NEWS: Added new CCA-secure KEM and use in IDENTITY encryption

author: Martin Schanzenbach <schanzen@gnunet.org> 2023-07-16 19:26:09 +0200
committer: Martin Schanzenbach <schanzen@gnunet.org> 2023-07-16 19:26:09 +0200
commit: a2c3a72d0157c0de4966cea417d1802727c3ed1e (patch)
tree: 6e938c29b09fb646a387f3ca55528dc999ece248 /src/include/gnunet_identity_service.h
parent: 7eb848d29db698432b25283b994383d2f35465b5 (diff)
download: gnunet-a2c3a72d0157c0de4966cea417d1802727c3ed1e.tar.gz
gnunet-a2c3a72d0157c0de4966cea417d1802727c3ed1e.zip
1 files changed, 55 insertions, 6 deletions
diff --git a/src/include/gnunet_identity_service.h b/src/include/gnunet_identity_service.h
index f38e373b1..15e49d781 100644
--- a/src/include/gnunet_identity_service.h
+++ b/src/include/gnunet_identity_service.h
@@ -721,11 +721,11 @@ GNUNET_IDENTITY_signature_verify_raw_ (
 *          this size should be the same as @c len.
 */
 ssize_t
-GNUNET_IDENTITY_encrypt (const void *block,
+GNUNET_IDENTITY_encrypt_old (const void *block,
-                         size_t size,
+                             size_t size,
-                         const struct GNUNET_IDENTITY_PublicKey *pub,
+                             const struct GNUNET_IDENTITY_PublicKey *pub,
-                         struct GNUNET_CRYPTO_EcdhePublicKey *ecc,
+                             struct GNUNET_CRYPTO_EcdhePublicKey *ecc,
-                         void *result);
+                             void *result);
 /**
@@ -743,13 +743,62 @@ GNUNET_IDENTITY_encrypt (const void *block,
 *         this size should be the same as @c size.
 */
 ssize_t
-GNUNET_IDENTITY_decrypt (
+GNUNET_IDENTITY_decrypt_old (
  const void *block,
  size_t size,
  const struct GNUNET_IDENTITY_PrivateKey *priv,
  const struct GNUNET_CRYPTO_EcdhePublicKey *ecc,
  void *result);
+/**
+ * Encrypt a block with #GNUNET_IDENTITY_PublicKey and derives a
+ * #GNUNET_CRYPTO_EcdhePublicKey which is required for decryption
+ * using ecdh to derive a symmetric key.
+ *
+ * Note that the result buffer for the ciphertext must be the length of
+ * the message to encrypt plus:
+ * - Length of a struct GNUNET_CRYPTO_FoKemC
+ * - the authentication tag of libsodium, e.g. crypto_secretbox_NONCEBYTES
+ *
+ * @param block the block to encrypt
+ * @param size the size of the @a block
+ * @param pub public key to use for ecdh
+ * @param ecc where to write the ecc public key
+ * @param result the output parameter in which to store the encrypted result
+ *               can be the same or overlap with @c block
+ * @returns the size of the encrypted block, -1 for errors.
+ *          Due to the use of CFB and therefore an effective stream cipher,
+ *          this size should be the same as @c len.
+ */
+ssize_t
+GNUNET_IDENTITY_encrypt2 (const void *block,
+                          size_t size,
+                          const struct GNUNET_IDENTITY_PublicKey *pub,
+                          void *result,
+                          size_t result_size);
+/**
+ * Decrypt a given block with #GNUNET_IDENTITY_PrivateKey and a given
+ * #GNUNET_CRYPTO_EcdhePublicKey using ecdh to derive a symmetric key.
+ *
+ * @param block the data to decrypt, encoded as returned by encrypt
+ * @param size the size of the @a block to decrypt
+ * @param priv private key to use for ecdh
+ * @param result address to store the result at
+ *               can be the same or overlap with @c block
+ * @return -1 on failure, size of decrypted block on success.
+ *         Due to the use of CFB and therefore an effective stream cipher,
+ *         this size should be the same as @c size.
+ */
+ssize_t
+GNUNET_IDENTITY_decrypt2 (
+  const void *block,
+  size_t size,
+  const struct GNUNET_IDENTITY_PrivateKey *priv,
+  void *result,
+  size_t result_size);
 /**
 * Creates a (Base32) string representation of the public key.
author	Martin Schanzenbach <schanzen@gnunet.org>	2023-07-16 19:26:09 +0200
committer	Martin Schanzenbach <schanzen@gnunet.org>	2023-07-16 19:26:09 +0200
commit	a2c3a72d0157c0de4966cea417d1802727c3ed1e (patch)
tree	6e938c29b09fb646a387f3ca55528dc999ece248 /src/include/gnunet_identity_service.h
parent	7eb848d29db698432b25283b994383d2f35465b5 (diff)
download	gnunet-a2c3a72d0157c0de4966cea417d1802727c3ed1e.tar.gz gnunet-a2c3a72d0157c0de4966cea417d1802727c3ed1e.zip

diff --git a/src/include/gnunet_identity_service.h b/src/include/gnunet_identity_service.h index f38e373b1..15e49d781 100644 --- a/src/include/gnunet_identity_service.h +++ b/src/include/gnunet_identity_service.h
@@ -721,11 +721,11 @@ GNUNET_IDENTITY_signature_verify_raw_ (
721	* this size should be the same as @c len.	721	* this size should be the same as @c len.
722	*/	722	*/
723	ssize_t	723	ssize_t
724	GNUNET_IDENTITY_encrypt (const void *block,	724	GNUNET_IDENTITY_encrypt_old (const void *block,
725	size_t size,	725	size_t size,
726	const struct GNUNET_IDENTITY_PublicKey *pub,	726	const struct GNUNET_IDENTITY_PublicKey *pub,
727	struct GNUNET_CRYPTO_EcdhePublicKey *ecc,	727	struct GNUNET_CRYPTO_EcdhePublicKey *ecc,
728	void *result);	728	void *result);
729		729
730		730
731	/**	731	/**
@@ -743,13 +743,62 @@ GNUNET_IDENTITY_encrypt (const void *block,
743	* this size should be the same as @c size.	743	* this size should be the same as @c size.
744	*/	744	*/
745	ssize_t	745	ssize_t
746	GNUNET_IDENTITY_decrypt (	746	GNUNET_IDENTITY_decrypt_old (
747	const void *block,	747	const void *block,
748	size_t size,	748	size_t size,
749	const struct GNUNET_IDENTITY_PrivateKey *priv,	749	const struct GNUNET_IDENTITY_PrivateKey *priv,
750	const struct GNUNET_CRYPTO_EcdhePublicKey *ecc,	750	const struct GNUNET_CRYPTO_EcdhePublicKey *ecc,
751	void *result);	751	void *result);
752		752
		753	/**
		754	* Encrypt a block with #GNUNET_IDENTITY_PublicKey and derives a
		755	* #GNUNET_CRYPTO_EcdhePublicKey which is required for decryption
		756	* using ecdh to derive a symmetric key.
		757	*
		758	* Note that the result buffer for the ciphertext must be the length of
		759	* the message to encrypt plus:
		760	* - Length of a struct GNUNET_CRYPTO_FoKemC
		761	* - the authentication tag of libsodium, e.g. crypto_secretbox_NONCEBYTES
		762	*
		763	* @param block the block to encrypt
		764	* @param size the size of the @a block
		765	* @param pub public key to use for ecdh
		766	* @param ecc where to write the ecc public key
		767	* @param result the output parameter in which to store the encrypted result
		768	* can be the same or overlap with @c block
		769	* @returns the size of the encrypted block, -1 for errors.
		770	* Due to the use of CFB and therefore an effective stream cipher,
		771	* this size should be the same as @c len.
		772	*/
		773	ssize_t
		774	GNUNET_IDENTITY_encrypt2 (const void *block,
		775	size_t size,
		776	const struct GNUNET_IDENTITY_PublicKey *pub,
		777	void *result,
		778	size_t result_size);
		779
		780
		781	/**
		782	* Decrypt a given block with #GNUNET_IDENTITY_PrivateKey and a given
		783	* #GNUNET_CRYPTO_EcdhePublicKey using ecdh to derive a symmetric key.
		784	*
		785	* @param block the data to decrypt, encoded as returned by encrypt
		786	* @param size the size of the @a block to decrypt
		787	* @param priv private key to use for ecdh
		788	* @param result address to store the result at
		789	* can be the same or overlap with @c block
		790	* @return -1 on failure, size of decrypted block on success.
		791	* Due to the use of CFB and therefore an effective stream cipher,
		792	* this size should be the same as @c size.
		793	*/
		794	ssize_t
		795	GNUNET_IDENTITY_decrypt2 (
		796	const void *block,
		797	size_t size,
		798	const struct GNUNET_IDENTITY_PrivateKey *priv,
		799	void *result,
		800	size_t result_size);
		801
753		802
754	/**	803	/**
755	* Creates a (Base32) string representation of the public key.	804	* Creates a (Base32) string representation of the public key.