Merge remote-tracking branch 'dgoulet/ticket20568_030_01'

src/or/hs_descriptor.c

@@ -15,6 +15,7 @@
 #include "ed25519_cert.h" /* Trunnel interface. */
 #include "parsecommon.h"
 #include "rendcache.h"
+#include "torcert.h" /* tor_cert_encode_ed22519() */
 
 /* Constant string value used for the descriptor format. */
 #define str_hs_desc "hs-descriptor"
@@ -135,45 +136,6 @@ desc_encrypted_data_free_contents(hs_desc_encrypted_data_t *desc)
 
 /* === ENCODING === */
 
-/* Encode the ed25519 certificate <b>cert</b> and put the newly allocated
- * string in <b>cert_str_out</b>. Return 0 on success else a negative value. */
-STATIC int
-encode_cert(const tor_cert_t *cert, char **cert_str_out)
-{
-  int ret = -1;
-  char *ed_cert_b64 = NULL;
-  size_t ed_cert_b64_len;
-
-  tor_assert(cert);
-  tor_assert(cert_str_out);
-
-  /* Get the encoded size and add the NUL byte. */
-  ed_cert_b64_len = base64_encode_size(cert->encoded_len,
-                                       BASE64_ENCODE_MULTILINE) + 1;
-  ed_cert_b64 = tor_malloc_zero(ed_cert_b64_len);
-
-  /* Base64 encode the encoded certificate. */
-  if (base64_encode(ed_cert_b64, ed_cert_b64_len,
-                    (const char *) cert->encoded, cert->encoded_len,
-                    BASE64_ENCODE_MULTILINE) < 0) {
-    log_err(LD_BUG, "Couldn't base64-encode descriptor signing key cert!");
-    goto err;
-  }
-
-  /* Put everything together in a NUL terminated string. */
-  tor_asprintf(cert_str_out,
-               "-----BEGIN ED25519 CERT-----\n"
-               "%s"
-               "-----END ED25519 CERT-----",
-               ed_cert_b64);
-  /* Success! */
-  ret = 0;
-
- err:
-  tor_free(ed_cert_b64);
-  return ret;
-}
-
 /* Encode the given link specifier objects into a newly allocated string.
  * This can't fail so caller can always assume a valid string being
  * returned. */
@@ -327,7 +289,7 @@ encode_enc_key(const ed25519_keypair_t *sig_key,
     if (!cross_cert) {
       goto err;
     }
-    ret = encode_cert(cross_cert, &encoded_cert);
+    ret = tor_cert_encode_ed22519(cross_cert, &encoded_cert);
     tor_cert_free(cross_cert);
     if (ret) {
       goto err;
@@ -375,7 +337,7 @@ encode_intro_point(const ed25519_keypair_t *sig_key,
   /* Authentication key encoding. */
   {
     char *encoded_cert;
-    if (encode_cert(ip->auth_key_cert, &encoded_cert) < 0) {
+    if (tor_cert_encode_ed22519(ip->auth_key_cert, &encoded_cert) < 0) {
       goto err;
     }
     smartlist_add_asprintf(lines, "%s\n%s", str_ip_auth_key, encoded_cert);
@@ -769,7 +731,7 @@ desc_encode_v3(const hs_descriptor_t *desc, char **encoded_out)
               "(%d)", (int) desc->plaintext_data.signing_key_cert->cert_type);
       goto err;
     }
-    if (encode_cert(desc->plaintext_data.signing_key_cert,
+    if (tor_cert_encode_ed22519(desc->plaintext_data.signing_key_cert,
                     &encoded_cert) < 0) {
       /* The function will print error logs. */
       goto err;

src/or/hs_descriptor.h

@@ -216,7 +216,6 @@ size_t hs_desc_plaintext_obj_size(const hs_desc_plaintext_data_t *data);
 #ifdef HS_DESCRIPTOR_PRIVATE
 
 /* Encoding. */
-STATIC int encode_cert(const tor_cert_t *cert, char **cert_str_out);
 STATIC char *encode_link_specifiers(const smartlist_t *specs);
 STATIC size_t build_plaintext_padding(const char *plaintext,
                                       size_t plaintext_len,

src/or/torcert.c

@@ -648,3 +648,44 @@ or_handshake_certs_check_both(int severity,
   }
 }
 
+/* === ENCODING === */
+
+/* Encode the ed25519 certificate <b>cert</b> and put the newly allocated
+ * string in <b>cert_str_out</b>. Return 0 on success else a negative value. */
+int
+tor_cert_encode_ed22519(const tor_cert_t *cert, char **cert_str_out)
+{
+  int ret = -1;
+  char *ed_cert_b64 = NULL;
+  size_t ed_cert_b64_len;
+
+  tor_assert(cert);
+  tor_assert(cert_str_out);
+
+  /* Get the encoded size and add the NUL byte. */
+  ed_cert_b64_len = base64_encode_size(cert->encoded_len,
+                                       BASE64_ENCODE_MULTILINE) + 1;
+  ed_cert_b64 = tor_malloc_zero(ed_cert_b64_len);
+
+  /* Base64 encode the encoded certificate. */
+  if (base64_encode(ed_cert_b64, ed_cert_b64_len,
+                    (const char *) cert->encoded, cert->encoded_len,
+                    BASE64_ENCODE_MULTILINE) < 0) {
+    log_err(LD_BUG, "Couldn't base64-encode ed22519 cert!");
+    goto err;
+  }
+
+  /* Put everything together in a NUL terminated string. */
+  tor_asprintf(cert_str_out,
+               "-----BEGIN ED25519 CERT-----\n"
+               "%s"
+               "-----END ED25519 CERT-----",
+               ed_cert_b64);
+  /* Success! */
+  ret = 0;
+
+ err:
+  tor_free(ed_cert_b64);
+  return ret;
+}
+

src/or/torcert.h

@@ -98,5 +98,7 @@ void or_handshake_certs_check_both(int severity,
                               const ed25519_public_key_t **ed_id_out,
                               const common_digests_t **rsa_id_out);
 
+int tor_cert_encode_ed22519(const tor_cert_t *cert, char **cert_str_out);
+
 #endif
 

src/test/test_hs_descriptor.c

@@ -254,7 +254,7 @@ test_cert_encoding(void *arg)
   tt_assert(cert);
 
   /* Test the certificate encoding function. */
-  ret = encode_cert(cert, &encoded);
+  ret = tor_cert_encode_ed22519(cert, &encoded);
   tt_int_op(ret, ==, 0);
 
   /* Validated the certificate string. */