Add Demos for DSA params/DSA keygen.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from #19853)

(cherry picked from commit de11641)

demos/README.txt

@@ -31,8 +31,12 @@ poly1305.c             Demonstration of Poly1305-AES message authentication
 siphash.c              Demonstration of SIPHASH message authentication
 
 pkey:
-EVP_PKEY_EC_keygen.c   Generate an EC key.
-EVP_PKEY_RSA_keygen.c  Generate an RSA key.
+EVP_PKEY_EC_keygen.c           Generate an EC key.
+EVP_PKEY_RSA_keygen.c          Generate an RSA key.
+EVP_PKEY_DSA_keygen.c          Generate a DSA key.
+EVP_PKEY_DSA_paramgen.c        Generate a DSA param key.
+EVP_PKEY_DSA_paramvalidate.c   Validate a DSA param key.
+EVP_PKEY_DSA_paramfromdata.c   Load a DSA param key using raw data.
 
 smime:
 

demos/pkey/EVP_PKEY_DSA_keygen.c

@@ -0,0 +1,83 @@
+/*-
+ * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Example showing how to generate an DSA key pair.
+ */
+
+#include <openssl/evp.h>
+#include "dsa.inc"
+
+/*
+ * Generate dsa params using default values.
+ * See the EVP_PKEY_DSA_param_fromdata demo if you need
+ * to load DSA params from raw values.
+ * See the EVP_PKEY_DSA_paramgen demo if you need to
+ * use non default parameters.
+ */
+EVP_PKEY *dsa_genparams(OSSL_LIB_CTX *libctx, const char *propq)
+{
+    EVP_PKEY *dsaparamkey = NULL;
+    EVP_PKEY_CTX *ctx = NULL;
+
+    /* Use the dsa params in a EVP_PKEY ctx */
+    ctx = EVP_PKEY_CTX_new_from_name(libctx, "DSA", propq);
+    if (ctx == NULL) {
+        fprintf(stderr, "EVP_PKEY_CTX_new_from_name() failed\n");
+        return NULL;
+    }
+
+    if (EVP_PKEY_paramgen_init(ctx) <= 0
+            || EVP_PKEY_paramgen(ctx, &dsaparamkey) <= 0) {
+        fprintf(stderr, "DSA paramgen failed\n");
+        goto cleanup;
+    }
+cleanup:
+    EVP_PKEY_CTX_free(ctx);
+    return dsaparamkey;
+}
+
+int main(int argc, char **argv)
+{
+    int rv = EXIT_FAILURE;
+    OSSL_LIB_CTX *libctx = NULL;
+    const char *propq = NULL;
+    EVP_PKEY *dsaparamskey = NULL;
+    EVP_PKEY *dsakey = NULL;
+    EVP_PKEY_CTX *ctx = NULL;
+
+    /* Generate random dsa params */
+    dsaparamskey = dsa_genparams(libctx, propq);
+    if (dsaparamskey == NULL)
+        goto cleanup;
+
+    /* Use the dsa params in a EVP_PKEY ctx */
+    ctx = EVP_PKEY_CTX_new_from_pkey(libctx, dsaparamskey, propq);
+    if (ctx == NULL) {
+        fprintf(stderr, "EVP_PKEY_CTX_new_from_pkey() failed\n");
+        goto cleanup;
+    }
+
+    /* Generate a key using the dsa params */
+    if (EVP_PKEY_keygen_init(ctx) <= 0
+            || EVP_PKEY_keygen(ctx, &dsakey) <= 0) {
+        fprintf(stderr, "DSA keygen failed\n");
+        goto cleanup;
+    }
+
+    if (!dsa_print_key(dsakey, 1, libctx, propq))
+        goto cleanup;
+
+    rv = EXIT_SUCCESS;
+cleanup:
+    EVP_PKEY_free(dsakey);
+    EVP_PKEY_free(dsaparamskey);
+    EVP_PKEY_CTX_free(ctx);
+    return rv;
+}

demos/pkey/EVP_PKEY_DSA_paramfromdata.c

@@ -0,0 +1,75 @@
+/*-
+ * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Example showing how to load DSA params from raw data
+ * using EVP_PKEY_fromdata()
+ */
+
+#include <openssl/param_build.h>
+#include <openssl/evp.h>
+#include <openssl/core_names.h>
+#include "dsa.inc"
+
+int main(int argc, char **argv)
+{
+    int rv = EXIT_FAILURE;
+    OSSL_LIB_CTX *libctx = NULL;
+    const char *propq = NULL;
+    EVP_PKEY_CTX *ctx = NULL;
+    EVP_PKEY *dsaparamkey = NULL;
+    OSSL_PARAM_BLD *bld = NULL;
+    OSSL_PARAM *params = NULL;
+    BIGNUM *p = NULL, *q = NULL, *g = NULL;
+
+    p = BN_bin2bn(dsa_p, sizeof(dsa_p), NULL);
+    q = BN_bin2bn(dsa_q, sizeof(dsa_q), NULL);
+    g = BN_bin2bn(dsa_g, sizeof(dsa_g), NULL);
+    if (p == NULL || q == NULL || g == NULL)
+        goto cleanup;
+
+    /* Use OSSL_PARAM_BLD if you need to handle BIGNUM Parameters */
+    bld = OSSL_PARAM_BLD_new();
+    if (bld == NULL)
+        goto cleanup;
+    if (!OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p)
+            || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q)
+            || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
+        goto cleanup;
+    params = OSSL_PARAM_BLD_to_param(bld);
+    if (params == NULL)
+        goto cleanup;
+
+    ctx = EVP_PKEY_CTX_new_from_name(libctx, "DSA", propq);
+    if (ctx == NULL) {
+        fprintf(stderr, "EVP_PKEY_CTX_new_from_name() failed\n");
+        goto cleanup;
+    }
+
+    if (EVP_PKEY_fromdata_init(ctx) <= 0
+            || EVP_PKEY_fromdata(ctx, &dsaparamkey, EVP_PKEY_KEY_PARAMETERS, params) <= 0) {
+        fprintf(stderr, "EVP_PKEY_fromdata() failed\n");
+        goto cleanup;
+    }
+
+    if (!dsa_print_key(dsaparamkey, 0, libctx, propq))
+        goto cleanup;
+
+    rv = EXIT_SUCCESS;
+cleanup:
+    EVP_PKEY_free(dsaparamkey);
+    EVP_PKEY_CTX_free(ctx);
+    OSSL_PARAM_free(params);
+    OSSL_PARAM_BLD_free(bld);
+    BN_free(g);
+    BN_free(q);
+    BN_free(p);
+
+    return rv;
+}

demos/pkey/EVP_PKEY_DSA_paramgen.c

@@ -0,0 +1,66 @@
+/*-
+ * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Example showing how to generate DSA params using
+ * FIPS 186-4 DSA FFC parameter generation.
+ */
+
+#include <openssl/evp.h>
+#include "dsa.inc"
+
+int main(int argc, char **argv)
+{
+    int rv = EXIT_FAILURE;
+    OSSL_LIB_CTX *libctx = NULL;
+    const char *propq = NULL;
+    EVP_PKEY_CTX *ctx = NULL;
+    EVP_PKEY *dsaparamkey = NULL;
+    OSSL_PARAM params[7];
+    unsigned int pbits = 2048;
+    unsigned int qbits = 256;
+    int gindex = 42;
+
+    ctx = EVP_PKEY_CTX_new_from_name(libctx, "DSA", propq);
+    if (ctx == NULL)
+        goto cleanup;
+
+    /*
+     * Demonstrate how to set optional DSA fields as params.
+     * See doc/man7/EVP_PKEY-FFC.pod and doc/man7/EVP_PKEY-DSA.pod
+     * for more information.
+     */
+    params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_FFC_TYPE,
+                                                 "fips186_4", 0);
+    params[1] = OSSL_PARAM_construct_uint(OSSL_PKEY_PARAM_FFC_PBITS, &pbits);
+    params[2] = OSSL_PARAM_construct_uint(OSSL_PKEY_PARAM_FFC_QBITS, &qbits);
+    params[3] = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_FFC_GINDEX, &gindex);
+    params[4] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_FFC_DIGEST,
+                                                 "SHA384", 0);
+    params[5] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_FFC_DIGEST_PROPS,
+                                                 "provider=default", 0);
+    params[6] = OSSL_PARAM_construct_end();
+
+    /* Generate a dsa param key using optional params */
+    if (EVP_PKEY_paramgen_init(ctx) <= 0
+            || EVP_PKEY_CTX_set_params(ctx, params) <= 0
+            || EVP_PKEY_paramgen(ctx, &dsaparamkey) <= 0) {
+        fprintf(stderr, "DSA paramgen failed\n");
+        goto cleanup;
+    }
+
+    if (!dsa_print_key(dsaparamkey, 0, libctx, propq))
+        goto cleanup;
+
+    rv = EXIT_SUCCESS;
+cleanup:
+    EVP_PKEY_free(dsaparamkey);
+    EVP_PKEY_CTX_free(ctx);
+    return rv;
+}