mirror of
https://github.com/zerotier/ZeroTierOne.git
synced 2025-06-06 12:33:44 +02:00
More ECC work to prep for a FIPS mode
This commit is contained in:
parent
307befa892
commit
5b7e1ceb68
2 changed files with 36 additions and 5 deletions
|
@ -8,15 +8,10 @@ Derived from public domain code by D. J. Bernstein.
|
||||||
// This code remains in the public domain.
|
// This code remains in the public domain.
|
||||||
|
|
||||||
#include <stdint.h>
|
#include <stdint.h>
|
||||||
#include <stdlib.h>
|
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
|
|
||||||
#include "Constants.hpp"
|
|
||||||
#include "ECC.hpp"
|
#include "ECC.hpp"
|
||||||
#include "SHA512.hpp"
|
#include "SHA512.hpp"
|
||||||
#include "Buffer.hpp"
|
|
||||||
#include "Hashtable.hpp"
|
|
||||||
#include "Mutex.hpp"
|
|
||||||
|
|
||||||
#ifdef __WINDOWS__
|
#ifdef __WINDOWS__
|
||||||
#pragma warning(disable: 4146)
|
#pragma warning(disable: 4146)
|
||||||
|
|
36
node/ECC.hpp
36
node/ECC.hpp
|
@ -11,11 +11,45 @@
|
||||||
*/
|
*/
|
||||||
/****/
|
/****/
|
||||||
|
|
||||||
|
/*
|
||||||
|
* This file defines the elliptic curve crypto used for ZeroTier V1. The normal
|
||||||
|
* public version uses C25519 and Ed25519, while the FIPS version uses NIST.
|
||||||
|
* FIPS builds are completely incompatible with regular ZeroTier, but that's
|
||||||
|
* fine since FIPS users typically want a fully isolated private network. If you
|
||||||
|
* are not such a user you probably don't want this.
|
||||||
|
*/
|
||||||
|
|
||||||
#ifndef ZT_ECC_HPP
|
#ifndef ZT_ECC_HPP
|
||||||
#define ZT_ECC_HPP
|
#define ZT_ECC_HPP
|
||||||
|
|
||||||
#include "Utils.hpp"
|
#include "Utils.hpp"
|
||||||
|
|
||||||
|
#ifdef ZT_FIPS
|
||||||
|
|
||||||
|
/* FIPS140/NIST ECC cryptography */
|
||||||
|
/* Note that to be FIPS we also need to link against a FIPS-certified library. */
|
||||||
|
|
||||||
|
#include <openssl/evp.h>
|
||||||
|
#include <openssl/ec.h>
|
||||||
|
#include <openssl/err.h>
|
||||||
|
#include <openssl/pem.h>
|
||||||
|
#include <openssl/bn.h>
|
||||||
|
|
||||||
|
#define ZT_ECC_PUBLIC_KEY_SET_LEN (97 * 2) /* Two ECC P-384 keys */
|
||||||
|
#define ZT_ECC_PRIVATE_KEY_SET_LEN (48 * 2) /* Two ECC P-384 secret keys */
|
||||||
|
#define ZT_ECC_SIGNATURE_LEN 96 /* NIST P-384 ECDSA signature */
|
||||||
|
|
||||||
|
class ECC
|
||||||
|
{
|
||||||
|
public:
|
||||||
|
struct Public { uint8_t data[ZT_ECC_PUBLIC_KEY_SET_LEN]; };
|
||||||
|
struct Private { uint8_t data[ZT_ECC_PRIVATE_KEY_SET_LEN]; };
|
||||||
|
struct Signature { uint8_t data[ZT_ECC_SIGNATURE_LEN]; };
|
||||||
|
struct Pair { Public pub; Private priv; };
|
||||||
|
};
|
||||||
|
|
||||||
|
#else // Curve25519 / Ed25519
|
||||||
|
|
||||||
namespace ZeroTier {
|
namespace ZeroTier {
|
||||||
|
|
||||||
#define ZT_ECC_PUBLIC_KEY_SET_LEN 64
|
#define ZT_ECC_PUBLIC_KEY_SET_LEN 64
|
||||||
|
@ -166,3 +200,5 @@ private:
|
||||||
} // namespace ZeroTier
|
} // namespace ZeroTier
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#endif
|
||||||
|
|
Loading…
Add table
Reference in a new issue