Closed AdhemarVandamme closed 10 years ago
Thanks for the bug report. Should be fixed with commit: https://github.com/CodesInChaos/Chaos.NaCl/commit/5d67d2a0b7e2da2b9495ee992feb20dff33fa9f1
But as a warning: This part of the API will almost certainly change a lot. I'll probably split it in two:
Consider this test:
One would expect the output to be
true
: the generated shared keys should be the same. That's why they are called shared keys. Unfortunately, the output isfalse
.The reason is that the wrong private key is used. The expanded private key in
Ed25519.cs
, given as argument, is not the same private key that is used in theMontgomeryCurve25519
implementation. There the unmultiplieda
(private scalar) is used. The unmultiplieda
(private scalar) = left 32 bytes of SHA512 ofseed
, with some bits set and unset, whereseed
= left 32 bytes of the expanded private key.(This diagram can be helpful.)