Skip to main content

rsa/pkcs1v15/
decrypting_key.rs

1use super::{decrypt, EncryptingKey};
2use crate::{
3    dummy_rng::DummyRng,
4    traits::{Decryptor, EncryptingKeypair, RandomizedDecryptor},
5    Result, RsaPrivateKey,
6};
7use alloc::vec::Vec;
8use rand_core::CryptoRng;
9#[cfg(feature = "serde")]
10use serde::{Deserialize, Serialize};
11use zeroize::ZeroizeOnDrop;
12
13/// Decryption key for PKCS#1 v1.5 decryption as described in [RFC8017 § 7.2].
14///
15/// [RFC8017 § 7.2]: https://datatracker.ietf.org/doc/html/rfc8017#section-7.2
16#[derive(Debug, Clone, PartialEq)]
17#[cfg_attr(feature = "serde", derive(Serialize, Deserialize))]
18pub struct DecryptingKey {
19    inner: RsaPrivateKey,
20}
21
22impl DecryptingKey {
23    /// Create a new verifying key from an RSA public key.
24    pub fn new(key: RsaPrivateKey) -> Self {
25        Self { inner: key }
26    }
27}
28
29impl Decryptor for DecryptingKey {
30    fn decrypt(&self, ciphertext: &[u8]) -> Result<Vec<u8>> {
31        decrypt::<DummyRng>(None, &self.inner, ciphertext)
32    }
33}
34
35impl RandomizedDecryptor for DecryptingKey {
36    fn decrypt_with_rng<R: CryptoRng + ?Sized>(
37        &self,
38        rng: &mut R,
39        ciphertext: &[u8],
40    ) -> Result<Vec<u8>> {
41        decrypt(Some(rng), &self.inner, ciphertext)
42    }
43}
44
45impl EncryptingKeypair for DecryptingKey {
46    type EncryptingKey = EncryptingKey;
47    fn encrypting_key(&self) -> EncryptingKey {
48        EncryptingKey {
49            inner: self.inner.clone().into(),
50        }
51    }
52}
53
54impl ZeroizeOnDrop for DecryptingKey {}
55
56#[cfg(test)]
57mod tests {
58    #[test]
59    #[cfg(all(feature = "hazmat", feature = "serde"))]
60    fn test_serde() {
61        use super::*;
62        use rand::rngs::ChaCha8Rng;
63        use rand_core::SeedableRng;
64        use serde_test::{assert_tokens, Configure, Token};
65
66        let mut rng = ChaCha8Rng::from_seed([42; 32]);
67        let decrypting_key = DecryptingKey::new(
68            RsaPrivateKey::new_unchecked(&mut rng, 64).expect("failed to generate key"),
69        );
70
71        let tokens = [
72            Token::Struct {
73                name: "DecryptingKey",
74                len: 1,
75            },
76            Token::Str("inner"),
77            Token::Str(concat!(
78                "3056020100300d06092a864886f70d010101050004423040020100020900ab",
79                "240c3361d02e370203010001020811e54a15259d22f9020500ceff5cf30205",
80                "00d3a7aaad020500ccaddf17020500cb529d3d020500bb526d6f"
81            )),
82            Token::StructEnd,
83        ];
84        assert_tokens(&decrypting_key.readable(), &tokens);
85    }
86}