Skip to content

Commit

Permalink
cut!: remove nonce options (#34)
Browse files Browse the repository at this point in the history
Signed-off-by: Patrick Zheng <[email protected]>
  • Loading branch information
Two-Hearts authored Oct 30, 2024
1 parent 718b4b8 commit 90a141e
Show file tree
Hide file tree
Showing 4 changed files with 27 additions and 30 deletions.
5 changes: 0 additions & 5 deletions conformance_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -73,14 +73,9 @@ func TestTSATimestampGranted(t *testing.T) {

// do timestamp
message := []byte("notation")
nonce, err := generateNonce()
if err != nil {
t.Fatal("failed to create nonce:", err)
}
requestOpts := RequestOptions{
Content: message,
HashAlgorithm: crypto.SHA256,
Nonce: nonce,
}
req, err := NewRequest(requestOpts)
if err != nil {
Expand Down
2 changes: 1 addition & 1 deletion http_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -67,12 +67,12 @@ func TestHTTPTimestampGranted(t *testing.T) {
Tag: 5,
FullBytes: []byte{5, 0},
},
NoNonce: true,
}
req, err := NewRequest(requestOpts)
if err != nil {
t.Fatalf("NewRequest() error = %v", err)
}
req.Nonce = nil
ctx := context.Background()
resp, err := tsa.Timestamp(ctx, req)
if err != nil {
Expand Down
28 changes: 4 additions & 24 deletions request.go
Original file line number Diff line number Diff line change
Expand Up @@ -94,18 +94,6 @@ type RequestOptions struct {
// Reference: https://datatracker.ietf.org/doc/html/rfc3161#section-2.4.1
ReqPolicy asn1.ObjectIdentifier

// NoNonce disables any Nonce usage. When set to true, the Nonce field is
// ignored, and no built-in Nonce will be generated. OPTIONAL.
NoNonce bool

// Nonce is a large random number with a high probability that the client
// generates it only once. The same nonce is included and validated in the
// response. It is only used when NoNonce is not set to true.
//
// When this field is nil, a built-in Nonce will be generated and sent to
// the TSA. OPTIONAL.
Nonce *big.Int

// NoCert tells the TSA to not include any signing certificate in its
// response. By default, TSA signing certificate is included in the response.
// OPTIONAL.
Expand Down Expand Up @@ -133,17 +121,9 @@ func NewRequest(opts RequestOptions) (*Request, error) {
if tspclientasn1.EqualRawValue(hashAlgParameter, asn1.RawValue{}) || tspclientasn1.EqualRawValue(hashAlgParameter, asn1.NullRawValue) {
hashAlgParameter = asn1NullRawValue
}
var nonce *big.Int
if !opts.NoNonce {
if opts.Nonce != nil { // user provided Nonce, use it
nonce = opts.Nonce
} else { // user ignored Nonce, use built-in Nonce
var err error
nonce, err = generateNonce()
if err != nil {
return nil, &MalformedRequestError{Msg: err.Error()}
}
}
nonce, err := generateNonce()
if err != nil {
return nil, &MalformedRequestError{Msg: err.Error()}
}
return &Request{
Version: 1,
Expand Down Expand Up @@ -206,7 +186,7 @@ func generateNonce() (*big.Int, error) {
// Pick a random number from 0 to 2^159
nonce, err := rand.Int(rand.Reader, (&big.Int{}).Lsh(big.NewInt(1), 159))
if err != nil {
return nil, errors.New("error generating nonce")
return nil, errors.New("failed to generate nonce")
}
return nonce, nil
}
22 changes: 22 additions & 0 deletions request_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ package tspclient

import (
"crypto"
"crypto/rand"
"crypto/x509/pkix"
"encoding/asn1"
"errors"
Expand Down Expand Up @@ -71,6 +72,21 @@ func TestNewRequest(t *testing.T) {
if !reflect.DeepEqual(req.MessageImprint.HashAlgorithm.Parameters, asn1NullRawValue) {
t.Fatalf("expected %v, but got %v", asn1NullRawValue, req.MessageImprint.HashAlgorithm.Parameters)
}

defaultRandReader := rand.Reader
rand.Reader = &dummyRandReader{}
defer func() {
rand.Reader = defaultRandReader
}()
opts = RequestOptions{
Content: message,
HashAlgorithm: crypto.SHA256,
}
expectedErrMsg = "malformed timestamping request: failed to generate nonce"
_, err = NewRequest(opts)
if err == nil || !errors.As(err, &malformedRequest) || err.Error() != expectedErrMsg {
t.Fatalf("expected error %s, but got %v", expectedErrMsg, err)
}
}

func TestRequestMarshalBinary(t *testing.T) {
Expand Down Expand Up @@ -155,3 +171,9 @@ func TestValidateRequest(t *testing.T) {
t.Fatalf("expected error %s, but got %v", expectedErrMsg, err)
}
}

type dummyRandReader struct{}

func (r *dummyRandReader) Read(b []byte) (int, error) {
return 0, errors.New("failed to read")
}

0 comments on commit 90a141e

Please sign in to comment.