libnm/crypto: rename libnm crypto API to have consistent NM prefix

Follow our convention, that items in headers are all named with
an "NM" prefix.

Also, "nm-crypto-impl.h" contains internal functions that are to be implemented
by the corresponding crypto backends. Distinguish their names as well.

libnm-core/nm-crypto-gnutls.c

@@ -37,7 +37,7 @@
 static gboolean initialized = FALSE;
 
 gboolean
-crypto_init (GError **error)
+_nm_crypto_init (GError **error)
 {
 	if (initialized)
 		return TRUE;
@@ -55,16 +55,16 @@ crypto_init (GError **error)
 }
 
 char *
-crypto_decrypt (const char *cipher,
-                int key_type,
-                const guint8 *data,
-                gsize data_len,
-                const char *iv,
-                const gsize iv_len,
-                const char *key,
-                const gsize key_len,
-                gsize *out_len,
-                GError **error)
+_nm_crypto_decrypt (const char *cipher,
+                    int key_type,
+                    const guint8 *data,
+                    gsize data_len,
+                    const char *iv,
+                    const gsize iv_len,
+                    const char *key,
+                    const gsize key_len,
+                    gsize *out_len,
+                    GError **error)
 {
 	gnutls_cipher_hd_t ctx;
 	gnutls_datum_t key_dt, iv_dt;
@@ -74,7 +74,7 @@ crypto_decrypt (const char *cipher,
 	gboolean success = FALSE;
 	gsize pad_len, real_iv_len;
 
-	if (!crypto_init (error))
+	if (!_nm_crypto_init (error))
 		return NULL;
 
 	if (!strcmp (cipher, CIPHER_DES_EDE3_CBC)) {
@@ -171,15 +171,15 @@ out:
 }
 
 char *
-crypto_encrypt (const char *cipher,
-                const guint8 *data,
-                gsize data_len,
-                const char *iv,
-                const gsize iv_len,
-                const char *key,
-                gsize key_len,
-                gsize *out_len,
-                GError **error)
+_nm_crypto_encrypt (const char *cipher,
+                    const guint8 *data,
+                    gsize data_len,
+                    const char *iv,
+                    const gsize iv_len,
+                    const char *key,
+                    gsize key_len,
+                    gsize *out_len,
+                    GError **error)
 {
 	gnutls_cipher_hd_t ctx;
 	gnutls_datum_t key_dt, iv_dt;
@@ -191,7 +191,7 @@ crypto_encrypt (const char *cipher,
 	char *padded_buf = NULL;
 	guint32 i;
 
-	if (!crypto_init (error))
+	if (!_nm_crypto_init (error))
 		return NULL;
 
 	if (!strcmp (cipher, CIPHER_DES_EDE3_CBC))
@@ -269,15 +269,15 @@ out:
 }
 
 NMCryptoFileFormat
-crypto_verify_cert (const unsigned char *data,
-                    gsize len,
-                    GError **error)
+_nm_crypto_verify_cert (const unsigned char *data,
+                        gsize len,
+                        GError **error)
 {
 	gnutls_x509_crt_t der;
 	gnutls_datum_t dt;
 	int err;
 
-	if (!crypto_init (error))
+	if (!_nm_crypto_init (error))
 		return NM_CRYPTO_FILE_FORMAT_UNKNOWN;
 
 	err = gnutls_x509_crt_init (&der);
@@ -312,10 +312,10 @@ crypto_verify_cert (const unsigned char *data,
 }
 
 gboolean
-crypto_verify_pkcs12 (const guint8 *data,
-                      gsize data_len,
-                      const char *password,
-                      GError **error)
+_nm_crypto_verify_pkcs12 (const guint8 *data,
+                          gsize data_len,
+                          const char *password,
+                          GError **error)
 {
 	gnutls_pkcs12_t p12;
 	gnutls_datum_t dt;
@@ -324,7 +324,7 @@ crypto_verify_pkcs12 (const guint8 *data,
 
 	g_return_val_if_fail (data != NULL, FALSE);
 
-	if (!crypto_init (error))
+	if (!_nm_crypto_init (error))
 		return FALSE;
 
 	dt.data = (unsigned char *) data;
@@ -369,11 +369,11 @@ out:
 }
 
 gboolean
-crypto_verify_pkcs8 (const guint8 *data,
-                     gsize data_len,
-                     gboolean is_encrypted,
-                     const char *password,
-                     GError **error)
+_nm_crypto_verify_pkcs8 (const guint8 *data,
+                         gsize data_len,
+                         gboolean is_encrypted,
+                         const char *password,
+                         GError **error)
 {
 	gnutls_x509_privkey_t p8;
 	gnutls_datum_t dt;
@@ -381,7 +381,7 @@ crypto_verify_pkcs8 (const guint8 *data,
 
 	g_return_val_if_fail (data != NULL, FALSE);
 
-	if (!crypto_init (error))
+	if (!_nm_crypto_init (error))
 		return FALSE;
 
 	dt.data = (unsigned char *) data;
@@ -424,9 +424,9 @@ crypto_verify_pkcs8 (const guint8 *data,
 }
 
 gboolean
-crypto_randomize (void *buffer, gsize buffer_len, GError **error)
+_nm_crypto_randomize (void *buffer, gsize buffer_len, GError **error)
 {
-	if (!crypto_init (error))
+	if (!_nm_crypto_init (error))
 		return FALSE;
 
 	gnutls_rnd (GNUTLS_RND_RANDOM, buffer, buffer_len);

libnm-core/nm-crypto-impl.h

@@ -30,32 +30,44 @@
 
 #include "nm-crypto.h"
 
-gboolean crypto_init (GError **error);
+gboolean _nm_crypto_init (GError **error);
 
-char * crypto_decrypt (const char *cipher,
-                       int key_type,
-                       const guint8 *data,
-                       gsize data_len,
-                       const char *iv,
-                       const gsize iv_len,
-                       const char *key,
-                       const gsize key_len,
-                       gsize *out_len,
-                       GError **error);
+gboolean _nm_crypto_randomize (void *buffer, gsize buffer_len, GError **error);
 
-NMCryptoFileFormat crypto_verify_cert (const guint8 *data,
-                                       gsize len,
-                                       GError **error);
+char *_nm_crypto_encrypt (const char *cipher,
+                          const guint8 *data,
+                          gsize data_len,
+                          const char *iv,
+                          gsize iv_len,
+                          const char *key,
+                          gsize key_len,
+                          gsize *out_len,
+                          GError **error);
 
-gboolean crypto_verify_pkcs12 (const guint8 *data,
-                               gsize data_len,
-                               const char *password,
-                               GError **error);
+char *_nm_crypto_decrypt (const char *cipher,
+                          int key_type,
+                          const guint8 *data,
+                          gsize data_len,
+                          const char *iv,
+                          const gsize iv_len,
+                          const char *key,
+                          const gsize key_len,
+                          gsize *out_len,
+                          GError **error);
 
-gboolean crypto_verify_pkcs8 (const guint8 *data,
-                              gsize data_len,
-                              gboolean is_encrypted,
-                              const char *password,
-                              GError **error);
+NMCryptoFileFormat _nm_crypto_verify_cert (const guint8 *data,
+                                           gsize len,
+                                           GError **error);
+
+gboolean _nm_crypto_verify_pkcs12 (const guint8 *data,
+                                   gsize data_len,
+                                   const char *password,
+                                   GError **error);
+
+gboolean _nm_crypto_verify_pkcs8 (const guint8 *data,
+                                  gsize data_len,
+                                  gboolean is_encrypted,
+                                  const char *password,
+                                  GError **error);
 
 #endif  /* __NM_CRYPTO_IMPL_H__ */

libnm-core/nm-crypto-nss.c

@@ -40,7 +40,7 @@
 static gboolean initialized = FALSE;
 
 gboolean
-crypto_init (GError **error)
+_nm_crypto_init (GError **error)
 {
 	SECStatus ret;
 
@@ -71,16 +71,16 @@ crypto_init (GError **error)
 }
 
 char *
-crypto_decrypt (const char *cipher,
-                int key_type,
-                const guint8 *data,
-                gsize data_len,
-                const char *iv,
-                const gsize iv_len,
-                const char *key,
-                const gsize key_len,
-                gsize *out_len,
-                GError **error)
+_nm_crypto_decrypt (const char *cipher,
+                    int key_type,
+                    const guint8 *data,
+                    gsize data_len,
+                    const char *iv,
+                    const gsize iv_len,
+                    const char *key,
+                    const gsize key_len,
+                    gsize *out_len,
+                    GError **error)
 {
 	char *output = NULL;
 	int decrypted_len = 0;
@@ -95,7 +95,7 @@ crypto_decrypt (const char *cipher,
 	unsigned pad_len = 0, extra = 0;
 	guint32 i, real_iv_len = 0;
 
-	if (!crypto_init (error))
+	if (!_nm_crypto_init (error))
 		return NULL;
 
 	if (!strcmp (cipher, CIPHER_DES_EDE3_CBC)) {
@@ -243,15 +243,15 @@ out:
 }
 
 char *
-crypto_encrypt (const char *cipher,
-                const guint8 *data,
-                gsize data_len,
-                const char *iv,
-                gsize iv_len,
-                const char *key,
-                gsize key_len,
-                gsize *out_len,
-                GError **error)
+_nm_crypto_encrypt (const char *cipher,
+                    const guint8 *data,
+                    gsize data_len,
+                    const char *iv,
+                    gsize iv_len,
+                    const char *key,
+                    gsize key_len,
+                    gsize *out_len,
+                    GError **error)
 {
 	SECStatus ret;
 	CK_MECHANISM_TYPE cipher_mech = CKM_DES3_CBC_PAD;
@@ -267,7 +267,7 @@ crypto_encrypt (const char *cipher,
 	gboolean success = FALSE;
 	gsize padded_buf_len, pad_len;
 
-	if (!crypto_init (error))
+	if (!_nm_crypto_init (error))
 		return NULL;
 
 	if (!strcmp (cipher, CIPHER_DES_EDE3_CBC))
@@ -371,13 +371,13 @@ out:
 }
 
 NMCryptoFileFormat
-crypto_verify_cert (const unsigned char *data,
-                    gsize len,
-                    GError **error)
+_nm_crypto_verify_cert (const unsigned char *data,
+                        gsize len,
+                        GError **error)
 {
 	CERTCertificate *cert;
 
-	if (!crypto_init (error))
+	if (!_nm_crypto_init (error))
 		return NM_CRYPTO_FILE_FORMAT_UNKNOWN;
 
 	/* Try DER/PEM first */
@@ -395,10 +395,10 @@ crypto_verify_cert (const unsigned char *data,
 }
 
 gboolean
-crypto_verify_pkcs12 (const guint8 *data,
-                      gsize data_len,
-                      const char *password,
-                      GError **error)
+_nm_crypto_verify_pkcs12 (const guint8 *data,
+                          gsize data_len,
+                          const char *password,
+                          GError **error)
 {
 	SEC_PKCS12DecoderContext *p12ctx = NULL;
 	SECItem pw = { 0 };
@@ -413,7 +413,7 @@ crypto_verify_pkcs12 (const guint8 *data,
 	if (error)
 		g_return_val_if_fail (*error == NULL, FALSE);
 
-	if (!crypto_init (error))
+	if (!_nm_crypto_init (error))
 		return FALSE;
 
 	/* PKCS#12 passwords are apparently UCS2 BIG ENDIAN, and NSS doesn't do
@@ -492,15 +492,15 @@ error:
 }
 
 gboolean
-crypto_verify_pkcs8 (const guint8 *data,
-                     gsize data_len,
-                     gboolean is_encrypted,
-                     const char *password,
-                     GError **error)
+_nm_crypto_verify_pkcs8 (const guint8 *data,
+                         gsize data_len,
+                         gboolean is_encrypted,
+                         const char *password,
+                         GError **error)
 {
 	g_return_val_if_fail (data != NULL, FALSE);
 
-	if (!crypto_init (error))
+	if (!_nm_crypto_init (error))
 		return FALSE;
 
 	/* NSS apparently doesn't do PKCS#8 natively, but you have to put the
@@ -511,11 +511,11 @@ crypto_verify_pkcs8 (const guint8 *data,
 }
 
 gboolean
-crypto_randomize (void *buffer, gsize buffer_len, GError **error)
+_nm_crypto_randomize (void *buffer, gsize buffer_len, GError **error)
 {
 	SECStatus s;
 
-	if (!crypto_init (error))
+	if (!_nm_crypto_init (error))
 		return FALSE;
 
 	s = PK11_GenerateRandom (buffer, buffer_len);

libnm-core/nm-crypto.c

@@ -411,12 +411,12 @@ convert_iv (const char *src,
 }
 
 char *
-crypto_make_des_aes_key (const char *cipher,
-                         const char *salt,
-                         const gsize salt_len,
-                         const char *password,
-                         gsize *out_len,
-                         GError **error)
+nm_crypto_make_des_aes_key (const char *cipher,
+                            const char *salt,
+                            const gsize salt_len,
+                            const char *password,
+                            gsize *out_len,
+                            GError **error)
 {
 	char *key;
 	guint32 digest_len;
@@ -452,12 +452,12 @@ crypto_make_des_aes_key (const char *cipher,
 
 	key = g_malloc0 (digest_len + 1);
 
-	crypto_md5_hash ((guint8 *) salt,
-	                 8,
-	                 (guint8 *) password,
-	                 strlen (password),
-	                 (guint8 *) key,
-	                 digest_len);
+	nm_crypto_md5_hash ((guint8 *) salt,
+	                    8,
+	                    (guint8 *) password,
+	                    strlen (password),
+	                    (guint8 *) key,
+	                    digest_len);
 
 	*out_len = digest_len;
 	return key;
@@ -497,20 +497,20 @@ decrypt_key (const char *cipher,
 	}
 
 	/* Convert the password and IV into a DES or AES key */
-	key.str = crypto_make_des_aes_key (cipher, bin_iv.str, bin_iv.len, password, &key.len, error);
+	key.str = nm_crypto_make_des_aes_key (cipher, bin_iv.str, bin_iv.len, password, &key.len, error);
 	if (!key.str || !key.len)
 		return FALSE;
 
-	parsed->str = crypto_decrypt (cipher,
-	                              key_type,
-	                              data,
-	                              data_len,
-	                              bin_iv.str,
-	                              bin_iv.len,
-	                              key.str,
-	                              key.len,
-	                              &parsed->len,
-	                              error);
+	parsed->str = _nm_crypto_decrypt (cipher,
+	                                  key_type,
+	                                  data,
+	                                  data_len,
+	                                  bin_iv.str,
+	                                  bin_iv.len,
+	                                  key.str,
+	                                  key.len,
+	                                  &parsed->len,
+	                                  error);
 	if (!parsed->str || parsed->len == 0) {
 		nm_secret_ptr_clear (parsed);
 		return FALSE;
@@ -535,7 +535,7 @@ nmtst_crypto_decrypt_openssl_private_key_data (const guint8 *data,
 
 	NM_SET_OUT (out_key_type, NM_CRYPTO_KEY_TYPE_UNKNOWN);
 
-	if (!crypto_init (error))
+	if (!_nm_crypto_init (error))
 		return NULL;
 
 	if (!parse_old_openssl_key_file (data, data_len, &parsed, &key_type, &cipher, &iv, NULL)) {
@@ -584,7 +584,7 @@ nmtst_crypto_decrypt_openssl_private_key (const char *file,
 {
 	nm_auto_clear_secret_ptr NMSecretPtr contents = { 0 };
 
-	if (!crypto_init (error))
+	if (!_nm_crypto_init (error))
 		return NULL;
 
 	if (!file_read_contents (file, &contents, error))
@@ -645,9 +645,9 @@ extract_pem_cert_data (const guint8 *contents,
 }
 
 GByteArray *
-crypto_load_and_verify_certificate (const char *file,
-                                    NMCryptoFileFormat *out_file_format,
-                                    GError **error)
+nm_crypto_load_and_verify_certificate (const char *file,
+                                       NMCryptoFileFormat *out_file_format,
+                                       GError **error)
 {
 	nm_auto_clear_secret_ptr NMSecretPtr contents = { 0 };
 
@@ -656,28 +656,28 @@ crypto_load_and_verify_certificate (const char *file,
 
 	*out_file_format = NM_CRYPTO_FILE_FORMAT_UNKNOWN;
 
-	if (!crypto_init (error))
+	if (!_nm_crypto_init (error))
 		return NULL;
 
 	if (!file_read_contents (file, &contents, error))
 		return NULL;
 
 	/* Check for PKCS#12 */
-	if (crypto_is_pkcs12_data (contents.bin, contents.len, NULL)) {
+	if (nm_crypto_is_pkcs12_data (contents.bin, contents.len, NULL)) {
 		*out_file_format = NM_CRYPTO_FILE_FORMAT_PKCS12;
 		return to_gbyte_array_mem (contents.bin, contents.len);
 	}
 
 	/* Check for plain DER format */
 	if (contents.len > 2 && contents.bin[0] == 0x30 && contents.bin[1] == 0x82) {
-		*out_file_format = crypto_verify_cert (contents.bin, contents.len, error);
+		*out_file_format = _nm_crypto_verify_cert (contents.bin, contents.len, error);
 	} else {
 		nm_auto_clear_secret_ptr NMSecretPtr pem_cert = { 0 };
 
 		if (!extract_pem_cert_data (contents.bin, contents.len, &pem_cert, error))
 			return NULL;
 
-		*out_file_format = crypto_verify_cert (pem_cert.bin, pem_cert.len, error);
+		*out_file_format = _nm_crypto_verify_cert (pem_cert.bin, pem_cert.len, error);
 	}
 
 	if (*out_file_format != NM_CRYPTO_FILE_FORMAT_X509)
@@ -687,9 +687,9 @@ crypto_load_and_verify_certificate (const char *file,
 }
 
 gboolean
-crypto_is_pkcs12_data (const guint8 *data,
-                       gsize data_len,
-                       GError **error)
+nm_crypto_is_pkcs12_data (const guint8 *data,
+                          gsize data_len,
+                          GError **error)
 {
 	GError *local = NULL;
 	gboolean success;
@@ -699,10 +699,10 @@ crypto_is_pkcs12_data (const guint8 *data,
 
 	g_return_val_if_fail (data != NULL, FALSE);
 
-	if (!crypto_init (error))
+	if (!_nm_crypto_init (error))
 		return FALSE;
 
-	success = crypto_verify_pkcs12 (data, data_len, NULL, &local);
+	success = _nm_crypto_verify_pkcs12 (data, data_len, NULL, &local);
 	if (success == FALSE) {
 		/* If the error was just a decryption error, then it's pkcs#12 */
 		if (local) {
@@ -717,30 +717,30 @@ crypto_is_pkcs12_data (const guint8 *data,
 }
 
 gboolean
-crypto_is_pkcs12_file (const char *file, GError **error)
+nm_crypto_is_pkcs12_file (const char *file, GError **error)
 {
 	nm_auto_clear_secret_ptr NMSecretPtr contents = { 0 };
 
 	g_return_val_if_fail (file != NULL, FALSE);
 
-	if (!crypto_init (error))
+	if (!_nm_crypto_init (error))
 		return FALSE;
 
 	if (!file_read_contents (file, &contents, error))
 		return FALSE;
 
-	return crypto_is_pkcs12_data (contents.bin, contents.len, error);
+	return nm_crypto_is_pkcs12_data (contents.bin, contents.len, error);
 }
 
 /* Verifies that a private key can be read, and if a password is given, that
  * the private key can be decrypted with that password.
  */
 NMCryptoFileFormat
-crypto_verify_private_key_data (const guint8 *data,
-                                gsize data_len,
-                                const char *password,
-                                gboolean *out_is_encrypted,
-                                GError **error)
+nm_crypto_verify_private_key_data (const guint8 *data,
+                                   gsize data_len,
+                                   const char *password,
+                                   gboolean *out_is_encrypted,
+                                   GError **error)
 {
 	NMCryptoFileFormat format = NM_CRYPTO_FILE_FORMAT_UNKNOWN;
 	gboolean is_encrypted = FALSE;
@@ -748,13 +748,14 @@ crypto_verify_private_key_data (const guint8 *data,
 	g_return_val_if_fail (data != NULL, NM_CRYPTO_FILE_FORMAT_UNKNOWN);
 	g_return_val_if_fail (out_is_encrypted == NULL || *out_is_encrypted == FALSE, NM_CRYPTO_FILE_FORMAT_UNKNOWN);
 
-	if (!crypto_init (error))
+	if (!_nm_crypto_init (error))
 		return NM_CRYPTO_FILE_FORMAT_UNKNOWN;
 
 	/* Check for PKCS#12 first */
-	if (crypto_is_pkcs12_data (data, data_len, NULL)) {
+	if (nm_crypto_is_pkcs12_data (data, data_len, NULL)) {
 		is_encrypted = TRUE;
-		if (!password || crypto_verify_pkcs12 (data, data_len, password, error))
+		if (   !password
+		    || _nm_crypto_verify_pkcs12 (data, data_len, password, error))
 			format = NM_CRYPTO_FILE_FORMAT_PKCS12;
 	} else {
 		nm_auto_clear_secret_ptr NMSecretPtr parsed = { 0 };
@@ -762,7 +763,7 @@ crypto_verify_private_key_data (const guint8 *data,
 		/* Maybe it's PKCS#8 */
 		if (parse_pkcs8_key_file (data, data_len, &parsed, &is_encrypted, NULL)) {
 			if (   !password
-			    || crypto_verify_pkcs8 (parsed.bin, parsed.len, is_encrypted, password, error))
+			    || _nm_crypto_verify_pkcs8 (parsed.bin, parsed.len, is_encrypted, password, error))
 				format = NM_CRYPTO_FILE_FORMAT_RAW_KEY;
 		} else {
 			const char *cipher;
@@ -782,31 +783,31 @@ crypto_verify_private_key_data (const guint8 *data,
 }
 
 NMCryptoFileFormat
-crypto_verify_private_key (const char *filename,
-                           const char *password,
-                           gboolean *out_is_encrypted,
-                           GError **error)
+nm_crypto_verify_private_key (const char *filename,
+                              const char *password,
+                              gboolean *out_is_encrypted,
+                              GError **error)
 {
 	nm_auto_clear_secret_ptr NMSecretPtr contents = { 0 };
 
 	g_return_val_if_fail (filename != NULL, NM_CRYPTO_FILE_FORMAT_UNKNOWN);
 
-	if (!crypto_init (error))
+	if (!_nm_crypto_init (error))
 		return NM_CRYPTO_FILE_FORMAT_UNKNOWN;
 
 	if (!file_read_contents (filename, &contents, error))
 		return NM_CRYPTO_FILE_FORMAT_UNKNOWN;
 
-	return crypto_verify_private_key_data (contents.bin, contents.len, password, out_is_encrypted, error);
+	return nm_crypto_verify_private_key_data (contents.bin, contents.len, password, out_is_encrypted, error);
 }
 
 void
-crypto_md5_hash (const guint8 *salt,
-                 gsize salt_len,
-                 const guint8 *password,
-                 gsize password_len,
-                 guint8 *buffer,
-                 gsize buflen)
+nm_crypto_md5_hash (const guint8 *salt,
+                    gsize salt_len,
+                    const guint8 *password,
+                    gsize password_len,
+                    guint8 *buffer,
+                    gsize buflen)
 {
 	nm_auto_free_checksum GChecksum *ctx = NULL;
 #define MD5_DIGEST_LEN 16
@@ -845,3 +846,23 @@ crypto_md5_hash (const guint8 *salt,
 		g_checksum_update (ctx, digest.ptr, MD5_DIGEST_LEN);
 	}
 }
+
+char *
+nm_crypto_encrypt (const char *cipher,
+                   const guint8 *data,
+                   gsize data_len,
+                   const char *iv,
+                   gsize iv_len,
+                   const char *key,
+                   gsize key_len,
+                   gsize *out_len,
+                   GError **error)
+{
+	return _nm_crypto_encrypt (cipher, data, data_len, iv, iv_len, key, key_len, out_len, error);
+}
+
+gboolean
+nm_crypto_randomize (void *buffer, gsize buffer_len, GError **error)
+{
+	return _nm_crypto_randomize (buffer, buffer_len, error);
+}

libnm-core/nm-crypto.h

@@ -60,49 +60,49 @@ GByteArray *nmtst_crypto_decrypt_openssl_private_key (const char *file,
                                                       NMCryptoKeyType *out_key_type,
                                                       GError **error);
 
-GByteArray *crypto_load_and_verify_certificate (const char *file,
-                                                NMCryptoFileFormat *out_file_format,
-                                                GError **error);
-
-gboolean crypto_is_pkcs12_file (const char *file, GError **error);
-
-gboolean crypto_is_pkcs12_data (const guint8 *data, gsize len, GError **error);
-
-NMCryptoFileFormat crypto_verify_private_key_data (const guint8 *data,
-                                                   gsize data_len,
-                                                   const char *password,
-                                                   gboolean *out_is_encrypted,
+GByteArray *nm_crypto_load_and_verify_certificate (const char *file,
+                                                   NMCryptoFileFormat *out_file_format,
                                                    GError **error);
 
-NMCryptoFileFormat crypto_verify_private_key (const char *file,
-                                              const char *password,
-                                              gboolean *out_is_encrypted,
-                                              GError **error);
+gboolean nm_crypto_is_pkcs12_file (const char *file, GError **error);
 
-void crypto_md5_hash (const guint8 *salt,
-                      gsize salt_len,
-                      const guint8 *password,
-                      gsize password_len,
-                      guint8 *buffer,
-                      gsize buflen);
+gboolean nm_crypto_is_pkcs12_data (const guint8 *data, gsize len, GError **error);
 
-char *crypto_make_des_aes_key (const char *cipher,
-                               const char *salt,
-                               const gsize salt_len,
-                               const char *password,
-                               gsize *out_len,
-                               GError **error);
+NMCryptoFileFormat nm_crypto_verify_private_key_data (const guint8 *data,
+                                                      gsize data_len,
+                                                      const char *password,
+                                                      gboolean *out_is_encrypted,
+                                                      GError **error);
 
-char * crypto_encrypt (const char *cipher,
-                       const guint8 *data,
-                       gsize data_len,
-                       const char *iv,
-                       gsize iv_len,
-                       const char *key,
-                       gsize key_len,
-                       gsize *out_len,
-                       GError **error);
+NMCryptoFileFormat nm_crypto_verify_private_key (const char *file,
+                                                 const char *password,
+                                                 gboolean *out_is_encrypted,
+                                                 GError **error);
 
-gboolean crypto_randomize (void *buffer, gsize buffer_len, GError **error);
+void nm_crypto_md5_hash (const guint8 *salt,
+                         gsize salt_len,
+                         const guint8 *password,
+                         gsize password_len,
+                         guint8 *buffer,
+                         gsize buflen);
+
+char *nm_crypto_make_des_aes_key (const char *cipher,
+                                  const char *salt,
+                                  const gsize salt_len,
+                                  const char *password,
+                                  gsize *out_len,
+                                  GError **error);
+
+char * nm_crypto_encrypt (const char *cipher,
+                          const guint8 *data,
+                          gsize data_len,
+                          const char *iv,
+                          gsize iv_len,
+                          const char *key,
+                          gsize key_len,
+                          gsize *out_len,
+                          GError **error);
+
+gboolean nm_crypto_randomize (void *buffer, gsize buffer_len, GError **error);
 
 #endif  /* __NM_CRYPTO_H__ */

libnm-core/nm-setting-8021x.c

@@ -529,7 +529,7 @@ load_and_verify_certificate (const char *cert_path,
 	NMCryptoFileFormat format = NM_CRYPTO_FILE_FORMAT_UNKNOWN;
 	GByteArray *array;
 
-	array = crypto_load_and_verify_certificate (cert_path, &format, error);
+	array = nm_crypto_load_and_verify_certificate (cert_path, &format, error);
 
 	if (!array || !array->len || format == NM_CRYPTO_FILE_FORMAT_UNKNOWN) {
 		/* the array is empty or the format is already unknown. */
@@ -2264,7 +2264,7 @@ nm_setting_802_1x_set_private_key (NMSetting8021x *setting,
 	 * given, that it decrypts the private key.
 	 */
 	if (value && scheme != NM_SETTING_802_1X_CK_SCHEME_PKCS11) {
-		format = crypto_verify_private_key (value, password, NULL, &local_err);
+		format = nm_crypto_verify_private_key (value, password, NULL, &local_err);
 		if (format == NM_CRYPTO_FILE_FORMAT_UNKNOWN) {
 			g_set_error_literal (error,
 			                     NM_CONNECTION_ERROR,
@@ -2379,14 +2379,14 @@ nm_setting_802_1x_get_private_key_format (NMSetting8021x *setting)
 
 	switch (nm_setting_802_1x_get_private_key_scheme (setting)) {
 	case NM_SETTING_802_1X_CK_SCHEME_BLOB:
-		if (crypto_is_pkcs12_data (g_bytes_get_data (priv->private_key, NULL),
-		                           g_bytes_get_size (priv->private_key),
-		                           NULL))
+		if (nm_crypto_is_pkcs12_data (g_bytes_get_data (priv->private_key, NULL),
+		                              g_bytes_get_size (priv->private_key),
+		                              NULL))
 			return NM_SETTING_802_1X_CK_FORMAT_PKCS12;
 		return NM_SETTING_802_1X_CK_FORMAT_RAW_KEY;
 	case NM_SETTING_802_1X_CK_SCHEME_PATH:
 		path = nm_setting_802_1x_get_private_key_path (setting);
-		if (crypto_is_pkcs12_file (path, &error))
+		if (nm_crypto_is_pkcs12_file (path, &error))
 			return NM_SETTING_802_1X_CK_FORMAT_PKCS12;
 		if (error && error->domain == G_FILE_ERROR) {
 			g_error_free (error);
@@ -2606,7 +2606,7 @@ nm_setting_802_1x_set_phase2_private_key (NMSetting8021x *setting,
 	 * given, that it decrypts the private key.
 	 */
 	if (value && scheme != NM_SETTING_802_1X_CK_SCHEME_PKCS11) {
-		format = crypto_verify_private_key (value, password, NULL, &local_err);
+		format = nm_crypto_verify_private_key (value, password, NULL, &local_err);
 		if (format == NM_CRYPTO_FILE_FORMAT_UNKNOWN) {
 			g_set_error_literal (error,
 			                     NM_CONNECTION_ERROR,
@@ -2691,14 +2691,14 @@ nm_setting_802_1x_get_phase2_private_key_format (NMSetting8021x *setting)
 
 	switch (nm_setting_802_1x_get_phase2_private_key_scheme (setting)) {
 	case NM_SETTING_802_1X_CK_SCHEME_BLOB:
-		if (crypto_is_pkcs12_data (g_bytes_get_data (priv->phase2_private_key, NULL),
-		                           g_bytes_get_size (priv->phase2_private_key),
-		                           NULL))
+		if (nm_crypto_is_pkcs12_data (g_bytes_get_data (priv->phase2_private_key, NULL),
+		                              g_bytes_get_size (priv->phase2_private_key),
+		                              NULL))
 			return NM_SETTING_802_1X_CK_FORMAT_PKCS12;
 		return NM_SETTING_802_1X_CK_FORMAT_RAW_KEY;
 	case NM_SETTING_802_1X_CK_SCHEME_PATH:
 		path = nm_setting_802_1x_get_phase2_private_key_path (setting);
-		if (crypto_is_pkcs12_file (path, &error))
+		if (nm_crypto_is_pkcs12_file (path, &error))
 			return NM_SETTING_802_1X_CK_FORMAT_PKCS12;
 		if (error && error->domain == G_FILE_ERROR) {
 			g_error_free (error);
@@ -2776,11 +2776,11 @@ need_private_key_password (GBytes *blob,
 	/* Private key password is required */
 	if (password) {
 		if (path)
-			format = crypto_verify_private_key (path, password, NULL, NULL);
+			format = nm_crypto_verify_private_key (path, password, NULL, NULL);
 		else if (blob)
-			format = crypto_verify_private_key_data (g_bytes_get_data (blob, NULL),
-			                                         g_bytes_get_size (blob),
-			                                         password, NULL, NULL);
+			format = nm_crypto_verify_private_key_data (g_bytes_get_data (blob, NULL),
+			                                            g_bytes_get_size (blob),
+			                                            password, NULL, NULL);
 		else
 			return FALSE;
 	}
@@ -2895,9 +2895,9 @@ verify_tls (NMSetting8021x *self, gboolean phase2, GError **error)
 		}
 
 		/* If the private key is PKCS#12, check that it matches the client cert */
-		if (crypto_is_pkcs12_data (g_bytes_get_data (priv->phase2_private_key, NULL),
-		                           g_bytes_get_size (priv->phase2_private_key),
-		                           NULL)) {
+		if (nm_crypto_is_pkcs12_data (g_bytes_get_data (priv->phase2_private_key, NULL),
+		                              g_bytes_get_size (priv->phase2_private_key),
+		                              NULL)) {
 			if (!g_bytes_equal (priv->phase2_private_key, priv->phase2_client_cert)) {
 				g_set_error (error,
 				             NM_CONNECTION_ERROR,
@@ -2943,9 +2943,9 @@ verify_tls (NMSetting8021x *self, gboolean phase2, GError **error)
 		}
 
 		/* If the private key is PKCS#12, check that it matches the client cert */
-		if (crypto_is_pkcs12_data (g_bytes_get_data (priv->private_key, NULL),
-		                           g_bytes_get_size (priv->private_key),
-		                           NULL)) {
+		if (nm_crypto_is_pkcs12_data (g_bytes_get_data (priv->private_key, NULL),
+		                              g_bytes_get_size (priv->private_key),
+		                              NULL)) {
 			if (!g_bytes_equal (priv->private_key, priv->client_cert)) {
 				g_set_error (error,
 				             NM_CONNECTION_ERROR,

libnm-core/nm-utils.c

@@ -2843,12 +2843,12 @@ nm_utils_uuid_generate_from_string (const char *s, gssize slen, int uuid_type, g
 
 	switch (uuid_type) {
 	case NM_UTILS_UUID_TYPE_LEGACY:
-		crypto_md5_hash (NULL,
-		                 0,
-		                 (guint8 *) s,
-		                 slen,
-		                 (guint8 *) uuid,
-		                 sizeof (uuid));
+		nm_crypto_md5_hash (NULL,
+		                    0,
+		                    (guint8 *) s,
+		                    slen,
+		                    (guint8 *) uuid,
+		                    sizeof (uuid));
 		break;
 	case NM_UTILS_UUID_TYPE_VARIANT3: {
 		uuid_t ns_uuid = { 0 };
@@ -2859,12 +2859,12 @@ nm_utils_uuid_generate_from_string (const char *s, gssize slen, int uuid_type, g
 				g_return_val_if_reached (NULL);
 		}
 
-		crypto_md5_hash ((guint8 *) s,
-		                 slen,
-		                 (guint8 *) ns_uuid,
-		                 sizeof (ns_uuid),
-		                 (guint8 *) uuid,
-		                 sizeof (uuid));
+		nm_crypto_md5_hash ((guint8 *) s,
+		                    slen,
+		                    (guint8 *) ns_uuid,
+		                    sizeof (ns_uuid),
+		                    (guint8 *) uuid,
+		                    sizeof (uuid));
 
 		uuid[6] = (uuid[6] & 0x0F) | 0x30;
 		uuid[8] = (uuid[8] & 0x3F) | 0x80;
@@ -2964,20 +2964,20 @@ nm_utils_rsa_key_encrypt (const guint8 *data,
 
 	/* Make the password if needed */
 	if (!in_password) {
-		if (!crypto_randomize (pw_buf, sizeof (pw_buf), error))
+		if (!nm_crypto_randomize (pw_buf, sizeof (pw_buf), error))
 			return NULL;
 		in_password = tmp_password = nm_utils_bin2hexstr (pw_buf, sizeof (pw_buf), -1);
 	}
 
 	salt_len = 8;
-	if (!crypto_randomize (salt, salt_len, error))
+	if (!nm_crypto_randomize (salt, salt_len, error))
 		goto out;
 
-	key = crypto_make_des_aes_key (CIPHER_DES_EDE3_CBC, &salt[0], salt_len, in_password, &key_len, NULL);
+	key = nm_crypto_make_des_aes_key (CIPHER_DES_EDE3_CBC, &salt[0], salt_len, in_password, &key_len, NULL);
 	if (!key)
 		g_return_val_if_reached (NULL);
 
-	enc = crypto_encrypt (CIPHER_DES_EDE3_CBC, data, len, salt, salt_len, key, key_len, &enc_len, error);
+	enc = nm_crypto_encrypt (CIPHER_DES_EDE3_CBC, data, len, salt, salt_len, key, key_len, &enc_len, error);
 	if (!enc)
 		goto out;
 
@@ -3068,7 +3068,7 @@ nm_utils_file_is_certificate (const char *filename)
 	if (!file_has_extension (filename, extensions))
 		return FALSE;
 
-	cert = crypto_load_and_verify_certificate (filename, &file_format, NULL);
+	cert = nm_crypto_load_and_verify_certificate (filename, &file_format, NULL);
 	if (cert)
 		g_byte_array_unref (cert);
 
@@ -3097,7 +3097,7 @@ nm_utils_file_is_private_key (const char *filename, gboolean *out_encrypted)
 	if (!file_has_extension (filename, extensions))
 		return FALSE;
 
-	return crypto_verify_private_key (filename, NULL, out_encrypted, NULL) != NM_CRYPTO_FILE_FORMAT_UNKNOWN;
+	return nm_crypto_verify_private_key (filename, NULL, out_encrypted, NULL) != NM_CRYPTO_FILE_FORMAT_UNKNOWN;
 }
 
 /**
@@ -3113,7 +3113,7 @@ nm_utils_file_is_pkcs12 (const char *filename)
 {
 	g_return_val_if_fail (filename != NULL, FALSE);
 
-	return crypto_is_pkcs12_file (filename, NULL);
+	return nm_crypto_is_pkcs12_file (filename, NULL);
 }
 
 /*****************************************************************************/

libnm-core/tests/test-crypto.c

@@ -105,7 +105,7 @@ test_cert (gconstpointer test_data)
 
 	path = g_build_filename (TEST_CERT_DIR, (const char *) test_data, NULL);
 
-	array = crypto_load_and_verify_certificate (path, &format, &error);
+	array = nm_crypto_load_and_verify_certificate (path, &format, &error);
 	g_assert_no_error (error);
 	g_assert_cmpint (format, ==, NM_CRYPTO_FILE_FORMAT_X509);
 
@@ -187,7 +187,7 @@ test_load_pkcs12 (const char *path,
 
 	g_assert (nm_utils_file_is_private_key (path, NULL));
 
-	format = crypto_verify_private_key (path, password, &is_encrypted, &error);
+	format = nm_crypto_verify_private_key (path, password, &is_encrypted, &error);
 	if (expected_error != -1) {
 		g_assert_error (error, NM_CRYPTO_ERROR, expected_error);
 		g_assert_cmpint (format, ==, NM_CRYPTO_FILE_FORMAT_UNKNOWN);
@@ -209,7 +209,7 @@ test_load_pkcs12_no_password (const char *path)
 	g_assert (nm_utils_file_is_private_key (path, NULL));
 
 	/* We should still get a valid returned crypto file format */
-	format = crypto_verify_private_key (path, NULL, &is_encrypted, &error);
+	format = nm_crypto_verify_private_key (path, NULL, &is_encrypted, &error);
 	g_assert_no_error (error);
 	g_assert_cmpint (format, ==, NM_CRYPTO_FILE_FORMAT_PKCS12);
 	g_assert (is_encrypted);
@@ -221,7 +221,7 @@ test_is_pkcs12 (const char *path, gboolean expect_fail)
 	gboolean is_pkcs12;
 	GError *error = NULL;
 
-	is_pkcs12 = crypto_is_pkcs12_file (path, &error);
+	is_pkcs12 = nm_crypto_is_pkcs12_file (path, &error);
 
 	if (expect_fail) {
 		g_assert_error (error, NM_CRYPTO_ERROR, NM_CRYPTO_ERROR_INVALID_DATA);
@@ -244,7 +244,7 @@ test_load_pkcs8 (const char *path,
 
 	g_assert (nm_utils_file_is_private_key (path, NULL));
 
-	format = crypto_verify_private_key (path, password, &is_encrypted, &error);
+	format = nm_crypto_verify_private_key (path, password, &is_encrypted, &error);
 	if (expected_error != -1) {
 		g_assert_error (error, NM_CRYPTO_ERROR, expected_error);
 		g_assert_cmpint (format, ==, NM_CRYPTO_FILE_FORMAT_UNKNOWN);
@@ -417,16 +417,16 @@ test_md5 (void)
 
 	for (i = 0; i < G_N_ELEMENTS (md5_tests); i++) {
 		memset (digest, 0, sizeof (digest));
-		crypto_md5_hash ((const guint8 *) md5_tests[i].salt,
-		                 /* crypto_md5_hash() used to clamp salt_len to 8.  It
-		                  * doesn't any more, so we need to do it here now to
-		                  * get output that matches md5_tests[i].result.
-		                  */
-		                 md5_tests[i].salt ? 8 : 0,
-		                 (const guint8 *) md5_tests[i].password,
-		                 strlen (md5_tests[i].password),
-		                 (guint8 *) digest,
-		                 md5_tests[i].digest_size);
+		nm_crypto_md5_hash ((const guint8 *) md5_tests[i].salt,
+		                    /* nm_crypto_md5_hash() used to clamp salt_len to 8.  It
+		                     * doesn't any more, so we need to do it here now to
+		                     * get output that matches md5_tests[i].result.
+		                     */
+		                    md5_tests[i].salt ? 8 : 0,
+		                    (const guint8 *) md5_tests[i].password,
+		                    strlen (md5_tests[i].password),
+		                    (guint8 *) digest,
+		                    md5_tests[i].digest_size);
 
 		hex = nm_utils_bin2hexstr (digest, md5_tests[i].digest_size, -1);
 		g_assert_cmpstr (hex, ==, md5_tests[i].result);
@@ -445,7 +445,7 @@ main (int argc, char **argv)
 
 	nmtst_init (&argc, &argv, TRUE);
 
-	success = crypto_init (&error);
+	success = _nm_crypto_init (&error);
 	g_assert_no_error (error);
 	g_assert (success);