[tor-commits] [tor/master] Rename functions that encode/decode private keys

commit 0f971d7c915e45556c582b8e02017927bf196f7e Author: Nick Mathewson nickm@torproject.org Date: Thu Jul 19 08:56:51 2018 -0400

Rename functions that encode/decode private keys

It is not nice to expose a private key's contents without having the function name advertise the fact. Fortunately, we weren't misusing these yet. --- src/feature/control/control.c | 4 ++-- src/lib/crypt_ops/crypto_rsa.h | 4 ++-- src/lib/crypt_ops/crypto_rsa_openssl.c | 4 ++-- src/test/test_controller.c | 2 +- src/test/test_crypto.c | 8 ++++---- 5 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/src/feature/control/control.c b/src/feature/control/control.c index f22df30e1..5b62be8a6 100644 --- a/src/feature/control/control.c +++ b/src/feature/control/control.c @@ -4994,7 +4994,7 @@ add_onion_helper_keyarg(const char *arg, int discard_pk,

if (!strcasecmp(key_type_rsa1024, key_type)) { /* "RSA:<Base64 Blob>" - Loading a pre-existing RSA1024 key. */ - pk = crypto_pk_base64_decode(key_blob, strlen(key_blob)); + pk = crypto_pk_base64_decode_private(key_blob, strlen(key_blob)); if (!pk) { err_msg = tor_strdup("512 Failed to decode RSA key\r\n"); goto err; @@ -5029,7 +5029,7 @@ add_onion_helper_keyarg(const char *arg, int discard_pk, goto err; } if (!discard_pk) { - if (crypto_pk_base64_encode(pk, &key_new_blob)) { + if (crypto_pk_base64_encode_private(pk, &key_new_blob)) { crypto_pk_free(pk); tor_asprintf(&err_msg, "551 Failed to encode %s key\r\n", key_type_rsa1024); diff --git a/src/lib/crypt_ops/crypto_rsa.h b/src/lib/crypt_ops/crypto_rsa.h index 45412d21e..d1f9d57aa 100644 --- a/src/lib/crypt_ops/crypto_rsa.h +++ b/src/lib/crypt_ops/crypto_rsa.h @@ -101,8 +101,8 @@ int crypto_pk_private_sign_digest(crypto_pk_t *env, char *to, size_t tolen, int crypto_pk_get_digest(const crypto_pk_t *pk, char *digest_out); int crypto_pk_get_common_digests(crypto_pk_t *pk, common_digests_t *digests_out); -int crypto_pk_base64_encode(const crypto_pk_t *pk, char **priv_out); -crypto_pk_t *crypto_pk_base64_decode(const char *str, size_t len); +int crypto_pk_base64_encode_private(const crypto_pk_t *pk, char **priv_out); +crypto_pk_t *crypto_pk_base64_decode_private(const char *str, size_t len);

/* Prototypes for private functions only used by tortls.c, crypto.c, and the * unit tests. */ diff --git a/src/lib/crypt_ops/crypto_rsa_openssl.c b/src/lib/crypt_ops/crypto_rsa_openssl.c index c57a2e39e..a342c1e7d 100644 --- a/src/lib/crypt_ops/crypto_rsa_openssl.c +++ b/src/lib/crypt_ops/crypto_rsa_openssl.c @@ -750,7 +750,7 @@ crypto_pk_asn1_decode(const char *str, size_t len) * It is the caller's responsibility to sanitize and free the resulting buffer. */ int -crypto_pk_base64_encode(const crypto_pk_t *pk, char **priv_out) +crypto_pk_base64_encode_private(const crypto_pk_t *pk, char **priv_out) { unsigned char *der = NULL; int der_len; @@ -781,7 +781,7 @@ crypto_pk_base64_encode(const crypto_pk_t *pk, char **priv_out) * on failure. */ crypto_pk_t * -crypto_pk_base64_decode(const char *str, size_t len) +crypto_pk_base64_decode_private(const char *str, size_t len) { crypto_pk_t *pk = NULL;

diff --git a/src/test/test_controller.c b/src/test/test_controller.c index d0aa86844..d5d51758f 100644 --- a/src/test/test_controller.c +++ b/src/test/test_controller.c @@ -161,7 +161,7 @@ test_add_onion_helper_keyarg_v2(void *arg) /* Test loading a RSA1024 key. */ tor_free(err_msg); pk1 = pk_generate(0); - tt_int_op(0, OP_EQ, crypto_pk_base64_encode(pk1, &encoded)); + tt_int_op(0, OP_EQ, crypto_pk_base64_encode_private(pk1, &encoded)); tor_asprintf(&arg_str, "RSA1024:%s", encoded); ret = add_onion_helper_keyarg(arg_str, 0, &key_new_alg, &key_new_blob, &pk, &hs_version, &err_msg); diff --git a/src/test/test_crypto.c b/src/test/test_crypto.c index 029e98a63..81d43ff13 100644 --- a/src/test/test_crypto.c +++ b/src/test/test_crypto.c @@ -1420,22 +1420,22 @@ test_crypto_pk_base64(void *arg) /* Test Base64 encoding a key. */ pk1 = pk_generate(0); tt_assert(pk1); - tt_int_op(0, OP_EQ, crypto_pk_base64_encode(pk1, &encoded)); + tt_int_op(0, OP_EQ, crypto_pk_base64_encode_private(pk1, &encoded)); tt_assert(encoded);

/* Test decoding a valid key. */ - pk2 = crypto_pk_base64_decode(encoded, strlen(encoded)); + pk2 = crypto_pk_base64_decode_private(encoded, strlen(encoded)); tt_assert(pk2); tt_int_op(crypto_pk_cmp_keys(pk1, pk2), OP_EQ, 0); crypto_pk_free(pk2);

/* Test decoding a invalid key (not Base64). */ static const char *invalid_b64 = "The key is in another castle!"; - pk2 = crypto_pk_base64_decode(invalid_b64, strlen(invalid_b64)); + pk2 = crypto_pk_base64_decode_private(invalid_b64, strlen(invalid_b64)); tt_ptr_op(pk2, OP_EQ, NULL);

/* Test decoding a truncated Base64 blob. */ - pk2 = crypto_pk_base64_decode(encoded, strlen(encoded)/2); + pk2 = crypto_pk_base64_decode_private(encoded, strlen(encoded)/2); tt_ptr_op(pk2, OP_EQ, NULL);

done: