From 0ab5a27238d462c4b0a95e1a6e818bd05f7a62d3 Mon Sep 17 00:00:00 2001 From: Sean McGrail Date: Thu, 21 Nov 2024 22:52:27 +0000 Subject: [PATCH] Implement feature as TryInto --- aws-lc-rs/src/rsa/key.rs | 30 ++++++++++++++++++------------ aws-lc-rs/tests/basic_rsa_test.rs | 11 ++++------- 2 files changed, 22 insertions(+), 19 deletions(-) diff --git a/aws-lc-rs/src/rsa/key.rs b/aws-lc-rs/src/rsa/key.rs index 20c5f716454..501dd011e6f 100644 --- a/aws-lc-rs/src/rsa/key.rs +++ b/aws-lc-rs/src/rsa/key.rs @@ -20,7 +20,7 @@ use crate::{ hex, ptr::{DetachableLcPtr, LcPtr}, rand, - rsa::{PublicEncryptingKey}, + rsa::PublicEncryptingKey, sealed::Sealed, }; #[cfg(feature = "fips")] @@ -368,7 +368,7 @@ impl PublicKey { } } -/// Low-level API for the verification of RSA signatures. +/// Low-level API for RSA public keys. /// /// When the public key is in DER-encoded PKCS#1 ASN.1 format, it is /// recommended to use `aws_lc_rs::signature::verify()` with @@ -433,16 +433,6 @@ where Ok(pkey) } - /// Builds a `PublicEncryptingKey` from the public key components. - /// - /// # Errors - /// `error::Unspecified` if the key failed to verify. - pub fn build_encrypting_key(&self) -> Result { - let rsa = self.build_rsa()?; - - PublicEncryptingKey::new(rsa) - } - /// Verifies that `signature` is a valid signature of `message` using `self` /// as the public key. `params` determine what algorithm parameters /// (padding, digest algorithm, key length range, etc.) are used in the @@ -468,6 +458,22 @@ where } } +impl TryInto for PublicKeyComponents +where + B: AsRef<[u8]> + Debug, +{ + type Error = Unspecified; + + /// Try to build a `PublicEncryptingKey` from the public key components. + /// + /// # Errors + /// `error::Unspecified` if the key failed to verify. + fn try_into(self) -> Result { + let rsa = self.build_rsa()?; + PublicEncryptingKey::new(rsa) + } +} + pub(super) fn generate_rsa_key(size: c_int, fips: bool) -> Result, Unspecified> { // We explicitly don't use `EVP_PKEY_keygen`, as it will force usage of either the FIPS or non-FIPS // keygen function based on the whether the build of AWS-LC had FIPS enbaled. Rather we delegate to the desired diff --git a/aws-lc-rs/tests/basic_rsa_test.rs b/aws-lc-rs/tests/basic_rsa_test.rs index 7612975ae37..0e3cfe8db03 100644 --- a/aws-lc-rs/tests/basic_rsa_test.rs +++ b/aws-lc-rs/tests/basic_rsa_test.rs @@ -2,7 +2,7 @@ // SPDX-License-Identifier: Apache-2.0 OR ISC use aws_lc_rs::rand::SystemRandom; -use aws_lc_rs::rsa::Pkcs1PublicEncryptingKey; +use aws_lc_rs::rsa::{Pkcs1PublicEncryptingKey, PublicEncryptingKey}; use aws_lc_rs::signature; use aws_lc_rs::signature::RsaKeyPair; use aws_lc_rs::test::from_dirty_hex; @@ -210,14 +210,11 @@ fn test_encryption_rsa_primitive() { let msg = from_dirty_hex(r"68656c6c6f2c20776f726c64"); let public_key = signature::RsaPublicKeyComponents { n: &n, e: &e }; - let public_encrypting_key = public_key.build_encrypting_key() - .unwrap(); - let pkcs_encrypting_key = Pkcs1PublicEncryptingKey::new(public_encrypting_key) - .unwrap(); + let public_encrypting_key: PublicEncryptingKey = public_key.try_into().unwrap(); + let pkcs_encrypting_key = Pkcs1PublicEncryptingKey::new(public_encrypting_key).unwrap(); let mut encrypted = vec![0u8; pkcs_encrypting_key.ciphertext_size()]; - pkcs_encrypting_key.encrypt(&msg, &mut encrypted) - .unwrap(); + pkcs_encrypting_key.encrypt(&msg, &mut encrypted).unwrap(); assert_ne!(encrypted, msg); }