1 files changed, 33 insertions, 486 deletions

diff --git a/src/include/gnunet_identity_service.h b/src/include/gnunet_identity_service.h
index 227c7f486..270f4d26f 100644
--- a/src/include/gnunet_identity_service.h
+++ b/src/include/gnunet_identity_service.h
@@ -1,6 +1,6 @@
 /*
      This file is part of GNUnet.
-     Copyright (C) 2013 GNUnet e.V.
+     Copyright (C) 2013--2023 GNUnet e.V.
 
      GNUnet is free software: you can redistribute it and/or modify it
      under the terms of the GNU Affero General Public License as published
@@ -19,6 +19,9 @@
  */
 
 /**
+ * @addtogroup egos  Ego management
+ * @{
+ *
  * @author Christian Grothoff
  *
  * @file
@@ -42,6 +45,7 @@
 #ifndef GNUNET_IDENTITY_SERVICE_H
 #define GNUNET_IDENTITY_SERVICE_H
 
+#include "gnunet_common.h"
 #ifdef __cplusplus
 extern "C" {
 #if 0 /* keep Emacsens' auto-indent happy */
@@ -49,6 +53,7 @@ extern "C" {
 #endif
 #endif
 
+
 #include "gnunet_util_lib.h"
 
 
@@ -57,20 +62,6 @@ extern "C" {
  */
 #define GNUNET_IDENTITY_VERSION 0x00000100
 
-enum GNUNET_IDENTITY_KeyType
-{
-  /**
-   * The identity type. The value is the same as the
-   * PKEY record type.
-   */
-  GNUNET_IDENTITY_TYPE_ECDSA = 65536,
-
-  /**
-   * EDDSA identity. The value is the same as the EDKEY
-   * record type.
-   */
-  GNUNET_IDENTITY_TYPE_EDDSA = 65556
-};
 
 /**
  * Handle to access the identity service.
@@ -82,90 +73,6 @@ struct GNUNET_IDENTITY_Handle;
  */
 struct GNUNET_IDENTITY_Ego;
 
-// FIXME: these types are NOT packed,
-// NOT 64-bit aligned, but used in messages!!??
-
-/**
- * A private key for an identity as per LSD0001.
- */
-struct GNUNET_IDENTITY_PrivateKey
-{
-  /**
-   * Type of public key.
-   * Defined by the GNS zone type value.
-   * In NBO.
-   */
-  uint32_t type;
-
-  union
-  {
-    /**
-     * An ECDSA identity key.
-     */
-    struct GNUNET_CRYPTO_EcdsaPrivateKey ecdsa_key;
-
-    /**
-     * AN EdDSA identtiy key
-     */
-    struct GNUNET_CRYPTO_EddsaPrivateKey eddsa_key;
-  };
-};
-
-
-/**
- * An identity key as per LSD0001.
- */
-struct GNUNET_IDENTITY_PublicKey
-{
-  /**
-   * Type of public key.
-   * Defined by the GNS zone type value.
-   * In NBO.
-   */
-  uint32_t type;
-
-  union
-  {
-    /**
-     * An ECDSA identity key.
-     */
-    struct GNUNET_CRYPTO_EcdsaPublicKey ecdsa_key;
-
-    /**
-     * AN EdDSA identtiy key
-     */
-    struct GNUNET_CRYPTO_EddsaPublicKey eddsa_key;
-  };
-};
-
-
-/**
- * An identity signature as per LSD0001.
- */
-struct GNUNET_IDENTITY_Signature
-{
-  /**
-   * Type of signature.
-   * Defined by the GNS zone type value.
-   * In NBO.
-   */
-  uint32_t type;
-
-  union
-  {
-    /**
-     * An ECDSA signature
-     */
-    struct GNUNET_CRYPTO_EcdsaSignature ecdsa_signature;
-
-    /**
-     * AN EdDSA signature
-     */
-    struct GNUNET_CRYPTO_EddsaSignature eddsa_signature;
-  };
-};
-
-
 /**
  * Handle for an operation with the identity service.
  */
@@ -178,7 +85,7 @@ struct GNUNET_IDENTITY_Operation;
  * @param ego the ego
  * @return associated ECC key, valid as long as the ego is valid
  */
-const struct GNUNET_IDENTITY_PrivateKey *
+const struct GNUNET_CRYPTO_PrivateKey *
 GNUNET_IDENTITY_ego_get_private_key (const struct GNUNET_IDENTITY_Ego *ego);
 
 
@@ -199,7 +106,17 @@ GNUNET_IDENTITY_ego_get_anonymous (void);
  */
 void
 GNUNET_IDENTITY_ego_get_public_key (struct GNUNET_IDENTITY_Ego *ego,
-                                    struct GNUNET_IDENTITY_PublicKey *pk);
+                                    struct GNUNET_CRYPTO_PublicKey *pk);
+
+
+/**
+ * Obtain the name associated with an ego.
+ *
+ * @param ego the ego
+ * @return associated name, valid as long as the ego is valid
+ */
+const char*
+GNUNET_IDENTITY_ego_get_name (const struct GNUNET_IDENTITY_Ego *ego);
 
 
 /**
@@ -277,11 +194,11 @@ GNUNET_IDENTITY_get (struct GNUNET_IDENTITY_Handle *id,
  * been completed.
  *
  * @param cls closure
- * @param emsg NULL on success, otherwise an error message
+ * @param ec the #GNUNET_ErrorCode
  */
 typedef void
 (*GNUNET_IDENTITY_Continuation) (void *cls,
-                                 const char *emsg);
+                                 enum GNUNET_ErrorCode ec);
 
 
 /**
@@ -317,13 +234,13 @@ GNUNET_IDENTITY_disconnect (struct GNUNET_IDENTITY_Handle *h);
  *
  * @param cls closure
  * @param pk private key, NULL on error
- * @param emsg error message, NULL on success
+ * @param ec the #GNUNET_ErrorCode
  */
 typedef void
 (*GNUNET_IDENTITY_CreateContinuation) (
   void *cls,
-  const struct GNUNET_IDENTITY_PrivateKey *pk,
-  const char *emsg);
+  const struct GNUNET_CRYPTO_PrivateKey *pk,
+  enum GNUNET_ErrorCode ec);
 
 
 /**
@@ -340,8 +257,8 @@ typedef void
 struct GNUNET_IDENTITY_Operation *
 GNUNET_IDENTITY_create (struct GNUNET_IDENTITY_Handle *id,
                         const char *name,
-                        const struct GNUNET_IDENTITY_PrivateKey *privkey,
-                        enum GNUNET_IDENTITY_KeyType ktype,
+                        const struct GNUNET_CRYPTO_PrivateKey *privkey,
+                        enum GNUNET_CRYPTO_KeyType ktype,
                         GNUNET_IDENTITY_CreateContinuation cont,
                         void *cont_cls);
 
@@ -392,378 +309,6 @@ void
 GNUNET_IDENTITY_cancel (struct GNUNET_IDENTITY_Operation *op);
 
 
-/**
- * Get the compacted length of a #GNUNET_IDENTITY_PublicKey.
- * Compacted means that it returns the minimum number of bytes this
- * key is long, as opposed to the union structure inside
- * #GNUNET_IDENTITY_PublicKey.
- * Useful for compact serializations.
- *
- * @param key the key.
- * @return -1 on error, else the compacted length of the key.
- */
-ssize_t
-GNUNET_IDENTITY_key_get_length (const struct GNUNET_IDENTITY_PublicKey *key);
-
-
-/**
- * Reads a #GNUNET_IDENTITY_PublicKey from a compact buffer.
- * The buffer has to contain at least the compacted length of
- * a #GNUNET_IDENTITY_PublicKey in bytes.
- * If the buffer is too small, the function returns -1 as error.
- * If the buffer does not contain a valid key, it returns -2 as error.
- *
- * @param key the key
- * @param buffer the buffer
- * @param len the length of buffer
- * @return -1 or -2 on error, else the amount of bytes read from the buffer
- */
-ssize_t
-GNUNET_IDENTITY_read_key_from_buffer (struct GNUNET_IDENTITY_PublicKey *key,
-                                      const void*buffer,
-                                      size_t len);
-
-
-/**
- * Writes a #GNUNET_IDENTITY_PublicKey to a compact buffer.
- * The buffer requires space for at least the compacted length of
- * a #GNUNET_IDENTITY_PublicKey in bytes.
- * If the buffer is too small, the function returns -1 as error.
- * If the key is not valid, it returns -2 as error.
- *
- * @param key the key
- * @param buffer the buffer
- * @param len the length of buffer
- * @return -1 or -2 on error, else the amount of bytes written to the buffer
- */
-ssize_t
-GNUNET_IDENTITY_write_key_to_buffer (const struct
-                                     GNUNET_IDENTITY_PublicKey *key,
-                                     void*buffer,
-                                     size_t len);
-
-
-/**
- * Get the compacted length of a #GNUNET_IDENTITY_Signature.
- * Compacted means that it returns the minimum number of bytes this
- * signature is long, as opposed to the union structure inside
- * #GNUNET_IDENTITY_Signature.
- * Useful for compact serializations.
- *
- * @param sig the signature.
- * @return -1 on error, else the compacted length of the signature.
- */
-ssize_t
-GNUNET_IDENTITY_signature_get_length (const struct
-                                      GNUNET_IDENTITY_Signature *sig);
-
-
-/**
- * Get the compacted length of a signature by type.
- * Compacted means that it returns the minimum number of bytes this
- * signature is long, as opposed to the union structure inside
- * #GNUNET_IDENTITY_Signature.
- * Useful for compact serializations.
- *
- * @param sig the signature.
- * @return -1 on error, else the compacted length of the signature.
- */
-ssize_t
-GNUNET_IDENTITY_signature_get_raw_length_by_type (const uint32_t type);
-
-
-
-/**
- * Reads a #GNUNET_IDENTITY_Signature from a compact buffer.
- * The buffer has to contain at least the compacted length of
- * a #GNUNET_IDENTITY_Signature in bytes.
- * If the buffer is too small, the function returns -1 as error.
- * If the buffer does not contain a valid key, it returns -2 as error.
- *
- * @param sig the signature
- * @param buffer the buffer
- * @param len the length of buffer
- * @return -1 or -2 on error, else the amount of bytes read from the buffer
- */
-ssize_t
-GNUNET_IDENTITY_read_signature_from_buffer (struct
-                                            GNUNET_IDENTITY_Signature *sig,
-                                            const void*buffer,
-                                            size_t len);
-
-
-/**
- * Writes a #GNUNET_IDENTITY_Signature to a compact buffer.
- * The buffer requires space for at least the compacted length of
- * a #GNUNET_IDENTITY_Signature in bytes.
- * If the buffer is too small, the function returns -1 as error.
- * If the key is not valid, it returns -2 as error.
- *
- * @param sig the signature
- * @param buffer the buffer
- * @param len the length of buffer
- * @return -1 or -2 on error, else the amount of bytes written to the buffer
- */
-ssize_t
-GNUNET_IDENTITY_write_signature_to_buffer (const struct
-                                           GNUNET_IDENTITY_Signature *sig,
-                                           void*buffer,
-                                           size_t len);
-
-
-/**
- * @brief Sign a given block.
- *
- * The @a purpose data is the beginning of the data of which the signature is
- * to be created. The `size` field in @a purpose must correctly indicate the
- * number of bytes of the data structure, including its header. If possible,
- * use #GNUNET_IDENTITY_sign() instead of this function.
- *
- * @param priv private key to use for the signing
- * @param purpose what to sign (size, purpose)
- * @param[out] sig where to write the signature
- * @return #GNUNET_SYSERR on error, #GNUNET_OK on success
- */
-enum GNUNET_GenericReturnValue
-GNUNET_IDENTITY_sign_ (const struct
-                       GNUNET_IDENTITY_PrivateKey *priv,
-                       const struct
-                       GNUNET_CRYPTO_EccSignaturePurpose *purpose,
-                       struct GNUNET_IDENTITY_Signature *sig);
-
-/**
- * @brief Sign a given block.
- *
- * The @a purpose data is the beginning of the data of which the signature is
- * to be created. The `size` field in @a purpose must correctly indicate the
- * number of bytes of the data structure, including its header.
- * The signature payload and length depends on the key type.
- *
- * @param priv private key to use for the signing
- * @param purpose what to sign (size, purpose)
- * @param[out] sig where to write the signature
- * @return #GNUNET_SYSERR on error, #GNUNET_OK on success
- */
-enum GNUNET_GenericReturnValue
-GNUNET_IDENTITY_sign_raw_ (const struct
-                           GNUNET_IDENTITY_PrivateKey *priv,
-                           const struct
-                           GNUNET_CRYPTO_EccSignaturePurpose *purpose,
-                           unsigned char *sig);
-
-
-/**
- * @brief Sign a given block with #GNUNET_IDENTITY_PrivateKey.
- *
- * The @a ps data must be a fixed-size struct for which the signature is to be
- * created. The `size` field in @a ps->purpose must correctly indicate the
- * number of bytes of the data structure, including its header.
- *
- * @param priv private key to use for the signing
- * @param ps packed struct with what to sign, MUST begin with a purpose
- * @param[out] sig where to write the signature
- */
-#define GNUNET_IDENTITY_sign(priv,ps,sig) do {                \
-    /* check size is set correctly */                                     \
-    GNUNET_assert (ntohl ((ps)->purpose.size) == sizeof (*(ps)));         \
-    /* check 'ps' begins with the purpose */                              \
-    GNUNET_static_assert (((void*) (ps)) ==                               \
-                          ((void*) &(ps)->purpose));                      \
-    GNUNET_assert (GNUNET_OK ==                                           \
-                   GNUNET_IDENTITY_sign_ (priv,               \
-                                          &(ps)->purpose,             \
-                                          sig));                      \
-} while (0)
-
-
-/**
- * @brief Verify a given signature.
- *
- * The @a validate data is the beginning of the data of which the signature
- * is to be verified. The `size` field in @a validate must correctly indicate
- * the number of bytes of the data structure, including its header.  If @a
- * purpose does not match the purpose given in @a validate (the latter must be
- * in big endian), signature verification fails.  If possible,
- * use #GNUNET_IDENTITY_signature_verify() instead of this function (only if @a validate
- * is not fixed-size, you must use this function directly).
- *
- * @param purpose what is the purpose that the signature should have?
- * @param validate block to validate (size, purpose, data)
- * @param sig signature that is being validated
- * @param pub public key of the signer
- * @returns #GNUNET_OK if ok, #GNUNET_SYSERR if invalid
- */
-enum GNUNET_GenericReturnValue
-GNUNET_IDENTITY_signature_verify_ (uint32_t purpose,
-                                   const struct
-                                   GNUNET_CRYPTO_EccSignaturePurpose *validate,
-                                   const struct GNUNET_IDENTITY_Signature *sig,
-                                   const struct
-                                   GNUNET_IDENTITY_PublicKey *pub);
-
-/**
- * @brief Verify a given signature.
- *
- * The @a validate data is the beginning of the data of which the signature
- * is to be verified. The `size` field in @a validate must correctly indicate
- * the number of bytes of the data structure, including its header.  If @a
- * purpose does not match the purpose given in @a validate (the latter must be
- * in big endian), signature verification fails.
- *
- * @param purpose what is the purpose that the signature should have?
- * @param validate block to validate (size, purpose, data)
- * @param sig signature that is being validated
- * @param pub public key of the signer
- * @returns #GNUNET_OK if ok, #GNUNET_SYSERR if invalid
- */
-enum GNUNET_GenericReturnValue
-GNUNET_IDENTITY_signature_verify_raw_ (uint32_t purpose,
-                                       const struct
-                                       GNUNET_CRYPTO_EccSignaturePurpose *
-                                       validate,
-                                       const unsigned char *sig,
-                                       const struct
-                                       GNUNET_IDENTITY_PublicKey *pub);
-
-
-/**
- * @brief Verify a given signature with #GNUNET_IDENTITY_PublicKey.
- *
- * The @a ps data must be a fixed-size struct for which the signature is to be
- * created. The `size` field in @a ps->purpose must correctly indicate the
- * number of bytes of the data structure, including its header.
- *
- * @param purp purpose of the signature, must match 'ps->purpose.purpose'
- *              (except in host byte order)
- * @param ps packed struct with what to sign, MUST begin with a purpose
- * @param sig where to read the signature from
- * @param pub public key to use for the verifying
- */
-#define GNUNET_IDENTITY_signature_verify(purp,ps,sig,pub) ({             \
-    /* check size is set correctly */                                     \
-    GNUNET_assert (ntohl ((ps)->purpose.size) == sizeof (*(ps)));         \
-    /* check 'ps' begins with the purpose */                              \
-    GNUNET_static_assert (((void*) (ps)) ==                               \
-                          ((void*) &(ps)->purpose));                      \
-    GNUNET_IDENTITY_signature_verify_ (purp,                              \
-                                       &(ps)->purpose,                    \
-                                       sig,                               \
-                                       pub);                              \
-  })
-
-
-/**
- * Encrypt a block with #GNUNET_IDENTITY_PublicKey and derives a
- * #GNUNET_CRYPTO_EcdhePublicKey which is required for decryption
- * using ecdh to derive a symmetric key.
- *
- * @param block the block to encrypt
- * @param size the size of the @a block
- * @param pub public key to use for ecdh
- * @param ecc where to write the ecc public key
- * @param result the output parameter in which to store the encrypted result
- *               can be the same or overlap with @c block
- * @returns the size of the encrypted block, -1 for errors.
- *          Due to the use of CFB and therefore an effective stream cipher,
- *          this size should be the same as @c len.
- */
-ssize_t
-GNUNET_IDENTITY_encrypt (const void *block,
-                         size_t size,
-                         const struct GNUNET_IDENTITY_PublicKey *pub,
-                         struct GNUNET_CRYPTO_EcdhePublicKey *ecc,
-                         void *result);
-
-
-/**
- * Decrypt a given block with #GNUNET_IDENTITY_PrivateKey and a given
- * #GNUNET_CRYPTO_EcdhePublicKey using ecdh to derive a symmetric key.
- *
- * @param block the data to decrypt, encoded as returned by encrypt
- * @param size the size of the @a block to decrypt
- * @param priv private key to use for ecdh
- * @param ecc the ecc public key
- * @param result address to store the result at
- *               can be the same or overlap with @c block
- * @return -1 on failure, size of decrypted block on success.
- *         Due to the use of CFB and therefore an effective stream cipher,
- *         this size should be the same as @c size.
- */
-ssize_t
-GNUNET_IDENTITY_decrypt (const void *block,
-                         size_t size,
-                         const struct
-                         GNUNET_IDENTITY_PrivateKey *priv,
-                         const struct
-                         GNUNET_CRYPTO_EcdhePublicKey *ecc,
-                         void *result);
-
-
-/**
- * Creates a (Base32) string representation of the public key.
- * The resulting string encodes a compacted representation of the key.
- * See also #GNUNET_IDENTITY_key_get_length.
- *
- * @param key the key.
- * @return the string representation of the key, or NULL on error.
- */
-char *
-GNUNET_IDENTITY_public_key_to_string (const struct
-                                      GNUNET_IDENTITY_PublicKey *key);
-
-
-/**
- * Creates a (Base32) string representation of the private key.
- * The resulting string encodes a compacted representation of the key.
- * See also #GNUNET_IDENTITY_key_get_length.
- *
- * @param key the key.
- * @return the string representation of the key, or NULL on error.
- */
-char *
-GNUNET_IDENTITY_private_key_to_string (const struct
-                                       GNUNET_IDENTITY_PrivateKey *key);
-
-
-/**
- * Parses a (Base32) string representation of the public key.
- * See also #GNUNET_IDENTITY_public_key_to_string.
- *
- * @param str the encoded key.
- * @param key where to write the key.
- * @return GNUNET_SYSERR on error.
- */
-enum GNUNET_GenericReturnValue
-GNUNET_IDENTITY_public_key_from_string (const char*str,
-                                        struct GNUNET_IDENTITY_PublicKey *key);
-
-
-/**
- * Parses a (Base32) string representation of the private key.
- * See also #GNUNET_IDENTITY_private_key_to_string.
- *
- * @param str the encoded key.
- * @param key where to write the key.
- * @return GNUNET_SYSERR on error.
- */
-enum GNUNET_GenericReturnValue
-GNUNET_IDENTITY_private_key_from_string (const char*str,
-                                         struct GNUNET_IDENTITY_PrivateKey *key);
-
-
-/**
- * Retrieves the public key representation of a private key.
- *
- * @param privkey the private key.
- * @param key the public key result.
- * @return GNUNET_SYSERR on error.
- */
-enum GNUNET_GenericReturnValue
-GNUNET_IDENTITY_key_get_public (const struct
-                                GNUNET_IDENTITY_PrivateKey *privkey,
-                                struct GNUNET_IDENTITY_PublicKey *key);
-
-
 /* ************* convenience API to lookup an ego ***************** */
 
 /**
@@ -816,7 +361,7 @@ GNUNET_IDENTITY_ego_lookup_cancel (struct GNUNET_IDENTITY_EgoLookup *el);
 typedef void
 (*GNUNET_IDENTITY_EgoSuffixCallback) (
   void *cls,
-  const struct GNUNET_IDENTITY_PrivateKey *priv,
+  const struct GNUNET_CRYPTO_PrivateKey *priv,
   const char *ego_name);
 
 
@@ -839,11 +384,11 @@ struct GNUNET_IDENTITY_EgoSuffixLookup;
  * @return handle to abort the operation
  */
 struct GNUNET_IDENTITY_EgoSuffixLookup *
-GNUNET_IDENTITY_ego_lookup_by_suffix (const struct
-                                      GNUNET_CONFIGURATION_Handle *cfg,
-                                      const char *suffix,
-                                      GNUNET_IDENTITY_EgoSuffixCallback cb,
-                                      void *cb_cls);
+GNUNET_IDENTITY_ego_lookup_by_suffix (
+  const struct GNUNET_CONFIGURATION_Handle *cfg,
+  const char *suffix,
+  GNUNET_IDENTITY_EgoSuffixCallback cb,
+  void *cb_cls);
 
 
 /**
@@ -868,4 +413,6 @@ GNUNET_IDENTITY_ego_lookup_by_suffix_cancel (
 
 /** @} */ /* end of group identity */
 
+/** @} */ /* end of group addition */
+
 /* end of gnunet_identity_service.h */