Add test vectors for ensuring identical C25519 operation across systems.

node/C25519.cpp

@@ -2151,6 +2151,10 @@ static void get_hram(unsigned char *hram, const unsigned char *sm, const unsigne
   SHA512::hash(hram,playground,(unsigned int)smlen);
 }
 
+// This is the original sign and verify code -- the versions in sign() and
+// verify() below the fold are slightly modified in terms of how they behave
+// in relation to the message, but the algorithms are the same.
+
 #if 0
 int crypto_sign_keypair(
     unsigned char *pk,

node/Poly1305.cpp

@@ -138,7 +138,7 @@ static int crypto_onetimeauth(unsigned char *out,const unsigned char *in,unsigne
 //////////////////////////////////////////////////////////////////////////////
 //////////////////////////////////////////////////////////////////////////////
 
-void Poly1305::computeAuthCode(void *auth,const void *data,unsigned int len,const void *key)
+void Poly1305::mac(void *auth,const void *data,unsigned int len,const void *key)
 	throw()
 {
 	crypto_onetimeauth((unsigned char *)auth,(const unsigned char *)data,len,(const unsigned char *)key);

node/Poly1305.hpp

@@ -30,8 +30,16 @@
 
 namespace ZeroTier {
 
+#define ZT_POLY1305_KEY_LEN 32
+#define ZT_POLY1305_MAC_LEN 16
+
 /**
  * Poly1305 one-time authentication code
+ *
+ * This takes a one-time-use 32-byte key and generates a 16-byte message
+ * authentication code. The key must never be re-used for a different
+ * message. Normally this is done by taking a base key and mangling it
+ * using a nonce and possibly other data, as in Packet.
  */
 class Poly1305
 {
@@ -44,7 +52,7 @@ public:
 	 * @param len Length of data to authenticate in bytes
 	 * @param key 32-byte one-time use key to authenticate data (must not be reused)
 	 */
-	static void computeAuthCode(void *auth,const void *data,unsigned int len,const void *key)
+	static void mac(void *auth,const void *data,unsigned int len,const void *key)
 		throw();
 };