taler/exchange
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

remove patch_private_key, as it doesn't make any sense

Browse Source 
In particular, we were patching the EdDSA private keys, which are
*hashed* before doing the curve multiplication.  Thus clearing the bits
*before* the hashing doesn't make any sense at all.  These bits are
cleared anyway when deriving the public key.
This commit is contained in:
Florian Dold 2019-11-28 00:24:05 +01:00
parent 3de10da757
commit 499cff87bf
No known key found for this signature in database
GPG Key ID: D2E4F00F29D02A4B
1 changed files with 0 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
src/util/crypto.c
View File

@ -190,32 +190,6 @@ TALER_link_recover_transfer_secret (const struct
}
/**
* Set the bits in the private EdDSA key so that they match
* the specification.
*
* @param[in,out] pk private key to patch
*/
static void
patch_private_key (struct GNUNET_CRYPTO_EddsaPrivateKey *pk)
{
uint8_t *p = (uint8_t *) pk;
/* Taken from like 170-172 of libgcrypt/cipher/ecc.c
* We note that libgcrypt stores the private key in the reverse order
* from many Ed25519 implementatons. */
p[0] &= 0x7f; /* Clear bit 255. */
p[0] |= 0x40; /* Set bit 254. */
p[31] &= 0xf8; /* Clear bits 2..0 so that d mod 8 == 0 */
/* FIXME: Run GNUNET_CRYPTO_ecdhe_key_create several times and inspect
* the output to verify that the same bits are set and cleared.
* Is it worth also adding a test case that runs gcry_pk_testkey on
* this key after first parsing it into libgcrypt's s-expression mess
* ala decode_private_eddsa_key from gnunet/src/util/crypto_ecc.c?
* It'd run check_secret_key but not test_keys from libgcrypt/cipher/ecc.c */}
/**
* Setup information for a fresh coin.
*
@ -240,7 +214,6 @@ TALER_planchet_setup_refresh (const struct TALER_TransferSecretP *secret_seed,
"taler-coin-derivation",
strlen ("taler-coin-derivation"),
NULL, 0));
patch_private_key (&ps->coin_priv.eddsa_priv);
}
@ -255,7 +228,6 @@ TALER_planchet_setup_random (struct TALER_PlanchetSecretsP *ps)
GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_STRONG,
ps,
sizeof (*ps));
patch_private_key (&ps->coin_priv.eddsa_priv);
}