diff --git a/aws-lc-rs/src/rsa.rs b/aws-lc-rs/src/rsa.rs index bc0370a64a8..82f77b1f4b7 100644 --- a/aws-lc-rs/src/rsa.rs +++ b/aws-lc-rs/src/rsa.rs @@ -14,7 +14,7 @@ mod encoding; pub(crate) mod key; pub(crate) mod signature; -pub use self::key::{KeyPair, PublicKey, PublicKeyComponents}; +pub use self::key::{KeyPair, KeySize, PublicKey, PublicKeyComponents}; #[allow(clippy::module_name_repetitions)] pub use self::signature::RsaParameters; diff --git a/aws-lc-rs/src/rsa/key.rs b/aws-lc-rs/src/rsa/key.rs index 662e7bc59c5..2720f586c8f 100644 --- a/aws-lc-rs/src/rsa/key.rs +++ b/aws-lc-rs/src/rsa/key.rs @@ -614,78 +614,3 @@ pub(super) fn generate_rsa_key( Ok(evp_pkey) } - -#[cfg(test)] -mod tests { - use super::{KeyPair, KeySize, PublicKeyComponents}; - use crate::encoding::AsDer; - - #[test] - fn keysize_len() { - assert_eq!(KeySize::Rsa2048.len(), 256); - assert_eq!(KeySize::Rsa3072.len(), 384); - assert_eq!(KeySize::Rsa4096.len(), 512); - assert_eq!(KeySize::Rsa8192.len(), 1024); - } - - macro_rules! generate_encode_decode { - ($name:ident, $size:expr) => { - #[test] - fn $name() { - let private_key = KeyPair::generate($size).expect("generation"); - - let pkcs8v1 = private_key.as_der().expect("encoded"); - - let private_key = KeyPair::from_pkcs8(pkcs8v1.as_ref()).expect("decoded"); - - let public_key = crate::signature::KeyPair::public_key(&private_key); - - let _ = public_key.as_ref(); - } - }; - } - - generate_encode_decode!(rsa2048_generate_encode_decode, KeySize::Rsa2048); - generate_encode_decode!(rsa3072_generate_encode_decode, KeySize::Rsa3072); - generate_encode_decode!(rsa4096_generate_encode_decode, KeySize::Rsa4096); - generate_encode_decode!(rsa8192_generate_encode_decode, KeySize::Rsa8192); - - macro_rules! generate_fips_encode_decode { - ($name:ident, $size:expr) => { - #[cfg(feature = "fips")] - #[test] - fn $name() { - let private_key = KeyPair::generate_fips($size).expect("generation"); - - let pkcs8v1 = private_key.as_der().expect("encoded"); - - let private_key = KeyPair::from_pkcs8(pkcs8v1.as_ref()).expect("decoded"); - - let public_key = crate::signature::KeyPair::public_key(&private_key); - - let _ = public_key.as_ref(); - } - }; - ($name:ident, $size:expr, false) => { - #[cfg(feature = "fips")] - #[test] - fn $name() { - let _ = KeyPair::generate_fips($size).expect_err("should fail for key size"); - } - }; - } - - generate_fips_encode_decode!(rsa2048_generate_fips_encode_decode, KeySize::Rsa2048); - generate_fips_encode_decode!(rsa3072_generate_fips_encode_decode, KeySize::Rsa3072); - generate_fips_encode_decode!(rsa4096_generate_fips_encode_decode, KeySize::Rsa4096); - generate_fips_encode_decode!(rsa8192_generate_fips_encode_decode, KeySize::Rsa8192, false); - - #[test] - fn public_key_components_clone_debug() { - let pkc = PublicKeyComponents::<&[u8]> { - n: &[0x63, 0x61, 0x6d, 0x65, 0x6c, 0x6f, 0x74], - e: &[0x61, 0x76, 0x61, 0x6c, 0x6f, 0x6e], - }; - assert_eq!("RsaPublicKeyComponents { n: [99, 97, 109, 101, 108, 111, 116], e: [97, 118, 97, 108, 111, 110] }", format!("{pkc:?}")); - } -} diff --git a/aws-lc-rs/src/signature.rs b/aws-lc-rs/src/signature.rs index 3a6c986c73b..0764dba0e64 100644 --- a/aws-lc-rs/src/signature.rs +++ b/aws-lc-rs/src/signature.rs @@ -245,9 +245,8 @@ use std::fmt::{Debug, Formatter}; use untrusted::Input; pub use crate::rsa::{ - key::{PublicKey as RsaPublicKey, PublicKeyComponents as RsaPublicKeyComponents}, - signature::RsaEncoding, - KeyPair as RsaKeyPair, PublicKey as RsaSubjectPublicKey, RsaParameters, + signature::RsaEncoding, KeyPair as RsaKeyPair, PublicKey as RsaSubjectPublicKey, + PublicKeyComponents as RsaPublicKeyComponents, RsaParameters, }; use crate::rsa::{ diff --git a/aws-lc-rs/tests/rsa_test.rs b/aws-lc-rs/tests/rsa_test.rs index af2925086e4..ad395bfde35 100644 --- a/aws-lc-rs/tests/rsa_test.rs +++ b/aws-lc-rs/tests/rsa_test.rs @@ -3,7 +3,11 @@ // Modifications copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 OR ISC -use aws_lc_rs::signature::{KeyPair, RsaKeyPair, RsaParameters, RsaPublicKey}; +use aws_lc_rs::encoding::AsDer; +use aws_lc_rs::rsa::KeySize; +use aws_lc_rs::signature::{ + KeyPair, RsaKeyPair, RsaParameters, RsaPublicKeyComponents, RsaSubjectPublicKey, +}; use aws_lc_rs::test::to_hex_upper; use aws_lc_rs::{rand, signature, test, test_file}; @@ -11,8 +15,8 @@ use aws_lc_rs::{rand, signature, test, test_file}; fn rsa_traits() { test::compile_time_assert_send::(); test::compile_time_assert_sync::(); - test::compile_time_assert_send::(); - test::compile_time_assert_sync::(); + test::compile_time_assert_send::(); + test::compile_time_assert_sync::(); test::compile_time_assert_send::>(); test::compile_time_assert_sync::>(); test::compile_time_assert_send::>>(); @@ -249,7 +253,7 @@ fn rsa_test_public_key_coverage() { // Test `Clone`. #[allow(let_underscore_drop)] - let _: RsaPublicKey = pubkey.clone(); + let _: RsaSubjectPublicKey = pubkey.clone(); #[cfg(feature = "ring-io")] assert_eq!( @@ -267,3 +271,72 @@ fn rsa_test_public_key_coverage() { format!("{key_pair:?}") ); } + +#[test] +fn keysize_len() { + assert_eq!(KeySize::Rsa2048.len(), 256); + assert_eq!(KeySize::Rsa3072.len(), 384); + assert_eq!(KeySize::Rsa4096.len(), 512); + assert_eq!(KeySize::Rsa8192.len(), 1024); +} + +macro_rules! generate_encode_decode { + ($name:ident, $size:expr) => { + #[test] + fn $name() { + let private_key = RsaKeyPair::generate($size).expect("generation"); + + let pkcs8v1 = private_key.as_der().expect("encoded"); + + let private_key = RsaKeyPair::from_pkcs8(pkcs8v1.as_ref()).expect("decoded"); + + let public_key = crate::signature::KeyPair::public_key(&private_key); + + let _ = public_key.as_ref(); + } + }; +} + +generate_encode_decode!(rsa2048_generate_encode_decode, KeySize::Rsa2048); +generate_encode_decode!(rsa3072_generate_encode_decode, KeySize::Rsa3072); +generate_encode_decode!(rsa4096_generate_encode_decode, KeySize::Rsa4096); +generate_encode_decode!(rsa8192_generate_encode_decode, KeySize::Rsa8192); + +macro_rules! generate_fips_encode_decode { + ($name:ident, $size:expr) => { + #[cfg(feature = "fips")] + #[test] + fn $name() { + let private_key = KeyPair::generate_fips($size).expect("generation"); + + let pkcs8v1 = private_key.as_der().expect("encoded"); + + let private_key = KeyPair::from_pkcs8(pkcs8v1.as_ref()).expect("decoded"); + + let public_key = crate::signature::KeyPair::public_key(&private_key); + + let _ = public_key.as_ref(); + } + }; + ($name:ident, $size:expr, false) => { + #[cfg(feature = "fips")] + #[test] + fn $name() { + let _ = KeyPair::generate_fips($size).expect_err("should fail for key size"); + } + }; +} + +generate_fips_encode_decode!(rsa2048_generate_fips_encode_decode, KeySize::Rsa2048); +generate_fips_encode_decode!(rsa3072_generate_fips_encode_decode, KeySize::Rsa3072); +generate_fips_encode_decode!(rsa4096_generate_fips_encode_decode, KeySize::Rsa4096); +generate_fips_encode_decode!(rsa8192_generate_fips_encode_decode, KeySize::Rsa8192, false); + +#[test] +fn public_key_components_clone_debug() { + let pkc = RsaPublicKeyComponents::<&[u8]> { + n: &[0x63, 0x61, 0x6d, 0x65, 0x6c, 0x6f, 0x74], + e: &[0x61, 0x76, 0x61, 0x6c, 0x6f, 0x6e], + }; + assert_eq!("RsaPublicKeyComponents { n: [99, 97, 109, 101, 108, 111, 116], e: [97, 118, 97, 108, 111, 110] }", format!("{pkc:?}")); +}