about summary refs log tree commit diff
path: root/third_party/nix/src/libstore/crypto.cc
diff options
context:
space:
mode:
Diffstat (limited to 'third_party/nix/src/libstore/crypto.cc')
-rw-r--r--third_party/nix/src/libstore/crypto.cc15
1 files changed, 12 insertions, 3 deletions
diff --git a/third_party/nix/src/libstore/crypto.cc b/third_party/nix/src/libstore/crypto.cc
index 62b3c05ff95f..bec0b08c67c1 100644
--- a/third_party/nix/src/libstore/crypto.cc
+++ b/third_party/nix/src/libstore/crypto.cc
@@ -1,5 +1,7 @@
 #include "libstore/crypto.hh"
 
+#include <absl/strings/escaping.h>
+
 #include "libstore/globals.hh"
 #include "libutil/util.hh"
 
@@ -27,7 +29,10 @@ Key::Key(const std::string& s) {
     throw Error("secret key is corrupt");
   }
 
-  key = base64Decode(key);
+  if (!absl::Base64Unescape(key, &key)) {
+    // TODO(grfn): replace this with StatusOr
+    throw Error("Invalid Base64");
+  }
 }
 
 SecretKey::SecretKey(const std::string& s) : Key(s) {
@@ -52,7 +57,7 @@ std::string SecretKey::signDetached(const std::string& data) const {
   unsigned long long sigLen;
   crypto_sign_detached(sig, &sigLen, (unsigned char*)data.data(), data.size(),
                        (unsigned char*)key.data());
-  return name + ":" + base64Encode(std::string((char*)sig, sigLen));
+  return name + ":" + absl::Base64Escape(std::string((char*)sig, sigLen));
 #else
   noSodium();
 #endif
@@ -86,7 +91,11 @@ bool verifyDetached(const std::string& data, const std::string& sig,
     return false;
   }
 
-  auto sig2 = base64Decode(ss.second);
+  std::string sig2;
+  if (!absl::Base64Unescape(ss.second, &sig2)) {
+    // TODO(grfn): replace this with StatusOr
+    throw Error("Invalid Base64");
+  }
   if (sig2.size() != crypto_sign_BYTES) {
     throw Error("signature is not valid");
   }