Namespace: go.std.crypto.ecdsa
v1.0Contents
Summary
Provides a lowlevel interface to the crypto/ecdsa package.
Package ecdsa implements the Elliptic Curve Digital Signature Algorithm, as
defined in FIPS 1863.
This implementation derives the nonce from an AESCTR CSPRNG keyed by:
SHA2512(priv.D  entropy  hash)[:32]
The CSPRNG key is indifferentiable from a random oracle as shown in
[Coron], the AESCTR stream is indifferentiable from a random oracle
under standard cryptographic assumptions (see [Larsson] for examples).
References:
[Coron]
https://cs.nyu.edu/~dodis/ps/merkle.pdf
[Larsson]
https://web.archive.org/web/20040719170906/https://www.nada.kth.se/kurser/kth/2D1441/semteo03/lecturenotes/assump.pdf
Index
 *PrivateKey
 *PublicKey
 GenerateKey
 PrivateKey
 PublicKey
 Sign
 SignASN1
 Verify
 VerifyASN1
 arrayOfPrivateKey
 arrayOfPublicKey
Legend

Constant
Variable
Function
Macro
Special form
Type
GoVar
Receiver/Method
Constants
Constants are variables with :const true in their metadata. Joker currently does not recognize them as special; as such, it allows redefining them or their values.
(None.)
Variables

(None.)
Functions, Macros, and Special Forms

GenerateKey
Function v1.0(GenerateKey c rand)
GenerateKey generates a public and private key pair.
Go input arguments: (c crypto/elliptic.Curve, rand io.Reader)
Go returns: (*PrivateKey, error)
Joker input arguments: [^go.std.crypto.elliptic/Curve c, ^go.std.io/Reader rand]
Joker returns: [^*PrivateKey, ^Error] 
Sign
Function v1.0(Sign rand priv hash)
Sign signs a hash (which should be the result of hashing a larger message)
using the private key, priv. If the hash is longer than the bitlength of the
private key's curve order, the hash will be truncated to that length. It
returns the signature as a pair of integers. The security of the private key
depends on the entropy of rand.
Go input arguments: (rand io.Reader, priv *PrivateKey, hash []byte)
Go returns: (r *math/big.Int, s *math/big.Int, err error)
Joker input arguments: [^go.std.io/Reader rand, ^*PrivateKey priv, ^arrayOfByte hash]
Joker returns: [^go.std.math.big/*Int r, ^go.std.math.big/*Int s, ^Error err] 
SignASN1
Function v1.0(SignASN1 rand priv hash)
SignASN1 signs a hash (which should be the result of hashing a larger message)
using the private key, priv. If the hash is longer than the bitlength of the
private key's curve order, the hash will be truncated to that length. It
returns the ASN.1 encoded signature. The security of the private key
depends on the entropy of rand.
Go input arguments: (rand io.Reader, priv *PrivateKey, hash []byte)
Go returns: ([]byte, error)
Joker input arguments: [^go.std.io/Reader rand, ^*PrivateKey priv, ^arrayOfByte hash]
Joker returns: [^arrayOfByte, ^Error] 
Verify
Function v1.0(Verify pub hash r s)
Verify verifies the signature in r, s of hash using the public key, pub. Its
return value records whether the signature is valid.
Go input arguments: (pub *PublicKey, hash []byte, r *math/big.Int, s *math/big.Int)
Go returns: bool
Joker input arguments: [^*PublicKey pub, ^arrayOfByte hash, ^go.std.math.big/*Int r, ^go.std.math.big/*Int s]
Joker returns: ^Boolean 
VerifyASN1
Function v1.0(VerifyASN1 pub hash sig)
VerifyASN1 verifies the ASN.1 encoded signature, sig, of hash using the
public key, pub. Its return value records whether the signature is valid.
Go input arguments: (pub *PublicKey, hash []byte, sig []byte)
Go returns: bool
Joker input arguments: [^*PublicKey pub, ^arrayOfByte hash, ^arrayOfByte sig]
Joker returns: ^Boolean
Types

*PrivateKey
Concrete Type v1.0PrivateKey represents an ECDSA private key.

Equal
Receiver for *PrivateKey v1.0([x])
Equal reports whether priv and x have the same value.
See PublicKey.Equal for details on how Curve is compared.

Public
Receiver for *PrivateKey v1.0([])
Public returns the public key corresponding to priv.

Sign
Receiver for *PrivateKey v1.0([rand digest opts])
Sign signs digest with priv, reading randomness from rand. The opts argument
is not currently used but, in keeping with the crypto.Signer interface,
should be the hash function used to digest the message.
This method implements crypto.Signer, which is an interface to support keys
where the private part is kept in, for example, a hardware module. Common
uses should use the Sign function in this package directly.

*PublicKey
Concrete Type v1.0PublicKey represents an ECDSA public key.

Equal
Receiver for *PublicKey v1.0([x])
Equal reports whether pub and x have the same value.
Two keys are only considered to have the same value if they have the same Curve value.
Note that for example elliptic.P256() and elliptic.P256().Params() are different
values, as the latter is a generic not constant time implementation.

PrivateKey
Concrete Type v1.0PrivateKey represents an ECDSA private key.

PublicKey
Concrete Type v1.0PublicKey represents an ECDSA public key.

arrayOfPrivateKey
Concrete Type v1.0PrivateKey represents an ECDSA private key.

arrayOfPublicKey
Concrete Type v1.0PublicKey represents an ECDSA public key.