`package `**ecdh**
Import Path
crypto/ecdh* (on go.dev)*
Dependency Relation
imports 11 packages, and imported by 3 packages
Involved Source Files
Package ecdh implements Elliptic Curve Diffie-Hellman over
NIST curves and Curve25519.
nist.go
x25519.go
Package-Level Type Names* (total 6, in which 3 are exported)*
GenerateKey generates a random PrivateKey.
Most applications should use [crypto/rand.Reader] as rand. Note that the
returned key does not depend deterministically on the bytes read from rand,
and may change between calls and/or between versions.
NewPrivateKey checks that key is valid and returns a PrivateKey.
For NIST curves, this follows SEC 1, Version 2.0, Section 2.3.6, which
amounts to decoding the bytes as a fixed length big endian integer and
checking that the result is lower than the order of the curve. The zero
private key is also rejected, as the encoding of the corresponding public
key would be irregular.
For X25519, this only checks the scalar length.
NewPublicKey checks that key is valid and returns a PublicKey.
For NIST curves, this decodes an uncompressed point according to SEC 1,
Version 2.0, Section 2.3.4. Compressed encodings and the point at
infinity are rejected.
For X25519, this only checks the u-coordinate length. Adversarially
selected public keys can cause ECDH to return an error.
*
ecdh performs a ECDH exchange and returns the shared secret. It's exposed
as the PrivateKey.ECDH method.
The private method also allow us to expand the ECDH interface with more
methods in the future without breaking backwards compatibility.
**
privateKeyToPublicKey converts a PrivateKey to a PublicKey. It's exposed
as the PrivateKey.PublicKey method.
This method always succeeds: for X25519, the zero key can't be
constructed due to clamping; for NIST curves, it is rejected by
NewPrivateKey.
*
*
*nistCurve[...]**
*x25519Curve*
func P256() **Curve**
func P384() **Curve**
func P521() **Curve**
func X25519() **Curve**
func (*PrivateKey).Curve() **Curve**
func (*PublicKey).Curve() **Curve**
*
func crypto/ecdsa.curveToECDH(c elliptic.Curve) ***Curve***
func crypto/tls.curveForCurveID(id tls.CurveID) (***Curve**, bool)
*
func newBoringPrivateKey(c ***Curve**, bk *boring.PrivateKeyECDH, privateKey []byte) (*PrivateKey, error)*
func crypto/tls.curveIDForCurve(curve ***Curve**) (tls.CurveID, bool)*
func crypto/x509.oidFromECDHCurve(curve ***Curve**) (asn1.ObjectIdentifier, bool)
PrivateKey is an ECDH private key, usually kept secret.
These keys can be parsed with [crypto/x509.ParsePKCS8PrivateKey] and encoded
with [crypto/x509.MarshalPKCS8PrivateKey]. For NIST curves, they then need to
be converted with [crypto/ecdsa.PrivateKey.ECDH] after parsing.
*
boring ***boring.PrivateKeyECDH**
curve **Curve**
privateKey **[]byte**
publicKey is set under publicKeyOnce, to allow loading private keys with
NewPrivateKey without having to perform a scalar multiplication.
**
publicKeyOnce **sync.Once*
Bytes returns a copy of the encoding of the private key.
(*PrivateKey) Curve() Curve
ECDH performs a ECDH exchange and returns the shared secret. The PrivateKey
and PublicKey must use the same curve.
For NIST curves, this performs ECDH as specified in SEC 1, Version 2.0,
Section 3.3.1, and returns the x-coordinate encoded according to SEC 1,
Version 2.0, Section 2.3.5. The result is never the point at infinity.
For X25519, this performs ECDH as specified in RFC 7748, Section 6.1. If
the result is the all-zero value, ECDH returns an error.
Equal returns whether x represents the same private key as k.
Note that there can be equivalent private keys with different encodings which
would return false from this check but behave the same way as inputs to ECDH.
This check is performed in constant time as long as the key types and their
curve match.
Public implements the implicit interface of all standard library private
keys. See the docs of crypto.PrivateKey.
(*PrivateKey) PublicKey() *PublicKey
func Curve.GenerateKey(rand io.Reader) (***PrivateKey**, error)
func Curve.NewPrivateKey(key []byte) (***PrivateKey**, error)
func crypto/ecdsa.(*PrivateKey).ECDH() (***PrivateKey**, error)
*
func newBoringPrivateKey(c Curve, bk *boring.PrivateKeyECDH, privateKey []byte) (****PrivateKey**, error)*
func crypto/tls.generateECDHEKey(rand io.Reader, curveID tls.CurveID) (****PrivateKey**, error)*
func crypto/tls.(*Conn).makeClientHello() (*tls.clientHelloMsg, ****PrivateKey**, error)
*
func crypto/x509.marshalECDHPrivateKey(key ****PrivateKey**) ([]byte, error)
PublicKey is an ECDH public key, usually a peer's ECDH share sent over the wire.
These keys can be parsed with [crypto/x509.ParsePKIXPublicKey] and encoded
with [crypto/x509.MarshalPKIXPublicKey]. For NIST curves, they then need to
be converted with [crypto/ecdsa.PublicKey.ECDH] after parsing.
*
boring ***boring.PublicKeyECDH**
curve **Curve**
publicKey **[]byte*
Bytes returns a copy of the encoding of the public key.
(*PublicKey) Curve() Curve
Equal returns whether x represents the same public key as k.
Note that there can be equivalent public keys with different encodings which
would return false from this check but behave the same way as inputs to ECDH.
This check is performed in constant time as long as the key types and their
curve match.
func Curve.NewPublicKey(key []byte) (***PublicKey**, error)
func (*PrivateKey).PublicKey() ***PublicKey**
func crypto/ecdsa.(*PublicKey).ECDH() (***PublicKey**, error)
func (*PrivateKey).ECDH(remote ***PublicKey**) ([]byte, error)
Package-Level Functions* (total 8, in which 4 are exported)*
P256 returns a Curve which implements NIST P-256 (FIPS 186-3, section D.2.3),
also known as secp256r1 or prime256v1.
Multiple invocations of this function will return the same value, which can
be used for equality checks and switch statements.
P384 returns a Curve which implements NIST P-384 (FIPS 186-3, section D.2.4),
also known as secp384r1.
Multiple invocations of this function will return the same value, which can
be used for equality checks and switch statements.
P521 returns a Curve which implements NIST P-521 (FIPS 186-3, section D.2.5),
also known as secp521r1.
Multiple invocations of this function will return the same value, which can
be used for equality checks and switch statements.
X25519 returns a Curve which implements the X25519 function over Curve25519
(RFC 7748, Section 5).
Multiple invocations of this function will return the same value, so it can
be used for equality checks and switch statements.
Package-Level Variables* (total 11, none are exported)*

The pages are generated with Golds v0.6.7. (GOOS=linux GOARCH=amd64)
Golds is a Go 101 project developed by Tapir Liu.
PR and bug reports are welcome and can be submitted to the issue list.
Please follow @Go100and1 (reachable from the left QR code) to get the latest news of Golds. |