extras: Provide initializers for RSA keys from RSA numbers as bytes (apple#247)

Co-authored-by: Cory Benfield <[email protected]>

Author: simonjbeaumont

Sources/_CryptoExtras/RSA/RSA+BlindSigning.swift

@@ -83,6 +83,12 @@ extension _RSA.BlindSigning {
             }
         }
 
+        /// Construct a RSA public key with the specified parameters.
+        public init(n: some ContiguousBytes, e: some ContiguousBytes, parameters: Parameters) throws {
+            self.backing = try BackingPublicKey(n: n, e: e)
+            self.parameters = parameters
+        }
+
         public var pkcs1DERRepresentation: Data {
             self.backing.pkcs1DERRepresentation
         }
@@ -171,6 +177,12 @@ extension _RSA.BlindSigning {
             }
         }
 
+        /// Construct an RSA private key with the specified parameters.
+        public init(n: some ContiguousBytes, e: some ContiguousBytes, d: some ContiguousBytes, p: some ContiguousBytes, q: some ContiguousBytes, parameters: Parameters) throws {
+            self.backing = try BackingPrivateKey(n: n, e: e, d: d, p: p, q: q)
+            self.parameters = parameters
+        }
+
         /// Randomly generate a new RSA private key of a given size.
         ///
         /// This constructor will refuse to generate keys smaller than 2048 bits. Callers that want to enforce minimum

Sources/_CryptoExtras/RSA/RSA.swift

@@ -98,6 +98,17 @@ extension _RSA.Signing {
             }
         }
 
+        /// Construct an RSA public key with the specified parameters.
+        ///
+        /// Only the BoringSSL backend provides APIs to create a key from its parameters so we first create a BoringSSL
+        /// key, and then pass it to the platform-specific initializer that accepts a BoringSSL key.
+        ///
+        /// On Darwin platforms, this will serialize it to PEM format, and then construct a platform-specific key from
+        /// the PEM representation.
+        public init(n: some ContiguousBytes, e: some ContiguousBytes) throws {
+            self.backing = try BackingPublicKey(BoringSSLRSAPublicKey(n: n, e: e))
+        }
+
         public var pkcs1DERRepresentation: Data {
             self.backing.pkcs1DERRepresentation
         }
@@ -178,6 +189,17 @@ extension _RSA.Signing {
             }
         }
 
+        /// Construct an RSA private key with the specified parameters.
+        ///
+        /// Only the BoringSSL backend provides APIs to create a key from its parameters so we first create a BoringSSL
+        /// key, and then pass it to the platform-specific initializer that accepts a BoringSSL key.
+        ///
+        /// On Darwin platforms, this will serialize it to DER format, and then construct a platform-specific key from
+        /// the DER representation.
+        public init(n: some ContiguousBytes, e: some ContiguousBytes, d: some ContiguousBytes, p: some ContiguousBytes, q: some ContiguousBytes) throws {
+            self.backing = try BackingPrivateKey(BoringSSLRSAPrivateKey(n: n, e: e, d: d, p: p, q: q))
+        }
+
         /// Randomly generate a new RSA private key of a given size.
         ///
         /// This constructor will refuse to generate keys smaller than 2048 bits. Callers that want to enforce minimum
@@ -444,6 +466,17 @@ extension _RSA.Encryption {
             guard self.keySizeInBits >= 1024, self.keySizeInBits % 8 == 0 else { throw CryptoKitError.incorrectParameterSize }
         }
 
+        /// Construct an RSA public key with the specified parameters.
+        ///
+        /// Only the BoringSSL backend provides APIs to create a key from its parameters so we first create a BoringSSL
+        /// key, and then pass it to the platform-specific initializer that accepts a BoringSSL key.
+        ///
+        /// On Darwin platforms, this will serialize it to DER format, and then construct a platform-specific key from
+        /// the DER representation.
+        public init(n: some ContiguousBytes, e: some ContiguousBytes) throws {
+            self.backing = try BackingPublicKey(BoringSSLRSAPublicKey(n: n, e: e))
+        }
+
         public var pkcs1DERRepresentation: Data { self.backing.pkcs1DERRepresentation }
         public var pkcs1PEMRepresentation: String { self.backing.pkcs1PEMRepresentation }
         public var derRepresentation: Data { self.backing.derRepresentation }
@@ -494,6 +527,18 @@ extension _RSA.Encryption {
             guard self.keySizeInBits >= 1024, self.keySizeInBits % 8 == 0 else { throw CryptoKitError.incorrectParameterSize }
         }
 
+
+        /// Construct an RSA private key with the specified parameters.
+        ///
+        /// Only the BoringSSL backend provides APIs to create a key from its parameters so we first create a BoringSSL
+        /// key, and then pass it to the platform-specific initializer that accepts a BoringSSL key.
+        ///
+        /// On Darwin platforms, this will serialize it to PEM format, and then construct a platform-specific key from
+        /// the PEM representation.
+        public init(n: some ContiguousBytes, e: some ContiguousBytes, d: some ContiguousBytes, p: some ContiguousBytes, q: some ContiguousBytes) throws {
+            self.backing = try BackingPrivateKey(BoringSSLRSAPrivateKey(n: n, e: e, d: d, p: p, q: q))
+        }
+
         /// Randomly generate a new RSA private key of a given size.
         ///
         /// This constructor will refuse to generate keys smaller than 2048 bits. Callers that want to enforce minimum

Sources/_CryptoExtras/RSA/RSA_boring.swift

@@ -29,6 +29,14 @@ internal struct BoringSSLRSAPublicKey: Sendable {
         self.backing = try Backing(derRepresentation: derRepresentation)
     }
 
+    init(n: some ContiguousBytes, e: some ContiguousBytes) throws {
+        self.backing = try Backing(n: n, e: e)
+    }
+
+    init(_ other: BoringSSLRSAPublicKey) throws {
+        self = other
+    }
+
     var pkcs1DERRepresentation: Data {
         self.backing.pkcs1DERRepresentation
     }
@@ -66,6 +74,14 @@ internal struct BoringSSLRSAPrivateKey: Sendable {
         self.backing = try Backing(derRepresentation: derRepresentation)
     }
 
+    init(n: some ContiguousBytes, e: some ContiguousBytes, d: some ContiguousBytes, p: some ContiguousBytes, q: some ContiguousBytes) throws {
+        self.backing = try Backing(n: n, e: e, d: d, p: p, q: q)
+    }
+
+    init(_ other: BoringSSLRSAPrivateKey) throws {
+        self = other
+    }
+
     init(keySize: _RSA.Signing.KeySize) throws {
         self.backing = try Backing(keySize: keySize)
     }
@@ -222,6 +238,20 @@ extension BoringSSLRSAPublicKey {
             }
         }
 
+        fileprivate init(n: some ContiguousBytes, e: some ContiguousBytes) throws {
+            self.pointer = CCryptoBoringSSL_EVP_PKEY_new()
+            let n = try ArbitraryPrecisionInteger(bytes: n)
+            let e = try ArbitraryPrecisionInteger(bytes: e)
+
+            // Create BoringSSL RSA key.
+            guard let rsaPtr = n.withUnsafeBignumPointer({ n in
+                e.withUnsafeBignumPointer { e in
+                    CCryptoBoringSSL_RSA_new_public_key(n, e)
+                }
+            }) else { throw CryptoKitError.internalBoringSSLError() }
+            CCryptoBoringSSL_EVP_PKEY_assign_RSA(self.pointer, rsaPtr)
+        }
+
         fileprivate var pkcs1DERRepresentation: Data {
             return BIOHelper.withWritableMemoryBIO { bio in
                 let rsaPublicKey = CCryptoBoringSSL_EVP_PKEY_get0_RSA(self.pointer)
@@ -486,6 +516,43 @@ extension BoringSSLRSAPrivateKey {
             CCryptoBoringSSL_EVP_PKEY_assign_RSA(self.pointer, rsaPrivateKey)
         }
 
+
+        fileprivate init(n: some ContiguousBytes, e: some ContiguousBytes, d: some ContiguousBytes, p: some ContiguousBytes, q: some ContiguousBytes) throws {
+            self.pointer = CCryptoBoringSSL_EVP_PKEY_new()
+            let n = try ArbitraryPrecisionInteger(bytes: n)
+            let e = try ArbitraryPrecisionInteger(bytes: e)
+            let d = try ArbitraryPrecisionInteger(bytes: d)
+            let p = try ArbitraryPrecisionInteger(bytes: p)
+            let q = try ArbitraryPrecisionInteger(bytes: q)
+
+            // Compute the CRT params.
+            let dp = try FiniteFieldArithmeticContext(fieldSize: p - 1).residue(d)
+            let dq = try FiniteFieldArithmeticContext(fieldSize: q - 1).residue(d)
+            guard let qi = try FiniteFieldArithmeticContext(fieldSize: p).inverse(q) else {
+                throw CryptoKitError.internalBoringSSLError()
+            }
+
+            // Create BoringSSL RSA key.
+            guard let rsaPtr = n.withUnsafeBignumPointer({ n in
+                e.withUnsafeBignumPointer { e in
+                    d.withUnsafeBignumPointer { d in
+                        p.withUnsafeBignumPointer { p in
+                            q.withUnsafeBignumPointer { q in
+                                dp.withUnsafeBignumPointer { dp in
+                                    dq.withUnsafeBignumPointer { dq in
+                                        qi.withUnsafeBignumPointer { qi in
+                                            CCryptoBoringSSL_RSA_new_private_key(n, e, d, p, q, dp, dq, qi)
+                                        }
+                                    }
+                                }
+                            }
+                        }
+                    }
+                }
+            }) else { throw CryptoKitError.internalBoringSSLError() }
+            CCryptoBoringSSL_EVP_PKEY_assign_RSA(self.pointer, rsaPtr)
+        }
+
         private static func pkcs8DERPrivateKey<Bytes: ContiguousBytes>(_ derRepresentation: Bytes) -> OpaquePointer? {
             return derRepresentation.withUnsafeBytes { derPtr in
                 return BIOHelper.withReadOnlyMemoryBIO(wrapping: derPtr) { bio in

Sources/_CryptoExtras/RSA/RSA_security.swift

@@ -43,6 +43,10 @@ internal struct SecurityRSAPublicKey: @unchecked Sendable {
         self.backing = unwrappedKey
     }
 
+    init(_ boringSSLKey: BoringSSLRSAPublicKey) throws {
+        try self.init(derRepresentation: boringSSLKey.derRepresentation)
+    }
+
     var pkcs1DERRepresentation: Data {
         var error: Unmanaged<CFError>? = nil
         let representation = SecKeyCopyExternalRepresentation(self.backing, &error)
@@ -135,6 +139,10 @@ internal struct SecurityRSAPrivateKey: @unchecked Sendable {
         self.backing = unwrappedKey
     }
 
+    init(_ boringSSLKey: BoringSSLRSAPrivateKey) throws {
+        try self.init(derRepresentation: boringSSLKey.derRepresentation)
+    }
+
     var derRepresentation: Data {
         var error: Unmanaged<CFError>? = nil
         let representation = SecKeyCopyExternalRepresentation(self.backing, &error)

Sources/_CryptoExtras/Util/BoringSSLHelpers.swift

@@ -92,86 +92,3 @@ extension FixedWidthInteger {
         return try block(&bn)
     }
 }
-
-extension _RSA.BlindSigning.PublicKey {
-    /// Construct a platform-specific RSA public key with the specified parameters.
-    ///
-    /// This constructor is used in tests in cases where test vectors provide the key information this way.
-    ///
-    /// Only the BoringSSL backend provides APIs to create the key from its parameters so we first create a BoringSSL
-    /// key, serialize it to PEM format, and then construct a platform specific key from the PEM representation.
-    internal init(nHexString: String, eHexString: String, parameters: Parameters) throws {
-        let n = try ArbitraryPrecisionInteger(hexString: nHexString)
-        let e = try ArbitraryPrecisionInteger(hexString: eHexString)
-
-        // Create BoringSSL RSA key.
-        guard let rsaPtr = n.withUnsafeBignumPointer({ n in
-            e.withUnsafeBignumPointer { e in
-                CCryptoBoringSSL_RSA_new_public_key(n, e)
-            }
-        }) else { throw CryptoKitError.internalBoringSSLError() }
-        defer { CCryptoBoringSSL_RSA_free(rsaPtr) }
-
-        // Get PEM representation for key.
-        let pemRepresentation = BIOHelper.withWritableMemoryBIO { bio in
-            precondition(CCryptoBoringSSL_PEM_write_bio_RSAPublicKey(bio, rsaPtr) == 1)
-            return try! String(copyingUTF8MemoryBIO: bio)
-        }
-
-        // Create a key (which might be backed by Security framework) from PEM representation.
-        try self.init(pemRepresentation: pemRepresentation, parameters: parameters)
-    }
-}
-
-
-extension _RSA.BlindSigning.PrivateKey {
-    /// Construct a platform-specific RSA private key with the specified parameters.
-    ///
-    /// This constructor is used in tests in cases where test vectors provide the key information this way.
-    ///
-    /// Only the BoringSSL backend provides APIs to create the key from its parameters so we first create a BoringSSL
-    /// key, serialize it to PEM format, and then construct a platform specific key from the PEM representation.
-    internal init(nHexString: String, eHexString: String, dHexString: String, pHexString: String, qHexString: String, parameters: Parameters) throws {
-        let n = try ArbitraryPrecisionInteger(hexString: nHexString)
-        let e = try ArbitraryPrecisionInteger(hexString: eHexString)
-        let d = try ArbitraryPrecisionInteger(hexString: dHexString)
-        let p = try ArbitraryPrecisionInteger(hexString: pHexString)
-        let q = try ArbitraryPrecisionInteger(hexString: qHexString)
-
-        // Compute the CRT params.
-        let dp = try FiniteFieldArithmeticContext(fieldSize: p - 1).residue(d)
-        let dq = try FiniteFieldArithmeticContext(fieldSize: q - 1).residue(d)
-        guard let qi = try FiniteFieldArithmeticContext(fieldSize: p).inverse(q) else {
-            throw CryptoKitError.internalBoringSSLError()
-        }
-
-        // Create BoringSSL RSA key.
-        guard let rsaPtr = n.withUnsafeBignumPointer({ n in
-            e.withUnsafeBignumPointer { e in
-                d.withUnsafeBignumPointer { d in
-                    p.withUnsafeBignumPointer { p in
-                        q.withUnsafeBignumPointer { q in
-                            dp.withUnsafeBignumPointer { dp in
-                                dq.withUnsafeBignumPointer { dq in
-                                    qi.withUnsafeBignumPointer { qi in
-                                        CCryptoBoringSSL_RSA_new_private_key(n, e, d, p, q, dp, dq, qi)
-                                    }
-                                }
-                            }
-                        }
-                    }
-                }
-            }
-        }) else { throw CryptoKitError.internalBoringSSLError() }
-        defer { CCryptoBoringSSL_RSA_free(rsaPtr) }
-
-        // Get PEM representation for key.
-        let pemRepresentation = BIOHelper.withWritableMemoryBIO { bio in
-            precondition(CCryptoBoringSSL_PEM_write_bio_RSAPrivateKey(bio, rsaPtr, nil, nil, 0, nil, nil) == 1)
-            return try! String(copyingUTF8MemoryBIO: bio)
-        }
-
-        // Create a key (which might be backed by Security framework) from PEM representation.
-        try self.init(pemRepresentation: pemRepresentation, parameters: parameters)
-    }
-}