rsa: Move some compliance comments to the appropriate place.

briansmith · briansmith · commit dee131d5dbb0 · 2025-10-30T14:19:28.000-07:00
These comments make more sense in the new location. They should have been
moved in an earlier refactoring.
diff --git a/src/rsa/base/public_key.rs b/src/rsa/base/public_key.rs
@@ -39,22 +39,6 @@ impl<'a> ValidatedInput<'a> {
         n_max_bits: bits::BitLength,
         e_min_value: PublicExponent,
     ) -> Result<Self, error::KeyRejected> {
-        let n =
-            public_modulus::ValidatedInput::from_be_bytes(components.n, n_min_bits..=n_max_bits)?;
-        let e_input = components.e.into();
-        let e = PublicExponent::from_be_bytes(e_input, e_min_value)?;
-        Ok(Self { n, e, e_input })
-    }
-
-    pub fn n(&self) -> &public_modulus::ValidatedInput<'_> {
-        &self.n
-    }
-
-    pub(in super::super) fn e_input(&self) -> untrusted::Input<'_> {
-        self.e_input
-    }
-
-    pub(in super::super) fn build(&self, cpu_features: cpu::Features) -> PublicKey {
         // This is an incomplete implementation of NIST SP800-56Br1 Section
         // 6.4.2.2, "Partial Public-Key Validation for RSA." That spec defers
         // to NIST SP800-89 Section 5.3.3, "(Explicit) Partial Public Key
@@ -64,16 +48,33 @@ impl<'a> ValidatedInput<'a> {
         // and one set lettered. TODO: Document this in the end-user
         // documentation for RSA keys.
 
-        let n = self.n.build(cpu_features);
-
         // If `n` is less than `e` then somebody has probably accidentally swapped
         // them. The largest acceptable `e` is smaller than the smallest acceptable
         // `n`, so no additional checks need to be done.
 
         // XXX: Steps 4 & 5 / Steps d, e, & f are not implemented. This is also the
         // case in most other commonly-used crypto libraries.
 
-        PublicKey { n, e: self.e }
+        let n =
+            public_modulus::ValidatedInput::from_be_bytes(components.n, n_min_bits..=n_max_bits)?;
+        let e_input = components.e.into();
+        let e = PublicExponent::from_be_bytes(e_input, e_min_value)?;
+        Ok(Self { n, e, e_input })
+    }
+
+    pub fn n(&self) -> &public_modulus::ValidatedInput<'_> {
+        &self.n
+    }
+
+    pub(in super::super) fn e_input(&self) -> untrusted::Input<'_> {
+        self.e_input
+    }
+
+    pub(in super::super) fn build(&self, cpu_features: cpu::Features) -> PublicKey {
+        PublicKey {
+            n: self.n.build(cpu_features),
+            e: self.e,
+        }
     }
 }
 
