2013-09-13 19:47:00 +00:00
|
|
|
/*
|
|
|
|
* ZeroTier One - Global Peer to Peer Ethernet
|
|
|
|
* Copyright (C) 2012-2013 ZeroTier Networks LLC
|
|
|
|
*
|
|
|
|
* This program is free software: you can redistribute it and/or modify
|
|
|
|
* it under the terms of the GNU General Public License as published by
|
|
|
|
* the Free Software Foundation, either version 3 of the License, or
|
|
|
|
* (at your option) any later version.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
*
|
|
|
|
* --
|
|
|
|
*
|
|
|
|
* ZeroTier may be used and distributed under the terms of the GPLv3, which
|
|
|
|
* are available at: http://www.gnu.org/licenses/gpl-3.0.html
|
|
|
|
*
|
|
|
|
* If you would like to embed ZeroTier into a commercial application or
|
|
|
|
* redistribute it in a modified binary form, please contact ZeroTier Networks
|
|
|
|
* LLC. Start here: http://www.zerotier.com/
|
|
|
|
*/
|
|
|
|
|
|
|
|
#ifndef _ZT_C25519_HPP
|
|
|
|
#define _ZT_C25519_HPP
|
|
|
|
|
|
|
|
#include "Array.hpp"
|
|
|
|
|
|
|
|
namespace ZeroTier {
|
|
|
|
|
2013-09-13 21:32:00 +00:00
|
|
|
#define ZT_C25519_PUBLIC_KEY_LEN 64
|
|
|
|
#define ZT_C25519_PRIVATE_KEY_LEN 64
|
|
|
|
#define ZT_C25519_SIGNATURE_LEN 96
|
|
|
|
|
2013-09-13 19:47:00 +00:00
|
|
|
/**
|
|
|
|
* C25519 elliptic curve key agreement and signing
|
|
|
|
*/
|
|
|
|
class C25519
|
|
|
|
{
|
|
|
|
public:
|
2013-09-13 21:32:00 +00:00
|
|
|
/**
|
|
|
|
* Public key (both crypto and signing)
|
|
|
|
*/
|
2013-09-13 23:18:01 +00:00
|
|
|
typedef Array<unsigned char,ZT_C25519_PUBLIC_KEY_LEN> Public; // crypto key, signing key (both 32 bytes)
|
2013-09-13 21:32:00 +00:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Private key (both crypto and signing)
|
|
|
|
*/
|
2013-09-13 23:18:01 +00:00
|
|
|
typedef Array<unsigned char,ZT_C25519_PRIVATE_KEY_LEN> Private; // crypto key, signing key (both 32 bytes)
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Message signature
|
|
|
|
*/
|
|
|
|
typedef Array<unsigned char,ZT_C25519_SIGNATURE_LEN> Signature;
|
2013-09-13 21:32:00 +00:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Public/private key pair
|
|
|
|
*/
|
2013-09-13 19:47:00 +00:00
|
|
|
typedef struct {
|
|
|
|
Public pub;
|
|
|
|
Private priv;
|
|
|
|
} Pair;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Generate a C25519 elliptic curve key pair
|
|
|
|
*/
|
2013-09-13 21:32:00 +00:00
|
|
|
static Pair generate()
|
|
|
|
throw();
|
2013-09-13 19:47:00 +00:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Perform C25519 ECC key agreement
|
|
|
|
*
|
|
|
|
* Actual key bytes are generated from one or more SHA-512 digests of
|
|
|
|
* the raw result of key agreement.
|
|
|
|
*
|
2013-09-16 13:20:59 +00:00
|
|
|
* @param mine My private key
|
2013-09-13 19:47:00 +00:00
|
|
|
* @param their Their public key
|
|
|
|
* @param keybuf Buffer to fill
|
|
|
|
* @param keylen Number of key bytes to generate
|
|
|
|
*/
|
2013-09-16 13:20:59 +00:00
|
|
|
static void agree(const Private &mine,const Public &their,void *keybuf,unsigned int keylen)
|
2013-09-13 21:32:00 +00:00
|
|
|
throw();
|
2013-09-16 13:20:59 +00:00
|
|
|
static inline void agree(const Pair &mine,const Public &their,void *keybuf,unsigned int keylen)
|
|
|
|
throw()
|
|
|
|
{
|
|
|
|
agree(mine.priv,their,keybuf,keylen);
|
|
|
|
}
|
2013-09-13 21:32:00 +00:00
|
|
|
|
2013-09-13 23:18:01 +00:00
|
|
|
/**
|
|
|
|
* Sign a message with a sender's key pair
|
|
|
|
*
|
|
|
|
* This takes the SHA-521 of msg[] and then signs the first 32 bytes of this
|
|
|
|
* digest, returning it and the 64-byte ed25519 signature in signature[].
|
|
|
|
* This results in a signature that verifies both the signer's authenticity
|
|
|
|
* and the integrity of the message.
|
|
|
|
*
|
|
|
|
* This is based on the original ed25519 code from NaCl and the SUPERCOP
|
|
|
|
* cipher benchmark suite, but with the modification that it always
|
|
|
|
* produces a signature of fixed 96-byte length based on the hash of an
|
|
|
|
* arbitrary-length message.
|
|
|
|
*
|
2013-09-16 13:20:59 +00:00
|
|
|
* @param myPrivate My private key
|
|
|
|
* @param myPublic My public key
|
2013-09-13 23:18:01 +00:00
|
|
|
* @param msg Message to sign
|
|
|
|
* @param len Length of message in bytes
|
|
|
|
* @param signature Buffer to fill with signature -- MUST be 96 bytes in length
|
|
|
|
*/
|
2013-09-16 13:20:59 +00:00
|
|
|
static void sign(const Private &myPrivate,const Public &myPublic,const void *msg,unsigned int len,void *signature)
|
2013-09-13 21:32:00 +00:00
|
|
|
throw();
|
2013-09-16 13:20:59 +00:00
|
|
|
static inline void sign(const Pair &mine,const void *msg,unsigned int len,void *signature)
|
|
|
|
throw()
|
|
|
|
{
|
|
|
|
sign(mine.priv,mine.pub,msg,len,signature);
|
|
|
|
}
|
2013-09-13 21:32:00 +00:00
|
|
|
|
2013-09-13 23:18:01 +00:00
|
|
|
/**
|
|
|
|
* Sign a message with a sender's key pair
|
|
|
|
*
|
2013-09-16 13:20:59 +00:00
|
|
|
* @param myPrivate My private key
|
|
|
|
* @param myPublic My public key
|
2013-09-13 23:18:01 +00:00
|
|
|
* @param msg Message to sign
|
|
|
|
* @param len Length of message in bytes
|
|
|
|
* @return Signature
|
|
|
|
*/
|
2013-09-16 13:20:59 +00:00
|
|
|
static inline Signature sign(const Private &myPrivate,const Public &myPublic,const void *msg,unsigned int len)
|
|
|
|
throw()
|
|
|
|
{
|
|
|
|
Signature sig;
|
|
|
|
sign(myPrivate,myPublic,msg,len,sig.data);
|
|
|
|
return sig;
|
|
|
|
}
|
|
|
|
static inline Signature sign(const Pair &mine,const void *msg,unsigned int len)
|
2013-09-13 23:18:01 +00:00
|
|
|
throw()
|
|
|
|
{
|
|
|
|
Signature sig;
|
2013-09-16 13:20:59 +00:00
|
|
|
sign(mine.priv,mine.pub,msg,len,sig.data);
|
2013-09-13 23:18:01 +00:00
|
|
|
return sig;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Verify a message's signature
|
|
|
|
*
|
|
|
|
* @param their Public key to verify against
|
|
|
|
* @param msg Message to verify signature integrity against
|
|
|
|
* @param len Length of message in bytes
|
|
|
|
* @param signature 96-byte signature
|
|
|
|
* @return True if signature is valid and the message is authentic and unmodified
|
|
|
|
*/
|
2013-09-13 21:32:00 +00:00
|
|
|
static bool verify(const Public &their,const void *msg,unsigned int len,const void *signature)
|
|
|
|
throw();
|
2013-09-13 23:18:01 +00:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Verify a message's signature
|
|
|
|
*
|
|
|
|
* @param their Public key to verify against
|
|
|
|
* @param msg Message to verify signature integrity against
|
|
|
|
* @param len Length of message in bytes
|
|
|
|
* @param signature 96-byte signature
|
|
|
|
* @return True if signature is valid and the message is authentic and unmodified
|
|
|
|
*/
|
|
|
|
static inline bool verify(const Public &their,const void *msg,unsigned int len,const Signature &signature)
|
|
|
|
throw()
|
|
|
|
{
|
|
|
|
return verify(their,msg,len,signature.data);
|
|
|
|
}
|
2013-09-13 19:47:00 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
} // namespace ZeroTier
|
|
|
|
|
|
|
|
#endif
|