mod openssl {
     pub use self::bn::*;
     pub use self::cms::*;
     pub use self::crypto::*;
+    pub use self::dsa::*;
     pub use self::dtls1::*;
     pub use self::ec::*;
     pub use self::err::*;
@@ -103,6 +104,7 @@ mod openssl {
     mod bn;
     mod cms;
     mod crypto;
+    mod dsa;
     mod dtls1;
     mod ec;
     mod err;

openssl/src/pkey_ctx.rs

@@ -68,7 +68,7 @@ let cmac_key = ctx.keygen().unwrap();
 use crate::cipher::CipherRef;
 use crate::error::ErrorStack;
 use crate::md::MdRef;
-use crate::pkey::{HasPrivate, HasPublic, Id, PKey, PKeyRef, Private};
+use crate::pkey::{HasPrivate, HasPublic, Id, PKey, PKeyRef, Params, Private};
 use crate::rsa::Padding;
 use crate::sign::RsaPssSaltlen;
 use crate::{cvt, cvt_p};
@@ -420,6 +420,17 @@ impl<T> PkeyCtxRef<T> {
         Ok(())
     }
 
+    /// Prepares the context for key parameter generation.
+    #[corresponds(EVP_PKEY_paramgen_init)]
+    #[inline]
+    pub fn paramgen_init(&mut self) -> Result<(), ErrorStack> {
+        unsafe {
+            cvt(ffi::EVP_PKEY_paramgen_init(self.as_ptr()))?;
+        }
+
+        Ok(())
+    }
+
     /// Sets which algorithm was used to compute the digest used in a
     /// signature. With RSA signatures this causes the signature to be wrapped
     /// in a `DigestInfo` structure. This is almost always what you want with
@@ -436,6 +447,22 @@ impl<T> PkeyCtxRef<T> {
         Ok(())
     }
 
+    /// Sets the DSA paramgen bits.
+    ///
+    /// This is only useful for DSA keys.
+    #[corresponds(EVP_PKEY_CTX_set_dsa_paramgen_bits)]
+    #[inline]
+    pub fn set_dsa_paramgen_bits(&mut self, bits: u32) -> Result<(), ErrorStack> {
+        unsafe {
+            cvt(ffi::EVP_PKEY_CTX_set_dsa_paramgen_bits(
+                self.as_ptr(),
+                bits as i32,
+            ))?;
+        }
+
+        Ok(())
+    }
+
     /// Returns the RSA padding mode in use.
     ///
     /// This is only useful for RSA keys.
@@ -734,6 +761,17 @@ impl<T> PkeyCtxRef<T> {
         }
     }
 
+    /// Generates a new set of key parameters.
+    #[corresponds(EVP_PKEY_paramgen)]
+    #[inline]
+    pub fn paramgen(&mut self) -> Result<PKey<Params>, ErrorStack> {
+        unsafe {
+            let mut key = ptr::null_mut();
+            cvt(ffi::EVP_PKEY_paramgen(self.as_ptr(), &mut key))?;
+            Ok(PKey::from_ptr(key))
+        }
+    }
+
     /// Sets the nonce type for a private key context.
     ///
     /// The nonce for DSA and ECDSA can be either random (the default) or deterministic (as defined by RFC 6979).
@@ -794,6 +832,8 @@ mod test {
     use crate::pkey::PKey;
     use crate::rsa::Rsa;
     use crate::sign::Verifier;
+    #[cfg(not(boringssl))]
+    use cfg_if::cfg_if;
 
     #[test]
     fn rsa() {
@@ -920,6 +960,29 @@ mod test {
         ctx.keygen().unwrap();
     }
 
+    #[test]
+    #[cfg(not(boringssl))]
+    fn dsa_paramgen() {
+        let mut ctx = PkeyCtx::new_id(Id::DSA).unwrap();
+        ctx.paramgen_init().unwrap();
+        ctx.set_dsa_paramgen_bits(2048).unwrap();
+        let params = ctx.paramgen().unwrap();
+
+        let size = {
+            cfg_if! {
+                if #[cfg(awslc)] {
+                    72
+                } else if #[cfg(any(libressl, all(ossl101, not(ossl102))))] {
+                    // LibreSSL and OpenSSL 1.0.1 and earlier
+                    48
+                } else {
+                    64
+                }
+            }
+        };
+        assert_eq!(params.size(), size);
+    }
+
     #[test]
     #[cfg(any(ossl110, boringssl, libressl360, awslc))]
     fn hkdf() {