summaryrefslogtreecommitdiff
path: root/src/util
diff options
context:
space:
mode:
authorFlorian Dold <florian.dold@gmail.com>2020-05-26 03:23:29 +0530
committerFlorian Dold <florian.dold@gmail.com>2020-05-26 03:23:29 +0530
commit5a69caa07f3f334a76a61f13d8336608b3c5d5e9 (patch)
tree64f0b003e7f2d1b0d82ef77f39f53c0876f10892 /src/util
parent2a82be115c2a47eab1fed70d8c85a8b2711f13d1 (diff)
replace Christian's FIXME with an explanation
Diffstat (limited to 'src/util')
-rw-r--r--src/util/crypto_ecc.c10
1 files changed, 9 insertions, 1 deletions
diff --git a/src/util/crypto_ecc.c b/src/util/crypto_ecc.c
index 96d546185..e1608ae55 100644
--- a/src/util/crypto_ecc.c
+++ b/src/util/crypto_ecc.c
@@ -544,10 +544,18 @@ void
GNUNET_CRYPTO_eddsa_key_create (struct GNUNET_CRYPTO_EddsaPrivateKey *pk)
{
BENCHMARK_START (eddsa_key_create);
+ /*
+ * We do not clamp for EdDSA, since all functions that use the private key do
+ * their own clamping (just like in libsodium). What we call "private key"
+ * here, actually corresponds to the seed in libsodium.
+ *
+ * (Contrast this to ECDSA, where functions using the private key can't clamp
+ * due to properties needed for GNS. That is a worse/unsafer API, but
+ * required for the GNS constructions to work.)
+ */
GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
pk,
sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey));
- // FIXME: should we not do the clamping here? Or is this done elsewhere?
BENCHMARK_END (eddsa_key_create);
}