From d32c304b3d9e420fcd9eec059c39ad1d938ead94 Mon Sep 17 00:00:00 2001
From: Brian Smith <brian@briansmith.org>
Date: Wed, 5 Feb 2020 17:10:11 -0600
Subject: [PATCH] Factor `RsaPublicKeyComponents` out of `rsa::verification`.

---
 Cargo.toml                   |  2 ++
 src/rsa.rs                   |  2 ++
 src/rsa/public.rs            | 19 ++++++++++++
 src/rsa/public/components.rs | 37 +++++++++++++++++++++++
 src/rsa/verification.rs      | 58 +++++++++++-------------------------
 5 files changed, 78 insertions(+), 40 deletions(-)
 create mode 100644 src/rsa/public.rs
 create mode 100644 src/rsa/public/components.rs

diff --git a/Cargo.toml b/Cargo.toml
index d8da642c9..6eb38230d 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -227,6 +227,8 @@ include = [
     "src/rsa/convert_nist_rsa_test_vectors.py",
     "src/rsa.rs",
     "src/rsa/padding.rs",
+    "src/rsa/public.rs",
+    "src/rsa/public/components.rs",
     "src/rsa/random.rs",
     "src/rsa/rsa_pss_padding_tests.txt",
     "src/rsa/signature_rsa_example_private_key.der",
diff --git a/src/rsa.rs b/src/rsa.rs
index 4447616a5..5f924bab7 100644
--- a/src/rsa.rs
+++ b/src/rsa.rs
@@ -60,6 +60,8 @@ enum N {}
 
 unsafe impl bigint::PublicModulus for N {}
 
+pub mod public;
+
 pub(crate) mod verification;
 
 pub(crate) mod signing;
diff --git a/src/rsa/public.rs b/src/rsa/public.rs
new file mode 100644
index 000000000..2875ac506
--- /dev/null
+++ b/src/rsa/public.rs
@@ -0,0 +1,19 @@
+// Copyright 2021 Brian Smith.
+//
+// Permission to use, copy, modify, and/or distribute this software for any
+// purpose with or without fee is hereby granted, provided that the above
+// copyright notice and this permission notice appear in all copies.
+//
+// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES
+// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
+// SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+// OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+// CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+//! Low-level RSA public key API.
+
+pub(crate) mod components;
+
+pub use components::Components;
diff --git a/src/rsa/public/components.rs b/src/rsa/public/components.rs
new file mode 100644
index 000000000..fc26ebd82
--- /dev/null
+++ b/src/rsa/public/components.rs
@@ -0,0 +1,37 @@
+// Copyright 2015-2021 Brian Smith.
+//
+// Permission to use, copy, modify, and/or distribute this software for any
+// purpose with or without fee is hereby granted, provided that the above
+// copyright notice and this permission notice appear in all copies.
+//
+// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES
+// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
+// SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+// OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+// CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+/// RSA public key components
+#[derive(Debug)]
+pub struct Components<B: AsRef<[u8]> + core::fmt::Debug> {
+    /// The public modulus, encoded in big-endian bytes without leading zeros.
+    pub n: B,
+
+    /// The public exponent, encoded in big-endian bytes without leading zeros.
+    pub e: B,
+}
+
+impl<B: Copy> Copy for Components<B> where B: AsRef<[u8]> + core::fmt::Debug {}
+
+impl<B: Clone> Clone for Components<B>
+where
+    B: AsRef<[u8]> + core::fmt::Debug,
+{
+    fn clone(&self) -> Self {
+        Self {
+            n: self.n.clone(),
+            e: self.e.clone(),
+        }
+    }
+}
diff --git a/src/rsa/verification.rs b/src/rsa/verification.rs
index 0167f18bb..305a38fea 100644
--- a/src/rsa/verification.rs
+++ b/src/rsa/verification.rs
@@ -208,47 +208,9 @@ rsa_params!(
              `ring::signature`'s module-level documentation for more details."
 );
 
-/// Low-level API for the verification of RSA signatures.
-///
-/// When the public key is in DER-encoded PKCS#1 ASN.1 format, it is
-/// recommended to use `ring::signature::verify()` with
-/// `ring::signature::RSA_PKCS1_*`, because `ring::signature::verify()`
-/// will handle the parsing in that case. Otherwise, this function can be used
-/// to pass in the raw bytes for the public key components as
-/// `untrusted::Input` arguments.
-//
-// There are a small number of tests that test this directly, but the
-// test coverage for this function mostly depends on the test coverage for the
-// `signature::VerificationAlgorithm` implementation for `RsaParameters`. If we
-// change that, test coverage for `verify_rsa()` will need to be reconsidered.
-// (The NIST test vectors were originally in a form that was optimized for
-// testing `verify_rsa` directly, but the testing work for RSA PKCS#1
-// verification was done during the implementation of
-// `signature::VerificationAlgorithm`, before `verify_rsa` was factored out).
-#[derive(Debug)]
-pub struct RsaPublicKeyComponents<B: AsRef<[u8]> + core::fmt::Debug> {
-    /// The public modulus, encoded in big-endian bytes without leading zeros.
-    pub n: B,
+pub use super::public::Components as RsaPublicKeyComponents;
 
-    /// The public exponent, encoded in big-endian bytes without leading zeros.
-    pub e: B,
-}
-
-impl<B: Copy> Copy for RsaPublicKeyComponents<B> where B: AsRef<[u8]> + core::fmt::Debug {}
-
-impl<B: Clone> Clone for RsaPublicKeyComponents<B>
-where
-    B: AsRef<[u8]> + core::fmt::Debug,
-{
-    fn clone(&self) -> Self {
-        Self {
-            n: self.n.clone(),
-            e: self.e.clone(),
-        }
-    }
-}
-
-impl<B> RsaPublicKeyComponents<B>
+impl<B> super::public::Components<B>
 where
     B: AsRef<[u8]> + core::fmt::Debug,
 {
@@ -256,6 +218,22 @@ where
     /// as the public key. `params` determine what algorithm parameters
     /// (padding, digest algorithm, key length range, etc.) are used in the
     /// verification.
+    ///
+    /// When the public key is in DER-encoded PKCS#1 ASN.1 format, it is
+    /// recommended to use `ring::signature::verify()` with
+    /// `ring::signature::RSA_PKCS1_*`, because `ring::signature::verify()`
+    /// will handle the parsing in that case. Otherwise, this function can be used
+    /// to pass in the raw bytes for the public key components as
+    /// `untrusted::Input` arguments.
+    //
+    // There are a small number of tests that test this directly, but the
+    // test coverage for this function mostly depends on the test coverage for the
+    // `signature::VerificationAlgorithm` implementation for `RsaParameters`. If we
+    // change that, test coverage for `verify_rsa()` will need to be reconsidered.
+    // (The NIST test vectors were originally in a form that was optimized for
+    // testing `verify_rsa` directly, but the testing work for RSA PKCS#1
+    // verification was done during the implementation of
+    // `signature::VerificationAlgorithm`, before `verify_rsa` was factored out).
     pub fn verify(
         &self,
         params: &RsaParameters,