moving to new, fixed-size encoding of public and private ECC keys everywhere, also improving ECC API to better support ECRS/GADS operations

11 files changed, 119 insertions, 129 deletions

diff --git a/src/include/block_dns.h b/src/include/block_dns.h
index c7e1fbb55..198bba2c0 100644
--- a/src/include/block_dns.h
+++ b/src/include/block_dns.h
@@ -58,7 +58,7 @@ struct GNUNET_DNS_Record
   /**
    * The peer providing this service
    */
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded peer;
+  struct GNUNET_CRYPTO_EccPublicKey peer;
 
   /**
    * The descriptor for the service
diff --git a/src/include/block_gns.h b/src/include/block_gns.h
index 2f864f4d3..21f0b097c 100644
--- a/src/include/block_gns.h
+++ b/src/include/block_gns.h
@@ -39,14 +39,16 @@ struct GNSNameRecordBlock
   /**
    * The public key of the authority
    */
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded public_key;
+  struct GNUNET_CRYPTO_EccPublicKey public_key;
 
   /**
    * GNUNET_RSA_Signature using RSA-key generated from the records.
    */
   struct GNUNET_CRYPTO_EccSignature signature;
 
-  /* number of records that follow */
+  /**
+   * number of records that follow 
+   */
   uint32_t rd_count GNUNET_PACKED;
 
   /* 0-terminated name here */
diff --git a/src/include/block_regex.h b/src/include/block_regex.h
index bfaf411eb..5995f70a2 100644
--- a/src/include/block_regex.h
+++ b/src/include/block_regex.h
@@ -67,7 +67,7 @@ struct RegexAcceptBlock
   /**
    * Public key of the peer signing.
    */
-  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded public_key;
+  struct GNUNET_CRYPTO_EccPublicKey public_key;
 
   /**
    * The signature.
diff --git a/src/include/gnunet_chat_service.h b/src/include/gnunet_chat_service.h
index 8e77f9b65..d539197a0 100644
--- a/src/include/gnunet_chat_service.h
+++ b/src/include/gnunet_chat_service.h
@@ -135,7 +135,7 @@ typedef int (*GNUNET_CHAT_MemberListCallback) (void *cls,
                                                GNUNET_CONTAINER_MetaData *
                                                member_info,
                                                const struct
-                                               GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded
+                                               GNUNET_CRYPTO_RsaPublicKey
                                                * member_id,
                                                enum GNUNET_CHAT_MsgOptions
                                                options);
@@ -209,7 +209,7 @@ GNUNET_CHAT_join_room (const struct GNUNET_CONFIGURATION_Handle *cfg,
 void
 GNUNET_CHAT_send_message (struct GNUNET_CHAT_Room *room, const char *message,
                           enum GNUNET_CHAT_MsgOptions options,
-                          const struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded
+                          const struct GNUNET_CRYPTO_RsaPublicKey
                           *receiver, uint32_t * sequence_number);
 
 
diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h
index da2fe860e..5f209efea 100644
--- a/src/include/gnunet_crypto_lib.h
+++ b/src/include/gnunet_crypto_lib.h
@@ -43,6 +43,14 @@ extern "C"
 #include "gnunet_common.h"
 #include "gnunet_scheduler_lib.h"
 
+
+/**
+ * Maximum length of an ECC signature.
+ * Note: round up to multiple of 8 minus 2 for alignment.
+ */
+#define GNUNET_CRYPTO_ECC_SIGNATURE_DATA_ENCODING_LENGTH 126
+
+
 /**
  * Desired quality level for cryptographic operations.
  */
@@ -77,24 +85,6 @@ enum GNUNET_CRYPTO_Quality
 #define GNUNET_CRYPTO_HASH_LENGTH (512/8)
 
 /**
- * Maximum length of an ECC signature.
- * Note: round up to multiple of 8 minus 2 for alignment.
- */
-#define GNUNET_CRYPTO_ECC_SIGNATURE_DATA_ENCODING_LENGTH 126
-
-/**
- * Maximum length of the public key (q-point, Q = dP) when encoded.
- */
-#define GNUNET_CRYPTO_ECC_MAX_PUBLIC_KEY_LENGTH 76 
-
-
-/**
- * The private information of an ECC private key.
- */
-struct GNUNET_CRYPTO_EccPrivateKey;
-
-
-/**
  * @brief 0-terminated ASCII encoding of a struct GNUNET_HashCode.
  */
 struct GNUNET_CRYPTO_HashAsciiEncoded
@@ -112,7 +102,6 @@ struct GNUNET_CRYPTO_ShortHashAsciiEncoded
 };
 
 
-
 GNUNET_NETWORK_STRUCT_BEGIN
 
 
@@ -146,54 +135,50 @@ struct GNUNET_CRYPTO_EccSignaturePurpose
  */
 struct GNUNET_CRYPTO_EccSignature
 {
+
   /**
-   * Overall size of the signature data.
+   * R value.
    */
-  uint16_t size GNUNET_PACKED;
+  unsigned char r[256 / 8];
 
   /**
-   * S-expression, padded with zeros.
+   * S value.
    */
-  char sexpr[GNUNET_CRYPTO_ECC_SIGNATURE_DATA_ENCODING_LENGTH];
+  unsigned char s[256 / 8];
+
 };
 
 
 /**
  * Public ECC key (always for NIST P-521) encoded in a format suitable
- * for network transmission as created using 'gcry_sexp_sprint'.
+ * for network transmission.
  */
-struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded 
+struct GNUNET_CRYPTO_EccPublicKey 
 {
   /**
-   * Size of the encoding, in network byte order.
+   * Q consists of an x- and a y-value, each mod p (256 bits),
+   * given here in affine coordinates.
    */
-  uint16_t size GNUNET_PACKED;
+  unsigned char q_x[256 / 8];
 
   /**
-   * Actual length of the q-point binary encoding.
+   * Q consists of an x- and a y-value, each mod p (256 bits),
+   * given here in affine coordinates.
    */
-  uint16_t len GNUNET_PACKED;
+  unsigned char q_y[256 / 8];
 
-  /**
-   * 0-padded q-point in binary encoding (GCRYPT_MPI_FMT_USG).
-   */
-  unsigned char key[GNUNET_CRYPTO_ECC_MAX_PUBLIC_KEY_LENGTH];
 };
 
 
 /**
- * Private ECC key encoded for transmission (with length prefix).
+ * Private ECC key encoded for transmission.
  */
-struct GNUNET_CRYPTO_EccPrivateKeyBinaryEncoded
+struct GNUNET_CRYPTO_EccPrivateKey
 {
   /**
-   * Overall size of the private key in network byte order.
+   * d is a value mod n, where n has at most 256 bits.
    */
-  uint16_t size;
-
-  /* followd by S-expression, opaque to applications */
-
-  /* FIXME: consider defining padding to make this a fixed-size struct */
+  unsigned char d[256 / 8];
 
 };
 
@@ -828,10 +813,10 @@ typedef void (*GNUNET_CRYPTO_EccKeyCallback)(void *cls,
 /**
  * Free memory occupied by ECC key
  *
- * @param privatekey pointer to the memory to free
+ * @param priv pointer to the memory to free
  */
 void
-GNUNET_CRYPTO_ecc_key_free (struct GNUNET_CRYPTO_EccPrivateKey *privatekey);
+GNUNET_CRYPTO_ecc_key_free (struct GNUNET_CRYPTO_EccPrivateKey *priv);
 
 
 /**
@@ -842,7 +827,7 @@ GNUNET_CRYPTO_ecc_key_free (struct GNUNET_CRYPTO_EccPrivateKey *privatekey);
  */
 void
 GNUNET_CRYPTO_ecc_key_get_public (const struct GNUNET_CRYPTO_EccPrivateKey *priv,
-                                  struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *pub);
+                                  struct GNUNET_CRYPTO_EccPublicKey *pub);
 
 
 /**
@@ -852,7 +837,7 @@ GNUNET_CRYPTO_ecc_key_get_public (const struct GNUNET_CRYPTO_EccPrivateKey *priv
  * @return string representing  'pub'
  */
 char *
-GNUNET_CRYPTO_ecc_public_key_to_string (const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *pub);
+GNUNET_CRYPTO_ecc_public_key_to_string (const struct GNUNET_CRYPTO_EccPublicKey *pub);
 
 
 /**
@@ -866,36 +851,7 @@ GNUNET_CRYPTO_ecc_public_key_to_string (const struct GNUNET_CRYPTO_EccPublicKeyB
 int
 GNUNET_CRYPTO_ecc_public_key_from_string (const char *enc, 
                                           size_t enclen,
-                                          struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *pub);
-
-
-/**
- * Encode the private key in a format suitable for
- * storing it into a file.
- *
- * @param key key to encode
- * @return encoding of the private key.
- *    The first 4 bytes give the size of the array, as usual.
- */
-struct GNUNET_CRYPTO_EccPrivateKeyBinaryEncoded *
-GNUNET_CRYPTO_ecc_encode_key (const struct GNUNET_CRYPTO_EccPrivateKey *key);
-
-
-/**
- * Decode the private key from the file-format back
- * to the "normal", internal format.
- *
- * @param buf the buffer where the private key data is stored
- * @param len the length of the data in 'buffer'
- * @param validate GNUNET_YES to validate that the key is well-formed,
- *                 GNUNET_NO if the key comes from a totally trusted source 
- *                 and validation is considered too expensive
- * @return NULL on error
- */
-struct GNUNET_CRYPTO_EccPrivateKey *
-GNUNET_CRYPTO_ecc_decode_key (const char *buf, 
-                              size_t len,
-                              int validate);
+                                          struct GNUNET_CRYPTO_EccPublicKey *pub);
 
 
 /**
@@ -972,20 +928,20 @@ GNUNET_CRYPTO_get_host_identity (const struct GNUNET_CONFIGURATION_Handle *cfg,
  */
 int
 GNUNET_CRYPTO_ecc_ecdh (const struct GNUNET_CRYPTO_EccPrivateKey *key,
-                        const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *pub,
+                        const struct GNUNET_CRYPTO_EccPublicKey *pub,
                         struct GNUNET_HashCode *key_material);
 
 
 /**
  * Sign a given block.
  *
- * @param key private key to use for the signing
+ * @param priv private key to use for the signing
  * @param purpose what to sign (size, purpose)
  * @param sig where to write the signature
  * @return GNUNET_SYSERR on error, GNUNET_OK on success
  */
 int
-GNUNET_CRYPTO_ecc_sign (const struct GNUNET_CRYPTO_EccPrivateKey *key,
+GNUNET_CRYPTO_ecc_sign (const struct GNUNET_CRYPTO_EccPrivateKey *priv,
                         const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose,
                         struct GNUNET_CRYPTO_EccSignature *sig);
 
@@ -996,7 +952,7 @@ GNUNET_CRYPTO_ecc_sign (const struct GNUNET_CRYPTO_EccPrivateKey *key,
  * @param purpose what is the purpose that the signature should have?
  * @param validate block to validate (size, purpose, data)
  * @param sig signature that is being validated
- * @param publicKey public key of the signer
+ * @param pub public key of the signer
  * @returns GNUNET_OK if ok, GNUNET_SYSERR if invalid
  */
 int
@@ -1004,8 +960,36 @@ GNUNET_CRYPTO_ecc_verify (uint32_t purpose,
                           const struct GNUNET_CRYPTO_EccSignaturePurpose
                           *validate,
                           const struct GNUNET_CRYPTO_EccSignature *sig,
-                          const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded
-                          *publicKey);
+                          const struct GNUNET_CRYPTO_EccPublicKey *pub);
+
+
+/**
+ * Derive a private key from a given private key and a label.
+ * Essentially calculates a private key 'h = H(l,P) * d mod n'
+ * where n is the size of the ECC group and P is the public
+ * key associated with the private key 'd'.
+ *
+ * @param priv original private key
+ * @param label label to use for key deriviation
+ * @return derived private key
+ */
+struct GNUNET_CRYPTO_EccPrivateKey *
+GNUNET_CRYPTO_ecc_key_derive (const struct GNUNET_CRYPTO_EccPrivateKey *priv,
+                              const char *label);
+
+
+/**
+ * Derive a public key from a given public key and a label.
+ * Essentially calculates a public key 'V = H(l,P) * P'.
+ *
+ * @param pub original public key
+ * @param label label to use for key deriviation
+ * @param result where to write the derived public key
+ */
+void
+GNUNET_CRYPTO_ecc_public_key_derive (const struct GNUNET_CRYPTO_EccPublicKey *pub,
+                                     const char *label,
+                                     struct GNUNET_CRYPTO_EccPublicKey *result);
 
 
 #if 0                           /* keep Emacsens' auto-indent happy */
diff --git a/src/include/gnunet_fs_service.h b/src/include/gnunet_fs_service.h
index a1e2dca23..afe53b0e0 100644
--- a/src/include/gnunet_fs_service.h
+++ b/src/include/gnunet_fs_service.h
@@ -81,13 +81,9 @@ struct GNUNET_FS_Uri;
 
 
 /**
- * Identifier for a GNUnet pseudonym (the public key).  Q-point, Q=dp.
- * Note that we (ab)use an identifier of 'all zeros' to mean the
- * 'anonymous' pseudonym, where the value is actually the point at
- * infinity; however, that value cannot be represented here.  We do
- * not handle the case where the actual q-Value of some pseudonym
- * happens to be all zeros as well (as the chance of that is
- * negligible).
+ * Identifier for a GNUnet pseudonym (the public key).  Q-point, Q=dP.
+ * Note that we (ab)use an identifier of 'Q=G=1P' to mean the
+ * 'anonymous' pseudonym.
  */
 struct GNUNET_FS_PseudonymIdentifier
 {
@@ -274,7 +270,7 @@ GNUNET_FS_pseudonym_verify (const struct GNUNET_FS_PseudonymSignaturePurpose *pu
  */
 void
 GNUNET_FS_pseudonym_get_identifier (struct GNUNET_FS_PseudonymHandle *ph,
-                                 struct GNUNET_FS_PseudonymIdentifier *pseudonym);
+                                    struct GNUNET_FS_PseudonymIdentifier *pseudonym);
 
 
 
@@ -531,6 +527,7 @@ GNUNET_FS_uri_ksk_remove_keyword (struct GNUNET_FS_Uri *uri,
 struct GNUNET_FS_Uri *
 GNUNET_FS_uri_parse (const char *uri, char **emsg);
 
+
 /**
  * Free URI.
  *
@@ -2604,8 +2601,9 @@ GNUNET_FS_namespace_open_existing (struct GNUNET_FS_Handle *h, const char *name)
  * @return GNUNET_OK on success, GNUNET_SYSERR on error (see errno for details)
  */
 int
-GNUNET_FS_namespace_rename (struct GNUNET_FS_Handle *h, const char *old_name,
-    const char *new_name);
+GNUNET_FS_namespace_rename (struct GNUNET_FS_Handle *h, 
+                            const char *old_name,
+                            const char *new_name);
 
 
 /**
diff --git a/src/include/gnunet_hello_lib.h b/src/include/gnunet_hello_lib.h
index b60353ee7..583a33f7d 100644
--- a/src/include/gnunet_hello_lib.h
+++ b/src/include/gnunet_hello_lib.h
@@ -199,8 +199,7 @@ typedef size_t (*GNUNET_HELLO_GenerateAddressListCallback) (void *cls,
  * @return the hello message
  */
 struct GNUNET_HELLO_Message *
-GNUNET_HELLO_create (const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded
-                     *publicKey,
+GNUNET_HELLO_create (const struct GNUNET_CRYPTO_EccPublicKey *publicKey,
                      GNUNET_HELLO_GenerateAddressListCallback addrgen,
                      void *addrgen_cls,
                      int friend_only);
@@ -327,8 +326,7 @@ GNUNET_HELLO_iterate_new_addresses (const struct GNUNET_HELLO_Message
  */
 int
 GNUNET_HELLO_get_key (const struct GNUNET_HELLO_Message *hello,
-                      struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded
-                      *publicKey);
+                      struct GNUNET_CRYPTO_EccPublicKey *publicKey);
 
 
 /**
@@ -381,7 +379,7 @@ GNUNET_HELLO_compose_uri (const struct GNUNET_HELLO_Message *hello,
  */
 int
 GNUNET_HELLO_parse_uri (const char *uri,
-                        struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *pubkey,
+                        struct GNUNET_CRYPTO_EccPublicKey *pubkey,
                         struct GNUNET_HELLO_Message **hello,
                         GNUNET_HELLO_TransportPluginsFind plugins_find);
 
diff --git a/src/include/gnunet_identity_service.h b/src/include/gnunet_identity_service.h
index 1d67c568c..dfc643d22 100644
--- a/src/include/gnunet_identity_service.h
+++ b/src/include/gnunet_identity_service.h
@@ -74,7 +74,18 @@ struct GNUNET_IDENTITY_Operation;
  * @return associated ECC key, valid as long as the ego is valid
  */
 const struct GNUNET_CRYPTO_EccPrivateKey *
-GNUNET_IDENTITY_ego_get_key (struct GNUNET_IDENTITY_Ego *ego);
+GNUNET_IDENTITY_ego_get_private_key (struct GNUNET_IDENTITY_Ego *ego);
+
+
+/**
+ * Get the identifier (public key) of an ego.
+ *
+ * @param ego identity handle with the private key
+ * @param pk set to ego's public key
+ */
+void
+GNUNET_IDENTITY_ego_get_public_key (struct GNUNET_IDENTITY_Ego *ego,
+                                    struct GNUNET_CRYPTO_EccPublicKey *pk);
 
 
 /** 
@@ -83,7 +94,7 @@ GNUNET_IDENTITY_ego_get_key (struct GNUNET_IDENTITY_Ego *ego);
  *
  * When used with 'GNUNET_IDENTITY_connect', this function is
  * initially called for all egos and then again whenever a
- * ego's identifier changes or if it is deleted.  At the end of
+ * ego's name changes or if it is deleted.  At the end of
  * the initial pass over all egos, the function is once called
  * with 'NULL' for 'ego'. That does NOT mean that the callback won't
  * be invoked in the future or that there was an error.
@@ -97,10 +108,10 @@ GNUNET_IDENTITY_ego_get_key (struct GNUNET_IDENTITY_Ego *ego);
  * that one was not NULL).
  *
  * When an identity is renamed, this function is called with the
- * (known) ego but the NEW identifier.  
+ * (known) ego but the NEW name.  
  *
  * When an identity is deleted, this function is called with the
- * (known) ego and "NULL" for the 'identifier'.  In this case,
+ * (known) ego and "NULL" for the 'name'.  In this case,
  * the 'ego' is henceforth invalid (and the 'ctx' should also be
  * cleaned up).
  *
@@ -108,14 +119,14 @@ GNUNET_IDENTITY_ego_get_key (struct GNUNET_IDENTITY_Ego *ego);
  * @param ego ego handle
  * @param ego_ctx context for application to store data for this ego
  *                 (during the lifetime of this process, initially NULL)
- * @param identifier identifier assigned by the user for this ego,
+ * @param name name assigned by the user for this ego,
  *                   NULL if the user just deleted the ego and it
  *                   must thus no longer be used
  */
 typedef void (*GNUNET_IDENTITY_Callback)(void *cls,
                                          struct GNUNET_IDENTITY_Ego *ego,
                                          void **ctx,
-                                         const char *identifier);
+                                         const char *name);
 
 
 /** 
@@ -188,17 +199,17 @@ GNUNET_IDENTITY_disconnect (struct GNUNET_IDENTITY_Handle *h);
 
 
 /** 
- * Create a new identity with the given identifier.
+ * Create a new identity with the given name.
  *
  * @param id identity service to use
- * @param identifier desired identifier
+ * @param name desired name
  * @param cont function to call with the result (will only be called once)
  * @param cont_cls closure for cont
  * @return handle to abort the operation
  */
 struct GNUNET_IDENTITY_Operation *
 GNUNET_IDENTITY_create (struct GNUNET_IDENTITY_Handle *id,
-                        const char *identifier,
+                        const char *name,
                         GNUNET_IDENTITY_Continuation cont,
                         void *cont_cls);
 
@@ -207,16 +218,16 @@ GNUNET_IDENTITY_create (struct GNUNET_IDENTITY_Handle *id,
  * Renames an existing identity.
  *
  * @param id identity service to use
- * @param old_identifier old identifier
- * @param new_identifier desired new identifier
+ * @param old_name old name
+ * @param new_name desired new name
  * @param cb function to call with the result (will only be called once)
  * @param cb_cls closure for cb
  * @return handle to abort the operation
  */
 struct GNUNET_IDENTITY_Operation *
 GNUNET_IDENTITY_rename (struct GNUNET_IDENTITY_Handle *id,
-                        const char *old_identifier,
-                        const char *new_identifier,
+                        const char *old_name,
+                        const char *new_name,
                         GNUNET_IDENTITY_Continuation cb,
                         void *cb_cls);
 
@@ -225,14 +236,14 @@ GNUNET_IDENTITY_rename (struct GNUNET_IDENTITY_Handle *id,
  * Delete an existing identity.
  *
  * @param id identity service to use
- * @param identifier identifier of the identity to delete
+ * @param name name of the identity to delete
  * @param cb function to call with the result (will only be called once)
  * @param cb_cls closure for cb
  * @return handle to abort the operation
  */
 struct GNUNET_IDENTITY_Operation *
 GNUNET_IDENTITY_delete (struct GNUNET_IDENTITY_Handle *id,
-                        const char *identifier,
+                        const char *name,
                         GNUNET_IDENTITY_Continuation cb,
                         void *cb_cls);
 
diff --git a/src/include/gnunet_namestore_plugin.h b/src/include/gnunet_namestore_plugin.h
index e969170e5..b4ffc257d 100644
--- a/src/include/gnunet_namestore_plugin.h
+++ b/src/include/gnunet_namestore_plugin.h
@@ -4,7 +4,7 @@
 
      GNUnet is free software; you can redistribute it and/or modify
      it under the terms of the GNU General Public License as published
-     by the Free Software Foundation; either version 2, or (at your
+     by the Free Software Foundation; either version 3, or (at your
      option) any later version.
 
      GNUnet is distributed in the hope that it will be useful, but
@@ -53,7 +53,7 @@ extern "C"
  *        because the user queried for a particular record type only)
  */
 typedef void (*GNUNET_NAMESTORE_RecordIterator) (void *cls,
-                                                 const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *zone_key,
+                                                 const struct GNUNET_CRYPTO_EccPublicKey *zone_key,
                                                  struct GNUNET_TIME_Absolute expire,
                                                  const char *name,
                                                  unsigned int rd_len,
@@ -88,7 +88,7 @@ struct GNUNET_NAMESTORE_PluginFunctions
    * @return GNUNET_OK on success, else GNUNET_SYSERR
    */
   int (*put_records) (void *cls, 
-                      const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *zone_key,
+                      const struct GNUNET_CRYPTO_EccPublicKey *zone_key,
                       struct GNUNET_TIME_Absolute expire,
                       const char *name,
                       unsigned int rd_len,
diff --git a/src/include/gnunet_namestore_service.h b/src/include/gnunet_namestore_service.h
index 700122507..77da67312 100644
--- a/src/include/gnunet_namestore_service.h
+++ b/src/include/gnunet_namestore_service.h
@@ -247,7 +247,7 @@ struct GNUNET_NAMESTORE_RecordData
  */
 struct GNUNET_NAMESTORE_QueueEntry *
 GNUNET_NAMESTORE_record_put (struct GNUNET_NAMESTORE_Handle *h,
-                             const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *zone_key,
+                             const struct GNUNET_CRYPTO_EccPublicKey *zone_key,
                              const char *name,
                              struct GNUNET_TIME_Absolute freshness,
                              unsigned int rd_count,
@@ -270,7 +270,7 @@ GNUNET_NAMESTORE_record_put (struct GNUNET_NAMESTORE_Handle *h,
  * @return GNUNET_OK if the signature is valid
  */
 int
-GNUNET_NAMESTORE_verify_signature (const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *public_key,
+GNUNET_NAMESTORE_verify_signature (const struct GNUNET_CRYPTO_EccPublicKey *public_key,
                                    const struct GNUNET_TIME_Absolute freshness,
                                    const char *name,
                                    unsigned int rd_count,
@@ -319,7 +319,7 @@ GNUNET_NAMESTORE_record_put_by_authority (struct GNUNET_NAMESTORE_Handle *h,
  *        because the user queried for a particular record type only)
  */
 typedef void (*GNUNET_NAMESTORE_RecordProcessor) (void *cls,
-                                                  const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *zone_key,
+                                                  const struct GNUNET_CRYPTO_EccPublicKey *zone_key,
                                                   struct GNUNET_TIME_Absolute freshness,                            
                                                   const char *name,
                                                   unsigned int rd_count,
@@ -480,7 +480,7 @@ struct GNUNET_NAMESTORE_ZoneMonitor;
  * @param signature signature of the record block
  */
 typedef void (*GNUNET_NAMESTORE_RecordMonitor)(void *cls,
-                                               const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *zone_key,
+                                               const struct GNUNET_CRYPTO_EccPublicKey *zone_key,
                                                struct GNUNET_TIME_Absolute freshness,                       
                                                const char *name,
                                                unsigned int rd_len,
diff --git a/src/include/gnunet_testing_lib.h b/src/include/gnunet_testing_lib.h
index 6bb92e05d..3b6fabb6e 100644
--- a/src/include/gnunet_testing_lib.h
+++ b/src/include/gnunet_testing_lib.h
@@ -46,12 +46,9 @@ extern "C"
 #endif
 
 /**
- * Size of each hostkey in the hostkey file (in BYTES).  This is the
- * maximum length of the S-expressions generated by libgcrypt for the
- * curves (rounded up to the next full KB to make IO nicer); it is NOT
- * the number of bits in the key.
+ * Size of each hostkey in the hostkey file (in BYTES). 
  */
-#define GNUNET_TESTING_HOSTKEYFILESIZE 1024
+#define GNUNET_TESTING_HOSTKEYFILESIZE sizeof (struct GNUNET_CRYPTO_EccPrivateKey)
 
 /**
  * Handle for a system on which GNUnet peers are executed;