Skip to content

Commit

Permalink
x509-cert: adds a generate_with_dyn_length for serials
Browse files Browse the repository at this point in the history
  • Loading branch information
baloo committed Dec 13, 2023
1 parent ce141b3 commit f3471e7
Showing 1 changed file with 51 additions and 1 deletion.
52 changes: 51 additions & 1 deletion x509-cert/src/serial_number.rs
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ use {
core::ops::Add,
generic_array::{
typenum::{
consts::{U17, U19, U8},
consts::{self, U17, U19, U8},
marker_traits::Unsigned,
type_operators::{Max, Min},
uint::UTerm,
Expand Down Expand Up @@ -110,6 +110,45 @@ impl<P: Profile> SerialNumber<P> {
Self::generate_with_prefix::<UTerm, N>(GenericArray::default(), rng)
}

/// Generates a random serial number from RNG.
///
/// This follows the recommendation the CAB forum [ballot 164] and uses a minimum of 64 bits
/// of output from the CSPRNG.
///
/// [ballot 164]: https://cabforum.org/2016/03/31/ballot-164/
#[cfg(feature = "builder")]
#[allow(unused_qualifications)]
pub fn generate_with_dyn_length(rng: &mut impl CryptoRngCore, len: usize) -> Result<Self> {
macro_rules! impl_generate {
($len:literal => $u:ty) => {
if (len == $len) {
return Self::generate_with_prefix::<UTerm, $u>(GenericArray::default(), rng);
}
};
($len:literal => $u:ty, $($rest:tt)*) => {
impl_generate!($len => $u);
impl_generate!($($rest)*);
};
}

impl_generate!(
8 => consts::U8,
9 => consts::U9,
10 => consts::U10,
11 => consts::U11,
12 => consts::U12,
13 => consts::U13,
14 => consts::U14,
15 => consts::U15,
16 => consts::U16,
17 => consts::U17,
18 => consts::U18,
19 => consts::U19
);

Err(ErrorKind::Failed.into())
}

/// Generates a random serial number from RNG. Include a prefix value.
///
/// This follows the recommendation the CAB forum [ballot 164] and uses a minimum of 64 bits
Expand Down Expand Up @@ -294,5 +333,16 @@ mod tests {
)
.unwrap();
assert_eq!(sn.as_bytes().len(), 20);

let sn = SerialNumber::<Rfc5280>::generate_with_dyn_length(&mut rand::thread_rng(), 4);
assert!(sn.is_err());
let sn = SerialNumber::<Rfc5280>::generate_with_dyn_length(&mut rand::thread_rng(), 7);
assert!(sn.is_err());
let sn = SerialNumber::<Rfc5280>::generate_with_dyn_length(&mut rand::thread_rng(), 20);
assert!(sn.is_err());
let sn = SerialNumber::<Rfc5280>::generate_with_dyn_length(&mut rand::thread_rng(), 8);
assert!(sn.is_ok());
let sn = SerialNumber::<Rfc5280>::generate_with_dyn_length(&mut rand::thread_rng(), 19);
assert!(sn.is_ok());
}
}

0 comments on commit f3471e7

Please sign in to comment.