2 This file is part of GNUnet.
3 Copyright (C) 2001-2013 Christian Grothoff (and other contributing authors)
5 GNUnet is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published
7 by the Free Software Foundation; either version 3, or (at your
8 option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with GNUnet; see the file COPYING. If not, write to the
17 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
18 Boston, MA 02110-1301, USA.
22 * @file include/gnunet_crypto_lib.h
23 * @brief cryptographic primitives for GNUnet
25 * @author Christian Grothoff
26 * @author Krista Bennett
27 * @author Gerd Knorr <kraxel@bytesex.org>
28 * @author Ioana Patrascu
29 * @author Tzvetan Horozov
31 * @defgroup crypto Cryptographic operations
32 * @defgroup hash Hashing and operations on hashes
35 #ifndef GNUNET_CRYPTO_LIB_H
36 #define GNUNET_CRYPTO_LIB_H
41 #if 0 /* keep Emacsens' auto-indent happy */
47 * @brief A 512-bit hashcode
49 struct GNUNET_HashCode;
52 * The identity of the host (wraps the signing key of the peer).
54 struct GNUNET_PeerIdentity;
56 #include "gnunet_common.h"
61 * @brief A 512-bit hashcode
63 struct GNUNET_HashCode
65 uint32_t bits[512 / 8 / sizeof (uint32_t)]; /* = 16 */
70 * Maximum length of an ECC signature.
71 * Note: round up to multiple of 8 minus 2 for alignment.
73 #define GNUNET_CRYPTO_ECC_SIGNATURE_DATA_ENCODING_LENGTH 126
77 * Desired quality level for random numbers.
80 enum GNUNET_CRYPTO_Quality
83 * No good quality of the operation is needed (i.e.,
84 * random numbers can be pseudo-random).
87 GNUNET_CRYPTO_QUALITY_WEAK,
90 * High-quality operations are desired.
93 GNUNET_CRYPTO_QUALITY_STRONG,
96 * Randomness for IVs etc. is required.
99 GNUNET_CRYPTO_QUALITY_NONCE
104 * @brief length of the sessionkey in bytes (256 BIT sessionkey)
106 #define GNUNET_CRYPTO_AES_KEY_LENGTH (256/8)
109 * Length of a hash value
111 #define GNUNET_CRYPTO_HASH_LENGTH (512/8)
114 * How many characters (without 0-terminator) are our ASCII-encoded
115 * public keys (ECDSA/EDDSA/ECDHE).
117 #define GNUNET_CRYPTO_PKEY_ASCII_LENGTH 52
120 * @brief 0-terminated ASCII encoding of a struct GNUNET_HashCode.
122 struct GNUNET_CRYPTO_HashAsciiEncoded
124 unsigned char encoding[104];
128 GNUNET_NETWORK_STRUCT_BEGIN
132 * @brief header of what an ECC signature signs
133 * this must be followed by "size - 8" bytes of
134 * the actual signed data
136 struct GNUNET_CRYPTO_EccSignaturePurpose
139 * How many bytes does this signature sign?
140 * (including this purpose header); in network
143 uint32_t size GNUNET_PACKED;
146 * What does this signature vouch for? This
147 * must contain a GNUNET_SIGNATURE_PURPOSE_XXX
148 * constant (from gnunet_signatures.h). In
149 * network byte order!
151 uint32_t purpose GNUNET_PACKED;
157 * @brief an ECC signature using EdDSA.
158 * See https://gnunet.org/ed25519
160 struct GNUNET_CRYPTO_EddsaSignature
166 unsigned char r[256 / 8];
171 unsigned char s[256 / 8];
178 * @brief an ECC signature using ECDSA
180 struct GNUNET_CRYPTO_EcdsaSignature
186 unsigned char r[256 / 8];
191 unsigned char s[256 / 8];
197 * Public ECC key (always for Curve25519) encoded in a format suitable
198 * for network transmission and EdDSA signatures.
200 struct GNUNET_CRYPTO_EddsaPublicKey
203 * Q consists of an x- and a y-value, each mod p (256 bits), given
204 * here in affine coordinates and Ed25519 standard compact format.
206 unsigned char q_y[256 / 8];
212 * Public ECC key (always for Curve25519) encoded in a format suitable
213 * for network transmission and ECDSA signatures.
215 struct GNUNET_CRYPTO_EcdsaPublicKey
218 * Q consists of an x- and a y-value, each mod p (256 bits), given
219 * here in affine coordinates and Ed25519 standard compact format.
221 unsigned char q_y[256 / 8];
227 * The identity of the host (wraps the signing key of the peer).
229 struct GNUNET_PeerIdentity
231 struct GNUNET_CRYPTO_EddsaPublicKey public_key;
236 * Public ECC key (always for Curve25519) encoded in a format suitable
237 * for network transmission and encryption (ECDH),
238 * See http://cr.yp.to/ecdh.html
240 struct GNUNET_CRYPTO_EcdhePublicKey
243 * Q consists of an x- and a y-value, each mod p (256 bits), given
244 * here in affine coordinates and Ed25519 standard compact format.
246 unsigned char q_y[256 / 8];
251 * Private ECC key encoded for transmission. To be used only for ECDH
252 * key exchange (ECDHE to be precise).
254 struct GNUNET_CRYPTO_EcdhePrivateKey
257 * d is a value mod n, where n has at most 256 bits.
259 unsigned char d[256 / 8];
264 * Private ECC key encoded for transmission. To be used only for ECDSA
267 struct GNUNET_CRYPTO_EcdsaPrivateKey
270 * d is a value mod n, where n has at most 256 bits.
272 unsigned char d[256 / 8];
277 * Private ECC key encoded for transmission. To be used only for EdDSA
280 struct GNUNET_CRYPTO_EddsaPrivateKey
283 * d is a value mod n, where n has at most 256 bits.
285 unsigned char d[256 / 8];
291 * @brief type for session keys
293 struct GNUNET_CRYPTO_SymmetricSessionKey
296 * Actual key for AES.
298 unsigned char aes_key[GNUNET_CRYPTO_AES_KEY_LENGTH];
301 * Actual key for TwoFish.
303 unsigned char twofish_key[GNUNET_CRYPTO_AES_KEY_LENGTH];
307 GNUNET_NETWORK_STRUCT_END
310 * @brief IV for sym cipher
312 * NOTE: must be smaller (!) in size than the
313 * `struct GNUNET_HashCode`.
315 struct GNUNET_CRYPTO_SymmetricInitializationVector
317 unsigned char aes_iv[GNUNET_CRYPTO_AES_KEY_LENGTH / 2];
319 unsigned char twofish_iv[GNUNET_CRYPTO_AES_KEY_LENGTH / 2];
324 * @brief type for (message) authentication keys
326 struct GNUNET_CRYPTO_AuthKey
328 unsigned char key[GNUNET_CRYPTO_HASH_LENGTH];
333 * Size of paillier plain texts and public keys.
334 * Private keys and ciphertexts are twice this size.
336 #define GNUNET_CRYPTO_PAILLIER_BITS 2048
340 * Paillier public key.
342 struct GNUNET_CRYPTO_PaillierPublicKey
347 unsigned char n[GNUNET_CRYPTO_PAILLIER_BITS / 8];
352 * Paillier public key.
354 struct GNUNET_CRYPTO_PaillierPrivateKey
357 * Lambda-component of the private key.
359 unsigned char lambda[GNUNET_CRYPTO_PAILLIER_BITS / 8];
361 * Mu-component of the private key.
363 unsigned char mu[GNUNET_CRYPTO_PAILLIER_BITS / 8];
368 * Paillier ciphertext.
370 struct GNUNET_CRYPTO_PaillierCiphertext
373 * Guaranteed minimum number of homomorphic operations with this ciphertext,
374 * in network byte order (NBO).
376 int32_t remaining_ops GNUNET_PACKED;
379 * The bits of the ciphertext.
381 unsigned char bits[GNUNET_CRYPTO_PAILLIER_BITS * 2 / 8];
385 /* **************** Functions and Macros ************* */
389 * Seed a weak random generator. Only #GNUNET_CRYPTO_QUALITY_WEAK-mode generator
392 * @param seed the seed to use
395 GNUNET_CRYPTO_seed_weak_random (int32_t seed);
399 * Perform an incremental step in a CRC16 (for TCP/IP) calculation.
401 * @param sum current sum, initially 0
402 * @param buf buffer to calculate CRC over (must be 16-bit aligned)
403 * @param len number of bytes in @a buf, must be multiple of 2
404 * @return updated crc sum (must be subjected to #GNUNET_CRYPTO_crc16_finish to get actual crc16)
407 GNUNET_CRYPTO_crc16_step (uint32_t sum,
413 * Convert results from GNUNET_CRYPTO_crc16_step to final crc16.
415 * @param sum cummulative sum
416 * @return crc16 value
419 GNUNET_CRYPTO_crc16_finish (uint32_t sum);
424 * Calculate the checksum of a buffer in one step.
426 * @param buf buffer to calculate CRC over (must be 16-bit aligned)
427 * @param len number of bytes in @a buf, must be multiple of 2
428 * @return crc16 value
431 GNUNET_CRYPTO_crc16_n (const void *buf,
437 * Compute the CRC32 checksum for the first len
438 * bytes of the buffer.
440 * @param buf the data over which we're taking the CRC
441 * @param len the length of the buffer @a buf in bytes
442 * @return the resulting CRC32 checksum
445 GNUNET_CRYPTO_crc32_n (const void *buf,
451 * Fill block with a random values.
453 * @param mode desired quality of the random number
454 * @param buffer the buffer to fill
455 * @param length buffer length
458 GNUNET_CRYPTO_random_block (enum GNUNET_CRYPTO_Quality mode,
464 * Produce a random value.
466 * @param mode desired quality of the random number
467 * @param i the upper limit (exclusive) for the random number
468 * @return a random value in the interval [0,@a i) (exclusive).
471 GNUNET_CRYPTO_random_u32 (enum GNUNET_CRYPTO_Quality mode,
477 * Random on unsigned 64-bit values.
479 * @param mode desired quality of the random number
480 * @param max value returned will be in range [0,@a max) (exclusive)
481 * @return random 64-bit number
484 GNUNET_CRYPTO_random_u64 (enum GNUNET_CRYPTO_Quality mode,
490 * Get an array with a random permutation of the
492 * @param mode #GNUNET_CRYPTO_QUALITY_STRONG if the strong (but expensive) PRNG should be used,
493 * #GNUNET_CRYPTO_QUALITY_WEAK or #GNUNET_CRYPTO_QUALITY_NONCE otherwise
494 * @param n the size of the array
495 * @return the permutation array (allocated from heap)
498 GNUNET_CRYPTO_random_permute (enum GNUNET_CRYPTO_Quality mode,
504 * Create a new random session key.
506 * @param key key to initialize
509 GNUNET_CRYPTO_symmetric_create_session_key (struct GNUNET_CRYPTO_SymmetricSessionKey *key);
514 * Encrypt a block using a symmetric sessionkey.
516 * @param block the block to encrypt
517 * @param size the size of the @a block
518 * @param sessionkey the key used to encrypt
519 * @param iv the initialization vector to use, use INITVALUE
521 * @return the size of the encrypted block, -1 for errors
524 GNUNET_CRYPTO_symmetric_encrypt (const void *block,
526 const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey,
527 const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv,
533 * Decrypt a given block using a symmetric sessionkey.
535 * @param block the data to decrypt, encoded as returned by encrypt
536 * @param size how big is the block?
537 * @param sessionkey the key used to decrypt
538 * @param iv the initialization vector to use
539 * @param result address to store the result at
540 * @return -1 on failure, size of decrypted block on success
543 GNUNET_CRYPTO_symmetric_decrypt (const void *block,
545 const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey,
546 const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv,
552 * @brief Derive an IV
553 * @param iv initialization vector
554 * @param skey session key
555 * @param salt salt for the derivation
556 * @param salt_len size of the @a salt
557 * @param ... pairs of void * & size_t for context chunks, terminated by NULL
560 GNUNET_CRYPTO_symmetric_derive_iv (struct GNUNET_CRYPTO_SymmetricInitializationVector *iv,
561 const struct GNUNET_CRYPTO_SymmetricSessionKey *skey,
563 size_t salt_len, ...);
567 * @brief Derive an IV
568 * @param iv initialization vector
569 * @param skey session key
570 * @param salt salt for the derivation
571 * @param salt_len size of the @a salt
572 * @param argp pairs of void * & size_t for context chunks, terminated by NULL
575 GNUNET_CRYPTO_symmetric_derive_iv_v (struct GNUNET_CRYPTO_SymmetricInitializationVector *iv,
576 const struct GNUNET_CRYPTO_SymmetricSessionKey *skey,
584 * Convert hash to ASCII encoding.
585 * @param block the hash code
586 * @param result where to store the encoding (struct GNUNET_CRYPTO_HashAsciiEncoded can be
587 * safely cast to char*, a '\\0' termination is set).
590 GNUNET_CRYPTO_hash_to_enc (const struct GNUNET_HashCode *block,
591 struct GNUNET_CRYPTO_HashAsciiEncoded *result);
596 * Convert ASCII encoding back to a 'struct GNUNET_HashCode'
598 * @param enc the encoding
599 * @param enclen number of characters in @a enc (without 0-terminator, which can be missing)
600 * @param result where to store the hash code
601 * @return #GNUNET_OK on success, #GNUNET_SYSERR if result has the wrong encoding
604 GNUNET_CRYPTO_hash_from_string2 (const char *enc,
606 struct GNUNET_HashCode *result);
611 * Convert ASCII encoding back to `struct GNUNET_HashCode`
613 * @param enc the encoding
614 * @param result where to store the hash code
615 * @return #GNUNET_OK on success, #GNUNET_SYSERR if result has the wrong encoding
617 #define GNUNET_CRYPTO_hash_from_string(enc, result) \
618 GNUNET_CRYPTO_hash_from_string2 (enc, strlen(enc), result)
624 * Compute the distance between 2 hashcodes. The
625 * computation must be fast, not involve @a a[0] or @a a[4] (they're used
626 * elsewhere), and be somewhat consistent. And of course, the result
627 * should be a positive number.
629 * @param a some hash code
630 * @param b some hash code
631 * @return number between 0 and UINT32_MAX
634 GNUNET_CRYPTO_hash_distance_u32 (const struct GNUNET_HashCode *a,
635 const struct GNUNET_HashCode *b);
640 * Compute hash of a given block.
642 * @param block the data to hash
643 * @param size size of the @a block
644 * @param ret pointer to where to write the hashcode
647 GNUNET_CRYPTO_hash (const void *block,
649 struct GNUNET_HashCode *ret);
653 * Context for cummulative hashing.
655 struct GNUNET_HashContext;
659 * Start incremental hashing operation.
661 * @return context for incremental hash computation
663 struct GNUNET_HashContext *
664 GNUNET_CRYPTO_hash_context_start (void);
668 * Add data to be hashed.
670 * @param hc cummulative hash context
671 * @param buf data to add
672 * @param size number of bytes in @a buf
675 GNUNET_CRYPTO_hash_context_read (struct GNUNET_HashContext *hc,
681 * Finish the hash computation.
683 * @param hc hash context to use, is freed in the process
684 * @param r_hash where to write the latest / final hash code
687 GNUNET_CRYPTO_hash_context_finish (struct GNUNET_HashContext *hc,
688 struct GNUNET_HashCode *r_hash);
692 * Abort hashing, do not bother calculating final result.
694 * @param hc hash context to destroy
697 GNUNET_CRYPTO_hash_context_abort (struct GNUNET_HashContext *hc);
702 * Calculate HMAC of a message (RFC 2104)
704 * @param key secret key
705 * @param plaintext input plaintext
706 * @param plaintext_len length of @a plaintext
707 * @param hmac where to store the hmac
710 GNUNET_CRYPTO_hmac (const struct GNUNET_CRYPTO_AuthKey *key,
711 const void *plaintext,
712 size_t plaintext_len,
713 struct GNUNET_HashCode *hmac);
717 * Function called once the hash computation over the
718 * specified file has completed.
721 * @param res resulting hash, NULL on error
724 (*GNUNET_CRYPTO_HashCompletedCallback) (void *cls,
725 const struct GNUNET_HashCode *res);
729 * Handle to file hashing operation.
731 struct GNUNET_CRYPTO_FileHashContext;
736 * Compute the hash of an entire file.
738 * @param priority scheduling priority to use
739 * @param filename name of file to hash
740 * @param blocksize number of bytes to process in one task
741 * @param callback function to call upon completion
742 * @param callback_cls closure for @a callback
743 * @return NULL on (immediate) errror
745 struct GNUNET_CRYPTO_FileHashContext *
746 GNUNET_CRYPTO_hash_file (enum GNUNET_SCHEDULER_Priority priority,
747 const char *filename,
749 GNUNET_CRYPTO_HashCompletedCallback callback,
754 * Cancel a file hashing operation.
756 * @param fhc operation to cancel (callback must not yet have been invoked)
759 GNUNET_CRYPTO_hash_file_cancel (struct GNUNET_CRYPTO_FileHashContext *fhc);
764 * Create a random hash code.
766 * @param mode desired quality level
767 * @param result hash code that is randomized
770 GNUNET_CRYPTO_hash_create_random (enum GNUNET_CRYPTO_Quality mode,
771 struct GNUNET_HashCode *result);
776 * compute @a result = @a b - @a a
778 * @param a some hash code
779 * @param b some hash code
780 * @param result set to @a b - @a a
783 GNUNET_CRYPTO_hash_difference (const struct GNUNET_HashCode *a,
784 const struct GNUNET_HashCode *b,
785 struct GNUNET_HashCode *result);
790 * compute @a result = @a a + @a delta
792 * @param a some hash code
793 * @param delta some hash code
794 * @param result set to @a a + @a delta
797 GNUNET_CRYPTO_hash_sum (const struct GNUNET_HashCode *a,
798 const struct GNUNET_HashCode *delta,
799 struct GNUNET_HashCode *result);
804 * compute result = a ^ b
806 * @param a some hash code
807 * @param b some hash code
808 * @param result set to @a a ^ @a b
811 GNUNET_CRYPTO_hash_xor (const struct GNUNET_HashCode *a,
812 const struct GNUNET_HashCode *b,
813 struct GNUNET_HashCode *result);
818 * Convert a hashcode into a key.
820 * @param hc hash code that serves to generate the key
821 * @param skey set to a valid session key
822 * @param iv set to a valid initialization vector
825 GNUNET_CRYPTO_hash_to_aes_key (const struct GNUNET_HashCode * hc,
826 struct GNUNET_CRYPTO_SymmetricSessionKey *skey,
827 struct GNUNET_CRYPTO_SymmetricInitializationVector *iv);
832 * Obtain a bit from a hashcode.
834 * @param code the `struct GNUNET_HashCode` to index bit-wise
835 * @param bit index into the hashcode, [0...159]
836 * @return Bit \a bit from hashcode \a code, -1 for invalid index
839 GNUNET_CRYPTO_hash_get_bit (const struct GNUNET_HashCode *code,
845 * Determine how many low order bits match in two
846 * `struct GNUNET_HashCodes`. i.e. - 010011 and 011111 share
847 * the first two lowest order bits, and therefore the
848 * return value is two (NOT XOR distance, nor how many
849 * bits match absolutely!).
851 * @param first the first hashcode
852 * @param second the hashcode to compare first to
853 * @return the number of bits that match
856 GNUNET_CRYPTO_hash_matching_bits (const struct GNUNET_HashCode *first,
857 const struct GNUNET_HashCode *second);
862 * Compare function for HashCodes, producing a total ordering
865 * @param h1 some hash code
866 * @param h2 some hash code
867 * @return 1 if @a h1 > @a h2, -1 if @a h1 < @a h2 and 0 if @a h1 == @a h2.
870 GNUNET_CRYPTO_hash_cmp (const struct GNUNET_HashCode *h1,
871 const struct GNUNET_HashCode *h2);
876 * Find out which of the two GNUNET_CRYPTO_hash codes is closer to target
877 * in the XOR metric (Kademlia).
879 * @param h1 some hash code
880 * @param h2 some hash code
881 * @param target some hash code
882 * @return -1 if @a h1 is closer, 1 if @a h2 is closer and 0 if @a h1== @a h2.
885 GNUNET_CRYPTO_hash_xorcmp (const struct GNUNET_HashCode *h1,
886 const struct GNUNET_HashCode *h2,
887 const struct GNUNET_HashCode *target);
892 * @brief Derive an authentication key
893 * @param key authentication key
894 * @param rkey root key
896 * @param salt_len size of the salt
897 * @param argp pair of void * & size_t for context chunks, terminated by NULL
900 GNUNET_CRYPTO_hmac_derive_key_v (struct GNUNET_CRYPTO_AuthKey *key,
901 const struct GNUNET_CRYPTO_SymmetricSessionKey *rkey,
902 const void *salt, size_t salt_len,
908 * @brief Derive an authentication key
909 * @param key authentication key
910 * @param rkey root key
912 * @param salt_len size of the salt
913 * @param ... pair of void * & size_t for context chunks, terminated by NULL
916 GNUNET_CRYPTO_hmac_derive_key (struct GNUNET_CRYPTO_AuthKey *key,
917 const struct GNUNET_CRYPTO_SymmetricSessionKey *rkey,
918 const void *salt, size_t salt_len,
925 * @param result buffer for the derived key, allocated by caller
926 * @param out_len desired length of the derived key
927 * @param xtr_algo hash algorithm for the extraction phase, GCRY_MD_...
928 * @param prf_algo hash algorithm for the expansion phase, GCRY_MD_...
930 * @param xts_len length of @a xts
931 * @param skm source key material
932 * @param skm_len length of @a skm
933 * @param ... pair of void * & size_t for context chunks, terminated by NULL
934 * @return #GNUNET_YES on success
937 GNUNET_CRYPTO_hkdf (void *result,
951 * @param result buffer for the derived key, allocated by caller
952 * @param out_len desired length of the derived key
953 * @param xtr_algo hash algorithm for the extraction phase, GCRY_MD_...
954 * @param prf_algo hash algorithm for the expansion phase, GCRY_MD_...
956 * @param xts_len length of @a xts
957 * @param skm source key material
958 * @param skm_len length of @a skm
959 * @param argp va_list of void * & size_t pairs for context chunks
960 * @return #GNUNET_YES on success
963 GNUNET_CRYPTO_hkdf_v (void *result,
976 * @param result buffer for the derived key, allocated by caller
977 * @param out_len desired length of the derived key
979 * @param xts_len length of @a xts
980 * @param skm source key material
981 * @param skm_len length of @a skm
982 * @param argp va_list of void * & size_t pairs for context chunks
983 * @return #GNUNET_YES on success
986 GNUNET_CRYPTO_kdf_v (void *result,
998 * @param result buffer for the derived key, allocated by caller
999 * @param out_len desired length of the derived key
1001 * @param xts_len length of @a xts
1002 * @param skm source key material
1003 * @param skm_len length of @a skm
1004 * @param ... void * & size_t pairs for context chunks
1005 * @return #GNUNET_YES on success
1008 GNUNET_CRYPTO_kdf (void *result,
1019 * Extract the public key for the given private key.
1021 * @param priv the private key
1022 * @param pub where to write the public key
1025 GNUNET_CRYPTO_ecdsa_key_get_public (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv,
1026 struct GNUNET_CRYPTO_EcdsaPublicKey *pub);
1030 * Extract the public key for the given private key.
1032 * @param priv the private key
1033 * @param pub where to write the public key
1036 GNUNET_CRYPTO_eddsa_key_get_public (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv,
1037 struct GNUNET_CRYPTO_EddsaPublicKey *pub);
1043 * Extract the public key for the given private key.
1045 * @param priv the private key
1046 * @param pub where to write the public key
1049 GNUNET_CRYPTO_ecdhe_key_get_public (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv,
1050 struct GNUNET_CRYPTO_EcdhePublicKey *pub);
1054 * Convert a public key to a string.
1056 * @param pub key to convert
1057 * @return string representing @a pub
1060 GNUNET_CRYPTO_ecdsa_public_key_to_string (const struct GNUNET_CRYPTO_EcdsaPublicKey *pub);
1064 * Convert a public key to a string.
1066 * @param pub key to convert
1067 * @return string representing @a pub
1070 GNUNET_CRYPTO_eddsa_public_key_to_string (const struct GNUNET_CRYPTO_EddsaPublicKey *pub);
1074 * Convert a string representing a public key to a public key.
1076 * @param enc encoded public key
1077 * @param enclen number of bytes in @a enc (without 0-terminator)
1078 * @param pub where to store the public key
1079 * @return #GNUNET_OK on success
1082 GNUNET_CRYPTO_ecdsa_public_key_from_string (const char *enc,
1084 struct GNUNET_CRYPTO_EcdsaPublicKey *pub);
1088 * Convert a string representing a private key to a private key.
1090 * @param enc encoded public key
1091 * @param enclen number of bytes in @a enc (without 0-terminator)
1092 * @param priv where to store the private key
1093 * @return #GNUNET_OK on success
1096 GNUNET_CRYPTO_eddsa_private_key_from_string (const char *enc,
1098 struct GNUNET_CRYPTO_EddsaPrivateKey *pub);
1102 * Convert a string representing a public key to a public key.
1104 * @param enc encoded public key
1105 * @param enclen number of bytes in @a enc (without 0-terminator)
1106 * @param pub where to store the public key
1107 * @return #GNUNET_OK on success
1110 GNUNET_CRYPTO_eddsa_public_key_from_string (const char *enc,
1112 struct GNUNET_CRYPTO_EddsaPublicKey *pub);
1117 * Create a new private key by reading it from a file. If the
1118 * files does not exist, create a new key and write it to the
1119 * file. Caller must free return value. Note that this function
1120 * can not guarantee that another process might not be trying
1121 * the same operation on the same file at the same time.
1122 * If the contents of the file
1123 * are invalid the old file is deleted and a fresh key is
1126 * @param filename name of file to use to store the key
1127 * @return new private key, NULL on error (for example,
1128 * permission denied); free using #GNUNET_free
1130 struct GNUNET_CRYPTO_EcdsaPrivateKey *
1131 GNUNET_CRYPTO_ecdsa_key_create_from_file (const char *filename);
1136 * Create a new private key by reading it from a file. If the
1137 * files does not exist, create a new key and write it to the
1138 * file. Caller must free return value. Note that this function
1139 * can not guarantee that another process might not be trying
1140 * the same operation on the same file at the same time.
1141 * If the contents of the file
1142 * are invalid the old file is deleted and a fresh key is
1145 * @param filename name of file to use to store the key
1146 * @return new private key, NULL on error (for example,
1147 * permission denied); free using #GNUNET_free
1149 struct GNUNET_CRYPTO_EddsaPrivateKey *
1150 GNUNET_CRYPTO_eddsa_key_create_from_file (const char *filename);
1154 * Forward declaration to simplify #include-structure.
1156 struct GNUNET_CONFIGURATION_Handle;
1161 * Create a new private key by reading our peer's key from
1162 * the file specified in the configuration.
1164 * @param cfg the configuration to use
1165 * @return new private key, NULL on error (for example,
1166 * permission denied); free using #GNUNET_free
1168 struct GNUNET_CRYPTO_EddsaPrivateKey *
1169 GNUNET_CRYPTO_eddsa_key_create_from_configuration (const struct GNUNET_CONFIGURATION_Handle *cfg);
1174 * Create a new private key. Caller must free return value.
1176 * @return fresh private key; free using #GNUNET_free
1178 struct GNUNET_CRYPTO_EcdsaPrivateKey *
1179 GNUNET_CRYPTO_ecdsa_key_create (void);
1184 * Create a new private key. Caller must free return value.
1186 * @return fresh private key; free using #GNUNET_free
1188 struct GNUNET_CRYPTO_EddsaPrivateKey *
1189 GNUNET_CRYPTO_eddsa_key_create (void);
1194 * Create a new private key. Caller must free return value.
1196 * @return fresh private key; free using #GNUNET_free
1198 struct GNUNET_CRYPTO_EcdhePrivateKey *
1199 GNUNET_CRYPTO_ecdhe_key_create (void);
1204 * Clear memory that was used to store a private key.
1206 * @param pk location of the key
1209 GNUNET_CRYPTO_eddsa_key_clear (struct GNUNET_CRYPTO_EddsaPrivateKey *pk);
1214 * Clear memory that was used to store a private key.
1216 * @param pk location of the key
1219 GNUNET_CRYPTO_ecdsa_key_clear (struct GNUNET_CRYPTO_EcdsaPrivateKey *pk);
1224 * Clear memory that was used to store a private key.
1226 * @param pk location of the key
1229 GNUNET_CRYPTO_ecdhe_key_clear (struct GNUNET_CRYPTO_EcdhePrivateKey *pk);
1234 * Get the shared private key we use for anonymous users.
1236 * @return "anonymous" private key; do not free
1238 const struct GNUNET_CRYPTO_EcdsaPrivateKey *
1239 GNUNET_CRYPTO_ecdsa_key_get_anonymous (void);
1244 * Setup a hostkey file for a peer given the name of the
1245 * configuration file (!). This function is used so that
1246 * at a later point code can be certain that reading a
1247 * hostkey is fast (for example in time-dependent testcases).
1249 * @param cfg_name name of the configuration file to use
1252 GNUNET_CRYPTO_eddsa_setup_hostkey (const char *cfg_name);
1257 * Retrieve the identity of the host's peer.
1259 * @param cfg configuration to use
1260 * @param dst pointer to where to write the peer identity
1261 * @return #GNUNET_OK on success, #GNUNET_SYSERR if the identity
1262 * could not be retrieved
1265 GNUNET_CRYPTO_get_peer_identity (const struct GNUNET_CONFIGURATION_Handle *cfg,
1266 struct GNUNET_PeerIdentity *dst);
1270 * Compare two Peer Identities.
1272 * @param first first peer identity
1273 * @param second second peer identity
1274 * @return bigger than 0 if first > second,
1275 * 0 if they are the same
1276 * smaller than 0 if second > first
1279 GNUNET_CRYPTO_cmp_peer_identity (const struct GNUNET_PeerIdentity *first,
1280 const struct GNUNET_PeerIdentity *second);
1284 * Internal structure used to cache pre-calculated values for DLOG calculation.
1286 struct GNUNET_CRYPTO_EccDlogContext;
1290 * Point on a curve (always for Curve25519) encoded in a format suitable
1291 * for network transmission (ECDH), see http://cr.yp.to/ecdh.html.
1293 struct GNUNET_CRYPTO_EccPoint
1296 * Q consists of an x- and a y-value, each mod p (256 bits), given
1297 * here in affine coordinates and Ed25519 standard compact format.
1299 unsigned char q_y[256 / 8];
1304 * Do pre-calculation for ECC discrete logarithm for small factors.
1306 * @param max maximum value the factor can be
1307 * @param mem memory to use (should be smaller than @a max), must not be zero.
1308 * @return @a max if dlog failed, otherwise the factor
1310 struct GNUNET_CRYPTO_EccDlogContext *
1311 GNUNET_CRYPTO_ecc_dlog_prepare (unsigned int max,
1316 * Calculate ECC discrete logarithm for small factors.
1317 * Opposite of #GNUNET_CRYPTO_ecc_dexp().
1319 * @param dlc precalculated values, determine range of factors
1320 * @param input point on the curve to factor
1321 * @return `dlc->max` if dlog failed, otherwise the factor
1324 GNUNET_CRYPTO_ecc_dlog (struct GNUNET_CRYPTO_EccDlogContext *edc,
1325 gcry_mpi_point_t input);
1329 * Multiply the generator g of the elliptic curve by @a val
1330 * to obtain the point on the curve representing @a val.
1331 * Afterwards, point addition will correspond to integer
1332 * addition. #GNUNET_CRYPTO_ecc_dlog() can be used to
1333 * convert a point back to an integer (as long as the
1334 * integer is smaller than the MAX of the @a edc context).
1336 * @param edc calculation context for ECC operations
1337 * @param val value to encode into a point
1338 * @return representation of the value as an ECC point,
1339 * must be freed using #GNUNET_CRYPTO_ecc_free()
1342 GNUNET_CRYPTO_ecc_dexp (struct GNUNET_CRYPTO_EccDlogContext *edc,
1347 * Multiply the generator g of the elliptic curve by @a val
1348 * to obtain the point on the curve representing @a val.
1350 * @param edc calculation context for ECC operations
1351 * @param val (positive) value to encode into a point
1352 * @return representation of the value as an ECC point,
1353 * must be freed using #GNUNET_CRYPTO_ecc_free()
1356 GNUNET_CRYPTO_ecc_dexp_mpi (struct GNUNET_CRYPTO_EccDlogContext *edc,
1361 * Multiply the point @a p on the elliptic curve by @a val.
1363 * @param edc calculation context for ECC operations
1364 * @param p point to multiply
1365 * @param val (positive) value to encode into a point
1366 * @return representation of the value as an ECC point,
1367 * must be freed using #GNUNET_CRYPTO_ecc_free()
1370 GNUNET_CRYPTO_ecc_pmul_mpi (struct GNUNET_CRYPTO_EccDlogContext *edc,
1376 * Convert point value to binary representation.
1378 * @param edc calculation context for ECC operations
1379 * @param point computational point representation
1380 * @param[out] bin binary point representation
1383 GNUNET_CRYPTO_ecc_point_to_bin (struct GNUNET_CRYPTO_EccDlogContext *edc,
1384 gcry_mpi_point_t point,
1385 struct GNUNET_CRYPTO_EccPoint *bin);
1389 * Convert binary representation of a point to computational representation.
1391 * @param edc calculation context for ECC operations
1392 * @param bin binary point representation
1393 * @return computational representation
1396 GNUNET_CRYPTO_ecc_bin_to_point (struct GNUNET_CRYPTO_EccDlogContext *edc,
1397 const struct GNUNET_CRYPTO_EccPoint *bin);
1401 * Add two points on the elliptic curve.
1403 * @param edc calculation context for ECC operations
1404 * @param a some value
1405 * @param b some value
1406 * @return @a a + @a b, must be freed using #GNUNET_CRYPTO_ecc_free()
1409 GNUNET_CRYPTO_ecc_add (struct GNUNET_CRYPTO_EccDlogContext *edc,
1411 gcry_mpi_point_t b);
1415 * Obtain a random point on the curve and its
1416 * additive inverse. Both returned values
1417 * must be freed using #GNUNET_CRYPTO_ecc_free().
1419 * @param edc calculation context for ECC operations
1420 * @param[out] r set to a random point on the curve
1421 * @param[out] r_inv set to the additive inverse of @a r
1424 GNUNET_CRYPTO_ecc_rnd (struct GNUNET_CRYPTO_EccDlogContext *edc,
1425 gcry_mpi_point_t *r,
1426 gcry_mpi_point_t *r_inv);
1430 * Obtain a random scalar for point multiplication on the curve and
1431 * its multiplicative inverse.
1433 * @param edc calculation context for ECC operations
1434 * @param[out] r set to a random scalar on the curve
1435 * @param[out] r_inv set to the multiplicative inverse of @a r
1438 GNUNET_CRYPTO_ecc_rnd_mpi (struct GNUNET_CRYPTO_EccDlogContext *edc,
1444 * Generate a random value mod n.
1446 * @param edc ECC context
1447 * @return random value mod n.
1450 GNUNET_CRYPTO_ecc_random_mod_n (struct GNUNET_CRYPTO_EccDlogContext *edc);
1454 * Free a point value returned by the API.
1456 * @param p point to free
1459 GNUNET_CRYPTO_ecc_free (gcry_mpi_point_t p);
1463 * Release precalculated values.
1465 * @param dlc dlog context
1468 GNUNET_CRYPTO_ecc_dlog_release (struct GNUNET_CRYPTO_EccDlogContext *dlc);
1473 * Derive key material from a public and a private ECC key.
1475 * @param priv private key to use for the ECDH (x)
1476 * @param pub public key to use for the ECDH (yG)
1477 * @param key_material where to write the key material (xyG)
1478 * @return #GNUNET_SYSERR on error, #GNUNET_OK on success
1481 GNUNET_CRYPTO_ecc_ecdh (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv,
1482 const struct GNUNET_CRYPTO_EcdhePublicKey *pub,
1483 struct GNUNET_HashCode *key_material);
1488 * Derive key material from a ECDH public key and a private EdDSA key.
1489 * Dual to #GNUNET_CRRYPTO_ecdh_eddsa.
1491 * @param priv private key from EdDSA to use for the ECDH (x)
1492 * @param pub public key to use for the ECDH (yG)
1493 * @param key_material where to write the key material H(h(x)yG)
1494 * @return #GNUNET_SYSERR on error, #GNUNET_OK on success
1497 GNUNET_CRYPTO_eddsa_ecdh (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv,
1498 const struct GNUNET_CRYPTO_EcdhePublicKey *pub,
1499 struct GNUNET_HashCode *key_material);
1504 * Derive key material from a EdDSA public key and a private ECDH key.
1505 * Dual to #GNUNET_CRRYPTO_eddsa_ecdh.
1507 * @param priv private key to use for the ECDH (y)
1508 * @param pub public key from EdDSA to use for the ECDH (X=h(x)G)
1509 * @param key_material where to write the key material H(yX)=H(h(x)yG)
1510 * @return #GNUNET_SYSERR on error, #GNUNET_OK on success
1513 GNUNET_CRYPTO_ecdh_eddsa (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv,
1514 const struct GNUNET_CRYPTO_EddsaPublicKey *pub,
1515 struct GNUNET_HashCode *key_material);
1520 * EdDSA sign a given block.
1522 * @param priv private key to use for the signing
1523 * @param purpose what to sign (size, purpose)
1524 * @param sig where to write the signature
1525 * @return #GNUNET_SYSERR on error, #GNUNET_OK on success
1528 GNUNET_CRYPTO_eddsa_sign (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv,
1529 const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose,
1530 struct GNUNET_CRYPTO_EddsaSignature *sig);
1535 * ECDSA Sign a given block.
1537 * @param priv private key to use for the signing
1538 * @param purpose what to sign (size, purpose)
1539 * @param sig where to write the signature
1540 * @return #GNUNET_SYSERR on error, #GNUNET_OK on success
1543 GNUNET_CRYPTO_ecdsa_sign (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv,
1544 const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose,
1545 struct GNUNET_CRYPTO_EcdsaSignature *sig);
1549 * Verify EdDSA signature.
1551 * @param purpose what is the purpose that the signature should have?
1552 * @param validate block to validate (size, purpose, data)
1553 * @param sig signature that is being validated
1554 * @param pub public key of the signer
1555 * @returns #GNUNET_OK if ok, #GNUNET_SYSERR if invalid
1558 GNUNET_CRYPTO_eddsa_verify (uint32_t purpose,
1559 const struct GNUNET_CRYPTO_EccSignaturePurpose *validate,
1560 const struct GNUNET_CRYPTO_EddsaSignature *sig,
1561 const struct GNUNET_CRYPTO_EddsaPublicKey *pub);
1567 * Verify ECDSA signature.
1569 * @param purpose what is the purpose that the signature should have?
1570 * @param validate block to validate (size, purpose, data)
1571 * @param sig signature that is being validated
1572 * @param pub public key of the signer
1573 * @returns #GNUNET_OK if ok, #GNUNET_SYSERR if invalid
1576 GNUNET_CRYPTO_ecdsa_verify (uint32_t purpose,
1577 const struct GNUNET_CRYPTO_EccSignaturePurpose *validate,
1578 const struct GNUNET_CRYPTO_EcdsaSignature *sig,
1579 const struct GNUNET_CRYPTO_EcdsaPublicKey *pub);
1584 * Derive a private key from a given private key and a label.
1585 * Essentially calculates a private key 'h = H(l,P) * d mod n'
1586 * where n is the size of the ECC group and P is the public
1587 * key associated with the private key 'd'.
1589 * @param priv original private key
1590 * @param label label to use for key deriviation
1591 * @param context additional context to use for HKDF of 'h';
1592 * typically the name of the subsystem/application
1593 * @return derived private key
1595 struct GNUNET_CRYPTO_EcdsaPrivateKey *
1596 GNUNET_CRYPTO_ecdsa_private_key_derive (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv,
1598 const char *context);
1603 * Derive a public key from a given public key and a label.
1604 * Essentially calculates a public key 'V = H(l,P) * P'.
1606 * @param pub original public key
1607 * @param label label to use for key deriviation
1608 * @param context additional context to use for HKDF of 'h'.
1609 * typically the name of the subsystem/application
1610 * @param result where to write the derived public key
1613 GNUNET_CRYPTO_ecdsa_public_key_derive (const struct GNUNET_CRYPTO_EcdsaPublicKey *pub,
1615 const char *context,
1616 struct GNUNET_CRYPTO_EcdsaPublicKey *result);
1620 * Output the given MPI value to the given buffer in network
1621 * byte order. The MPI @a val may not be negative.
1623 * @param buf where to output to
1624 * @param size number of bytes in @a buf
1625 * @param val value to write to @a buf
1628 GNUNET_CRYPTO_mpi_print_unsigned (void *buf,
1634 * Convert data buffer into MPI value.
1635 * The buffer is interpreted as network
1636 * byte order, unsigned integer.
1638 * @param result where to store MPI value (allocated)
1639 * @param data raw data (GCRYMPI_FMT_USG)
1640 * @param size number of bytes in @a data
1643 GNUNET_CRYPTO_mpi_scan_unsigned (gcry_mpi_t *result,
1649 * Create a freshly generated paillier public key.
1651 * @param[out] public_key Where to store the public key?
1652 * @param[out] private_key Where to store the private key?
1655 GNUNET_CRYPTO_paillier_create (struct GNUNET_CRYPTO_PaillierPublicKey *public_key,
1656 struct GNUNET_CRYPTO_PaillierPrivateKey *private_key);
1660 * Encrypt a plaintext with a paillier public key.
1662 * @param public_key Public key to use.
1663 * @param m Plaintext to encrypt.
1664 * @param desired_ops How many homomorphic ops the caller intends to use
1665 * @param[out] ciphertext Encrytion of @a plaintext with @a public_key.
1666 * @return guaranteed number of supported homomorphic operations >= 1,
1667 * or desired_ops, in case that is lower,
1668 * or -1 if less than one homomorphic operation is possible
1671 GNUNET_CRYPTO_paillier_encrypt (const struct GNUNET_CRYPTO_PaillierPublicKey *public_key,
1674 struct GNUNET_CRYPTO_PaillierCiphertext *ciphertext);
1678 * Decrypt a paillier ciphertext with a private key.
1680 * @param private_key Private key to use for decryption.
1681 * @param public_key Public key to use for decryption.
1682 * @param ciphertext Ciphertext to decrypt.
1683 * @param[out] m Decryption of @a ciphertext with @private_key.
1686 GNUNET_CRYPTO_paillier_decrypt (const struct GNUNET_CRYPTO_PaillierPrivateKey *private_key,
1687 const struct GNUNET_CRYPTO_PaillierPublicKey *public_key,
1688 const struct GNUNET_CRYPTO_PaillierCiphertext *ciphertext,
1693 * Compute a ciphertext that represents the sum of the plaintext in @a x1 and @a x2
1695 * Note that this operation can only be done a finite number of times
1696 * before an overflow occurs.
1698 * @param public_key Public key to use for encryption.
1699 * @param c1 Paillier cipher text.
1700 * @param c2 Paillier cipher text.
1701 * @param[out] result Result of the homomorphic operation.
1702 * @return #GNUNET_OK if the result could be computed,
1703 * #GNUNET_SYSERR if no more homomorphic operations are remaining.
1706 GNUNET_CRYPTO_paillier_hom_add (const struct GNUNET_CRYPTO_PaillierPublicKey *public_key,
1707 const struct GNUNET_CRYPTO_PaillierCiphertext *c1,
1708 const struct GNUNET_CRYPTO_PaillierCiphertext *c2,
1709 struct GNUNET_CRYPTO_PaillierCiphertext *result);
1713 * Get the number of remaining supported homomorphic operations.
1715 * @param c Paillier cipher text.
1716 * @return the number of remaining homomorphic operations
1719 GNUNET_CRYPTO_paillier_hom_get_remaining (const struct GNUNET_CRYPTO_PaillierCiphertext *c);
1722 /* ********* Chaum-style RSA-based blind signatures ******************* */
1728 * The private information of an RSA key pair.
1730 struct GNUNET_CRYPTO_rsa_PrivateKey;
1733 * The public information of an RSA key pair.
1735 struct GNUNET_CRYPTO_rsa_PublicKey;
1738 * Key used to blind a message
1740 struct GNUNET_CRYPTO_rsa_BlindingKey;
1743 * @brief an RSA signature
1745 struct GNUNET_CRYPTO_rsa_Signature;
1749 * Create a new private key. Caller must free return value.
1751 * @param len length of the key in bits (i.e. 2048)
1752 * @return fresh private key
1754 struct GNUNET_CRYPTO_rsa_PrivateKey *
1755 GNUNET_CRYPTO_rsa_private_key_create (unsigned int len);
1759 * Free memory occupied by the private key.
1761 * @param key pointer to the memory to free
1764 GNUNET_CRYPTO_rsa_private_key_free (struct GNUNET_CRYPTO_rsa_PrivateKey *key);
1768 * Encode the private key in a format suitable for
1769 * storing it into a file.
1771 * @param key the private key
1772 * @param[out] buffer set to a buffer with the encoded key
1773 * @return size of memory allocatedin @a buffer
1776 GNUNET_CRYPTO_rsa_private_key_encode (const struct GNUNET_CRYPTO_rsa_PrivateKey *key,
1781 * Decode the private key from the data-format back
1782 * to the "normal", internal format.
1784 * @param buf the buffer where the private key data is stored
1785 * @param len the length of the data in @a buf
1786 * @return NULL on error
1788 struct GNUNET_CRYPTO_rsa_PrivateKey *
1789 GNUNET_CRYPTO_rsa_private_key_decode (const char *buf,
1794 * Duplicate the given private key
1796 * @param key the private key to duplicate
1797 * @return the duplicate key; NULL upon error
1799 struct GNUNET_CRYPTO_rsa_PrivateKey *
1800 GNUNET_CRYPTO_rsa_private_key_dup (const struct GNUNET_CRYPTO_rsa_PrivateKey *key);
1804 * Extract the public key of the given private key.
1806 * @param priv the private key
1807 * @retur NULL on error, otherwise the public key
1809 struct GNUNET_CRYPTO_rsa_PublicKey *
1810 GNUNET_CRYPTO_rsa_private_key_get_public (const struct GNUNET_CRYPTO_rsa_PrivateKey *priv);
1814 * Compute hash over the public key.
1816 * @param key public key to hash
1817 * @param hc where to store the hash code
1820 GNUNET_CRYPTO_rsa_public_key_hash (const struct GNUNET_CRYPTO_rsa_PublicKey *key,
1821 struct GNUNET_HashCode *hc);
1825 * Obtain the length of the RSA key in bits.
1827 * @param key the public key to introspect
1828 * @return length of the key in bits
1831 GNUNET_CRYPTO_rsa_public_key_len (const struct GNUNET_CRYPTO_rsa_PublicKey *key);
1835 * Free memory occupied by the public key.
1837 * @param key pointer to the memory to free
1840 GNUNET_CRYPTO_rsa_public_key_free (struct GNUNET_CRYPTO_rsa_PublicKey *key);
1844 * Encode the public key in a format suitable for
1845 * storing it into a file.
1847 * @param key the private key
1848 * @param[out] buffer set to a buffer with the encoded key
1849 * @return size of memory allocated in @a buffer
1852 GNUNET_CRYPTO_rsa_public_key_encode (const struct GNUNET_CRYPTO_rsa_PublicKey *key,
1857 * Decode the public key from the data-format back
1858 * to the "normal", internal format.
1860 * @param buf the buffer where the public key data is stored
1861 * @param len the length of the data in @a buf
1862 * @return NULL on error
1864 struct GNUNET_CRYPTO_rsa_PublicKey *
1865 GNUNET_CRYPTO_rsa_public_key_decode (const char *buf,
1870 * Duplicate the given public key
1872 * @param key the public key to duplicate
1873 * @return the duplicate key; NULL upon error
1875 struct GNUNET_CRYPTO_rsa_PublicKey *
1876 GNUNET_CRYPTO_rsa_public_key_dup (const struct GNUNET_CRYPTO_rsa_PublicKey *key);
1880 * Create a blinding key
1882 * @param len length of the key in bits (i.e. 2048)
1883 * @return the newly created blinding key
1885 struct GNUNET_CRYPTO_rsa_BlindingKey *
1886 GNUNET_CRYPTO_rsa_blinding_key_create (unsigned int len);
1890 * Compare the values of two blinding keys.
1893 * @param b2 the other key
1894 * @return 0 if the two are equal
1897 GNUNET_CRYPTO_rsa_blinding_key_cmp (struct GNUNET_CRYPTO_rsa_BlindingKey *b1,
1898 struct GNUNET_CRYPTO_rsa_BlindingKey *b2);
1902 * Compare the values of two signatures.
1904 * @param s1 one signature
1905 * @param s2 the other signature
1906 * @return 0 if the two are equal
1909 GNUNET_CRYPTO_rsa_signature_cmp (struct GNUNET_CRYPTO_rsa_Signature *s1,
1910 struct GNUNET_CRYPTO_rsa_Signature *s2);
1913 * Compare the values of two private keys.
1915 * @param p1 one private key
1916 * @param p2 the other private key
1917 * @return 0 if the two are equal
1920 GNUNET_CRYPTO_rsa_private_key_cmp (struct GNUNET_CRYPTO_rsa_PrivateKey *p1,
1921 struct GNUNET_CRYPTO_rsa_PrivateKey *p2);
1925 * Compare the values of two public keys.
1927 * @param p1 one public key
1928 * @param p2 the other public key
1929 * @return 0 if the two are equal
1932 GNUNET_CRYPTO_rsa_public_key_cmp (struct GNUNET_CRYPTO_rsa_PublicKey *p1,
1933 struct GNUNET_CRYPTO_rsa_PublicKey *p2);
1937 * Destroy a blinding key
1939 * @param bkey the blinding key to destroy
1942 GNUNET_CRYPTO_rsa_blinding_key_free (struct GNUNET_CRYPTO_rsa_BlindingKey *bkey);
1946 * Encode the blinding key in a format suitable for
1947 * storing it into a file.
1949 * @param bkey the blinding key
1950 * @param[out] buffer set to a buffer with the encoded key
1951 * @return size of memory allocated in @a buffer
1954 GNUNET_CRYPTO_rsa_blinding_key_encode (const struct GNUNET_CRYPTO_rsa_BlindingKey *bkey,
1959 * Decode the blinding key from the data-format back
1960 * to the "normal", internal format.
1962 * @param buf the buffer where the public key data is stored
1963 * @param len the length of the data in @a buf
1964 * @return NULL on error
1966 struct GNUNET_CRYPTO_rsa_BlindingKey *
1967 GNUNET_CRYPTO_rsa_blinding_key_decode (const char *buf,
1972 * Blinds the given message with the given blinding key
1974 * @param hash hash of the message to sign
1975 * @param bkey the blinding key
1976 * @param pkey the public key of the signer
1977 * @param[out] buffer set to a buffer with the blinded message to be signed
1978 * @return number of bytes stored in @a buffer
1981 GNUNET_CRYPTO_rsa_blind (const struct GNUNET_HashCode *hash,
1982 struct GNUNET_CRYPTO_rsa_BlindingKey *bkey,
1983 struct GNUNET_CRYPTO_rsa_PublicKey *pkey,
1988 * Sign the given message.
1990 * @param key private key to use for the signing
1991 * @param msg the (blinded) message to sign
1992 * @param msg_len number of bytes in @a msg to sign
1993 * @return NULL on error, signature on success
1995 struct GNUNET_CRYPTO_rsa_Signature *
1996 GNUNET_CRYPTO_rsa_sign (const struct GNUNET_CRYPTO_rsa_PrivateKey *key,
2002 * Free memory occupied by signature.
2004 * @param sig memory to free
2007 GNUNET_CRYPTO_rsa_signature_free (struct GNUNET_CRYPTO_rsa_Signature *sig);
2011 * Encode the given signature in a format suitable for storing it into a file.
2013 * @param sig the signature
2014 * @param[out] buffer set to a buffer with the encoded key
2015 * @return size of memory allocated in @a buffer
2018 GNUNET_CRYPTO_rsa_signature_encode (const struct GNUNET_CRYPTO_rsa_Signature *sig,
2023 * Decode the signature from the data-format back to the "normal", internal
2026 * @param buf the buffer where the public key data is stored
2027 * @param len the length of the data in @a buf
2028 * @return NULL on error
2030 struct GNUNET_CRYPTO_rsa_Signature *
2031 GNUNET_CRYPTO_rsa_signature_decode (const char *buf,
2036 * Duplicate the given rsa signature
2038 * @param sig the signature to duplicate
2039 * @return the duplicate key; NULL upon error
2041 struct GNUNET_CRYPTO_rsa_Signature *
2042 GNUNET_CRYPTO_rsa_signature_dup (const struct GNUNET_CRYPTO_rsa_Signature *sig);
2046 * Unblind a blind-signed signature. The signature should have been generated
2047 * with #GNUNET_CRYPTO_rsa_sign() using a hash that was blinded with
2048 * #GNUNET_CRYPTO_rsa_blind().
2050 * @param sig the signature made on the blinded signature purpose
2051 * @param bkey the blinding key used to blind the signature purpose
2052 * @param pkey the public key of the signer
2053 * @return unblinded signature on success, NULL on error
2055 struct GNUNET_CRYPTO_rsa_Signature *
2056 GNUNET_CRYPTO_rsa_unblind (struct GNUNET_CRYPTO_rsa_Signature *sig,
2057 struct GNUNET_CRYPTO_rsa_BlindingKey *bkey,
2058 struct GNUNET_CRYPTO_rsa_PublicKey *pkey);
2062 * Verify whether the given hash corresponds to the given signature and the
2063 * signature is valid with respect to the given public key.
2065 * @param hash the message to verify to match the @a sig
2066 * @param sig signature that is being validated
2067 * @param public_key public key of the signer
2068 * @returns #GNUNET_OK if ok, #GNUNET_SYSERR if invalid
2071 GNUNET_CRYPTO_rsa_verify (const struct GNUNET_HashCode *hash,
2072 const struct GNUNET_CRYPTO_rsa_Signature *sig,
2073 const struct GNUNET_CRYPTO_rsa_PublicKey *public_key);
2076 #if 0 /* keep Emacsens' auto-indent happy */
2084 /* ifndef GNUNET_CRYPTO_LIB_H */
2086 /* end of gnunet_crypto_lib.h */