aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/conversation/gnunet-service-conversation.c8
-rw-r--r--src/core/gnunet-service-core_kx.c14
-rw-r--r--src/dns/plugin_block_dns.c8
-rw-r--r--src/exit/gnunet-daemon-exit.c6
-rw-r--r--src/fs/fs_publish_ublock.c6
-rw-r--r--src/fs/fs_uri.c9
-rw-r--r--src/fs/plugin_block_fs.c8
-rw-r--r--src/gnsrecord/gnsrecord_crypto.c14
-rw-r--r--src/hello/hello-ng.c5
-rw-r--r--src/include/gnunet_crypto_lib.h172
-rw-r--r--src/nse/gnunet-service-nse.c15
-rw-r--r--src/reclaim/oidc_helper.c19
-rw-r--r--src/regex/plugin_block_regex.c8
-rw-r--r--src/regex/regex_internal_dht.c6
-rw-r--r--src/revocation/gnunet-service-revocation.c8
-rw-r--r--src/revocation/plugin_block_revocation.c8
-rw-r--r--src/revocation/revocation_api.c6
-rw-r--r--src/secretsharing/gnunet-service-secretsharing.c24
-rw-r--r--src/transport/gnunet-communicator-tcp.c31
-rw-r--r--src/transport/gnunet-communicator-udp.c16
-rw-r--r--src/transport/gnunet-service-tng.c74
-rw-r--r--src/transport/gnunet-service-transport_neighbours.c8
-rw-r--r--src/transport/gnunet-service-transport_validation.c7
-rw-r--r--src/util/crypto_ecc.c8
-rw-r--r--src/util/gnunet-crypto-tvg.c58
-rw-r--r--src/util/perf_crypto_asymmetric.c14
-rw-r--r--src/util/test_crypto_ecdsa.c33
-rw-r--r--src/util/test_crypto_eddsa.c13
28 files changed, 367 insertions, 239 deletions
diff --git a/src/conversation/gnunet-service-conversation.c b/src/conversation/gnunet-service-conversation.c
index 12b943217..502146255 100644
--- a/src/conversation/gnunet-service-conversation.c
+++ b/src/conversation/gnunet-service-conversation.c
@@ -753,7 +753,7 @@ handle_cadet_ring_message (void *cls, const struct CadetPhoneRingMessage *msg)
753 753
754 if (GNUNET_OK != 754 if (GNUNET_OK !=
755 GNUNET_CRYPTO_ecdsa_verify (GNUNET_SIGNATURE_PURPOSE_CONVERSATION_RING, 755 GNUNET_CRYPTO_ecdsa_verify (GNUNET_SIGNATURE_PURPOSE_CONVERSATION_RING,
756 &rs.purpose, 756 &rs,
757 &msg->signature, 757 &msg->signature,
758 &msg->caller_id)) 758 &msg->caller_id))
759 { 759 {
@@ -1138,9 +1138,9 @@ handle_client_call_message (void *cls, const struct ClientCallMessage *msg)
1138 e = GNUNET_MQ_msg (ring, GNUNET_MESSAGE_TYPE_CONVERSATION_CADET_PHONE_RING); 1138 e = GNUNET_MQ_msg (ring, GNUNET_MESSAGE_TYPE_CONVERSATION_CADET_PHONE_RING);
1139 GNUNET_CRYPTO_ecdsa_key_get_public (&msg->caller_id, &ring->caller_id); 1139 GNUNET_CRYPTO_ecdsa_key_get_public (&msg->caller_id, &ring->caller_id);
1140 ring->expiration_time = rs.expiration_time; 1140 ring->expiration_time = rs.expiration_time;
1141 GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_ecdsa_sign (&msg->caller_id, 1141 GNUNET_CRYPTO_ecdsa_sign (&msg->caller_id,
1142 &rs.purpose, 1142 &rs,
1143 &ring->signature)); 1143 &ring->signature);
1144 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Sending RING message via CADET\n"); 1144 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Sending RING message via CADET\n");
1145 GNUNET_MQ_send (ch->mq, e); 1145 GNUNET_MQ_send (ch->mq, e);
1146 GNUNET_SERVICE_client_continue (line->client); 1146 GNUNET_SERVICE_client_continue (line->client);
diff --git a/src/core/gnunet-service-core_kx.c b/src/core/gnunet-service-core_kx.c
index 2f43f7d13..315095938 100644
--- a/src/core/gnunet-service-core_kx.c
+++ b/src/core/gnunet-service-core_kx.c
@@ -1015,10 +1015,10 @@ handle_ephemeral_key (void *cls, const struct EphemeralKeyMessage *m)
1015 + sizeof(struct GNUNET_CRYPTO_EddsaPublicKey) 1015 + sizeof(struct GNUNET_CRYPTO_EddsaPublicKey)
1016 + sizeof(struct GNUNET_CRYPTO_EddsaPublicKey)) || 1016 + sizeof(struct GNUNET_CRYPTO_EddsaPublicKey)) ||
1017 (GNUNET_OK != 1017 (GNUNET_OK !=
1018 GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_PURPOSE_SET_ECC_KEY, 1018 GNUNET_CRYPTO_eddsa_verify_ (GNUNET_SIGNATURE_PURPOSE_SET_ECC_KEY,
1019 &m->purpose, 1019 &m->purpose,
1020 &m->signature, 1020 &m->signature,
1021 &m->origin_identity.public_key))) 1021 &m->origin_identity.public_key)))
1022 { 1022 {
1023 /* invalid signature */ 1023 /* invalid signature */
1024 GNUNET_break_op (0); 1024 GNUNET_break_op (0);
@@ -1854,9 +1854,9 @@ sign_ephemeral_key ()
1854 &current_ekm.ephemeral_key); 1854 &current_ekm.ephemeral_key);
1855 current_ekm.origin_identity = GSC_my_identity; 1855 current_ekm.origin_identity = GSC_my_identity;
1856 GNUNET_assert (GNUNET_OK == 1856 GNUNET_assert (GNUNET_OK ==
1857 GNUNET_CRYPTO_eddsa_sign (my_private_key, 1857 GNUNET_CRYPTO_eddsa_sign_ (my_private_key,
1858 &current_ekm.purpose, 1858 &current_ekm.purpose,
1859 &current_ekm.signature)); 1859 &current_ekm.signature));
1860} 1860}
1861 1861
1862 1862
diff --git a/src/dns/plugin_block_dns.c b/src/dns/plugin_block_dns.c
index 029474b49..e0beccb52 100644
--- a/src/dns/plugin_block_dns.c
+++ b/src/dns/plugin_block_dns.c
@@ -153,10 +153,10 @@ block_plugin_dns_evaluate (void *cls,
153 return GNUNET_BLOCK_EVALUATION_RESULT_INVALID; 153 return GNUNET_BLOCK_EVALUATION_RESULT_INVALID;
154 } 154 }
155 if (GNUNET_OK != 155 if (GNUNET_OK !=
156 GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_PURPOSE_DNS_RECORD, 156 GNUNET_CRYPTO_eddsa_verify_ (GNUNET_SIGNATURE_PURPOSE_DNS_RECORD,
157 &ad->purpose, 157 &ad->purpose,
158 &ad->signature, 158 &ad->signature,
159 &ad->peer.public_key)) 159 &ad->peer.public_key))
160 { 160 {
161 GNUNET_break_op (0); 161 GNUNET_break_op (0);
162 return GNUNET_BLOCK_EVALUATION_RESULT_INVALID; 162 return GNUNET_BLOCK_EVALUATION_RESULT_INVALID;
diff --git a/src/exit/gnunet-daemon-exit.c b/src/exit/gnunet-daemon-exit.c
index 6ac4fc38c..b193176c4 100644
--- a/src/exit/gnunet-daemon-exit.c
+++ b/src/exit/gnunet-daemon-exit.c
@@ -3595,9 +3595,9 @@ do_dht_put (void *cls)
3595 expiration = GNUNET_TIME_relative_to_absolute (DNS_ADVERTISEMENT_TIMEOUT); 3595 expiration = GNUNET_TIME_relative_to_absolute (DNS_ADVERTISEMENT_TIMEOUT);
3596 dns_advertisement.expiration_time = GNUNET_TIME_absolute_hton (expiration); 3596 dns_advertisement.expiration_time = GNUNET_TIME_absolute_hton (expiration);
3597 GNUNET_assert (GNUNET_OK == 3597 GNUNET_assert (GNUNET_OK ==
3598 GNUNET_CRYPTO_eddsa_sign (peer_key, 3598 GNUNET_CRYPTO_eddsa_sign_ (peer_key,
3599 &dns_advertisement.purpose, 3599 &dns_advertisement.purpose,
3600 &dns_advertisement.signature)); 3600 &dns_advertisement.signature));
3601 } 3601 }
3602 if (NULL != dht_put) 3602 if (NULL != dht_put)
3603 GNUNET_DHT_put_cancel (dht_put); 3603 GNUNET_DHT_put_cancel (dht_put);
diff --git a/src/fs/fs_publish_ublock.c b/src/fs/fs_publish_ublock.c
index 2d118ee51..fd6f2bd72 100644
--- a/src/fs/fs_publish_ublock.c
+++ b/src/fs/fs_publish_ublock.c
@@ -268,9 +268,9 @@ GNUNET_FS_publish_ublock_ (struct GNUNET_FS_Handle *h,
268 GNUNET_CRYPTO_ecdsa_key_get_public (nsd, 268 GNUNET_CRYPTO_ecdsa_key_get_public (nsd,
269 &ub_enc->verification_key); 269 &ub_enc->verification_key);
270 GNUNET_assert (GNUNET_OK == 270 GNUNET_assert (GNUNET_OK ==
271 GNUNET_CRYPTO_ecdsa_sign (nsd, 271 GNUNET_CRYPTO_ecdsa_sign_ (nsd,
272 &ub_enc->purpose, 272 &ub_enc->purpose,
273 &ub_enc->signature)); 273 &ub_enc->signature));
274 GNUNET_CRYPTO_hash (&ub_enc->verification_key, 274 GNUNET_CRYPTO_hash (&ub_enc->verification_key,
275 sizeof(ub_enc->verification_key), 275 sizeof(ub_enc->verification_key),
276 &query); 276 &query);
diff --git a/src/fs/fs_uri.c b/src/fs/fs_uri.c
index c1faf4f12..410f3c815 100644
--- a/src/fs/fs_uri.c
+++ b/src/fs/fs_uri.c
@@ -612,7 +612,7 @@ uri_loc_parse (const char *s, char **emsg)
612 ass.exptime = GNUNET_TIME_absolute_hton (et); 612 ass.exptime = GNUNET_TIME_absolute_hton (et);
613 if (GNUNET_OK != 613 if (GNUNET_OK !=
614 GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_PURPOSE_PEER_PLACEMENT, 614 GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_PURPOSE_PEER_PLACEMENT,
615 &ass.purpose, 615 &ass,
616 &sig, 616 &sig,
617 &ass.peer.public_key)) 617 &ass.peer.public_key))
618 { 618 {
@@ -900,10 +900,9 @@ GNUNET_FS_uri_loc_create (const struct GNUNET_FS_Uri *base_uri,
900 uri->data.loc.fi = base_uri->data.chk; 900 uri->data.loc.fi = base_uri->data.chk;
901 uri->data.loc.expirationTime = et; 901 uri->data.loc.expirationTime = et;
902 uri->data.loc.peer.public_key = my_public_key; 902 uri->data.loc.peer.public_key = my_public_key;
903 GNUNET_assert (GNUNET_OK == 903 GNUNET_CRYPTO_eddsa_sign (sign_key,
904 GNUNET_CRYPTO_eddsa_sign (sign_key, 904 &ass,
905 &ass.purpose, 905 &uri->data.loc.contentSignature);
906 &uri->data.loc.contentSignature));
907 return uri; 906 return uri;
908} 907}
909 908
diff --git a/src/fs/plugin_block_fs.c b/src/fs/plugin_block_fs.c
index 02855f418..6a9ab3f41 100644
--- a/src/fs/plugin_block_fs.c
+++ b/src/fs/plugin_block_fs.c
@@ -191,10 +191,10 @@ block_plugin_fs_evaluate (void *cls,
191 } 191 }
192 if ((0 == (eo & GNUNET_BLOCK_EO_LOCAL_SKIP_CRYPTO)) && 192 if ((0 == (eo & GNUNET_BLOCK_EO_LOCAL_SKIP_CRYPTO)) &&
193 (GNUNET_OK != 193 (GNUNET_OK !=
194 GNUNET_CRYPTO_ecdsa_verify (GNUNET_SIGNATURE_PURPOSE_FS_UBLOCK, 194 GNUNET_CRYPTO_ecdsa_verify_ (GNUNET_SIGNATURE_PURPOSE_FS_UBLOCK,
195 &ub->purpose, 195 &ub->purpose,
196 &ub->signature, 196 &ub->signature,
197 &ub->verification_key))) 197 &ub->verification_key)))
198 { 198 {
199 GNUNET_break_op (0); 199 GNUNET_break_op (0);
200 return GNUNET_BLOCK_EVALUATION_RESULT_INVALID; 200 return GNUNET_BLOCK_EVALUATION_RESULT_INVALID;
diff --git a/src/gnsrecord/gnsrecord_crypto.c b/src/gnsrecord/gnsrecord_crypto.c
index ea8baa77d..c8919760a 100644
--- a/src/gnsrecord/gnsrecord_crypto.c
+++ b/src/gnsrecord/gnsrecord_crypto.c
@@ -166,9 +166,9 @@ block_create (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
166 &block[1])); 166 &block[1]));
167 } 167 }
168 if (GNUNET_OK != 168 if (GNUNET_OK !=
169 GNUNET_CRYPTO_ecdsa_sign (dkey, 169 GNUNET_CRYPTO_ecdsa_sign_ (dkey,
170 &block->purpose, 170 &block->purpose,
171 &block->signature)) 171 &block->signature))
172 { 172 {
173 GNUNET_break (0); 173 GNUNET_break (0);
174 GNUNET_free (dkey); 174 GNUNET_free (dkey);
@@ -280,10 +280,10 @@ GNUNET_GNSRECORD_block_create2 (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
280int 280int
281GNUNET_GNSRECORD_block_verify (const struct GNUNET_GNSRECORD_Block *block) 281GNUNET_GNSRECORD_block_verify (const struct GNUNET_GNSRECORD_Block *block)
282{ 282{
283 return GNUNET_CRYPTO_ecdsa_verify (GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN, 283 return GNUNET_CRYPTO_ecdsa_verify_ (GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN,
284 &block->purpose, 284 &block->purpose,
285 &block->signature, 285 &block->signature,
286 &block->derived_key); 286 &block->derived_key);
287} 287}
288 288
289 289
diff --git a/src/hello/hello-ng.c b/src/hello/hello-ng.c
index 8dea616b9..d06feadd5 100644
--- a/src/hello/hello-ng.c
+++ b/src/hello/hello-ng.c
@@ -79,8 +79,7 @@ GNUNET_HELLO_sign_address (
79 sa.purpose.size = htonl (sizeof(sa)); 79 sa.purpose.size = htonl (sizeof(sa));
80 sa.mono_time = GNUNET_TIME_absolute_hton (mono_time); 80 sa.mono_time = GNUNET_TIME_absolute_hton (mono_time);
81 GNUNET_CRYPTO_hash (address, strlen (address), &sa.h_addr); 81 GNUNET_CRYPTO_hash (address, strlen (address), &sa.h_addr);
82 GNUNET_assert (GNUNET_YES == 82 GNUNET_CRYPTO_eddsa_sign (private_key, &sa, &sig);
83 GNUNET_CRYPTO_eddsa_sign (private_key, &sa.purpose, &sig));
84 sig_str = NULL; 83 sig_str = NULL;
85 (void) GNUNET_STRINGS_base64_encode (&sig, sizeof(sig), &sig_str); 84 (void) GNUNET_STRINGS_base64_encode (&sig, sizeof(sig), &sig_str);
86 *result_size = 85 *result_size =
@@ -165,7 +164,7 @@ GNUNET_HELLO_extract_address (const void *raw,
165 GNUNET_CRYPTO_hash (raw_addr, strlen (raw_addr), &sa.h_addr); 164 GNUNET_CRYPTO_hash (raw_addr, strlen (raw_addr), &sa.h_addr);
166 if (GNUNET_YES != 165 if (GNUNET_YES !=
167 GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_ADDRESS, 166 GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_ADDRESS,
168 &sa.purpose, 167 &sa,
169 sig, 168 sig,
170 public_key)) 169 public_key))
171 { 170 {
diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h
index c64fb4926..ba992ed56 100644
--- a/src/include/gnunet_crypto_lib.h
+++ b/src/include/gnunet_crypto_lib.h
@@ -1639,19 +1639,21 @@ GNUNET_CRYPTO_ecdh_ecdsa (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv,
1639 1639
1640/** 1640/**
1641 * @ingroup crypto 1641 * @ingroup crypto
1642 * EdDSA sign a given block. The @a purpose data is the 1642 * @brief EdDSA sign a given block.
1643 * beginning of the data of which the signature is to be 1643 *
1644 * created. The `size` field in @a purpose must correctly 1644 * The @a purpose data is the beginning of the data of which the signature is
1645 * indicate the number of bytes of the data structure, including 1645 * to be created. The `size` field in @a purpose must correctly indicate the
1646 * its header. 1646 * number of bytes of the data structure, including its header. If possible,
1647 * use #GNUNET_CRYPTO_eddsa_sign() instead of this function (only if @a validate
1648 * is not fixed-size, you must use this function directly).
1647 * 1649 *
1648 * @param priv private key to use for the signing 1650 * @param priv private key to use for the signing
1649 * @param purpose what to sign (size, purpose) 1651 * @param purpose what to sign (size, purpose)
1650 * @param sig where to write the signature 1652 * @param[out] sig where to write the signature
1651 * @return #GNUNET_SYSERR on error, #GNUNET_OK on success 1653 * @return #GNUNET_SYSERR on error, #GNUNET_OK on success
1652 */ 1654 */
1653int 1655int
1654GNUNET_CRYPTO_eddsa_sign ( 1656GNUNET_CRYPTO_eddsa_sign_ (
1655 const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, 1657 const struct GNUNET_CRYPTO_EddsaPrivateKey *priv,
1656 const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, 1658 const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose,
1657 struct GNUNET_CRYPTO_EddsaSignature *sig); 1659 struct GNUNET_CRYPTO_EddsaSignature *sig);
@@ -1659,32 +1661,87 @@ GNUNET_CRYPTO_eddsa_sign (
1659 1661
1660/** 1662/**
1661 * @ingroup crypto 1663 * @ingroup crypto
1662 * ECDSA Sign a given block. The @a purpose data is the 1664 * @brief EdDSA sign a given block.
1663 * beginning of the data of which the signature is to be 1665 *
1664 * created. The `size` field in @a purpose must correctly 1666 * The @a ps data must be a fixed-size struct for which the signature is to be
1665 * indicate the number of bytes of the data structure, including 1667 * created. The `size` field in @a ps->purpose must correctly indicate the
1666 * its header. 1668 * number of bytes of the data structure, including its header.
1669 *
1670 * @param priv private key to use for the signing
1671 * @param ps packed struct with what to sign, MUST begin with a purpose
1672 * @param[out] sig where to write the signature
1673 */
1674#define GNUNET_CRYPTO_eddsa_sign(priv,ps,sig) do { \
1675 /* check size is set correctly */ \
1676 GNUNET_assert (htonl ((ps)->purpose.size) == sizeof (*ps)); \
1677 /* check 'ps' begins with the purpose */ \
1678 GNUNET_static_assert (((void*) (ps)) == \
1679 ((void*) &(ps)->purpose)); \
1680 GNUNET_assert (GNUNET_OK == \
1681 GNUNET_CRYPTO_eddsa_sign_ (priv, \
1682 &(ps)->purpose, \
1683 sig)); \
1684} while (0)
1685
1686
1687/**
1688 * @ingroup crypto
1689 * @brief ECDSA Sign a given block.
1690 *
1691 * The @a purpose data is the beginning of the data of which the signature is
1692 * to be created. The `size` field in @a purpose must correctly indicate the
1693 * number of bytes of the data structure, including its header. If possible,
1694 * use #GNUNET_CRYPTO_ecdsa_sign() instead of this function (only if @a validate
1695 * is not fixed-size, you must use this function directly).
1667 * 1696 *
1668 * @param priv private key to use for the signing 1697 * @param priv private key to use for the signing
1669 * @param purpose what to sign (size, purpose) 1698 * @param purpose what to sign (size, purpose)
1670 * @param sig where to write the signature 1699 * @param[out] sig where to write the signature
1671 * @return #GNUNET_SYSERR on error, #GNUNET_OK on success 1700 * @return #GNUNET_SYSERR on error, #GNUNET_OK on success
1672 */ 1701 */
1673int 1702int
1674GNUNET_CRYPTO_ecdsa_sign ( 1703GNUNET_CRYPTO_ecdsa_sign_ (
1675 const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, 1704 const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv,
1676 const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, 1705 const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose,
1677 struct GNUNET_CRYPTO_EcdsaSignature *sig); 1706 struct GNUNET_CRYPTO_EcdsaSignature *sig);
1678 1707
1708
1709/**
1710 * @ingroup crypto
1711 * @brief ECDSA sign a given block.
1712 *
1713 * The @a ps data must be a fixed-size struct for which the signature is to be
1714 * created. The `size` field in @a ps->purpose must correctly indicate the
1715 * number of bytes of the data structure, including its header.
1716 *
1717 * @param priv private key to use for the signing
1718 * @param ps packed struct with what to sign, MUST begin with a purpose
1719 * @param[out] sig where to write the signature
1720 */
1721#define GNUNET_CRYPTO_ecdsa_sign(priv,ps,sig) do { \
1722 /* check size is set correctly */ \
1723 GNUNET_assert (htonl ((ps)->purpose.size) == sizeof (*(ps))); \
1724 /* check 'ps' begins with the purpose */ \
1725 GNUNET_static_assert (((void*) (ps)) == \
1726 ((void*) &(ps)->purpose)); \
1727 GNUNET_assert (GNUNET_OK == \
1728 GNUNET_CRYPTO_ecdsa_sign_ (priv, \
1729 &(ps)->purpose, \
1730 sig)); \
1731} while (0)
1732
1733
1679/** 1734/**
1680 * @ingroup crypto 1735 * @ingroup crypto
1681 * Verify EdDSA signature. The @a validate data is the 1736 * @brief Verify EdDSA signature.
1682 * beginning of the data of which the signature is to be 1737 *
1683 * verified. The `size` field in @a validate must correctly 1738 * The @a validate data is the beginning of the data of which the signature
1684 * indicate the number of bytes of the data structure, including 1739 * is to be verified. The `size` field in @a validate must correctly indicate
1685 * its header. If @a purpose does not match the purpose given 1740 * the number of bytes of the data structure, including its header. If @a
1686 * in @a validate (the latter must be in big endian), signature 1741 * purpose does not match the purpose given in @a validate (the latter must be
1687 * verification fails. 1742 * in big endian), signature verification fails. If possible,
1743 * use #GNUNET_CRYPTO_eddsa_verify() instead of this function (only if @a validate
1744 * is not fixed-size, you must use this function directly).
1688 * 1745 *
1689 * @param purpose what is the purpose that the signature should have? 1746 * @param purpose what is the purpose that the signature should have?
1690 * @param validate block to validate (size, purpose, data) 1747 * @param validate block to validate (size, purpose, data)
@@ -1693,7 +1750,7 @@ GNUNET_CRYPTO_ecdsa_sign (
1693 * @returns #GNUNET_OK if ok, #GNUNET_SYSERR if invalid 1750 * @returns #GNUNET_OK if ok, #GNUNET_SYSERR if invalid
1694 */ 1751 */
1695int 1752int
1696GNUNET_CRYPTO_eddsa_verify ( 1753GNUNET_CRYPTO_eddsa_verify_ (
1697 uint32_t purpose, 1754 uint32_t purpose,
1698 const struct GNUNET_CRYPTO_EccSignaturePurpose *validate, 1755 const struct GNUNET_CRYPTO_EccSignaturePurpose *validate,
1699 const struct GNUNET_CRYPTO_EddsaSignature *sig, 1756 const struct GNUNET_CRYPTO_EddsaSignature *sig,
@@ -1702,13 +1759,42 @@ GNUNET_CRYPTO_eddsa_verify (
1702 1759
1703/** 1760/**
1704 * @ingroup crypto 1761 * @ingroup crypto
1705 * Verify ECDSA signature. The @a validate data is the 1762 * @brief Verify EdDSA signature.
1706 * beginning of the data of which the signature is to be 1763 *
1707 * verified. The `size` field in @a validate must correctly 1764 * The @a ps data must be a fixed-size struct for which the signature is to be
1708 * indicate the number of bytes of the data structure, including 1765 * created. The `size` field in @a ps->purpose must correctly indicate the
1709 * its header. If @a purpose does not match the purpose given 1766 * number of bytes of the data structure, including its header.
1710 * in @a validate (the latter must be in big endian), signature 1767 *
1711 * verification fails. 1768 * @param purp purpose of the signature, must match 'ps->purpose.purpose'
1769 * (except in host byte order)
1770 * @param priv private key to use for the signing
1771 * @param ps packed struct with what to sign, MUST begin with a purpose
1772 * @param sig where to write the signature
1773 */
1774#define GNUNET_CRYPTO_eddsa_verify(purp,ps,sig,pub) ({ \
1775 /* check size is set correctly */ \
1776 GNUNET_assert (htonl ((ps)->purpose.size) == sizeof (*(ps))); \
1777 /* check 'ps' begins with the purpose */ \
1778 GNUNET_static_assert (((void*) (ps)) == \
1779 ((void*) &(ps)->purpose)); \
1780 GNUNET_CRYPTO_eddsa_verify_ (purp, \
1781 &(ps)->purpose, \
1782 sig, \
1783 pub); \
1784 })
1785
1786
1787/**
1788 * @ingroup crypto
1789 * @brief Verify ECDSA signature.
1790 *
1791 * The @a validate data is the beginning of the data of which the signature is
1792 * to be verified. The `size` field in @a validate must correctly indicate the
1793 * number of bytes of the data structure, including its header. If @a purpose
1794 * does not match the purpose given in @a validate (the latter must be in big
1795 * endian), signature verification fails. If possible, use
1796 * #GNUNET_CRYPTO_eddsa_verify() instead of this function (only if @a validate
1797 * is not fixed-size, you must use this function directly).
1712 * 1798 *
1713 * @param purpose what is the purpose that the signature should have? 1799 * @param purpose what is the purpose that the signature should have?
1714 * @param validate block to validate (size, purpose, data) 1800 * @param validate block to validate (size, purpose, data)
@@ -1717,7 +1803,7 @@ GNUNET_CRYPTO_eddsa_verify (
1717 * @returns #GNUNET_OK if ok, #GNUNET_SYSERR if invalid 1803 * @returns #GNUNET_OK if ok, #GNUNET_SYSERR if invalid
1718 */ 1804 */
1719int 1805int
1720GNUNET_CRYPTO_ecdsa_verify ( 1806GNUNET_CRYPTO_ecdsa_verify_ (
1721 uint32_t purpose, 1807 uint32_t purpose,
1722 const struct GNUNET_CRYPTO_EccSignaturePurpose *validate, 1808 const struct GNUNET_CRYPTO_EccSignaturePurpose *validate,
1723 const struct GNUNET_CRYPTO_EcdsaSignature *sig, 1809 const struct GNUNET_CRYPTO_EcdsaSignature *sig,
@@ -1726,6 +1812,32 @@ GNUNET_CRYPTO_ecdsa_verify (
1726 1812
1727/** 1813/**
1728 * @ingroup crypto 1814 * @ingroup crypto
1815 * @brief Verify ECDSA signature.
1816 *
1817 * The @a ps data must be a fixed-size struct for which the signature is to be
1818 * created. The `size` field in @a ps->purpose must correctly indicate the
1819 * number of bytes of the data structure, including its header.
1820 *
1821 * @param purp purpose of the signature, must match 'ps->purpose.purpose'
1822 * (except in host byte order)
1823 * @param priv private key to use for the signing
1824 * @param ps packed struct with what to sign, MUST begin with a purpose
1825 * @param sig where to write the signature
1826 */
1827#define GNUNET_CRYPTO_ecdsa_verify(purp,ps,sig,pub) ({ \
1828 /* check size is set correctly */ \
1829 GNUNET_assert (htonl ((ps)->purpose.size) == sizeof (*(ps))); \
1830 /* check 'ps' begins with the purpose */ \
1831 GNUNET_static_assert (((void*) (ps)) == \
1832 ((void*) &(ps)->purpose)); \
1833 GNUNET_CRYPTO_ecdsa_verify_ (purp, \
1834 &(ps)->purpose, \
1835 sig, \
1836 pub); \
1837 })
1838
1839/**
1840 * @ingroup crypto
1729 * Derive a private key from a given private key and a label. 1841 * Derive a private key from a given private key and a label.
1730 * Essentially calculates a private key 'h = H(l,P) * d mod n' 1842 * Essentially calculates a private key 'h = H(l,P) * d mod n'
1731 * where n is the size of the ECC group and P is the public 1843 * where n is the size of the ECC group and P is the public
diff --git a/src/nse/gnunet-service-nse.c b/src/nse/gnunet-service-nse.c
index f4d4e3e2f..793f60694 100644
--- a/src/nse/gnunet-service-nse.c
+++ b/src/nse/gnunet-service-nse.c
@@ -668,9 +668,10 @@ setup_flood_message (unsigned int slot, struct GNUNET_TIME_Absolute ts)
668 fm->origin = my_identity; 668 fm->origin = my_identity;
669 fm->proof_of_work = my_proof; 669 fm->proof_of_work = my_proof;
670 if (nse_work_required > 0) 670 if (nse_work_required > 0)
671 GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_eddsa_sign (my_private_key, 671 GNUNET_assert (GNUNET_OK ==
672 &fm->purpose, 672 GNUNET_CRYPTO_eddsa_sign_ (my_private_key,
673 &fm->signature)); 673 &fm->purpose,
674 &fm->signature));
674 else 675 else
675 memset (&fm->signature, 0, sizeof(fm->signature)); 676 memset (&fm->signature, 0, sizeof(fm->signature));
676} 677}
@@ -922,10 +923,10 @@ verify_message_crypto (const struct GNUNET_NSE_FloodMessage *incoming_flood)
922 } 923 }
923 if ((nse_work_required > 0) && 924 if ((nse_work_required > 0) &&
924 (GNUNET_OK != 925 (GNUNET_OK !=
925 GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_PURPOSE_NSE_SEND, 926 GNUNET_CRYPTO_eddsa_verify_ (GNUNET_SIGNATURE_PURPOSE_NSE_SEND,
926 &incoming_flood->purpose, 927 &incoming_flood->purpose,
927 &incoming_flood->signature, 928 &incoming_flood->signature,
928 &incoming_flood->origin.public_key))) 929 &incoming_flood->origin.public_key)))
929 { 930 {
930 GNUNET_break_op (0); 931 GNUNET_break_op (0);
931 return GNUNET_NO; 932 return GNUNET_NO;
diff --git a/src/reclaim/oidc_helper.c b/src/reclaim/oidc_helper.c
index 469b8a796..dded06389 100644
--- a/src/reclaim/oidc_helper.c
+++ b/src/reclaim/oidc_helper.c
@@ -551,10 +551,10 @@ OIDC_build_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer,
551 buf_ptr += payload_len; 551 buf_ptr += payload_len;
552 // Sign and store signature 552 // Sign and store signature
553 if (GNUNET_SYSERR == 553 if (GNUNET_SYSERR ==
554 GNUNET_CRYPTO_ecdsa_sign (issuer, 554 GNUNET_CRYPTO_ecdsa_sign_ (issuer,
555 purpose, 555 purpose,
556 (struct GNUNET_CRYPTO_EcdsaSignature *) 556 (struct GNUNET_CRYPTO_EcdsaSignature *)
557 buf_ptr)) 557 buf_ptr))
558 { 558 {
559 GNUNET_break (0); 559 GNUNET_break (0);
560 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Unable to sign code\n"); 560 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Unable to sign code\n");
@@ -658,7 +658,8 @@ OIDC_parse_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *ecdsa_priv,
658 code_verifier, 658 code_verifier,
659 strlen (code_verifier)); 659 strlen (code_verifier));
660 // encode code verifier 660 // encode code verifier
661 GNUNET_STRINGS_base64url_encode (code_verifier_hash, 256 / 8, &expected_code_challenge); 661 GNUNET_STRINGS_base64url_encode (code_verifier_hash, 256 / 8,
662 &expected_code_challenge);
662 code_challenge = (char *) &params[1]; 663 code_challenge = (char *) &params[1];
663 GNUNET_free (code_verifier_hash); 664 GNUNET_free (code_verifier_hash);
664 if ((strlen (expected_code_challenge) != code_challenge_len) || 665 if ((strlen (expected_code_challenge) != code_challenge_len) ||
@@ -692,10 +693,10 @@ OIDC_parse_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *ecdsa_priv,
692 return GNUNET_SYSERR; 693 return GNUNET_SYSERR;
693 } 694 }
694 if (GNUNET_OK != 695 if (GNUNET_OK !=
695 GNUNET_CRYPTO_ecdsa_verify (GNUNET_SIGNATURE_PURPOSE_RECLAIM_CODE_SIGN, 696 GNUNET_CRYPTO_ecdsa_verify_ (GNUNET_SIGNATURE_PURPOSE_RECLAIM_CODE_SIGN,
696 purpose, 697 purpose,
697 signature, 698 signature,
698 &ticket->identity)) 699 &ticket->identity))
699 { 700 {
700 GNUNET_free (code_payload); 701 GNUNET_free (code_payload);
701 GNUNET_free (plaintext); 702 GNUNET_free (plaintext);
diff --git a/src/regex/plugin_block_regex.c b/src/regex/plugin_block_regex.c
index 9c7aa9119..c087abae9 100644
--- a/src/regex/plugin_block_regex.c
+++ b/src/regex/plugin_block_regex.c
@@ -247,10 +247,10 @@ evaluate_block_regex_accept (void *cls,
247 return GNUNET_BLOCK_EVALUATION_OK_DUPLICATE; 247 return GNUNET_BLOCK_EVALUATION_OK_DUPLICATE;
248 } 248 }
249 if (GNUNET_OK != 249 if (GNUNET_OK !=
250 GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_PURPOSE_REGEX_ACCEPT, 250 GNUNET_CRYPTO_eddsa_verify_ (GNUNET_SIGNATURE_PURPOSE_REGEX_ACCEPT,
251 &rba->purpose, 251 &rba->purpose,
252 &rba->signature, 252 &rba->signature,
253 &rba->peer.public_key)) 253 &rba->peer.public_key))
254 { 254 {
255 GNUNET_break_op (0); 255 GNUNET_break_op (0);
256 return GNUNET_BLOCK_EVALUATION_RESULT_INVALID; 256 return GNUNET_BLOCK_EVALUATION_RESULT_INVALID;
diff --git a/src/regex/regex_internal_dht.c b/src/regex/regex_internal_dht.c
index 3cf48f3c2..d2c69f131 100644
--- a/src/regex/regex_internal_dht.c
+++ b/src/regex/regex_internal_dht.c
@@ -136,9 +136,9 @@ regex_iterator (void *cls,
136 GNUNET_CRYPTO_eddsa_key_get_public (h->priv, 136 GNUNET_CRYPTO_eddsa_key_get_public (h->priv,
137 &ab.peer.public_key); 137 &ab.peer.public_key);
138 GNUNET_assert (GNUNET_OK == 138 GNUNET_assert (GNUNET_OK ==
139 GNUNET_CRYPTO_eddsa_sign (h->priv, 139 GNUNET_CRYPTO_eddsa_sign_ (h->priv,
140 &ab.purpose, 140 &ab.purpose,
141 &ab.signature)); 141 &ab.signature));
142 142
143 GNUNET_STATISTICS_update (h->stats, "# regex accepting blocks stored", 143 GNUNET_STATISTICS_update (h->stats, "# regex accepting blocks stored",
144 1, GNUNET_NO); 144 1, GNUNET_NO);
diff --git a/src/revocation/gnunet-service-revocation.c b/src/revocation/gnunet-service-revocation.c
index 51286f49b..3e811cd9a 100644
--- a/src/revocation/gnunet-service-revocation.c
+++ b/src/revocation/gnunet-service-revocation.c
@@ -178,10 +178,10 @@ verify_revoke_message (const struct RevokeMessage *rm)
178 return GNUNET_NO; 178 return GNUNET_NO;
179 } 179 }
180 if (GNUNET_OK != 180 if (GNUNET_OK !=
181 GNUNET_CRYPTO_ecdsa_verify (GNUNET_SIGNATURE_PURPOSE_REVOCATION, 181 GNUNET_CRYPTO_ecdsa_verify_ (GNUNET_SIGNATURE_PURPOSE_REVOCATION,
182 &rm->purpose, 182 &rm->purpose,
183 &rm->signature, 183 &rm->signature,
184 &rm->public_key)) 184 &rm->public_key))
185 { 185 {
186 GNUNET_break_op (0); 186 GNUNET_break_op (0);
187 return GNUNET_NO; 187 return GNUNET_NO;
diff --git a/src/revocation/plugin_block_revocation.c b/src/revocation/plugin_block_revocation.c
index 3d0b55a0d..8d16b8781 100644
--- a/src/revocation/plugin_block_revocation.c
+++ b/src/revocation/plugin_block_revocation.c
@@ -151,10 +151,10 @@ block_plugin_revocation_evaluate (void *cls,
151 return GNUNET_BLOCK_EVALUATION_RESULT_INVALID; 151 return GNUNET_BLOCK_EVALUATION_RESULT_INVALID;
152 } 152 }
153 if (GNUNET_OK != 153 if (GNUNET_OK !=
154 GNUNET_CRYPTO_ecdsa_verify (GNUNET_SIGNATURE_PURPOSE_REVOCATION, 154 GNUNET_CRYPTO_ecdsa_verify_ (GNUNET_SIGNATURE_PURPOSE_REVOCATION,
155 &rm->purpose, 155 &rm->purpose,
156 &rm->signature, 156 &rm->signature,
157 &rm->public_key)) 157 &rm->public_key))
158 { 158 {
159 GNUNET_break_op (0); 159 GNUNET_break_op (0);
160 return GNUNET_BLOCK_EVALUATION_RESULT_INVALID; 160 return GNUNET_BLOCK_EVALUATION_RESULT_INVALID;
diff --git a/src/revocation/revocation_api.c b/src/revocation/revocation_api.c
index ea8db835f..4755d4816 100644
--- a/src/revocation/revocation_api.c
+++ b/src/revocation/revocation_api.c
@@ -389,9 +389,9 @@ GNUNET_REVOCATION_sign_revocation (const struct
389 + sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)); 389 + sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey));
390 GNUNET_CRYPTO_ecdsa_key_get_public (key, &rm.public_key); 390 GNUNET_CRYPTO_ecdsa_key_get_public (key, &rm.public_key);
391 GNUNET_assert (GNUNET_OK == 391 GNUNET_assert (GNUNET_OK ==
392 GNUNET_CRYPTO_ecdsa_sign (key, 392 GNUNET_CRYPTO_ecdsa_sign_ (key,
393 &rm.purpose, 393 &rm.purpose,
394 sig)); 394 sig));
395} 395}
396 396
397 397
diff --git a/src/secretsharing/gnunet-service-secretsharing.c b/src/secretsharing/gnunet-service-secretsharing.c
index d2e47da8b..2177134f6 100644
--- a/src/secretsharing/gnunet-service-secretsharing.c
+++ b/src/secretsharing/gnunet-service-secretsharing.c
@@ -679,7 +679,7 @@ generate_presecret_polynomial (struct KeygenSession *ks)
679 for (i = 0; i < ks->threshold; i++) 679 for (i = 0; i < ks->threshold; i++)
680 { 680 {
681 v = ks->presecret_polynomial[i] = gcry_mpi_new ( 681 v = ks->presecret_polynomial[i] = gcry_mpi_new (
682 GNUNET_SECRETSHARING_ELGAMAL_BITS); 682 GNUNET_SECRETSHARING_ELGAMAL_BITS);
683 GNUNET_assert (NULL != v); 683 GNUNET_assert (NULL != v);
684 // Randomize v such that 0 < v < elgamal_q. 684 // Randomize v such that 0 < v < elgamal_q.
685 // The '- 1' is necessary as bitlength(q) = bitlength(p) - 1. 685 // The '- 1' is necessary as bitlength(q) = bitlength(p) - 1.
@@ -750,7 +750,7 @@ keygen_round1_new_element (void *cls,
750 return; 750 return;
751 } 751 }
752 752
753 if (GNUNET_OK != GNUNET_CRYPTO_eddsa_verify ( 753 if (GNUNET_OK != GNUNET_CRYPTO_eddsa_verify_ (
754 GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG1, 754 GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG1,
755 &d->purpose, &d->signature, 755 &d->purpose, &d->signature,
756 &d->peer.public_key)) 756 &d->peer.public_key))
@@ -1341,9 +1341,9 @@ insert_round2_element (struct KeygenSession *ks)
1341 purpose)); 1341 purpose));
1342 d->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG2); 1342 d->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG2);
1343 GNUNET_assert (GNUNET_OK == 1343 GNUNET_assert (GNUNET_OK ==
1344 GNUNET_CRYPTO_eddsa_sign (my_peer_private_key, 1344 GNUNET_CRYPTO_eddsa_sign_ (my_peer_private_key,
1345 &d->purpose, 1345 &d->purpose,
1346 &d->signature)); 1346 &d->signature));
1347 1347
1348 GNUNET_CONSENSUS_insert (ks->consensus, element, NULL, NULL); 1348 GNUNET_CONSENSUS_insert (ks->consensus, element, NULL, NULL);
1349 GNUNET_free (element); /* FIXME: maybe stack-allocate instead? */ 1349 GNUNET_free (element); /* FIXME: maybe stack-allocate instead? */
@@ -1485,7 +1485,7 @@ keygen_round2_new_element (void *cls,
1485 return; 1485 return;
1486 } 1486 }
1487 1487
1488 if (GNUNET_OK != GNUNET_CRYPTO_eddsa_verify ( 1488 if (GNUNET_OK != GNUNET_CRYPTO_eddsa_verify_ (
1489 GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG2, 1489 GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG2,
1490 &d->purpose, &d->signature, 1490 &d->purpose, &d->signature,
1491 &d->peer.public_key)) 1491 &d->peer.public_key))
@@ -1687,9 +1687,9 @@ insert_round1_element (struct KeygenSession *ks)
1687 purpose)); 1687 purpose));
1688 d->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG1); 1688 d->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG1);
1689 GNUNET_assert (GNUNET_OK == 1689 GNUNET_assert (GNUNET_OK ==
1690 GNUNET_CRYPTO_eddsa_sign (my_peer_private_key, 1690 GNUNET_CRYPTO_eddsa_sign_ (my_peer_private_key,
1691 &d->purpose, 1691 &d->purpose,
1692 &d->signature)); 1692 &d->signature));
1693 1693
1694 GNUNET_CONSENSUS_insert (ks->consensus, element, NULL, NULL); 1694 GNUNET_CONSENSUS_insert (ks->consensus, element, NULL, NULL);
1695 1695
@@ -2189,9 +2189,9 @@ insert_decrypt_element (struct DecryptSession *ds)
2189 d.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DECRYPTION); 2189 d.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DECRYPTION);
2190 2190
2191 GNUNET_assert (GNUNET_OK == 2191 GNUNET_assert (GNUNET_OK ==
2192 GNUNET_CRYPTO_eddsa_sign (my_peer_private_key, 2192 GNUNET_CRYPTO_eddsa_sign_ (my_peer_private_key,
2193 &d.purpose, 2193 &d.purpose,
2194 &d.signature)); 2194 &d.signature));
2195 2195
2196 GNUNET_CONSENSUS_insert (ds->consensus, &element, NULL, NULL); 2196 GNUNET_CONSENSUS_insert (ds->consensus, &element, NULL, NULL);
2197 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, 2197 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
diff --git a/src/transport/gnunet-communicator-tcp.c b/src/transport/gnunet-communicator-tcp.c
index 045a57d0f..2786ba184 100644
--- a/src/transport/gnunet-communicator-tcp.c
+++ b/src/transport/gnunet-communicator-tcp.c
@@ -880,7 +880,7 @@ do_rekey (struct Queue *queue, const struct TCPRekey *rekey)
880 /* FIXME: check monotonic time is monotonic... */ 880 /* FIXME: check monotonic time is monotonic... */
881 if (GNUNET_OK != 881 if (GNUNET_OK !=
882 GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_COMMUNICATOR_TCP_REKEY, 882 GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_COMMUNICATOR_TCP_REKEY,
883 &thp.purpose, 883 &thp,
884 &rekey->sender_sig, 884 &rekey->sender_sig,
885 &queue->target.public_key)) 885 &queue->target.public_key))
886 { 886 {
@@ -1063,8 +1063,7 @@ queue_read (void *cls)
1063 However, we have to take into account that the plaintext buffer may have 1063 However, we have to take into account that the plaintext buffer may have
1064 already contained data and not jumpt too far ahead in the ciphertext. 1064 already contained data and not jumpt too far ahead in the ciphertext.
1065 If there is no rekey and the last message is incomplete (max > total), 1065 If there is no rekey and the last message is incomplete (max > total),
1066 it is safe to keep the decryption so we shift by 'max' */ 1066 it is safe to keep the decryption so we shift by 'max' */if (GNUNET_YES == queue->rekeyed)
1067 if (GNUNET_YES == queue->rekeyed)
1068 { 1067 {
1069 max = total - old_pread_off; 1068 max = total - old_pread_off;
1070 queue->rekeyed = GNUNET_NO; 1069 queue->rekeyed = GNUNET_NO;
@@ -1284,9 +1283,9 @@ inject_rekey (struct Queue *queue)
1284 thp.receiver = queue->target; 1283 thp.receiver = queue->target;
1285 thp.ephemeral = rekey.ephemeral; 1284 thp.ephemeral = rekey.ephemeral;
1286 thp.monotonic_time = rekey.monotonic_time; 1285 thp.monotonic_time = rekey.monotonic_time;
1287 GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_eddsa_sign (my_private_key, 1286 GNUNET_CRYPTO_eddsa_sign (my_private_key,
1288 &thp.purpose, 1287 &thp,
1289 &rekey.sender_sig)); 1288 &rekey.sender_sig);
1290 calculate_hmac (&queue->out_hmac, &rekey, sizeof(rekey), &rekey.hmac); 1289 calculate_hmac (&queue->out_hmac, &rekey, sizeof(rekey), &rekey.hmac);
1291 /* Encrypt rekey message with 'old' cipher */ 1290 /* Encrypt rekey message with 'old' cipher */
1292 GNUNET_assert (0 == 1291 GNUNET_assert (0 ==
@@ -1586,9 +1585,9 @@ transmit_kx (struct Queue *queue,
1586 ths.receiver = queue->target; 1585 ths.receiver = queue->target;
1587 ths.ephemeral = *epub; 1586 ths.ephemeral = *epub;
1588 ths.monotonic_time = tc.monotonic_time; 1587 ths.monotonic_time = tc.monotonic_time;
1589 GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_eddsa_sign (my_private_key, 1588 GNUNET_CRYPTO_eddsa_sign (my_private_key,
1590 &ths.purpose, 1589 &ths,
1591 &tc.sender_sig)); 1590 &tc.sender_sig);
1592 GNUNET_assert (0 == 1591 GNUNET_assert (0 ==
1593 gcry_cipher_encrypt (queue->out_cipher, 1592 gcry_cipher_encrypt (queue->out_cipher,
1594 &queue->cwrite_buf[queue->cwrite_off], 1593 &queue->cwrite_buf[queue->cwrite_off],
@@ -1654,7 +1653,7 @@ decrypt_and_check_tc (struct Queue *queue,
1654 from this sender! */ 1653 from this sender! */
1655 return GNUNET_CRYPTO_eddsa_verify ( 1654 return GNUNET_CRYPTO_eddsa_verify (
1656 GNUNET_SIGNATURE_COMMUNICATOR_TCP_HANDSHAKE, 1655 GNUNET_SIGNATURE_COMMUNICATOR_TCP_HANDSHAKE,
1657 &ths.purpose, 1656 &ths,
1658 &tc->sender_sig, 1657 &tc->sender_sig,
1659 &tc->sender.public_key); 1658 &tc->sender.public_key);
1660} 1659}
@@ -1953,7 +1952,7 @@ mq_init (void *cls, const struct GNUNET_PeerIdentity *peer, const char *address)
1953 queue->address_len = in_len; 1952 queue->address_len = in_len;
1954 queue->sock = sock; 1953 queue->sock = sock;
1955 boot_queue (queue, GNUNET_TRANSPORT_CS_OUTBOUND); 1954 boot_queue (queue, GNUNET_TRANSPORT_CS_OUTBOUND);
1956 //queue->mq_awaits_continue = GNUNET_YES; 1955 // queue->mq_awaits_continue = GNUNET_YES;
1957 queue->read_task = 1956 queue->read_task =
1958 GNUNET_SCHEDULER_add_read_net (GNUNET_CONSTANTS_IDLE_CONNECTION_TIMEOUT, 1957 GNUNET_SCHEDULER_add_read_net (GNUNET_CONSTANTS_IDLE_CONNECTION_TIMEOUT,
1959 queue->sock, 1958 queue->sock,
@@ -2155,9 +2154,9 @@ run (void *cls,
2155 max_queue_length = DEFAULT_MAX_QUEUE_LENGTH; 2154 max_queue_length = DEFAULT_MAX_QUEUE_LENGTH;
2156 if (GNUNET_OK != 2155 if (GNUNET_OK !=
2157 GNUNET_CONFIGURATION_get_value_time (cfg, 2156 GNUNET_CONFIGURATION_get_value_time (cfg,
2158 COMMUNICATOR_CONFIG_SECTION, 2157 COMMUNICATOR_CONFIG_SECTION,
2159 "REKEY_INTERVAL", 2158 "REKEY_INTERVAL",
2160 &rekey_interval)) 2159 &rekey_interval))
2161 rekey_interval = DEFAULT_REKEY_INTERVAL; 2160 rekey_interval = DEFAULT_REKEY_INTERVAL;
2162 2161
2163 in = tcp_address_to_sockaddr (bindto, &in_len); 2162 in = tcp_address_to_sockaddr (bindto, &in_len);
@@ -2286,8 +2285,8 @@ main (int argc, char *const *argv)
2286 options, 2285 options,
2287 &run, 2286 &run,
2288 NULL)) 2287 NULL))
2289 ? 0 2288 ? 0
2290 : 1; 2289 : 1;
2291 GNUNET_free ((void *) argv); 2290 GNUNET_free ((void *) argv);
2292 return ret; 2291 return ret;
2293} 2292}
diff --git a/src/transport/gnunet-communicator-udp.c b/src/transport/gnunet-communicator-udp.c
index d767689b9..1542a7702 100644
--- a/src/transport/gnunet-communicator-udp.c
+++ b/src/transport/gnunet-communicator-udp.c
@@ -1533,7 +1533,7 @@ verify_confirmation (const struct GNUNET_CRYPTO_EcdhePublicKey *ephemeral,
1533 uhs.monotonic_time = uc->monotonic_time; 1533 uhs.monotonic_time = uc->monotonic_time;
1534 return GNUNET_CRYPTO_eddsa_verify ( 1534 return GNUNET_CRYPTO_eddsa_verify (
1535 GNUNET_SIGNATURE_COMMUNICATOR_UDP_HANDSHAKE, 1535 GNUNET_SIGNATURE_COMMUNICATOR_UDP_HANDSHAKE,
1536 &uhs.purpose, 1536 &uhs,
1537 &uc->sender_sig, 1537 &uc->sender_sig,
1538 &uc->sender.public_key); 1538 &uc->sender.public_key);
1539} 1539}
@@ -1634,7 +1634,7 @@ sock_read (void *cls)
1634 GNUNET_CRYPTO_hash (&sa, salen, &uhs.h_address); 1634 GNUNET_CRYPTO_hash (&sa, salen, &uhs.h_address);
1635 if (GNUNET_OK == 1635 if (GNUNET_OK ==
1636 GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_COMMUNICATOR_UDP_BROADCAST, 1636 GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_COMMUNICATOR_UDP_BROADCAST,
1637 &uhs.purpose, 1637 &uhs,
1638 &ub->sender_sig, 1638 &ub->sender_sig,
1639 &ub->sender.public_key)) 1639 &ub->sender.public_key))
1640 { 1640 {
@@ -1932,9 +1932,9 @@ mq_send (struct GNUNET_MQ_Handle *mq,
1932 uhs.receiver = receiver->target; 1932 uhs.receiver = receiver->target;
1933 GNUNET_CRYPTO_ecdhe_key_get_public (&epriv, &uhs.ephemeral); 1933 GNUNET_CRYPTO_ecdhe_key_get_public (&epriv, &uhs.ephemeral);
1934 uhs.monotonic_time = uc.monotonic_time; 1934 uhs.monotonic_time = uc.monotonic_time;
1935 GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_eddsa_sign (my_private_key, 1935 GNUNET_CRYPTO_eddsa_sign (my_private_key,
1936 &uhs.purpose, 1936 &uhs,
1937 &uc.sender_sig)); 1937 &uc.sender_sig);
1938 /* Leave space for kx */ 1938 /* Leave space for kx */
1939 dpos = sizeof(kx); 1939 dpos = sizeof(kx);
1940 /* Append encrypted uc to dgram */ 1940 /* Append encrypted uc to dgram */
@@ -2534,9 +2534,9 @@ iface_proc (void *cls,
2534 ubs.purpose.size = htonl (sizeof(ubs)); 2534 ubs.purpose.size = htonl (sizeof(ubs));
2535 ubs.sender = my_identity; 2535 ubs.sender = my_identity;
2536 GNUNET_CRYPTO_hash (addr, addrlen, &ubs.h_address); 2536 GNUNET_CRYPTO_hash (addr, addrlen, &ubs.h_address);
2537 GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_eddsa_sign (my_private_key, 2537 GNUNET_CRYPTO_eddsa_sign (my_private_key,
2538 &ubs.purpose, 2538 &ubs,
2539 &bi->bcm.sender_sig)); 2539 &bi->bcm.sender_sig);
2540 if (NULL != broadcast_addr) 2540 if (NULL != broadcast_addr)
2541 { 2541 {
2542 bi->broadcast_task = GNUNET_SCHEDULER_add_now (&ifc_broadcast, bi); 2542 bi->broadcast_task = GNUNET_SCHEDULER_add_now (&ifc_broadcast, bi);
diff --git a/src/transport/gnunet-service-tng.c b/src/transport/gnunet-service-tng.c
index 8d68d90a6..75763fd9d 100644
--- a/src/transport/gnunet-service-tng.c
+++ b/src/transport/gnunet-service-tng.c
@@ -4137,9 +4137,9 @@ update_ephemeral (struct DistanceVector *dv)
4137 ec.purpose.size = htonl (sizeof(ec)); 4137 ec.purpose.size = htonl (sizeof(ec));
4138 ec.target = dv->target; 4138 ec.target = dv->target;
4139 ec.ephemeral_key = dv->ephemeral_key; 4139 ec.ephemeral_key = dv->ephemeral_key;
4140 GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_eddsa_sign (GST_my_private_key, 4140 GNUNET_CRYPTO_eddsa_sign (GST_my_private_key,
4141 &ec.purpose, 4141 &ec,
4142 &dv->sender_sig)); 4142 &dv->sender_sig);
4143} 4143}
4144 4144
4145 4145
@@ -6391,17 +6391,17 @@ forward_dv_learn (const struct GNUNET_PeerIdentity *next_hop,
6391 GNUNET_memcpy (dhops, hops, sizeof(struct DVPathEntryP) * nhops); 6391 GNUNET_memcpy (dhops, hops, sizeof(struct DVPathEntryP) * nhops);
6392 dhops[nhops].hop = GST_my_identity; 6392 dhops[nhops].hop = GST_my_identity;
6393 { 6393 {
6394 struct DvHopPS dhp = { .purpose.purpose = 6394 struct DvHopPS dhp = {
6395 htonl (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_DV_HOP), 6395 .purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_DV_HOP),
6396 .purpose.size = htonl (sizeof(dhp)), 6396 .purpose.size = htonl (sizeof(dhp)),
6397 .pred = dhops[nhops - 1].hop, 6397 .pred = dhops[nhops - 1].hop,
6398 .succ = *next_hop, 6398 .succ = *next_hop,
6399 .challenge = msg->challenge }; 6399 .challenge = msg->challenge
6400 };
6400 6401
6401 GNUNET_assert (GNUNET_OK == 6402 GNUNET_CRYPTO_eddsa_sign (GST_my_private_key,
6402 GNUNET_CRYPTO_eddsa_sign (GST_my_private_key, 6403 &dhp,
6403 &dhp.purpose, 6404 &dhops[nhops].hop_sig);
6404 &dhops[nhops].hop_sig));
6405 } 6405 }
6406 route_control_message_without_fc (next_hop, 6406 route_control_message_without_fc (next_hop,
6407 &fwd->header, 6407 &fwd->header,
@@ -6434,7 +6434,7 @@ validate_dv_initiator_signature (
6434 if ( 6434 if (
6435 GNUNET_OK != 6435 GNUNET_OK !=
6436 GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_DV_INITIATOR, 6436 GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_DV_INITIATOR,
6437 &ip.purpose, 6437 &ip,
6438 init_sig, 6438 init_sig,
6439 &init->public_key)) 6439 &init->public_key))
6440 { 6440 {
@@ -6770,7 +6770,7 @@ handle_dv_learn (void *cls, const struct TransportDVLearnMessage *dvl)
6770 6770
6771 if (GNUNET_OK != 6771 if (GNUNET_OK !=
6772 GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_DV_HOP, 6772 GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_DV_HOP,
6773 &dhp.purpose, 6773 &dhp,
6774 &hops[i].hop_sig, 6774 &hops[i].hop_sig,
6775 &hops[i].hop.public_key)) 6775 &hops[i].hop.public_key))
6776 { 6776 {
@@ -7422,7 +7422,7 @@ handle_dv_box (void *cls, const struct TransportDVBoxMessage *dvb)
7422 GNUNET_OK != 7422 GNUNET_OK !=
7423 GNUNET_CRYPTO_eddsa_verify ( 7423 GNUNET_CRYPTO_eddsa_verify (
7424 GNUNET_SIGNATURE_PURPOSE_TRANSPORT_EPHEMERAL, 7424 GNUNET_SIGNATURE_PURPOSE_TRANSPORT_EPHEMERAL,
7425 &ec.purpose, 7425 &ec,
7426 &ppay.sender_sig, 7426 &ppay.sender_sig,
7427 &ppay.sender.public_key)) 7427 &ppay.sender.public_key))
7428 { 7428 {
@@ -7728,15 +7728,16 @@ handle_validation_challenge (
7728 tvr.validity_duration = validity_duration; 7728 tvr.validity_duration = validity_duration;
7729 { 7729 {
7730 /* create signature */ 7730 /* create signature */
7731 struct TransportValidationPS tvp = 7731 struct TransportValidationPS tvp = {
7732 { .purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_CHALLENGE), 7732 .purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_CHALLENGE),
7733 .purpose.size = htonl (sizeof(tvp)), 7733 .purpose.size = htonl (sizeof(tvp)),
7734 .validity_duration = validity_duration, 7734 .validity_duration = validity_duration,
7735 .challenge = tvc->challenge }; 7735 .challenge = tvc->challenge
7736 };
7736 7737
7737 GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_eddsa_sign (GST_my_private_key, 7738 GNUNET_CRYPTO_eddsa_sign (GST_my_private_key,
7738 &tvp.purpose, 7739 &tvp,
7739 &tvr.signature)); 7740 &tvr.signature);
7740 } 7741 }
7741 route_control_message_without_fc (&cmc->im.sender, 7742 route_control_message_without_fc (&cmc->im.sender,
7742 &tvr.header, 7743 &tvr.header,
@@ -7921,16 +7922,17 @@ handle_validation_response (
7921 7922
7922 { 7923 {
7923 /* check signature */ 7924 /* check signature */
7924 struct TransportValidationPS tvp = 7925 struct TransportValidationPS tvp = {
7925 { .purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_CHALLENGE), 7926 .purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_CHALLENGE),
7926 .purpose.size = htonl (sizeof(tvp)), 7927 .purpose.size = htonl (sizeof(tvp)),
7927 .validity_duration = tvr->validity_duration, 7928 .validity_duration = tvr->validity_duration,
7928 .challenge = tvr->challenge }; 7929 .challenge = tvr->challenge
7930 };
7929 7931
7930 if ( 7932 if (
7931 GNUNET_OK != 7933 GNUNET_OK !=
7932 GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_CHALLENGE, 7934 GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_CHALLENGE,
7933 &tvp.purpose, 7935 &tvp,
7934 &tvr->signature, 7936 &tvr->signature,
7935 &cmc->im.sender.public_key)) 7937 &cmc->im.sender.public_key))
7936 { 7938 {
@@ -9393,15 +9395,17 @@ start_dv_learn (void *cls)
9393 dvl.monotonic_time = 9395 dvl.monotonic_time =
9394 GNUNET_TIME_absolute_hton (GNUNET_TIME_absolute_get_monotonic (GST_cfg)); 9396 GNUNET_TIME_absolute_hton (GNUNET_TIME_absolute_get_monotonic (GST_cfg));
9395 { 9397 {
9396 struct DvInitPS dvip = { .purpose.purpose = htonl ( 9398 struct DvInitPS dvip = {
9397 GNUNET_SIGNATURE_PURPOSE_TRANSPORT_DV_INITIATOR), 9399 .purpose.purpose = htonl (
9398 .purpose.size = htonl (sizeof(dvip)), 9400 GNUNET_SIGNATURE_PURPOSE_TRANSPORT_DV_INITIATOR),
9399 .monotonic_time = dvl.monotonic_time, 9401 .purpose.size = htonl (sizeof(dvip)),
9400 .challenge = lle->challenge }; 9402 .monotonic_time = dvl.monotonic_time,
9401 9403 .challenge = lle->challenge
9402 GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_eddsa_sign (GST_my_private_key, 9404 };
9403 &dvip.purpose, 9405
9404 &dvl.init_sig)); 9406 GNUNET_CRYPTO_eddsa_sign (GST_my_private_key,
9407 &dvip,
9408 &dvl.init_sig);
9405 } 9409 }
9406 dvl.initiator = GST_my_identity; 9410 dvl.initiator = GST_my_identity;
9407 dvl.challenge = lle->challenge; 9411 dvl.challenge = lle->challenge;
diff --git a/src/transport/gnunet-service-transport_neighbours.c b/src/transport/gnunet-service-transport_neighbours.c
index 9c6cebc24..ec64ca607 100644
--- a/src/transport/gnunet-service-transport_neighbours.c
+++ b/src/transport/gnunet-service-transport_neighbours.c
@@ -1045,9 +1045,9 @@ send_disconnect (struct NeighbourMapEntry *n)
1045 GNUNET_TIME_absolute_hton (GNUNET_TIME_absolute_get ()); 1045 GNUNET_TIME_absolute_hton (GNUNET_TIME_absolute_get ());
1046 disconnect_msg.public_key = GST_my_identity.public_key; 1046 disconnect_msg.public_key = GST_my_identity.public_key;
1047 GNUNET_assert (GNUNET_OK == 1047 GNUNET_assert (GNUNET_OK ==
1048 GNUNET_CRYPTO_eddsa_sign (GST_my_private_key, 1048 GNUNET_CRYPTO_eddsa_sign_ (GST_my_private_key,
1049 &disconnect_msg.purpose, 1049 &disconnect_msg.purpose,
1050 &disconnect_msg.signature)); 1050 &disconnect_msg.signature));
1051 1051
1052 (void) send_with_session (n, 1052 (void) send_with_session (n,
1053 &disconnect_msg, 1053 &disconnect_msg,
@@ -3763,7 +3763,7 @@ GST_neighbours_handle_disconnect_message (const struct
3763 return; 3763 return;
3764 } 3764 }
3765 if (GNUNET_OK != 3765 if (GNUNET_OK !=
3766 GNUNET_CRYPTO_eddsa_verify ( 3766 GNUNET_CRYPTO_eddsa_verify_ (
3767 GNUNET_MESSAGE_TYPE_TRANSPORT_SESSION_DISCONNECT, 3767 GNUNET_MESSAGE_TYPE_TRANSPORT_SESSION_DISCONNECT,
3768 &sdm->purpose, 3768 &sdm->purpose,
3769 &sdm->signature, 3769 &sdm->signature,
diff --git a/src/transport/gnunet-service-transport_validation.c b/src/transport/gnunet-service-transport_validation.c
index 631b0a8f8..610c45a21 100644
--- a/src/transport/gnunet-service-transport_validation.c
+++ b/src/transport/gnunet-service-transport_validation.c
@@ -1271,8 +1271,9 @@ GST_validation_handle_ping (const struct GNUNET_PeerIdentity *sender,
1271 *sig_cache_exp = GNUNET_TIME_relative_to_absolute (PONG_SIGNATURE_LIFETIME); 1271 *sig_cache_exp = GNUNET_TIME_relative_to_absolute (PONG_SIGNATURE_LIFETIME);
1272 pong->expiration = GNUNET_TIME_absolute_hton (*sig_cache_exp); 1272 pong->expiration = GNUNET_TIME_absolute_hton (*sig_cache_exp);
1273 if (GNUNET_OK != 1273 if (GNUNET_OK !=
1274 GNUNET_CRYPTO_eddsa_sign (GST_my_private_key, &pong->purpose, 1274 GNUNET_CRYPTO_eddsa_sign_ (GST_my_private_key,
1275 sig_cache)) 1275 &pong->purpose,
1276 sig_cache))
1276 { 1277 {
1277 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, 1278 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1278 _ ("Failed to create PONG signature for peer `%s'\n"), 1279 _ ("Failed to create PONG signature for peer `%s'\n"),
@@ -1559,7 +1560,7 @@ GST_validation_handle_pong (const struct GNUNET_PeerIdentity *sender,
1559 if (GNUNET_YES == do_verify) 1560 if (GNUNET_YES == do_verify)
1560 { 1561 {
1561 /* Do expensive verification */ 1562 /* Do expensive verification */
1562 sig_res = GNUNET_CRYPTO_eddsa_verify ( 1563 sig_res = GNUNET_CRYPTO_eddsa_verify_ (
1563 GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN, 1564 GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN,
1564 &pong->purpose, 1565 &pong->purpose,
1565 &pong->signature, 1566 &pong->signature,
diff --git a/src/util/crypto_ecc.c b/src/util/crypto_ecc.c
index d2cbe9450..4c1169f43 100644
--- a/src/util/crypto_ecc.c
+++ b/src/util/crypto_ecc.c
@@ -688,7 +688,7 @@ data_to_ecdsa_value (const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose)
688 * @return #GNUNET_SYSERR on error, #GNUNET_OK on success 688 * @return #GNUNET_SYSERR on error, #GNUNET_OK on success
689 */ 689 */
690int 690int
691GNUNET_CRYPTO_ecdsa_sign ( 691GNUNET_CRYPTO_ecdsa_sign_ (
692 const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, 692 const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv,
693 const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, 693 const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose,
694 struct GNUNET_CRYPTO_EcdsaSignature *sig) 694 struct GNUNET_CRYPTO_EcdsaSignature *sig)
@@ -750,7 +750,7 @@ GNUNET_CRYPTO_ecdsa_sign (
750 * @return #GNUNET_SYSERR on error, #GNUNET_OK on success 750 * @return #GNUNET_SYSERR on error, #GNUNET_OK on success
751 */ 751 */
752int 752int
753GNUNET_CRYPTO_eddsa_sign ( 753GNUNET_CRYPTO_eddsa_sign_ (
754 const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, 754 const struct GNUNET_CRYPTO_EddsaPrivateKey *priv,
755 const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, 755 const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose,
756 struct GNUNET_CRYPTO_EddsaSignature *sig) 756 struct GNUNET_CRYPTO_EddsaSignature *sig)
@@ -786,7 +786,7 @@ GNUNET_CRYPTO_eddsa_sign (
786 * @returns #GNUNET_OK if ok, #GNUNET_SYSERR if invalid 786 * @returns #GNUNET_OK if ok, #GNUNET_SYSERR if invalid
787 */ 787 */
788int 788int
789GNUNET_CRYPTO_ecdsa_verify ( 789GNUNET_CRYPTO_ecdsa_verify_ (
790 uint32_t purpose, 790 uint32_t purpose,
791 const struct GNUNET_CRYPTO_EccSignaturePurpose *validate, 791 const struct GNUNET_CRYPTO_EccSignaturePurpose *validate,
792 const struct GNUNET_CRYPTO_EcdsaSignature *sig, 792 const struct GNUNET_CRYPTO_EcdsaSignature *sig,
@@ -860,7 +860,7 @@ GNUNET_CRYPTO_ecdsa_verify (
860 * @returns #GNUNET_OK if ok, #GNUNET_SYSERR if invalid 860 * @returns #GNUNET_OK if ok, #GNUNET_SYSERR if invalid
861 */ 861 */
862int 862int
863GNUNET_CRYPTO_eddsa_verify ( 863GNUNET_CRYPTO_eddsa_verify_ (
864 uint32_t purpose, 864 uint32_t purpose,
865 const struct GNUNET_CRYPTO_EccSignaturePurpose *validate, 865 const struct GNUNET_CRYPTO_EccSignaturePurpose *validate,
866 const struct GNUNET_CRYPTO_EddsaSignature *sig, 866 const struct GNUNET_CRYPTO_EddsaSignature *sig,
diff --git a/src/util/gnunet-crypto-tvg.c b/src/util/gnunet-crypto-tvg.c
index a09a6ff50..e0ef9a622 100644
--- a/src/util/gnunet-crypto-tvg.c
+++ b/src/util/gnunet-crypto-tvg.c
@@ -124,16 +124,19 @@ run (void *cls,
124 struct GNUNET_CRYPTO_EddsaPublicKey pub; 124 struct GNUNET_CRYPTO_EddsaPublicKey pub;
125 struct GNUNET_CRYPTO_EddsaSignature sig; 125 struct GNUNET_CRYPTO_EddsaSignature sig;
126 struct TestSignatureDataPS data = { 0 }; 126 struct TestSignatureDataPS data = { 0 };
127
127 priv = GNUNET_CRYPTO_eddsa_key_create (); 128 priv = GNUNET_CRYPTO_eddsa_key_create ();
128 GNUNET_CRYPTO_eddsa_key_get_public (priv, &pub); 129 GNUNET_CRYPTO_eddsa_key_get_public (priv, &pub);
129 data.purpose.size = htonl (sizeof (struct TestSignatureDataPS)); 130 data.purpose.size = htonl (sizeof (data));
130 data.purpose.size = htonl (GNUNET_SIGNATURE_PURPOSE_TEST); 131 data.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TEST);
131 GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_eddsa_sign (priv, &data.purpose, 132 GNUNET_CRYPTO_eddsa_sign (priv,
132 &sig)); 133 &data,
133 GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_eddsa_verify (0, 134 &sig);
134 &data.purpose, 135 GNUNET_assert (GNUNET_OK ==
135 &sig, 136 GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_PURPOSE_TEST,
136 &pub)); 137 &data,
138 &sig,
139 &pub));
137 140
138 printf ("eddsa sig:\n"); 141 printf ("eddsa sig:\n");
139 display_data (" priv", priv, sizeof (struct 142 display_data (" priv", priv, sizeof (struct
@@ -151,15 +154,16 @@ run (void *cls,
151 char *salt = "I'm very salty"; 154 char *salt = "I'm very salty";
152 char *ctx = "I'm a context chunk, also known as 'info' in the RFC"; 155 char *ctx = "I'm a context chunk, also known as 'info' in the RFC";
153 156
154 GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_kdf (&out, 157 GNUNET_assert (GNUNET_OK ==
155 out_len, 158 GNUNET_CRYPTO_kdf (&out,
156 salt, 159 out_len,
157 strlen (salt), 160 salt,
158 ikm, 161 strlen (salt),
159 strlen (ikm), 162 ikm,
160 ctx, 163 strlen (ikm),
161 strlen (ctx), 164 ctx,
162 NULL)); 165 strlen (ctx),
166 NULL));
163 167
164 printf ("kdf:\n"); 168 printf ("kdf:\n");
165 display_data (" salt", salt, strlen (salt)); 169 display_data (" salt", salt, strlen (salt));
@@ -210,15 +214,19 @@ run (void *cls,
210 size_t sig_enc_length; 214 size_t sig_enc_length;
211 skey = GNUNET_CRYPTO_rsa_private_key_create (2048); 215 skey = GNUNET_CRYPTO_rsa_private_key_create (2048);
212 pkey = GNUNET_CRYPTO_rsa_private_key_get_public (skey); 216 pkey = GNUNET_CRYPTO_rsa_private_key_get_public (skey);
213 GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK, &message_hash, 217 GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
218 &message_hash,
214 sizeof (struct GNUNET_HashCode)); 219 sizeof (struct GNUNET_HashCode));
215 GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK, &bks, sizeof (struct 220 GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
216 GNUNET_CRYPTO_RsaBlindingKeySecret)); 221 &bks,
217 GNUNET_assert (GNUNET_YES == GNUNET_CRYPTO_rsa_blind (&message_hash, 222 sizeof (struct
218 &bks, 223 GNUNET_CRYPTO_RsaBlindingKeySecret));
219 pkey, 224 GNUNET_assert (GNUNET_YES ==
220 &blinded_data, 225 GNUNET_CRYPTO_rsa_blind (&message_hash,
221 &blinded_len)); 226 &bks,
227 pkey,
228 &blinded_data,
229 &blinded_len));
222 blinded_sig = GNUNET_CRYPTO_rsa_sign_blinded (skey, blinded_data, 230 blinded_sig = GNUNET_CRYPTO_rsa_sign_blinded (skey, blinded_data,
223 blinded_len); 231 blinded_len);
224 sig = GNUNET_CRYPTO_rsa_unblind (blinded_sig, &bks, pkey); 232 sig = GNUNET_CRYPTO_rsa_unblind (blinded_sig, &bks, pkey);
diff --git a/src/util/perf_crypto_asymmetric.c b/src/util/perf_crypto_asymmetric.c
index 7594733b0..49d9ec644 100644
--- a/src/util/perf_crypto_asymmetric.c
+++ b/src/util/perf_crypto_asymmetric.c
@@ -93,18 +93,18 @@ main (int argc, char *argv[])
93 start = GNUNET_TIME_absolute_get (); 93 start = GNUNET_TIME_absolute_get ();
94 for (i = 0; i < l; i++) 94 for (i = 0; i < l; i++)
95 GNUNET_assert (GNUNET_OK == 95 GNUNET_assert (GNUNET_OK ==
96 GNUNET_CRYPTO_eddsa_sign (eddsa[i], 96 GNUNET_CRYPTO_eddsa_sign_ (eddsa[i],
97 &sig[i].purp, 97 &sig[i].purp,
98 &sig[i].sig)); 98 &sig[i].sig));
99 log_duration ("EdDSA", "sign HashCode"); 99 log_duration ("EdDSA", "sign HashCode");
100 100
101 start = GNUNET_TIME_absolute_get (); 101 start = GNUNET_TIME_absolute_get ();
102 for (i = 0; i < l; i++) 102 for (i = 0; i < l; i++)
103 GNUNET_assert (GNUNET_OK == 103 GNUNET_assert (GNUNET_OK ==
104 GNUNET_CRYPTO_eddsa_verify (0, 104 GNUNET_CRYPTO_eddsa_verify_ (0,
105 &sig[i].purp, 105 &sig[i].purp,
106 &sig[i].sig, 106 &sig[i].sig,
107 &dspub[i])); 107 &dspub[i]));
108 log_duration ("EdDSA", "verify HashCode"); 108 log_duration ("EdDSA", "verify HashCode");
109 109
110 start = GNUNET_TIME_absolute_get (); 110 start = GNUNET_TIME_absolute_get ();
diff --git a/src/util/test_crypto_ecdsa.c b/src/util/test_crypto_ecdsa.c
index 826097d52..190c58d7d 100644
--- a/src/util/test_crypto_ecdsa.c
+++ b/src/util/test_crypto_ecdsa.c
@@ -55,7 +55,8 @@ testSignVerify ()
55 for (i = 0; i < ITER; i++) 55 for (i = 0; i < ITER; i++)
56 { 56 {
57 fprintf (stderr, "%s", "."); fflush (stderr); 57 fprintf (stderr, "%s", "."); fflush (stderr);
58 if (GNUNET_SYSERR == GNUNET_CRYPTO_ecdsa_sign (key, &purp, &sig)) 58 if (GNUNET_SYSERR ==
59 GNUNET_CRYPTO_ecdsa_sign_ (key, &purp, &sig))
59 { 60 {
60 fprintf (stderr, 61 fprintf (stderr,
61 "%s", 62 "%s",
@@ -64,16 +65,18 @@ testSignVerify ()
64 continue; 65 continue;
65 } 66 }
66 if (GNUNET_SYSERR == 67 if (GNUNET_SYSERR ==
67 GNUNET_CRYPTO_ecdsa_verify (GNUNET_SIGNATURE_PURPOSE_TEST, &purp, &sig, 68 GNUNET_CRYPTO_ecdsa_verify_ (GNUNET_SIGNATURE_PURPOSE_TEST,
68 &pkey)) 69 &purp, &sig,
70 &pkey))
69 { 71 {
70 printf ("GNUNET_CRYPTO_ecdsa_verify failed!\n"); 72 printf ("GNUNET_CRYPTO_ecdsa_verify failed!\n");
71 ok = GNUNET_SYSERR; 73 ok = GNUNET_SYSERR;
72 continue; 74 continue;
73 } 75 }
74 if (GNUNET_SYSERR != 76 if (GNUNET_SYSERR !=
75 GNUNET_CRYPTO_ecdsa_verify (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN, 77 GNUNET_CRYPTO_ecdsa_verify_ (
76 &purp, &sig, &pkey)) 78 GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN,
79 &purp, &sig, &pkey))
77 { 80 {
78 printf ("GNUNET_CRYPTO_ecdsa_verify failed to fail!\n"); 81 printf ("GNUNET_CRYPTO_ecdsa_verify failed to fail!\n");
79 ok = GNUNET_SYSERR; 82 ok = GNUNET_SYSERR;
@@ -104,33 +107,33 @@ testDeriveSignVerify ()
104 purp.size = htonl (sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose)); 107 purp.size = htonl (sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose));
105 purp.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TEST); 108 purp.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TEST);
106 109
107 if (GNUNET_SYSERR == GNUNET_CRYPTO_ecdsa_sign (dpriv, &purp, &sig)) 110 if (GNUNET_SYSERR == GNUNET_CRYPTO_ecdsa_sign_ (dpriv, &purp, &sig))
108 { 111 {
109 fprintf (stderr, "%s", "GNUNET_CRYPTO_ecdsa_sign returned SYSERR\n"); 112 fprintf (stderr, "%s", "GNUNET_CRYPTO_ecdsa_sign returned SYSERR\n");
110 GNUNET_free (dpriv); 113 GNUNET_free (dpriv);
111 return GNUNET_SYSERR; 114 return GNUNET_SYSERR;
112 } 115 }
113 if (GNUNET_SYSERR == 116 if (GNUNET_SYSERR ==
114 GNUNET_CRYPTO_ecdsa_verify (GNUNET_SIGNATURE_PURPOSE_TEST, 117 GNUNET_CRYPTO_ecdsa_verify_ (GNUNET_SIGNATURE_PURPOSE_TEST,
115 &purp, &sig, 118 &purp, &sig,
116 &dpub)) 119 &dpub))
117 { 120 {
118 printf ("GNUNET_CRYPTO_ecdsa_verify failed!\n"); 121 printf ("GNUNET_CRYPTO_ecdsa_verify failed!\n");
119 GNUNET_free (dpriv); 122 GNUNET_free (dpriv);
120 return GNUNET_SYSERR; 123 return GNUNET_SYSERR;
121 } 124 }
122 if (GNUNET_SYSERR != 125 if (GNUNET_SYSERR !=
123 GNUNET_CRYPTO_ecdsa_verify (GNUNET_SIGNATURE_PURPOSE_TEST, 126 GNUNET_CRYPTO_ecdsa_verify_ (GNUNET_SIGNATURE_PURPOSE_TEST,
124 &purp, &sig, 127 &purp, &sig,
125 &pkey)) 128 &pkey))
126 { 129 {
127 printf ("GNUNET_CRYPTO_ecdsa_verify failed to fail!\n"); 130 printf ("GNUNET_CRYPTO_ecdsa_verify failed to fail!\n");
128 GNUNET_free (dpriv); 131 GNUNET_free (dpriv);
129 return GNUNET_SYSERR; 132 return GNUNET_SYSERR;
130 } 133 }
131 if (GNUNET_SYSERR != 134 if (GNUNET_SYSERR !=
132 GNUNET_CRYPTO_ecdsa_verify (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN, 135 GNUNET_CRYPTO_ecdsa_verify_ (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN,
133 &purp, &sig, &dpub)) 136 &purp, &sig, &dpub))
134 { 137 {
135 printf ("GNUNET_CRYPTO_ecdsa_verify failed to fail!\n"); 138 printf ("GNUNET_CRYPTO_ecdsa_verify failed to fail!\n");
136 GNUNET_free (dpriv); 139 GNUNET_free (dpriv);
@@ -160,7 +163,7 @@ testSignPerformance ()
160 for (i = 0; i < ITER; i++) 163 for (i = 0; i < ITER; i++)
161 { 164 {
162 fprintf (stderr, "%s", "."); fflush (stderr); 165 fprintf (stderr, "%s", "."); fflush (stderr);
163 if (GNUNET_SYSERR == GNUNET_CRYPTO_ecdsa_sign (key, &purp, &sig)) 166 if (GNUNET_SYSERR == GNUNET_CRYPTO_ecdsa_sign_ (key, &purp, &sig))
164 { 167 {
165 fprintf (stderr, "%s", 168 fprintf (stderr, "%s",
166 "GNUNET_CRYPTO_ecdsa_sign returned SYSERR\n"); 169 "GNUNET_CRYPTO_ecdsa_sign returned SYSERR\n");
diff --git a/src/util/test_crypto_eddsa.c b/src/util/test_crypto_eddsa.c
index c0ad387e1..87990cbac 100644
--- a/src/util/test_crypto_eddsa.c
+++ b/src/util/test_crypto_eddsa.c
@@ -56,23 +56,24 @@ testSignVerify ()
56 for (unsigned int i = 0; i < ITER; i++) 56 for (unsigned int i = 0; i < ITER; i++)
57 { 57 {
58 fprintf (stderr, "%s", "."); fflush (stderr); 58 fprintf (stderr, "%s", "."); fflush (stderr);
59 if (GNUNET_SYSERR == GNUNET_CRYPTO_eddsa_sign (key, &purp, &sig)) 59 if (GNUNET_SYSERR == GNUNET_CRYPTO_eddsa_sign_ (key, &purp, &sig))
60 { 60 {
61 fprintf (stderr, "%s", "GNUNET_CRYPTO_eddsa_sign returned SYSERR\n"); 61 fprintf (stderr, "%s", "GNUNET_CRYPTO_eddsa_sign returned SYSERR\n");
62 ok = GNUNET_SYSERR; 62 ok = GNUNET_SYSERR;
63 continue; 63 continue;
64 } 64 }
65 if (GNUNET_SYSERR == 65 if (GNUNET_SYSERR ==
66 GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_PURPOSE_TEST, &purp, &sig, 66 GNUNET_CRYPTO_eddsa_verify_ (GNUNET_SIGNATURE_PURPOSE_TEST, &purp, &sig,
67 &pkey)) 67 &pkey))
68 { 68 {
69 printf ("GNUNET_CRYPTO_eddsa_verify failed!\n"); 69 printf ("GNUNET_CRYPTO_eddsa_verify failed!\n");
70 ok = GNUNET_SYSERR; 70 ok = GNUNET_SYSERR;
71 continue; 71 continue;
72 } 72 }
73 if (GNUNET_SYSERR != 73 if (GNUNET_SYSERR !=
74 GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN, 74 GNUNET_CRYPTO_eddsa_verify_ (
75 &purp, &sig, &pkey)) 75 GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN,
76 &purp, &sig, &pkey))
76 { 77 {
77 printf ("GNUNET_CRYPTO_eddsa_verify failed to fail!\n"); 78 printf ("GNUNET_CRYPTO_eddsa_verify failed to fail!\n");
78 ok = GNUNET_SYSERR; 79 ok = GNUNET_SYSERR;
@@ -105,7 +106,7 @@ testSignPerformance ()
105 for (unsigned int i = 0; i < ITER; i++) 106 for (unsigned int i = 0; i < ITER; i++)
106 { 107 {
107 fprintf (stderr, "%s", "."); fflush (stderr); 108 fprintf (stderr, "%s", "."); fflush (stderr);
108 if (GNUNET_SYSERR == GNUNET_CRYPTO_eddsa_sign (key, &purp, &sig)) 109 if (GNUNET_SYSERR == GNUNET_CRYPTO_eddsa_sign_ (key, &purp, &sig))
109 { 110 {
110 fprintf (stderr, "%s", "GNUNET_CRYPTO_eddsa_sign returned SYSERR\n"); 111 fprintf (stderr, "%s", "GNUNET_CRYPTO_eddsa_sign returned SYSERR\n");
111 ok = GNUNET_SYSERR; 112 ok = GNUNET_SYSERR;
generated by cgit v1.2.3 (git 2.39.1) at 2024-04-19 03:00:33 +0000