fgoldi_sub(&t1, &t1, &t2); /* t1 = C - D */
fgoldi_sub(X, &t0, Y); /* X = c (B - E) */
fgoldi_sqr(&t0, Z0); /* t0 = H = (c Z0)^2 */
- fgoldi_mulconst(&t0, &t0, 2); /* t0 = 2 H */
+ fgoldi_add(&t0, &t0, &t0); /* t0 = 2 H */
fgoldi_sub(&t0, Y, &t0); /* t0 = J = E - 2 H */
fgoldi_mul(X, X, &t0); /* X = c (B - E) J */
fgoldi_mul(Z, Y, &t0); /* Z = E J */
const void *m, size_t msz)
{
shake_ctx h;
- scaf_piece a[NPIECE], r[NPIECE], t[NPIECE], scratch[3*NPIECE + 1];
+ scaf_piece a[NPIECE], r[NPIECE], t[NPIECE], scratch[3*NPIECE];
scaf_dblpiece tt[2*NPIECE];
fgoldi RX, RY, RZ;
octet h1[57], pb[PREFIX_BUFSZ], rb[114];
const octet sig[ED448_SIGSZ])
{
shake_ctx h;
- scaf_piece s[NPIECE], t[NPIECE], scratch[3*NPIECE + 1];
+ scaf_piece s[NPIECE], t[NPIECE], scratch[3*NPIECE];
scaf_dblpiece tt[2*NPIECE];
fgoldi AX, AY, AZ, RX, RY, RZ;
octet b[PREFIX_BUFSZ];
#include <mLib/report.h>
#include <mLib/testrig.h>
+#include "ct.h"
+
static int vrf_pubkey(dstr dv[])
{
dstr dpub = DSTR_INIT;
if (dv[1].len != ED448_PUBSZ) die(1, "bad pub length");
+ ct_poison(dv[0].buf, dv[0].len);
dstr_ensure(&dpub, ED448_PUBSZ); dpub.len = ED448_PUBSZ;
ed448_pubkey((octet *)dpub.buf, dv[0].buf, dv[0].len);
+ ct_remedy(dpub.buf, dpub.len);
if (memcmp(dpub.buf, dv[1].buf, ED448_PUBSZ) != 0) {
ok = 0;
fprintf(stderr, "failed!");
if (want->len != ED448_SIGSZ) die(1, "bad result length");
+ ct_poison(priv->buf, priv->len);
dstr_ensure(&dsig, ED448_SIGSZ); dsig.len = ED448_SIGSZ;
if (phflag <= 0)
m = msg;
ed448_sign((octet *)dsig.buf, priv->buf, priv->len, K,
phflag, perso ? perso->buf : 0, perso ? perso->len : 0,
m->buf, m->len);
+ ct_remedy(dsig.buf, dsig.len);
if (memcmp(dsig.buf, want->buf, ED448_SIGSZ) != 0) {
ok = 0;
fprintf(stderr, "failed!");