Skip to content

Commit

Permalink
x509-cert: drop generate_with_length and generate_with_dyn_length
Browse files Browse the repository at this point in the history
Signed-off-by: Arthur Gautier <[email protected]>
  • Loading branch information
baloo committed Dec 25, 2023
1 parent d59aaf4 commit bae1b21
Showing 1 changed file with 49 additions and 77 deletions.
126 changes: 49 additions & 77 deletions x509-cert/src/serial_number.rs
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ use {
core::ops::Add,
generic_array::{
typenum::{
consts::{self, U17, U19, U8},
consts::{U17, U19, U8},
marker_traits::Unsigned,
type_operators::{Max, Min},
uint::UTerm,
Expand Down Expand Up @@ -88,71 +88,62 @@ impl<P: Profile> SerialNumber<P> {
/// [ballot 164]: https://cabforum.org/2016/03/31/ballot-164/
#[cfg(feature = "builder")]
pub fn generate(rng: &mut impl CryptoRngCore) -> Result<Self> {
Self::generate_with_length::<U17>(rng)
Self::generate_with_prefix::<UTerm, U17>(GenericArray::default(), rng)
}

/// Generates a random serial number from RNG.
/// Generates a random serial number from RNG. Include a prefix value.
///
/// This follows the recommendation the CAB forum [ballot 164] and uses a minimum of 64 bits
/// of output from the CSPRNG.
///
/// [ballot 164]: https://cabforum.org/2016/03/31/ballot-164/
#[cfg(feature = "builder")]
pub fn generate_with_length<N>(rng: &mut impl CryptoRngCore) -> Result<Self>
where
N: Unsigned + ArrayLength<u8>,
// Rand minimum is 64 bits
N: Min<U8>,
// Max length is 20 bytes, encoding of sign bit might
// requires an additional byte, so the limit is 19.
N: Max<U19>,
{
Self::generate_with_prefix::<UTerm, N>(GenericArray::default(), rng)
}

/// Generates a random serial number from RNG.
///
/// This follows the recommendation the CAB forum [ballot 164] and uses a minimum of 64 bits
/// of output from the CSPRNG.
/// # Dynamic API
///
/// [ballot 164]: https://cabforum.org/2016/03/31/ballot-164/
#[cfg(feature = "builder")]
#[allow(unused_qualifications)]
pub fn generate_with_dyn_length(rng: &mut impl CryptoRngCore, len: usize) -> Result<Self> {
macro_rules! impl_generate {
($len:literal => $u:ty) => {
if (len == $len) {
return Self::generate_with_prefix::<UTerm, $u>(GenericArray::default(), rng);
}
};
($len:literal => $u:ty, $($rest:tt)*) => {
impl_generate!($len => $u);
impl_generate!($($rest)*);
};
}

impl_generate!(
8 => consts::U8,
9 => consts::U9,
10 => consts::U10,
11 => consts::U11,
12 => consts::U12,
13 => consts::U13,
14 => consts::U14,
15 => consts::U15,
16 => consts::U16,
17 => consts::U17,
18 => consts::U18,
19 => consts::U19
);

Err(ErrorKind::Failed.into())
}

/// Generates a random serial number from RNG. Include a prefix value.
/// While this only provides a const-generic API. A dynamic generation can be implemented
/// like:
/// ```rust
/// use der::{ErrorKind, Result};
/// use generic_array::{
/// typenum::{
/// consts,
/// uint::UTerm,
/// },
/// GenericArray,
/// };
/// use signature::rand_core::CryptoRngCore;
/// use x509_cert::serial_number::SerialNumber;
///
/// This follows the recommendation the CAB forum [ballot 164] and uses a minimum of 64 bits
/// of output from the CSPRNG.
/// /// Generates a random serial number from RNG.
/// n generate_with_dyn_length(rng: &mut impl CryptoRngCore, len: usize) -> Result<SerialNumber> {
/// macro_rules! impl_generate {
/// ($len:literal => $u:ty) => {
/// if (len == $len) {
/// return SerialNumber::generate_with_prefix::<UTerm, $u>(GenericArray::default(), rng);
/// }
/// };
/// ($len:literal => $u:ty, $($rest:tt)*) => {
/// impl_generate!($len => $u);
/// impl_generate!($($rest)*);
/// };
/// }
/// impl_generate!(
/// 8 => consts::U8,
/// 9 => consts::U9,
/// 10 => consts::U10,
/// 11 => consts::U11,
/// 12 => consts::U12,
/// 13 => consts::U13,
/// 14 => consts::U14,
/// 15 => consts::U15,
/// 16 => consts::U16,
/// 17 => consts::U17,
/// 18 => consts::U18,
/// 19 => consts::U19
/// );
/// Err(ErrorKind::Failed.into())
/// }
/// ```
///
/// [ballot 164]: https://cabforum.org/2016/03/31/ballot-164/
#[cfg(feature = "builder")]
Expand Down Expand Up @@ -319,30 +310,11 @@ mod tests {
// in which case the length is going to be 18.
assert!(matches!(sn.as_bytes().len(), 17..=18));

let sn =
SerialNumber::<Rfc5280>::generate_with_length::<U8>(&mut rand::thread_rng()).unwrap();
assert!(matches!(sn.as_bytes().len(), 8..=9));

let sn =
SerialNumber::<Rfc5280>::generate_with_length::<U19>(&mut rand::thread_rng()).unwrap();
assert!(matches!(sn.as_bytes().len(), 19..=20));

let sn = SerialNumber::<Rfc5280>::generate_with_prefix::<_, U17>(
arr![u8; 1, 2, 3],
&mut rand::thread_rng(),
)
.unwrap();
assert_eq!(sn.as_bytes().len(), 20);

let sn = SerialNumber::<Rfc5280>::generate_with_dyn_length(&mut rand::thread_rng(), 4);
assert!(sn.is_err());
let sn = SerialNumber::<Rfc5280>::generate_with_dyn_length(&mut rand::thread_rng(), 7);
assert!(sn.is_err());
let sn = SerialNumber::<Rfc5280>::generate_with_dyn_length(&mut rand::thread_rng(), 20);
assert!(sn.is_err());
let sn = SerialNumber::<Rfc5280>::generate_with_dyn_length(&mut rand::thread_rng(), 8);
assert!(sn.is_ok());
let sn = SerialNumber::<Rfc5280>::generate_with_dyn_length(&mut rand::thread_rng(), 19);
assert!(sn.is_ok());
}
}

0 comments on commit bae1b21

Please sign in to comment.