Skip to content

Commit 6712b3c

Browse files
authored
glome: improve public API documentation in glome.h (#226)
* glome: improve public API documentation in glome.h Document all parameters, ownership semantics, and appropriate use cases for glome_generate_key, glome_derive_key, and glome_tag.
1 parent aaf02d6 commit 6712b3c

1 file changed

Lines changed: 65 additions & 4 deletions

File tree

glome.h

Lines changed: 65 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -27,16 +27,77 @@
2727
extern "C" {
2828
#endif
2929

30-
// Generates a new public/private key pair for use with GLOME.
30+
// glome_generate_key generates a new Curve25519 key pair suitable for use
31+
// with GLOME. Call this once per session to create an ephemeral identity; for
32+
// long-lived service keys, store the private key securely and derive the
33+
// public key with glome_derive_key instead.
34+
//
35+
// Parameters:
36+
// private_key - Output buffer of at least GLOME_MAX_PRIVATE_KEY_LENGTH bytes
37+
// that receives the newly generated private key. The caller
38+
// owns this buffer and is responsible for zeroing and freeing
39+
// it when no longer needed.
40+
// public_key - Output buffer of at least GLOME_MAX_PUBLIC_KEY_LENGTH bytes
41+
// that receives the corresponding public key. The caller owns
42+
// this buffer.
43+
//
44+
// Returns 0 on success, or a non-zero value if key generation fails (e.g. the
45+
// underlying random number source is unavailable).
3146
int glome_generate_key(uint8_t private_key[GLOME_MAX_PRIVATE_KEY_LENGTH],
3247
uint8_t public_key[GLOME_MAX_PUBLIC_KEY_LENGTH]);
3348

34-
// Derives the public key from the private key.
49+
// glome_derive_key derives the Curve25519 public key corresponding to a given
50+
// private key. Use this to recover or publish the public half of a previously
51+
// stored private key without regenerating the pair.
52+
//
53+
// Parameters:
54+
// private_key - Input buffer of at least GLOME_MAX_PRIVATE_KEY_LENGTH bytes
55+
// containing the private key. The caller retains ownership;
56+
// this function does not modify or store the private key.
57+
// public_key - Output buffer of at least GLOME_MAX_PUBLIC_KEY_LENGTH bytes
58+
// that receives the derived public key. The caller owns this
59+
// buffer.
60+
//
61+
// Returns 0 on success, or a non-zero value if derivation fails.
3562
int glome_derive_key(const uint8_t private_key[GLOME_MAX_PRIVATE_KEY_LENGTH],
3663
uint8_t public_key[GLOME_MAX_PUBLIC_KEY_LENGTH]);
3764

38-
// Generates or verifies the GLOME tag for the message. Requires passing in the
39-
// private key of the local peer and the public key of the remote peer.
65+
// glome_tag generates or verifies a GLOME authentication tag for a message.
66+
// The tag has a size of GLOME_MAX_TAG_LENGTH bytes, computed over a shared
67+
// secret derived from a Diffie-Hellman exchange between the local private key
68+
// and the remote peer's public key.
69+
//
70+
// Use verify=false (tag generation) on the sending side to produce a tag that
71+
// authenticates a message to the remote peer. Use verify=true (tag
72+
// verification) on the receiving side to check that a tag received from the
73+
// remote peer is valid for the given message and counter value.
74+
//
75+
// Parameters:
76+
// verify - If false, generate a new tag and write it to `tag`.
77+
// If true, verify the tag in `tag` against the message and
78+
// return 0 on success or a non-zero value on mismatch.
79+
// counter - A per-message counter used to prevent replay attacks.
80+
// Both sides must agree on the counter value; it is typically
81+
// incremented for each message exchanged in a session.
82+
// private_key - Input buffer of at least GLOME_MAX_PRIVATE_KEY_LENGTH bytes
83+
// containing the local peer's private key. The caller retains
84+
// ownership; this function does not modify or store it.
85+
// peer_key - Input buffer of at least GLOME_MAX_PUBLIC_KEY_LENGTH bytes
86+
// containing the remote peer's public key. The caller retains
87+
// ownership; this function does not modify or store it.
88+
// message - Pointer to the message bytes to authenticate. May be NULL
89+
// if message_len is 0. The caller retains ownership.
90+
// message_len - Length of the message in bytes.
91+
// tag - When verify=false: output buffer of at least
92+
// GLOME_MAX_TAG_LENGTH bytes that receives the generated tag.
93+
// The caller owns this buffer.
94+
// When verify=true: input buffer of at least
95+
// GLOME_MAX_TAG_LENGTH bytes containing the tag to verify.
96+
// The caller retains ownership.
97+
//
98+
// Returns 0 on success. When verify=false, a non-zero value indicates a
99+
// failure to compute the shared secret or tag. When verify=true, a non-zero
100+
// value indicates that the tag is invalid or that computation failed.
40101
int glome_tag(bool verify, unsigned char counter,
41102
const uint8_t private_key[GLOME_MAX_PRIVATE_KEY_LENGTH],
42103
const uint8_t peer_key[GLOME_MAX_PUBLIC_KEY_LENGTH],

0 commit comments

Comments
 (0)