package ecdsa

import "crypto/internal/fips140/ecdsa"

Index

Functions

func TestingOnlyNewDRBG

func TestingOnlyNewDRBG[H hash.Hash](hash func() H, entropy, nonce []byte, s []byte) *hmacDRBG

TestingOnlyNewDRBG creates an SP 800-90A Rev. 1 HMAC_DRBG with a plain personalization string.

This should only be used for ACVP testing. hmacDRBG is not intended to be used directly.

func Verify

func Verify[P Point[P]](c *Curve[P], pub *PublicKey, hash []byte, sig *Signature) error

Verify verifies the signature, sig, of hash (which should be the result of hashing a larger message) using the public key, pub. If the hash is longer than the bit-length of the private key's curve order, the hash will be truncated to that length.

The inputs are not considered confidential, and may leak through timing side channels, or if an attacker has control of part of the inputs.

Types

type Curve

type Curve[P Point[P]] struct {
	N *bigmod.Modulus
	// contains filtered or unexported fields
}

func P224

func P224() *Curve[*nistec.P224Point]

func P256

func P256() *Curve[*nistec.P256Point]

func P384

func P384() *Curve[*nistec.P384Point]

func P521

func P521() *Curve[*nistec.P521Point]

type Point

type Point[P any] interface {
	*nistec.P224Point | *nistec.P256Point | *nistec.P384Point | *nistec.P521Point
	Bytes() []byte
	BytesX() ([]byte, error)
	SetBytes([]byte) (P, error)
	ScalarMult(P, []byte) (P, error)
	ScalarBaseMult([]byte) (P, error)
	Add(p1, p2 P) P
}

Point is a generic constraint for the nistec Point types.

type PrivateKey

type PrivateKey struct {
	// contains filtered or unexported fields
}

func GenerateKey

func GenerateKey[P Point[P]](c *Curve[P], rand io.Reader) (*PrivateKey, error)

GenerateKey generates a new ECDSA private key pair for the specified curve.

func NewPrivateKey

func NewPrivateKey[P Point[P]](c *Curve[P], D, Q []byte) (*PrivateKey, error)

NewPrivateKey creates a new ECDSA private key from the given D and Q byte slices. D must be the fixed-length big-endian encoding of the private scalar, and Q must be the compressed or uncompressed encoding of the public point.

func (*PrivateKey) Bytes

func (priv *PrivateKey) Bytes() []byte

func (*PrivateKey) PublicKey

func (priv *PrivateKey) PublicKey() *PublicKey

type PublicKey

type PublicKey struct {
	// contains filtered or unexported fields
}

func NewPublicKey

func NewPublicKey[P Point[P]](c *Curve[P], Q []byte) (*PublicKey, error)

NewPublicKey creates a new ECDSA public key from the given Q byte slice. Q must be the compressed or uncompressed encoding of the public point.

func (*PublicKey) Bytes

func (pub *PublicKey) Bytes() []byte

type Signature

type Signature struct {
	R, S []byte
}

Signature is an ECDSA signature, where r and s are represented as big-endian byte slices of the same length as the curve order.

func Sign

func Sign[P Point[P], H hash.Hash](c *Curve[P], h func() H, priv *PrivateKey, rand io.Reader, hash []byte) (*Signature, error)

Sign signs a hash (which shall be the result of hashing a larger message with the hash function H) using the private key, priv. If the hash is longer than the bit-length of the private key's curve order, the hash will be truncated to that length.

func SignDeterministic

func SignDeterministic[P Point[P], H hash.Hash](c *Curve[P], h func() H, priv *PrivateKey, hash []byte) (*Signature, error)

SignDeterministic signs a hash (which shall be the result of hashing a larger message with the hash function H) using the private key, priv. If the hash is longer than the bit-length of the private key's curve order, the hash will be truncated to that length. This applies Deterministic ECDSA as specified in FIPS 186-5 and RFC 6979.