x25519

package module
v0.0.0-...-3f9911d Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 20, 2023 License: Apache-2.0 Imports: 11 Imported by: 1

README

Documentation

Index

Constants

View Source
const (
	// PrivateKeySize is the size in bytes of a X25519 private key.
	PrivateKeySize = 32

	// PublicKeySize is the size in bytes of a X25519 public key.
	PublicKeySize = 32

	SignatureSize = 64
)

Variables

This section is empty.

Functions

func GenerateKey

func GenerateKey(rand io.Reader) (PublicKey, PrivateKey, error)

GenerateKey generates a public/private key pair using entropy from rand.

func Sign

func Sign(rand io.Reader, p PrivateKey, message []byte) (signature []byte, err error)

Sign signs the message with privateKey and returns a signature. It will panic if len(privateKey) is not PrivateKeySize.

It implements the XEdDSA sign method defined in https://signal.org/docs/specifications/xeddsa/#xeddsa

xeddsa_sign(k, M, Z):
    A, a = calculate_key_pair(k)
    r = hash1(a || M || Z) (mod q)
    R = rB
    h = hash(R || A || M) (mod q)
    s = r + ha (mod q)
    return R || s

func Verify

func Verify(publicKey PublicKey, message, sig []byte) bool

Verify reports whether sig is a valid signature of message by publicKey. It will panic if len(publicKey) is not PublicKeySize.

It implements the XEdDSA verify method defined in https://signal.org/docs/specifications/xeddsa/#xeddsa

xeddsa_verify(u, M, (R || s)):
    if u >= p or R.y >= 2|p| or s >= 2|q|:
        return false
    A = convert_mont(u)
    if not on_curve(A):
        return false
    h = hash(R || A || M) (mod q)
    Rcheck = sB - hA
    if bytes_equal(R, Rcheck):
        return true
    return false

Types

type PrivateKey

type PrivateKey []byte

PrivateKey is the type used to represent a X25519 private key.

func (PrivateKey) Equal

func (p PrivateKey) Equal(x crypto.PrivateKey) bool

Equal reports whether p and x have the same value.

func (PrivateKey) Public

func (p PrivateKey) Public() crypto.PublicKey

Public returns the public key using scalar multiplication (scalar * point) using the Curve25519 basepoint. It will return nil if the private key is not a valid one.

func (PrivateKey) PublicKey

func (p PrivateKey) PublicKey() (PublicKey, error)

Public returns the public key using scalar multiplication (scalar * point) using the Curve25519 basepoint.

func (PrivateKey) SharedKey

func (p PrivateKey) SharedKey(peerPublicKey []byte) ([]byte, error)

SharedKey returns the result of the scalar multiplication (scalar * point), using the PrivateKey as the scalar value and the given key as the point. Both scalar and point must be slices of 32 bytes.

func (PrivateKey) Sign

func (p PrivateKey) Sign(rand io.Reader, message []byte, opts crypto.SignerOpts) (signature []byte, err error)

Sign signs the given message with the private key p and returns a signature.

It implements the XEdDSA sign method defined in https://signal.org/docs/specifications/xeddsa/#xeddsa

XEdDSA performs two passes over messages to be signed and therefore cannot handle pre-hashed messages. Thus opts.HashFunc() must return zero to indicate the message hasn't been hashed. This can be achieved by passing crypto.Hash(0) as the value for opts.

type PublicKey

type PublicKey []byte

PublicKey is the type used to represent a X25519 public key.

func (PublicKey) Equal

func (p PublicKey) Equal(x crypto.PublicKey) bool

Equal reports whether p and x have the same value.

func (PublicKey) ToEd25519

func (p PublicKey) ToEd25519() (ed25519.PublicKey, error)

ToEd25519 converts the public key p into a ed25519 key.

(x, y) = (sqrt(-486664)*u/v, (u-1)/(u+1))

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL