diff --git a/conformance_test.go b/conformance_test.go index a7cbfa6..1ba5ee2 100644 --- a/conformance_test.go +++ b/conformance_test.go @@ -73,14 +73,9 @@ func TestTSATimestampGranted(t *testing.T) { // do timestamp message := []byte("notation") - nonce, err := generateNonce() - if err != nil { - t.Fatal("failed to create nonce:", err) - } requestOpts := RequestOptions{ Content: message, HashAlgorithm: crypto.SHA256, - Nonce: nonce, } req, err := NewRequest(requestOpts) if err != nil { diff --git a/http_test.go b/http_test.go index e439a9e..8a57de8 100644 --- a/http_test.go +++ b/http_test.go @@ -67,12 +67,12 @@ func TestHTTPTimestampGranted(t *testing.T) { Tag: 5, FullBytes: []byte{5, 0}, }, - NoNonce: true, } req, err := NewRequest(requestOpts) if err != nil { t.Fatalf("NewRequest() error = %v", err) } + req.Nonce = nil ctx := context.Background() resp, err := tsa.Timestamp(ctx, req) if err != nil { diff --git a/request.go b/request.go index 13824ff..ea50687 100644 --- a/request.go +++ b/request.go @@ -94,18 +94,6 @@ type RequestOptions struct { // Reference: https://datatracker.ietf.org/doc/html/rfc3161#section-2.4.1 ReqPolicy asn1.ObjectIdentifier - // NoNonce disables any Nonce usage. When set to true, the Nonce field is - // ignored, and no built-in Nonce will be generated. OPTIONAL. - NoNonce bool - - // Nonce is a large random number with a high probability that the client - // generates it only once. The same nonce is included and validated in the - // response. It is only used when NoNonce is not set to true. - // - // When this field is nil, a built-in Nonce will be generated and sent to - // the TSA. OPTIONAL. - Nonce *big.Int - // NoCert tells the TSA to not include any signing certificate in its // response. By default, TSA signing certificate is included in the response. // OPTIONAL. @@ -133,17 +121,9 @@ func NewRequest(opts RequestOptions) (*Request, error) { if tspclientasn1.EqualRawValue(hashAlgParameter, asn1.RawValue{}) || tspclientasn1.EqualRawValue(hashAlgParameter, asn1.NullRawValue) { hashAlgParameter = asn1NullRawValue } - var nonce *big.Int - if !opts.NoNonce { - if opts.Nonce != nil { // user provided Nonce, use it - nonce = opts.Nonce - } else { // user ignored Nonce, use built-in Nonce - var err error - nonce, err = generateNonce() - if err != nil { - return nil, &MalformedRequestError{Msg: err.Error()} - } - } + nonce, err := generateNonce() + if err != nil { + return nil, &MalformedRequestError{Msg: err.Error()} } return &Request{ Version: 1, @@ -206,7 +186,7 @@ func generateNonce() (*big.Int, error) { // Pick a random number from 0 to 2^159 nonce, err := rand.Int(rand.Reader, (&big.Int{}).Lsh(big.NewInt(1), 159)) if err != nil { - return nil, errors.New("error generating nonce") + return nil, errors.New("failed to generate nonce") } return nonce, nil } diff --git a/request_test.go b/request_test.go index eddd61f..0532dfa 100644 --- a/request_test.go +++ b/request_test.go @@ -15,6 +15,7 @@ package tspclient import ( "crypto" + "crypto/rand" "crypto/x509/pkix" "encoding/asn1" "errors" @@ -71,6 +72,21 @@ func TestNewRequest(t *testing.T) { if !reflect.DeepEqual(req.MessageImprint.HashAlgorithm.Parameters, asn1NullRawValue) { t.Fatalf("expected %v, but got %v", asn1NullRawValue, req.MessageImprint.HashAlgorithm.Parameters) } + + defaultRandReader := rand.Reader + rand.Reader = &dummyRandReader{} + defer func() { + rand.Reader = defaultRandReader + }() + opts = RequestOptions{ + Content: message, + HashAlgorithm: crypto.SHA256, + } + expectedErrMsg = "malformed timestamping request: failed to generate nonce" + _, err = NewRequest(opts) + if err == nil || !errors.As(err, &malformedRequest) || err.Error() != expectedErrMsg { + t.Fatalf("expected error %s, but got %v", expectedErrMsg, err) + } } func TestRequestMarshalBinary(t *testing.T) { @@ -155,3 +171,9 @@ func TestValidateRequest(t *testing.T) { t.Fatalf("expected error %s, but got %v", expectedErrMsg, err) } } + +type dummyRandReader struct{} + +func (r *dummyRandReader) Read(b []byte) (int, error) { + return 0, errors.New("failed to read") +}