add_scalar now generates a new salt

2013-04-11 20:17:21 +02:00 · 2013-04-11 20:17:21 +02:00 · 1e49c17da6
commit 1e49c17da6
parent 25176531a4
3 changed files with 10 additions and 1 deletions
--- a/ed25519_32.dll
+++ b/ed25519_32.dll
--- a/ed25519_64.dll
+++ b/ed25519_64.dll
--- a/src/add_scalar.c
+++ b/src/add_scalar.c
@ -1,4 +1,5 @@
 #include "ed25519.h"
+#include "sha512.h"
 #include "ge.h"
 #include "sc.h"

@ -8,6 +9,7 @@ void ed25519_add_scalar(unsigned char *public_key, unsigned char *private_key, c
    const unsigned char SC_1[32] = {1}; /* scalar with value 1 */
    
    unsigned char n[32];
+	unsigned char salt[64];
    ge_p3 nB;
    ge_p1p1 A_p1p1;
    ge_p3 A;
@ -23,8 +25,15 @@ void ed25519_add_scalar(unsigned char *public_key, unsigned char *private_key, c
    n[31] = scalar[31] & 127;

    /* private key: a = n + t */
+	/* we also create a new salt, just to be sure */
    if (private_key) {
        sc_muladd(private_key, SC_1, n, private_key);
+
+		/* generate new salt as the last 32 bytes of SHA512(new_private_key, old_salt) */
+		sha512(private_key, 64, salt);
+		for (i = 0; i < 32; ++i) {
+			private_key[i + 32] = salt[i + 32];
+		}
    }

 	/* public key: A = nB + T */