Group operations over Curve25519.
Functions
fn clampedMul(p: Curve25519, s: [32]u8) IdentityElementError!Curve25519
Multiply a Curve25519 point by a scalar after “clamping” it. Clamping forces th…
Multiply a Curve25519 point by a scalar after “clamping” it. Clamping forces the scalar to be a multiple of the cofactor in order to prevent small subgroups attacks. This is the standard way to use Curve25519 for a DH operation. Return error.IdentityElement if the resulting point is the identity element.
fn clearCofactor(p: Curve25519) WeakPublicKeyError!Curve25519
Multiply a point by the cofactor, returning WeakPublicKey if the element is in a…
Multiply a point by the cofactor, returning WeakPublicKey if the element is in a small-order group.
inline fn fromBytes(s: [32]u8) Curve25519
Decode a Curve25519 point from its compressed (X) coordinates.
fn fromEdwards25519(p: crypto.ecc.Edwards25519) IdentityElementError!Curve25519
Compute the Curve25519 equivalent to an Edwards25519 point.
fn mul(p: Curve25519, s: [32]u8) IdentityElementError || WeakPublicKeyError!Curve25519
Multiply a Curve25519 point by a scalar without clamping it. Return error.Ident…
Multiply a Curve25519 point by a scalar without clamping it. Return error.IdentityElement if the resulting point is the identity element or error.WeakPublicKey if the public key is a low-order point.
fn rejectNonCanonical(s: [32]u8) NonCanonicalError!void
Check that the encoding of a Curve25519 point is canonical.