Commit 0f971d7c authored by Nick Mathewson's avatar Nick Mathewson
Browse files

Rename functions that encode/decode private keys

It is not nice to expose a private key's contents without having the
function name advertise the fact.  Fortunately, we weren't misusing
these yet.
parent 752ffa21
......@@ -4994,7 +4994,7 @@ add_onion_helper_keyarg(const char *arg, int discard_pk,
if (!strcasecmp(key_type_rsa1024, key_type)) {
/* "RSA:<Base64 Blob>" - Loading a pre-existing RSA1024 key. */
pk = crypto_pk_base64_decode(key_blob, strlen(key_blob));
pk = crypto_pk_base64_decode_private(key_blob, strlen(key_blob));
if (!pk) {
err_msg = tor_strdup("512 Failed to decode RSA key\r\n");
goto err;
......@@ -5029,7 +5029,7 @@ add_onion_helper_keyarg(const char *arg, int discard_pk,
goto err;
}
if (!discard_pk) {
if (crypto_pk_base64_encode(pk, &key_new_blob)) {
if (crypto_pk_base64_encode_private(pk, &key_new_blob)) {
crypto_pk_free(pk);
tor_asprintf(&err_msg, "551 Failed to encode %s key\r\n",
key_type_rsa1024);
......
......@@ -101,8 +101,8 @@ int crypto_pk_private_sign_digest(crypto_pk_t *env, char *to, size_t tolen,
int crypto_pk_get_digest(const crypto_pk_t *pk, char *digest_out);
int crypto_pk_get_common_digests(crypto_pk_t *pk,
common_digests_t *digests_out);
int crypto_pk_base64_encode(const crypto_pk_t *pk, char **priv_out);
crypto_pk_t *crypto_pk_base64_decode(const char *str, size_t len);
int crypto_pk_base64_encode_private(const crypto_pk_t *pk, char **priv_out);
crypto_pk_t *crypto_pk_base64_decode_private(const char *str, size_t len);
/* Prototypes for private functions only used by tortls.c, crypto.c, and the
* unit tests. */
......
......@@ -750,7 +750,7 @@ crypto_pk_asn1_decode(const char *str, size_t len)
* It is the caller's responsibility to sanitize and free the resulting buffer.
*/
int
crypto_pk_base64_encode(const crypto_pk_t *pk, char **priv_out)
crypto_pk_base64_encode_private(const crypto_pk_t *pk, char **priv_out)
{
unsigned char *der = NULL;
int der_len;
......@@ -781,7 +781,7 @@ crypto_pk_base64_encode(const crypto_pk_t *pk, char **priv_out)
* on failure.
*/
crypto_pk_t *
crypto_pk_base64_decode(const char *str, size_t len)
crypto_pk_base64_decode_private(const char *str, size_t len)
{
crypto_pk_t *pk = NULL;
......
......@@ -161,7 +161,7 @@ test_add_onion_helper_keyarg_v2(void *arg)
/* Test loading a RSA1024 key. */
tor_free(err_msg);
pk1 = pk_generate(0);
tt_int_op(0, OP_EQ, crypto_pk_base64_encode(pk1, &encoded));
tt_int_op(0, OP_EQ, crypto_pk_base64_encode_private(pk1, &encoded));
tor_asprintf(&arg_str, "RSA1024:%s", encoded);
ret = add_onion_helper_keyarg(arg_str, 0, &key_new_alg, &key_new_blob,
&pk, &hs_version, &err_msg);
......
......@@ -1420,22 +1420,22 @@ test_crypto_pk_base64(void *arg)
/* Test Base64 encoding a key. */
pk1 = pk_generate(0);
tt_assert(pk1);
tt_int_op(0, OP_EQ, crypto_pk_base64_encode(pk1, &encoded));
tt_int_op(0, OP_EQ, crypto_pk_base64_encode_private(pk1, &encoded));
tt_assert(encoded);
/* Test decoding a valid key. */
pk2 = crypto_pk_base64_decode(encoded, strlen(encoded));
pk2 = crypto_pk_base64_decode_private(encoded, strlen(encoded));
tt_assert(pk2);
tt_int_op(crypto_pk_cmp_keys(pk1, pk2), OP_EQ, 0);
crypto_pk_free(pk2);
/* Test decoding a invalid key (not Base64). */
static const char *invalid_b64 = "The key is in another castle!";
pk2 = crypto_pk_base64_decode(invalid_b64, strlen(invalid_b64));
pk2 = crypto_pk_base64_decode_private(invalid_b64, strlen(invalid_b64));
tt_ptr_op(pk2, OP_EQ, NULL);
/* Test decoding a truncated Base64 blob. */
pk2 = crypto_pk_base64_decode(encoded, strlen(encoded)/2);
pk2 = crypto_pk_base64_decode_private(encoded, strlen(encoded)/2);
tt_ptr_op(pk2, OP_EQ, NULL);
done:
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment