Documentation ¶
Index ¶
- Constants
- Variables
- func BigIntPointToEncodedBytes(x *big.Int, y *big.Int) *[32]byte
- func BigIntToEncodedBytes(a *big.Int) *[32]byte
- func BigIntToEncodedBytesNoReverse(a *big.Int) *[32]byte
- func BigIntToFieldElement(a *big.Int) *edwards25519.FieldElement
- func Decrypt(curve *TwistedEdwardsCurve, priv *PrivateKey, in []byte) ([]byte, error)
- func EncodedBytesToBigInt(s *[32]byte) *big.Int
- func EncodedBytesToBigIntNoReverse(s *[32]byte) *big.Int
- func EncodedBytesToFieldElement(s *[32]byte) *edwards25519.FieldElement
- func Encrypt(curve *TwistedEdwardsCurve, pubkey *PublicKey, in []byte) ([]byte, error)
- func FieldElementToBigInt(fe *edwards25519.FieldElement) *big.Int
- func FieldElementToEncodedBytes(fe *edwards25519.FieldElement) *[32]byte
- func GenerateKey(curve *TwistedEdwardsCurve, rand io.Reader) (priv []byte, x, y *big.Int, err error)
- func GenerateKeyNew(rand io.Reader) (priv []byte, x, y *big.Int, err error)
- func GenerateNoncePair(curve *TwistedEdwardsCurve, msg []byte, privkey *PrivateKey, extra []byte, ...) (*PrivateKey, *PublicKey, error)
- func GenerateSharedSecret(privkey *PrivateKey, pubkey *PublicKey) []byte
- func Marshal(curve TwistedEdwardsCurve, x, y *big.Int) []byte
- func NonceRFC6979(curve *TwistedEdwardsCurve, privkey *big.Int, hash []byte, extra []byte, ...) *big.Int
- func PrivKeyFromBytes(curve *TwistedEdwardsCurve, pkBytes []byte) (*PrivateKey, *PublicKey)
- func PrivKeyFromScalar(curve *TwistedEdwardsCurve, p []byte) (*PrivateKey, *PublicKey, error)
- func PrivKeyFromSecret(curve *TwistedEdwardsCurve, s []byte) (*PrivateKey, *PublicKey)
- func ScalarAdd(a, b *big.Int) *big.Int
- func SchnorrPartialSign(curve *TwistedEdwardsCurve, msg []byte, priv *PrivateKey, groupPub *PublicKey, ...) (*big.Int, *big.Int, error)
- func Sign(curve *TwistedEdwardsCurve, priv *PrivateKey, hash []byte) (r, s *big.Int, err error)
- func SignFromScalar(curve *TwistedEdwardsCurve, priv *PrivateKey, nonce []byte, hash []byte) (r, s *big.Int, err error)
- func SignFromSecret(rand io.Reader, priv *PrivateKey, hash []byte) (r, s *big.Int, err error)
- func SignFromSecretNoReader(priv *PrivateKey, hash []byte) (r, s *big.Int, err error)
- func SignThreshold(curve *TwistedEdwardsCurve, priv *PrivateKey, groupPub *PublicKey, hash []byte, ...) (r, s *big.Int, err error)
- func Unmarshal(curve *TwistedEdwardsCurve, data []byte) (x, y *big.Int)
- func Verify(pub *PublicKey, hash []byte, r, s *big.Int) bool
- type PrivateKey
- type PublicKey
- func CombinePubkeys(curve *TwistedEdwardsCurve, pks []*PublicKey) *PublicKey
- func NewPublicKey(curve *TwistedEdwardsCurve, x *big.Int, y *big.Int) *PublicKey
- func ParsePubKey(curve *TwistedEdwardsCurve, pubKeyStr []byte) (key *PublicKey, err error)
- func RecoverCompact(signature, hash []byte) (*PublicKey, bool, error)
- func (p PublicKey) GetCurve() interface{}
- func (p PublicKey) GetType() int
- func (p PublicKey) GetX() *big.Int
- func (p PublicKey) GetY() *big.Int
- func (p PublicKey) Serialize() []byte
- func (p PublicKey) SerializeCompressed() []byte
- func (p PublicKey) SerializeHybrid() []byte
- func (p PublicKey) SerializeUncompressed() []byte
- func (p PublicKey) ToECDSA() *ecdsa.PublicKey
- type Signature
- func NewSignature(r, s *big.Int) *Signature
- func ParseDERSignature(curve *TwistedEdwardsCurve, sigStr []byte) (*Signature, error)
- func ParseSignature(curve *TwistedEdwardsCurve, sigStr []byte) (*Signature, error)
- func SchnorrCombineSigs(curve *TwistedEdwardsCurve, sigs []*Signature) (*Signature, error)
- type TwistedEdwardsCurve
- func (curve *TwistedEdwardsCurve) Add(x1, y1, x2, y2 *big.Int) (x, y *big.Int)
- func (curve *TwistedEdwardsCurve) Double(x1, y1 *big.Int) (x, y *big.Int)
- func (curve *TwistedEdwardsCurve) EncodedBytesToBigIntPoint(s *[32]byte) (*big.Int, *big.Int, error)
- func (curve *TwistedEdwardsCurve) InitParam25519()
- func (curve *TwistedEdwardsCurve) IsOnCurve(x *big.Int, y *big.Int) bool
- func (curve TwistedEdwardsCurve) Params() *elliptic.CurveParams
- func (curve *TwistedEdwardsCurve) RecoverXBigInt(xIsNeg bool, y *big.Int) *big.Int
- func (curve *TwistedEdwardsCurve) RecoverXFieldElement(xIsNeg bool, y *edwards25519.FieldElement) *edwards25519.FieldElement
- func (curve *TwistedEdwardsCurve) ScalarBaseMult(k []byte) (x, y *big.Int)
- func (curve *TwistedEdwardsCurve) ScalarMult(x1, y1 *big.Int, k []byte) (x, y *big.Int)
Constants ¶
const ( PrivScalarSize = 32 PrivKeyBytesLen = 64 )
These constants define the lengths of serialized private keys.
const (
PubKeyBytesLen = 32
)
These constants define the lengths of serialized public keys.
const SignatureSize = 64
SignatureSize is the size of an encoded ECDSA signature.
Variables ¶
var ( // ErrInvalidMAC occurs when Message Authentication Check (MAC) fails // during decryption. This happens because of either invalid private key or // corrupt ciphertext. ErrInvalidMAC = errors.New("invalid mac hash") )
var Sha512VersionStringRFC6979 = []byte("Edwards+SHA512 ")
Sha512VersionStringRFC6979 is the RFC6979 nonce version for a Schnorr signature over the Curve25519 curve using BLAKE256 as the hash function.
Functions ¶
func BigIntPointToEncodedBytes ¶
BigIntPointToEncodedBytes converts an affine point to a compressed 32 byte integer representation.
func BigIntToEncodedBytes ¶
BigIntToEncodedBytes converts a big integer into its corresponding 32 byte little endian representation.
func BigIntToEncodedBytesNoReverse ¶
BigIntToEncodedBytesNoReverse converts a big integer into its corresponding 32 byte big endian representation.
func BigIntToFieldElement ¶
func BigIntToFieldElement(a *big.Int) *edwards25519.FieldElement
BigIntToFieldElement converts a big little endian integer into its corresponding 40 byte field representation.
func Decrypt ¶
func Decrypt(curve *TwistedEdwardsCurve, priv *PrivateKey, in []byte) ([]byte, error)
Decrypt decrypts data that was encrypted using the Encrypt function.
func EncodedBytesToBigInt ¶
EncodedBytesToBigInt converts a 32 byte little endian representation of an integer into a big, big endian integer.
func EncodedBytesToBigIntNoReverse ¶
EncodedBytesToBigIntNoReverse converts a 32 byte big endian representation of an integer into a big little endian integer.
func EncodedBytesToFieldElement ¶
func EncodedBytesToFieldElement(s *[32]byte) *edwards25519.FieldElement
EncodedBytesToFieldElement converts a 32 byte little endian integer into a field element.
func Encrypt ¶
func Encrypt(curve *TwistedEdwardsCurve, pubkey *PublicKey, in []byte) ([]byte, error)
Encrypt encrypts data for the target public key using AES-256-CBC. It also generates a private key (the pubkey of which is also in the output).
struct { // Initialization Vector used for AES-256-CBC IV [16]byte // Public Key: curve(2) + len_of_pubkeyX(2) + pubkeyY (curve = 0xFFFF) PublicKey [36]byte // Cipher text Data []byte // HMAC-SHA-256 Message Authentication Code HMAC [32]byte }
The primary aim is to ensure byte compatibility with Pyelliptic. Additionally, refer to section 5.8.1 of ANSI X9.63 for rationale on this format.
func FieldElementToBigInt ¶
func FieldElementToBigInt(fe *edwards25519.FieldElement) *big.Int
FieldElementToBigInt converts a 40 byte field element into a big int.
func FieldElementToEncodedBytes ¶
func FieldElementToEncodedBytes(fe *edwards25519.FieldElement) *[32]byte
FieldElementToEncodedBytes converts a 40 byte field element into a 32 byte little endian integer.
func GenerateKey ¶
func GenerateKey(curve *TwistedEdwardsCurve, rand io.Reader) (priv []byte, x, y *big.Int, err error)
GenerateKey generates a key using a random number generator, returning the private scalar and the corresponding public key points from a random secret.
func GenerateKeyNew ¶
GenerateKey generates a key using a random number generator, returning the private scalar and the corresponding public key points from a random secret.
func GenerateNoncePair ¶
func GenerateNoncePair(curve *TwistedEdwardsCurve, msg []byte, privkey *PrivateKey, extra []byte, version []byte) (*PrivateKey, *PublicKey, error)
GenerateNoncePair is the generalized and exported version of generateNoncePair.
func GenerateSharedSecret ¶
func GenerateSharedSecret(privkey *PrivateKey, pubkey *PublicKey) []byte
GenerateSharedSecret generates a shared secret based on a private key and a private key using Diffie-Hellman key exchange (ECDH) (RFC 4753). RFC5903 Section 9 states we should only return y.
func Marshal ¶
func Marshal(curve TwistedEdwardsCurve, x, y *big.Int) []byte
Marshal converts a point into the 32 byte encoded Ed25519 form.
func NonceRFC6979 ¶
func NonceRFC6979(curve *TwistedEdwardsCurve, privkey *big.Int, hash []byte, extra []byte, version []byte) *big.Int
NonceRFC6979 generates an ECDSA nonce (`k`) deterministically according to RFC 6979. It takes a 32-byte hash as an input and returns 32-byte nonce to be used in ECDSA algorithm.
func PrivKeyFromBytes ¶
func PrivKeyFromBytes(curve *TwistedEdwardsCurve, pkBytes []byte) (*PrivateKey, *PublicKey)
PrivKeyFromBytes returns a private and public key for `curve' based on the private key passed as an argument as a byte slice.
func PrivKeyFromScalar ¶
func PrivKeyFromScalar(curve *TwistedEdwardsCurve, p []byte) (*PrivateKey, *PublicKey, error)
PrivKeyFromScalar returns a private and public key for `curve' based on the 32-byte private scalar passed as an argument as a byte slice (encoded big endian int).
func PrivKeyFromSecret ¶
func PrivKeyFromSecret(curve *TwistedEdwardsCurve, s []byte) (*PrivateKey, *PublicKey)
PrivKeyFromSecret returns a private and public key for `curve' based on the 32-byte private key secret passed as an argument as a byte slice.
func SchnorrPartialSign ¶
func SchnorrPartialSign(curve *TwistedEdwardsCurve, msg []byte, priv *PrivateKey, groupPub *PublicKey, privNonce *PrivateKey, pubSum *PublicKey) (*big.Int, *big.Int, error)
SchnorrPartialSign is the generalized and exported version of schnorrPartialSign.
func Sign ¶
func Sign(curve *TwistedEdwardsCurve, priv *PrivateKey, hash []byte) (r, s *big.Int, err error)
Sign is the generalized and exported version of Ed25519 signing, that handles both standard private secrets and non-standard scalars.
func SignFromScalar ¶
func SignFromScalar(curve *TwistedEdwardsCurve, priv *PrivateKey, nonce []byte, hash []byte) (r, s *big.Int, err error)
SignFromScalar signs a message 'hash' using the given private scalar priv. It uses RFC6979 to generate a deterministic nonce. Considered experimental. r = kG, where k is the RFC6979 nonce s = r + hash512(k || A || M) * a
func SignFromSecret ¶
SignFromSecret signs a message 'hash' using the given private key priv. It doesn't actually user the random reader (the lib is maybe deterministic???).
func SignFromSecretNoReader ¶
func SignFromSecretNoReader(priv *PrivateKey, hash []byte) (r, s *big.Int, err error)
SignFromSecretNoReader signs a message 'hash' using the given private key priv. It doesn't actually user the random reader.
func SignThreshold ¶
func SignThreshold(curve *TwistedEdwardsCurve, priv *PrivateKey, groupPub *PublicKey, hash []byte, privNonce *PrivateKey, pubNonceSum *PublicKey) (r, s *big.Int, err error)
SignThreshold signs a message 'hash' using the given private scalar priv in a threshold group signature. It uses RFC6979 to generate a deterministic nonce. Considered experimental. As opposed to the threshold signing function for secp256k1, this function takes the entirety of the public nonce point (all points added) instead of the public nonce point with n-1 keys added. r = K_Sum s = r + hash512(k || A || M) * a
Types ¶
type PrivateKey ¶
type PrivateKey struct {
// contains filtered or unexported fields
}
PrivateKey wraps an ecdsa.PrivateKey as a convenience mainly for signing things with the the private key without having to directly import the ecdsa package.
func GeneratePrivateKey ¶
func GeneratePrivateKey(curve *TwistedEdwardsCurve) (*PrivateKey, error)
GeneratePrivateKey is a wrapper for ecdsa.GenerateKey that returns a PrivateKey instead of the normal ecdsa.PrivateKey.
func NewPrivateKey ¶
func NewPrivateKey(curve *TwistedEdwardsCurve, d *big.Int) *PrivateKey
NewPrivateKey instantiates a new private key from a scalar encoded as a big integer.
func (PrivateKey) GetD ¶
func (p PrivateKey) GetD() *big.Int
GetD satisfies the chainec PrivateKey interface.
func (PrivateKey) GetType ¶
func (p PrivateKey) GetType() int
GetType satisfies the chainec PrivateKey interface.
func (PrivateKey) Public ¶
func (p PrivateKey) Public() (*big.Int, *big.Int)
Public returns the PublicKey corresponding to this private key.
func (PrivateKey) Serialize ¶
func (p PrivateKey) Serialize() []byte
Serialize returns the private key as a 32 byte big endian number.
func (PrivateKey) SerializeSecret ¶
func (p PrivateKey) SerializeSecret() []byte
SerializeSecret returns the 32 byte secret along with its public key as 64 bytes.
func (PrivateKey) ToECDSA ¶
func (p PrivateKey) ToECDSA() *ecdsa.PrivateKey
ToECDSA returns the private key as a *ecdsa.PrivateKey.
type PublicKey ¶
PublicKey is an ecdsa.PublicKey with an additional function to serialize.
func CombinePubkeys ¶
func CombinePubkeys(curve *TwistedEdwardsCurve, pks []*PublicKey) *PublicKey
CombinePubkeys combines a slice of public keys into a single public key by adding them together with point addition.
func NewPublicKey ¶
NewPublicKey instantiates a new public key.
func ParsePubKey ¶
func ParsePubKey(curve *TwistedEdwardsCurve, pubKeyStr []byte) (key *PublicKey, err error)
ParsePubKey parses a public key for an edwards curve from a bytestring into a ecdsa.Publickey, verifying that it is valid.
func RecoverCompact ¶
RecoverCompact uses a signature and a hash to recover is private key, is not yet implemented. TODO: Implement.
func (PublicKey) GetCurve ¶
func (p PublicKey) GetCurve() interface{}
GetCurve satisfies the chainec PublicKey interface.
func (PublicKey) Serialize ¶
Serialize serializes a public key in a 32-byte compressed little endian format.
func (PublicKey) SerializeCompressed ¶
SerializeCompressed satisfies the chainec PublicKey interface.
func (PublicKey) SerializeHybrid ¶
SerializeHybrid satisfies the chainec PublicKey interface.
func (PublicKey) SerializeUncompressed ¶
SerializeUncompressed satisfies the chainec PublicKey interface.
type Signature ¶
Signature is a type representing an ecdsa signature.
func NewSignature ¶
NewSignature instantiates a new signature given some R,S values.
func ParseDERSignature ¶
func ParseDERSignature(curve *TwistedEdwardsCurve, sigStr []byte) (*Signature, error)
ParseDERSignature offers a legacy function for plugging into Hcd, which is based off btcec.
func ParseSignature ¶
func ParseSignature(curve *TwistedEdwardsCurve, sigStr []byte) (*Signature, error)
ParseSignature parses a signature in BER format for the curve type `curve' into a Signature type, perfoming some basic sanity checks.
func SchnorrCombineSigs ¶
func SchnorrCombineSigs(curve *TwistedEdwardsCurve, sigs []*Signature) (*Signature, error)
SchnorrCombineSigs is the generalized and exported version of generateNoncePair.
type TwistedEdwardsCurve ¶
type TwistedEdwardsCurve struct { *elliptic.CurveParams H int // Cofactor of the curve A, D, I *big.Int // Edwards curve equation parameter constants // contains filtered or unexported fields }
TwistedEdwardsCurve extended an elliptical curve set of parameters to satisfy the interface of the elliptic package.
func Edwards ¶
func Edwards() *TwistedEdwardsCurve
Edwards returns a Curve which implements Ed25519.
func (*TwistedEdwardsCurve) Add ¶
func (curve *TwistedEdwardsCurve) Add(x1, y1, x2, y2 *big.Int) (x, y *big.Int)
Add adds two points represented by pairs of big integers on the elliptical curve.
func (*TwistedEdwardsCurve) Double ¶
func (curve *TwistedEdwardsCurve) Double(x1, y1 *big.Int) (x, y *big.Int)
Double adds the same pair of big integer coordinates to itself on the elliptical curve.
func (*TwistedEdwardsCurve) EncodedBytesToBigIntPoint ¶
func (curve *TwistedEdwardsCurve) EncodedBytesToBigIntPoint(s *[32]byte) (*big.Int, *big.Int, error)
EncodedBytesToBigIntPoint converts a 32 byte representation of a point on the elliptical curve into a big integer point. It returns an error if the point does not fall on the curve.
func (*TwistedEdwardsCurve) InitParam25519 ¶
func (curve *TwistedEdwardsCurve) InitParam25519()
InitParam25519 initializes an instance of the Ed25519 curve.
func (*TwistedEdwardsCurve) IsOnCurve ¶
IsOnCurve returns bool to say if the point (x,y) is on the curve by checking (y^2 - x^2 - 1 - dx^2y^2) % P == 0.
func (TwistedEdwardsCurve) Params ¶
func (curve TwistedEdwardsCurve) Params() *elliptic.CurveParams
Params returns the parameters for the curve.
func (*TwistedEdwardsCurve) RecoverXBigInt ¶
RecoverXBigInt recovers the X value for some Y value, for a coordinate on the Ed25519 curve given as a big integer Y value.
func (*TwistedEdwardsCurve) RecoverXFieldElement ¶
func (curve *TwistedEdwardsCurve) RecoverXFieldElement(xIsNeg bool, y *edwards25519.FieldElement) *edwards25519.FieldElement
RecoverXFieldElement recovers the X value for some Y value, for a coordinate on the Ed25519 curve given as a field element. Y value. Probably the fastest way to get your respective X from Y.
func (*TwistedEdwardsCurve) ScalarBaseMult ¶
func (curve *TwistedEdwardsCurve) ScalarBaseMult(k []byte) (x, y *big.Int)
ScalarBaseMult returns k*G, where G is the base point of the group and k is an integer in big-endian form. TODO Optimize this with field elements
func (*TwistedEdwardsCurve) ScalarMult ¶
ScalarMult returns k*(Bx,By) where k is a number in big-endian form. This uses the repeated doubling method, which is variable time. TODO use a constant time method to prevent side channel attacks.