Revert "Add RsaPublicKey::new_with_max_size; 4096-bit default max (R…

…ustCrypto#176)" This reverts commit e7f4810.
aletheia-rs · Nov 10, 2022 · 1f44733 · 1f44733
1 parent 4f1d413
commit 1f44733
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 105 deletions.
diff --git a/src/errors.rs b/src/errors.rs
@@ -4,7 +4,7 @@
 pub type Result<T> = core::result::Result<T, Error>;
 
 /// Error types
-#[derive(Debug, Eq, PartialEq)]
+#[derive(Debug)]
 #[non_exhaustive]
 pub enum Error {
     /// Invalid padding scheme.

diff --git a/src/key.rs b/src/key.rs
@@ -17,6 +17,10 @@ use crate::padding::PaddingScheme;
 use crate::raw::{DecryptionPrimitive, EncryptionPrimitive};
 use crate::{oaep, pkcs1v15, pss};
 
+const MIN_PUB_EXPONENT: u64 = 2;
+const MAX_PUB_EXPONENT: u64 = (1 << 33) - 1;
+const MAX_MODULUS_BITS: usize = 16384;
+
 /// Components of an RSA public key.
 pub trait PublicKeyParts {
     /// Returns the modulus of the key.
@@ -232,27 +236,11 @@ impl PublicKey for RsaPublicKey {
 }
 
 impl RsaPublicKey {
-    /// Minimum value of the public exponent `e`.
-    pub const MIN_PUB_EXPONENT: u64 = 2;
-
-    /// Maximum value of the public exponent `e`.
-    pub const MAX_PUB_EXPONENT: u64 = (1 << 33) - 1;
-
-    /// Maximum size of the modulus `n` in bits.
-    pub const MAX_SIZE: usize = 4096;
-
-    /// Create a new public key from its components.
-    ///
-    /// This function accepts public keys with a modulus size up to 4096-bits,
-    /// i.e. [`RsaPublicKey::MAX_SIZE`].
+    /// Create a new key from its components.
     pub fn new(n: BigUint, e: BigUint) -> Result<Self> {
-        Self::new_with_max_size(n, e, Self::MAX_SIZE)
-    }
+        let k = RsaPublicKey { n, e };
+        check_public(&k)?;
 
-    /// Create a new public key from its components.
-    pub fn new_with_max_size(n: BigUint, e: BigUint, max_size: usize) -> Result<Self> {
-        let k = Self { n, e };
-        check_public_with_max_size(&k, max_size)?;
         Ok(k)
     }
 
@@ -326,9 +314,10 @@ impl RsaPrivateKey {
     /// Get the public key from the private key, cloning `n` and `e`.
     ///
     /// Generally this is not needed since `RsaPrivateKey` implements the `PublicKey` trait,
-    /// but it can occasionally be useful to discard the private information entirely.
+    /// but it can occationally be useful to discard the private information entirely.
     pub fn to_public_key(&self) -> RsaPublicKey {
-        self.pubkey_components.clone()
+        // Safe to unwrap since n and e are already verified.
+        RsaPublicKey::new(self.n().clone(), self.e().clone()).unwrap()
     }
 
     /// Performs some calculations to speed up private key operations.
@@ -398,7 +387,7 @@ impl RsaPrivateKey {
     }
 
     /// Performs basic sanity checks on the key.
-    /// Returns `Ok(())` if everything is good, otherwise an appropriate error.
+    /// Returns `Ok(())` if everything is good, otherwise an approriate error.
     pub fn validate(&self) -> Result<()> {
         check_public(self)?;
 
@@ -546,13 +535,7 @@ impl RsaPrivateKey {
 /// Check that the public key is well formed and has an exponent within acceptable bounds.
 #[inline]
 pub fn check_public(public_key: &impl PublicKeyParts) -> Result<()> {
-    check_public_with_max_size(public_key, RsaPublicKey::MAX_SIZE)
-}
-
-/// Check that the public key is well formed and has an exponent within acceptable bounds.
-#[inline]
-fn check_public_with_max_size(public_key: &impl PublicKeyParts, max_size: usize) -> Result<()> {
-    if public_key.n().bits() > max_size {
+    if public_key.n().bits() > MAX_MODULUS_BITS {
         return Err(Error::ModulusTooLarge);
     }
 
@@ -561,11 +544,11 @@ fn check_public_with_max_size(public_key: &impl PublicKeyParts, max_size: usize)
         .to_u64()
         .ok_or(Error::PublicExponentTooLarge)?;
 
-    if e < RsaPublicKey::MIN_PUB_EXPONENT {
+    if e < MIN_PUB_EXPONENT {
         return Err(Error::PublicExponentTooSmall);
     }
 
-    if e > RsaPublicKey::MAX_PUB_EXPONENT {
+    if e > MAX_PUB_EXPONENT {
         return Err(Error::PublicExponentTooLarge);
     }
 
@@ -579,7 +562,6 @@ mod tests {
 
     use alloc::string::String;
     use digest::{Digest, DynDigest};
-    use hex_literal::hex;
     use num_traits::{FromPrimitive, ToPrimitive};
     use rand_chacha::{
         rand_core::{RngCore, SeedableRng},
@@ -780,78 +762,6 @@ mod tests {
         .unwrap();
     }
 
-    #[test]
-    fn reject_oversized_private_key() {
-        // -----BEGIN PUBLIC KEY-----
-        // MIIEIjANBgkqhkiG9w0BAQEFAAOCBA8AMIIECgKCBAEAkMBiB8qsNVXAsJR6Xoto
-        // H1r2rtZl/xzUK2tIfy99aPE489u+5tLxCQhQf+a89158vSDpr2/xwgK8w9u0Xpu2
-        // m7XRKjVMS0Y6UIINFoeTc87rVXT92Scr47kNVcGmSFXez4BSDpS+LKpWwXN+0AQu
-        // +cmcfdtsx2862iEbqQvq4PwKGQJOdOR0yldH8O4yeJK/buvIOXRHjb++vtQND/xi
-        // bFGAcd9WJqvaOG7tclhbZ277mbO6ER+y9Lj7AyO8ywybWqNeHaVPHMysPhT7HUWI
-        // 17m59i1OpuVwwEnvzDQQEUf9d5hUmkLYb5qQzuf6Ddnx/04QJCKAgkhyr9CXgnV6
-        // vEZ3PKtpicCHRxk7eqTEmgBlgwqH5vflRFV1iywQMXJnuRhzWOQaXl/vb8v4HIvF
-        // 4TatEZKqfzpbyScLIiYbPEAhHXKdZMd2zY8hkSbicifePApAZmuNpAxxJDZzphh7
-        // r4lD6t8MPT/RUAdtrZfihqaBhduFI6YeVIy6emg05M6YWvlUyer7nYGaPRS1JqD4
-        // 0v7xOtme5I8Qw6APiFPXhTqBK3occr7TgGb3V3lpC8Eq+esNHrji98R1fITkFXJW
-        // KdFcTWjBghPxiobUzMCFUrPIDJcWXeBzrARAryU+hXjEiFfzluXrps0B7RJQ/rLD
-        // LXeTn4vovUeHQVHa7YfoyWMy9pfqeVC+56LBK7SEIAvL0I3lrq5vIv+ZIuOAdbVg
-        // JiRy8DneCOk2LP3RnA8M0HSevYW93DiC+4h/l4ntjjiOfi6yRVOZ8WbVyXZ/83j4
-        // 6+pGWgvi0uMyb+btgOXjBQv7bGqdyHMc5Lqk5bF7ExETx51vKQMYCV4351caS6aX
-        // q16lYZATHgbTADEAZHdroDMJB+HMQaze9O6qU5ZO8wxxAjw89xry0dnoOQD/yA4H
-        // 7CRCo9vVDpV2hqIvHY9RI2T7cek28kmQpKvNvvK+ovmM138dHKViWULHk0fBRt7m
-        // 4wQ+tiL2PmJ/Tr8g1gVhM6S9D1XdE9z0KeDnODCWn1Q8sx2G2ah4ynnYQURDWcwO
-        // McAoP6bdJ7cCt+4F2tEsMPf4S/EwlnjvuNoQjvztxCPahYe9EnyggtQXyHJveIn7
-        // gDJsP6b93VB6x4QbLy5ch4DUhqDWginuKVeo7CTgDkq03j/IEaS1BHwreSDQceny
-        // +bYWONwV+4TMpGytKOHvU5288kmHbyZHdXuaXk8LLqbnqr30fa6Cbp4llCi9sH5a
-        // Kmi5jxQfVTe+elkMs7oVsLsVgkZS6NqPcOuEckAFijNqG223+IJoqvifCzO5Bdcs
-        // JTOLE+YaUYc8LUJwIaPykgcXmtMvQjeT8MCQ3aAlzkHfDpSvvICrXtqbGiaKolU6
-        // mQIDAQAB
-        // -----END PUBLIC KEY-----
-
-        let n = BigUint::from_bytes_be(&hex!(
-            "
-            90c06207caac3555c0b0947a5e8b681f5af6aed665ff1cd42b6b487f2f7d68f1
-            38f3dbbee6d2f10908507fe6bcf75e7cbd20e9af6ff1c202bcc3dbb45e9bb69b
-            b5d12a354c4b463a50820d16879373ceeb5574fdd9272be3b90d55c1a64855de
-            cf80520e94be2caa56c1737ed0042ef9c99c7ddb6cc76f3ada211ba90beae0fc
-            0a19024e74e474ca5747f0ee327892bf6eebc83974478dbfbebed40d0ffc626c
-            518071df5626abda386eed72585b676efb99b3ba111fb2f4b8fb0323bccb0c9b
-            5aa35e1da54f1cccac3e14fb1d4588d7b9b9f62d4ea6e570c049efcc34101147
-            fd7798549a42d86f9a90cee7fa0dd9f1ff4e10242280824872afd09782757abc
-            46773cab6989c08747193b7aa4c49a0065830a87e6f7e54455758b2c10317267
-            b9187358e41a5e5fef6fcbf81c8bc5e136ad1192aa7f3a5bc9270b22261b3c40
-            211d729d64c776cd8f219126e27227de3c0a40666b8da40c71243673a6187baf
-            8943eadf0c3d3fd150076dad97e286a68185db8523a61e548cba7a6834e4ce98
-            5af954c9eafb9d819a3d14b526a0f8d2fef13ad99ee48f10c3a00f8853d7853a
-            812b7a1c72bed38066f75779690bc12af9eb0d1eb8e2f7c4757c84e415725629
-            d15c4d68c18213f18a86d4ccc08552b3c80c97165de073ac0440af253e8578c4
-            8857f396e5eba6cd01ed1250feb2c32d77939f8be8bd47874151daed87e8c963
-            32f697ea7950bee7a2c12bb484200bcbd08de5aeae6f22ff9922e38075b56026
-            2472f039de08e9362cfdd19c0f0cd0749ebd85bddc3882fb887f9789ed8e388e
-            7e2eb2455399f166d5c9767ff378f8ebea465a0be2d2e3326fe6ed80e5e3050b
-            fb6c6a9dc8731ce4baa4e5b17b131113c79d6f290318095e37e7571a4ba697ab
-            5ea56190131e06d300310064776ba0330907e1cc41acdef4eeaa53964ef30c71
-            023c3cf71af2d1d9e83900ffc80e07ec2442a3dbd50e957686a22f1d8f512364
-            fb71e936f24990a4abcdbef2bea2f98cd77f1d1ca5625942c79347c146dee6e3
-            043eb622f63e627f4ebf20d6056133a4bd0f55dd13dcf429e0e73830969f543c
-            b31d86d9a878ca79d841444359cc0e31c0283fa6dd27b702b7ee05dad12c30f7
-            f84bf1309678efb8da108efcedc423da8587bd127ca082d417c8726f7889fb80
-            326c3fa6fddd507ac7841b2f2e5c8780d486a0d68229ee2957a8ec24e00e4ab4
-            de3fc811a4b5047c2b7920d071e9f2f9b61638dc15fb84cca46cad28e1ef539d
-            bcf249876f2647757b9a5e4f0b2ea6e7aabdf47dae826e9e259428bdb07e5a2a
-            68b98f141f5537be7a590cb3ba15b0bb15824652e8da8f70eb847240058a336a
-            1b6db7f88268aaf89f0b33b905d72c25338b13e61a51873c2d427021a3f29207
-            179ad32f423793f0c090dda025ce41df0e94afbc80ab5eda9b1a268aa2553a99"
-        ));
-
-        let e = BigUint::from_u64(65537).unwrap();
-
-        assert_eq!(
-            RsaPublicKey::new(n, e).err().unwrap(),
-            Error::ModulusTooLarge
-        );
-    }
-
     fn get_private_key() -> RsaPrivateKey {
         // -----BEGIN RSA PRIVATE KEY-----
         // MIIEpAIBAAKCAQEA05e4TZikwmE47RtpWoEG6tkdVTvwYEG2LT/cUKBB4iK49FKW