Archived. Curve25519 support has been integrated into mirage-crypto-ec (via fiat-crypto). Hacl bindings are available from the hacl-star opam package. OCaml bindings for HACL* elliptic curves
X25519 returns all zeroes if public key has low order. This is meant to be checked by the caller depending on the protocol. In our case, we're only interested in TLS, so this adds an extra error case.
X25519 returns all zeroes if public key has low order. This is meant to be checked by the caller depending on the protocol. In our case, we're only interested in TLS, so this adds an extra error case.