- towards crypto agility; wip

author: Martin Schanzenbach <mschanzenbach@posteo.de> 2020-10-14 19:47:32 +0200
committer: Martin Schanzenbach <mschanzenbach@posteo.de> 2020-10-15 12:11:18 +0200
commit: 96c802b46be51e5c45f34e2de823f787d26c2929 (patch)
tree: 457ccfd8f9a61563af86318739c4a8f964a57025 /src/include
parent: c14e3a2769ff0f15fdbb32797e37e43ce2344fa3 (diff)
download: gnunet-96c802b46be51e5c45f34e2de823f787d26c2929.tar.gz
gnunet-96c802b46be51e5c45f34e2de823f787d26c2929.zip
6 files changed, 143 insertions, 38 deletions
diff --git a/src/include/gnunet_gns_service.h b/src/include/gnunet_gns_service.h
index ef81e9a88..3f6c9b9aa 100644
--- a/src/include/gnunet_gns_service.h
+++ b/src/include/gnunet_gns_service.h
@@ -36,6 +36,7 @@
 #include "gnunet_util_lib.h"
 #include "gnunet_dnsparser_lib.h"
+#include "gnunet_identity_service.h"
 #include "gnunet_namestore_service.h"
 #ifdef __cplusplus
@@ -139,7 +140,7 @@ enum GNUNET_GNS_LocalOptions
 struct GNUNET_GNS_LookupRequest *
 GNUNET_GNS_lookup (struct GNUNET_GNS_Handle *handle,
                   const char *name,
-                   const struct GNUNET_CRYPTO_EcdsaPublicKey *zone,
+                   const struct GNUNET_IDENTITY_PublicKey *zone,
                   uint32_t type,
                   enum GNUNET_GNS_LocalOptions options,
                   GNUNET_GNS_LookupResultProcessor proc,
@@ -163,7 +164,7 @@ GNUNET_GNS_lookup (struct GNUNET_GNS_Handle *handle,
 struct GNUNET_GNS_LookupRequest *
 GNUNET_GNS_lookup_limited (struct GNUNET_GNS_Handle *handle,
                           const char *name,
-                           const struct GNUNET_CRYPTO_EcdsaPublicKey *zone,
+                           const struct GNUNET_IDENTITY_PublicKey *zone,
                           uint32_t type,
                           enum GNUNET_GNS_LocalOptions options,
                           uint16_t recursion_depth_limit,
diff --git a/src/include/gnunet_gnsrecord_lib.h b/src/include/gnunet_gnsrecord_lib.h
index 960203fb1..6124b2925 100644
--- a/src/include/gnunet_gnsrecord_lib.h
+++ b/src/include/gnunet_gnsrecord_lib.h
@@ -34,6 +34,8 @@
 #ifndef GNUNET_GNSRECORD_LIB_H
 #define GNUNET_GNSRECORD_LIB_H
+#include "gnunet_identity_service.h"
 #ifdef __cplusplus
 extern "C" {
 #if 0 /* keep Emacsens' auto-indent happy */
@@ -55,7 +57,7 @@ extern "C" {
 /**
 * Record type for GNS zone transfer ("PKEY").
 */
-#define GNUNET_GNSRECORD_TYPE_PKEY 65536
+#define GNUNET_GNSRECORD_TYPE_PKEY GNUNET_IDENTITY_TYPE_ECDSA
 /**
 * Record type for GNS nick names ("NICK").
@@ -275,7 +277,7 @@ struct GNUNET_GNSRECORD_Block
  /**
   * Derived key used for signing; hash of this is the query.
   */
-  struct GNUNET_CRYPTO_EcdsaPublicKey derived_key;
+  struct GNUNET_IDENTITY_PublicKey derived_key;
  /**
   * Number of bytes signed; also specifies the number of bytes
@@ -335,7 +337,7 @@ struct GNUNET_GNSRECORD_ReverseRecord
  /**
   * The public key of the namespace the is delegating to our namespace
   */
-  struct GNUNET_CRYPTO_EcdsaPublicKey pkey;
+  struct GNUNET_IDENTITY_PublicKey pkey;
  /**
   * The expiration time of the delegation
@@ -488,7 +490,7 @@ GNUNET_GNSRECORD_string_to_lowercase (const char *src);
 * #GNUNET_GNSRECORD_z2s.
 */
 const char *
-GNUNET_GNSRECORD_z2s (const struct GNUNET_CRYPTO_EcdsaPublicKey *z);
+GNUNET_GNSRECORD_z2s (const struct GNUNET_IDENTITY_PublicKey *z);
 /**
@@ -502,7 +504,7 @@ GNUNET_GNSRECORD_z2s (const struct GNUNET_CRYPTO_EcdsaPublicKey *z);
 *         key in an encoding suitable for DNS labels.
 */
 const char *
-GNUNET_GNSRECORD_pkey_to_zkey (const struct GNUNET_CRYPTO_EcdsaPublicKey *pkey);
+GNUNET_GNSRECORD_pkey_to_zkey (const struct GNUNET_IDENTITY_PublicKey *pkey);
 /**
@@ -516,7 +518,7 @@ GNUNET_GNSRECORD_pkey_to_zkey (const struct GNUNET_CRYPTO_EcdsaPublicKey *pkey);
 */
 int
 GNUNET_GNSRECORD_zkey_to_pkey (const char *zkey,
-                               struct GNUNET_CRYPTO_EcdsaPublicKey *pkey);
+                               struct GNUNET_IDENTITY_PublicKey *pkey);
 /**
@@ -528,7 +530,7 @@ GNUNET_GNSRECORD_zkey_to_pkey (const char *zkey,
 */
 void
 GNUNET_GNSRECORD_query_from_private_key (
-  const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone, const char *label,
+  const struct GNUNET_IDENTITY_PrivateKey *zone, const char *label,
  struct GNUNET_HashCode *query);
@@ -541,7 +543,7 @@ GNUNET_GNSRECORD_query_from_private_key (
 */
 void
 GNUNET_GNSRECORD_query_from_public_key (
-  const struct GNUNET_CRYPTO_EcdsaPublicKey *pub, const char *label,
+  const struct GNUNET_IDENTITY_PublicKey *pub, const char *label,
  struct GNUNET_HashCode *query);
@@ -555,7 +557,7 @@ GNUNET_GNSRECORD_query_from_public_key (
 * @param rd_count number of records in @a rd
 */
 struct GNUNET_GNSRECORD_Block *
-GNUNET_GNSRECORD_block_create (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
+GNUNET_GNSRECORD_block_create (const struct GNUNET_IDENTITY_PrivateKey *key,
                               struct GNUNET_TIME_Absolute expire,
                               const char *label,
                               const struct GNUNET_GNSRECORD_Data *rd,
@@ -574,7 +576,7 @@ GNUNET_GNSRECORD_block_create (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
 * @param rd_count number of records in @a rd
 */
 struct GNUNET_GNSRECORD_Block *
-GNUNET_GNSRECORD_block_create2 (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
+GNUNET_GNSRECORD_block_create2 (const struct GNUNET_IDENTITY_PrivateKey *key,
                                struct GNUNET_TIME_Absolute expire,
                                const char *label,
                                const struct GNUNET_GNSRECORD_Data *rd,
@@ -606,7 +608,7 @@ GNUNET_GNSRECORD_block_verify (const struct GNUNET_GNSRECORD_Block *block);
 int
 GNUNET_GNSRECORD_block_decrypt (
  const struct GNUNET_GNSRECORD_Block *block,
-  const struct GNUNET_CRYPTO_EcdsaPublicKey *zone_key, const char *label,
+  const struct GNUNET_IDENTITY_PublicKey *zone_key, const char *label,
  GNUNET_GNSRECORD_RecordCallback proc, void *proc_cls);
diff --git a/src/include/gnunet_identity_service.h b/src/include/gnunet_identity_service.h
index 94127248e..c72e6d146 100644
--- a/src/include/gnunet_identity_service.h
+++ b/src/include/gnunet_identity_service.h
@@ -57,6 +57,21 @@ extern "C" {
 */
 #define GNUNET_IDENTITY_VERSION 0x00000100
+enum GNUNET_IDENTITY_KeyType
+{
+  /**
+   * The identity type. The value is the same as the
+   * PKEY record type.
+   */
+  GNUNET_IDENTITY_TYPE_ECDSA = 65536,
+  /**
+   * EDDSA identity. The value is the same as the EDKEY
+   * record type.
+   */
+  GNUNET_IDENTITY_TYPE_EDDSA = 65599 // FIXME
+};
 /**
 * Handle to access the identity service.
 */
@@ -67,6 +82,61 @@ struct GNUNET_IDENTITY_Handle;
 */
 struct GNUNET_IDENTITY_Ego;
+/**
+ * A private key for an identity as per LSD0001.
+ */
+struct GNUNET_IDENTITY_PrivateKey
+{
+  /**
+   * Type of public key.
+   * Defined by the GNS zone type value.
+   * In NBO.
+   */
+  uint32_t type;
+  union
+  {
+    /**
+     * An ECDSA identity key.
+     */
+    struct GNUNET_CRYPTO_EcdsaPrivateKey ecdsa_key;
+    /**
+     * AN EdDSA identtiy key
+     */
+    struct GNUNET_CRYPTO_EddsaPrivateKey eddsa_key;
+  };
+};
+/**
+ * An identity key as per LSD0001.
+ */
+struct GNUNET_IDENTITY_PublicKey
+{
+  /**
+   * Type of public key.
+   * Defined by the GNS zone type value.
+   * In NBO.
+   */
+  uint32_t type;
+  union
+  {
+    /**
+     * An ECDSA identity key.
+     */
+    struct GNUNET_CRYPTO_EcdsaPublicKey ecdsa_key;
+    /**
+     * AN EdDSA identtiy key
+     */
+    struct GNUNET_CRYPTO_EddsaPublicKey eddsa_key;
+  };
+};
 /**
 * Handle for an operation with the identity service.
 */
@@ -79,7 +149,7 @@ struct GNUNET_IDENTITY_Operation;
 * @param ego the ego
 * @return associated ECC key, valid as long as the ego is valid
 */
-const struct GNUNET_CRYPTO_EcdsaPrivateKey *
+const struct GNUNET_IDENTITY_PrivateKey *
 GNUNET_IDENTITY_ego_get_private_key (const struct GNUNET_IDENTITY_Ego *ego);
@@ -100,7 +170,7 @@ GNUNET_IDENTITY_ego_get_anonymous (void);
 */
 void
 GNUNET_IDENTITY_ego_get_public_key (struct GNUNET_IDENTITY_Ego *ego,
-                                    struct GNUNET_CRYPTO_EcdsaPublicKey *pk);
+                                    struct GNUNET_IDENTITY_PublicKey *pk);
 /**
@@ -224,7 +294,7 @@ GNUNET_IDENTITY_disconnect (struct GNUNET_IDENTITY_Handle *h);
 typedef void
 (*GNUNET_IDENTITY_CreateContinuation) (
  void *cls,
-  const struct GNUNET_CRYPTO_EcdsaPrivateKey *pk,
+  const struct GNUNET_IDENTITY_PrivateKey *pk,
  const char *emsg);
@@ -234,6 +304,7 @@ typedef void
 * @param id identity service to use
 * @param name desired name
 * @param privkey desired private key or NULL to create one
+ * @param ktype the type of key to create. Ignored if privkey != NULL.
 * @param cont function to call with the result (will only be called once)
 * @param cont_cls closure for @a cont
 * @return handle to abort the operation
@@ -241,7 +312,8 @@ typedef void
 struct GNUNET_IDENTITY_Operation *
 GNUNET_IDENTITY_create (struct GNUNET_IDENTITY_Handle *id,
                        const char *name,
-                        const struct GNUNET_CRYPTO_EcdsaPrivateKey *privkey,
+                        const struct GNUNET_IDENTITY_PrivateKey *privkey,
+                        enum GNUNET_IDENTITY_KeyType ktype,
                        GNUNET_IDENTITY_CreateContinuation cont,
                        void *cont_cls);
@@ -291,6 +363,31 @@ GNUNET_IDENTITY_delete (struct GNUNET_IDENTITY_Handle *id,
 void
 GNUNET_IDENTITY_cancel (struct GNUNET_IDENTITY_Operation *op);
+ssize_t
+GNUNET_IDENTITY_key_get_length (const struct GNUNET_IDENTITY_PublicKey *key);
+char *
+GNUNET_IDENTITY_public_key_to_string (const struct
+                                      GNUNET_IDENTITY_PublicKey *key);
+char *
+GNUNET_IDENTITY_private_key_to_string (const struct
+                                       GNUNET_IDENTITY_PrivateKey *key);
+enum GNUNET_GenericReturnValue
+GNUNET_IDENTITY_public_key_from_string (const char*str,
+                                        struct GNUNET_IDENTITY_PublicKey *key);
+enum GNUNET_GenericReturnValue
+GNUNET_IDENTITY_private_key_from_string (const char*str,
+                                         struct GNUNET_IDENTITY_PrivateKey *key);
+enum GNUNET_GenericReturnValue
+GNUNET_IDENTITY_key_get_public (const struct GNUNET_IDENTITY_PrivateKey *privkey,
+                                struct GNUNET_IDENTITY_PublicKey *key);
 /* ************* convenience API to lookup an ego ***************** */
@@ -344,7 +441,7 @@ GNUNET_IDENTITY_ego_lookup_cancel (struct GNUNET_IDENTITY_EgoLookup *el);
 typedef void
 (*GNUNET_IDENTITY_EgoSuffixCallback) (
  void *cls,
-  const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv,
+  const struct GNUNET_IDENTITY_PrivateKey *priv,
  const char *ego_name);
diff --git a/src/include/gnunet_namestore_plugin.h b/src/include/gnunet_namestore_plugin.h
index 443c9e451..9cc8abc6e 100644
--- a/src/include/gnunet_namestore_plugin.h
+++ b/src/include/gnunet_namestore_plugin.h
@@ -58,7 +58,7 @@ typedef void
 (*GNUNET_NAMESTORE_RecordIterator) (void *cls,
                                    uint64_t serial,
                                    const struct
-                                    GNUNET_CRYPTO_EcdsaPrivateKey *private_key,
+                                    GNUNET_IDENTITY_PrivateKey *private_key,
                                    const char *label,
                                    unsigned int rd_count,
                                    const struct GNUNET_GNSRECORD_Data *rd);
@@ -87,7 +87,7 @@ struct GNUNET_NAMESTORE_PluginFunctions
   */
  int
  (*store_records) (void *cls,
-                    const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
+                    const struct GNUNET_IDENTITY_PrivateKey *zone,
                    const char *label,
                    unsigned int rd_count,
                    const struct GNUNET_GNSRECORD_Data *rd);
@@ -104,7 +104,7 @@ struct GNUNET_NAMESTORE_PluginFunctions
   */
  int
  (*lookup_records) (void *cls,
-                     const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
+                     const struct GNUNET_IDENTITY_PrivateKey *zone,
                     const char *label,
                     GNUNET_NAMESTORE_RecordIterator iter,
                     void *iter_cls);
@@ -126,7 +126,7 @@ struct GNUNET_NAMESTORE_PluginFunctions
   */
  int
  (*iterate_records) (void *cls,
-                      const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
+                      const struct GNUNET_IDENTITY_PrivateKey *zone,
                      uint64_t serial,
                      uint64_t limit,
                      GNUNET_NAMESTORE_RecordIterator iter,
@@ -146,8 +146,8 @@ struct GNUNET_NAMESTORE_PluginFunctions
   */
  int
  (*zone_to_name) (void *cls,
-                   const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
+                   const struct GNUNET_IDENTITY_PrivateKey *zone,
-                   const struct GNUNET_CRYPTO_EcdsaPublicKey *value_zone,
+                   const struct GNUNET_IDENTITY_PublicKey *value_zone,
                   GNUNET_NAMESTORE_RecordIterator iter,
                   void *iter_cls);
 };
diff --git a/src/include/gnunet_namestore_service.h b/src/include/gnunet_namestore_service.h
index bf42c8d34..ca4d2cb52 100644
--- a/src/include/gnunet_namestore_service.h
+++ b/src/include/gnunet_namestore_service.h
@@ -41,6 +41,7 @@
 #include "gnunet_util_lib.h"
 #include "gnunet_block_lib.h"
 #include "gnunet_gnsrecord_lib.h"
+#include "gnunet_identity_service.h"
 #ifdef __cplusplus
 extern "C"
@@ -127,7 +128,7 @@ typedef void
 struct GNUNET_NAMESTORE_QueueEntry *
 GNUNET_NAMESTORE_records_store (struct GNUNET_NAMESTORE_Handle *h,
                                const struct
-                                GNUNET_CRYPTO_EcdsaPrivateKey *pkey,
+                                GNUNET_IDENTITY_PrivateKey *pkey,
                                const char *label,
                                unsigned int rd_count,
                                const struct GNUNET_GNSRECORD_Data *rd,
@@ -147,7 +148,7 @@ GNUNET_NAMESTORE_records_store (struct GNUNET_NAMESTORE_Handle *h,
 typedef void
 (*GNUNET_NAMESTORE_RecordMonitor) (void *cls,
                                   const struct
-                                   GNUNET_CRYPTO_EcdsaPrivateKey *zone,
+                                   GNUNET_IDENTITY_PrivateKey *zone,
                                   const char *label,
                                   unsigned int rd_count,
                                   const struct GNUNET_GNSRECORD_Data *rd);
@@ -170,7 +171,7 @@ typedef void
 struct GNUNET_NAMESTORE_QueueEntry *
 GNUNET_NAMESTORE_records_lookup (struct GNUNET_NAMESTORE_Handle *h,
                                 const struct
-                                 GNUNET_CRYPTO_EcdsaPrivateKey *pkey,
+                                 GNUNET_IDENTITY_PrivateKey *pkey,
                                 const char *label,
                                 GNUNET_SCHEDULER_TaskCallback error_cb,
                                 void *error_cb_cls,
@@ -197,9 +198,9 @@ GNUNET_NAMESTORE_records_lookup (struct GNUNET_NAMESTORE_Handle *h,
 */
 struct GNUNET_NAMESTORE_QueueEntry *
 GNUNET_NAMESTORE_zone_to_name (struct GNUNET_NAMESTORE_Handle *h,
-                               const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
+                               const struct GNUNET_IDENTITY_PrivateKey *zone,
                               const struct
-                               GNUNET_CRYPTO_EcdsaPublicKey *value_zone,
+                               GNUNET_IDENTITY_PublicKey *value_zone,
                               GNUNET_SCHEDULER_TaskCallback error_cb,
                               void *error_cb_cls,
                               GNUNET_NAMESTORE_RecordMonitor proc,
@@ -246,7 +247,7 @@ GNUNET_NAMESTORE_cancel (struct GNUNET_NAMESTORE_QueueEntry *qe);
 struct GNUNET_NAMESTORE_ZoneIterator *
 GNUNET_NAMESTORE_zone_iteration_start (struct GNUNET_NAMESTORE_Handle *h,
                                       const struct
-                                       GNUNET_CRYPTO_EcdsaPrivateKey *zone,
+                                       GNUNET_IDENTITY_PrivateKey *zone,
                                       GNUNET_SCHEDULER_TaskCallback error_cb,
                                       void *error_cb_cls,
                                       GNUNET_NAMESTORE_RecordMonitor proc,
@@ -316,7 +317,7 @@ struct GNUNET_NAMESTORE_ZoneMonitor *
 GNUNET_NAMESTORE_zone_monitor_start (const struct
                                     GNUNET_CONFIGURATION_Handle *cfg,
                                     const struct
-                                     GNUNET_CRYPTO_EcdsaPrivateKey *zone,
+                                     GNUNET_IDENTITY_PrivateKey *zone,
                                     int iterate_first,
                                     GNUNET_SCHEDULER_TaskCallback error_cb,
                                     void *error_cb_cls,
diff --git a/src/include/gnunet_revocation_service.h b/src/include/gnunet_revocation_service.h
index 105bb1149..479cc61d7 100644
--- a/src/include/gnunet_revocation_service.h
+++ b/src/include/gnunet_revocation_service.h
@@ -21,6 +21,8 @@
 #ifndef GNUNET_REVOCATION_SERVICE_H_
 #define GNUNET_REVOCATION_SERVICE_H_
+#include "gnunet_identity_service.h"
 /**
 * @author Christian Grothoff
 *
@@ -80,14 +82,16 @@ struct GNUNET_REVOCATION_PowP
  uint64_t pow[POW_COUNT] GNUNET_PACKED;
  /**
-   * The signature
+   * The revoked public key
   */
-  struct GNUNET_CRYPTO_EcdsaSignature signature;
+  struct GNUNET_IDENTITY_PublicKey key;
  /**
-   * The revoked public key
+   * Length of the signature
   */
-  struct GNUNET_CRYPTO_EcdsaPublicKey key;
+  uint32_t sig_len;
+  /** followed by a signature **/
 };
@@ -104,7 +108,7 @@ struct GNUNET_REVOCATION_SignaturePurposePS
  /**
   * The revoked public key
   */
-  struct GNUNET_CRYPTO_EcdsaPublicKey key;
+  struct GNUNET_IDENTITY_PublicKey key;
  /**
   * The timestamp of the revocation
@@ -150,7 +154,7 @@ typedef void (*GNUNET_REVOCATION_Callback) (void *cls,
 */
 struct GNUNET_REVOCATION_Query *
 GNUNET_REVOCATION_query (const struct GNUNET_CONFIGURATION_Handle *cfg,
-                         const struct GNUNET_CRYPTO_EcdsaPublicKey *key,
+                         const struct GNUNET_IDENTITY_PublicKey *key,
                         GNUNET_REVOCATION_Callback func, void *func_cls);
@@ -217,7 +221,7 @@ GNUNET_REVOCATION_check_pow (const struct GNUNET_REVOCATION_PowP *pow,
 * @param pow the pow object to work with in the calculation.
 */
 void
-GNUNET_REVOCATION_pow_init (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
+GNUNET_REVOCATION_pow_init (const struct GNUNET_IDENTITY_PrivateKey *key,
                            struct GNUNET_REVOCATION_PowP *pow);
author	Martin Schanzenbach <mschanzenbach@posteo.de>	2020-10-14 19:47:32 +0200
committer	Martin Schanzenbach <mschanzenbach@posteo.de>	2020-10-15 12:11:18 +0200
commit	96c802b46be51e5c45f34e2de823f787d26c2929 (patch)
tree	457ccfd8f9a61563af86318739c4a8f964a57025 /src/include
parent	c14e3a2769ff0f15fdbb32797e37e43ce2344fa3 (diff)
download	gnunet-96c802b46be51e5c45f34e2de823f787d26c2929.tar.gz gnunet-96c802b46be51e5c45f34e2de823f787d26c2929.zip