diff --git a/x509-cert/src/serial_number.rs b/x509-cert/src/serial_number.rs index 6aff10897..c453c56e6 100644 --- a/x509-cert/src/serial_number.rs +++ b/x509-cert/src/serial_number.rs @@ -12,7 +12,7 @@ use { core::ops::Add, generic_array::{ typenum::{ - consts::{self, U17, U19, U8}, + consts::{U17, U19, U8}, marker_traits::Unsigned, type_operators::{Max, Min}, uint::UTerm, @@ -88,71 +88,62 @@ impl SerialNumber

{ /// [ballot 164]: https://cabforum.org/2016/03/31/ballot-164/ #[cfg(feature = "builder")] pub fn generate(rng: &mut impl CryptoRngCore) -> Result { - Self::generate_with_length::(rng) + Self::generate_with_prefix::(GenericArray::default(), rng) } - /// Generates a random serial number from RNG. + /// Generates a random serial number from RNG. Include a prefix value. /// /// This follows the recommendation the CAB forum [ballot 164] and uses a minimum of 64 bits /// of output from the CSPRNG. /// - /// [ballot 164]: https://cabforum.org/2016/03/31/ballot-164/ - #[cfg(feature = "builder")] - pub fn generate_with_length(rng: &mut impl CryptoRngCore) -> Result - where - N: Unsigned + ArrayLength, - // Rand minimum is 64 bits - N: Min, - // Max length is 20 bytes, encoding of sign bit might - // requires an additional byte, so the limit is 19. - N: Max, - { - Self::generate_with_prefix::(GenericArray::default(), rng) - } - - /// Generates a random serial number from RNG. - /// - /// This follows the recommendation the CAB forum [ballot 164] and uses a minimum of 64 bits - /// of output from the CSPRNG. + /// # Dynamic API /// - /// [ballot 164]: https://cabforum.org/2016/03/31/ballot-164/ - #[cfg(feature = "builder")] - #[allow(unused_qualifications)] - pub fn generate_with_dyn_length(rng: &mut impl CryptoRngCore, len: usize) -> Result { - macro_rules! impl_generate { - ($len:literal => $u:ty) => { - if (len == $len) { - return Self::generate_with_prefix::(GenericArray::default(), rng); - } - }; - ($len:literal => $u:ty, $($rest:tt)*) => { - impl_generate!($len => $u); - impl_generate!($($rest)*); - }; - } - - impl_generate!( - 8 => consts::U8, - 9 => consts::U9, - 10 => consts::U10, - 11 => consts::U11, - 12 => consts::U12, - 13 => consts::U13, - 14 => consts::U14, - 15 => consts::U15, - 16 => consts::U16, - 17 => consts::U17, - 18 => consts::U18, - 19 => consts::U19 - ); - - Err(ErrorKind::Failed.into()) - } - - /// Generates a random serial number from RNG. Include a prefix value. + /// While this only provides a const-generic API. A dynamic generation can be implemented + /// like: + /// ```rust + /// use der::{ErrorKind, Result}; + /// use generic_array::{ + /// typenum::{ + /// consts, + /// uint::UTerm, + /// }, + /// GenericArray, + /// }; + /// use signature::rand_core::CryptoRngCore; + /// use x509_cert::serial_number::SerialNumber; /// - /// This follows the recommendation the CAB forum [ballot 164] and uses a minimum of 64 bits - /// of output from the CSPRNG. + /// /// Generates a random serial number from RNG. + /// n generate_with_dyn_length(rng: &mut impl CryptoRngCore, len: usize) -> Result { + /// macro_rules! impl_generate { + /// ($len:literal => $u:ty) => { + /// if (len == $len) { + /// return SerialNumber::generate_with_prefix::(GenericArray::default(), rng); + /// } + /// }; + /// ($len:literal => $u:ty, $($rest:tt)*) => { + /// impl_generate!($len => $u); + /// impl_generate!($($rest)*); + /// }; + /// } + + /// impl_generate!( + /// 8 => consts::U8, + /// 9 => consts::U9, + /// 10 => consts::U10, + /// 11 => consts::U11, + /// 12 => consts::U12, + /// 13 => consts::U13, + /// 14 => consts::U14, + /// 15 => consts::U15, + /// 16 => consts::U16, + /// 17 => consts::U17, + /// 18 => consts::U18, + /// 19 => consts::U19 + /// ); + + /// Err(ErrorKind::Failed.into()) + /// } + /// ``` /// /// [ballot 164]: https://cabforum.org/2016/03/31/ballot-164/ #[cfg(feature = "builder")] @@ -319,30 +310,11 @@ mod tests { // in which case the length is going to be 18. assert!(matches!(sn.as_bytes().len(), 17..=18)); - let sn = - SerialNumber::::generate_with_length::(&mut rand::thread_rng()).unwrap(); - assert!(matches!(sn.as_bytes().len(), 8..=9)); - - let sn = - SerialNumber::::generate_with_length::(&mut rand::thread_rng()).unwrap(); - assert!(matches!(sn.as_bytes().len(), 19..=20)); - let sn = SerialNumber::::generate_with_prefix::<_, U17>( arr![u8; 1, 2, 3], &mut rand::thread_rng(), ) .unwrap(); assert_eq!(sn.as_bytes().len(), 20); - - let sn = SerialNumber::::generate_with_dyn_length(&mut rand::thread_rng(), 4); - assert!(sn.is_err()); - let sn = SerialNumber::::generate_with_dyn_length(&mut rand::thread_rng(), 7); - assert!(sn.is_err()); - let sn = SerialNumber::::generate_with_dyn_length(&mut rand::thread_rng(), 20); - assert!(sn.is_err()); - let sn = SerialNumber::::generate_with_dyn_length(&mut rand::thread_rng(), 8); - assert!(sn.is_ok()); - let sn = SerialNumber::::generate_with_dyn_length(&mut rand::thread_rng(), 19); - assert!(sn.is_ok()); } }