2 This file is part of GNUnet.
3 (C) 2001-2013 Christian Grothoff (and other contributing authors)
5 GNUnet is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published
7 by the Free Software Foundation; either version 3, or (at your
8 option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with GNUnet; see the file COPYING. If not, write to the
17 Free Software Foundation, Inc., 59 Temple Place - Suite 330,
18 Boston, MA 02111-1307, USA.
22 * @file include/gnunet_crypto_lib.h
23 * @brief cryptographic primitives for GNUnet
25 * @author Christian Grothoff
26 * @author Krista Bennett
27 * @author Gerd Knorr <kraxel@bytesex.org>
28 * @author Ioana Patrascu
29 * @author Tzvetan Horozov
31 * @defgroup crypto Cryptographic operations
32 * @defgroup hash Hashing and operations on hashes
35 #ifndef GNUNET_CRYPTO_LIB_H
36 #define GNUNET_CRYPTO_LIB_H
41 #if 0 /* keep Emacsens' auto-indent happy */
46 #include "gnunet_common.h"
47 #include "gnunet_scheduler_lib.h"
51 * Maximum length of an ECC signature.
52 * Note: round up to multiple of 8 minus 2 for alignment.
54 #define GNUNET_CRYPTO_ECC_SIGNATURE_DATA_ENCODING_LENGTH 126
58 * Desired quality level for cryptographic operations.
60 enum GNUNET_CRYPTO_Quality
63 * No good quality of the operation is needed (i.e.,
64 * random numbers can be pseudo-random).
66 GNUNET_CRYPTO_QUALITY_WEAK,
69 * High-quality operations are desired.
71 GNUNET_CRYPTO_QUALITY_STRONG,
74 * Randomness for IVs etc. is required.
76 GNUNET_CRYPTO_QUALITY_NONCE
81 * @brief length of the sessionkey in bytes (256 BIT sessionkey)
83 #define GNUNET_CRYPTO_AES_KEY_LENGTH (256/8)
86 * Length of a hash value
88 #define GNUNET_CRYPTO_HASH_LENGTH (512/8)
91 * @brief 0-terminated ASCII encoding of a struct GNUNET_HashCode.
93 struct GNUNET_CRYPTO_HashAsciiEncoded
95 unsigned char encoding[104];
99 GNUNET_NETWORK_STRUCT_BEGIN
103 * @brief header of what an ECC signature signs
104 * this must be followed by "size - 8" bytes of
105 * the actual signed data
107 struct GNUNET_CRYPTO_EccSignaturePurpose
110 * How many bytes does this signature sign?
111 * (including this purpose header); in network
114 uint32_t size GNUNET_PACKED;
117 * What does this signature vouch for? This
118 * must contain a GNUNET_SIGNATURE_PURPOSE_XXX
119 * constant (from gnunet_signatures.h). In
120 * network byte order!
122 uint32_t purpose GNUNET_PACKED;
128 * @brief an ECC signature
130 struct GNUNET_CRYPTO_EccSignature
136 unsigned char r[256 / 8];
141 unsigned char s[256 / 8];
147 * Public ECC key (always for NIST P-521) encoded in a format suitable
148 * for network transmission.
150 struct GNUNET_CRYPTO_EccPublicKey
153 * Q consists of an x- and a y-value, each mod p (256 bits),
154 * given here in affine coordinates.
156 unsigned char q_x[256 / 8];
159 * Q consists of an x- and a y-value, each mod p (256 bits),
160 * given here in affine coordinates.
162 unsigned char q_y[256 / 8];
168 * Private ECC key encoded for transmission.
170 struct GNUNET_CRYPTO_EccPrivateKey
173 * d is a value mod n, where n has at most 256 bits.
175 unsigned char d[256 / 8];
181 * @brief type for session keys
183 struct GNUNET_CRYPTO_AesSessionKey
188 unsigned char key[GNUNET_CRYPTO_AES_KEY_LENGTH];
191 GNUNET_NETWORK_STRUCT_END
194 * @brief IV for sym cipher
196 * NOTE: must be smaller (!) in size than the
197 * struct GNUNET_HashCode.
199 struct GNUNET_CRYPTO_AesInitializationVector
201 unsigned char iv[GNUNET_CRYPTO_AES_KEY_LENGTH / 2];
206 * @brief type for (message) authentication keys
208 struct GNUNET_CRYPTO_AuthKey
210 unsigned char key[GNUNET_CRYPTO_HASH_LENGTH];
214 /* **************** Functions and Macros ************* */
218 * Seed a weak random generator. Only #GNUNET_CRYPTO_QUALITY_WEAK-mode generator
221 * @param seed the seed to use
224 GNUNET_CRYPTO_seed_weak_random (int32_t seed);
228 * Perform an incremental step in a CRC16 (for TCP/IP) calculation.
230 * @param sum current sum, initially 0
231 * @param buf buffer to calculate CRC over (must be 16-bit aligned)
232 * @param len number of bytes in @a buf, must be multiple of 2
233 * @return updated crc sum (must be subjected to GNUNET_CRYPTO_crc16_finish to get actual crc16)
236 GNUNET_CRYPTO_crc16_step (uint32_t sum, const void *buf, size_t len);
240 * Convert results from GNUNET_CRYPTO_crc16_step to final crc16.
242 * @param sum cummulative sum
243 * @return crc16 value
246 GNUNET_CRYPTO_crc16_finish (uint32_t sum);
251 * Calculate the checksum of a buffer in one step.
253 * @param buf buffer to calculate CRC over (must be 16-bit aligned)
254 * @param len number of bytes in @a buf, must be multiple of 2
255 * @return crc16 value
258 GNUNET_CRYPTO_crc16_n (const void *buf, size_t len);
263 * Compute the CRC32 checksum for the first len
264 * bytes of the buffer.
266 * @param buf the data over which we're taking the CRC
267 * @param len the length of the buffer @a buf in bytes
268 * @return the resulting CRC32 checksum
271 GNUNET_CRYPTO_crc32_n (const void *buf, size_t len);
276 * Produce a random value.
278 * @param mode desired quality of the random number
279 * @param i the upper limit (exclusive) for the random number
280 * @return a random value in the interval [0,@a i) (exclusive).
283 GNUNET_CRYPTO_random_u32 (enum GNUNET_CRYPTO_Quality mode, uint32_t i);
288 * Random on unsigned 64-bit values.
290 * @param mode desired quality of the random number
291 * @param max value returned will be in range [0,@a max) (exclusive)
292 * @return random 64-bit number
295 GNUNET_CRYPTO_random_u64 (enum GNUNET_CRYPTO_Quality mode, uint64_t max);
300 * Get an array with a random permutation of the
302 * @param mode #GNUNET_CRYPTO_QUALITY_STRONG if the strong (but expensive) PRNG should be used,
303 * #GNUNET_CRYPTO_QUALITY_WEAK or #GNUNET_CRYPTO_QUALITY_NONCE otherwise
304 * @param n the size of the array
305 * @return the permutation array (allocated from heap)
308 GNUNET_CRYPTO_random_permute (enum GNUNET_CRYPTO_Quality mode, unsigned int n);
313 * Create a new random session key.
315 * @param key key to initialize
318 GNUNET_CRYPTO_aes_create_session_key (struct GNUNET_CRYPTO_AesSessionKey *key);
323 * Encrypt a block using a symmetric sessionkey.
325 * @param block the block to encrypt
326 * @param len the size of the block
327 * @param sessionkey the key used to encrypt
328 * @param iv the initialization vector to use, use INITVALUE
330 * @return the size of the encrypted block, -1 for errors
333 GNUNET_CRYPTO_aes_encrypt (const void *block, size_t len,
334 const struct GNUNET_CRYPTO_AesSessionKey *sessionkey,
335 const struct GNUNET_CRYPTO_AesInitializationVector
341 * Decrypt a given block using a symmetric sessionkey.
343 * @param block the data to decrypt, encoded as returned by encrypt
344 * @param size how big is the block?
345 * @param sessionkey the key used to decrypt
346 * @param iv the initialization vector to use
347 * @param result address to store the result at
348 * @return -1 on failure, size of decrypted block on success
351 GNUNET_CRYPTO_aes_decrypt (const void *block, size_t size,
352 const struct GNUNET_CRYPTO_AesSessionKey *sessionkey,
353 const struct GNUNET_CRYPTO_AesInitializationVector
359 * @brief Derive an IV
360 * @param iv initialization vector
361 * @param skey session key
362 * @param salt salt for the derivation
363 * @param salt_len size of the salt
364 * @param ... pairs of void * & size_t for context chunks, terminated by NULL
367 GNUNET_CRYPTO_aes_derive_iv (struct GNUNET_CRYPTO_AesInitializationVector *iv,
368 const struct GNUNET_CRYPTO_AesSessionKey *skey,
369 const void *salt, size_t salt_len, ...);
373 * @brief Derive an IV
374 * @param iv initialization vector
375 * @param skey session key
376 * @param salt salt for the derivation
377 * @param salt_len size of the salt
378 * @param argp pairs of void * & size_t for context chunks, terminated by NULL
381 GNUNET_CRYPTO_aes_derive_iv_v (struct GNUNET_CRYPTO_AesInitializationVector *iv,
382 const struct GNUNET_CRYPTO_AesSessionKey *skey,
383 const void *salt, size_t salt_len, va_list argp);
388 * Convert hash to ASCII encoding.
389 * @param block the hash code
390 * @param result where to store the encoding (struct GNUNET_CRYPTO_HashAsciiEncoded can be
391 * safely cast to char*, a '\\0' termination is set).
394 GNUNET_CRYPTO_hash_to_enc (const struct GNUNET_HashCode * block,
395 struct GNUNET_CRYPTO_HashAsciiEncoded *result);
400 * Convert ASCII encoding back to a 'struct GNUNET_HashCode'
402 * @param enc the encoding
403 * @param enclen number of characters in @a enc (without 0-terminator, which can be missing)
404 * @param result where to store the hash code
405 * @return #GNUNET_OK on success, #GNUNET_SYSERR if result has the wrong encoding
408 GNUNET_CRYPTO_hash_from_string2 (const char *enc, size_t enclen,
409 struct GNUNET_HashCode *result);
414 * Convert ASCII encoding back to struct GNUNET_HashCode
416 * @param enc the encoding
417 * @param result where to store the hash code
418 * @return GNUNET_OK on success, GNUNET_SYSERR if result has the wrong encoding
420 #define GNUNET_CRYPTO_hash_from_string(enc, result) \
421 GNUNET_CRYPTO_hash_from_string2 (enc, strlen(enc), result)
426 * Compute the distance between 2 hashcodes.
427 * The computation must be fast, not involve
428 * a.a or a.e (they're used elsewhere), and
429 * be somewhat consistent. And of course, the
430 * result should be a positive number.
432 * @param a some hash code
433 * @param b some hash code
434 * @return number between 0 and UINT32_MAX
437 GNUNET_CRYPTO_hash_distance_u32 (const struct GNUNET_HashCode * a,
438 const struct GNUNET_HashCode * b);
443 * Compute hash of a given block.
445 * @param block the data to hash
446 * @param size size of the @a block
447 * @param ret pointer to where to write the hashcode
450 GNUNET_CRYPTO_hash (const void *block, size_t size, struct GNUNET_HashCode * ret);
455 * Calculate HMAC of a message (RFC 2104)
457 * @param key secret key
458 * @param plaintext input plaintext
459 * @param plaintext_len length of @a plaintext
460 * @param hmac where to store the hmac
463 GNUNET_CRYPTO_hmac (const struct GNUNET_CRYPTO_AuthKey *key,
464 const void *plaintext, size_t plaintext_len,
465 struct GNUNET_HashCode * hmac);
469 * Function called once the hash computation over the
470 * specified file has completed.
473 * @param res resulting hash, NULL on error
475 typedef void (*GNUNET_CRYPTO_HashCompletedCallback) (void *cls,
476 const struct GNUNET_HashCode *
481 * Handle to file hashing operation.
483 struct GNUNET_CRYPTO_FileHashContext;
488 * Compute the hash of an entire file.
490 * @param priority scheduling priority to use
491 * @param filename name of file to hash
492 * @param blocksize number of bytes to process in one task
493 * @param callback function to call upon completion
494 * @param callback_cls closure for callback
495 * @return NULL on (immediate) errror
497 struct GNUNET_CRYPTO_FileHashContext *
498 GNUNET_CRYPTO_hash_file (enum GNUNET_SCHEDULER_Priority priority,
499 const char *filename, size_t blocksize,
500 GNUNET_CRYPTO_HashCompletedCallback callback,
505 * Cancel a file hashing operation.
507 * @param fhc operation to cancel (callback must not yet have been invoked)
510 GNUNET_CRYPTO_hash_file_cancel (struct GNUNET_CRYPTO_FileHashContext *fhc);
515 * Create a random hash code.
517 * @param mode desired quality level
518 * @param result hash code that is randomized
521 GNUNET_CRYPTO_hash_create_random (enum GNUNET_CRYPTO_Quality mode,
522 struct GNUNET_HashCode * result);
527 * compute result(delta) = b - a
529 * @param a some hash code
530 * @param b some hash code
531 * @param result set to @a b - @a a
534 GNUNET_CRYPTO_hash_difference (const struct GNUNET_HashCode * a,
535 const struct GNUNET_HashCode * b,
536 struct GNUNET_HashCode * result);
541 * compute result(b) = a + delta
543 * @param a some hash code
544 * @param delta some hash code
545 * @param result set to @a a + @a delta
548 GNUNET_CRYPTO_hash_sum (const struct GNUNET_HashCode * a,
549 const struct GNUNET_HashCode * delta,
550 struct GNUNET_HashCode * result);
555 * compute result = a ^ b
557 * @param a some hash code
558 * @param b some hash code
559 * @param result set to @a a ^ @a b
562 GNUNET_CRYPTO_hash_xor (const struct GNUNET_HashCode * a, const struct GNUNET_HashCode * b,
563 struct GNUNET_HashCode * result);
568 * Convert a hashcode into a key.
570 * @param hc hash code that serves to generate the key
571 * @param skey set to a valid session key
572 * @param iv set to a valid initialization vector
575 GNUNET_CRYPTO_hash_to_aes_key (const struct GNUNET_HashCode * hc,
576 struct GNUNET_CRYPTO_AesSessionKey *skey,
577 struct GNUNET_CRYPTO_AesInitializationVector
583 * Obtain a bit from a hashcode.
585 * @param code the GNUNET_CRYPTO_hash to index bit-wise
586 * @param bit index into the hashcode, [0...159]
587 * @return Bit \a bit from hashcode \a code, -1 for invalid index
590 GNUNET_CRYPTO_hash_get_bit (const struct GNUNET_HashCode * code, unsigned int bit);
595 * Determine how many low order bits match in two
596 * struct GNUNET_HashCodes. i.e. - 010011 and 011111 share
597 * the first two lowest order bits, and therefore the
598 * return value is two (NOT XOR distance, nor how many
599 * bits match absolutely!).
601 * @param first the first hashcode
602 * @param second the hashcode to compare first to
603 * @return the number of bits that match
606 GNUNET_CRYPTO_hash_matching_bits (const struct GNUNET_HashCode * first,
607 const struct GNUNET_HashCode * second);
612 * Compare function for HashCodes, producing a total ordering
615 * @param h1 some hash code
616 * @param h2 some hash code
617 * @return 1 if h1 > h2, -1 if h1 < h2 and 0 if h1 == h2.
620 GNUNET_CRYPTO_hash_cmp (const struct GNUNET_HashCode * h1, const struct GNUNET_HashCode * h2);
625 * Find out which of the two GNUNET_CRYPTO_hash codes is closer to target
626 * in the XOR metric (Kademlia).
628 * @param h1 some hash code
629 * @param h2 some hash code
630 * @param target some hash code
631 * @return -1 if h1 is closer, 1 if h2 is closer and 0 if h1==h2.
634 GNUNET_CRYPTO_hash_xorcmp (const struct GNUNET_HashCode * h1,
635 const struct GNUNET_HashCode * h2,
636 const struct GNUNET_HashCode * target);
641 * @brief Derive an authentication key
642 * @param key authentication key
643 * @param rkey root key
645 * @param salt_len size of the salt
646 * @param argp pair of void * & size_t for context chunks, terminated by NULL
649 GNUNET_CRYPTO_hmac_derive_key_v (struct GNUNET_CRYPTO_AuthKey *key,
650 const struct GNUNET_CRYPTO_AesSessionKey *rkey,
651 const void *salt, size_t salt_len,
657 * @brief Derive an authentication key
658 * @param key authentication key
659 * @param rkey root key
661 * @param salt_len size of the salt
662 * @param ... pair of void * & size_t for context chunks, terminated by NULL
665 GNUNET_CRYPTO_hmac_derive_key (struct GNUNET_CRYPTO_AuthKey *key,
666 const struct GNUNET_CRYPTO_AesSessionKey *rkey,
667 const void *salt, size_t salt_len, ...);
673 * @param result buffer for the derived key, allocated by caller
674 * @param out_len desired length of the derived key
675 * @param xtr_algo hash algorithm for the extraction phase, GCRY_MD_...
676 * @param prf_algo hash algorithm for the expansion phase, GCRY_MD_...
678 * @param xts_len length of xts
679 * @param skm source key material
680 * @param skm_len length of skm
681 * @param ... pair of void * & size_t for context chunks, terminated by NULL
682 * @return GNUNET_YES on success
685 GNUNET_CRYPTO_hkdf (void *result, size_t out_len, int xtr_algo, int prf_algo,
686 const void *xts, size_t xts_len, const void *skm,
687 size_t skm_len, ...);
693 * @param result buffer for the derived key, allocated by caller
694 * @param out_len desired length of the derived key
695 * @param xtr_algo hash algorithm for the extraction phase, GCRY_MD_...
696 * @param prf_algo hash algorithm for the expansion phase, GCRY_MD_...
698 * @param xts_len length of xts
699 * @param skm source key material
700 * @param skm_len length of skm
701 * @param argp va_list of void * & size_t pairs for context chunks
702 * @return GNUNET_YES on success
705 GNUNET_CRYPTO_hkdf_v (void *result, size_t out_len, int xtr_algo, int prf_algo,
706 const void *xts, size_t xts_len, const void *skm,
707 size_t skm_len, va_list argp);
712 * @param result buffer for the derived key, allocated by caller
713 * @param out_len desired length of the derived key
715 * @param xts_len length of xts
716 * @param skm source key material
717 * @param skm_len length of skm
718 * @param argp va_list of void * & size_t pairs for context chunks
719 * @return GNUNET_YES on success
722 GNUNET_CRYPTO_kdf_v (void *result, size_t out_len, const void *xts,
723 size_t xts_len, const void *skm, size_t skm_len,
730 * @param result buffer for the derived key, allocated by caller
731 * @param out_len desired length of the derived key
733 * @param xts_len length of xts
734 * @param skm source key material
735 * @param skm_len length of skm
736 * @param ... void * & size_t pairs for context chunks
737 * @return GNUNET_YES on success
740 GNUNET_CRYPTO_kdf (void *result, size_t out_len, const void *xts,
741 size_t xts_len, const void *skm, size_t skm_len, ...);
745 * Function called upon completion of 'GNUNET_CRYPTO_ecc_key_create_async'.
748 * @param pk NULL on error, otherwise the private key (which must be free'd by the callee)
749 * @param emsg NULL on success, otherwise an error message
751 typedef void (*GNUNET_CRYPTO_EccKeyCallback)(void *cls,
752 struct GNUNET_CRYPTO_EccPrivateKey *pk,
758 * Free memory occupied by ECC key
760 * @param priv pointer to the memory to free
763 GNUNET_CRYPTO_ecc_key_free (struct GNUNET_CRYPTO_EccPrivateKey *priv);
768 * Extract the public key for the given private key.
770 * @param priv the private key
771 * @param pub where to write the public key
774 GNUNET_CRYPTO_ecc_key_get_public (const struct GNUNET_CRYPTO_EccPrivateKey *priv,
775 struct GNUNET_CRYPTO_EccPublicKey *pub);
779 * Convert a public key to a string.
781 * @param pub key to convert
782 * @return string representing 'pub'
785 GNUNET_CRYPTO_ecc_public_key_to_string (const struct GNUNET_CRYPTO_EccPublicKey *pub);
789 * Convert a string representing a public key to a public key.
791 * @param enc encoded public key
792 * @param enclen number of bytes in enc (without 0-terminator)
793 * @param pub where to store the public key
794 * @return GNUNET_OK on success
797 GNUNET_CRYPTO_ecc_public_key_from_string (const char *enc,
799 struct GNUNET_CRYPTO_EccPublicKey *pub);
804 * Create a new private key by reading it from a file. If the
805 * files does not exist, create a new key and write it to the
806 * file. Caller must free return value. Note that this function
807 * can not guarantee that another process might not be trying
808 * the same operation on the same file at the same time.
809 * If the contents of the file
810 * are invalid the old file is deleted and a fresh key is
813 * @param filename name of file to use to store the key
814 * @return new private key, NULL on error (for example,
817 struct GNUNET_CRYPTO_EccPrivateKey *
818 GNUNET_CRYPTO_ecc_key_create_from_file (const char *filename);
823 * Create a new private key by reading our peer's key from
824 * the file specified in the configuration.
826 * @return new private key, NULL on error (for example,
829 struct GNUNET_CRYPTO_EccPrivateKey *
830 GNUNET_CRYPTO_ecc_key_create_from_configuration (const struct GNUNET_CONFIGURATION_Handle *cfg);
835 * Create a new private key. Caller must free return value.
837 * @return fresh private key
839 struct GNUNET_CRYPTO_EccPrivateKey *
840 GNUNET_CRYPTO_ecc_key_create (void);
845 * Get the shared private key we use for anonymous users.
847 * @return "anonymous" private key
849 const struct GNUNET_CRYPTO_EccPrivateKey *
850 GNUNET_CRYPTO_ecc_key_get_anonymous (void);
855 * Setup a hostkey file for a peer given the name of the
856 * configuration file (!). This function is used so that
857 * at a later point code can be certain that reading a
858 * hostkey is fast (for example in time-dependent testcases).
860 * @param cfg_name name of the configuration file to use
863 GNUNET_CRYPTO_ecc_setup_hostkey (const char *cfg_name);
868 * Retrieve the identity of the host's peer.
870 * @param cfg configuration to use
871 * @param dst pointer to where to write the peer identity
872 * @return #GNUNET_OK on success, #GNUNET_SYSERR if the identity
873 * could not be retrieved
876 GNUNET_CRYPTO_get_host_identity (const struct GNUNET_CONFIGURATION_Handle *cfg,
877 struct GNUNET_PeerIdentity *dst);
882 * Derive key material from a public and a private ECC key.
884 * @param priv private key to use for the ECDH (x)
885 * @param pub public key to use for the ECDY (yG)
886 * @param key_material where to write the key material (xyG)
887 * @return #GNUNET_SYSERR on error, #GNUNET_OK on success
890 GNUNET_CRYPTO_ecc_ecdh (const struct GNUNET_CRYPTO_EccPrivateKey *priv,
891 const struct GNUNET_CRYPTO_EccPublicKey *pub,
892 struct GNUNET_HashCode *key_material);
897 * Sign a given block.
899 * @param priv private key to use for the signing
900 * @param purpose what to sign (size, purpose)
901 * @param sig where to write the signature
902 * @return #GNUNET_SYSERR on error, #GNUNET_OK on success
905 GNUNET_CRYPTO_ecc_sign (const struct GNUNET_CRYPTO_EccPrivateKey *priv,
906 const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose,
907 struct GNUNET_CRYPTO_EccSignature *sig);
914 * @param purpose what is the purpose that the signature should have?
915 * @param validate block to validate (size, purpose, data)
916 * @param sig signature that is being validated
917 * @param pub public key of the signer
918 * @returns #GNUNET_OK if ok, #GNUNET_SYSERR if invalid
921 GNUNET_CRYPTO_ecc_verify (uint32_t purpose,
922 const struct GNUNET_CRYPTO_EccSignaturePurpose
924 const struct GNUNET_CRYPTO_EccSignature *sig,
925 const struct GNUNET_CRYPTO_EccPublicKey *pub);
930 * Derive a private key from a given private key and a label.
931 * Essentially calculates a private key 'h = H(l,P) * d mod n'
932 * where n is the size of the ECC group and P is the public
933 * key associated with the private key 'd'.
935 * @param priv original private key
936 * @param label label to use for key deriviation
937 * @param context additional context to use for HKDF of 'h';
938 * typically the name of the subsystem/application
939 * @return derived private key
941 struct GNUNET_CRYPTO_EccPrivateKey *
942 GNUNET_CRYPTO_ecc_key_derive (const struct GNUNET_CRYPTO_EccPrivateKey *priv,
944 const char *context);
949 * Derive a public key from a given public key and a label.
950 * Essentially calculates a public key 'V = H(l,P) * P'.
952 * @param pub original public key
953 * @param label label to use for key deriviation
954 * @param context additional context to use for HKDF of 'h'.
955 * typically the name of the subsystem/application
956 * @param result where to write the derived public key
959 GNUNET_CRYPTO_ecc_public_key_derive (const struct GNUNET_CRYPTO_EccPublicKey *pub,
962 struct GNUNET_CRYPTO_EccPublicKey *result);
965 #if 0 /* keep Emacsens' auto-indent happy */
973 /* ifndef GNUNET_CRYPTO_LIB_H */
975 /* end of gnunet_crypto_lib.h */