From 7958464696f6451252ff0ae5bc42716e2326f8c4 Mon Sep 17 00:00:00 2001
From: Jeff Burdges <burdges@gnunet.org>
Date: Mon, 8 Aug 2016 10:38:07 +0200
Subject: Copy bit twiddling from libgcrypt/cipher/ecc.c

Reversed order buisness agrees with KC's experence from gnunet-rs
---
 src/util/crypto.c | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/util/crypto.c b/src/util/crypto.c
index 771744c7e..caeda3ff0 100644
--- a/src/util/crypto.c
+++ b/src/util/crypto.c
@@ -194,7 +194,20 @@ TALER_setup_fresh_coin (const struct TALER_TransferSecretP *secret_seed,
                                     "taler-coin-derivation",
                                     strlen ("taler-coin-derivation"),
                                     NULL, 0));
-  /* FIXME: twiddle the bits of the private key */
+
+  /* Taken from like 170-172 of libgcrypt/cipher/ecc.c
+   * We note that libgcrypt stores the private key in the reverse order
+   * from many Ed25519 implementatons. */
+  fc->coin_priv[0] &= 0x7f;  /* Clear bit 255. */
+  fc->coin_priv[0] |= 0x40;  /* Set bit 254.   */
+  fc->coin_priv[31] &= 0xf8; /* Clear bits 2..0 so that d mod 8 == 0  */
+
+  /* FIXME: Run GNUNET_CRYPTO_ecdhe_key_create several times and inspect
+   * the output to verify that the same bits are set and cleared.  
+   * Is it worth also adding a test case that runs gcry_pk_testkey on
+   * this key after first parsing it into libgcrypt's s-expression mess
+   * ala decode_private_eddsa_key from gnunet/src/util/crypto_ecc.c? 
+   * It'd run check_secret_key but not test_keys from libgcrypt/cipher/ecc.c */
 }
 
 
-- 
cgit v1.2.3