1 files changed, 115 insertions, 137 deletions
diff --git a/src/gnsrecord/gnsrecord_crypto.c b/src/gnsrecord/gnsrecord_crypto.c
index fe7db88b9..58feaee74 100644
--- a/src/gnsrecord/gnsrecord_crypto.c
+++ b/src/gnsrecord/gnsrecord_crypto.c
@@ -25,15 +25,7 @@
 * @author Matthias Wachs
 * @author Christian Grothoff
 */
-#include "platform.h"
+#include "gnsrecord_crypto.h"
-#include "gnunet_util_lib.h"
-#include "gnunet_constants.h"
-#include "gnunet_signatures.h"
-#include "gnunet_arm_service.h"
-#include "gnunet_gnsrecord_lib.h"
-#include "gnunet_dnsparser_lib.h"
-#include "gnunet_tun_lib.h"
 #define LOG(kind, ...) GNUNET_log_from (kind, "gnsrecord", __VA_ARGS__)
@@ -104,7 +96,7 @@ eddsa_symmetric_decrypt (
    return GNUNET_SYSERR;
  if (0 != crypto_secretbox_open_detached (result,
                                           block, // Ciphertext
-                                           ((unsigned char*)block) + ctlen, // TAG
+                                           ((unsigned char*) block) + ctlen, // TAG
                                           ctlen,
                                           nonce, key))
  {
@@ -131,20 +123,12 @@ eddsa_symmetric_encrypt (
 }
-/**
+void
- * Derive session key and iv from label and public key.
+GNR_derive_block_aes_key (unsigned char *ctr,
- *
+                          unsigned char *key,
- * @param iv initialization vector to initialize
+                          const char *label,
- * @param skey session key to initialize
+                          uint64_t exp,
- * @param label label to use for KDF
+                          const struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
- * @param pub public key to use for KDF
- */
-static void
-derive_block_aes_key (unsigned char *ctr,
-                      unsigned char *key,
-                      const char *label,
-                      uint64_t exp,
-                      const struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
 {
  static const char ctx_key[] = "gns-aes-ctx-key";
  static const char ctx_iv[] = "gns-aes-ctx-iv";
@@ -168,20 +152,12 @@ derive_block_aes_key (unsigned char *ctr,
 }
-/**
+void
- * Derive session key and iv from label and public key.
+GNR_derive_block_xsalsa_key (unsigned char *nonce,
- *
+                             unsigned char *key,
- * @param nonce initialization vector to initialize
+                             const char *label,
- * @param skey session key to initialize
+                             uint64_t exp,
- * @param label label to use for KDF
+                             const struct GNUNET_CRYPTO_EddsaPublicKey *pub)
- * @param pub public key to use for KDF
- */
-static void
-derive_block_xsalsa_key (unsigned char *nonce,
-                         unsigned char *key,
-                         const char *label,
-                         uint64_t exp,
-                         const struct GNUNET_CRYPTO_EddsaPublicKey *pub)
 {
  static const char ctx_key[] = "gns-aes-ctx-key";
  static const char ctx_iv[] = "gns-aes-ctx-iv";
@@ -291,11 +267,11 @@ block_create_ecdsa (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
                                                   "gns");
    GNUNET_CRYPTO_ecdsa_key_get_public (dkey,
                                        &ecblock->derived_key);
-    derive_block_aes_key (ctr,
+    GNR_derive_block_aes_key (ctr,
-                          skey,
+                              skey,
-                          label,
+                              label,
-                          ecblock->expiration_time.abs_value_us__,
+                              ecblock->expiration_time.abs_value_us__,
-                          pkey);
+                              pkey);
    GNUNET_break (payload_len + sizeof(uint32_t) ==
                  ecdsa_symmetric_encrypt (payload,
                                           payload_len
@@ -409,11 +385,11 @@ block_create_eddsa (const struct GNUNET_CRYPTO_EddsaPrivateKey *key,
                                            &dkey);
    GNUNET_CRYPTO_eddsa_key_get_public_from_scalar (&dkey,
                                                    &edblock->derived_key);
-    derive_block_xsalsa_key (nonce,
+    GNR_derive_block_xsalsa_key (nonce,
-                             skey,
+                                 skey,
-                             label,
+                                 label,
-                             edblock->expiration_time.abs_value_us__,
+                                 edblock->expiration_time.abs_value_us__,
-                             pkey);
+                                 pkey);
    GNUNET_break (GNUNET_OK ==
                  eddsa_symmetric_encrypt (payload,
                                           payload_len
@@ -456,24 +432,24 @@ GNUNET_GNSRECORD_block_create (const struct GNUNET_IDENTITY_PrivateKey *key,
  switch (ntohl (key->type))
  {
-    case GNUNET_GNSRECORD_TYPE_PKEY:
+  case GNUNET_GNSRECORD_TYPE_PKEY:
-      res = block_create_ecdsa (&key->ecdsa_key,
+    res = block_create_ecdsa (&key->ecdsa_key,
-                                &pkey.ecdsa_key,
+                              &pkey.ecdsa_key,
-                                expire,
+                              expire,
-                                norm_label,
+                              norm_label,
-                                rd,
+                              rd,
-                                rd_count);
+                              rd_count);
-      break;
+    break;
-    case GNUNET_GNSRECORD_TYPE_EDKEY:
+  case GNUNET_GNSRECORD_TYPE_EDKEY:
-      res = block_create_eddsa (&key->eddsa_key,
+    res = block_create_eddsa (&key->eddsa_key,
-                                &pkey.eddsa_key,
+                              &pkey.eddsa_key,
-                                expire,
+                              expire,
-                                norm_label,
+                              norm_label,
-                                rd,
+                              rd,
-                                rd_count);
+                              rd_count);
-      break;
+    break;
-    default:
+  default:
-      GNUNET_assert (0);
+    GNUNET_assert (0);
  }
  GNUNET_free (norm_label);
  return res;
@@ -576,20 +552,20 @@ GNUNET_GNSRECORD_block_verify (const struct GNUNET_GNSRECORD_Block *block)
 {
  switch (ntohl (block->type))
  {
-    case GNUNET_GNSRECORD_TYPE_PKEY:
+  case GNUNET_GNSRECORD_TYPE_PKEY:
-      return GNUNET_CRYPTO_ecdsa_verify_ (
+    return GNUNET_CRYPTO_ecdsa_verify_ (
-                                          GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN,
+      GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN,
-                                          &block->ecdsa_block.purpose,
+      &block->ecdsa_block.purpose,
-                                          &block->ecdsa_block.signature,
+      &block->ecdsa_block.signature,
-                                          &block->ecdsa_block.derived_key);
+      &block->ecdsa_block.derived_key);
-    case GNUNET_GNSRECORD_TYPE_EDKEY:
+  case GNUNET_GNSRECORD_TYPE_EDKEY:
-      return GNUNET_CRYPTO_eddsa_verify_ (
+    return GNUNET_CRYPTO_eddsa_verify_ (
-                                          GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN,
+      GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN,
-                                          &block->eddsa_block.purpose,
+      &block->eddsa_block.purpose,
-                                          &block->eddsa_block.signature,
+      &block->eddsa_block.signature,
-                                          &block->eddsa_block.derived_key);
+      &block->eddsa_block.derived_key);
-    default:
+  default:
-      return GNUNET_NO;
+    return GNUNET_NO;
  }
 }
@@ -603,8 +579,8 @@ block_decrypt_ecdsa (const struct GNUNET_GNSRECORD_EcdsaBlock *block,
                     void *proc_cls)
 {
  size_t payload_len = ntohl (block->purpose.size)
-    - sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose)
+                       - sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose)
-    - sizeof(struct GNUNET_TIME_AbsoluteNBO);
+                       - sizeof(struct GNUNET_TIME_AbsoluteNBO);
  unsigned char ctr[GNUNET_CRYPTO_AES_KEY_LENGTH / 2];
  unsigned char key[GNUNET_CRYPTO_AES_KEY_LENGTH];
@@ -615,11 +591,11 @@ block_decrypt_ecdsa (const struct GNUNET_GNSRECORD_EcdsaBlock *block,
    GNUNET_break_op (0);
    return GNUNET_SYSERR;
  }
-  derive_block_aes_key (ctr,
+  GNR_derive_block_aes_key (ctr,
-                        key,
+                            key,
-                        label,
+                            label,
-                        block->expiration_time.abs_value_us__,
+                            block->expiration_time.abs_value_us__,
-                        zone_key);
+                            zone_key);
  {
    char payload[payload_len];
    uint32_t rd_count;
@@ -731,8 +707,8 @@ block_decrypt_eddsa (const struct GNUNET_GNSRECORD_EddsaBlock *block,
                     void *proc_cls)
 {
  size_t payload_len = ntohl (block->purpose.size)
-    - sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose)
+                       - sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose)
-    - sizeof(struct GNUNET_TIME_AbsoluteNBO);
+                       - sizeof(struct GNUNET_TIME_AbsoluteNBO);
  unsigned char nonce[crypto_secretbox_NONCEBYTES];
  unsigned char key[crypto_secretbox_KEYBYTES];
@@ -743,11 +719,11 @@ block_decrypt_eddsa (const struct GNUNET_GNSRECORD_EddsaBlock *block,
    GNUNET_break_op (0);
    return GNUNET_SYSERR;
  }
-  derive_block_xsalsa_key (nonce,
+  GNR_derive_block_xsalsa_key (nonce,
-                           key,
+                               key,
-                           label,
+                               label,
-                           block->expiration_time.abs_value_us__,
+                               block->expiration_time.abs_value_us__,
-                           zone_key);
+                               zone_key);
  {
    char payload[payload_len];
    uint32_t rd_count;
@@ -875,16 +851,18 @@ GNUNET_GNSRECORD_block_decrypt (const struct GNUNET_GNSRECORD_Block *block,
  norm_label = GNUNET_GNSRECORD_string_normalize (label);
  switch (ntohl (zone_key->type))
  {
-    case GNUNET_IDENTITY_TYPE_ECDSA:
+  case GNUNET_IDENTITY_TYPE_ECDSA:
-      res = block_decrypt_ecdsa (&block->ecdsa_block,
+    res = block_decrypt_ecdsa (&block->ecdsa_block,
-                                 &zone_key->ecdsa_key, norm_label, proc, proc_cls);
+                               &zone_key->ecdsa_key, norm_label, proc,
-      break;
+                               proc_cls);
-    case GNUNET_IDENTITY_TYPE_EDDSA:
+    break;
-      res = block_decrypt_eddsa (&block->eddsa_block,
+  case GNUNET_IDENTITY_TYPE_EDDSA:
-                                 &zone_key->eddsa_key, norm_label, proc, proc_cls);
+    res = block_decrypt_eddsa (&block->eddsa_block,
-      break;
+                               &zone_key->eddsa_key, norm_label, proc,
-    default:
+                               proc_cls);
-      return GNUNET_SYSERR;
+    break;
+  default:
+    return GNUNET_SYSERR;
  }
  GNUNET_free (norm_label);
  return res;
@@ -910,17 +888,17 @@ GNUNET_GNSRECORD_query_from_private_key (const struct
  norm_label = GNUNET_GNSRECORD_string_normalize (label);
  switch (ntohl (zone->type))
  {
-    case GNUNET_GNSRECORD_TYPE_PKEY:
+  case GNUNET_GNSRECORD_TYPE_PKEY:
-    case GNUNET_GNSRECORD_TYPE_EDKEY:
+  case GNUNET_GNSRECORD_TYPE_EDKEY:
-      GNUNET_IDENTITY_key_get_public (zone,
+    GNUNET_IDENTITY_key_get_public (zone,
-                                      &pub);
+                                    &pub);
-      GNUNET_GNSRECORD_query_from_public_key (&pub,
+    GNUNET_GNSRECORD_query_from_public_key (&pub,
-                                              norm_label,
+                                            norm_label,
-                                              query);
+                                            query);
-      break;
+    break;
-    default:
+  default:
-      GNUNET_assert (0);
+    GNUNET_assert (0);
  }
  GNUNET_free (norm_label);
 }
@@ -947,28 +925,28 @@ GNUNET_GNSRECORD_query_from_public_key (const struct
  switch (ntohl (pub->type))
  {
-    case GNUNET_GNSRECORD_TYPE_PKEY:
+  case GNUNET_GNSRECORD_TYPE_PKEY:
-      pd.type = pub->type;
+    pd.type = pub->type;
-      GNUNET_CRYPTO_ecdsa_public_key_derive (&pub->ecdsa_key,
+    GNUNET_CRYPTO_ecdsa_public_key_derive (&pub->ecdsa_key,
-                                             norm_label,
+                                           norm_label,
-                                             "gns",
+                                           "gns",
-                                             &pd.ecdsa_key);
+                                           &pd.ecdsa_key);
-      GNUNET_CRYPTO_hash (&pd.ecdsa_key,
+    GNUNET_CRYPTO_hash (&pd.ecdsa_key,
-                          sizeof (pd.ecdsa_key),
+                        sizeof (pd.ecdsa_key),
-                          query);
+                        query);
-      break;
+    break;
-    case GNUNET_GNSRECORD_TYPE_EDKEY:
+  case GNUNET_GNSRECORD_TYPE_EDKEY:
-      pd.type = pub->type;
+    pd.type = pub->type;
-      GNUNET_CRYPTO_eddsa_public_key_derive (&pub->eddsa_key,
+    GNUNET_CRYPTO_eddsa_public_key_derive (&pub->eddsa_key,
-                                             norm_label,
+                                           norm_label,
-                                             "gns",
+                                           "gns",
-                                             &(pd.eddsa_key));
+                                           &(pd.eddsa_key));
-      GNUNET_CRYPTO_hash (&pd.eddsa_key,
+    GNUNET_CRYPTO_hash (&pd.eddsa_key,
-                          sizeof (pd.eddsa_key),
+                        sizeof (pd.eddsa_key),
-                          query);
+                        query);
-      break;
+    break;
-    default:
+  default:
-      GNUNET_assert (0);
+    GNUNET_assert (0);
  }
  GNUNET_free (norm_label);
 }

diff --git a/src/gnsrecord/gnsrecord_crypto.c b/src/gnsrecord/gnsrecord_crypto.c index fe7db88b9..58feaee74 100644 --- a/src/gnsrecord/gnsrecord_crypto.c +++ b/src/gnsrecord/gnsrecord_crypto.c
@@ -25,15 +25,7 @@
25	* @author Matthias Wachs	25	* @author Matthias Wachs
26	* @author Christian Grothoff	26	* @author Christian Grothoff
27	*/	27	*/
28	#include "platform.h"	28	#include "gnsrecord_crypto.h"
29	#include "gnunet_util_lib.h"
30	#include "gnunet_constants.h"
31	#include "gnunet_signatures.h"
32	#include "gnunet_arm_service.h"
33	#include "gnunet_gnsrecord_lib.h"
34	#include "gnunet_dnsparser_lib.h"
35	#include "gnunet_tun_lib.h"
36
37		29
38	#define LOG(kind, ...) GNUNET_log_from (kind, "gnsrecord", __VA_ARGS__)	30	#define LOG(kind, ...) GNUNET_log_from (kind, "gnsrecord", __VA_ARGS__)
39		31
@@ -104,7 +96,7 @@ eddsa_symmetric_decrypt (
104	return GNUNET_SYSERR;	96	return GNUNET_SYSERR;
105	if (0 != crypto_secretbox_open_detached (result,	97	if (0 != crypto_secretbox_open_detached (result,
106	block, // Ciphertext	98	block, // Ciphertext
107	((unsigned char*)block) + ctlen, // TAG	99	((unsigned char*) block) + ctlen, // TAG
108	ctlen,	100	ctlen,
109	nonce, key))	101	nonce, key))
110	{	102	{
@@ -131,20 +123,12 @@ eddsa_symmetric_encrypt (
131	}	123	}
132		124
133		125
134	/**	126	void
135	* Derive session key and iv from label and public key.	127	GNR_derive_block_aes_key (unsigned char *ctr,
136	*	128	unsigned char *key,
137	* @param iv initialization vector to initialize	129	const char *label,
138	* @param skey session key to initialize	130	uint64_t exp,
139	* @param label label to use for KDF	131	const struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
140	* @param pub public key to use for KDF
141	*/
142	static void
143	derive_block_aes_key (unsigned char *ctr,
144	unsigned char *key,
145	const char *label,
146	uint64_t exp,
147	const struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
148	{	132	{
149	static const char ctx_key[] = "gns-aes-ctx-key";	133	static const char ctx_key[] = "gns-aes-ctx-key";
150	static const char ctx_iv[] = "gns-aes-ctx-iv";	134	static const char ctx_iv[] = "gns-aes-ctx-iv";
@@ -168,20 +152,12 @@ derive_block_aes_key (unsigned char *ctr,
168	}	152	}
169		153
170		154
171	/**	155	void
172	* Derive session key and iv from label and public key.	156	GNR_derive_block_xsalsa_key (unsigned char *nonce,
173	*	157	unsigned char *key,
174	* @param nonce initialization vector to initialize	158	const char *label,
175	* @param skey session key to initialize	159	uint64_t exp,
176	* @param label label to use for KDF	160	const struct GNUNET_CRYPTO_EddsaPublicKey *pub)
177	* @param pub public key to use for KDF
178	*/
179	static void
180	derive_block_xsalsa_key (unsigned char *nonce,
181	unsigned char *key,
182	const char *label,
183	uint64_t exp,
184	const struct GNUNET_CRYPTO_EddsaPublicKey *pub)
185	{	161	{
186	static const char ctx_key[] = "gns-aes-ctx-key";	162	static const char ctx_key[] = "gns-aes-ctx-key";
187	static const char ctx_iv[] = "gns-aes-ctx-iv";	163	static const char ctx_iv[] = "gns-aes-ctx-iv";
@@ -291,11 +267,11 @@ block_create_ecdsa (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
291	"gns");	267	"gns");
292	GNUNET_CRYPTO_ecdsa_key_get_public (dkey,	268	GNUNET_CRYPTO_ecdsa_key_get_public (dkey,
293	&ecblock->derived_key);	269	&ecblock->derived_key);
294	derive_block_aes_key (ctr,	270	GNR_derive_block_aes_key (ctr,
295	skey,	271	skey,
296	label,	272	label,
297	ecblock->expiration_time.abs_value_us__,	273	ecblock->expiration_time.abs_value_us__,
298	pkey);	274	pkey);
299	GNUNET_break (payload_len + sizeof(uint32_t) ==	275	GNUNET_break (payload_len + sizeof(uint32_t) ==
300	ecdsa_symmetric_encrypt (payload,	276	ecdsa_symmetric_encrypt (payload,
301	payload_len	277	payload_len
@@ -409,11 +385,11 @@ block_create_eddsa (const struct GNUNET_CRYPTO_EddsaPrivateKey *key,
409	&dkey);	385	&dkey);
410	GNUNET_CRYPTO_eddsa_key_get_public_from_scalar (&dkey,	386	GNUNET_CRYPTO_eddsa_key_get_public_from_scalar (&dkey,
411	&edblock->derived_key);	387	&edblock->derived_key);
412	derive_block_xsalsa_key (nonce,	388	GNR_derive_block_xsalsa_key (nonce,
413	skey,	389	skey,
414	label,	390	label,
415	edblock->expiration_time.abs_value_us__,	391	edblock->expiration_time.abs_value_us__,
416	pkey);	392	pkey);
417	GNUNET_break (GNUNET_OK ==	393	GNUNET_break (GNUNET_OK ==
418	eddsa_symmetric_encrypt (payload,	394	eddsa_symmetric_encrypt (payload,
419	payload_len	395	payload_len
@@ -456,24 +432,24 @@ GNUNET_GNSRECORD_block_create (const struct GNUNET_IDENTITY_PrivateKey *key,
456		432
457	switch (ntohl (key->type))	433	switch (ntohl (key->type))
458	{	434	{
459	case GNUNET_GNSRECORD_TYPE_PKEY:	435	case GNUNET_GNSRECORD_TYPE_PKEY:
460	res = block_create_ecdsa (&key->ecdsa_key,	436	res = block_create_ecdsa (&key->ecdsa_key,
461	&pkey.ecdsa_key,	437	&pkey.ecdsa_key,
462	expire,	438	expire,
463	norm_label,	439	norm_label,
464	rd,	440	rd,
465	rd_count);	441	rd_count);
466	break;	442	break;
467	case GNUNET_GNSRECORD_TYPE_EDKEY:	443	case GNUNET_GNSRECORD_TYPE_EDKEY:
468	res = block_create_eddsa (&key->eddsa_key,	444	res = block_create_eddsa (&key->eddsa_key,
469	&pkey.eddsa_key,	445	&pkey.eddsa_key,
470	expire,	446	expire,
471	norm_label,	447	norm_label,
472	rd,	448	rd,
473	rd_count);	449	rd_count);
474	break;	450	break;
475	default:	451	default:
476	GNUNET_assert (0);	452	GNUNET_assert (0);
477	}	453	}
478	GNUNET_free (norm_label);	454	GNUNET_free (norm_label);
479	return res;	455	return res;
@@ -576,20 +552,20 @@ GNUNET_GNSRECORD_block_verify (const struct GNUNET_GNSRECORD_Block *block)
576	{	552	{
577	switch (ntohl (block->type))	553	switch (ntohl (block->type))
578	{	554	{
579	case GNUNET_GNSRECORD_TYPE_PKEY:	555	case GNUNET_GNSRECORD_TYPE_PKEY:
580	return GNUNET_CRYPTO_ecdsa_verify_ (	556	return GNUNET_CRYPTO_ecdsa_verify_ (
581	GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN,	557	GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN,
582	&block->ecdsa_block.purpose,	558	&block->ecdsa_block.purpose,
583	&block->ecdsa_block.signature,	559	&block->ecdsa_block.signature,
584	&block->ecdsa_block.derived_key);	560	&block->ecdsa_block.derived_key);
585	case GNUNET_GNSRECORD_TYPE_EDKEY:	561	case GNUNET_GNSRECORD_TYPE_EDKEY:
586	return GNUNET_CRYPTO_eddsa_verify_ (	562	return GNUNET_CRYPTO_eddsa_verify_ (
587	GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN,	563	GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN,
588	&block->eddsa_block.purpose,	564	&block->eddsa_block.purpose,
589	&block->eddsa_block.signature,	565	&block->eddsa_block.signature,
590	&block->eddsa_block.derived_key);	566	&block->eddsa_block.derived_key);
591	default:	567	default:
592	return GNUNET_NO;	568	return GNUNET_NO;
593	}	569	}
594	}	570	}
595		571
@@ -603,8 +579,8 @@ block_decrypt_ecdsa (const struct GNUNET_GNSRECORD_EcdsaBlock *block,
603	void *proc_cls)	579	void *proc_cls)
604	{	580	{
605	size_t payload_len = ntohl (block->purpose.size)	581	size_t payload_len = ntohl (block->purpose.size)
606	- sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose)	582	- sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose)
607	- sizeof(struct GNUNET_TIME_AbsoluteNBO);	583	- sizeof(struct GNUNET_TIME_AbsoluteNBO);
608	unsigned char ctr[GNUNET_CRYPTO_AES_KEY_LENGTH / 2];	584	unsigned char ctr[GNUNET_CRYPTO_AES_KEY_LENGTH / 2];
609	unsigned char key[GNUNET_CRYPTO_AES_KEY_LENGTH];	585	unsigned char key[GNUNET_CRYPTO_AES_KEY_LENGTH];
610		586
@@ -615,11 +591,11 @@ block_decrypt_ecdsa (const struct GNUNET_GNSRECORD_EcdsaBlock *block,
615	GNUNET_break_op (0);	591	GNUNET_break_op (0);
616	return GNUNET_SYSERR;	592	return GNUNET_SYSERR;
617	}	593	}
618	derive_block_aes_key (ctr,	594	GNR_derive_block_aes_key (ctr,
619	key,	595	key,
620	label,	596	label,
621	block->expiration_time.abs_value_us__,	597	block->expiration_time.abs_value_us__,
622	zone_key);	598	zone_key);
623	{	599	{
624	char payload[payload_len];	600	char payload[payload_len];
625	uint32_t rd_count;	601	uint32_t rd_count;
@@ -731,8 +707,8 @@ block_decrypt_eddsa (const struct GNUNET_GNSRECORD_EddsaBlock *block,
731	void *proc_cls)	707	void *proc_cls)
732	{	708	{
733	size_t payload_len = ntohl (block->purpose.size)	709	size_t payload_len = ntohl (block->purpose.size)
734	- sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose)	710	- sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose)
735	- sizeof(struct GNUNET_TIME_AbsoluteNBO);	711	- sizeof(struct GNUNET_TIME_AbsoluteNBO);
736	unsigned char nonce[crypto_secretbox_NONCEBYTES];	712	unsigned char nonce[crypto_secretbox_NONCEBYTES];
737	unsigned char key[crypto_secretbox_KEYBYTES];	713	unsigned char key[crypto_secretbox_KEYBYTES];
738		714
@@ -743,11 +719,11 @@ block_decrypt_eddsa (const struct GNUNET_GNSRECORD_EddsaBlock *block,
743	GNUNET_break_op (0);	719	GNUNET_break_op (0);
744	return GNUNET_SYSERR;	720	return GNUNET_SYSERR;
745	}	721	}
746	derive_block_xsalsa_key (nonce,	722	GNR_derive_block_xsalsa_key (nonce,
747	key,	723	key,
748	label,	724	label,
749	block->expiration_time.abs_value_us__,	725	block->expiration_time.abs_value_us__,
750	zone_key);	726	zone_key);
751	{	727	{
752	char payload[payload_len];	728	char payload[payload_len];
753	uint32_t rd_count;	729	uint32_t rd_count;
@@ -875,16 +851,18 @@ GNUNET_GNSRECORD_block_decrypt (const struct GNUNET_GNSRECORD_Block *block,
875	norm_label = GNUNET_GNSRECORD_string_normalize (label);	851	norm_label = GNUNET_GNSRECORD_string_normalize (label);
876	switch (ntohl (zone_key->type))	852	switch (ntohl (zone_key->type))
877	{	853	{
878	case GNUNET_IDENTITY_TYPE_ECDSA:	854	case GNUNET_IDENTITY_TYPE_ECDSA:
879	res = block_decrypt_ecdsa (&block->ecdsa_block,	855	res = block_decrypt_ecdsa (&block->ecdsa_block,
880	&zone_key->ecdsa_key, norm_label, proc, proc_cls);	856	&zone_key->ecdsa_key, norm_label, proc,
881	break;	857	proc_cls);
882	case GNUNET_IDENTITY_TYPE_EDDSA:	858	break;
883	res = block_decrypt_eddsa (&block->eddsa_block,	859	case GNUNET_IDENTITY_TYPE_EDDSA:
884	&zone_key->eddsa_key, norm_label, proc, proc_cls);	860	res = block_decrypt_eddsa (&block->eddsa_block,
885	break;	861	&zone_key->eddsa_key, norm_label, proc,
886	default:	862	proc_cls);
887	return GNUNET_SYSERR;	863	break;
		864	default:
		865	return GNUNET_SYSERR;
888	}	866	}
889	GNUNET_free (norm_label);	867	GNUNET_free (norm_label);
890	return res;	868	return res;
@@ -910,17 +888,17 @@ GNUNET_GNSRECORD_query_from_private_key (const struct
910	norm_label = GNUNET_GNSRECORD_string_normalize (label);	888	norm_label = GNUNET_GNSRECORD_string_normalize (label);
911	switch (ntohl (zone->type))	889	switch (ntohl (zone->type))
912	{	890	{
913	case GNUNET_GNSRECORD_TYPE_PKEY:	891	case GNUNET_GNSRECORD_TYPE_PKEY:
914	case GNUNET_GNSRECORD_TYPE_EDKEY:	892	case GNUNET_GNSRECORD_TYPE_EDKEY:
915		893
916	GNUNET_IDENTITY_key_get_public (zone,	894	GNUNET_IDENTITY_key_get_public (zone,
917	&pub);	895	&pub);
918	GNUNET_GNSRECORD_query_from_public_key (&pub,	896	GNUNET_GNSRECORD_query_from_public_key (&pub,
919	norm_label,	897	norm_label,
920	query);	898	query);
921	break;	899	break;
922	default:	900	default:
923	GNUNET_assert (0);	901	GNUNET_assert (0);
924	}	902	}
925	GNUNET_free (norm_label);	903	GNUNET_free (norm_label);
926	}	904	}
@@ -947,28 +925,28 @@ GNUNET_GNSRECORD_query_from_public_key (const struct
947		925
948	switch (ntohl (pub->type))	926	switch (ntohl (pub->type))
949	{	927	{
950	case GNUNET_GNSRECORD_TYPE_PKEY:	928	case GNUNET_GNSRECORD_TYPE_PKEY:
951	pd.type = pub->type;	929	pd.type = pub->type;
952	GNUNET_CRYPTO_ecdsa_public_key_derive (&pub->ecdsa_key,	930	GNUNET_CRYPTO_ecdsa_public_key_derive (&pub->ecdsa_key,
953	norm_label,	931	norm_label,
954	"gns",	932	"gns",
955	&pd.ecdsa_key);	933	&pd.ecdsa_key);
956	GNUNET_CRYPTO_hash (&pd.ecdsa_key,	934	GNUNET_CRYPTO_hash (&pd.ecdsa_key,
957	sizeof (pd.ecdsa_key),	935	sizeof (pd.ecdsa_key),
958	query);	936	query);
959	break;	937	break;
960	case GNUNET_GNSRECORD_TYPE_EDKEY:	938	case GNUNET_GNSRECORD_TYPE_EDKEY:
961	pd.type = pub->type;	939	pd.type = pub->type;
962	GNUNET_CRYPTO_eddsa_public_key_derive (&pub->eddsa_key,	940	GNUNET_CRYPTO_eddsa_public_key_derive (&pub->eddsa_key,
963	norm_label,	941	norm_label,
964	"gns",	942	"gns",
965	&(pd.eddsa_key));	943	&(pd.eddsa_key));
966	GNUNET_CRYPTO_hash (&pd.eddsa_key,	944	GNUNET_CRYPTO_hash (&pd.eddsa_key,
967	sizeof (pd.eddsa_key),	945	sizeof (pd.eddsa_key),
968	query);	946	query);
969	break;	947	break;
970	default:	948	default:
971	GNUNET_assert (0);	949	GNUNET_assert (0);
972	}	950	}
973	GNUNET_free (norm_label);	951	GNUNET_free (norm_label);
974	}	952	}