- towards crypto agility; wip

8 files changed, 186 insertions, 90 deletions

diff --git a/src/revocation/Makefile.am b/src/revocation/Makefile.am
index 9d98502a6..d63d7213c 100644
--- a/src/revocation/Makefile.am
+++ b/src/revocation/Makefile.am
@@ -63,6 +63,7 @@ libgnunetrevocation_la_SOURCES = \
   revocation_api.c revocation.h
 libgnunetrevocation_la_LIBADD = \
   $(top_builddir)/src/util/libgnunetutil.la \
+  $(top_builddir)/src/identity/libgnunetidentity.la \
   $(LIBGCRYPT_LIBS) \
   $(GN_LIBINTL) $(XLIB) -lgcrypt
 libgnunetrevocation_la_LDFLAGS = \
diff --git a/src/revocation/gnunet-revocation-tvg.c b/src/revocation/gnunet-revocation-tvg.c
index 29df1bb4d..13dee3529 100644
--- a/src/revocation/gnunet-revocation-tvg.c
+++ b/src/revocation/gnunet-revocation-tvg.c
@@ -65,15 +65,16 @@ run (void *cls,
      const char *cfgfile,
      const struct GNUNET_CONFIGURATION_Handle *cfg)
 {
-  struct GNUNET_CRYPTO_EcdsaPrivateKey id_priv;
-  struct GNUNET_CRYPTO_EcdsaPublicKey id_pub;
+  struct GNUNET_IDENTITY_PrivateKey id_priv;
+  struct GNUNET_IDENTITY_PublicKey id_pub;
   struct GNUNET_REVOCATION_PowP pow;
   struct GNUNET_REVOCATION_PowCalculationHandle *ph;
   struct GNUNET_TIME_Relative exp;
 
-  GNUNET_CRYPTO_ecdsa_key_create (&id_priv);
-  GNUNET_CRYPTO_ecdsa_key_get_public (&id_priv,
-                                      &id_pub);
+  id_priv.type = htonl (GNUNET_IDENTITY_TYPE_ECDSA);
+  GNUNET_CRYPTO_ecdsa_key_create (&id_priv.ecdsa_key);
+  GNUNET_IDENTITY_key_get_public (&id_priv,
+                                  &id_pub);
   fprintf (stdout, "Zone private key (d, little-endian scalar):\n");
   print_bytes (&id_priv, sizeof(id_priv), 0);
   fprintf (stdout, "\n");
diff --git a/src/revocation/gnunet-revocation.c b/src/revocation/gnunet-revocation.c
index 0e1e482ab..2ba5d0420 100644
--- a/src/revocation/gnunet-revocation.c
+++ b/src/revocation/gnunet-revocation.c
@@ -101,7 +101,7 @@ static struct GNUNET_SCHEDULER_Task *pow_task;
 /**
  * Proof-of-work object
  */
-static struct GNUNET_REVOCATION_PowP proof_of_work;
+static struct GNUNET_REVOCATION_PowP *proof_of_work;
 
 /**
  * Function run if the user aborts with CTRL-C.
@@ -325,8 +325,8 @@ calculate_pow (void *cls)
 static void
 ego_callback (void *cls, struct GNUNET_IDENTITY_Ego *ego)
 {
-  struct GNUNET_CRYPTO_EcdsaPublicKey key;
-  const struct GNUNET_CRYPTO_EcdsaPrivateKey *privkey;
+  struct GNUNET_IDENTITY_PublicKey key;
+  const struct GNUNET_IDENTITY_PrivateKey *privkey;
   struct GNUNET_REVOCATION_PowCalculationHandle *ph = NULL;
 
   el = NULL;
@@ -403,15 +403,14 @@ run (void *cls,
      const char *cfgfile,
      const struct GNUNET_CONFIGURATION_Handle *c)
 {
-  struct GNUNET_CRYPTO_EcdsaPublicKey pk;
+  struct GNUNET_IDENTITY_PublicKey pk;
 
   cfg = c;
   if (NULL != test_ego)
   {
     if (GNUNET_OK !=
-        GNUNET_CRYPTO_ecdsa_public_key_from_string (test_ego,
-                                                    strlen (test_ego),
-                                                    &pk))
+        GNUNET_IDENTITY_public_key_from_string (test_ego,
+                                                &pk))
     {
       fprintf (stderr, _ ("Public key `%s' malformed\n"), test_ego);
       return;
diff --git a/src/revocation/gnunet-service-revocation.c b/src/revocation/gnunet-service-revocation.c
index ddebb38ad..56ec9f489 100644
--- a/src/revocation/gnunet-service-revocation.c
+++ b/src/revocation/gnunet-service-revocation.c
@@ -172,7 +172,8 @@ new_peer_entry (const struct GNUNET_PeerIdentity *peer)
 static int
 verify_revoke_message (const struct RevokeMessage *rm)
 {
-  if (GNUNET_YES != GNUNET_REVOCATION_check_pow (&rm->proof_of_work,
+  struct GNUNET_REVOCATION_PowP *pow = (struct GNUNET_REVOCATION_PowP *) &rm[1];
+  if (GNUNET_YES != GNUNET_REVOCATION_check_pow (pow,
                                                  (unsigned
                                                   int) revocation_work_required,
                                                  epoch_duration))
@@ -236,7 +237,7 @@ handle_query_message (void *cls,
   int res;
 
   GNUNET_CRYPTO_hash (&qm->key,
-                      sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey),
+                      sizeof(struct GNUNET_IDENTITY_PublicKey),
                       &hc);
   res = GNUNET_CONTAINER_multihashmap_contains (revocation_map,
                                                 &hc);
@@ -276,9 +277,11 @@ do_flood (void *cls,
     return GNUNET_OK; /* peer connected to us via SET,
                          but we have no direct CORE
                          connection for flooding */
-  e = GNUNET_MQ_msg (cp,
+  e = GNUNET_MQ_msg_extra (cp,
+                     htonl (rm->pow_size),
                      GNUNET_MESSAGE_TYPE_REVOCATION_REVOKE);
   *cp = *rm;
+  memcpy (&cp[1], &rm[1], htonl (rm->pow_size));
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
               "Flooding revocation to `%s'\n",
               GNUNET_i2s (target));
@@ -304,8 +307,9 @@ publicize_rm (const struct RevokeMessage *rm)
   struct GNUNET_HashCode hc;
   struct GNUNET_SETU_Element e;
 
-  GNUNET_CRYPTO_hash (&rm->proof_of_work.key,
-                      sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey),
+  struct GNUNET_REVOCATION_PowP *pow = (struct GNUNET_REVOCATION_PowP *) &rm[1];
+  GNUNET_CRYPTO_hash (&pow->key,
+                      sizeof(struct GNUNET_IDENTITY_PublicKey),
                       &hc);
   if (GNUNET_YES ==
       GNUNET_CONTAINER_multihashmap_contains (revocation_map,
@@ -371,6 +375,23 @@ publicize_rm (const struct RevokeMessage *rm)
 }
 
 
+static int
+check_revoke_message (void *cls,
+                      const struct RevokeMessage *rm)
+{
+  uint16_t size;
+
+  size = ntohs (rm->header.size);
+  if (size <= sizeof(struct RevokeMessage))
+  {
+    GNUNET_break (0);
+    return GNUNET_SYSERR;
+  }
+  return GNUNET_OK;
+
+}
+
+
 /**
  * Handle REVOKE message from client.
  *
@@ -403,6 +424,23 @@ handle_revoke_message (void *cls,
 }
 
 
+static int
+check_p2p_revoke (void *cls,
+                  const struct RevokeMessage *rm)
+{
+  uint16_t size;
+
+  size = ntohs (rm->header.size);
+  if (size <= sizeof(struct RevokeMessage))
+  {
+    GNUNET_break (0);
+    return GNUNET_SYSERR;
+  }
+  return GNUNET_OK;
+
+}
+
+
 /**
  * Core handler for flooded revocation messages.
  *
@@ -784,10 +822,10 @@ run (void *cls,
      struct GNUNET_SERVICE_Handle *service)
 {
   struct GNUNET_MQ_MessageHandler core_handlers[] = {
-    GNUNET_MQ_hd_fixed_size (p2p_revoke,
-                             GNUNET_MESSAGE_TYPE_REVOCATION_REVOKE,
-                             struct RevokeMessage,
-                             NULL),
+    GNUNET_MQ_hd_var_size (p2p_revoke,
+                           GNUNET_MESSAGE_TYPE_REVOCATION_REVOKE,
+                           struct RevokeMessage,
+                           NULL),
     GNUNET_MQ_handler_end ()
   };
   char *fn;
@@ -892,9 +930,10 @@ run (void *cls,
       GNUNET_free (fn);
       return;
     }
-    GNUNET_break (0 == ntohl (rm->reserved));
-    GNUNET_CRYPTO_hash (&rm->proof_of_work.key,
-                        sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey),
+    struct GNUNET_REVOCATION_PowP *pow = (struct
+                                          GNUNET_REVOCATION_PowP *) &rm[1];
+    GNUNET_CRYPTO_hash (&pow->key,
+                        sizeof(struct GNUNET_IDENTITY_PublicKey),
                         &hc);
     GNUNET_break (GNUNET_OK ==
                   GNUNET_CONTAINER_multihashmap_put (revocation_map,
@@ -939,10 +978,10 @@ GNUNET_SERVICE_MAIN
                            GNUNET_MESSAGE_TYPE_REVOCATION_QUERY,
                            struct QueryMessage,
                            NULL),
-  GNUNET_MQ_hd_fixed_size (revoke_message,
-                           GNUNET_MESSAGE_TYPE_REVOCATION_REVOKE,
-                           struct RevokeMessage,
-                           NULL),
+  GNUNET_MQ_hd_var_size (revoke_message,
+                         GNUNET_MESSAGE_TYPE_REVOCATION_REVOKE,
+                         struct RevokeMessage,
+                         NULL),
   GNUNET_MQ_handler_end ());
 
 
diff --git a/src/revocation/plugin_block_revocation.c b/src/revocation/plugin_block_revocation.c
index 291c56f70..ba3c33b6f 100644
--- a/src/revocation/plugin_block_revocation.c
+++ b/src/revocation/plugin_block_revocation.c
@@ -143,16 +143,16 @@ block_plugin_revocation_evaluate (void *cls,
     GNUNET_break_op (0);
     return GNUNET_BLOCK_EVALUATION_RESULT_INVALID;
   }
-  if (0 >=
-      GNUNET_REVOCATION_check_pow (&rm->proof_of_work,
-                                   ic->matching_bits,
-                                   ic->epoch_duration))
+  struct GNUNET_REVOCATION_PowP *pow = (struct GNUNET_REVOCATION_PowP *) &rm[1];
+  if (GNUNET_YES != GNUNET_REVOCATION_check_pow (pow,
+                                                 ic->matching_bits,
+                                                 ic->epoch_duration))
   {
     GNUNET_break_op (0);
     return GNUNET_BLOCK_EVALUATION_RESULT_INVALID;
   }
-  GNUNET_CRYPTO_hash (&rm->proof_of_work.key,
-                      sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey),
+  GNUNET_CRYPTO_hash (&pow->key,
+                      sizeof(struct GNUNET_IDENTITY_PublicKey),
                       &chash);
   if (GNUNET_YES ==
       GNUNET_BLOCK_GROUP_bf_test_and_set (group,
@@ -182,13 +182,14 @@ block_plugin_revocation_get_key (void *cls,
 {
   const struct RevokeMessage *rm = block;
 
-  if (block_size != sizeof(*rm))
+  if (block_size <= sizeof(*rm))
   {
     GNUNET_break_op (0);
     return GNUNET_SYSERR;
   }
-  GNUNET_CRYPTO_hash (&rm->proof_of_work.key,
-                      sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey),
+  struct GNUNET_REVOCATION_PowP *pow = (struct GNUNET_REVOCATION_PowP *) &rm[1];
+  GNUNET_CRYPTO_hash (&pow->key,
+                      sizeof(struct GNUNET_IDENTITY_PublicKey),
                       key);
   return GNUNET_OK;
 }
diff --git a/src/revocation/revocation.h b/src/revocation/revocation.h
index 635c56cfc..c3a9c9e6b 100644
--- a/src/revocation/revocation.h
+++ b/src/revocation/revocation.h
@@ -49,7 +49,7 @@ struct QueryMessage
   /**
    * Key to check.
    */
-  struct GNUNET_CRYPTO_EcdsaPublicKey key;
+  struct GNUNET_IDENTITY_PublicKey key;
 };
 
 
@@ -85,14 +85,11 @@ struct RevokeMessage
   struct GNUNET_MessageHeader header;
 
   /**
-   * For alignment.
+   * Length of PoW with signature.
    */
-  uint32_t reserved GNUNET_PACKED;
+  uint32_t pow_size GNUNET_PACKED;
 
-  /**
-   * Number that causes a hash collision with the @e public_key.
-   */
-  struct GNUNET_REVOCATION_PowP proof_of_work;
+  /** Followed by the PoW **/
 };
 
 
diff --git a/src/revocation/revocation_api.c b/src/revocation/revocation_api.c
index 75cfd8761..34529df35 100644
--- a/src/revocation/revocation_api.c
+++ b/src/revocation/revocation_api.c
@@ -160,7 +160,7 @@ handle_revocation_query_response (void *cls,
  */
 struct GNUNET_REVOCATION_Query *
 GNUNET_REVOCATION_query (const struct GNUNET_CONFIGURATION_Handle *cfg,
-                         const struct GNUNET_CRYPTO_EcdsaPublicKey *key,
+                         const struct GNUNET_IDENTITY_PublicKey *key,
                          GNUNET_REVOCATION_Callback func,
                          void *func_cls)
 {
@@ -359,10 +359,12 @@ GNUNET_REVOCATION_revoke (const struct GNUNET_CONFIGURATION_Handle *cfg,
   }
   h->func = func;
   h->func_cls = func_cls;
-  env = GNUNET_MQ_msg (rm,
-                       GNUNET_MESSAGE_TYPE_REVOCATION_REVOKE);
-  rm->reserved = htonl (0);
-  rm->proof_of_work = *pow;
+  size_t extra_len = ntohl (pow->sig_len) + sizeof (*pow);
+  env = GNUNET_MQ_msg_extra (rm,
+                             extra_len,
+                             GNUNET_MESSAGE_TYPE_REVOCATION_REVOKE);
+  rm->pow_size = htonl (extra_len);
+  memcpy (&rm[1], pow, extra_len);
   GNUNET_MQ_send (h->mq,
                   env);
   return h;
@@ -420,6 +422,46 @@ calculate_score (const struct GNUNET_REVOCATION_PowCalculationHandle *ph)
 }
 
 
+enum GNUNET_GenericReturnValue
+check_signature_ecdsa (const struct GNUNET_REVOCATION_PowP *pow,
+                       const struct GNUNET_CRYPTO_EcdsaPublicKey *key)
+{
+  struct GNUNET_REVOCATION_SignaturePurposePS spurp;
+  struct GNUNET_CRYPTO_EcdsaSignature *sig;
+
+  spurp.key = pow->key;
+  spurp.timestamp = pow->timestamp;
+  spurp.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_REVOCATION);
+  spurp.purpose.size = htonl (sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose)
+                              + sizeof(struct GNUNET_IDENTITY_PublicKey)
+                              + sizeof (struct GNUNET_TIME_AbsoluteNBO));
+  sig = (struct GNUNET_CRYPTO_EcdsaSignature *) &pow[1];
+  if (GNUNET_OK !=
+      GNUNET_CRYPTO_ecdsa_verify_ (GNUNET_SIGNATURE_PURPOSE_REVOCATION,
+                                   &spurp.purpose,
+                                   sig,
+                                   key))
+  {
+    return GNUNET_SYSERR;
+  }
+  return GNUNET_OK;
+}
+
+
+enum GNUNET_GenericReturnValue
+check_signature (const struct GNUNET_REVOCATION_PowP *pow)
+{
+  switch (ntohl (pow->key.type))
+  {
+  case GNUNET_IDENTITY_TYPE_ECDSA:
+    return check_signature_ecdsa (pow, &pow->key.ecdsa_key);
+  default:
+    return GNUNET_SYSERR;
+  }
+  return GNUNET_SYSERR;
+}
+
+
 /**
  * Check if the given proof-of-work is valid.
  *
@@ -433,10 +475,9 @@ GNUNET_REVOCATION_check_pow (const struct GNUNET_REVOCATION_PowP *pow,
                              unsigned int difficulty,
                              struct GNUNET_TIME_Relative epoch_duration)
 {
-  char buf[sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)
+  char buf[sizeof(struct GNUNET_IDENTITY_PublicKey)
            + sizeof (struct GNUNET_TIME_AbsoluteNBO)
            + sizeof (uint64_t)] GNUNET_ALIGN;
-  struct GNUNET_REVOCATION_SignaturePurposePS spurp;
   struct GNUNET_HashCode result;
   struct GNUNET_TIME_Absolute ts;
   struct GNUNET_TIME_Absolute exp;
@@ -450,21 +491,11 @@ GNUNET_REVOCATION_check_pow (const struct GNUNET_REVOCATION_PowP *pow,
   /**
    * Check if signature valid
    */
-  spurp.key = pow->key;
-  spurp.timestamp = pow->timestamp;
-  spurp.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_REVOCATION);
-  spurp.purpose.size = htonl (sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose)
-                              + sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)
-                              + sizeof (struct GNUNET_TIME_AbsoluteNBO));
-  if (GNUNET_OK !=
-      GNUNET_CRYPTO_ecdsa_verify_ (GNUNET_SIGNATURE_PURPOSE_REVOCATION,
-                                   &spurp.purpose,
-                                   &pow->signature,
-                                   &pow->key))
+  if (GNUNET_OK != check_signature (pow))
   {
     GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
                 "Proof of work signature invalid!\n");
-    return GNUNET_NO;
+    return GNUNET_SYSERR;
   }
 
   /**
@@ -480,7 +511,7 @@ GNUNET_REVOCATION_check_pow (const struct GNUNET_REVOCATION_PowP *pow,
                  sizeof (uint64_t));
   GNUNET_memcpy (&buf[sizeof(uint64_t) * 2],
                  &pow->key,
-                 sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey));
+                 sizeof(struct GNUNET_IDENTITY_PublicKey));
   for (unsigned int i = 0; i < POW_COUNT; i++)
   {
     pow_val = GNUNET_ntohll (pow->pow[i]);
@@ -529,15 +560,9 @@ GNUNET_REVOCATION_check_pow (const struct GNUNET_REVOCATION_PowP *pow,
 }
 
 
-/**
- * Initializes a fresh PoW computation.
- *
- * @param key the key to calculate the PoW for.
- * @param[out] pow starting point for PoW calculation (not yet valid)
- */
-void
-GNUNET_REVOCATION_pow_init (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
-                            struct GNUNET_REVOCATION_PowP *pow)
+enum GNUNET_GenericReturnValue
+sign_pow_ecdsa (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
+                struct GNUNET_REVOCATION_PowP *pow)
 {
   struct GNUNET_TIME_Absolute ts = GNUNET_TIME_absolute_get ();
   struct GNUNET_REVOCATION_SignaturePurposePS rp;
@@ -553,14 +578,44 @@ GNUNET_REVOCATION_pow_init (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
   rp.timestamp = pow->timestamp;
   rp.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_REVOCATION);
   rp.purpose.size = htonl (sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose)
-                           + sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)
+                           + sizeof(struct GNUNET_IDENTITY_PublicKey)
                            + sizeof (struct GNUNET_TIME_AbsoluteNBO));
-  GNUNET_CRYPTO_ecdsa_key_get_public (key, &pow->key);
   rp.key = pow->key;
-  GNUNET_assert (GNUNET_OK ==
-                 GNUNET_CRYPTO_ecdsa_sign_ (key,
-                                            &rp.purpose,
-                                            &pow->signature));
+  pow->sig_len = htonl (sizeof (struct GNUNET_CRYPTO_EcdsaSignature));
+  return GNUNET_CRYPTO_ecdsa_sign_ (key,
+                                    &rp.purpose,
+                                    (void*) &pow[1]);
+
+}
+
+
+enum GNUNET_GenericReturnValue
+sign_pow (const struct GNUNET_IDENTITY_PrivateKey *key,
+          struct GNUNET_REVOCATION_PowP *pow)
+{
+  GNUNET_IDENTITY_key_get_public (key, &pow->key);
+  switch (ntohl (pow->key.type))
+  {
+  case GNUNET_IDENTITY_TYPE_ECDSA:
+    return sign_pow_ecdsa (&key->ecdsa_key, pow);
+  default:
+    return GNUNET_NO;
+  }
+  return GNUNET_NO;
+}
+
+
+/**
+ * Initializes a fresh PoW computation.
+ *
+ * @param key the key to calculate the PoW for.
+ * @param[out] pow starting point for PoW calculation (not yet valid)
+ */
+void
+GNUNET_REVOCATION_pow_init (const struct GNUNET_IDENTITY_PrivateKey *key,
+                            struct GNUNET_REVOCATION_PowP *pow)
+{
+  GNUNET_assert (GNUNET_OK == sign_pow (key, pow));
 }
 
 
@@ -622,7 +677,7 @@ cmp_pow_value (const void *a, const void *b)
 enum GNUNET_GenericReturnValue
 GNUNET_REVOCATION_pow_round (struct GNUNET_REVOCATION_PowCalculationHandle *pc)
 {
-  char buf[sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)
+  char buf[sizeof(struct GNUNET_IDENTITY_PublicKey)
            + sizeof (uint64_t)
            + sizeof (uint64_t)] GNUNET_ALIGN;
   struct GNUNET_HashCode result;
@@ -645,7 +700,7 @@ GNUNET_REVOCATION_pow_round (struct GNUNET_REVOCATION_PowCalculationHandle *pc)
                  sizeof (uint64_t));
   GNUNET_memcpy (&buf[sizeof(uint64_t) * 2],
                  &pc->pow->key,
-                 sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey));
+                 sizeof(struct GNUNET_IDENTITY_PublicKey));
   GNUNET_CRYPTO_pow_hash (&salt,
                           buf,
                           sizeof(buf),
diff --git a/src/revocation/test_revocation.c b/src/revocation/test_revocation.c
index b65567d79..58fcf2e76 100644
--- a/src/revocation/test_revocation.c
+++ b/src/revocation/test_revocation.c
@@ -38,8 +38,8 @@ struct TestPeer
   struct GNUNET_TESTBED_Operation *core_op;
   struct GNUNET_IDENTITY_Handle *idh;
   const struct GNUNET_CONFIGURATION_Handle *cfg;
-  const struct GNUNET_CRYPTO_EcdsaPrivateKey *privkey;
-  struct GNUNET_CRYPTO_EcdsaPublicKey pubkey;
+  const struct GNUNET_IDENTITY_PrivateKey *privkey;
+  struct GNUNET_IDENTITY_PublicKey pubkey;
   struct GNUNET_CRYPTO_EcdsaSignature sig;
   struct GNUNET_IDENTITY_Operation *create_id_op;
   struct GNUNET_IDENTITY_EgoLookup *ego_lookup;
@@ -142,13 +142,13 @@ revocation_cb (void *cls, enum GNUNET_GenericReturnValue is_valid)
 }
 
 
-static struct GNUNET_REVOCATION_PowP proof_of_work;
+static struct GNUNET_REVOCATION_PowP *proof_of_work;
 
 static void
 ego_cb (void *cls, struct GNUNET_IDENTITY_Ego *ego)
 {
   static int completed = 0;
-  const struct GNUNET_CRYPTO_EcdsaPrivateKey *privkey;
+  const struct GNUNET_IDENTITY_PrivateKey *privkey;
 
   if ((NULL != ego) && (cls == &testpeers[0]))
   {
@@ -164,10 +164,11 @@ ego_cb (void *cls, struct GNUNET_IDENTITY_Ego *ego)
     GNUNET_IDENTITY_ego_get_public_key (ego, &testpeers[1].pubkey);
     GNUNET_log (GNUNET_ERROR_TYPE_INFO, "Calculating proof of work...\n");
     privkey = GNUNET_IDENTITY_ego_get_private_key (ego);
-    memset (&proof_of_work, 0, sizeof (proof_of_work));
+    proof_of_work = GNUNET_malloc (sizeof (struct GNUNET_REVOCATION_PowP) +
+                                   sizeof (struct GNUNET_CRYPTO_EcdsaSignature));
     GNUNET_REVOCATION_pow_init (privkey,
-                                &proof_of_work);
-    testpeers[1].pow = GNUNET_REVOCATION_pow_start (&proof_of_work,
+                                proof_of_work);
+    testpeers[1].pow = GNUNET_REVOCATION_pow_start (proof_of_work,
                                                     1,
                                                     5);
     int res =
@@ -184,7 +185,7 @@ ego_cb (void *cls, struct GNUNET_IDENTITY_Ego *ego)
   {
     GNUNET_log (GNUNET_ERROR_TYPE_INFO, "Egos retrieved\n");
     testpeers[1].revok_handle = GNUNET_REVOCATION_revoke (testpeers[1].cfg,
-                                                          &proof_of_work,
+                                                          proof_of_work,
                                                           &revocation_cb,
                                                           NULL);
     GNUNET_REVOCATION_pow_stop (testpeers[1].pow);
@@ -194,7 +195,7 @@ ego_cb (void *cls, struct GNUNET_IDENTITY_Ego *ego)
 
 static void
 identity_create_cb (void *cls,
-                    const struct GNUNET_CRYPTO_EcdsaPrivateKey *pk,
+                    const struct GNUNET_IDENTITY_PrivateKey *pk,
                     const char *emsg)
 {
   static int completed = 0;
@@ -238,11 +239,13 @@ identity_completion_cb (void *cls,
   testpeers[0].create_id_op = GNUNET_IDENTITY_create (testpeers[0].idh,
                                                       "client",
                                                       NULL,
+                                                      GNUNET_IDENTITY_TYPE_ECDSA,
                                                       &identity_create_cb,
                                                       &testpeers[0]);
   testpeers[1].create_id_op = GNUNET_IDENTITY_create (testpeers[1].idh,
                                                       "toberevoked",
                                                       NULL,
+                                                      GNUNET_IDENTITY_TYPE_ECDSA,
                                                       &identity_create_cb,
                                                       &testpeers[1]);
 }