diff options
Diffstat (limited to 'src/include/gnunet_crypto_lib.h')
-rw-r--r-- | src/include/gnunet_crypto_lib.h | 322 |
1 files changed, 322 insertions, 0 deletions
diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h index f73c1ae76..59f1dad78 100644 --- a/src/include/gnunet_crypto_lib.h +++ b/src/include/gnunet_crypto_lib.h | |||
@@ -96,11 +96,31 @@ enum GNUNET_CRYPTO_Quality | |||
96 | */ | 96 | */ |
97 | #define GNUNET_CRYPTO_HASH_LENGTH 512/8 | 97 | #define GNUNET_CRYPTO_HASH_LENGTH 512/8 |
98 | 98 | ||
99 | |||
100 | /** | ||
101 | * FIXME: what is an acceptable value here? | ||
102 | * Note: round to multiple of 8 minus 2. | ||
103 | */ | ||
104 | #define GNUNET_CRYPTO_ECC_DATA_ENCODING_LENGTH 510 | ||
105 | |||
106 | /** | ||
107 | * FIXME: what is an acceptable value here? | ||
108 | * Maximum length of the public key (q-point, Q = dP) when encoded. | ||
109 | */ | ||
110 | #define GNUNET_CRYPTO_ECC_MAX_PUBLIC_KEY_LENGTH 254 | ||
111 | |||
112 | |||
99 | /** | 113 | /** |
100 | * The private information of an RSA key pair. | 114 | * The private information of an RSA key pair. |
101 | */ | 115 | */ |
102 | struct GNUNET_CRYPTO_RsaPrivateKey; | 116 | struct GNUNET_CRYPTO_RsaPrivateKey; |
103 | 117 | ||
118 | /** | ||
119 | * The private information of an ECC private key. | ||
120 | */ | ||
121 | struct GNUNET_CRYPTO_EccPrivateKey; | ||
122 | |||
123 | |||
104 | GNUNET_NETWORK_STRUCT_BEGIN | 124 | GNUNET_NETWORK_STRUCT_BEGIN |
105 | 125 | ||
106 | /** | 126 | /** |
@@ -220,6 +240,102 @@ struct GNUNET_CRYPTO_RsaEncryptedData | |||
220 | 240 | ||
221 | 241 | ||
222 | /** | 242 | /** |
243 | * @brief header of what an ECC signature signs | ||
244 | * this must be followed by "size - 8" bytes of | ||
245 | * the actual signed data | ||
246 | */ | ||
247 | struct GNUNET_CRYPTO_EccSignaturePurpose | ||
248 | { | ||
249 | /** | ||
250 | * How many bytes does this signature sign? | ||
251 | * (including this purpose header); in network | ||
252 | * byte order (!). | ||
253 | */ | ||
254 | uint32_t size GNUNET_PACKED; | ||
255 | |||
256 | /** | ||
257 | * What does this signature vouch for? This | ||
258 | * must contain a GNUNET_SIGNATURE_PURPOSE_XXX | ||
259 | * constant (from gnunet_signatures.h). In | ||
260 | * network byte order! | ||
261 | */ | ||
262 | uint32_t purpose GNUNET_PACKED; | ||
263 | |||
264 | }; | ||
265 | |||
266 | |||
267 | /** | ||
268 | * @brief an ECC signature | ||
269 | */ | ||
270 | struct GNUNET_CRYPTO_EccSignature | ||
271 | { | ||
272 | /** | ||
273 | * Overall size of the encrypted data. | ||
274 | */ | ||
275 | uint16_t size; | ||
276 | |||
277 | /** | ||
278 | * S-expression, padded with zeros. | ||
279 | */ | ||
280 | char sexpr[GNUNET_CRYPTO_ECC_DATA_ENCODING_LENGTH]; | ||
281 | }; | ||
282 | |||
283 | |||
284 | /** | ||
285 | * Public ECC key (always for NIST P-521) encoded in a format suitable | ||
286 | * for network transmission as created using 'gcry_sexp_sprint'. | ||
287 | */ | ||
288 | struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded | ||
289 | { | ||
290 | /** | ||
291 | * Size of the encoding, in network byte order. | ||
292 | */ | ||
293 | uint16_t size; | ||
294 | |||
295 | /** | ||
296 | * Actual length of the q-point binary encoding. | ||
297 | */ | ||
298 | uint16_t len; | ||
299 | |||
300 | /** | ||
301 | * 0-padded q-point in binary encoding (GCRYPT_MPI_FMT_USG). | ||
302 | */ | ||
303 | unsigned char key[GNUNET_CRYPTO_ECC_MAX_PUBLIC_KEY_LENGTH]; | ||
304 | }; | ||
305 | |||
306 | |||
307 | struct GNUNET_CRYPTO_EccPrivateKeyBinaryEncoded | ||
308 | { | ||
309 | /** | ||
310 | * Overall size of the private key. | ||
311 | */ | ||
312 | uint16_t size; | ||
313 | |||
314 | /* followd by S-expression, opaque to applications */ | ||
315 | |||
316 | /* FIXME: consider defining padding to make this a fixed-size struct */ | ||
317 | |||
318 | }; | ||
319 | |||
320 | |||
321 | /** | ||
322 | * ECC Encrypted data. | ||
323 | */ | ||
324 | struct GNUNET_CRYPTO_EccEncryptedData | ||
325 | { | ||
326 | /** | ||
327 | * Overall size of the encrypted data. | ||
328 | */ | ||
329 | uint16_t size; | ||
330 | |||
331 | /** | ||
332 | * S-expression, padded with zeros. | ||
333 | */ | ||
334 | char encoding[GNUNET_CRYPTO_ECC_DATA_ENCODING_LENGTH]; | ||
335 | }; | ||
336 | |||
337 | |||
338 | /** | ||
223 | * @brief type for session keys | 339 | * @brief type for session keys |
224 | */ | 340 | */ |
225 | struct GNUNET_CRYPTO_AesSessionKey | 341 | struct GNUNET_CRYPTO_AesSessionKey |
@@ -1068,6 +1184,212 @@ GNUNET_CRYPTO_rsa_verify (uint32_t purpose, | |||
1068 | 1184 | ||
1069 | 1185 | ||
1070 | /** | 1186 | /** |
1187 | * Function called upon completion of 'GNUNET_CRYPTO_ecc_key_create_async'. | ||
1188 | * | ||
1189 | * @param cls closure | ||
1190 | * @param pk NULL on error, otherwise the private key (which must be free'd by the callee) | ||
1191 | * @param emsg NULL on success, otherwise an error message | ||
1192 | */ | ||
1193 | typedef void (*GNUNET_CRYPTO_EccKeyCallback)(void *cls, | ||
1194 | struct GNUNET_CRYPTO_EccPrivateKey *pk, | ||
1195 | const char *emsg); | ||
1196 | |||
1197 | |||
1198 | /** | ||
1199 | * Free memory occupied by ECC key | ||
1200 | * | ||
1201 | * @param privatekey pointer to the memory to free | ||
1202 | */ | ||
1203 | void | ||
1204 | GNUNET_CRYPTO_ecc_key_free (struct GNUNET_CRYPTO_EccPrivateKey *privatekey); | ||
1205 | |||
1206 | |||
1207 | /** | ||
1208 | * Extract the public key for the given private key. | ||
1209 | * | ||
1210 | * @param priv the private key | ||
1211 | * @param pub where to write the public key | ||
1212 | */ | ||
1213 | void | ||
1214 | GNUNET_CRYPTO_ecc_key_get_public (const struct GNUNET_CRYPTO_EccPrivateKey *priv, | ||
1215 | struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *pub); | ||
1216 | |||
1217 | /** | ||
1218 | * Convert a public key to a string. | ||
1219 | * | ||
1220 | * @param pub key to convert | ||
1221 | * @return string representing 'pub' | ||
1222 | */ | ||
1223 | char * | ||
1224 | GNUNET_CRYPTO_ecc_public_key_to_string (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *pub); | ||
1225 | |||
1226 | |||
1227 | /** | ||
1228 | * Convert a string representing a public key to a public key. | ||
1229 | * | ||
1230 | * @param enc encoded public key | ||
1231 | * @param enclen number of bytes in enc (without 0-terminator) | ||
1232 | * @param pub where to store the public key | ||
1233 | * @return GNUNET_OK on success | ||
1234 | */ | ||
1235 | int | ||
1236 | GNUNET_CRYPTO_ecc_public_key_from_string (const char *enc, | ||
1237 | size_t enclen, | ||
1238 | struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *pub); | ||
1239 | |||
1240 | |||
1241 | /** | ||
1242 | * Encode the private key in a format suitable for | ||
1243 | * storing it into a file. | ||
1244 | * | ||
1245 | * @param key key to encode | ||
1246 | * @return encoding of the private key. | ||
1247 | * The first 4 bytes give the size of the array, as usual. | ||
1248 | */ | ||
1249 | struct GNUNET_CRYPTO_EccPrivateKeyBinaryEncoded * | ||
1250 | GNUNET_CRYPTO_ecc_encode_key (const struct GNUNET_CRYPTO_EccPrivateKey *key); | ||
1251 | |||
1252 | |||
1253 | /** | ||
1254 | * Decode the private key from the file-format back | ||
1255 | * to the "normal", internal format. | ||
1256 | * | ||
1257 | * @param buf the buffer where the private key data is stored | ||
1258 | * @param len the length of the data in 'buffer' | ||
1259 | * @return NULL on error | ||
1260 | */ | ||
1261 | struct GNUNET_CRYPTO_EccPrivateKey * | ||
1262 | GNUNET_CRYPTO_ecc_decode_key (const char *buf, | ||
1263 | size_t len); | ||
1264 | |||
1265 | |||
1266 | /** | ||
1267 | * Create a new private key by reading it from a file. If the | ||
1268 | * files does not exist, create a new key and write it to the | ||
1269 | * file. Caller must free return value. Note that this function | ||
1270 | * can not guarantee that another process might not be trying | ||
1271 | * the same operation on the same file at the same time. | ||
1272 | * If the contents of the file | ||
1273 | * are invalid the old file is deleted and a fresh key is | ||
1274 | * created. | ||
1275 | * | ||
1276 | * @return new private key, NULL on error (for example, | ||
1277 | * permission denied) | ||
1278 | */ | ||
1279 | struct GNUNET_CRYPTO_EccPrivateKey * | ||
1280 | GNUNET_CRYPTO_ecc_key_create_from_file (const char *filename); | ||
1281 | |||
1282 | |||
1283 | /** | ||
1284 | * Handle to cancel private key generation and state for the | ||
1285 | * key generation operation. | ||
1286 | */ | ||
1287 | struct GNUNET_CRYPTO_EccKeyGenerationContext; | ||
1288 | |||
1289 | |||
1290 | /** | ||
1291 | * Create a new private key by reading it from a file. If the files | ||
1292 | * does not exist, create a new key and write it to the file. If the | ||
1293 | * contents of the file are invalid the old file is deleted and a | ||
1294 | * fresh key is created. | ||
1295 | * | ||
1296 | * @param filename name of file to use for storage | ||
1297 | * @param cont function to call when done (or on errors) | ||
1298 | * @param cont_cls closure for 'cont' | ||
1299 | * @return handle to abort operation, NULL on fatal errors (cont will not be called if NULL is returned) | ||
1300 | */ | ||
1301 | struct GNUNET_CRYPTO_EccKeyGenerationContext * | ||
1302 | GNUNET_CRYPTO_ecc_key_create_start (const char *filename, | ||
1303 | GNUNET_CRYPTO_EccKeyCallback cont, | ||
1304 | void *cont_cls); | ||
1305 | |||
1306 | |||
1307 | /** | ||
1308 | * Abort ECC key generation. | ||
1309 | * | ||
1310 | * @param gc key generation context to abort | ||
1311 | */ | ||
1312 | void | ||
1313 | GNUNET_CRYPTO_ecc_key_create_stop (struct GNUNET_CRYPTO_EccKeyGenerationContext *gc); | ||
1314 | |||
1315 | /** | ||
1316 | * Setup a hostkey file for a peer given the name of the | ||
1317 | * configuration file (!). This function is used so that | ||
1318 | * at a later point code can be certain that reading a | ||
1319 | * hostkey is fast (for example in time-dependent testcases). | ||
1320 | * | ||
1321 | * @param cfg_name name of the configuration file to use | ||
1322 | */ | ||
1323 | void | ||
1324 | GNUNET_CRYPTO_ecc_setup_hostkey (const char *cfg_name); | ||
1325 | |||
1326 | |||
1327 | /** | ||
1328 | * Encrypt a block with the public key of another host that uses the | ||
1329 | * same cipher. | ||
1330 | * | ||
1331 | * @param block the block to encrypt | ||
1332 | * @param size the size of block | ||
1333 | * @param publicKey the encoded public key used to encrypt | ||
1334 | * @param target where to store the encrypted block | ||
1335 | * @returns GNUNET_SYSERR on error, GNUNET_OK if ok | ||
1336 | */ | ||
1337 | int | ||
1338 | GNUNET_CRYPTO_ecc_encrypt (const void *block, size_t size, | ||
1339 | const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded | ||
1340 | *publicKey, | ||
1341 | struct GNUNET_CRYPTO_EccEncryptedData *target); | ||
1342 | |||
1343 | |||
1344 | /** | ||
1345 | * Decrypt a given block with the hostkey. | ||
1346 | * | ||
1347 | * @param key the key with which to decrypt this block | ||
1348 | * @param block the data to decrypt, encoded as returned by encrypt | ||
1349 | * @param result pointer to a location where the result can be stored | ||
1350 | * @param max the maximum number of bits to store for the result, if | ||
1351 | * the decrypted block is bigger, an error is returned | ||
1352 | * @return the size of the decrypted block, -1 on error | ||
1353 | */ | ||
1354 | ssize_t | ||
1355 | GNUNET_CRYPTO_ecc_decrypt (const struct GNUNET_CRYPTO_EccPrivateKey *key, | ||
1356 | const struct GNUNET_CRYPTO_EccEncryptedData *block, | ||
1357 | void *result, size_t max); | ||
1358 | |||
1359 | |||
1360 | /** | ||
1361 | * Sign a given block. | ||
1362 | * | ||
1363 | * @param key private key to use for the signing | ||
1364 | * @param purpose what to sign (size, purpose) | ||
1365 | * @param sig where to write the signature | ||
1366 | * @return GNUNET_SYSERR on error, GNUNET_OK on success | ||
1367 | */ | ||
1368 | int | ||
1369 | GNUNET_CRYPTO_ecc_sign (const struct GNUNET_CRYPTO_EccPrivateKey *key, | ||
1370 | const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, | ||
1371 | struct GNUNET_CRYPTO_EccSignature *sig); | ||
1372 | |||
1373 | |||
1374 | /** | ||
1375 | * Verify signature. | ||
1376 | * | ||
1377 | * @param purpose what is the purpose that the signature should have? | ||
1378 | * @param validate block to validate (size, purpose, data) | ||
1379 | * @param sig signature that is being validated | ||
1380 | * @param publicKey public key of the signer | ||
1381 | * @returns GNUNET_OK if ok, GNUNET_SYSERR if invalid | ||
1382 | */ | ||
1383 | int | ||
1384 | GNUNET_CRYPTO_ecc_verify (uint32_t purpose, | ||
1385 | const struct GNUNET_CRYPTO_EccSignaturePurpose | ||
1386 | *validate, | ||
1387 | const struct GNUNET_CRYPTO_EccSignature *sig, | ||
1388 | const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded | ||
1389 | *publicKey); | ||
1390 | |||
1391 | |||
1392 | /** | ||
1071 | * This function should only be called in testcases | 1393 | * This function should only be called in testcases |
1072 | * where strong entropy gathering is not desired | 1394 | * where strong entropy gathering is not desired |
1073 | * (for example, for hostkey generation). | 1395 | * (for example, for hostkey generation). |