Group operations over Curve25519.

Fields

x: Fe,

Types

Namespaces

Functions

fn clampedMul(p: Curve25519, s: [32]u8) IdentityElementError!Curve25519

Multiply a Curve25519 point by a scalar after “clamping” it. Clamping forces th…

Multiply a Curve25519 point by a scalar after “clamping” it. Clamping forces the scalar to be a multiple of the cofactor in order to prevent small subgroups attacks. This is the standard way to use Curve25519 for a DH operation. Return error.IdentityElement if the resulting point is the identity element.

fn clearCofactor(p: Curve25519) WeakPublicKeyError!Curve25519

Multiply a point by the cofactor, returning WeakPublicKey if the element is in a…

Multiply a point by the cofactor, returning WeakPublicKey if the element is in a small-order group.

inline fn fromBytes(s: [32]u8) Curve25519

Decode a Curve25519 point from its compressed (X) coordinates.

fn fromEdwards25519(p: crypto.ecc.Edwards25519) IdentityElementError!Curve25519

Compute the Curve25519 equivalent to an Edwards25519 point.

fn mul(p: Curve25519, s: [32]u8) IdentityElementError || WeakPublicKeyError!Curve25519

Multiply a Curve25519 point by a scalar without clamping it. Return error.Ident…

Multiply a Curve25519 point by a scalar without clamping it. Return error.IdentityElement if the resulting point is the identity element or error.WeakPublicKey if the public key is a low-order point.

fn rejectIdentity(p: Curve25519) IdentityElementError!void

Reject the neutral element.

fn rejectNonCanonical(s: [32]u8) NonCanonicalError!void

Check that the encoding of a Curve25519 point is canonical.

inline fn toBytes(p: Curve25519) [32]u8

Encode a Curve25519 point.

Values

basePoint
Curve25519

The Curve25519 base point.