2 This file is part of GNUnet.
3 Copyright (C) 2001-2013 GNUnet e.V.
5 GNUnet is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published
7 by the Free Software Foundation; either version 3, or (at your
8 option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with GNUnet; see the file COPYING. If not, write to the
17 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
18 Boston, MA 02110-1301, USA.
22 * @file include/gnunet_crypto_lib.h
23 * @brief cryptographic primitives for GNUnet
25 * @author Christian Grothoff
26 * @author Krista Bennett
27 * @author Gerd Knorr <kraxel@bytesex.org>
28 * @author Ioana Patrascu
29 * @author Tzvetan Horozov
30 * @author Jeffrey Burdges <burdges@gnunet.org>
32 * @defgroup crypto Crypto library: cryptographic operations
33 * Provides cryptographic primitives.
35 * @see [Documentation](https://gnunet.org/crypto-api)
37 * @defgroup hash Crypto library: hash operations
38 * Provides hashing and operations on hashes.
40 * @see [Documentation](https://gnunet.org/crypto-api)
43 #ifndef GNUNET_CRYPTO_LIB_H
44 #define GNUNET_CRYPTO_LIB_H
49 #if 0 /* keep Emacsens' auto-indent happy */
55 * @brief A 512-bit hashcode. These are the default length for GNUnet, using SHA-512.
57 struct GNUNET_HashCode
59 uint32_t bits[512 / 8 / sizeof (uint32_t)]; /* = 16 */
65 * @brief A 256-bit hashcode. Used under special conditions, like when space
66 * is critical and security is not impacted by it.
68 struct GNUNET_ShortHashCode
70 uint32_t bits[256 / 8 / sizeof (uint32_t)]; /* = 8 */
75 * The identity of the host (wraps the signing key of the peer).
77 struct GNUNET_PeerIdentity;
79 #include "gnunet_common.h"
84 * Maximum length of an ECC signature.
85 * Note: round up to multiple of 8 minus 2 for alignment.
87 #define GNUNET_CRYPTO_ECC_SIGNATURE_DATA_ENCODING_LENGTH 126
91 * Desired quality level for random numbers.
94 enum GNUNET_CRYPTO_Quality
97 * No good quality of the operation is needed (i.e.,
98 * random numbers can be pseudo-random).
101 GNUNET_CRYPTO_QUALITY_WEAK,
104 * High-quality operations are desired.
107 GNUNET_CRYPTO_QUALITY_STRONG,
110 * Randomness for IVs etc. is required.
113 GNUNET_CRYPTO_QUALITY_NONCE
118 * @brief length of the sessionkey in bytes (256 BIT sessionkey)
120 #define GNUNET_CRYPTO_AES_KEY_LENGTH (256/8)
123 * Length of a hash value
125 #define GNUNET_CRYPTO_HASH_LENGTH (512/8)
128 * How many characters (without 0-terminator) are our ASCII-encoded
129 * public keys (ECDSA/EDDSA/ECDHE).
131 #define GNUNET_CRYPTO_PKEY_ASCII_LENGTH 52
134 * @brief 0-terminated ASCII encoding of a struct GNUNET_HashCode.
136 struct GNUNET_CRYPTO_HashAsciiEncoded
138 unsigned char encoding[104];
142 GNUNET_NETWORK_STRUCT_BEGIN
146 * @brief header of what an ECC signature signs
147 * this must be followed by "size - 8" bytes of
148 * the actual signed data
150 struct GNUNET_CRYPTO_EccSignaturePurpose
153 * How many bytes does this signature sign?
154 * (including this purpose header); in network
157 uint32_t size GNUNET_PACKED;
160 * What does this signature vouch for? This
161 * must contain a GNUNET_SIGNATURE_PURPOSE_XXX
162 * constant (from gnunet_signatures.h). In
163 * network byte order!
165 uint32_t purpose GNUNET_PACKED;
171 * @brief an ECC signature using EdDSA.
172 * See https://gnunet.org/ed25519
174 struct GNUNET_CRYPTO_EddsaSignature
180 unsigned char r[256 / 8];
185 unsigned char s[256 / 8];
192 * @brief an ECC signature using ECDSA
194 struct GNUNET_CRYPTO_EcdsaSignature
200 unsigned char r[256 / 8];
205 unsigned char s[256 / 8];
211 * Public ECC key (always for Curve25519) encoded in a format suitable
212 * for network transmission and EdDSA signatures.
214 struct GNUNET_CRYPTO_EddsaPublicKey
217 * Q consists of an x- and a y-value, each mod p (256 bits), given
218 * here in affine coordinates and Ed25519 standard compact format.
220 unsigned char q_y[256 / 8];
226 * Public ECC key (always for Curve25519) encoded in a format suitable
227 * for network transmission and ECDSA signatures.
229 struct GNUNET_CRYPTO_EcdsaPublicKey
232 * Q consists of an x- and a y-value, each mod p (256 bits), given
233 * here in affine coordinates and Ed25519 standard compact format.
235 unsigned char q_y[256 / 8];
241 * The identity of the host (wraps the signing key of the peer).
243 struct GNUNET_PeerIdentity
245 struct GNUNET_CRYPTO_EddsaPublicKey public_key;
250 * Public ECC key (always for Curve25519) encoded in a format suitable
251 * for network transmission and encryption (ECDH),
252 * See http://cr.yp.to/ecdh.html
254 struct GNUNET_CRYPTO_EcdhePublicKey
257 * Q consists of an x- and a y-value, each mod p (256 bits), given
258 * here in affine coordinates and Ed25519 standard compact format.
260 unsigned char q_y[256 / 8];
265 * Private ECC key encoded for transmission. To be used only for ECDH
266 * key exchange (ECDHE to be precise).
268 struct GNUNET_CRYPTO_EcdhePrivateKey
271 * d is a value mod n, where n has at most 256 bits.
273 unsigned char d[256 / 8];
278 * Private ECC key encoded for transmission. To be used only for ECDSA
281 struct GNUNET_CRYPTO_EcdsaPrivateKey
284 * d is a value mod n, where n has at most 256 bits.
286 unsigned char d[256 / 8];
291 * Private ECC key encoded for transmission. To be used only for EdDSA
294 struct GNUNET_CRYPTO_EddsaPrivateKey
297 * d is a value mod n, where n has at most 256 bits.
299 unsigned char d[256 / 8];
305 * @brief type for session keys
307 struct GNUNET_CRYPTO_SymmetricSessionKey
310 * Actual key for AES.
312 unsigned char aes_key[GNUNET_CRYPTO_AES_KEY_LENGTH];
315 * Actual key for TwoFish.
317 unsigned char twofish_key[GNUNET_CRYPTO_AES_KEY_LENGTH];
321 GNUNET_NETWORK_STRUCT_END
324 * @brief IV for sym cipher
326 * NOTE: must be smaller (!) in size than the
327 * `struct GNUNET_HashCode`.
329 struct GNUNET_CRYPTO_SymmetricInitializationVector
331 unsigned char aes_iv[GNUNET_CRYPTO_AES_KEY_LENGTH / 2];
333 unsigned char twofish_iv[GNUNET_CRYPTO_AES_KEY_LENGTH / 2];
338 * @brief type for (message) authentication keys
340 struct GNUNET_CRYPTO_AuthKey
342 unsigned char key[GNUNET_CRYPTO_HASH_LENGTH];
347 * Size of paillier plain texts and public keys.
348 * Private keys and ciphertexts are twice this size.
350 #define GNUNET_CRYPTO_PAILLIER_BITS 2048
354 * Paillier public key.
356 struct GNUNET_CRYPTO_PaillierPublicKey
361 unsigned char n[GNUNET_CRYPTO_PAILLIER_BITS / 8];
366 * Paillier public key.
368 struct GNUNET_CRYPTO_PaillierPrivateKey
371 * Lambda-component of the private key.
373 unsigned char lambda[GNUNET_CRYPTO_PAILLIER_BITS / 8];
375 * Mu-component of the private key.
377 unsigned char mu[GNUNET_CRYPTO_PAILLIER_BITS / 8];
382 * Paillier ciphertext.
384 struct GNUNET_CRYPTO_PaillierCiphertext
387 * Guaranteed minimum number of homomorphic operations with this ciphertext,
388 * in network byte order (NBO).
390 int32_t remaining_ops GNUNET_PACKED;
393 * The bits of the ciphertext.
395 unsigned char bits[GNUNET_CRYPTO_PAILLIER_BITS * 2 / 8];
399 /* **************** Functions and Macros ************* */
403 * Seed a weak random generator. Only #GNUNET_CRYPTO_QUALITY_WEAK-mode generator
406 * @param seed the seed to use
409 GNUNET_CRYPTO_seed_weak_random (int32_t seed);
414 * Calculate the checksum of a buffer in one step.
416 * @param buf buffer to calculate CRC over
417 * @param len number of bytes in @a buf
421 GNUNET_CRYPTO_crc8_n (const void *buf,
426 * Perform an incremental step in a CRC16 (for TCP/IP) calculation.
428 * @param sum current sum, initially 0
429 * @param buf buffer to calculate CRC over (must be 16-bit aligned)
430 * @param len number of bytes in @a buf, must be multiple of 2
431 * @return updated crc sum (must be subjected to #GNUNET_CRYPTO_crc16_finish to get actual crc16)
434 GNUNET_CRYPTO_crc16_step (uint32_t sum,
440 * Convert results from GNUNET_CRYPTO_crc16_step to final crc16.
442 * @param sum cummulative sum
443 * @return crc16 value
446 GNUNET_CRYPTO_crc16_finish (uint32_t sum);
451 * Calculate the checksum of a buffer in one step.
453 * @param buf buffer to calculate CRC over (must be 16-bit aligned)
454 * @param len number of bytes in @a buf, must be multiple of 2
455 * @return crc16 value
458 GNUNET_CRYPTO_crc16_n (const void *buf,
466 * Compute the CRC32 checksum for the first len
467 * bytes of the buffer.
469 * @param buf the data over which we're taking the CRC
470 * @param len the length of the buffer @a buf in bytes
471 * @return the resulting CRC32 checksum
474 GNUNET_CRYPTO_crc32_n (const void *buf,
480 * Fill block with a random values.
482 * @param mode desired quality of the random number
483 * @param buffer the buffer to fill
484 * @param length buffer length
487 GNUNET_CRYPTO_random_block (enum GNUNET_CRYPTO_Quality mode,
493 * Produce a random value.
495 * @param mode desired quality of the random number
496 * @param i the upper limit (exclusive) for the random number
497 * @return a random value in the interval [0,@a i) (exclusive).
500 GNUNET_CRYPTO_random_u32 (enum GNUNET_CRYPTO_Quality mode,
506 * Random on unsigned 64-bit values.
508 * @param mode desired quality of the random number
509 * @param max value returned will be in range [0,@a max) (exclusive)
510 * @return random 64-bit number
513 GNUNET_CRYPTO_random_u64 (enum GNUNET_CRYPTO_Quality mode,
519 * Get an array with a random permutation of the
521 * @param mode #GNUNET_CRYPTO_QUALITY_STRONG if the strong (but expensive) PRNG should be used,
522 * #GNUNET_CRYPTO_QUALITY_WEAK or #GNUNET_CRYPTO_QUALITY_NONCE otherwise
523 * @param n the size of the array
524 * @return the permutation array (allocated from heap)
527 GNUNET_CRYPTO_random_permute (enum GNUNET_CRYPTO_Quality mode,
533 * Create a new random session key.
535 * @param key key to initialize
538 GNUNET_CRYPTO_symmetric_create_session_key (struct GNUNET_CRYPTO_SymmetricSessionKey *key);
543 * Encrypt a block using a symmetric sessionkey.
545 * @param block the block to encrypt
546 * @param size the size of the @a block
547 * @param sessionkey the key used to encrypt
548 * @param iv the initialization vector to use, use INITVALUE
550 * @return the size of the encrypted block, -1 for errors
553 GNUNET_CRYPTO_symmetric_encrypt (const void *block,
555 const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey,
556 const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv,
562 * Decrypt a given block using a symmetric sessionkey.
564 * @param block the data to decrypt, encoded as returned by encrypt
565 * @param size how big is the block?
566 * @param sessionkey the key used to decrypt
567 * @param iv the initialization vector to use
568 * @param result address to store the result at
569 * @return -1 on failure, size of decrypted block on success
572 GNUNET_CRYPTO_symmetric_decrypt (const void *block,
574 const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey,
575 const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv,
581 * @brief Derive an IV
582 * @param iv initialization vector
583 * @param skey session key
584 * @param salt salt for the derivation
585 * @param salt_len size of the @a salt
586 * @param ... pairs of void * & size_t for context chunks, terminated by NULL
589 GNUNET_CRYPTO_symmetric_derive_iv (struct GNUNET_CRYPTO_SymmetricInitializationVector *iv,
590 const struct GNUNET_CRYPTO_SymmetricSessionKey *skey,
592 size_t salt_len, ...);
596 * @brief Derive an IV
597 * @param iv initialization vector
598 * @param skey session key
599 * @param salt salt for the derivation
600 * @param salt_len size of the @a salt
601 * @param argp pairs of void * & size_t for context chunks, terminated by NULL
604 GNUNET_CRYPTO_symmetric_derive_iv_v (struct GNUNET_CRYPTO_SymmetricInitializationVector *iv,
605 const struct GNUNET_CRYPTO_SymmetricSessionKey *skey,
613 * Convert hash to ASCII encoding.
614 * @param block the hash code
615 * @param result where to store the encoding (struct GNUNET_CRYPTO_HashAsciiEncoded can be
616 * safely cast to char*, a '\\0' termination is set).
619 GNUNET_CRYPTO_hash_to_enc (const struct GNUNET_HashCode *block,
620 struct GNUNET_CRYPTO_HashAsciiEncoded *result);
625 * Convert ASCII encoding back to a 'struct GNUNET_HashCode'
627 * @param enc the encoding
628 * @param enclen number of characters in @a enc (without 0-terminator, which can be missing)
629 * @param result where to store the hash code
630 * @return #GNUNET_OK on success, #GNUNET_SYSERR if result has the wrong encoding
633 GNUNET_CRYPTO_hash_from_string2 (const char *enc,
635 struct GNUNET_HashCode *result);
640 * Convert ASCII encoding back to `struct GNUNET_HashCode`
642 * @param enc the encoding
643 * @param result where to store the hash code
644 * @return #GNUNET_OK on success, #GNUNET_SYSERR if result has the wrong encoding
646 #define GNUNET_CRYPTO_hash_from_string(enc, result) \
647 GNUNET_CRYPTO_hash_from_string2 (enc, strlen(enc), result)
653 * Compute the distance between 2 hashcodes. The
654 * computation must be fast, not involve @a a[0] or @a a[4] (they're used
655 * elsewhere), and be somewhat consistent. And of course, the result
656 * should be a positive number.
658 * @param a some hash code
659 * @param b some hash code
660 * @return number between 0 and UINT32_MAX
663 GNUNET_CRYPTO_hash_distance_u32 (const struct GNUNET_HashCode *a,
664 const struct GNUNET_HashCode *b);
669 * Compute hash of a given block.
671 * @param block the data to hash
672 * @param size size of the @a block
673 * @param ret pointer to where to write the hashcode
676 GNUNET_CRYPTO_hash (const void *block,
678 struct GNUNET_HashCode *ret);
682 * Context for cummulative hashing.
684 struct GNUNET_HashContext;
688 * Start incremental hashing operation.
690 * @return context for incremental hash computation
692 struct GNUNET_HashContext *
693 GNUNET_CRYPTO_hash_context_start (void);
697 * Add data to be hashed.
699 * @param hc cummulative hash context
700 * @param buf data to add
701 * @param size number of bytes in @a buf
704 GNUNET_CRYPTO_hash_context_read (struct GNUNET_HashContext *hc,
710 * Finish the hash computation.
712 * @param hc hash context to use, is freed in the process
713 * @param r_hash where to write the latest / final hash code
716 GNUNET_CRYPTO_hash_context_finish (struct GNUNET_HashContext *hc,
717 struct GNUNET_HashCode *r_hash);
721 * Abort hashing, do not bother calculating final result.
723 * @param hc hash context to destroy
726 GNUNET_CRYPTO_hash_context_abort (struct GNUNET_HashContext *hc);
731 * Calculate HMAC of a message (RFC 2104)
733 * @param key secret key
734 * @param plaintext input plaintext
735 * @param plaintext_len length of @a plaintext
736 * @param hmac where to store the hmac
739 GNUNET_CRYPTO_hmac (const struct GNUNET_CRYPTO_AuthKey *key,
740 const void *plaintext,
741 size_t plaintext_len,
742 struct GNUNET_HashCode *hmac);
746 * Function called once the hash computation over the
747 * specified file has completed.
750 * @param res resulting hash, NULL on error
753 (*GNUNET_CRYPTO_HashCompletedCallback) (void *cls,
754 const struct GNUNET_HashCode *res);
758 * Handle to file hashing operation.
760 struct GNUNET_CRYPTO_FileHashContext;
765 * Compute the hash of an entire file.
767 * @param priority scheduling priority to use
768 * @param filename name of file to hash
769 * @param blocksize number of bytes to process in one task
770 * @param callback function to call upon completion
771 * @param callback_cls closure for @a callback
772 * @return NULL on (immediate) errror
774 struct GNUNET_CRYPTO_FileHashContext *
775 GNUNET_CRYPTO_hash_file (enum GNUNET_SCHEDULER_Priority priority,
776 const char *filename,
778 GNUNET_CRYPTO_HashCompletedCallback callback,
783 * Cancel a file hashing operation.
785 * @param fhc operation to cancel (callback must not yet have been invoked)
788 GNUNET_CRYPTO_hash_file_cancel (struct GNUNET_CRYPTO_FileHashContext *fhc);
793 * Create a random hash code.
795 * @param mode desired quality level
796 * @param result hash code that is randomized
799 GNUNET_CRYPTO_hash_create_random (enum GNUNET_CRYPTO_Quality mode,
800 struct GNUNET_HashCode *result);
805 * compute @a result = @a b - @a a
807 * @param a some hash code
808 * @param b some hash code
809 * @param result set to @a b - @a a
812 GNUNET_CRYPTO_hash_difference (const struct GNUNET_HashCode *a,
813 const struct GNUNET_HashCode *b,
814 struct GNUNET_HashCode *result);
819 * compute @a result = @a a + @a delta
821 * @param a some hash code
822 * @param delta some hash code
823 * @param result set to @a a + @a delta
826 GNUNET_CRYPTO_hash_sum (const struct GNUNET_HashCode *a,
827 const struct GNUNET_HashCode *delta,
828 struct GNUNET_HashCode *result);
833 * compute result = a ^ b
835 * @param a some hash code
836 * @param b some hash code
837 * @param result set to @a a ^ @a b
840 GNUNET_CRYPTO_hash_xor (const struct GNUNET_HashCode *a,
841 const struct GNUNET_HashCode *b,
842 struct GNUNET_HashCode *result);
847 * Convert a hashcode into a key.
849 * @param hc hash code that serves to generate the key
850 * @param skey set to a valid session key
851 * @param iv set to a valid initialization vector
854 GNUNET_CRYPTO_hash_to_aes_key (const struct GNUNET_HashCode * hc,
855 struct GNUNET_CRYPTO_SymmetricSessionKey *skey,
856 struct GNUNET_CRYPTO_SymmetricInitializationVector *iv);
861 * Obtain a bit from a hashcode.
863 * @param code the `struct GNUNET_HashCode` to index bit-wise
864 * @param bit index into the hashcode, [0...159]
865 * @return Bit \a bit from hashcode \a code, -1 for invalid index
868 GNUNET_CRYPTO_hash_get_bit (const struct GNUNET_HashCode *code,
874 * Determine how many low order bits match in two
875 * `struct GNUNET_HashCodes`. i.e. - 010011 and 011111 share
876 * the first two lowest order bits, and therefore the
877 * return value is two (NOT XOR distance, nor how many
878 * bits match absolutely!).
880 * @param first the first hashcode
881 * @param second the hashcode to compare first to
882 * @return the number of bits that match
885 GNUNET_CRYPTO_hash_matching_bits (const struct GNUNET_HashCode *first,
886 const struct GNUNET_HashCode *second);
891 * Compare function for HashCodes, producing a total ordering
894 * @param h1 some hash code
895 * @param h2 some hash code
896 * @return 1 if @a h1 > @a h2, -1 if @a h1 < @a h2 and 0 if @a h1 == @a h2.
899 GNUNET_CRYPTO_hash_cmp (const struct GNUNET_HashCode *h1,
900 const struct GNUNET_HashCode *h2);
905 * Find out which of the two GNUNET_CRYPTO_hash codes is closer to target
906 * in the XOR metric (Kademlia).
908 * @param h1 some hash code
909 * @param h2 some hash code
910 * @param target some hash code
911 * @return -1 if @a h1 is closer, 1 if @a h2 is closer and 0 if @a h1== @a h2.
914 GNUNET_CRYPTO_hash_xorcmp (const struct GNUNET_HashCode *h1,
915 const struct GNUNET_HashCode *h2,
916 const struct GNUNET_HashCode *target);
921 * @brief Derive an authentication key
922 * @param key authentication key
923 * @param rkey root key
925 * @param salt_len size of the salt
926 * @param argp pair of void * & size_t for context chunks, terminated by NULL
929 GNUNET_CRYPTO_hmac_derive_key_v (struct GNUNET_CRYPTO_AuthKey *key,
930 const struct GNUNET_CRYPTO_SymmetricSessionKey *rkey,
931 const void *salt, size_t salt_len,
937 * @brief Derive an authentication key
938 * @param key authentication key
939 * @param rkey root key
941 * @param salt_len size of the salt
942 * @param ... pair of void * & size_t for context chunks, terminated by NULL
945 GNUNET_CRYPTO_hmac_derive_key (struct GNUNET_CRYPTO_AuthKey *key,
946 const struct GNUNET_CRYPTO_SymmetricSessionKey *rkey,
947 const void *salt, size_t salt_len,
954 * @param result buffer for the derived key, allocated by caller
955 * @param out_len desired length of the derived key
956 * @param xtr_algo hash algorithm for the extraction phase, GCRY_MD_...
957 * @param prf_algo hash algorithm for the expansion phase, GCRY_MD_...
959 * @param xts_len length of @a xts
960 * @param skm source key material
961 * @param skm_len length of @a skm
962 * @param ... pair of void * & size_t for context chunks, terminated by NULL
963 * @return #GNUNET_YES on success
966 GNUNET_CRYPTO_hkdf (void *result,
980 * @param result buffer for the derived key, allocated by caller
981 * @param out_len desired length of the derived key
982 * @param xtr_algo hash algorithm for the extraction phase, GCRY_MD_...
983 * @param prf_algo hash algorithm for the expansion phase, GCRY_MD_...
985 * @param xts_len length of @a xts
986 * @param skm source key material
987 * @param skm_len length of @a skm
988 * @param argp va_list of void * & size_t pairs for context chunks
989 * @return #GNUNET_YES on success
992 GNUNET_CRYPTO_hkdf_v (void *result,
1005 * @param result buffer for the derived key, allocated by caller
1006 * @param out_len desired length of the derived key
1008 * @param xts_len length of @a xts
1009 * @param skm source key material
1010 * @param skm_len length of @a skm
1011 * @param argp va_list of void * & size_t pairs for context chunks
1012 * @return #GNUNET_YES on success
1015 GNUNET_CRYPTO_kdf_v (void *result,
1025 * Deterministically generate a pseudo-random number uniformly from the
1026 * integers modulo a libgcrypt mpi.
1028 * @param[out] r MPI value set to the FDH
1029 * @param n MPI to work modulo
1031 * @param xts_len length of @a xts
1032 * @param skm source key material
1033 * @param skm_len length of @a skm
1034 * @param ctx context string
1037 GNUNET_CRYPTO_kdf_mod_mpi (gcry_mpi_t *r,
1039 const void *xts, size_t xts_len,
1040 const void *skm, size_t skm_len,
1047 * @param result buffer for the derived key, allocated by caller
1048 * @param out_len desired length of the derived key
1050 * @param xts_len length of @a xts
1051 * @param skm source key material
1052 * @param skm_len length of @a skm
1053 * @param ... void * & size_t pairs for context chunks
1054 * @return #GNUNET_YES on success
1057 GNUNET_CRYPTO_kdf (void *result,
1068 * Extract the public key for the given private key.
1070 * @param priv the private key
1071 * @param pub where to write the public key
1074 GNUNET_CRYPTO_ecdsa_key_get_public (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv,
1075 struct GNUNET_CRYPTO_EcdsaPublicKey *pub);
1079 * Extract the public key for the given private key.
1081 * @param priv the private key
1082 * @param pub where to write the public key
1085 GNUNET_CRYPTO_eddsa_key_get_public (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv,
1086 struct GNUNET_CRYPTO_EddsaPublicKey *pub);
1092 * Extract the public key for the given private key.
1094 * @param priv the private key
1095 * @param pub where to write the public key
1098 GNUNET_CRYPTO_ecdhe_key_get_public (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv,
1099 struct GNUNET_CRYPTO_EcdhePublicKey *pub);
1103 * Convert a public key to a string.
1105 * @param pub key to convert
1106 * @return string representing @a pub
1109 GNUNET_CRYPTO_ecdsa_public_key_to_string (const struct GNUNET_CRYPTO_EcdsaPublicKey *pub);
1113 * Convert a public key to a string.
1115 * @param pub key to convert
1116 * @return string representing @a pub
1119 GNUNET_CRYPTO_eddsa_public_key_to_string (const struct GNUNET_CRYPTO_EddsaPublicKey *pub);
1123 * Convert a string representing a public key to a public key.
1125 * @param enc encoded public key
1126 * @param enclen number of bytes in @a enc (without 0-terminator)
1127 * @param pub where to store the public key
1128 * @return #GNUNET_OK on success
1131 GNUNET_CRYPTO_ecdsa_public_key_from_string (const char *enc,
1133 struct GNUNET_CRYPTO_EcdsaPublicKey *pub);
1137 * Convert a string representing a private key to a private key.
1139 * @param enc encoded public key
1140 * @param enclen number of bytes in @a enc (without 0-terminator)
1141 * @param priv where to store the private key
1142 * @return #GNUNET_OK on success
1145 GNUNET_CRYPTO_eddsa_private_key_from_string (const char *enc,
1147 struct GNUNET_CRYPTO_EddsaPrivateKey *pub);
1151 * Convert a string representing a public key to a public key.
1153 * @param enc encoded public key
1154 * @param enclen number of bytes in @a enc (without 0-terminator)
1155 * @param pub where to store the public key
1156 * @return #GNUNET_OK on success
1159 GNUNET_CRYPTO_eddsa_public_key_from_string (const char *enc,
1161 struct GNUNET_CRYPTO_EddsaPublicKey *pub);
1166 * Create a new private key by reading it from a file. If the
1167 * files does not exist, create a new key and write it to the
1168 * file. Caller must free return value. Note that this function
1169 * can not guarantee that another process might not be trying
1170 * the same operation on the same file at the same time.
1171 * If the contents of the file
1172 * are invalid the old file is deleted and a fresh key is
1175 * @param filename name of file to use to store the key
1176 * @return new private key, NULL on error (for example,
1177 * permission denied); free using #GNUNET_free
1179 struct GNUNET_CRYPTO_EcdsaPrivateKey *
1180 GNUNET_CRYPTO_ecdsa_key_create_from_file (const char *filename);
1185 * Create a new private key by reading it from a file. If the
1186 * files does not exist, create a new key and write it to the
1187 * file. Caller must free return value. Note that this function
1188 * can not guarantee that another process might not be trying
1189 * the same operation on the same file at the same time.
1190 * If the contents of the file
1191 * are invalid the old file is deleted and a fresh key is
1194 * @param filename name of file to use to store the key
1195 * @return new private key, NULL on error (for example,
1196 * permission denied); free using #GNUNET_free
1198 struct GNUNET_CRYPTO_EddsaPrivateKey *
1199 GNUNET_CRYPTO_eddsa_key_create_from_file (const char *filename);
1203 * Forward declaration to simplify #include-structure.
1205 struct GNUNET_CONFIGURATION_Handle;
1210 * Create a new private key by reading our peer's key from
1211 * the file specified in the configuration.
1213 * @param cfg the configuration to use
1214 * @return new private key, NULL on error (for example,
1215 * permission denied); free using #GNUNET_free
1217 struct GNUNET_CRYPTO_EddsaPrivateKey *
1218 GNUNET_CRYPTO_eddsa_key_create_from_configuration (const struct GNUNET_CONFIGURATION_Handle *cfg);
1223 * Create a new private key. Caller must free return value.
1225 * @return fresh private key; free using #GNUNET_free
1227 struct GNUNET_CRYPTO_EcdsaPrivateKey *
1228 GNUNET_CRYPTO_ecdsa_key_create (void);
1233 * Create a new private key. Caller must free return value.
1235 * @return fresh private key; free using #GNUNET_free
1237 struct GNUNET_CRYPTO_EddsaPrivateKey *
1238 GNUNET_CRYPTO_eddsa_key_create (void);
1243 * Create a new private key. Clear with #GNUNET_CRYPTO_ecdhe_key_clear().
1245 * @param[out] pk set to fresh private key;
1246 * @return #GNUNET_OK on success, #GNUNET_SYSERR on failure
1249 GNUNET_CRYPTO_ecdhe_key_create2 (struct GNUNET_CRYPTO_EcdhePrivateKey *pk);
1254 * Create a new private key. Caller must free return value.
1256 * @return fresh private key; free using #GNUNET_free
1258 struct GNUNET_CRYPTO_EcdhePrivateKey *
1259 GNUNET_CRYPTO_ecdhe_key_create (void);
1264 * Clear memory that was used to store a private key.
1266 * @param pk location of the key
1269 GNUNET_CRYPTO_eddsa_key_clear (struct GNUNET_CRYPTO_EddsaPrivateKey *pk);
1274 * Clear memory that was used to store a private key.
1276 * @param pk location of the key
1279 GNUNET_CRYPTO_ecdsa_key_clear (struct GNUNET_CRYPTO_EcdsaPrivateKey *pk);
1284 * Clear memory that was used to store a private key.
1286 * @param pk location of the key
1289 GNUNET_CRYPTO_ecdhe_key_clear (struct GNUNET_CRYPTO_EcdhePrivateKey *pk);
1294 * Get the shared private key we use for anonymous users.
1296 * @return "anonymous" private key; do not free
1298 const struct GNUNET_CRYPTO_EcdsaPrivateKey *
1299 GNUNET_CRYPTO_ecdsa_key_get_anonymous (void);
1304 * Setup a hostkey file for a peer given the name of the
1305 * configuration file (!). This function is used so that
1306 * at a later point code can be certain that reading a
1307 * hostkey is fast (for example in time-dependent testcases).
1309 * @param cfg_name name of the configuration file to use
1312 GNUNET_CRYPTO_eddsa_setup_hostkey (const char *cfg_name);
1317 * Retrieve the identity of the host's peer.
1319 * @param cfg configuration to use
1320 * @param dst pointer to where to write the peer identity
1321 * @return #GNUNET_OK on success, #GNUNET_SYSERR if the identity
1322 * could not be retrieved
1325 GNUNET_CRYPTO_get_peer_identity (const struct GNUNET_CONFIGURATION_Handle *cfg,
1326 struct GNUNET_PeerIdentity *dst);
1330 * Compare two Peer Identities.
1332 * @param first first peer identity
1333 * @param second second peer identity
1334 * @return bigger than 0 if first > second,
1335 * 0 if they are the same
1336 * smaller than 0 if second > first
1339 GNUNET_CRYPTO_cmp_peer_identity (const struct GNUNET_PeerIdentity *first,
1340 const struct GNUNET_PeerIdentity *second);
1344 * Internal structure used to cache pre-calculated values for DLOG calculation.
1346 struct GNUNET_CRYPTO_EccDlogContext;
1350 * Point on a curve (always for Curve25519) encoded in a format suitable
1351 * for network transmission (ECDH), see http://cr.yp.to/ecdh.html.
1353 struct GNUNET_CRYPTO_EccPoint
1356 * Q consists of an x- and a y-value, each mod p (256 bits), given
1357 * here in affine coordinates and Ed25519 standard compact format.
1359 unsigned char q_y[256 / 8];
1364 * Do pre-calculation for ECC discrete logarithm for small factors.
1366 * @param max maximum value the factor can be
1367 * @param mem memory to use (should be smaller than @a max), must not be zero.
1368 * @return NULL on error
1370 struct GNUNET_CRYPTO_EccDlogContext *
1371 GNUNET_CRYPTO_ecc_dlog_prepare (unsigned int max,
1376 * Calculate ECC discrete logarithm for small factors.
1377 * Opposite of #GNUNET_CRYPTO_ecc_dexp().
1379 * @param dlc precalculated values, determine range of factors
1380 * @param input point on the curve to factor
1381 * @return INT_MAX if dlog failed, otherwise the factor
1384 GNUNET_CRYPTO_ecc_dlog (struct GNUNET_CRYPTO_EccDlogContext *edc,
1385 gcry_mpi_point_t input);
1389 * Multiply the generator g of the elliptic curve by @a val
1390 * to obtain the point on the curve representing @a val.
1391 * Afterwards, point addition will correspond to integer
1392 * addition. #GNUNET_CRYPTO_ecc_dlog() can be used to
1393 * convert a point back to an integer (as long as the
1394 * integer is smaller than the MAX of the @a edc context).
1396 * @param edc calculation context for ECC operations
1397 * @param val value to encode into a point
1398 * @return representation of the value as an ECC point,
1399 * must be freed using #GNUNET_CRYPTO_ecc_free()
1402 GNUNET_CRYPTO_ecc_dexp (struct GNUNET_CRYPTO_EccDlogContext *edc,
1407 * Multiply the generator g of the elliptic curve by @a val
1408 * to obtain the point on the curve representing @a val.
1410 * @param edc calculation context for ECC operations
1411 * @param val (positive) value to encode into a point
1412 * @return representation of the value as an ECC point,
1413 * must be freed using #GNUNET_CRYPTO_ecc_free()
1416 GNUNET_CRYPTO_ecc_dexp_mpi (struct GNUNET_CRYPTO_EccDlogContext *edc,
1421 * Multiply the point @a p on the elliptic curve by @a val.
1423 * @param edc calculation context for ECC operations
1424 * @param p point to multiply
1425 * @param val (positive) value to encode into a point
1426 * @return representation of the value as an ECC point,
1427 * must be freed using #GNUNET_CRYPTO_ecc_free()
1430 GNUNET_CRYPTO_ecc_pmul_mpi (struct GNUNET_CRYPTO_EccDlogContext *edc,
1436 * Convert point value to binary representation.
1438 * @param edc calculation context for ECC operations
1439 * @param point computational point representation
1440 * @param[out] bin binary point representation
1443 GNUNET_CRYPTO_ecc_point_to_bin (struct GNUNET_CRYPTO_EccDlogContext *edc,
1444 gcry_mpi_point_t point,
1445 struct GNUNET_CRYPTO_EccPoint *bin);
1449 * Convert binary representation of a point to computational representation.
1451 * @param edc calculation context for ECC operations
1452 * @param bin binary point representation
1453 * @return computational representation
1456 GNUNET_CRYPTO_ecc_bin_to_point (struct GNUNET_CRYPTO_EccDlogContext *edc,
1457 const struct GNUNET_CRYPTO_EccPoint *bin);
1461 * Add two points on the elliptic curve.
1463 * @param edc calculation context for ECC operations
1464 * @param a some value
1465 * @param b some value
1466 * @return @a a + @a b, must be freed using #GNUNET_CRYPTO_ecc_free()
1469 GNUNET_CRYPTO_ecc_add (struct GNUNET_CRYPTO_EccDlogContext *edc,
1471 gcry_mpi_point_t b);
1475 * Obtain a random point on the curve and its
1476 * additive inverse. Both returned values
1477 * must be freed using #GNUNET_CRYPTO_ecc_free().
1479 * @param edc calculation context for ECC operations
1480 * @param[out] r set to a random point on the curve
1481 * @param[out] r_inv set to the additive inverse of @a r
1484 GNUNET_CRYPTO_ecc_rnd (struct GNUNET_CRYPTO_EccDlogContext *edc,
1485 gcry_mpi_point_t *r,
1486 gcry_mpi_point_t *r_inv);
1490 * Obtain a random scalar for point multiplication on the curve and
1491 * its multiplicative inverse.
1493 * @param edc calculation context for ECC operations
1494 * @param[out] r set to a random scalar on the curve
1495 * @param[out] r_inv set to the multiplicative inverse of @a r
1498 GNUNET_CRYPTO_ecc_rnd_mpi (struct GNUNET_CRYPTO_EccDlogContext *edc,
1504 * Generate a random value mod n.
1506 * @param edc ECC context
1507 * @return random value mod n.
1510 GNUNET_CRYPTO_ecc_random_mod_n (struct GNUNET_CRYPTO_EccDlogContext *edc);
1514 * Free a point value returned by the API.
1516 * @param p point to free
1519 GNUNET_CRYPTO_ecc_free (gcry_mpi_point_t p);
1523 * Release precalculated values.
1525 * @param dlc dlog context
1528 GNUNET_CRYPTO_ecc_dlog_release (struct GNUNET_CRYPTO_EccDlogContext *dlc);
1533 * Derive key material from a public and a private ECC key.
1535 * @param priv private key to use for the ECDH (x)
1536 * @param pub public key to use for the ECDH (yG)
1537 * @param key_material where to write the key material (xyG)
1538 * @return #GNUNET_SYSERR on error, #GNUNET_OK on success
1541 GNUNET_CRYPTO_ecc_ecdh (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv,
1542 const struct GNUNET_CRYPTO_EcdhePublicKey *pub,
1543 struct GNUNET_HashCode *key_material);
1548 * Derive key material from a ECDH public key and a private EdDSA key.
1549 * Dual to #GNUNET_CRRYPTO_ecdh_eddsa.
1551 * @param priv private key from EdDSA to use for the ECDH (x)
1552 * @param pub public key to use for the ECDH (yG)
1553 * @param key_material where to write the key material H(h(x)yG)
1554 * @return #GNUNET_SYSERR on error, #GNUNET_OK on success
1557 GNUNET_CRYPTO_eddsa_ecdh (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv,
1558 const struct GNUNET_CRYPTO_EcdhePublicKey *pub,
1559 struct GNUNET_HashCode *key_material);
1563 * Derive key material from a ECDH public key and a private ECDSA key.
1564 * Dual to #GNUNET_CRRYPTO_ecdh_ecdsa.
1566 * @param priv private key from ECDSA to use for the ECDH (x)
1567 * @param pub public key to use for the ECDH (yG)
1568 * @param key_material where to write the key material H(h(x)yG)
1569 * @return #GNUNET_SYSERR on error, #GNUNET_OK on success
1572 GNUNET_CRYPTO_ecdsa_ecdh (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv,
1573 const struct GNUNET_CRYPTO_EcdhePublicKey *pub,
1574 struct GNUNET_HashCode *key_material);
1579 * Derive key material from a EdDSA public key and a private ECDH key.
1580 * Dual to #GNUNET_CRRYPTO_eddsa_ecdh.
1582 * @param priv private key to use for the ECDH (y)
1583 * @param pub public key from EdDSA to use for the ECDH (X=h(x)G)
1584 * @param key_material where to write the key material H(yX)=H(h(x)yG)
1585 * @return #GNUNET_SYSERR on error, #GNUNET_OK on success
1588 GNUNET_CRYPTO_ecdh_eddsa (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv,
1589 const struct GNUNET_CRYPTO_EddsaPublicKey *pub,
1590 struct GNUNET_HashCode *key_material);
1594 * Derive key material from a EcDSA public key and a private ECDH key.
1595 * Dual to #GNUNET_CRRYPTO_ecdsa_ecdh.
1597 * @param priv private key to use for the ECDH (y)
1598 * @param pub public key from ECDSA to use for the ECDH (X=h(x)G)
1599 * @param key_material where to write the key material H(yX)=H(h(x)yG)
1600 * @return #GNUNET_SYSERR on error, #GNUNET_OK on success
1603 GNUNET_CRYPTO_ecdh_ecdsa (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv,
1604 const struct GNUNET_CRYPTO_EcdsaPublicKey *pub,
1605 struct GNUNET_HashCode *key_material);
1610 * EdDSA sign a given block.
1612 * @param priv private key to use for the signing
1613 * @param purpose what to sign (size, purpose)
1614 * @param sig where to write the signature
1615 * @return #GNUNET_SYSERR on error, #GNUNET_OK on success
1618 GNUNET_CRYPTO_eddsa_sign (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv,
1619 const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose,
1620 struct GNUNET_CRYPTO_EddsaSignature *sig);
1625 * ECDSA Sign a given block.
1627 * @param priv private key to use for the signing
1628 * @param purpose what to sign (size, purpose)
1629 * @param sig where to write the signature
1630 * @return #GNUNET_SYSERR on error, #GNUNET_OK on success
1633 GNUNET_CRYPTO_ecdsa_sign (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv,
1634 const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose,
1635 struct GNUNET_CRYPTO_EcdsaSignature *sig);
1639 * Verify EdDSA signature.
1641 * @param purpose what is the purpose that the signature should have?
1642 * @param validate block to validate (size, purpose, data)
1643 * @param sig signature that is being validated
1644 * @param pub public key of the signer
1645 * @returns #GNUNET_OK if ok, #GNUNET_SYSERR if invalid
1648 GNUNET_CRYPTO_eddsa_verify (uint32_t purpose,
1649 const struct GNUNET_CRYPTO_EccSignaturePurpose *validate,
1650 const struct GNUNET_CRYPTO_EddsaSignature *sig,
1651 const struct GNUNET_CRYPTO_EddsaPublicKey *pub);
1657 * Verify ECDSA signature.
1659 * @param purpose what is the purpose that the signature should have?
1660 * @param validate block to validate (size, purpose, data)
1661 * @param sig signature that is being validated
1662 * @param pub public key of the signer
1663 * @returns #GNUNET_OK if ok, #GNUNET_SYSERR if invalid
1666 GNUNET_CRYPTO_ecdsa_verify (uint32_t purpose,
1667 const struct GNUNET_CRYPTO_EccSignaturePurpose *validate,
1668 const struct GNUNET_CRYPTO_EcdsaSignature *sig,
1669 const struct GNUNET_CRYPTO_EcdsaPublicKey *pub);
1674 * Derive a private key from a given private key and a label.
1675 * Essentially calculates a private key 'h = H(l,P) * d mod n'
1676 * where n is the size of the ECC group and P is the public
1677 * key associated with the private key 'd'.
1679 * @param priv original private key
1680 * @param label label to use for key deriviation
1681 * @param context additional context to use for HKDF of 'h';
1682 * typically the name of the subsystem/application
1683 * @return derived private key
1685 struct GNUNET_CRYPTO_EcdsaPrivateKey *
1686 GNUNET_CRYPTO_ecdsa_private_key_derive (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv,
1688 const char *context);
1693 * Derive a public key from a given public key and a label.
1694 * Essentially calculates a public key 'V = H(l,P) * P'.
1696 * @param pub original public key
1697 * @param label label to use for key deriviation
1698 * @param context additional context to use for HKDF of 'h'.
1699 * typically the name of the subsystem/application
1700 * @param result where to write the derived public key
1703 GNUNET_CRYPTO_ecdsa_public_key_derive (const struct GNUNET_CRYPTO_EcdsaPublicKey *pub,
1705 const char *context,
1706 struct GNUNET_CRYPTO_EcdsaPublicKey *result);
1710 * Output the given MPI value to the given buffer in network
1711 * byte order. The MPI @a val may not be negative.
1713 * @param buf where to output to
1714 * @param size number of bytes in @a buf
1715 * @param val value to write to @a buf
1718 GNUNET_CRYPTO_mpi_print_unsigned (void *buf,
1724 * Convert data buffer into MPI value.
1725 * The buffer is interpreted as network
1726 * byte order, unsigned integer.
1728 * @param result where to store MPI value (allocated)
1729 * @param data raw data (GCRYMPI_FMT_USG)
1730 * @param size number of bytes in @a data
1733 GNUNET_CRYPTO_mpi_scan_unsigned (gcry_mpi_t *result,
1739 * Create a freshly generated paillier public key.
1741 * @param[out] public_key Where to store the public key?
1742 * @param[out] private_key Where to store the private key?
1745 GNUNET_CRYPTO_paillier_create (struct GNUNET_CRYPTO_PaillierPublicKey *public_key,
1746 struct GNUNET_CRYPTO_PaillierPrivateKey *private_key);
1750 * Encrypt a plaintext with a paillier public key.
1752 * @param public_key Public key to use.
1753 * @param m Plaintext to encrypt.
1754 * @param desired_ops How many homomorphic ops the caller intends to use
1755 * @param[out] ciphertext Encrytion of @a plaintext with @a public_key.
1756 * @return guaranteed number of supported homomorphic operations >= 1,
1757 * or desired_ops, in case that is lower,
1758 * or -1 if less than one homomorphic operation is possible
1761 GNUNET_CRYPTO_paillier_encrypt (const struct GNUNET_CRYPTO_PaillierPublicKey *public_key,
1764 struct GNUNET_CRYPTO_PaillierCiphertext *ciphertext);
1768 * Decrypt a paillier ciphertext with a private key.
1770 * @param private_key Private key to use for decryption.
1771 * @param public_key Public key to use for decryption.
1772 * @param ciphertext Ciphertext to decrypt.
1773 * @param[out] m Decryption of @a ciphertext with @private_key.
1776 GNUNET_CRYPTO_paillier_decrypt (const struct GNUNET_CRYPTO_PaillierPrivateKey *private_key,
1777 const struct GNUNET_CRYPTO_PaillierPublicKey *public_key,
1778 const struct GNUNET_CRYPTO_PaillierCiphertext *ciphertext,
1783 * Compute a ciphertext that represents the sum of the plaintext in @a x1 and @a x2
1785 * Note that this operation can only be done a finite number of times
1786 * before an overflow occurs.
1788 * @param public_key Public key to use for encryption.
1789 * @param c1 Paillier cipher text.
1790 * @param c2 Paillier cipher text.
1791 * @param[out] result Result of the homomorphic operation.
1792 * @return #GNUNET_OK if the result could be computed,
1793 * #GNUNET_SYSERR if no more homomorphic operations are remaining.
1796 GNUNET_CRYPTO_paillier_hom_add (const struct GNUNET_CRYPTO_PaillierPublicKey *public_key,
1797 const struct GNUNET_CRYPTO_PaillierCiphertext *c1,
1798 const struct GNUNET_CRYPTO_PaillierCiphertext *c2,
1799 struct GNUNET_CRYPTO_PaillierCiphertext *result);
1803 * Get the number of remaining supported homomorphic operations.
1805 * @param c Paillier cipher text.
1806 * @return the number of remaining homomorphic operations
1809 GNUNET_CRYPTO_paillier_hom_get_remaining (const struct GNUNET_CRYPTO_PaillierCiphertext *c);
1812 /* ********* Chaum-style RSA-based blind signatures ******************* */
1818 * The private information of an RSA key pair.
1820 struct GNUNET_CRYPTO_RsaPrivateKey;
1823 * The public information of an RSA key pair.
1825 struct GNUNET_CRYPTO_RsaPublicKey;
1828 * Constant-size pre-secret for blinding key generation.
1830 struct GNUNET_CRYPTO_RsaBlindingKeySecret
1833 * Bits used to generate the blinding key. 256 bits
1834 * of entropy is enough.
1836 uint32_t pre_secret[8] GNUNET_PACKED;
1840 * @brief an RSA signature
1842 struct GNUNET_CRYPTO_RsaSignature;
1846 * Create a new private key. Caller must free return value.
1848 * @param len length of the key in bits (i.e. 2048)
1849 * @return fresh private key
1851 struct GNUNET_CRYPTO_RsaPrivateKey *
1852 GNUNET_CRYPTO_rsa_private_key_create (unsigned int len);
1856 * Free memory occupied by the private key.
1858 * @param key pointer to the memory to free
1861 GNUNET_CRYPTO_rsa_private_key_free (struct GNUNET_CRYPTO_RsaPrivateKey *key);
1865 * Encode the private key in a format suitable for
1866 * storing it into a file.
1868 * @param key the private key
1869 * @param[out] buffer set to a buffer with the encoded key
1870 * @return size of memory allocatedin @a buffer
1873 GNUNET_CRYPTO_rsa_private_key_encode (const struct GNUNET_CRYPTO_RsaPrivateKey *key,
1878 * Decode the private key from the data-format back
1879 * to the "normal", internal format.
1881 * @param buf the buffer where the private key data is stored
1882 * @param len the length of the data in @a buf
1883 * @return NULL on error
1885 struct GNUNET_CRYPTO_RsaPrivateKey *
1886 GNUNET_CRYPTO_rsa_private_key_decode (const char *buf,
1891 * Duplicate the given private key
1893 * @param key the private key to duplicate
1894 * @return the duplicate key; NULL upon error
1896 struct GNUNET_CRYPTO_RsaPrivateKey *
1897 GNUNET_CRYPTO_rsa_private_key_dup (const struct GNUNET_CRYPTO_RsaPrivateKey *key);
1901 * Extract the public key of the given private key.
1903 * @param priv the private key
1904 * @retur NULL on error, otherwise the public key
1906 struct GNUNET_CRYPTO_RsaPublicKey *
1907 GNUNET_CRYPTO_rsa_private_key_get_public (const struct GNUNET_CRYPTO_RsaPrivateKey *priv);
1911 * Compute hash over the public key.
1913 * @param key public key to hash
1914 * @param hc where to store the hash code
1917 GNUNET_CRYPTO_rsa_public_key_hash (const struct GNUNET_CRYPTO_RsaPublicKey *key,
1918 struct GNUNET_HashCode *hc);
1922 * Obtain the length of the RSA key in bits.
1924 * @param key the public key to introspect
1925 * @return length of the key in bits
1928 GNUNET_CRYPTO_rsa_public_key_len (const struct GNUNET_CRYPTO_RsaPublicKey *key);
1932 * Free memory occupied by the public key.
1934 * @param key pointer to the memory to free
1937 GNUNET_CRYPTO_rsa_public_key_free (struct GNUNET_CRYPTO_RsaPublicKey *key);
1941 * Encode the public key in a format suitable for
1942 * storing it into a file.
1944 * @param key the private key
1945 * @param[out] buffer set to a buffer with the encoded key
1946 * @return size of memory allocated in @a buffer
1949 GNUNET_CRYPTO_rsa_public_key_encode (const struct GNUNET_CRYPTO_RsaPublicKey *key,
1954 * Decode the public key from the data-format back
1955 * to the "normal", internal format.
1957 * @param buf the buffer where the public key data is stored
1958 * @param len the length of the data in @a buf
1959 * @return NULL on error
1961 struct GNUNET_CRYPTO_RsaPublicKey *
1962 GNUNET_CRYPTO_rsa_public_key_decode (const char *buf,
1967 * Duplicate the given public key
1969 * @param key the public key to duplicate
1970 * @return the duplicate key; NULL upon error
1972 struct GNUNET_CRYPTO_RsaPublicKey *
1973 GNUNET_CRYPTO_rsa_public_key_dup (const struct GNUNET_CRYPTO_RsaPublicKey *key);
1977 * Compare the values of two signatures.
1979 * @param s1 one signature
1980 * @param s2 the other signature
1981 * @return 0 if the two are equal
1984 GNUNET_CRYPTO_rsa_signature_cmp (struct GNUNET_CRYPTO_RsaSignature *s1,
1985 struct GNUNET_CRYPTO_RsaSignature *s2);
1988 * Compare the values of two private keys.
1990 * @param p1 one private key
1991 * @param p2 the other private key
1992 * @return 0 if the two are equal
1995 GNUNET_CRYPTO_rsa_private_key_cmp (struct GNUNET_CRYPTO_RsaPrivateKey *p1,
1996 struct GNUNET_CRYPTO_RsaPrivateKey *p2);
2000 * Compare the values of two public keys.
2002 * @param p1 one public key
2003 * @param p2 the other public key
2004 * @return 0 if the two are equal
2007 GNUNET_CRYPTO_rsa_public_key_cmp (struct GNUNET_CRYPTO_RsaPublicKey *p1,
2008 struct GNUNET_CRYPTO_RsaPublicKey *p2);
2012 * Blinds the given message with the given blinding key
2014 * @param hash hash of the message to sign
2015 * @param bkey the blinding key
2016 * @param pkey the public key of the signer
2017 * @param[out] buf set to a buffer with the blinded message to be signed
2018 * @param[out] buf_size number of bytes stored in @a buf
2019 * @return GNUNET_YES if successful, GNUNET_NO if RSA key is malicious
2022 GNUNET_CRYPTO_rsa_blind (const struct GNUNET_HashCode *hash,
2023 const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks,
2024 struct GNUNET_CRYPTO_RsaPublicKey *pkey,
2025 char **buf, size_t *buf_size);
2029 * Sign a blinded value, which must be a full domain hash of a message.
2031 * @param key private key to use for the signing
2032 * @param msg the (blinded) message to sign
2033 * @param msg_len number of bytes in @a msg to sign
2034 * @return NULL on error, signature on success
2036 struct GNUNET_CRYPTO_RsaSignature *
2037 GNUNET_CRYPTO_rsa_sign_blinded (const struct GNUNET_CRYPTO_RsaPrivateKey *key,
2038 const void *msg, size_t msg_len);
2042 * Create and sign a full domain hash of a message.
2044 * @param key private key to use for the signing
2045 * @param hash the hash of the message to sign
2046 * @return NULL on error, including a malicious RSA key, signature on success
2048 struct GNUNET_CRYPTO_RsaSignature *
2049 GNUNET_CRYPTO_rsa_sign_fdh (const struct GNUNET_CRYPTO_RsaPrivateKey *key,
2050 const struct GNUNET_HashCode *hash);
2054 * Free memory occupied by signature.
2056 * @param sig memory to free
2059 GNUNET_CRYPTO_rsa_signature_free (struct GNUNET_CRYPTO_RsaSignature *sig);
2063 * Encode the given signature in a format suitable for storing it into a file.
2065 * @param sig the signature
2066 * @param[out] buffer set to a buffer with the encoded key
2067 * @return size of memory allocated in @a buffer
2070 GNUNET_CRYPTO_rsa_signature_encode (const struct GNUNET_CRYPTO_RsaSignature *sig,
2075 * Decode the signature from the data-format back to the "normal", internal
2078 * @param buf the buffer where the public key data is stored
2079 * @param len the length of the data in @a buf
2080 * @return NULL on error
2082 struct GNUNET_CRYPTO_RsaSignature *
2083 GNUNET_CRYPTO_rsa_signature_decode (const char *buf,
2088 * Duplicate the given rsa signature
2090 * @param sig the signature to duplicate
2091 * @return the duplicate key; NULL upon error
2093 struct GNUNET_CRYPTO_RsaSignature *
2094 GNUNET_CRYPTO_rsa_signature_dup (const struct GNUNET_CRYPTO_RsaSignature *sig);
2098 * Unblind a blind-signed signature. The signature should have been generated
2099 * with #GNUNET_CRYPTO_rsa_sign() using a hash that was blinded with
2100 * #GNUNET_CRYPTO_rsa_blind().
2102 * @param sig the signature made on the blinded signature purpose
2103 * @param bks the blinding key secret used to blind the signature purpose
2104 * @param pkey the public key of the signer
2105 * @return unblinded signature on success, NULL if RSA key is bad or malicious.
2107 struct GNUNET_CRYPTO_RsaSignature *
2108 GNUNET_CRYPTO_rsa_unblind (struct GNUNET_CRYPTO_RsaSignature *sig,
2109 const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks,
2110 struct GNUNET_CRYPTO_RsaPublicKey *pkey);
2114 * Verify whether the given hash corresponds to the given signature and the
2115 * signature is valid with respect to the given public key.
2117 * @param hash the message to verify to match the @a sig
2118 * @param sig signature that is being validated
2119 * @param public_key public key of the signer
2120 * @returns #GNUNET_YES if ok, #GNUNET_NO if RSA key is malicious, #GNUNET_SYSERR if signature
2123 GNUNET_CRYPTO_rsa_verify (const struct GNUNET_HashCode *hash,
2124 const struct GNUNET_CRYPTO_RsaSignature *sig,
2125 const struct GNUNET_CRYPTO_RsaPublicKey *public_key);
2128 #if 0 /* keep Emacsens' auto-indent happy */
2136 /* ifndef GNUNET_CRYPTO_LIB_H */
2138 /* end of gnunet_crypto_lib.h */