summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorJeff Burdges <burdges@gnunet.org>2016-08-08 10:38:07 +0200
committerJeff Burdges <burdges@gnunet.org>2016-08-08 10:38:07 +0200
commit7958464696f6451252ff0ae5bc42716e2326f8c4 (patch)
tree7b419659e34aaa3ea39f64eddce2006651f88bf5 /src
parent0fd6cf19afc8091494ba1b2adcf2b4b2c7bcadcb (diff)
downloadexchange-7958464696f6451252ff0ae5bc42716e2326f8c4.tar.gz
exchange-7958464696f6451252ff0ae5bc42716e2326f8c4.tar.bz2
exchange-7958464696f6451252ff0ae5bc42716e2326f8c4.zip
Copy bit twiddling from libgcrypt/cipher/ecc.c
Reversed order buisness agrees with KC's experence from gnunet-rs
Diffstat (limited to 'src')
-rw-r--r--src/util/crypto.c15
1 files changed, 14 insertions, 1 deletions
diff --git a/src/util/crypto.c b/src/util/crypto.c
index 771744c7..caeda3ff 100644
--- a/src/util/crypto.c
+++ b/src/util/crypto.c
@@ -194,7 +194,20 @@ TALER_setup_fresh_coin (const struct TALER_TransferSecretP *secret_seed,
"taler-coin-derivation",
strlen ("taler-coin-derivation"),
NULL, 0));
- /* FIXME: twiddle the bits of the private key */
+
+ /* Taken from like 170-172 of libgcrypt/cipher/ecc.c
+ * We note that libgcrypt stores the private key in the reverse order
+ * from many Ed25519 implementatons. */
+ fc->coin_priv[0] &= 0x7f; /* Clear bit 255. */
+ fc->coin_priv[0] |= 0x40; /* Set bit 254. */
+ fc->coin_priv[31] &= 0xf8; /* Clear bits 2..0 so that d mod 8 == 0 */
+
+ /* FIXME: Run GNUNET_CRYPTO_ecdhe_key_create several times and inspect
+ * the output to verify that the same bits are set and cleared.
+ * Is it worth also adding a test case that runs gcry_pk_testkey on
+ * this key after first parsing it into libgcrypt's s-expression mess
+ * ala decode_private_eddsa_key from gnunet/src/util/crypto_ecc.c?
+ * It'd run check_secret_key but not test_keys from libgcrypt/cipher/ecc.c */
}