More new crypto: Ed25519 signatures.

node/C25519.hpp

@@ -33,9 +33,7 @@
 namespace ZeroTier {
 
 #define ZT_C25519_PUBLIC_KEY_LEN 64
-
 #define ZT_C25519_PRIVATE_KEY_LEN 64
-
 #define ZT_C25519_SIGNATURE_LEN 96
 
 /**
@@ -47,12 +45,17 @@ public:
 	/**
 	 * Public key (both crypto and signing)
 	 */
-	typedef Array<unsigned char,64> Public; // crypto key, signing key (both 32 bytes)
+	typedef Array<unsigned char,ZT_C25519_PUBLIC_KEY_LEN> Public; // crypto key, signing key (both 32 bytes)
 
 	/**
 	 * Private key (both crypto and signing)
 	 */
-	typedef Array<unsigned char,64> Private; // crypto key, signing key (both 32 bytes)
+	typedef Array<unsigned char,ZT_C25519_PRIVATE_KEY_LEN> Private; // crypto key, signing key (both 32 bytes)
+
+	/**
+	 * Message signature
+	 */
+	typedef Array<unsigned char,ZT_C25519_SIGNATURE_LEN> Signature;
 
 	/**
 	 * Public/private key pair
@@ -82,11 +85,69 @@ public:
 	static void agree(const Pair &mine,const Public &their,void *keybuf,unsigned int keylen)
 		throw();
 
+	/**
+	 * Sign a message with a sender's key pair
+	 *
+	 * This takes the SHA-521 of msg[] and then signs the first 32 bytes of this
+	 * digest, returning it and the 64-byte ed25519 signature in signature[].
+	 * This results in a signature that verifies both the signer's authenticity
+	 * and the integrity of the message.
+	 *
+	 * This is based on the original ed25519 code from NaCl and the SUPERCOP
+	 * cipher benchmark suite, but with the modification that it always
+	 * produces a signature of fixed 96-byte length based on the hash of an
+	 * arbitrary-length message.
+	 *
+	 * @param Key pair to sign with
+	 * @param msg Message to sign
+	 * @param len Length of message in bytes
+	 * @param signature Buffer to fill with signature -- MUST be 96 bytes in length
+	 */
 	static void sign(const Pair &mine,const void *msg,unsigned int len,void *signature)
 		throw();
 
+	/**
+	 * Sign a message with a sender's key pair
+	 *
+	 * @param Key pair to sign with
+	 * @param msg Message to sign
+	 * @param len Length of message in bytes
+	 * @return Signature
+	 */
+	static Signature sign(const Pair &mine,const void *msg,unsigned int len)
+		throw()
+	{
+		Signature sig;
+		sign(mine,msg,len,sig.data);
+		return sig;
+	}
+
+	/**
+	 * Verify a message's signature
+	 *
+	 * @param their Public key to verify against
+	 * @param msg Message to verify signature integrity against
+	 * @param len Length of message in bytes
+	 * @param signature 96-byte signature
+	 * @return True if signature is valid and the message is authentic and unmodified
+	 */
 	static bool verify(const Public &their,const void *msg,unsigned int len,const void *signature)
 		throw();
+
+	/**
+	 * Verify a message's signature
+	 *
+	 * @param their Public key to verify against
+	 * @param msg Message to verify signature integrity against
+	 * @param len Length of message in bytes
+	 * @param signature 96-byte signature
+	 * @return True if signature is valid and the message is authentic and unmodified
+	 */
+	static inline bool verify(const Public &their,const void *msg,unsigned int len,const Signature &signature)
+		throw()
+	{
+		return verify(their,msg,len,signature.data);
+	}
 };
 
 } // namespace ZeroTier