edwards25519

package
v0.0.0-...-fa48a8f Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 26, 2020 License: MIT Imports: 6 Imported by: 0

Documentation

Overview

Package ed25519 implements the Ed25519 signature algorithm. See https://ed25519.cr.yp.to/.

These functions are also compatible with the “Ed25519” function defined in https://tools.ietf.org/html/draft-irtf-cfrg-eddsa-05.

Index

Constants

View Source 
const (
	// SizePublicKey is the size, in bytes, of public keys as used in this package.
	SizePublicKey = 32
	// SizePrivateKey is the size, in bytes, of private keys as used in this package.
	SizePrivateKey = 64
	// SizeSignature is the size, in bytes, of signatures generated and verified by this package.
	SizeSignature = 64
)

Variables

View Source 
var A = FieldElement{
	486662, 0, 0, 0, 0,
}
View Source 
var SqrtM1 = FieldElement{
	1718705420411056, 234908883556509, 2233514472574048, 2117202627021982, 765476049583133,
}

Functions

func FeAdd 

func FeAdd(out, a, b *FieldElement)

FeAdd sets out = a + b. Long sequences of additions without reduction that let coefficients grow larger than 54 bits would be a problem. Paper cautions: "do not have such sequences of additions".

func FeCMove 

func FeCMove(f, g *FieldElement, b int32)

Replace (f,g) with (g,g) if b == 1; replace (f,g) with (f,g) if b == 0.

Preconditions: b in {0,1}.

func FeCopy 

func FeCopy(dst, src *FieldElement)

func FeFromBytes 

func FeFromBytes(v *FieldElement, x *[32]byte)

func FeInvert 

func FeInvert(out, z *FieldElement)

func FeIsNegative 

func FeIsNegative(f *FieldElement) byte

func FeIsNonZero 

func FeIsNonZero(f *FieldElement) int32

func FeMul 

func FeMul(out, a, b *FieldElement)

FeMul calculates out = a * b.

func FeNeg 

func FeNeg(out, a *FieldElement)

FeNeg sets out = -a

func FeOne 

func FeOne(fe *FieldElement)

func FeSquare 

func FeSquare(out, a *FieldElement)

FeSquare calculates out = a * a.

func FeSquare2 

func FeSquare2(out, a *FieldElement)

FeSquare2 calculates out = 2 * a * a.

func FeSub 

func FeSub(out, a, b *FieldElement)

FeSub sets out = a - b

func FeToBytes 

func FeToBytes(r *[32]byte, v *FieldElement)

func FeZero 

func FeZero(fe *FieldElement)

func GeDoubleScalarMultVartime 

func GeDoubleScalarMultVartime(r *ProjectiveGroupElement, a *[32]byte, A *ExtendedGroupElement, b *[32]byte)

GeDoubleScalarMultVartime sets r = a*A + b*B where a = a[0]+256*a[1]+...+256^31 a[31]. and b = b[0]+256*b[1]+...+256^31 b[31]. B is the Ed25519 base point (x,4/5) with x positive.

func GeScalarMult 

func GeScalarMult(h *ExtendedGroupElement, a *[32]byte, A *ExtendedGroupElement)

func GeScalarMultBase 

func GeScalarMultBase(h *ExtendedGroupElement, a *[32]byte)

GeScalarMultBase computes h = a*B, where 

a = a[0]+256*a[1]+...+256^31 a[31]
B is the Ed25519 base point (x,4/5) with x positive.

Preconditions: 

a[31] <= 127

func GenerateKey 

func GenerateKey(rand io.Reader) (publicKey PublicKey, privateKey PrivateKey, err error)

GenerateKey generates a public/private key pair using entropy from rand.

If rand is nil, crypto/rand.Reader will be used.

func PreComputedGroupElementCMove 

func PreComputedGroupElementCMove(t, u *PreComputedGroupElement, b int32)

func ScMulAdd 

func ScMulAdd(s, a, b, c *[32]byte)

Input: 

a[0]+256*a[1]+...+256^31*a[31] = a
b[0]+256*b[1]+...+256^31*b[31] = b
c[0]+256*c[1]+...+256^31*c[31] = c

Output: 

s[0]+256*s[1]+...+256^31*s[31] = (ab+c) mod l
where l = 2^252 + 27742317777372353535851937790883648493.

func ScReduce 

func ScReduce(out *[32]byte, s *[64]byte)

Input: 

s[0]+256*s[1]+...+256^63*s[63] = s

Output: 

s[0]+256*s[1]+...+256^31*s[31] = s mod l
where l = 2^252 + 27742317777372353535851937790883648493.

func Verify 

func Verify(publicKey PublicKey, message []byte, signature Signature) bool

Verify reports whether signature is a valid signature of message by publicKey.

Types

type CachedGroupElement 

type CachedGroupElement struct {
	Z, T2d FieldElement
	// contains filtered or unexported fields
}

type CompletedGroupElement 

type CompletedGroupElement struct {
	X, Y, Z, T FieldElement
}

func (*CompletedGroupElement) ToExtended 

func (p *CompletedGroupElement) ToExtended(r *ExtendedGroupElement)

func (*CompletedGroupElement) ToProjective 

func (p *CompletedGroupElement) ToProjective(r *ProjectiveGroupElement)

type ExtendedGroupElement 

type ExtendedGroupElement struct {
	X, Y, Z, T FieldElement
}

func (*ExtendedGroupElement) Double 

func (p *ExtendedGroupElement) Double(r *CompletedGroupElement)

func (*ExtendedGroupElement) FromBytes 

func (p *ExtendedGroupElement) FromBytes(s *[32]byte) bool

func (*ExtendedGroupElement) ToBytes 

func (p *ExtendedGroupElement) ToBytes(s *[32]byte)

func (*ExtendedGroupElement) ToCached 

func (p *ExtendedGroupElement) ToCached(r *CachedGroupElement)

func (*ExtendedGroupElement) ToProjective 

func (p *ExtendedGroupElement) ToProjective(r *ProjectiveGroupElement)

func (*ExtendedGroupElement) Zero 

func (p *ExtendedGroupElement) Zero()

type FieldElement 

type FieldElement [5]uint64

FieldElement represents an element of the field GF(2^255-19). An element t represents the integer t[0] + t[1]*2^51 + t[2]*2^102 + t[3]*2^153 + t[4]*2^204.

type PreComputedGroupElement 

type PreComputedGroupElement struct {
	// contains filtered or unexported fields
}

func (*PreComputedGroupElement) Zero 

func (p *PreComputedGroupElement) Zero()

type PrivateKey 

type PrivateKey [SizePrivateKey]byte

PrivateKey is the type of Ed25519 private keys.

func (PrivateKey) Public 

func (p PrivateKey) Public() PublicKey

Public returns the PublicKey corresponding to priv.

func (PrivateKey) Sign 

func (p PrivateKey) Sign(message []byte, opts crypto.SignerOpts) (signature Signature, err error)

Sign signs the given message with a private key..

Ed25519 performs two passes over messages to be signed and therefore cannot handle pre-hashed messages.

Thus opts.HashFunc() must return zero to indicate the message hasn't been hashed.

This can be achieved by passing crypto.Hash(0) as the value for opts.

type ProjectiveGroupElement 

type ProjectiveGroupElement struct {
	X, Y, Z FieldElement
}

func (*ProjectiveGroupElement) Double 

func (p *ProjectiveGroupElement) Double(r *CompletedGroupElement)

func (*ProjectiveGroupElement) ToBytes 

func (p *ProjectiveGroupElement) ToBytes(s *[32]byte)

func (*ProjectiveGroupElement) Zero 

func (p *ProjectiveGroupElement) Zero()

type PublicKey 

type PublicKey [SizePublicKey]byte

PublicKey is the type of Ed25519 public keys.

type Signature 

type Signature [SizeSignature]byte

Signature is type of Ed25519 signatures.

func Sign 

func Sign(privateKey PrivateKey, message []byte) Signature

Sign signs the message with privateKey and returns a signature.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.