Fix account key derivation.

In Ed25519, the secret key is just a seed and not a scalar.  It is used
both when hashing the message and used to derive the scalar "d" via
hashing.  Only the scalar "d" needs bit-twiddling.  Bit-twiddling the
seed doesn't make sense.

3 files changed, 2 insertions, 22 deletions

diff --git a/doc/sphinx/cryptography.rst b/doc/sphinx/cryptography.rst
index 194b311..6c25fc0 100644
--- a/doc/sphinx/cryptography.rst
+++ b/doc/sphinx/cryptography.rst
@@ -116,7 +116,7 @@ HKDF to ensure that the result differs from other cases where we hash
 .. code-block:: none
 
     ver_secret := HKDF(kdf_id, "ver", keysize)
-    eddsa_priv := eddsa_d_to_a(ver_secret)
+    eddsa_priv := ver_secret
     eddsa_pub := get_EdDSA_Pub(eddsa_priv)
 
 
@@ -128,14 +128,6 @@ HKDF to ensure that the result differs from other cases where we hash
 
 **ver_secret**: Derived key from the ``kdf_id``, serves as intermediate step for the generation of the private key.
 
-**eddsa_d_to_a()**: Function which converts the ver_key to a valid EdDSA private key. Specifically, assuming the value ``eddsa_priv`` is in a 32-byte array "digest", the function clears and sets certain bits as follows:
-
-.. code-block:: c
-
-  digest[0] &= 0xf8;
-  digest[31] &= 0x7f;
-  digest[31] |= 0x40;
-
 **eddsa_priv**: The generated EdDSA private key.
 
 **eddsa_pub**: The generated EdDSA public key.
diff --git a/doc/system-documentation/design.tex b/doc/system-documentation/design.tex
index 0883e7a..1fe9134 100644
--- a/doc/system-documentation/design.tex
+++ b/doc/system-documentation/design.tex
@@ -357,7 +357,7 @@ that the result differs from other cases where we hash {\em kdf id}:
 eddsa_keys_create (kdf_id, salt, keysize)
 {
   ver_secret = HKDF(kdf_id, salt, keysize)
-  eddsa_priv = eddsa_d_to_a(ver_secret)
+  eddsa_priv = ver_secret
   eddsa_pub = get_eddsa_pub(eddsa_priv)
   return eddsa_priv, eddsa_pub
 }
@@ -369,15 +369,8 @@ eddsa_keys_create (kdf_id, salt, keysize)
 	\item[salt] {Is used that different keys are generated, the salt here is "ver".}
 	\item[key\_size] {Size of the output, here 32 bytes.}
 	\item[ver\_secret] {Derived key from the kdf\_id, serves as intermediate step for the generation of the private key.}
-	\item[eddsa\_d\_to\_a()] {Function which converts the ver\_key to a valid EdDSA private key. Specifically, assuming the value eddsa\_priv is in a 32-byte array “digest”, the function clears and sets certain bits as follows:}
 \end{description}
 
-\begin{lstlisting}
-digest[0] &= 0xf8;
-digest[31] &= 0x7f;
-digest[31] |= 0x40;
-\end{lstlisting}
-
 \begin{description}
 	\item[eddsa\_priv] {The generated EdDSA private key.}
 	\item[eddsa\_pub] {The generated EdDSA public key.}
diff --git a/src/util/anastasis_crypto.c b/src/util/anastasis_crypto.c
index 9231fc1..e122c07 100644
--- a/src/util/anastasis_crypto.c
+++ b/src/util/anastasis_crypto.c
@@ -240,11 +240,6 @@ ANASTASIS_CRYPTO_account_private_key_derive (
     GNUNET_break (0);
     return;
   }
-  /* go from ver_secret to proper private key (eddsa_d_to_a() in spec) */
-
-  priv_key->priv.d[0] &= 0xf8;
-  priv_key->priv.d[31] &= 0x7f;
-  priv_key->priv.d[31] |= 0x40;
 }