1 files changed, 33 insertions, 425 deletions
diff --git a/src/include/gnunet_identity_service.h b/src/include/gnunet_identity_service.h
index c123983e2..270f4d26f 100644
--- a/src/include/gnunet_identity_service.h
+++ b/src/include/gnunet_identity_service.h
@@ -1,6 +1,6 @@
 /*
     This file is part of GNUnet.
-     Copyright (C) 2013 GNUnet e.V.
+     Copyright (C) 2013--2023 GNUnet e.V.
     GNUnet is free software: you can redistribute it and/or modify it
     under the terms of the GNU Affero General Public License as published
@@ -19,6 +19,9 @@
 */
 /**
+ * @addtogroup egos  Ego management
+ * @{
+ *
 * @author Christian Grothoff
 *
 * @file
@@ -42,6 +45,7 @@
 #ifndef GNUNET_IDENTITY_SERVICE_H
 #define GNUNET_IDENTITY_SERVICE_H
+#include "gnunet_common.h"
 #ifdef __cplusplus
 extern "C" {
 #if 0 /* keep Emacsens' auto-indent happy */
@@ -49,6 +53,7 @@ extern "C" {
 #endif
 #endif
 #include "gnunet_util_lib.h"
@@ -57,20 +62,6 @@ extern "C" {
 */
 #define GNUNET_IDENTITY_VERSION 0x00000100
-enum GNUNET_IDENTITY_KeyType
-{
-  /**
-   * The identity type. The value is the same as the
-   * PKEY record type.
-   */
-  GNUNET_IDENTITY_TYPE_ECDSA = 65536,
-  /**
-   * EDDSA identity. The value is the same as the EDKEY
-   * record type.
-   */
-  GNUNET_IDENTITY_TYPE_EDDSA = 65556
-};
 /**
 * Handle to access the identity service.
@@ -82,88 +73,6 @@ struct GNUNET_IDENTITY_Handle;
 */
 struct GNUNET_IDENTITY_Ego;
-/**
- * A private key for an identity as per LSD0001.
- */
-struct GNUNET_IDENTITY_PrivateKey
-{
-  /**
-   * Type of public key.
-   * Defined by the GNS zone type value.
-   * In NBO.
-   */
-  uint32_t type;
-  union
-  {
-    /**
-     * An ECDSA identity key.
-     */
-    struct GNUNET_CRYPTO_EcdsaPrivateKey ecdsa_key;
-    /**
-     * AN EdDSA identtiy key
-     */
-    struct GNUNET_CRYPTO_EddsaPrivateKey eddsa_key;
-  };
-};
-/**
- * An identity key as per LSD0001.
- */
-struct GNUNET_IDENTITY_PublicKey
-{
-  /**
-   * Type of public key.
-   * Defined by the GNS zone type value.
-   * In NBO.
-   */
-  uint32_t type;
-  union
-  {
-    /**
-     * An ECDSA identity key.
-     */
-    struct GNUNET_CRYPTO_EcdsaPublicKey ecdsa_key;
-    /**
-     * AN EdDSA identtiy key
-     */
-    struct GNUNET_CRYPTO_EddsaPublicKey eddsa_key;
-  };
-};
-/**
- * An identity signature as per LSD0001.
- */
-struct GNUNET_IDENTITY_Signature
-{
-  /**
-   * Type of signature.
-   * Defined by the GNS zone type value.
-   * In NBO.
-   */
-  uint32_t type;
-  union
-  {
-    /**
-     * An ECDSA signature
-     */
-    struct GNUNET_CRYPTO_EcdsaSignature ecdsa_signature;
-    /**
-     * AN EdDSA signature
-     */
-    struct GNUNET_CRYPTO_EddsaSignature eddsa_signature;
-  };
-};
 /**
 * Handle for an operation with the identity service.
 */
@@ -176,7 +85,7 @@ struct GNUNET_IDENTITY_Operation;
 * @param ego the ego
 * @return associated ECC key, valid as long as the ego is valid
 */
-const struct GNUNET_IDENTITY_PrivateKey *
+const struct GNUNET_CRYPTO_PrivateKey *
 GNUNET_IDENTITY_ego_get_private_key (const struct GNUNET_IDENTITY_Ego *ego);
@@ -197,7 +106,17 @@ GNUNET_IDENTITY_ego_get_anonymous (void);
 */
 void
 GNUNET_IDENTITY_ego_get_public_key (struct GNUNET_IDENTITY_Ego *ego,
-                                    struct GNUNET_IDENTITY_PublicKey *pk);
+                                    struct GNUNET_CRYPTO_PublicKey *pk);
+/**
+ * Obtain the name associated with an ego.
+ *
+ * @param ego the ego
+ * @return associated name, valid as long as the ego is valid
+ */
+const char*
+GNUNET_IDENTITY_ego_get_name (const struct GNUNET_IDENTITY_Ego *ego);
 /**
@@ -275,11 +194,11 @@ GNUNET_IDENTITY_get (struct GNUNET_IDENTITY_Handle *id,
 * been completed.
 *
 * @param cls closure
- * @param emsg NULL on success, otherwise an error message
+ * @param ec the #GNUNET_ErrorCode
 */
 typedef void
 (*GNUNET_IDENTITY_Continuation) (void *cls,
-                                 const char *emsg);
+                                 enum GNUNET_ErrorCode ec);
 /**
@@ -315,13 +234,13 @@ GNUNET_IDENTITY_disconnect (struct GNUNET_IDENTITY_Handle *h);
 *
 * @param cls closure
 * @param pk private key, NULL on error
- * @param emsg error message, NULL on success
+ * @param ec the #GNUNET_ErrorCode
 */
 typedef void
 (*GNUNET_IDENTITY_CreateContinuation) (
  void *cls,
-  const struct GNUNET_IDENTITY_PrivateKey *pk,
+  const struct GNUNET_CRYPTO_PrivateKey *pk,
-  const char *emsg);
+  enum GNUNET_ErrorCode ec);
 /**
@@ -338,8 +257,8 @@ typedef void
 struct GNUNET_IDENTITY_Operation *
 GNUNET_IDENTITY_create (struct GNUNET_IDENTITY_Handle *id,
                        const char *name,
-                        const struct GNUNET_IDENTITY_PrivateKey *privkey,
+                        const struct GNUNET_CRYPTO_PrivateKey *privkey,
-                        enum GNUNET_IDENTITY_KeyType ktype,
+                        enum GNUNET_CRYPTO_KeyType ktype,
                        GNUNET_IDENTITY_CreateContinuation cont,
                        void *cont_cls);
@@ -390,319 +309,6 @@ void
 GNUNET_IDENTITY_cancel (struct GNUNET_IDENTITY_Operation *op);
-/**
- * Get the compacted length of a #GNUNET_IDENTITY_PublicKey.
- * Compacted means that it returns the minimum number of bytes this
- * key is long, as opposed to the union structure inside
- * #GNUNET_IDENTITY_PublicKey.
- * Useful for compact serializations.
- *
- * @param key the key.
- * @return -1 on error, else the compacted length of the key.
- */
-ssize_t
-GNUNET_IDENTITY_key_get_length (const struct GNUNET_IDENTITY_PublicKey *key);
-/**
- * Reads a #GNUNET_IDENTITY_PublicKey from a compact buffer.
- * The buffer has to contain at least the compacted length of
- * a #GNUNET_IDENTITY_PublicKey in bytes.
- * If the buffer is too small, the function returns -1 as error.
- * If the buffer does not contain a valid key, it returns -2 as error.
- *
- * @param key the key
- * @param buffer the buffer
- * @param len the length of buffer
- * @return -1 or -2 on error, else the amount of bytes read from the buffer
- */
-ssize_t
-GNUNET_IDENTITY_read_key_from_buffer (struct GNUNET_IDENTITY_PublicKey *key,
-                                      const void*buffer,
-                                      size_t len);
-/**
- * Writes a #GNUNET_IDENTITY_PublicKey to a compact buffer.
- * The buffer requires space for at least the compacted length of
- * a #GNUNET_IDENTITY_PublicKey in bytes.
- * If the buffer is too small, the function returns -1 as error.
- * If the key is not valid, it returns -2 as error.
- *
- * @param key the key
- * @param buffer the buffer
- * @param len the length of buffer
- * @return -1 or -2 on error, else the amount of bytes written to the buffer
- */
-ssize_t
-GNUNET_IDENTITY_write_key_to_buffer (const struct
-                                     GNUNET_IDENTITY_PublicKey *key,
-                                     void*buffer,
-                                     size_t len);
-/**
- * Get the compacted length of a #GNUNET_IDENTITY_Signature.
- * Compacted means that it returns the minimum number of bytes this
- * signature is long, as opposed to the union structure inside
- * #GNUNET_IDENTITY_Signature.
- * Useful for compact serializations.
- *
- * @param sig the signature.
- * @return -1 on error, else the compacted length of the signature.
- */
-ssize_t
-GNUNET_IDENTITY_signature_get_length (const struct
-                                      GNUNET_IDENTITY_Signature *sig);
-/**
- * Reads a #GNUNET_IDENTITY_Signature from a compact buffer.
- * The buffer has to contain at least the compacted length of
- * a #GNUNET_IDENTITY_Signature in bytes.
- * If the buffer is too small, the function returns -1 as error.
- * If the buffer does not contain a valid key, it returns -2 as error.
- *
- * @param sig the signature
- * @param buffer the buffer
- * @param len the length of buffer
- * @return -1 or -2 on error, else the amount of bytes read from the buffer
- */
-ssize_t
-GNUNET_IDENTITY_read_signature_from_buffer (struct
-                                            GNUNET_IDENTITY_Signature *sig,
-                                            const void*buffer,
-                                            size_t len);
-/**
- * Writes a #GNUNET_IDENTITY_Signature to a compact buffer.
- * The buffer requires space for at least the compacted length of
- * a #GNUNET_IDENTITY_Signature in bytes.
- * If the buffer is too small, the function returns -1 as error.
- * If the key is not valid, it returns -2 as error.
- *
- * @param sig the signature
- * @param buffer the buffer
- * @param len the length of buffer
- * @return -1 or -2 on error, else the amount of bytes written to the buffer
- */
-ssize_t
-GNUNET_IDENTITY_write_signature_to_buffer (const struct
-                                           GNUNET_IDENTITY_Signature *sig,
-                                           void*buffer,
-                                           size_t len);
-/**
- * @brief Sign a given block.
- *
- * The @a purpose data is the beginning of the data of which the signature is
- * to be created. The `size` field in @a purpose must correctly indicate the
- * number of bytes of the data structure, including its header. If possible,
- * use #GNUNET_IDENTITY_sign() instead of this function.
- *
- * @param priv private key to use for the signing
- * @param purpose what to sign (size, purpose)
- * @param[out] sig where to write the signature
- * @return #GNUNET_SYSERR on error, #GNUNET_OK on success
- */
-int
-GNUNET_IDENTITY_sign_ (const struct
-                       GNUNET_IDENTITY_PrivateKey *priv,
-                       const struct
-                       GNUNET_CRYPTO_EccSignaturePurpose *purpose,
-                       struct GNUNET_IDENTITY_Signature *sig);
-/**
- * @brief Sign a given block with #GNUNET_IDENTITY_PrivateKey.
- *
- * The @a ps data must be a fixed-size struct for which the signature is to be
- * created. The `size` field in @a ps->purpose must correctly indicate the
- * number of bytes of the data structure, including its header.
- *
- * @param priv private key to use for the signing
- * @param ps packed struct with what to sign, MUST begin with a purpose
- * @param[out] sig where to write the signature
- */
-#define GNUNET_IDENTITY_sign(priv,ps,sig) do {                \
-    /* check size is set correctly */                                     \
-    GNUNET_assert (ntohl ((ps)->purpose.size) == sizeof (*(ps)));         \
-    /* check 'ps' begins with the purpose */                              \
-    GNUNET_static_assert (((void*) (ps)) ==                               \
-                          ((void*) &(ps)->purpose));                      \
-    GNUNET_assert (GNUNET_OK ==                                           \
-                   GNUNET_IDENTITY_sign_ (priv,               \
-                                          &(ps)->purpose,             \
-                                          sig));                      \
-} while (0)
-/**
- * @brief Verify a given signature.
- *
- * The @a validate data is the beginning of the data of which the signature
- * is to be verified. The `size` field in @a validate must correctly indicate
- * the number of bytes of the data structure, including its header.  If @a
- * purpose does not match the purpose given in @a validate (the latter must be
- * in big endian), signature verification fails.  If possible,
- * use #GNUNET_IDENTITY_signature_verify() instead of this function (only if @a validate
- * is not fixed-size, you must use this function directly).
- *
- * @param purpose what is the purpose that the signature should have?
- * @param validate block to validate (size, purpose, data)
- * @param sig signature that is being validated
- * @param pub public key of the signer
- * @returns #GNUNET_OK if ok, #GNUNET_SYSERR if invalid
- */
-int
-GNUNET_IDENTITY_signature_verify_ (uint32_t purpose,
-                                   const struct
-                                   GNUNET_CRYPTO_EccSignaturePurpose *validate,
-                                   const struct GNUNET_IDENTITY_Signature *sig,
-                                   const struct
-                                   GNUNET_IDENTITY_PublicKey *pub);
-/**
- * @brief Verify a given signature with #GNUNET_IDENTITY_PublicKey.
- *
- * The @a ps data must be a fixed-size struct for which the signature is to be
- * created. The `size` field in @a ps->purpose must correctly indicate the
- * number of bytes of the data structure, including its header.
- *
- * @param purp purpose of the signature, must match 'ps->purpose.purpose'
- *              (except in host byte order)
- * @param ps packed struct with what to sign, MUST begin with a purpose
- * @param sig where to read the signature from
- * @param pub public key to use for the verifying
- */
-#define GNUNET_IDENTITY_signature_verify(purp,ps,sig,pub) ({             \
-    /* check size is set correctly */                                     \
-    GNUNET_assert (ntohl ((ps)->purpose.size) == sizeof (*(ps)));         \
-    /* check 'ps' begins with the purpose */                              \
-    GNUNET_static_assert (((void*) (ps)) ==                               \
-                          ((void*) &(ps)->purpose));                      \
-    GNUNET_IDENTITY_signature_verify_ (purp,                              \
-                                       &(ps)->purpose,                    \
-                                       sig,                               \
-                                       pub);                              \
-  })
-/**
- * Encrypt a block with #GNUNET_IDENTITY_PublicKey and derives a
- * #GNUNET_CRYPTO_EcdhePublicKey which is required for decryption
- * using ecdh to derive a symmetric key.
- *
- * @param block the block to encrypt
- * @param size the size of the @a block
- * @param pub public key to use for ecdh
- * @param ecc where to write the ecc public key
- * @param result the output parameter in which to store the encrypted result
- *               can be the same or overlap with @c block
- * @returns the size of the encrypted block, -1 for errors.
- *          Due to the use of CFB and therefore an effective stream cipher,
- *          this size should be the same as @c len.
- */
-ssize_t
-GNUNET_IDENTITY_encrypt (const void *block,
-                         size_t size,
-                         const struct GNUNET_IDENTITY_PublicKey *pub,
-                         struct GNUNET_CRYPTO_EcdhePublicKey *ecc,
-                         void *result);
-/**
- * Decrypt a given block with #GNUNET_IDENTITY_PrivateKey and a given
- * #GNUNET_CRYPTO_EcdhePublicKey using ecdh to derive a symmetric key.
- *
- * @param block the data to decrypt, encoded as returned by encrypt
- * @param size the size of the @a block to decrypt
- * @param priv private key to use for ecdh
- * @param ecc the ecc public key
- * @param result address to store the result at
- *               can be the same or overlap with @c block
- * @return -1 on failure, size of decrypted block on success.
- *         Due to the use of CFB and therefore an effective stream cipher,
- *         this size should be the same as @c size.
- */
-ssize_t
-GNUNET_IDENTITY_decrypt (const void *block,
-                         size_t size,
-                         const struct
-                         GNUNET_IDENTITY_PrivateKey *priv,
-                         const struct
-                         GNUNET_CRYPTO_EcdhePublicKey *ecc,
-                         void *result);
-/**
- * Creates a (Base32) string representation of the public key.
- * The resulting string encodes a compacted representation of the key.
- * See also #GNUNET_IDENTITY_key_get_length.
- *
- * @param key the key.
- * @return the string representation of the key, or NULL on error.
- */
-char *
-GNUNET_IDENTITY_public_key_to_string (const struct
-                                      GNUNET_IDENTITY_PublicKey *key);
-/**
- * Creates a (Base32) string representation of the private key.
- * The resulting string encodes a compacted representation of the key.
- * See also #GNUNET_IDENTITY_key_get_length.
- *
- * @param key the key.
- * @return the string representation of the key, or NULL on error.
- */
-char *
-GNUNET_IDENTITY_private_key_to_string (const struct
-                                       GNUNET_IDENTITY_PrivateKey *key);
-/**
- * Parses a (Base32) string representation of the public key.
- * See also #GNUNET_IDENTITY_public_key_to_string.
- *
- * @param str the encoded key.
- * @param key where to write the key.
- * @return GNUNET_SYSERR on error.
- */
-enum GNUNET_GenericReturnValue
-GNUNET_IDENTITY_public_key_from_string (const char*str,
-                                        struct GNUNET_IDENTITY_PublicKey *key);
-/**
- * Parses a (Base32) string representation of the private key.
- * See also #GNUNET_IDENTITY_private_key_to_string.
- *
- * @param str the encoded key.
- * @param key where to write the key.
- * @return GNUNET_SYSERR on error.
- */
-enum GNUNET_GenericReturnValue
-GNUNET_IDENTITY_private_key_from_string (const char*str,
-                                         struct GNUNET_IDENTITY_PrivateKey *key);
-/**
- * Retrieves the public key representation of a private key.
- *
- * @param privkey the private key.
- * @param key the public key result.
- * @return GNUNET_SYSERR on error.
- */
-enum GNUNET_GenericReturnValue
-GNUNET_IDENTITY_key_get_public (const struct
-                                GNUNET_IDENTITY_PrivateKey *privkey,
-                                struct GNUNET_IDENTITY_PublicKey *key);
 /* ************* convenience API to lookup an ego ***************** */
 /**
@@ -755,7 +361,7 @@ GNUNET_IDENTITY_ego_lookup_cancel (struct GNUNET_IDENTITY_EgoLookup *el);
 typedef void
 (*GNUNET_IDENTITY_EgoSuffixCallback) (
  void *cls,
-  const struct GNUNET_IDENTITY_PrivateKey *priv,
+  const struct GNUNET_CRYPTO_PrivateKey *priv,
  const char *ego_name);
@@ -778,11 +384,11 @@ struct GNUNET_IDENTITY_EgoSuffixLookup;
 * @return handle to abort the operation
 */
 struct GNUNET_IDENTITY_EgoSuffixLookup *
-GNUNET_IDENTITY_ego_lookup_by_suffix (const struct
+GNUNET_IDENTITY_ego_lookup_by_suffix (
-                                      GNUNET_CONFIGURATION_Handle *cfg,
+  const struct GNUNET_CONFIGURATION_Handle *cfg,
-                                      const char *suffix,
+  const char *suffix,
-                                      GNUNET_IDENTITY_EgoSuffixCallback cb,
+  GNUNET_IDENTITY_EgoSuffixCallback cb,
-                                      void *cb_cls);
+  void *cb_cls);
 /**
@@ -807,4 +413,6 @@ GNUNET_IDENTITY_ego_lookup_by_suffix_cancel (
 /** @} */ /* end of group identity */
+/** @} */ /* end of group addition */
 /* end of gnunet_identity_service.h */

diff --git a/src/include/gnunet_identity_service.h b/src/include/gnunet_identity_service.h index c123983e2..270f4d26f 100644 --- a/src/include/gnunet_identity_service.h +++ b/src/include/gnunet_identity_service.h
@@ -1,6 +1,6 @@
1	/*	1	/*
2	This file is part of GNUnet.	2	This file is part of GNUnet.
3	Copyright (C) 2013 GNUnet e.V.	3	Copyright (C) 2013--2023 GNUnet e.V.
4		4
5	GNUnet is free software: you can redistribute it and/or modify it	5	GNUnet is free software: you can redistribute it and/or modify it
6	under the terms of the GNU Affero General Public License as published	6	under the terms of the GNU Affero General Public License as published
@@ -19,6 +19,9 @@
19	*/	19	*/
20		20
21	/**	21	/**
		22	* @addtogroup egos Ego management
		23	* @{
		24	*
22	* @author Christian Grothoff	25	* @author Christian Grothoff
23	*	26	*
24	* @file	27	* @file
@@ -42,6 +45,7 @@
42	#ifndef GNUNET_IDENTITY_SERVICE_H	45	#ifndef GNUNET_IDENTITY_SERVICE_H
43	#define GNUNET_IDENTITY_SERVICE_H	46	#define GNUNET_IDENTITY_SERVICE_H
44		47
		48	#include "gnunet_common.h"
45	#ifdef __cplusplus	49	#ifdef __cplusplus
46	extern "C" {	50	extern "C" {
47	#if 0 /* keep Emacsens' auto-indent happy */	51	#if 0 /* keep Emacsens' auto-indent happy */
@@ -49,6 +53,7 @@ extern "C" {
49	#endif	53	#endif
50	#endif	54	#endif
51		55
		56
52	#include "gnunet_util_lib.h"	57	#include "gnunet_util_lib.h"
53		58
54		59
@@ -57,20 +62,6 @@ extern "C" {
57	*/	62	*/
58	#define GNUNET_IDENTITY_VERSION 0x00000100	63	#define GNUNET_IDENTITY_VERSION 0x00000100
59		64
60	enum GNUNET_IDENTITY_KeyType
61	{
62	/**
63	* The identity type. The value is the same as the
64	* PKEY record type.
65	*/
66	GNUNET_IDENTITY_TYPE_ECDSA = 65536,
67
68	/**
69	* EDDSA identity. The value is the same as the EDKEY
70	* record type.
71	*/
72	GNUNET_IDENTITY_TYPE_EDDSA = 65556
73	};
74		65
75	/**	66	/**
76	* Handle to access the identity service.	67	* Handle to access the identity service.
@@ -82,88 +73,6 @@ struct GNUNET_IDENTITY_Handle;
82	*/	73	*/
83	struct GNUNET_IDENTITY_Ego;	74	struct GNUNET_IDENTITY_Ego;
84		75
85
86	/**
87	* A private key for an identity as per LSD0001.
88	*/
89	struct GNUNET_IDENTITY_PrivateKey
90	{
91	/**
92	* Type of public key.
93	* Defined by the GNS zone type value.
94	* In NBO.
95	*/
96	uint32_t type;
97
98	union
99	{
100	/**
101	* An ECDSA identity key.
102	*/
103	struct GNUNET_CRYPTO_EcdsaPrivateKey ecdsa_key;
104
105	/**
106	* AN EdDSA identtiy key
107	*/
108	struct GNUNET_CRYPTO_EddsaPrivateKey eddsa_key;
109	};
110	};
111
112
113	/**
114	* An identity key as per LSD0001.
115	*/
116	struct GNUNET_IDENTITY_PublicKey
117	{
118	/**
119	* Type of public key.
120	* Defined by the GNS zone type value.
121	* In NBO.
122	*/
123	uint32_t type;
124
125	union
126	{
127	/**
128	* An ECDSA identity key.
129	*/
130	struct GNUNET_CRYPTO_EcdsaPublicKey ecdsa_key;
131
132	/**
133	* AN EdDSA identtiy key
134	*/
135	struct GNUNET_CRYPTO_EddsaPublicKey eddsa_key;
136	};
137	};
138
139
140	/**
141	* An identity signature as per LSD0001.
142	*/
143	struct GNUNET_IDENTITY_Signature
144	{
145	/**
146	* Type of signature.
147	* Defined by the GNS zone type value.
148	* In NBO.
149	*/
150	uint32_t type;
151
152	union
153	{
154	/**
155	* An ECDSA signature
156	*/
157	struct GNUNET_CRYPTO_EcdsaSignature ecdsa_signature;
158
159	/**
160	* AN EdDSA signature
161	*/
162	struct GNUNET_CRYPTO_EddsaSignature eddsa_signature;
163	};
164	};
165
166
167	/**	76	/**
168	* Handle for an operation with the identity service.	77	* Handle for an operation with the identity service.
169	*/	78	*/
@@ -176,7 +85,7 @@ struct GNUNET_IDENTITY_Operation;
176	* @param ego the ego	85	* @param ego the ego
177	* @return associated ECC key, valid as long as the ego is valid	86	* @return associated ECC key, valid as long as the ego is valid
178	*/	87	*/
179	const struct GNUNET_IDENTITY_PrivateKey *	88	const struct GNUNET_CRYPTO_PrivateKey *
180	GNUNET_IDENTITY_ego_get_private_key (const struct GNUNET_IDENTITY_Ego *ego);	89	GNUNET_IDENTITY_ego_get_private_key (const struct GNUNET_IDENTITY_Ego *ego);
181		90
182		91
@@ -197,7 +106,17 @@ GNUNET_IDENTITY_ego_get_anonymous (void);
197	*/	106	*/
198	void	107	void
199	GNUNET_IDENTITY_ego_get_public_key (struct GNUNET_IDENTITY_Ego *ego,	108	GNUNET_IDENTITY_ego_get_public_key (struct GNUNET_IDENTITY_Ego *ego,
200	struct GNUNET_IDENTITY_PublicKey *pk);	109	struct GNUNET_CRYPTO_PublicKey *pk);
		110
		111
		112	/**
		113	* Obtain the name associated with an ego.
		114	*
		115	* @param ego the ego
		116	* @return associated name, valid as long as the ego is valid
		117	*/
		118	const char*
		119	GNUNET_IDENTITY_ego_get_name (const struct GNUNET_IDENTITY_Ego *ego);
201		120
202		121
203	/**	122	/**
@@ -275,11 +194,11 @@ GNUNET_IDENTITY_get (struct GNUNET_IDENTITY_Handle *id,
275	* been completed.	194	* been completed.
276	*	195	*
277	* @param cls closure	196	* @param cls closure
278	* @param emsg NULL on success, otherwise an error message	197	* @param ec the #GNUNET_ErrorCode
279	*/	198	*/
280	typedef void	199	typedef void
281	(GNUNET_IDENTITY_Continuation) (void cls,	200	(GNUNET_IDENTITY_Continuation) (void cls,
282	const char *emsg);	201	enum GNUNET_ErrorCode ec);
283		202
284		203
285	/**	204	/**
@@ -315,13 +234,13 @@ GNUNET_IDENTITY_disconnect (struct GNUNET_IDENTITY_Handle *h);
315	*	234	*
316	* @param cls closure	235	* @param cls closure
317	* @param pk private key, NULL on error	236	* @param pk private key, NULL on error
318	* @param emsg error message, NULL on success	237	* @param ec the #GNUNET_ErrorCode
319	*/	238	*/
320	typedef void	239	typedef void
321	(*GNUNET_IDENTITY_CreateContinuation) (	240	(*GNUNET_IDENTITY_CreateContinuation) (
322	void *cls,	241	void *cls,
323	const struct GNUNET_IDENTITY_PrivateKey *pk,	242	const struct GNUNET_CRYPTO_PrivateKey *pk,
324	const char *emsg);	243	enum GNUNET_ErrorCode ec);
325		244
326		245
327	/**	246	/**
@@ -338,8 +257,8 @@ typedef void
338	struct GNUNET_IDENTITY_Operation *	257	struct GNUNET_IDENTITY_Operation *
339	GNUNET_IDENTITY_create (struct GNUNET_IDENTITY_Handle *id,	258	GNUNET_IDENTITY_create (struct GNUNET_IDENTITY_Handle *id,
340	const char *name,	259	const char *name,
341	const struct GNUNET_IDENTITY_PrivateKey *privkey,	260	const struct GNUNET_CRYPTO_PrivateKey *privkey,
342	enum GNUNET_IDENTITY_KeyType ktype,	261	enum GNUNET_CRYPTO_KeyType ktype,
343	GNUNET_IDENTITY_CreateContinuation cont,	262	GNUNET_IDENTITY_CreateContinuation cont,
344	void *cont_cls);	263	void *cont_cls);
345		264
@@ -390,319 +309,6 @@ void
390	GNUNET_IDENTITY_cancel (struct GNUNET_IDENTITY_Operation *op);	309	GNUNET_IDENTITY_cancel (struct GNUNET_IDENTITY_Operation *op);
391		310
392		311
393	/**
394	* Get the compacted length of a #GNUNET_IDENTITY_PublicKey.
395	* Compacted means that it returns the minimum number of bytes this
396	* key is long, as opposed to the union structure inside
397	* #GNUNET_IDENTITY_PublicKey.
398	* Useful for compact serializations.
399	*
400	* @param key the key.
401	* @return -1 on error, else the compacted length of the key.
402	*/
403	ssize_t
404	GNUNET_IDENTITY_key_get_length (const struct GNUNET_IDENTITY_PublicKey *key);
405
406
407	/**
408	* Reads a #GNUNET_IDENTITY_PublicKey from a compact buffer.
409	* The buffer has to contain at least the compacted length of
410	* a #GNUNET_IDENTITY_PublicKey in bytes.
411	* If the buffer is too small, the function returns -1 as error.
412	* If the buffer does not contain a valid key, it returns -2 as error.
413	*
414	* @param key the key
415	* @param buffer the buffer
416	* @param len the length of buffer
417	* @return -1 or -2 on error, else the amount of bytes read from the buffer
418	*/
419	ssize_t
420	GNUNET_IDENTITY_read_key_from_buffer (struct GNUNET_IDENTITY_PublicKey *key,
421	const void*buffer,
422	size_t len);
423
424
425	/**
426	* Writes a #GNUNET_IDENTITY_PublicKey to a compact buffer.
427	* The buffer requires space for at least the compacted length of
428	* a #GNUNET_IDENTITY_PublicKey in bytes.
429	* If the buffer is too small, the function returns -1 as error.
430	* If the key is not valid, it returns -2 as error.
431	*
432	* @param key the key
433	* @param buffer the buffer
434	* @param len the length of buffer
435	* @return -1 or -2 on error, else the amount of bytes written to the buffer
436	*/
437	ssize_t
438	GNUNET_IDENTITY_write_key_to_buffer (const struct
439	GNUNET_IDENTITY_PublicKey *key,
440	void*buffer,
441	size_t len);
442
443
444	/**
445	* Get the compacted length of a #GNUNET_IDENTITY_Signature.
446	* Compacted means that it returns the minimum number of bytes this
447	* signature is long, as opposed to the union structure inside
448	* #GNUNET_IDENTITY_Signature.
449	* Useful for compact serializations.
450	*
451	* @param sig the signature.
452	* @return -1 on error, else the compacted length of the signature.
453	*/
454	ssize_t
455	GNUNET_IDENTITY_signature_get_length (const struct
456	GNUNET_IDENTITY_Signature *sig);
457
458
459	/**
460	* Reads a #GNUNET_IDENTITY_Signature from a compact buffer.
461	* The buffer has to contain at least the compacted length of
462	* a #GNUNET_IDENTITY_Signature in bytes.
463	* If the buffer is too small, the function returns -1 as error.
464	* If the buffer does not contain a valid key, it returns -2 as error.
465	*
466	* @param sig the signature
467	* @param buffer the buffer
468	* @param len the length of buffer
469	* @return -1 or -2 on error, else the amount of bytes read from the buffer
470	*/
471	ssize_t
472	GNUNET_IDENTITY_read_signature_from_buffer (struct
473	GNUNET_IDENTITY_Signature *sig,
474	const void*buffer,
475	size_t len);
476
477
478	/**
479	* Writes a #GNUNET_IDENTITY_Signature to a compact buffer.
480	* The buffer requires space for at least the compacted length of
481	* a #GNUNET_IDENTITY_Signature in bytes.
482	* If the buffer is too small, the function returns -1 as error.
483	* If the key is not valid, it returns -2 as error.
484	*
485	* @param sig the signature
486	* @param buffer the buffer
487	* @param len the length of buffer
488	* @return -1 or -2 on error, else the amount of bytes written to the buffer
489	*/
490	ssize_t
491	GNUNET_IDENTITY_write_signature_to_buffer (const struct
492	GNUNET_IDENTITY_Signature *sig,
493	void*buffer,
494	size_t len);
495
496
497	/**
498	* @brief Sign a given block.
499	*
500	* The @a purpose data is the beginning of the data of which the signature is
501	* to be created. The `size` field in @a purpose must correctly indicate the
502	* number of bytes of the data structure, including its header. If possible,
503	* use #GNUNET_IDENTITY_sign() instead of this function.
504	*
505	* @param priv private key to use for the signing
506	* @param purpose what to sign (size, purpose)
507	* @param[out] sig where to write the signature
508	* @return #GNUNET_SYSERR on error, #GNUNET_OK on success
509	*/
510	int
511	GNUNET_IDENTITY_sign_ (const struct
512	GNUNET_IDENTITY_PrivateKey *priv,
513	const struct
514	GNUNET_CRYPTO_EccSignaturePurpose *purpose,
515	struct GNUNET_IDENTITY_Signature *sig);
516
517
518	/**
519	* @brief Sign a given block with #GNUNET_IDENTITY_PrivateKey.
520	*
521	* The @a ps data must be a fixed-size struct for which the signature is to be
522	* created. The `size` field in @a ps->purpose must correctly indicate the
523	* number of bytes of the data structure, including its header.
524	*
525	* @param priv private key to use for the signing
526	* @param ps packed struct with what to sign, MUST begin with a purpose
527	* @param[out] sig where to write the signature
528	*/
529	#define GNUNET_IDENTITY_sign(priv,ps,sig) do { \
530	/* check size is set correctly */ \
531	GNUNET_assert (ntohl ((ps)->purpose.size) == sizeof (*(ps))); \
532	/* check 'ps' begins with the purpose */ \
533	GNUNET_static_assert (((void*) (ps)) == \
534	((void*) &(ps)->purpose)); \
535	GNUNET_assert (GNUNET_OK == \
536	GNUNET_IDENTITY_sign_ (priv, \
537	&(ps)->purpose, \
538	sig)); \
539	} while (0)
540
541
542	/**
543	* @brief Verify a given signature.
544	*
545	* The @a validate data is the beginning of the data of which the signature
546	* is to be verified. The `size` field in @a validate must correctly indicate
547	* the number of bytes of the data structure, including its header. If @a
548	* purpose does not match the purpose given in @a validate (the latter must be
549	* in big endian), signature verification fails. If possible,
550	* use #GNUNET_IDENTITY_signature_verify() instead of this function (only if @a validate
551	* is not fixed-size, you must use this function directly).
552	*
553	* @param purpose what is the purpose that the signature should have?
554	* @param validate block to validate (size, purpose, data)
555	* @param sig signature that is being validated
556	* @param pub public key of the signer
557	* @returns #GNUNET_OK if ok, #GNUNET_SYSERR if invalid
558	*/
559	int
560	GNUNET_IDENTITY_signature_verify_ (uint32_t purpose,
561	const struct
562	GNUNET_CRYPTO_EccSignaturePurpose *validate,
563	const struct GNUNET_IDENTITY_Signature *sig,
564	const struct
565	GNUNET_IDENTITY_PublicKey *pub);
566
567
568	/**
569	* @brief Verify a given signature with #GNUNET_IDENTITY_PublicKey.
570	*
571	* The @a ps data must be a fixed-size struct for which the signature is to be
572	* created. The `size` field in @a ps->purpose must correctly indicate the
573	* number of bytes of the data structure, including its header.
574	*
575	* @param purp purpose of the signature, must match 'ps->purpose.purpose'
576	* (except in host byte order)
577	* @param ps packed struct with what to sign, MUST begin with a purpose
578	* @param sig where to read the signature from
579	* @param pub public key to use for the verifying
580	*/
581	#define GNUNET_IDENTITY_signature_verify(purp,ps,sig,pub) ({ \
582	/* check size is set correctly */ \
583	GNUNET_assert (ntohl ((ps)->purpose.size) == sizeof (*(ps))); \
584	/* check 'ps' begins with the purpose */ \
585	GNUNET_static_assert (((void*) (ps)) == \
586	((void*) &(ps)->purpose)); \
587	GNUNET_IDENTITY_signature_verify_ (purp, \
588	&(ps)->purpose, \
589	sig, \
590	pub); \
591	})
592
593
594	/**
595	* Encrypt a block with #GNUNET_IDENTITY_PublicKey and derives a
596	* #GNUNET_CRYPTO_EcdhePublicKey which is required for decryption
597	* using ecdh to derive a symmetric key.
598	*
599	* @param block the block to encrypt
600	* @param size the size of the @a block
601	* @param pub public key to use for ecdh
602	* @param ecc where to write the ecc public key
603	* @param result the output parameter in which to store the encrypted result
604	* can be the same or overlap with @c block
605	* @returns the size of the encrypted block, -1 for errors.
606	* Due to the use of CFB and therefore an effective stream cipher,
607	* this size should be the same as @c len.
608	*/
609	ssize_t
610	GNUNET_IDENTITY_encrypt (const void *block,
611	size_t size,
612	const struct GNUNET_IDENTITY_PublicKey *pub,
613	struct GNUNET_CRYPTO_EcdhePublicKey *ecc,
614	void *result);
615
616
617	/**
618	* Decrypt a given block with #GNUNET_IDENTITY_PrivateKey and a given
619	* #GNUNET_CRYPTO_EcdhePublicKey using ecdh to derive a symmetric key.
620	*
621	* @param block the data to decrypt, encoded as returned by encrypt
622	* @param size the size of the @a block to decrypt
623	* @param priv private key to use for ecdh
624	* @param ecc the ecc public key
625	* @param result address to store the result at
626	* can be the same or overlap with @c block
627	* @return -1 on failure, size of decrypted block on success.
628	* Due to the use of CFB and therefore an effective stream cipher,
629	* this size should be the same as @c size.
630	*/
631	ssize_t
632	GNUNET_IDENTITY_decrypt (const void *block,
633	size_t size,
634	const struct
635	GNUNET_IDENTITY_PrivateKey *priv,
636	const struct
637	GNUNET_CRYPTO_EcdhePublicKey *ecc,
638	void *result);
639
640
641	/**
642	* Creates a (Base32) string representation of the public key.
643	* The resulting string encodes a compacted representation of the key.
644	* See also #GNUNET_IDENTITY_key_get_length.
645	*
646	* @param key the key.
647	* @return the string representation of the key, or NULL on error.
648	*/
649	char *
650	GNUNET_IDENTITY_public_key_to_string (const struct
651	GNUNET_IDENTITY_PublicKey *key);
652
653
654	/**
655	* Creates a (Base32) string representation of the private key.
656	* The resulting string encodes a compacted representation of the key.
657	* See also #GNUNET_IDENTITY_key_get_length.
658	*
659	* @param key the key.
660	* @return the string representation of the key, or NULL on error.
661	*/
662	char *
663	GNUNET_IDENTITY_private_key_to_string (const struct
664	GNUNET_IDENTITY_PrivateKey *key);
665
666
667	/**
668	* Parses a (Base32) string representation of the public key.
669	* See also #GNUNET_IDENTITY_public_key_to_string.
670	*
671	* @param str the encoded key.
672	* @param key where to write the key.
673	* @return GNUNET_SYSERR on error.
674	*/
675	enum GNUNET_GenericReturnValue
676	GNUNET_IDENTITY_public_key_from_string (const char*str,
677	struct GNUNET_IDENTITY_PublicKey *key);
678
679
680	/**
681	* Parses a (Base32) string representation of the private key.
682	* See also #GNUNET_IDENTITY_private_key_to_string.
683	*
684	* @param str the encoded key.
685	* @param key where to write the key.
686	* @return GNUNET_SYSERR on error.
687	*/
688	enum GNUNET_GenericReturnValue
689	GNUNET_IDENTITY_private_key_from_string (const char*str,
690	struct GNUNET_IDENTITY_PrivateKey *key);
691
692
693	/**
694	* Retrieves the public key representation of a private key.
695	*
696	* @param privkey the private key.
697	* @param key the public key result.
698	* @return GNUNET_SYSERR on error.
699	*/
700	enum GNUNET_GenericReturnValue
701	GNUNET_IDENTITY_key_get_public (const struct
702	GNUNET_IDENTITY_PrivateKey *privkey,
703	struct GNUNET_IDENTITY_PublicKey *key);
704
705
706	/* *********** convenience API to lookup an ego *************** */	312	/* *********** convenience API to lookup an ego *************** */
707		313
708	/**	314	/**
@@ -755,7 +361,7 @@ GNUNET_IDENTITY_ego_lookup_cancel (struct GNUNET_IDENTITY_EgoLookup *el);
755	typedef void	361	typedef void
756	(*GNUNET_IDENTITY_EgoSuffixCallback) (	362	(*GNUNET_IDENTITY_EgoSuffixCallback) (
757	void *cls,	363	void *cls,
758	const struct GNUNET_IDENTITY_PrivateKey *priv,	364	const struct GNUNET_CRYPTO_PrivateKey *priv,
759	const char *ego_name);	365	const char *ego_name);
760		366
761		367
@@ -778,11 +384,11 @@ struct GNUNET_IDENTITY_EgoSuffixLookup;
778	* @return handle to abort the operation	384	* @return handle to abort the operation
779	*/	385	*/
780	struct GNUNET_IDENTITY_EgoSuffixLookup *	386	struct GNUNET_IDENTITY_EgoSuffixLookup *
781	GNUNET_IDENTITY_ego_lookup_by_suffix (const struct	387	GNUNET_IDENTITY_ego_lookup_by_suffix (
782	GNUNET_CONFIGURATION_Handle *cfg,	388	const struct GNUNET_CONFIGURATION_Handle *cfg,
783	const char *suffix,	389	const char *suffix,
784	GNUNET_IDENTITY_EgoSuffixCallback cb,	390	GNUNET_IDENTITY_EgoSuffixCallback cb,
785	void *cb_cls);	391	void *cb_cls);
786		392
787		393
788	/**	394	/**
@@ -807,4 +413,6 @@ GNUNET_IDENTITY_ego_lookup_by_suffix_cancel (
807		413
808	/** @} / / end of group identity */	414	/** @} / / end of group identity */
809		415
		416	/** @} / / end of group addition */
		417
810	/* end of gnunet_identity_service.h */	418	/* end of gnunet_identity_service.h */