edwards25519

Decrypt decrypts data that was encrypted using the Encrypt function.

Edwards returns a Curve which implements Ed25519.

Encrypt encrypts data for the target public key using AES-256-CBC.

Replace (f,g) with (g,g) if b == 1; replace (f,g) with (f,g) if b == 0.

FeMul calculates h = f * g Can overlap h with f or g.

FeNeg sets h = -f Preconditions: |f| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.

FeSquare calculates h = f*f.

FeSquare2 sets h = 2 * f * f Can overlap h with f.

FeToBytes marshals h to s.

GeDoubleScalarMultVartime sets r = a*A + b*B where a = a[0]+256*a[1]+...+256^31 a[31].

GenerateKey generates a public/private key pair using randomness from rand.

GenerateKey generates a key using a random number generator, returning the private scalar and the corresponding public key points from a random secret.

GeneratePrivateKey is a wrapper for ecdsa.GenerateKey that returns a PrivateKey instead of the normal ecdsa.PrivateKey.

GenerateSharedSecret generates a shared secret based on a private key and a private key using Diffie-Hellman key exchange (ECDH) (RFC 4753).

GeScalarMultBase computes h = a*B, where a = a[0]+256*a[1]+...+256^31 a[31] B is the Ed25519 base point (x,4/5) with x positive.

NewPrivateKey instantiates a new private key from a scalar encoded as a big integer.

NewPublicKey instantiates a new public key.

NewSignature instantiates a new signature given some R,S values.

NonceRFC6979 generates an ECDSA nonce (`k`) deterministically according to RFC 6979.

ParseDERSignature offers a legacy function for plugging into Decred, which is based off btcec.

ParsePubKey parses a public key for an edwards curve from a bytestring into a ecdsa.Publickey, verifying that it is valid.

ParseSignature parses a signature in BER format for the curve type `curve' into a Signature type, performing some basic sanity checks.

PrivKeyFromBytes returns a private and public key for `curve' based on the private key passed as an argument as a byte slice.

PrivKeyFromScalar returns a private and public key for `curve' based on the 32-byte private scalar passed as an argument as a byte slice (encoded big endian int).

PrivKeyFromSecret returns a private and public key for `curve' based on the 32-byte private key secret passed as an argument as a byte slice.

RecoverCompact uses a signature and a hash to recover is private key, is not yet implemented.

Input: a[0]+256*a[1]+...+256^31*a[31] = a b[0]+256*b[1]+...+256^31*b[31] = b c[0]+256*c[1]+...+256^31*c[31] = c Output: s[0]+256*s[1]+...+256^31*s[31] = (ab+c) mod l where l = 2^252 + 27742317777372353535851937790883648493.

Input: s[0]+256*s[1]+...+256^63*s[63] = s Output: s[0]+256*s[1]+...+256^31*s[31] = s mod l where l = 2^252 + 27742317777372353535851937790883648493.

Sign signs the message with privateKey and returns a signature.

SignFromScalar signs a message 'hash' using the given private scalar priv.

SignFromSecret signs a message 'hash' using the given private key priv.

SignFromSecretNoReader signs a message 'hash' using the given private key priv.

Sign is the generalized and exported version of Ed25519 signing, that handles both standard private secrets and non-standard scalars.

SignThreshold signs a message 'hash' using the given private scalar priv in a threshold group signature.

Verify returns true iff sig is a valid signature of message by publicKey.

Verify verifies a message 'hash' using the given public keys and signature.

These constants define the lengths of serialized private keys.

These constants define the lengths of serialized private keys.

These constants define the lengths of serialized public keys.

SignatureSize is the size of an encoded ECDSA signature.

ErrInvalidMAC occurs when Message Authentication Check (MAC) fails during decryption.

Sha512VersionStringRFC6979 is the RFC6979 nonce version for a Schnorr signature over the Curve25519 curve using BLAKE256 as the hash function.

PrivateKey wraps an ecdsa.PrivateKey as a convenience mainly for signing things with the private key without having to directly import the ecdsa package.

Signature is a type representing an ecdsa signature.

TwistedEdwardsCurve extended an elliptical curve set of parameters to satisfy the interface of the elliptic package.

FieldElement represents an element of the field GF(2^255 - 19).

PublicKey is an ecdsa.PublicKey with an additional function to serialize.