1 files changed, 370 insertions, 21 deletions
diff --git a/src/identity/identity_api.c b/src/identity/identity_api.c
index f7aca1655..64c088923 100644
--- a/src/identity/identity_api.c
+++ b/src/identity/identity_api.c
@@ -74,7 +74,7 @@ struct GNUNET_IDENTITY_Operation
  /**
   * Private key to return to @e create_cont, or NULL.
   */
-  struct GNUNET_CRYPTO_EcdsaPrivateKey pk;
+  struct GNUNET_IDENTITY_PrivateKey pk;
  /**
   * Continuation to invoke with the result of the transmission for
@@ -157,13 +157,12 @@ GNUNET_IDENTITY_ego_get_anonymous ()
 {
  static struct GNUNET_IDENTITY_Ego anon;
  static int setup;
-  struct GNUNET_CRYPTO_EcdsaPublicKey pub;
  if (setup)
    return &anon;
-  anon.pk = *GNUNET_CRYPTO_ecdsa_key_get_anonymous ();
+  anon.pk.type = htonl (GNUNET_IDENTITY_TYPE_ECDSA);
-  GNUNET_CRYPTO_ecdsa_key_get_public (&anon.pk,
+  anon.pub.type = htonl (GNUNET_IDENTITY_TYPE_ECDSA);
-                                      &pub);
+  anon.pk.ecdsa_key = *GNUNET_CRYPTO_ecdsa_key_get_anonymous ();
  GNUNET_CRYPTO_hash (&anon.pk,
                      sizeof(anon.pk),
                      &anon.id);
@@ -172,6 +171,51 @@ GNUNET_IDENTITY_ego_get_anonymous ()
 }
+enum GNUNET_GenericReturnValue
+GNUNET_IDENTITY_key_get_public (const struct
+                                GNUNET_IDENTITY_PrivateKey *privkey,
+                                struct GNUNET_IDENTITY_PublicKey *key)
+{
+  key->type = privkey->type;
+  switch (ntohl (privkey->type))
+  {
+  case GNUNET_IDENTITY_TYPE_ECDSA:
+    GNUNET_CRYPTO_ecdsa_key_get_public (&privkey->ecdsa_key,
+                                        &key->ecdsa_key);
+    break;
+  case GNUNET_IDENTITY_TYPE_EDDSA:
+    GNUNET_CRYPTO_eddsa_key_get_public (&privkey->eddsa_key,
+                                        &key->eddsa_key);
+    break;
+  default:
+    GNUNET_break (0);
+    return GNUNET_SYSERR;
+  }
+  return GNUNET_OK;
+}
+static int
+private_key_create (enum GNUNET_IDENTITY_KeyType ktype,
+                    struct GNUNET_IDENTITY_PrivateKey *key)
+{
+  key->type = htonl (ktype);
+  switch (ktype)
+  {
+  case GNUNET_IDENTITY_TYPE_ECDSA:
+    GNUNET_CRYPTO_ecdsa_key_create (&key->ecdsa_key);
+    break;
+  case GNUNET_IDENTITY_TYPE_EDDSA:
+    GNUNET_CRYPTO_eddsa_key_create (&key->eddsa_key);
+    break;
+  default:
+    GNUNET_break (0);
+    return GNUNET_SYSERR;
+  }
+  return GNUNET_OK;
+}
 /**
 * Try again to connect to the identity service.
 *
@@ -591,7 +635,7 @@ GNUNET_IDENTITY_connect (const struct GNUNET_CONFIGURATION_Handle *cfg,
 * @param ego the ego
 * @return associated ECC key, valid as long as the ego is valid
 */
-const struct GNUNET_CRYPTO_EcdsaPrivateKey *
+const struct GNUNET_IDENTITY_PrivateKey *
 GNUNET_IDENTITY_ego_get_private_key (const struct GNUNET_IDENTITY_Ego *ego)
 {
  return &ego->pk;
@@ -606,12 +650,11 @@ GNUNET_IDENTITY_ego_get_private_key (const struct GNUNET_IDENTITY_Ego *ego)
 */
 void
 GNUNET_IDENTITY_ego_get_public_key (struct GNUNET_IDENTITY_Ego *ego,
-                                    struct GNUNET_CRYPTO_EcdsaPublicKey *pk)
+                                    struct GNUNET_IDENTITY_PublicKey *pk)
 {
  if (GNUNET_NO == ego->pub_initialized)
  {
-    GNUNET_CRYPTO_ecdsa_key_get_public (&ego->pk,
+    GNUNET_IDENTITY_key_get_public (&ego->pk, &ego->pub);
-                                        &ego->pub);
    ego->pub_initialized = GNUNET_YES;
  }
  *pk = ego->pub;
@@ -710,20 +753,11 @@ GNUNET_IDENTITY_set (struct GNUNET_IDENTITY_Handle *h,
 }
-/**
- * Create a new identity with the given name.
- *
- * @param h identity service to use
- * @param name desired name
- * @param privkey desired private key or NULL to create one
- * @param cont function to call with the result (will only be called once)
- * @param cont_cls closure for @a cont
- * @return handle to abort the operation
- */
 struct GNUNET_IDENTITY_Operation *
 GNUNET_IDENTITY_create (struct GNUNET_IDENTITY_Handle *h,
                        const char *name,
-                        const struct GNUNET_CRYPTO_EcdsaPrivateKey *privkey,
+                        const struct GNUNET_IDENTITY_PrivateKey *privkey,
+                        enum GNUNET_IDENTITY_KeyType ktype,
                        GNUNET_IDENTITY_CreateContinuation cont,
                        void *cont_cls)
 {
@@ -749,7 +783,10 @@ GNUNET_IDENTITY_create (struct GNUNET_IDENTITY_Handle *h,
  crm->name_len = htons (slen);
  crm->reserved = htons (0);
  if (NULL == privkey)
-    GNUNET_CRYPTO_ecdsa_key_create (&crm->private_key);
+  {
+    GNUNET_assert (GNUNET_OK ==
+                   private_key_create (ktype, &crm->private_key));
+  }
  else
    crm->private_key = *privkey;
  op->pk = crm->private_key;
@@ -917,4 +954,316 @@ GNUNET_IDENTITY_disconnect (struct GNUNET_IDENTITY_Handle *h)
 }
+ssize_t
+private_key_get_length (const struct GNUNET_IDENTITY_PrivateKey *key)
+{
+  switch (ntohl (key->type))
+  {
+  case GNUNET_IDENTITY_TYPE_ECDSA:
+    return sizeof (key->type) + sizeof (key->ecdsa_key);
+    break;
+  case GNUNET_IDENTITY_TYPE_EDDSA:
+    return sizeof (key->type) + sizeof (key->eddsa_key);
+    break;
+  default:
+    GNUNET_break (0);
+  }
+  return -1;
+}
+ssize_t
+GNUNET_IDENTITY_key_get_length (const struct GNUNET_IDENTITY_PublicKey *key)
+{
+  switch (ntohl (key->type))
+  {
+  case GNUNET_IDENTITY_TYPE_ECDSA:
+    return sizeof (key->type) + sizeof (key->ecdsa_key);
+    break;
+  case GNUNET_IDENTITY_TYPE_EDDSA:
+    return sizeof (key->type) + sizeof (key->eddsa_key);
+    break;
+  default:
+    GNUNET_break (0);
+  }
+  return -1;
+}
+ssize_t
+GNUNET_IDENTITY_read_key_from_buffer (struct GNUNET_IDENTITY_PublicKey *key,
+                                      const void*buffer,
+                                      size_t len)
+{
+  if (len < sizeof (key->type))
+    return -1;
+  GNUNET_memcpy (&(key->type), buffer, sizeof (key->type));
+  const ssize_t length = GNUNET_IDENTITY_key_get_length (key);
+  if (len < length)
+    return -1;
+  if (length < 0)
+    return -2;
+  GNUNET_memcpy (&(key->ecdsa_key), buffer + sizeof (key->type), length
+                 - sizeof (key->type));
+  return length;
+}
+ssize_t
+GNUNET_IDENTITY_write_key_to_buffer (const struct
+                                     GNUNET_IDENTITY_PublicKey *key,
+                                     void*buffer,
+                                     size_t len)
+{
+  const ssize_t length = GNUNET_IDENTITY_key_get_length (key);
+  if (len < length)
+    return -1;
+  if (length < 0)
+    return -2;
+  GNUNET_memcpy (buffer, key, length);
+  return length;
+}
+ssize_t
+GNUNET_IDENTITY_signature_get_length (const struct
+                                      GNUNET_IDENTITY_Signature *sig)
+{
+  switch (ntohl (sig->type))
+  {
+  case GNUNET_IDENTITY_TYPE_ECDSA:
+    return sizeof (sig->type) + sizeof (sig->ecdsa_signature);
+    break;
+  case GNUNET_IDENTITY_TYPE_EDDSA:
+    return sizeof (sig->type) + sizeof (sig->eddsa_signature);
+    break;
+  default:
+    GNUNET_break (0);
+  }
+  return -1;
+}
+ssize_t
+GNUNET_IDENTITY_read_signature_from_buffer (struct
+                                            GNUNET_IDENTITY_Signature *sig,
+                                            const void*buffer,
+                                            size_t len)
+{
+  if (len < sizeof (sig->type))
+    return -1;
+  GNUNET_memcpy (&(sig->type), buffer, sizeof (sig->type));
+  const ssize_t length = GNUNET_IDENTITY_signature_get_length (sig);
+  if (len < length)
+    return -1;
+  if (length < 0)
+    return -2;
+  GNUNET_memcpy (&(sig->ecdsa_signature), buffer + sizeof (sig->type), length
+                 - sizeof (sig->type));
+  return length;
+}
+ssize_t
+GNUNET_IDENTITY_write_signature_to_buffer (const struct
+                                           GNUNET_IDENTITY_Signature *sig,
+                                           void*buffer,
+                                           size_t len)
+{
+  const ssize_t length = GNUNET_IDENTITY_signature_get_length (sig);
+  if (len < length)
+    return -1;
+  if (length < 0)
+    return -2;
+  GNUNET_memcpy (buffer, &(sig->type), sizeof (sig->type));
+  GNUNET_memcpy (buffer + sizeof (sig->type), &(sig->ecdsa_signature), length
+                 - sizeof (sig->type));
+  return length;
+}
+int
+GNUNET_IDENTITY_sign_ (const struct
+                       GNUNET_IDENTITY_PrivateKey *priv,
+                       const struct
+                       GNUNET_CRYPTO_EccSignaturePurpose *purpose,
+                       struct GNUNET_IDENTITY_Signature *sig)
+{
+  sig->type = priv->type;
+  switch (ntohl (priv->type))
+  {
+  case GNUNET_IDENTITY_TYPE_ECDSA:
+    return GNUNET_CRYPTO_ecdsa_sign_ (&(priv->ecdsa_key), purpose,
+                                      &(sig->ecdsa_signature));
+    break;
+  case GNUNET_IDENTITY_TYPE_EDDSA:
+    return GNUNET_CRYPTO_eddsa_sign_ (&(priv->eddsa_key), purpose,
+                                      &(sig->eddsa_signature));
+    break;
+  default:
+    GNUNET_break (0);
+  }
+  return GNUNET_SYSERR;
+}
+int
+GNUNET_IDENTITY_signature_verify_ (uint32_t purpose,
+                                   const struct
+                                   GNUNET_CRYPTO_EccSignaturePurpose *validate,
+                                   const struct GNUNET_IDENTITY_Signature *sig,
+                                   const struct GNUNET_IDENTITY_PublicKey *pub)
+{
+  /* check type matching of 'sig' and 'pub' */
+  GNUNET_assert (ntohl (pub->type) == ntohl (sig->type));
+  switch (ntohl (pub->type))
+  {
+  case GNUNET_IDENTITY_TYPE_ECDSA:
+    return GNUNET_CRYPTO_ecdsa_verify_ (purpose, validate,
+                                        &(sig->ecdsa_signature),
+                                        &(pub->ecdsa_key));
+    break;
+  case GNUNET_IDENTITY_TYPE_EDDSA:
+    return GNUNET_CRYPTO_eddsa_verify_ (purpose, validate,
+                                        &(sig->eddsa_signature),
+                                        &(pub->eddsa_key));
+    break;
+  default:
+    GNUNET_break (0);
+  }
+  return GNUNET_SYSERR;
+}
+ssize_t
+GNUNET_IDENTITY_encrypt (const void *block,
+                         size_t size,
+                         const struct GNUNET_IDENTITY_PublicKey *pub,
+                         struct GNUNET_CRYPTO_EcdhePublicKey *ecc,
+                         void *result)
+{
+  struct GNUNET_CRYPTO_EcdhePrivateKey pk;
+  GNUNET_CRYPTO_ecdhe_key_create (&pk);
+  struct GNUNET_HashCode hash;
+  switch (ntohl (pub->type))
+  {
+  case GNUNET_IDENTITY_TYPE_ECDSA:
+    if (GNUNET_SYSERR == GNUNET_CRYPTO_ecdh_ecdsa (&pk, &(pub->ecdsa_key),
+                                                   &hash))
+      return -1;
+    break;
+  case GNUNET_IDENTITY_TYPE_EDDSA:
+    if (GNUNET_SYSERR == GNUNET_CRYPTO_ecdh_eddsa (&pk, &(pub->eddsa_key),
+                                                   &hash))
+      return -1;
+    break;
+  default:
+    return -1;
+  }
+  GNUNET_CRYPTO_ecdhe_key_get_public (&pk, ecc);
+  GNUNET_CRYPTO_ecdhe_key_clear (&pk);
+  struct GNUNET_CRYPTO_SymmetricSessionKey key;
+  struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
+  GNUNET_CRYPTO_hash_to_aes_key (&hash, &key, &iv);
+  GNUNET_CRYPTO_zero_keys (&hash, sizeof(hash));
+  const ssize_t encrypted = GNUNET_CRYPTO_symmetric_encrypt (block, size, &key,
+                                                             &iv, result);
+  GNUNET_CRYPTO_zero_keys (&key, sizeof(key));
+  GNUNET_CRYPTO_zero_keys (&iv, sizeof(iv));
+  return encrypted;
+}
+ssize_t
+GNUNET_IDENTITY_decrypt (const void *block,
+                         size_t size,
+                         const struct GNUNET_IDENTITY_PrivateKey *priv,
+                         const struct GNUNET_CRYPTO_EcdhePublicKey *ecc,
+                         void *result)
+{
+  struct GNUNET_HashCode hash;
+  switch (ntohl (priv->type))
+  {
+  case GNUNET_IDENTITY_TYPE_ECDSA:
+    if (GNUNET_SYSERR == GNUNET_CRYPTO_ecdsa_ecdh (&(priv->ecdsa_key), ecc,
+                                                   &hash))
+      return -1;
+    break;
+  case GNUNET_IDENTITY_TYPE_EDDSA:
+    if (GNUNET_SYSERR == GNUNET_CRYPTO_eddsa_ecdh (&(priv->eddsa_key), ecc,
+                                                   &hash))
+      return -1;
+    break;
+  default:
+    return -1;
+  }
+  struct GNUNET_CRYPTO_SymmetricSessionKey key;
+  struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
+  GNUNET_CRYPTO_hash_to_aes_key (&hash, &key, &iv);
+  GNUNET_CRYPTO_zero_keys (&hash, sizeof(hash));
+  const ssize_t decrypted = GNUNET_CRYPTO_symmetric_decrypt (block, size, &key,
+                                                             &iv, result);
+  GNUNET_CRYPTO_zero_keys (&key, sizeof(key));
+  GNUNET_CRYPTO_zero_keys (&iv, sizeof(iv));
+  return decrypted;
+}
+char *
+GNUNET_IDENTITY_public_key_to_string (const struct
+                                      GNUNET_IDENTITY_PublicKey *key)
+{
+  size_t size = GNUNET_IDENTITY_key_get_length (key);
+  return GNUNET_STRINGS_data_to_string_alloc (key,
+                                              size);
+}
+char *
+GNUNET_IDENTITY_private_key_to_string (const struct
+                                       GNUNET_IDENTITY_PrivateKey *key)
+{
+  size_t size = private_key_get_length (key);
+  return GNUNET_STRINGS_data_to_string_alloc (key,
+                                              size);
+}
+enum GNUNET_GenericReturnValue
+GNUNET_IDENTITY_public_key_from_string (const char *str,
+                                        struct GNUNET_IDENTITY_PublicKey *key)
+{
+  enum GNUNET_GenericReturnValue ret;
+  enum GNUNET_IDENTITY_KeyType ktype;
+  ret = GNUNET_STRINGS_string_to_data (str,
+                                       strlen (str),
+                                       key,
+                                       sizeof (*key));
+  if (GNUNET_OK != ret)
+    return GNUNET_SYSERR;
+  ktype = ntohl (key->type);
+  return (GNUNET_IDENTITY_TYPE_ECDSA == ktype) ? GNUNET_OK : GNUNET_SYSERR; // FIXME other keys, cleaner way?
+}
+enum GNUNET_GenericReturnValue
+GNUNET_IDENTITY_private_key_from_string (const char *str,
+                                         struct GNUNET_IDENTITY_PrivateKey *key)
+{
+  enum GNUNET_GenericReturnValue ret;
+  enum GNUNET_IDENTITY_KeyType ktype;
+  ret = GNUNET_STRINGS_string_to_data (str,
+                                       strlen (str),
+                                       key,
+                                       sizeof (*key));
+  if (GNUNET_OK != ret)
+    return GNUNET_SYSERR;
+  ktype = ntohl (key->type);
+  return (GNUNET_IDENTITY_TYPE_ECDSA == ktype) ? GNUNET_OK : GNUNET_SYSERR; // FIXME other keys, cleaner way?
+}
 /* end of identity_api.c */

diff --git a/src/identity/identity_api.c b/src/identity/identity_api.c index f7aca1655..64c088923 100644 --- a/src/identity/identity_api.c +++ b/src/identity/identity_api.c
@@ -74,7 +74,7 @@ struct GNUNET_IDENTITY_Operation
74	/**	74	/**
75	* Private key to return to @e create_cont, or NULL.	75	* Private key to return to @e create_cont, or NULL.
76	*/	76	*/
77	struct GNUNET_CRYPTO_EcdsaPrivateKey pk;	77	struct GNUNET_IDENTITY_PrivateKey pk;
78		78
79	/**	79	/**
80	* Continuation to invoke with the result of the transmission for	80	* Continuation to invoke with the result of the transmission for
@@ -157,13 +157,12 @@ GNUNET_IDENTITY_ego_get_anonymous ()
157	{	157	{
158	static struct GNUNET_IDENTITY_Ego anon;	158	static struct GNUNET_IDENTITY_Ego anon;
159	static int setup;	159	static int setup;
160	struct GNUNET_CRYPTO_EcdsaPublicKey pub;
161		160
162	if (setup)	161	if (setup)
163	return &anon;	162	return &anon;
164	anon.pk = *GNUNET_CRYPTO_ecdsa_key_get_anonymous ();	163	anon.pk.type = htonl (GNUNET_IDENTITY_TYPE_ECDSA);
165	GNUNET_CRYPTO_ecdsa_key_get_public (&anon.pk,	164	anon.pub.type = htonl (GNUNET_IDENTITY_TYPE_ECDSA);
166	&pub);	165	anon.pk.ecdsa_key = *GNUNET_CRYPTO_ecdsa_key_get_anonymous ();
167	GNUNET_CRYPTO_hash (&anon.pk,	166	GNUNET_CRYPTO_hash (&anon.pk,
168	sizeof(anon.pk),	167	sizeof(anon.pk),
169	&anon.id);	168	&anon.id);
@@ -172,6 +171,51 @@ GNUNET_IDENTITY_ego_get_anonymous ()
172	}	171	}
173		172
174		173
		174	enum GNUNET_GenericReturnValue
		175	GNUNET_IDENTITY_key_get_public (const struct
		176	GNUNET_IDENTITY_PrivateKey *privkey,
		177	struct GNUNET_IDENTITY_PublicKey *key)
		178	{
		179	key->type = privkey->type;
		180	switch (ntohl (privkey->type))
		181	{
		182	case GNUNET_IDENTITY_TYPE_ECDSA:
		183	GNUNET_CRYPTO_ecdsa_key_get_public (&privkey->ecdsa_key,
		184	&key->ecdsa_key);
		185	break;
		186	case GNUNET_IDENTITY_TYPE_EDDSA:
		187	GNUNET_CRYPTO_eddsa_key_get_public (&privkey->eddsa_key,
		188	&key->eddsa_key);
		189	break;
		190	default:
		191	GNUNET_break (0);
		192	return GNUNET_SYSERR;
		193	}
		194	return GNUNET_OK;
		195	}
		196
		197
		198	static int
		199	private_key_create (enum GNUNET_IDENTITY_KeyType ktype,
		200	struct GNUNET_IDENTITY_PrivateKey *key)
		201	{
		202	key->type = htonl (ktype);
		203	switch (ktype)
		204	{
		205	case GNUNET_IDENTITY_TYPE_ECDSA:
		206	GNUNET_CRYPTO_ecdsa_key_create (&key->ecdsa_key);
		207	break;
		208	case GNUNET_IDENTITY_TYPE_EDDSA:
		209	GNUNET_CRYPTO_eddsa_key_create (&key->eddsa_key);
		210	break;
		211	default:
		212	GNUNET_break (0);
		213	return GNUNET_SYSERR;
		214	}
		215	return GNUNET_OK;
		216	}
		217
		218
175	/**	219	/**
176	* Try again to connect to the identity service.	220	* Try again to connect to the identity service.
177	*	221	*
@@ -591,7 +635,7 @@ GNUNET_IDENTITY_connect (const struct GNUNET_CONFIGURATION_Handle *cfg,
591	* @param ego the ego	635	* @param ego the ego
592	* @return associated ECC key, valid as long as the ego is valid	636	* @return associated ECC key, valid as long as the ego is valid
593	*/	637	*/
594	const struct GNUNET_CRYPTO_EcdsaPrivateKey *	638	const struct GNUNET_IDENTITY_PrivateKey *
595	GNUNET_IDENTITY_ego_get_private_key (const struct GNUNET_IDENTITY_Ego *ego)	639	GNUNET_IDENTITY_ego_get_private_key (const struct GNUNET_IDENTITY_Ego *ego)
596	{	640	{
597	return &ego->pk;	641	return &ego->pk;
@@ -606,12 +650,11 @@ GNUNET_IDENTITY_ego_get_private_key (const struct GNUNET_IDENTITY_Ego *ego)
606	*/	650	*/
607	void	651	void
608	GNUNET_IDENTITY_ego_get_public_key (struct GNUNET_IDENTITY_Ego *ego,	652	GNUNET_IDENTITY_ego_get_public_key (struct GNUNET_IDENTITY_Ego *ego,
609	struct GNUNET_CRYPTO_EcdsaPublicKey *pk)	653	struct GNUNET_IDENTITY_PublicKey *pk)
610	{	654	{
611	if (GNUNET_NO == ego->pub_initialized)	655	if (GNUNET_NO == ego->pub_initialized)
612	{	656	{
613	GNUNET_CRYPTO_ecdsa_key_get_public (&ego->pk,	657	GNUNET_IDENTITY_key_get_public (&ego->pk, &ego->pub);
614	&ego->pub);
615	ego->pub_initialized = GNUNET_YES;	658	ego->pub_initialized = GNUNET_YES;
616	}	659	}
617	*pk = ego->pub;	660	*pk = ego->pub;
@@ -710,20 +753,11 @@ GNUNET_IDENTITY_set (struct GNUNET_IDENTITY_Handle *h,
710	}	753	}
711		754
712		755
713	/**
714	* Create a new identity with the given name.
715	*
716	* @param h identity service to use
717	* @param name desired name
718	* @param privkey desired private key or NULL to create one
719	* @param cont function to call with the result (will only be called once)
720	* @param cont_cls closure for @a cont
721	* @return handle to abort the operation
722	*/
723	struct GNUNET_IDENTITY_Operation *	756	struct GNUNET_IDENTITY_Operation *
724	GNUNET_IDENTITY_create (struct GNUNET_IDENTITY_Handle *h,	757	GNUNET_IDENTITY_create (struct GNUNET_IDENTITY_Handle *h,
725	const char *name,	758	const char *name,
726	const struct GNUNET_CRYPTO_EcdsaPrivateKey *privkey,	759	const struct GNUNET_IDENTITY_PrivateKey *privkey,
		760	enum GNUNET_IDENTITY_KeyType ktype,
727	GNUNET_IDENTITY_CreateContinuation cont,	761	GNUNET_IDENTITY_CreateContinuation cont,
728	void *cont_cls)	762	void *cont_cls)
729	{	763	{
@@ -749,7 +783,10 @@ GNUNET_IDENTITY_create (struct GNUNET_IDENTITY_Handle *h,
749	crm->name_len = htons (slen);	783	crm->name_len = htons (slen);
750	crm->reserved = htons (0);	784	crm->reserved = htons (0);
751	if (NULL == privkey)	785	if (NULL == privkey)
752	GNUNET_CRYPTO_ecdsa_key_create (&crm->private_key);	786	{
		787	GNUNET_assert (GNUNET_OK ==
		788	private_key_create (ktype, &crm->private_key));
		789	}
753	else	790	else
754	crm->private_key = *privkey;	791	crm->private_key = *privkey;
755	op->pk = crm->private_key;	792	op->pk = crm->private_key;
@@ -917,4 +954,316 @@ GNUNET_IDENTITY_disconnect (struct GNUNET_IDENTITY_Handle *h)
917	}	954	}
918		955
919		956
		957	ssize_t
		958	private_key_get_length (const struct GNUNET_IDENTITY_PrivateKey *key)
		959	{
		960	switch (ntohl (key->type))
		961	{
		962	case GNUNET_IDENTITY_TYPE_ECDSA:
		963	return sizeof (key->type) + sizeof (key->ecdsa_key);
		964	break;
		965	case GNUNET_IDENTITY_TYPE_EDDSA:
		966	return sizeof (key->type) + sizeof (key->eddsa_key);
		967	break;
		968	default:
		969	GNUNET_break (0);
		970	}
		971	return -1;
		972	}
		973
		974
		975	ssize_t
		976	GNUNET_IDENTITY_key_get_length (const struct GNUNET_IDENTITY_PublicKey *key)
		977	{
		978	switch (ntohl (key->type))
		979	{
		980	case GNUNET_IDENTITY_TYPE_ECDSA:
		981	return sizeof (key->type) + sizeof (key->ecdsa_key);
		982	break;
		983	case GNUNET_IDENTITY_TYPE_EDDSA:
		984	return sizeof (key->type) + sizeof (key->eddsa_key);
		985	break;
		986	default:
		987	GNUNET_break (0);
		988	}
		989	return -1;
		990	}
		991
		992
		993	ssize_t
		994	GNUNET_IDENTITY_read_key_from_buffer (struct GNUNET_IDENTITY_PublicKey *key,
		995	const void*buffer,
		996	size_t len)
		997	{
		998	if (len < sizeof (key->type))
		999	return -1;
		1000	GNUNET_memcpy (&(key->type), buffer, sizeof (key->type));
		1001	const ssize_t length = GNUNET_IDENTITY_key_get_length (key);
		1002	if (len < length)
		1003	return -1;
		1004	if (length < 0)
		1005	return -2;
		1006	GNUNET_memcpy (&(key->ecdsa_key), buffer + sizeof (key->type), length
		1007	- sizeof (key->type));
		1008	return length;
		1009	}
		1010
		1011
		1012	ssize_t
		1013	GNUNET_IDENTITY_write_key_to_buffer (const struct
		1014	GNUNET_IDENTITY_PublicKey *key,
		1015	void*buffer,
		1016	size_t len)
		1017	{
		1018	const ssize_t length = GNUNET_IDENTITY_key_get_length (key);
		1019	if (len < length)
		1020	return -1;
		1021	if (length < 0)
		1022	return -2;
		1023	GNUNET_memcpy (buffer, key, length);
		1024	return length;
		1025	}
		1026
		1027
		1028	ssize_t
		1029	GNUNET_IDENTITY_signature_get_length (const struct
		1030	GNUNET_IDENTITY_Signature *sig)
		1031	{
		1032	switch (ntohl (sig->type))
		1033	{
		1034	case GNUNET_IDENTITY_TYPE_ECDSA:
		1035	return sizeof (sig->type) + sizeof (sig->ecdsa_signature);
		1036	break;
		1037	case GNUNET_IDENTITY_TYPE_EDDSA:
		1038	return sizeof (sig->type) + sizeof (sig->eddsa_signature);
		1039	break;
		1040	default:
		1041	GNUNET_break (0);
		1042	}
		1043	return -1;
		1044	}
		1045
		1046
		1047	ssize_t
		1048	GNUNET_IDENTITY_read_signature_from_buffer (struct
		1049	GNUNET_IDENTITY_Signature *sig,
		1050	const void*buffer,
		1051	size_t len)
		1052	{
		1053	if (len < sizeof (sig->type))
		1054	return -1;
		1055	GNUNET_memcpy (&(sig->type), buffer, sizeof (sig->type));
		1056	const ssize_t length = GNUNET_IDENTITY_signature_get_length (sig);
		1057	if (len < length)
		1058	return -1;
		1059	if (length < 0)
		1060	return -2;
		1061	GNUNET_memcpy (&(sig->ecdsa_signature), buffer + sizeof (sig->type), length
		1062	- sizeof (sig->type));
		1063	return length;
		1064	}
		1065
		1066
		1067	ssize_t
		1068	GNUNET_IDENTITY_write_signature_to_buffer (const struct
		1069	GNUNET_IDENTITY_Signature *sig,
		1070	void*buffer,
		1071	size_t len)
		1072	{
		1073	const ssize_t length = GNUNET_IDENTITY_signature_get_length (sig);
		1074	if (len < length)
		1075	return -1;
		1076	if (length < 0)
		1077	return -2;
		1078	GNUNET_memcpy (buffer, &(sig->type), sizeof (sig->type));
		1079	GNUNET_memcpy (buffer + sizeof (sig->type), &(sig->ecdsa_signature), length
		1080	- sizeof (sig->type));
		1081	return length;
		1082	}
		1083
		1084
		1085	int
		1086	GNUNET_IDENTITY_sign_ (const struct
		1087	GNUNET_IDENTITY_PrivateKey *priv,
		1088	const struct
		1089	GNUNET_CRYPTO_EccSignaturePurpose *purpose,
		1090	struct GNUNET_IDENTITY_Signature *sig)
		1091	{
		1092	sig->type = priv->type;
		1093	switch (ntohl (priv->type))
		1094	{
		1095	case GNUNET_IDENTITY_TYPE_ECDSA:
		1096	return GNUNET_CRYPTO_ecdsa_sign_ (&(priv->ecdsa_key), purpose,
		1097	&(sig->ecdsa_signature));
		1098	break;
		1099	case GNUNET_IDENTITY_TYPE_EDDSA:
		1100	return GNUNET_CRYPTO_eddsa_sign_ (&(priv->eddsa_key), purpose,
		1101	&(sig->eddsa_signature));
		1102	break;
		1103	default:
		1104	GNUNET_break (0);
		1105	}
		1106
		1107	return GNUNET_SYSERR;
		1108	}
		1109
		1110
		1111	int
		1112	GNUNET_IDENTITY_signature_verify_ (uint32_t purpose,
		1113	const struct
		1114	GNUNET_CRYPTO_EccSignaturePurpose *validate,
		1115	const struct GNUNET_IDENTITY_Signature *sig,
		1116	const struct GNUNET_IDENTITY_PublicKey *pub)
		1117	{
		1118	/* check type matching of 'sig' and 'pub' */
		1119	GNUNET_assert (ntohl (pub->type) == ntohl (sig->type));
		1120	switch (ntohl (pub->type))
		1121	{
		1122	case GNUNET_IDENTITY_TYPE_ECDSA:
		1123	return GNUNET_CRYPTO_ecdsa_verify_ (purpose, validate,
		1124	&(sig->ecdsa_signature),
		1125	&(pub->ecdsa_key));
		1126	break;
		1127	case GNUNET_IDENTITY_TYPE_EDDSA:
		1128	return GNUNET_CRYPTO_eddsa_verify_ (purpose, validate,
		1129	&(sig->eddsa_signature),
		1130	&(pub->eddsa_key));
		1131	break;
		1132	default:
		1133	GNUNET_break (0);
		1134	}
		1135
		1136	return GNUNET_SYSERR;
		1137	}
		1138
		1139
		1140	ssize_t
		1141	GNUNET_IDENTITY_encrypt (const void *block,
		1142	size_t size,
		1143	const struct GNUNET_IDENTITY_PublicKey *pub,
		1144	struct GNUNET_CRYPTO_EcdhePublicKey *ecc,
		1145	void *result)
		1146	{
		1147	struct GNUNET_CRYPTO_EcdhePrivateKey pk;
		1148	GNUNET_CRYPTO_ecdhe_key_create (&pk);
		1149	struct GNUNET_HashCode hash;
		1150	switch (ntohl (pub->type))
		1151	{
		1152	case GNUNET_IDENTITY_TYPE_ECDSA:
		1153	if (GNUNET_SYSERR == GNUNET_CRYPTO_ecdh_ecdsa (&pk, &(pub->ecdsa_key),
		1154	&hash))
		1155	return -1;
		1156	break;
		1157	case GNUNET_IDENTITY_TYPE_EDDSA:
		1158	if (GNUNET_SYSERR == GNUNET_CRYPTO_ecdh_eddsa (&pk, &(pub->eddsa_key),
		1159	&hash))
		1160	return -1;
		1161	break;
		1162	default:
		1163	return -1;
		1164	}
		1165	GNUNET_CRYPTO_ecdhe_key_get_public (&pk, ecc);
		1166	GNUNET_CRYPTO_ecdhe_key_clear (&pk);
		1167	struct GNUNET_CRYPTO_SymmetricSessionKey key;
		1168	struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
		1169	GNUNET_CRYPTO_hash_to_aes_key (&hash, &key, &iv);
		1170	GNUNET_CRYPTO_zero_keys (&hash, sizeof(hash));
		1171	const ssize_t encrypted = GNUNET_CRYPTO_symmetric_encrypt (block, size, &key,
		1172	&iv, result);
		1173	GNUNET_CRYPTO_zero_keys (&key, sizeof(key));
		1174	GNUNET_CRYPTO_zero_keys (&iv, sizeof(iv));
		1175	return encrypted;
		1176	}
		1177
		1178
		1179	ssize_t
		1180	GNUNET_IDENTITY_decrypt (const void *block,
		1181	size_t size,
		1182	const struct GNUNET_IDENTITY_PrivateKey *priv,
		1183	const struct GNUNET_CRYPTO_EcdhePublicKey *ecc,
		1184	void *result)
		1185	{
		1186	struct GNUNET_HashCode hash;
		1187	switch (ntohl (priv->type))
		1188	{
		1189	case GNUNET_IDENTITY_TYPE_ECDSA:
		1190	if (GNUNET_SYSERR == GNUNET_CRYPTO_ecdsa_ecdh (&(priv->ecdsa_key), ecc,
		1191	&hash))
		1192	return -1;
		1193	break;
		1194	case GNUNET_IDENTITY_TYPE_EDDSA:
		1195	if (GNUNET_SYSERR == GNUNET_CRYPTO_eddsa_ecdh (&(priv->eddsa_key), ecc,
		1196	&hash))
		1197	return -1;
		1198	break;
		1199	default:
		1200	return -1;
		1201	}
		1202	struct GNUNET_CRYPTO_SymmetricSessionKey key;
		1203	struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
		1204	GNUNET_CRYPTO_hash_to_aes_key (&hash, &key, &iv);
		1205	GNUNET_CRYPTO_zero_keys (&hash, sizeof(hash));
		1206	const ssize_t decrypted = GNUNET_CRYPTO_symmetric_decrypt (block, size, &key,
		1207	&iv, result);
		1208	GNUNET_CRYPTO_zero_keys (&key, sizeof(key));
		1209	GNUNET_CRYPTO_zero_keys (&iv, sizeof(iv));
		1210	return decrypted;
		1211	}
		1212
		1213
		1214	char *
		1215	GNUNET_IDENTITY_public_key_to_string (const struct
		1216	GNUNET_IDENTITY_PublicKey *key)
		1217	{
		1218	size_t size = GNUNET_IDENTITY_key_get_length (key);
		1219	return GNUNET_STRINGS_data_to_string_alloc (key,
		1220	size);
		1221	}
		1222
		1223
		1224	char *
		1225	GNUNET_IDENTITY_private_key_to_string (const struct
		1226	GNUNET_IDENTITY_PrivateKey *key)
		1227	{
		1228	size_t size = private_key_get_length (key);
		1229	return GNUNET_STRINGS_data_to_string_alloc (key,
		1230	size);
		1231	}
		1232
		1233
		1234	enum GNUNET_GenericReturnValue
		1235	GNUNET_IDENTITY_public_key_from_string (const char *str,
		1236	struct GNUNET_IDENTITY_PublicKey *key)
		1237	{
		1238	enum GNUNET_GenericReturnValue ret;
		1239	enum GNUNET_IDENTITY_KeyType ktype;
		1240	ret = GNUNET_STRINGS_string_to_data (str,
		1241	strlen (str),
		1242	key,
		1243	sizeof (*key));
		1244	if (GNUNET_OK != ret)
		1245	return GNUNET_SYSERR;
		1246	ktype = ntohl (key->type);
		1247	return (GNUNET_IDENTITY_TYPE_ECDSA == ktype) ? GNUNET_OK : GNUNET_SYSERR; // FIXME other keys, cleaner way?
		1248
		1249	}
		1250
		1251
		1252	enum GNUNET_GenericReturnValue
		1253	GNUNET_IDENTITY_private_key_from_string (const char *str,
		1254	struct GNUNET_IDENTITY_PrivateKey *key)
		1255	{
		1256	enum GNUNET_GenericReturnValue ret;
		1257	enum GNUNET_IDENTITY_KeyType ktype;
		1258	ret = GNUNET_STRINGS_string_to_data (str,
		1259	strlen (str),
		1260	key,
		1261	sizeof (*key));
		1262	if (GNUNET_OK != ret)
		1263	return GNUNET_SYSERR;
		1264	ktype = ntohl (key->type);
		1265	return (GNUNET_IDENTITY_TYPE_ECDSA == ktype) ? GNUNET_OK : GNUNET_SYSERR; // FIXME other keys, cleaner way?
		1266	}
		1267
		1268
920	/* end of identity_api.c */	1269	/* end of identity_api.c */