gtsocial-umbx

Unnamed repository; edit this file 'description' to name the repository.
Log | Files | Refs | README | LICENSE

curve25519.go (2156B)

      1 // Copyright 2019 The Go Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style
      3 // license that can be found in the LICENSE file.
      4 
      5 // Package curve25519 provides an implementation of the X25519 function, which
      6 // performs scalar multiplication on the elliptic curve known as Curve25519.
      7 // See RFC 7748.
      8 //
      9 // Starting in Go 1.20, this package is a wrapper for the X25519 implementation
     10 // in the crypto/ecdh package.
     11 package curve25519 // import "golang.org/x/crypto/curve25519"
     12 
     13 // ScalarMult sets dst to the product scalar * point.
     14 //
     15 // Deprecated: when provided a low-order point, ScalarMult will set dst to all
     16 // zeroes, irrespective of the scalar. Instead, use the X25519 function, which
     17 // will return an error.
     18 func ScalarMult(dst, scalar, point *[32]byte) {
     19 	scalarMult(dst, scalar, point)
     20 }
     21 
     22 // ScalarBaseMult sets dst to the product scalar * base where base is the
     23 // standard generator.
     24 //
     25 // It is recommended to use the X25519 function with Basepoint instead, as
     26 // copying into fixed size arrays can lead to unexpected bugs.
     27 func ScalarBaseMult(dst, scalar *[32]byte) {
     28 	scalarBaseMult(dst, scalar)
     29 }
     30 
     31 const (
     32 	// ScalarSize is the size of the scalar input to X25519.
     33 	ScalarSize = 32
     34 	// PointSize is the size of the point input to X25519.
     35 	PointSize = 32
     36 )
     37 
     38 // Basepoint is the canonical Curve25519 generator.
     39 var Basepoint []byte
     40 
     41 var basePoint = [32]byte{9}
     42 
     43 func init() { Basepoint = basePoint[:] }
     44 
     45 // X25519 returns the result of the scalar multiplication (scalar * point),
     46 // according to RFC 7748, Section 5. scalar, point and the return value are
     47 // slices of 32 bytes.
     48 //
     49 // scalar can be generated at random, for example with crypto/rand. point should
     50 // be either Basepoint or the output of another X25519 call.
     51 //
     52 // If point is Basepoint (but not if it's a different slice with the same
     53 // contents) a precomputed implementation might be used for performance.
     54 func X25519(scalar, point []byte) ([]byte, error) {
     55 	// Outline the body of function, to let the allocation be inlined in the
     56 	// caller, and possibly avoid escaping to the heap.
     57 	var dst [32]byte
     58 	return x25519(&dst, scalar, point)
     59 }