2 This file is part of GNUnet.
3 Copyright (C) 2001-2013 Christian Grothoff (and other contributing authors)
5 GNUnet is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published
7 by the Free Software Foundation; either version 3, or (at your
8 option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with GNUnet; see the file COPYING. If not, write to the
17 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
18 Boston, MA 02110-1301, USA.
22 * @file include/gnunet_crypto_lib.h
23 * @brief cryptographic primitives for GNUnet
25 * @author Christian Grothoff
26 * @author Krista Bennett
27 * @author Gerd Knorr <kraxel@bytesex.org>
28 * @author Ioana Patrascu
29 * @author Tzvetan Horozov
31 * @defgroup crypto Crypto library: cryptographic operations
32 * Provides cryptographic primitives.
34 * @see [Documentation](https://gnunet.org/crypto-api)
36 * @defgroup hash Crypto library: hash operations
37 * Provides hashing and operations on hashes.
39 * @see [Documentation](https://gnunet.org/crypto-api)
42 #ifndef GNUNET_CRYPTO_LIB_H
43 #define GNUNET_CRYPTO_LIB_H
48 #if 0 /* keep Emacsens' auto-indent happy */
54 * @brief A 512-bit hashcode
56 struct GNUNET_HashCode;
59 * The identity of the host (wraps the signing key of the peer).
61 struct GNUNET_PeerIdentity;
63 #include "gnunet_common.h"
68 * @brief A 512-bit hashcode
70 struct GNUNET_HashCode
72 uint32_t bits[512 / 8 / sizeof (uint32_t)]; /* = 16 */
77 * Maximum length of an ECC signature.
78 * Note: round up to multiple of 8 minus 2 for alignment.
80 #define GNUNET_CRYPTO_ECC_SIGNATURE_DATA_ENCODING_LENGTH 126
84 * Desired quality level for random numbers.
87 enum GNUNET_CRYPTO_Quality
90 * No good quality of the operation is needed (i.e.,
91 * random numbers can be pseudo-random).
94 GNUNET_CRYPTO_QUALITY_WEAK,
97 * High-quality operations are desired.
100 GNUNET_CRYPTO_QUALITY_STRONG,
103 * Randomness for IVs etc. is required.
106 GNUNET_CRYPTO_QUALITY_NONCE
111 * @brief length of the sessionkey in bytes (256 BIT sessionkey)
113 #define GNUNET_CRYPTO_AES_KEY_LENGTH (256/8)
116 * Length of a hash value
118 #define GNUNET_CRYPTO_HASH_LENGTH (512/8)
121 * How many characters (without 0-terminator) are our ASCII-encoded
122 * public keys (ECDSA/EDDSA/ECDHE).
124 #define GNUNET_CRYPTO_PKEY_ASCII_LENGTH 52
127 * @brief 0-terminated ASCII encoding of a struct GNUNET_HashCode.
129 struct GNUNET_CRYPTO_HashAsciiEncoded
131 unsigned char encoding[104];
135 GNUNET_NETWORK_STRUCT_BEGIN
139 * @brief header of what an ECC signature signs
140 * this must be followed by "size - 8" bytes of
141 * the actual signed data
143 struct GNUNET_CRYPTO_EccSignaturePurpose
146 * How many bytes does this signature sign?
147 * (including this purpose header); in network
150 uint32_t size GNUNET_PACKED;
153 * What does this signature vouch for? This
154 * must contain a GNUNET_SIGNATURE_PURPOSE_XXX
155 * constant (from gnunet_signatures.h). In
156 * network byte order!
158 uint32_t purpose GNUNET_PACKED;
164 * @brief an ECC signature using EdDSA.
165 * See https://gnunet.org/ed25519
167 struct GNUNET_CRYPTO_EddsaSignature
173 unsigned char r[256 / 8];
178 unsigned char s[256 / 8];
185 * @brief an ECC signature using ECDSA
187 struct GNUNET_CRYPTO_EcdsaSignature
193 unsigned char r[256 / 8];
198 unsigned char s[256 / 8];
204 * Public ECC key (always for Curve25519) encoded in a format suitable
205 * for network transmission and EdDSA signatures.
207 struct GNUNET_CRYPTO_EddsaPublicKey
210 * Q consists of an x- and a y-value, each mod p (256 bits), given
211 * here in affine coordinates and Ed25519 standard compact format.
213 unsigned char q_y[256 / 8];
219 * Public ECC key (always for Curve25519) encoded in a format suitable
220 * for network transmission and ECDSA signatures.
222 struct GNUNET_CRYPTO_EcdsaPublicKey
225 * Q consists of an x- and a y-value, each mod p (256 bits), given
226 * here in affine coordinates and Ed25519 standard compact format.
228 unsigned char q_y[256 / 8];
234 * The identity of the host (wraps the signing key of the peer).
236 struct GNUNET_PeerIdentity
238 struct GNUNET_CRYPTO_EddsaPublicKey public_key;
243 * Public ECC key (always for Curve25519) encoded in a format suitable
244 * for network transmission and encryption (ECDH),
245 * See http://cr.yp.to/ecdh.html
247 struct GNUNET_CRYPTO_EcdhePublicKey
250 * Q consists of an x- and a y-value, each mod p (256 bits), given
251 * here in affine coordinates and Ed25519 standard compact format.
253 unsigned char q_y[256 / 8];
258 * Private ECC key encoded for transmission. To be used only for ECDH
259 * key exchange (ECDHE to be precise).
261 struct GNUNET_CRYPTO_EcdhePrivateKey
264 * d is a value mod n, where n has at most 256 bits.
266 unsigned char d[256 / 8];
271 * Private ECC key encoded for transmission. To be used only for ECDSA
274 struct GNUNET_CRYPTO_EcdsaPrivateKey
277 * d is a value mod n, where n has at most 256 bits.
279 unsigned char d[256 / 8];
284 * Private ECC key encoded for transmission. To be used only for EdDSA
287 struct GNUNET_CRYPTO_EddsaPrivateKey
290 * d is a value mod n, where n has at most 256 bits.
292 unsigned char d[256 / 8];
298 * @brief type for session keys
300 struct GNUNET_CRYPTO_SymmetricSessionKey
303 * Actual key for AES.
305 unsigned char aes_key[GNUNET_CRYPTO_AES_KEY_LENGTH];
308 * Actual key for TwoFish.
310 unsigned char twofish_key[GNUNET_CRYPTO_AES_KEY_LENGTH];
314 GNUNET_NETWORK_STRUCT_END
317 * @brief IV for sym cipher
319 * NOTE: must be smaller (!) in size than the
320 * `struct GNUNET_HashCode`.
322 struct GNUNET_CRYPTO_SymmetricInitializationVector
324 unsigned char aes_iv[GNUNET_CRYPTO_AES_KEY_LENGTH / 2];
326 unsigned char twofish_iv[GNUNET_CRYPTO_AES_KEY_LENGTH / 2];
331 * @brief type for (message) authentication keys
333 struct GNUNET_CRYPTO_AuthKey
335 unsigned char key[GNUNET_CRYPTO_HASH_LENGTH];
340 * Size of paillier plain texts and public keys.
341 * Private keys and ciphertexts are twice this size.
343 #define GNUNET_CRYPTO_PAILLIER_BITS 2048
347 * Paillier public key.
349 struct GNUNET_CRYPTO_PaillierPublicKey
354 unsigned char n[GNUNET_CRYPTO_PAILLIER_BITS / 8];
359 * Paillier public key.
361 struct GNUNET_CRYPTO_PaillierPrivateKey
364 * Lambda-component of the private key.
366 unsigned char lambda[GNUNET_CRYPTO_PAILLIER_BITS / 8];
368 * Mu-component of the private key.
370 unsigned char mu[GNUNET_CRYPTO_PAILLIER_BITS / 8];
375 * Paillier ciphertext.
377 struct GNUNET_CRYPTO_PaillierCiphertext
380 * Guaranteed minimum number of homomorphic operations with this ciphertext,
381 * in network byte order (NBO).
383 int32_t remaining_ops GNUNET_PACKED;
386 * The bits of the ciphertext.
388 unsigned char bits[GNUNET_CRYPTO_PAILLIER_BITS * 2 / 8];
392 /* **************** Functions and Macros ************* */
396 * Seed a weak random generator. Only #GNUNET_CRYPTO_QUALITY_WEAK-mode generator
399 * @param seed the seed to use
402 GNUNET_CRYPTO_seed_weak_random (int32_t seed);
406 * Perform an incremental step in a CRC16 (for TCP/IP) calculation.
408 * @param sum current sum, initially 0
409 * @param buf buffer to calculate CRC over (must be 16-bit aligned)
410 * @param len number of bytes in @a buf, must be multiple of 2
411 * @return updated crc sum (must be subjected to #GNUNET_CRYPTO_crc16_finish to get actual crc16)
414 GNUNET_CRYPTO_crc16_step (uint32_t sum,
420 * Convert results from GNUNET_CRYPTO_crc16_step to final crc16.
422 * @param sum cummulative sum
423 * @return crc16 value
426 GNUNET_CRYPTO_crc16_finish (uint32_t sum);
431 * Calculate the checksum of a buffer in one step.
433 * @param buf buffer to calculate CRC over (must be 16-bit aligned)
434 * @param len number of bytes in @a buf, must be multiple of 2
435 * @return crc16 value
438 GNUNET_CRYPTO_crc16_n (const void *buf,
444 * Compute the CRC32 checksum for the first len
445 * bytes of the buffer.
447 * @param buf the data over which we're taking the CRC
448 * @param len the length of the buffer @a buf in bytes
449 * @return the resulting CRC32 checksum
452 GNUNET_CRYPTO_crc32_n (const void *buf,
458 * Fill block with a random values.
460 * @param mode desired quality of the random number
461 * @param buffer the buffer to fill
462 * @param length buffer length
465 GNUNET_CRYPTO_random_block (enum GNUNET_CRYPTO_Quality mode,
471 * Produce a random value.
473 * @param mode desired quality of the random number
474 * @param i the upper limit (exclusive) for the random number
475 * @return a random value in the interval [0,@a i) (exclusive).
478 GNUNET_CRYPTO_random_u32 (enum GNUNET_CRYPTO_Quality mode,
484 * Random on unsigned 64-bit values.
486 * @param mode desired quality of the random number
487 * @param max value returned will be in range [0,@a max) (exclusive)
488 * @return random 64-bit number
491 GNUNET_CRYPTO_random_u64 (enum GNUNET_CRYPTO_Quality mode,
497 * Get an array with a random permutation of the
499 * @param mode #GNUNET_CRYPTO_QUALITY_STRONG if the strong (but expensive) PRNG should be used,
500 * #GNUNET_CRYPTO_QUALITY_WEAK or #GNUNET_CRYPTO_QUALITY_NONCE otherwise
501 * @param n the size of the array
502 * @return the permutation array (allocated from heap)
505 GNUNET_CRYPTO_random_permute (enum GNUNET_CRYPTO_Quality mode,
511 * Create a new random session key.
513 * @param key key to initialize
516 GNUNET_CRYPTO_symmetric_create_session_key (struct GNUNET_CRYPTO_SymmetricSessionKey *key);
521 * Encrypt a block using a symmetric sessionkey.
523 * @param block the block to encrypt
524 * @param size the size of the @a block
525 * @param sessionkey the key used to encrypt
526 * @param iv the initialization vector to use, use INITVALUE
528 * @return the size of the encrypted block, -1 for errors
531 GNUNET_CRYPTO_symmetric_encrypt (const void *block,
533 const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey,
534 const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv,
540 * Decrypt a given block using a symmetric sessionkey.
542 * @param block the data to decrypt, encoded as returned by encrypt
543 * @param size how big is the block?
544 * @param sessionkey the key used to decrypt
545 * @param iv the initialization vector to use
546 * @param result address to store the result at
547 * @return -1 on failure, size of decrypted block on success
550 GNUNET_CRYPTO_symmetric_decrypt (const void *block,
552 const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey,
553 const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv,
559 * @brief Derive an IV
560 * @param iv initialization vector
561 * @param skey session key
562 * @param salt salt for the derivation
563 * @param salt_len size of the @a salt
564 * @param ... pairs of void * & size_t for context chunks, terminated by NULL
567 GNUNET_CRYPTO_symmetric_derive_iv (struct GNUNET_CRYPTO_SymmetricInitializationVector *iv,
568 const struct GNUNET_CRYPTO_SymmetricSessionKey *skey,
570 size_t salt_len, ...);
574 * @brief Derive an IV
575 * @param iv initialization vector
576 * @param skey session key
577 * @param salt salt for the derivation
578 * @param salt_len size of the @a salt
579 * @param argp pairs of void * & size_t for context chunks, terminated by NULL
582 GNUNET_CRYPTO_symmetric_derive_iv_v (struct GNUNET_CRYPTO_SymmetricInitializationVector *iv,
583 const struct GNUNET_CRYPTO_SymmetricSessionKey *skey,
591 * Convert hash to ASCII encoding.
592 * @param block the hash code
593 * @param result where to store the encoding (struct GNUNET_CRYPTO_HashAsciiEncoded can be
594 * safely cast to char*, a '\\0' termination is set).
597 GNUNET_CRYPTO_hash_to_enc (const struct GNUNET_HashCode *block,
598 struct GNUNET_CRYPTO_HashAsciiEncoded *result);
603 * Convert ASCII encoding back to a 'struct GNUNET_HashCode'
605 * @param enc the encoding
606 * @param enclen number of characters in @a enc (without 0-terminator, which can be missing)
607 * @param result where to store the hash code
608 * @return #GNUNET_OK on success, #GNUNET_SYSERR if result has the wrong encoding
611 GNUNET_CRYPTO_hash_from_string2 (const char *enc,
613 struct GNUNET_HashCode *result);
618 * Convert ASCII encoding back to `struct GNUNET_HashCode`
620 * @param enc the encoding
621 * @param result where to store the hash code
622 * @return #GNUNET_OK on success, #GNUNET_SYSERR if result has the wrong encoding
624 #define GNUNET_CRYPTO_hash_from_string(enc, result) \
625 GNUNET_CRYPTO_hash_from_string2 (enc, strlen(enc), result)
631 * Compute the distance between 2 hashcodes. The
632 * computation must be fast, not involve @a a[0] or @a a[4] (they're used
633 * elsewhere), and be somewhat consistent. And of course, the result
634 * should be a positive number.
636 * @param a some hash code
637 * @param b some hash code
638 * @return number between 0 and UINT32_MAX
641 GNUNET_CRYPTO_hash_distance_u32 (const struct GNUNET_HashCode *a,
642 const struct GNUNET_HashCode *b);
647 * Compute hash of a given block.
649 * @param block the data to hash
650 * @param size size of the @a block
651 * @param ret pointer to where to write the hashcode
654 GNUNET_CRYPTO_hash (const void *block,
656 struct GNUNET_HashCode *ret);
660 * Context for cummulative hashing.
662 struct GNUNET_HashContext;
666 * Start incremental hashing operation.
668 * @return context for incremental hash computation
670 struct GNUNET_HashContext *
671 GNUNET_CRYPTO_hash_context_start (void);
675 * Add data to be hashed.
677 * @param hc cummulative hash context
678 * @param buf data to add
679 * @param size number of bytes in @a buf
682 GNUNET_CRYPTO_hash_context_read (struct GNUNET_HashContext *hc,
688 * Finish the hash computation.
690 * @param hc hash context to use, is freed in the process
691 * @param r_hash where to write the latest / final hash code
694 GNUNET_CRYPTO_hash_context_finish (struct GNUNET_HashContext *hc,
695 struct GNUNET_HashCode *r_hash);
699 * Abort hashing, do not bother calculating final result.
701 * @param hc hash context to destroy
704 GNUNET_CRYPTO_hash_context_abort (struct GNUNET_HashContext *hc);
709 * Calculate HMAC of a message (RFC 2104)
711 * @param key secret key
712 * @param plaintext input plaintext
713 * @param plaintext_len length of @a plaintext
714 * @param hmac where to store the hmac
717 GNUNET_CRYPTO_hmac (const struct GNUNET_CRYPTO_AuthKey *key,
718 const void *plaintext,
719 size_t plaintext_len,
720 struct GNUNET_HashCode *hmac);
724 * Function called once the hash computation over the
725 * specified file has completed.
728 * @param res resulting hash, NULL on error
731 (*GNUNET_CRYPTO_HashCompletedCallback) (void *cls,
732 const struct GNUNET_HashCode *res);
736 * Handle to file hashing operation.
738 struct GNUNET_CRYPTO_FileHashContext;
743 * Compute the hash of an entire file.
745 * @param priority scheduling priority to use
746 * @param filename name of file to hash
747 * @param blocksize number of bytes to process in one task
748 * @param callback function to call upon completion
749 * @param callback_cls closure for @a callback
750 * @return NULL on (immediate) errror
752 struct GNUNET_CRYPTO_FileHashContext *
753 GNUNET_CRYPTO_hash_file (enum GNUNET_SCHEDULER_Priority priority,
754 const char *filename,
756 GNUNET_CRYPTO_HashCompletedCallback callback,
761 * Cancel a file hashing operation.
763 * @param fhc operation to cancel (callback must not yet have been invoked)
766 GNUNET_CRYPTO_hash_file_cancel (struct GNUNET_CRYPTO_FileHashContext *fhc);
771 * Create a random hash code.
773 * @param mode desired quality level
774 * @param result hash code that is randomized
777 GNUNET_CRYPTO_hash_create_random (enum GNUNET_CRYPTO_Quality mode,
778 struct GNUNET_HashCode *result);
783 * compute @a result = @a b - @a a
785 * @param a some hash code
786 * @param b some hash code
787 * @param result set to @a b - @a a
790 GNUNET_CRYPTO_hash_difference (const struct GNUNET_HashCode *a,
791 const struct GNUNET_HashCode *b,
792 struct GNUNET_HashCode *result);
797 * compute @a result = @a a + @a delta
799 * @param a some hash code
800 * @param delta some hash code
801 * @param result set to @a a + @a delta
804 GNUNET_CRYPTO_hash_sum (const struct GNUNET_HashCode *a,
805 const struct GNUNET_HashCode *delta,
806 struct GNUNET_HashCode *result);
811 * compute result = a ^ b
813 * @param a some hash code
814 * @param b some hash code
815 * @param result set to @a a ^ @a b
818 GNUNET_CRYPTO_hash_xor (const struct GNUNET_HashCode *a,
819 const struct GNUNET_HashCode *b,
820 struct GNUNET_HashCode *result);
825 * Convert a hashcode into a key.
827 * @param hc hash code that serves to generate the key
828 * @param skey set to a valid session key
829 * @param iv set to a valid initialization vector
832 GNUNET_CRYPTO_hash_to_aes_key (const struct GNUNET_HashCode * hc,
833 struct GNUNET_CRYPTO_SymmetricSessionKey *skey,
834 struct GNUNET_CRYPTO_SymmetricInitializationVector *iv);
839 * Obtain a bit from a hashcode.
841 * @param code the `struct GNUNET_HashCode` to index bit-wise
842 * @param bit index into the hashcode, [0...159]
843 * @return Bit \a bit from hashcode \a code, -1 for invalid index
846 GNUNET_CRYPTO_hash_get_bit (const struct GNUNET_HashCode *code,
852 * Determine how many low order bits match in two
853 * `struct GNUNET_HashCodes`. i.e. - 010011 and 011111 share
854 * the first two lowest order bits, and therefore the
855 * return value is two (NOT XOR distance, nor how many
856 * bits match absolutely!).
858 * @param first the first hashcode
859 * @param second the hashcode to compare first to
860 * @return the number of bits that match
863 GNUNET_CRYPTO_hash_matching_bits (const struct GNUNET_HashCode *first,
864 const struct GNUNET_HashCode *second);
869 * Compare function for HashCodes, producing a total ordering
872 * @param h1 some hash code
873 * @param h2 some hash code
874 * @return 1 if @a h1 > @a h2, -1 if @a h1 < @a h2 and 0 if @a h1 == @a h2.
877 GNUNET_CRYPTO_hash_cmp (const struct GNUNET_HashCode *h1,
878 const struct GNUNET_HashCode *h2);
883 * Find out which of the two GNUNET_CRYPTO_hash codes is closer to target
884 * in the XOR metric (Kademlia).
886 * @param h1 some hash code
887 * @param h2 some hash code
888 * @param target some hash code
889 * @return -1 if @a h1 is closer, 1 if @a h2 is closer and 0 if @a h1== @a h2.
892 GNUNET_CRYPTO_hash_xorcmp (const struct GNUNET_HashCode *h1,
893 const struct GNUNET_HashCode *h2,
894 const struct GNUNET_HashCode *target);
899 * @brief Derive an authentication key
900 * @param key authentication key
901 * @param rkey root key
903 * @param salt_len size of the salt
904 * @param argp pair of void * & size_t for context chunks, terminated by NULL
907 GNUNET_CRYPTO_hmac_derive_key_v (struct GNUNET_CRYPTO_AuthKey *key,
908 const struct GNUNET_CRYPTO_SymmetricSessionKey *rkey,
909 const void *salt, size_t salt_len,
915 * @brief Derive an authentication key
916 * @param key authentication key
917 * @param rkey root key
919 * @param salt_len size of the salt
920 * @param ... pair of void * & size_t for context chunks, terminated by NULL
923 GNUNET_CRYPTO_hmac_derive_key (struct GNUNET_CRYPTO_AuthKey *key,
924 const struct GNUNET_CRYPTO_SymmetricSessionKey *rkey,
925 const void *salt, size_t salt_len,
932 * @param result buffer for the derived key, allocated by caller
933 * @param out_len desired length of the derived key
934 * @param xtr_algo hash algorithm for the extraction phase, GCRY_MD_...
935 * @param prf_algo hash algorithm for the expansion phase, GCRY_MD_...
937 * @param xts_len length of @a xts
938 * @param skm source key material
939 * @param skm_len length of @a skm
940 * @param ... pair of void * & size_t for context chunks, terminated by NULL
941 * @return #GNUNET_YES on success
944 GNUNET_CRYPTO_hkdf (void *result,
958 * @param result buffer for the derived key, allocated by caller
959 * @param out_len desired length of the derived key
960 * @param xtr_algo hash algorithm for the extraction phase, GCRY_MD_...
961 * @param prf_algo hash algorithm for the expansion phase, GCRY_MD_...
963 * @param xts_len length of @a xts
964 * @param skm source key material
965 * @param skm_len length of @a skm
966 * @param argp va_list of void * & size_t pairs for context chunks
967 * @return #GNUNET_YES on success
970 GNUNET_CRYPTO_hkdf_v (void *result,
983 * @param result buffer for the derived key, allocated by caller
984 * @param out_len desired length of the derived key
986 * @param xts_len length of @a xts
987 * @param skm source key material
988 * @param skm_len length of @a skm
989 * @param argp va_list of void * & size_t pairs for context chunks
990 * @return #GNUNET_YES on success
993 GNUNET_CRYPTO_kdf_v (void *result,
1005 * @param result buffer for the derived key, allocated by caller
1006 * @param out_len desired length of the derived key
1008 * @param xts_len length of @a xts
1009 * @param skm source key material
1010 * @param skm_len length of @a skm
1011 * @param ... void * & size_t pairs for context chunks
1012 * @return #GNUNET_YES on success
1015 GNUNET_CRYPTO_kdf (void *result,
1026 * Extract the public key for the given private key.
1028 * @param priv the private key
1029 * @param pub where to write the public key
1032 GNUNET_CRYPTO_ecdsa_key_get_public (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv,
1033 struct GNUNET_CRYPTO_EcdsaPublicKey *pub);
1037 * Extract the public key for the given private key.
1039 * @param priv the private key
1040 * @param pub where to write the public key
1043 GNUNET_CRYPTO_eddsa_key_get_public (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv,
1044 struct GNUNET_CRYPTO_EddsaPublicKey *pub);
1050 * Extract the public key for the given private key.
1052 * @param priv the private key
1053 * @param pub where to write the public key
1056 GNUNET_CRYPTO_ecdhe_key_get_public (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv,
1057 struct GNUNET_CRYPTO_EcdhePublicKey *pub);
1061 * Convert a public key to a string.
1063 * @param pub key to convert
1064 * @return string representing @a pub
1067 GNUNET_CRYPTO_ecdsa_public_key_to_string (const struct GNUNET_CRYPTO_EcdsaPublicKey *pub);
1071 * Convert a public key to a string.
1073 * @param pub key to convert
1074 * @return string representing @a pub
1077 GNUNET_CRYPTO_eddsa_public_key_to_string (const struct GNUNET_CRYPTO_EddsaPublicKey *pub);
1081 * Convert a string representing a public key to a public key.
1083 * @param enc encoded public key
1084 * @param enclen number of bytes in @a enc (without 0-terminator)
1085 * @param pub where to store the public key
1086 * @return #GNUNET_OK on success
1089 GNUNET_CRYPTO_ecdsa_public_key_from_string (const char *enc,
1091 struct GNUNET_CRYPTO_EcdsaPublicKey *pub);
1095 * Convert a string representing a private key to a private key.
1097 * @param enc encoded public key
1098 * @param enclen number of bytes in @a enc (without 0-terminator)
1099 * @param priv where to store the private key
1100 * @return #GNUNET_OK on success
1103 GNUNET_CRYPTO_eddsa_private_key_from_string (const char *enc,
1105 struct GNUNET_CRYPTO_EddsaPrivateKey *pub);
1109 * Convert a string representing a public key to a public key.
1111 * @param enc encoded public key
1112 * @param enclen number of bytes in @a enc (without 0-terminator)
1113 * @param pub where to store the public key
1114 * @return #GNUNET_OK on success
1117 GNUNET_CRYPTO_eddsa_public_key_from_string (const char *enc,
1119 struct GNUNET_CRYPTO_EddsaPublicKey *pub);
1124 * Create a new private key by reading it from a file. If the
1125 * files does not exist, create a new key and write it to the
1126 * file. Caller must free return value. Note that this function
1127 * can not guarantee that another process might not be trying
1128 * the same operation on the same file at the same time.
1129 * If the contents of the file
1130 * are invalid the old file is deleted and a fresh key is
1133 * @param filename name of file to use to store the key
1134 * @return new private key, NULL on error (for example,
1135 * permission denied); free using #GNUNET_free
1137 struct GNUNET_CRYPTO_EcdsaPrivateKey *
1138 GNUNET_CRYPTO_ecdsa_key_create_from_file (const char *filename);
1143 * Create a new private key by reading it from a file. If the
1144 * files does not exist, create a new key and write it to the
1145 * file. Caller must free return value. Note that this function
1146 * can not guarantee that another process might not be trying
1147 * the same operation on the same file at the same time.
1148 * If the contents of the file
1149 * are invalid the old file is deleted and a fresh key is
1152 * @param filename name of file to use to store the key
1153 * @return new private key, NULL on error (for example,
1154 * permission denied); free using #GNUNET_free
1156 struct GNUNET_CRYPTO_EddsaPrivateKey *
1157 GNUNET_CRYPTO_eddsa_key_create_from_file (const char *filename);
1161 * Forward declaration to simplify #include-structure.
1163 struct GNUNET_CONFIGURATION_Handle;
1168 * Create a new private key by reading our peer's key from
1169 * the file specified in the configuration.
1171 * @param cfg the configuration to use
1172 * @return new private key, NULL on error (for example,
1173 * permission denied); free using #GNUNET_free
1175 struct GNUNET_CRYPTO_EddsaPrivateKey *
1176 GNUNET_CRYPTO_eddsa_key_create_from_configuration (const struct GNUNET_CONFIGURATION_Handle *cfg);
1181 * Create a new private key. Caller must free return value.
1183 * @return fresh private key; free using #GNUNET_free
1185 struct GNUNET_CRYPTO_EcdsaPrivateKey *
1186 GNUNET_CRYPTO_ecdsa_key_create (void);
1191 * Create a new private key. Caller must free return value.
1193 * @return fresh private key; free using #GNUNET_free
1195 struct GNUNET_CRYPTO_EddsaPrivateKey *
1196 GNUNET_CRYPTO_eddsa_key_create (void);
1201 * Create a new private key. Caller must free return value.
1203 * @return fresh private key; free using #GNUNET_free
1205 struct GNUNET_CRYPTO_EcdhePrivateKey *
1206 GNUNET_CRYPTO_ecdhe_key_create (void);
1211 * Clear memory that was used to store a private key.
1213 * @param pk location of the key
1216 GNUNET_CRYPTO_eddsa_key_clear (struct GNUNET_CRYPTO_EddsaPrivateKey *pk);
1221 * Clear memory that was used to store a private key.
1223 * @param pk location of the key
1226 GNUNET_CRYPTO_ecdsa_key_clear (struct GNUNET_CRYPTO_EcdsaPrivateKey *pk);
1231 * Clear memory that was used to store a private key.
1233 * @param pk location of the key
1236 GNUNET_CRYPTO_ecdhe_key_clear (struct GNUNET_CRYPTO_EcdhePrivateKey *pk);
1241 * Get the shared private key we use for anonymous users.
1243 * @return "anonymous" private key; do not free
1245 const struct GNUNET_CRYPTO_EcdsaPrivateKey *
1246 GNUNET_CRYPTO_ecdsa_key_get_anonymous (void);
1251 * Setup a hostkey file for a peer given the name of the
1252 * configuration file (!). This function is used so that
1253 * at a later point code can be certain that reading a
1254 * hostkey is fast (for example in time-dependent testcases).
1256 * @param cfg_name name of the configuration file to use
1259 GNUNET_CRYPTO_eddsa_setup_hostkey (const char *cfg_name);
1264 * Retrieve the identity of the host's peer.
1266 * @param cfg configuration to use
1267 * @param dst pointer to where to write the peer identity
1268 * @return #GNUNET_OK on success, #GNUNET_SYSERR if the identity
1269 * could not be retrieved
1272 GNUNET_CRYPTO_get_peer_identity (const struct GNUNET_CONFIGURATION_Handle *cfg,
1273 struct GNUNET_PeerIdentity *dst);
1277 * Compare two Peer Identities.
1279 * @param first first peer identity
1280 * @param second second peer identity
1281 * @return bigger than 0 if first > second,
1282 * 0 if they are the same
1283 * smaller than 0 if second > first
1286 GNUNET_CRYPTO_cmp_peer_identity (const struct GNUNET_PeerIdentity *first,
1287 const struct GNUNET_PeerIdentity *second);
1291 * Internal structure used to cache pre-calculated values for DLOG calculation.
1293 struct GNUNET_CRYPTO_EccDlogContext;
1297 * Point on a curve (always for Curve25519) encoded in a format suitable
1298 * for network transmission (ECDH), see http://cr.yp.to/ecdh.html.
1300 struct GNUNET_CRYPTO_EccPoint
1303 * Q consists of an x- and a y-value, each mod p (256 bits), given
1304 * here in affine coordinates and Ed25519 standard compact format.
1306 unsigned char q_y[256 / 8];
1311 * Do pre-calculation for ECC discrete logarithm for small factors.
1313 * @param max maximum value the factor can be
1314 * @param mem memory to use (should be smaller than @a max), must not be zero.
1315 * @return @a max if dlog failed, otherwise the factor
1317 struct GNUNET_CRYPTO_EccDlogContext *
1318 GNUNET_CRYPTO_ecc_dlog_prepare (unsigned int max,
1323 * Calculate ECC discrete logarithm for small factors.
1324 * Opposite of #GNUNET_CRYPTO_ecc_dexp().
1326 * @param dlc precalculated values, determine range of factors
1327 * @param input point on the curve to factor
1328 * @return `dlc->max` if dlog failed, otherwise the factor
1331 GNUNET_CRYPTO_ecc_dlog (struct GNUNET_CRYPTO_EccDlogContext *edc,
1332 gcry_mpi_point_t input);
1336 * Multiply the generator g of the elliptic curve by @a val
1337 * to obtain the point on the curve representing @a val.
1338 * Afterwards, point addition will correspond to integer
1339 * addition. #GNUNET_CRYPTO_ecc_dlog() can be used to
1340 * convert a point back to an integer (as long as the
1341 * integer is smaller than the MAX of the @a edc context).
1343 * @param edc calculation context for ECC operations
1344 * @param val value to encode into a point
1345 * @return representation of the value as an ECC point,
1346 * must be freed using #GNUNET_CRYPTO_ecc_free()
1349 GNUNET_CRYPTO_ecc_dexp (struct GNUNET_CRYPTO_EccDlogContext *edc,
1354 * Multiply the generator g of the elliptic curve by @a val
1355 * to obtain the point on the curve representing @a val.
1357 * @param edc calculation context for ECC operations
1358 * @param val (positive) value to encode into a point
1359 * @return representation of the value as an ECC point,
1360 * must be freed using #GNUNET_CRYPTO_ecc_free()
1363 GNUNET_CRYPTO_ecc_dexp_mpi (struct GNUNET_CRYPTO_EccDlogContext *edc,
1368 * Multiply the point @a p on the elliptic curve by @a val.
1370 * @param edc calculation context for ECC operations
1371 * @param p point to multiply
1372 * @param val (positive) value to encode into a point
1373 * @return representation of the value as an ECC point,
1374 * must be freed using #GNUNET_CRYPTO_ecc_free()
1377 GNUNET_CRYPTO_ecc_pmul_mpi (struct GNUNET_CRYPTO_EccDlogContext *edc,
1383 * Convert point value to binary representation.
1385 * @param edc calculation context for ECC operations
1386 * @param point computational point representation
1387 * @param[out] bin binary point representation
1390 GNUNET_CRYPTO_ecc_point_to_bin (struct GNUNET_CRYPTO_EccDlogContext *edc,
1391 gcry_mpi_point_t point,
1392 struct GNUNET_CRYPTO_EccPoint *bin);
1396 * Convert binary representation of a point to computational representation.
1398 * @param edc calculation context for ECC operations
1399 * @param bin binary point representation
1400 * @return computational representation
1403 GNUNET_CRYPTO_ecc_bin_to_point (struct GNUNET_CRYPTO_EccDlogContext *edc,
1404 const struct GNUNET_CRYPTO_EccPoint *bin);
1408 * Add two points on the elliptic curve.
1410 * @param edc calculation context for ECC operations
1411 * @param a some value
1412 * @param b some value
1413 * @return @a a + @a b, must be freed using #GNUNET_CRYPTO_ecc_free()
1416 GNUNET_CRYPTO_ecc_add (struct GNUNET_CRYPTO_EccDlogContext *edc,
1418 gcry_mpi_point_t b);
1422 * Obtain a random point on the curve and its
1423 * additive inverse. Both returned values
1424 * must be freed using #GNUNET_CRYPTO_ecc_free().
1426 * @param edc calculation context for ECC operations
1427 * @param[out] r set to a random point on the curve
1428 * @param[out] r_inv set to the additive inverse of @a r
1431 GNUNET_CRYPTO_ecc_rnd (struct GNUNET_CRYPTO_EccDlogContext *edc,
1432 gcry_mpi_point_t *r,
1433 gcry_mpi_point_t *r_inv);
1437 * Obtain a random scalar for point multiplication on the curve and
1438 * its multiplicative inverse.
1440 * @param edc calculation context for ECC operations
1441 * @param[out] r set to a random scalar on the curve
1442 * @param[out] r_inv set to the multiplicative inverse of @a r
1445 GNUNET_CRYPTO_ecc_rnd_mpi (struct GNUNET_CRYPTO_EccDlogContext *edc,
1451 * Generate a random value mod n.
1453 * @param edc ECC context
1454 * @return random value mod n.
1457 GNUNET_CRYPTO_ecc_random_mod_n (struct GNUNET_CRYPTO_EccDlogContext *edc);
1461 * Free a point value returned by the API.
1463 * @param p point to free
1466 GNUNET_CRYPTO_ecc_free (gcry_mpi_point_t p);
1470 * Release precalculated values.
1472 * @param dlc dlog context
1475 GNUNET_CRYPTO_ecc_dlog_release (struct GNUNET_CRYPTO_EccDlogContext *dlc);
1480 * Derive key material from a public and a private ECC key.
1482 * @param priv private key to use for the ECDH (x)
1483 * @param pub public key to use for the ECDH (yG)
1484 * @param key_material where to write the key material (xyG)
1485 * @return #GNUNET_SYSERR on error, #GNUNET_OK on success
1488 GNUNET_CRYPTO_ecc_ecdh (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv,
1489 const struct GNUNET_CRYPTO_EcdhePublicKey *pub,
1490 struct GNUNET_HashCode *key_material);
1495 * Derive key material from a ECDH public key and a private EdDSA key.
1496 * Dual to #GNUNET_CRRYPTO_ecdh_eddsa.
1498 * @param priv private key from EdDSA to use for the ECDH (x)
1499 * @param pub public key to use for the ECDH (yG)
1500 * @param key_material where to write the key material H(h(x)yG)
1501 * @return #GNUNET_SYSERR on error, #GNUNET_OK on success
1504 GNUNET_CRYPTO_eddsa_ecdh (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv,
1505 const struct GNUNET_CRYPTO_EcdhePublicKey *pub,
1506 struct GNUNET_HashCode *key_material);
1510 * Derive key material from a ECDH public key and a private ECDSA key.
1511 * Dual to #GNUNET_CRRYPTO_ecdh_ecdsa.
1513 * @param priv private key from ECDSA to use for the ECDH (x)
1514 * @param pub public key to use for the ECDH (yG)
1515 * @param key_material where to write the key material H(h(x)yG)
1516 * @return #GNUNET_SYSERR on error, #GNUNET_OK on success
1519 GNUNET_CRYPTO_ecdsa_ecdh (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv,
1520 const struct GNUNET_CRYPTO_EcdhePublicKey *pub,
1521 struct GNUNET_HashCode *key_material);
1526 * Derive key material from a EdDSA public key and a private ECDH key.
1527 * Dual to #GNUNET_CRRYPTO_eddsa_ecdh.
1529 * @param priv private key to use for the ECDH (y)
1530 * @param pub public key from EdDSA to use for the ECDH (X=h(x)G)
1531 * @param key_material where to write the key material H(yX)=H(h(x)yG)
1532 * @return #GNUNET_SYSERR on error, #GNUNET_OK on success
1535 GNUNET_CRYPTO_ecdh_eddsa (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv,
1536 const struct GNUNET_CRYPTO_EddsaPublicKey *pub,
1537 struct GNUNET_HashCode *key_material);
1541 * Derive key material from a EcDSA public key and a private ECDH key.
1542 * Dual to #GNUNET_CRRYPTO_ecdsa_ecdh.
1544 * @param priv private key to use for the ECDH (y)
1545 * @param pub public key from ECDSA to use for the ECDH (X=h(x)G)
1546 * @param key_material where to write the key material H(yX)=H(h(x)yG)
1547 * @return #GNUNET_SYSERR on error, #GNUNET_OK on success
1550 GNUNET_CRYPTO_ecdh_ecdsa (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv,
1551 const struct GNUNET_CRYPTO_EcdsaPublicKey *pub,
1552 struct GNUNET_HashCode *key_material);
1557 * EdDSA sign a given block.
1559 * @param priv private key to use for the signing
1560 * @param purpose what to sign (size, purpose)
1561 * @param sig where to write the signature
1562 * @return #GNUNET_SYSERR on error, #GNUNET_OK on success
1565 GNUNET_CRYPTO_eddsa_sign (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv,
1566 const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose,
1567 struct GNUNET_CRYPTO_EddsaSignature *sig);
1572 * ECDSA Sign a given block.
1574 * @param priv private key to use for the signing
1575 * @param purpose what to sign (size, purpose)
1576 * @param sig where to write the signature
1577 * @return #GNUNET_SYSERR on error, #GNUNET_OK on success
1580 GNUNET_CRYPTO_ecdsa_sign (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv,
1581 const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose,
1582 struct GNUNET_CRYPTO_EcdsaSignature *sig);
1586 * Verify EdDSA signature.
1588 * @param purpose what is the purpose that the signature should have?
1589 * @param validate block to validate (size, purpose, data)
1590 * @param sig signature that is being validated
1591 * @param pub public key of the signer
1592 * @returns #GNUNET_OK if ok, #GNUNET_SYSERR if invalid
1595 GNUNET_CRYPTO_eddsa_verify (uint32_t purpose,
1596 const struct GNUNET_CRYPTO_EccSignaturePurpose *validate,
1597 const struct GNUNET_CRYPTO_EddsaSignature *sig,
1598 const struct GNUNET_CRYPTO_EddsaPublicKey *pub);
1604 * Verify ECDSA signature.
1606 * @param purpose what is the purpose that the signature should have?
1607 * @param validate block to validate (size, purpose, data)
1608 * @param sig signature that is being validated
1609 * @param pub public key of the signer
1610 * @returns #GNUNET_OK if ok, #GNUNET_SYSERR if invalid
1613 GNUNET_CRYPTO_ecdsa_verify (uint32_t purpose,
1614 const struct GNUNET_CRYPTO_EccSignaturePurpose *validate,
1615 const struct GNUNET_CRYPTO_EcdsaSignature *sig,
1616 const struct GNUNET_CRYPTO_EcdsaPublicKey *pub);
1621 * Derive a private key from a given private key and a label.
1622 * Essentially calculates a private key 'h = H(l,P) * d mod n'
1623 * where n is the size of the ECC group and P is the public
1624 * key associated with the private key 'd'.
1626 * @param priv original private key
1627 * @param label label to use for key deriviation
1628 * @param context additional context to use for HKDF of 'h';
1629 * typically the name of the subsystem/application
1630 * @return derived private key
1632 struct GNUNET_CRYPTO_EcdsaPrivateKey *
1633 GNUNET_CRYPTO_ecdsa_private_key_derive (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv,
1635 const char *context);
1640 * Derive a public key from a given public key and a label.
1641 * Essentially calculates a public key 'V = H(l,P) * P'.
1643 * @param pub original public key
1644 * @param label label to use for key deriviation
1645 * @param context additional context to use for HKDF of 'h'.
1646 * typically the name of the subsystem/application
1647 * @param result where to write the derived public key
1650 GNUNET_CRYPTO_ecdsa_public_key_derive (const struct GNUNET_CRYPTO_EcdsaPublicKey *pub,
1652 const char *context,
1653 struct GNUNET_CRYPTO_EcdsaPublicKey *result);
1657 * Output the given MPI value to the given buffer in network
1658 * byte order. The MPI @a val may not be negative.
1660 * @param buf where to output to
1661 * @param size number of bytes in @a buf
1662 * @param val value to write to @a buf
1665 GNUNET_CRYPTO_mpi_print_unsigned (void *buf,
1671 * Convert data buffer into MPI value.
1672 * The buffer is interpreted as network
1673 * byte order, unsigned integer.
1675 * @param result where to store MPI value (allocated)
1676 * @param data raw data (GCRYMPI_FMT_USG)
1677 * @param size number of bytes in @a data
1680 GNUNET_CRYPTO_mpi_scan_unsigned (gcry_mpi_t *result,
1686 * Create a freshly generated paillier public key.
1688 * @param[out] public_key Where to store the public key?
1689 * @param[out] private_key Where to store the private key?
1692 GNUNET_CRYPTO_paillier_create (struct GNUNET_CRYPTO_PaillierPublicKey *public_key,
1693 struct GNUNET_CRYPTO_PaillierPrivateKey *private_key);
1697 * Encrypt a plaintext with a paillier public key.
1699 * @param public_key Public key to use.
1700 * @param m Plaintext to encrypt.
1701 * @param desired_ops How many homomorphic ops the caller intends to use
1702 * @param[out] ciphertext Encrytion of @a plaintext with @a public_key.
1703 * @return guaranteed number of supported homomorphic operations >= 1,
1704 * or desired_ops, in case that is lower,
1705 * or -1 if less than one homomorphic operation is possible
1708 GNUNET_CRYPTO_paillier_encrypt (const struct GNUNET_CRYPTO_PaillierPublicKey *public_key,
1711 struct GNUNET_CRYPTO_PaillierCiphertext *ciphertext);
1715 * Decrypt a paillier ciphertext with a private key.
1717 * @param private_key Private key to use for decryption.
1718 * @param public_key Public key to use for decryption.
1719 * @param ciphertext Ciphertext to decrypt.
1720 * @param[out] m Decryption of @a ciphertext with @private_key.
1723 GNUNET_CRYPTO_paillier_decrypt (const struct GNUNET_CRYPTO_PaillierPrivateKey *private_key,
1724 const struct GNUNET_CRYPTO_PaillierPublicKey *public_key,
1725 const struct GNUNET_CRYPTO_PaillierCiphertext *ciphertext,
1730 * Compute a ciphertext that represents the sum of the plaintext in @a x1 and @a x2
1732 * Note that this operation can only be done a finite number of times
1733 * before an overflow occurs.
1735 * @param public_key Public key to use for encryption.
1736 * @param c1 Paillier cipher text.
1737 * @param c2 Paillier cipher text.
1738 * @param[out] result Result of the homomorphic operation.
1739 * @return #GNUNET_OK if the result could be computed,
1740 * #GNUNET_SYSERR if no more homomorphic operations are remaining.
1743 GNUNET_CRYPTO_paillier_hom_add (const struct GNUNET_CRYPTO_PaillierPublicKey *public_key,
1744 const struct GNUNET_CRYPTO_PaillierCiphertext *c1,
1745 const struct GNUNET_CRYPTO_PaillierCiphertext *c2,
1746 struct GNUNET_CRYPTO_PaillierCiphertext *result);
1750 * Get the number of remaining supported homomorphic operations.
1752 * @param c Paillier cipher text.
1753 * @return the number of remaining homomorphic operations
1756 GNUNET_CRYPTO_paillier_hom_get_remaining (const struct GNUNET_CRYPTO_PaillierCiphertext *c);
1759 /* ********* Chaum-style RSA-based blind signatures ******************* */
1765 * The private information of an RSA key pair.
1767 struct GNUNET_CRYPTO_rsa_PrivateKey;
1770 * The public information of an RSA key pair.
1772 struct GNUNET_CRYPTO_rsa_PublicKey;
1775 * Key used to blind a message
1777 struct GNUNET_CRYPTO_rsa_BlindingKey;
1780 * @brief an RSA signature
1782 struct GNUNET_CRYPTO_rsa_Signature;
1786 * Create a new private key. Caller must free return value.
1788 * @param len length of the key in bits (i.e. 2048)
1789 * @return fresh private key
1791 struct GNUNET_CRYPTO_rsa_PrivateKey *
1792 GNUNET_CRYPTO_rsa_private_key_create (unsigned int len);
1796 * Free memory occupied by the private key.
1798 * @param key pointer to the memory to free
1801 GNUNET_CRYPTO_rsa_private_key_free (struct GNUNET_CRYPTO_rsa_PrivateKey *key);
1805 * Encode the private key in a format suitable for
1806 * storing it into a file.
1808 * @param key the private key
1809 * @param[out] buffer set to a buffer with the encoded key
1810 * @return size of memory allocatedin @a buffer
1813 GNUNET_CRYPTO_rsa_private_key_encode (const struct GNUNET_CRYPTO_rsa_PrivateKey *key,
1818 * Decode the private key from the data-format back
1819 * to the "normal", internal format.
1821 * @param buf the buffer where the private key data is stored
1822 * @param len the length of the data in @a buf
1823 * @return NULL on error
1825 struct GNUNET_CRYPTO_rsa_PrivateKey *
1826 GNUNET_CRYPTO_rsa_private_key_decode (const char *buf,
1831 * Duplicate the given private key
1833 * @param key the private key to duplicate
1834 * @return the duplicate key; NULL upon error
1836 struct GNUNET_CRYPTO_rsa_PrivateKey *
1837 GNUNET_CRYPTO_rsa_private_key_dup (const struct GNUNET_CRYPTO_rsa_PrivateKey *key);
1841 * Extract the public key of the given private key.
1843 * @param priv the private key
1844 * @retur NULL on error, otherwise the public key
1846 struct GNUNET_CRYPTO_rsa_PublicKey *
1847 GNUNET_CRYPTO_rsa_private_key_get_public (const struct GNUNET_CRYPTO_rsa_PrivateKey *priv);
1851 * Compute hash over the public key.
1853 * @param key public key to hash
1854 * @param hc where to store the hash code
1857 GNUNET_CRYPTO_rsa_public_key_hash (const struct GNUNET_CRYPTO_rsa_PublicKey *key,
1858 struct GNUNET_HashCode *hc);
1862 * Obtain the length of the RSA key in bits.
1864 * @param key the public key to introspect
1865 * @return length of the key in bits
1868 GNUNET_CRYPTO_rsa_public_key_len (const struct GNUNET_CRYPTO_rsa_PublicKey *key);
1872 * Free memory occupied by the public key.
1874 * @param key pointer to the memory to free
1877 GNUNET_CRYPTO_rsa_public_key_free (struct GNUNET_CRYPTO_rsa_PublicKey *key);
1881 * Encode the public key in a format suitable for
1882 * storing it into a file.
1884 * @param key the private key
1885 * @param[out] buffer set to a buffer with the encoded key
1886 * @return size of memory allocated in @a buffer
1889 GNUNET_CRYPTO_rsa_public_key_encode (const struct GNUNET_CRYPTO_rsa_PublicKey *key,
1894 * Decode the public key from the data-format back
1895 * to the "normal", internal format.
1897 * @param buf the buffer where the public key data is stored
1898 * @param len the length of the data in @a buf
1899 * @return NULL on error
1901 struct GNUNET_CRYPTO_rsa_PublicKey *
1902 GNUNET_CRYPTO_rsa_public_key_decode (const char *buf,
1907 * Duplicate the given public key
1909 * @param key the public key to duplicate
1910 * @return the duplicate key; NULL upon error
1912 struct GNUNET_CRYPTO_rsa_PublicKey *
1913 GNUNET_CRYPTO_rsa_public_key_dup (const struct GNUNET_CRYPTO_rsa_PublicKey *key);
1917 * Create a blinding key
1919 * @param len length of the key in bits (i.e. 2048)
1920 * @return the newly created blinding key
1922 struct GNUNET_CRYPTO_rsa_BlindingKey *
1923 GNUNET_CRYPTO_rsa_blinding_key_create (unsigned int len);
1927 * Compare the values of two blinding keys.
1930 * @param b2 the other key
1931 * @return 0 if the two are equal
1934 GNUNET_CRYPTO_rsa_blinding_key_cmp (struct GNUNET_CRYPTO_rsa_BlindingKey *b1,
1935 struct GNUNET_CRYPTO_rsa_BlindingKey *b2);
1939 * Compare the values of two signatures.
1941 * @param s1 one signature
1942 * @param s2 the other signature
1943 * @return 0 if the two are equal
1946 GNUNET_CRYPTO_rsa_signature_cmp (struct GNUNET_CRYPTO_rsa_Signature *s1,
1947 struct GNUNET_CRYPTO_rsa_Signature *s2);
1950 * Compare the values of two private keys.
1952 * @param p1 one private key
1953 * @param p2 the other private key
1954 * @return 0 if the two are equal
1957 GNUNET_CRYPTO_rsa_private_key_cmp (struct GNUNET_CRYPTO_rsa_PrivateKey *p1,
1958 struct GNUNET_CRYPTO_rsa_PrivateKey *p2);
1962 * Compare the values of two public keys.
1964 * @param p1 one public key
1965 * @param p2 the other public key
1966 * @return 0 if the two are equal
1969 GNUNET_CRYPTO_rsa_public_key_cmp (struct GNUNET_CRYPTO_rsa_PublicKey *p1,
1970 struct GNUNET_CRYPTO_rsa_PublicKey *p2);
1974 * Destroy a blinding key
1976 * @param bkey the blinding key to destroy
1979 GNUNET_CRYPTO_rsa_blinding_key_free (struct GNUNET_CRYPTO_rsa_BlindingKey *bkey);
1983 * Encode the blinding key in a format suitable for
1984 * storing it into a file.
1986 * @param bkey the blinding key
1987 * @param[out] buffer set to a buffer with the encoded key
1988 * @return size of memory allocated in @a buffer
1991 GNUNET_CRYPTO_rsa_blinding_key_encode (const struct GNUNET_CRYPTO_rsa_BlindingKey *bkey,
1996 * Decode the blinding key from the data-format back
1997 * to the "normal", internal format.
1999 * @param buf the buffer where the public key data is stored
2000 * @param len the length of the data in @a buf
2001 * @return NULL on error
2003 struct GNUNET_CRYPTO_rsa_BlindingKey *
2004 GNUNET_CRYPTO_rsa_blinding_key_decode (const char *buf,
2009 * Blinds the given message with the given blinding key
2011 * @param hash hash of the message to sign
2012 * @param bkey the blinding key
2013 * @param pkey the public key of the signer
2014 * @param[out] buffer set to a buffer with the blinded message to be signed
2015 * @return number of bytes stored in @a buffer
2018 GNUNET_CRYPTO_rsa_blind (const struct GNUNET_HashCode *hash,
2019 struct GNUNET_CRYPTO_rsa_BlindingKey *bkey,
2020 struct GNUNET_CRYPTO_rsa_PublicKey *pkey,
2025 * Sign the given message.
2027 * @param key private key to use for the signing
2028 * @param msg the (blinded) message to sign
2029 * @param msg_len number of bytes in @a msg to sign
2030 * @return NULL on error, signature on success
2032 struct GNUNET_CRYPTO_rsa_Signature *
2033 GNUNET_CRYPTO_rsa_sign (const struct GNUNET_CRYPTO_rsa_PrivateKey *key,
2039 * Free memory occupied by signature.
2041 * @param sig memory to free
2044 GNUNET_CRYPTO_rsa_signature_free (struct GNUNET_CRYPTO_rsa_Signature *sig);
2048 * Encode the given signature in a format suitable for storing it into a file.
2050 * @param sig the signature
2051 * @param[out] buffer set to a buffer with the encoded key
2052 * @return size of memory allocated in @a buffer
2055 GNUNET_CRYPTO_rsa_signature_encode (const struct GNUNET_CRYPTO_rsa_Signature *sig,
2060 * Decode the signature from the data-format back to the "normal", internal
2063 * @param buf the buffer where the public key data is stored
2064 * @param len the length of the data in @a buf
2065 * @return NULL on error
2067 struct GNUNET_CRYPTO_rsa_Signature *
2068 GNUNET_CRYPTO_rsa_signature_decode (const char *buf,
2073 * Duplicate the given rsa signature
2075 * @param sig the signature to duplicate
2076 * @return the duplicate key; NULL upon error
2078 struct GNUNET_CRYPTO_rsa_Signature *
2079 GNUNET_CRYPTO_rsa_signature_dup (const struct GNUNET_CRYPTO_rsa_Signature *sig);
2083 * Unblind a blind-signed signature. The signature should have been generated
2084 * with #GNUNET_CRYPTO_rsa_sign() using a hash that was blinded with
2085 * #GNUNET_CRYPTO_rsa_blind().
2087 * @param sig the signature made on the blinded signature purpose
2088 * @param bkey the blinding key used to blind the signature purpose
2089 * @param pkey the public key of the signer
2090 * @return unblinded signature on success, NULL on error
2092 struct GNUNET_CRYPTO_rsa_Signature *
2093 GNUNET_CRYPTO_rsa_unblind (struct GNUNET_CRYPTO_rsa_Signature *sig,
2094 struct GNUNET_CRYPTO_rsa_BlindingKey *bkey,
2095 struct GNUNET_CRYPTO_rsa_PublicKey *pkey);
2099 * Verify whether the given hash corresponds to the given signature and the
2100 * signature is valid with respect to the given public key.
2102 * @param hash the message to verify to match the @a sig
2103 * @param sig signature that is being validated
2104 * @param public_key public key of the signer
2105 * @returns #GNUNET_OK if ok, #GNUNET_SYSERR if invalid
2108 GNUNET_CRYPTO_rsa_verify (const struct GNUNET_HashCode *hash,
2109 const struct GNUNET_CRYPTO_rsa_Signature *sig,
2110 const struct GNUNET_CRYPTO_rsa_PublicKey *public_key);
2113 #if 0 /* keep Emacsens' auto-indent happy */
2121 /* ifndef GNUNET_CRYPTO_LIB_H */
2123 /* end of gnunet_crypto_lib.h */