do bit twiddling correctly, it's little-endian

3 files changed, 10 insertions, 6 deletions

diff --git a/doc/sphinx/cryptography.rst b/doc/sphinx/cryptography.rst
index 406732a..194b311 100644
--- a/doc/sphinx/cryptography.rst
+++ b/doc/sphinx/cryptography.rst
@@ -132,8 +132,9 @@ HKDF to ensure that the result differs from other cases where we hash
 
 .. code-block:: c
 
-   digest[0] = (digest[0] & 0x7f) | 0x40;
-   digest[31] &= 0xf8;
+  digest[0] &= 0xf8;
+  digest[31] &= 0x7f;
+  digest[31] |= 0x40;
 
 **eddsa_priv**: The generated EdDSA private key.
 
diff --git a/doc/system-documentation/design.tex b/doc/system-documentation/design.tex
index 650beb1..0883e7a 100644
--- a/doc/system-documentation/design.tex
+++ b/doc/system-documentation/design.tex
@@ -373,8 +373,9 @@ eddsa_keys_create (kdf_id, salt, keysize)
 \end{description}
 
 \begin{lstlisting}
-digest[0] = (digest[0] & 0x7f) | 0x40;
-digest[31] &= 0xf8;
+digest[0] &= 0xf8;
+digest[31] &= 0x7f;
+digest[31] |= 0x40;
 \end{lstlisting}
 
 \begin{description}
diff --git a/src/util/anastasis_crypto.c b/src/util/anastasis_crypto.c
index 1025e60..9231fc1 100644
--- a/src/util/anastasis_crypto.c
+++ b/src/util/anastasis_crypto.c
@@ -241,8 +241,10 @@ ANASTASIS_CRYPTO_account_private_key_derive (
     return;
   }
   /* go from ver_secret to proper private key (eddsa_d_to_a() in spec) */
-  priv_key->priv.d[0] = (priv_key->priv.d[0] & 0x7f) | 0x40;
-  priv_key->priv.d[31] &= 0xf8;
+
+  priv_key->priv.d[0] &= 0xf8;
+  priv_key->priv.d[31] &= 0x7f;
+  priv_key->priv.d[31] |= 0x40;
 }