keymgr: Add function for generating EncodableKeys.

Cargo.lock

@@ -4562,6 +4562,7 @@ dependencies = [
  "dyn-clone",
  "fs-mistrust",
  "itertools",
+ "rand 0.8.5",
  "serde",
  "ssh-key",
  "tempfile",

crates/tor-keymgr/Cargo.toml

@@ -30,6 +30,7 @@ downcast-rs = "1.2.0"
 dyn-clone = "1.0.11"
 fs-mistrust = { path = "../fs-mistrust", version = "0.7.1", features = ["serde", "walkdir"] }
 itertools = "0.11.0"
+rand = "0.8"
 serde = { version = "1.0.103", features = ["derive"] }
 ssh-key = { version = "0.5.1", features = ["std"] }
 thiserror = "1"

crates/tor-keymgr/semver.md

@@ -13,3 +13,5 @@ REMOVED: the `has_key_bundle` function (from the `Keystore` trait)
 ADDED: `PartialEq`, `Eq`, `Hash` derives for `ArtiPath` and `KeyType`
 ADDED: a `to_bytes` function to `EncodableKey` trait
 ADDED: `Keystore::contains()`
+ADDED: `KeygenRng` trait
+ADDED: `EncodableKey::generate()`

crates/tor-keymgr/src/keystore.rs

@@ -2,6 +2,7 @@
 
 pub(crate) mod arti;
 
+use rand::{CryptoRng, RngCore};
 use tor_hscrypto::pk::{HsClientDescEncSecretKey, HsClientIntroAuthKeypair};
 use tor_llcrypto::pk::{curve25519, ed25519};
 use zeroize::Zeroizing;
@@ -14,6 +15,11 @@ use downcast_rs::{impl_downcast, Downcast};
 /// A type-erased key returned by a [`Keystore`].
 pub type ErasedKey = Box<dyn EncodableKey>;
 
+/// A random number generator for generating [`EncodableKey`]s.
+pub trait KeygenRng: RngCore + CryptoRng {}
+
+impl<T> KeygenRng for T where T: RngCore + CryptoRng {}
+
 /// A generic key store.
 //
 // TODO HSS: eventually this will be able to store items that aren't keys (such as certificates and
@@ -76,6 +82,11 @@ pub trait EncodableKey: Downcast {
     where
         Self: Sized;
 
+    /// Generate a new key of this type.
+    fn generate(rng: &mut dyn KeygenRng) -> Self
+    where
+        Self: Sized;
+
     /// The byte representation of the key.
     fn to_bytes(&self) -> Result<Zeroizing<Vec<u8>>>;
 }
@@ -90,6 +101,13 @@ impl EncodableKey for curve25519::StaticSecret {
         KeyType::X25519StaticSecret
     }
 
+    fn generate(rng: &mut dyn KeygenRng) -> Self
+    where
+        Self: Sized,
+    {
+        curve25519::StaticSecret::new(rng)
+    }
+
     fn to_bytes(&self) -> Result<Zeroizing<Vec<u8>>> {
         Ok(curve25519::StaticSecret::to_bytes(self).to_vec().into())
     }
@@ -103,6 +121,15 @@ impl EncodableKey for ed25519::Keypair {
         KeyType::Ed25519Keypair
     }
 
+    fn generate(rng: &mut dyn KeygenRng) -> Self
+    where
+        Self: Sized,
+    {
+        use tor_llcrypto::util::rand_compat::RngCompatExt;
+
+        ed25519::Keypair::generate(&mut rng.rng_compat())
+    }
+
     fn to_bytes(&self) -> Result<Zeroizing<Vec<u8>>> {
         Ok(ed25519::Keypair::to_bytes(self).to_vec().into())
     }

crates/tor-keymgr/src/lib.rs

@@ -65,7 +65,7 @@ pub use key_specifier::{ArtiPath, ArtiPathComponent, CTorPath, KeySpecifier};
 pub use {
     key_type::KeyType,
     keystore::arti::ArtiNativeKeystore,
-    keystore::{EncodableKey, ErasedKey, Keystore, ToEncodableKey},
+    keystore::{EncodableKey, ErasedKey, KeygenRng, Keystore, ToEncodableKey},
     mgr::KeyMgr,
 };
 

crates/tor-keymgr/src/mgr.rs

@@ -169,6 +169,13 @@ mod tests {
             KeyType::Ed25519Keypair
         }
 
+        fn generate(_rng: &mut dyn KeygenRng) -> Self
+        where
+            Self: Sized,
+        {
+            "generated_test_key".into()
+        }
+
         fn to_bytes(&self) -> Result<zeroize::Zeroizing<Vec<u8>>> {
             Ok(self.as_bytes().to_vec().into())
         }