From 9c326ced816ab4bf9e3e7380f5caa6a6cb05a784 Mon Sep 17 00:00:00 2001
From: Gabriela Moldovan <gabi@torproject.org>
Date: Mon, 24 Jul 2023 12:01:59 +0100
Subject: [PATCH] keymgr: Add function for generating EncodableKeys.

---
 Cargo.lock                        |  1 +
 crates/tor-keymgr/Cargo.toml      |  1 +
 crates/tor-keymgr/semver.md       |  2 ++
 crates/tor-keymgr/src/keystore.rs | 27 +++++++++++++++++++++++++++
 crates/tor-keymgr/src/lib.rs      |  2 +-
 crates/tor-keymgr/src/mgr.rs      |  7 +++++++
 6 files changed, 39 insertions(+), 1 deletion(-)

diff --git a/Cargo.lock b/Cargo.lock
index 689d049a6..ae25533b6 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -4562,6 +4562,7 @@ dependencies = [
  "dyn-clone",
  "fs-mistrust",
  "itertools",
+ "rand 0.8.5",
  "serde",
  "ssh-key",
  "tempfile",
diff --git a/crates/tor-keymgr/Cargo.toml b/crates/tor-keymgr/Cargo.toml
index c4da5cbb8..ce1ea6e62 100644
--- a/crates/tor-keymgr/Cargo.toml
+++ b/crates/tor-keymgr/Cargo.toml
@@ -30,6 +30,7 @@ downcast-rs = "1.2.0"
 dyn-clone = "1.0.11"
 fs-mistrust = { path = "../fs-mistrust", version = "0.7.1", features = ["serde", "walkdir"] }
 itertools = "0.11.0"
+rand = "0.8"
 serde = { version = "1.0.103", features = ["derive"] }
 ssh-key = { version = "0.5.1", features = ["std"] }
 thiserror = "1"
diff --git a/crates/tor-keymgr/semver.md b/crates/tor-keymgr/semver.md
index 924cbb99a..ce59eaa7e 100644
--- a/crates/tor-keymgr/semver.md
+++ b/crates/tor-keymgr/semver.md
@@ -13,3 +13,5 @@ REMOVED: the `has_key_bundle` function (from the `Keystore` trait)
 ADDED: `PartialEq`, `Eq`, `Hash` derives for `ArtiPath` and `KeyType`
 ADDED: a `to_bytes` function to `EncodableKey` trait
 ADDED: `Keystore::contains()`
+ADDED: `KeygenRng` trait
+ADDED: `EncodableKey::generate()`
diff --git a/crates/tor-keymgr/src/keystore.rs b/crates/tor-keymgr/src/keystore.rs
index aeac3ee33..d5da68fc5 100644
--- a/crates/tor-keymgr/src/keystore.rs
+++ b/crates/tor-keymgr/src/keystore.rs
@@ -2,6 +2,7 @@
 
 pub(crate) mod arti;
 
+use rand::{CryptoRng, RngCore};
 use tor_hscrypto::pk::{HsClientDescEncSecretKey, HsClientIntroAuthKeypair};
 use tor_llcrypto::pk::{curve25519, ed25519};
 use zeroize::Zeroizing;
@@ -14,6 +15,11 @@ use downcast_rs::{impl_downcast, Downcast};
 /// A type-erased key returned by a [`Keystore`].
 pub type ErasedKey = Box<dyn EncodableKey>;
 
+/// A random number generator for generating [`EncodableKey`]s.
+pub trait KeygenRng: RngCore + CryptoRng {}
+
+impl<T> KeygenRng for T where T: RngCore + CryptoRng {}
+
 /// A generic key store.
 //
 // TODO HSS: eventually this will be able to store items that aren't keys (such as certificates and
@@ -76,6 +82,11 @@ pub trait EncodableKey: Downcast {
     where
         Self: Sized;
 
+    /// Generate a new key of this type.
+    fn generate(rng: &mut dyn KeygenRng) -> Self
+    where
+        Self: Sized;
+
     /// The byte representation of the key.
     fn to_bytes(&self) -> Result<Zeroizing<Vec<u8>>>;
 }
@@ -90,6 +101,13 @@ impl EncodableKey for curve25519::StaticSecret {
         KeyType::X25519StaticSecret
     }
 
+    fn generate(rng: &mut dyn KeygenRng) -> Self
+    where
+        Self: Sized,
+    {
+        curve25519::StaticSecret::new(rng)
+    }
+
     fn to_bytes(&self) -> Result<Zeroizing<Vec<u8>>> {
         Ok(curve25519::StaticSecret::to_bytes(self).to_vec().into())
     }
@@ -103,6 +121,15 @@ impl EncodableKey for ed25519::Keypair {
         KeyType::Ed25519Keypair
     }
 
+    fn generate(rng: &mut dyn KeygenRng) -> Self
+    where
+        Self: Sized,
+    {
+        use tor_llcrypto::util::rand_compat::RngCompatExt;
+
+        ed25519::Keypair::generate(&mut rng.rng_compat())
+    }
+
     fn to_bytes(&self) -> Result<Zeroizing<Vec<u8>>> {
         Ok(ed25519::Keypair::to_bytes(self).to_vec().into())
     }
diff --git a/crates/tor-keymgr/src/lib.rs b/crates/tor-keymgr/src/lib.rs
index c556b5c65..2cf23febe 100644
--- a/crates/tor-keymgr/src/lib.rs
+++ b/crates/tor-keymgr/src/lib.rs
@@ -65,7 +65,7 @@ pub use key_specifier::{ArtiPath, ArtiPathComponent, CTorPath, KeySpecifier};
 pub use {
     key_type::KeyType,
     keystore::arti::ArtiNativeKeystore,
-    keystore::{EncodableKey, ErasedKey, Keystore, ToEncodableKey},
+    keystore::{EncodableKey, ErasedKey, KeygenRng, Keystore, ToEncodableKey},
     mgr::KeyMgr,
 };
 
diff --git a/crates/tor-keymgr/src/mgr.rs b/crates/tor-keymgr/src/mgr.rs
index b13e6ccf3..a1675d581 100644
--- a/crates/tor-keymgr/src/mgr.rs
+++ b/crates/tor-keymgr/src/mgr.rs
@@ -169,6 +169,13 @@ mod tests {
             KeyType::Ed25519Keypair
         }
 
+        fn generate(_rng: &mut dyn KeygenRng) -> Self
+        where
+            Self: Sized,
+        {
+            "generated_test_key".into()
+        }
+
         fn to_bytes(&self) -> Result<zeroize::Zeroizing<Vec<u8>>> {
             Ok(self.as_bytes().to_vec().into())
         }