Rename functions that encode/decode private keys

It is not nice to expose a private key's contents without having the
function name advertise the fact.  Fortunately, we weren't misusing
these yet.
This commit is contained in:
Nick Mathewson 2018-07-19 08:56:51 -04:00
parent 752ffa2197
commit 0f971d7c91
5 changed files with 11 additions and 11 deletions

View File

@ -4994,7 +4994,7 @@ add_onion_helper_keyarg(const char *arg, int discard_pk,
if (!strcasecmp(key_type_rsa1024, key_type)) {
/* "RSA:<Base64 Blob>" - Loading a pre-existing RSA1024 key. */
pk = crypto_pk_base64_decode(key_blob, strlen(key_blob));
pk = crypto_pk_base64_decode_private(key_blob, strlen(key_blob));
if (!pk) {
err_msg = tor_strdup("512 Failed to decode RSA key\r\n");
goto err;
@ -5029,7 +5029,7 @@ add_onion_helper_keyarg(const char *arg, int discard_pk,
goto err;
}
if (!discard_pk) {
if (crypto_pk_base64_encode(pk, &key_new_blob)) {
if (crypto_pk_base64_encode_private(pk, &key_new_blob)) {
crypto_pk_free(pk);
tor_asprintf(&err_msg, "551 Failed to encode %s key\r\n",
key_type_rsa1024);

View File

@ -101,8 +101,8 @@ int crypto_pk_private_sign_digest(crypto_pk_t *env, char *to, size_t tolen,
int crypto_pk_get_digest(const crypto_pk_t *pk, char *digest_out);
int crypto_pk_get_common_digests(crypto_pk_t *pk,
common_digests_t *digests_out);
int crypto_pk_base64_encode(const crypto_pk_t *pk, char **priv_out);
crypto_pk_t *crypto_pk_base64_decode(const char *str, size_t len);
int crypto_pk_base64_encode_private(const crypto_pk_t *pk, char **priv_out);
crypto_pk_t *crypto_pk_base64_decode_private(const char *str, size_t len);
/* Prototypes for private functions only used by tortls.c, crypto.c, and the
* unit tests. */

View File

@ -750,7 +750,7 @@ crypto_pk_asn1_decode(const char *str, size_t len)
* It is the caller's responsibility to sanitize and free the resulting buffer.
*/
int
crypto_pk_base64_encode(const crypto_pk_t *pk, char **priv_out)
crypto_pk_base64_encode_private(const crypto_pk_t *pk, char **priv_out)
{
unsigned char *der = NULL;
int der_len;
@ -781,7 +781,7 @@ crypto_pk_base64_encode(const crypto_pk_t *pk, char **priv_out)
* on failure.
*/
crypto_pk_t *
crypto_pk_base64_decode(const char *str, size_t len)
crypto_pk_base64_decode_private(const char *str, size_t len)
{
crypto_pk_t *pk = NULL;

View File

@ -161,7 +161,7 @@ test_add_onion_helper_keyarg_v2(void *arg)
/* Test loading a RSA1024 key. */
tor_free(err_msg);
pk1 = pk_generate(0);
tt_int_op(0, OP_EQ, crypto_pk_base64_encode(pk1, &encoded));
tt_int_op(0, OP_EQ, crypto_pk_base64_encode_private(pk1, &encoded));
tor_asprintf(&arg_str, "RSA1024:%s", encoded);
ret = add_onion_helper_keyarg(arg_str, 0, &key_new_alg, &key_new_blob,
&pk, &hs_version, &err_msg);

View File

@ -1420,22 +1420,22 @@ test_crypto_pk_base64(void *arg)
/* Test Base64 encoding a key. */
pk1 = pk_generate(0);
tt_assert(pk1);
tt_int_op(0, OP_EQ, crypto_pk_base64_encode(pk1, &encoded));
tt_int_op(0, OP_EQ, crypto_pk_base64_encode_private(pk1, &encoded));
tt_assert(encoded);
/* Test decoding a valid key. */
pk2 = crypto_pk_base64_decode(encoded, strlen(encoded));
pk2 = crypto_pk_base64_decode_private(encoded, strlen(encoded));
tt_assert(pk2);
tt_int_op(crypto_pk_cmp_keys(pk1, pk2), OP_EQ, 0);
crypto_pk_free(pk2);
/* Test decoding a invalid key (not Base64). */
static const char *invalid_b64 = "The key is in another castle!";
pk2 = crypto_pk_base64_decode(invalid_b64, strlen(invalid_b64));
pk2 = crypto_pk_base64_decode_private(invalid_b64, strlen(invalid_b64));
tt_ptr_op(pk2, OP_EQ, NULL);
/* Test decoding a truncated Base64 blob. */
pk2 = crypto_pk_base64_decode(encoded, strlen(encoded)/2);
pk2 = crypto_pk_base64_decode_private(encoded, strlen(encoded)/2);
tt_ptr_op(pk2, OP_EQ, NULL);
done: