package ecdh

Import Path
	crypto/ecdh (on go.dev)

Dependency Relation
	imports 11 packages, and imported by 3 packages

Involved Source Files

	  d ecdh.go
		Package ecdh implements Elliptic Curve Diffie-Hellman over
		NIST curves and Curve25519.

	    nist.go
	    x25519.go
Package-Level Type Names (total 6, in which 3 are exported)

	/* sort exporteds by: alphabet | popularity */
	 type Curve (interface)

		Methods (total 5, in which 3 are exported)
			( Curve) GenerateKey(rand io.Reader) (*PrivateKey, error)
				GenerateKey generates a random PrivateKey.
				
				Most applications should use [crypto/rand.Reader] as rand. Note that the
				returned key does not depend deterministically on the bytes read from rand,
				and may change between calls and/or between versions.

			( Curve) NewPrivateKey(key []byte) (*PrivateKey, error)
				NewPrivateKey checks that key is valid and returns a PrivateKey.
				
				For NIST curves, this follows SEC 1, Version 2.0, Section 2.3.6, which
				amounts to decoding the bytes as a fixed length big endian integer and
				checking that the result is lower than the order of the curve. The zero
				private key is also rejected, as the encoding of the corresponding public
				key would be irregular.
				
				For X25519, this only checks the scalar length.

			( Curve) NewPublicKey(key []byte) (*PublicKey, error)
				NewPublicKey checks that key is valid and returns a PublicKey.
				
				For NIST curves, this decodes an uncompressed point according to SEC 1,
				Version 2.0, Section 2.3.4. Compressed encodings and the point at
				infinity are rejected.
				
				For X25519, this only checks the u-coordinate length. Adversarially
				selected public keys can cause ECDH to return an error.

			/* 2 unexporteds ... *//* 2 unexporteds: */
			( Curve) ecdh(local *PrivateKey, remote *PublicKey) ([]byte, error)
				ecdh performs a ECDH exchange and returns the shared secret. It's exposed
				as the PrivateKey.ECDH method.
				
				The private method also allow us to expand the ECDH interface with more
				methods in the future without breaking backwards compatibility.

			( Curve) privateKeyToPublicKey(*PrivateKey) *PublicKey
				privateKeyToPublicKey converts a PrivateKey to a PublicKey. It's exposed
				as the PrivateKey.PublicKey method.
				
				This method always succeeds: for X25519, the zero key can't be
				constructed due to clamping; for NIST curves, it is rejected by
				NewPrivateKey.

		Implemented By (at least 2, neither is exported)
			/* 2+ unexporteds ... *//* 2+ unexporteds: */
			*nistCurve[...]
			*x25519Curve
		As Outputs Of (at least 8, in which 6 are exported)
			func P256() Curve
			func P384() Curve
			func P521() Curve
			func X25519() Curve
			func (*PrivateKey).Curve() Curve
			func (*PublicKey).Curve() Curve
			/* 2+ unexporteds ... *//* 2+ unexporteds: */
			func crypto/ecdsa.curveToECDH(c elliptic.Curve) Curve
			func crypto/tls.curveForCurveID(id tls.CurveID) (Curve, bool)
		As Inputs Of (at least 3, none are exported)
			/* 3+ unexporteds ... *//* 3+ unexporteds: */
			func newBoringPrivateKey(c Curve, bk *boring.PrivateKeyECDH, privateKey []byte) (*PrivateKey, error)
			func crypto/tls.curveIDForCurve(curve Curve) (tls.CurveID, bool)
			func crypto/x509.oidFromECDHCurve(curve Curve) (asn1.ObjectIdentifier, bool)

	 type PrivateKey (struct)
		PrivateKey is an ECDH private key, usually kept secret.
		
		These keys can be parsed with [crypto/x509.ParsePKCS8PrivateKey] and encoded
		with [crypto/x509.MarshalPKCS8PrivateKey]. For NIST curves, they then need to
		be converted with [crypto/ecdsa.PrivateKey.ECDH] after parsing.

		Fields (total 5, none are exported)
			/* 5 unexporteds ... *//* 5 unexporteds: */
			boring *boring.PrivateKeyECDH
			curve Curve
			privateKey []byte
			publicKey *PublicKey
				publicKey is set under publicKeyOnce, to allow loading private keys with
				NewPrivateKey without having to perform a scalar multiplication.

			publicKeyOnce sync.Once
		Methods (total 6, all are exported)
			(*PrivateKey) Bytes() []byte
				Bytes returns a copy of the encoding of the private key.

			(*PrivateKey) Curve() Curve
			(*PrivateKey) ECDH(remote *PublicKey) ([]byte, error)
				ECDH performs a ECDH exchange and returns the shared secret. The PrivateKey
				and PublicKey must use the same curve.
				
				For NIST curves, this performs ECDH as specified in SEC 1, Version 2.0,
				Section 3.3.1, and returns the x-coordinate encoded according to SEC 1,
				Version 2.0, Section 2.3.5. The result is never the point at infinity.
				
				For X25519, this performs ECDH as specified in RFC 7748, Section 6.1. If
				the result is the all-zero value, ECDH returns an error.

			(*PrivateKey) Equal(x crypto.PrivateKey) bool
				Equal returns whether x represents the same private key as k.
				
				Note that there can be equivalent private keys with different encodings which
				would return false from this check but behave the same way as inputs to ECDH.
				
				This check is performed in constant time as long as the key types and their
				curve match.

			(*PrivateKey) Public() crypto.PublicKey
				Public implements the implicit interface of all standard library private
				keys. See the docs of crypto.PrivateKey.

			(*PrivateKey) PublicKey() *PublicKey
		As Outputs Of (at least 6, in which 3 are exported)
			func Curve.GenerateKey(rand io.Reader) (*PrivateKey, error)
			func Curve.NewPrivateKey(key []byte) (*PrivateKey, error)
			func crypto/ecdsa.(*PrivateKey).ECDH() (*PrivateKey, error)
			/* 3+ unexporteds ... *//* 3+ unexporteds: */
			func newBoringPrivateKey(c Curve, bk *boring.PrivateKeyECDH, privateKey []byte) (*PrivateKey, error)
			func crypto/tls.generateECDHEKey(rand io.Reader, curveID tls.CurveID) (*PrivateKey, error)
			func crypto/tls.(*Conn).makeClientHello() (*tls.clientHelloMsg, *PrivateKey, error)
		As Inputs Of (at least one unexported)
			/* at least one unexported ... *//* at least one unexported: */
			func crypto/x509.marshalECDHPrivateKey(key *PrivateKey) ([]byte, error)

	 type PublicKey (struct)
		PublicKey is an ECDH public key, usually a peer's ECDH share sent over the wire.
		
		These keys can be parsed with [crypto/x509.ParsePKIXPublicKey] and encoded
		with [crypto/x509.MarshalPKIXPublicKey]. For NIST curves, they then need to
		be converted with [crypto/ecdsa.PublicKey.ECDH] after parsing.

		Fields (total 3, none are exported)
			/* 3 unexporteds ... *//* 3 unexporteds: */
			boring *boring.PublicKeyECDH
			curve Curve
			publicKey []byte
		Methods (total 3, all are exported)
			(*PublicKey) Bytes() []byte
				Bytes returns a copy of the encoding of the public key.

			(*PublicKey) Curve() Curve
			(*PublicKey) Equal(x crypto.PublicKey) bool
				Equal returns whether x represents the same public key as k.
				
				Note that there can be equivalent public keys with different encodings which
				would return false from this check but behave the same way as inputs to ECDH.
				
				This check is performed in constant time as long as the key types and their
				curve match.

		As Outputs Of (at least 3, all are exported)
			func Curve.NewPublicKey(key []byte) (*PublicKey, error)
			func (*PrivateKey).PublicKey() *PublicKey
			func crypto/ecdsa.(*PublicKey).ECDH() (*PublicKey, error)
		As Inputs Of (at least one exported)
			func (*PrivateKey).ECDH(remote *PublicKey) ([]byte, error)

	/* 3 unexporteds ... *//* 3 unexporteds: */
	 type nistCurve[Point] (struct)

		Type Parameters:
			Point: nistPoint[Point]

		Fields (total 3, none are exported)
			/* 3 unexporteds ... *//* 3 unexporteds: */
			name string
			newPoint func() Point
			scalarOrder []byte
		Methods (total 6, in which 4 are exported)
			(*nistCurve[Point]) GenerateKey(rand io.Reader) (*PrivateKey, error)
			(*nistCurve[Point]) NewPrivateKey(key []byte) (*PrivateKey, error)
			(*nistCurve[Point]) NewPublicKey(key []byte) (*PublicKey, error)
			(*nistCurve[Point]) String() string
			/* 2 unexporteds ... *//* 2 unexporteds: */
			(*nistCurve[Point]) ecdh(local *PrivateKey, remote *PublicKey) ([]byte, error)
			(*nistCurve[Point]) privateKeyToPublicKey(key *PrivateKey) *PublicKey
		Implements (at least 4, in which 2 are exported)
			*nistCurve : Curve
			*nistCurve : fmt.Stringer
			/* 2+ unexporteds ... *//* 2+ unexporteds: */
			*nistCurve : context.stringer
			*nistCurve : runtime.stringer
		As Types Of (total 3, none are exported)
			/* 3 unexporteds ... *//* 3 unexporteds: */
			  var p256 *nistCurve[...]
			  var p384 *nistCurve[...]
			  var p521 *nistCurve[...]

	 type nistPoint[T] (interface)

		Type Parameters:
			T: any

		nistPoint is a generic constraint for the nistec Point types.

		Methods (total 5, all are exported)
			( nistPoint[T]) Bytes() []byte
			( nistPoint[T]) BytesX() ([]byte, error)
			( nistPoint[T]) ScalarBaseMult([]byte) (T, error)
			( nistPoint[T]) ScalarMult(T, []byte) (T, error)
			( nistPoint[T]) SetBytes([]byte) (T, error)

	 type x25519Curve (struct)

		Methods (total 6, in which 4 are exported)
			(*x25519Curve) GenerateKey(rand io.Reader) (*PrivateKey, error)
			(*x25519Curve) NewPrivateKey(key []byte) (*PrivateKey, error)
			(*x25519Curve) NewPublicKey(key []byte) (*PublicKey, error)
			(*x25519Curve) String() string
			/* 2 unexporteds ... *//* 2 unexporteds: */
			(*x25519Curve) ecdh(local *PrivateKey, remote *PublicKey) ([]byte, error)
			(*x25519Curve) privateKeyToPublicKey(key *PrivateKey) *PublicKey
		Implements (at least 4, in which 2 are exported)
			*x25519Curve : Curve
			*x25519Curve : fmt.Stringer
			/* 2+ unexporteds ... *//* 2+ unexporteds: */
			*x25519Curve : context.stringer
			*x25519Curve : runtime.stringer
		As Types Of (only one, which is unexported)
			/* one unexported ... *//* one unexported: */
			  var x25519 *x25519Curve


Package-Level Functions (total 8, in which 4 are exported)

	 func P256() Curve
		P256 returns a Curve which implements NIST P-256 (FIPS 186-3, section D.2.3),
		also known as secp256r1 or prime256v1.
		
		Multiple invocations of this function will return the same value, which can
		be used for equality checks and switch statements.

	 func P384() Curve
		P384 returns a Curve which implements NIST P-384 (FIPS 186-3, section D.2.4),
		also known as secp384r1.
		
		Multiple invocations of this function will return the same value, which can
		be used for equality checks and switch statements.

	 func P521() Curve
		P521 returns a Curve which implements NIST P-521 (FIPS 186-3, section D.2.5),
		also known as secp521r1.
		
		Multiple invocations of this function will return the same value, which can
		be used for equality checks and switch statements.

	 func X25519() Curve
		X25519 returns a Curve which implements the X25519 function over Curve25519
		(RFC 7748, Section 5).
		
		Multiple invocations of this function will return the same value, so it can
		be used for equality checks and switch statements.

	/* 4 unexporteds ... *//* 4 unexporteds: */
	 func isLess(a, b []byte) bool
		isLess returns whether a < b, where a and b are big-endian buffers of the
		same length and shorter than 72 bytes.

	 func isZero(a []byte) bool
		isZero returns whether a is all zeroes in constant time.

	 func newBoringPrivateKey(c Curve, bk *boring.PrivateKeyECDH, privateKey []byte) (*PrivateKey, error)
	 func x25519ScalarMult(dst, scalar, point []byte)
Package-Level Variables (total 11, none are exported)

	/* 11 unexporteds ... *//* 11 unexporteds: */
	  var errInvalidPrivateKey error
	  var p256 *nistCurve[...]
	  var p256Order []byte
	  var p384 *nistCurve[...]
	  var p384Order []byte
	  var p521 *nistCurve[...]
	  var p521Order []byte
	  var x25519 *x25519Curve
	  var x25519PrivateKeySize int
	  var x25519PublicKeySize int
	  var x25519SharedSecretSize int

The pages are generated with Golds v0.6.7. (GOOS=linux GOARCH=amd64)
Golds is a Go 101 project developed by Tapir Liu.
PR and bug reports are welcome and can be submitted to the issue list.
Please follow @Go100and1 (reachable from the left QR code) to get the latest news of Golds.