summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMatthias Schiffer <mschiffer@universe-factory.net>2015-01-26 05:53:39 +0100
committerMatthias Schiffer <mschiffer@universe-factory.net>2015-01-26 05:53:39 +0100
commit2320e0231759d889c40fbbcb384a2df2236a2497 (patch)
treea2f37b4892ff2f0689caab3f5a4a4742b027b2cd
parent68821f6b8fa1a5788ce7556a1b4e9ee9309bae74 (diff)
downloadlibuecc-2320e0231759d889c40fbbcb384a2df2236a2497.tar
libuecc-2320e0231759d889c40fbbcb384a2df2236a2497.zip
Add a better explanation to ecc_25519_gf_sanitize_secret()
-rw-r--r--src/ec25519_gf.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/src/ec25519_gf.c b/src/ec25519_gf.c
index 91fa320..4914fa7 100644
--- a/src/ec25519_gf.c
+++ b/src/ec25519_gf.c
@@ -271,6 +271,10 @@ void ecc_25519_gf_recip(ecc_int256_t *out, const ecc_int256_t *in) {
/**
* Ensures some properties of a Galois field element to make it fit for use as a secret key
*
+ * This sets the 255th bit and clears the 256th and the bottom three bits (so the key
+ * will be a multiple of 8). See Daniel J. Bernsteins paper "Curve25519: new Diffie-Hellman speed records."
+ * for the rationale of this.
+ *
* The same pointers may be used for input and output.
*/
void ecc_25519_gf_sanitize_secret(ecc_int256_t *out, const ecc_int256_t *in) {