about summary refs log tree commit diff
path: root/third_party/nix/src/libstore/crypto.cc
diff options
context:
space:
mode:
authorGriffin Smith <grfn@gws.fyi>2020-07-23T21·18-0400
committerglittershark <grfn@gws.fyi>2020-07-25T00·04+0000
commit2fcf2d0d20f7e67a80c2cb5b2d0a437faed6efb7 (patch)
tree06dcd7864bd12b60d1beaf895f79177300988375 /third_party/nix/src/libstore/crypto.cc
parentece66d081b1833ee0bb508fad2843f2d49c9e50d (diff)
refactor(3p/nix): Remove custom base64 implementation r/1462
Replace the custom, rather questionable base64 implementation with
absl::Base64{Une,E}scape. To make sure that the custom implementation
was doing the same thing I've also added a test covering
nix::Hash::to_string, which was one function that used it - the test
passed prior to the replacement, and continued to pass afterwards.

The previous base64Decode function threw an exception on failure - to
avoid going too far down the rabbit hole I've replicated that
functionality at all call sites, but this should be replaced with more
sensible error handling such as StatusOr eventually.

Also, before this change:

    ❯ nix eval -f . users.tazjin.emacs.outPath
    "/nix/store/g6ri2q8nra96ix20bcsc734r1yyaylb1-tazjins-emacs"

And after:

    ❯ ./result/bin/nix eval -f . users.tazjin.emacs.outPath
    "/nix/store/g6ri2q8nra96ix20bcsc734r1yyaylb1-tazjins-emacs"

Change-Id: Id292ffbb82fe808f3f1b34670afbe7b8c13ad615
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1385
Reviewed-by: tazjin <mail@tazj.in>
Tested-by: BuildkiteCI
Diffstat (limited to 'third_party/nix/src/libstore/crypto.cc')
-rw-r--r--third_party/nix/src/libstore/crypto.cc15
1 files changed, 12 insertions, 3 deletions
diff --git a/third_party/nix/src/libstore/crypto.cc b/third_party/nix/src/libstore/crypto.cc
index 62b3c05ff95f..bec0b08c67c1 100644
--- a/third_party/nix/src/libstore/crypto.cc
+++ b/third_party/nix/src/libstore/crypto.cc
@@ -1,5 +1,7 @@
 #include "libstore/crypto.hh"
 
+#include <absl/strings/escaping.h>
+
 #include "libstore/globals.hh"
 #include "libutil/util.hh"
 
@@ -27,7 +29,10 @@ Key::Key(const std::string& s) {
     throw Error("secret key is corrupt");
   }
 
-  key = base64Decode(key);
+  if (!absl::Base64Unescape(key, &key)) {
+    // TODO(grfn): replace this with StatusOr
+    throw Error("Invalid Base64");
+  }
 }
 
 SecretKey::SecretKey(const std::string& s) : Key(s) {
@@ -52,7 +57,7 @@ std::string SecretKey::signDetached(const std::string& data) const {
   unsigned long long sigLen;
   crypto_sign_detached(sig, &sigLen, (unsigned char*)data.data(), data.size(),
                        (unsigned char*)key.data());
-  return name + ":" + base64Encode(std::string((char*)sig, sigLen));
+  return name + ":" + absl::Base64Escape(std::string((char*)sig, sigLen));
 #else
   noSodium();
 #endif
@@ -86,7 +91,11 @@ bool verifyDetached(const std::string& data, const std::string& sig,
     return false;
   }
 
-  auto sig2 = base64Decode(ss.second);
+  std::string sig2;
+  if (!absl::Base64Unescape(ss.second, &sig2)) {
+    // TODO(grfn): replace this with StatusOr
+    throw Error("Invalid Base64");
+  }
   if (sig2.size() != crypto_sign_BYTES) {
     throw Error("signature is not valid");
   }