# # # patch "annotate.cc" # from [c9bd09ef8719f801368bf0a07a09ba98afe2f38f] # to [17e3492599d170bc64c4b7c5750dda63a4769a73] # # patch "cert.cc" # from [bf85ea5442652da9c33d9c8e86a433b03580d38e] # to [eee0a9f1b710ccedc34bf59e118445004e042a80] # # patch "cert.hh" # from [6f92a79897c7ab18113e593bc45f1afc8fbf7fc5] # to [2334e8f1ead86407aeb5d97e9657b5978532773b] # # patch "cmd_diff_log.cc" # from [18d1a1e5263e20c7abc5ef241c0009e916dcaf81] # to [f6c361c235ff5746a230e9b854354ad88abd1865] # # patch "cmd_list.cc" # from [90a6016a47d5cf3133ccd94f1f7908f573ab0535] # to [77c5aba2c0c1ea69a6e991576f6558af766e4146] # # patch "cmd_merging.cc" # from [b46b96d6a1955676c8f3f0e739fce33c05f3383d] # to [d0665576f84bff0c83322468d04ef070825f978f] # # patch "cmd_packet.cc" # from [a0706ea1d4cbb5f9531ce639fd0c8003dde21100] # to [40b0b42404f7107752378b5c4b90298c352c091b] # # patch "cmd_ws_commit.cc" # from [cd238773230ad4d1a10dcf4aeef0ab5b76115718] # to [73f2a0c13972f94ad2fcc93d0aac750af1ebee9c] # # patch "commands.cc" # from [16bc6ea6dbf37798359e4cf69e7db609667cf9de] # to [1ecf0a9c99788b117e23ed8c7124811674c5923f] # # patch "database.cc" # from [0583790131e5fdfba09f85576942dd1c667b0623] # to [168be0db6ec45fd18c6716e0a622e7515916ef94] # # patch "database.hh" # from [a59e6f0275fc542e51ed9bd7fd3383e54dfad8fe] # to [673f98403c91c3abd882b8802d09148199287969] # # patch "database_check.cc" # from [422d7a962b3bc0cb200c5e0da87105d3ad63bb93] # to [f3b8a85aefd3da8efe39ceb5839b730144ea7031] # # patch "key_store.cc" # from [f8de469e5f1ab5743d222be8bf9aea16c76cf3cd] # to [167e6637e117ee23709dc32bb029cb0288064606] # # patch "key_store.hh" # from [ab3846f0e3952ee97f995c434185a05953c1c838] # to [7af9b8f8d7a9f147759a4da81ab9ba358bca29d9] # # patch "keys.cc" # from [d96a6b057ee9ba109e52e6cf2d7a5e8785435b85] # to [f703cda7ad87010788791501eef385412976e0da] # # patch "keys.hh" # from [fb6af28ca0d5f3b8e63427e8c3f485730e767ce0] # to [778951a853a2937eae90703ae663b4691eef5aab] # # patch "netcmd.cc" # from [50e187a13cc5e04970639893759e1460640a3757] # to [bde32fd29cb479216c638281cf494f72af458466] # # patch "netcmd.hh" # from [15406c426ad26a06900fd8fd6b171e746b1ec1ee] # to [902079e85a426929649f70aea179a7d706939711] # # patch "netsync.cc" # from [664f4bc27935c3e2bafa564d99c02ea5bbbc9a47] # to [832911ff01940c887b43c73d47c4db7c41da1628] # # patch "packet.cc" # from [3d2a63f498f5168f17754e12c38fa4f6f96d4274] # to [e617e272fd17fbb13bd705c1daf6113fa4f858da] # # patch "packet.hh" # from [d3119983e2dc5164a6dd1ca161382c211eab5db1] # to [36079522273c7e5e6b04bc2bebfd22cc07b5bf4c] # # patch "project.cc" # from [49f00bd051beef2c2293ef36ab83f09c226ebe05] # to [fd4a5d9d8a3267204ff3a198a6dbf562c1df11a6] # # patch "revision.cc" # from [858fc8cc77773c3c6a81e8373d0d5f1218517149] # to [5f45dc66571d4ca62bddc7b943b815596f82ef7b] # # patch "schema_migration.cc" # from [f5bb54455a2fb596c5091b3ec2677f7c350395ec] # to [86017e5d2e61501377fb630416cf4bfe6609d745] # # patch "transforms.cc" # from [081cded2a5cf3c7dedb9460a14aaac21e70754aa] # to [37cf33ed51b47de79a6001247cfb2571ce1d7b0e] # # patch "transforms.hh" # from [54ea9d901a7f870c2e5ee46b5c3a99e868eb1ad9] # to [e4d0e3f76acf27d96ccf87b6741921a99b3c6833] # # patch "update.cc" # from [e4e1f8d71ba2133af8d22537033ed7f1bb350cbd] # to [c6472ee28faff6f12f9882801d0bbfbd7efe606f] # # patch "vocab.cc" # from [016043a836b8789b07f912e3431f3401234d61e0] # to [90093cefdae518acc7e3381931a89fab27c1cdaf] # ============================================================ --- annotate.cc c9bd09ef8719f801368bf0a07a09ba98afe2f38f +++ annotate.cc 17e3492599d170bc64c4b7c5750dda63a4769a73 @@ -353,8 +353,7 @@ cert_string_value(vector< revision { if (i->inner().name == name) { - cert_value tv; - decode_base64 (i->inner().value, tv); + cert_value tv = decode_base64(i->inner().value); string::size_type f = 0; string::size_type l = string::npos; if (from_start) ============================================================ --- cert.cc bf85ea5442652da9c33d9c8e86a433b03580d38e +++ cert.cc eee0a9f1b710ccedc34bf59e118445004e042a80 @@ -140,8 +140,7 @@ erase_bogus_certs(database & db, for (trust_map::const_iterator i = trust.begin(); i != trust.end(); ++i) { - cert_value decoded_value; - decode_base64(get<2>(i->first), decoded_value); + cert_value decoded_value = decode_base64(get<2>(i->first)); if (db.hook_get_manifest_cert_trust(*(i->second.first), get<0>(i->first), get<1>(i->first), @@ -197,8 +196,7 @@ erase_bogus_certs(database & db, for (trust_map::const_iterator i = trust.begin(); i != trust.end(); ++i) { - cert_value decoded_value; - decode_base64(get<2>(i->first), decoded_value); + cert_value decoded_value = decode_base64(get<2>(i->first)); if (db.hook_get_revision_cert_trust(*(i->second.first), get<0>(i->first), get<1>(i->first), @@ -239,7 +237,7 @@ cert::cert(hexenc const & ident, cert_name const & name, base64 const & value, rsa_keypair_id const & key, - base64 const & sig) + rsa_sha1_signature const & sig) : ident(ident), name(name), value(value), key(key), sig(sig) {} @@ -287,14 +285,11 @@ read_cert(string const & in, cert & t) assert_end_of_buffer(in, pos, "cert"); hexenc hid; - base64 bval; - base64 bsig; - encode_hexenc(ident, hid); - encode_base64(cert_value(val), bval); - encode_base64(rsa_sha1_signature(sig), bsig); + base64 bval = encode_base64(cert_value(val)); - cert tmp(hid, cert_name(name), bval, rsa_keypair_id(key), bsig); + cert tmp(hid, cert_name(name), bval, rsa_keypair_id(key), + rsa_sha1_signature(sig)); hexenc hcheck; id check; @@ -316,12 +311,9 @@ write_cert(cert const & t, string & out) string name, key; hexenc hash; id ident_decoded, hash_decoded; - rsa_sha1_signature sig_decoded; - cert_value value_decoded; + cert_value value_decoded = decode_base64(t.value); cert_hash_code(t, hash); - decode_base64(t.value, value_decoded); - decode_base64(t.sig, sig_decoded); decode_hexenc(t.ident, ident_decoded); decode_hexenc(hash, hash_decoded); @@ -330,7 +322,7 @@ write_cert(cert const & t, string & out) insert_variable_length_string(t.name(), out); insert_variable_length_string(value_decoded(), out); insert_variable_length_string(t.key(), out); - insert_variable_length_string(sig_decoded(), out); + insert_variable_length_string(t.sig(), out); } void @@ -344,9 +336,10 @@ cert_hash_code(cert const & t, hexenc & out) { + base64 sig_encoded(encode_hexenc(t.sig())); string tmp; tmp.reserve(4+t.ident().size() + t.name().size() + t.value().size() + - t.key().size() + t.sig().size()); + t.key().size() + sig_encoded().size()); tmp.append(t.ident()); tmp += ':'; tmp.append(t.name()); @@ -355,7 +348,7 @@ cert_hash_code(cert const & t, hexenc encoded_val; - encode_base64(val, encoded_val); + base64 encoded_val = encode_base64(val); cert t(id.inner(), nm, encoded_val, keys.signing_key); string signed_text; ============================================================ --- cert.hh 6f92a79897c7ab18113e593bc45f1afc8fbf7fc5 +++ cert.hh 2334e8f1ead86407aeb5d97e9657b5978532773b @@ -43,12 +43,12 @@ struct cert cert_name const & name, base64 const & value, rsa_keypair_id const & key, - base64 const & sig); + rsa_sha1_signature const & sig); hexenc ident; cert_name name; base64 value; rsa_keypair_id key; - base64 sig; + rsa_sha1_signature sig; bool operator<(cert const & other) const; bool operator==(cert const & other) const; }; ============================================================ --- cmd_diff_log.cc 18d1a1e5263e20c7abc5ef241c0009e916dcaf81 +++ cmd_diff_log.cc f6c361c235ff5746a230e9b854354ad88abd1865 @@ -577,8 +577,7 @@ log_certs(project_t & project, ostream & for (vector< revision >::const_iterator i = certs.begin(); i != certs.end(); ++i) { - cert_value tv; - decode_base64(i->inner().value, tv); + cert_value tv = decode_base64(i->inner().value); if (first) os << label; ============================================================ --- cmd_list.cc 90a6016a47d5cf3133ccd94f1f7908f573ab0535 +++ cmd_list.cc 77c5aba2c0c1ea69a6e991576f6558af766e4146 @@ -109,8 +109,7 @@ CMD(certs, "certs", "", CMD_REF(list), " for (size_t i = 0; i < certs.size(); ++i) { cert_status status = check_cert(db, idx(certs, i)); - cert_value tv; - decode_base64(idx(certs, i).value, tv); + cert_value tv = decode_base64(idx(certs, i).value); string washed; if (guess_binary(tv())) { @@ -197,7 +196,7 @@ CMD(keys, "keys", "", CMD_REF(list), "[P else if (db.database_specified()) { // we've found a key that should have both a public and a private version - base64 pub_key; + rsa_pub_key pub_key; keypair priv_key; db.get_key(*i, pub_key); keys.get_key_pair(*i, priv_key); @@ -212,7 +211,7 @@ CMD(keys, "keys", "", CMD_REF(list), "[P for (map::iterator i = pubkeys.begin(); i != pubkeys.end(); i++) { - base64 pub_encoded; + rsa_pub_key pub_encoded; hexenc hash_code; rsa_keypair_id keyid = i->first; bool indb = i->second; @@ -602,7 +601,7 @@ CMD_AUTOMATE(keys, "", for (vector::iterator i = dbkeys.begin(); i != dbkeys.end(); i++) { - base64 pub_encoded; + rsa_pub_key pub_encoded; hexenc hash_code; db.get_key(*i, pub_encoded); @@ -721,12 +720,10 @@ CMD_AUTOMATE(certs, N_("REV"), { basic_io::stanza st; cert_status status = check_cert(db, idx(certs, i)); - cert_value tv; + cert_value tv = decode_base64(idx(certs, i).value); cert_name name = idx(certs, i).name; set signers; - decode_base64(idx(certs, i).value, tv); - rsa_keypair_id keyid = idx(certs, i).key; signers.insert(keyid); ============================================================ --- cmd_merging.cc b46b96d6a1955676c8f3f0e739fce33c05f3383d +++ cmd_merging.cc d0665576f84bff0c83322468d04ef070825f978f @@ -99,11 +99,7 @@ pick_branch_for_update(options & opts, d set< branch_name > branches; for (vector< revision >::const_iterator i = certs.begin(); i != certs.end(); i++) - { - cert_value b; - decode_base64(i->inner().value, b); - branches.insert(branch_name(b())); - } + branches.insert(branch_name(decode_base64(i->inner().value)())); if (branches.find(opts.branchname) != branches.end()) { ============================================================ --- cmd_packet.cc a0706ea1d4cbb5f9531ce639fd0c8003dde21100 +++ cmd_packet.cc 40b0b42404f7107752378b5c4b90298c352c091b @@ -35,7 +35,7 @@ CMD(pubkey, "pubkey", "", CMD_REF(packet rsa_keypair_id ident(idx(args, 0)()); bool exists(false); - base64< rsa_pub_key > key; + rsa_pub_key key; if (db.database_specified() && db.public_key_exists(ident)) { db.get_key(ident, key); @@ -124,7 +124,7 @@ namespace } virtual void consume_public_key(rsa_keypair_id const & ident, - base64< rsa_pub_key > const & k) + rsa_pub_key const & k) { transaction_guard guard(db); db.put_key(ident, k); @@ -138,9 +138,9 @@ namespace } virtual void consume_old_private_key(rsa_keypair_id const & ident, - base64 const & k) + old_arc4_rsa_priv_key const & k) { - base64 dummy; + rsa_pub_key dummy; keys.migrate_old_key_pair(ident, k, dummy); } }; ============================================================ --- cmd_ws_commit.cc cd238773230ad4d1a10dcf4aeef0ab5b76115718 +++ cmd_ws_commit.cc 73f2a0c13972f94ad2fcc93d0aac750af1ebee9c @@ -1308,8 +1308,7 @@ CMD(commit, "commit", "ci", CMD_REF(work for (vector< revision >::const_iterator i = ctmp.begin(); i != ctmp.end(); ++i) { - cert_value vtmp; - decode_base64(i->inner().value, vtmp); + cert_value vtmp = decode_base64(i->inner().value); certs.insert(make_pair(i->inner().name, vtmp)); } revision_data rdat; ============================================================ --- commands.cc 16bc6ea6dbf37798359e4cf69e7db609667cf9de +++ commands.cc 1ecf0a9c99788b117e23ed8c7124811674c5923f @@ -873,19 +873,15 @@ describe_revision(project_t & project, r for (vector< revision >::const_iterator i = tmp.begin(); i != tmp.end(); ++i) { - cert_value tv; - decode_base64(i->inner().value, tv); description += " "; - description += tv(); + description += decode_base64(i->inner().value)(); } project.get_revision_certs_by_name(id, date_name, tmp); for (vector< revision >::const_iterator i = tmp.begin(); i != tmp.end(); ++i) { - cert_value tv; - decode_base64(i->inner().value, tv); description += " "; - description += tv(); + description += decode_base64(i->inner().value)(); } return description; ============================================================ --- database.cc 0583790131e5fdfba09f85576942dd1c667b0623 +++ database.cc 168be0db6ec45fd18c6716e0a622e7515916ef94 @@ -2620,14 +2620,14 @@ database::get_pubkey(hexenc const & void database::get_pubkey(hexenc const & hash, rsa_keypair_id & id, - base64 & pub_encoded) + rsa_pub_key & pub) { results res; imp->fetch(res, 2, one_row, query("SELECT id, keydata FROM public_keys WHERE hash = ?") % text(hash())); id = rsa_keypair_id(res[0][0]); - encode_base64(rsa_pub_key(res[0][1]), pub_encoded); + pub = rsa_pub_key(res[0][1]); } void @@ -2641,24 +2641,15 @@ database::get_key(rsa_keypair_id const & pub = rsa_pub_key(res[0][0]); } -void -database::get_key(rsa_keypair_id const & pub_id, - base64 & pub_encoded) -{ - rsa_pub_key pub; - get_key(pub_id, pub); - encode_base64(pub, pub_encoded); -} - bool database::put_key(rsa_keypair_id const & pub_id, - base64 const & pub_encoded) + rsa_pub_key const & pub) { if (public_key_exists(pub_id)) { - base64 tmp; + rsa_pub_key tmp; get_key(pub_id, tmp); - if (!keys_match(pub_id, tmp, pub_id, pub_encoded)) + if (!keys_match(pub_id, tmp, pub_id, pub)) W(F("key '%s' is not equal to key '%s' in database") % pub_id % pub_id); L(FL("skipping existing public key %s") % pub_id); return false; @@ -2667,15 +2658,13 @@ database::put_key(rsa_keypair_id const & L(FL("putting public key %s") % pub_id); hexenc thash; - key_hash_code(pub_id, pub_encoded, thash); + key_hash_code(pub_id, pub, thash); I(!public_key_exists(thash)); - rsa_pub_key pub_key; - decode_base64(pub_encoded, pub_key); imp->execute(query("INSERT INTO public_keys VALUES(?, ?, ?)") % text(thash()) % text(pub_id()) - % blob(pub_key())); + % blob(pub())); return true; } @@ -2719,7 +2708,7 @@ database::check_signature(rsa_keypair_id cert_status database::check_signature(rsa_keypair_id const & id, string const & alleged_text, - base64 const & signature) + rsa_sha1_signature const & signature) { shared_ptr verifier; @@ -2756,19 +2745,15 @@ database::check_signature(rsa_keypair_id imp->verifiers.insert(make_pair(id, make_pair(verifier, pub_key))); } - // examine signature - rsa_sha1_signature sig_decoded; - decode_base64(signature, sig_decoded); - // check the text+sig against the key - L(FL("checking %d-byte (%d decoded) signature") % - signature().size() % sig_decoded().size()); + L(FL("checking %d-byte signature") % + signature().size()); if (verifier->verify_message( reinterpret_cast(alleged_text.data()), alleged_text.size(), - reinterpret_cast(sig_decoded().data()), - sig_decoded().size())) + reinterpret_cast(signature().data()), + signature().size())) return cert_ok; else return cert_bad; @@ -2781,10 +2766,7 @@ database_impl::cert_exists(cert const & string const & table) { results res; - cert_value value; - decode_base64(t.value, value); - rsa_sha1_signature sig; - decode_base64(t.sig, sig); + cert_value value = decode_base64(t.value); query q = query("SELECT id FROM " + table + " WHERE id = ? " "AND name = ? " "AND value = ? " @@ -2794,7 +2776,7 @@ database_impl::cert_exists(cert const & % text(t.name()) % blob(value()) % text(t.key()) - % blob(sig()); + % blob(t.sig()); fetch(res, 1, any_rows, q); @@ -2808,10 +2790,8 @@ database_impl::put_cert(cert const & t, { hexenc thash; cert_hash_code(t, thash); - cert_value value; - decode_base64(t.value, value); + cert_value value = decode_base64(t.value); rsa_sha1_signature sig; - decode_base64(t.sig, sig); string insert = "INSERT INTO " + table + " VALUES(?, ?, ?, ?, ?, ?)"; @@ -2821,7 +2801,7 @@ database_impl::put_cert(cert const & t, % text(t.name()) % blob(value()) % text(t.key()) - % blob(sig())); + % blob(t.sig())); } void @@ -2832,15 +2812,12 @@ database_impl::results_to_certs(results for (size_t i = 0; i < res.size(); ++i) { cert t; - base64 value; - encode_base64(cert_value(res[i][2]), value); - base64 sig; - encode_base64(rsa_sha1_signature(res[i][4]), sig); + base64 value = encode_base64(cert_value(res[i][2])); t = cert(hexenc(res[i][0]), cert_name(res[i][1]), value, rsa_keypair_id(res[i][3]), - sig); + rsa_sha1_signature(res[i][4])); certs.push_back(t); } } @@ -2919,8 +2896,7 @@ database_impl::get_certs(cert_name const query q("SELECT id, name, value, keypair, signature FROM " + table + " WHERE name = ? AND value = ?"); - cert_value binvalue; - decode_base64(val, binvalue); + cert_value binvalue = decode_base64(val); fetch(res, 5, any_rows, q % text(name()) % blob(binvalue())); @@ -2939,8 +2915,7 @@ database_impl::get_certs(hexenc cons query q("SELECT id, name, value, keypair, signature FROM " + table + " WHERE id = ? AND name = ? AND value = ?"); - cert_value binvalue; - decode_base64(value, binvalue); + cert_value binvalue = decode_base64(value); fetch(res, 5, any_rows, q % text(ident()) % text(name()) @@ -3056,8 +3031,7 @@ database::get_revisions_with_cert(cert_n revisions.clear(); results res; query q("SELECT id FROM revision_certs WHERE name = ? AND value = ?"); - cert_value binvalue; - decode_base64(val, binvalue); + cert_value binvalue = decode_base64(val); imp->fetch(res, one_col, any_rows, q % text(name()) % blob(binvalue())); for (results::const_iterator i = res.begin(); i != res.end(); ++i) revisions.insert(revision_id((*i)[0])); ============================================================ --- database.hh a59e6f0275fc542e51ed9bd7fd3383e54dfad8fe +++ database.hh 673f98403c91c3abd882b8802d09148199287969 @@ -231,15 +231,11 @@ public: void get_pubkey(hexenc const & hash, rsa_keypair_id & ident, - base64 & pub_encoded); + rsa_pub_key & pub); void get_key(rsa_keypair_id const & ident, rsa_pub_key & pub); - void get_key(rsa_keypair_id const & ident, - base64 & pub_encoded); + bool put_key(rsa_keypair_id const & ident, rsa_pub_key const & pub); - bool put_key(rsa_keypair_id const & ident, - base64 const & pub_encoded); - void delete_public_key(rsa_keypair_id const & pub_id); // Crypto operations @@ -250,7 +246,7 @@ public: cert_status check_signature(rsa_keypair_id const & id, std::string const & alleged_text, - base64 const & signature); + rsa_sha1_signature const & signature); // // --== Certs ==-- ============================================================ --- database_check.cc 422d7a962b3bc0cb200c5e0da87105d3ad63bb93 +++ database_check.cc f3b8a85aefd3da8efe39ceb5839b730144ea7031 @@ -59,7 +59,7 @@ struct checked_key { bool found; // found public keypair id in db size_t sigs; // number of signatures by this key - base64 pub_encoded; + rsa_pub_key pub; checked_key(): found(false), sigs(0) {} }; @@ -442,7 +442,7 @@ check_keys(database & db, for (vector::const_iterator i = pubkeys.begin(); i != pubkeys.end(); ++i) { - db.get_key(*i, checked_keys[*i].pub_encoded); + db.get_key(*i, checked_keys[*i].pub); checked_keys[*i].found = true; ++ticks; } ============================================================ --- key_store.cc f8de469e5f1ab5743d222be8bf9aea16c76cf3cd +++ key_store.cc 167e6637e117ee23709dc32bb029cb0288064606 @@ -87,8 +87,8 @@ struct key_store_state bool put_key_pair(rsa_keypair_id const & ident, keypair const & kp); void migrate_old_key_pair(rsa_keypair_id const & id, - base64 const & old_priv, - base64 const & pub); + old_arc4_rsa_priv_key const & old_priv, + rsa_pub_key const & pub); }; namespace @@ -114,7 +114,7 @@ namespace virtual void consume_public_key(rsa_keypair_id const & ident, - base64< rsa_pub_key > const & k) + rsa_pub_key const & k) {E(false, F("Extraneous data in key store."));} virtual void consume_key_pair(rsa_keypair_id const & ident, @@ -130,11 +130,11 @@ namespace // for backward compatibility virtual void consume_old_private_key(rsa_keypair_id const & ident, - base64 const & k) + old_arc4_rsa_priv_key const & k) { W(F("converting old-format private key '%s'") % ident); - base64 dummy; + rsa_pub_key dummy; kss.migrate_old_key_pair(ident, k, dummy); L(FL("successfully read key pair '%s' from key store") % ident); @@ -362,8 +362,6 @@ key_store_state::decrypt_private_key(rsa key_store_state::decrypt_private_key(rsa_keypair_id const & id, bool force_from_user) { - rsa_priv_key decoded_key; - // See if we have this key in the decrypted key cache. map >::const_iterator cpk = privkey_cache.find(id); @@ -374,14 +372,13 @@ key_store_state::decrypt_private_key(rsa N(maybe_get_key_pair(id, kp), F("no key pair '%s' found in key store '%s'") % id % key_dir); - L(FL("base64-decoding %d-byte private key") % kp.priv().size()); - decode_base64(kp.priv, decoded_key); + L(FL("%d-byte private key") % kp.priv().size()); shared_ptr pkcs8_key; try // with empty passphrase { Pipe p; - p.process_msg(decoded_key()); + p.process_msg(kp.priv()); pkcs8_key.reset(Botan::PKCS8::load_key(p, "")); } catch (Botan::Exception & e) @@ -401,7 +398,7 @@ key_store_state::decrypt_private_key(rsa try { Pipe p; - p.process_msg(decoded_key()); + p.process_msg(kp.priv()); pkcs8_key.reset(Botan::PKCS8::load_key(p, phrase())); break; } @@ -470,6 +467,7 @@ key_store::create_key_pair(database & db RSA_PrivateKey priv(constants::keylen); // serialize and maybe encrypt the private key + keypair kp; SecureVector pubkey, privkey; Pipe p; p.start_msg(); @@ -480,18 +478,15 @@ key_store::create_key_pair(database & db Botan::RAW_BER); else Botan::PKCS8::encode(priv, p); - rsa_priv_key raw_priv_key(p.read_all_as_string()); + kp.priv = rsa_priv_key(p.read_all_as_string()); // serialize the public key Pipe p2; p2.start_msg(); Botan::X509::encode(priv, p2, Botan::RAW_BER); - rsa_pub_key raw_pub_key(p2.read_all_as_string()); + kp.pub = rsa_pub_key(p2.read_all_as_string()); // convert to storage format - keypair kp; - encode_base64(raw_priv_key, kp.priv); - encode_base64(raw_pub_key, kp.pub); L(FL("generated %d-byte public key\n" "generated %d-byte (encrypted) private key\n") % kp.pub().size() @@ -529,9 +524,8 @@ key_store::change_key_passphrase(rsa_key Botan::PKCS8::encrypt_key(*priv, p, new_phrase(), "PBE-PKCS5v20(SHA-1,TripleDES/CBC)", Botan::RAW_BER); - rsa_priv_key decoded_key = rsa_priv_key(p.read_all_as_string()); + kp.priv = rsa_priv_key(p.read_all_as_string()); - encode_base64(decoded_key, kp.priv); delete_key(id); put_key_pair(id, kp); } @@ -559,7 +553,7 @@ key_store::make_signature(database & db, key_store::make_signature(database & db, rsa_keypair_id const & id, string const & tosign, - base64 & signature) + rsa_sha1_signature & signature) { keypair key; get_key_pair(id, key); @@ -581,11 +575,9 @@ key_store::make_signature(database & db, { if (agent.connected()) { //grab the monotone public key as an RSA_PublicKey - rsa_pub_key pub; - decode_base64(key.pub, pub); SecureVector pub_block; - pub_block.set(reinterpret_cast(pub().data()), - pub().size()); + pub_block.set(reinterpret_cast(key.pub().data()), + key.pub().size()); L(FL("make_signature: building %d-byte pub key") % pub_block.size()); shared_ptr x509_key = shared_ptr(Botan::X509::load_key(pub_block)); @@ -662,7 +654,7 @@ key_store::make_signature(database & db, } L(FL("make_signature: produced %d-byte signature") % sig_string.size()); - encode_base64(rsa_sha1_signature(sig_string), signature); + signature = rsa_sha1_signature(sig_string); cert_status s = db.check_signature(id, tosign, signature); I(s != cert_unknown); @@ -712,8 +704,8 @@ key_store_state::migrate_old_key_pair void key_store_state::migrate_old_key_pair (rsa_keypair_id const & id, - base64 const & old_priv, - base64 const & pub) + old_arc4_rsa_priv_key const & old_priv, + rsa_pub_key const & pub) { keypair kp; SecureVector arc4_key; @@ -735,8 +727,7 @@ key_store_state::migrate_old_key_pair arc4_key.set(reinterpret_cast(phrase().data()), phrase().size()); - Pipe arc4_decryptor(new Botan::Base64_Decoder, - get_cipher("ARC4", arc4_key, Botan::DECRYPTION)); + Pipe arc4_decryptor(get_cipher("ARC4", arc4_key, Botan::DECRYPTION)); arc4_decryptor.process_msg(old_priv()); // This is necessary because PKCS8::load_key() cannot currently @@ -772,8 +763,7 @@ key_store_state::migrate_old_key_pair Botan::PKCS8::encrypt_key(*priv_key, p, phrase(), "PBE-PKCS5v20(SHA-1,TripleDES/CBC)", Botan::RAW_BER); - rsa_priv_key raw_priv = rsa_priv_key(p.read_all_as_string()); - encode_base64(raw_priv, kp.priv); + kp.priv = rsa_priv_key(p.read_all_as_string()); // also the public key (which is derivable from the private key; asking // Botan for the X.509 encoding of the private key implies that we want @@ -781,8 +771,7 @@ key_store_state::migrate_old_key_pair Pipe p2; p2.start_msg(); Botan::X509::encode(*priv_key, p2, Botan::RAW_BER); - rsa_pub_key raw_pub = rsa_pub_key(p2.read_all_as_string()); - encode_base64(raw_pub, kp.pub); + kp.pub = rsa_pub_key(p2.read_all_as_string()); // if the database had a public key entry for this key, make sure it // matches what we derived from the private key entry, but don't abort the @@ -796,8 +785,8 @@ key_store::migrate_old_key_pair void key_store::migrate_old_key_pair (rsa_keypair_id const & id, - base64 const & old_priv, - base64 const & pub) + old_arc4_rsa_priv_key const & old_priv, + rsa_pub_key const & pub) { s->migrate_old_key_pair(id, old_priv, pub); } ============================================================ --- key_store.hh ab3846f0e3952ee97f995c434185a05953c1c838 +++ key_store.hh 7af9b8f8d7a9f147759a4da81ab9ba358bca29d9 @@ -12,12 +12,12 @@ struct keypair struct keypair { - base64 pub; - base64 priv; + rsa_pub_key pub; + rsa_priv_key priv; keypair() {} - keypair(base64 const & a, - base64 const & b) + keypair(rsa_pub_key const & a, + rsa_priv_key const & b) : pub(a), priv(b) {} }; @@ -75,7 +75,7 @@ public: void make_signature(database & db, rsa_keypair_id const & id, std::string const & tosign, - base64 & signature); + rsa_sha1_signature & signature); // Interoperation with ssh-agent @@ -86,8 +86,8 @@ public: // Migration from old databases void migrate_old_key_pair(rsa_keypair_id const & id, - base64 const & old_priv, - base64 const & pub); + old_arc4_rsa_priv_key const & old_priv, + rsa_pub_key const & pub); }; // Local Variables: ============================================================ --- keys.cc d96a6b057ee9ba109e52e6cf2d7a5e8785435b85 +++ keys.cc f703cda7ad87010788791501eef385412976e0da @@ -152,7 +152,7 @@ get_user_key(options const & opts, lua_h db.put_key(key, priv_key.pub); else { - base64 pub_key; + rsa_pub_key pub_key; db.get_key(key, pub_key); E(keys_match(key, pub_key, key, priv_key.pub), F("The key '%s' stored in your database does\n" @@ -176,19 +176,19 @@ key_hash_code(rsa_keypair_id const & ide void key_hash_code(rsa_keypair_id const & ident, - base64 const & pub, + rsa_pub_key const & pub, hexenc & out) { - data tdat(ident() + ":" + remove_ws(pub())); + data tdat(ident() + ":" + remove_ws(encode_base64(pub)())); calculate_ident(tdat, out); } void key_hash_code(rsa_keypair_id const & ident, - base64< rsa_priv_key > const & priv, + rsa_priv_key const & priv, hexenc & out) { - data tdat(ident() + ":" + remove_ws(priv())); + data tdat(ident() + ":" + remove_ws(encode_base64(priv)())); calculate_ident(tdat, out); } @@ -196,9 +196,9 @@ keys_match(rsa_keypair_id const & id1, // (ie are the same key) bool keys_match(rsa_keypair_id const & id1, - base64 const & key1, + rsa_pub_key const & key1, rsa_keypair_id const & id2, - base64 const & key2) + rsa_pub_key const & key2) { hexenc hash1, hash2; key_hash_code(id1, key1, hash1); @@ -208,9 +208,9 @@ keys_match(rsa_keypair_id const & id1, bool keys_match(rsa_keypair_id const & id1, - base64< rsa_priv_key > const & key1, + rsa_priv_key const & key1, rsa_keypair_id const & id2, - base64< rsa_priv_key > const & key2) + rsa_priv_key const & key2) { hexenc hash1, hash2; key_hash_code(id1, key1, hash1); ============================================================ --- keys.hh fb6af28ca0d5f3b8e63427e8c3f485730e767ce0 +++ keys.hh 778951a853a2937eae90703ae663b4691eef5aab @@ -47,17 +47,17 @@ void key_hash_code(rsa_keypair_id const // netsync stuff void key_hash_code(rsa_keypair_id const & ident, - base64 const & pub, + rsa_pub_key const & pub, hexenc & out); void key_hash_code(rsa_keypair_id const & ident, - base64< rsa_priv_key > const & priv, + rsa_priv_key const & priv, hexenc & out); bool keys_match(rsa_keypair_id const & id1, - base64 const & key1, + rsa_pub_key const & key1, rsa_keypair_id const & id2, - base64 const & key2); + rsa_pub_key const & key2); // Local Variables: // mode: C++ ============================================================ --- netcmd.cc 50e187a13cc5e04970639893759e1460640a3757 +++ netcmd.cc bde32fd29cb479216c638281cf494f72af458466 @@ -306,7 +306,7 @@ netcmd::read_auth_cmd(protocol_role & ro id & client, id & nonce1, rsa_oaep_sha_data & hmac_key_encrypted, - string & signature) const + rsa_sha1_signature & signature) const { size_t pos = 0; // syntax is: @@ -335,8 +335,10 @@ netcmd::read_auth_cmd(protocol_role & ro extract_variable_length_string(payload, hmac_key, pos, "auth(hmac) netcmd, hmac_key_encrypted"); hmac_key_encrypted = rsa_oaep_sha_data(hmac_key); - extract_variable_length_string(payload, signature, pos, + string sig_string; + extract_variable_length_string(payload, sig_string, pos, "auth(hmac) netcmd, signature"); + signature = rsa_sha1_signature(sig_string); assert_end_of_buffer(payload, pos, "auth(hmac) netcmd payload"); } @@ -347,7 +349,7 @@ netcmd::write_auth_cmd(protocol_role rol id const & client, id const & nonce1, rsa_oaep_sha_data const & hmac_key_encrypted, - string const & signature) + rsa_sha1_signature const & signature) { cmd_code = auth_cmd; I(client().size() == constants::merkle_hash_length_in_bytes); @@ -358,7 +360,7 @@ netcmd::write_auth_cmd(protocol_role rol payload += client(); payload += nonce1(); insert_variable_length_string(hmac_key_encrypted(), payload); - insert_variable_length_string(signature, payload); + insert_variable_length_string(signature(), payload); } void @@ -698,7 +700,7 @@ UNIT_TEST(netcmd, functions) // total cheat, since we don't actually verify that rsa_oaep_sha_data // is sensible anywhere here... rsa_oaep_sha_data out_key("nonce start my heart"), in_key; - string out_signature(raw_sha1("burble") + raw_sha1("gorby")), in_signature; + rsa_sha1_signature out_signature(raw_sha1("burble") + raw_sha1("gorby")), in_signature; globish out_include_pattern("radishes galore!"), in_include_pattern; globish out_exclude_pattern("turnips galore!"), in_exclude_pattern; ============================================================ --- netcmd.hh 15406c426ad26a06900fd8fd6b171e746b1ec1ee +++ netcmd.hh 902079e85a426929649f70aea179a7d706939711 @@ -139,14 +139,14 @@ public: id & client, id & nonce1, rsa_oaep_sha_data & hmac_key_encrypted, - std::string & signature) const; + rsa_sha1_signature & signature) const; void write_auth_cmd(protocol_role role, globish const & include_pattern, globish const & exclude_pattern, id const & client, id const & nonce1, rsa_oaep_sha_data const & hmac_key_encrypted, - std::string const & signature); + rsa_sha1_signature const & signature); void read_confirm_cmd() const; void write_confirm_cmd(); ============================================================ --- netsync.cc 664f4bc27935c3e2bafa564d99c02ea5bbbc9a47 +++ netsync.cc 832911ff01940c887b43c73d47c4db7c41da1628 @@ -286,25 +286,23 @@ read_pubkey(string const & in, static void read_pubkey(string const & in, rsa_keypair_id & id, - base64 & pub) + rsa_pub_key & pub) { string tmp_id, tmp_key; size_t pos = 0; extract_variable_length_string(in, tmp_id, pos, "pubkey id"); extract_variable_length_string(in, tmp_key, pos, "pubkey value"); id = rsa_keypair_id(tmp_id); - encode_base64(rsa_pub_key(tmp_key), pub); + pub = rsa_pub_key(tmp_key); } static void write_pubkey(rsa_keypair_id const & id, - base64 const & pub, + rsa_pub_key const & pub, string & out) { - rsa_pub_key pub_tmp; - decode_base64(pub, pub_tmp); insert_variable_length_string(id(), out); - insert_variable_length_string(pub_tmp(), out); + insert_variable_length_string(pub(), out); } struct netsync_error @@ -468,7 +466,7 @@ session: void queue_error_cmd(string const & errmsg); void queue_done_cmd(netcmd_item_type type, size_t n_items); void queue_hello_cmd(rsa_keypair_id const & key_name, - base64 const & pub_encoded, + rsa_pub_key const & pub_encoded, id const & nonce); void queue_anonymous_cmd(protocol_role role, globish const & include_pattern, @@ -480,7 +478,7 @@ session: id const & client, id const & nonce1, id const & nonce2, - string const & signature); + rsa_sha1_signature const & signature); void queue_confirm_cmd(); void queue_refine_cmd(refinement_type ty, merkle_node const & node); void queue_data_cmd(netcmd_item_type type, @@ -505,7 +503,7 @@ session: globish const & their_exclude_pattern, id const & client, id const & nonce1, - string const & signature); + rsa_sha1_signature const & signature); bool process_refine_cmd(refinement_type ty, merkle_node const & node); bool process_done_cmd(netcmd_item_type type, size_t n_items); bool process_data_cmd(netcmd_item_type type, @@ -648,8 +646,7 @@ session::~session() for (vector::const_iterator j = ctmp.begin(); j != ctmp.end(); ++j) { - cert_value vtmp; - decode_base64(j->value, vtmp); + cert_value vtmp = decode_base64(j->value); certs.insert(make_pair(j->key, make_pair(j->name, vtmp))); } revision_data rdat; @@ -662,8 +659,7 @@ session::~session() for (vector::iterator i = unattached_certs.begin(); i != unattached_certs.end(); ++i) { - cert_value tmp; - decode_base64(i->value, tmp); + cert_value tmp = decode_base64(i->value); lua.hook_note_netsync_cert_received(revision_id(i->ident), i->key, i->name, tmp, session_id); } @@ -1146,13 +1142,13 @@ session::queue_hello_cmd(rsa_keypair_id void session::queue_hello_cmd(rsa_keypair_id const & key_name, - base64 const & pub_encoded, + rsa_pub_key const & pub, id const & nonce) { - rsa_pub_key pub; if (use_transport_auth) - decode_base64(pub_encoded, pub); - cmd.write_hello_cmd(key_name, pub, nonce); + cmd.write_hello_cmd(key_name, pub, nonce); + else + cmd.write_hello_cmd(key_name, rsa_pub_key(), nonce); write_netcmd_and_try_flush(cmd); } @@ -1179,7 +1175,7 @@ session::queue_auth_cmd(protocol_role ro id const & client, id const & nonce1, id const & nonce2, - string const & signature) + rsa_sha1_signature const & signature) { netcmd cmd; rsa_oaep_sha_data hmac_key_encrypted; @@ -1313,13 +1309,10 @@ session::process_hello_cmd(rsa_keypair_i I(this->remote_peer_key_hash().size() == 0); I(this->saved_nonce().size() == 0); - base64 their_key_encoded; - if (use_transport_auth) { hexenc their_key_hash; - encode_base64(their_key, their_key_encoded); - key_hash_code(their_keyname, their_key_encoded, their_key_hash); + key_hash_code(their_keyname, their_key, their_key_hash); L(FL("server key has name %s, hash %s") % their_keyname % their_key_hash); var_key their_key_key(known_servers_domain, var_name(peer_id)); if (project.db.var_exists(their_key_key)) @@ -1348,7 +1341,7 @@ session::process_hello_cmd(rsa_keypair_i "their key's fingerprint: %s") % peer_id % their_key_hash); project.db.set_var(their_key_key, var_value(their_key_hash())); } - if (project.db.put_key(their_keyname, their_key_encoded)) + if (project.db.put_key(their_keyname, their_key)) W(F("saving public key for %s to database") % their_keyname); { @@ -1389,13 +1382,11 @@ session::process_hello_cmd(rsa_keypair_i // make a signature with it; // this also ensures our public key is in the database - base64 sig; - rsa_sha1_signature sig_raw; + rsa_sha1_signature sig; keys.make_signature(project.db, signing_key, nonce(), sig); - decode_base64(sig, sig_raw); // get the hash identifier for our pubkey - base64 our_pub; + rsa_pub_key our_pub; project.db.get_key(signing_key, our_pub); hexenc our_key_hash; id our_key_hash_raw; @@ -1404,7 +1395,7 @@ session::process_hello_cmd(rsa_keypair_i // make a new nonce of our own and send off the 'auth' queue_auth_cmd(this->role, our_include_pattern, our_exclude_pattern, - our_key_hash_raw, nonce, mk_nonce(), sig_raw()); + our_key_hash_raw, nonce, mk_nonce(), sig); } else { @@ -1531,7 +1522,7 @@ session::process_auth_cmd(protocol_role globish const & their_exclude_pattern, id const & client, id const & nonce1, - string const & signature) + rsa_sha1_signature const & signature) { I(this->remote_peer_key_hash().size() == 0); I(this->saved_nonce().size() == constants::merkle_hash_length_in_bytes); @@ -1565,7 +1556,7 @@ session::process_auth_cmd(protocol_role // Get their public key. rsa_keypair_id their_id; - base64 their_key; + rsa_pub_key their_key; project.db.get_pubkey(their_key_hash, their_id, their_key); lua.hook_note_netsync_start(session_id, "server", their_role, @@ -1657,9 +1648,7 @@ session::process_auth_cmd(protocol_role this->remote_peer_key_hash = client; // Check the signature. - base64 sig; - encode_base64(rsa_sha1_signature(signature), sig); - if (project.db.check_signature(their_id, nonce1(), sig) == cert_ok) + if (project.db.check_signature(their_id, nonce1(), signature) == cert_ok) { // Get our private key and sign back. L(FL("client signature OK, accepting authentication")); @@ -1887,10 +1876,10 @@ session::load_data(netcmd_item_type type case key_item: { rsa_keypair_id keyid; - base64 pub_encoded; - project.db.get_pubkey(hitem, keyid, pub_encoded); + rsa_pub_key pub; + project.db.get_pubkey(hitem, keyid, pub); L(FL("public key '%s' is also called '%s'") % hitem % keyid); - write_pubkey(keyid, pub_encoded, out); + write_pubkey(keyid, pub, out); } break; @@ -1988,7 +1977,7 @@ session::process_data_cmd(netcmd_item_ty case key_item: { rsa_keypair_id keyid; - base64 pub; + rsa_pub_key pub; read_pubkey(dat, keyid, pub); hexenc tmp; key_hash_code(keyid, pub, tmp); @@ -2176,7 +2165,7 @@ session::dispatch_payload(netcmd const & require(voice == server_voice, "auth netcmd received in server voice"); { protocol_role role; - string signature; + rsa_sha1_signature signature; globish their_include_pattern, their_exclude_pattern; id client, nonce1, nonce2; rsa_oaep_sha_data hmac_key_encrypted; @@ -3295,10 +3284,10 @@ session::rebuild_merkle_trees(set pub_encoded; - project.db.get_key(*key, pub_encoded); + rsa_pub_key pub; + project.db.get_key(*key, pub); hexenc keyhash; - key_hash_code(*key, pub_encoded, keyhash); + key_hash_code(*key, pub, keyhash); L(FL("noting key '%s' = '%s' to send") % *key % keyhash); id key_item; decode_hexenc(keyhash, key_item); ============================================================ --- packet.cc 3d2a63f498f5168f17754e12c38fa4f6f96d4274 +++ packet.cc e617e272fd17fbb13bd705c1daf6113fa4f858da @@ -77,16 +77,16 @@ packet_writer::consume_revision_cert(rev << " " << t.inner().name() << '\n' << " " << t.inner().key() << '\n' << " " << trim_ws(t.inner().value()) << "]\n" - << trim_ws(t.inner().sig()) << '\n' + << trim_ws(encode_base64(t.inner().sig)()) << '\n' << "[end]\n"; } void packet_writer::consume_public_key(rsa_keypair_id const & ident, - base64< rsa_pub_key > const & k) + rsa_pub_key const & k) { ost << "[pubkey " << ident() << "]\n" - << trim_ws(k()) << '\n' + << trim_ws(encode_base64(k)()) << '\n' << "[end]\n"; } @@ -95,16 +95,17 @@ packet_writer::consume_key_pair(rsa_keyp keypair const & kp) { ost << "[keypair " << ident() << "]\n" - << trim_ws(kp.pub()) <<"#\n" < const & k) + old_arc4_rsa_priv_key const & k) { ost << "[privkey " << ident() << "]\n" - << trim_ws(k()) << '\n' + << trim_ws(encode_base64(k)()) << '\n' << "[end]\n"; } @@ -210,12 +211,13 @@ namespace string val; read_rest(iss,val); validate_arg_base64(val); validate_base64(body); + // canonicalize the base64 encodings to permit searches cert t = cert(hexenc(certid), cert_name(name), base64(canonical_base64(val)), rsa_keypair_id(keyid), - base64(canonical_base64(body))); + decode_base64_as(body)); cons.consume_revision_cert(revision(t)); } @@ -226,7 +228,7 @@ namespace validate_base64(body); cons.consume_public_key(rsa_keypair_id(args), - base64(body)); + decode_base64_as(body)); } void keypair_packet(string const & args, string const & body) const @@ -240,8 +242,8 @@ namespace validate_base64(pub); validate_base64(priv); cons.consume_key_pair(rsa_keypair_id(args), - keypair(base64(pub), - base64(priv))); + keypair(decode_base64_as(pub), + decode_base64_as(priv))); } void privkey_packet(string const & args, string const & body) const @@ -250,7 +252,7 @@ namespace validate_key(args); validate_base64(body); cons.consume_old_private_key(rsa_keypair_id(args), - base64(body)); + decode_base64_as(body)); } void operator()(string const & type, @@ -494,10 +496,8 @@ UNIT_TEST(packet, roundabout) pw.consume_revision_data(rid, rdat); // a cert packet - base64 val; - encode_base64(cert_value("peaches"), val); - base64 sig; - encode_base64(rsa_sha1_signature("blah blah there is no way this is a valid signature"), sig); + base64 val = encode_base64(cert_value("peaches")); + rsa_sha1_signature sig("blah blah there is no way this is a valid signature"); // should be a type violation to use a file id here instead of a revision // id, but no-one checks... cert c(fid.inner(), cert_name("smell"), val, @@ -506,16 +506,15 @@ UNIT_TEST(packet, roundabout) keypair kp; // a public key packet - encode_base64(rsa_pub_key("this is not a real rsa key"), kp.pub); + kp.pub = rsa_pub_key("this is not a real rsa key"); pw.consume_public_key(rsa_keypair_id("address@hidden"), kp.pub); // a keypair packet - encode_base64(rsa_priv_key("this is not a real rsa key either!"), kp.priv); + kp.priv = rsa_priv_key("this is not a real rsa key either!"); pw.consume_key_pair(rsa_keypair_id("address@hidden"), kp); // an old privkey packet - base64 oldpriv; - encode_base64(old_arc4_rsa_priv_key("and neither is this!"), oldpriv); + old_arc4_rsa_priv_key oldpriv("and neither is this!"); pw.consume_old_private_key(rsa_keypair_id("address@hidden"), oldpriv); tmp = oss.str(); ============================================================ --- packet.hh d3119983e2dc5164a6dd1ca161382c211eab5db1 +++ packet.hh 36079522273c7e5e6b04bc2bebfd22cc07b5bf4c @@ -50,11 +50,11 @@ public: virtual void consume_public_key(rsa_keypair_id const & ident, - base64< rsa_pub_key > const & k) = 0; + rsa_pub_key const & k) = 0; virtual void consume_key_pair(rsa_keypair_id const & ident, keypair const & kp) = 0; virtual void consume_old_private_key(rsa_keypair_id const & ident, - base64< old_arc4_rsa_priv_key > const & k) = 0; + old_arc4_rsa_priv_key const & k) = 0; }; // this writer writes packets into a stream @@ -75,11 +75,11 @@ struct packet_writer : public packet_con virtual void consume_revision_cert(revision const & t); virtual void consume_public_key(rsa_keypair_id const & ident, - base64< rsa_pub_key > const & k); + rsa_pub_key const & k); virtual void consume_key_pair(rsa_keypair_id const & ident, keypair const & kp); virtual void consume_old_private_key(rsa_keypair_id const & ident, - base64< old_arc4_rsa_priv_key > const & k); + old_arc4_rsa_priv_key const & k); }; size_t read_packets(std::istream & in, packet_consumer & cons); ============================================================ --- project.cc 49f00bd051beef2c2293ef36ab83f09c226ebe05 +++ project.cc fd4a5d9d8a3267204ff3a198a6dbf562c1df11a6 @@ -133,8 +133,7 @@ project_t::get_branch_heads(branch_name if (branch.first.outdated()) { L(FL("getting heads of branch %s") % name); - base64 branch_encoded; - encode_base64(cert_value(name()), branch_encoded); + base64 branch_encoded = encode_base64(cert_value(name())); outdated_indicator stamp; branch.first = db.get_revisions_with_cert(cert_name(branch_cert_name), @@ -166,8 +165,7 @@ project_t::revision_is_in_branch(revisio project_t::revision_is_in_branch(revision_id const & id, branch_name const & branch) { - base64 branch_encoded; - encode_base64(cert_value(branch()), branch_encoded); + base64 branch_encoded = encode_base64(cert_value(branch())); vector > certs; db.get_revision_certs(id, branch_cert_name, branch_encoded, certs); @@ -197,8 +195,7 @@ project_t::revision_is_suspended_in_bran project_t::revision_is_suspended_in_branch(revision_id const & id, branch_name const & branch) { - base64 branch_encoded; - encode_base64(cert_value(branch()), branch_encoded); + base64 branch_encoded = encode_base64(cert_value(branch())); vector > certs; db.get_revision_certs(id, suspend_cert_name, branch_encoded, certs); @@ -259,8 +256,7 @@ project_t::get_revision_branches(revisio for (std::vector >::const_iterator i = certs.begin(); i != certs.end(); ++i) { - cert_value b; - decode_base64(i->inner().value, b); + cert_value b = decode_base64(i->inner().value); branches.insert(branch_name(b())); } return i; @@ -270,9 +266,7 @@ project_t::get_branch_certs(branch_name project_t::get_branch_certs(branch_name const & branch, std::vector > & certs) { - base64 branch_encoded; - encode_base64(cert_value(branch()), branch_encoded); - + base64 branch_encoded = encode_base64(cert_value(branch())); return db.get_revision_certs(branch_cert_name, branch_encoded, certs); } @@ -310,8 +304,7 @@ project_t::get_tags(set & tags) for (std::vector >::const_iterator i = certs.begin(); i != certs.end(); ++i) { - cert_value value; - decode_base64(i->inner().value, value); + cert_value value = decode_base64(i->inner().value); tags.insert(tag_t(revision_id(i->inner().ident), utf8(value()), i->inner().key)); } return i; ============================================================ --- revision.cc 858fc8cc77773c3c6a81e8373d0d5f1218517149 +++ revision.cc 5f45dc66571d4ca62bddc7b943b815596f82ef7b @@ -1066,8 +1066,7 @@ anc_graph::add_node_for_old_manifest(man i != mcerts.end(); ++i) { L(FL("loaded '%s' manifest cert for node %s") % i->inner().name % node); - cert_value tv; - decode_base64(i->inner().value, tv); + cert_value tv = decode_base64(i->inner().value); ++n_certs_in; certs.insert(make_pair(node, make_pair(i->inner().name, tv))); @@ -1108,8 +1107,7 @@ u64 anc_graph::add_node_for_oldstyle_rev i != rcerts.end(); ++i) { L(FL("loaded '%s' revision cert for node %s") % i->inner().name % node); - cert_value tv; - decode_base64(i->inner().value, tv); + cert_value tv = decode_base64(i->inner().value); ++n_certs_in; certs.insert(make_pair(node, make_pair(i->inner().name, tv))); @@ -1697,8 +1695,7 @@ build_changesets_from_manifest_ancestry( for (vector< manifest >::const_iterator i = tmp.begin(); i != tmp.end(); ++i) { - cert_value tv; - decode_base64(i->inner().value, tv); + cert_value tv = decode_base64(i->inner().value); manifest_id child, parent; child = manifest_id(i->inner().ident); parent = manifest_id(tv()); ============================================================ --- schema_migration.cc f5bb54455a2fb596c5091b3ec2677f7c350395ec +++ schema_migration.cc 86017e5d2e61501377fb630416cf4bfe6609d745 @@ -285,20 +285,20 @@ sqlite3_unbase64_fn(sqlite3_context *f, sqlite3_result_error(f, "need exactly 1 arg to unbase64()", -1); return; } - data decoded; + string decoded; // This operation may throw informative_failure. We must intercept that // and turn it into a call to sqlite3_result_error, or rollback will fail. try { - decode_base64(base64(string(sqlite3_value_cstr(args[0]))), decoded); + decoded = decode_base64_as(sqlite3_value_cstr(args[0])); } catch (informative_failure & e) { sqlite3_result_error(f, e.what(), -1); return; } - sqlite3_result_blob(f, decoded().c_str(), decoded().size(), SQLITE_TRANSIENT); + sqlite3_result_blob(f, decoded.c_str(), decoded.size(), SQLITE_TRANSIENT); } // Here are all of the migration steps. Almost all of them can be expressed @@ -505,7 +505,9 @@ migrate_to_external_privkeys(sqlite3 * d P(F("moving key '%s' from database to %s") % ident % keys.get_key_dir()); - keys.migrate_old_key_pair(ident, old_priv, pub); + keys.migrate_old_key_pair(ident, + decode_base64(old_priv), + decode_base64(pub)); } } ============================================================ --- transforms.cc 081cded2a5cf3c7dedb9460a14aaac21e70754aa +++ transforms.cc 37cf33ed51b47de79a6001247cfb2571ce1d7b0e @@ -272,8 +272,8 @@ UNIT_TEST(transform, enc) gzip gzd1, gzd2; base64< gzip > bgzd; encode_gzip(d1, gzd1); - encode_base64(gzd1, bgzd); - decode_base64(bgzd, gzd2); + bgzd = encode_base64(gzd1); + gzd2 = decode_base64(bgzd); UNIT_TEST_CHECK(gzd2 == gzd1); decode_gzip(gzd2, d2); UNIT_TEST_CHECK(d2 == d1); ============================================================ --- transforms.hh 54ea9d901a7f870c2e5ee46b5c3a99e868eb1ad9 +++ transforms.hh e4d0e3f76acf27d96ccf87b6741921a99b3c6833 @@ -47,13 +47,18 @@ template // base64 encoding template -void encode_base64(T const & in, base64 & out) -{ out = base64(T(xform(in()))); } +base64 encode_base64(T const & in) +{ return base64(T(xform(in()))); } template -void decode_base64(base64 const & in, T & out) -{ out = T(xform(in())); } +T decode_base64(base64 const & in) +{ return T(xform(in())); } +template +T decode_base64_as(std::string const & in) +{ + return T(xform(in)); +} // hex encoding ============================================================ --- update.cc e4e1f8d71ba2133af8d22537033ed7f1bb350cbd +++ update.cc c6472ee28faff6f12f9882801d0bbfbd7efe606f @@ -63,8 +63,7 @@ get_test_results_for_revision(project_t for (vector< revision >::const_iterator i = certs.begin(); i != certs.end(); ++i) { - cert_value cv; - decode_base64(i->inner().value, cv); + cert_value cv = decode_base64(i->inner().value); try { bool test_ok = lexical_cast(cv()); ============================================================ --- vocab.cc 016043a836b8789b07f912e3431f3401234d61e0 +++ vocab.cc 90093cefdae518acc7e3381931a89fab27c1cdaf @@ -191,7 +191,7 @@ template template -void dump(base64 const&, string &); +void dump(rsa_pub_key const&, string &); template void dump(revision_id const & r, string &);