Clean up Base* code

Make it separate from Hash, since other things can be base-encoded too. This isn't really needed for Nix, but it makes the code easier to read e.g. for someone reimplementing this stuff in a different language. (Of course, Base16/Base64 should be gotten off-the-shelf, but now the hash code, which is more bespoke, is less cluttered with the parts that would be from some library.) Many reimplementations of "Nix32" and our hash type already exist, so this cleanup is coming years too late, but I say better late than never / it is always good to nudge the code in the direction of being a "living spec". Co-authored-by: Sergei Zimmerman <sergei@zimmerman.foo>
2025-11-26 04:00:59 +01:00 · 2025-08-05 14:12:00 -04:00 · 2025-08-05 14:12:00 -04:00 · 991831227e
commit 991831227e
parent 664f06c94c
18 changed files with 357 additions and 244 deletions
--- a/src/libutil/signature/local-keys.cc
+++ b/src/libutil/signature/local-keys.cc
@ -1,6 +1,7 @@
 #include "nix/util/signature/local-keys.hh"

 #include "nix/util/file-system.hh"
+#include "nix/util/base-n.hh"
 #include "nix/util/util.hh"
 #include <sodium.h>

@ -25,7 +26,7 @@ Key::Key(std::string_view s, bool sensitiveValue)
        if (name == "" || key == "")
            throw FormatError("key is corrupt");

-        key = base64Decode(key);
+        key = base64::decode(key);
    } catch (Error & e) {
        std::string extra;
        if (!sensitiveValue)
@ -37,7 +38,7 @@ Key::Key(std::string_view s, bool sensitiveValue)

 std::string Key::to_string() const
 {
-    return name + ":" + base64Encode(key);
+    return name + ":" + base64::encode(std::as_bytes(std::span<const char>{key}));
 }

 SecretKey::SecretKey(std::string_view s)
@ -52,7 +53,7 @@ std::string SecretKey::signDetached(std::string_view data) const
    unsigned char sig[crypto_sign_BYTES];
    unsigned long long sigLen;
    crypto_sign_detached(sig, &sigLen, (unsigned char *) data.data(), data.size(), (unsigned char *) key.data());
-    return name + ":" + base64Encode(std::string((char *) sig, sigLen));
+    return name + ":" + base64::encode(std::as_bytes(std::span<const unsigned char>{sig, sigLen}));
 }

 PublicKey SecretKey::toPublicKey() const
@ -93,7 +94,7 @@ bool PublicKey::verifyDetachedAnon(std::string_view data, std::string_view sig)
 {
    std::string sig2;
    try {
-        sig2 = base64Decode(sig);
+        sig2 = base64::decode(sig);
    } catch (Error & e) {
        e.addTrace({}, "while decoding signature '%s'", sig);
    }