From 5a69caa07f3f334a76a61f13d8336608b3c5d5e9 Mon Sep 17 00:00:00 2001 From: Florian Dold Date: Tue, 26 May 2020 03:23:29 +0530 Subject: [PATCH] replace Christian's FIXME with an explanation --- src/util/crypto_ecc.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/src/util/crypto_ecc.c b/src/util/crypto_ecc.c index 96d546185..e1608ae55 100644 --- a/src/util/crypto_ecc.c +++ b/src/util/crypto_ecc.c @@ -544,10 +544,18 @@ void GNUNET_CRYPTO_eddsa_key_create (struct GNUNET_CRYPTO_EddsaPrivateKey *pk) { BENCHMARK_START (eddsa_key_create); + /* + * We do not clamp for EdDSA, since all functions that use the private key do + * their own clamping (just like in libsodium). What we call "private key" + * here, actually corresponds to the seed in libsodium. + * + * (Contrast this to ECDSA, where functions using the private key can't clamp + * due to properties needed for GNS. That is a worse/unsafer API, but + * required for the GNS constructions to work.) + */ GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE, pk, sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey)); - // FIXME: should we not do the clamping here? Or is this done elsewhere? BENCHMARK_END (eddsa_key_create); } -- 2.25.1