starting major change towards implementing #2564, this breaks some FS tests and FS APIs

5 files changed, 320 insertions, 284 deletions

diff --git a/src/include/block_fs.h b/src/include/block_fs.h
index 0b77adc49..6f37dcf0e 100644
--- a/src/include/block_fs.h
+++ b/src/include/block_fs.h
@@ -28,119 +28,49 @@
 
 #include "gnunet_util_lib.h"
 
-/**
- * @brief keyword block (advertising data under a keyword)
- */
-struct KBlock
-{
-
-  /**
-   * GNUNET_RSA_Signature using RSA-key generated from search keyword.
-   */
-  struct GNUNET_CRYPTO_RsaSignature signature;
-
-  /**
-   * What is being signed and why?
-   */
-  struct GNUNET_CRYPTO_RsaSignaturePurpose purpose;
-
-  /**
-   * Key generated (!) from the H(keyword) as the seed!
-   */
-  struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded keyspace;
-
-  /* 0-terminated URI here */
-
-  /* variable-size Meta-Data follows here */
-
-};
-
 
 /**
- * @brief namespace content block (advertising data under an identifier in a namespace)
+ * Maximum legal size for a ublock.
  */
-struct SBlock
-{
+#define MAX_UBLOCK_SIZE (60 * 1024)
 
-  /**
-   * GNUNET_RSA_Signature using RSA-key of the namespace
-   */
-  struct GNUNET_CRYPTO_RsaSignature signature;
 
-  /**
-   * What is being signed and why?
-   */
-  struct GNUNET_CRYPTO_RsaSignaturePurpose purpose;
-
-  /**
-   * Hash of the hash of the human-readable identifier used for
-   * this entry (the hash of the human-readable identifier is
-   * used as the key for decryption; the xor of this identifier
-   * and the hash of the "keyspace" is the datastore-query hash).
-   */
-  struct GNUNET_HashCode identifier;
-
-  /**
-   * Public key of the namespace.
-   */
-  struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded subspace;
-
-  /* 0-terminated update-identifier here */
-
-  /* 0-terminated URI here (except for NBlocks) */
-
-  /* variable-size Meta-Data follows here */
-
-};
 
+GNUNET_NETWORK_STRUCT_BEGIN
 
 /**
- * @brief namespace advertisement block (advertising root of a namespace)
+ * @brief universal block for keyword and namespace search results
  */
-struct NBlock
+struct UBlock
 {
 
   /**
-   * GNUNET_RSA_Signature using RSA-key generated from search keyword.
+   * Signature using pseudonym and search keyword / identifier.
    */
-  struct GNUNET_CRYPTO_RsaSignature ksk_signature;
+  struct GNUNET_PseudonymSignature signature;
 
   /**
    * What is being signed and why?
    */
-  struct GNUNET_CRYPTO_RsaSignaturePurpose ksk_purpose;
+  struct GNUNET_PseudonymSignaturePurpose purpose;
 
   /**
-   * Key generated (!) from the H(keyword) as the seed!
+   * Public key used to sign this block.  Hash of this value
+   * is the query.
    */
-  struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded keyspace;
+  struct GNUNET_PseudonymIdentifier verification_key;
 
-  /**
-   * GNUNET_RSA_Signature using RSA-key of the namespace
-   */
-  struct GNUNET_CRYPTO_RsaSignature ns_signature;
-
-  /**
-   * What is being signed and why?
-   */
-  struct GNUNET_CRYPTO_RsaSignaturePurpose ns_purpose;
+  /* rest of the data is encrypted */
 
-  /**
-   * Public key of the namespace.
-   */
-  struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded subspace;
-
-  /* from here on, data is encrypted with H(keyword) */
+  /* 0-terminated update-identifier here (ignored for keyword results) */
 
-  /* 0-terminated root identifier here */
+  /* 0-terminated URI here */
 
   /* variable-size Meta-Data follows here */
 
 };
 
 
-GNUNET_NETWORK_STRUCT_BEGIN
-
 /**
  * @brief index block (indexing a DBlock that
  *        can be obtained directly from reading
diff --git a/src/include/gnunet_block_lib.h b/src/include/gnunet_block_lib.h
index 002d5c11b..ac9d9d5f8 100644
--- a/src/include/gnunet_block_lib.h
+++ b/src/include/gnunet_block_lib.h
@@ -41,15 +41,15 @@ extern "C"
  */
 enum GNUNET_BLOCK_Type
 {
-    /**
-     * Any type of block, used as a wildcard when searching.  Should
-     * never be attached to a specific block.
-     */
+  /**
+   * Any type of block, used as a wildcard when searching.  Should
+   * never be attached to a specific block.
+   */
   GNUNET_BLOCK_TYPE_ANY = 0,
 
-    /**
-     * Data block (leaf) in the CHK tree.
-     */
+  /**
+   * Data block (leaf) in the CHK tree.
+   */
   GNUNET_BLOCK_TYPE_FS_DBLOCK = 1,
 
     /**
@@ -57,67 +57,73 @@ enum GNUNET_BLOCK_Type
      */
   GNUNET_BLOCK_TYPE_FS_IBLOCK = 2,
 
-    /**
-     * Type of a block representing a keyword search result.  Note that
-     * the values for KBLOCK, SBLOCK and NBLOCK must be consecutive.
-     */
+  /**
+   * Legacy type, no longer in use.
+   */
   GNUNET_BLOCK_TYPE_FS_KBLOCK = 3,
 
-    /**
-     * Type of a block that is used to advertise content in a namespace.
-     */
+  /**
+   * Legacy type, no longer in use.
+   */
   GNUNET_BLOCK_TYPE_FS_SBLOCK = 4,
 
-    /**
-     * Type of a block that is used to advertise a namespace.
-     */
+  /**
+   * Legacy type, no longer in use.
+   */
   GNUNET_BLOCK_TYPE_FS_NBLOCK = 5,
 
-    /**
-     * Type of a block representing a block to be encoded on demand from disk.
-     * Should never appear on the network directly.
-     */
+  /**
+   * Type of a block representing a block to be encoded on demand from disk.
+   * Should never appear on the network directly.
+   */
   GNUNET_BLOCK_TYPE_FS_ONDEMAND = 6,
 
-    /**
-     * Type of a block that contains a HELLO for a peer (for
-     * DHT find-peer operations).
-     */
+  /**
+   * Type of a block that contains a HELLO for a peer (for
+   * DHT find-peer operations).
+   */
   GNUNET_BLOCK_TYPE_DHT_HELLO = 7,
 
-    /**
-     * Block for testing.
-     */
+  /**
+   * Block for testing.
+   */
   GNUNET_BLOCK_TYPE_TEST = 8,
-
-    /**
-     * Block for storing .gnunet-domains
-     */
+  
+  /**
+   * Type of a block representing any type of search result
+   * (universal).  Implemented in the context of #2564, replaces
+   * SBLOCKS, KBLOCKS and NBLOCKS.
+   */
+  GNUNET_BLOCK_TYPE_FS_UBLOCK = 9,
+
+  /**
+   * Block for storing .gnunet-domains
+   */
   GNUNET_BLOCK_TYPE_DNS = 10,
 
-    /**
-     * Block for storing record data
-     */
+  /**
+   * Block for storing record data
+   */
   GNUNET_BLOCK_TYPE_GNS_NAMERECORD = 11,
 
-    /**
-     * Block for storing mesh peers
-     */
+  /**
+   * Block for storing mesh peers
+   */
   GNUNET_BLOCK_TYPE_MESH_PEER = 20,
-
-    /**
-     * Block for finding peers by type
-     */
+  
+  /**
+   * Block for finding peers by type
+   */
   GNUNET_BLOCK_TYPE_MESH_PEER_BY_TYPE = 21,
 
-    /**
-     * Block to store a mesh regex state
-     */
+  /**
+   * Block to store a mesh regex state
+   */
   GNUNET_BLOCK_TYPE_REGEX = 22,
 
-    /**
-     * Block to store a mesh regex accepting state
-     */
+  /**
+   * Block to store a mesh regex accepting state
+   */
   GNUNET_BLOCK_TYPE_REGEX_ACCEPT = 23
 };
 
diff --git a/src/include/gnunet_fs_service.h b/src/include/gnunet_fs_service.h
index efe2cd004..931406e2d 100644
--- a/src/include/gnunet_fs_service.h
+++ b/src/include/gnunet_fs_service.h
@@ -1,6 +1,6 @@
 /*
      This file is part of GNUnet
-     (C) 2004, 2005, 2006, 2007, 2008, 2009 Christian Grothoff (and other contributing authors)
+     (C) 2004--2013 Christian Grothoff (and other contributing authors)
 
      GNUnet is free software; you can redistribute it and/or modify
      it under the terms of the GNU General Public License as published
@@ -54,8 +54,9 @@ extern "C"
  * 6.1.x: with simplified namespace support
  * 9.0.0: CPS-style integrated API
  * 9.1.1: asynchronous directory scanning
+ * 9.2.0: unified K-Block and S-block format (#2564)
  */
-#define GNUNET_FS_VERSION 0x00090103
+#define GNUNET_FS_VERSION 0x00090200
 
 
 /* ******************** URI API *********************** */
@@ -342,25 +343,26 @@ GNUNET_FS_uri_sks_create (struct GNUNET_FS_Namespace *ns, const char *id,
 /**
  * Create an SKS URI from a namespace ID and an identifier.
  *
- * @param nsid namespace ID
+ * @param pseudonym pseudonym to use
  * @param id identifier
  * @return an FS URI for the given namespace and identifier
  */
 struct GNUNET_FS_Uri *
-GNUNET_FS_uri_sks_create_from_nsid (struct GNUNET_HashCode * nsid, const char *id);
+GNUNET_FS_uri_sks_create_from_nsid (struct GNUNET_PseudonymIdentifier *pseudonym, 
+                                    const char *id);
 
 
 /**
- * Get the ID of a namespace from the given
+ * Get the public key of a namespace from the given
  * namespace URI.
  *
  * @param uri the uri to get the namespace ID from
- * @param nsid where to store the ID of the namespace
+ * @param pseudonym where to store the public key of the namespace
  * @return GNUNET_OK on success
  */
 int
 GNUNET_FS_uri_sks_get_namespace (const struct GNUNET_FS_Uri *uri,
-                                 struct GNUNET_HashCode * nsid);
+                                 struct GNUNET_PseudonymIdentifier *pseudonym);
 
 
 /**
@@ -1403,9 +1405,9 @@ struct GNUNET_FS_ProgressInfo
           const struct GNUNET_CONTAINER_MetaData *meta;
 
           /**
-           * Hash-identifier for the namespace.
+           * Public key of the namespace.
            */
-          struct GNUNET_HashCode id;
+          struct GNUNET_PseudonymIdentifier pseudonym;
 
         } ns;
 
@@ -2189,60 +2191,6 @@ GNUNET_FS_unindex_stop (struct GNUNET_FS_UnindexContext *uc);
 
 
 /**
- * Context for advertising a namespace.
- */
-struct GNUNET_FS_AdvertisementContext;
-
-
-/**
- * Publish an advertismement for a namespace.
- *
- * @param h handle to the file sharing subsystem
- * @param ksk_uri keywords to use for advertisment
- * @param ns handle for the namespace that should be advertised
- * @param meta meta-data for the namespace advertisement
- * @param bo block options
- * @param rootEntry name of the root of the namespace
- * @param cont continuation
- * @param cont_cls closure for cont
- * @return NULL on error ('cont' will still be called)
- */
-struct GNUNET_FS_AdvertisementContext *
-GNUNET_FS_namespace_advertise (struct GNUNET_FS_Handle *h,
-                               struct GNUNET_FS_Uri *ksk_uri,
-                               struct GNUNET_FS_Namespace *ns,
-                               const struct GNUNET_CONTAINER_MetaData *meta,
-                               const struct GNUNET_FS_BlockOptions *bo,
-                               const char *rootEntry,
-                               GNUNET_FS_PublishContinuation cont,
-                               void *cont_cls);
-
-
-/**
- * Create an SKS uri that points to the root entry of the namespace,
- * then insert that SKS uri into metadata.
- *
- * @param ns handle for the namespace that should be advertised
- * @param meta meta-data into which namespace advertisement should be inserted
- * @param rootEntry name of the root of the namespace (use NULL to use default)
- * @return GNUNET_OK on success, GNUNET_SYSERR on error
- */
-int
-GNUNET_FS_namespace_insert_advertisement_into_metadata (
-    struct GNUNET_FS_Namespace *ns, struct GNUNET_CONTAINER_MetaData *meta,
-    const char *rootEntry);
-
-
-/**
- * Abort the namespace advertisement operation.
- *
- * @param ac context of the operation to abort.
- */
-void
-GNUNET_FS_namespace_advertise_cancel (struct GNUNET_FS_AdvertisementContext *ac);
-
-
-/**
  * Create a namespace with the given name; if one already
  * exists, return a handle to the existing namespace.
  *
@@ -2268,45 +2216,6 @@ GNUNET_FS_namespace_open_existing (struct GNUNET_FS_Handle *h, const char *name)
 
 
 /**
- * Context for creating a namespace asynchronously.
- */
-struct GNUNET_FS_NamespaceCreationContext;
-
-/**
- * Function called upon completion of 'GNUNET_FS_namespace_create_start'.
- *
- * @param cls closure
- * @param ns NULL on error, otherwise the namespace (which must be free'd by the callee)
- * @param emsg NULL on success, otherwise an error message
- */
-typedef void (*GNUNET_FS_NamespaceCreationCallback)(void *cls,
-    struct GNUNET_FS_Namespace *ns, const char *emsg);
-
-
-/**
- * Create a namespace with the given name; if one already
- * exists, return a handle to the existing namespace immediately.
- * Otherwise create a namespace asynchronously.
- *
- * @param h handle to the file sharing subsystem
- * @param name name to use for the namespace
- * @return namespace creation context, NULL on error (i.e. invalid filename)
- */
-struct GNUNET_FS_NamespaceCreationContext *
-GNUNET_FS_namespace_create_start (struct GNUNET_FS_Handle *h, const char *name,
-    GNUNET_FS_NamespaceCreationCallback cont, void *cont_cls);
-
-
-/**
- * Abort namespace creation.
- *
- * @param ncc namespace creation context to abort
- */
-void
-GNUNET_FS_namespace_create_stop (struct GNUNET_FS_NamespaceCreationContext *ncc);
-
-
-/**
  * Rename a local namespace.
  *
  * @param h handle to the file sharing subsystem
@@ -2338,8 +2247,8 @@ GNUNET_FS_namespace_dup (struct GNUNET_FS_Namespace *ns);
  *         GNUNET_SYSERR on failure (contents of id remain intact)
  */
 int
-GNUNET_FS_namespace_get_public_key_hash (struct GNUNET_FS_Namespace *ns,
-    struct GNUNET_HashCode *id);
+GNUNET_FS_namespace_get_public_identifier (struct GNUNET_FS_Namespace *ns,
+                                           struct GNUNET_PseudonymIdentifier *id);
 
 
 /**
@@ -2364,10 +2273,10 @@ GNUNET_FS_namespace_delete (struct GNUNET_FS_Namespace *ns, int freeze);
  *
  * @param cls closure
  * @param name human-readable identifier of the namespace
- * @param id hash identifier for the namespace
+ * @param id identifier for the namespace
  */
 typedef void (*GNUNET_FS_NamespaceInfoProcessor) (void *cls, const char *name,
-                                                  const struct GNUNET_HashCode * id);
+                                                  const struct GNUNET_PseudonymIdentifier *id);
 
 
 /**
diff --git a/src/include/gnunet_pseudonym_lib.h b/src/include/gnunet_pseudonym_lib.h
index 6ec51b678..11b5cd9e4 100644
--- a/src/include/gnunet_pseudonym_lib.h
+++ b/src/include/gnunet_pseudonym_lib.h
@@ -1,6 +1,6 @@
 /*
      This file is part of GNUnet.
-     (C) 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2009 Christian Grothoff (and other contributing authors)
+     (C) 2001--2013 Christian Grothoff (and other contributing authors)
 
      GNUnet is free software; you can redistribute it and/or modify
      it under the terms of the GNU General Public License as published
@@ -39,6 +39,166 @@ extern "C"
 #include "gnunet_configuration_lib.h"
 #include "gnunet_container_lib.h"
 
+
+/**
+ * Identifier for a GNUnet pseudonym (the public key).
+ */
+struct GNUNET_PseudonymIdentifier
+{
+  /**
+   * The public key of the pseudonym.
+   */
+  char public_key[42];
+};
+
+
+/**
+ * Handle for a pseudonym (private key).
+ */
+struct GNUNET_PseudonymHandle;
+
+
+/**
+ * Signature made with a pseudonym (includes the full public key)
+ */
+struct GNUNET_PseudonymSignature
+{
+  
+  /**
+   * Who created the signature? (public key of the signer)
+   */
+  struct GNUNET_PseudonymIdentifier signer;
+
+  /**
+   * Binary signature data, padded with zeros if needed.
+   */
+  char signature[42];
+};
+
+
+/**
+ * Purpose for signature made with a pseudonym.
+ */
+struct GNUNET_PseudonymSignaturePurpose
+{
+  /**
+   * How many bytes are being signed (including this header)?
+   */
+  uint32_t size;
+
+  /**
+   * What is the context/purpose of the signature?
+   */
+  uint32_t purpose;
+};
+
+
+/**
+ * Create a pseudonym.
+ *
+ * @param filename name of the file to use for storage, NULL for in-memory only
+ * @return handle to the private key of the pseudonym
+ */
+struct GNUNET_PseudonymHandle *
+GNUNET_PSEUDONYM_create (const char *filename);
+
+
+/**
+ * Create a pseudonym, from a file that must already exist.
+ *
+ * @param filename name of the file to use for storage, NULL for in-memory only
+ * @return handle to the private key of the pseudonym
+ */
+struct GNUNET_PseudonymHandle *
+GNUNET_PSEUDONYM_create_from_existing_file (const char *filename);
+
+
+/**
+ * Get the handle for the 'anonymous' pseudonym shared by all users.
+ * That pseudonym uses a fixed 'secret' for the private key; this
+ * construction is useful to make anonymous and pseudonymous APIs
+ * (and packets) indistinguishable on the network.  See #2564.
+ *
+ * @return handle to the (non-secret) private key of the 'anonymous' pseudonym
+ */
+struct GNUNET_PseudonymHandle *
+GNUNET_PSEUDONYM_get_anonymous_pseudonym_handle (void);
+
+
+/**
+ * Destroy a pseudonym handle.  Does NOT remove the private key from
+ * the disk.
+ *
+ * @param ph pseudonym handle to destroy
+ */
+void
+GNUNET_PSEUDONYM_destroy (struct GNUNET_PseudonymHandle *ph);
+
+
+/**
+ * Cryptographically sign some data with the pseudonym.
+ *
+ * @param ph private key used for signing (corresponds to 'x' in #2564)
+ * @param purpose data to sign
+ * @param seed hash of the plaintext of the data that we are signing, 
+ *             used for deterministic PRNG for anonymous signing;
+ *             corresponds to 'k' in section 2.7 of #2564
+ * @param signing_key modifier to apply to the private key for signing;
+ *                    corresponds to 'h' in section 2.3 of #2564.
+ * @param signature where to store the signature
+ */
+void
+GNUNET_PSEUDONYM_sign (struct GNUNET_PseudonymHandle *ph,
+                       const struct GNUNET_PseudonymSignaturePurpose *purpose,
+                       const struct GNUNET_HashCode *seed,
+                       const struct GNUNET_HashCode *signing_key,
+                       struct GNUNET_PseudonymSignature *signature);
+
+
+/**
+ * Given a pseudonym and a signing key, derive the corresponding public
+ * key that would be used to verify the resulting signature.
+ *
+ * @param pseudonym the public key (g^x)
+ * @param signing_key input to derive 'h' (see section 2.4 of #2564)
+ * @param verification_key resulting public key to verify the signature
+ *        created from the 'ph' of 'pseudonym' and the 'signing_key';
+ *        the value stored here can then be given to GNUNET_PSEUDONYM_verify.
+ */
+void
+GNUNET_PSEUDONYM_derive_verification_key (struct GNUNET_PseudonymIdentifier *pseudonym,
+                                          const struct GNUNET_HashCode *signing_key,
+                                          struct GNUNET_PseudonymIdentifier *verification_key);
+
+
+/**
+ * Verify a signature made with a pseudonym.
+ *
+ * @param purpose data that was signed
+ * @param signature signature to verify
+ * @param verification_key public key to use for checking the signature;
+ *                    corresponds to 'g^(x+h)' in section 2.4 of #2564.
+ * @return GNUNET_OK on success (signature valid, 'pseudonym' set),
+ *         GNUNET_SYSERR if the signature is invalid
+ */
+int
+GNUNET_PSEUDONYM_verify (const struct GNUNET_PseudonymSignaturePurpose *purpose,
+                         const struct GNUNET_PseudonymSignature *signature,
+                         const struct GNUNET_PseudonymIdentifier *verification_key);
+
+
+/**
+ * Get the identifier (public key) of a pseudonym.
+ *
+ * @param ph pseudonym handle with the private key
+ * @param pseudonym pseudonym identifier (set based on 'ph')
+ */
+void
+GNUNET_PSEUDONYM_get_identifier (struct GNUNET_PseudonymHandle *ph,
+                                 struct GNUNET_PseudonymIdentifier *pseudonym);
+
+
+
 /**
  * Iterator over all known pseudonyms.
  *
@@ -51,23 +211,26 @@ extern "C"
  * @return GNUNET_OK to continue iteration, GNUNET_SYSERR to abort
  */
 typedef int (*GNUNET_PSEUDONYM_Iterator) (void *cls,
-                                          const struct GNUNET_HashCode * pseudonym,
+                                          const struct GNUNET_PseudonymIdentifier *pseudonym,
                                           const char *name,
                                           const char *unique_name,
-                                          const struct GNUNET_CONTAINER_MetaData
-                                          * md, int rating);
+                                          const struct GNUNET_CONTAINER_MetaData *md, 
+                                          int32_t rating);
+
 
 /**
- * Change the ranking of a pseudonym.
+ * Change the rank of a pseudonym.
  *
  * @param cfg overall configuration
- * @param nsid id of the pseudonym
+ * @param pseudonym identity of the pseudonym
  * @param delta by how much should the rating be changed?
- * @return new rating of the namespace
+ * @return new rating of the pseudonym
  */
 int
 GNUNET_PSEUDONYM_rank (const struct GNUNET_CONFIGURATION_Handle *cfg,
-                       const struct GNUNET_HashCode * nsid, int delta);
+                       const struct GNUNET_PseudonymIdentifier *pseudonym, 
+                       int32_t delta);
+
 
 /**
  * Add a pseudonym to the set of known pseudonyms.
@@ -77,10 +240,11 @@ GNUNET_PSEUDONYM_rank (const struct GNUNET_CONFIGURATION_Handle *cfg,
  * @param cfg overall configuration
  * @param id the pseudonym identifier
  * @param meta metadata for the pseudonym
+ * @return GNUNET_OK on success, GNUNET_SYSERR on failure
  */
-void
+int
 GNUNET_PSEUDONYM_add (const struct GNUNET_CONFIGURATION_Handle *cfg,
-                      const struct GNUNET_HashCode * id,
+                      const struct GNUNET_PseudonymIdentifier *pseudonym,
                       const struct GNUNET_CONTAINER_MetaData *meta);
 
 
@@ -89,37 +253,51 @@ GNUNET_PSEUDONYM_add (const struct GNUNET_CONFIGURATION_Handle *cfg,
  *
  * @param cfg overall configuration
  * @param iterator function to call for each pseudonym
- * @param closure closure for iterator
+ * @param iterator_cls closure for iterator
  * @return number of pseudonyms found
  */
 int
 GNUNET_PSEUDONYM_list_all (const struct GNUNET_CONFIGURATION_Handle *cfg,
-                           GNUNET_PSEUDONYM_Iterator iterator, void *closure);
+                           GNUNET_PSEUDONYM_Iterator iterator, 
+                           void *iterator_cls);
+
+
+/**
+ * Handle for a discovery callback registration.
+ */
+struct GNUNET_PSEUDONYM_DiscoveryHandle;
+
 
 /**
  * Register callback to be invoked whenever we discover
  * a new pseudonym.
+ *
+ * @param cfg our configuration
+ * @param iterator function to invoke on discovery
+ * @param iterator_cls closure for iterator
+ * @return registration handle
  */
-int
-GNUNET_PSEUDONYM_discovery_callback_register (const struct
-                                              GNUNET_CONFIGURATION_Handle *cfg,
-                                              GNUNET_PSEUDONYM_Iterator
-                                              iterator, void *closure);
+struct GNUNET_PSEUDONYM_DiscoveryHandle *
+GNUNET_PSEUDONYM_discovery_callback_register (const struct GNUNET_CONFIGURATION_Handle *cfg,
+                                              GNUNET_PSEUDONYM_Iterator iterator, 
+                                              void *iterator_cls);
+
 
 /**
- * Unregister namespace discovery callback.
+ * Unregister pseudonym discovery callback.
+ *
+ * @param dh registration to unregister
  */
-int
-GNUNET_PSEUDONYM_discovery_callback_unregister (GNUNET_PSEUDONYM_Iterator
-                                                iterator, void *closure);
+void
+GNUNET_PSEUDONYM_discovery_callback_unregister (struct GNUNET_PSEUDONYM_DiscoveryHandle *dh);
+
 
 /**
- * Return unique variant of the namespace name.
- * Use after GNUNET_PSEUDONYM_id_to_name() to make sure
- * that name is unique.
+ * Return unique variant of the pseudonym name.  Use after
+ * GNUNET_PSEUDONYM_id_to_name() to make sure that name is unique.
  *
  * @param cfg configuration
- * @param nsid cryptographic ID of the namespace
+ * @param pseudonym cryptographic ID of the pseudonym
  * @param name name to uniquify
  * @param suffix if not NULL, filled with the suffix value
  * @return NULL on failure (should never happen), name on success.
@@ -127,18 +305,20 @@ GNUNET_PSEUDONYM_discovery_callback_unregister (GNUNET_PSEUDONYM_Iterator
  */
 char *
 GNUNET_PSEUDONYM_name_uniquify (const struct GNUNET_CONFIGURATION_Handle *cfg,
-    const struct GNUNET_HashCode * nsid, const char *name, unsigned int *suffix);
+                                const struct GNUNET_PseudonymIdentifier *pseudonym, 
+                                const char *name, 
+                                unsigned int *suffix);
+
 
 /**
- * Get namespace name, metadata and rank
- * This is a wrapper around internal read_info() call, and ensures that
- * returned data is not invalid (not NULL).
- * Writing back information returned by this function will give
- * a name "no-name" to pseudonyms that have no name. This side-effect is
- * unavoidable, but hardly harmful.
+ * Get pseudonym name, metadata and rank. This is a wrapper around
+ * internal read_info() call, and ensures that returned data is not
+ * invalid (not NULL).  Writing back information returned by this
+ * function will give a name "no-name" to pseudonyms that have no
+ * name. This side-effect is unavoidable, but hardly harmful.
  *
  * @param cfg configuration
- * @param nsid cryptographic ID of the namespace
+ * @param pseudonym cryptographic ID of the pseudonym
  * @param ret_meta a location to store metadata pointer. NULL, if metadata
  *        is not needed. Destroy with GNUNET_CONTAINER_meta_data_destroy().
  * @param ret_rank a location to store rank. NULL, if rank not needed.
@@ -152,27 +332,32 @@ GNUNET_PSEUDONYM_name_uniquify (const struct GNUNET_CONFIGURATION_Handle *cfg,
  */
 int
 GNUNET_PSEUDONYM_get_info (const struct GNUNET_CONFIGURATION_Handle *cfg,
-    const struct GNUNET_HashCode * nsid, struct GNUNET_CONTAINER_MetaData **ret_meta,
-    int32_t *ret_rank, char **ret_name, int *name_is_a_dup);
+                           const struct GNUNET_PseudonymIdentifier *pseudonym, 
+                           struct GNUNET_CONTAINER_MetaData **ret_meta,
+                           int32_t *ret_rank, 
+                           char **ret_name, 
+                           int *name_is_a_dup);
 
 
 /**
- * Get the namespace ID belonging to the given namespace name.
+ * Get the pseudonym ID belonging to the given pseudonym name.
  *
  * @param cfg configuration to use
- * @param ns_uname unique (!) human-readable name for the namespace
- * @param nsid set to namespace ID based on 'ns_uname'
+ * @param ps_uname unique (!) human-readable name for the pseudonym
+ * @param pseudonym set to pseudonym ID based on 'ns_uname'
  * @return GNUNET_OK on success, GNUNET_SYSERR on failure
  */
 int
 GNUNET_PSEUDONYM_name_to_id (const struct GNUNET_CONFIGURATION_Handle *cfg,
-    const char *ns_uname, struct GNUNET_HashCode * nsid);
+                             const char *ps_uname, 
+                             struct GNUNET_PseudonymIdentifier *pseudonym);
+
 
 /**
  * Set the pseudonym metadata, rank and name.
  *
  * @param cfg overall configuration
- * @param nsid id of the pseudonym
+ * @param pseudonym id of the pseudonym
  * @param name name to set. Must be the non-unique version of it.
  *        May be NULL, in which case it erases pseudonym's name!
  * @param md metadata to set
@@ -182,8 +367,10 @@ GNUNET_PSEUDONYM_name_to_id (const struct GNUNET_CONFIGURATION_Handle *cfg,
  */
 int
 GNUNET_PSEUDONYM_set_info (const struct GNUNET_CONFIGURATION_Handle *cfg,
-    const struct GNUNET_HashCode * nsid, const char *name,
-    const struct GNUNET_CONTAINER_MetaData *md, int rank);
+                           const struct GNUNET_PseudonymIdentifier *pseudonym, 
+                           const char *name,
+                           const struct GNUNET_CONTAINER_MetaData *md, 
+                           int32_t rank);
 
 
 #if 0                           /* keep Emacsens' auto-indent happy */
diff --git a/src/include/gnunet_signatures.h b/src/include/gnunet_signatures.h
index 2a2ba4755..a821a74df 100644
--- a/src/include/gnunet_signatures.h
+++ b/src/include/gnunet_signatures.h
@@ -66,22 +66,22 @@ extern "C"
 #define GNUNET_SIGNATURE_PURPOSE_PEER_PLACEMENT 5
 
 /**
- * Signature in a KBlock of the FS module.
+ * Obsolete, legacy value.
  */
 #define GNUNET_SIGNATURE_PURPOSE_FS_KBLOCK 6
 
 /**
- * Signature of content URI placed into a namespace.
+ * Obsolete, legacy value.
  */
 #define GNUNET_SIGNATURE_PURPOSE_FS_SBLOCK 7
 
 /**
- * Signature of advertisment for a namespace.
+ * Obsolete, legacy value.
  */
 #define GNUNET_SIGNATURE_PURPOSE_FS_NBLOCK 8
 
 /**
- * Keyword-based signature of advertisment for a namespace.
+ * Obsolete, legacy value.
  */
 #define GNUNET_SIGNATURE_PURPOSE_FS_NBLOCK_KSIG 9
 
@@ -121,6 +121,10 @@ extern "C"
 #define GNUNET_SIGNATURE_PURPOSE_SET_ECC_KEY 16
 
 
+/**
+ * UBlock Signature, done using DSS, not ECC
+ */
+#define GNUNET_SIGNATURE_PURPOSE_FS_UBLOCK 17
 
 #if 0                           /* keep Emacsens' auto-indent happy */
 {