commit 06790e60f1fff410bd89a11f82203777955d5ca5
parent 6f10c58bf428f573e3c0ed95b0917cd941b10e6e
Author: Martin Schanzenbach <schanzen@gnunet.org>
Date: Thu, 28 May 2026 17:16:01 +0200
gnsrecord: document new API more
Diffstat:
3 files changed, 96 insertions(+), 31 deletions(-)
diff --git a/src/include/gnunet_gnsrecord_lib.h b/src/include/gnunet_gnsrecord_lib.h
@@ -711,6 +711,93 @@ GNUNET_GNSRECORD_block_decrypt (
const struct GNUNET_CRYPTO_BlindablePublicKey *zone_key, const char *label,
GNUNET_GNSRECORD_RecordCallback proc, void *proc_cls);
+/**
+ * The GNSRECORD encryption context.
+ * Used to de/encrypt GNS records.
+ */
+struct GNUNET_GNSRECORD_EncryptionContext
+{
+ /**
+ * Private data of the context.
+ * Passed to the APIs below as first argument.
+ */
+ void *cls;
+
+ /**
+ * Seal a record set.
+ *
+ * @param cls internal encryption context data. You MUST pass the cls field of
+ * the struct #GNUNET_GNSRECORD_EncryptionContext here.
+ * @param label the name for the records
+ * @param expire block expiration
+ * @param rd_count number of records in @a rd
+ * @param rd record data
+ * @param result the block buffer. Will be allocated.
+ * @return GNUNET_OK on success
+ */
+ enum GNUNET_GenericReturnValue
+ (*seal)(void *cls,
+ const char *label,
+ struct GNUNET_TIME_Absolute expire,
+ unsigned int rd_count,
+ const struct GNUNET_GNSRECORD_Data rd[rd_count],
+ struct GNUNET_GNSRECORD_Block **result);
+
+ /**
+ * Open a record set.
+ *
+ * @param cls internal encryption context data. You MUST pass the cls field of
+ * the struct #GNUNET_GNSRECORD_EncryptionContext here.
+ * @param label the name for the records
+ * @param block the encrypted record block
+ * @param proc function to call with the result
+ * @param proc_cls closure for @a proc
+ * @return #GNUNET_OK on success, #GNUNET_SYSERR if the block was
+ * not well-formed
+ */
+ enum GNUNET_GenericReturnValue
+ (*open)(void *cls,
+ const char *label,
+ const struct GNUNET_GNSRECORD_Block *block,
+ GNUNET_GNSRECORD_RecordCallback proc,
+ void *proc_cls);
+
+};
+
+/**
+ * Create a new encryption context for the zone owner.
+ * This context can be used to decrypt AND encrypt
+ * records.
+ *
+ * @param sk the zone private key
+ * @return the encryption context
+ */
+struct GNUNET_GNSRECORD_EncryptionContext*
+GNUNET_GNSRECORD_encryption_context_setup_owner (
+ const struct GNUNET_CRYPTO_BlindablePrivateKey *sk);
+
+
+/**
+ * Create a new encryption context for a resolver.
+ * This context can only be used to decrypt
+ * records.
+ *
+ * @param zkey the zone public key
+ * @return the encryption context
+ */
+struct GNUNET_GNSRECORD_EncryptionContext*
+GNUNET_GNSRECORD_encryption_context_setup_resolver (
+ const struct GNUNET_CRYPTO_BlindablePublicKey *zkey);
+
+/**
+ * Cleanup and free the encryption context
+ *
+ * @param ec the context to clean up
+ */
+void
+GNUNET_GNSRECORD_encryption_context_destroy (struct
+ GNUNET_GNSRECORD_EncryptionContext
+ *ec);
/**
* Compares if two records are equal
diff --git a/src/lib/gnsrecord/gnsrecord_crypto.c b/src/lib/gnsrecord/gnsrecord_crypto.c
@@ -920,31 +920,6 @@ struct EncryptionContextData
struct GNUNET_CRYPTO_BlindablePublicKey zkey;
};
-struct GNUNET_GNSRECORD_EncryptionContext
-{
- /**
- * Private data of the context.
- * Passed to the APIs below as first argument.
- */
- void *cls;
-
- enum GNUNET_GenericReturnValue
- (*seal)(void *cls,
- const char *label,
- struct GNUNET_TIME_Absolute expire,
- unsigned int rd_count,
- const struct GNUNET_GNSRECORD_Data rd[rd_count],
- struct GNUNET_GNSRECORD_Block **result);
-
- enum GNUNET_GenericReturnValue
- (*open)(void *cls,
- const char *label,
- const struct GNUNET_GNSRECORD_Block *block,
- GNUNET_GNSRECORD_RecordCallback proc,
- void *proc_cls);
-
-};
-
static enum GNUNET_GenericReturnValue
block_open_ecdsa (void *cls,
const char *label,
diff --git a/src/lib/gnsrecord/test_gnsrecord_crypto.c b/src/lib/gnsrecord/test_gnsrecord_crypto.c
@@ -95,6 +95,7 @@ rd_decrypt_cb (void *cls,
static void
test_with_type (struct GNUNET_CRYPTO_BlindablePrivateKey *privkey)
{
+ struct GNUNET_GNSRECORD_EncryptionContext *ec;
struct GNUNET_GNSRECORD_Block *block;
struct GNUNET_CRYPTO_BlindablePublicKey pubkey;
struct GNUNET_HashCode query_pub;
@@ -114,6 +115,7 @@ test_with_type (struct GNUNET_CRYPTO_BlindablePrivateKey *privkey)
GNUNET_GNSRECORD_query_from_public_key (&pubkey,
"testlabel",
&query_pub);
+ ec = GNUNET_GNSRECORD_encryption_context_setup_owner (privkey);
GNUNET_assert (0 == memcmp (&query_priv,
&query_pub,
sizeof(struct GNUNET_HashCode)));
@@ -122,12 +124,13 @@ test_with_type (struct GNUNET_CRYPTO_BlindablePrivateKey *privkey)
s_rd = create_record (RECORDS);
/* Create block */
- GNUNET_assert (GNUNET_OK == GNUNET_GNSRECORD_block_create (privkey,
- expire,
- s_name,
- s_rd,
- RECORDS,
- &block));
+ GNUNET_assert (GNUNET_OK == ec->seal (ec->cls,
+ s_name,
+ expire,
+ RECORDS,
+ s_rd,
+ &block));
+
GNUNET_assert (GNUNET_OK ==
GNUNET_GNSRECORD_query_from_block (block,
&query_block));
