package ecdsa

import "crypto/internal/fips140/ecdsa"

Index

Functions

func TestingOnlyNewDRBG

func TestingOnlyNewDRBG(hash func() fips140.Hash, entropy, nonce []byte, s []byte) *hmacDRBG

TestingOnlyNewDRBG creates an SP 800-90A Rev. 1 HMAC_DRBG with a plain personalization string.

This should only be used for ACVP testing. hmacDRBG is not intended to be used directly.

func Verify

func Verify[P Point[P]](c *Curve[P], pub *PublicKey, hash []byte, sig *Signature) error

Verify verifies the signature, sig, of hash (which should be the result of hashing a larger message) using the public key, pub. If the hash is longer than the bit-length of the private key's curve order, the hash will be truncated to that length.

The inputs are not considered confidential, and may leak through timing side channels, or if an attacker has control of part of the inputs.

Types

type Curve

type Curve[P Point[P]] struct {
	N *bigmod.Modulus
	// contains filtered or unexported fields
}

func P224

func P224() *Curve[*nistec.P224Point]

func P256

func P256() *Curve[*nistec.P256Point]

func P384

func P384() *Curve[*nistec.P384Point]

func P521

func P521() *Curve[*nistec.P521Point]

type Point

type Point[P any] interface {
	*nistec.P224Point | *nistec.P256Point | *nistec.P384Point | *nistec.P521Point
	Bytes() []byte
	BytesX() ([]byte, error)
	SetBytes([]byte) (P, error)
	ScalarMult(P, []byte) (P, error)
	ScalarBaseMult([]byte) (P, error)
	Add(p1, p2 P) P
}

Point is a generic constraint for the nistec Point types.

type PrivateKey

type PrivateKey struct {
	// contains filtered or unexported fields
}

func GenerateKey

func GenerateKey[P Point[P]](c *Curve[P], rand io.Reader) (*PrivateKey, error)

GenerateKey generates a new ECDSA private key pair for the specified curve.

func NewPrivateKey

func NewPrivateKey[P Point[P]](c *Curve[P], D, Q []byte) (*PrivateKey, error)

func (*PrivateKey) Bytes

func (priv *PrivateKey) Bytes() []byte

func (*PrivateKey) PublicKey

func (priv *PrivateKey) PublicKey() *PublicKey

type PublicKey

type PublicKey struct {
	// contains filtered or unexported fields
}

func NewPublicKey

func NewPublicKey[P Point[P]](c *Curve[P], Q []byte) (*PublicKey, error)

func (*PublicKey) Bytes

func (pub *PublicKey) Bytes() []byte

type Signature

type Signature struct {
	R, S []byte
}

Signature is an ECDSA signature, where r and s are represented as big-endian byte slices of the same length as the curve order.

func Sign

func Sign[P Point[P], H fips140.Hash](c *Curve[P], h func() H, priv *PrivateKey, rand io.Reader, hash []byte) (*Signature, error)

Sign signs a hash (which shall be the result of hashing a larger message with the hash function H) using the private key, priv. If the hash is longer than the bit-length of the private key's curve order, the hash will be truncated to that length.

func SignDeterministic

func SignDeterministic[P Point[P], H fips140.Hash](c *Curve[P], h func() H, priv *PrivateKey, hash []byte) (*Signature, error)

SignDeterministic signs a hash (which shall be the result of hashing a larger message with the hash function H) using the private key, priv. If the hash is longer than the bit-length of the private key's curve order, the hash will be truncated to that length. This applies Deterministic ECDSA as specified in FIPS 186-5 and RFC 6979.

Source Files

cast.go ecdsa.go ecdsa_noasm.go hmacdrbg.go

Version
v1.24.1 (latest)
Published
Feb 27, 2025
Platform
js/wasm
Imports
11 packages
Last checked
11 seconds ago

Tools for package owners.