e51c88a986
Originally we only had `Modulus`. Then we had a need for a temporary `Modulus` without `oneRR` so we created `PartialModulus`. However, there is really nothing "partial" about them. So, improve the naming by renaming `PartialModulus` to `Modulus` and `Modulus` to `OwnedModulusWithOne`. In the future we may refactor things further to separate the ownership aspect from the "has oneRR" aspect. Instead of just doing a straightforward rename, take this opportunity to refactor the code so that it uses the new `Modulus` whenever `oneRR()` isn't used. This eliminates the duplication of the APIs of the two modulus types, and the duplication of `elem_mul` and `elem_mul_`.
71 lines
2.3 KiB
Rust
71 lines
2.3 KiB
Rust
use crate::{arithmetic::bigint, bits, cpu, error, rsa::N};
|
|
use core::ops::RangeInclusive;
|
|
|
|
/// The modulus (n) of an RSA public key.
|
|
#[derive(Clone)]
|
|
pub struct PublicModulus {
|
|
value: bigint::OwnedModulusWithOne<N>,
|
|
bits: bits::BitLength,
|
|
}
|
|
|
|
/*
|
|
impl core::fmt::Debug for PublicModulus {
|
|
fn fmt(&self, fmt: &mut ::core::fmt::Formatter) -> Result<(), ::core::fmt::Error> {
|
|
self.value.fmt(fmt)
|
|
}
|
|
}*/
|
|
|
|
impl PublicModulus {
|
|
pub(super) fn from_be_bytes(
|
|
n: untrusted::Input,
|
|
allowed_bit_lengths: RangeInclusive<bits::BitLength>,
|
|
cpu_features: cpu::Features,
|
|
) -> Result<Self, error::KeyRejected> {
|
|
// See `PublicKey::from_modulus_and_exponent` for background on the step
|
|
// numbering.
|
|
|
|
let min_bits = *allowed_bit_lengths.start();
|
|
let max_bits = *allowed_bit_lengths.end();
|
|
|
|
// `pkcs1_encode` depends on this not being small. Otherwise,
|
|
// `pkcs1_encode` would generate padding that is invalid (too few 0xFF
|
|
// bytes) for very small keys.
|
|
const MIN_BITS: bits::BitLength = bits::BitLength::from_usize_bits(1024);
|
|
|
|
// Step 3 / Step c for `n` (out of order).
|
|
let (value, bits) =
|
|
bigint::OwnedModulusWithOne::from_be_bytes_with_bit_length(n, cpu_features)?;
|
|
|
|
// Step 1 / Step a. XXX: SP800-56Br1 and SP800-89 require the length of
|
|
// the public modulus to be exactly 2048 or 3072 bits, but we are more
|
|
// flexible to be compatible with other commonly-used crypto libraries.
|
|
assert!(min_bits >= MIN_BITS);
|
|
let bits_rounded_up =
|
|
bits::BitLength::from_usize_bytes(bits.as_usize_bytes_rounded_up()).unwrap(); // TODO: safe?
|
|
if bits_rounded_up < min_bits {
|
|
return Err(error::KeyRejected::too_small());
|
|
}
|
|
if bits > max_bits {
|
|
return Err(error::KeyRejected::too_large());
|
|
}
|
|
|
|
Ok(Self { value, bits })
|
|
}
|
|
|
|
/// The big-endian encoding of the modulus.
|
|
///
|
|
/// There are no leading zeros.
|
|
pub fn be_bytes(&self) -> impl ExactSizeIterator<Item = u8> + Clone + '_ {
|
|
self.value.be_bytes()
|
|
}
|
|
|
|
/// The length of the modulus in bits.
|
|
pub fn len_bits(&self) -> bits::BitLength {
|
|
self.bits
|
|
}
|
|
|
|
pub(super) fn value(&self) -> &bigint::OwnedModulusWithOne<N> {
|
|
&self.value
|
|
}
|
|
}
|