Even in non-deterministic EdDSA, the actual secret key is H(sk).

2018-12-10 21:03:52 +01:00 · 2018-12-10 21:03:52 +01:00 · 055e0ae82c
commit 055e0ae82c
parent 762e5136ed
1 changed files with 1 additions and 2 deletions
--- a/src/libsodium/crypto_sign/ed25519/ref10/sign.c
+++ b/src/libsodium/crypto_sign/ed25519/ref10/sign.c
@ -74,11 +74,10 @@ _crypto_sign_ed25519_detached(unsigned char *sig, unsigned long long *siglen_p,

    _crypto_sign_ed25519_ref10_hinit(&hs, prehashed);

+    crypto_hash_sha512(az, sk, 32);
 #ifdef ED25519_NONDETERMINISTIC
-    memcpy(az, sk, 32);
    _crypto_sign_ed25519_synthetic_r_hv(&hs, nonce, az);
 #else
-    crypto_hash_sha512(az, sk, 32);
    crypto_hash_sha512_update(&hs, az + 32, 32);
 #endif