[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[gnunet] branch master updated: GNS: Sanitize APIs and align with LSD000
From: |
gnunet |
Subject: |
[gnunet] branch master updated: GNS: Sanitize APIs and align with LSD0001 |
Date: |
Sun, 27 Mar 2022 12:25:07 +0200 |
This is an automated email from the git hooks/post-receive script.
martin-schanzenbach pushed a commit to branch master
in repository gnunet.
The following commit(s) were added to refs/heads/master by this push:
new 1e4d62567 GNS: Sanitize APIs and align with LSD0001
1e4d62567 is described below
commit 1e4d6256731d69f1309ff8439569c65d2e1384a0
Author: Martin Schanzenbach <schanzen@gnunet.org>
AuthorDate: Sun Mar 27 12:25:01 2022 +0200
GNS: Sanitize APIs and align with LSD0001
---
contrib/gana | 2 +-
po/POTFILES.in | 100 +++++++++++++++++-----------------
src/gnsrecord/gnsrecord_crypto.c | 39 ++++++-------
src/include/gnunet_crypto_lib.h | 46 +++++++++++-----
src/include/gnunet_namestore_plugin.h | 65 ++++++++++++++++++++++
src/util/crypto_ecc_gnsrecord.c | 55 ++++++++++++-------
src/util/test_crypto_eddsa.c | 8 ++-
7 files changed, 207 insertions(+), 108 deletions(-)
diff --git a/contrib/gana b/contrib/gana
index 0958add54..e12bcee06 160000
--- a/contrib/gana
+++ b/contrib/gana
@@ -1 +1 @@
-Subproject commit 0958add542378a6ca9c411e2dc19527834e9f645
+Subproject commit e12bcee063df61ed4b9acbe819443672364eb4d8
diff --git a/po/POTFILES.in b/po/POTFILES.in
index 64df0a13b..5c1152e7c 100644
--- a/po/POTFILES.in
+++ b/po/POTFILES.in
@@ -10,13 +10,14 @@ src/arm/arm_monitor_api.c
src/arm/gnunet-arm.c
src/arm/gnunet-service-arm.c
src/arm/mockup-service.c
+src/ats-tool/gnunet-ats.c
src/ats/ats_api_connectivity.c
src/ats/ats_api_performance.c
src/ats/ats_api_scanner.c
src/ats/ats_api_scheduling.c
src/ats/gnunet-ats-solver-eval.c
-src/ats/gnunet-service-ats_addresses.c
src/ats/gnunet-service-ats.c
+src/ats/gnunet-service-ats_addresses.c
src/ats/gnunet-service-ats_connectivity.c
src/ats/gnunet-service-ats_normalization.c
src/ats/gnunet-service-ats_performance.c
@@ -25,7 +26,6 @@ src/ats/gnunet-service-ats_preferences.c
src/ats/gnunet-service-ats_reservations.c
src/ats/gnunet-service-ats_scheduling.c
src/ats/plugin_ats_proportional.c
-src/ats-tool/gnunet-ats.c
src/auction/gnunet-auction-create.c
src/auction/gnunet-auction-info.c
src/auction/gnunet-auction-join.c
@@ -43,8 +43,8 @@ src/cadet/cadet_api_list_peers.c
src/cadet/cadet_api_list_tunnels.c
src/cadet/cadet_test_lib.c
src/cadet/desirability_table.c
-src/cadet/gnunet-cadet.c
src/cadet/gnunet-cadet-profiler.c
+src/cadet/gnunet-cadet.c
src/cadet/gnunet-service-cadet.c
src/cadet/gnunet-service-cadet_channel.c
src/cadet/gnunet-service-cadet_connection.c
@@ -60,15 +60,15 @@ src/consensus/gnunet-service-consensus.c
src/consensus/plugin_block_consensus.c
src/conversation/conversation_api.c
src/conversation/conversation_api_call.c
-src/conversation/gnunet-conversation.c
src/conversation/gnunet-conversation-test.c
-src/conversation/gnunet_gst.c
-src/conversation/gnunet_gst_test.c
-src/conversation/gnunet-helper-audio-playback.c
+src/conversation/gnunet-conversation.c
src/conversation/gnunet-helper-audio-playback-gst.c
-src/conversation/gnunet-helper-audio-record.c
+src/conversation/gnunet-helper-audio-playback.c
src/conversation/gnunet-helper-audio-record-gst.c
+src/conversation/gnunet-helper-audio-record.c
src/conversation/gnunet-service-conversation.c
+src/conversation/gnunet_gst.c
+src/conversation/gnunet_gst_test.c
src/conversation/microphone.c
src/conversation/plugin_gnsrecord_conversation.c
src/conversation/speaker.c
@@ -99,13 +99,13 @@ src/dht/dht_test_lib.c
src/dht/gnunet-dht-get.c
src/dht/gnunet-dht-hello.c
src/dht/gnunet-dht-monitor.c
-src/dht/gnunet_dht_profiler.c
src/dht/gnunet-dht-put.c
src/dht/gnunet-service-dht.c
src/dht/gnunet-service-dht_clients.c
src/dht/gnunet-service-dht_datacache.c
src/dht/gnunet-service-dht_neighbours.c
src/dht/gnunet-service-dht_routing.c
+src/dht/gnunet_dht_profiler.c
src/dht/plugin_block_dht.c
src/dhtu/plugin_dhtu_gnunet.c
src/dhtu/plugin_dhtu_ip.c
@@ -143,8 +143,8 @@ src/fs/gnunet-auto-share.c
src/fs/gnunet-daemon-fsprofiler.c
src/fs/gnunet-directory.c
src/fs/gnunet-download.c
-src/fs/gnunet-fs.c
src/fs/gnunet-fs-profiler.c
+src/fs/gnunet-fs.c
src/fs/gnunet-helper-fs-publish.c
src/fs/gnunet-publish.c
src/fs/gnunet-search.c
@@ -164,9 +164,9 @@ src/gns/gns_tld_api.c
src/gns/gnunet-bcd.c
src/gns/gnunet-dns2gns.c
src/gns/gnunet-gns-benchmark.c
-src/gns/gnunet-gns.c
src/gns/gnunet-gns-import.c
src/gns/gnunet-gns-proxy.c
+src/gns/gnunet-gns.c
src/gns/gnunet-service-gns.c
src/gns/gnunet-service-gns_interceptor.c
src/gns/gnunet-service-gns_resolver.c
@@ -184,9 +184,9 @@ src/gnsrecord/json_gnsrecord.c
src/gnsrecord/plugin_gnsrecord_dns.c
src/hello/address.c
src/hello/gnunet-hello.c
-src/hello/hello.c
src/hello/hello-ng.c
src/hello/hello-uri.c
+src/hello/hello.c
src/hostlist/gnunet-daemon-hostlist.c
src/hostlist/gnunet-daemon-hostlist_client.c
src/hostlist/gnunet-daemon-hostlist_server.c
@@ -202,8 +202,8 @@ src/json/json_helper.c
src/json/json_mhd.c
src/json/json_pack.c
src/messenger/gnunet-messenger.c
-src/messenger/gnunet-service-messenger_basement.c
src/messenger/gnunet-service-messenger.c
+src/messenger/gnunet-service-messenger_basement.c
src/messenger/gnunet-service-messenger_ego_store.c
src/messenger/gnunet-service-messenger_handle.c
src/messenger/gnunet-service-messenger_list_handles.c
@@ -243,8 +243,8 @@ src/namecache/namecache_api.c
src/namecache/plugin_namecache_flat.c
src/namecache/plugin_namecache_postgres.c
src/namecache/plugin_namecache_sqlite.c
-src/namestore/gnunet-namestore.c
src/namestore/gnunet-namestore-fcfsd.c
+src/namestore/gnunet-namestore.c
src/namestore/gnunet-service-namestore.c
src/namestore/gnunet-zoneimport.c
src/namestore/namestore_api.c
@@ -270,17 +270,17 @@ src/nat/gnunet-service-nat_mini.c
src/nat/gnunet-service-nat_stun.c
src/nat/nat_api.c
src/nat/nat_api_stun.c
-src/nse/gnunet-nse.c
src/nse/gnunet-nse-profiler.c
+src/nse/gnunet-nse.c
src/nse/gnunet-service-nse.c
src/nse/nse_api.c
src/nt/nt.c
-src/peerinfo/gnunet-service-peerinfo.c
-src/peerinfo/peerinfo_api.c
-src/peerinfo/peerinfo_api_notify.c
src/peerinfo-tool/gnunet-peerinfo.c
src/peerinfo-tool/gnunet-peerinfo_plugins.c
src/peerinfo-tool/plugin_rest_peerinfo.c
+src/peerinfo/gnunet-service-peerinfo.c
+src/peerinfo/peerinfo_api.c
+src/peerinfo/peerinfo_api_notify.c
src/peerstore/gnunet-peerstore.c
src/peerstore/gnunet-service-peerstore.c
src/peerstore/peerstore_api.c
@@ -332,27 +332,27 @@ src/rest/gnunet-rest-server.c
src/rest/plugin_rest_config.c
src/rest/plugin_rest_copying.c
src/rest/rest.c
-src/revocation/gnunet-revocation.c
src/revocation/gnunet-revocation-tvg.c
+src/revocation/gnunet-revocation.c
src/revocation/gnunet-service-revocation.c
src/revocation/plugin_block_revocation.c
src/revocation/revocation_api.c
-src/rps/gnunet-rps.c
src/rps/gnunet-rps-profiler.c
+src/rps/gnunet-rps.c
src/rps/gnunet-service-rps.c
src/rps/gnunet-service-rps_custommap.c
src/rps/gnunet-service-rps_sampler.c
src/rps/gnunet-service-rps_sampler_elem.c
src/rps/gnunet-service-rps_view.c
-src/rps/rps_api.c
src/rps/rps-sampler_client.c
src/rps/rps-sampler_common.c
src/rps/rps-test_util.c
+src/rps/rps_api.c
src/scalarproduct/gnunet-scalarproduct.c
-src/scalarproduct/gnunet-service-scalarproduct_alice.c
-src/scalarproduct/gnunet-service-scalarproduct_bob.c
src/scalarproduct/gnunet-service-scalarproduct-ecc_alice.c
src/scalarproduct/gnunet-service-scalarproduct-ecc_bob.c
+src/scalarproduct/gnunet-service-scalarproduct_alice.c
+src/scalarproduct/gnunet-service-scalarproduct_bob.c
src/scalarproduct/scalarproduct_api.c
src/secretsharing/gnunet-secretsharing-profiler.c
src/secretsharing/gnunet-service-secretsharing.c
@@ -366,12 +366,12 @@ src/set/gnunet-set-ibf-profiler.c
src/set/gnunet-set-profiler.c
src/set/ibf.c
src/set/ibf_sim.c
+src/set/plugin_block_set_test.c
+src/set/set_api.c
src/seti/gnunet-service-seti.c
src/seti/gnunet-seti-profiler.c
src/seti/plugin_block_seti_test.c
src/seti/seti_api.c
-src/set/plugin_block_set_test.c
-src/set/set_api.c
src/setu/gnunet-service-setu.c
src/setu/gnunet-service-setu_strata_estimator.c
src/setu/gnunet-setu-ibf-profiler.c
@@ -390,15 +390,16 @@ src/statistics/gnunet-statistics.c
src/statistics/statistics_api.c
src/template/gnunet-service-template.c
src/template/gnunet-template.c
+src/testbed-logger/gnunet-service-testbed-logger.c
+src/testbed-logger/testbed_logger_api.c
src/testbed/generate-underlay-topology.c
src/testbed/gnunet-daemon-latency-logger.c
src/testbed/gnunet-daemon-testbed-blacklist.c
src/testbed/gnunet-daemon-testbed-underlay.c
src/testbed/gnunet-helper-testbed.c
-src/testbed/gnunet_mpi_test.c
src/testbed/gnunet-service-test-barriers.c
-src/testbed/gnunet-service-testbed_barriers.c
src/testbed/gnunet-service-testbed.c
+src/testbed/gnunet-service-testbed_barriers.c
src/testbed/gnunet-service-testbed_cache.c
src/testbed/gnunet-service-testbed_connectionpool.c
src/testbed/gnunet-service-testbed_cpustatus.c
@@ -407,23 +408,23 @@ src/testbed/gnunet-service-testbed_meminfo.c
src/testbed/gnunet-service-testbed_oc.c
src/testbed/gnunet-service-testbed_peers.c
src/testbed/gnunet-testbed-profiler.c
-src/testbed-logger/gnunet-service-testbed-logger.c
-src/testbed-logger/testbed_logger_api.c
-src/testbed/testbed_api_barriers.c
+src/testbed/gnunet_mpi_test.c
src/testbed/testbed_api.c
+src/testbed/testbed_api_barriers.c
src/testbed/testbed_api_hosts.c
src/testbed/testbed_api_operations.c
src/testbed/testbed_api_peers.c
src/testbed/testbed_api_sd.c
src/testbed/testbed_api_services.c
src/testbed/testbed_api_statistics.c
-src/testbed/testbed_api_testbed.c
src/testbed/testbed_api_test.c
+src/testbed/testbed_api_testbed.c
src/testbed/testbed_api_topology.c
src/testbed/testbed_api_underlay.c
src/testing/gnunet-cmds-helper.c
src/testing/gnunet-testing.c
src/testing/list-keys.c
+src/testing/testing.c
src/testing/testing_api_cmd_batch.c
src/testing/testing_api_cmd_block_until_external_trigger.c
src/testing/testing_api_cmd_end.c
@@ -439,41 +440,51 @@ src/testing/testing_api_cmd_system_create.c
src/testing/testing_api_cmd_system_destroy.c
src/testing/testing_api_loop.c
src/testing/testing_api_traits.c
-src/testing/testing.c
src/topology/friends.c
src/topology/gnunet-daemon-topology.c
src/transport/gnunet-communicator-tcp.c
src/transport/gnunet-communicator-udp.c
src/transport/gnunet-communicator-unix.c
src/transport/gnunet-helper-transport-bluetooth.c
-src/transport/gnunet-helper-transport-wlan.c
src/transport/gnunet-helper-transport-wlan-dummy.c
+src/transport/gnunet-helper-transport-wlan.c
src/transport/gnunet-service-tng.c
-src/transport/gnunet-service-transport_ats.c
src/transport/gnunet-service-transport.c
+src/transport/gnunet-service-transport_ats.c
src/transport/gnunet-service-transport_hello.c
src/transport/gnunet-service-transport_manipulation.c
src/transport/gnunet-service-transport_neighbours.c
src/transport/gnunet-service-transport_plugins.c
src/transport/gnunet-service-transport_validation.c
-src/transport/gnunet-transport.c
src/transport/gnunet-transport-profiler.c
src/transport/gnunet-transport-wlan-receiver.c
src/transport/gnunet-transport-wlan-sender.c
+src/transport/gnunet-transport.c
src/transport/plugin_transport_http_client.c
src/transport/plugin_transport_http_common.c
src/transport/plugin_transport_http_server.c
src/transport/plugin_transport_smtp.c
src/transport/plugin_transport_tcp.c
src/transport/plugin_transport_template.c
-src/transport/plugin_transport_udp_broadcasting.c
src/transport/plugin_transport_udp.c
+src/transport/plugin_transport_udp_broadcasting.c
src/transport/plugin_transport_unix.c
src/transport/plugin_transport_wlan.c
src/transport/tcp_connection_legacy.c
src/transport/tcp_server_legacy.c
src/transport/tcp_server_mst_legacy.c
src/transport/tcp_service_legacy.c
+src/transport/transport-testing-communicator.c
+src/transport/transport-testing-filenames.c
+src/transport/transport-testing-filenames2.c
+src/transport/transport-testing-loggers.c
+src/transport/transport-testing-loggers2.c
+src/transport/transport-testing-main.c
+src/transport/transport-testing-main2.c
+src/transport/transport-testing-send.c
+src/transport/transport-testing-send2.c
+src/transport/transport-testing.c
+src/transport/transport-testing2.c
src/transport/transport_api2_application.c
src/transport/transport_api2_communication.c
src/transport/transport_api2_core.c
@@ -492,17 +503,6 @@ src/transport/transport_api_monitor_peers.c
src/transport/transport_api_monitor_plugins.c
src/transport/transport_api_offer_hello.c
src/transport/transport_api_traits.c
-src/transport/transport-testing2.c
-src/transport/transport-testing.c
-src/transport/transport-testing-communicator.c
-src/transport/transport-testing-filenames2.c
-src/transport/transport-testing-filenames.c
-src/transport/transport-testing-loggers2.c
-src/transport/transport-testing-loggers.c
-src/transport/transport-testing-main2.c
-src/transport/transport-testing-main.c
-src/transport/transport-testing-send2.c
-src/transport/transport-testing-send.c
src/util/bandwidth.c
src/util/benchmark.c
src/util/bio.c
@@ -518,8 +518,8 @@ src/util/consttime_memcmp.c
src/util/container_bloomfilter.c
src/util/container_heap.c
src/util/container_meta_data.c
-src/util/container_multihashmap32.c
src/util/container_multihashmap.c
+src/util/container_multihashmap32.c
src/util/container_multipeermap.c
src/util/container_multishortmap.c
src/util/container_multiuuidmap.c
@@ -546,8 +546,8 @@ src/util/dnsstub.c
src/util/getopt.c
src/util/getopt_helpers.c
src/util/gnunet-base32.c
-src/util/gnunet-config.c
src/util/gnunet-config-diff.c
+src/util/gnunet-config.c
src/util/gnunet-crypto-tvg.c
src/util/gnunet-ecc.c
src/util/gnunet-qr.c
@@ -585,8 +585,8 @@ src/vpn/gnunet-helper-vpn.c
src/vpn/gnunet-service-vpn.c
src/vpn/gnunet-vpn.c
src/vpn/vpn_api.c
-src/zonemaster/gnunet-service-zonemaster.c
src/zonemaster/gnunet-service-zonemaster-monitor.c
+src/zonemaster/gnunet-service-zonemaster.c
src/fs/fs_api.h
src/include/gnunet_json_lib.h
src/testbed/testbed_api.h
diff --git a/src/gnsrecord/gnsrecord_crypto.c b/src/gnsrecord/gnsrecord_crypto.c
index ff92911de..b5e8be82b 100644
--- a/src/gnsrecord/gnsrecord_crypto.c
+++ b/src/gnsrecord/gnsrecord_crypto.c
@@ -219,7 +219,6 @@ block_create_ecdsa (const struct
GNUNET_CRYPTO_EcdsaPrivateKey *key,
rd);
struct GNUNET_GNSRECORD_EcdsaBlock *ecblock;
struct GNRBlockPS *gnr_block;
- struct GNUNET_CRYPTO_EcdsaPrivateKey *dkey;
unsigned char ctr[GNUNET_CRYPTO_AES_KEY_LENGTH / 2];
unsigned char skey[GNUNET_CRYPTO_AES_KEY_LENGTH];
struct GNUNET_GNSRECORD_Data rdc[GNUNET_NZL (rd_count)];
@@ -270,11 +269,10 @@ block_create_ecdsa (const struct
GNUNET_CRYPTO_EcdsaPrivateKey *key,
gnr_block->expiration_time = GNUNET_TIME_absolute_hton (expire);
ecblock->expiration_time = gnr_block->expiration_time;
/* encrypt and sign */
- dkey = GNUNET_CRYPTO_ecdsa_private_key_derive (key,
- label,
- "gns");
- GNUNET_CRYPTO_ecdsa_key_get_public (dkey,
- &ecblock->derived_key);
+ GNUNET_CRYPTO_ecdsa_public_key_derive (pkey,
+ label,
+ "gns",
+ &ecblock->derived_key);
GNR_derive_block_aes_key (ctr,
skey,
label,
@@ -289,18 +287,18 @@ block_create_ecdsa (const struct
GNUNET_CRYPTO_EcdsaPrivateKey *key,
GNUNET_memcpy (&gnr_block[1], &ecblock[1], payload_len);
}
if (GNUNET_OK !=
- GNUNET_CRYPTO_ecdsa_sign_ (dkey,
- &gnr_block->purpose,
- &ecblock->signature))
+ GNUNET_CRYPTO_ecdsa_sign_derived (key,
+ label,
+ "gns",
+ &gnr_block->purpose,
+ &ecblock->signature))
{
GNUNET_break (0);
GNUNET_free (*block);
- GNUNET_free (dkey);
GNUNET_free (gnr_block);
return GNUNET_SYSERR;
}
GNUNET_free (gnr_block);
- GNUNET_free (dkey);
return GNUNET_OK;
}
@@ -344,7 +342,6 @@ block_create_eddsa (const struct
GNUNET_CRYPTO_EddsaPrivateKey *key,
rd);
struct GNUNET_GNSRECORD_EddsaBlock *edblock;
struct GNRBlockPS *gnr_block;
- struct GNUNET_CRYPTO_EddsaPrivateScalar dkey;
unsigned char nonce[crypto_secretbox_NONCEBYTES];
unsigned char skey[crypto_secretbox_KEYBYTES];
struct GNUNET_GNSRECORD_Data rdc[GNUNET_NZL (rd_count)];
@@ -402,12 +399,10 @@ block_create_eddsa (const struct
GNUNET_CRYPTO_EddsaPrivateKey *key,
gnr_block->expiration_time = GNUNET_TIME_absolute_hton (expire);
edblock->expiration_time = gnr_block->expiration_time;
/* encrypt and sign */
- GNUNET_CRYPTO_eddsa_private_key_derive (key,
- label,
- "gns",
- &dkey);
- GNUNET_CRYPTO_eddsa_key_get_public_from_scalar (&dkey,
- &edblock->derived_key);
+ GNUNET_CRYPTO_eddsa_public_key_derive (pkey,
+ label,
+ "gns",
+ &edblock->derived_key);
GNR_derive_block_xsalsa_key (nonce,
skey,
label,
@@ -422,9 +417,11 @@ block_create_eddsa (const struct
GNUNET_CRYPTO_EddsaPrivateKey *key,
GNUNET_memcpy (&gnr_block[1], &edblock[1],
payload_len + crypto_secretbox_MACBYTES);
- GNUNET_CRYPTO_eddsa_sign_with_scalar (&dkey,
- &gnr_block->purpose,
- &edblock->signature);
+ GNUNET_CRYPTO_eddsa_sign_derived (key,
+ label,
+ "gns",
+ &gnr_block->purpose,
+ &edblock->signature);
}
return GNUNET_OK;
}
diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h
index 72d783148..77abab45d 100644
--- a/src/include/gnunet_crypto_lib.h
+++ b/src/include/gnunet_crypto_lib.h
@@ -2018,6 +2018,26 @@ GNUNET_CRYPTO_ecdsa_public_key_derive (
const char *context,
struct GNUNET_CRYPTO_EcdsaPublicKey *result);
+/**
+ * This is a signature function for ECDSA which takes a
+ * private key, derives/blinds it and signs the message.
+ *
+ * @param pkey original private key
+ * @param label label to use for key deriviation
+ * @param context additional context to use for HKDF of 'h';
+ * typically the name of the subsystem/application
+ * @param purp the signature purpose
+ * @param sig the resulting signature
+ * @return GNUNET_OK on success
+ */
+enum GNUNET_GenericReturnValue
+GNUNET_CRYPTO_ecdsa_sign_derived (
+ const struct GNUNET_CRYPTO_EcdsaPrivateKey *pkey,
+ const char *label,
+ const char *context,
+ const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose,
+ struct GNUNET_CRYPTO_EcdsaSignature *sig);
+
/**
* @ingroup crypto
@@ -2063,23 +2083,23 @@ GNUNET_CRYPTO_eddsa_public_key_derive (
/**
- * This is a signature function for EdDSA which takes the
- * secret scalar sk instead of the private seed which is
- * usually the case for crypto APIs. We require this functionality
- * in order to use derived private keys for signatures we
- * cannot calculate the inverse of a sk to find the seed
- * efficiently.
+ * This is a signature function for EdDSA which takes a
+ * private key and derives it using the label and context
+ * before signing.
*
- * The resulting signature is a standard EdDSA signature
- * which can be verified using the usual APIs.
- *
- * @param sk the secret scalar
+ * @param pkey original private key
+ * @param label label to use for key deriviation
+ * @param context additional context to use for HKDF of 'h';
+ * typically the name of the subsystem/application
* @param purp the signature purpose
* @param sig the resulting signature
+ * @return GNUNET_OK on success
*/
-void
-GNUNET_CRYPTO_eddsa_sign_with_scalar (
- const struct GNUNET_CRYPTO_EddsaPrivateScalar *priv,
+enum GNUNET_GenericReturnValue
+GNUNET_CRYPTO_eddsa_sign_derived (
+ const struct GNUNET_CRYPTO_EddsaPrivateKey *pkey,
+ const char *label,
+ const char *context,
const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose,
struct GNUNET_CRYPTO_EddsaSignature *sig);
diff --git a/src/include/gnunet_namestore_plugin.h
b/src/include/gnunet_namestore_plugin.h
index 9cc8abc6e..3dca5a853 100644
--- a/src/include/gnunet_namestore_plugin.h
+++ b/src/include/gnunet_namestore_plugin.h
@@ -150,6 +150,71 @@ struct GNUNET_NAMESTORE_PluginFunctions
const struct GNUNET_IDENTITY_PublicKey *value_zone,
GNUNET_NAMESTORE_RecordIterator iter,
void *iter_cls);
+
+ /** Transaction-based API draft **/
+
+ /**
+ * Start a transaction in the database
+ *
+ * @param cls closure (internal context for the plugin)
+ * @return #GNUNET_OK on success, #GNUNET_NO if there were no results,
#GNUNET_SYSERR on error
+ */
+ enum GNUNET_GenericReturnValue
+ (*transaction_begin) (void *cls);
+
+ /**
+ * Abort a transaction in the database
+ *
+ * @param cls closure (internal context for the plugin)
+ * @return #GNUNET_OK on success, #GNUNET_NO if there were no results,
#GNUNET_SYSERR on error
+ */
+ enum GNUNET_GenericReturnValue
+ (*transaction_abort) (void *cls);
+
+ /**
+ * Commit a transaction in the database
+ *
+ * @param cls closure (internal context for the plugin)
+ * @return #GNUNET_OK on success, #GNUNET_NO if there were no results,
#GNUNET_SYSERR on error
+ */
+ enum GNUNET_GenericReturnValue
+ (*transaction_commit) (void *cls);
+
+ /**
+ * Replace a record in the datastore for which we are the authority.
+ * Removes any existing record in the same zone with the same name.
+ *
+ * @param cls closure (internal context for the plugin)
+ * @param zone private key of the zone
+ * @param label name of the record in the zone
+ * @param rd_count number of entries in @a rd array, 0 to delete all records
+ * @param rd array of records with data to store
+ * @return #GNUNET_OK on success, else #GNUNET_SYSERR
+ */
+ int
+ (*replace_records) (void *cls,
+ const struct GNUNET_IDENTITY_PrivateKey *zone,
+ const char *label,
+ unsigned int rd_count,
+ const struct GNUNET_GNSRECORD_Data *rd);
+
+ /**
+ * Lookup records in the datastore for which we are the authority.
+ *
+ * @param cls closure (internal context for the plugin)
+ * @param zone private key of the zone
+ * @param label name of the record in the zone
+ * @param iter function to call with the result
+ * @param iter_cls closure for @a iter
+ * @return #GNUNET_OK on success, #GNUNET_NO for no results, else
#GNUNET_SYSERR
+ */
+ int
+ (*select_records) (void *cls,
+ const struct GNUNET_IDENTITY_PrivateKey *zone,
+ const char *label,
+ GNUNET_NAMESTORE_RecordIterator iter,
+ void *iter_cls);
+
};
diff --git a/src/util/crypto_ecc_gnsrecord.c b/src/util/crypto_ecc_gnsrecord.c
index ce41a4699..0ee0570c0 100644
--- a/src/util/crypto_ecc_gnsrecord.c
+++ b/src/util/crypto_ecc_gnsrecord.c
@@ -68,28 +68,15 @@ derive_h (const void *pub,
}
-/**
- * This is a signature function for EdDSA which takes the
- * secret scalar sk instead of the private seed which is
- * usually the case for crypto APIs. We require this functionality
- * in order to use derived private keys for signatures we
- * cannot calculate the inverse of a sk to find the seed
- * efficiently.
- *
- * The resulting signature is a standard EdDSA signature
- * which can be verified using the usual APIs.
- *
- * @param sk the secret scalar
- * @param purp the signature purpose
- * @param sig the resulting signature
- */
-void
-GNUNET_CRYPTO_eddsa_sign_with_scalar (
- const struct GNUNET_CRYPTO_EddsaPrivateScalar *priv,
+enum GNUNET_GenericReturnValue
+GNUNET_CRYPTO_eddsa_sign_derived (
+ const struct GNUNET_CRYPTO_EddsaPrivateKey *pkey,
+ const char *label,
+ const char *context,
const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose,
struct GNUNET_CRYPTO_EddsaSignature *sig)
{
-
+ struct GNUNET_CRYPTO_EddsaPrivateScalar priv;
crypto_hash_sha512_state hs;
unsigned char sk[64];
unsigned char r[64];
@@ -98,6 +85,14 @@ GNUNET_CRYPTO_eddsa_sign_with_scalar (
unsigned char zk[32];
unsigned char tmp[32];
+ /**
+ * Derive the private key
+ */
+ GNUNET_CRYPTO_eddsa_private_key_derive (pkey,
+ label,
+ context,
+ &priv);
+
crypto_hash_sha512_init (&hs);
/**
@@ -108,7 +103,7 @@ GNUNET_CRYPTO_eddsa_sign_with_scalar (
* sk[0..31] = h * SHA512 (d)[0..31]
* sk[32..63] = SHA512 (d)[32..63]
*/
- memcpy (sk, priv->s, 64);
+ memcpy (sk, priv.s, 64);
/**
* Calculate the derived zone key zk' from the
@@ -172,8 +167,28 @@ GNUNET_CRYPTO_eddsa_sign_with_scalar (
sodium_memzero (sk, sizeof (sk));
sodium_memzero (r, sizeof (r));
sodium_memzero (r_mod, sizeof (r_mod));
+ return GNUNET_OK;
}
+enum GNUNET_GenericReturnValue
+GNUNET_CRYPTO_ecdsa_sign_derived (
+ const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv,
+ const char *label,
+ const char *context,
+ const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose,
+ struct GNUNET_CRYPTO_EcdsaSignature *sig)
+{
+ struct GNUNET_CRYPTO_EcdsaPrivateKey *key;
+ enum GNUNET_GenericReturnValue res;
+ key = GNUNET_CRYPTO_ecdsa_private_key_derive (priv,
+ label,
+ context);
+ res = GNUNET_CRYPTO_ecdsa_sign_ (key,
+ purpose,
+ sig);
+ GNUNET_free (key);
+ return res;
+}
struct GNUNET_CRYPTO_EcdsaPrivateKey *
GNUNET_CRYPTO_ecdsa_private_key_derive (
diff --git a/src/util/test_crypto_eddsa.c b/src/util/test_crypto_eddsa.c
index 459619ff2..e9573a307 100644
--- a/src/util/test_crypto_eddsa.c
+++ b/src/util/test_crypto_eddsa.c
@@ -130,9 +130,11 @@ testDeriveSignVerify (void)
return GNUNET_SYSERR;
}
- GNUNET_CRYPTO_eddsa_sign_with_scalar (&dpriv,
- &purp,
- &sig);
+ GNUNET_CRYPTO_eddsa_sign_derived (&key,
+ "test-derive",
+ "test-CTX",
+ &purp,
+ &sig);
if (GNUNET_SYSERR ==
GNUNET_CRYPTO_eddsa_verify_ (GNUNET_SIGNATURE_PURPOSE_TEST,
&purp,
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [gnunet] branch master updated: GNS: Sanitize APIs and align with LSD0001,
gnunet <=