Comment/code mismatch in Ed25519.getHashedScalar()

tink-crypto / tink

Tink is a multi-language, cross-platform, open source library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.

https://developers.google.com/tink

Apache License 2.0

13.47k stars 1.18k forks source link

Comment/code mismatch in Ed25519.getHashedScalar() #612

Closed swankjesse closed 2 years ago

swankjesse commented 2 years ago

The code says this:

    // Clear the highest bit of the last octet.
    h[31] = (byte) (h[31] & 127);

I believe this is a 64-element array, not a 32-element array.

swankjesse commented 2 years ago

(Upon further reading I think this is merely confusing. The 64-element array is operated on as if it were two 32-element arrays.)

chuckx commented 2 years ago

See https://datatracker.ietf.org/doc/html/rfc8032#section-5.1.5 for a bit more context around the logic being implemented.