separating ECC crypto into functions/structs for ECDHE, ECDSA and EDDSA

16 files changed, 341 insertions, 182 deletions

diff --git a/src/include/block_dns.h b/src/include/block_dns.h
index 650b3bc140..9bfaac1c65 100644
--- a/src/include/block_dns.h
+++ b/src/include/block_dns.h
@@ -37,7 +37,7 @@ struct GNUNET_DNS_Advertisement
   /**
    * Signature of the peer affirming that he is offering the service.
    */
-  struct GNUNET_CRYPTO_EccSignature signature;
+  struct GNUNET_CRYPTO_EddsaSignature signature;
 
   /**
    * Beginning of signed portion of the record, signs everything until
diff --git a/src/include/block_fs.h b/src/include/block_fs.h
index 3a0afba149..3f904caeb7 100644
--- a/src/include/block_fs.h
+++ b/src/include/block_fs.h
@@ -48,7 +48,7 @@ struct UBlock
   /**
    * Signature using pseudonym and search keyword / identifier.
    */
-  struct GNUNET_CRYPTO_EccSignature signature;
+  struct GNUNET_CRYPTO_EcdsaSignature signature;
 
   /**
    * What is being signed and why?
@@ -58,7 +58,7 @@ struct UBlock
   /**
    * Public key used to sign this block.
    */
-  struct GNUNET_CRYPTO_EccPublicSignKey verification_key;
+  struct GNUNET_CRYPTO_EcdsaPublicKey verification_key;
 
   /* rest of the data is encrypted */
 
diff --git a/src/include/block_regex.h b/src/include/block_regex.h
index 77f778c95a..326183d567 100644
--- a/src/include/block_regex.h
+++ b/src/include/block_regex.h
@@ -72,7 +72,7 @@ struct RegexAcceptBlock
   /**
    * The signature.
    */
-  struct GNUNET_CRYPTO_EccSignature signature;
+  struct GNUNET_CRYPTO_EddsaSignature signature;
 };
 
 
diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h
index bd1a2f3bf1..da4de4c878 100644
--- a/src/include/gnunet_crypto_lib.h
+++ b/src/include/gnunet_crypto_lib.h
@@ -148,9 +148,10 @@ struct GNUNET_CRYPTO_EccSignaturePurpose
 
 
 /**
- * @brief an ECC signature
+ * @brief an ECC signature using EdDSA.
+ * See https://gnunet.org/ed25519
  */
-struct GNUNET_CRYPTO_EccSignature
+struct GNUNET_CRYPTO_EddsaSignature
 {
 
   /**
@@ -166,11 +167,54 @@ struct GNUNET_CRYPTO_EccSignature
 };
 
 
+
 /**
- * Public ECC key (always for NIST P-521) encoded in a format suitable
- * for network transmission and signatures (ECDSA/EdDSA).
+ * @brief an ECC signature using ECDSA
  */
-struct GNUNET_CRYPTO_EccPublicSignKey
+struct GNUNET_CRYPTO_EcdsaSignature
+{
+
+  /**
+   * R value.
+   */
+  unsigned char r[256 / 8];
+
+  /**
+   * S value.
+   */
+  unsigned char s[256 / 8];
+
+};
+
+
+/**
+ * Public ECC key (always for Curve25519) encoded in a format suitable
+ * for network transmission and EdDSA signatures.
+ */
+struct GNUNET_CRYPTO_EddsaPublicKey
+{
+  /**
+   * Q consists of an x- and a y-value, each mod p (256 bits),
+   * given here in affine coordinates.
+   *
+   * FIXME: this coordinate will be removed in the future (compressed point!).
+   */
+  unsigned char q_x[256 / 8];
+
+  /**
+   * Q consists of an x- and a y-value, each mod p (256 bits),
+   * given here in affine coordinates.
+   */
+  unsigned char q_y[256 / 8];
+
+};
+
+
+/**
+ * Public ECC key (always for Curve25519) encoded in a format suitable
+ * for network transmission and ECDSA signatures.
+ */
+struct GNUNET_CRYPTO_EcdsaPublicKey
 {
   /**
    * Q consists of an x- and a y-value, each mod p (256 bits),
@@ -194,15 +238,16 @@ struct GNUNET_CRYPTO_EccPublicSignKey
  */
 struct GNUNET_PeerIdentity
 {
-  struct GNUNET_CRYPTO_EccPublicSignKey public_key;
+  struct GNUNET_CRYPTO_EddsaPublicKey public_key;
 };
 
 
 /**
- * Public ECC key (always for NIST P-521) encoded in a format suitable
- * for network transmission and encryption (ECDH).
+ * Public ECC key (always for Curve25519) encoded in a format suitable
+ * for network transmission and encryption (ECDH),
+ * See http://cr.yp.to/ecdh.html
  */
-struct GNUNET_CRYPTO_EccPublicEncryptKey
+struct GNUNET_CRYPTO_EcdhePublicKey
 {
   /**
    * Q consists of an x- and a y-value, each mod p (256 bits),
@@ -222,9 +267,36 @@ struct GNUNET_CRYPTO_EccPublicEncryptKey
 
 
 /**
- * Private ECC key encoded for transmission.
+ * Private ECC key encoded for transmission.  To be used only for ECDH
+ * key exchange (ECDHE to be precise).
  */
-struct GNUNET_CRYPTO_EccPrivateKey
+struct GNUNET_CRYPTO_EcdhePrivateKey
+{
+  /**
+   * d is a value mod n, where n has at most 256 bits.
+   */
+  unsigned char d[256 / 8];
+
+};
+
+/**
+ * Private ECC key encoded for transmission.  To be used only for ECDSA
+ * signatures.
+ */
+struct GNUNET_CRYPTO_EcdsaPrivateKey
+{
+  /**
+   * d is a value mod n, where n has at most 256 bits.
+   */
+  unsigned char d[256 / 8];
+
+};
+
+/**
+ * Private ECC key encoded for transmission.  To be used only for EdDSA
+ * signatures.
+ */
+struct GNUNET_CRYPTO_EddsaPrivateKey
 {
   /**
    * d is a value mod n, where n has at most 256 bits.
@@ -743,11 +815,11 @@ GNUNET_CRYPTO_hmac_derive_key (struct GNUNET_CRYPTO_AuthKey *key,
  * @param xtr_algo hash algorithm for the extraction phase, GCRY_MD_...
  * @param prf_algo hash algorithm for the expansion phase, GCRY_MD_...
  * @param xts salt
- * @param xts_len length of xts
+ * @param xts_len length of @a xts
  * @param skm source key material
- * @param skm_len length of skm
+ * @param skm_len length of @a skm
  * @param ... pair of void * & size_t for context chunks, terminated by NULL
- * @return GNUNET_YES on success
+ * @return #GNUNET_YES on success
  */
 int
 GNUNET_CRYPTO_hkdf (void *result, size_t out_len, int xtr_algo, int prf_algo,
@@ -763,11 +835,11 @@ GNUNET_CRYPTO_hkdf (void *result, size_t out_len, int xtr_algo, int prf_algo,
  * @param xtr_algo hash algorithm for the extraction phase, GCRY_MD_...
  * @param prf_algo hash algorithm for the expansion phase, GCRY_MD_...
  * @param xts salt
- * @param xts_len length of xts
+ * @param xts_len length of @a xts
  * @param skm source key material
- * @param skm_len length of skm
+ * @param skm_len length of @a skm
  * @param argp va_list of void * & size_t pairs for context chunks
- * @return GNUNET_YES on success
+ * @return #GNUNET_YES on success
  */
 int
 GNUNET_CRYPTO_hkdf_v (void *result, size_t out_len, int xtr_algo, int prf_algo,
@@ -780,11 +852,11 @@ GNUNET_CRYPTO_hkdf_v (void *result, size_t out_len, int xtr_algo, int prf_algo,
  * @param result buffer for the derived key, allocated by caller
  * @param out_len desired length of the derived key
  * @param xts salt
- * @param xts_len length of xts
+ * @param xts_len length of @a xts
  * @param skm source key material
- * @param skm_len length of skm
+ * @param skm_len length of @a skm
  * @param argp va_list of void * & size_t pairs for context chunks
- * @return GNUNET_YES on success
+ * @return #GNUNET_YES on success
  */
 int
 GNUNET_CRYPTO_kdf_v (void *result, size_t out_len, const void *xts,
@@ -798,9 +870,9 @@ GNUNET_CRYPTO_kdf_v (void *result, size_t out_len, const void *xts,
  * @param result buffer for the derived key, allocated by caller
  * @param out_len desired length of the derived key
  * @param xts salt
- * @param xts_len length of xts
+ * @param xts_len length of @a xts
  * @param skm source key material
- * @param skm_len length of skm
+ * @param skm_len length of @a skm
  * @param ... void * & size_t pairs for context chunks
  * @return #GNUNET_YES on success
  */
@@ -810,16 +882,15 @@ GNUNET_CRYPTO_kdf (void *result, size_t out_len, const void *xts,
 
 
 /**
- * Function called upon completion of 'GNUNET_CRYPTO_ecc_key_create_async'.
+ * @ingroup crypto
+ * Extract the public key for the given private key.
  *
- * @param cls closure
- * @param pk NULL on error, otherwise the private key (which must be free'd by the callee)
- * @param emsg NULL on success, otherwise an error message
+ * @param priv the private key
+ * @param pub where to write the public key
  */
-typedef void (*GNUNET_CRYPTO_EccKeyCallback)(void *cls,
-					     struct GNUNET_CRYPTO_EccPrivateKey *pk,
-					     const char *emsg);
-
+void
+GNUNET_CRYPTO_ecdsa_key_get_public (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv,
+                                    struct GNUNET_CRYPTO_EcdsaPublicKey *pub);
 
 /**
  * @ingroup crypto
@@ -829,9 +900,8 @@ typedef void (*GNUNET_CRYPTO_EccKeyCallback)(void *cls,
  * @param pub where to write the public key
  */
 void
-GNUNET_CRYPTO_ecc_key_get_public_for_signature (const struct GNUNET_CRYPTO_EccPrivateKey *priv,
-						struct GNUNET_CRYPTO_EccPublicSignKey *pub);
-
+GNUNET_CRYPTO_eddsa_key_get_public (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv,
+                                    struct GNUNET_CRYPTO_EddsaPublicKey *pub);
 
 
 /**
@@ -842,8 +912,18 @@ GNUNET_CRYPTO_ecc_key_get_public_for_signature (const struct GNUNET_CRYPTO_EccPr
  * @param pub where to write the public key
  */
 void
-GNUNET_CRYPTO_ecc_key_get_public_for_encryption (const struct GNUNET_CRYPTO_EccPrivateKey *priv,
-						 struct GNUNET_CRYPTO_EccPublicEncryptKey *pub);
+GNUNET_CRYPTO_ecdhe_key_get_public (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv,
+                                    struct GNUNET_CRYPTO_EcdhePublicKey *pub);
+
+
+/**
+ * Convert a public key to a string.
+ *
+ * @param pub key to convert
+ * @return string representing @a pub
+ */
+char *
+GNUNET_CRYPTO_ecdsa_public_key_to_string (const struct GNUNET_CRYPTO_EcdsaPublicKey *pub);
 
 
 /**
@@ -853,7 +933,7 @@ GNUNET_CRYPTO_ecc_key_get_public_for_encryption (const struct GNUNET_CRYPTO_EccP
  * @return string representing @a pub
  */
 char *
-GNUNET_CRYPTO_ecc_public_sign_key_to_string (const struct GNUNET_CRYPTO_EccPublicSignKey *pub);
+GNUNET_CRYPTO_eddsa_public_key_to_string (const struct GNUNET_CRYPTO_EddsaPublicKey *pub);
 
 
 /**
@@ -865,20 +945,9 @@ GNUNET_CRYPTO_ecc_public_sign_key_to_string (const struct GNUNET_CRYPTO_EccPubli
  * @return #GNUNET_OK on success
  */
 int
-GNUNET_CRYPTO_ecc_public_sign_key_from_string (const char *enc,
-					       size_t enclen,
-					       struct GNUNET_CRYPTO_EccPublicSignKey *pub);
-
-
-
-/**
- * Convert a public key to a string.
- *
- * @param pub key to convert
- * @return string representing @a pub
- */
-char *
-GNUNET_CRYPTO_ecc_public_encrypt_key_to_string (const struct GNUNET_CRYPTO_EccPublicEncryptKey *pub);
+GNUNET_CRYPTO_ecdsa_public_key_from_string (const char *enc,
+                                            size_t enclen,
+                                            struct GNUNET_CRYPTO_EcdsaPublicKey *pub);
 
 
 /**
@@ -890,9 +959,28 @@ GNUNET_CRYPTO_ecc_public_encrypt_key_to_string (const struct GNUNET_CRYPTO_EccPu
  * @return #GNUNET_OK on success
  */
 int
-GNUNET_CRYPTO_ecc_public_encrypt_key_from_string (const char *enc,
-						  size_t enclen,
-						  struct GNUNET_CRYPTO_EccPublicEncryptKey *pub);
+GNUNET_CRYPTO_eddsa_public_key_from_string (const char *enc,
+                                            size_t enclen,
+                                            struct GNUNET_CRYPTO_EddsaPublicKey *pub);
+
+
+/**
+ * @ingroup crypto
+ * Create a new private key by reading it from a file.  If the
+ * files does not exist, create a new key and write it to the
+ * file.  Caller must free return value.  Note that this function
+ * can not guarantee that another process might not be trying
+ * the same operation on the same file at the same time.
+ * If the contents of the file
+ * are invalid the old file is deleted and a fresh key is
+ * created.
+ *
+ * @param filename name of file to use to store the key
+ * @return new private key, NULL on error (for example,
+ *   permission denied); free using #GNUNET_free
+ */
+struct GNUNET_CRYPTO_EcdsaPrivateKey *
+GNUNET_CRYPTO_ecdsa_key_create_from_file (const char *filename);
 
 
 /**
@@ -910,8 +998,8 @@ GNUNET_CRYPTO_ecc_public_encrypt_key_from_string (const char *enc,
  * @return new private key, NULL on error (for example,
  *   permission denied); free using #GNUNET_free
  */
-struct GNUNET_CRYPTO_EccPrivateKey *
-GNUNET_CRYPTO_ecc_key_create_from_file (const char *filename);
+struct GNUNET_CRYPTO_EddsaPrivateKey *
+GNUNET_CRYPTO_eddsa_key_create_from_file (const char *filename);
 
 
 /**
@@ -923,8 +1011,28 @@ GNUNET_CRYPTO_ecc_key_create_from_file (const char *filename);
  * @return new private key, NULL on error (for example,
  *   permission denied); free using #GNUNET_free
  */
-struct GNUNET_CRYPTO_EccPrivateKey *
-GNUNET_CRYPTO_ecc_key_create_from_configuration (const struct GNUNET_CONFIGURATION_Handle *cfg);
+struct GNUNET_CRYPTO_EddsaPrivateKey *
+GNUNET_CRYPTO_eddsa_key_create_from_configuration (const struct GNUNET_CONFIGURATION_Handle *cfg);
+
+
+/**
+ * @ingroup crypto
+ * Create a new private key. Caller must free return value.
+ *
+ * @return fresh private key; free using #GNUNET_free
+ */
+struct GNUNET_CRYPTO_EcdsaPrivateKey *
+GNUNET_CRYPTO_ecdsa_key_create (void);
+
+
+/**
+ * @ingroup crypto
+ * Create a new private key. Caller must free return value.
+ *
+ * @return fresh private key; free using #GNUNET_free
+ */
+struct GNUNET_CRYPTO_EddsaPrivateKey *
+GNUNET_CRYPTO_eddsa_key_create (void);
 
 
 /**
@@ -933,8 +1041,8 @@ GNUNET_CRYPTO_ecc_key_create_from_configuration (const struct GNUNET_CONFIGURATI
  *
  * @return fresh private key; free using #GNUNET_free
  */
-struct GNUNET_CRYPTO_EccPrivateKey *
-GNUNET_CRYPTO_ecc_key_create (void);
+struct GNUNET_CRYPTO_EcdhePrivateKey *
+GNUNET_CRYPTO_ecdhe_key_create (void);
 
 
 /**
@@ -944,7 +1052,26 @@ GNUNET_CRYPTO_ecc_key_create (void);
  * @param pk location of the key
  */
 void
-GNUNET_CRYPTO_ecc_key_clear (struct GNUNET_CRYPTO_EccPrivateKey *pk);
+GNUNET_CRYPTO_eddsa_key_clear (struct GNUNET_CRYPTO_EddsaPrivateKey *pk);
+
+
+/**
+ * @ingroup crypto
+ * Clear memory that was used to store a private key.
+ *
+ * @param pk location of the key
+ */
+void
+GNUNET_CRYPTO_ecdsa_key_clear (struct GNUNET_CRYPTO_EcdsaPrivateKey *pk);
+
+/**
+ * @ingroup crypto
+ * Clear memory that was used to store a private key.
+ *
+ * @param pk location of the key
+ */
+void
+GNUNET_CRYPTO_ecdhe_key_clear (struct GNUNET_CRYPTO_EcdhePrivateKey *pk);
 
 
 /**
@@ -953,8 +1080,8 @@ GNUNET_CRYPTO_ecc_key_clear (struct GNUNET_CRYPTO_EccPrivateKey *pk);
  *
  * @return "anonymous" private key; do not free
  */
-const struct GNUNET_CRYPTO_EccPrivateKey *
-GNUNET_CRYPTO_ecc_key_get_anonymous (void);
+const struct GNUNET_CRYPTO_EcdsaPrivateKey *
+GNUNET_CRYPTO_ecdsa_key_get_anonymous (void);
 
 
 /**
@@ -967,7 +1094,7 @@ GNUNET_CRYPTO_ecc_key_get_anonymous (void);
  * @param cfg_name name of the configuration file to use
  */
 void
-GNUNET_CRYPTO_ecc_setup_hostkey (const char *cfg_name);
+GNUNET_CRYPTO_eddsa_setup_hostkey (const char *cfg_name);
 
 
 /**
@@ -989,19 +1116,34 @@ GNUNET_CRYPTO_get_peer_identity (const struct GNUNET_CONFIGURATION_Handle *cfg,
  * Derive key material from a public and a private ECC key.
  *
  * @param priv private key to use for the ECDH (x)
- * @param pub public key to use for the ECDY (yG)
+ * @param pub public key to use for the ECDH (yG)
  * @param key_material where to write the key material (xyG)
  * @return #GNUNET_SYSERR on error, #GNUNET_OK on success
  */
 int
-GNUNET_CRYPTO_ecc_ecdh (const struct GNUNET_CRYPTO_EccPrivateKey *priv,
-                        const struct GNUNET_CRYPTO_EccPublicEncryptKey *pub,
+GNUNET_CRYPTO_ecc_ecdh (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv,
+                        const struct GNUNET_CRYPTO_EcdhePublicKey *pub,
                         struct GNUNET_HashCode *key_material);
 
 
 /**
  * @ingroup crypto
- * Sign a given block.
+ * EdDSA sign a given block.
+ *
+ * @param priv private key to use for the signing
+ * @param purpose what to sign (size, purpose)
+ * @param sig where to write the signature
+ * @return #GNUNET_SYSERR on error, #GNUNET_OK on success
+ */
+int
+GNUNET_CRYPTO_eddsa_sign (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv,
+                          const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose,
+                          struct GNUNET_CRYPTO_EddsaSignature *sig);
+
+
+/**
+ * @ingroup crypto
+ * ECDSA Sign a given block.
  *
  * @param priv private key to use for the signing
  * @param purpose what to sign (size, purpose)
@@ -1009,14 +1151,31 @@ GNUNET_CRYPTO_ecc_ecdh (const struct GNUNET_CRYPTO_EccPrivateKey *priv,
  * @return #GNUNET_SYSERR on error, #GNUNET_OK on success
  */
 int
-GNUNET_CRYPTO_ecc_sign (const struct GNUNET_CRYPTO_EccPrivateKey *priv,
-                        const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose,
-                        struct GNUNET_CRYPTO_EccSignature *sig);
+GNUNET_CRYPTO_ecdsa_sign (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv,
+                          const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose,
+                          struct GNUNET_CRYPTO_EcdsaSignature *sig);
+
+/**
+ * @ingroup crypto
+ * Verify EdDSA signature.
+ *
+ * @param purpose what is the purpose that the signature should have?
+ * @param validate block to validate (size, purpose, data)
+ * @param sig signature that is being validated
+ * @param pub public key of the signer
+ * @returns #GNUNET_OK if ok, #GNUNET_SYSERR if invalid
+ */
+int
+GNUNET_CRYPTO_eddsa_verify (uint32_t purpose,
+                            const struct GNUNET_CRYPTO_EccSignaturePurpose *validate,
+                            const struct GNUNET_CRYPTO_EddsaSignature *sig,
+                            const struct GNUNET_CRYPTO_EddsaPublicKey *pub);
+
 
 
 /**
  * @ingroup crypto
- * Verify signature.
+ * Verify ECDSA signature.
  *
  * @param purpose what is the purpose that the signature should have?
  * @param validate block to validate (size, purpose, data)
@@ -1025,10 +1184,10 @@ GNUNET_CRYPTO_ecc_sign (const struct GNUNET_CRYPTO_EccPrivateKey *priv,
  * @returns #GNUNET_OK if ok, #GNUNET_SYSERR if invalid
  */
 int
-GNUNET_CRYPTO_ecc_verify (uint32_t purpose,
-                          const struct GNUNET_CRYPTO_EccSignaturePurpose *validate,
-                          const struct GNUNET_CRYPTO_EccSignature *sig,
-                          const struct GNUNET_CRYPTO_EccPublicSignKey *pub);
+GNUNET_CRYPTO_ecdsa_verify (uint32_t purpose,
+                            const struct GNUNET_CRYPTO_EccSignaturePurpose *validate,
+                            const struct GNUNET_CRYPTO_EcdsaSignature *sig,
+                            const struct GNUNET_CRYPTO_EcdsaPublicKey *pub);
 
 
 /**
@@ -1044,10 +1203,10 @@ GNUNET_CRYPTO_ecc_verify (uint32_t purpose,
  *        typically the name of the subsystem/application
  * @return derived private key
  */
-struct GNUNET_CRYPTO_EccPrivateKey *
-GNUNET_CRYPTO_ecc_key_derive (const struct GNUNET_CRYPTO_EccPrivateKey *priv,
-			      const char *label,
-			      const char *context);
+struct GNUNET_CRYPTO_EcdsaPrivateKey *
+GNUNET_CRYPTO_ecdsa_private_key_derive (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv,
+                                        const char *label,
+                                        const char *context);
 
 
 /**
@@ -1062,10 +1221,10 @@ GNUNET_CRYPTO_ecc_key_derive (const struct GNUNET_CRYPTO_EccPrivateKey *priv,
  * @param result where to write the derived public key
  */
 void
-GNUNET_CRYPTO_ecc_public_key_derive (const struct GNUNET_CRYPTO_EccPublicSignKey *pub,
-				     const char *label,
-				     const char *context,
-				     struct GNUNET_CRYPTO_EccPublicSignKey *result);
+GNUNET_CRYPTO_ecdsa_public_key_derive (const struct GNUNET_CRYPTO_EcdsaPublicKey *pub,
+                                       const char *label,
+                                       const char *context,
+                                       struct GNUNET_CRYPTO_EcdsaPublicKey *result);
 
 
 #if 0                           /* keep Emacsens' auto-indent happy */
diff --git a/src/include/gnunet_fs_service.h b/src/include/gnunet_fs_service.h
index a13c3b91c1..3546fdcb77 100644
--- a/src/include/gnunet_fs_service.h
+++ b/src/include/gnunet_fs_service.h
@@ -337,7 +337,7 @@ GNUNET_FS_uri_test_sks (const struct GNUNET_FS_Uri *uri);
  * @return an FS URI for the given namespace and identifier
  */
 struct GNUNET_FS_Uri *
-GNUNET_FS_uri_sks_create (const struct GNUNET_CRYPTO_EccPublicSignKey *ns,
+GNUNET_FS_uri_sks_create (const struct GNUNET_CRYPTO_EcdsaPublicKey *ns,
 			  const char *id);
 
 
@@ -351,7 +351,7 @@ GNUNET_FS_uri_sks_create (const struct GNUNET_CRYPTO_EccPublicSignKey *ns,
  */
 int
 GNUNET_FS_uri_sks_get_namespace (const struct GNUNET_FS_Uri *uri,
-                                 struct GNUNET_CRYPTO_EccPublicSignKey *pseudonym);
+                                 struct GNUNET_CRYPTO_EcdsaPublicKey *pseudonym);
 
 
 /**
@@ -1377,7 +1377,7 @@ struct GNUNET_FS_ProgressInfo
           /**
 	   * Public key of the namespace.
 	   */
-          struct GNUNET_CRYPTO_EccPublicSignKey pseudonym;
+          struct GNUNET_CRYPTO_EcdsaPublicKey pseudonym;
 
         } ns;
 
@@ -1962,7 +1962,7 @@ enum GNUNET_FS_PublishOptions
 struct GNUNET_FS_PublishContext *
 GNUNET_FS_publish_start (struct GNUNET_FS_Handle *h,
                          struct GNUNET_FS_FileInformation *fi,
-                         const struct GNUNET_CRYPTO_EccPrivateKey *ns,
+                         const struct GNUNET_CRYPTO_EcdsaPrivateKey *ns,
 			 const char *nid,
                          const char *nuid,
                          enum GNUNET_FS_PublishOptions options);
@@ -2054,7 +2054,7 @@ struct GNUNET_FS_PublishSksContext;
  */
 struct GNUNET_FS_PublishSksContext *
 GNUNET_FS_publish_sks (struct GNUNET_FS_Handle *h,
-                       const struct GNUNET_CRYPTO_EccPrivateKey *ns,
+                       const struct GNUNET_CRYPTO_EcdsaPrivateKey *ns,
                        const char *identifier,
 		       const char *update,
                        const struct GNUNET_CONTAINER_MetaData *meta,
@@ -2176,7 +2176,7 @@ typedef void (*GNUNET_FS_IdentifierProcessor) (void *cls,
  */
 void
 GNUNET_FS_namespace_list_updateable (struct GNUNET_FS_Handle *h,
-				     const struct GNUNET_CRYPTO_EccPrivateKey *ns,
+				     const struct GNUNET_CRYPTO_EcdsaPrivateKey *ns,
                                      const char *next_id,
                                      GNUNET_FS_IdentifierProcessor ip,
                                      void *ip_cls);
diff --git a/src/include/gnunet_gns_service.h b/src/include/gnunet_gns_service.h
index f16494c61d..f26b44265e 100644
--- a/src/include/gnunet_gns_service.h
+++ b/src/include/gnunet_gns_service.h
@@ -107,10 +107,10 @@ typedef void (*GNUNET_GNS_LookupResultProcessor) (void *cls,
 struct GNUNET_GNS_LookupRequest *
 GNUNET_GNS_lookup (struct GNUNET_GNS_Handle *handle,
 		   const char *name,
-		   const struct GNUNET_CRYPTO_EccPublicSignKey *zone,
+		   const struct GNUNET_CRYPTO_EcdsaPublicKey *zone,
 		   int type,
 		   int only_cached,
-		   const struct GNUNET_CRYPTO_EccPrivateKey *shorten_zone_key,
+		   const struct GNUNET_CRYPTO_EcdsaPrivateKey *shorten_zone_key,
 		   GNUNET_GNS_LookupResultProcessor proc,
 		   void *proc_cls);
 
diff --git a/src/include/gnunet_hello_lib.h b/src/include/gnunet_hello_lib.h
index 901aa4f246..609cb2822c 100644
--- a/src/include/gnunet_hello_lib.h
+++ b/src/include/gnunet_hello_lib.h
@@ -198,7 +198,7 @@ typedef size_t (*GNUNET_HELLO_GenerateAddressListCallback) (void *cls,
  * @return the hello message
  */
 struct GNUNET_HELLO_Message *
-GNUNET_HELLO_create (const struct GNUNET_CRYPTO_EccPublicSignKey *publicKey,
+GNUNET_HELLO_create (const struct GNUNET_CRYPTO_EddsaPublicKey *publicKey,
                      GNUNET_HELLO_GenerateAddressListCallback addrgen,
                      void *addrgen_cls,
                      int friend_only);
@@ -325,7 +325,7 @@ GNUNET_HELLO_iterate_new_addresses (const struct GNUNET_HELLO_Message
  */
 int
 GNUNET_HELLO_get_key (const struct GNUNET_HELLO_Message *hello,
-                      struct GNUNET_CRYPTO_EccPublicSignKey *publicKey);
+                      struct GNUNET_CRYPTO_EddsaPublicKey *publicKey);
 
 
 /**
@@ -378,7 +378,7 @@ GNUNET_HELLO_compose_uri (const struct GNUNET_HELLO_Message *hello,
  */
 int
 GNUNET_HELLO_parse_uri (const char *uri,
-                        struct GNUNET_CRYPTO_EccPublicSignKey *pubkey,
+                        struct GNUNET_CRYPTO_EddsaPublicKey *pubkey,
                         struct GNUNET_HELLO_Message **hello,
                         GNUNET_HELLO_TransportPluginsFind plugins_find);
 
diff --git a/src/include/gnunet_identity_service.h b/src/include/gnunet_identity_service.h
index 79d27fa02e..49b269604c 100644
--- a/src/include/gnunet_identity_service.h
+++ b/src/include/gnunet_identity_service.h
@@ -76,7 +76,7 @@ struct GNUNET_IDENTITY_Operation;
  * @param ego the ego
  * @return associated ECC key, valid as long as the ego is valid
  */
-const struct GNUNET_CRYPTO_EccPrivateKey *
+const struct GNUNET_CRYPTO_EcdsaPrivateKey *
 GNUNET_IDENTITY_ego_get_private_key (const struct GNUNET_IDENTITY_Ego *ego);
 
 
@@ -97,7 +97,7 @@ GNUNET_IDENTITY_ego_get_anonymous (void);
  */
 void
 GNUNET_IDENTITY_ego_get_public_key (const struct GNUNET_IDENTITY_Ego *ego,
-				    struct GNUNET_CRYPTO_EccPublicSignKey *pk);
+				    struct GNUNET_CRYPTO_EcdsaPublicKey *pk);
 
 
 /**
diff --git a/src/include/gnunet_multicast_service.h b/src/include/gnunet_multicast_service.h
index 7a2421b4b2..58a99c0d88 100644
--- a/src/include/gnunet_multicast_service.h
+++ b/src/include/gnunet_multicast_service.h
@@ -112,7 +112,7 @@ struct GNUNET_MULTICAST_MessageHeader
    *
    * Signature must match the public key of the multicast group.
    */
-  struct GNUNET_CRYPTO_EccSignature signature;
+  struct GNUNET_CRYPTO_EddsaSignature signature;
 
   /**
    * Purpose for the signature and size of the signed data.
@@ -214,7 +214,7 @@ GNUNET_MULTICAST_join_decision (struct GNUNET_MULTICAST_JoinHandle *jh,
  */
 typedef void
 (*GNUNET_MULTICAST_JoinCallback) (void *cls,
-                                  const struct GNUNET_CRYPTO_EccPublicSignKey *member_key,
+                                  const struct GNUNET_CRYPTO_EddsaPublicKey *member_key,
                                   const struct GNUNET_MessageHeader *join_req,
                                   struct GNUNET_MULTICAST_JoinHandle *jh);
 
@@ -253,7 +253,7 @@ GNUNET_MULTICAST_membership_test_result (struct GNUNET_MULTICAST_MembershipTestH
  */
 typedef void
 (*GNUNET_MULTICAST_MembershipTestCallback) (void *cls,
-                                            const struct GNUNET_CRYPTO_EccPublicSignKey *member_key,
+                                            const struct GNUNET_CRYPTO_EddsaPublicKey *member_key,
                                             uint64_t message_id,
                                             uint64_t group_generation,
                                             struct GNUNET_MULTICAST_MembershipTestHandle *mth);
@@ -277,7 +277,7 @@ typedef void
  */
 typedef void
 (*GNUNET_MULTICAST_RequestCallback) (void *cls,
-                                     const struct GNUNET_CRYPTO_EccPublicSignKey *member_key,
+                                     const struct GNUNET_CRYPTO_EddsaPublicKey *member_key,
                                      const struct GNUNET_MessageHeader *req,
                                      enum GNUNET_MULTICAST_MessageFlags flags);
 
@@ -341,7 +341,7 @@ struct GNUNET_MULTICAST_ReplayHandle;
  */
 typedef void
 (*GNUNET_MULTICAST_ReplayFragmentCallback) (void *cls,
-                                            const struct GNUNET_CRYPTO_EccPublicSignKey *member_key,
+                                            const struct GNUNET_CRYPTO_EddsaPublicKey *member_key,
                                             uint64_t fragment_id,
                                             uint64_t flags,
                                             struct GNUNET_MULTICAST_ReplayHandle *rh);
@@ -364,7 +364,7 @@ typedef void
  */
 typedef void
 (*GNUNET_MULTICAST_ReplayMessageCallback) (void *cls,
-                                           const struct GNUNET_CRYPTO_EccPublicSignKey *member_key,
+                                           const struct GNUNET_CRYPTO_EddsaPublicKey *member_key,
                                            uint64_t message_id,
                                            uint64_t fragment_offset,
                                            uint64_t flags,
@@ -491,7 +491,7 @@ GNUNET_MULTICAST_replay_response2 (struct GNUNET_MULTICAST_ReplayHandle *rh,
  */
 struct GNUNET_MULTICAST_Origin *
 GNUNET_MULTICAST_origin_start (const struct GNUNET_CONFIGURATION_Handle *cfg,
-                               const struct GNUNET_CRYPTO_EccPrivateKey *priv_key,
+                               const struct GNUNET_CRYPTO_EddsaPrivateKey *priv_key,
                                uint64_t next_fragment_id,
                                GNUNET_MULTICAST_JoinCallback join_cb,
                                GNUNET_MULTICAST_MembershipTestCallback mem_test_cb,
@@ -623,8 +623,8 @@ GNUNET_MULTICAST_origin_stop (struct GNUNET_MULTICAST_Origin *origin);
  */
 struct GNUNET_MULTICAST_Member *
 GNUNET_MULTICAST_member_join (const struct GNUNET_CONFIGURATION_Handle *cfg,
-                              const struct GNUNET_CRYPTO_EccPublicSignKey *group_key,
-                              const struct GNUNET_CRYPTO_EccPrivateKey *member_key,
+                              const struct GNUNET_CRYPTO_EddsaPublicKey *group_key,
+                              const struct GNUNET_CRYPTO_EddsaPrivateKey *member_key,
                               const struct GNUNET_PeerIdentity *origin,
                               uint32_t relay_count,
                               const struct GNUNET_PeerIdentity *relays,
diff --git a/src/include/gnunet_namestore_plugin.h b/src/include/gnunet_namestore_plugin.h
index 4d4821bcbe..5c7408eec3 100644
--- a/src/include/gnunet_namestore_plugin.h
+++ b/src/include/gnunet_namestore_plugin.h
@@ -58,7 +58,7 @@ typedef void (*GNUNET_NAMESTORE_BlockCallback) (void *cls,
  * @param rd array of records with data to store
  */
 typedef void (*GNUNET_NAMESTORE_RecordIterator) (void *cls,
-						 const struct GNUNET_CRYPTO_EccPrivateKey *private_key,
+						 const struct GNUNET_CRYPTO_EcdsaPrivateKey *private_key,
 						 const char *label,
 						 unsigned int rd_count,
 						 const struct GNUNET_NAMESTORE_RecordData *rd);
@@ -115,7 +115,7 @@ struct GNUNET_NAMESTORE_PluginFunctions
    * @return #GNUNET_OK on success, else #GNUNET_SYSERR
    */
   int (*store_records) (void *cls,
-			const struct GNUNET_CRYPTO_EccPrivateKey *zone,
+			const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
 			const char *label,
 			unsigned int rd_count,
 			const struct GNUNET_NAMESTORE_RecordData *rd);
@@ -133,7 +133,7 @@ struct GNUNET_NAMESTORE_PluginFunctions
    * @return #GNUNET_OK on success, #GNUNET_NO if there were no results, #GNUNET_SYSERR on error
    */
   int (*iterate_records) (void *cls,
-			  const struct GNUNET_CRYPTO_EccPrivateKey *zone,
+			  const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
 			  uint64_t offset,
 			  GNUNET_NAMESTORE_RecordIterator iter, void *iter_cls);
 
@@ -150,8 +150,8 @@ struct GNUNET_NAMESTORE_PluginFunctions
    * @return #GNUNET_OK on success, #GNUNET_NO if there were no results, #GNUNET_SYSERR on error
    */
   int (*zone_to_name) (void *cls,
-		       const struct GNUNET_CRYPTO_EccPrivateKey *zone,
-		       const struct GNUNET_CRYPTO_EccPublicSignKey *value_zone,
+		       const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
+		       const struct GNUNET_CRYPTO_EcdsaPublicKey *value_zone,
 		       GNUNET_NAMESTORE_RecordIterator iter, void *iter_cls);
 
 
diff --git a/src/include/gnunet_namestore_service.h b/src/include/gnunet_namestore_service.h
index 7e39adc495..c31c3689bc 100644
--- a/src/include/gnunet_namestore_service.h
+++ b/src/include/gnunet_namestore_service.h
@@ -239,12 +239,12 @@ struct GNUNET_NAMESTORE_Block
   /**
    * Signature of the block.
    */
-  struct GNUNET_CRYPTO_EccSignature signature;
+  struct GNUNET_CRYPTO_EcdsaSignature signature;
 
   /**
    * Derived key used for signing; hash of this is the query.
    */
-  struct GNUNET_CRYPTO_EccPublicSignKey derived_key;
+  struct GNUNET_CRYPTO_EcdsaPublicKey derived_key;
 
   /**
    * Number of bytes signed; also specifies the number of bytes
@@ -297,7 +297,7 @@ GNUNET_NAMESTORE_block_cache (struct GNUNET_NAMESTORE_Handle *h,
  */
 struct GNUNET_NAMESTORE_QueueEntry *
 GNUNET_NAMESTORE_records_store (struct GNUNET_NAMESTORE_Handle *h,
-				const struct GNUNET_CRYPTO_EccPrivateKey *pkey,
+				const struct GNUNET_CRYPTO_EcdsaPrivateKey *pkey,
 				const char *label,
 				unsigned int rd_count,
 				const struct GNUNET_NAMESTORE_RecordData *rd,
@@ -343,7 +343,7 @@ GNUNET_NAMESTORE_lookup_block (struct GNUNET_NAMESTORE_Handle *h,
  * @param rd array of records with data to store
  */
 typedef void (*GNUNET_NAMESTORE_RecordMonitor) (void *cls,
-						const struct GNUNET_CRYPTO_EccPrivateKey *zone,
+						const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
 						const char *label,
 						unsigned int rd_count,
 						const struct GNUNET_NAMESTORE_RecordData *rd);
@@ -364,8 +364,8 @@ typedef void (*GNUNET_NAMESTORE_RecordMonitor) (void *cls,
  */
 struct GNUNET_NAMESTORE_QueueEntry *
 GNUNET_NAMESTORE_zone_to_name (struct GNUNET_NAMESTORE_Handle *h,
-			       const struct GNUNET_CRYPTO_EccPrivateKey *zone,
-			       const struct GNUNET_CRYPTO_EccPublicSignKey *value_zone,
+			       const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
+			       const struct GNUNET_CRYPTO_EcdsaPublicKey *value_zone,
 			       GNUNET_NAMESTORE_RecordMonitor proc, void *proc_cls);
 
 
@@ -411,7 +411,7 @@ GNUNET_NAMESTORE_cancel (struct GNUNET_NAMESTORE_QueueEntry *qe);
  */
 struct GNUNET_NAMESTORE_ZoneIterator *
 GNUNET_NAMESTORE_zone_iteration_start (struct GNUNET_NAMESTORE_Handle *h,
-				       const struct GNUNET_CRYPTO_EccPrivateKey *zone,
+				       const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
 				       GNUNET_NAMESTORE_RecordMonitor proc,
 				       void *proc_cls);
 
@@ -471,7 +471,7 @@ typedef void (*GNUNET_NAMESTORE_RecordsSynchronizedCallback)(void *cls);
  */
 struct GNUNET_NAMESTORE_ZoneMonitor *
 GNUNET_NAMESTORE_zone_monitor_start (const struct GNUNET_CONFIGURATION_Handle *cfg,
-				     const struct GNUNET_CRYPTO_EccPrivateKey *zone,
+				     const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
 				     GNUNET_NAMESTORE_RecordMonitor monitor,
 				     GNUNET_NAMESTORE_RecordsSynchronizedCallback sync_cb,
 				     void *cls);
@@ -614,7 +614,7 @@ GNUNET_NAMESTORE_normalize_string (const char *src);
  * @return string form; will be overwritten by next call to #GNUNET_NAMESTORE_z2s.
  */
 const char *
-GNUNET_NAMESTORE_z2s (const struct GNUNET_CRYPTO_EccPublicSignKey *z);
+GNUNET_NAMESTORE_z2s (const struct GNUNET_CRYPTO_EcdsaPublicKey *z);
 
 
 /**
@@ -628,7 +628,7 @@ GNUNET_NAMESTORE_z2s (const struct GNUNET_CRYPTO_EccPublicSignKey *z);
  *         key in an encoding suitable for DNS labels.
  */
 const char *
-GNUNET_NAMESTORE_pkey_to_zkey (const struct GNUNET_CRYPTO_EccPublicSignKey *pkey);
+GNUNET_NAMESTORE_pkey_to_zkey (const struct GNUNET_CRYPTO_EcdsaPublicKey *pkey);
 
 
 /**
@@ -642,7 +642,7 @@ GNUNET_NAMESTORE_pkey_to_zkey (const struct GNUNET_CRYPTO_EccPublicSignKey *pkey
  */
 int
 GNUNET_NAMESTORE_zkey_to_pkey (const char *zkey,
-			       struct GNUNET_CRYPTO_EccPublicSignKey *pkey);
+			       struct GNUNET_CRYPTO_EcdsaPublicKey *pkey);
 
 
 /**
@@ -653,7 +653,7 @@ GNUNET_NAMESTORE_zkey_to_pkey (const char *zkey,
  * @param query hash to use for the query
  */
 void
-GNUNET_NAMESTORE_query_from_private_key (const struct GNUNET_CRYPTO_EccPrivateKey *zone,
+GNUNET_NAMESTORE_query_from_private_key (const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
 					 const char *label,
 					 struct GNUNET_HashCode *query);
 
@@ -666,7 +666,7 @@ GNUNET_NAMESTORE_query_from_private_key (const struct GNUNET_CRYPTO_EccPrivateKe
  * @param query hash to use for the query
  */
 void
-GNUNET_NAMESTORE_query_from_public_key (const struct GNUNET_CRYPTO_EccPublicSignKey *pub,
+GNUNET_NAMESTORE_query_from_public_key (const struct GNUNET_CRYPTO_EcdsaPublicKey *pub,
 					const char *label,
 					struct GNUNET_HashCode *query);
 
@@ -681,7 +681,7 @@ GNUNET_NAMESTORE_query_from_public_key (const struct GNUNET_CRYPTO_EccPublicSign
  * @param rd_count number of records in @a rd
  */
 struct GNUNET_NAMESTORE_Block *
-GNUNET_NAMESTORE_block_create (const struct GNUNET_CRYPTO_EccPrivateKey *key,
+GNUNET_NAMESTORE_block_create (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
 			       struct GNUNET_TIME_Absolute expire,
 			       const char *label,
 			       const struct GNUNET_NAMESTORE_RecordData *rd,
@@ -712,7 +712,7 @@ GNUNET_NAMESTORE_block_verify (const struct GNUNET_NAMESTORE_Block *block);
  */
 int
 GNUNET_NAMESTORE_block_decrypt (const struct GNUNET_NAMESTORE_Block *block,
-				const struct GNUNET_CRYPTO_EccPublicSignKey *zone_key,
+				const struct GNUNET_CRYPTO_EcdsaPublicKey *zone_key,
 				const char *label,
 				GNUNET_NAMESTORE_RecordCallback proc,
 				void *proc_cls);
diff --git a/src/include/gnunet_psyc_service.h b/src/include/gnunet_psyc_service.h
index e9f935de7f..7ac40a4c5d 100644
--- a/src/include/gnunet_psyc_service.h
+++ b/src/include/gnunet_psyc_service.h
@@ -210,7 +210,7 @@ struct GNUNET_PSYC_MessageMethod
    * Sending slave's public key. NULL if the message is from the master, or when
    * transmitting a message.
    */
-  struct GNUNET_CRYPTO_EccPublicSignKey slave_key;
+  struct GNUNET_CRYPTO_EddsaPublicKey slave_key;
 
   /* Followed by NUL-terminated method name. */
 };
@@ -305,7 +305,7 @@ struct GNUNET_PSYC_JoinHandle;
  */
 typedef int
 (*GNUNET_PSYC_Method) (void *cls,
-                       const struct GNUNET_CRYPTO_EccPublicSignKey *slave_key,
+                       const struct GNUNET_CRYPTO_EddsaPublicKey *slave_key,
                        uint64_t message_id,
                        const char *method_name,
                        size_t modifier_count,
@@ -331,7 +331,7 @@ typedef int
  */
 typedef int
 (*GNUNET_PSYC_JoinCallback) (void *cls,
-                             const struct GNUNET_CRYPTO_EccPublicSignKey
+                             const struct GNUNET_CRYPTO_EddsaPublicKey
                              *slave_key,
                              const char *method_name,
                              size_t variable_count,
@@ -421,7 +421,7 @@ typedef void
  */
 struct GNUNET_PSYC_Master *
 GNUNET_PSYC_master_start (const struct GNUNET_CONFIGURATION_Handle *cfg,
-                          const struct GNUNET_CRYPTO_EccPrivateKey *channel_key,
+                          const struct GNUNET_CRYPTO_EddsaPrivateKey *channel_key,
                           enum GNUNET_PSYC_Policy policy,
                           GNUNET_PSYC_Method method,
                           GNUNET_PSYC_JoinCallback join_cb,
@@ -579,8 +579,8 @@ typedef void
  */
 struct GNUNET_PSYC_Slave *
 GNUNET_PSYC_slave_join (const struct GNUNET_CONFIGURATION_Handle *cfg,
-                        const struct GNUNET_CRYPTO_EccPublicSignKey *channel_key,
-                        const struct GNUNET_CRYPTO_EccPrivateKey *slave_key,
+                        const struct GNUNET_CRYPTO_EddsaPublicKey *channel_key,
+                        const struct GNUNET_CRYPTO_EddsaPrivateKey *slave_key,
                         const struct GNUNET_PeerIdentity *origin,
                         size_t relay_count,
                         const struct GNUNET_PeerIdentity *relays,
@@ -732,7 +732,7 @@ GNUNET_PSYC_slave_get_channel (struct GNUNET_PSYC_Slave *slave);
  */
 void
 GNUNET_PSYC_channel_slave_add (struct GNUNET_PSYC_Channel *channel,
-                               const struct GNUNET_CRYPTO_EccPublicSignKey
+                               const struct GNUNET_CRYPTO_EddsaPublicKey
                                *slave_key,
                                uint64_t announced_at,
                                uint64_t effective_since);
@@ -761,7 +761,7 @@ GNUNET_PSYC_channel_slave_add (struct GNUNET_PSYC_Channel *channel,
  */
 void
 GNUNET_PSYC_channel_slave_remove (struct GNUNET_PSYC_Channel *channel,
-                                  const struct GNUNET_CRYPTO_EccPublicSignKey
+                                  const struct GNUNET_CRYPTO_EddsaPublicKey
                                   *slave_key,
                                   uint64_t announced_at);
 
diff --git a/src/include/gnunet_psycstore_plugin.h b/src/include/gnunet_psycstore_plugin.h
index 8f86680439..7564ed4bd9 100644
--- a/src/include/gnunet_psycstore_plugin.h
+++ b/src/include/gnunet_psycstore_plugin.h
@@ -59,8 +59,8 @@ struct GNUNET_PSYCSTORE_PluginFunctions
    */
   int
   (*membership_store) (void *cls,
-                       const struct GNUNET_CRYPTO_EccPublicSignKey *channel_key,
-                       const struct GNUNET_CRYPTO_EccPublicSignKey *slave_key,
+                       const struct GNUNET_CRYPTO_EddsaPublicKey *channel_key,
+                       const struct GNUNET_CRYPTO_EddsaPublicKey *slave_key,
                        int did_join,
                        uint64_t announced_at,
                        uint64_t effective_since,
@@ -76,8 +76,8 @@ struct GNUNET_PSYCSTORE_PluginFunctions
    */
   int
   (*membership_test) (void *cls,
-                      const struct GNUNET_CRYPTO_EccPublicSignKey *channel_key,
-                      const struct GNUNET_CRYPTO_EccPublicSignKey *slave_key,
+                      const struct GNUNET_CRYPTO_EddsaPublicKey *channel_key,
+                      const struct GNUNET_CRYPTO_EddsaPublicKey *slave_key,
                       uint64_t message_id);
 
   /**
@@ -89,7 +89,7 @@ struct GNUNET_PSYCSTORE_PluginFunctions
    */
   int
   (*fragment_store) (void *cls,
-                     const struct GNUNET_CRYPTO_EccPublicSignKey *channel_key,
+                     const struct GNUNET_CRYPTO_EddsaPublicKey *channel_key,
                      const struct GNUNET_MULTICAST_MessageHeader *message,
                      uint32_t psycstore_flags);
 
@@ -107,7 +107,7 @@ struct GNUNET_PSYCSTORE_PluginFunctions
    */
   int
   (*message_add_flags) (void *cls,
-                        const struct GNUNET_CRYPTO_EccPublicSignKey *channel_key,
+                        const struct GNUNET_CRYPTO_EddsaPublicKey *channel_key,
                         uint64_t message_id,
                         uint64_t psycstore_flags);
 
@@ -120,7 +120,7 @@ struct GNUNET_PSYCSTORE_PluginFunctions
    */
   int
   (*fragment_get) (void *cls,
-                   const struct GNUNET_CRYPTO_EccPublicSignKey *channel_key,
+                   const struct GNUNET_CRYPTO_EddsaPublicKey *channel_key,
                    uint64_t fragment_id,
                    GNUNET_PSYCSTORE_FragmentCallback cb,
                    void *cb_cls);
@@ -134,7 +134,7 @@ struct GNUNET_PSYCSTORE_PluginFunctions
    */
   int
   (*message_get) (void *cls,
-                  const struct GNUNET_CRYPTO_EccPublicSignKey *channel_key,
+                  const struct GNUNET_CRYPTO_EddsaPublicKey *channel_key,
                   uint64_t message_id,
                   uint64_t *returned_fragments,
                   GNUNET_PSYCSTORE_FragmentCallback cb,
@@ -150,7 +150,7 @@ struct GNUNET_PSYCSTORE_PluginFunctions
    */
   int
   (*message_get_fragment) (void *cls,
-                           const struct GNUNET_CRYPTO_EccPublicSignKey *channel_key,
+                           const struct GNUNET_CRYPTO_EddsaPublicKey *channel_key,
                            uint64_t message_id,
                            uint64_t fragment_offset,
                            GNUNET_PSYCSTORE_FragmentCallback cb,
@@ -165,7 +165,7 @@ struct GNUNET_PSYCSTORE_PluginFunctions
    */
   int
   (*counters_message_get) (void *cls,
-                           const struct GNUNET_CRYPTO_EccPublicSignKey *channel_key,
+                           const struct GNUNET_CRYPTO_EddsaPublicKey *channel_key,
                            uint64_t *max_fragment_id,
                            uint64_t *max_message_id,
                            uint64_t *max_group_generation);
@@ -179,7 +179,7 @@ struct GNUNET_PSYCSTORE_PluginFunctions
    */
   int
   (*counters_state_get) (void *cls,
-                         const struct GNUNET_CRYPTO_EccPublicSignKey *channel_key,
+                         const struct GNUNET_CRYPTO_EddsaPublicKey *channel_key,
                          uint64_t *max_state_message_id);
 
 
@@ -192,7 +192,7 @@ struct GNUNET_PSYCSTORE_PluginFunctions
    */
   int
   (*state_modify_begin) (void *cls,
-                         const struct GNUNET_CRYPTO_EccPublicSignKey *channel_key,
+                         const struct GNUNET_CRYPTO_EddsaPublicKey *channel_key,
                          uint64_t message_id, uint64_t state_delta);
 
   /**
@@ -208,7 +208,7 @@ struct GNUNET_PSYCSTORE_PluginFunctions
    */
   int
   (*state_modify_set) (void *cls,
-                       const struct GNUNET_CRYPTO_EccPublicSignKey *channel_key,
+                       const struct GNUNET_CRYPTO_EddsaPublicKey *channel_key,
                        const char *name, const void *value, size_t value_size);
 
 
@@ -221,7 +221,7 @@ struct GNUNET_PSYCSTORE_PluginFunctions
    */
   int
   (*state_modify_end) (void *cls,
-                       const struct GNUNET_CRYPTO_EccPublicSignKey *channel_key,
+                       const struct GNUNET_CRYPTO_EddsaPublicKey *channel_key,
                        uint64_t message_id);
 
 
@@ -234,7 +234,7 @@ struct GNUNET_PSYCSTORE_PluginFunctions
    */
   int
   (*state_sync_begin) (void *cls,
-                         const struct GNUNET_CRYPTO_EccPublicSignKey *channel_key);
+                         const struct GNUNET_CRYPTO_EddsaPublicKey *channel_key);
 
   /**
    * Set the value of a state variable while synchronizing state.
@@ -249,7 +249,7 @@ struct GNUNET_PSYCSTORE_PluginFunctions
    */
   int
   (*state_sync_set) (void *cls,
-                     const struct GNUNET_CRYPTO_EccPublicSignKey *channel_key,
+                     const struct GNUNET_CRYPTO_EddsaPublicKey *channel_key,
                      const char *name, const void *value, size_t value_size);
 
 
@@ -262,7 +262,7 @@ struct GNUNET_PSYCSTORE_PluginFunctions
    */
   int
   (*state_sync_end) (void *cls,
-                     const struct GNUNET_CRYPTO_EccPublicSignKey *channel_key,
+                     const struct GNUNET_CRYPTO_EddsaPublicKey *channel_key,
                      uint64_t message_id);
 
 
@@ -277,7 +277,7 @@ struct GNUNET_PSYCSTORE_PluginFunctions
    */
   int
   (*state_reset) (void *cls,
-                  const struct GNUNET_CRYPTO_EccPublicSignKey *channel_key);
+                  const struct GNUNET_CRYPTO_EddsaPublicKey *channel_key);
 
   /**
    * Update signed state values from the current ones.
@@ -286,7 +286,7 @@ struct GNUNET_PSYCSTORE_PluginFunctions
    */
   int
   (*state_update_signed) (void *cls,
-                          const struct GNUNET_CRYPTO_EccPublicSignKey *channel_key);
+                          const struct GNUNET_CRYPTO_EddsaPublicKey *channel_key);
 
 
   /**
@@ -296,7 +296,7 @@ struct GNUNET_PSYCSTORE_PluginFunctions
    */
   int
   (*state_get) (void *cls,
-                const struct GNUNET_CRYPTO_EccPublicSignKey *channel_key,
+                const struct GNUNET_CRYPTO_EddsaPublicKey *channel_key,
                 const char *name,
                 GNUNET_PSYCSTORE_StateCallback cb,
                 void *cb_cls);
@@ -310,7 +310,7 @@ struct GNUNET_PSYCSTORE_PluginFunctions
    */
   int
   (*state_get_prefix) (void *cls,
-                       const struct GNUNET_CRYPTO_EccPublicSignKey *channel_key,
+                       const struct GNUNET_CRYPTO_EddsaPublicKey *channel_key,
                        const char *name,
                        GNUNET_PSYCSTORE_StateCallback cb,
                        void *cb_cls);
@@ -323,7 +323,7 @@ struct GNUNET_PSYCSTORE_PluginFunctions
    */
   int
   (*state_get_signed) (void *cls,
-                       const struct GNUNET_CRYPTO_EccPublicSignKey *channel_key,
+                       const struct GNUNET_CRYPTO_EddsaPublicKey *channel_key,
                        GNUNET_PSYCSTORE_StateCallback cb,
                        void *cb_cls);
 
diff --git a/src/include/gnunet_psycstore_service.h b/src/include/gnunet_psycstore_service.h
index 25d4339a3d..5f4a32b7bd 100644
--- a/src/include/gnunet_psycstore_service.h
+++ b/src/include/gnunet_psycstore_service.h
@@ -133,8 +133,8 @@ typedef void
  */
 struct GNUNET_PSYCSTORE_OperationHandle *
 GNUNET_PSYCSTORE_membership_store (struct GNUNET_PSYCSTORE_Handle *h,
-                                   const struct GNUNET_CRYPTO_EccPublicSignKey *channel_key,
-                                   const struct GNUNET_CRYPTO_EccPublicSignKey *slave_key,
+                                   const struct GNUNET_CRYPTO_EddsaPublicKey *channel_key,
+                                   const struct GNUNET_CRYPTO_EddsaPublicKey *slave_key,
                                    int did_join,
                                    uint64_t announced_at,
                                    uint64_t effective_since,
@@ -165,8 +165,8 @@ GNUNET_PSYCSTORE_membership_store (struct GNUNET_PSYCSTORE_Handle *h,
  */
 struct GNUNET_PSYCSTORE_OperationHandle *
 GNUNET_PSYCSTORE_membership_test (struct GNUNET_PSYCSTORE_Handle *h,
-                                  const struct GNUNET_CRYPTO_EccPublicSignKey *channel_key,
-                                  const struct GNUNET_CRYPTO_EccPublicSignKey *slave_key,
+                                  const struct GNUNET_CRYPTO_EddsaPublicKey *channel_key,
+                                  const struct GNUNET_CRYPTO_EddsaPublicKey *slave_key,
                                   uint64_t message_id,
                                   uint64_t group_generation,
                                   GNUNET_PSYCSTORE_ResultCallback rcb,
@@ -188,7 +188,7 @@ GNUNET_PSYCSTORE_membership_test (struct GNUNET_PSYCSTORE_Handle *h,
  */
 struct GNUNET_PSYCSTORE_OperationHandle *
 GNUNET_PSYCSTORE_fragment_store (struct GNUNET_PSYCSTORE_Handle *h,
-                                 const struct GNUNET_CRYPTO_EccPublicSignKey *channel_key,
+                                 const struct GNUNET_CRYPTO_EddsaPublicKey *channel_key,
                                  const struct GNUNET_MULTICAST_MessageHeader *message,
                                  uint32_t psycstore_flags,
                                  GNUNET_PSYCSTORE_ResultCallback rcb,
@@ -227,7 +227,7 @@ typedef int
  */
 struct GNUNET_PSYCSTORE_OperationHandle *
 GNUNET_PSYCSTORE_fragment_get (struct GNUNET_PSYCSTORE_Handle *h,
-                               const struct GNUNET_CRYPTO_EccPublicSignKey *channel_key,
+                               const struct GNUNET_CRYPTO_EddsaPublicKey *channel_key,
                                uint64_t fragment_id,
                                GNUNET_PSYCSTORE_FragmentCallback fcb,
                                GNUNET_PSYCSTORE_ResultCallback rcb,
@@ -248,7 +248,7 @@ GNUNET_PSYCSTORE_fragment_get (struct GNUNET_PSYCSTORE_Handle *h,
  */
 struct GNUNET_PSYCSTORE_OperationHandle *
 GNUNET_PSYCSTORE_message_get (struct GNUNET_PSYCSTORE_Handle *h,
-                              const struct GNUNET_CRYPTO_EccPublicSignKey *channel_key,
+                              const struct GNUNET_CRYPTO_EddsaPublicKey *channel_key,
                               uint64_t message_id,
                               GNUNET_PSYCSTORE_FragmentCallback fcb,
                               GNUNET_PSYCSTORE_ResultCallback rcb,
@@ -271,7 +271,7 @@ GNUNET_PSYCSTORE_message_get (struct GNUNET_PSYCSTORE_Handle *h,
  */
 struct GNUNET_PSYCSTORE_OperationHandle *
 GNUNET_PSYCSTORE_message_get_fragment (struct GNUNET_PSYCSTORE_Handle *h,
-                                       const struct GNUNET_CRYPTO_EccPublicSignKey *channel_key,
+                                       const struct GNUNET_CRYPTO_EddsaPublicKey *channel_key,
                                        uint64_t message_id,
                                        uint64_t fragment_offset,
                                        GNUNET_PSYCSTORE_FragmentCallback fcb,
@@ -316,7 +316,7 @@ typedef void
  */
 struct GNUNET_PSYCSTORE_OperationHandle *
 GNUNET_PSYCSTORE_counters_get (struct GNUNET_PSYCSTORE_Handle *h,
-                               struct GNUNET_CRYPTO_EccPublicSignKey *channel_key,
+                               struct GNUNET_CRYPTO_EddsaPublicKey *channel_key,
                                GNUNET_PSYCSTORE_CountersCallback ccb,
                                void *ccb_cls);
 
@@ -340,7 +340,7 @@ GNUNET_PSYCSTORE_counters_get (struct GNUNET_PSYCSTORE_Handle *h,
  */
 struct GNUNET_PSYCSTORE_OperationHandle *
 GNUNET_PSYCSTORE_state_modify (struct GNUNET_PSYCSTORE_Handle *h,
-                               const struct GNUNET_CRYPTO_EccPublicSignKey *channel_key,
+                               const struct GNUNET_CRYPTO_EddsaPublicKey *channel_key,
                                uint64_t message_id,
                                uint64_t state_delta,
                                size_t modifier_count,
@@ -364,7 +364,7 @@ GNUNET_PSYCSTORE_state_modify (struct GNUNET_PSYCSTORE_Handle *h,
  */
 struct GNUNET_PSYCSTORE_OperationHandle *
 GNUNET_PSYCSTORE_state_sync (struct GNUNET_PSYCSTORE_Handle *h,
-                             const struct GNUNET_CRYPTO_EccPublicSignKey *channel_key,
+                             const struct GNUNET_CRYPTO_EddsaPublicKey *channel_key,
                              uint64_t message_id,
                              size_t modifier_count,
                              const struct GNUNET_ENV_Modifier *modifiers,
@@ -387,7 +387,7 @@ GNUNET_PSYCSTORE_state_sync (struct GNUNET_PSYCSTORE_Handle *h,
  */
 struct GNUNET_PSYCSTORE_OperationHandle *
 GNUNET_PSYCSTORE_state_reset (struct GNUNET_PSYCSTORE_Handle *h,
-                              const struct GNUNET_CRYPTO_EccPublicSignKey
+                              const struct GNUNET_CRYPTO_EddsaPublicKey
                               *channel_key,
                               GNUNET_PSYCSTORE_ResultCallback rcb,
                               void *rcb_cls);
@@ -406,7 +406,7 @@ GNUNET_PSYCSTORE_state_reset (struct GNUNET_PSYCSTORE_Handle *h,
  */
 struct GNUNET_PSYCSTORE_OperationHandle *
 GNUNET_PSYCSTORE_state_hash_update (struct GNUNET_PSYCSTORE_Handle *h,
-                                    const struct GNUNET_CRYPTO_EccPublicSignKey *channel_key,
+                                    const struct GNUNET_CRYPTO_EddsaPublicKey *channel_key,
                                     uint64_t message_id,
                                     const struct GNUNET_HashCode *hash,
                                     GNUNET_PSYCSTORE_ResultCallback rcb,
@@ -444,7 +444,7 @@ typedef int
  */
 struct GNUNET_PSYCSTORE_OperationHandle *
 GNUNET_PSYCSTORE_state_get (struct GNUNET_PSYCSTORE_Handle *h,
-                            const struct GNUNET_CRYPTO_EccPublicSignKey *channel_key,
+                            const struct GNUNET_CRYPTO_EddsaPublicKey *channel_key,
                             const char *name,
                             GNUNET_PSYCSTORE_StateCallback scb,
                             GNUNET_PSYCSTORE_ResultCallback rcb,
@@ -465,7 +465,7 @@ GNUNET_PSYCSTORE_state_get (struct GNUNET_PSYCSTORE_Handle *h,
  */
 struct GNUNET_PSYCSTORE_OperationHandle *
 GNUNET_PSYCSTORE_state_get_prefix (struct GNUNET_PSYCSTORE_Handle *h,
-                                   const struct GNUNET_CRYPTO_EccPublicSignKey *channel_key,
+                                   const struct GNUNET_CRYPTO_EddsaPublicKey *channel_key,
                                    const char *name_prefix,
                                    GNUNET_PSYCSTORE_StateCallback scb,
                                    GNUNET_PSYCSTORE_ResultCallback rcb,
diff --git a/src/include/gnunet_revocation_service.h b/src/include/gnunet_revocation_service.h
index 8809f9ece7..82decc30ba 100644
--- a/src/include/gnunet_revocation_service.h
+++ b/src/include/gnunet_revocation_service.h
@@ -73,7 +73,7 @@ typedef void (*GNUNET_REVOCATION_Callback) (void *cls,
  */
 struct GNUNET_REVOCATION_Query *
 GNUNET_REVOCATION_query (const struct GNUNET_CONFIGURATION_Handle *cfg,
-			 const struct GNUNET_CRYPTO_EccPublicSignKey *key,
+			 const struct GNUNET_CRYPTO_EcdsaPublicKey *key,
 			 GNUNET_REVOCATION_Callback func, void *func_cls);
 
 
@@ -109,8 +109,8 @@ struct GNUNET_REVOCATION_Handle;
  */
 struct GNUNET_REVOCATION_Handle *
 GNUNET_REVOCATION_revoke (const struct GNUNET_CONFIGURATION_Handle *cfg,
-			  const struct GNUNET_CRYPTO_EccPublicSignKey *key,
-			  const struct GNUNET_CRYPTO_EccSignature *sig,
+			  const struct GNUNET_CRYPTO_EcdsaPublicKey *key,
+			  const struct GNUNET_CRYPTO_EcdsaSignature *sig,
 			  uint64_t pow,
 			  GNUNET_REVOCATION_Callback func, void *func_cls);
 
@@ -134,7 +134,7 @@ GNUNET_REVOCATION_revoke_cancel (struct GNUNET_REVOCATION_Handle *h);
  * @return #GNUNET_YES if the @a pow is acceptable, #GNUNET_NO if not
  */
 int
-GNUNET_REVOCATION_check_pow (const struct GNUNET_CRYPTO_EccPublicSignKey *key,
+GNUNET_REVOCATION_check_pow (const struct GNUNET_CRYPTO_EcdsaPublicKey *key,
 			     uint64_t pow,
 			     unsigned int matching_bits);
 
@@ -146,8 +146,8 @@ GNUNET_REVOCATION_check_pow (const struct GNUNET_CRYPTO_EccPublicSignKey *key,
  * @param sig where to write the revocation signature
  */
 void
-GNUNET_REVOCATION_sign_revocation (const struct GNUNET_CRYPTO_EccPrivateKey *key,
-				   struct GNUNET_CRYPTO_EccSignature *sig);
+GNUNET_REVOCATION_sign_revocation (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
+				   struct GNUNET_CRYPTO_EcdsaSignature *sig);
 
 
 #if 0                           /* keep Emacsens' auto-indent happy */
diff --git a/src/include/gnunet_testing_lib.h b/src/include/gnunet_testing_lib.h
index 910662d3fa..1f27347ebe 100644
--- a/src/include/gnunet_testing_lib.h
+++ b/src/include/gnunet_testing_lib.h
@@ -48,7 +48,7 @@ extern "C"
 /**
  * Size of each hostkey in the hostkey file (in BYTES).
  */
-#define GNUNET_TESTING_HOSTKEYFILESIZE sizeof (struct GNUNET_CRYPTO_EccPrivateKey)
+#define GNUNET_TESTING_HOSTKEYFILESIZE sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey)
 
 /**
  * The environmental variable, if set, that dictates where testing should place
@@ -185,7 +185,7 @@ GNUNET_TESTING_system_destroy (struct GNUNET_TESTING_System *system,
  *        key; if NULL, GNUNET_SYSERR is returned immediately
  * @return NULL on error (not enough keys)
  */
-struct GNUNET_CRYPTO_EccPrivateKey *
+struct GNUNET_CRYPTO_EddsaPrivateKey *
 GNUNET_TESTING_hostkey_get (const struct GNUNET_TESTING_System *system,
 			    uint32_t key_number,
 			    struct GNUNET_PeerIdentity *id);