TON of refactoring, moon/planet is DEAD, ECC P-384 is integrated (but not enabled), and multicast work and cleanup. Whew.

node/ECC384.hpp

@@ -61,12 +61,46 @@
 
 namespace ZeroTier {
 
+/**
+ * Generate a NIST P-384 key pair
+ * 
+ * @param pub Buffer to receive point compressed public key
+ * @param priv Buffer to receiver private key
+ */
 void ECC384GenerateKey(uint8_t pub[ZT_ECC384_PUBLIC_KEY_SIZE],uint8_t priv[ZT_ECC384_PRIVATE_KEY_SIZE]);
 
+/**
+ * Sign a hash with a NIST P-384 private key
+ * 
+ * The hash must be 48 bytes in size and is typically the first 48 bytes
+ * of a SHA512 hash or something similar. Extra bytes of course are ignored.
+ * 
+ * @param priv Private key
+ * @param hash 48-byte hash
+ * @param sig Buffer to receive signature
+ */
 void ECC384ECDSASign(const uint8_t priv[ZT_ECC384_PRIVATE_KEY_SIZE],const uint8_t hash[ZT_ECC384_SIGNATURE_HASH_SIZE],uint8_t sig[ZT_ECC384_SIGNATURE_SIZE]);
 
+/**
+ * Verify a signature
+ * 
+ * @param pub Public key
+ * @param hash 48-byte hash (usually first 48 bytes of SHA512(msg))
+ * @param sig Signature to check
+ * @return True if signature is valid
+ */
 bool ECC384ECDSAVerify(const uint8_t pub[ZT_ECC384_PUBLIC_KEY_SIZE],const uint8_t hash[ZT_ECC384_SIGNATURE_HASH_SIZE],const uint8_t sig[ZT_ECC384_SIGNATURE_SIZE]);
 
+/**
+ * Perform ECDH key agreement
+ * 
+ * The secret generated here is the raw 48-byte result of ECDH.
+ * It's typically hashed prior to use.
+ * 
+ * @param theirPub Remote public key
+ * @param ourPriv Local private key
+ * @param secret Buffer to receive 48-byte secret
+ */
 bool ECC384ECDH(const uint8_t theirPub[ZT_ECC384_PUBLIC_KEY_SIZE],const uint8_t ourPriv[ZT_ECC384_PRIVATE_KEY_SIZE],uint8_t secret[ZT_ECC384_SHARED_SECRET_SIZE]);
 
 } // namespace ZeroTier