diff options
Diffstat (limited to 'src/include')
-rw-r--r-- | src/include/gnunet_common.h | 2 | ||||
-rw-r--r-- | src/include/gnunet_crypto_lib.h | 362 |
2 files changed, 1 insertions, 363 deletions
diff --git a/src/include/gnunet_common.h b/src/include/gnunet_common.h index 116971179..ab0876ef9 100644 --- a/src/include/gnunet_common.h +++ b/src/include/gnunet_common.h | |||
@@ -57,7 +57,7 @@ extern "C" | |||
57 | /** | 57 | /** |
58 | * Version of the API (for entire gnunetutil.so library). | 58 | * Version of the API (for entire gnunetutil.so library). |
59 | */ | 59 | */ |
60 | #define GNUNET_UTIL_VERSION 0x00090500 | 60 | #define GNUNET_UTIL_VERSION 0x00090501 |
61 | 61 | ||
62 | /** | 62 | /** |
63 | * Named constants for return values. The following | 63 | * Named constants for return values. The following |
diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h index 5329d76cb..da2fe860e 100644 --- a/src/include/gnunet_crypto_lib.h +++ b/src/include/gnunet_crypto_lib.h | |||
@@ -72,23 +72,6 @@ enum GNUNET_CRYPTO_Quality | |||
72 | #define GNUNET_CRYPTO_AES_KEY_LENGTH (256/8) | 72 | #define GNUNET_CRYPTO_AES_KEY_LENGTH (256/8) |
73 | 73 | ||
74 | /** | 74 | /** |
75 | * @brief Length of RSA encrypted data (2048 bit) | ||
76 | * | ||
77 | * We currently do not handle encryption of data | ||
78 | * that can not be done in a single call to the | ||
79 | * RSA methods (read: large chunks of data). | ||
80 | * We should never need that, as we can use | ||
81 | * the GNUNET_CRYPTO_hash for larger pieces of data for signing, | ||
82 | * and for encryption, we only need to encode sessionkeys! | ||
83 | */ | ||
84 | #define GNUNET_CRYPTO_RSA_DATA_ENCODING_LENGTH 256 | ||
85 | |||
86 | /** | ||
87 | * Length of an RSA KEY (n,e,len), 2048 bit (=256 octests) key n, 2 byte e | ||
88 | */ | ||
89 | #define GNUNET_CRYPTO_RSA_KEY_LENGTH 258 | ||
90 | |||
91 | /** | ||
92 | * Length of a hash value | 75 | * Length of a hash value |
93 | */ | 76 | */ |
94 | #define GNUNET_CRYPTO_HASH_LENGTH (512/8) | 77 | #define GNUNET_CRYPTO_HASH_LENGTH (512/8) |
@@ -106,43 +89,11 @@ enum GNUNET_CRYPTO_Quality | |||
106 | 89 | ||
107 | 90 | ||
108 | /** | 91 | /** |
109 | * The private information of an RSA key pair. | ||
110 | */ | ||
111 | struct GNUNET_CRYPTO_RsaPrivateKey; | ||
112 | |||
113 | /** | ||
114 | * The private information of an ECC private key. | 92 | * The private information of an ECC private key. |
115 | */ | 93 | */ |
116 | struct GNUNET_CRYPTO_EccPrivateKey; | 94 | struct GNUNET_CRYPTO_EccPrivateKey; |
117 | 95 | ||
118 | 96 | ||
119 | GNUNET_NETWORK_STRUCT_BEGIN | ||
120 | |||
121 | /** | ||
122 | * GNUnet mandates a certain format for the encoding | ||
123 | * of private RSA key information that is provided | ||
124 | * by the RSA implementations. This format is used | ||
125 | * to serialize a private RSA key (typically when | ||
126 | * writing it to disk). | ||
127 | */ | ||
128 | struct GNUNET_CRYPTO_RsaPrivateKeyBinaryEncoded | ||
129 | { | ||
130 | /** | ||
131 | * Total size of the structure, in bytes, in big-endian! | ||
132 | */ | ||
133 | uint16_t len GNUNET_PACKED; | ||
134 | uint16_t sizen GNUNET_PACKED; /* in big-endian! */ | ||
135 | uint16_t sizee GNUNET_PACKED; /* in big-endian! */ | ||
136 | uint16_t sized GNUNET_PACKED; /* in big-endian! */ | ||
137 | uint16_t sizep GNUNET_PACKED; /* in big-endian! */ | ||
138 | uint16_t sizeq GNUNET_PACKED; /* in big-endian! */ | ||
139 | uint16_t sizedmp1 GNUNET_PACKED; /* in big-endian! */ | ||
140 | uint16_t sizedmq1 GNUNET_PACKED; /* in big-endian! */ | ||
141 | /* followed by the actual values */ | ||
142 | }; | ||
143 | GNUNET_NETWORK_STRUCT_END | ||
144 | |||
145 | |||
146 | /** | 97 | /** |
147 | * @brief 0-terminated ASCII encoding of a struct GNUNET_HashCode. | 98 | * @brief 0-terminated ASCII encoding of a struct GNUNET_HashCode. |
148 | */ | 99 | */ |
@@ -162,77 +113,8 @@ struct GNUNET_CRYPTO_ShortHashAsciiEncoded | |||
162 | 113 | ||
163 | 114 | ||
164 | 115 | ||
165 | /** | ||
166 | * @brief an RSA signature | ||
167 | */ | ||
168 | struct GNUNET_CRYPTO_RsaSignature | ||
169 | { | ||
170 | unsigned char sig[GNUNET_CRYPTO_RSA_DATA_ENCODING_LENGTH]; | ||
171 | }; | ||
172 | |||
173 | |||
174 | GNUNET_NETWORK_STRUCT_BEGIN | 116 | GNUNET_NETWORK_STRUCT_BEGIN |
175 | 117 | ||
176 | /** | ||
177 | * @brief header of what an RSA signature signs | ||
178 | * this must be followed by "size - 8" bytes of | ||
179 | * the actual signed data | ||
180 | */ | ||
181 | struct GNUNET_CRYPTO_RsaSignaturePurpose | ||
182 | { | ||
183 | /** | ||
184 | * How many bytes does this signature sign? | ||
185 | * (including this purpose header); in network | ||
186 | * byte order (!). | ||
187 | */ | ||
188 | uint32_t size GNUNET_PACKED; | ||
189 | |||
190 | /** | ||
191 | * What does this signature vouch for? This | ||
192 | * must contain a GNUNET_SIGNATURE_PURPOSE_XXX | ||
193 | * constant (from gnunet_signatures.h). In | ||
194 | * network byte order! | ||
195 | */ | ||
196 | uint32_t purpose GNUNET_PACKED; | ||
197 | |||
198 | }; | ||
199 | |||
200 | |||
201 | /** | ||
202 | * @brief A public key. | ||
203 | */ | ||
204 | struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded | ||
205 | { | ||
206 | /** | ||
207 | * In big-endian, must be GNUNET_CRYPTO_RSA_KEY_LENGTH+4 | ||
208 | */ | ||
209 | uint16_t len GNUNET_PACKED; | ||
210 | |||
211 | /** | ||
212 | * Size of n in key; in big-endian! | ||
213 | */ | ||
214 | uint16_t sizen GNUNET_PACKED; | ||
215 | |||
216 | /** | ||
217 | * The key itself, contains n followed by e. | ||
218 | */ | ||
219 | unsigned char key[GNUNET_CRYPTO_RSA_KEY_LENGTH]; | ||
220 | |||
221 | /** | ||
222 | * Padding (must be 0) | ||
223 | */ | ||
224 | uint16_t padding GNUNET_PACKED; | ||
225 | }; | ||
226 | |||
227 | |||
228 | /** | ||
229 | * RSA Encrypted data. | ||
230 | */ | ||
231 | struct GNUNET_CRYPTO_RsaEncryptedData | ||
232 | { | ||
233 | unsigned char encoding[GNUNET_CRYPTO_RSA_DATA_ENCODING_LENGTH]; | ||
234 | }; | ||
235 | |||
236 | 118 | ||
237 | /** | 119 | /** |
238 | * @brief header of what an ECC signature signs | 120 | * @brief header of what an ECC signature signs |
@@ -932,250 +814,6 @@ GNUNET_CRYPTO_kdf (void *result, size_t out_len, const void *xts, | |||
932 | 814 | ||
933 | 815 | ||
934 | /** | 816 | /** |
935 | * Convert a public key to a string. | ||
936 | * | ||
937 | * @param pub key to convert | ||
938 | * @return string representing 'pub' | ||
939 | */ | ||
940 | char * | ||
941 | GNUNET_CRYPTO_rsa_public_key_to_string (const struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded *pub); | ||
942 | |||
943 | |||
944 | /** | ||
945 | * Convert a string representing a public key to a public key. | ||
946 | * | ||
947 | * @param enc encoded public key | ||
948 | * @param enclen number of bytes in enc (without 0-terminator) | ||
949 | * @param pub where to store the public key | ||
950 | * @return GNUNET_OK on success | ||
951 | */ | ||
952 | int | ||
953 | GNUNET_CRYPTO_rsa_public_key_from_string (const char *enc, | ||
954 | size_t enclen, | ||
955 | struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded *pub); | ||
956 | |||
957 | |||
958 | /** | ||
959 | * Encode the private key in a format suitable for | ||
960 | * storing it into a file. | ||
961 | * @return encoding of the private key | ||
962 | */ | ||
963 | struct GNUNET_CRYPTO_RsaPrivateKeyBinaryEncoded * | ||
964 | GNUNET_CRYPTO_rsa_encode_key (const struct GNUNET_CRYPTO_RsaPrivateKey *hostkey); | ||
965 | |||
966 | |||
967 | /** | ||
968 | * Decode the private key from the data-format back | ||
969 | * to the "normal", internal format. | ||
970 | * | ||
971 | * @param buf the buffer where the private key data is stored | ||
972 | * @param len the length of the data in 'buffer' | ||
973 | * @return NULL on error | ||
974 | */ | ||
975 | struct GNUNET_CRYPTO_RsaPrivateKey * | ||
976 | GNUNET_CRYPTO_rsa_decode_key (const char *buf, uint16_t len); | ||
977 | |||
978 | |||
979 | /** | ||
980 | * Create a new private key by reading it from a file. If the | ||
981 | * files does not exist, create a new key and write it to the | ||
982 | * file. Caller must free return value. Note that this function | ||
983 | * can not guarantee that another process might not be trying | ||
984 | * the same operation on the same file at the same time. | ||
985 | * If the contents of the file | ||
986 | * are invalid the old file is deleted and a fresh key is | ||
987 | * created. | ||
988 | * | ||
989 | * @param filename name of file to use for storage | ||
990 | * @return new private key, NULL on error (for example, | ||
991 | * permission denied) | ||
992 | * @deprecated use 'GNUNET_CRYPTO_rsa_key_create_start' instead | ||
993 | */ | ||
994 | struct GNUNET_CRYPTO_RsaPrivateKey * | ||
995 | GNUNET_CRYPTO_rsa_key_create_from_file (const char *filename); | ||
996 | |||
997 | |||
998 | /** | ||
999 | * Open existing private key file and read it. If the | ||
1000 | * file does not exist, or the contents of the file are | ||
1001 | * invalid, the function fails | ||
1002 | * Caller must free returned value. | ||
1003 | * | ||
1004 | * @return a private key, NULL on error (for example, | ||
1005 | * permission denied) or when file does not exist or contains invalid | ||
1006 | * data. | ||
1007 | */ | ||
1008 | struct GNUNET_CRYPTO_RsaPrivateKey * | ||
1009 | GNUNET_CRYPTO_rsa_key_create_from_existing_file (const char *filename); | ||
1010 | |||
1011 | |||
1012 | /** | ||
1013 | * Handle to cancel private key generation. | ||
1014 | */ | ||
1015 | struct GNUNET_CRYPTO_RsaKeyGenerationContext; | ||
1016 | |||
1017 | |||
1018 | /** | ||
1019 | * Function called upon completion of 'GNUNET_CRYPTO_rsa_key_create_async'. | ||
1020 | * | ||
1021 | * @param cls closure | ||
1022 | * @param pk NULL on error, otherwise the private key (which must be free'd by the callee) | ||
1023 | * @param emsg NULL on success, otherwise an error message | ||
1024 | */ | ||
1025 | typedef void (*GNUNET_CRYPTO_RsaKeyCallback)(void *cls, | ||
1026 | struct GNUNET_CRYPTO_RsaPrivateKey *pk, | ||
1027 | const char *emsg); | ||
1028 | |||
1029 | |||
1030 | /** | ||
1031 | * Create a new private key by reading it from a file. If the files | ||
1032 | * does not exist, create a new key and write it to the file. If the | ||
1033 | * contents of the file are invalid the old file is deleted and a | ||
1034 | * fresh key is created. | ||
1035 | * | ||
1036 | * @param filename name of file to use for storage | ||
1037 | * @param cont function to call when done (or on errors) | ||
1038 | * @param cont_cls closure for 'cont' | ||
1039 | * @return handle to abort operation, NULL on fatal errors (cont will not be called if NULL is returned) | ||
1040 | */ | ||
1041 | struct GNUNET_CRYPTO_RsaKeyGenerationContext * | ||
1042 | GNUNET_CRYPTO_rsa_key_create_start (const char *filename, | ||
1043 | GNUNET_CRYPTO_RsaKeyCallback cont, | ||
1044 | void *cont_cls); | ||
1045 | |||
1046 | |||
1047 | /** | ||
1048 | * Abort RSA key generation. | ||
1049 | * | ||
1050 | * @param gc key generation context to abort | ||
1051 | */ | ||
1052 | void | ||
1053 | GNUNET_CRYPTO_rsa_key_create_stop (struct GNUNET_CRYPTO_RsaKeyGenerationContext *gc); | ||
1054 | |||
1055 | |||
1056 | /** | ||
1057 | * Setup a hostkey file for a peer given the name of the | ||
1058 | * configuration file (!). This function is used so that | ||
1059 | * at a later point code can be certain that reading a | ||
1060 | * hostkey is fast (for example in time-dependent testcases). | ||
1061 | * | ||
1062 | * @param cfg_name name of the configuration file to use | ||
1063 | */ | ||
1064 | void | ||
1065 | GNUNET_CRYPTO_rsa_setup_hostkey (const char *cfg_name); | ||
1066 | |||
1067 | |||
1068 | /** | ||
1069 | * Deterministically (!) create a private key using only the | ||
1070 | * given HashCode as input to the PRNG. | ||
1071 | * | ||
1072 | * @param hc "random" input to PRNG | ||
1073 | * @return some private key purely dependent on input | ||
1074 | */ | ||
1075 | struct GNUNET_CRYPTO_RsaPrivateKey * | ||
1076 | GNUNET_CRYPTO_rsa_key_create_from_hash (const struct GNUNET_HashCode *hc); | ||
1077 | |||
1078 | |||
1079 | /** | ||
1080 | * Free memory occupied by the private key. | ||
1081 | * | ||
1082 | * @param key pointer to the memory to free | ||
1083 | */ | ||
1084 | void | ||
1085 | GNUNET_CRYPTO_rsa_key_free (struct GNUNET_CRYPTO_RsaPrivateKey *key); | ||
1086 | |||
1087 | |||
1088 | /** | ||
1089 | * Extract the public key of the host. | ||
1090 | * | ||
1091 | * @param priv the private key | ||
1092 | * @param pub where to write the public key | ||
1093 | */ | ||
1094 | void | ||
1095 | GNUNET_CRYPTO_rsa_key_get_public (const struct GNUNET_CRYPTO_RsaPrivateKey | ||
1096 | *priv, | ||
1097 | struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded | ||
1098 | *pub); | ||
1099 | |||
1100 | |||
1101 | /** | ||
1102 | * Get hash of the public key that corresponds to a private key. | ||
1103 | * | ||
1104 | * @param key RSA private key | ||
1105 | * @param id buffer for hash of the public key | ||
1106 | */ | ||
1107 | void | ||
1108 | GNUNET_CRYPTO_rsa_get_public_key_hash (struct GNUNET_CRYPTO_RsaPrivateKey *key, | ||
1109 | struct GNUNET_HashCode *id); | ||
1110 | |||
1111 | |||
1112 | /** | ||
1113 | * Encrypt a block with the public key of another host that uses the | ||
1114 | * same cyper. | ||
1115 | * | ||
1116 | * @param block the block to encrypt | ||
1117 | * @param size the size of block | ||
1118 | * @param publicKey the encoded public key used to encrypt | ||
1119 | * @param target where to store the encrypted block | ||
1120 | * @return GNUNET_SYSERR on error, GNUNET_OK if ok | ||
1121 | */ | ||
1122 | int | ||
1123 | GNUNET_CRYPTO_rsa_encrypt (const void *block, size_t size, | ||
1124 | const struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded | ||
1125 | *publicKey, | ||
1126 | struct GNUNET_CRYPTO_RsaEncryptedData *target); | ||
1127 | |||
1128 | |||
1129 | /** | ||
1130 | * Decrypt a given block with the hostkey. | ||
1131 | * | ||
1132 | * @param key the key to use | ||
1133 | * @param block the data to decrypt, encoded as returned by encrypt, not consumed | ||
1134 | * @param result pointer to a location where the result can be stored | ||
1135 | * @param max how many bytes of a result are expected? Must be exact. | ||
1136 | * @return the size of the decrypted block (that is, size) or -1 on error | ||
1137 | */ | ||
1138 | ssize_t | ||
1139 | GNUNET_CRYPTO_rsa_decrypt (const struct GNUNET_CRYPTO_RsaPrivateKey *key, | ||
1140 | const struct GNUNET_CRYPTO_RsaEncryptedData *block, | ||
1141 | void *result, size_t max); | ||
1142 | |||
1143 | |||
1144 | /** | ||
1145 | * Sign a given block. | ||
1146 | * | ||
1147 | * @param key private key to use for the signing | ||
1148 | * @param purpose what to sign (size, purpose) | ||
1149 | * @param sig where to write the signature | ||
1150 | * @return GNUNET_SYSERR on error, GNUNET_OK on success | ||
1151 | */ | ||
1152 | int | ||
1153 | GNUNET_CRYPTO_rsa_sign (const struct GNUNET_CRYPTO_RsaPrivateKey *key, | ||
1154 | const struct GNUNET_CRYPTO_RsaSignaturePurpose *purpose, | ||
1155 | struct GNUNET_CRYPTO_RsaSignature *sig); | ||
1156 | |||
1157 | |||
1158 | /** | ||
1159 | * Verify signature. Note that the caller MUST have already | ||
1160 | * checked that "validate->size" bytes are actually available. | ||
1161 | * | ||
1162 | * @param purpose what is the purpose that validate should have? | ||
1163 | * @param validate block to validate (size, purpose, data) | ||
1164 | * @param sig signature that is being validated | ||
1165 | * @param publicKey public key of the signer | ||
1166 | * @return GNUNET_OK if ok, GNUNET_SYSERR if invalid | ||
1167 | */ | ||
1168 | int | ||
1169 | GNUNET_CRYPTO_rsa_verify (uint32_t purpose, | ||
1170 | const struct GNUNET_CRYPTO_RsaSignaturePurpose | ||
1171 | *validate, | ||
1172 | const struct GNUNET_CRYPTO_RsaSignature *sig, | ||
1173 | const struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded | ||
1174 | *publicKey); | ||
1175 | |||
1176 | |||
1177 | |||
1178 | /** | ||
1179 | * Function called upon completion of 'GNUNET_CRYPTO_ecc_key_create_async'. | 817 | * Function called upon completion of 'GNUNET_CRYPTO_ecc_key_create_async'. |
1180 | * | 818 | * |
1181 | * @param cls closure | 819 | * @param cls closure |