|
27 | 27 | extern "C" { |
28 | 28 | #endif |
29 | 29 |
|
30 | | -// Generates a new public/private key pair for use with GLOME. |
| 30 | +// glome_generate_key generates a new Curve25519 key pair suitable for use |
| 31 | +// with GLOME. Call this once per session to create an ephemeral identity; for |
| 32 | +// long-lived service keys, store the private key securely and derive the |
| 33 | +// public key with glome_derive_key instead. |
| 34 | +// |
| 35 | +// Parameters: |
| 36 | +// private_key - Output buffer of at least GLOME_MAX_PRIVATE_KEY_LENGTH bytes |
| 37 | +// that receives the newly generated private key. The caller |
| 38 | +// owns this buffer and is responsible for zeroing and freeing |
| 39 | +// it when no longer needed. |
| 40 | +// public_key - Output buffer of at least GLOME_MAX_PUBLIC_KEY_LENGTH bytes |
| 41 | +// that receives the corresponding public key. The caller owns |
| 42 | +// this buffer. |
| 43 | +// |
| 44 | +// Returns 0 on success, or a non-zero value if key generation fails (e.g. the |
| 45 | +// underlying random number source is unavailable). |
31 | 46 | int glome_generate_key(uint8_t private_key[GLOME_MAX_PRIVATE_KEY_LENGTH], |
32 | 47 | uint8_t public_key[GLOME_MAX_PUBLIC_KEY_LENGTH]); |
33 | 48 |
|
34 | | -// Derives the public key from the private key. |
| 49 | +// glome_derive_key derives the Curve25519 public key corresponding to a given |
| 50 | +// private key. Use this to recover or publish the public half of a previously |
| 51 | +// stored private key without regenerating the pair. |
| 52 | +// |
| 53 | +// Parameters: |
| 54 | +// private_key - Input buffer of at least GLOME_MAX_PRIVATE_KEY_LENGTH bytes |
| 55 | +// containing the private key. The caller retains ownership; |
| 56 | +// this function does not modify or store the private key. |
| 57 | +// public_key - Output buffer of at least GLOME_MAX_PUBLIC_KEY_LENGTH bytes |
| 58 | +// that receives the derived public key. The caller owns this |
| 59 | +// buffer. |
| 60 | +// |
| 61 | +// Returns 0 on success, or a non-zero value if derivation fails. |
35 | 62 | int glome_derive_key(const uint8_t private_key[GLOME_MAX_PRIVATE_KEY_LENGTH], |
36 | 63 | uint8_t public_key[GLOME_MAX_PUBLIC_KEY_LENGTH]); |
37 | 64 |
|
38 | | -// Generates or verifies the GLOME tag for the message. Requires passing in the |
39 | | -// private key of the local peer and the public key of the remote peer. |
| 65 | +// glome_tag generates or verifies a GLOME authentication tag for a message. |
| 66 | +// The tag has a size of GLOME_MAX_TAG_LENGTH bytes, computed over a shared |
| 67 | +// secret derived from a Diffie-Hellman exchange between the local private key |
| 68 | +// and the remote peer's public key. |
| 69 | +// |
| 70 | +// Use verify=false (tag generation) on the sending side to produce a tag that |
| 71 | +// authenticates a message to the remote peer. Use verify=true (tag |
| 72 | +// verification) on the receiving side to check that a tag received from the |
| 73 | +// remote peer is valid for the given message and counter value. |
| 74 | +// |
| 75 | +// Parameters: |
| 76 | +// verify - If false, generate a new tag and write it to `tag`. |
| 77 | +// If true, verify the tag in `tag` against the message and |
| 78 | +// return 0 on success or a non-zero value on mismatch. |
| 79 | +// counter - A per-message counter used to prevent replay attacks. |
| 80 | +// Both sides must agree on the counter value; it is typically |
| 81 | +// incremented for each message exchanged in a session. |
| 82 | +// private_key - Input buffer of at least GLOME_MAX_PRIVATE_KEY_LENGTH bytes |
| 83 | +// containing the local peer's private key. The caller retains |
| 84 | +// ownership; this function does not modify or store it. |
| 85 | +// peer_key - Input buffer of at least GLOME_MAX_PUBLIC_KEY_LENGTH bytes |
| 86 | +// containing the remote peer's public key. The caller retains |
| 87 | +// ownership; this function does not modify or store it. |
| 88 | +// message - Pointer to the message bytes to authenticate. May be NULL |
| 89 | +// if message_len is 0. The caller retains ownership. |
| 90 | +// message_len - Length of the message in bytes. |
| 91 | +// tag - When verify=false: output buffer of at least |
| 92 | +// GLOME_MAX_TAG_LENGTH bytes that receives the generated tag. |
| 93 | +// The caller owns this buffer. |
| 94 | +// When verify=true: input buffer of at least |
| 95 | +// GLOME_MAX_TAG_LENGTH bytes containing the tag to verify. |
| 96 | +// The caller retains ownership. |
| 97 | +// |
| 98 | +// Returns 0 on success. When verify=false, a non-zero value indicates a |
| 99 | +// failure to compute the shared secret or tag. When verify=true, a non-zero |
| 100 | +// value indicates that the tag is invalid or that computation failed. |
40 | 101 | int glome_tag(bool verify, unsigned char counter, |
41 | 102 | const uint8_t private_key[GLOME_MAX_PRIVATE_KEY_LENGTH], |
42 | 103 | const uint8_t peer_key[GLOME_MAX_PUBLIC_KEY_LENGTH], |
|
0 commit comments