-ecc sign/verify only

3 files changed, 20 insertions, 308 deletions

diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h
index 59f1dad78..3bb60d9e5 100644
--- a/src/include/gnunet_crypto_lib.h
+++ b/src/include/gnunet_crypto_lib.h
@@ -270,7 +270,7 @@ struct GNUNET_CRYPTO_EccSignaturePurpose
 struct GNUNET_CRYPTO_EccSignature
 {
   /**
-   * Overall size of the encrypted data.
+   * Overall size of the signature data.
    */
   uint16_t size;
 
@@ -319,23 +319,6 @@ struct GNUNET_CRYPTO_EccPrivateKeyBinaryEncoded
 
 
 /**
- * ECC Encrypted data.
- */
-struct GNUNET_CRYPTO_EccEncryptedData
-{
-  /**
-   * Overall size of the encrypted data.
-   */
-  uint16_t size;
-
-  /**
-   * S-expression, padded with zeros.
-   */
-  char encoding[GNUNET_CRYPTO_ECC_DATA_ENCODING_LENGTH];
-};
-
-
-/**
  * @brief type for session keys
  */
 struct GNUNET_CRYPTO_AesSessionKey
@@ -1325,39 +1308,6 @@ GNUNET_CRYPTO_ecc_setup_hostkey (const char *cfg_name);
 
 
 /**
- * Encrypt a block with the public key of another host that uses the
- * same cipher.
- *
- * @param block the block to encrypt
- * @param size the size of block
- * @param publicKey the encoded public key used to encrypt
- * @param target where to store the encrypted block
- * @returns GNUNET_SYSERR on error, GNUNET_OK if ok
- */
-int
-GNUNET_CRYPTO_ecc_encrypt (const void *block, size_t size,
-                           const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded
-                           *publicKey,
-                           struct GNUNET_CRYPTO_EccEncryptedData *target);
-
-
-/**
- * Decrypt a given block with the hostkey.
- *
- * @param key the key with which to decrypt this block
- * @param block the data to decrypt, encoded as returned by encrypt
- * @param result pointer to a location where the result can be stored
- * @param max the maximum number of bits to store for the result, if
- *        the decrypted block is bigger, an error is returned
- * @return the size of the decrypted block, -1 on error
- */
-ssize_t
-GNUNET_CRYPTO_ecc_decrypt (const struct GNUNET_CRYPTO_EccPrivateKey *key,
-                           const struct GNUNET_CRYPTO_EccEncryptedData *block,
-                           void *result, size_t max);
-
-
-/**
  * Sign a given block.
  *
  * @param key private key to use for the signing
diff --git a/src/util/crypto_ecc.c b/src/util/crypto_ecc.c
index 88806a8dd..95d157eb1 100644
--- a/src/util/crypto_ecc.c
+++ b/src/util/crypto_ecc.c
@@ -386,14 +386,28 @@ ecc_key_create ()
   struct GNUNET_CRYPTO_EccPrivateKey *ret;
   gcry_sexp_t s_key;
   gcry_sexp_t s_keyparam;
+  int rc;
 
-  GNUNET_assert (0 ==
-                 gcry_sexp_build (&s_keyparam, NULL,
-                                  "(genkey(ecc(curve \"" CURVE "\")))"));
-  GNUNET_assert (0 == gcry_pk_genkey (&s_key, s_keyparam));
+  if (0 != (rc = gcry_sexp_build (&s_keyparam, NULL,
+                                  "(genkey(ecdsa(curve 10:NIST P-521)))")))
+  {
+    LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc);
+    return NULL;
+  }
+  if (0 != (rc = gcry_pk_genkey (&s_key, s_keyparam)))
+  {
+    LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_genkey", rc);
+    gcry_sexp_release (s_keyparam);
+    return NULL;
+  }
   gcry_sexp_release (s_keyparam);
 #if EXTRA_CHECKS
-  GNUNET_assert (0 == gcry_pk_testkey (s_key));
+  if (0 != (rc = gcry_pk_testkey (s_key)))
+  {
+    LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_testkey", rc);
+    gcry_sexp_release (s_key);
+    return NULL;
+  }
 #endif
   ret = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EccPrivateKey));
   ret->sexp = s_key;
@@ -927,111 +941,6 @@ GNUNET_CRYPTO_ecc_setup_hostkey (const char *cfg_name)
 
 
 /**
- * Encrypt a block with the public key of another host that uses the
- * same cipher.
- *
- * @param block the block to encrypt
- * @param size the size of block
- * @param publicKey the encoded public key used to encrypt
- * @param target where to store the encrypted block
- * @returns GNUNET_SYSERR on error, GNUNET_OK if ok
- */
-int
-GNUNET_CRYPTO_ecc_encrypt (const void *block, size_t size,
-                           const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded
-                           *publicKey,
-                           struct GNUNET_CRYPTO_EccEncryptedData *target)
-{
-  gcry_sexp_t result;
-  gcry_sexp_t data;
-  gcry_sexp_t psexp;
-  gcry_mpi_t val;
-  size_t isize;
-  size_t erroff;
-
-  GNUNET_assert (size <= sizeof (struct GNUNET_HashCode));
-  if (! (psexp = decode_public_key (publicKey)))
-    return GNUNET_SYSERR;
-  isize = size;
-  GNUNET_assert (0 ==
-                 gcry_mpi_scan (&val, GCRYMPI_FMT_USG, block, isize, &isize));
-  GNUNET_assert (0 ==
-                 gcry_sexp_build (&data, &erroff,
-                                  "(data (flags pkcs1)(value %m))", val));
-  gcry_mpi_release (val);
-  GNUNET_assert (0 == gcry_pk_encrypt (&result, data, psexp));
-  gcry_sexp_release (data);
-  gcry_sexp_release (psexp);
-  isize = gcry_sexp_sprint (result, 
-                            GCRYSEXP_FMT_DEFAULT,
-                            target->encoding,
-                            GNUNET_CRYPTO_ECC_DATA_ENCODING_LENGTH);
-  if (0 == isize)
-  {
-    GNUNET_break (0);
-    return GNUNET_SYSERR;
-  }
-  target->size = htons ((uint16_t) (isize + sizeof (uint16_t)));
-  /* padd with zeros */
-  memset (&target->encoding[isize], 0, GNUNET_CRYPTO_ECC_DATA_ENCODING_LENGTH - isize);
-  return GNUNET_OK;
-}
-
-
-/**
- * Decrypt a given block with the hostkey.
- *
- * @param key the key with which to decrypt this block
- * @param block the data to decrypt, encoded as returned by encrypt
- * @param result pointer to a location where the result can be stored
- * @param max the maximum number of bits to store for the result, if
- *        the decrypted block is bigger, an error is returned
- * @return the size of the decrypted block, -1 on error
- */
-ssize_t
-GNUNET_CRYPTO_ecc_decrypt (const struct GNUNET_CRYPTO_EccPrivateKey *key,
-                           const struct GNUNET_CRYPTO_EccEncryptedData *block,
-                           void *result, size_t max)
-{
-  gcry_sexp_t resultsexp;
-  gcry_sexp_t data;
-  size_t erroff;
-  size_t size;
-  gcry_mpi_t val;
-  unsigned char *endp;
-
-#if EXTRA_CHECKS
-  GNUNET_assert (0 == gcry_pk_testkey (key->sexp));
-#endif
-  size = ntohs (block->size);
-  if (size < sizeof (uint16_t))
-    return -1;
-  GNUNET_assert (0 ==
-                 gcry_sexp_sscan (&data,
-                                  &erroff,
-                                  block->encoding, size - sizeof (uint16_t)));
-  GNUNET_assert (0 == gcry_pk_decrypt (&resultsexp, data, key->sexp));
-  gcry_sexp_release (data);
-  /* resultsexp has format "(value %m)" */
-  GNUNET_assert (NULL !=
-                 (val = gcry_sexp_nth_mpi (resultsexp, 1, GCRYMPI_FMT_USG)));
-  gcry_sexp_release (resultsexp);
-  size = max + GNUNET_CRYPTO_ECC_DATA_ENCODING_LENGTH * 2;
-  {
-    unsigned char tmp[size];
-
-    GNUNET_assert (0 == gcry_mpi_print (GCRYMPI_FMT_USG, tmp, size, &size, val));
-    gcry_mpi_release (val);
-    endp = tmp;
-    endp += (size - max);
-    size = max;
-    memcpy (result, endp, size);
-  }
-  return size;
-}
-
-
-/**
  * Convert the data specified in the given purpose argument to an
  * S-expression suitable for signature operations.
  *
diff --git a/src/util/test_crypto_ecc.c b/src/util/test_crypto_ecc.c
index d61ba816e..4cb8f1dbc 100644
--- a/src/util/test_crypto_ecc.c
+++ b/src/util/test_crypto_ecc.c
@@ -39,147 +39,6 @@ static struct GNUNET_CRYPTO_EccPrivateKey *key;
 
 
 static int
-testEncryptDecrypt ()
-{
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded pkey;
-  struct GNUNET_CRYPTO_EccEncryptedData target;
-  char result[MAX_TESTVAL];
-  int i;
-  struct GNUNET_TIME_Absolute start;
-  int ok;
-
-  FPRINTF (stderr, "%s",  "W");
-  GNUNET_CRYPTO_ecc_key_get_public (key, &pkey);
-  ok = 0;
-  start = GNUNET_TIME_absolute_get ();
-  for (i = 0; i < ITER; i++)
-  {
-    FPRINTF (stderr, "%s",  ".");
-    if (GNUNET_SYSERR ==
-        GNUNET_CRYPTO_ecc_encrypt (TESTSTRING, strlen (TESTSTRING) + 1, &pkey,
-                                   &target))
-    {
-      FPRINTF (stderr, "%s",  "GNUNET_CRYPTO_ecc_encrypt returned SYSERR\n");
-      ok++;
-      continue;
-    }
-    if (-1 ==
-        GNUNET_CRYPTO_ecc_decrypt (key, &target, result,
-                                   strlen (TESTSTRING) + 1))
-    {
-      FPRINTF (stderr, "%s",  "GNUNET_CRYPTO_ecc_decrypt returned SYSERR\n");
-      ok++;
-      continue;
-
-    }
-    if (strncmp (TESTSTRING, result, strlen (TESTSTRING)) != 0)
-    {
-      printf ("%s != %.*s - testEncryptDecrypt failed!\n", TESTSTRING,
-              (int) MAX_TESTVAL, result);
-      ok++;
-      continue;
-    }
-  }
-  printf ("%d ECC encrypt/decrypt operations %s (%d failures)\n", 
-          ITER,
-          GNUNET_STRINGS_relative_time_to_string (GNUNET_TIME_absolute_get_duration (start), GNUNET_YES), 
-          ok);
-  if (ok == 0)
-    return GNUNET_OK;
-  return GNUNET_SYSERR;
-}
-
-
-#if PERF
-static int
-testEncryptPerformance ()
-{
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded pkey;
-  struct GNUNET_CRYPTO_EccEncryptedData target;
-  int i;
-  struct GNUNET_TIME_Absolute start;
-  int ok;
-
-  FPRINTF (stderr, "%s",  "W");
-  GNUNET_CRYPTO_ecc_key_get_public (key, &pkey);
-  ok = 0;
-  start = GNUNET_TIME_absolute_get ();
-  for (i = 0; i < ITER; i++)
-  {
-    FPRINTF (stderr, "%s",  ".");
-    if (GNUNET_SYSERR ==
-        GNUNET_CRYPTO_ecc_encrypt (TESTSTRING, strlen (TESTSTRING) + 1, &pkey,
-                                   &target))
-    {
-      FPRINTF (stderr, "%s",  "GNUNET_CRYPTO_ecc_encrypt returned SYSERR\n");
-      ok++;
-      continue;
-    }
-  }
-  printf ("%d ECC encrypt operations %llu ms (%d failures)\n", ITER,
-          (unsigned long long)
-          GNUNET_TIME_absolute_get_duration (start).rel_value, ok);
-  if (ok != 0)
-    return GNUNET_SYSERR;
-  return GNUNET_OK;
-}
-#endif
-
-static int
-testEncryptDecryptSK ()
-{
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded pkey;
-  struct GNUNET_CRYPTO_EccEncryptedData target;
-  struct GNUNET_CRYPTO_AesSessionKey insk;
-  struct GNUNET_CRYPTO_AesSessionKey outsk;
-  int i;
-  struct GNUNET_TIME_Absolute start;
-  int ok;
-
-  FPRINTF (stderr, "%s",  "W");
-  GNUNET_CRYPTO_ecc_key_get_public (key, &pkey);
-  ok = 0;
-  start = GNUNET_TIME_absolute_get ();
-  for (i = 0; i < ITER; i++)
-  {
-    FPRINTF (stderr, "%s",  ".");
-    GNUNET_CRYPTO_aes_create_session_key (&insk);
-    if (GNUNET_SYSERR ==
-        GNUNET_CRYPTO_ecc_encrypt (&insk,
-                                   sizeof (struct GNUNET_CRYPTO_AesSessionKey),
-                                   &pkey, &target))
-    {
-      FPRINTF (stderr, "%s",  "GNUNET_CRYPTO_ecc_encrypt returned SYSERR\n");
-      ok++;
-      continue;
-    }
-    if (-1 ==
-        GNUNET_CRYPTO_ecc_decrypt (key, &target, &outsk,
-                                   sizeof (struct GNUNET_CRYPTO_AesSessionKey)))
-    {
-      FPRINTF (stderr, "%s",  "GNUNET_CRYPTO_ecc_decrypt returned SYSERR\n");
-      ok++;
-      continue;
-    }
-    if (0 !=
-        memcmp (&insk, &outsk, sizeof (struct GNUNET_CRYPTO_AesSessionKey)))
-    {
-      printf ("testEncryptDecryptSK failed!\n");
-      ok++;
-      continue;
-    }
-  }
-  printf ("%d ECC encrypt/decrypt SK operations %s (%d failures)\n", 
-          ITER,
-          GNUNET_STRINGS_relative_time_to_string (GNUNET_TIME_absolute_get_duration (start), GNUNET_YES), 
-          ok);
-  if (ok != 0)
-    return GNUNET_SYSERR;
-  return GNUNET_OK;
-}
-
-
-static int
 testSignVerify ()
 {
   struct GNUNET_CRYPTO_EccSignature sig;
@@ -330,15 +189,9 @@ main (int argc, char *argv[])
     failureCount++;
   GNUNET_SCHEDULER_run (&test_async_creation, NULL);
 #if PERF
-  if (GNUNET_OK != testEncryptPerformance ())
-    failureCount++;
   if (GNUNET_OK != testSignPerformance ())
     failureCount++;
 #endif
-  if (GNUNET_OK != testEncryptDecryptSK ())
-    failureCount++;
-  if (GNUNET_OK != testEncryptDecrypt ())
-    failureCount++;
   if (GNUNET_OK != testSignVerify ())
     failureCount++;
   GNUNET_CRYPTO_ecc_key_free (key);