Merge pull request #78 from microsoft/dsa3

Simplify GenerateKeyDSA
microsoft · Dec 12, 2024 · 6d41904 · 6d41904
2 parents 550ad80 + 323bb1e
commit 6d41904
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 25 deletions.
diff --git a/cng/dsa.go b/cng/dsa.go
@@ -61,11 +61,11 @@ func (p DSAParameters) groupSize() uint32 {
 	return uint32(len(p.Q))
 }
 
-// GenerateDSAParameters generates a set of DSA parameters for a key of size L bytes.
+// GenerateParametersDSA generates a set of DSA parameters for a key of size L bytes.
 // If L is less than or equal to 1024, the parameters are generated according to FIPS 186-2.
 // If L is greater than 1024, the parameters are generated according to FIPS 186-3.
 // The returned parameters are suitable for use in GenerateKey.
-func GenerateDSAParameters(L int) (params DSAParameters, err error) {
+func GenerateParametersDSA(L int) (params DSAParameters, err error) {
 	h, err := loadDSA()
 	if err != nil {
 		return DSAParameters{}, err
@@ -113,35 +113,31 @@ func (k *PublicKeyDSA) finalize() {
 }
 
 // GenerateKeyDSA generates a new private DSA key using the given parameters.
-func GenerateKeyDSA(params DSAParameters) (*PrivateKeyDSA, error) {
+func GenerateKeyDSA(params DSAParameters) (x, y BigInt, err error) {
 	h, err := loadDSA()
 	if err != nil {
-		return nil, err
+		return nil, nil, err
 	}
 	keySize := params.keySize()
 	if !keyIsAllowed(h.allowedKeyLengths, keySize*8) {
-		return nil, errors.New("crypto/dsa: invalid key size")
+		return nil, nil, errors.New("crypto/dsa: invalid key size")
 	}
 	var hkey bcrypt.KEY_HANDLE
 	if err := bcrypt.GenerateKeyPair(h.handle, &hkey, keySize*8, 0); err != nil {
-		return nil, err
+		return nil, nil, err
 	}
+	defer bcrypt.DestroyKey(hkey)
 	if err := setDSAParameter(hkey, params); err != nil {
-		bcrypt.DestroyKey(hkey)
-		return nil, err
+		return nil, nil, err
 	}
 	if err := bcrypt.FinalizeKeyPair(hkey, 0); err != nil {
-		bcrypt.DestroyKey(hkey)
-		return nil, err
+		return nil, nil, err
 	}
-	_, x, y, err := decodeDSAKey(hkey, true)
+	_, x, y, err = decodeDSAKey(hkey, true)
 	if err != nil {
-		bcrypt.DestroyKey(hkey)
-		return nil, err
+		return nil, nil, err
 	}
-	k := &PrivateKeyDSA{params, x, y, hkey}
-	runtime.SetFinalizer(k, (*PrivateKeyDSA).finalize)
-	return k, nil
+	return x, y, nil
 }
 
 // NewPrivateKeyDSA creates a new DSA private key from the given parameters.

diff --git a/cng/dsa_test.go b/cng/dsa_test.go
@@ -16,13 +16,13 @@ import (
 )
 
 func TestDSAGenerateParameters(t *testing.T) {
-	testGenerateDSAParameters(t, 1024, 160)
-	testGenerateDSAParameters(t, 2048, 256)
-	testGenerateDSAParameters(t, 3072, 256)
+	testGenerateParametersDSA(t, 1024, 160)
+	testGenerateParametersDSA(t, 2048, 256)
+	testGenerateParametersDSA(t, 3072, 256)
 }
 
-func testGenerateDSAParameters(t *testing.T, L, N int) {
-	params, err := cng.GenerateDSAParameters(L)
+func testGenerateParametersDSA(t *testing.T, L, N int) {
+	params, err := cng.GenerateParametersDSA(L)
 	if err != nil {
 		t.Errorf("%d-%d: error generating parameters: %s", L, N, err)
 		return
@@ -47,17 +47,19 @@ func testGenerateDSAParameters(t *testing.T, L, N int) {
 	if rem.Sign() != 0 {
 		t.Errorf("%d-%d: p-1 mod q != 0", L, N)
 	}
-	x := new(big.Int).Exp(G, quo, P)
-	if x.Cmp(one) == 0 {
+	if x := new(big.Int).Exp(G, quo, P); x.Cmp(one) == 0 {
 		t.Errorf("%d-%d: invalid generator", L, N)
 	}
 
-	priv, err := cng.GenerateKeyDSA(params)
+	x, y, err := cng.GenerateKeyDSA(params)
 	if err != nil {
 		t.Errorf("error generating key: %s", err)
 		return
 	}
-
+	priv, err := cng.NewPrivateKeyDSA(params, x, y)
+	if err != nil {
+		t.Errorf("error creating key: %s", err)
+	}
 	testDSASignAndVerify(t, L, priv)
 }