Even in non-deterministic EdDSA, the actual secret key is H(sk).

This commit is contained in:
Frank Denis 2018-12-10 21:03:52 +01:00
parent 762e5136ed
commit 055e0ae82c

View File

@ -74,11 +74,10 @@ _crypto_sign_ed25519_detached(unsigned char *sig, unsigned long long *siglen_p,
_crypto_sign_ed25519_ref10_hinit(&hs, prehashed); _crypto_sign_ed25519_ref10_hinit(&hs, prehashed);
crypto_hash_sha512(az, sk, 32);
#ifdef ED25519_NONDETERMINISTIC #ifdef ED25519_NONDETERMINISTIC
memcpy(az, sk, 32);
_crypto_sign_ed25519_synthetic_r_hv(&hs, nonce, az); _crypto_sign_ed25519_synthetic_r_hv(&hs, nonce, az);
#else #else
crypto_hash_sha512(az, sk, 32);
crypto_hash_sha512_update(&hs, az + 32, 32); crypto_hash_sha512_update(&hs, az + 32, 32);
#endif #endif