commit 3a9e7d47e8c0d8b5cc172d48c44afdeed6414429
parent 708b89e8c6878b5bae23ab8f371c9b7984b71c2a
Author: Florian Dold <florian@dold.me>
Date: Mon, 18 Oct 2021 20:24:30 +0200
do bit twiddling correctly, it's little-endian
Diffstat:
3 files changed, 10 insertions(+), 6 deletions(-)
diff --git a/doc/sphinx/cryptography.rst b/doc/sphinx/cryptography.rst
@@ -132,8 +132,9 @@ HKDF to ensure that the result differs from other cases where we hash
.. code-block:: c
- digest[0] = (digest[0] & 0x7f) | 0x40;
- digest[31] &= 0xf8;
+ digest[0] &= 0xf8;
+ digest[31] &= 0x7f;
+ digest[31] |= 0x40;
**eddsa_priv**: The generated EdDSA private key.
diff --git a/doc/system-documentation/design.tex b/doc/system-documentation/design.tex
@@ -373,8 +373,9 @@ eddsa_keys_create (kdf_id, salt, keysize)
\end{description}
\begin{lstlisting}
-digest[0] = (digest[0] & 0x7f) | 0x40;
-digest[31] &= 0xf8;
+digest[0] &= 0xf8;
+digest[31] &= 0x7f;
+digest[31] |= 0x40;
\end{lstlisting}
\begin{description}
diff --git a/src/util/anastasis_crypto.c b/src/util/anastasis_crypto.c
@@ -241,8 +241,10 @@ ANASTASIS_CRYPTO_account_private_key_derive (
return;
}
/* go from ver_secret to proper private key (eddsa_d_to_a() in spec) */
- priv_key->priv.d[0] = (priv_key->priv.d[0] & 0x7f) | 0x40;
- priv_key->priv.d[31] &= 0xf8;
+
+ priv_key->priv.d[0] &= 0xf8;
+ priv_key->priv.d[31] &= 0x7f;
+ priv_key->priv.d[31] |= 0x40;
}
