Move all the checks that are done for each private prime into
the `PrivatePrime` constructor, to eliminate duplication.
This causes the 512-bit-ness check to be done earlier than before,
which affects some of the tests..
Enable `ring::agreement` for wasm32 targets using the small
implementation of Curve25519.
Use the small Curve25519 implementation of Curve25519 (and
P-256) for all targets except for Aarch64 and x86-64.
Besides being smaller, the small implementations are likely
more resistant to compiler-introduced side-channels, which
is especially important for the wasm32 virtual machine and
other targets that we don't QA as thoroughly as AAarch64
and x86-64.
Bring in the previously-removed definition of `fe_mul_llt`
from BoringSSL as of commit
8d71d244c0debac4079beeb02b5802fde59b94bd.
Implement `AsRef<[u8]>` for `signature::UnparsedPublicKey`, making it
possible to access the bytes of the public key. For consistency, I did
the same for `agreement::UnparsedPublicKey`, although it already has a
`bytes` method. `agreement::PublicKey` already uses the `AsRef<[u8]>`
approach.
Also, add missing `Debug` implementation for
`signature::UnparsedPublicKey`.
I agree to license my contributions to each file under the terms given
at the top of each file I changed.
Ed25519 was disabled for WebAssembly due to some unrelated issues with
getting the X25519 code working in WebAssembly. Temporarily remove the
`agreement` API when targetting WebAssembly to work around those issues
in a way that lets us enabled Ed25519.
Replace `rsa::PublicKey::{n,e}()` with an implementation of `From<&PublicKey>`
for `PublicKeyComponents`. This will fit better with the plans to do the same
for other public key cryptosystem types. This also allows us to remove
`BitLength` from the public API and also to remove some `Debug` implementations.
When looking at how this would generlaize to the other public key
cryptosystems (ECDSA, ED25519, etc.), I think having fewer submodules
involved makes more sense.
This is a step towards removing the heap-allocated and usually-unnecessary
`public_key: RsaSubjectPublicKey` field. The new API allows the caller to
better control how it stores/allocates the component values. This also removes
a couple of infallible `unwrap()`s.
This is a step towards removing `io::Positive` from the public API.
This is a breaking API change.
OpeningKey and SealingKey intentionally avoid implementing Clone,
because they're attached to a fixed nonce sequence that should be
unique. LessSafeKey isn't attached to a nonce sequence, though, and
making it Clone lets callers avoid repeating key setup work.
