Documentation ¶
Index ¶
- Constants
- func GenerateKey(rand io.Reader) (PublicKey, PrivateKey, error)
- func Sign(rand io.Reader, p PrivateKey, message []byte) (signature []byte, err error)
- func Verify(publicKey PublicKey, message, sig []byte) bool
- type PrivateKey
- func (p PrivateKey) Equal(x crypto.PrivateKey) bool
- func (p PrivateKey) Public() crypto.PublicKey
- func (p PrivateKey) PublicKey() (PublicKey, error)
- func (p PrivateKey) SharedKey(peerPublicKey []byte) ([]byte, error)
- func (p PrivateKey) Sign(rand io.Reader, message []byte, opts crypto.SignerOpts) (signature []byte, err error)
- type PublicKey
Constants ¶
const ( // PrivateKeySize is the size in bytes of a X25519 private key. PrivateKeySize = 32 // PublicKeySize is the size in bytes of a X25519 public key. PublicKeySize = 32 SignatureSize = 64 )
Variables ¶
This section is empty.
Functions ¶
func GenerateKey ¶
func GenerateKey(rand io.Reader) (PublicKey, PrivateKey, error)
GenerateKey generates a public/private key pair using entropy from rand.
func Sign ¶
Sign signs the message with privateKey and returns a signature. It will panic if len(privateKey) is not PrivateKeySize.
It implements the XEdDSA sign method defined in https://signal.org/docs/specifications/xeddsa/#xeddsa
xeddsa_sign(k, M, Z): A, a = calculate_key_pair(k) r = hash1(a || M || Z) (mod q) R = rB h = hash(R || A || M) (mod q) s = r + ha (mod q) return R || s
func Verify ¶
Verify reports whether sig is a valid signature of message by publicKey. It will panic if len(publicKey) is not PublicKeySize.
It implements the XEdDSA verify method defined in https://signal.org/docs/specifications/xeddsa/#xeddsa
xeddsa_verify(u, M, (R || s)): if u >= p or R.y >= 2|p| or s >= 2|q|: return false A = convert_mont(u) if not on_curve(A): return false h = hash(R || A || M) (mod q) Rcheck = sB - hA if bytes_equal(R, Rcheck): return true return false
Types ¶
type PrivateKey ¶
type PrivateKey []byte
PrivateKey is the type used to represent a X25519 private key.
func (PrivateKey) Equal ¶ added in v0.26.0
func (p PrivateKey) Equal(x crypto.PrivateKey) bool
Equal reports whether p and x have the same value.
func (PrivateKey) Public ¶
func (p PrivateKey) Public() crypto.PublicKey
Public returns the public key using scalar multiplication (scalar * point) using the Curve25519 basepoint. It will return nil if the private key is not a valid one.
func (PrivateKey) PublicKey ¶
func (p PrivateKey) PublicKey() (PublicKey, error)
Public returns the public key using scalar multiplication (scalar * point) using the Curve25519 basepoint.
func (PrivateKey) SharedKey ¶
func (p PrivateKey) SharedKey(peerPublicKey []byte) ([]byte, error)
SharedKey returns the result of the scalar multiplication (scalar * point), using the PrivateKey as the scalar value and the given key as the point. Both scalar and point must be slices of 32 bytes.
func (PrivateKey) Sign ¶
func (p PrivateKey) Sign(rand io.Reader, message []byte, opts crypto.SignerOpts) (signature []byte, err error)
Sign signs the given message with the private key p and returns a signature.
It implements the XEdDSA sign method defined in https://signal.org/docs/specifications/xeddsa/#xeddsa
XEdDSA performs two passes over messages to be signed and therefore cannot handle pre-hashed messages. Thus opts.HashFunc() must return zero to indicate the message hasn't been hashed. This can be achieved by passing crypto.Hash(0) as the value for opts.