Documentation
¶
Overview ¶
Package ed25519 implements the Ed25519 signature algorithm. See https://ed25519.cr.yp.to/.
These functions are also compatible with the “Ed25519” function defined in https://tools.ietf.org/html/draft-irtf-cfrg-eddsa-05.
Index ¶
- Constants
- Variables
- func FeAdd(out, a, b *FieldElement)
- func FeCMove(f, g *FieldElement, b int32)
- func FeCopy(dst, src *FieldElement)
- func FeFromBytes(v *FieldElement, x *[32]byte)
- func FeInvert(out, z *FieldElement)
- func FeIsNegative(f *FieldElement) byte
- func FeIsNonZero(f *FieldElement) int32
- func FeMul(out, a, b *FieldElement)
- func FeNeg(out, a *FieldElement)
- func FeOne(fe *FieldElement)
- func FeSquare(out, a *FieldElement)
- func FeSquare2(out, a *FieldElement)
- func FeSub(out, a, b *FieldElement)
- func FeToBytes(r *[32]byte, v *FieldElement)
- func FeZero(fe *FieldElement)
- func GeDoubleScalarMultVartime(r *ProjectiveGroupElement, a *[32]byte, A *ExtendedGroupElement, b *[32]byte)
- func GeScalarMult(h *ExtendedGroupElement, a *[32]byte, A *ExtendedGroupElement)
- func GeScalarMultBase(h *ExtendedGroupElement, a *[32]byte)
- func GenerateKey(rand io.Reader) (publicKey PublicKey, privateKey PrivateKey, err error)
- func PreComputedGroupElementCMove(t, u *PreComputedGroupElement, b int32)
- func ScMulAdd(s, a, b, c *[32]byte)
- func ScReduce(out *[32]byte, s *[64]byte)
- func Sign(privateKey PrivateKey, message []byte) []byte
- func Verify(publicKey PublicKey, message, sig []byte) bool
- type CachedGroupElement
- type CompletedGroupElement
- type ExtendedGroupElement
- func (p *ExtendedGroupElement) Double(r *CompletedGroupElement)
- func (p *ExtendedGroupElement) FromBytes(s *[32]byte) bool
- func (p *ExtendedGroupElement) ToBytes(s *[32]byte)
- func (p *ExtendedGroupElement) ToCached(r *CachedGroupElement)
- func (p *ExtendedGroupElement) ToProjective(r *ProjectiveGroupElement)
- func (p *ExtendedGroupElement) Zero()
- type FieldElement
- type PreComputedGroupElement
- type PrivateKey
- type ProjectiveGroupElement
- type PublicKey
Constants ¶
const ( // PublicKeySize is the size, in bytes, of public keys as used in this package. PublicKeySize = 32 // PrivateKeySize is the size, in bytes, of private keys as used in this package. PrivateKeySize = 64 // SignatureSize is the size, in bytes, of signatures generated and verified by this package. SignatureSize = 64 )
Variables ¶
var A = FieldElement{
486662, 0, 0, 0, 0,
}
var SqrtM1 = FieldElement{
1718705420411056, 234908883556509, 2233514472574048, 2117202627021982, 765476049583133,
}
Functions ¶
func FeAdd ¶
func FeAdd(out, a, b *FieldElement)
FeAdd sets out = a + b. Long sequences of additions without reduction that let coefficients grow larger than 54 bits would be a problem. Paper cautions: "do not have such sequences of additions".
func FeCMove ¶
func FeCMove(f, g *FieldElement, b int32)
Replace (f,g) with (g,g) if b == 1; replace (f,g) with (f,g) if b == 0.
Preconditions: b in {0,1}.
func FeCopy ¶
func FeCopy(dst, src *FieldElement)
func FeFromBytes ¶
func FeFromBytes(v *FieldElement, x *[32]byte)
func FeInvert ¶
func FeInvert(out, z *FieldElement)
func FeIsNegative ¶
func FeIsNegative(f *FieldElement) byte
func FeIsNonZero ¶
func FeIsNonZero(f *FieldElement) int32
func FeOne ¶
func FeOne(fe *FieldElement)
func FeToBytes ¶
func FeToBytes(r *[32]byte, v *FieldElement)
func FeZero ¶
func FeZero(fe *FieldElement)
func GeDoubleScalarMultVartime ¶
func GeDoubleScalarMultVartime(r *ProjectiveGroupElement, a *[32]byte, A *ExtendedGroupElement, b *[32]byte)
GeDoubleScalarMultVartime sets r = a*A + b*B where a = a[0]+256*a[1]+...+256^31 a[31]. and b = b[0]+256*b[1]+...+256^31 b[31]. B is the Ed25519 base point (x,4/5) with x positive.
func GeScalarMult ¶
func GeScalarMult(h *ExtendedGroupElement, a *[32]byte, A *ExtendedGroupElement)
func GeScalarMultBase ¶
func GeScalarMultBase(h *ExtendedGroupElement, a *[32]byte)
GeScalarMultBase computes h = a*B, where
a = a[0]+256*a[1]+...+256^31 a[31] B is the Ed25519 base point (x,4/5) with x positive.
Preconditions:
a[31] <= 127
func GenerateKey ¶
func GenerateKey(rand io.Reader) (publicKey PublicKey, privateKey PrivateKey, err error)
GenerateKey generates a public/private key pair using entropy from rand. If rand is nil, crypto/rand.Reader will be used.
func PreComputedGroupElementCMove ¶
func PreComputedGroupElementCMove(t, u *PreComputedGroupElement, b int32)
func ScMulAdd ¶
func ScMulAdd(s, a, b, c *[32]byte)
Input:
a[0]+256*a[1]+...+256^31*a[31] = a b[0]+256*b[1]+...+256^31*b[31] = b c[0]+256*c[1]+...+256^31*c[31] = c
Output:
s[0]+256*s[1]+...+256^31*s[31] = (ab+c) mod l where l = 2^252 + 27742317777372353535851937790883648493.
func ScReduce ¶
Input:
s[0]+256*s[1]+...+256^63*s[63] = s
Output:
s[0]+256*s[1]+...+256^31*s[31] = s mod l where l = 2^252 + 27742317777372353535851937790883648493.
func Sign ¶
func Sign(privateKey PrivateKey, message []byte) []byte
Sign signs the message with privateKey and returns a signature. It will panic if len(privateKey) is not PrivateKeySize.
Types ¶
type CachedGroupElement ¶
type CachedGroupElement struct {
Z, T2d FieldElement
// contains filtered or unexported fields
}
type CompletedGroupElement ¶
type CompletedGroupElement struct {
X, Y, Z, T FieldElement
}
func (*CompletedGroupElement) ToExtended ¶
func (p *CompletedGroupElement) ToExtended(r *ExtendedGroupElement)
func (*CompletedGroupElement) ToProjective ¶
func (p *CompletedGroupElement) ToProjective(r *ProjectiveGroupElement)
type ExtendedGroupElement ¶
type ExtendedGroupElement struct {
X, Y, Z, T FieldElement
}
func (*ExtendedGroupElement) Double ¶
func (p *ExtendedGroupElement) Double(r *CompletedGroupElement)
func (*ExtendedGroupElement) FromBytes ¶
func (p *ExtendedGroupElement) FromBytes(s *[32]byte) bool
func (*ExtendedGroupElement) ToBytes ¶
func (p *ExtendedGroupElement) ToBytes(s *[32]byte)
func (*ExtendedGroupElement) ToCached ¶
func (p *ExtendedGroupElement) ToCached(r *CachedGroupElement)
func (*ExtendedGroupElement) ToProjective ¶
func (p *ExtendedGroupElement) ToProjective(r *ProjectiveGroupElement)
func (*ExtendedGroupElement) Zero ¶
func (p *ExtendedGroupElement) Zero()
type FieldElement ¶
type FieldElement [5]uint64
FieldElement represents an element of the field GF(2^255-19). An element t represents the integer t[0] + t[1]*2^51 + t[2]*2^102 + t[3]*2^153 + t[4]*2^204.
type PreComputedGroupElement ¶
type PreComputedGroupElement struct {
// contains filtered or unexported fields
}
func (*PreComputedGroupElement) Zero ¶
func (p *PreComputedGroupElement) Zero()
type PrivateKey ¶
type PrivateKey []byte
PrivateKey is the type of Ed25519 private keys. It implements crypto.Signer.
func (PrivateKey) Public ¶
func (priv PrivateKey) Public() crypto.PublicKey
Public returns the PublicKey corresponding to priv.
func (PrivateKey) Sign ¶
func (priv PrivateKey) Sign(rand io.Reader, message []byte, opts crypto.SignerOpts) (signature []byte, err error)
Sign signs the given message with priv. Ed25519 performs two passes over messages to be signed and therefore cannot handle pre-hashed messages. Thus opts.HashFunc() must return zero to indicate the message hasn't been hashed. This can be achieved by passing crypto.Hash(0) as the value for opts.
type ProjectiveGroupElement ¶
type ProjectiveGroupElement struct {
X, Y, Z FieldElement
}
func (*ProjectiveGroupElement) Double ¶
func (p *ProjectiveGroupElement) Double(r *CompletedGroupElement)
func (*ProjectiveGroupElement) ToBytes ¶
func (p *ProjectiveGroupElement) ToBytes(s *[32]byte)
func (*ProjectiveGroupElement) Zero ¶
func (p *ProjectiveGroupElement) Zero()
Source Files