## Documentation ¶

### Overview ¶

Package elliptic implements the standard NIST P-224, P-256, P-384, and P-521 elliptic curves over prime fields.

### Index ¶

- func GenerateKey(curve Curve, rand io.Reader) (priv []byte, x, y *big.Int, err error)
- func Marshal(curve Curve, x, y *big.Int) []byte
- func MarshalCompressed(curve Curve, x, y *big.Int) []byte
- func Unmarshal(curve Curve, data []byte) (x, y *big.Int)
- func UnmarshalCompressed(curve Curve, data []byte) (x, y *big.Int)
- type Curve
- type CurveParams
- func (curve *CurveParams) Add(x1, y1, x2, y2 *big.Int) (*big.Int, *big.Int)
- func (curve *CurveParams) Double(x1, y1 *big.Int) (*big.Int, *big.Int)
- func (curve *CurveParams) IsOnCurve(x, y *big.Int) bool
- func (curve *CurveParams) Params() *CurveParams
- func (curve *CurveParams) ScalarBaseMult(k []byte) (*big.Int, *big.Int)
- func (curve *CurveParams) ScalarMult(Bx, By *big.Int, k []byte) (*big.Int, *big.Int)

### Constants ¶

This section is empty.

### Variables ¶

This section is empty.

### Functions ¶

#### func GenerateKey ¶

GenerateKey returns a public/private key pair. The private key is generated using the given reader, which must return random data.

#### func Marshal ¶

Marshal converts a point on the curve into the uncompressed form specified in SEC 1, Version 2.0, Section 2.3.3. If the point is not on the curve (or is the conventional point at infinity), the behavior is undefined.

#### func MarshalCompressed ¶ added in go1.15

MarshalCompressed converts a point on the curve into the compressed form specified in SEC 1, Version 2.0, Section 2.3.3. If the point is not on the curve (or is the conventional point at infinity), the behavior is undefined.

#### func Unmarshal ¶

Unmarshal converts a point, serialized by Marshal, into an x, y pair. It is an error if the point is not in uncompressed form, is not on the curve, or is the point at infinity. On error, x = nil.

#### func UnmarshalCompressed ¶ added in go1.15

UnmarshalCompressed converts a point, serialized by MarshalCompressed, into an x, y pair. It is an error if the point is not in compressed form, is not on the curve, or is the point at infinity. On error, x = nil.

### Types ¶

#### type Curve ¶

type Curve interface { // Params returns the parameters for the curve. Params() *CurveParams // IsOnCurve reports whether the given (x,y) lies on the curve. IsOnCurve(x, y *big.Int) bool // Add returns the sum of (x1,y1) and (x2,y2) Add(x1, y1, x2, y2 *big.Int) (x, y *big.Int) // Double returns 2*(x,y) Double(x1, y1 *big.Int) (x, y *big.Int) // ScalarMult returns k*(Bx,By) where k is a number in big-endian form. ScalarMult(x1, y1 *big.Int, k []byte) (x, y *big.Int) // ScalarBaseMult returns k*G, where G is the base point of the group // and k is an integer in big-endian form. ScalarBaseMult(k []byte) (x, y *big.Int) }

A Curve represents a short-form Weierstrass curve with a=-3.

The behavior of Add, Double, and ScalarMult when the input is not a point on the curve is undefined.

Note that the conventional point at infinity (0, 0) is not considered on the curve, although it can be returned by Add, Double, ScalarMult, or ScalarBaseMult (but not the Unmarshal or UnmarshalCompressed functions).

#### func P224 ¶

func P224() Curve

P224 returns a Curve which implements NIST P-224 (FIPS 186-3, section D.2.2), also known as secp224r1. The CurveParams.Name of this Curve is "P-224".

Multiple invocations of this function will return the same value, so it can be used for equality checks and switch statements.

The cryptographic operations are implemented using constant-time algorithms.

#### func P256 ¶

func P256() Curve

P256 returns a Curve which implements NIST P-256 (FIPS 186-3, section D.2.3), also known as secp256r1 or prime256v1. The CurveParams.Name of this Curve is "P-256".

Multiple invocations of this function will return the same value, so it can be used for equality checks and switch statements.

The cryptographic operations are implemented using constant-time algorithms.

#### func P384 ¶

func P384() Curve

P384 returns a Curve which implements NIST P-384 (FIPS 186-3, section D.2.4), also known as secp384r1. The CurveParams.Name of this Curve is "P-384".

Multiple invocations of this function will return the same value, so it can be used for equality checks and switch statements.

The cryptographic operations are implemented using constant-time algorithms.

#### func P521 ¶

func P521() Curve

P521 returns a Curve which implements NIST P-521 (FIPS 186-3, section D.2.5), also known as secp521r1. The CurveParams.Name of this Curve is "P-521".

The cryptographic operations are implemented using constant-time algorithms.

#### type CurveParams ¶

type CurveParams struct { P *big.Int // the order of the underlying field N *big.Int // the order of the base point B *big.Int // the constant of the curve equation Gx, Gy *big.Int // (x,y) of the base point BitSize int // the size of the underlying field Name string // the canonical name of the curve }

CurveParams contains the parameters of an elliptic curve and also provides a generic, non-constant time implementation of Curve.

#### func (*CurveParams) Params ¶

func (curve *CurveParams) Params() *CurveParams