fix sign api for to address #6164

src/conversation/gnunet-service-conversation.c

@@ -753,7 +753,7 @@ handle_cadet_ring_message (void *cls, const struct CadetPhoneRingMessage *msg)
 
   if (GNUNET_OK !=
       GNUNET_CRYPTO_ecdsa_verify (GNUNET_SIGNATURE_PURPOSE_CONVERSATION_RING,
-                                  &rs.purpose,
+                                  &rs,
                                   &msg->signature,
                                   &msg->caller_id))
   {
@@ -1138,9 +1138,9 @@ handle_client_call_message (void *cls, const struct ClientCallMessage *msg)
   e = GNUNET_MQ_msg (ring, GNUNET_MESSAGE_TYPE_CONVERSATION_CADET_PHONE_RING);
   GNUNET_CRYPTO_ecdsa_key_get_public (&msg->caller_id, &ring->caller_id);
   ring->expiration_time = rs.expiration_time;
-  GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_ecdsa_sign (&msg->caller_id,
-                                                        &rs.purpose,
-                                                        &ring->signature));
+  GNUNET_CRYPTO_ecdsa_sign (&msg->caller_id,
+                            &rs,
+                            &ring->signature);
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Sending RING message via CADET\n");
   GNUNET_MQ_send (ch->mq, e);
   GNUNET_SERVICE_client_continue (line->client);

src/core/gnunet-service-core_kx.c

@@ -1015,10 +1015,10 @@ handle_ephemeral_key (void *cls, const struct EphemeralKeyMessage *m)
        + sizeof(struct GNUNET_CRYPTO_EddsaPublicKey)
        + sizeof(struct GNUNET_CRYPTO_EddsaPublicKey)) ||
       (GNUNET_OK !=
-       GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_PURPOSE_SET_ECC_KEY,
-                                   &m->purpose,
-                                   &m->signature,
-                                   &m->origin_identity.public_key)))
+       GNUNET_CRYPTO_eddsa_verify_ (GNUNET_SIGNATURE_PURPOSE_SET_ECC_KEY,
+                                    &m->purpose,
+                                    &m->signature,
+                                    &m->origin_identity.public_key)))
   {
     /* invalid signature */
     GNUNET_break_op (0);
@@ -1854,9 +1854,9 @@ sign_ephemeral_key ()
                                       &current_ekm.ephemeral_key);
   current_ekm.origin_identity = GSC_my_identity;
   GNUNET_assert (GNUNET_OK ==
-                 GNUNET_CRYPTO_eddsa_sign (my_private_key,
-                                           &current_ekm.purpose,
-                                           &current_ekm.signature));
+                 GNUNET_CRYPTO_eddsa_sign_ (my_private_key,
+                                            &current_ekm.purpose,
+                                            &current_ekm.signature));
 }
 
 

src/dns/plugin_block_dns.c

@@ -153,10 +153,10 @@ block_plugin_dns_evaluate (void *cls,
       return GNUNET_BLOCK_EVALUATION_RESULT_INVALID;
     }
     if (GNUNET_OK !=
-        GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_PURPOSE_DNS_RECORD,
-                                    &ad->purpose,
-                                    &ad->signature,
-                                    &ad->peer.public_key))
+        GNUNET_CRYPTO_eddsa_verify_ (GNUNET_SIGNATURE_PURPOSE_DNS_RECORD,
+                                     &ad->purpose,
+                                     &ad->signature,
+                                     &ad->peer.public_key))
     {
       GNUNET_break_op (0);
       return GNUNET_BLOCK_EVALUATION_RESULT_INVALID;

src/exit/gnunet-daemon-exit.c

@@ -3595,9 +3595,9 @@ do_dht_put (void *cls)
     expiration = GNUNET_TIME_relative_to_absolute (DNS_ADVERTISEMENT_TIMEOUT);
     dns_advertisement.expiration_time = GNUNET_TIME_absolute_hton (expiration);
     GNUNET_assert (GNUNET_OK ==
-                   GNUNET_CRYPTO_eddsa_sign (peer_key,
-                                             &dns_advertisement.purpose,
-                                             &dns_advertisement.signature));
+                   GNUNET_CRYPTO_eddsa_sign_ (peer_key,
+                                              &dns_advertisement.purpose,
+                                              &dns_advertisement.signature));
   }
   if (NULL != dht_put)
     GNUNET_DHT_put_cancel (dht_put);

src/fs/fs_publish_ublock.c

@@ -268,9 +268,9 @@ GNUNET_FS_publish_ublock_ (struct GNUNET_FS_Handle *h,
   GNUNET_CRYPTO_ecdsa_key_get_public (nsd,
                                       &ub_enc->verification_key);
   GNUNET_assert (GNUNET_OK ==
-                 GNUNET_CRYPTO_ecdsa_sign (nsd,
-                                           &ub_enc->purpose,
-                                           &ub_enc->signature));
+                 GNUNET_CRYPTO_ecdsa_sign_ (nsd,
+                                            &ub_enc->purpose,
+                                            &ub_enc->signature));
   GNUNET_CRYPTO_hash (&ub_enc->verification_key,
                       sizeof(ub_enc->verification_key),
                       &query);

src/fs/fs_uri.c

@@ -612,7 +612,7 @@ uri_loc_parse (const char *s, char **emsg)
   ass.exptime = GNUNET_TIME_absolute_hton (et);
   if (GNUNET_OK !=
       GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_PURPOSE_PEER_PLACEMENT,
-                                  &ass.purpose,
+                                  &ass,
                                   &sig,
                                   &ass.peer.public_key))
   {
@@ -900,10 +900,9 @@ GNUNET_FS_uri_loc_create (const struct GNUNET_FS_Uri *base_uri,
   uri->data.loc.fi = base_uri->data.chk;
   uri->data.loc.expirationTime = et;
   uri->data.loc.peer.public_key = my_public_key;
-  GNUNET_assert (GNUNET_OK ==
-                 GNUNET_CRYPTO_eddsa_sign (sign_key,
-                                           &ass.purpose,
-                                           &uri->data.loc.contentSignature));
+  GNUNET_CRYPTO_eddsa_sign (sign_key,
+                            &ass,
+                            &uri->data.loc.contentSignature);
   return uri;
 }
 

src/fs/plugin_block_fs.c

@@ -191,10 +191,10 @@ block_plugin_fs_evaluate (void *cls,
     }
     if ((0 == (eo & GNUNET_BLOCK_EO_LOCAL_SKIP_CRYPTO)) &&
         (GNUNET_OK !=
-         GNUNET_CRYPTO_ecdsa_verify (GNUNET_SIGNATURE_PURPOSE_FS_UBLOCK,
-                                     &ub->purpose,
-                                     &ub->signature,
-                                     &ub->verification_key)))
+         GNUNET_CRYPTO_ecdsa_verify_ (GNUNET_SIGNATURE_PURPOSE_FS_UBLOCK,
+                                      &ub->purpose,
+                                      &ub->signature,
+                                      &ub->verification_key)))
     {
       GNUNET_break_op (0);
       return GNUNET_BLOCK_EVALUATION_RESULT_INVALID;

src/gnsrecord/gnsrecord_crypto.c

@@ -166,9 +166,9 @@ block_create (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
                                                    &block[1]));
   }
   if (GNUNET_OK !=
-      GNUNET_CRYPTO_ecdsa_sign (dkey,
-                                &block->purpose,
-                                &block->signature))
+      GNUNET_CRYPTO_ecdsa_sign_ (dkey,
+                                 &block->purpose,
+                                 &block->signature))
   {
     GNUNET_break (0);
     GNUNET_free (dkey);
@@ -280,10 +280,10 @@ GNUNET_GNSRECORD_block_create2 (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
 int
 GNUNET_GNSRECORD_block_verify (const struct GNUNET_GNSRECORD_Block *block)
 {
-  return GNUNET_CRYPTO_ecdsa_verify (GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN,
-                                     &block->purpose,
-                                     &block->signature,
-                                     &block->derived_key);
+  return GNUNET_CRYPTO_ecdsa_verify_ (GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN,
+                                      &block->purpose,
+                                      &block->signature,
+                                      &block->derived_key);
 }
 
 

src/hello/hello-ng.c

@@ -79,8 +79,7 @@ GNUNET_HELLO_sign_address (
   sa.purpose.size = htonl (sizeof(sa));
   sa.mono_time = GNUNET_TIME_absolute_hton (mono_time);
   GNUNET_CRYPTO_hash (address, strlen (address), &sa.h_addr);
-  GNUNET_assert (GNUNET_YES ==
-                 GNUNET_CRYPTO_eddsa_sign (private_key, &sa.purpose, &sig));
+  GNUNET_CRYPTO_eddsa_sign (private_key, &sa, &sig);
   sig_str = NULL;
   (void) GNUNET_STRINGS_base64_encode (&sig, sizeof(sig), &sig_str);
   *result_size =
@@ -165,7 +164,7 @@ GNUNET_HELLO_extract_address (const void *raw,
   GNUNET_CRYPTO_hash (raw_addr, strlen (raw_addr), &sa.h_addr);
   if (GNUNET_YES !=
       GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_ADDRESS,
-                                  &sa.purpose,
+                                  &sa,
                                   sig,
                                   public_key))
   {

src/include/gnunet_crypto_lib.h

@@ -1639,19 +1639,21 @@ GNUNET_CRYPTO_ecdh_ecdsa (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv,
 
 /**
  * @ingroup crypto
- * EdDSA sign a given block.  The @a purpose data is the
- * beginning of the data of which the signature is to be
- * created. The `size` field in @a purpose must correctly
- * indicate the number of bytes of the data structure, including
- * its header.
+ * @brief EdDSA sign a given block.
+ *
+ * The @a purpose data is the beginning of the data of which the signature is
+ * to be created. The `size` field in @a purpose must correctly indicate the
+ * number of bytes of the data structure, including its header.  If possible,
+ * use #GNUNET_CRYPTO_eddsa_sign() instead of this function (only if @a validate
+ * is not fixed-size, you must use this function directly).
  *
  * @param priv private key to use for the signing
  * @param purpose what to sign (size, purpose)
- * @param sig where to write the signature
+ * @param[out] sig where to write the signature
  * @return #GNUNET_SYSERR on error, #GNUNET_OK on success
  */
 int
-GNUNET_CRYPTO_eddsa_sign (
+GNUNET_CRYPTO_eddsa_sign_ (
   const struct GNUNET_CRYPTO_EddsaPrivateKey *priv,
   const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose,
   struct GNUNET_CRYPTO_EddsaSignature *sig);
@@ -1659,32 +1661,87 @@ GNUNET_CRYPTO_eddsa_sign (
 
 /**
  * @ingroup crypto
- * ECDSA Sign a given block.  The @a purpose data is the
- * beginning of the data of which the signature is to be
- * created. The `size` field in @a purpose must correctly
- * indicate the number of bytes of the data structure, including
- * its header.
+ * @brief EdDSA sign a given block.
+ *
+ * The @a ps data must be a fixed-size struct for which the signature is to be
+ * created. The `size` field in @a ps->purpose must correctly indicate the
+ * number of bytes of the data structure, including its header.
+ *
+ * @param priv private key to use for the signing
+ * @param ps packed struct with what to sign, MUST begin with a purpose
+ * @param[out] sig where to write the signature
+ */
+#define GNUNET_CRYPTO_eddsa_sign(priv,ps,sig) do {                 \
+    /* check size is set correctly */                              \
+    GNUNET_assert (htonl ((ps)->purpose.size) == sizeof (*ps));    \
+    /* check 'ps' begins with the purpose */                       \
+    GNUNET_static_assert (((void*) (ps)) ==                        \
+                          ((void*) &(ps)->purpose));               \
+    GNUNET_assert (GNUNET_OK ==                                    \
+                   GNUNET_CRYPTO_eddsa_sign_ (priv,                \
+                                              &(ps)->purpose,      \
+                                              sig));               \
+} while (0)
+
+
+/**
+ * @ingroup crypto
+ * @brief ECDSA Sign a given block.
+ *
+ * The @a purpose data is the beginning of the data of which the signature is
+ * to be created. The `size` field in @a purpose must correctly indicate the
+ * number of bytes of the data structure, including its header. If possible,
+ * use #GNUNET_CRYPTO_ecdsa_sign() instead of this function (only if @a validate
+ * is not fixed-size, you must use this function directly).
  *
  * @param priv private key to use for the signing
  * @param purpose what to sign (size, purpose)
- * @param sig where to write the signature
+ * @param[out] sig where to write the signature
  * @return #GNUNET_SYSERR on error, #GNUNET_OK on success
  */
 int
-GNUNET_CRYPTO_ecdsa_sign (
+GNUNET_CRYPTO_ecdsa_sign_ (
   const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv,
   const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose,
   struct GNUNET_CRYPTO_EcdsaSignature *sig);
 
+
+/**
+ * @ingroup crypto
+ * @brief ECDSA sign a given block.
+ *
+ * The @a ps data must be a fixed-size struct for which the signature is to be
+ * created. The `size` field in @a ps->purpose must correctly indicate the
+ * number of bytes of the data structure, including its header.
+ *
+ * @param priv private key to use for the signing
+ * @param ps packed struct with what to sign, MUST begin with a purpose
+ * @param[out] sig where to write the signature
+ */
+#define GNUNET_CRYPTO_ecdsa_sign(priv,ps,sig) do {                 \
+    /* check size is set correctly */                              \
+    GNUNET_assert (htonl ((ps)->purpose.size) == sizeof (*(ps)));  \
+    /* check 'ps' begins with the purpose */                       \
+    GNUNET_static_assert (((void*) (ps)) ==                        \
+                          ((void*) &(ps)->purpose));               \
+    GNUNET_assert (GNUNET_OK ==                                    \
+                   GNUNET_CRYPTO_ecdsa_sign_ (priv,                \
+                                              &(ps)->purpose,      \
+                                              sig));               \
+} while (0)
+
+
 /**
  * @ingroup crypto
- * Verify EdDSA signature.  The @a validate data is the
- * beginning of the data of which the signature is to be
- * verified. The `size` field in @a validate must correctly
- * indicate the number of bytes of the data structure, including
- * its header.  If @a purpose does not match the purpose given
- * in @a validate (the latter must be in big endian), signature
- * verification fails.
+ * @brief Verify EdDSA signature.
+ *
+ * The @a validate data is the beginning of the data of which the signature
+ * is to be verified. The `size` field in @a validate must correctly indicate
+ * the number of bytes of the data structure, including its header.  If @a
+ * purpose does not match the purpose given in @a validate (the latter must be
+ * in big endian), signature verification fails.  If possible,
+ * use #GNUNET_CRYPTO_eddsa_verify() instead of this function (only if @a validate
+ * is not fixed-size, you must use this function directly).
  *
  * @param purpose what is the purpose that the signature should have?
  * @param validate block to validate (size, purpose, data)
@@ -1693,7 +1750,7 @@ GNUNET_CRYPTO_ecdsa_sign (
  * @returns #GNUNET_OK if ok, #GNUNET_SYSERR if invalid
  */
 int
-GNUNET_CRYPTO_eddsa_verify (
+GNUNET_CRYPTO_eddsa_verify_ (
   uint32_t purpose,
   const struct GNUNET_CRYPTO_EccSignaturePurpose *validate,
   const struct GNUNET_CRYPTO_EddsaSignature *sig,
@@ -1702,13 +1759,42 @@ GNUNET_CRYPTO_eddsa_verify (
 
 /**
  * @ingroup crypto
- * Verify ECDSA signature.  The @a validate data is the
- * beginning of the data of which the signature is to be
- * verified. The `size` field in @a validate must correctly
- * indicate the number of bytes of the data structure, including
- * its header.  If @a purpose does not match the purpose given
- * in @a validate (the latter must be in big endian), signature
- * verification fails.
+ * @brief Verify EdDSA signature.
+ *
+ * The @a ps data must be a fixed-size struct for which the signature is to be
+ * created. The `size` field in @a ps->purpose must correctly indicate the
+ * number of bytes of the data structure, including its header.
+ *
+ * @param purp purpose of the signature, must match 'ps->purpose.purpose'
+ *              (except in host byte order)
+ * @param priv private key to use for the signing
+ * @param ps packed struct with what to sign, MUST begin with a purpose
+ * @param sig where to write the signature
+ */
+#define GNUNET_CRYPTO_eddsa_verify(purp,ps,sig,pub) ({             \
+    /* check size is set correctly */                              \
+    GNUNET_assert (htonl ((ps)->purpose.size) == sizeof (*(ps))); \
+    /* check 'ps' begins with the purpose */                       \
+    GNUNET_static_assert (((void*) (ps)) ==                        \
+                          ((void*) &(ps)->purpose));               \
+    GNUNET_CRYPTO_eddsa_verify_ (purp,                             \
+                                 &(ps)->purpose,                   \
+                                 sig,                              \
+                                 pub);                             \
+  })
+
+
+/**
+ * @ingroup crypto
+ * @brief Verify ECDSA signature.
+ *
+ * The @a validate data is the beginning of the data of which the signature is
+ * to be verified. The `size` field in @a validate must correctly indicate the
+ * number of bytes of the data structure, including its header.  If @a purpose
+ * does not match the purpose given in @a validate (the latter must be in big
+ * endian), signature verification fails.  If possible, use
+ * #GNUNET_CRYPTO_eddsa_verify() instead of this function (only if @a validate
+ * is not fixed-size, you must use this function directly).
  *
  * @param purpose what is the purpose that the signature should have?
  * @param validate block to validate (size, purpose, data)
@@ -1717,13 +1803,39 @@ GNUNET_CRYPTO_eddsa_verify (
  * @returns #GNUNET_OK if ok, #GNUNET_SYSERR if invalid
  */
 int
-GNUNET_CRYPTO_ecdsa_verify (
+GNUNET_CRYPTO_ecdsa_verify_ (
   uint32_t purpose,
   const struct GNUNET_CRYPTO_EccSignaturePurpose *validate,
   const struct GNUNET_CRYPTO_EcdsaSignature *sig,
   const struct GNUNET_CRYPTO_EcdsaPublicKey *pub);
 
 
+/**
+ * @ingroup crypto
+ * @brief Verify ECDSA signature.
+ *
+ * The @a ps data must be a fixed-size struct for which the signature is to be
+ * created. The `size` field in @a ps->purpose must correctly indicate the
+ * number of bytes of the data structure, including its header.
+ *
+ * @param purp purpose of the signature, must match 'ps->purpose.purpose'
+ *              (except in host byte order)
+ * @param priv private key to use for the signing
+ * @param ps packed struct with what to sign, MUST begin with a purpose
+ * @param sig where to write the signature
+ */
+#define GNUNET_CRYPTO_ecdsa_verify(purp,ps,sig,pub) ({             \
+    /* check size is set correctly */                              \
+    GNUNET_assert (htonl ((ps)->purpose.size) == sizeof (*(ps)));  \
+    /* check 'ps' begins with the purpose */                       \
+    GNUNET_static_assert (((void*) (ps)) ==                        \
+                          ((void*) &(ps)->purpose));               \
+    GNUNET_CRYPTO_ecdsa_verify_ (purp,                             \
+                                 &(ps)->purpose,                   \
+                                 sig,                              \
+                                 pub);                             \
+  })
+
 /**
  * @ingroup crypto
  * Derive a private key from a given private key and a label.

src/nse/gnunet-service-nse.c

@@ -668,9 +668,10 @@ setup_flood_message (unsigned int slot, struct GNUNET_TIME_Absolute ts)
   fm->origin = my_identity;
   fm->proof_of_work = my_proof;
   if (nse_work_required > 0)
-    GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_eddsa_sign (my_private_key,
-                                                          &fm->purpose,
-                                                          &fm->signature));
+    GNUNET_assert (GNUNET_OK ==
+                   GNUNET_CRYPTO_eddsa_sign_ (my_private_key,
+                                              &fm->purpose,
+                                              &fm->signature));
   else
     memset (&fm->signature, 0, sizeof(fm->signature));
 }
@@ -922,10 +923,10 @@ verify_message_crypto (const struct GNUNET_NSE_FloodMessage *incoming_flood)
   }
   if ((nse_work_required > 0) &&
       (GNUNET_OK !=
-       GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_PURPOSE_NSE_SEND,
-                                   &incoming_flood->purpose,
-                                   &incoming_flood->signature,
-                                   &incoming_flood->origin.public_key)))
+       GNUNET_CRYPTO_eddsa_verify_ (GNUNET_SIGNATURE_PURPOSE_NSE_SEND,
+                                    &incoming_flood->purpose,
+                                    &incoming_flood->signature,
+                                    &incoming_flood->origin.public_key)))
   {
     GNUNET_break_op (0);
     return GNUNET_NO;

src/reclaim/oidc_helper.c

@@ -551,10 +551,10 @@ OIDC_build_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer,
   buf_ptr += payload_len;
   // Sign and store signature
   if (GNUNET_SYSERR ==
-      GNUNET_CRYPTO_ecdsa_sign (issuer,
-                                purpose,
-                                (struct GNUNET_CRYPTO_EcdsaSignature *)
-                                buf_ptr))
+      GNUNET_CRYPTO_ecdsa_sign_ (issuer,
+                                 purpose,
+                                 (struct GNUNET_CRYPTO_EcdsaSignature *)
+                                 buf_ptr))
   {
     GNUNET_break (0);
     GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Unable to sign code\n");
@@ -658,7 +658,8 @@ OIDC_parse_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *ecdsa_priv,
                          code_verifier,
                          strlen (code_verifier));
     // encode code verifier
-    GNUNET_STRINGS_base64url_encode (code_verifier_hash, 256 / 8, &expected_code_challenge);
+    GNUNET_STRINGS_base64url_encode (code_verifier_hash, 256 / 8,
+                                     &expected_code_challenge);
     code_challenge = (char *) &params[1];
     GNUNET_free (code_verifier_hash);
     if ((strlen (expected_code_challenge) != code_challenge_len) ||
@@ -692,10 +693,10 @@ OIDC_parse_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *ecdsa_priv,
     return GNUNET_SYSERR;
   }
   if (GNUNET_OK !=
-      GNUNET_CRYPTO_ecdsa_verify (GNUNET_SIGNATURE_PURPOSE_RECLAIM_CODE_SIGN,
-                                  purpose,
-                                  signature,
-                                  &ticket->identity))
+      GNUNET_CRYPTO_ecdsa_verify_ (GNUNET_SIGNATURE_PURPOSE_RECLAIM_CODE_SIGN,
+                                   purpose,
+                                   signature,
+                                   &ticket->identity))
   {
     GNUNET_free (code_payload);
     GNUNET_free (plaintext);

src/regex/plugin_block_regex.c

@@ -247,10 +247,10 @@ evaluate_block_regex_accept (void *cls,
     return GNUNET_BLOCK_EVALUATION_OK_DUPLICATE;
   }
   if (GNUNET_OK !=
-      GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_PURPOSE_REGEX_ACCEPT,
-                                  &rba->purpose,
-                                  &rba->signature,
-                                  &rba->peer.public_key))
+      GNUNET_CRYPTO_eddsa_verify_ (GNUNET_SIGNATURE_PURPOSE_REGEX_ACCEPT,
+                                   &rba->purpose,
+                                   &rba->signature,
+                                   &rba->peer.public_key))
   {
     GNUNET_break_op (0);
     return GNUNET_BLOCK_EVALUATION_RESULT_INVALID;

src/regex/regex_internal_dht.c

@@ -136,9 +136,9 @@ regex_iterator (void *cls,
     GNUNET_CRYPTO_eddsa_key_get_public (h->priv,
                                         &ab.peer.public_key);
     GNUNET_assert (GNUNET_OK ==
-                   GNUNET_CRYPTO_eddsa_sign (h->priv,
-                                             &ab.purpose,
-                                             &ab.signature));
+                   GNUNET_CRYPTO_eddsa_sign_ (h->priv,
+                                              &ab.purpose,
+                                              &ab.signature));
 
     GNUNET_STATISTICS_update (h->stats, "# regex accepting blocks stored",
                               1, GNUNET_NO);

src/revocation/gnunet-service-revocation.c

@@ -178,10 +178,10 @@ verify_revoke_message (const struct RevokeMessage *rm)
     return GNUNET_NO;
   }
   if (GNUNET_OK !=
-      GNUNET_CRYPTO_ecdsa_verify (GNUNET_SIGNATURE_PURPOSE_REVOCATION,
-                                  &rm->purpose,
-                                  &rm->signature,
-                                  &rm->public_key))
+      GNUNET_CRYPTO_ecdsa_verify_ (GNUNET_SIGNATURE_PURPOSE_REVOCATION,
+                                   &rm->purpose,
+                                   &rm->signature,
+                                   &rm->public_key))
   {
     GNUNET_break_op (0);
     return GNUNET_NO;

src/revocation/plugin_block_revocation.c

@@ -151,10 +151,10 @@ block_plugin_revocation_evaluate (void *cls,
     return GNUNET_BLOCK_EVALUATION_RESULT_INVALID;
   }
   if (GNUNET_OK !=
-      GNUNET_CRYPTO_ecdsa_verify (GNUNET_SIGNATURE_PURPOSE_REVOCATION,
-                                  &rm->purpose,
-                                  &rm->signature,
-                                  &rm->public_key))
+      GNUNET_CRYPTO_ecdsa_verify_ (GNUNET_SIGNATURE_PURPOSE_REVOCATION,
+                                   &rm->purpose,
+                                   &rm->signature,
+                                   &rm->public_key))
   {
     GNUNET_break_op (0);
     return GNUNET_BLOCK_EVALUATION_RESULT_INVALID;

src/revocation/revocation_api.c

@@ -389,9 +389,9 @@ GNUNET_REVOCATION_sign_revocation (const struct
                            + sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey));
   GNUNET_CRYPTO_ecdsa_key_get_public (key, &rm.public_key);
   GNUNET_assert (GNUNET_OK ==
-                 GNUNET_CRYPTO_ecdsa_sign (key,
-                                           &rm.purpose,
-                                           sig));
+                 GNUNET_CRYPTO_ecdsa_sign_ (key,
+                                            &rm.purpose,
+                                            sig));
 }
 
 

src/secretsharing/gnunet-service-secretsharing.c

@@ -679,7 +679,7 @@ generate_presecret_polynomial (struct KeygenSession *ks)
   for (i = 0; i < ks->threshold; i++)
   {
     v = ks->presecret_polynomial[i] = gcry_mpi_new (
-          GNUNET_SECRETSHARING_ELGAMAL_BITS);
+      GNUNET_SECRETSHARING_ELGAMAL_BITS);
     GNUNET_assert (NULL != v);
     // Randomize v such that 0 < v < elgamal_q.
     // The '- 1' is necessary as bitlength(q) = bitlength(p) - 1.
@@ -750,7 +750,7 @@ keygen_round1_new_element (void *cls,
     return;
   }
 
-  if (GNUNET_OK != GNUNET_CRYPTO_eddsa_verify (
+  if (GNUNET_OK != GNUNET_CRYPTO_eddsa_verify_ (
         GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG1,
         &d->purpose, &d->signature,
         &d->peer.public_key))
@@ -1341,9 +1341,9 @@ insert_round2_element (struct KeygenSession *ks)
                                                     purpose));
   d->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG2);
   GNUNET_assert (GNUNET_OK ==
-                 GNUNET_CRYPTO_eddsa_sign (my_peer_private_key,
-                                           &d->purpose,
-                                           &d->signature));
+                 GNUNET_CRYPTO_eddsa_sign_ (my_peer_private_key,
+                                            &d->purpose,
+                                            &d->signature));
 
   GNUNET_CONSENSUS_insert (ks->consensus, element, NULL, NULL);
   GNUNET_free (element);  /* FIXME: maybe stack-allocate instead? */
@@ -1485,7 +1485,7 @@ keygen_round2_new_element (void *cls,
     return;
   }
 
-  if (GNUNET_OK != GNUNET_CRYPTO_eddsa_verify (
+  if (GNUNET_OK != GNUNET_CRYPTO_eddsa_verify_ (
         GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG2,
         &d->purpose, &d->signature,
         &d->peer.public_key))
@@ -1687,9 +1687,9 @@ insert_round1_element (struct KeygenSession *ks)
                                                    purpose));
   d->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG1);
   GNUNET_assert (GNUNET_OK ==
-                 GNUNET_CRYPTO_eddsa_sign (my_peer_private_key,
-                                           &d->purpose,
-                                           &d->signature));
+                 GNUNET_CRYPTO_eddsa_sign_ (my_peer_private_key,
+                                            &d->purpose,
+                                            &d->signature));
 
   GNUNET_CONSENSUS_insert (ks->consensus, element, NULL, NULL);
 
@@ -2189,9 +2189,9 @@ insert_decrypt_element (struct DecryptSession *ds)
   d.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DECRYPTION);
 
   GNUNET_assert (GNUNET_OK ==
-                 GNUNET_CRYPTO_eddsa_sign (my_peer_private_key,
-                                           &d.purpose,
-                                           &d.signature));
+                 GNUNET_CRYPTO_eddsa_sign_ (my_peer_private_key,
+                                            &d.purpose,
+                                            &d.signature));
 
   GNUNET_CONSENSUS_insert (ds->consensus, &element, NULL, NULL);
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,

src/transport/gnunet-communicator-tcp.c

@@ -880,7 +880,7 @@ do_rekey (struct Queue *queue, const struct TCPRekey *rekey)
   /* FIXME: check monotonic time is monotonic... */
   if (GNUNET_OK !=
       GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_COMMUNICATOR_TCP_REKEY,
-                                  &thp.purpose,
+                                  &thp,
                                   &rekey->sender_sig,
                                   &queue->target.public_key))
   {
@@ -1063,8 +1063,7 @@ queue_read (void *cls)
        However, we have to take into account that the plaintext buffer may have
        already contained data and not jumpt too far ahead in the ciphertext.
        If there is no rekey and the last message is incomplete (max > total),
-       it is safe to keep the decryption so we shift by 'max' */
-    if (GNUNET_YES == queue->rekeyed)
+       it is safe to keep the decryption so we shift by 'max' */if (GNUNET_YES == queue->rekeyed)
     {
       max = total - old_pread_off;
       queue->rekeyed = GNUNET_NO;
@@ -1284,9 +1283,9 @@ inject_rekey (struct Queue *queue)
   thp.receiver = queue->target;
   thp.ephemeral = rekey.ephemeral;
   thp.monotonic_time = rekey.monotonic_time;
-  GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_eddsa_sign (my_private_key,
-                                                        &thp.purpose,
-                                                        &rekey.sender_sig));
+  GNUNET_CRYPTO_eddsa_sign (my_private_key,
+                            &thp,
+                            &rekey.sender_sig);
   calculate_hmac (&queue->out_hmac, &rekey, sizeof(rekey), &rekey.hmac);
   /* Encrypt rekey message with 'old' cipher */
   GNUNET_assert (0 ==
@@ -1586,9 +1585,9 @@ transmit_kx (struct Queue *queue,
   ths.receiver = queue->target;
   ths.ephemeral = *epub;
   ths.monotonic_time = tc.monotonic_time;
-  GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_eddsa_sign (my_private_key,
-                                                        &ths.purpose,
-                                                        &tc.sender_sig));
+  GNUNET_CRYPTO_eddsa_sign (my_private_key,
+                            &ths,
+                            &tc.sender_sig);
   GNUNET_assert (0 ==
                  gcry_cipher_encrypt (queue->out_cipher,
                                       &queue->cwrite_buf[queue->cwrite_off],
@@ -1654,7 +1653,7 @@ decrypt_and_check_tc (struct Queue *queue,
      from this sender! */
   return GNUNET_CRYPTO_eddsa_verify (
     GNUNET_SIGNATURE_COMMUNICATOR_TCP_HANDSHAKE,
-    &ths.purpose,
+    &ths,
     &tc->sender_sig,
     &tc->sender.public_key);
 }
@@ -1953,7 +1952,7 @@ mq_init (void *cls, const struct GNUNET_PeerIdentity *peer, const char *address)
   queue->address_len = in_len;
   queue->sock = sock;
   boot_queue (queue, GNUNET_TRANSPORT_CS_OUTBOUND);
-  //queue->mq_awaits_continue = GNUNET_YES;
+  // queue->mq_awaits_continue = GNUNET_YES;
   queue->read_task =
     GNUNET_SCHEDULER_add_read_net (GNUNET_CONSTANTS_IDLE_CONNECTION_TIMEOUT,
                                    queue->sock,
@@ -2155,9 +2154,9 @@ run (void *cls,
     max_queue_length = DEFAULT_MAX_QUEUE_LENGTH;
   if (GNUNET_OK !=
       GNUNET_CONFIGURATION_get_value_time (cfg,
-                                             COMMUNICATOR_CONFIG_SECTION,
-                                             "REKEY_INTERVAL",
-                                             &rekey_interval))
+                                           COMMUNICATOR_CONFIG_SECTION,
+                                           "REKEY_INTERVAL",
+                                           &rekey_interval))
     rekey_interval = DEFAULT_REKEY_INTERVAL;
 
   in = tcp_address_to_sockaddr (bindto, &in_len);
@@ -2286,8 +2285,8 @@ main (int argc, char *const *argv)
                                           options,
                                           &run,
                                           NULL))
-    ? 0
-    : 1;
+        ? 0
+        : 1;
   GNUNET_free ((void *) argv);
   return ret;
 }

src/transport/gnunet-communicator-udp.c

@@ -1533,7 +1533,7 @@ verify_confirmation (const struct GNUNET_CRYPTO_EcdhePublicKey *ephemeral,
   uhs.monotonic_time = uc->monotonic_time;
   return GNUNET_CRYPTO_eddsa_verify (
     GNUNET_SIGNATURE_COMMUNICATOR_UDP_HANDSHAKE,
-    &uhs.purpose,
+    &uhs,
     &uc->sender_sig,
     &uc->sender.public_key);
 }
@@ -1634,7 +1634,7 @@ sock_read (void *cls)
     GNUNET_CRYPTO_hash (&sa, salen, &uhs.h_address);
     if (GNUNET_OK ==
         GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_COMMUNICATOR_UDP_BROADCAST,
-                                    &uhs.purpose,
+                                    &uhs,
                                     &ub->sender_sig,
                                     &ub->sender.public_key))
     {
@@ -1932,9 +1932,9 @@ mq_send (struct GNUNET_MQ_Handle *mq,
     uhs.receiver = receiver->target;
     GNUNET_CRYPTO_ecdhe_key_get_public (&epriv, &uhs.ephemeral);
     uhs.monotonic_time = uc.monotonic_time;
-    GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_eddsa_sign (my_private_key,
-                                                          &uhs.purpose,
-                                                          &uc.sender_sig));
+    GNUNET_CRYPTO_eddsa_sign (my_private_key,
+                              &uhs,
+                              &uc.sender_sig);
     /* Leave space for kx */
     dpos = sizeof(kx);
     /* Append encrypted uc to dgram */
@@ -2534,9 +2534,9 @@ iface_proc (void *cls,
   ubs.purpose.size = htonl (sizeof(ubs));
   ubs.sender = my_identity;
   GNUNET_CRYPTO_hash (addr, addrlen, &ubs.h_address);
-  GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_eddsa_sign (my_private_key,
-                                                        &ubs.purpose,
-                                                        &bi->bcm.sender_sig));
+  GNUNET_CRYPTO_eddsa_sign (my_private_key,
+                            &ubs,
+                            &bi->bcm.sender_sig);
   if (NULL != broadcast_addr)
   {
     bi->broadcast_task = GNUNET_SCHEDULER_add_now (&ifc_broadcast, bi);

src/transport/gnunet-service-tng.c

@@ -4137,9 +4137,9 @@ update_ephemeral (struct DistanceVector *dv)
   ec.purpose.size = htonl (sizeof(ec));
   ec.target = dv->target;
   ec.ephemeral_key = dv->ephemeral_key;
-  GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_eddsa_sign (GST_my_private_key,
-                                                        &ec.purpose,
-                                                        &dv->sender_sig));
+  GNUNET_CRYPTO_eddsa_sign (GST_my_private_key,
+                            &ec,
+                            &dv->sender_sig);
 }
 
 
@@ -6391,17 +6391,17 @@ forward_dv_learn (const struct GNUNET_PeerIdentity *next_hop,
   GNUNET_memcpy (dhops, hops, sizeof(struct DVPathEntryP) * nhops);
   dhops[nhops].hop = GST_my_identity;
   {
-    struct DvHopPS dhp = { .purpose.purpose =
-                             htonl (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_DV_HOP),
-                           .purpose.size = htonl (sizeof(dhp)),
-                           .pred = dhops[nhops - 1].hop,
-                           .succ = *next_hop,
-                           .challenge = msg->challenge };
+    struct DvHopPS dhp = {
+      .purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_DV_HOP),
+      .purpose.size = htonl (sizeof(dhp)),
+      .pred = dhops[nhops - 1].hop,
+      .succ = *next_hop,
+      .challenge = msg->challenge
+    };
 
-    GNUNET_assert (GNUNET_OK ==
-                   GNUNET_CRYPTO_eddsa_sign (GST_my_private_key,
-                                             &dhp.purpose,
-                                             &dhops[nhops].hop_sig));
+    GNUNET_CRYPTO_eddsa_sign (GST_my_private_key,
+                              &dhp,
+                              &dhops[nhops].hop_sig);
   }
   route_control_message_without_fc (next_hop,
                                     &fwd->header,
@@ -6434,7 +6434,7 @@ validate_dv_initiator_signature (
   if (
     GNUNET_OK !=
     GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_DV_INITIATOR,
-                                &ip.purpose,
+                                &ip,
                                 init_sig,
                                 &init->public_key))
   {
@@ -6770,7 +6770,7 @@ handle_dv_learn (void *cls, const struct TransportDVLearnMessage *dvl)
 
     if (GNUNET_OK !=
         GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_DV_HOP,
-                                    &dhp.purpose,
+                                    &dhp,
                                     &hops[i].hop_sig,
                                     &hops[i].hop.public_key))
     {
@@ -7422,7 +7422,7 @@ handle_dv_box (void *cls, const struct TransportDVBoxMessage *dvb)
         GNUNET_OK !=
         GNUNET_CRYPTO_eddsa_verify (
           GNUNET_SIGNATURE_PURPOSE_TRANSPORT_EPHEMERAL,
-          &ec.purpose,
+          &ec,
           &ppay.sender_sig,
           &ppay.sender.public_key))
       {
@@ -7728,15 +7728,16 @@ handle_validation_challenge (
   tvr.validity_duration = validity_duration;
   {
     /* create signature */
-    struct TransportValidationPS tvp =
-    { .purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_CHALLENGE),
+    struct TransportValidationPS tvp = {
+      .purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_CHALLENGE),
       .purpose.size = htonl (sizeof(tvp)),
       .validity_duration = validity_duration,
-      .challenge = tvc->challenge };
+      .challenge = tvc->challenge
+    };
 
-    GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_eddsa_sign (GST_my_private_key,
-                                                          &tvp.purpose,
-                                                          &tvr.signature));
+    GNUNET_CRYPTO_eddsa_sign (GST_my_private_key,
+                              &tvp,
+                              &tvr.signature);
   }
   route_control_message_without_fc (&cmc->im.sender,
                                     &tvr.header,
@@ -7921,16 +7922,17 @@ handle_validation_response (
 
   {
     /* check signature */
-    struct TransportValidationPS tvp =
-    { .purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_CHALLENGE),
+    struct TransportValidationPS tvp = {
+      .purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_CHALLENGE),
       .purpose.size = htonl (sizeof(tvp)),
       .validity_duration = tvr->validity_duration,
-      .challenge = tvr->challenge };
+      .challenge = tvr->challenge
+    };
 
     if (
       GNUNET_OK !=
       GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_CHALLENGE,
-                                  &tvp.purpose,
+                                  &tvp,
                                   &tvr->signature,
                                   &cmc->im.sender.public_key))
     {
@@ -9393,15 +9395,17 @@ start_dv_learn (void *cls)
   dvl.monotonic_time =
     GNUNET_TIME_absolute_hton (GNUNET_TIME_absolute_get_monotonic (GST_cfg));
   {
-    struct DvInitPS dvip = { .purpose.purpose = htonl (
-                               GNUNET_SIGNATURE_PURPOSE_TRANSPORT_DV_INITIATOR),
-                             .purpose.size = htonl (sizeof(dvip)),
-                             .monotonic_time = dvl.monotonic_time,
-                             .challenge = lle->challenge };
-
-    GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_eddsa_sign (GST_my_private_key,
-                                                          &dvip.purpose,
-                                                          &dvl.init_sig));
+    struct DvInitPS dvip = {
+      .purpose.purpose = htonl (
+        GNUNET_SIGNATURE_PURPOSE_TRANSPORT_DV_INITIATOR),
+      .purpose.size = htonl (sizeof(dvip)),
+      .monotonic_time = dvl.monotonic_time,
+      .challenge = lle->challenge
+    };
+
+    GNUNET_CRYPTO_eddsa_sign (GST_my_private_key,
+                              &dvip,
+                              &dvl.init_sig);
   }
   dvl.initiator = GST_my_identity;
   dvl.challenge = lle->challenge;

src/transport/gnunet-service-transport_neighbours.c

@@ -1045,9 +1045,9 @@ send_disconnect (struct NeighbourMapEntry *n)
     GNUNET_TIME_absolute_hton (GNUNET_TIME_absolute_get ());
   disconnect_msg.public_key = GST_my_identity.public_key;
   GNUNET_assert (GNUNET_OK ==
-                 GNUNET_CRYPTO_eddsa_sign (GST_my_private_key,
-                                           &disconnect_msg.purpose,
-                                           &disconnect_msg.signature));
+                 GNUNET_CRYPTO_eddsa_sign_ (GST_my_private_key,
+                                            &disconnect_msg.purpose,
+                                            &disconnect_msg.signature));
 
   (void) send_with_session (n,
                             &disconnect_msg,
@@ -3763,7 +3763,7 @@ GST_neighbours_handle_disconnect_message (const struct
     return;
   }
   if (GNUNET_OK !=
-      GNUNET_CRYPTO_eddsa_verify (
+      GNUNET_CRYPTO_eddsa_verify_ (
         GNUNET_MESSAGE_TYPE_TRANSPORT_SESSION_DISCONNECT,
         &sdm->purpose,
         &sdm->signature,

src/transport/gnunet-service-transport_validation.c

@@ -1271,8 +1271,9 @@ GST_validation_handle_ping (const struct GNUNET_PeerIdentity *sender,
     *sig_cache_exp = GNUNET_TIME_relative_to_absolute (PONG_SIGNATURE_LIFETIME);
     pong->expiration = GNUNET_TIME_absolute_hton (*sig_cache_exp);
     if (GNUNET_OK !=
-        GNUNET_CRYPTO_eddsa_sign (GST_my_private_key, &pong->purpose,
-                                  sig_cache))
+        GNUNET_CRYPTO_eddsa_sign_ (GST_my_private_key,
+                                   &pong->purpose,
+                                   sig_cache))
     {
       GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
                   _ ("Failed to create PONG signature for peer `%s'\n"),
@@ -1559,7 +1560,7 @@ GST_validation_handle_pong (const struct GNUNET_PeerIdentity *sender,
   if (GNUNET_YES == do_verify)
   {
     /* Do expensive verification */
-    sig_res = GNUNET_CRYPTO_eddsa_verify (
+    sig_res = GNUNET_CRYPTO_eddsa_verify_ (
       GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN,
       &pong->purpose,
       &pong->signature,

src/util/crypto_ecc.c

@@ -688,7 +688,7 @@ data_to_ecdsa_value (const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose)
  * @return #GNUNET_SYSERR on error, #GNUNET_OK on success
  */
 int
-GNUNET_CRYPTO_ecdsa_sign (
+GNUNET_CRYPTO_ecdsa_sign_ (
   const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv,
   const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose,
   struct GNUNET_CRYPTO_EcdsaSignature *sig)
@@ -750,7 +750,7 @@ GNUNET_CRYPTO_ecdsa_sign (
  * @return #GNUNET_SYSERR on error, #GNUNET_OK on success
  */
 int
-GNUNET_CRYPTO_eddsa_sign (
+GNUNET_CRYPTO_eddsa_sign_ (
   const struct GNUNET_CRYPTO_EddsaPrivateKey *priv,
   const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose,
   struct GNUNET_CRYPTO_EddsaSignature *sig)
@@ -786,7 +786,7 @@ GNUNET_CRYPTO_eddsa_sign (
  * @returns #GNUNET_OK if ok, #GNUNET_SYSERR if invalid
  */
 int
-GNUNET_CRYPTO_ecdsa_verify (
+GNUNET_CRYPTO_ecdsa_verify_ (
   uint32_t purpose,
   const struct GNUNET_CRYPTO_EccSignaturePurpose *validate,
   const struct GNUNET_CRYPTO_EcdsaSignature *sig,
@@ -860,7 +860,7 @@ GNUNET_CRYPTO_ecdsa_verify (
  * @returns #GNUNET_OK if ok, #GNUNET_SYSERR if invalid
  */
 int
-GNUNET_CRYPTO_eddsa_verify (
+GNUNET_CRYPTO_eddsa_verify_ (
   uint32_t purpose,
   const struct GNUNET_CRYPTO_EccSignaturePurpose *validate,
   const struct GNUNET_CRYPTO_EddsaSignature *sig,

src/util/gnunet-crypto-tvg.c

@@ -124,16 +124,19 @@ run (void *cls,
     struct GNUNET_CRYPTO_EddsaPublicKey pub;
     struct GNUNET_CRYPTO_EddsaSignature sig;
     struct TestSignatureDataPS data = { 0 };
+
     priv = GNUNET_CRYPTO_eddsa_key_create ();
     GNUNET_CRYPTO_eddsa_key_get_public (priv, &pub);
-    data.purpose.size = htonl (sizeof (struct TestSignatureDataPS));
-    data.purpose.size = htonl (GNUNET_SIGNATURE_PURPOSE_TEST);
-    GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_eddsa_sign (priv, &data.purpose,
-                                                          &sig));
-    GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_eddsa_verify (0,
-                                                            &data.purpose,
-                                                            &sig,
-                                                            &pub));
+    data.purpose.size = htonl (sizeof (data));
+    data.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TEST);
+    GNUNET_CRYPTO_eddsa_sign (priv,
+                              &data,
+                              &sig);
+    GNUNET_assert (GNUNET_OK ==
+                   GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_PURPOSE_TEST,
+                                               &data,
+                                               &sig,
+                                               &pub));
 
     printf ("eddsa sig:\n");
     display_data ("  priv", priv, sizeof (struct
@@ -151,15 +154,16 @@ run (void *cls,
     char *salt = "I'm very salty";
     char *ctx = "I'm a context chunk, also known as 'info' in the RFC";
 
-    GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_kdf (&out,
-                                                   out_len,
-                                                   salt,
-                                                   strlen (salt),
-                                                   ikm,
-                                                   strlen (ikm),
-                                                   ctx,
-                                                   strlen (ctx),
-                                                   NULL));
+    GNUNET_assert (GNUNET_OK ==
+                   GNUNET_CRYPTO_kdf (&out,
+                                      out_len,
+                                      salt,
+                                      strlen (salt),
+                                      ikm,
+                                      strlen (ikm),
+                                      ctx,
+                                      strlen (ctx),
+                                      NULL));
 
     printf ("kdf:\n");
     display_data ("  salt", salt, strlen (salt));
@@ -210,15 +214,19 @@ run (void *cls,
     size_t sig_enc_length;
     skey = GNUNET_CRYPTO_rsa_private_key_create (2048);
     pkey = GNUNET_CRYPTO_rsa_private_key_get_public (skey);
-    GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK, &message_hash,
+    GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
+                                &message_hash,
                                 sizeof (struct GNUNET_HashCode));
-    GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK, &bks, sizeof (struct
-                                                                          GNUNET_CRYPTO_RsaBlindingKeySecret));
-    GNUNET_assert (GNUNET_YES == GNUNET_CRYPTO_rsa_blind (&message_hash,
-                                                          &bks,
-                                                          pkey,
-                                                          &blinded_data,
-                                                          &blinded_len));
+    GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
+                                &bks,
+                                sizeof (struct
+                                        GNUNET_CRYPTO_RsaBlindingKeySecret));
+    GNUNET_assert (GNUNET_YES ==
+                   GNUNET_CRYPTO_rsa_blind (&message_hash,
+                                            &bks,
+                                            pkey,
+                                            &blinded_data,
+                                            &blinded_len));
     blinded_sig = GNUNET_CRYPTO_rsa_sign_blinded (skey, blinded_data,
                                                   blinded_len);
     sig = GNUNET_CRYPTO_rsa_unblind (blinded_sig, &bks, pkey);

src/util/perf_crypto_asymmetric.c

@@ -93,18 +93,18 @@ main (int argc, char *argv[])
   start = GNUNET_TIME_absolute_get ();
   for (i = 0; i < l; i++)
     GNUNET_assert (GNUNET_OK ==
-                   GNUNET_CRYPTO_eddsa_sign (eddsa[i],
-                                             &sig[i].purp,
-                                             &sig[i].sig));
+                   GNUNET_CRYPTO_eddsa_sign_ (eddsa[i],
+                                              &sig[i].purp,
+                                              &sig[i].sig));
   log_duration ("EdDSA", "sign HashCode");
 
   start = GNUNET_TIME_absolute_get ();
   for (i = 0; i < l; i++)
     GNUNET_assert (GNUNET_OK ==
-                   GNUNET_CRYPTO_eddsa_verify (0,
-                                               &sig[i].purp,
-                                               &sig[i].sig,
-                                               &dspub[i]));
+                   GNUNET_CRYPTO_eddsa_verify_ (0,
+                                                &sig[i].purp,
+                                                &sig[i].sig,
+                                                &dspub[i]));
   log_duration ("EdDSA", "verify HashCode");
 
   start = GNUNET_TIME_absolute_get ();

src/util/test_crypto_ecdsa.c

@@ -55,7 +55,8 @@ testSignVerify ()
   for (i = 0; i < ITER; i++)
   {
     fprintf (stderr, "%s", "."); fflush (stderr);
-    if (GNUNET_SYSERR == GNUNET_CRYPTO_ecdsa_sign (key, &purp, &sig))
+    if (GNUNET_SYSERR ==
+        GNUNET_CRYPTO_ecdsa_sign_ (key, &purp, &sig))
     {
       fprintf (stderr,
                "%s",
@@ -64,16 +65,18 @@ testSignVerify ()
       continue;
     }
     if (GNUNET_SYSERR ==
-        GNUNET_CRYPTO_ecdsa_verify (GNUNET_SIGNATURE_PURPOSE_TEST, &purp, &sig,
-                                    &pkey))
+        GNUNET_CRYPTO_ecdsa_verify_ (GNUNET_SIGNATURE_PURPOSE_TEST,
+                                     &purp, &sig,
+                                     &pkey))
     {
       printf ("GNUNET_CRYPTO_ecdsa_verify failed!\n");
       ok = GNUNET_SYSERR;
       continue;
     }
     if (GNUNET_SYSERR !=
-        GNUNET_CRYPTO_ecdsa_verify (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN,
-                                    &purp, &sig, &pkey))
+        GNUNET_CRYPTO_ecdsa_verify_ (
+          GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN,
+          &purp, &sig, &pkey))
     {
       printf ("GNUNET_CRYPTO_ecdsa_verify failed to fail!\n");
       ok = GNUNET_SYSERR;
@@ -104,33 +107,33 @@ testDeriveSignVerify ()
   purp.size = htonl (sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose));
   purp.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TEST);
 
-  if (GNUNET_SYSERR == GNUNET_CRYPTO_ecdsa_sign (dpriv, &purp, &sig))
+  if (GNUNET_SYSERR == GNUNET_CRYPTO_ecdsa_sign_ (dpriv, &purp, &sig))
   {
     fprintf (stderr, "%s", "GNUNET_CRYPTO_ecdsa_sign returned SYSERR\n");
     GNUNET_free (dpriv);
     return GNUNET_SYSERR;
   }
   if (GNUNET_SYSERR ==
-      GNUNET_CRYPTO_ecdsa_verify (GNUNET_SIGNATURE_PURPOSE_TEST,
-                                  &purp, &sig,
-                                  &dpub))
+      GNUNET_CRYPTO_ecdsa_verify_ (GNUNET_SIGNATURE_PURPOSE_TEST,
+                                   &purp, &sig,
+                                   &dpub))
   {
     printf ("GNUNET_CRYPTO_ecdsa_verify failed!\n");
     GNUNET_free (dpriv);
     return GNUNET_SYSERR;
   }
   if (GNUNET_SYSERR !=
-      GNUNET_CRYPTO_ecdsa_verify (GNUNET_SIGNATURE_PURPOSE_TEST,
-                                  &purp, &sig,
-                                  &pkey))
+      GNUNET_CRYPTO_ecdsa_verify_ (GNUNET_SIGNATURE_PURPOSE_TEST,
+                                   &purp, &sig,
+                                   &pkey))
   {
     printf ("GNUNET_CRYPTO_ecdsa_verify failed to fail!\n");
     GNUNET_free (dpriv);
     return GNUNET_SYSERR;
   }
   if (GNUNET_SYSERR !=
-      GNUNET_CRYPTO_ecdsa_verify (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN,
-                                  &purp, &sig, &dpub))
+      GNUNET_CRYPTO_ecdsa_verify_ (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN,
+                                   &purp, &sig, &dpub))
   {
     printf ("GNUNET_CRYPTO_ecdsa_verify failed to fail!\n");
     GNUNET_free (dpriv);
@@ -160,7 +163,7 @@ testSignPerformance ()
   for (i = 0; i < ITER; i++)
   {
     fprintf (stderr, "%s", "."); fflush (stderr);
-    if (GNUNET_SYSERR == GNUNET_CRYPTO_ecdsa_sign (key, &purp, &sig))
+    if (GNUNET_SYSERR == GNUNET_CRYPTO_ecdsa_sign_ (key, &purp, &sig))
     {
       fprintf (stderr, "%s",
                "GNUNET_CRYPTO_ecdsa_sign returned SYSERR\n");

src/util/test_crypto_eddsa.c

@@ -56,23 +56,24 @@ testSignVerify ()
   for (unsigned int i = 0; i < ITER; i++)
   {
     fprintf (stderr, "%s", "."); fflush (stderr);
-    if (GNUNET_SYSERR == GNUNET_CRYPTO_eddsa_sign (key, &purp, &sig))
+    if (GNUNET_SYSERR == GNUNET_CRYPTO_eddsa_sign_ (key, &purp, &sig))
     {
       fprintf (stderr, "%s", "GNUNET_CRYPTO_eddsa_sign returned SYSERR\n");
       ok = GNUNET_SYSERR;
       continue;
     }
     if (GNUNET_SYSERR ==
-        GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_PURPOSE_TEST, &purp, &sig,
-                                    &pkey))
+        GNUNET_CRYPTO_eddsa_verify_ (GNUNET_SIGNATURE_PURPOSE_TEST, &purp, &sig,
+                                     &pkey))
     {
       printf ("GNUNET_CRYPTO_eddsa_verify failed!\n");
       ok = GNUNET_SYSERR;
       continue;
     }
     if (GNUNET_SYSERR !=
-        GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN,
-                                    &purp, &sig, &pkey))
+        GNUNET_CRYPTO_eddsa_verify_ (
+          GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN,
+          &purp, &sig, &pkey))
     {
       printf ("GNUNET_CRYPTO_eddsa_verify failed to fail!\n");
       ok = GNUNET_SYSERR;
@@ -105,7 +106,7 @@ testSignPerformance ()
   for (unsigned int i = 0; i < ITER; i++)
   {
     fprintf (stderr, "%s", "."); fflush (stderr);
-    if (GNUNET_SYSERR == GNUNET_CRYPTO_eddsa_sign (key, &purp, &sig))
+    if (GNUNET_SYSERR == GNUNET_CRYPTO_eddsa_sign_ (key, &purp, &sig))
     {
       fprintf (stderr, "%s", "GNUNET_CRYPTO_eddsa_sign returned SYSERR\n");
       ok = GNUNET_SYSERR;