Documentation
¶
Index ¶
- func CheckOnCurve(x, y []byte) bool
- func DerivePublic(priv []byte) (x, y []byte, err error)
- func GenerateKey(rand io.Reader) (priv, x, y []byte, err error)
- func Sign(id, pubx, puby []byte, rand io.Reader, priv, msg []byte) (r, s []byte, err error)
- func SignHashed(rand io.Reader, priv, e []byte) (r, s []byte, err error)
- func SignZa(rand io.Reader, priv, za, msg []byte) (r, s []byte, err error)
- func TestPrivateKey(priv []byte) int
- func Verify(id, pubx, puby, msg, r, s []byte) (bool, error)
- func VerifyHashed(pubx, puby, e, r, s []byte) (bool, error)
- func VerifyZa(pubx, puby, za, msg, r, s []byte) (bool, error)
- func ZA(id, pubx, puby []byte) (za []byte, err error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CheckOnCurve ¶
CheckOnCurve checks if the point given in x and y coordinates, lies on the curve.
func DerivePublic ¶
DerivePublic takes private key and return the X and Y coordinates of the corresponding public key.
func GenerateKey ¶
GenerateKey generate private key with provided random source note that private key will lie in range [1, n-2] as we need to calculate 1/(d + 1) for signature rand: must NOT be nil. Must be a cryptographically secure random number generator, usually caller can simply use rand.Reader from crypto/rand, but alternatives could be used especially a hardware backed one, as long as it is cryptographically secure x, y: the X and Y coordination of the public key in 32 bytes. Leading bytes could be zero so be cautious converting between byte array and big integer.
Security notes: private key is used as stack variable and then copied out so that this function can securely destroy the key material instead of leaving it in heap after generation
func Sign ¶
Sign takes user id, user public key coordinates, then calls ZA to derive the za value, and then calls SignZa, returns signature data. For random data generator, private key or return value, see SignHashed
func SignHashed ¶
SignHashed signs the data which have been hashed from message and public parameters.
rand: caller must supply a cryptographically secure random number generator e: the value from hashing the message and public parameters according to the spec priv: the private key has 32 big endian bytes and its encoded value shall not be n - 1 r, s: has 32 bytes each
Standard demands that priv should lie in [1, n-2], SignHashed only accepts private key in that range.
func SignZa ¶
SignZa takes the message data and za as calculated user hash which have been derived from user ID, curve public parameters, and user public key (see ZA), hash them together, calls SignHashed and returns signature data. For random data generator, private key or return value, see SignHashed
func TestPrivateKey ¶
TestPrivateKey tests if the priv has at most 32 bytes, and if it is in range [1, n-2] Returns the length difference if longer than 32, or -1 if not in the range, or 0 if everything checks out
TestPrivateKey runs in constant time.
func Verify ¶
Verify takes user id, user public key coordinates, then calls ZA to derive the za value, and then calls VerifyZa, returns verification result.
func VerifyHashed ¶
VerifyHashed verifies if a signature is valid or not. All parameters should be given in byte arrays big endian and in 32 bytes
Types ¶
This section is empty.
Source Files
Directories