edwards25519
packagestandard library
This package is not in the latest version of its module.
Details
Validgo.mod file
The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
- Redistributable license
Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
- Tagged version
Modules with tagged versions give importers more predictable builds.
- Stable version
When a project reaches major version v1 it is considered stable.
- Learn more about best practices
Repository
Links
Report a Vulnerability
Documentation¶
Overview¶
Package edwards25519 implements group logic for the twisted Edwards curve
-x^2 + y^2 = 1 + -(121665/121666)*x^2*y^2
This is better known as the Edwards curve equivalent to Curve25519, and isthe curve used by the Ed25519 signature scheme.
Most users don't need this package, and should instead use crypto/ed25519 forsignatures, golang.org/x/crypto/curve25519 for Diffie-Hellman, orgithub.com/gtank/ristretto255 for prime order group logic.
However, developers who do need to interact with low-level edwards25519operations can use filippo.io/edwards25519, an extended version of thispackage repackaged as an importable module.
(Note that filippo.io/edwards25519 and github.com/gtank/ristretto255 are notmaintained by the Go team and are not covered by the Go 1 Compatibility Promise.)
Index¶
- type Point
- func (v *Point) Add(p, q *Point) *Point
- func (v *Point) Bytes() []byte
- func (v *Point) Equal(u *Point) int
- func (v *Point) Negate(p *Point) *Point
- func (v *Point) ScalarBaseMult(x *Scalar) *Point
- func (v *Point) ScalarMult(x *Scalar, q *Point) *Point
- func (v *Point) Set(u *Point) *Point
- func (v *Point) SetBytes(x []byte) (*Point, error)
- func (v *Point) Subtract(p, q *Point) *Point
- func (v *Point) VarTimeDoubleScalarBaseMult(a *Scalar, A *Point, b *Scalar) *Point
- type Scalar
- func (s *Scalar) Add(x, y *Scalar) *Scalar
- func (s *Scalar) Bytes() []byte
- func (s *Scalar) Equal(t *Scalar) int
- func (s *Scalar) Multiply(x, y *Scalar) *Scalar
- func (s *Scalar) MultiplyAdd(x, y, z *Scalar) *Scalar
- func (s *Scalar) Negate(x *Scalar) *Scalar
- func (s *Scalar) Set(x *Scalar) *Scalar
- func (s *Scalar) SetBytesWithClamping(x []byte) (*Scalar, error)
- func (s *Scalar) SetCanonicalBytes(x []byte) (*Scalar, error)
- func (s *Scalar) SetUniformBytes(x []byte) (*Scalar, error)
- func (s *Scalar) Subtract(x, y *Scalar) *Scalar
Constants¶
This section is empty.
Variables¶
This section is empty.
Functions¶
This section is empty.
Types¶
typePoint¶
type Point struct {// contains filtered or unexported fields}Point represents a point on the edwards25519 curve.
This type works similarly to math/big.Int, and all arguments and receiversare allowed to alias.
The zero value is NOT valid, and it may be used only as a receiver.
funcNewGeneratorPoint¶
func NewGeneratorPoint() *Point
NewGeneratorPoint returns a new Point set to the canonical generator.
funcNewIdentityPoint¶
func NewIdentityPoint() *Point
NewIdentityPoint returns a new Point set to the identity.
func (*Point)Bytes¶
Bytes returns the canonical 32-byte encoding of v, according toRFC 8032,Section 5.1.2.
func (*Point)ScalarBaseMult¶
ScalarBaseMult sets v = x * B, where B is the canonical generator, andreturns v.
The scalar multiplication is done in constant time.
func (*Point)ScalarMult¶
ScalarMult sets v = x * q, and returns v.
The scalar multiplication is done in constant time.
func (*Point)SetBytes¶
SetBytes sets v = x, where x is a 32-byte encoding of v. If x does notrepresent a valid point on the curve, SetBytes returns nil and an error andthe receiver is unchanged. Otherwise, SetBytes returns v.
Note that SetBytes accepts all non-canonical encodings of valid points.That is, it follows decoding rules that match most implementations inthe ecosystem rather thanRFC 8032.
typeScalar¶
type Scalar struct {// contains filtered or unexported fields}A Scalar is an integer modulo
l = 2^252 + 27742317777372353535851937790883648493
which is the prime order of the edwards25519 group.
This type works similarly to math/big.Int, and all arguments andreceivers are allowed to alias.
The zero value is a valid zero element.
func (*Scalar)MultiplyAdd¶
MultiplyAdd sets s = x * y + z mod l, and returns s. It is equivalent tousing Multiply and then Add.
func (*Scalar)SetBytesWithClamping¶
SetBytesWithClamping applies the buffer pruning described inRFC 8032,Section 5.1.5 (also known as clamping) and sets s to the result. The inputmust be 32 bytes, and it is not modified. If x is not of the right length,SetBytesWithClamping returns nil and an error, and the receiver is unchanged.
Note that since Scalar values are always reduced modulo the prime order ofthe curve, the resulting value will not preserve any of the cofactor-clearingproperties that clamping is meant to provide. It will however work asexpected as long as it is applied to points on the prime order subgroup, likein Ed25519. In fact, it is lost to history whyRFC 8032 adopted theirrelevantRFC 7748 clamping, but it is now required for compatibility.
func (*Scalar)SetCanonicalBytes¶
SetCanonicalBytes sets s = x, where x is a 32-byte little-endian encoding ofs, and returns s. If x is not a canonical encoding of s, SetCanonicalBytesreturns nil and an error, and the receiver is unchanged.
func (*Scalar)SetUniformBytes¶
SetUniformBytes sets s = x mod l, where x is a 64-byte little-endian integer.If x is not of the right length, SetUniformBytes returns nil and an error,and the receiver is unchanged.
SetUniformBytes can be used to set s to a uniformly distributed value given64 uniformly distributed random bytes.
Source Files
Directories