X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=src%2Futil%2Fcrypto_ecc.c;h=3cec128680f7e2bd38d9d4baf26557b80260a655;hb=72c8645af31896829b674b575c5375706f362a30;hp=81429e3c4b2c921d7ebd2dd1bce1311cb49eb92a;hpb=8ec56983556915364a1f35dd8bacadbcbcf54fb0;p=oweals%2Fgnunet.git diff --git a/src/util/crypto_ecc.c b/src/util/crypto_ecc.c index 81429e3c4..3cec12868 100644 --- a/src/util/crypto_ecc.c +++ b/src/util/crypto_ecc.c @@ -1,6 +1,6 @@ /* This file is part of GNUnet. - (C) 2001, 2002, 2003, 2004, 2005, 2006, 2009, 2012 Christian Grothoff (and other contributing authors) + (C) 2012, 2013 Christian Grothoff (and other contributing authors) GNUnet is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published @@ -22,22 +22,15 @@ * @file util/crypto_ecc.c * @brief public key cryptography (ECC) with libgcrypt * @author Christian Grothoff - * - * This is just a first, completely untested, draft hack for future ECC support. - * TODO: - * - fix public key generation; somehow the result is currently considered invalid by libgcrypt - * => suspect that libgcrypt does NOT take pabgn from "CURVE" for public key if not - * explicitly given! - * - actually test it! */ #include "platform.h" #include #include "gnunet_common.h" #include "gnunet_util_lib.h" -#define EXTRA_CHECKS ALLOW_EXTRA_CHECKS || 1 +#define EXTRA_CHECKS ALLOW_EXTRA_CHECKS -#define CURVE "NIST P-521" +#define CURVE "NIST P-256" #define LOG(kind,...) GNUNET_log_from (kind, "util", __VA_ARGS__) @@ -177,7 +170,7 @@ GNUNET_CRYPTO_ecc_key_get_public (const struct GNUNET_CRYPTO_EccPrivateKey *priv * @return string representing 'pub' */ char * -GNUNET_CRYPTO_ecc_public_key_to_string (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *pub) +GNUNET_CRYPTO_ecc_public_key_to_string (const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *pub) { char *pubkeybuf; size_t keylen = (sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded)) * 8; @@ -223,8 +216,8 @@ GNUNET_CRYPTO_ecc_public_key_from_string (const char *enc, return GNUNET_SYSERR; if (GNUNET_OK != GNUNET_STRINGS_string_to_data (enc, enclen, - (unsigned char*) pub, - sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded))) + pub, + sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded))) return GNUNET_SYSERR; if ( (ntohs (pub->size) != sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded)) || (ntohs (pub->len) > GNUNET_CRYPTO_ECC_SIGNATURE_DATA_ENCODING_LENGTH) ) @@ -270,16 +263,13 @@ decode_public_key (const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *publicK LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc); /* erroff gives more info */ return NULL; } - // FIXME: is this key expected to pass pk_testkey? -#if 0 -#if EXTRA_CHECKS +#if EXTRA_CHECKS if (0 != (rc = gcry_pk_testkey (result))) { LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_testkey", rc); gcry_sexp_release (result); return NULL; } -#endif #endif return result; } @@ -332,11 +322,15 @@ GNUNET_CRYPTO_ecc_encode_key (const struct GNUNET_CRYPTO_EccPrivateKey *key) * * @param buf the buffer where the private key data is stored * @param len the length of the data in 'buffer' + * @param validate GNUNET_YES to validate that the key is well-formed, + * GNUNET_NO if the key comes from a totally trusted source + * and validation is considered too expensive * @return NULL on error */ struct GNUNET_CRYPTO_EccPrivateKey * GNUNET_CRYPTO_ecc_decode_key (const char *buf, - size_t len) + size_t len, + int validate) { struct GNUNET_CRYPTO_EccPrivateKey *ret; uint16_t be; @@ -347,8 +341,9 @@ GNUNET_CRYPTO_ecc_decode_key (const char *buf, if (len < sizeof (uint16_t)) return NULL; memcpy (&be, buf, sizeof (be)); - if (len != ntohs (be)) + if (len < ntohs (be)) return NULL; + len = ntohs (be); if (0 != (rc = gcry_sexp_sscan (&sexp, &erroff, &buf[2], @@ -356,8 +351,9 @@ GNUNET_CRYPTO_ecc_decode_key (const char *buf, { LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_scan", rc); return NULL; - } - if (0 != (rc = gcry_pk_testkey (sexp))) + } + if ( (GNUNET_YES == validate) && + (0 != (rc = gcry_pk_testkey (sexp))) ) { LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_testkey", rc); return NULL; @@ -373,8 +369,8 @@ GNUNET_CRYPTO_ecc_decode_key (const char *buf, * * @return fresh private key */ -static struct GNUNET_CRYPTO_EccPrivateKey * -ecc_key_create () +struct GNUNET_CRYPTO_EccPrivateKey * +GNUNET_CRYPTO_ecc_key_create () { struct GNUNET_CRYPTO_EccPrivateKey *ret; gcry_sexp_t s_key; @@ -408,72 +404,6 @@ ecc_key_create () } -/** - * Try to read the private key from the given file. - * - * @param filename file to read the key from - * @return NULL on error - */ -static struct GNUNET_CRYPTO_EccPrivateKey * -try_read_key (const char *filename) -{ - struct GNUNET_CRYPTO_EccPrivateKey *ret; - struct GNUNET_DISK_FileHandle *fd; - OFF_T fs; - - if (GNUNET_YES != GNUNET_DISK_file_test (filename)) - return NULL; - - /* key file exists already, read it! */ - if (NULL == (fd = GNUNET_DISK_file_open (filename, GNUNET_DISK_OPEN_READ, - GNUNET_DISK_PERM_NONE))) - { - LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_ERROR, "open", filename); - return NULL; - } - if (GNUNET_OK != (GNUNET_DISK_file_handle_size (fd, &fs))) - { - LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_ERROR, "stat", filename); - (void) GNUNET_DISK_file_close (fd); - return NULL; - } - if (0 == fs) - { - GNUNET_break (GNUNET_OK == GNUNET_DISK_file_close (fd)); - return NULL; - } - if (fs > UINT16_MAX) - { - LOG (GNUNET_ERROR_TYPE_ERROR, - _("File `%s' does not contain a valid private key (too long, %llu bytes). Deleting it.\n"), - filename, - (unsigned long long) fs); - GNUNET_break (GNUNET_OK == GNUNET_DISK_file_close (fd)); - if (0 != UNLINK (filename)) - LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_WARNING, "unlink", filename); - return NULL; - } - { - char enc[fs]; - - GNUNET_break (fs == GNUNET_DISK_file_read (fd, enc, fs)); - if (NULL == (ret = GNUNET_CRYPTO_ecc_decode_key ((char *) enc, fs))) - { - LOG (GNUNET_ERROR_TYPE_ERROR, - _("File `%s' does not contain a valid private key (failed decode, %llu bytes). Deleting it.\n"), - filename, - (unsigned long long) fs); - GNUNET_break (GNUNET_OK == GNUNET_DISK_file_close (fd)); - if (0 != UNLINK (filename)) - LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_WARNING, "unlink", filename); - return NULL; - } - } - GNUNET_break (GNUNET_OK == GNUNET_DISK_file_close (fd)); - return ret; -} - - /** * Wait for a short time (we're trying to lock a file or want * to give another process a shot at finishing a disk write, etc.). @@ -562,7 +492,7 @@ GNUNET_CRYPTO_ecc_key_create_from_file (const char *filename) } LOG (GNUNET_ERROR_TYPE_INFO, _("Creating a new private key. This may take a while.\n")); - ret = ecc_key_create (); + ret = GNUNET_CRYPTO_ecc_key_create (); GNUNET_assert (ret != NULL); enc = GNUNET_CRYPTO_ecc_encode_key (ret); GNUNET_assert (enc != NULL); @@ -651,8 +581,8 @@ GNUNET_CRYPTO_ecc_key_create_from_file (const char *filename) GNUNET_assert (fs == GNUNET_DISK_file_read (fd, enc, fs)); len = ntohs (enc->size); ret = NULL; - if ((len != fs) || - (NULL == (ret = GNUNET_CRYPTO_ecc_decode_key ((char *) enc, len)))) + if ((len > fs) || + (NULL == (ret = GNUNET_CRYPTO_ecc_decode_key ((char *) enc, len, GNUNET_YES)))) { LOG (GNUNET_ERROR_TYPE_ERROR, _("File `%s' does not contain a valid private key. Deleting it.\n"), @@ -678,223 +608,24 @@ GNUNET_CRYPTO_ecc_key_create_from_file (const char *filename) /** - * Handle to cancel private key generation and state for the - * key generation operation. - */ -struct GNUNET_CRYPTO_EccKeyGenerationContext -{ - - /** - * Continuation to call upon completion. - */ - GNUNET_CRYPTO_EccKeyCallback cont; - - /** - * Closure for 'cont'. - */ - void *cont_cls; - - /** - * Name of the file. - */ - char *filename; - - /** - * Handle to the helper process which does the key generation. - */ - struct GNUNET_OS_Process *gnunet_ecc; - - /** - * Handle to 'stdout' of gnunet-ecc. We 'read' on stdout to detect - * process termination (instead of messing with SIGCHLD). - */ - struct GNUNET_DISK_PipeHandle *gnunet_ecc_out; - - /** - * Location where we store the private key if it already existed. - * (if this is used, 'filename', 'gnunet_ecc' and 'gnunet_ecc_out' will - * not be used). - */ - struct GNUNET_CRYPTO_EccPrivateKey *pk; - - /** - * Task reading from 'gnunet_ecc_out' to wait for process termination. - */ - GNUNET_SCHEDULER_TaskIdentifier read_task; - -}; - - -/** - * Abort ECC key generation. - * - * @param gc key generation context to abort - */ -void -GNUNET_CRYPTO_ecc_key_create_stop (struct GNUNET_CRYPTO_EccKeyGenerationContext *gc) -{ - if (GNUNET_SCHEDULER_NO_TASK != gc->read_task) - { - GNUNET_SCHEDULER_cancel (gc->read_task); - gc->read_task = GNUNET_SCHEDULER_NO_TASK; - } - if (NULL != gc->gnunet_ecc) - { - (void) GNUNET_OS_process_kill (gc->gnunet_ecc, SIGKILL); - GNUNET_break (GNUNET_OK == - GNUNET_OS_process_wait (gc->gnunet_ecc)); - GNUNET_OS_process_destroy (gc->gnunet_ecc); - GNUNET_DISK_pipe_close (gc->gnunet_ecc_out); - } - - if (NULL != gc->filename) - { - if (0 != UNLINK (gc->filename)) - GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING, "unlink", gc->filename); - GNUNET_free (gc->filename); - } - if (NULL != gc->pk) - GNUNET_CRYPTO_ecc_key_free (gc->pk); - GNUNET_free (gc); -} - - -/** - * Task called upon shutdown or process termination of 'gnunet-ecc' during - * ECC key generation. Check where we are and perform the appropriate - * action. + * Create a new private key by reading our peer's key from + * the file specified in the configuration. * - * @param cls the 'struct GNUNET_CRYPTO_EccKeyGenerationContext' - * @param tc scheduler context - */ -static void -check_key_generation_completion (void *cls, - const struct GNUNET_SCHEDULER_TaskContext *tc) -{ - struct GNUNET_CRYPTO_EccKeyGenerationContext *gc = cls; - struct GNUNET_CRYPTO_EccPrivateKey *pk; - - gc->read_task = GNUNET_SCHEDULER_NO_TASK; - if (0 != (tc->reason & GNUNET_SCHEDULER_REASON_SHUTDOWN)) - { - gc->cont (gc->cont_cls, NULL, _("interrupted by shutdown")); - GNUNET_CRYPTO_ecc_key_create_stop (gc); - return; - } - GNUNET_assert (GNUNET_OK == - GNUNET_OS_process_wait (gc->gnunet_ecc)); - GNUNET_OS_process_destroy (gc->gnunet_ecc); - gc->gnunet_ecc = NULL; - if (NULL == (pk = try_read_key (gc->filename))) - { - GNUNET_break (0); - gc->cont (gc->cont_cls, NULL, _("gnunet-ecc failed")); - GNUNET_CRYPTO_ecc_key_create_stop (gc); - return; - } - gc->cont (gc->cont_cls, pk, NULL); - GNUNET_DISK_pipe_close (gc->gnunet_ecc_out); - GNUNET_free (gc->filename); - GNUNET_free (gc); -} - - -/** - * Return the private ECC key which already existed on disk - * (asynchronously) to the caller. - * - * @param cls the 'struct GNUNET_CRYPTO_EccKeyGenerationContext' - * @param tc scheduler context (unused) - */ -static void -async_return_key (void *cls, - const struct GNUNET_SCHEDULER_TaskContext *tc) -{ - struct GNUNET_CRYPTO_EccKeyGenerationContext *gc = cls; - - gc->cont (gc->cont_cls, - gc->pk, - NULL); - GNUNET_free (gc); -} - - -/** - * Create a new private key by reading it from a file. If the files - * does not exist, create a new key and write it to the file. If the - * contents of the file are invalid the old file is deleted and a - * fresh key is created. - * - * @param filename name of file to use for storage - * @param cont function to call when done (or on errors) - * @param cont_cls closure for 'cont' - * @return handle to abort operation, NULL on fatal errors (cont will not be called if NULL is returned) + * @return new private key, NULL on error (for example, + * permission denied) */ -struct GNUNET_CRYPTO_EccKeyGenerationContext * -GNUNET_CRYPTO_ecc_key_create_start (const char *filename, - GNUNET_CRYPTO_EccKeyCallback cont, - void *cont_cls) +struct GNUNET_CRYPTO_EccPrivateKey * +GNUNET_CRYPTO_ecc_key_create_from_configuration (const struct GNUNET_CONFIGURATION_Handle *cfg) { - struct GNUNET_CRYPTO_EccKeyGenerationContext *gc; struct GNUNET_CRYPTO_EccPrivateKey *pk; - const char *weak_random; + char *fn; - if (NULL != (pk = try_read_key (filename))) - { - /* quick happy ending: key already exists! */ - gc = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EccKeyGenerationContext)); - gc->pk = pk; - gc->cont = cont; - gc->cont_cls = cont_cls; - gc->read_task = GNUNET_SCHEDULER_add_now (&async_return_key, - gc); - return gc; - } - gc = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EccKeyGenerationContext)); - gc->filename = GNUNET_strdup (filename); - gc->cont = cont; - gc->cont_cls = cont_cls; - gc->gnunet_ecc_out = GNUNET_DISK_pipe (GNUNET_NO, - GNUNET_NO, - GNUNET_NO, - GNUNET_YES); - if (NULL == gc->gnunet_ecc_out) - { - GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING, "pipe"); - GNUNET_free (gc->filename); - GNUNET_free (gc); - return NULL; - } - weak_random = NULL; - if (GNUNET_YES == - GNUNET_CRYPTO_random_is_weak ()) - weak_random = "-w"; - gc->gnunet_ecc = GNUNET_OS_start_process (GNUNET_NO, - GNUNET_OS_INHERIT_STD_ERR, - NULL, - gc->gnunet_ecc_out, - "gnunet-ecc", - "gnunet-ecc", - gc->filename, - weak_random, - NULL); - if (NULL == gc->gnunet_ecc) - { - GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING, "fork"); - GNUNET_DISK_pipe_close (gc->gnunet_ecc_out); - GNUNET_free (gc->filename); - GNUNET_free (gc); + if (GNUNET_OK != + GNUNET_CONFIGURATION_get_value_filename (cfg, "PEER", "PRIVATE_KEY", &fn)) return NULL; - } - GNUNET_assert (GNUNET_OK == - GNUNET_DISK_pipe_close_end (gc->gnunet_ecc_out, - GNUNET_DISK_PIPE_END_WRITE)); - gc->read_task = GNUNET_SCHEDULER_add_read_file (GNUNET_TIME_UNIT_FOREVER_REL, - GNUNET_DISK_pipe_handle (gc->gnunet_ecc_out, - GNUNET_DISK_PIPE_END_READ), - &check_key_generation_completion, - gc); - return gc; + pk = GNUNET_CRYPTO_ecc_key_create_from_file (fn); + GNUNET_free (fn); + return pk; } @@ -911,19 +642,41 @@ GNUNET_CRYPTO_ecc_setup_key (const char *cfg_name) { struct GNUNET_CONFIGURATION_Handle *cfg; struct GNUNET_CRYPTO_EccPrivateKey *pk; - char *fn; cfg = GNUNET_CONFIGURATION_create (); (void) GNUNET_CONFIGURATION_load (cfg, cfg_name); - if (GNUNET_OK == - GNUNET_CONFIGURATION_get_value_filename (cfg, "PEER", "PRIVATE_KEY", &fn)) + pk = GNUNET_CRYPTO_ecc_key_create_from_configuration (cfg); + if (NULL != pk) + GNUNET_CRYPTO_ecc_key_free (pk); + GNUNET_CONFIGURATION_destroy (cfg); +} + + +/** + * Retrieve the identity of the host's peer. + * + * @param cfg configuration to use + * @param dst pointer to where to write the peer identity + * @return GNUNET_OK on success, GNUNET_SYSERR if the identity + * could not be retrieved + */ +int +GNUNET_CRYPTO_get_host_identity (const struct GNUNET_CONFIGURATION_Handle *cfg, + struct GNUNET_PeerIdentity *dst) +{ + struct GNUNET_CRYPTO_EccPrivateKey *my_private_key; + struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded my_public_key; + + if (NULL == (my_private_key = GNUNET_CRYPTO_ecc_key_create_from_configuration (cfg))) { - pk = GNUNET_CRYPTO_ecc_key_create_from_file (fn); - if (NULL != pk) - GNUNET_CRYPTO_ecc_key_free (pk); - GNUNET_free (fn); + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + _("Could not load peer's private key\n")); + return GNUNET_SYSERR; } - GNUNET_CONFIGURATION_destroy (cfg); + GNUNET_CRYPTO_ecc_key_get_public (my_private_key, &my_public_key); + GNUNET_CRYPTO_ecc_key_free (my_private_key); + GNUNET_CRYPTO_hash (&my_public_key, sizeof (my_public_key), &dst->hashPubKey); + return GNUNET_OK; } @@ -943,7 +696,6 @@ data_to_pkcs1 (const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose) GNUNET_CRYPTO_short_hash (purpose, ntohl (purpose->size), &hc); #define FORMATSTRING "(4:data(5:flags3:raw)(5:value32:01234567890123456789012345678901))" -#define FORMATSTRING2 "(4:data(4:hash6:sha25632:01234567890123456789012345678901))" bufSize = strlen (FORMATSTRING) + 1; { char buff[bufSize]; @@ -985,6 +737,8 @@ GNUNET_CRYPTO_ecc_sign (const struct GNUNET_CRYPTO_EccPrivateKey *key, LOG (GNUNET_ERROR_TYPE_WARNING, _("ECC signing failed at %s:%d: %s\n"), __FILE__, __LINE__, gcry_strerror (rc)); + gcry_sexp_release (data); + return GNUNET_SYSERR; } gcry_sexp_release (data); ssize = gcry_sexp_sprint (result, @@ -1059,4 +813,102 @@ GNUNET_CRYPTO_ecc_verify (uint32_t purpose, } +/** + * Derive key material from a public and a private ECC key. + * + * @param key private key to use for the ECDH (x) + * @param pub public key to use for the ECDY (yG) + * @param key_material where to write the key material (xyG) + * @return GNUNET_SYSERR on error, GNUNET_OK on success + */ +int +GNUNET_CRYPTO_ecc_ecdh (const struct GNUNET_CRYPTO_EccPrivateKey *key, + const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *pub, + struct GNUNET_HashCode *key_material) +{ + size_t slen; + size_t erroff; + int rc; + unsigned char sdata_buf[2048]; /* big enough to print dh-shared-secret as S-expression */ + gcry_mpi_point_t result; + gcry_mpi_point_t q; + gcry_mpi_t d; + gcry_ctx_t ctx; + gcry_sexp_t psexp; + gcry_mpi_t result_x; + gcry_mpi_t result_y; + + /* first, extract the q = dP value from the public key */ + if (! (psexp = decode_public_key (pub))) + return GNUNET_SYSERR; + if (0 != (rc = gcry_mpi_ec_new (&ctx, psexp, NULL))) + { + LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_ec_new", rc); /* erroff gives more info */ + return GNUNET_SYSERR; + } + gcry_sexp_release (psexp); + q = gcry_mpi_ec_get_point ("q", ctx, 0); + gcry_ctx_release (ctx); + + /* second, extract the d value from our private key */ + rc = key_from_sexp (&d, key->sexp, "private-key", "d"); + if (rc) + rc = key_from_sexp (&d, key->sexp, "ecc", "d"); + if (0 != rc) + { + GNUNET_break (0); + gcry_mpi_point_release (q); + return GNUNET_SYSERR; + } + + /* create a new context for definitively the correct curve; + theoretically the 'public_key' might not use the right curve */ + if (0 != (rc = gcry_mpi_ec_new (&ctx, NULL, "NIST P-256"))) + { + LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_ec_new", rc); /* erroff gives more info */ + gcry_mpi_release (d); + gcry_mpi_point_release (q); + return GNUNET_SYSERR; + } + + /* then call the 'multiply' function, to compute the product */ + GNUNET_assert (NULL != ctx); + result = gcry_mpi_point_new (0); + gcry_mpi_ec_mul (result, d, q, ctx); + gcry_mpi_point_release (q); + gcry_mpi_release (d); + + /* finally, convert point to string for hashing */ + result_x = gcry_mpi_new (256); + result_y = gcry_mpi_new (256); + if (gcry_mpi_ec_get_affine (result_x, result_y, result, ctx)) + { + LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "get_affine failed", 0); + gcry_mpi_point_release (result); + gcry_ctx_release (ctx); + return GNUNET_SYSERR; + } + gcry_mpi_point_release (result); + gcry_ctx_release (ctx); + if (0 != (rc = gcry_sexp_build (&psexp, &erroff, + "(dh-shared-secret (x %m)(y %m))", + result_x, + result_y))) + { + LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc); /* erroff gives more info */ + gcry_mpi_release (result_x); + gcry_mpi_release (result_y); + return GNUNET_SYSERR; + } + gcry_mpi_release (result_x); + gcry_mpi_release (result_y); + slen = gcry_sexp_sprint (psexp, GCRYSEXP_FMT_DEFAULT, sdata_buf, sizeof (sdata_buf)); + GNUNET_assert (0 != slen); + gcry_sexp_release (psexp); + /* finally, get a string of the resulting S-expression and hash it to generate the key material */ + GNUNET_CRYPTO_hash (sdata_buf, slen, key_material); + return GNUNET_OK; +} + + /* end of crypto_ecc.c */