#include "gnunet_common.h"
#include "gnunet_scheduler_lib.h"
-
+/**
+ * Desired quality level for cryptographic operations.
+ */
enum GNUNET_CRYPTO_Quality
{
+ /**
+ * No good quality of the operation is needed (i.e.,
+ * random numbers can be pseudo-random).
+ */
GNUNET_CRYPTO_QUALITY_WEAK,
+
+ /**
+ * High-quality operations are desired.
+ */
GNUNET_CRYPTO_QUALITY_STRONG
};
/**
- * Random on unsigned 64-bit values. We break them down into signed
- * 32-bit values and reassemble the 64-bit random value bit-wise.
+ * Random on unsigned 64-bit values.
*
* @param mode desired quality of the random number
* @param max value returned will be in range [0,max) (exclusive)
/**
* Create a new Session key.
+ *
+ * @param key key to initialize
*/
void GNUNET_CRYPTO_aes_create_session_key (struct GNUNET_CRYPTO_AesSessionKey
*key);
/**
* Check that a new session key is well-formed.
*
+ * @param key key to check
* @return GNUNET_OK if the key is valid
*/
int GNUNET_CRYPTO_aes_check_session_key (const struct
* @param sessionkey the key used to encrypt
* @param iv the initialization vector to use, use INITVALUE
* for streams.
- * @returns the size of the encrypted block, -1 for errors
+ * @return the size of the encrypted block, -1 for errors
*/
ssize_t GNUNET_CRYPTO_aes_encrypt (const void *block,
size_t len,
/**
- * Convert GNUNET_CRYPTO_hash to ASCII encoding.
- * @param block the GNUNET_CRYPTO_hash code
+ * Convert hash to ASCII encoding.
+ * @param block the hash code
* @param result where to store the encoding (struct GNUNET_CRYPTO_HashAsciiEncoded can be
- * safely cast to char*, a '\0' termination is set).
+ * safely cast to char*, a '\\0' termination is set).
*/
void GNUNET_CRYPTO_hash_to_enc (const GNUNET_HashCode * block,
struct GNUNET_CRYPTO_HashAsciiEncoded
* a.a or a.e (they're used elsewhere), and
* be somewhat consistent. And of course, the
* result should be a positive number.
- * @return number between 0 and 65536
+ *
+ * @param a some hash code
+ * @param b some hash code
+ * @return number between 0 and UINT32_MAX
*/
uint32_t GNUNET_CRYPTO_hash_distance_u32 (const GNUNET_HashCode * a,
const GNUNET_HashCode * b);
GNUNET_HashCode * ret);
+/**
+ * Calculate HMAC of a message (RFC 2104)
+ *
+ * @param key secret key
+ * @param plaintext input plaintext
+ * @param plaintext_len length of plaintext
+ * @param hmac where to store the hmac
+ */
+void
+GNUNET_CRYPTO_hmac (const struct GNUNET_CRYPTO_AesSessionKey *key,
+ const void *plaintext,
+ size_t plaintext_len,
+ GNUNET_HashCode *hmac);
+
+
/**
* Function called once the hash computation over the
* specified file has completed.
res);
+/**
+ * Handle to file hashing operation.
+ */
+struct GNUNET_CRYPTO_FileHashContext;
+
/**
* Compute the hash of an entire file.
*
* @param sched scheduler to use
* @param priority scheduling priority to use
- * @param run_on_shutdown should we complete even on shutdown?
* @param filename name of file to hash
* @param blocksize number of bytes to process in one task
* @param callback function to call upon completion
* @param callback_cls closure for callback
+ * @return NULL on (immediate) errror
+ */
+struct GNUNET_CRYPTO_FileHashContext *
+GNUNET_CRYPTO_hash_file (struct GNUNET_SCHEDULER_Handle *sched,
+ enum GNUNET_SCHEDULER_Priority priority,
+ const char *filename,
+ size_t blocksize,
+ GNUNET_CRYPTO_HashCompletedCallback callback,
+ void *callback_cls);
+
+
+/**
+ * Cancel a file hashing operation.
+ *
+ * @param fhc operation to cancel (callback must not yet have been invoked)
*/
-void GNUNET_CRYPTO_hash_file (struct GNUNET_SCHEDULER_Handle *sched,
- enum GNUNET_SCHEDULER_Priority priority,
- int run_on_shutdown,
- const char *filename,
- size_t blocksize,
- GNUNET_CRYPTO_HashCompletedCallback callback,
- void *callback_cls);
+void
+GNUNET_CRYPTO_hash_file_cancel (struct GNUNET_CRYPTO_FileHashContext *fhc);
/**
* Create a random hash code.
+ *
+ * @param mode desired quality level
+ * @param result hash code that is randomized
*/
void GNUNET_CRYPTO_hash_create_random (enum GNUNET_CRYPTO_Quality mode,
GNUNET_HashCode * result);
/**
* compute result(delta) = b - a
+ *
+ * @param a some hash code
+ * @param b some hash code
+ * @param result set to b - a
*/
void GNUNET_CRYPTO_hash_difference (const GNUNET_HashCode * a,
const GNUNET_HashCode * b,
/**
* compute result(b) = a + delta
+ *
+ * @param a some hash code
+ * @param delta some hash code
+ * @param result set to a + delta
*/
void GNUNET_CRYPTO_hash_sum (const GNUNET_HashCode * a,
const GNUNET_HashCode * delta,
/**
* compute result = a ^ b
+ *
+ * @param a some hash code
+ * @param b some hash code
+ * @param result set to a ^ b
*/
void GNUNET_CRYPTO_hash_xor (const GNUNET_HashCode * a,
const GNUNET_HashCode * b,
/**
* Convert a hashcode into a key.
+ *
+ * @param hc hash code that serves to generate the key
+ * @param skey set to a valid session key
+ * @param iv set to a valid initialization vector
*/
void GNUNET_CRYPTO_hash_to_aes_key (const GNUNET_HashCode * hc,
struct GNUNET_CRYPTO_AesSessionKey *skey,
/**
* Obtain a bit from a hashcode.
+ *
* @param code the GNUNET_CRYPTO_hash to index bit-wise
* @param bit index into the hashcode, [0...159]
* @return Bit \a bit from hashcode \a code, -1 for invalid index
/**
* Compare function for HashCodes, producing a total ordering
* of all hashcodes.
+ *
+ * @param h1 some hash code
+ * @param h2 some hash code
* @return 1 if h1 > h2, -1 if h1 < h2 and 0 if h1 == h2.
*/
int GNUNET_CRYPTO_hash_cmp (const GNUNET_HashCode * h1,
/**
* Find out which of the two GNUNET_CRYPTO_hash codes is closer to target
* in the XOR metric (Kademlia).
+ *
+ * @param h1 some hash code
+ * @param h2 some hash code
+ * @param target some hash code
* @return -1 if h1 is closer, 1 if h2 is closer and 0 if h1==h2.
*/
int GNUNET_CRYPTO_hash_xorcmp (const GNUNET_HashCode * h1,
const GNUNET_HashCode * target);
+/**
+ * @brief Derive key
+ * @param xtr_algo hash algorithm for the extraction phase, GCRY_MD_...
+ * @param prf_algo hash algorithm for the expansion phase, GCRY_MD_...
+ * @param xts salt
+ * @param xts_len length of xts
+ * @param skm source key material
+ * @param skm_len length of skm
+ * @param ctx context info
+ * @param ctx_len length of ctx
+ * @param out_len desired length of the derived key
+ * @param result buffer for the derived key, allocated by caller
+ * @return GNUNET_YES on success
+ */
+int
+GNUNET_CRYPTO_hkdf (int xtr_algo, int prf_algo, const void *xts,
+ const size_t xts_len, const void *skm, const size_t skm_len,
+ const void *ctx, const size_t ctx_len, const unsigned long long out_len,
+ void *result);
+
+
/**
* Create a new private key. Caller must free return value.
+ *
+ * @return fresh private key
*/
struct GNUNET_CRYPTO_RsaPrivateKey *GNUNET_CRYPTO_rsa_key_create (void);
* files does not exist, create a new key and write it to the
* file. Caller must free return value. Note that this function
* can not guarantee that another process might not be trying
- * the same operation on the same file at the same time. The
- * caller must somehow know that the file either already exists
- * with a valid key OR be sure that no other process is calling
- * this function at the same time. If the contents of the file
+ * the same operation on the same file at the same time.
+ * If the contents of the file
* are invalid the old file is deleted and a fresh key is
* created.
*
+ * @param filename name of file to use for storage
* @return new private key, NULL on error (for example,
* permission denied)
*/
/**
* Deterministically (!) create a private key using only the
* given HashCode as input to the PRNG.
+ *
+ * @param hc "random" input to PRNG
+ * @return some private key purely dependent on input
*/
struct GNUNET_CRYPTO_RsaPrivateKey
- *GNUNET_CRYPTO_rsa_key_create_from_hash (const GNUNET_HashCode * input);
+ *GNUNET_CRYPTO_rsa_key_create_from_hash (const GNUNET_HashCode * hc);
/**
/**
* Extract the public key of the host.
- * @param result where to write the result.
+ *
+ * @param priv the private key
+ * @param pub where to write the public key
*/
void GNUNET_CRYPTO_rsa_key_get_public (const struct
- GNUNET_CRYPTO_RsaPrivateKey *hostkey,
+ GNUNET_CRYPTO_RsaPrivateKey *priv,
struct
GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded
- *result);
+ *pub);
/**
* @param size the size of block
* @param publicKey the encoded public key used to encrypt
* @param target where to store the encrypted block
- * @returns GNUNET_SYSERR on error, GNUNET_OK if ok
+ * @return GNUNET_SYSERR on error, GNUNET_OK if ok
*/
int GNUNET_CRYPTO_rsa_encrypt (const void *block,
size_t size,
* @param key the key to use
* @param block the data to decrypt, encoded as returned by encrypt, not consumed
* @param result pointer to a location where the result can be stored
- * @param size how many bytes of a result are expected? Must be exact.
- * @returns the size of the decrypted block (that is, size) or -1 on error
+ * @param max how many bytes of a result are expected? Must be exact.
+ * @return the size of the decrypted block (that is, size) or -1 on error
*/
ssize_t GNUNET_CRYPTO_rsa_decrypt (const struct GNUNET_CRYPTO_RsaPrivateKey *key,
const struct GNUNET_CRYPTO_RsaEncryptedData
*block,
void *result,
- size_t size);
+ size_t max);
/**
*
* @param key private key to use for the signing
* @param purpose what to sign (size, purpose)
- * @param result where to write the signature
+ * @param sig where to write the signature
* @return GNUNET_SYSERR on error, GNUNET_OK on success
*/
int GNUNET_CRYPTO_rsa_sign (const struct GNUNET_CRYPTO_RsaPrivateKey *key,
const struct GNUNET_CRYPTO_RsaSignaturePurpose
*purpose,
- struct GNUNET_CRYPTO_RsaSignature *result);
+ struct GNUNET_CRYPTO_RsaSignature *sig);
/**
* @param validate block to validate (size, purpose, data)
* @param sig signature that is being validated
* @param publicKey public key of the signer
- * @returns GNUNET_OK if ok, GNUNET_SYSERR if invalid
+ * @return GNUNET_OK if ok, GNUNET_SYSERR if invalid
*/
int GNUNET_CRYPTO_rsa_verify (uint32_t purpose,
const struct GNUNET_CRYPTO_RsaSignaturePurpose
/**
* This function should only be called in testcases
* where strong entropy gathering is not desired
- * (for example, for hostkey generation).
+ * (for example, for hostkey generation).
*/
void GNUNET_CRYPTO_random_disable_entropy_gathering (void);
projects / oweals / gnunet.git / blobdiff