Involved Source Files Package elliptic implements the standard NIST P-224, P-256, P-384, and P-521
elliptic curves over prime fields.
Direct use of this package is deprecated, beyond the [P224], [P256], [P384],
and [P521] values necessary to use [crypto/ecdsa]. Most other uses
should migrate to the more efficient and safer [crypto/ecdh], or to
third-party modules for lower-level functionality.nistec.gonistec_p256.goparams.go
Package-Level Type Names (total 6, in which 2 are exported)
/* sort exporteds by: | */
A Curve represents a short-form Weierstrass curve with a=-3.
The behavior of Add, Double, and ScalarMult when the input is not a point on
the curve is undefined.
Note that the conventional point at infinity (0, 0) is not considered on the
curve, although it can be returned by Add, Double, ScalarMult, or
ScalarBaseMult (but not the Unmarshal or UnmarshalCompressed functions).
Using Curve implementations besides those returned by P224(), P256(), P384(),
and P521() is deprecated. Add returns the sum of (x1,y1) and (x2,y2).
Deprecated: this is a low-level unsafe API. Double returns 2*(x,y).
Deprecated: this is a low-level unsafe API. IsOnCurve reports whether the given (x,y) lies on the curve.
Deprecated: this is a low-level unsafe API. For ECDH, use the crypto/ecdh
package. The NewPublicKey methods of NIST curves in crypto/ecdh accept
the same encoding as the Unmarshal function, and perform on-curve checks. Params returns the parameters for the curve. ScalarBaseMult returns k*G, where G is the base point of the group
and k is an integer in big-endian form.
Deprecated: this is a low-level unsafe API. For ECDH, use the crypto/ecdh
package. Most uses of ScalarBaseMult can be replaced by a call to the
PrivateKey.PublicKey method in crypto/ecdh. ScalarMult returns k*(x,y) where k is an integer in big-endian form.
Deprecated: this is a low-level unsafe API. For ECDH, use the crypto/ecdh
package. Most uses of ScalarMult can be replaced by a call to the ECDH
methods of NIST curves in crypto/ecdh.
*CurveParams
crypto/ecdsa.PrivateKey
crypto/ecdsa.PublicKey
*nistCurve[...]
*p256Curve
func P224() Curve
func P256() Curve
func P384() Curve
func P521() Curve
func matchesSpecificCurve(params *CurveParams) (Curve, bool)
func crypto/x509.namedCurveFromOID(oid asn1.ObjectIdentifier) Curve
func GenerateKey(curve Curve, rand io.Reader) (priv []byte, x, y *big.Int, err error)
func Marshal(curve Curve, x, y *big.Int) []byte
func MarshalCompressed(curve Curve, x, y *big.Int) []byte
func Unmarshal(curve Curve, data []byte) (x, y *big.Int)
func UnmarshalCompressed(curve Curve, data []byte) (x, y *big.Int)
func crypto/ecdsa.GenerateKey(c Curve, rand io.Reader) (*ecdsa.PrivateKey, error)
func panicIfNotOnCurve(curve Curve, x, y *big.Int)
func crypto/ecdsa.curveToECDH(c Curve) ecdh.Curve
func crypto/ecdsa.generateLegacy(c Curve, rand io.Reader) (*ecdsa.PrivateKey, error)
func crypto/ecdsa.hashToInt(hash []byte, c Curve) *big.Int
func crypto/ecdsa.precomputeParams[Point](c *ecdsa.nistCurve[Point], curve Curve)
func crypto/ecdsa.randFieldElement(c Curve, rand io.Reader) (k *big.Int, err error)
func crypto/x509.oidFromNamedCurve(curve Curve) (asn1.ObjectIdentifier, bool)
CurveParams contains the parameters of an elliptic curve and also provides
a generic, non-constant time implementation of Curve.
The generic Curve implementation is deprecated, and using custom curves
(those not returned by P224(), P256(), P384(), and P521()) is not guaranteed
to provide any security property. // the constant of the curve equation // the size of the underlying field // (x,y) of the base point // (x,y) of the base point // the order of the base point // the canonical name of the curve // the order of the underlying field Add implements Curve.Add.
Deprecated: the CurveParams methods are deprecated and are not guaranteed to
provide any security property. For ECDH, use the crypto/ecdh package.
For ECDSA, use the crypto/ecdsa package with a Curve value returned directly
from P224(), P256(), P384(), or P521(). Double implements Curve.Double.
Deprecated: the CurveParams methods are deprecated and are not guaranteed to
provide any security property. For ECDH, use the crypto/ecdh package.
For ECDSA, use the crypto/ecdsa package with a Curve value returned directly
from P224(), P256(), P384(), or P521(). IsOnCurve implements Curve.IsOnCurve.
Deprecated: the CurveParams methods are deprecated and are not guaranteed to
provide any security property. For ECDH, use the crypto/ecdh package.
For ECDSA, use the crypto/ecdsa package with a Curve value returned directly
from P224(), P256(), P384(), or P521().(*CurveParams) Params() *CurveParams ScalarBaseMult implements Curve.ScalarBaseMult.
Deprecated: the CurveParams methods are deprecated and are not guaranteed to
provide any security property. For ECDH, use the crypto/ecdh package.
For ECDSA, use the crypto/ecdsa package with a Curve value returned directly
from P224(), P256(), P384(), or P521(). ScalarMult implements Curve.ScalarMult.
Deprecated: the CurveParams methods are deprecated and are not guaranteed to
provide any security property. For ECDH, use the crypto/ecdh package.
For ECDSA, use the crypto/ecdsa package with a Curve value returned directly
from P224(), P256(), P384(), or P521(). addJacobian takes two points in Jacobian coordinates, (x1, y1, z1) and
(x2, y2, z2) and returns their sum, also in Jacobian form. affineFromJacobian reverses the Jacobian transform. See the comment at the
top of the file. If the point is ∞ it returns 0, 0. doubleJacobian takes a point in Jacobian coordinates, (x, y, z), and
returns its double, also in Jacobian form. polynomial returns x³ - 3x + b.
*CurveParams : Curve
func Curve.Params() *CurveParams
func (*CurveParams).Params() *CurveParams
func matchesSpecificCurve(params *CurveParams) (Curve, bool)
Type Parameters:
Point: nistPoint[Point]
nistCurve is a Curve implementation based on a nistec Point.
It's a wrapper that exposes the big.Int-based Curve interface and encodes the
legacy idiosyncrasies it requires, such as invalid and infinity point
handling.
To interact with the nistec package, points are encoded into and decoded from
properly formatted byte slices. All big.Int use is limited to this package.
Encoding and decoding is 1/1000th of the runtime of a scalar multiplication,
so the overhead is acceptable.newPointfunc() Pointparams*CurveParams(*nistCurve[Point]) Add(x1, y1, x2, y2 *big.Int) (*big.Int, *big.Int) CombinedMult returns [s1]G + [s2]P where G is the generator. It's used
through an interface upgrade in crypto/ecdsa.(*nistCurve[Point]) Double(x1, y1 *big.Int) (*big.Int, *big.Int)(*nistCurve[Point]) IsOnCurve(x, y *big.Int) bool(*nistCurve[Point]) Params() *CurveParams(*nistCurve[Point]) ScalarBaseMult(scalar []byte) (*big.Int, *big.Int)(*nistCurve[Point]) ScalarMult(Bx, By *big.Int, scalar []byte) (*big.Int, *big.Int)(*nistCurve[Point]) Unmarshal(data []byte) (x, y *big.Int)(*nistCurve[Point]) UnmarshalCompressed(data []byte) (x, y *big.Int) normalizeScalar brings the scalar within the byte size of the order of the
curve, as expected by the nistec scalar multiplication functions.(*nistCurve[Point]) pointFromAffine(x, y *big.Int) (p Point, err error)(*nistCurve[Point]) pointToAffine(p Point) (x, y *big.Int)
*nistCurve : Curve
*nistCurve : unmarshaler
var p224 *nistCurve[...]
var p384 *nistCurve[...]
var p521 *nistCurve[...]
unmarshaler is implemented by curves with their own constant-time Unmarshal.
There isn't an equivalent interface for Marshal/MarshalCompressed because
that doesn't involve any mathematical operations, only FillBytes and Bit.( unmarshaler) Unmarshal([]byte) (x, y *big.Int)( unmarshaler) UnmarshalCompressed([]byte) (x, y *big.Int)
*nistCurve[...]
*p256Curve
Package-Level Functions (total 19, in which 9 are exported)
GenerateKey returns a public/private key pair. The private key is
generated using the given reader, which must return random data.
Deprecated: for ECDH, use the GenerateKey methods of the crypto/ecdh package;
for ECDSA, use the GenerateKey function of the crypto/ecdsa package.
Marshal converts a point on the curve into the uncompressed form specified in
SEC 1, Version 2.0, Section 2.3.3. If the point is not on the curve (or is
the conventional point at infinity), the behavior is undefined.
Deprecated: for ECDH, use the crypto/ecdh package. This function returns an
encoding equivalent to that of PublicKey.Bytes in crypto/ecdh.
MarshalCompressed converts a point on the curve into the compressed form
specified in SEC 1, Version 2.0, Section 2.3.3. If the point is not on the
curve (or is the conventional point at infinity), the behavior is undefined.
P224 returns a Curve which implements NIST P-224 (FIPS 186-3, section D.2.2),
also known as secp224r1. The CurveParams.Name of this Curve is "P-224".
Multiple invocations of this function will return the same value, so it can
be used for equality checks and switch statements.
The cryptographic operations are implemented using constant-time algorithms.
P256 returns a Curve which implements NIST P-256 (FIPS 186-3, section D.2.3),
also known as secp256r1 or prime256v1. The CurveParams.Name of this Curve is
"P-256".
Multiple invocations of this function will return the same value, so it can
be used for equality checks and switch statements.
The cryptographic operations are implemented using constant-time algorithms.
P384 returns a Curve which implements NIST P-384 (FIPS 186-3, section D.2.4),
also known as secp384r1. The CurveParams.Name of this Curve is "P-384".
Multiple invocations of this function will return the same value, so it can
be used for equality checks and switch statements.
The cryptographic operations are implemented using constant-time algorithms.
P521 returns a Curve which implements NIST P-521 (FIPS 186-3, section D.2.5),
also known as secp521r1. The CurveParams.Name of this Curve is "P-521".
Multiple invocations of this function will return the same value, so it can
be used for equality checks and switch statements.
The cryptographic operations are implemented using constant-time algorithms.
Unmarshal converts a point, serialized by Marshal, into an x, y pair. It is
an error if the point is not in uncompressed form, is not on the curve, or is
the point at infinity. On error, x = nil.
Deprecated: for ECDH, use the crypto/ecdh package. This function accepts an
encoding equivalent to that of the NewPublicKey methods in crypto/ecdh.
UnmarshalCompressed converts a point, serialized by MarshalCompressed, into
an x, y pair. It is an error if the point is not in compressed form, is not
on the curve, or is the point at infinity. On error, x = nil.
zForAffine returns a Jacobian Z value for the affine point (x, y). If x and
y are zero, it assumes that they represent the point at infinity because (0,
0) is not on the any of the curves handled here.
Package-Level Variables (total 6, none are exported)
The pages are generated with Goldsv0.6.7. (GOOS=linux GOARCH=amd64)
Golds is a Go 101 project developed by Tapir Liu.
PR and bug reports are welcome and can be submitted to the issue list.
Please follow @Go100and1 (reachable from the left QR code) to get the latest news of Golds.
