ed448

package
v0.0.0-...-4223e8c Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 21, 2023 License: BSD-3-Clause Imports: 10 Imported by: 0

Documentation

Overview

Package ed448 implements Ed448 signature scheme as described in RFC-8032.

This package implements two signature variants. 

| Scheme Name | Sign Function     | Verification  | Context           |
|-------------|-------------------|---------------|-------------------|
| Ed448       | Sign              | Verify        | Yes, can be empty |
| Ed448Ph     | SignPh            | VerifyPh      | Yes, can be empty |
| All above   | (PrivateKey).Sign | VerifyAny     | As above          |

Specific functions for sign and verify are defined. A generic signing function for all schemes is available through the crypto.Signer interface, which is implemented by the PrivateKey type. A correspond all-in-one verification method is provided by the VerifyAny function.

Both schemes require a context string for domain separation. This parameter is passed using a SignerOptions struct defined in this package.

References:

Example (Ed448) 
package main

import (
	"crypto/rand"
	"fmt"

	"github.com/karalef/circl/sign/ed448"
)

func main() {
	// import "github.com/karalef/circl/sign/ed448"
	// import "crypto/rand"

	// Generating Alice's key pair
	pub, priv, err := ed448.GenerateKey(rand.Reader)
	if err != nil {
		panic("error on generating keys")
	}

	// Alice signs a message.
	message := []byte("A message to be signed")
	ctx := "This is a context string"
	signature := ed448.Sign(priv, message, ctx)

	// Anyone can verify the signature using Alice's public key.
	ok := ed448.Verify(pub, message, signature, ctx)
	fmt.Println(ok)
}

Output:

true

Index

Examples

Constants

View Source 
const (
	// ContextMaxSize is the maximum length (in bytes) allowed for context.
	ContextMaxSize = 255
	// PublicKeySize is the length in bytes of Ed448 public keys.
	PublicKeySize = 57
	// PrivateKeySize is the length in bytes of Ed448 private keys.
	PrivateKeySize = 114
	// SignatureSize is the length in bytes of signatures.
	SignatureSize = 114
	// SeedSize is the size, in bytes, of private key seeds. These are the private key representations used by RFC 8032.
	SeedSize = 57
)

Variables

This section is empty.

Functions

func GenerateKey 

func GenerateKey(rand io.Reader) (PublicKey, PrivateKey, error)

GenerateKey generates a public/private key pair using entropy from rand. If rand is nil, crypto/rand.Reader will be used.

func Sign 

func Sign(priv PrivateKey, message []byte, ctx string) []byte

Sign signs the message with privateKey and returns a signature. This function supports the signature variant defined in RFC-8032: Ed448, also known as the pure version of EdDSA. It will panic if len(privateKey) is not PrivateKeySize.

func SignPh 

func SignPh(priv PrivateKey, message []byte, ctx string) []byte

SignPh creates a signature of a message given a keypair. This function supports the signature variant defined in RFC-8032: Ed448ph, meaning it internally hashes the message using SHAKE-256. Context could be passed to this function, which length should be no more than 255. It can be empty.

Example 
package main

import (
	"crypto/rand"
	"fmt"

	"github.com/karalef/circl/sign/ed448"
)

func main() {
	// import "github.com/karalef/circl/sign/ed448"
	// import "crypto/rand"

	// Generating Alice's key pair
	pub, priv, err := ed448.GenerateKey(rand.Reader)
	if err != nil {
		panic("error on generating keys")
	}

	// Alice signs a message.
	message := []byte("A message to be signed")
	ctx := "This is a context string"
	signature := ed448.SignPh(priv, message, ctx)

	// Anyone can verify the signature using Alice's public key.
	ok := ed448.VerifyPh(pub, message, signature, ctx)
	fmt.Println(ok)
}

Output:

true

func Verify 

func Verify(public PublicKey, message, signature []byte, ctx string) bool

Verify returns true if the signature is valid. Failure cases are invalid signature, or when the public key cannot be decoded. This function supports the signature variant defined in RFC-8032: Ed448, also known as the pure version of EdDSA.

func VerifyAny 

func VerifyAny(public PublicKey, message, signature []byte, opts crypto.SignerOpts) bool

VerifyAny returns true if the signature is valid. Failure cases are invalid signature, or when the public key cannot be decoded. This function supports all the two signature variants defined in RFC-8032, namely Ed448 (or pure EdDSA) and Ed448Ph. The opts.HashFunc() must return zero, this can be achieved by passing crypto.Hash(0) as the value for opts. Use a SignerOptions struct to pass a context string for signing.

func VerifyPh 

func VerifyPh(public PublicKey, message, signature []byte, ctx string) bool

VerifyPh returns true if the signature is valid. Failure cases are invalid signature, or when the public key cannot be decoded. This function supports the signature variant defined in RFC-8032: Ed448ph, meaning it internally hashes the message using SHAKE-256. Context could be passed to this function, which length should be no more than 255. It can be empty.

Types

type PrivateKey 

type PrivateKey []byte

PrivateKey is the type of Ed448 private keys. It implements crypto.Signer.

func NewKeyFromSeed 

func NewKeyFromSeed(seed []byte) PrivateKey

NewKeyFromSeed calculates a private key from a seed. It will panic if len(seed) is not SeedSize. This function is provided for interoperability with RFC 8032. RFC 8032's private keys correspond to seeds in this package.

func (PrivateKey) Equal 

func (priv PrivateKey) Equal(x crypto.PrivateKey) bool

Equal reports whether priv and x have the same value.

func (PrivateKey) MarshalBinary 

func (priv PrivateKey) MarshalBinary() (data []byte, err error)

func (PrivateKey) Public 

func (priv PrivateKey) Public() crypto.PublicKey

Public returns the PublicKey corresponding to priv.

func (PrivateKey) Seed 

func (priv PrivateKey) Seed() []byte

Seed returns the private key seed corresponding to priv. It is provided for interoperability with RFC 8032. RFC 8032's private keys correspond to seeds in this package.

func (PrivateKey) Sign 

func (priv PrivateKey) Sign(
	rand io.Reader,
	message []byte,
	opts crypto.SignerOpts,
) (signature []byte, err error)

Sign creates a signature of a message given a key pair. This function supports all the two signature variants defined in RFC-8032, namely Ed448 (or pure EdDSA) and Ed448Ph. The opts.HashFunc() must return zero to the specify Ed448 variant. This can be achieved by passing crypto.Hash(0) as the value for opts. Use an Options struct to pass a bool indicating that the ed448Ph variant should be used. The struct can also be optionally used to pass a context string for signing.

type PublicKey 

type PublicKey []byte

PublicKey is the type of Ed448 public keys.

func (PublicKey) Equal 

func (pub PublicKey) Equal(x crypto.PublicKey) bool

Equal reports whether pub and x have the same value.

func (PublicKey) MarshalBinary 

func (pub PublicKey) MarshalBinary() (data []byte, err error)

type SchemeID 

type SchemeID uint

SchemeID is an identifier for each signature scheme. 

const (
	ED448 SchemeID = iota
	ED448Ph
)

type SignerOptions 

type SignerOptions struct {
	// Hash must be crypto.Hash(0) for both Ed448 and Ed448Ph.
	crypto.Hash

	// Context is an optional domain separation string for signing.
	// Its length must be less or equal than 255 bytes.
	Context string

	// Scheme is an identifier for choosing a signature scheme.
	Scheme SchemeID
}

SignerOptions implements crypto.SignerOpts and augments with parameters that are specific to the Ed448 signature schemes.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.