crypto::curve25519 +linux +x86_64

The curve25519 module implements the x25519 function which performs scalar multiplication on the elliptic curve known as Curve25519. See RFC 7748.

The implementation is based on the paper "Implementing Curve25519/X25519: A Tutorial on Elliptic Curve Cryptography" by Martin Kleppmann.

This is a low-level module which implements cryptographic primitives. Direct use of cryptographic primitives is not recommended for non-experts, as incorrect use of these primitives can easily lead to the introduction of security vulnerabilities. Non-experts are advised to use the high-level operations available in the top-level crypto module.

Be advised that Hare's cryptography implementations have not been audited.



const POINTSZ: size;
const SCALARSZ: size;




fn clamp(*[SCALARSZ]u8) void;
fn scalarmult(*[SCALARSZ]u8, const *[SCALARSZ]u8, const *[POINTSZ]u8) void;
fn scalarmult_base(*[SCALARSZ]u8, const *[SCALARSZ]u8) void;
fn x25519(*[SCALARSZ]u8, const *[SCALARSZ]u8, const *[POINTSZ]u8) void;


def POINTSZ[link]

def POINTSZ: size;

The size of the point input to X25519.

def SCALARSZ[link]

def SCALARSZ: size;

The size of the scalar input to X25519.


let BASEPOINT[link]


The canonical Curve25519 generator


fn clamp[link]

fn clamp(scalar: *[SCALARSZ]u8) void;

Prepares the scalar to avoid particular attacks. See the "clamping" section in Kleppmann's paper.

fn scalarmult[link]

fn scalarmult(
	out: *[SCALARSZ]u8,
	scalar: const *[SCALARSZ]u8,
	point: const *[POINTSZ]u8,
) void;

Set out to the product (scalar * point)

fn scalarmult_base[link]

fn scalarmult_base(out: *[SCALARSZ]u8, scalar: const *[SCALARSZ]u8) void;

Compute the result of the scalar multiplication (scalar * point) where point is BASEPOINT.

fn x25519[link]

fn x25519(
	out: *[SCALARSZ]u8,
	scalar: const *[SCALARSZ]u8,
	point: const *[POINTSZ]u8,
) void;

Compute the result of the scalar multiplication (scalar * point) and put the result in out.