This file is part of GNUnet.
Copyright (C) 2001-2013 GNUnet e.V.
- GNUnet is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published
- by the Free Software Foundation; either version 3, or (at your
- option) any later version.
+ GNUnet is free software: you can redistribute it and/or modify it
+ under the terms of the GNU Affero General Public License as published
+ by the Free Software Foundation, either version 3 of the License,
+ or (at your option) any later version.
GNUnet is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- General Public License for more details.
+ Affero General Public License for more details.
- You should have received a copy of the GNU General Public License
- along with GNUnet; see the file COPYING. If not, write to the
- Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
- Boston, MA 02110-1301, USA.
-*/
+ You should have received a copy of the GNU Affero General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+ SPDX-License-Identifier: AGPL3.0-or-later
+ */
/**
* @file include/gnunet_crypto_lib.h
#define GNUNET_CRYPTO_LIB_H
#ifdef __cplusplus
-extern "C"
-{
-#if 0 /* keep Emacsens' auto-indent happy */
+extern "C" {
+#if 0 /* keep Emacsens' auto-indent happy */
}
#endif
#endif
-/**
- * @brief A 512-bit hashcode. These are the default length for GNUnet, using SHA-512.
- */
-struct GNUNET_HashCode
-{
- uint32_t bits[512 / 8 / sizeof (uint32_t)]; /* = 16 */
-};
-
-
-
-/**
- * @brief A 256-bit hashcode. Used under special conditions, like when space
- * is critical and security is not impacted by it.
- */
-struct GNUNET_ShortHashCode
-{
- uint32_t bits[256 / 8 / sizeof (uint32_t)]; /* = 8 */
-};
-
/**
* The identity of the host (wraps the signing key of the peer).
/**
* @brief length of the sessionkey in bytes (256 BIT sessionkey)
*/
-#define GNUNET_CRYPTO_AES_KEY_LENGTH (256/8)
+#define GNUNET_CRYPTO_AES_KEY_LENGTH (256 / 8)
/**
* Length of a hash value
*/
-#define GNUNET_CRYPTO_HASH_LENGTH (512/8)
+#define GNUNET_CRYPTO_HASH_LENGTH (512 / 8)
/**
* How many characters (without 0-terminator) are our ASCII-encoded
* network byte order!
*/
uint32_t purpose GNUNET_PACKED;
-
};
/**
* @brief an ECC signature using EdDSA.
- * See https://gnunet.org/ed25519
+ * See cr.yp.to/papers.html#ed25519
*/
struct GNUNET_CRYPTO_EddsaSignature
{
-
/**
* R value.
*/
* S value.
*/
unsigned char s[256 / 8];
-
};
-
/**
* @brief an ECC signature using ECDSA
*/
struct GNUNET_CRYPTO_EcdsaSignature
{
-
/**
* R value.
*/
* S value.
*/
unsigned char s[256 / 8];
-
};
/**
- * Public ECC key (always for Curve25519) encoded in a format suitable
- * for network transmission and EdDSA signatures.
+ * Public ECC key (always for curve Ed25519) encoded in a format
+ * suitable for network transmission and EdDSA signatures. Refer
+ * to section 5.1.3 of rfc8032, for a thorough explanation of how
+ * this value maps to the x- and y-coordinates.
*/
struct GNUNET_CRYPTO_EddsaPublicKey
{
/**
- * Q consists of an x- and a y-value, each mod p (256 bits), given
- * here in affine coordinates and Ed25519 standard compact format.
+ * Point Q consists of a y-value mod p (256 bits); the x-value is
+ * always positive. The point is stored in Ed25519 standard
+ * compact format.
*/
unsigned char q_y[256 / 8];
-
};
* here in affine coordinates and Ed25519 standard compact format.
*/
unsigned char q_y[256 / 8];
-
};
* d is a value mod n, where n has at most 256 bits.
*/
unsigned char d[256 / 8];
-
};
/**
* d is a value mod n, where n has at most 256 bits.
*/
unsigned char d[256 / 8];
-
};
/**
* d is a value mod n, where n has at most 256 bits.
*/
unsigned char d[256 / 8];
-
};
* Actual key for TwoFish.
*/
unsigned char twofish_key[GNUNET_CRYPTO_AES_KEY_LENGTH];
-
};
GNUNET_NETWORK_STRUCT_END
/**
- * Paillier public key.
+ * Paillier private key.
*/
struct GNUNET_CRYPTO_PaillierPrivateKey
{
* @return crc8 value
*/
uint8_t
-GNUNET_CRYPTO_crc8_n (const void *buf,
- size_t len);
+GNUNET_CRYPTO_crc8_n (const void *buf, size_t len);
/**
* @return updated crc sum (must be subjected to #GNUNET_CRYPTO_crc16_finish to get actual crc16)
*/
uint32_t
-GNUNET_CRYPTO_crc16_step (uint32_t sum,
- const void *buf,
- size_t len);
+GNUNET_CRYPTO_crc16_step (uint32_t sum, const void *buf, size_t len);
/**
* @return crc16 value
*/
uint16_t
-GNUNET_CRYPTO_crc16_n (const void *buf,
- size_t len);
-
-
+GNUNET_CRYPTO_crc16_n (const void *buf, size_t len);
/**
* @return the resulting CRC32 checksum
*/
int32_t
-GNUNET_CRYPTO_crc32_n (const void *buf,
- size_t len);
+GNUNET_CRYPTO_crc32_n (const void *buf, size_t len);
+
+/**
+ * @ingroup crypto
+ * Zero out @a buffer, securely against compiler optimizations.
+ * Used to delete key material.
+ *
+ * @param buffer the buffer to zap
+ * @param length buffer length
+ */
+void
+GNUNET_CRYPTO_zero_keys (void *buffer, size_t length);
/**
* @return a random value in the interval [0,@a i) (exclusive).
*/
uint32_t
-GNUNET_CRYPTO_random_u32 (enum GNUNET_CRYPTO_Quality mode,
- uint32_t i);
+GNUNET_CRYPTO_random_u32 (enum GNUNET_CRYPTO_Quality mode, uint32_t i);
/**
* @return random 64-bit number
*/
uint64_t
-GNUNET_CRYPTO_random_u64 (enum GNUNET_CRYPTO_Quality mode,
- uint64_t max);
+GNUNET_CRYPTO_random_u64 (enum GNUNET_CRYPTO_Quality mode, uint64_t max);
/**
* @return the permutation array (allocated from heap)
*/
unsigned int *
-GNUNET_CRYPTO_random_permute (enum GNUNET_CRYPTO_Quality mode,
- unsigned int n);
+GNUNET_CRYPTO_random_permute (enum GNUNET_CRYPTO_Quality mode, unsigned int n);
/**
* @param key key to initialize
*/
void
-GNUNET_CRYPTO_symmetric_create_session_key (struct GNUNET_CRYPTO_SymmetricSessionKey *key);
+GNUNET_CRYPTO_symmetric_create_session_key (
+ struct GNUNET_CRYPTO_SymmetricSessionKey *key);
/**
* @return the size of the encrypted block, -1 for errors
*/
ssize_t
-GNUNET_CRYPTO_symmetric_encrypt (const void *block,
- size_t size,
- const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey,
- const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv,
- void *result);
+GNUNET_CRYPTO_symmetric_encrypt (
+ const void *block,
+ size_t size,
+ const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey,
+ const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv,
+ void *result);
/**
* @return -1 on failure, size of decrypted block on success
*/
ssize_t
-GNUNET_CRYPTO_symmetric_decrypt (const void *block,
- size_t size,
- const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey,
- const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv,
- void *result);
+GNUNET_CRYPTO_symmetric_decrypt (
+ const void *block,
+ size_t size,
+ const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey,
+ const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv,
+ void *result);
/**
* @param ... pairs of void * & size_t for context chunks, terminated by NULL
*/
void
-GNUNET_CRYPTO_symmetric_derive_iv (struct GNUNET_CRYPTO_SymmetricInitializationVector *iv,
- const struct GNUNET_CRYPTO_SymmetricSessionKey *skey,
- const void *salt,
- size_t salt_len, ...);
+GNUNET_CRYPTO_symmetric_derive_iv (
+ struct GNUNET_CRYPTO_SymmetricInitializationVector *iv,
+ const struct GNUNET_CRYPTO_SymmetricSessionKey *skey,
+ const void *salt,
+ size_t salt_len,
+ ...);
/**
* @param argp pairs of void * & size_t for context chunks, terminated by NULL
*/
void
-GNUNET_CRYPTO_symmetric_derive_iv_v (struct GNUNET_CRYPTO_SymmetricInitializationVector *iv,
- const struct GNUNET_CRYPTO_SymmetricSessionKey *skey,
- const void *salt,
- size_t salt_len,
- va_list argp);
+GNUNET_CRYPTO_symmetric_derive_iv_v (
+ struct GNUNET_CRYPTO_SymmetricInitializationVector *iv,
+ const struct GNUNET_CRYPTO_SymmetricSessionKey *skey,
+ const void *salt,
+ size_t salt_len,
+ va_list argp);
/**
* @return #GNUNET_OK on success, #GNUNET_SYSERR if result has the wrong encoding
*/
#define GNUNET_CRYPTO_hash_from_string(enc, result) \
- GNUNET_CRYPTO_hash_from_string2 (enc, strlen(enc), result)
+ GNUNET_CRYPTO_hash_from_string2 (enc, strlen (enc), result)
/**
struct GNUNET_HashCode *ret);
+/**
+ * Calculate the 'proof-of-work' hash (an expensive hash).
+ *
+ * @param salt salt to use in pow calculation
+ * @param buf data to hash
+ * @param buf_len number of bytes in @a buf
+ * @param result where to write the resulting hash
+ */
+void
+GNUNET_CRYPTO_pow_hash (const char *salt,
+ const void *buf,
+ size_t buf_len,
+ struct GNUNET_HashCode *result);
+
+
/**
* Context for cummulative hashing.
*/
GNUNET_CRYPTO_hash_context_abort (struct GNUNET_HashContext *hc);
+/**
+ * Calculate HMAC of a message (RFC 2104)
+ * TODO: Shouldn' this be the standard hmac function and
+ * the above be renamed?
+ *
+ * @param key secret key
+ * @param key_len secret key length
+ * @param plaintext input plaintext
+ * @param plaintext_len length of @a plaintext
+ * @param hmac where to store the hmac
+ */
+void
+GNUNET_CRYPTO_hmac_raw (const void *key,
+ size_t key_len,
+ const void *plaintext,
+ size_t plaintext_len,
+ struct GNUNET_HashCode *hmac);
+
+
/**
* @ingroup hash
* Calculate HMAC of a message (RFC 2104)
* @param cls closure
* @param res resulting hash, NULL on error
*/
-typedef void
-(*GNUNET_CRYPTO_HashCompletedCallback) (void *cls,
- const struct GNUNET_HashCode *res);
+typedef void (*GNUNET_CRYPTO_HashCompletedCallback) (
+ void *cls,
+ const struct GNUNET_HashCode *res);
/**
* @param iv set to a valid initialization vector
*/
void
-GNUNET_CRYPTO_hash_to_aes_key (const struct GNUNET_HashCode * hc,
- struct GNUNET_CRYPTO_SymmetricSessionKey *skey,
- struct GNUNET_CRYPTO_SymmetricInitializationVector *iv);
+GNUNET_CRYPTO_hash_to_aes_key (
+ const struct GNUNET_HashCode *hc,
+ struct GNUNET_CRYPTO_SymmetricSessionKey *skey,
+ struct GNUNET_CRYPTO_SymmetricInitializationVector *iv);
/**
* Obtain a bit from a hashcode.
*
* @param code the `struct GNUNET_HashCode` to index bit-wise
- * @param bit index into the hashcode, [0...159]
+ * @param bit index into the hashcode, [0...159] where 0 is the leftmost bit
+ * (bytes in code interpreted big endian)
* @return Bit \a bit from hashcode \a code, -1 for invalid index
*/
int
-GNUNET_CRYPTO_hash_get_bit (const struct GNUNET_HashCode *code,
- unsigned int bit);
+GNUNET_CRYPTO_hash_get_bit_ltr (const struct GNUNET_HashCode *code,
+ unsigned int bit);
+
+
+/**
+ * Obtain a bit from a hashcode.
+ * @param code the GNUNET_CRYPTO_hash to index bit-wise
+ * @param bit index into the hashcode, [0...511] where 0 is the rightmost bit
+ * (bytes in code interpreted little endian)
+ * @return Bit \a bit from hashcode \a code, -1 for invalid index
+ */
+int
+GNUNET_CRYPTO_hash_get_bit_rtl (const struct GNUNET_HashCode *code,
+ unsigned int bit);
/**
* @param argp pair of void * & size_t for context chunks, terminated by NULL
*/
void
-GNUNET_CRYPTO_hmac_derive_key_v (struct GNUNET_CRYPTO_AuthKey *key,
- const struct GNUNET_CRYPTO_SymmetricSessionKey *rkey,
- const void *salt, size_t salt_len,
- va_list argp);
+GNUNET_CRYPTO_hmac_derive_key_v (
+ struct GNUNET_CRYPTO_AuthKey *key,
+ const struct GNUNET_CRYPTO_SymmetricSessionKey *rkey,
+ const void *salt,
+ size_t salt_len,
+ va_list argp);
/**
* @param ... pair of void * & size_t for context chunks, terminated by NULL
*/
void
-GNUNET_CRYPTO_hmac_derive_key (struct GNUNET_CRYPTO_AuthKey *key,
- const struct GNUNET_CRYPTO_SymmetricSessionKey *rkey,
- const void *salt, size_t salt_len,
- ...);
+GNUNET_CRYPTO_hmac_derive_key (
+ struct GNUNET_CRYPTO_AuthKey *key,
+ const struct GNUNET_CRYPTO_SymmetricSessionKey *rkey,
+ const void *salt,
+ size_t salt_len,
+ ...);
/**
void
GNUNET_CRYPTO_kdf_mod_mpi (gcry_mpi_t *r,
gcry_mpi_t n,
- const void *xts, size_t xts_len,
- const void *skm, size_t skm_len,
+ const void *xts,
+ size_t xts_len,
+ const void *skm,
+ size_t skm_len,
const char *ctx);
* @param pub where to write the public key
*/
void
-GNUNET_CRYPTO_ecdsa_key_get_public (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv,
- struct GNUNET_CRYPTO_EcdsaPublicKey *pub);
+GNUNET_CRYPTO_ecdsa_key_get_public (
+ const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv,
+ struct GNUNET_CRYPTO_EcdsaPublicKey *pub);
/**
* @ingroup crypto
* @param pub where to write the public key
*/
void
-GNUNET_CRYPTO_eddsa_key_get_public (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv,
- struct GNUNET_CRYPTO_EddsaPublicKey *pub);
-
+GNUNET_CRYPTO_eddsa_key_get_public (
+ const struct GNUNET_CRYPTO_EddsaPrivateKey *priv,
+ struct GNUNET_CRYPTO_EddsaPublicKey *pub);
/**
* @param pub where to write the public key
*/
void
-GNUNET_CRYPTO_ecdhe_key_get_public (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv,
- struct GNUNET_CRYPTO_EcdhePublicKey *pub);
+GNUNET_CRYPTO_ecdhe_key_get_public (
+ const struct GNUNET_CRYPTO_EcdhePrivateKey *priv,
+ struct GNUNET_CRYPTO_EcdhePublicKey *pub);
/**
* @return string representing @a pub
*/
char *
-GNUNET_CRYPTO_ecdsa_public_key_to_string (const struct GNUNET_CRYPTO_EcdsaPublicKey *pub);
+GNUNET_CRYPTO_ecdsa_public_key_to_string (
+ const struct GNUNET_CRYPTO_EcdsaPublicKey *pub);
+
+/**
+ * Convert a private key to a string.
+ *
+ * @param priv key to convert
+ * @return string representing @a priv
+ */
+char *
+GNUNET_CRYPTO_ecdsa_private_key_to_string (
+ const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv);
+
+
+/**
+ * Convert a private key to a string.
+ *
+ * @param priv key to convert
+ * @return string representing @a pub
+ */
+char *
+GNUNET_CRYPTO_eddsa_private_key_to_string (
+ const struct GNUNET_CRYPTO_EddsaPrivateKey *priv);
/**
* @return string representing @a pub
*/
char *
-GNUNET_CRYPTO_eddsa_public_key_to_string (const struct GNUNET_CRYPTO_EddsaPublicKey *pub);
+GNUNET_CRYPTO_eddsa_public_key_to_string (
+ const struct GNUNET_CRYPTO_EddsaPublicKey *pub);
/**
* @return #GNUNET_OK on success
*/
int
-GNUNET_CRYPTO_ecdsa_public_key_from_string (const char *enc,
- size_t enclen,
- struct GNUNET_CRYPTO_EcdsaPublicKey *pub);
+GNUNET_CRYPTO_ecdsa_public_key_from_string (
+ const char *enc,
+ size_t enclen,
+ struct GNUNET_CRYPTO_EcdsaPublicKey *pub);
/**
* @return #GNUNET_OK on success
*/
int
-GNUNET_CRYPTO_eddsa_private_key_from_string (const char *enc,
- size_t enclen,
- struct GNUNET_CRYPTO_EddsaPrivateKey *pub);
+GNUNET_CRYPTO_eddsa_private_key_from_string (
+ const char *enc,
+ size_t enclen,
+ struct GNUNET_CRYPTO_EddsaPrivateKey *pub);
/**
* @return #GNUNET_OK on success
*/
int
-GNUNET_CRYPTO_eddsa_public_key_from_string (const char *enc,
- size_t enclen,
- struct GNUNET_CRYPTO_EddsaPublicKey *pub);
+GNUNET_CRYPTO_eddsa_public_key_from_string (
+ const char *enc,
+ size_t enclen,
+ struct GNUNET_CRYPTO_EddsaPublicKey *pub);
/**
* @ingroup crypto
- * Create a new private key by reading it from a file. If the
- * files does not exist, create a new key and write it to the
- * file. Caller must free return value. Note that this function
- * can not guarantee that another process might not be trying
- * the same operation on the same file at the same time.
- * If the contents of the file
- * are invalid the old file is deleted and a fresh key is
- * created.
+ * @brief Create a new private key by reading it from a file.
+ *
+ * If the files does not exist and @a do_create is set, creates a new key and
+ * write it to the file.
+ *
+ * If the contents of the file are invalid, an error is returned.
*
* @param filename name of file to use to store the key
- * @return new private key, NULL on error (for example,
- * permission denied); free using #GNUNET_free
+ * @param do_create should a file be created?
+ * @param[out] pkey set to the private key from @a filename on success
+ * @return #GNUNET_OK on success, #GNUNET_NO if @a do_create was set but
+ * we found an existing file, #GNUNET_SYSERR on failure
*/
-struct GNUNET_CRYPTO_EcdsaPrivateKey *
-GNUNET_CRYPTO_ecdsa_key_create_from_file (const char *filename);
+int
+GNUNET_CRYPTO_ecdsa_key_from_file (const char *filename,
+ int do_create,
+ struct GNUNET_CRYPTO_EcdsaPrivateKey *pkey);
/**
* @ingroup crypto
- * Create a new private key by reading it from a file. If the
- * files does not exist, create a new key and write it to the
- * file. Caller must free return value. Note that this function
- * can not guarantee that another process might not be trying
- * the same operation on the same file at the same time.
- * If the contents of the file
- * are invalid the old file is deleted and a fresh key is
- * created.
+ * @brief Create a new private key by reading it from a file.
+ *
+ * If the files does not exist and @a do_create is set, creates a new key and
+ * write it to the file.
+ *
+ * If the contents of the file are invalid, an error is returned.
*
* @param filename name of file to use to store the key
- * @return new private key, NULL on error (for example,
- * permission denied); free using #GNUNET_free
+ * @param do_create should a file be created?
+ * @param[out] pkey set to the private key from @a filename on success
+ * @return #GNUNET_OK on success, #GNUNET_NO if @a do_create was set but
+ * we found an existing file, #GNUNET_SYSERR on failure
*/
-struct GNUNET_CRYPTO_EddsaPrivateKey *
-GNUNET_CRYPTO_eddsa_key_create_from_file (const char *filename);
+int
+GNUNET_CRYPTO_eddsa_key_from_file (const char *filename,
+ int do_create,
+ struct GNUNET_CRYPTO_EddsaPrivateKey *pkey);
/**
* permission denied); free using #GNUNET_free
*/
struct GNUNET_CRYPTO_EddsaPrivateKey *
-GNUNET_CRYPTO_eddsa_key_create_from_configuration (const struct GNUNET_CONFIGURATION_Handle *cfg);
+GNUNET_CRYPTO_eddsa_key_create_from_configuration (
+ const struct GNUNET_CONFIGURATION_Handle *cfg);
/**
* @ingroup crypto
- * Create a new private key. Caller must free return value.
+ * Create a new private key.
*
- * @return fresh private key; free using #GNUNET_free
+ * @param[out] pk private key to initialize
*/
-struct GNUNET_CRYPTO_EcdsaPrivateKey *
-GNUNET_CRYPTO_ecdsa_key_create (void);
+void
+GNUNET_CRYPTO_ecdsa_key_create (struct GNUNET_CRYPTO_EcdsaPrivateKey *pk);
/**
* @ingroup crypto
- * Create a new private key. Caller must free return value.
+ * Create a new private key.
*
- * @return fresh private key; free using #GNUNET_free
+ * @param[out] pk private key to initialize
*/
-struct GNUNET_CRYPTO_EddsaPrivateKey *
-GNUNET_CRYPTO_eddsa_key_create (void);
+void
+GNUNET_CRYPTO_eddsa_key_create (struct GNUNET_CRYPTO_EddsaPrivateKey *pk);
/**
* Create a new private key. Clear with #GNUNET_CRYPTO_ecdhe_key_clear().
*
* @param[out] pk set to fresh private key;
- * @return #GNUNET_OK on success, #GNUNET_SYSERR on failure
*/
-int
-GNUNET_CRYPTO_ecdhe_key_create2 (struct GNUNET_CRYPTO_EcdhePrivateKey *pk);
-
-
-/**
- * @ingroup crypto
- * Create a new private key. Caller must free return value.
- *
- * @return fresh private key; free using #GNUNET_free
- */
-struct GNUNET_CRYPTO_EcdhePrivateKey *
-GNUNET_CRYPTO_ecdhe_key_create (void);
+void
+GNUNET_CRYPTO_ecdhe_key_create (struct GNUNET_CRYPTO_EcdhePrivateKey *pk);
/**
* configuration file (!). This function is used so that
* at a later point code can be certain that reading a
* hostkey is fast (for example in time-dependent testcases).
-*
+ *
* @param cfg_name name of the configuration file to use
*/
void
struct GNUNET_PeerIdentity *dst);
-/**
- * Compare two Peer Identities.
- *
- * @param first first peer identity
- * @param second second peer identity
- * @return bigger than 0 if first > second,
- * 0 if they are the same
- * smaller than 0 if second > first
- */
-int
-GNUNET_CRYPTO_cmp_peer_identity (const struct GNUNET_PeerIdentity *first,
- const struct GNUNET_PeerIdentity *second);
-
-
/**
* Internal structure used to cache pre-calculated values for DLOG calculation.
*/
* @return NULL on error
*/
struct GNUNET_CRYPTO_EccDlogContext *
-GNUNET_CRYPTO_ecc_dlog_prepare (unsigned int max,
- unsigned int mem);
+GNUNET_CRYPTO_ecc_dlog_prepare (unsigned int max, unsigned int mem);
/**
*/
int
GNUNET_CRYPTO_ecc_dlog (struct GNUNET_CRYPTO_EccDlogContext *edc,
- gcry_mpi_point_t input);
+ gcry_mpi_point_t input);
/**
* must be freed using #GNUNET_CRYPTO_ecc_free()
*/
gcry_mpi_point_t
-GNUNET_CRYPTO_ecc_dexp (struct GNUNET_CRYPTO_EccDlogContext *edc,
- int val);
+GNUNET_CRYPTO_ecc_dexp (struct GNUNET_CRYPTO_EccDlogContext *edc, int val);
/**
*/
gcry_mpi_point_t
GNUNET_CRYPTO_ecc_dexp_mpi (struct GNUNET_CRYPTO_EccDlogContext *edc,
- gcry_mpi_t val);
+ gcry_mpi_t val);
/**
gcry_mpi_point_t
GNUNET_CRYPTO_ecc_pmul_mpi (struct GNUNET_CRYPTO_EccDlogContext *edc,
gcry_mpi_point_t p,
- gcry_mpi_t val);
+ gcry_mpi_t val);
/**
*/
gcry_mpi_point_t
GNUNET_CRYPTO_ecc_add (struct GNUNET_CRYPTO_EccDlogContext *edc,
- gcry_mpi_point_t a,
- gcry_mpi_point_t b);
+ gcry_mpi_point_t a,
+ gcry_mpi_point_t b);
/**
*/
void
GNUNET_CRYPTO_ecc_rnd (struct GNUNET_CRYPTO_EccDlogContext *edc,
- gcry_mpi_point_t *r,
- gcry_mpi_point_t *r_inv);
+ gcry_mpi_point_t *r,
+ gcry_mpi_point_t *r_inv);
/**
/**
* @ingroup crypto
- * EdDSA sign a given block.
+ * @brief EdDSA sign a given block.
+ *
+ * The @a purpose data is the beginning of the data of which the signature is
+ * to be created. The `size` field in @a purpose must correctly indicate the
+ * number of bytes of the data structure, including its header. If possible,
+ * use #GNUNET_CRYPTO_eddsa_sign() instead of this function (only if @a validate
+ * is not fixed-size, you must use this function directly).
*
* @param priv private key to use for the signing
* @param purpose what to sign (size, purpose)
- * @param sig where to write the signature
+ * @param[out] sig where to write the signature
* @return #GNUNET_SYSERR on error, #GNUNET_OK on success
*/
int
-GNUNET_CRYPTO_eddsa_sign (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv,
- const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose,
- struct GNUNET_CRYPTO_EddsaSignature *sig);
+GNUNET_CRYPTO_eddsa_sign_ (
+ const struct GNUNET_CRYPTO_EddsaPrivateKey *priv,
+ const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose,
+ struct GNUNET_CRYPTO_EddsaSignature *sig);
/**
* @ingroup crypto
- * ECDSA Sign a given block.
+ * @brief EdDSA sign a given block.
+ *
+ * The @a ps data must be a fixed-size struct for which the signature is to be
+ * created. The `size` field in @a ps->purpose must correctly indicate the
+ * number of bytes of the data structure, including its header.
+ *
+ * @param priv private key to use for the signing
+ * @param ps packed struct with what to sign, MUST begin with a purpose
+ * @param[out] sig where to write the signature
+ */
+#define GNUNET_CRYPTO_eddsa_sign(priv,ps,sig) do { \
+ /* check size is set correctly */ \
+ GNUNET_assert (htonl ((ps)->purpose.size) == sizeof (*ps)); \
+ /* check 'ps' begins with the purpose */ \
+ GNUNET_static_assert (((void*) (ps)) == \
+ ((void*) &(ps)->purpose)); \
+ GNUNET_assert (GNUNET_OK == \
+ GNUNET_CRYPTO_eddsa_sign_ (priv, \
+ &(ps)->purpose, \
+ sig)); \
+} while (0)
+
+
+/**
+ * @ingroup crypto
+ * @brief ECDSA Sign a given block.
+ *
+ * The @a purpose data is the beginning of the data of which the signature is
+ * to be created. The `size` field in @a purpose must correctly indicate the
+ * number of bytes of the data structure, including its header. If possible,
+ * use #GNUNET_CRYPTO_ecdsa_sign() instead of this function (only if @a validate
+ * is not fixed-size, you must use this function directly).
*
* @param priv private key to use for the signing
* @param purpose what to sign (size, purpose)
- * @param sig where to write the signature
+ * @param[out] sig where to write the signature
* @return #GNUNET_SYSERR on error, #GNUNET_OK on success
*/
int
-GNUNET_CRYPTO_ecdsa_sign (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv,
- const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose,
- struct GNUNET_CRYPTO_EcdsaSignature *sig);
+GNUNET_CRYPTO_ecdsa_sign_ (
+ const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv,
+ const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose,
+ struct GNUNET_CRYPTO_EcdsaSignature *sig);
+
/**
* @ingroup crypto
- * Verify EdDSA signature.
+ * @brief ECDSA sign a given block.
+ *
+ * The @a ps data must be a fixed-size struct for which the signature is to be
+ * created. The `size` field in @a ps->purpose must correctly indicate the
+ * number of bytes of the data structure, including its header.
+ *
+ * @param priv private key to use for the signing
+ * @param ps packed struct with what to sign, MUST begin with a purpose
+ * @param[out] sig where to write the signature
+ */
+#define GNUNET_CRYPTO_ecdsa_sign(priv,ps,sig) do { \
+ /* check size is set correctly */ \
+ GNUNET_assert (htonl ((ps)->purpose.size) == sizeof (*(ps))); \
+ /* check 'ps' begins with the purpose */ \
+ GNUNET_static_assert (((void*) (ps)) == \
+ ((void*) &(ps)->purpose)); \
+ GNUNET_assert (GNUNET_OK == \
+ GNUNET_CRYPTO_ecdsa_sign_ (priv, \
+ &(ps)->purpose, \
+ sig)); \
+} while (0)
+
+
+/**
+ * @ingroup crypto
+ * @brief Verify EdDSA signature.
+ *
+ * The @a validate data is the beginning of the data of which the signature
+ * is to be verified. The `size` field in @a validate must correctly indicate
+ * the number of bytes of the data structure, including its header. If @a
+ * purpose does not match the purpose given in @a validate (the latter must be
+ * in big endian), signature verification fails. If possible,
+ * use #GNUNET_CRYPTO_eddsa_verify() instead of this function (only if @a validate
+ * is not fixed-size, you must use this function directly).
*
* @param purpose what is the purpose that the signature should have?
* @param validate block to validate (size, purpose, data)
* @returns #GNUNET_OK if ok, #GNUNET_SYSERR if invalid
*/
int
-GNUNET_CRYPTO_eddsa_verify (uint32_t purpose,
- const struct GNUNET_CRYPTO_EccSignaturePurpose *validate,
- const struct GNUNET_CRYPTO_EddsaSignature *sig,
- const struct GNUNET_CRYPTO_EddsaPublicKey *pub);
+GNUNET_CRYPTO_eddsa_verify_ (
+ uint32_t purpose,
+ const struct GNUNET_CRYPTO_EccSignaturePurpose *validate,
+ const struct GNUNET_CRYPTO_EddsaSignature *sig,
+ const struct GNUNET_CRYPTO_EddsaPublicKey *pub);
+/**
+ * @ingroup crypto
+ * @brief Verify EdDSA signature.
+ *
+ * The @a ps data must be a fixed-size struct for which the signature is to be
+ * created. The `size` field in @a ps->purpose must correctly indicate the
+ * number of bytes of the data structure, including its header.
+ *
+ * @param purp purpose of the signature, must match 'ps->purpose.purpose'
+ * (except in host byte order)
+ * @param priv private key to use for the signing
+ * @param ps packed struct with what to sign, MUST begin with a purpose
+ * @param sig where to write the signature
+ */
+#define GNUNET_CRYPTO_eddsa_verify(purp,ps,sig,pub) ({ \
+ /* check size is set correctly */ \
+ GNUNET_assert (htonl ((ps)->purpose.size) == sizeof (*(ps))); \
+ /* check 'ps' begins with the purpose */ \
+ GNUNET_static_assert (((void*) (ps)) == \
+ ((void*) &(ps)->purpose)); \
+ GNUNET_CRYPTO_eddsa_verify_ (purp, \
+ &(ps)->purpose, \
+ sig, \
+ pub); \
+ })
+
/**
* @ingroup crypto
- * Verify ECDSA signature.
+ * @brief Verify ECDSA signature.
+ *
+ * The @a validate data is the beginning of the data of which the signature is
+ * to be verified. The `size` field in @a validate must correctly indicate the
+ * number of bytes of the data structure, including its header. If @a purpose
+ * does not match the purpose given in @a validate (the latter must be in big
+ * endian), signature verification fails. If possible, use
+ * #GNUNET_CRYPTO_eddsa_verify() instead of this function (only if @a validate
+ * is not fixed-size, you must use this function directly).
*
* @param purpose what is the purpose that the signature should have?
* @param validate block to validate (size, purpose, data)
* @returns #GNUNET_OK if ok, #GNUNET_SYSERR if invalid
*/
int
-GNUNET_CRYPTO_ecdsa_verify (uint32_t purpose,
- const struct GNUNET_CRYPTO_EccSignaturePurpose *validate,
- const struct GNUNET_CRYPTO_EcdsaSignature *sig,
- const struct GNUNET_CRYPTO_EcdsaPublicKey *pub);
+GNUNET_CRYPTO_ecdsa_verify_ (
+ uint32_t purpose,
+ const struct GNUNET_CRYPTO_EccSignaturePurpose *validate,
+ const struct GNUNET_CRYPTO_EcdsaSignature *sig,
+ const struct GNUNET_CRYPTO_EcdsaPublicKey *pub);
+/**
+ * @ingroup crypto
+ * @brief Verify ECDSA signature.
+ *
+ * The @a ps data must be a fixed-size struct for which the signature is to be
+ * created. The `size` field in @a ps->purpose must correctly indicate the
+ * number of bytes of the data structure, including its header.
+ *
+ * @param purp purpose of the signature, must match 'ps->purpose.purpose'
+ * (except in host byte order)
+ * @param priv private key to use for the signing
+ * @param ps packed struct with what to sign, MUST begin with a purpose
+ * @param sig where to write the signature
+ */
+#define GNUNET_CRYPTO_ecdsa_verify(purp,ps,sig,pub) ({ \
+ /* check size is set correctly */ \
+ GNUNET_assert (htonl ((ps)->purpose.size) == sizeof (*(ps))); \
+ /* check 'ps' begins with the purpose */ \
+ GNUNET_static_assert (((void*) (ps)) == \
+ ((void*) &(ps)->purpose)); \
+ GNUNET_CRYPTO_ecdsa_verify_ (purp, \
+ &(ps)->purpose, \
+ sig, \
+ pub); \
+ })
+
/**
* @ingroup crypto
* Derive a private key from a given private key and a label.
* @return derived private key
*/
struct GNUNET_CRYPTO_EcdsaPrivateKey *
-GNUNET_CRYPTO_ecdsa_private_key_derive (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv,
- const char *label,
- const char *context);
+GNUNET_CRYPTO_ecdsa_private_key_derive (
+ const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv,
+ const char *label,
+ const char *context);
/**
* @param result where to write the derived public key
*/
void
-GNUNET_CRYPTO_ecdsa_public_key_derive (const struct GNUNET_CRYPTO_EcdsaPublicKey *pub,
- const char *label,
- const char *context,
- struct GNUNET_CRYPTO_EcdsaPublicKey *result);
+GNUNET_CRYPTO_ecdsa_public_key_derive (
+ const struct GNUNET_CRYPTO_EcdsaPublicKey *pub,
+ const char *label,
+ const char *context,
+ struct GNUNET_CRYPTO_EcdsaPublicKey *result);
/**
* @param val value to write to @a buf
*/
void
-GNUNET_CRYPTO_mpi_print_unsigned (void *buf,
- size_t size,
- gcry_mpi_t val);
+GNUNET_CRYPTO_mpi_print_unsigned (void *buf, size_t size, gcry_mpi_t val);
/**
* @param[out] private_key Where to store the private key?
*/
void
-GNUNET_CRYPTO_paillier_create (struct GNUNET_CRYPTO_PaillierPublicKey *public_key,
- struct GNUNET_CRYPTO_PaillierPrivateKey *private_key);
+GNUNET_CRYPTO_paillier_create (
+ struct GNUNET_CRYPTO_PaillierPublicKey *public_key,
+ struct GNUNET_CRYPTO_PaillierPrivateKey *private_key);
/**
* or -1 if less than one homomorphic operation is possible
*/
int
-GNUNET_CRYPTO_paillier_encrypt (const struct GNUNET_CRYPTO_PaillierPublicKey *public_key,
- const gcry_mpi_t m,
- int desired_ops,
- struct GNUNET_CRYPTO_PaillierCiphertext *ciphertext);
+GNUNET_CRYPTO_paillier_encrypt (
+ const struct GNUNET_CRYPTO_PaillierPublicKey *public_key,
+ const gcry_mpi_t m,
+ int desired_ops,
+ struct GNUNET_CRYPTO_PaillierCiphertext *ciphertext);
/**
* @param[out] m Decryption of @a ciphertext with @private_key.
*/
void
-GNUNET_CRYPTO_paillier_decrypt (const struct GNUNET_CRYPTO_PaillierPrivateKey *private_key,
- const struct GNUNET_CRYPTO_PaillierPublicKey *public_key,
- const struct GNUNET_CRYPTO_PaillierCiphertext *ciphertext,
- gcry_mpi_t m);
+GNUNET_CRYPTO_paillier_decrypt (
+ const struct GNUNET_CRYPTO_PaillierPrivateKey *private_key,
+ const struct GNUNET_CRYPTO_PaillierPublicKey *public_key,
+ const struct GNUNET_CRYPTO_PaillierCiphertext *ciphertext,
+ gcry_mpi_t m);
/**
* #GNUNET_SYSERR if no more homomorphic operations are remaining.
*/
int
-GNUNET_CRYPTO_paillier_hom_add (const struct GNUNET_CRYPTO_PaillierPublicKey *public_key,
- const struct GNUNET_CRYPTO_PaillierCiphertext *c1,
- const struct GNUNET_CRYPTO_PaillierCiphertext *c2,
- struct GNUNET_CRYPTO_PaillierCiphertext *result);
+GNUNET_CRYPTO_paillier_hom_add (
+ const struct GNUNET_CRYPTO_PaillierPublicKey *public_key,
+ const struct GNUNET_CRYPTO_PaillierCiphertext *c1,
+ const struct GNUNET_CRYPTO_PaillierCiphertext *c2,
+ struct GNUNET_CRYPTO_PaillierCiphertext *result);
/**
* @return the number of remaining homomorphic operations
*/
int
-GNUNET_CRYPTO_paillier_hom_get_remaining (const struct GNUNET_CRYPTO_PaillierCiphertext *c);
+GNUNET_CRYPTO_paillier_hom_get_remaining (
+ const struct GNUNET_CRYPTO_PaillierCiphertext *c);
/* ********* Chaum-style RSA-based blind signatures ******************* */
-
-
/**
* The private information of an RSA key pair.
*/
* @return size of memory allocatedin @a buffer
*/
size_t
-GNUNET_CRYPTO_rsa_private_key_encode (const struct GNUNET_CRYPTO_RsaPrivateKey *key,
- char **buffer);
+GNUNET_CRYPTO_rsa_private_key_encode (
+ const struct GNUNET_CRYPTO_RsaPrivateKey *key,
+ void **buffer);
/**
* to the "normal", internal format.
*
* @param buf the buffer where the private key data is stored
- * @param len the length of the data in @a buf
+ * @param buf_size the size of the data in @a buf
* @return NULL on error
*/
struct GNUNET_CRYPTO_RsaPrivateKey *
-GNUNET_CRYPTO_rsa_private_key_decode (const char *buf,
- size_t len);
+GNUNET_CRYPTO_rsa_private_key_decode (const void *buf,
+ size_t buf_size);
/**
* @return the duplicate key; NULL upon error
*/
struct GNUNET_CRYPTO_RsaPrivateKey *
-GNUNET_CRYPTO_rsa_private_key_dup (const struct GNUNET_CRYPTO_RsaPrivateKey *key);
+GNUNET_CRYPTO_rsa_private_key_dup (
+ const struct GNUNET_CRYPTO_RsaPrivateKey *key);
/**
* @retur NULL on error, otherwise the public key
*/
struct GNUNET_CRYPTO_RsaPublicKey *
-GNUNET_CRYPTO_rsa_private_key_get_public (const struct GNUNET_CRYPTO_RsaPrivateKey *priv);
+GNUNET_CRYPTO_rsa_private_key_get_public (
+ const struct GNUNET_CRYPTO_RsaPrivateKey *priv);
/**
* @return size of memory allocated in @a buffer
*/
size_t
-GNUNET_CRYPTO_rsa_public_key_encode (const struct GNUNET_CRYPTO_RsaPublicKey *key,
- char **buffer);
+GNUNET_CRYPTO_rsa_public_key_encode (
+ const struct GNUNET_CRYPTO_RsaPublicKey *key,
+ void **buffer);
/**
* @return NULL on error
*/
struct GNUNET_CRYPTO_RsaPublicKey *
-GNUNET_CRYPTO_rsa_public_key_decode (const char *buf,
- size_t len);
+GNUNET_CRYPTO_rsa_public_key_decode (const char *buf, size_t len);
/**
*/
int
GNUNET_CRYPTO_rsa_signature_cmp (struct GNUNET_CRYPTO_RsaSignature *s1,
- struct GNUNET_CRYPTO_RsaSignature *s2);
+ struct GNUNET_CRYPTO_RsaSignature *s2);
/**
* Compare the values of two private keys.
*/
int
GNUNET_CRYPTO_rsa_private_key_cmp (struct GNUNET_CRYPTO_RsaPrivateKey *p1,
- struct GNUNET_CRYPTO_RsaPrivateKey *p2);
+ struct GNUNET_CRYPTO_RsaPrivateKey *p2);
/**
*/
int
GNUNET_CRYPTO_rsa_public_key_cmp (struct GNUNET_CRYPTO_RsaPublicKey *p1,
- struct GNUNET_CRYPTO_RsaPublicKey *p2);
+ struct GNUNET_CRYPTO_RsaPublicKey *p2);
/**
* @param pkey the public key of the signer
* @param[out] buf set to a buffer with the blinded message to be signed
* @param[out] buf_size number of bytes stored in @a buf
- * @return GNUNET_YES if successful, GNUNET_NO if RSA key is malicious
+ * @return #GNUNET_YES if successful, #GNUNET_NO if RSA key is malicious
*/
int
GNUNET_CRYPTO_rsa_blind (const struct GNUNET_HashCode *hash,
const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks,
struct GNUNET_CRYPTO_RsaPublicKey *pkey,
- char **buf, size_t *buf_size);
+ void **buf,
+ size_t *buf_size);
/**
*/
struct GNUNET_CRYPTO_RsaSignature *
GNUNET_CRYPTO_rsa_sign_blinded (const struct GNUNET_CRYPTO_RsaPrivateKey *key,
- const void *msg, size_t msg_len);
+ const void *msg,
+ size_t msg_len);
/**
*/
struct GNUNET_CRYPTO_RsaSignature *
GNUNET_CRYPTO_rsa_sign_fdh (const struct GNUNET_CRYPTO_RsaPrivateKey *key,
- const struct GNUNET_HashCode *hash);
+ const struct GNUNET_HashCode *hash);
/**
* @return size of memory allocated in @a buffer
*/
size_t
-GNUNET_CRYPTO_rsa_signature_encode (const struct GNUNET_CRYPTO_RsaSignature *sig,
- char **buffer);
+GNUNET_CRYPTO_rsa_signature_encode (
+ const struct GNUNET_CRYPTO_RsaSignature *sig,
+ void **buffer);
/**
* format.
*
* @param buf the buffer where the public key data is stored
- * @param len the length of the data in @a buf
+ * @param buf_size the number of bytes of the data in @a buf
* @return NULL on error
*/
struct GNUNET_CRYPTO_RsaSignature *
-GNUNET_CRYPTO_rsa_signature_decode (const char *buf,
- size_t len);
+GNUNET_CRYPTO_rsa_signature_decode (const void *buf,
+ size_t buf_size);
/**
*/
struct GNUNET_CRYPTO_RsaSignature *
GNUNET_CRYPTO_rsa_unblind (const struct GNUNET_CRYPTO_RsaSignature *sig,
- const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks,
- struct GNUNET_CRYPTO_RsaPublicKey *pkey);
+ const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks,
+ struct GNUNET_CRYPTO_RsaPublicKey *pkey);
/**
*/
int
GNUNET_CRYPTO_rsa_verify (const struct GNUNET_HashCode *hash,
- const struct GNUNET_CRYPTO_RsaSignature *sig,
- const struct GNUNET_CRYPTO_RsaPublicKey *public_key);
+ const struct GNUNET_CRYPTO_RsaSignature *sig,
+ const struct GNUNET_CRYPTO_RsaPublicKey *public_key);
-#if 0 /* keep Emacsens' auto-indent happy */
+#if 0 /* keep Emacsens' auto-indent happy */
{
#endif
#ifdef __cplusplus