Skip to main content

rsa/pkcs1v15/
decrypting_key.rs

1use super::{decrypt, EncryptingKey};
2use crate::{
3    dummy_rng::DummyRng,
4    traits::{Decryptor, EncryptingKeypair, RandomizedDecryptor},
5    Result, RsaPrivateKey,
6};
7#[cfg(feature = "alloc")]
8use alloc::vec::Vec;
9use rand_core::CryptoRng;
10#[cfg(feature = "serde")]
11use serde::{Deserialize, Serialize};
12use zeroize::ZeroizeOnDrop;
13
14/// Decryption key for PKCS#1 v1.5 decryption as described in [RFC8017 § 7.2].
15///
16/// [RFC8017 § 7.2]: https://datatracker.ietf.org/doc/html/rfc8017#section-7.2
17#[derive(Debug, Clone, PartialEq)]
18#[cfg_attr(feature = "serde", derive(Serialize, Deserialize))]
19pub struct DecryptingKey {
20    inner: RsaPrivateKey,
21}
22
23impl DecryptingKey {
24    /// Create a new verifying key from an RSA public key.
25    pub fn new(key: RsaPrivateKey) -> Self {
26        Self { inner: key }
27    }
28}
29
30impl Decryptor for DecryptingKey {
31    fn decrypt(&self, ciphertext: &[u8]) -> Result<Vec<u8>> {
32        decrypt::<DummyRng>(None, &self.inner, ciphertext)
33    }
34}
35
36impl RandomizedDecryptor for DecryptingKey {
37    fn decrypt_with_rng<R: CryptoRng + ?Sized>(
38        &self,
39        rng: &mut R,
40        ciphertext: &[u8],
41    ) -> Result<Vec<u8>> {
42        decrypt(Some(rng), &self.inner, ciphertext)
43    }
44}
45
46impl EncryptingKeypair for DecryptingKey {
47    type EncryptingKey = EncryptingKey;
48    fn encrypting_key(&self) -> EncryptingKey {
49        EncryptingKey {
50            inner: self.inner.clone().into(),
51        }
52    }
53}
54
55impl ZeroizeOnDrop for DecryptingKey {}
56
57#[cfg(test)]
58mod tests {
59    #[test]
60    #[cfg(all(feature = "hazmat", feature = "serde"))]
61    fn test_serde() {
62        use super::*;
63        use rand::rngs::ChaCha8Rng;
64        use rand_core::SeedableRng;
65        use serde_test::{assert_tokens, Configure, Token};
66
67        let mut rng = ChaCha8Rng::from_seed([42; 32]);
68        let decrypting_key = DecryptingKey::new(
69            RsaPrivateKey::new_unchecked(&mut rng, 64).expect("failed to generate key"),
70        );
71
72        let tokens = [
73            Token::Struct {
74                name: "DecryptingKey",
75                len: 1,
76            },
77            Token::Str("inner"),
78            Token::Str(concat!(
79                "3056020100300d06092a864886f70d010101050004423040020100020900ab",
80                "240c3361d02e370203010001020811e54a15259d22f9020500ceff5cf30205",
81                "00d3a7aaad020500ccaddf17020500cb529d3d020500bb526d6f"
82            )),
83            Token::StructEnd,
84        ];
85        assert_tokens(&decrypting_key.readable(), &tokens);
86    }
87}