elliptic

Imports

Imports # 

"io"
"math/big"
"sync"
"crypto/internal/fips140/nistec"
"errors"
"math/big"
"crypto/internal/fips140/nistec"
"math/big"
"math/big"

Constants & Variables

_ var #

Assert that the known curves implement unmarshaler.

var _ = []unmarshaler{...}

initonce var # 

var initonce sync.Once

mask var # 

var mask = []byte{...}

p224 var # 

var p224 = *ast.UnaryExpr

p256 var # 

var p256 = *ast.UnaryExpr

p384 var # 

var p384 = *ast.UnaryExpr

p521 var # 

var p521 = *ast.UnaryExpr

Interfaces

Curve interface #

A Curve represents a short-form Weierstrass curve with a=-3. The behavior of Add, Double, and ScalarMult when the input is not a point on the curve is undefined. Note that the conventional point at infinity (0, 0) is not considered on the curve, although it can be returned by Add, Double, ScalarMult, or ScalarBaseMult (but not the [Unmarshal] or [UnmarshalCompressed] functions). Using Curve implementations besides those returned by [P224], [P256], [P384], and [P521] is deprecated.

type Curve interface {
Params() *CurveParams
IsOnCurve(x *big.Int, y *big.Int) bool
Add(x1 *big.Int, y1 *big.Int, x2 *big.Int, y2 *big.Int) (x *big.Int, y *big.Int)
Double(x1 *big.Int, y1 *big.Int) (x *big.Int, y *big.Int)
ScalarMult(x1 *big.Int, y1 *big.Int, k []byte) (x *big.Int, y *big.Int)
ScalarBaseMult(k []byte) (x *big.Int, y *big.Int)
}

nistPoint interface #

nistPoint is a generic constraint for the nistec Point types.

type nistPoint interface {
Bytes() []byte
SetBytes([]byte) (T, error)
Add(T, T) T
Double(T) T
ScalarMult(T, []byte) (T, error)
ScalarBaseMult([]byte) (T, error)
}

unmarshaler interface #

unmarshaler is implemented by curves with their own constant-time Unmarshal. There isn't an equivalent interface for Marshal/MarshalCompressed because that doesn't involve any mathematical operations, only FillBytes and Bit.

type unmarshaler interface {
Unmarshal([]byte) (x *big.Int, y *big.Int)
UnmarshalCompressed([]byte) (x *big.Int, y *big.Int)
}

Structs

CurveParams struct #

CurveParams contains the parameters of an elliptic curve and also provides a generic, non-constant time implementation of [Curve]. The generic Curve implementation is deprecated, and using custom curves (those not returned by [P224], [P256], [P384], and [P521]) is not guaranteed to provide any security property.

type CurveParams struct {
P *big.Int
N *big.Int
B *big.Int
Gx *big.Int
Gy *big.Int
BitSize int
Name string
}

nistCurve struct #

nistCurve is a Curve implementation based on a nistec Point. It's a wrapper that exposes the big.Int-based Curve interface and encodes the legacy idiosyncrasies it requires, such as invalid and infinity point handling. To interact with the nistec package, points are encoded into and decoded from properly formatted byte slices. All big.Int use is limited to this package. Encoding and decoding is 1/1000th of the runtime of a scalar multiplication, so the overhead is acceptable.

type nistCurve struct {
newPoint func() Point
params *CurveParams
}

p256Curve struct # 

type p256Curve struct {
*ast.IndexExpr
}

Functions

Add method # 

func (curve **ast.IndexExpr) Add(x1 *big.Int, y1 *big.Int, x2 *big.Int, y2 *big.Int) (*big.Int, *big.Int)

Add method #

Add implements [Curve.Add]. Deprecated: the [CurveParams] methods are deprecated and are not guaranteed to provide any security property. For ECDH, use the [crypto/ecdh] package. For ECDSA, use the [crypto/ecdsa] package with a [Curve] value returned directly from [P224], [P256], [P384], or [P521].

func (curve *CurveParams) Add(x1 *big.Int, y1 *big.Int, x2 *big.Int, y2 *big.Int) (*big.Int, *big.Int)

CombinedMult method #

CombinedMult returns [s1]G + [s2]P where G is the generator. It's used through an interface upgrade in crypto/ecdsa.

func (curve **ast.IndexExpr) CombinedMult(Px *big.Int, Py *big.Int, s1 []byte, s2 []byte) (x *big.Int, y *big.Int)

Double method # 

func (curve **ast.IndexExpr) Double(x1 *big.Int, y1 *big.Int) (*big.Int, *big.Int)

Double method #

Double implements [Curve.Double]. Deprecated: the [CurveParams] methods are deprecated and are not guaranteed to provide any security property. For ECDH, use the [crypto/ecdh] package. For ECDSA, use the [crypto/ecdsa] package with a [Curve] value returned directly from [P224], [P256], [P384], or [P521].

func (curve *CurveParams) Double(x1 *big.Int, y1 *big.Int) (*big.Int, *big.Int)

GenerateKey function #

GenerateKey returns a public/private key pair. The private key is generated using the given reader, which must return random data. Deprecated: for ECDH, use the GenerateKey methods of the [crypto/ecdh] package; for ECDSA, use the GenerateKey function of the crypto/ecdsa package.

func GenerateKey(curve Curve, rand io.Reader) (priv []byte, x *big.Int, y *big.Int, err error)

Inverse method # 

func (c p256Curve) Inverse(k *big.Int) *big.Int

IsOnCurve method # 

func (curve **ast.IndexExpr) IsOnCurve(x *big.Int, y *big.Int) bool

IsOnCurve method #

IsOnCurve implements [Curve.IsOnCurve]. Deprecated: the [CurveParams] methods are deprecated and are not guaranteed to provide any security property. For ECDH, use the [crypto/ecdh] package. For ECDSA, use the [crypto/ecdsa] package with a [Curve] value returned directly from [P224], [P256], [P384], or [P521].

func (curve *CurveParams) IsOnCurve(x *big.Int, y *big.Int) bool

Marshal function #

Marshal converts a point on the curve into the uncompressed form specified in SEC 1, Version 2.0, Section 2.3.3. If the point is not on the curve (or is the conventional point at infinity), the behavior is undefined. Deprecated: for ECDH, use the crypto/ecdh package. This function returns an encoding equivalent to that of PublicKey.Bytes in crypto/ecdh.

func Marshal(curve Curve, x *big.Int, y *big.Int) []byte

MarshalCompressed function #

MarshalCompressed converts a point on the curve into the compressed form specified in SEC 1, Version 2.0, Section 2.3.3. If the point is not on the curve (or is the conventional point at infinity), the behavior is undefined.

func MarshalCompressed(curve Curve, x *big.Int, y *big.Int) []byte

P224 function #

P224 returns a [Curve] which implements NIST P-224 (FIPS 186-3, section D.2.2), also known as secp224r1. The CurveParams.Name of this [Curve] is "P-224". Multiple invocations of this function will return the same value, so it can be used for equality checks and switch statements. The cryptographic operations are implemented using constant-time algorithms.

func P224() Curve

P256 function #

P256 returns a [Curve] which implements NIST P-256 (FIPS 186-3, section D.2.3), also known as secp256r1 or prime256v1. The CurveParams.Name of this [Curve] is "P-256". Multiple invocations of this function will return the same value, so it can be used for equality checks and switch statements. The cryptographic operations are implemented using constant-time algorithms.

func P256() Curve

P384 function #

P384 returns a [Curve] which implements NIST P-384 (FIPS 186-3, section D.2.4), also known as secp384r1. The CurveParams.Name of this [Curve] is "P-384". Multiple invocations of this function will return the same value, so it can be used for equality checks and switch statements. The cryptographic operations are implemented using constant-time algorithms.

func P384() Curve

P521 function #

P521 returns a [Curve] which implements NIST P-521 (FIPS 186-3, section D.2.5), also known as secp521r1. The CurveParams.Name of this [Curve] is "P-521". Multiple invocations of this function will return the same value, so it can be used for equality checks and switch statements. The cryptographic operations are implemented using constant-time algorithms.

func P521() Curve

Params method # 

func (curve **ast.IndexExpr) Params() *CurveParams

Params method # 

func (curve *CurveParams) Params() *CurveParams

ScalarBaseMult method #

ScalarBaseMult implements [Curve.ScalarBaseMult]. Deprecated: the [CurveParams] methods are deprecated and are not guaranteed to provide any security property. For ECDH, use the [crypto/ecdh] package. For ECDSA, use the [crypto/ecdsa] package with a [Curve] value returned directly from [P224], [P256], [P384], or [P521].

func (curve *CurveParams) ScalarBaseMult(k []byte) (*big.Int, *big.Int)

ScalarBaseMult method # 

func (curve **ast.IndexExpr) ScalarBaseMult(scalar []byte) (*big.Int, *big.Int)

ScalarMult method #

ScalarMult implements [Curve.ScalarMult]. Deprecated: the [CurveParams] methods are deprecated and are not guaranteed to provide any security property. For ECDH, use the [crypto/ecdh] package. For ECDSA, use the [crypto/ecdsa] package with a [Curve] value returned directly from [P224], [P256], [P384], or [P521].

func (curve *CurveParams) ScalarMult(Bx *big.Int, By *big.Int, k []byte) (*big.Int, *big.Int)

ScalarMult method # 

func (curve **ast.IndexExpr) ScalarMult(Bx *big.Int, By *big.Int, scalar []byte) (*big.Int, *big.Int)

Unmarshal method # 

func (curve **ast.IndexExpr) Unmarshal(data []byte) (x *big.Int, y *big.Int)

Unmarshal function #

Unmarshal converts a point, serialized by [Marshal], into an x, y pair. It is an error if the point is not in uncompressed form, is not on the curve, or is the point at infinity. On error, x = nil. Deprecated: for ECDH, use the crypto/ecdh package. This function accepts an encoding equivalent to that of the NewPublicKey methods in crypto/ecdh.

func Unmarshal(curve Curve, data []byte) (x *big.Int, y *big.Int)

UnmarshalCompressed function #

UnmarshalCompressed converts a point, serialized by [MarshalCompressed], into an x, y pair. It is an error if the point is not in compressed form, is not on the curve, or is the point at infinity. On error, x = nil.

func UnmarshalCompressed(curve Curve, data []byte) (x *big.Int, y *big.Int)

UnmarshalCompressed method # 

func (curve **ast.IndexExpr) UnmarshalCompressed(data []byte) (x *big.Int, y *big.Int)

addJacobian method #

addJacobian takes two points in Jacobian coordinates, (x1, y1, z1) and (x2, y2, z2) and returns their sum, also in Jacobian form.

func (curve *CurveParams) addJacobian(x1 *big.Int, y1 *big.Int, z1 *big.Int, x2 *big.Int, y2 *big.Int, z2 *big.Int) (*big.Int, *big.Int, *big.Int)

affineFromJacobian method #

affineFromJacobian reverses the Jacobian transform. See the comment at the top of the file. If the point is ∞ it returns 0, 0.

func (curve *CurveParams) affineFromJacobian(x *big.Int, y *big.Int, z *big.Int) (xOut *big.Int, yOut *big.Int)

bigFromDecimal function # 

func bigFromDecimal(s string) *big.Int

bigFromHex function # 

func bigFromHex(s string) *big.Int

doubleJacobian method #

doubleJacobian takes a point in Jacobian coordinates, (x, y, z), and returns its double, also in Jacobian form.

func (curve *CurveParams) doubleJacobian(x *big.Int, y *big.Int, z *big.Int) (*big.Int, *big.Int, *big.Int)

initAll function # 

func initAll()

initP224 function # 

func initP224()

initP256 function # 

func initP256()

initP384 function # 

func initP384()

initP521 function # 

func initP521()

matchesSpecificCurve function # 

func matchesSpecificCurve(params *CurveParams) (Curve, bool)

normalizeScalar method #

normalizeScalar brings the scalar within the byte size of the order of the curve, as expected by the nistec scalar multiplication functions.

func (curve **ast.IndexExpr) normalizeScalar(scalar []byte) []byte

panicIfNotOnCurve function # 

func panicIfNotOnCurve(curve Curve, x *big.Int, y *big.Int)

pointFromAffine method # 

func (curve **ast.IndexExpr) pointFromAffine(x *big.Int, y *big.Int) (p Point, err error)

pointToAffine method # 

func (curve **ast.IndexExpr) pointToAffine(p Point) (x *big.Int, y *big.Int)

polynomial method #

polynomial returns x³ - 3x + b.

func (curve *CurveParams) polynomial(x *big.Int) *big.Int

zForAffine function #

zForAffine returns a Jacobian Z value for the affine point (x, y). If x and y are zero, it assumes that they represent the point at infinity because (0, 0) is not on the any of the curves handled here.

func zForAffine(x *big.Int, y *big.Int) *big.Int

Generated with Arrow