ring/io/
positive.rs

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
// Copyright 2018 Brian Smith.
//
// Permission to use, copy, modify, and/or distribute this software for any
// purpose with or without fee is hereby granted, provided that the above
// copyright notice and this permission notice appear in all copies.
//
// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES
// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
// SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
// OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
// CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

//! Serialization and deserialization.

use crate::error;

/// A serialized positive integer.
#[derive(Copy, Clone)]
pub struct Positive<'a>(untrusted::Input<'a>);

impl<'a> Positive<'a> {
    #[inline]
    pub(crate) fn from_be_bytes(input: untrusted::Input<'a>) -> Result<Self, error::Unspecified> {
        // Empty inputs are not allowed.
        let &first_byte = input
            .as_slice_less_safe()
            .first()
            .ok_or(error::Unspecified)?;
        // Zero isn't allowed and leading zeros aren't allowed.
        if first_byte == 0 {
            return Err(error::Unspecified);
        }
        Ok(Self(input))
    }

    /// Returns the value, ordered from significant byte to least significant
    /// byte, without any leading zeros. The result is guaranteed to be
    /// non-empty.
    #[inline]
    pub fn big_endian_without_leading_zero(&self) -> &'a [u8] {
        self.big_endian_without_leading_zero_as_input()
            .as_slice_less_safe()
    }

    #[inline]
    pub(crate) fn big_endian_without_leading_zero_as_input(&self) -> untrusted::Input<'a> {
        self.0
    }
}

impl Positive<'_> {
    /// Returns the first byte.
    ///
    /// Will not panic because the value is guaranteed to have at least one
    /// byte.
    pub fn first_byte(&self) -> u8 {
        // This won't panic because
        self.0.as_slice_less_safe()[0]
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_from_be_bytes() {
        static TEST_CASES: &[(&[u8], Result<&[u8], error::Unspecified>)] = &[
            // An empty input isn't a number.
            (&[], Err(error::Unspecified)),
            // Zero is not positive.
            (&[0x00], Err(error::Unspecified)),
            // Minimum value. No leading zero required or allowed.
            (&[0x00, 0x01], Err(error::Unspecified)),
            (&[0x01], Ok(&[0x01])),
            // Maximum first byte. No leading zero required or allowed.
            (&[0xff], Ok(&[0xff])),
            (&[0x00, 0xff], Err(error::Unspecified)),
            // The last byte can be zero.
            (&[0x01, 0x00], Ok(&[0x01, 0x00])),
            (&[0x01, 0x00, 0x00], Ok(&[0x01, 0x00, 0x00])),
            // Having no zero bytes are also allowed.
            (&[0x01, 0x01], Ok(&[0x01, 0x01])),
            // A middle byte can be zero.
            (&[0x01, 0x00, 0x01], Ok(&[0x01, 0x00, 0x01])),
            (&[0x01, 0x01, 0x01], Ok(&[0x01, 0x01, 0x01])),
        ];
        for &(input, result) in TEST_CASES {
            let input = untrusted::Input::from(input);
            assert_eq!(
                Positive::from_be_bytes(input).map(|p| p.big_endian_without_leading_zero()),
                result
            );
        }
    }
}