Involved Source Files Package elliptic implements the standard NIST P-224, P-256, P-384, and P-521
elliptic curves over prime fields.
Direct use of this package is deprecated, beyond the [P224], [P256], [P384],
and [P521] values necessary to use [crypto/ecdsa]. Most other uses
should migrate to the more efficient and safer [crypto/ecdh], or to
third-party modules for lower-level functionality.nistec.goparams.go
Package-Level Type Names (total 5, in which 2 are exported)
CurveParams contains the parameters of an elliptic curve and also provides
a generic, non-constant time implementation of [Curve].
The generic Curve implementation is deprecated, and using custom curves
(those not returned by [P224], [P256], [P384], and [P521]) is not guaranteed
to provide any security property. // the constant of the curve equation // the size of the underlying field // (x,y) of the base point // (x,y) of the base point // the order of the base point // the canonical name of the curve // the order of the underlying field Add implements [Curve.Add].
Deprecated: the [CurveParams] methods are deprecated and are not guaranteed to
provide any security property. For ECDH, use the [crypto/ecdh] package.
For ECDSA, use the [crypto/ecdsa] package with a [Curve] value returned directly
from [P224], [P256], [P384], or [P521]. Double implements [Curve.Double].
Deprecated: the [CurveParams] methods are deprecated and are not guaranteed to
provide any security property. For ECDH, use the [crypto/ecdh] package.
For ECDSA, use the [crypto/ecdsa] package with a [Curve] value returned directly
from [P224], [P256], [P384], or [P521]. IsOnCurve implements [Curve.IsOnCurve].
Deprecated: the [CurveParams] methods are deprecated and are not guaranteed to
provide any security property. For ECDH, use the [crypto/ecdh] package.
For ECDSA, use the [crypto/ecdsa] package with a [Curve] value returned directly
from [P224], [P256], [P384], or [P521].(*CurveParams) Params() *CurveParams ScalarBaseMult implements [Curve.ScalarBaseMult].
Deprecated: the [CurveParams] methods are deprecated and are not guaranteed to
provide any security property. For ECDH, use the [crypto/ecdh] package.
For ECDSA, use the [crypto/ecdsa] package with a [Curve] value returned directly
from [P224], [P256], [P384], or [P521]. ScalarMult implements [Curve.ScalarMult].
Deprecated: the [CurveParams] methods are deprecated and are not guaranteed to
provide any security property. For ECDH, use the [crypto/ecdh] package.
For ECDSA, use the [crypto/ecdsa] package with a [Curve] value returned directly
from [P224], [P256], [P384], or [P521]. addJacobian takes two points in Jacobian coordinates, (x1, y1, z1) and
(x2, y2, z2) and returns their sum, also in Jacobian form. affineFromJacobian reverses the Jacobian transform. See the comment at the
top of the file. If the point is ∞ it returns 0, 0. doubleJacobian takes a point in Jacobian coordinates, (x, y, z), and
returns its double, also in Jacobian form. polynomial returns x³ - 3x + b.
*CurveParams : Curve
func Curve.Params() *CurveParams
func (*CurveParams).Params() *CurveParams
func matchesSpecificCurve(params *CurveParams) (Curve, bool)
Type Parameters:
Point: nistPoint[Point]
nistCurve is a Curve implementation based on a nistec Point.
It's a wrapper that exposes the big.Int-based Curve interface and encodes the
legacy idiosyncrasies it requires, such as invalid and infinity point
handling.
To interact with the nistec package, points are encoded into and decoded from
properly formatted byte slices. All big.Int use is limited to this package.
Encoding and decoding is 1/1000th of the runtime of a scalar multiplication,
so the overhead is acceptable.newPointfunc() Pointparams*CurveParams(*nistCurve[Point]) Add(x1, y1, x2, y2 *big.Int) (*big.Int, *big.Int)(*nistCurve[Point]) Double(x1, y1 *big.Int) (*big.Int, *big.Int)(*nistCurve[Point]) IsOnCurve(x, y *big.Int) bool(*nistCurve[Point]) Params() *CurveParams(*nistCurve[Point]) ScalarBaseMult(scalar []byte) (*big.Int, *big.Int)(*nistCurve[Point]) ScalarMult(Bx, By *big.Int, scalar []byte) (*big.Int, *big.Int)(*nistCurve[Point]) Unmarshal(data []byte) (x, y *big.Int)(*nistCurve[Point]) UnmarshalCompressed(data []byte) (x, y *big.Int) normalizeScalar brings the scalar within the byte size of the order of the
curve, as expected by the nistec scalar multiplication functions.(*nistCurve[Point]) pointFromAffine(x, y *big.Int) (p Point, err error)(*nistCurve[Point]) pointToAffine(p Point) (x, y *big.Int)
*nistCurve : Curve
*nistCurve : unmarshaler
var p224 *nistCurve[...]
var p256 *nistCurve[...]
var p384 *nistCurve[...]
var p521 *nistCurve[...]
unmarshaler is implemented by curves with their own constant-time Unmarshal.
There isn't an equivalent interface for Marshal/MarshalCompressed because
that doesn't involve any mathematical operations, only FillBytes and Bit.( unmarshaler) Unmarshal([]byte) (x, y *big.Int)( unmarshaler) UnmarshalCompressed([]byte) (x, y *big.Int)
*nistCurve[...]
Package-Level Functions (total 19, in which 9 are exported)
GenerateKey returns a public/private key pair. The private key is
generated using the given reader, which must return random data.
Deprecated: for ECDH, use the GenerateKey methods of the [crypto/ecdh] package;
for ECDSA, use the GenerateKey function of the crypto/ecdsa package.
Marshal converts a point on the curve into the uncompressed form specified in
SEC 1, Version 2.0, Section 2.3.3. If the point is not on the curve (or is
the conventional point at infinity), the behavior is undefined.
Deprecated: for ECDH, use the crypto/ecdh package. This function returns an
encoding equivalent to that of PublicKey.Bytes in crypto/ecdh.
MarshalCompressed converts a point on the curve into the compressed form
specified in SEC 1, Version 2.0, Section 2.3.3. If the point is not on the
curve (or is the conventional point at infinity), the behavior is undefined.
P224 returns a [Curve] which implements NIST P-224 (FIPS 186-3, section D.2.2),
also known as secp224r1. The CurveParams.Name of this [Curve] is "P-224".
Multiple invocations of this function will return the same value, so it can
be used for equality checks and switch statements.
The cryptographic operations are implemented using constant-time algorithms.
P256 returns a [Curve] which implements NIST P-256 (FIPS 186-3, section D.2.3),
also known as secp256r1 or prime256v1. The CurveParams.Name of this [Curve] is
"P-256".
Multiple invocations of this function will return the same value, so it can
be used for equality checks and switch statements.
The cryptographic operations are implemented using constant-time algorithms.
P384 returns a [Curve] which implements NIST P-384 (FIPS 186-3, section D.2.4),
also known as secp384r1. The CurveParams.Name of this [Curve] is "P-384".
Multiple invocations of this function will return the same value, so it can
be used for equality checks and switch statements.
The cryptographic operations are implemented using constant-time algorithms.
P521 returns a [Curve] which implements NIST P-521 (FIPS 186-3, section D.2.5),
also known as secp521r1. The CurveParams.Name of this [Curve] is "P-521".
Multiple invocations of this function will return the same value, so it can
be used for equality checks and switch statements.
The cryptographic operations are implemented using constant-time algorithms.
Unmarshal converts a point, serialized by [Marshal], into an x, y pair. It is
an error if the point is not in uncompressed form, is not on the curve, or is
the point at infinity. On error, x = nil.
Deprecated: for ECDH, use the crypto/ecdh package. This function accepts an
encoding equivalent to that of the NewPublicKey methods in crypto/ecdh.
UnmarshalCompressed converts a point, serialized by [MarshalCompressed], into
an x, y pair. It is an error if the point is not in compressed form, is not
on the curve, or is the point at infinity. On error, x = nil.
zForAffine returns a Jacobian Z value for the affine point (x, y). If x and
y are zero, it assumes that they represent the point at infinity because (0,
0) is not on the any of the curves handled here.
Package-Level Variables (total 6, none are exported)