"bytes"
"crypto/internal/fips140/edwards25519/field"
"crypto/internal/fips140only"
"crypto/internal/randutil"
"errors"
"io"
"crypto"
"crypto/internal/boring"
"crypto/internal/fips140/ecdh"
"crypto/subtle"
"errors"
"io"
"bytes"
"crypto/internal/boring"
"crypto/internal/fips140/ecdh"
"crypto/internal/fips140only"
"errors"
"io"
var p256 = *ast.UnaryExprvar p384 = *ast.UnaryExprvar p521 = *ast.UnaryExprvar x25519 = *ast.UnaryExprvar x25519PrivateKeySize = 32var x25519PublicKeySize = 32var x25519SharedSecretSize = 32type Curve interface {
GenerateKey(rand io.Reader) (*PrivateKey, error)
NewPrivateKey(key []byte) (*PrivateKey, error)
NewPublicKey(key []byte) (*PublicKey, error)
ecdh(local *PrivateKey, remote *PublicKey) ([]byte, error)
}PrivateKey is an ECDH private key, usually kept secret. These keys can be parsed with [crypto/x509.ParsePKCS8PrivateKey] and encoded with [crypto/x509.MarshalPKCS8PrivateKey]. For NIST curves, they then need to be converted with [crypto/ecdsa.PrivateKey.ECDH] after parsing.
type PrivateKey struct {
curve Curve
privateKey []byte
publicKey *PublicKey
boring *boring.PrivateKeyECDH
fips *ecdh.PrivateKey
}PublicKey is an ECDH public key, usually a peer's ECDH share sent over the wire. These keys can be parsed with [crypto/x509.ParsePKIXPublicKey] and encoded with [crypto/x509.MarshalPKIXPublicKey]. For NIST curves, they then need to be converted with [crypto/ecdsa.PublicKey.ECDH] after parsing.
type PublicKey struct {
curve Curve
publicKey []byte
boring *boring.PublicKeyECDH
fips *ecdh.PublicKey
}type nistCurve struct {
name string
generate func(io.Reader) (*ecdh.PrivateKey, error)
newPrivateKey func([]byte) (*ecdh.PrivateKey, error)
newPublicKey func(publicKey []byte) (*ecdh.PublicKey, error)
sharedSecret func(*ecdh.PrivateKey, *ecdh.PublicKey) (sharedSecret []byte, err error)
}type x25519Curve struct {
}Bytes returns a copy of the encoding of the public key.
func (k *PublicKey) Bytes() []byteBytes returns a copy of the encoding of the private key.
func (k *PrivateKey) Bytes() []bytefunc (k *PrivateKey) Curve() Curvefunc (k *PublicKey) Curve() CurveECDH performs an ECDH exchange and returns the shared secret. The [PrivateKey] and [PublicKey] must use the same curve. For NIST curves, this performs ECDH as specified in SEC 1, Version 2.0, Section 3.3.1, and returns the x-coordinate encoded according to SEC 1, Version 2.0, Section 2.3.5. The result is never the point at infinity. This is also known as the Shared Secret Computation of the Ephemeral Unified Model scheme specified in NIST SP 800-56A Rev. 3, Section 6.1.2.2. For [X25519], this performs ECDH as specified in RFC 7748, Section 6.1. If the result is the all-zero value, ECDH returns an error.
func (k *PrivateKey) ECDH(remote *PublicKey) ([]byte, error)Equal returns whether x represents the same private key as k. Note that there can be equivalent private keys with different encodings which would return false from this check but behave the same way as inputs to [ECDH]. This check is performed in constant time as long as the key types and their curve match.
func (k *PrivateKey) Equal(x crypto.PrivateKey) boolEqual returns whether x represents the same public key as k. Note that there can be equivalent public keys with different encodings which would return false from this check but behave the same way as inputs to ECDH. This check is performed in constant time as long as the key types and their curve match.
func (k *PublicKey) Equal(x crypto.PublicKey) boolfunc (c *nistCurve) GenerateKey(rand io.Reader) (*PrivateKey, error)func (c *x25519Curve) GenerateKey(rand io.Reader) (*PrivateKey, error)func (c *x25519Curve) NewPrivateKey(key []byte) (*PrivateKey, error)func (c *nistCurve) NewPrivateKey(key []byte) (*PrivateKey, error)func (c *nistCurve) NewPublicKey(key []byte) (*PublicKey, error)func (c *x25519Curve) NewPublicKey(key []byte) (*PublicKey, error)P256 returns a [Curve] which implements NIST P-256 (FIPS 186-3, section D.2.3), also known as secp256r1 or prime256v1. Multiple invocations of this function will return the same value, which can be used for equality checks and switch statements.
func P256() CurveP384 returns a [Curve] which implements NIST P-384 (FIPS 186-3, section D.2.4), also known as secp384r1. Multiple invocations of this function will return the same value, which can be used for equality checks and switch statements.
func P384() CurveP521 returns a [Curve] which implements NIST P-521 (FIPS 186-3, section D.2.5), also known as secp521r1. Multiple invocations of this function will return the same value, which can be used for equality checks and switch statements.
func P521() CurvePublic implements the implicit interface of all standard library private keys. See the docs of [crypto.PrivateKey].
func (k *PrivateKey) Public() crypto.PublicKeyfunc (k *PrivateKey) PublicKey() *PublicKeyfunc (c *x25519Curve) String() stringfunc (c *nistCurve) String() stringX25519 returns a [Curve] which implements the X25519 function over Curve25519 (RFC 7748, Section 5). Multiple invocations of this function will return the same value, so it can be used for equality checks and switch statements.
func X25519() Curvefunc (c *nistCurve) ecdh(local *PrivateKey, remote *PublicKey) ([]byte, error)func (c *x25519Curve) ecdh(local *PrivateKey, remote *PublicKey) ([]byte, error)isZero reports whether x is all zeroes in constant time.
func isZero(x []byte) boolfunc x25519ScalarMult(dst []byte, scalar []byte, point []byte)Generated with Arrow