NEWS: -

Safer API for IDENTITY encryption
author: Martin Schanzenbach <schanzen@gnunet.org> 2023-07-17 09:51:22 +0200
committer: Martin Schanzenbach <schanzen@gnunet.org> 2023-07-17 09:51:22 +0200
commit: 7e08ec5663903e8a1bbfeeee214d8b2d1ab07f15 (patch)
tree: 22fd02e20eb07b7a8e62c7ba6521ec6489b7ebda /src/include/gnunet_identity_service.h
parent: c75d1f1a73a09d7160631450b6e9d21f59736b9d (diff)
download: gnunet-7e08ec5663903e8a1bbfeeee214d8b2d1ab07f15.tar.gz
gnunet-7e08ec5663903e8a1bbfeeee214d8b2d1ab07f15.zip
1 files changed, 10 insertions, 11 deletions
diff --git a/src/include/gnunet_identity_service.h b/src/include/gnunet_identity_service.h
index db39a92eb..fd0458f62 100644
--- a/src/include/gnunet_identity_service.h
+++ b/src/include/gnunet_identity_service.h
@@ -45,6 +45,7 @@
 #ifndef GNUNET_IDENTITY_SERVICE_H
 #define GNUNET_IDENTITY_SERVICE_H
+#include "gnunet_common.h"
 #ifdef __cplusplus
 extern "C" {
 #if 0 /* keep Emacsens' auto-indent happy */
@@ -750,26 +751,26 @@ GNUNET_IDENTITY_decrypt_old (
  const struct GNUNET_CRYPTO_EcdhePublicKey *ecc,
  void *result);
+#define GNUNET_IDENTITY_ENCRYPT_OVERHEAD_BYTES (crypto_secretbox_MACBYTES \
+                                                + sizeof (struct \
+                                                          GNUNET_CRYPTO_FoKemC))
 /**
 * Encrypt a block with #GNUNET_IDENTITY_PublicKey and derives a
 * #GNUNET_CRYPTO_EcdhePublicKey which is required for decryption
 * using ecdh to derive a symmetric key.
 *
 * Note that the result buffer for the ciphertext must be the length of
- * the message to encrypt plus:
+ * the message to encrypt plus #GNUNET_IDENTITY_ENCRYPT_OVERHEAD_BYTES.
- * - Length of a struct GNUNET_CRYPTO_FoKemC
- * - the authentication tag of libsodium, e.g. crypto_secretbox_NONCEBYTES
 *
 * @param block the block to encrypt
 * @param size the size of the @a block
 * @param pub public key to encrypt for
 * @param result the output parameter in which to store the encrypted result
 *               can be the same or overlap with @c block
- * @returns the size of the encrypted block, -1 for errors.
+ * @returns GNUNET_OK on success.
- *          Due to the use of CFB and therefore an effective stream cipher,
- *          this size should be the same as @c len.
 */
-ssize_t
+enum GNUNET_GenericReturnValue
 GNUNET_IDENTITY_encrypt (const void *block,
                         size_t size,
                         const struct GNUNET_IDENTITY_PublicKey *pub,
@@ -786,11 +787,9 @@ GNUNET_IDENTITY_encrypt (const void *block,
 * @param priv private key to use for ecdh
 * @param result address to store the result at
 *               can be the same or overlap with @c block
- * @return -1 on failure, size of decrypted block on success.
+ * @returns GNUNET_OK on success.
- *         Due to the use of CFB and therefore an effective stream cipher,
- *         this size should be the same as @c size.
 */
-ssize_t
+enum GNUNET_GenericReturnValue
 GNUNET_IDENTITY_decrypt (const void *block,
                         size_t size,
                         const struct GNUNET_IDENTITY_PrivateKey *priv,
author	Martin Schanzenbach <schanzen@gnunet.org>	2023-07-17 09:51:22 +0200
committer	Martin Schanzenbach <schanzen@gnunet.org>	2023-07-17 09:51:22 +0200
commit	7e08ec5663903e8a1bbfeeee214d8b2d1ab07f15 (patch)
tree	22fd02e20eb07b7a8e62c7ba6521ec6489b7ebda /src/include/gnunet_identity_service.h
parent	c75d1f1a73a09d7160631450b6e9d21f59736b9d (diff)
download	gnunet-7e08ec5663903e8a1bbfeeee214d8b2d1ab07f15.tar.gz gnunet-7e08ec5663903e8a1bbfeeee214d8b2d1ab07f15.zip