From 09c8b4bbb37250df95ee898bcd6a0e090049d225 Mon Sep 17 00:00:00 2001 From: Adam Ierymenko Date: Fri, 13 Sep 2013 19:18:01 -0400 Subject: More new crypto: Ed25519 signatures. --- node/C25519.hpp | 69 +++++++++++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 65 insertions(+), 4 deletions(-) (limited to 'node/C25519.hpp') diff --git a/node/C25519.hpp b/node/C25519.hpp index 1260b9e1..cf6bd60e 100644 --- a/node/C25519.hpp +++ b/node/C25519.hpp @@ -33,9 +33,7 @@ namespace ZeroTier { #define ZT_C25519_PUBLIC_KEY_LEN 64 - #define ZT_C25519_PRIVATE_KEY_LEN 64 - #define ZT_C25519_SIGNATURE_LEN 96 /** @@ -47,12 +45,17 @@ public: /** * Public key (both crypto and signing) */ - typedef Array Public; // crypto key, signing key (both 32 bytes) + typedef Array Public; // crypto key, signing key (both 32 bytes) /** * Private key (both crypto and signing) */ - typedef Array Private; // crypto key, signing key (both 32 bytes) + typedef Array Private; // crypto key, signing key (both 32 bytes) + + /** + * Message signature + */ + typedef Array Signature; /** * Public/private key pair @@ -82,11 +85,69 @@ public: static void agree(const Pair &mine,const Public &their,void *keybuf,unsigned int keylen) throw(); + /** + * Sign a message with a sender's key pair + * + * This takes the SHA-521 of msg[] and then signs the first 32 bytes of this + * digest, returning it and the 64-byte ed25519 signature in signature[]. + * This results in a signature that verifies both the signer's authenticity + * and the integrity of the message. + * + * This is based on the original ed25519 code from NaCl and the SUPERCOP + * cipher benchmark suite, but with the modification that it always + * produces a signature of fixed 96-byte length based on the hash of an + * arbitrary-length message. + * + * @param Key pair to sign with + * @param msg Message to sign + * @param len Length of message in bytes + * @param signature Buffer to fill with signature -- MUST be 96 bytes in length + */ static void sign(const Pair &mine,const void *msg,unsigned int len,void *signature) throw(); + /** + * Sign a message with a sender's key pair + * + * @param Key pair to sign with + * @param msg Message to sign + * @param len Length of message in bytes + * @return Signature + */ + static Signature sign(const Pair &mine,const void *msg,unsigned int len) + throw() + { + Signature sig; + sign(mine,msg,len,sig.data); + return sig; + } + + /** + * Verify a message's signature + * + * @param their Public key to verify against + * @param msg Message to verify signature integrity against + * @param len Length of message in bytes + * @param signature 96-byte signature + * @return True if signature is valid and the message is authentic and unmodified + */ static bool verify(const Public &their,const void *msg,unsigned int len,const void *signature) throw(); + + /** + * Verify a message's signature + * + * @param their Public key to verify against + * @param msg Message to verify signature integrity against + * @param len Length of message in bytes + * @param signature 96-byte signature + * @return True if signature is valid and the message is authentic and unmodified + */ + static inline bool verify(const Public &their,const void *msg,unsigned int len,const Signature &signature) + throw() + { + return verify(their,msg,len,signature.data); + } }; } // namespace ZeroTier -- cgit v1.2.3