Have RsaPrivateKey::from_components convert n to Odd (#532)

Changes the `n` parameter of this function from `Odd<BoxedUint>` to just
`BoxedUint`, and converts to `Odd` internally, returning an error in the
event the provided `n` is even.

Previously this was a conversion the API caller had to do, which is a
little more onerous than just doing it for them. It should also make
upgrades from v0.9 easier, since it's one less type to deal with.

Closes #531

Author: tarcieri

benches/key.rs

@@ -3,7 +3,7 @@
 extern crate test;
 
 use base64ct::{Base64, Encoding};
-use crypto_bigint::{BoxedUint, Odd};
+use crypto_bigint::BoxedUint;
 use hex_literal::hex;
 use rand_chacha::{rand_core::SeedableRng, ChaCha8Rng};
 use rsa::{Pkcs1v15Encrypt, Pkcs1v15Sign, RsaPrivateKey};
@@ -64,7 +64,7 @@ fn get_key() -> RsaPrivateKey {
     ];
 
     RsaPrivateKey::from_components(
-        Odd::new(BoxedUint::from_be_slice(&n, 2048).unwrap()).unwrap(),
+        BoxedUint::from_be_slice(&n, 2048).unwrap(),
         BoxedUint::from(3u32),
         BoxedUint::from_be_slice(&d, 2048).unwrap(),
         vec![

src/encoding.rs

@@ -8,7 +8,7 @@ use crate::{
     RsaPrivateKey, RsaPublicKey,
 };
 use core::convert::{TryFrom, TryInto};
-use crypto_bigint::{BoxedUint, NonZero, Odd, Resize};
+use crypto_bigint::{BoxedUint, NonZero, Resize};
 use pkcs8::{
     der::{asn1::OctetStringRef, Encode},
     Document, EncodePrivateKey, EncodePublicKey, ObjectIdentifier, SecretDocument,
@@ -60,8 +60,6 @@ impl TryFrom<pkcs8::PrivateKeyInfoRef<'_>> for RsaPrivateKey {
         let bits = u32::try_from(pkcs1_key.modulus.as_bytes().len()).map_err(|_| KeyMalformed)? * 8;
 
         let n = uint_from_slice(pkcs1_key.modulus.as_bytes(), bits)?;
-        let n = Option::from(Odd::new(n)).ok_or(KeyMalformed)?;
-
         let bits_e = u32::try_from(pkcs1_key.public_exponent.as_bytes().len())
             .map_err(|_| KeyMalformed)?
             * 8;

src/key.rs

@@ -287,7 +287,12 @@ impl RsaPrivateKey {
         exp: BoxedUint,
     ) -> Result<RsaPrivateKey> {
         let components = generate_multi_prime_key_with_exp(rng, 2, bit_size, exp)?;
-        RsaPrivateKey::from_components(components.n, components.e, components.d, components.primes)
+        RsaPrivateKey::from_components(
+            components.n.get(),
+            components.e,
+            components.d,
+            components.primes,
+        )
     }
 
     /// Constructs an RSA key pair from individual components:
@@ -304,11 +309,13 @@ impl RsaPrivateKey {
     ///
     ///  [NIST SP 800-56B Revision 2]: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Br2.pdf
     pub fn from_components(
-        n: Odd<BoxedUint>,
+        n: BoxedUint,
         e: BoxedUint,
         d: BoxedUint,
         mut primes: Vec<BoxedUint>,
     ) -> Result<RsaPrivateKey> {
+        let n = Odd::new(n).into_option().ok_or(Error::InvalidModulus)?;
+
         // The modulus may come in padded with zeros, shorten it
         // to ensure optimal performance of arithmetic operations.
         let n_bits = n.bits_vartime();
@@ -386,7 +393,7 @@ impl RsaPrivateKey {
         let primes = vec![p, q];
         let n = compute_modulus(&primes);
 
-        Self::from_components(n, public_exponent, d, primes)
+        Self::from_components(n.get(), public_exponent, d, primes)
     }
 
     /// Constructs an RSA key pair from its primes.
@@ -412,7 +419,7 @@ impl RsaPrivateKey {
         let n = compute_modulus(&primes);
         let d = compute_private_exponent_euler_totient(&primes, &public_exponent)?;
 
-        Self::from_components(n, public_exponent, d, primes)
+        Self::from_components(n.get(), public_exponent, d, primes)
     }
 
     /// Get the public key from the private key, cloning `n` and `e`.
@@ -755,7 +762,7 @@ mod tests {
                         generate_multi_prime_key_with_exp(&mut rng, $multi, $size, exp.clone())
                             .unwrap();
                     let private_key = RsaPrivateKey::from_components(
-                        components.n,
+                        components.n.get(),
                         components.e,
                         components.d,
                         components.primes,
@@ -784,14 +791,11 @@ mod tests {
     fn test_negative_decryption_value() {
         let bits = 128;
         let private_key = RsaPrivateKey::from_components(
-            Odd::new(
-                BoxedUint::from_le_slice(
-                    &[
-                        99, 192, 208, 179, 0, 220, 7, 29, 49, 151, 75, 107, 75, 73, 200, 180,
-                    ],
-                    bits,
-                )
-                .unwrap(),
+            BoxedUint::from_le_slice(
+                &[
+                    99, 192, 208, 179, 0, 220, 7, 29, 49, 151, 75, 107, 75, 73, 200, 180,
+                ],
+                bits,
             )
             .unwrap(),
             BoxedUint::from_le_slice(&[1, 0, 1, 0, 0, 0, 0, 0], 64).unwrap(),
@@ -923,7 +927,7 @@ mod tests {
         let e = BoxedUint::from_be_slice(&e, 64).unwrap();
 
         let bits = 4096;
-        let n = Odd::new(BoxedUint::from_be_slice(&n, bits).unwrap()).unwrap();
+        let n = BoxedUint::from_be_slice(&n, bits).unwrap();
         let d = BoxedUint::from_be_slice(&d, bits).unwrap();
         let primes = primes
             .iter()

src/oaep.rs

@@ -295,7 +295,7 @@ mod tests {
     use crate::traits::PublicKeyParts;
     use crate::traits::{Decryptor, RandomizedDecryptor, RandomizedEncryptor};
 
-    use crypto_bigint::{BoxedUint, Odd};
+    use crypto_bigint::BoxedUint;
     use digest::{Digest, DynDigest, FixedOutputReset};
     use rand_chacha::{
         rand_core::{RngCore, SeedableRng},
@@ -335,7 +335,7 @@ mod tests {
         // -----END RSA PRIVATE KEY-----
 
         RsaPrivateKey::from_components(
-            Odd::new(BoxedUint::from_be_hex("d397b84d98a4c26138ed1b695a8106ead91d553bf06041b62d3fdc50a041e222b8f4529689c1b82c5e71554f5dd69fa2f4b6158cf0dbeb57811a0fc327e1f28e74fe74d3bc166c1eabdc1b8b57b934ca8be5b00b4f29975bcc99acaf415b59bb28a6782bb41a2c3c2976b3c18dbadef62f00c6bb226640095096c0cc60d22fe7ef987d75c6a81b10d96bf292028af110dc7cc1bbc43d22adab379a0cd5d8078cc780ff5cd6209dea34c922cf784f7717e428d75b5aec8ff30e5f0141510766e2e0ab8d473c84e8710b2b98227c3db095337ad3452f19e2b9bfbccdd8148abf6776fa552775e6e75956e45229ae5a9c46949bab1e622f0e48f56524a84ed3483b", 2048).unwrap()).unwrap(),
+            BoxedUint::from_be_hex("d397b84d98a4c26138ed1b695a8106ead91d553bf06041b62d3fdc50a041e222b8f4529689c1b82c5e71554f5dd69fa2f4b6158cf0dbeb57811a0fc327e1f28e74fe74d3bc166c1eabdc1b8b57b934ca8be5b00b4f29975bcc99acaf415b59bb28a6782bb41a2c3c2976b3c18dbadef62f00c6bb226640095096c0cc60d22fe7ef987d75c6a81b10d96bf292028af110dc7cc1bbc43d22adab379a0cd5d8078cc780ff5cd6209dea34c922cf784f7717e428d75b5aec8ff30e5f0141510766e2e0ab8d473c84e8710b2b98227c3db095337ad3452f19e2b9bfbccdd8148abf6776fa552775e6e75956e45229ae5a9c46949bab1e622f0e48f56524a84ed3483b", 2048).unwrap(),
             BoxedUint::from(65_537u64),
             BoxedUint::from_be_hex("c4e70c689162c94c660828191b52b4d8392115df486a9adbe831e458d73958320dc1b755456e93701e9702d76fb0b92f90e01d1fe248153281fe79aa9763a92fae69d8d7ecd144de29fa135bd14f9573e349e45031e3b76982f583003826c552e89a397c1a06bd2163488630d92e8c2bb643d7abef700da95d685c941489a46f54b5316f62b5d2c3a7f1bbd134cb37353a44683fdc9d95d36458de22f6c44057fe74a0a436c4308f73f4da42f35c47ac16a7138d483afc91e41dc3a1127382e0c0f5119b0221b4fc639d6b9c38177a6de9b526ebd88c38d7982c07f98a0efd877d508aae275b946915c02e2e1106d175d74ec6777f5e80d12c053d9c7be1e341", 2048).unwrap(),
             vec![

src/pkcs1v15.rs

@@ -253,7 +253,6 @@ mod tests {
         SignatureEncoding, Signer, Verifier,
     };
     use base64ct::{Base64, Encoding};
-    use crypto_bigint::Odd;
     use hex_literal::hex;
     use rand_chacha::{
         rand_core::{RngCore, SeedableRng},
@@ -281,7 +280,7 @@ mod tests {
         // -----END RSA PRIVATE KEY-----
 
         RsaPrivateKey::from_components(
-            Odd::new(BoxedUint::from_be_hex("B2990F49C47DFA8CD400AE6A4D1B8A3B6A13642B23F28B003BFB97790ADE9A4CC82B8B2A81747DDEC08B6296E53A08C331687EF25C4BF4936BA1C0E6041E9D15", 512).unwrap()).unwrap(),
+            BoxedUint::from_be_hex("B2990F49C47DFA8CD400AE6A4D1B8A3B6A13642B23F28B003BFB97790ADE9A4CC82B8B2A81747DDEC08B6296E53A08C331687EF25C4BF4936BA1C0E6041E9D15", 512).unwrap(),
             BoxedUint::from(65_537u64),
             BoxedUint::from_be_hex("8ABD6A69F4D1A4B487F0AB8D7AAEFD38609405C999984E30F567E1E8AEEFF44E8B18BDB1EC78DFA31A55E32A48D7FB131F5AF1F44D7D6B2CED2A9DF5E5AE4535", 512).unwrap(),
             vec![