cut!: remove nonce options (notaryproject#34)

Signed-off-by: Patrick Zheng <[email protected]>

conformance_test.go

@@ -73,14 +73,9 @@ func TestTSATimestampGranted(t *testing.T) {
 
 	// do timestamp
 	message := []byte("notation")
-	nonce, err := generateNonce()
-	if err != nil {
-		t.Fatal("failed to create nonce:", err)
-	}
 	requestOpts := RequestOptions{
 		Content:       message,
 		HashAlgorithm: crypto.SHA256,
-		Nonce:         nonce,
 	}
 	req, err := NewRequest(requestOpts)
 	if err != nil {

http_test.go

@@ -67,12 +67,12 @@ func TestHTTPTimestampGranted(t *testing.T) {
 			Tag:       5,
 			FullBytes: []byte{5, 0},
 		},
-		NoNonce: true,
 	}
 	req, err := NewRequest(requestOpts)
 	if err != nil {
 		t.Fatalf("NewRequest() error = %v", err)
 	}
+	req.Nonce = nil
 	ctx := context.Background()
 	resp, err := tsa.Timestamp(ctx, req)
 	if err != nil {

request.go

@@ -94,18 +94,6 @@ type RequestOptions struct {
 	// Reference: https://datatracker.ietf.org/doc/html/rfc3161#section-2.4.1
 	ReqPolicy asn1.ObjectIdentifier
 
-	// NoNonce disables any Nonce usage. When set to true, the Nonce field is
-	// ignored, and no built-in Nonce will be generated. OPTIONAL.
-	NoNonce bool
-
-	// Nonce is a large random number with a high probability that the client
-	// generates it only once. The same nonce is included and validated in the
-	// response. It is only used when NoNonce is not set to true.
-	//
-	// When this field is nil, a built-in Nonce will be generated and sent to
-	// the TSA. OPTIONAL.
-	Nonce *big.Int
-
 	// NoCert tells the TSA to not include any signing certificate in its
 	// response. By default, TSA signing certificate is included in the response.
 	// OPTIONAL.
@@ -133,17 +121,9 @@ func NewRequest(opts RequestOptions) (*Request, error) {
 	if tspclientasn1.EqualRawValue(hashAlgParameter, asn1.RawValue{}) || tspclientasn1.EqualRawValue(hashAlgParameter, asn1.NullRawValue) {
 		hashAlgParameter = asn1NullRawValue
 	}
-	var nonce *big.Int
-	if !opts.NoNonce {
-		if opts.Nonce != nil { // user provided Nonce, use it
-			nonce = opts.Nonce
-		} else { // user ignored Nonce, use built-in Nonce
-			var err error
-			nonce, err = generateNonce()
-			if err != nil {
-				return nil, &MalformedRequestError{Msg: err.Error()}
-			}
-		}
+	nonce, err := generateNonce()
+	if err != nil {
+		return nil, &MalformedRequestError{Msg: err.Error()}
 	}
 	return &Request{
 		Version: 1,
@@ -206,7 +186,7 @@ func generateNonce() (*big.Int, error) {
 	// Pick a random number from 0 to 2^159
 	nonce, err := rand.Int(rand.Reader, (&big.Int{}).Lsh(big.NewInt(1), 159))
 	if err != nil {
-		return nil, errors.New("error generating nonce")
+		return nil, errors.New("failed to generate nonce")
 	}
 	return nonce, nil
 }

request_test.go

@@ -15,6 +15,7 @@ package tspclient
 
 import (
 	"crypto"
+	"crypto/rand"
 	"crypto/x509/pkix"
 	"encoding/asn1"
 	"errors"
@@ -71,6 +72,21 @@ func TestNewRequest(t *testing.T) {
 	if !reflect.DeepEqual(req.MessageImprint.HashAlgorithm.Parameters, asn1NullRawValue) {
 		t.Fatalf("expected %v, but got %v", asn1NullRawValue, req.MessageImprint.HashAlgorithm.Parameters)
 	}
+
+	defaultRandReader := rand.Reader
+	rand.Reader = &dummyRandReader{}
+	defer func() {
+		rand.Reader = defaultRandReader
+	}()
+	opts = RequestOptions{
+		Content:       message,
+		HashAlgorithm: crypto.SHA256,
+	}
+	expectedErrMsg = "malformed timestamping request: failed to generate nonce"
+	_, err = NewRequest(opts)
+	if err == nil || !errors.As(err, &malformedRequest) || err.Error() != expectedErrMsg {
+		t.Fatalf("expected error %s, but got %v", expectedErrMsg, err)
+	}
 }
 
 func TestRequestMarshalBinary(t *testing.T) {
@@ -155,3 +171,9 @@ func TestValidateRequest(t *testing.T) {
 		t.Fatalf("expected error %s, but got %v", expectedErrMsg, err)
 	}
 }
+
+type dummyRandReader struct{}
+
+func (r *dummyRandReader) Read(b []byte) (int, error) {
+	return 0, errors.New("failed to read")
+}