fgoldi_sub(&t1, &t1, &t2); /* t1 = C - D */
fgoldi_sub(X, &t0, Y); /* X = c (B - E) */
fgoldi_sqr(&t0, Z0); /* t0 = H = (c Z0)^2 */
- fgoldi_mulconst(&t0, &t0, 2); /* t0 = 2 H */
+ fgoldi_add(&t0, &t0, &t0); /* t0 = 2 H */
fgoldi_sub(&t0, Y, &t0); /* t0 = J = E - 2 H */
fgoldi_mul(X, X, &t0); /* X = c (B - E) J */
fgoldi_mul(Z, Y, &t0); /* Z = E J */
#include <mLib/report.h>
#include <mLib/testrig.h>
+#include "ct.h"
+
static int vrf_pubkey(dstr dv[])
{
dstr dpub = DSTR_INIT;
if (dv[1].len != ED448_PUBSZ) die(1, "bad pub length");
+ ct_poison(dv[0].buf, dv[0].len);
dstr_ensure(&dpub, ED448_PUBSZ); dpub.len = ED448_PUBSZ;
ed448_pubkey((octet *)dpub.buf, dv[0].buf, dv[0].len);
+ ct_remedy(dpub.buf, dpub.len);
if (memcmp(dpub.buf, dv[1].buf, ED448_PUBSZ) != 0) {
ok = 0;
fprintf(stderr, "failed!");
if (want->len != ED448_SIGSZ) die(1, "bad result length");
+ ct_poison(priv->buf, priv->len);
dstr_ensure(&dsig, ED448_SIGSZ); dsig.len = ED448_SIGSZ;
if (phflag <= 0)
m = msg;
ed448_sign((octet *)dsig.buf, priv->buf, priv->len, K,
phflag, perso ? perso->buf : 0, perso ? perso->len : 0,
m->buf, m->len);
+ ct_remedy(dsig.buf, dsig.len);
if (memcmp(dsig.buf, want->buf, ED448_SIGSZ) != 0) {
ok = 0;
fprintf(stderr, "failed!");