diff options
author | Martin Schanzenbach <schanzen@gnunet.org> | 2023-07-17 09:51:22 +0200 |
---|---|---|
committer | Martin Schanzenbach <schanzen@gnunet.org> | 2023-07-17 09:51:22 +0200 |
commit | 7e08ec5663903e8a1bbfeeee214d8b2d1ab07f15 (patch) | |
tree | 22fd02e20eb07b7a8e62c7ba6521ec6489b7ebda /src/include/gnunet_identity_service.h | |
parent | c75d1f1a73a09d7160631450b6e9d21f59736b9d (diff) | |
download | gnunet-7e08ec5663903e8a1bbfeeee214d8b2d1ab07f15.tar.gz gnunet-7e08ec5663903e8a1bbfeeee214d8b2d1ab07f15.zip |
NEWS: -
Safer API for IDENTITY encryption
Diffstat (limited to 'src/include/gnunet_identity_service.h')
-rw-r--r-- | src/include/gnunet_identity_service.h | 21 |
1 files changed, 10 insertions, 11 deletions
diff --git a/src/include/gnunet_identity_service.h b/src/include/gnunet_identity_service.h index db39a92eb..fd0458f62 100644 --- a/src/include/gnunet_identity_service.h +++ b/src/include/gnunet_identity_service.h | |||
@@ -45,6 +45,7 @@ | |||
45 | #ifndef GNUNET_IDENTITY_SERVICE_H | 45 | #ifndef GNUNET_IDENTITY_SERVICE_H |
46 | #define GNUNET_IDENTITY_SERVICE_H | 46 | #define GNUNET_IDENTITY_SERVICE_H |
47 | 47 | ||
48 | #include "gnunet_common.h" | ||
48 | #ifdef __cplusplus | 49 | #ifdef __cplusplus |
49 | extern "C" { | 50 | extern "C" { |
50 | #if 0 /* keep Emacsens' auto-indent happy */ | 51 | #if 0 /* keep Emacsens' auto-indent happy */ |
@@ -750,26 +751,26 @@ GNUNET_IDENTITY_decrypt_old ( | |||
750 | const struct GNUNET_CRYPTO_EcdhePublicKey *ecc, | 751 | const struct GNUNET_CRYPTO_EcdhePublicKey *ecc, |
751 | void *result); | 752 | void *result); |
752 | 753 | ||
754 | #define GNUNET_IDENTITY_ENCRYPT_OVERHEAD_BYTES (crypto_secretbox_MACBYTES \ | ||
755 | + sizeof (struct \ | ||
756 | GNUNET_CRYPTO_FoKemC)) | ||
757 | |||
753 | /** | 758 | /** |
754 | * Encrypt a block with #GNUNET_IDENTITY_PublicKey and derives a | 759 | * Encrypt a block with #GNUNET_IDENTITY_PublicKey and derives a |
755 | * #GNUNET_CRYPTO_EcdhePublicKey which is required for decryption | 760 | * #GNUNET_CRYPTO_EcdhePublicKey which is required for decryption |
756 | * using ecdh to derive a symmetric key. | 761 | * using ecdh to derive a symmetric key. |
757 | * | 762 | * |
758 | * Note that the result buffer for the ciphertext must be the length of | 763 | * Note that the result buffer for the ciphertext must be the length of |
759 | * the message to encrypt plus: | 764 | * the message to encrypt plus #GNUNET_IDENTITY_ENCRYPT_OVERHEAD_BYTES. |
760 | * - Length of a struct GNUNET_CRYPTO_FoKemC | ||
761 | * - the authentication tag of libsodium, e.g. crypto_secretbox_NONCEBYTES | ||
762 | * | 765 | * |
763 | * @param block the block to encrypt | 766 | * @param block the block to encrypt |
764 | * @param size the size of the @a block | 767 | * @param size the size of the @a block |
765 | * @param pub public key to encrypt for | 768 | * @param pub public key to encrypt for |
766 | * @param result the output parameter in which to store the encrypted result | 769 | * @param result the output parameter in which to store the encrypted result |
767 | * can be the same or overlap with @c block | 770 | * can be the same or overlap with @c block |
768 | * @returns the size of the encrypted block, -1 for errors. | 771 | * @returns GNUNET_OK on success. |
769 | * Due to the use of CFB and therefore an effective stream cipher, | ||
770 | * this size should be the same as @c len. | ||
771 | */ | 772 | */ |
772 | ssize_t | 773 | enum GNUNET_GenericReturnValue |
773 | GNUNET_IDENTITY_encrypt (const void *block, | 774 | GNUNET_IDENTITY_encrypt (const void *block, |
774 | size_t size, | 775 | size_t size, |
775 | const struct GNUNET_IDENTITY_PublicKey *pub, | 776 | const struct GNUNET_IDENTITY_PublicKey *pub, |
@@ -786,11 +787,9 @@ GNUNET_IDENTITY_encrypt (const void *block, | |||
786 | * @param priv private key to use for ecdh | 787 | * @param priv private key to use for ecdh |
787 | * @param result address to store the result at | 788 | * @param result address to store the result at |
788 | * can be the same or overlap with @c block | 789 | * can be the same or overlap with @c block |
789 | * @return -1 on failure, size of decrypted block on success. | 790 | * @returns GNUNET_OK on success. |
790 | * Due to the use of CFB and therefore an effective stream cipher, | ||
791 | * this size should be the same as @c size. | ||
792 | */ | 791 | */ |
793 | ssize_t | 792 | enum GNUNET_GenericReturnValue |
794 | GNUNET_IDENTITY_decrypt (const void *block, | 793 | GNUNET_IDENTITY_decrypt (const void *block, |
795 | size_t size, | 794 | size_t size, |
796 | const struct GNUNET_IDENTITY_PrivateKey *priv, | 795 | const struct GNUNET_IDENTITY_PrivateKey *priv, |