chore: checkpoint before Python removal

vendor/rsa/src/traits/encryption.rs

@@ -0,0 +1,42 @@
+//! Encryption-related traits.
+
+use alloc::vec::Vec;
+use rand_core::CryptoRngCore;
+
+use crate::errors::Result;
+
+/// Encrypt the message using provided random source
+pub trait RandomizedEncryptor {
+    /// Encrypt the given message.
+    fn encrypt_with_rng<R: CryptoRngCore + ?Sized>(
+        &self,
+        rng: &mut R,
+        msg: &[u8],
+    ) -> Result<Vec<u8>>;
+}
+
+/// Decrypt the given message
+pub trait Decryptor {
+    /// Decrypt the given message.
+    fn decrypt(&self, ciphertext: &[u8]) -> Result<Vec<u8>>;
+}
+
+/// Decrypt the given message using provided random source
+pub trait RandomizedDecryptor {
+    /// Decrypt the given message.
+    fn decrypt_with_rng<R: CryptoRngCore + ?Sized>(
+        &self,
+        rng: &mut R,
+        ciphertext: &[u8],
+    ) -> Result<Vec<u8>>;
+}
+
+/// Encryption keypair with an associated encryption key.
+pub trait EncryptingKeypair {
+    /// Encrypting key type for this keypair.
+    type EncryptingKey: Clone;
+
+    /// Get the encrypting key which can encrypt messages to be decrypted by
+    /// the decryption key portion of this keypair.
+    fn encrypting_key(&self) -> Self::EncryptingKey;
+}

vendor/rsa/src/traits/keys.rs

@@ -0,0 +1,65 @@
+//! Traits related to the key components
+
+use num_bigint::{BigInt, BigUint};
+use zeroize::Zeroize;
+
+/// Components of an RSA public key.
+pub trait PublicKeyParts {
+    /// Returns the modulus of the key.
+    fn n(&self) -> &BigUint;
+
+    /// Returns the public exponent of the key.
+    fn e(&self) -> &BigUint;
+
+    /// Returns the modulus size in bytes. Raw signatures and ciphertexts for
+    /// or by this public key will have the same size.
+    fn size(&self) -> usize {
+        (self.n().bits() + 7) / 8
+    }
+}
+
+/// Components of an RSA private key.
+pub trait PrivateKeyParts: PublicKeyParts {
+    /// Returns the private exponent of the key.
+    fn d(&self) -> &BigUint;
+
+    /// Returns the prime factors.
+    fn primes(&self) -> &[BigUint];
+
+    /// Returns the precomputed dp value, D mod (P-1)
+    fn dp(&self) -> Option<&BigUint>;
+
+    /// Returns the precomputed dq value, D mod (Q-1)
+    fn dq(&self) -> Option<&BigUint>;
+
+    /// Returns the precomputed qinv value, Q^-1 mod P
+    fn qinv(&self) -> Option<&BigInt>;
+
+    /// Returns an iterator over the CRT Values
+    fn crt_values(&self) -> Option<&[CrtValue]>;
+}
+
+/// Contains the precomputed Chinese remainder theorem values.
+#[derive(Debug, Clone)]
+pub struct CrtValue {
+    /// D mod (prime - 1)
+    pub(crate) exp: BigInt,
+    /// R·Coeff ≡ 1 mod Prime.
+    pub(crate) coeff: BigInt,
+    /// product of primes prior to this (inc p and q)
+    pub(crate) r: BigInt,
+}
+
+impl Zeroize for CrtValue {
+    fn zeroize(&mut self) {
+        self.exp.zeroize();
+        self.coeff.zeroize();
+        self.r.zeroize();
+    }
+}
+
+impl Drop for CrtValue {
+    fn drop(&mut self) {
+        self.zeroize();
+    }
+}

vendor/rsa/src/traits/padding.rs

@@ -0,0 +1,49 @@
+//! Supported padding schemes.
+
+use alloc::vec::Vec;
+
+use rand_core::CryptoRngCore;
+
+use crate::errors::Result;
+use crate::key::{RsaPrivateKey, RsaPublicKey};
+
+/// Padding scheme used for encryption.
+pub trait PaddingScheme {
+    /// Decrypt the given message using the given private key.
+    ///
+    /// If an `rng` is passed, it uses RSA blinding to help mitigate timing
+    /// side-channel attacks.
+    fn decrypt<Rng: CryptoRngCore>(
+        self,
+        rng: Option<&mut Rng>,
+        priv_key: &RsaPrivateKey,
+        ciphertext: &[u8],
+    ) -> Result<Vec<u8>>;
+
+    /// Encrypt the given message using the given public key.
+    fn encrypt<Rng: CryptoRngCore>(
+        self,
+        rng: &mut Rng,
+        pub_key: &RsaPublicKey,
+        msg: &[u8],
+    ) -> Result<Vec<u8>>;
+}
+
+/// Digital signature scheme.
+pub trait SignatureScheme {
+    /// Sign the given digest.
+    fn sign<Rng: CryptoRngCore>(
+        self,
+        rng: Option<&mut Rng>,
+        priv_key: &RsaPrivateKey,
+        hashed: &[u8],
+    ) -> Result<Vec<u8>>;
+
+    /// Verify a signed message.
+    ///
+    /// `hashed` must be the result of hashing the input using the hashing function
+    /// passed in through `hash`.
+    ///
+    /// If the message is valid `Ok(())` is returned, otherwise an `Err` indicating failure.
+    fn verify(self, pub_key: &RsaPublicKey, hashed: &[u8], sig: &[u8]) -> Result<()>;
+}