/* (E = a C = -C) */
f25519_sub(&t0, &t2, &t1); /* t0 = F = D - C = E + D */
f25519_sqr(&t1, Z0); /* t1 = H = Z0^2 */
- f25519_mulconst(&t1, &t1, 2); /* t1 = 2 H */
+ f25519_add(&t1, &t1, &t1); /* t1 = 2 H */
f25519_sub(&t1, &t0, &t1); /* t1 = J = F - 2 H */
f25519_mul(X, X, &t1); /* X = (B - C - D) J */
f25519_mul(Y, Y, &t0); /* Y = -F (E - D) */
const void *m, size_t msz)
{
sha512_ctx h;
- scaf_piece a[NPIECE], r[NPIECE], t[NPIECE], scratch[3*NPIECE + 1];
+ scaf_piece a[NPIECE], r[NPIECE], t[NPIECE], scratch[3*NPIECE];
scaf_dblpiece tt[2*NPIECE];
f25519 RX, RY, RZ;
octet h1[32], pb[PREFIX_BUFSZ], rb[SHA512_HASHSZ];
const octet sig[ED25519_SIGSZ])
{
sha512_ctx h;
- scaf_piece s[NPIECE], t[NPIECE], scratch[3*NPIECE + 1];
+ scaf_piece s[NPIECE], t[NPIECE], scratch[3*NPIECE];
scaf_dblpiece tt[2*NPIECE];
f25519 AX, AY, AZ, RX, RY, RZ;
octet b[PREFIX_BUFSZ];
#include <mLib/report.h>
#include <mLib/testrig.h>
+#include "ct.h"
+
static int vrf_pubkey(dstr dv[])
{
dstr dpub = DSTR_INIT;
if (dv[1].len != ED25519_PUBSZ) die(1, "bad pub length");
+ ct_poison(dv[0].buf, dv[0].len);
dstr_ensure(&dpub, ED25519_PUBSZ); dpub.len = ED25519_PUBSZ;
ed25519_pubkey((octet *)dpub.buf, dv[0].buf, dv[0].len);
+ ct_remedy(dpub.buf, dpub.len);
if (memcmp(dpub.buf, dv[1].buf, ED25519_PUBSZ) != 0) {
ok = 0;
fprintf(stderr, "failed!");
if (want->len != ED25519_SIGSZ) die(1, "bad result length");
+ ct_poison(priv->buf, priv->len);
dstr_ensure(&dsig, ED25519_SIGSZ); dsig.len = ED25519_SIGSZ;
if (phflag <= 0)
m = msg;
ed25519ctx_sign((octet *)dsig.buf, priv->buf, priv->len, K,
phflag, perso ? perso->buf : 0, perso ? perso->len : 0,
m->buf, m->len);
+ ct_remedy(dsig.buf, dsig.len);
if (memcmp(dsig.buf, want->buf, ED25519_SIGSZ) != 0) {
ok = 0;
fprintf(stderr, "failed!");