diff options
author | TheJackiMonster <thejackimonster@gmail.com> | 2020-11-05 21:20:38 +0100 |
---|---|---|
committer | TheJackiMonster <thejackimonster@gmail.com> | 2020-11-05 21:20:38 +0100 |
commit | c07ae5c8d29202466f066e4dcddbfd091513db7c (patch) | |
tree | c99961354915549f33643414720a5432b25b4847 /src/include/gnunet_identity_service.h | |
parent | 77842546903ef7296c863987f9a60e5f0ead14d1 (diff) | |
download | gnunet-c07ae5c8d29202466f066e4dcddbfd091513db7c.tar.gz gnunet-c07ae5c8d29202466f066e4dcddbfd091513db7c.zip |
additional abstraction for identity keys
Signed-off-by: TheJackiMonster <thejackimonster@gmail.com>
Diffstat (limited to 'src/include/gnunet_identity_service.h')
-rw-r--r-- | src/include/gnunet_identity_service.h | 215 |
1 files changed, 215 insertions, 0 deletions
diff --git a/src/include/gnunet_identity_service.h b/src/include/gnunet_identity_service.h index 17714fec4..8084a3a98 100644 --- a/src/include/gnunet_identity_service.h +++ b/src/include/gnunet_identity_service.h | |||
@@ -138,6 +138,33 @@ struct GNUNET_IDENTITY_PublicKey | |||
138 | 138 | ||
139 | 139 | ||
140 | /** | 140 | /** |
141 | * An identity signature as per LSD0001. | ||
142 | */ | ||
143 | struct GNUNET_IDENTITY_Signature | ||
144 | { | ||
145 | /** | ||
146 | * Type of signature. | ||
147 | * Defined by the GNS zone type value. | ||
148 | * In NBO. | ||
149 | */ | ||
150 | uint32_t type; | ||
151 | |||
152 | union | ||
153 | { | ||
154 | /** | ||
155 | * An ECDSA signature | ||
156 | */ | ||
157 | struct GNUNET_CRYPTO_EcdsaSignature ecdsa_signature; | ||
158 | |||
159 | /** | ||
160 | * AN EdDSA signature | ||
161 | */ | ||
162 | struct GNUNET_CRYPTO_EddsaSignature eddsa_signature; | ||
163 | }; | ||
164 | }; | ||
165 | |||
166 | |||
167 | /** | ||
141 | * Handle for an operation with the identity service. | 168 | * Handle for an operation with the identity service. |
142 | */ | 169 | */ |
143 | struct GNUNET_IDENTITY_Operation; | 170 | struct GNUNET_IDENTITY_Operation; |
@@ -379,6 +406,194 @@ GNUNET_IDENTITY_key_get_length (const struct GNUNET_IDENTITY_PublicKey *key); | |||
379 | 406 | ||
380 | 407 | ||
381 | /** | 408 | /** |
409 | * Get the compacted length of a #GNUNET_IDENTITY_Signature. | ||
410 | * Compacted means that it returns the minimum number of bytes this | ||
411 | * signature is long, as opposed to the union structure inside | ||
412 | * #GNUNET_IDENTITY_Signature. | ||
413 | * Useful for compact serializations. | ||
414 | * | ||
415 | * @param sig the signature. | ||
416 | * @return -1 on error, else the compacted length of the signature. | ||
417 | */ | ||
418 | ssize_t | ||
419 | GNUNET_IDENTITY_signature_get_length (const struct GNUNET_IDENTITY_Signature *sig); | ||
420 | |||
421 | |||
422 | /** | ||
423 | * Reads a #GNUNET_IDENTITY_PublicKey from a compact buffer. | ||
424 | * The buffer has to contain at least the compacted length of | ||
425 | * a #GNUNET_IDENTITY_PublicKey bytes. | ||
426 | * If the buffer is too small, the function returns -1 as error. | ||
427 | * If the buffer does not contain a valid key, it returns -2 as error. | ||
428 | * | ||
429 | * @param key the key | ||
430 | * @param buffer the buffer | ||
431 | * @param len the length of buffer | ||
432 | * @return -1 or -2 on error, else the amount of bytes read from the buffer | ||
433 | */ | ||
434 | ssize_t | ||
435 | GNUNET_IDENTITY_read_key_from_buffer (struct GNUNET_IDENTITY_PublicKey *key, | ||
436 | const void* buffer, | ||
437 | size_t len); | ||
438 | |||
439 | |||
440 | /** | ||
441 | * Writes a #GNUNET_IDENTITY_PublicKey to a compact buffer. | ||
442 | * The buffer requires space for at least the compacted length of | ||
443 | * a #GNUNET_IDENTITY_PublicKey in bytes. | ||
444 | * If the buffer is too small, the function returns -1 as error. | ||
445 | * If the key is not valid, it returns -2 as error. | ||
446 | * | ||
447 | * @param key the key | ||
448 | * @param buffer the buffer | ||
449 | * @param len the length of buffer | ||
450 | * @return -1 or -2 on error, else the amount of bytes written to the buffer | ||
451 | */ | ||
452 | ssize_t | ||
453 | GNUNET_IDENTITY_write_key_to_buffer (const struct GNUNET_IDENTITY_PublicKey *key, | ||
454 | void* buffer, | ||
455 | size_t len); | ||
456 | |||
457 | |||
458 | /** | ||
459 | * @brief Sign a given block. | ||
460 | * | ||
461 | * The @a purpose data is the beginning of the data of which the signature is | ||
462 | * to be created. The `size` field in @a purpose must correctly indicate the | ||
463 | * number of bytes of the data structure, including its header. If possible, | ||
464 | * use #GNUNET_IDENTITY_private_key_sign() instead of this function. | ||
465 | * | ||
466 | * @param priv private key to use for the signing | ||
467 | * @param purpose what to sign (size, purpose) | ||
468 | * @param[out] sig where to write the signature | ||
469 | * @return #GNUNET_SYSERR on error, #GNUNET_OK on success | ||
470 | */ | ||
471 | int | ||
472 | GNUNET_IDENTITY_private_key_sign_ (const struct GNUNET_IDENTITY_PrivateKey *priv, | ||
473 | const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, | ||
474 | struct GNUNET_IDENTITY_Signature *sig); | ||
475 | |||
476 | |||
477 | /** | ||
478 | * @brief Sign a given block with #GNUNET_IDENTITY_PrivateKey. | ||
479 | * | ||
480 | * The @a ps data must be a fixed-size struct for which the signature is to be | ||
481 | * created. The `size` field in @a ps->purpose must correctly indicate the | ||
482 | * number of bytes of the data structure, including its header. | ||
483 | * | ||
484 | * @param priv private key to use for the signing | ||
485 | * @param ps packed struct with what to sign, MUST begin with a purpose | ||
486 | * @param[out] sig where to write the signature | ||
487 | */ | ||
488 | #define GNUNET_IDENTITY_private_key_sign(priv,ps,sig) do { \ | ||
489 | /* check size is set correctly */ \ | ||
490 | GNUNET_assert (htonl ((ps)->purpose.size) == sizeof (*(ps))); \ | ||
491 | /* check 'ps' begins with the purpose */ \ | ||
492 | GNUNET_static_assert (((void*) (ps)) == \ | ||
493 | ((void*) &(ps)->purpose)); \ | ||
494 | GNUNET_assert (GNUNET_OK == \ | ||
495 | GNUNET_IDENTITY_private_key_sign_ (priv, \ | ||
496 | &(ps)->purpose, \ | ||
497 | sig)); \ | ||
498 | } while (0) | ||
499 | |||
500 | |||
501 | /** | ||
502 | * @brief Verify a given signature. | ||
503 | * | ||
504 | * The @a validate data is the beginning of the data of which the signature | ||
505 | * is to be verified. The `size` field in @a validate must correctly indicate | ||
506 | * the number of bytes of the data structure, including its header. If @a | ||
507 | * purpose does not match the purpose given in @a validate (the latter must be | ||
508 | * in big endian), signature verification fails. If possible, | ||
509 | * use #GNUNET_IDENTITY_public_key_verify() instead of this function (only if @a validate | ||
510 | * is not fixed-size, you must use this function directly). | ||
511 | * | ||
512 | * @param purpose what is the purpose that the signature should have? | ||
513 | * @param validate block to validate (size, purpose, data) | ||
514 | * @param sig signature that is being validated | ||
515 | * @param pub public key of the signer | ||
516 | * @returns #GNUNET_OK if ok, #GNUNET_SYSERR if invalid | ||
517 | */ | ||
518 | int | ||
519 | GNUNET_IDENTITY_public_key_verify_ (uint32_t purpose, | ||
520 | const struct GNUNET_CRYPTO_EccSignaturePurpose *validate, | ||
521 | const struct GNUNET_IDENTITY_Signature *sig, | ||
522 | const struct GNUNET_IDENTITY_PublicKey *pub); | ||
523 | |||
524 | |||
525 | /** | ||
526 | * @brief Verify a given signature with #GNUNET_IDENTITY_PublicKey. | ||
527 | * | ||
528 | * The @a ps data must be a fixed-size struct for which the signature is to be | ||
529 | * created. The `size` field in @a ps->purpose must correctly indicate the | ||
530 | * number of bytes of the data structure, including its header. | ||
531 | * | ||
532 | * @param purp purpose of the signature, must match 'ps->purpose.purpose' | ||
533 | * (except in host byte order) | ||
534 | * @param ps packed struct with what to sign, MUST begin with a purpose | ||
535 | * @param sig where to read the signature from | ||
536 | * @param pub public key to use for the verifying | ||
537 | */ | ||
538 | #define GNUNET_IDENTITY_public_key_verify(purp,ps,sig,pub) ({ \ | ||
539 | /* check size is set correctly */ \ | ||
540 | GNUNET_assert (ntohl ((ps)->purpose.size) == sizeof (*(ps))); \ | ||
541 | /* check 'ps' begins with the purpose */ \ | ||
542 | GNUNET_static_assert (((void*) (ps)) == \ | ||
543 | ((void*) &(ps)->purpose)); \ | ||
544 | GNUNET_IDENTITY_public_key_verify_(purp, \ | ||
545 | &(ps)->purpose, \ | ||
546 | sig, \ | ||
547 | pub); \ | ||
548 | }) | ||
549 | |||
550 | |||
551 | /** | ||
552 | * Encrypt a block with #GNUNET_IDENTITY_PublicKey and derives a | ||
553 | * #GNUNET_CRYPTO_EcdhePublicKey which is required for decryption | ||
554 | * using ecdh to derive a symmetric key. | ||
555 | * | ||
556 | * @param block the block to encrypt | ||
557 | * @param size the size of the @a block | ||
558 | * @param pub public key to use for ecdh | ||
559 | * @param ecc where to write the ecc public key | ||
560 | * @param result the output parameter in which to store the encrypted result | ||
561 | * can be the same or overlap with @c block | ||
562 | * @returns the size of the encrypted block, -1 for errors. | ||
563 | * Due to the use of CFB and therefore an effective stream cipher, | ||
564 | * this size should be the same as @c len. | ||
565 | */ | ||
566 | ssize_t | ||
567 | GNUNET_IDENTITY_public_key_encrypt(const void *block, | ||
568 | size_t size, | ||
569 | const struct GNUNET_IDENTITY_PublicKey *pub, | ||
570 | struct GNUNET_CRYPTO_EcdhePublicKey *ecc, | ||
571 | void *result); | ||
572 | |||
573 | |||
574 | /** | ||
575 | * Decrypt a given block with #GNUNET_IDENTITY_PrivateKey and a given | ||
576 | * #GNUNET_CRYPTO_EcdhePublicKey using ecdh to derive a symmetric key. | ||
577 | * | ||
578 | * @param block the data to decrypt, encoded as returned by encrypt | ||
579 | * @param size the size of the @a block to decrypt | ||
580 | * @param priv private key to use for ecdh | ||
581 | * @param ecc the ecc public key | ||
582 | * @param result address to store the result at | ||
583 | * can be the same or overlap with @c block | ||
584 | * @return -1 on failure, size of decrypted block on success. | ||
585 | * Due to the use of CFB and therefore an effective stream cipher, | ||
586 | * this size should be the same as @c size. | ||
587 | */ | ||
588 | ssize_t | ||
589 | GNUNET_IDENTITY_private_key_decrypt(const void *block, | ||
590 | size_t size, | ||
591 | const struct GNUNET_IDENTITY_PrivateKey *priv, | ||
592 | const struct GNUNET_CRYPTO_EcdhePublicKey *ecc, | ||
593 | void *result); | ||
594 | |||
595 | |||
596 | /** | ||
382 | * Creates a (Base32) string representation of the public key. | 597 | * Creates a (Base32) string representation of the public key. |
383 | * The resulting string encodes a compacted representation of the key. | 598 | * The resulting string encodes a compacted representation of the key. |
384 | * See also #GNUNET_IDENTITY_key_get_length. | 599 | * See also #GNUNET_IDENTITY_key_get_length. |