Remove untrusted from io::Positive API.

2019-04-05 15:40:41 -10:00 · 2019-04-05 15:40:41 -10:00 · 2ca83cc4a0
commit 2ca83cc4a0
parent dc047a8fd1
8 changed files with 24 additions and 18 deletions
--- a/src/agreement.rs
+++ b/src/agreement.rs
@ -136,7 +136,7 @@ impl AsRef<[u8]> for PublicKey {

 derive_debug_self_as_ref_hex_bytes!(PublicKey);

-/// An unparsed (possibly invalid) public key for key agreement.
+/// An unparsed, possibly malformed, public key for key agreement.
 pub struct UnparsedPublicKey<B: AsRef<[u8]>> {
    algorithm: &'static Algorithm,
    bytes: B,
--- a/src/ec/suite_b/ecdsa/verification.rs
+++ b/src/ec/suite_b/ecdsa/verification.rs
@ -174,8 +174,8 @@ fn split_rs_asn1<'a>(
    _ops: &'static ScalarOps, input: &mut untrusted::Reader<'a>,
 ) -> Result<(untrusted::Input<'a>, untrusted::Input<'a>), error::Unspecified> {
    der::nested(input, der::Tag::Sequence, error::Unspecified, |input| {
-        let r = der::positive_integer(input)?.big_endian_without_leading_zero();
-        let s = der::positive_integer(input)?.big_endian_without_leading_zero();
+        let r = der::positive_integer(input)?.big_endian_without_leading_zero_as_input();
+        let s = der::positive_integer(input)?.big_endian_without_leading_zero_as_input();
        Ok((r, s))
    })
 }
--- a/src/io/der.rs
+++ b/src/io/der.rs
@ -288,7 +288,7 @@ mod tests {
            with_good_i(test_in, |input| {
                let test_out = [test_out];
                assert_eq!(
-                    positive_integer(input)?.big_endian_without_leading_zero(),
+                    positive_integer(input)?.big_endian_without_leading_zero_as_input(),
                    untrusted::Input::from(&test_out[..])
                );
                Ok(())
--- a/src/io/der_writer.rs
+++ b/src/io/der_writer.rs
@ -16,7 +16,7 @@ use super::{der::*, writer::*, *};

 pub(crate) fn write_positive_integer(output: &mut Accumulator, value: &Positive) {
    let first_byte = value.first_byte();
-    let value = value.big_endian_without_leading_zero();
+    let value = value.big_endian_without_leading_zero_as_input();
    write_tlv(output, Tag::Integer, |output| {
        if (first_byte & 0x80) != 0 {
            output.write_byte(0); // Disambiguate negative number.
--- a/src/io/positive.rs
+++ b/src/io/positive.rs
@ -29,7 +29,14 @@ impl<'a> Positive<'a> {
    /// Returns the value, ordered from significant byte to least significant
    /// byte, without any leading zeros. The result is guaranteed to be
    /// non-empty.
-    pub fn big_endian_without_leading_zero(&self) -> untrusted::Input<'a> { self.0 }
+    #[inline]
+    pub fn big_endian_without_leading_zero(&self) -> &'a [u8] {
+        self.big_endian_without_leading_zero_as_input()
+            .as_slice_less_safe()
+    }
+
+    #[inline]
+    pub(crate) fn big_endian_without_leading_zero_as_input(&self) -> untrusted::Input<'a> { self.0 }
 }

 impl Positive<'_> {
--- a/src/rsa/signing.rs
+++ b/src/rsa/signing.rs
@ -188,12 +188,12 @@ impl RsaKeyPair {

        let n = positive_integer(input)?;
        let e = positive_integer(input)?;
-        let d = positive_integer(input)?.big_endian_without_leading_zero();
-        let p = positive_integer(input)?.big_endian_without_leading_zero();
-        let q = positive_integer(input)?.big_endian_without_leading_zero();
-        let dP = positive_integer(input)?.big_endian_without_leading_zero();
-        let dQ = positive_integer(input)?.big_endian_without_leading_zero();
-        let qInv = positive_integer(input)?.big_endian_without_leading_zero();
+        let d = positive_integer(input)?.big_endian_without_leading_zero_as_input();
+        let p = positive_integer(input)?.big_endian_without_leading_zero_as_input();
+        let q = positive_integer(input)?.big_endian_without_leading_zero_as_input();
+        let dP = positive_integer(input)?.big_endian_without_leading_zero_as_input();
+        let dQ = positive_integer(input)?.big_endian_without_leading_zero_as_input();
+        let qInv = positive_integer(input)?.big_endian_without_leading_zero_as_input();

        let (p, p_bits) = bigint::Nonnegative::from_be_bytes_with_bit_length(p)
            .map_err(|error::Unspecified| KeyRejected::invalid_encoding())?;
@ -231,8 +231,8 @@ impl RsaKeyPair {

        // Step 1.c. We validate e >= 65537.
        let public_key = verification::Key::from_modulus_and_exponent(
-            n.big_endian_without_leading_zero(),
-            e.big_endian_without_leading_zero(),
+            n.big_endian_without_leading_zero_as_input(),
+            e.big_endian_without_leading_zero_as_input(),
            bits::BitLength::from_usize_bits(2048),
            super::PRIVATE_KEY_PUBLIC_MODULUS_MAX_BITS,
            65537,
@ -379,7 +379,7 @@ impl RsaKeyPair {
    pub fn public_modulus_len(&self) -> usize {
        self.public_key
            .modulus()
-            .big_endian_without_leading_zero()
+            .big_endian_without_leading_zero_as_input()
            .as_slice_less_safe()
            .len()
    }
--- a/src/rsa/verification.rs
+++ b/src/rsa/verification.rs
@ -85,8 +85,8 @@ impl signature::VerificationAlgorithm for RsaParameters {
        verify_rsa_(
            self,
            (
-                n.big_endian_without_leading_zero(),
-                e.big_endian_without_leading_zero(),
+                n.big_endian_without_leading_zero_as_input(),
+                e.big_endian_without_leading_zero_as_input(),
            ),
            msg,
            signature,
--- a/tests/rsa_tests.rs
+++ b/tests/rsa_tests.rs
@ -306,7 +306,6 @@ fn rsa_test_public_key_coverage() {
            .public_key()
            .exponent()
            .big_endian_without_leading_zero()
-            .as_slice_less_safe()
    );

    // Test `Debug`