Merge branch 'master' into rewrite_of_cadet_test

author: xrs <xrs@mail36.net> 2020-06-17 22:07:39 +0200
committer: xrs <xrs@mail36.net> 2020-06-17 22:07:39 +0200
commit: 49cf7a8e893eaf7682ac12c7d0ea5ca4a6d1a73d (patch)
tree: 71830c1751e291e45795958cad15e9dfa8239e1a /src/util/crypto_ecc.c
parent: b9333fef25b57bdd7f556f5fb73f9abaef9bc5ef (diff)
parent: e500e9ec3678dfbb666d173854c134ac3858f8b1 (diff)
download: gnunet-49cf7a8e893eaf7682ac12c7d0ea5ca4a6d1a73d.tar.gz
gnunet-49cf7a8e893eaf7682ac12c7d0ea5ca4a6d1a73d.zip
1 files changed, 9 insertions, 1 deletions
diff --git a/src/util/crypto_ecc.c b/src/util/crypto_ecc.c
index 96d546185..e1608ae55 100644
--- a/src/util/crypto_ecc.c
+++ b/src/util/crypto_ecc.c
@@ -544,10 +544,18 @@ void
 GNUNET_CRYPTO_eddsa_key_create (struct GNUNET_CRYPTO_EddsaPrivateKey *pk)
 {
  BENCHMARK_START (eddsa_key_create);
+  /*
+   * We do not clamp for EdDSA, since all functions that use the private key do
+   * their own clamping (just like in libsodium).  What we call "private key"
+   * here, actually corresponds to the seed in libsodium.
+   *
+   * (Contrast this to ECDSA, where functions using the private key can't clamp
+   * due to properties needed for GNS.  That is a worse/unsafer API, but
+   * required for the GNS constructions to work.)
+   */
  GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
                              pk,
                              sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey));
-  // FIXME: should we not do the clamping here? Or is this done elsewhere?
  BENCHMARK_END (eddsa_key_create);
 }
author	xrs <xrs@mail36.net>	2020-06-17 22:07:39 +0200
committer	xrs <xrs@mail36.net>	2020-06-17 22:07:39 +0200
commit	49cf7a8e893eaf7682ac12c7d0ea5ca4a6d1a73d (patch)
tree	71830c1751e291e45795958cad15e9dfa8239e1a /src/util/crypto_ecc.c
parent	b9333fef25b57bdd7f556f5fb73f9abaef9bc5ef (diff)
parent	e500e9ec3678dfbb666d173854c134ac3858f8b1 (diff)
download	gnunet-49cf7a8e893eaf7682ac12c7d0ea5ca4a6d1a73d.tar.gz gnunet-49cf7a8e893eaf7682ac12c7d0ea5ca4a6d1a73d.zip