1 files changed, 618 insertions, 0 deletions
diff --git a/src/lib/util/crypto_pkey.c b/src/lib/util/crypto_pkey.c
new file mode 100644
index 000000000..0a55b3b65
--- /dev/null
+++ b/src/lib/util/crypto_pkey.c
@@ -0,0 +1,618 @@
+/*
+     This file is part of GNUnet.
+     Copyright (C) 2013, 2016, 2021 GNUnet e.V.
+     GNUnet is free software: you can redistribute it and/or modify it
+     under the terms of the GNU Affero General Public License as published
+     by the Free Software Foundation, either version 3 of the License,
+     or (at your option) any later version.
+     GNUnet is distributed in the hope that it will be useful, but
+     WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+     Affero General Public License for more details.
+     You should have received a copy of the GNU Affero General Public License
+     along with this program.  If not, see <http://www.gnu.org/licenses/>.
+     SPDX-License-Identifier: AGPL3.0-or-later
+ */
+/**
+ * @file util/crypto_pkey.c
+ * @brief api to interact handle generic public keys
+ * @author Martin Schanzenbach
+ */
+#include "platform.h"
+#include "gnunet_util_lib.h"
+static enum GNUNET_GenericReturnValue
+check_key_type (uint32_t type)
+{
+  switch (type)
+  {
+  case GNUNET_PUBLIC_KEY_TYPE_ECDSA:
+  case GNUNET_PUBLIC_KEY_TYPE_EDDSA:
+    return GNUNET_OK;
+  default:
+    return GNUNET_SYSERR;
+  }
+  return GNUNET_SYSERR;
+}
+ssize_t
+GNUNET_CRYPTO_private_key_get_length (const struct
+                                        GNUNET_CRYPTO_PrivateKey *key)
+{
+  switch (ntohl (key->type))
+  {
+  case GNUNET_PUBLIC_KEY_TYPE_ECDSA:
+    return sizeof (key->type) + sizeof (key->ecdsa_key);
+    break;
+  case GNUNET_PUBLIC_KEY_TYPE_EDDSA:
+    return sizeof (key->type) + sizeof (key->eddsa_key);
+    break;
+  default:
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Got key type %u\n", ntohl (key->type));
+    GNUNET_break (0);
+  }
+  return -1;
+}
+ssize_t
+GNUNET_CRYPTO_public_key_get_length (const struct
+                                       GNUNET_CRYPTO_PublicKey *key)
+{
+  switch (ntohl (key->type))
+  {
+  case GNUNET_PUBLIC_KEY_TYPE_ECDSA:
+    return sizeof (key->type) + sizeof (key->ecdsa_key);
+  case GNUNET_PUBLIC_KEY_TYPE_EDDSA:
+    return sizeof (key->type) + sizeof (key->eddsa_key);
+  default:
+    GNUNET_break (0);
+  }
+  return -1;
+}
+ssize_t
+GNUNET_CRYPTO_private_key_length_by_type (enum GNUNET_CRYPTO_KeyType kt)
+{
+  switch (kt)
+  {
+  case GNUNET_PUBLIC_KEY_TYPE_ECDSA:
+    return sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey);
+    break;
+  case GNUNET_PUBLIC_KEY_TYPE_EDDSA:
+    return sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey);
+    break;
+  default:
+    GNUNET_break (0);
+  }
+  return -1;
+}
+enum GNUNET_GenericReturnValue
+GNUNET_CRYPTO_read_public_key_from_buffer (const void *buffer,
+                                             size_t len,
+                                             struct GNUNET_CRYPTO_PublicKey *
+                                             key,
+                                             size_t *kb_read)
+{
+  if (len < sizeof (key->type))
+    return GNUNET_SYSERR;
+  GNUNET_memcpy (&key->type,
+                 buffer,
+                 sizeof (key->type));
+  ssize_t length = GNUNET_CRYPTO_public_key_get_length (key);
+  if (len < length)
+    return GNUNET_SYSERR;
+  if (length < 0)
+    return GNUNET_SYSERR;
+  GNUNET_memcpy (&key->ecdsa_key,
+                 buffer + sizeof (key->type),
+                 length - sizeof (key->type));
+  *kb_read = length;
+  return GNUNET_OK;
+}
+ssize_t
+GNUNET_CRYPTO_write_public_key_to_buffer (const struct
+                                            GNUNET_CRYPTO_PublicKey *key,
+                                            void*buffer,
+                                            size_t len)
+{
+  const ssize_t length = GNUNET_CRYPTO_public_key_get_length (key);
+  if (len < length)
+    return -1;
+  if (length < 0)
+    return -2;
+  GNUNET_memcpy (buffer, &(key->type), sizeof (key->type));
+  GNUNET_memcpy (buffer + sizeof (key->type), &(key->ecdsa_key), length
+                 - sizeof (key->type));
+  return length;
+}
+enum GNUNET_GenericReturnValue
+GNUNET_CRYPTO_read_private_key_from_buffer (const void *buffer,
+                                              size_t len,
+                                              struct
+                                              GNUNET_CRYPTO_PrivateKey *key,
+                                              size_t *kb_read)
+{
+  if (len < sizeof (key->type))
+    return GNUNET_SYSERR;
+  GNUNET_memcpy (&key->type,
+                 buffer,
+                 sizeof (key->type));
+  ssize_t length = GNUNET_CRYPTO_private_key_get_length (key);
+  if (len < length)
+    return GNUNET_SYSERR;
+  if (length < 0)
+    return GNUNET_SYSERR;
+  GNUNET_memcpy (&key->ecdsa_key,
+                 buffer + sizeof (key->type),
+                 length - sizeof (key->type));
+  *kb_read = length;
+  return GNUNET_OK;
+}
+ssize_t
+GNUNET_CRYPTO_write_private_key_to_buffer (const struct
+                                             GNUNET_CRYPTO_PrivateKey *key,
+                                             void *buffer,
+                                             size_t len)
+{
+  const ssize_t length = GNUNET_CRYPTO_private_key_get_length (key);
+  if (len < length)
+    return -1;
+  if (length < 0)
+    return -2;
+  GNUNET_memcpy (buffer, &(key->type), sizeof (key->type));
+  GNUNET_memcpy (buffer + sizeof (key->type), &(key->ecdsa_key), length
+                 - sizeof (key->type));
+  return length;
+}
+ssize_t
+GNUNET_CRYPTO_signature_get_length (const struct
+                                      GNUNET_CRYPTO_Signature *sig)
+{
+  switch (ntohl (sig->type))
+  {
+  case GNUNET_PUBLIC_KEY_TYPE_ECDSA:
+    return sizeof (sig->type) + sizeof (sig->ecdsa_signature);
+    break;
+  case GNUNET_PUBLIC_KEY_TYPE_EDDSA:
+    return sizeof (sig->type) + sizeof (sig->eddsa_signature);
+    break;
+  default:
+    GNUNET_break (0);
+  }
+  return -1;
+}
+ssize_t
+GNUNET_CRYPTO_signature_get_raw_length_by_type (uint32_t type)
+{
+  switch (ntohl (type))
+  {
+  case GNUNET_PUBLIC_KEY_TYPE_ECDSA:
+    return sizeof (struct GNUNET_CRYPTO_EcdsaSignature);
+    break;
+  case GNUNET_PUBLIC_KEY_TYPE_EDDSA:
+    return sizeof (struct GNUNET_CRYPTO_EddsaSignature);
+    break;
+  default:
+    GNUNET_break (0);
+  }
+  return -1;
+}
+ssize_t
+GNUNET_CRYPTO_read_signature_from_buffer (struct
+                                            GNUNET_CRYPTO_Signature *sig,
+                                            const void*buffer,
+                                            size_t len)
+{
+  if (len < sizeof (sig->type))
+    return -1;
+  GNUNET_memcpy (&(sig->type), buffer, sizeof (sig->type));
+  const ssize_t length = GNUNET_CRYPTO_signature_get_length (sig);
+  if (len < length)
+    return -1;
+  if (length < 0)
+    return -2;
+  GNUNET_memcpy (&(sig->ecdsa_signature), buffer + sizeof (sig->type), length
+                 - sizeof (sig->type));
+  return length;
+}
+ssize_t
+GNUNET_CRYPTO_write_signature_to_buffer (const struct
+                                           GNUNET_CRYPTO_Signature *sig,
+                                           void*buffer,
+                                           size_t len)
+{
+  const ssize_t length = GNUNET_CRYPTO_signature_get_length (sig);
+  if (len < length)
+    return -1;
+  if (length < 0)
+    return -2;
+  GNUNET_memcpy (buffer, &(sig->type), sizeof (sig->type));
+  GNUNET_memcpy (buffer + sizeof (sig->type), &(sig->ecdsa_signature), length
+                 - sizeof (sig->type));
+  return length;
+}
+enum GNUNET_GenericReturnValue
+GNUNET_CRYPTO_sign_raw_ (const struct
+                           GNUNET_CRYPTO_PrivateKey *priv,
+                           const struct
+                           GNUNET_CRYPTO_EccSignaturePurpose *purpose,
+                           unsigned char *sig)
+{
+  switch (ntohl (priv->type))
+  {
+  case GNUNET_PUBLIC_KEY_TYPE_ECDSA:
+    return GNUNET_CRYPTO_ecdsa_sign_ (&(priv->ecdsa_key), purpose,
+                                      (struct
+                                       GNUNET_CRYPTO_EcdsaSignature*) sig);
+    break;
+  case GNUNET_PUBLIC_KEY_TYPE_EDDSA:
+    return GNUNET_CRYPTO_eddsa_sign_ (&(priv->eddsa_key), purpose,
+                                      (struct
+                                       GNUNET_CRYPTO_EddsaSignature*) sig);
+    break;
+  default:
+    GNUNET_break (0);
+  }
+  return GNUNET_SYSERR;
+}
+enum GNUNET_GenericReturnValue
+GNUNET_CRYPTO_sign_ (const struct
+                       GNUNET_CRYPTO_PrivateKey *priv,
+                       const struct
+                       GNUNET_CRYPTO_EccSignaturePurpose *purpose,
+                       struct GNUNET_CRYPTO_Signature *sig)
+{
+  sig->type = priv->type;
+  switch (ntohl (priv->type))
+  {
+  case GNUNET_PUBLIC_KEY_TYPE_ECDSA:
+    return GNUNET_CRYPTO_ecdsa_sign_ (&(priv->ecdsa_key), purpose,
+                                      &(sig->ecdsa_signature));
+    break;
+  case GNUNET_PUBLIC_KEY_TYPE_EDDSA:
+    return GNUNET_CRYPTO_eddsa_sign_ (&(priv->eddsa_key), purpose,
+                                      &(sig->eddsa_signature));
+    break;
+  default:
+    GNUNET_break (0);
+  }
+  return GNUNET_SYSERR;
+}
+enum GNUNET_GenericReturnValue
+GNUNET_CRYPTO_signature_verify_ (uint32_t purpose,
+                                   const struct
+                                   GNUNET_CRYPTO_EccSignaturePurpose *validate,
+                                   const struct GNUNET_CRYPTO_Signature *sig,
+                                   const struct GNUNET_CRYPTO_PublicKey *pub)
+{
+  /* check type matching of 'sig' and 'pub' */
+  GNUNET_assert (ntohl (pub->type) == ntohl (sig->type));
+  switch (ntohl (pub->type))
+  {
+  case GNUNET_PUBLIC_KEY_TYPE_ECDSA:
+    return GNUNET_CRYPTO_ecdsa_verify_ (purpose, validate,
+                                        &(sig->ecdsa_signature),
+                                        &(pub->ecdsa_key));
+    break;
+  case GNUNET_PUBLIC_KEY_TYPE_EDDSA:
+    return GNUNET_CRYPTO_eddsa_verify_ (purpose, validate,
+                                        &(sig->eddsa_signature),
+                                        &(pub->eddsa_key));
+    break;
+  default:
+    GNUNET_break (0);
+  }
+  return GNUNET_SYSERR;
+}
+enum GNUNET_GenericReturnValue
+GNUNET_CRYPTO_signature_verify_raw_ (uint32_t purpose,
+                                       const struct
+                                       GNUNET_CRYPTO_EccSignaturePurpose *
+                                       validate,
+                                       const unsigned char *sig,
+                                       const struct
+                                       GNUNET_CRYPTO_PublicKey *pub)
+{
+  switch (ntohl (pub->type))
+  {
+  case GNUNET_PUBLIC_KEY_TYPE_ECDSA:
+    return GNUNET_CRYPTO_ecdsa_verify_ (purpose, validate,
+                                        (struct
+                                         GNUNET_CRYPTO_EcdsaSignature*) sig,
+                                        &(pub->ecdsa_key));
+    break;
+  case GNUNET_PUBLIC_KEY_TYPE_EDDSA:
+    return GNUNET_CRYPTO_eddsa_verify_ (purpose, validate,
+                                        (struct
+                                         GNUNET_CRYPTO_EddsaSignature*) sig,
+                                        &(pub->eddsa_key));
+    break;
+  default:
+    GNUNET_break (0);
+  }
+  return GNUNET_SYSERR;
+}
+ssize_t
+GNUNET_CRYPTO_encrypt_old (const void *block,
+                             size_t size,
+                             const struct GNUNET_CRYPTO_PublicKey *pub,
+                             struct GNUNET_CRYPTO_EcdhePublicKey *ecc,
+                             void *result)
+{
+  struct GNUNET_CRYPTO_EcdhePrivateKey pk;
+  GNUNET_CRYPTO_ecdhe_key_create (&pk);
+  struct GNUNET_HashCode hash;
+  switch (ntohl (pub->type))
+  {
+  case GNUNET_PUBLIC_KEY_TYPE_ECDSA:
+    if (GNUNET_SYSERR == GNUNET_CRYPTO_ecdh_ecdsa (&pk, &(pub->ecdsa_key),
+                                                   &hash))
+      return -1;
+    break;
+  case GNUNET_PUBLIC_KEY_TYPE_EDDSA:
+    if (GNUNET_SYSERR == GNUNET_CRYPTO_ecdh_eddsa (&pk, &(pub->eddsa_key),
+                                                   &hash))
+      return -1;
+    break;
+  default:
+    return -1;
+  }
+  GNUNET_CRYPTO_ecdhe_key_get_public (&pk, ecc);
+  GNUNET_CRYPTO_ecdhe_key_clear (&pk);
+  struct GNUNET_CRYPTO_SymmetricSessionKey key;
+  struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
+  GNUNET_CRYPTO_hash_to_aes_key (&hash, &key, &iv);
+  GNUNET_CRYPTO_zero_keys (&hash, sizeof(hash));
+  const ssize_t encrypted = GNUNET_CRYPTO_symmetric_encrypt (block, size, &key,
+                                                             &iv, result);
+  GNUNET_CRYPTO_zero_keys (&key, sizeof(key));
+  GNUNET_CRYPTO_zero_keys (&iv, sizeof(iv));
+  return encrypted;
+}
+enum GNUNET_GenericReturnValue
+GNUNET_CRYPTO_encrypt (const void *pt,
+                         size_t pt_size,
+                         const struct GNUNET_CRYPTO_PublicKey *pub,
+                         void *ct_buf,
+                         size_t ct_size)
+{
+  struct GNUNET_HashCode k;
+  struct GNUNET_CRYPTO_FoKemC kemc;
+  struct GNUNET_CRYPTO_FoKemC *kemc_buf = (struct GNUNET_CRYPTO_FoKemC*) ct_buf;
+  unsigned char *encrypted_data = (unsigned char*) &kemc_buf[1];
+  unsigned char nonce[crypto_secretbox_NONCEBYTES];
+  unsigned char key[crypto_secretbox_KEYBYTES];
+  if (ct_size < pt_size + GNUNET_CRYPTO_ENCRYPT_OVERHEAD_BYTES)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Output buffer size for ciphertext too small: Got %lu, want >=%lu\n",
+                ct_size, pt_size + GNUNET_CRYPTO_ENCRYPT_OVERHEAD_BYTES);
+    return GNUNET_SYSERR;
+  }
+  switch (ntohl (pub->type))
+  {
+  case GNUNET_PUBLIC_KEY_TYPE_ECDSA:
+    if (GNUNET_SYSERR == GNUNET_CRYPTO_ecdsa_fo_kem_encaps (&(pub->ecdsa_key),
+                                                            &kemc,
+                                                            &k))
+      return GNUNET_SYSERR;
+    break;
+  case GNUNET_PUBLIC_KEY_TYPE_EDDSA:
+    if (GNUNET_SYSERR == GNUNET_CRYPTO_eddsa_fo_kem_encaps (&pub->eddsa_key,
+                                                            &kemc,
+                                                            &k))
+      return GNUNET_SYSERR;
+    break;
+  default:
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Unsupported key type\n");
+    return GNUNET_SYSERR;
+  }
+  memcpy (key, &k, crypto_secretbox_KEYBYTES);
+  memcpy (nonce, ((char* ) &k) + crypto_secretbox_KEYBYTES,
+          crypto_secretbox_NONCEBYTES);
+  if (crypto_secretbox_easy (encrypted_data, pt, pt_size, nonce, key))
+    return GNUNET_SYSERR;
+  memcpy (kemc_buf, &kemc, sizeof (kemc));
+  return GNUNET_OK;
+}
+enum GNUNET_GenericReturnValue
+GNUNET_CRYPTO_decrypt (const void *ct_buf,
+                         size_t ct_size,
+                         const struct GNUNET_CRYPTO_PrivateKey *priv,
+                         void *pt,
+                         size_t pt_size)
+{
+  struct GNUNET_HashCode k;
+  struct GNUNET_CRYPTO_FoKemC *kemc = (struct GNUNET_CRYPTO_FoKemC*) ct_buf;
+  unsigned char *encrypted_data = (unsigned char*) &kemc[1];
+  unsigned char nonce[crypto_secretbox_NONCEBYTES];
+  unsigned char key[crypto_secretbox_KEYBYTES];
+  size_t expected_pt_len = ct_size - GNUNET_CRYPTO_ENCRYPT_OVERHEAD_BYTES;
+  if (pt_size < expected_pt_len)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Output buffer size for plaintext too small: Got %lu, want >=%lu\n",
+                pt_size, expected_pt_len);
+    return GNUNET_SYSERR;
+  }
+  switch (ntohl (priv->type))
+  {
+  case GNUNET_PUBLIC_KEY_TYPE_ECDSA:
+    if (GNUNET_SYSERR == GNUNET_CRYPTO_ecdsa_fo_kem_decaps (&(priv->ecdsa_key),
+                                                            kemc,
+                                                            &k))
+      return GNUNET_SYSERR;
+    break;
+  case GNUNET_PUBLIC_KEY_TYPE_EDDSA:
+    if (GNUNET_SYSERR == GNUNET_CRYPTO_eddsa_fo_kem_decaps (&(priv->eddsa_key),
+                                                            kemc,
+                                                            &k))
+      return GNUNET_SYSERR;
+    break;
+  default:
+    return GNUNET_SYSERR;
+  }
+  memcpy (key, &k, crypto_secretbox_KEYBYTES);
+  memcpy (nonce, ((char* ) &k) + crypto_secretbox_KEYBYTES,
+          crypto_secretbox_NONCEBYTES);
+  if (crypto_secretbox_open_easy (pt, encrypted_data, ct_size - sizeof (*kemc),
+                                  nonce, key))
+    return GNUNET_SYSERR;
+  return GNUNET_OK;
+}
+ssize_t
+GNUNET_CRYPTO_decrypt_old (const void *block,
+                             size_t size,
+                             const struct GNUNET_CRYPTO_PrivateKey *priv,
+                             const struct GNUNET_CRYPTO_EcdhePublicKey *ecc,
+                             void *result)
+{
+  struct GNUNET_HashCode hash;
+  switch (ntohl (priv->type))
+  {
+  case GNUNET_PUBLIC_KEY_TYPE_ECDSA:
+    if (GNUNET_SYSERR == GNUNET_CRYPTO_ecdsa_ecdh (&(priv->ecdsa_key), ecc,
+                                                   &hash))
+      return -1;
+    break;
+  case GNUNET_PUBLIC_KEY_TYPE_EDDSA:
+    if (GNUNET_SYSERR == GNUNET_CRYPTO_eddsa_ecdh (&(priv->eddsa_key), ecc,
+                                                   &hash))
+      return -1;
+    break;
+  default:
+    return -1;
+  }
+  struct GNUNET_CRYPTO_SymmetricSessionKey key;
+  struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
+  GNUNET_CRYPTO_hash_to_aes_key (&hash, &key, &iv);
+  GNUNET_CRYPTO_zero_keys (&hash, sizeof(hash));
+  const ssize_t decrypted = GNUNET_CRYPTO_symmetric_decrypt (block, size, &key,
+                                                             &iv, result);
+  GNUNET_CRYPTO_zero_keys (&key, sizeof(key));
+  GNUNET_CRYPTO_zero_keys (&iv, sizeof(iv));
+  return decrypted;
+}
+char *
+GNUNET_CRYPTO_public_key_to_string (const struct
+                                      GNUNET_CRYPTO_PublicKey *key)
+{
+  size_t size = GNUNET_CRYPTO_public_key_get_length (key);
+  return GNUNET_STRINGS_data_to_string_alloc (key,
+                                              size);
+}
+char *
+GNUNET_CRYPTO_private_key_to_string (const struct
+                                       GNUNET_CRYPTO_PrivateKey *key)
+{
+  size_t size = GNUNET_CRYPTO_private_key_get_length (key);
+  return GNUNET_STRINGS_data_to_string_alloc (key,
+                                              size);
+}
+enum GNUNET_GenericReturnValue
+GNUNET_CRYPTO_public_key_from_string (const char *str,
+                                        struct GNUNET_CRYPTO_PublicKey *key)
+{
+  enum GNUNET_GenericReturnValue ret;
+  ret = GNUNET_STRINGS_string_to_data (str,
+                                       strlen (str),
+                                       key,
+                                       sizeof (*key));
+  if (GNUNET_OK != ret)
+    return GNUNET_SYSERR;
+  return check_key_type (ntohl (key->type));
+}
+enum GNUNET_GenericReturnValue
+GNUNET_CRYPTO_private_key_from_string (const char *str,
+                                         struct GNUNET_CRYPTO_PrivateKey *key)
+{
+  enum GNUNET_GenericReturnValue ret;
+  ret = GNUNET_STRINGS_string_to_data (str,
+                                       strlen (str),
+                                       key,
+                                       sizeof (*key));
+  if (GNUNET_OK != ret)
+    return GNUNET_SYSERR;
+  return check_key_type (ntohl (key->type));
+}
+enum GNUNET_GenericReturnValue
+GNUNET_CRYPTO_key_get_public (const struct
+                                GNUNET_CRYPTO_PrivateKey *privkey,
+                                struct GNUNET_CRYPTO_PublicKey *key)
+{
+  key->type = privkey->type;
+  switch (ntohl (privkey->type))
+  {
+  case GNUNET_PUBLIC_KEY_TYPE_ECDSA:
+    GNUNET_CRYPTO_ecdsa_key_get_public (&privkey->ecdsa_key,
+                                        &key->ecdsa_key);
+    break;
+  case GNUNET_PUBLIC_KEY_TYPE_EDDSA:
+    GNUNET_CRYPTO_eddsa_key_get_public (&privkey->eddsa_key,
+                                        &key->eddsa_key);
+    break;
+  default:
+    GNUNET_break (0);
+    return GNUNET_SYSERR;
+  }
+  return GNUNET_OK;
+}

diff --git a/src/lib/util/crypto_pkey.c b/src/lib/util/crypto_pkey.c new file mode 100644 index 000000000..0a55b3b65 --- /dev/null +++ b/src/lib/util/crypto_pkey.c
@@ -0,0 +1,618 @@
	1	/*
	2	This file is part of GNUnet.
	3	Copyright (C) 2013, 2016, 2021 GNUnet e.V.
	4
	5	GNUnet is free software: you can redistribute it and/or modify it
	6	under the terms of the GNU Affero General Public License as published
	7	by the Free Software Foundation, either version 3 of the License,
	8	or (at your option) any later version.
	9
	10	GNUnet is distributed in the hope that it will be useful, but
	11	WITHOUT ANY WARRANTY; without even the implied warranty of
	12	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	13	Affero General Public License for more details.
	14
	15	You should have received a copy of the GNU Affero General Public License
	16	along with this program. If not, see <http://www.gnu.org/licenses/>.
	17
	18	SPDX-License-Identifier: AGPL3.0-or-later
	19	*/
	20
	21	/**
	22	* @file util/crypto_pkey.c
	23	* @brief api to interact handle generic public keys
	24	* @author Martin Schanzenbach
	25	*/
	26
	27	#include "platform.h"
	28	#include "gnunet_util_lib.h"
	29
	30
	31	static enum GNUNET_GenericReturnValue
	32	check_key_type (uint32_t type)
	33	{
	34	switch (type)
	35	{
	36	case GNUNET_PUBLIC_KEY_TYPE_ECDSA:
	37	case GNUNET_PUBLIC_KEY_TYPE_EDDSA:
	38	return GNUNET_OK;
	39	default:
	40	return GNUNET_SYSERR;
	41	}
	42	return GNUNET_SYSERR;
	43	}
	44
	45
	46	ssize_t
	47	GNUNET_CRYPTO_private_key_get_length (const struct
	48	GNUNET_CRYPTO_PrivateKey *key)
	49	{
	50	switch (ntohl (key->type))
	51	{
	52	case GNUNET_PUBLIC_KEY_TYPE_ECDSA:
	53	return sizeof (key->type) + sizeof (key->ecdsa_key);
	54	break;
	55	case GNUNET_PUBLIC_KEY_TYPE_EDDSA:
	56	return sizeof (key->type) + sizeof (key->eddsa_key);
	57	break;
	58	default:
	59	GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
	60	"Got key type %u\n", ntohl (key->type));
	61	GNUNET_break (0);
	62	}
	63	return -1;
	64	}
	65
	66
	67	ssize_t
	68	GNUNET_CRYPTO_public_key_get_length (const struct
	69	GNUNET_CRYPTO_PublicKey *key)
	70	{
	71	switch (ntohl (key->type))
	72	{
	73	case GNUNET_PUBLIC_KEY_TYPE_ECDSA:
	74	return sizeof (key->type) + sizeof (key->ecdsa_key);
	75	case GNUNET_PUBLIC_KEY_TYPE_EDDSA:
	76	return sizeof (key->type) + sizeof (key->eddsa_key);
	77	default:
	78	GNUNET_break (0);
	79	}
	80	return -1;
	81	}
	82
	83
	84	ssize_t
	85	GNUNET_CRYPTO_private_key_length_by_type (enum GNUNET_CRYPTO_KeyType kt)
	86	{
	87	switch (kt)
	88	{
	89	case GNUNET_PUBLIC_KEY_TYPE_ECDSA:
	90	return sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey);
	91	break;
	92	case GNUNET_PUBLIC_KEY_TYPE_EDDSA:
	93	return sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey);
	94	break;
	95	default:
	96	GNUNET_break (0);
	97	}
	98	return -1;
	99	}
	100
	101
	102	enum GNUNET_GenericReturnValue
	103	GNUNET_CRYPTO_read_public_key_from_buffer (const void *buffer,
	104	size_t len,
	105	struct GNUNET_CRYPTO_PublicKey *
	106	key,
	107	size_t *kb_read)
	108	{
	109	if (len < sizeof (key->type))
	110	return GNUNET_SYSERR;
	111	GNUNET_memcpy (&key->type,
	112	buffer,
	113	sizeof (key->type));
	114	ssize_t length = GNUNET_CRYPTO_public_key_get_length (key);
	115	if (len < length)
	116	return GNUNET_SYSERR;
	117	if (length < 0)
	118	return GNUNET_SYSERR;
	119	GNUNET_memcpy (&key->ecdsa_key,
	120	buffer + sizeof (key->type),
	121	length - sizeof (key->type));
	122	*kb_read = length;
	123	return GNUNET_OK;
	124	}
	125
	126
	127	ssize_t
	128	GNUNET_CRYPTO_write_public_key_to_buffer (const struct
	129	GNUNET_CRYPTO_PublicKey *key,
	130	void*buffer,
	131	size_t len)
	132	{
	133	const ssize_t length = GNUNET_CRYPTO_public_key_get_length (key);
	134	if (len < length)
	135	return -1;
	136	if (length < 0)
	137	return -2;
	138	GNUNET_memcpy (buffer, &(key->type), sizeof (key->type));
	139	GNUNET_memcpy (buffer + sizeof (key->type), &(key->ecdsa_key), length
	140	- sizeof (key->type));
	141	return length;
	142	}
	143
	144
	145	enum GNUNET_GenericReturnValue
	146	GNUNET_CRYPTO_read_private_key_from_buffer (const void *buffer,
	147	size_t len,
	148	struct
	149	GNUNET_CRYPTO_PrivateKey *key,
	150	size_t *kb_read)
	151	{
	152	if (len < sizeof (key->type))
	153	return GNUNET_SYSERR;
	154	GNUNET_memcpy (&key->type,
	155	buffer,
	156	sizeof (key->type));
	157	ssize_t length = GNUNET_CRYPTO_private_key_get_length (key);
	158	if (len < length)
	159	return GNUNET_SYSERR;
	160	if (length < 0)
	161	return GNUNET_SYSERR;
	162	GNUNET_memcpy (&key->ecdsa_key,
	163	buffer + sizeof (key->type),
	164	length - sizeof (key->type));
	165	*kb_read = length;
	166	return GNUNET_OK;
	167	}
	168
	169
	170	ssize_t
	171	GNUNET_CRYPTO_write_private_key_to_buffer (const struct
	172	GNUNET_CRYPTO_PrivateKey *key,
	173	void *buffer,
	174	size_t len)
	175	{
	176	const ssize_t length = GNUNET_CRYPTO_private_key_get_length (key);
	177	if (len < length)
	178	return -1;
	179	if (length < 0)
	180	return -2;
	181	GNUNET_memcpy (buffer, &(key->type), sizeof (key->type));
	182	GNUNET_memcpy (buffer + sizeof (key->type), &(key->ecdsa_key), length
	183	- sizeof (key->type));
	184	return length;
	185	}
	186
	187
	188	ssize_t
	189	GNUNET_CRYPTO_signature_get_length (const struct
	190	GNUNET_CRYPTO_Signature *sig)
	191	{
	192	switch (ntohl (sig->type))
	193	{
	194	case GNUNET_PUBLIC_KEY_TYPE_ECDSA:
	195	return sizeof (sig->type) + sizeof (sig->ecdsa_signature);
	196	break;
	197	case GNUNET_PUBLIC_KEY_TYPE_EDDSA:
	198	return sizeof (sig->type) + sizeof (sig->eddsa_signature);
	199	break;
	200	default:
	201	GNUNET_break (0);
	202	}
	203	return -1;
	204	}
	205
	206
	207	ssize_t
	208	GNUNET_CRYPTO_signature_get_raw_length_by_type (uint32_t type)
	209	{
	210	switch (ntohl (type))
	211	{
	212	case GNUNET_PUBLIC_KEY_TYPE_ECDSA:
	213	return sizeof (struct GNUNET_CRYPTO_EcdsaSignature);
	214	break;
	215	case GNUNET_PUBLIC_KEY_TYPE_EDDSA:
	216	return sizeof (struct GNUNET_CRYPTO_EddsaSignature);
	217	break;
	218	default:
	219	GNUNET_break (0);
	220	}
	221	return -1;
	222	}
	223
	224
	225	ssize_t
	226	GNUNET_CRYPTO_read_signature_from_buffer (struct
	227	GNUNET_CRYPTO_Signature *sig,
	228	const void*buffer,
	229	size_t len)
	230	{
	231	if (len < sizeof (sig->type))
	232	return -1;
	233	GNUNET_memcpy (&(sig->type), buffer, sizeof (sig->type));
	234	const ssize_t length = GNUNET_CRYPTO_signature_get_length (sig);
	235	if (len < length)
	236	return -1;
	237	if (length < 0)
	238	return -2;
	239	GNUNET_memcpy (&(sig->ecdsa_signature), buffer + sizeof (sig->type), length
	240	- sizeof (sig->type));
	241	return length;
	242	}
	243
	244
	245	ssize_t
	246	GNUNET_CRYPTO_write_signature_to_buffer (const struct
	247	GNUNET_CRYPTO_Signature *sig,
	248	void*buffer,
	249	size_t len)
	250	{
	251	const ssize_t length = GNUNET_CRYPTO_signature_get_length (sig);
	252	if (len < length)
	253	return -1;
	254	if (length < 0)
	255	return -2;
	256	GNUNET_memcpy (buffer, &(sig->type), sizeof (sig->type));
	257	GNUNET_memcpy (buffer + sizeof (sig->type), &(sig->ecdsa_signature), length
	258	- sizeof (sig->type));
	259	return length;
	260	}
	261
	262
	263	enum GNUNET_GenericReturnValue
	264	GNUNET_CRYPTO_sign_raw_ (const struct
	265	GNUNET_CRYPTO_PrivateKey *priv,
	266	const struct
	267	GNUNET_CRYPTO_EccSignaturePurpose *purpose,
	268	unsigned char *sig)
	269	{
	270	switch (ntohl (priv->type))
	271	{
	272	case GNUNET_PUBLIC_KEY_TYPE_ECDSA:
	273	return GNUNET_CRYPTO_ecdsa_sign_ (&(priv->ecdsa_key), purpose,
	274	(struct
	275	GNUNET_CRYPTO_EcdsaSignature*) sig);
	276	break;
	277	case GNUNET_PUBLIC_KEY_TYPE_EDDSA:
	278	return GNUNET_CRYPTO_eddsa_sign_ (&(priv->eddsa_key), purpose,
	279	(struct
	280	GNUNET_CRYPTO_EddsaSignature*) sig);
	281	break;
	282	default:
	283	GNUNET_break (0);
	284	}
	285
	286	return GNUNET_SYSERR;
	287	}
	288
	289
	290	enum GNUNET_GenericReturnValue
	291	GNUNET_CRYPTO_sign_ (const struct
	292	GNUNET_CRYPTO_PrivateKey *priv,
	293	const struct
	294	GNUNET_CRYPTO_EccSignaturePurpose *purpose,
	295	struct GNUNET_CRYPTO_Signature *sig)
	296	{
	297	sig->type = priv->type;
	298	switch (ntohl (priv->type))
	299	{
	300	case GNUNET_PUBLIC_KEY_TYPE_ECDSA:
	301	return GNUNET_CRYPTO_ecdsa_sign_ (&(priv->ecdsa_key), purpose,
	302	&(sig->ecdsa_signature));
	303	break;
	304	case GNUNET_PUBLIC_KEY_TYPE_EDDSA:
	305	return GNUNET_CRYPTO_eddsa_sign_ (&(priv->eddsa_key), purpose,
	306	&(sig->eddsa_signature));
	307	break;
	308	default:
	309	GNUNET_break (0);
	310	}
	311
	312	return GNUNET_SYSERR;
	313	}
	314
	315
	316	enum GNUNET_GenericReturnValue
	317	GNUNET_CRYPTO_signature_verify_ (uint32_t purpose,
	318	const struct
	319	GNUNET_CRYPTO_EccSignaturePurpose *validate,
	320	const struct GNUNET_CRYPTO_Signature *sig,
	321	const struct GNUNET_CRYPTO_PublicKey *pub)
	322	{
	323	/* check type matching of 'sig' and 'pub' */
	324	GNUNET_assert (ntohl (pub->type) == ntohl (sig->type));
	325	switch (ntohl (pub->type))
	326	{
	327	case GNUNET_PUBLIC_KEY_TYPE_ECDSA:
	328	return GNUNET_CRYPTO_ecdsa_verify_ (purpose, validate,
	329	&(sig->ecdsa_signature),
	330	&(pub->ecdsa_key));
	331	break;
	332	case GNUNET_PUBLIC_KEY_TYPE_EDDSA:
	333	return GNUNET_CRYPTO_eddsa_verify_ (purpose, validate,
	334	&(sig->eddsa_signature),
	335	&(pub->eddsa_key));
	336	break;
	337	default:
	338	GNUNET_break (0);
	339	}
	340
	341	return GNUNET_SYSERR;
	342	}
	343
	344
	345	enum GNUNET_GenericReturnValue
	346	GNUNET_CRYPTO_signature_verify_raw_ (uint32_t purpose,
	347	const struct
	348	GNUNET_CRYPTO_EccSignaturePurpose *
	349	validate,
	350	const unsigned char *sig,
	351	const struct
	352	GNUNET_CRYPTO_PublicKey *pub)
	353	{
	354	switch (ntohl (pub->type))
	355	{
	356	case GNUNET_PUBLIC_KEY_TYPE_ECDSA:
	357	return GNUNET_CRYPTO_ecdsa_verify_ (purpose, validate,
	358	(struct
	359	GNUNET_CRYPTO_EcdsaSignature*) sig,
	360	&(pub->ecdsa_key));
	361	break;
	362	case GNUNET_PUBLIC_KEY_TYPE_EDDSA:
	363	return GNUNET_CRYPTO_eddsa_verify_ (purpose, validate,
	364	(struct
	365	GNUNET_CRYPTO_EddsaSignature*) sig,
	366	&(pub->eddsa_key));
	367	break;
	368	default:
	369	GNUNET_break (0);
	370	}
	371
	372	return GNUNET_SYSERR;
	373	}
	374
	375
	376	ssize_t
	377	GNUNET_CRYPTO_encrypt_old (const void *block,
	378	size_t size,
	379	const struct GNUNET_CRYPTO_PublicKey *pub,
	380	struct GNUNET_CRYPTO_EcdhePublicKey *ecc,
	381	void *result)
	382	{
	383	struct GNUNET_CRYPTO_EcdhePrivateKey pk;
	384	GNUNET_CRYPTO_ecdhe_key_create (&pk);
	385	struct GNUNET_HashCode hash;
	386	switch (ntohl (pub->type))
	387	{
	388	case GNUNET_PUBLIC_KEY_TYPE_ECDSA:
	389	if (GNUNET_SYSERR == GNUNET_CRYPTO_ecdh_ecdsa (&pk, &(pub->ecdsa_key),
	390	&hash))
	391	return -1;
	392	break;
	393	case GNUNET_PUBLIC_KEY_TYPE_EDDSA:
	394	if (GNUNET_SYSERR == GNUNET_CRYPTO_ecdh_eddsa (&pk, &(pub->eddsa_key),
	395	&hash))
	396	return -1;
	397	break;
	398	default:
	399	return -1;
	400	}
	401	GNUNET_CRYPTO_ecdhe_key_get_public (&pk, ecc);
	402	GNUNET_CRYPTO_ecdhe_key_clear (&pk);
	403	struct GNUNET_CRYPTO_SymmetricSessionKey key;
	404	struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
	405	GNUNET_CRYPTO_hash_to_aes_key (&hash, &key, &iv);
	406	GNUNET_CRYPTO_zero_keys (&hash, sizeof(hash));
	407	const ssize_t encrypted = GNUNET_CRYPTO_symmetric_encrypt (block, size, &key,
	408	&iv, result);
	409	GNUNET_CRYPTO_zero_keys (&key, sizeof(key));
	410	GNUNET_CRYPTO_zero_keys (&iv, sizeof(iv));
	411	return encrypted;
	412	}
	413
	414
	415	enum GNUNET_GenericReturnValue
	416	GNUNET_CRYPTO_encrypt (const void *pt,
	417	size_t pt_size,
	418	const struct GNUNET_CRYPTO_PublicKey *pub,
	419	void *ct_buf,
	420	size_t ct_size)
	421	{
	422	struct GNUNET_HashCode k;
	423	struct GNUNET_CRYPTO_FoKemC kemc;
	424	struct GNUNET_CRYPTO_FoKemC kemc_buf = (struct GNUNET_CRYPTO_FoKemC) ct_buf;
	425	unsigned char encrypted_data = (unsigned char) &kemc_buf[1];
	426	unsigned char nonce[crypto_secretbox_NONCEBYTES];
	427	unsigned char key[crypto_secretbox_KEYBYTES];
	428
	429	if (ct_size < pt_size + GNUNET_CRYPTO_ENCRYPT_OVERHEAD_BYTES)
	430	{
	431	GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
	432	"Output buffer size for ciphertext too small: Got %lu, want >=%lu\n",
	433	ct_size, pt_size + GNUNET_CRYPTO_ENCRYPT_OVERHEAD_BYTES);
	434	return GNUNET_SYSERR;
	435	}
	436	switch (ntohl (pub->type))
	437	{
	438	case GNUNET_PUBLIC_KEY_TYPE_ECDSA:
	439	if (GNUNET_SYSERR == GNUNET_CRYPTO_ecdsa_fo_kem_encaps (&(pub->ecdsa_key),
	440	&kemc,
	441	&k))
	442	return GNUNET_SYSERR;
	443	break;
	444	case GNUNET_PUBLIC_KEY_TYPE_EDDSA:
	445	if (GNUNET_SYSERR == GNUNET_CRYPTO_eddsa_fo_kem_encaps (&pub->eddsa_key,
	446	&kemc,
	447	&k))
	448	return GNUNET_SYSERR;
	449	break;
	450	default:
	451	GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Unsupported key type\n");
	452	return GNUNET_SYSERR;
	453	}
	454	memcpy (key, &k, crypto_secretbox_KEYBYTES);
	455	memcpy (nonce, ((char* ) &k) + crypto_secretbox_KEYBYTES,
	456	crypto_secretbox_NONCEBYTES);
	457	if (crypto_secretbox_easy (encrypted_data, pt, pt_size, nonce, key))
	458	return GNUNET_SYSERR;
	459	memcpy (kemc_buf, &kemc, sizeof (kemc));
	460	return GNUNET_OK;
	461	}
	462
	463
	464	enum GNUNET_GenericReturnValue
	465	GNUNET_CRYPTO_decrypt (const void *ct_buf,
	466	size_t ct_size,
	467	const struct GNUNET_CRYPTO_PrivateKey *priv,
	468	void *pt,
	469	size_t pt_size)
	470	{
	471	struct GNUNET_HashCode k;
	472	struct GNUNET_CRYPTO_FoKemC kemc = (struct GNUNET_CRYPTO_FoKemC) ct_buf;
	473	unsigned char encrypted_data = (unsigned char) &kemc[1];
	474	unsigned char nonce[crypto_secretbox_NONCEBYTES];
	475	unsigned char key[crypto_secretbox_KEYBYTES];
	476	size_t expected_pt_len = ct_size - GNUNET_CRYPTO_ENCRYPT_OVERHEAD_BYTES;
	477
	478	if (pt_size < expected_pt_len)
	479	{
	480	GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
	481	"Output buffer size for plaintext too small: Got %lu, want >=%lu\n",
	482	pt_size, expected_pt_len);
	483	return GNUNET_SYSERR;
	484	}
	485	switch (ntohl (priv->type))
	486	{
	487	case GNUNET_PUBLIC_KEY_TYPE_ECDSA:
	488	if (GNUNET_SYSERR == GNUNET_CRYPTO_ecdsa_fo_kem_decaps (&(priv->ecdsa_key),
	489	kemc,
	490	&k))
	491	return GNUNET_SYSERR;
	492	break;
	493	case GNUNET_PUBLIC_KEY_TYPE_EDDSA:
	494	if (GNUNET_SYSERR == GNUNET_CRYPTO_eddsa_fo_kem_decaps (&(priv->eddsa_key),
	495	kemc,
	496	&k))
	497	return GNUNET_SYSERR;
	498	break;
	499	default:
	500	return GNUNET_SYSERR;
	501	}
	502	memcpy (key, &k, crypto_secretbox_KEYBYTES);
	503	memcpy (nonce, ((char* ) &k) + crypto_secretbox_KEYBYTES,
	504	crypto_secretbox_NONCEBYTES);
	505	if (crypto_secretbox_open_easy (pt, encrypted_data, ct_size - sizeof (*kemc),
	506	nonce, key))
	507	return GNUNET_SYSERR;
	508	return GNUNET_OK;
	509	}
	510
	511
	512	ssize_t
	513	GNUNET_CRYPTO_decrypt_old (const void *block,
	514	size_t size,
	515	const struct GNUNET_CRYPTO_PrivateKey *priv,
	516	const struct GNUNET_CRYPTO_EcdhePublicKey *ecc,
	517	void *result)
	518	{
	519	struct GNUNET_HashCode hash;
	520	switch (ntohl (priv->type))
	521	{
	522	case GNUNET_PUBLIC_KEY_TYPE_ECDSA:
	523	if (GNUNET_SYSERR == GNUNET_CRYPTO_ecdsa_ecdh (&(priv->ecdsa_key), ecc,
	524	&hash))
	525	return -1;
	526	break;
	527	case GNUNET_PUBLIC_KEY_TYPE_EDDSA:
	528	if (GNUNET_SYSERR == GNUNET_CRYPTO_eddsa_ecdh (&(priv->eddsa_key), ecc,
	529	&hash))
	530	return -1;
	531	break;
	532	default:
	533	return -1;
	534	}
	535	struct GNUNET_CRYPTO_SymmetricSessionKey key;
	536	struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
	537	GNUNET_CRYPTO_hash_to_aes_key (&hash, &key, &iv);
	538	GNUNET_CRYPTO_zero_keys (&hash, sizeof(hash));
	539	const ssize_t decrypted = GNUNET_CRYPTO_symmetric_decrypt (block, size, &key,
	540	&iv, result);
	541	GNUNET_CRYPTO_zero_keys (&key, sizeof(key));
	542	GNUNET_CRYPTO_zero_keys (&iv, sizeof(iv));
	543	return decrypted;
	544	}
	545
	546
	547	char *
	548	GNUNET_CRYPTO_public_key_to_string (const struct
	549	GNUNET_CRYPTO_PublicKey *key)
	550	{
	551	size_t size = GNUNET_CRYPTO_public_key_get_length (key);
	552	return GNUNET_STRINGS_data_to_string_alloc (key,
	553	size);
	554	}
	555
	556
	557	char *
	558	GNUNET_CRYPTO_private_key_to_string (const struct
	559	GNUNET_CRYPTO_PrivateKey *key)
	560	{
	561	size_t size = GNUNET_CRYPTO_private_key_get_length (key);
	562	return GNUNET_STRINGS_data_to_string_alloc (key,
	563	size);
	564	}
	565
	566
	567	enum GNUNET_GenericReturnValue
	568	GNUNET_CRYPTO_public_key_from_string (const char *str,
	569	struct GNUNET_CRYPTO_PublicKey *key)
	570	{
	571	enum GNUNET_GenericReturnValue ret;
	572	ret = GNUNET_STRINGS_string_to_data (str,
	573	strlen (str),
	574	key,
	575	sizeof (*key));
	576	if (GNUNET_OK != ret)
	577	return GNUNET_SYSERR;
	578	return check_key_type (ntohl (key->type));
	579
	580	}
	581
	582
	583	enum GNUNET_GenericReturnValue
	584	GNUNET_CRYPTO_private_key_from_string (const char *str,
	585	struct GNUNET_CRYPTO_PrivateKey *key)
	586	{
	587	enum GNUNET_GenericReturnValue ret;
	588	ret = GNUNET_STRINGS_string_to_data (str,
	589	strlen (str),
	590	key,
	591	sizeof (*key));
	592	if (GNUNET_OK != ret)
	593	return GNUNET_SYSERR;
	594	return check_key_type (ntohl (key->type));
	595	}
	596
	597	enum GNUNET_GenericReturnValue
	598	GNUNET_CRYPTO_key_get_public (const struct
	599	GNUNET_CRYPTO_PrivateKey *privkey,
	600	struct GNUNET_CRYPTO_PublicKey *key)
	601	{
	602	key->type = privkey->type;
	603	switch (ntohl (privkey->type))
	604	{
	605	case GNUNET_PUBLIC_KEY_TYPE_ECDSA:
	606	GNUNET_CRYPTO_ecdsa_key_get_public (&privkey->ecdsa_key,
	607	&key->ecdsa_key);
	608	break;
	609	case GNUNET_PUBLIC_KEY_TYPE_EDDSA:
	610	GNUNET_CRYPTO_eddsa_key_get_public (&privkey->eddsa_key,
	611	&key->eddsa_key);
	612	break;
	613	default:
	614	GNUNET_break (0);
	615	return GNUNET_SYSERR;
	616	}
	617	return GNUNET_OK;
	618	}