ed25519: github.com/oasislabs/ed25519 Index | Files | Directories

package ed25519

import "github.com/oasislabs/ed25519"

Package ed25519 implements the Ed25519 signature algorithm. See https://ed25519.cr.yp.to/.

These functions are also compatible with the “Ed25519” function defined in RFC 8032. However, unlike RFC 8032's formulation, this package's private key representation includes a public key suffix to make multiple signing operations with the same key more efficient. This package refers to the RFC 8032 private key as the “seed”.

Index

Package Files

batch_verify.go ed25519.go

Constants

const (
    // PublicKeySize is the size, in bytes, of public keys as used in this package.
    PublicKeySize = 32

    // PrivateKeySize is the size, in bytes, of private keys as used in this package.
    PrivateKeySize = 64

    // SignatureSize is the size, in bytes, of signatures generated and verified by this package.
    SignatureSize = 64

    // SeedSize is the size, in bytes, of private key seeds. These are the private key representations used by RFC 8032.
    SeedSize = 32

    // ContextMaxSize is the maximum allowed context length for Ed25519ctx.
    ContextMaxSize = 255
)

func GenerateKey Uses

func GenerateKey(rand io.Reader) (PublicKey, PrivateKey, error)

GenerateKey generates a public/private key pair using entropy from rand. If rand is nil, crypto/rand.Reader will be used.

func Sign Uses

func Sign(privateKey PrivateKey, message []byte) []byte

Sign signs the message with privateKey and returns a signature. It will panic if len(privateKey) is not PrivateKeySize.

func Verify Uses

func Verify(publicKey PublicKey, message, sig []byte) bool

Verify reports whether sig is a valid signature of message by publicKey. It will panic if len(publicKey) is not PublicKeySize.

func VerifyBatch Uses

func VerifyBatch(rand io.Reader, publicKeys []PublicKey, messages, sigs [][]byte, opts *Options) (bool, []bool, error)

VerifyBatch reports whether sigs are valid signatures of messages by publicKeys, using entropy from rand. If rand is nil, crypto/rand.Reader will be used. For convenience, the function will return true iff every single signature is valid.

Note: Unlike VerifyWithOptions, this routine will not panic on malformed inputs in the batch, and instead just mark the particular signature as having failed verification.

func VerifyWithOptions Uses

func VerifyWithOptions(publicKey PublicKey, message, sig []byte, opts *Options) bool

VerifyWithOptions reports whether sig is a valid Ed25519 signature by publicKey with the extra Options to support Ed25519ph (pre-hashed by SHA-512) or Ed25519ctx (includes a domain separation context). It will panic if len(publicKey) is not PublicKeySize, len(message) is not sha512.Size (if pre-hashed), or len(opts.Context) is greater than ContextMaxSize.

type Options Uses

type Options struct {
    // Hash can be crypto.Hash(0) for Ed25519/Ed25519ctx, or crypto.SHA512
    // for Ed25519ph.
    Hash crypto.Hash

    // Context is an optional domain separation context for Ed25519ph and
    // Ed25519ctx. It must be less than or equal to ContextMaxSize
    // in length.
    //
    // Warning: If Hash is crypto.Hash(0) and Context is a zero length
    // string, plain Ed25519 will be used instead of Ed25519ctx.
    Context string

    // ZIP215Verify specifies that verification should follow Zcash's
    // ZIP-215 semantics.
    ZIP215Verify bool
}

Options can be used with PrivateKey.Sign or VerifyWithOptions to select Ed25519 variants.

func (*Options) HashFunc Uses

func (opt *Options) HashFunc() crypto.Hash

HashFunc returns an identifier for the hash function used to produce the message pased to Signer.Sign. For the Ed25519 family this must be crypto.Hash(0) for Ed25519/Ed25519ctx, or crypto.SHA512 for Ed25519ph.

type PrivateKey Uses

type PrivateKey []byte

PrivateKey is the type of Ed25519 private keys. It implements crypto.Signer.

func NewKeyFromSeed Uses

func NewKeyFromSeed(seed []byte) PrivateKey

NewKeyFromSeed calculates a private key from a seed. It will panic if len(seed) is not SeedSize. This function is provided for interoperability with RFC 8032. RFC 8032's private keys correspond to seeds in this package.

func (PrivateKey) Equal Uses

func (priv PrivateKey) Equal(x crypto.PrivateKey) bool

Equal reports whether priv and x have the same value.

func (PrivateKey) Public Uses

func (priv PrivateKey) Public() crypto.PublicKey

Public returns the PublicKey corresponding to priv.

func (PrivateKey) Seed Uses

func (priv PrivateKey) Seed() []byte

Seed returns the private key seed corresponding to priv. It is provided for interoperability with RFC 8032. RFC 8032's private keys correspond to seeds in this package.

func (PrivateKey) Sign Uses

func (priv PrivateKey) Sign(rand io.Reader, message []byte, opts crypto.SignerOpts) (signature []byte, err error)

Sign signs the given message with priv. rand is ignored. If opts.HashFunc() is crypto.SHA512, the pre-hashed variant Ed25519ph is used and message is expected to be a SHA-512 hash, otherwise opts.HashFunc() must be crypto.Hash(0) and the message must not be hashed, as Ed25519 performs two passes over messages to be signed.

type PublicKey Uses

type PublicKey []byte

PublicKey is the type of Ed25519 public keys.

func (PublicKey) Equal Uses

func (pub PublicKey) Equal(x crypto.PublicKey) bool

Equal reports whether pub and x have the same value.

Directories

PathSynopsis
extra/x25519Package x25519 provides an implementation of the X25519 function, which performs scalar multiplication on the elliptic curve known as Curve25519.
internal/curve25519
internal/ge25519Package ge25519 implements arithmetic on the twisted Edwards curve -x^2 + y^2 = 1 + dx^2y^2 with d = -(121665/121666) = 37095705934669439343138083508754565189542113879843219016388785533085940283555
internal/modm
internal/uint128Package uint128 provides a basic unsigned 128 bit integer implementation.

Package ed25519 imports 11 packages (graph) and is imported by 4 packages. Updated 2020-11-10. Refresh now. Tools for package owners.