diff options
author | Florian Dold <florian@dold.me> | 2021-10-19 13:20:03 +0200 |
---|---|---|
committer | Florian Dold <florian@dold.me> | 2021-10-19 13:20:03 +0200 |
commit | f9b3f95b133dd98289ccd165966896fc0af5860d (patch) | |
tree | fa45353a1d3a0eb0f69fa709febae635706b079f /doc/sphinx | |
parent | 3a9e7d47e8c0d8b5cc172d48c44afdeed6414429 (diff) | |
download | anastasis-f9b3f95b133dd98289ccd165966896fc0af5860d.tar.gz anastasis-f9b3f95b133dd98289ccd165966896fc0af5860d.tar.bz2 anastasis-f9b3f95b133dd98289ccd165966896fc0af5860d.zip |
Fix account key derivation.
In Ed25519, the secret key is just a seed and not a scalar. It is used
both when hashing the message and used to derive the scalar "d" via
hashing. Only the scalar "d" needs bit-twiddling. Bit-twiddling the
seed doesn't make sense.
Diffstat (limited to 'doc/sphinx')
-rw-r--r-- | doc/sphinx/cryptography.rst | 10 |
1 files changed, 1 insertions, 9 deletions
diff --git a/doc/sphinx/cryptography.rst b/doc/sphinx/cryptography.rst index 194b311..6c25fc0 100644 --- a/doc/sphinx/cryptography.rst +++ b/doc/sphinx/cryptography.rst @@ -116,7 +116,7 @@ HKDF to ensure that the result differs from other cases where we hash .. code-block:: none ver_secret := HKDF(kdf_id, "ver", keysize) - eddsa_priv := eddsa_d_to_a(ver_secret) + eddsa_priv := ver_secret eddsa_pub := get_EdDSA_Pub(eddsa_priv) @@ -128,14 +128,6 @@ HKDF to ensure that the result differs from other cases where we hash **ver_secret**: Derived key from the ``kdf_id``, serves as intermediate step for the generation of the private key. -**eddsa_d_to_a()**: Function which converts the ver_key to a valid EdDSA private key. Specifically, assuming the value ``eddsa_priv`` is in a 32-byte array "digest", the function clears and sets certain bits as follows: - -.. code-block:: c - - digest[0] &= 0xf8; - digest[31] &= 0x7f; - digest[31] |= 0x40; - **eddsa_priv**: The generated EdDSA private key. **eddsa_pub**: The generated EdDSA public key. |