summaryrefslogtreecommitdiff
path: root/libs/libaxolotl/src/curve25519/ed25519/additions/sign_modified.c
diff options
context:
space:
mode:
Diffstat (limited to 'libs/libaxolotl/src/curve25519/ed25519/additions/sign_modified.c')
-rw-r--r--libs/libaxolotl/src/curve25519/ed25519/additions/sign_modified.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/libs/libaxolotl/src/curve25519/ed25519/additions/sign_modified.c b/libs/libaxolotl/src/curve25519/ed25519/additions/sign_modified.c
index 61332e70e7..b2fb8c20d3 100644
--- a/libs/libaxolotl/src/curve25519/ed25519/additions/sign_modified.c
+++ b/libs/libaxolotl/src/curve25519/ed25519/additions/sign_modified.c
@@ -4,6 +4,7 @@
#include "ge.h"
#include "sc.h"
#include "zeroize.h"
+#include "crypto_additions.h"
/* NEW: Compare to pristine crypto_sign()
Uses explicit private key for nonce derivation and as scalar,
@@ -36,6 +37,7 @@ int crypto_sign_modified(
memmove(sm + 32,pk,32);
sc_reduce(nonce);
+
ge_scalarmult_base(&R,nonce);
ge_p3_tobytes(sm,&R);
@@ -43,5 +45,9 @@ int crypto_sign_modified(
sc_reduce(hram);
sc_muladd(sm + 32,hram,sk,nonce); /* NEW: Use privkey directly */
+ /* Erase any traces of private scalar or
+ nonce left in the stack from sc_muladd */
+ zeroize_stack();
+ zeroize(nonce, 64);
return 0;
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-12 15:34:51 +0000