From 5a69caa07f3f334a76a61f13d8336608b3c5d5e9 Mon Sep 17 00:00:00 2001
From: Florian Dold <florian.dold@gmail.com>
Date: Tue, 26 May 2020 03:23:29 +0530
Subject: replace Christian's FIXME with an explanation

---
 src/util/crypto_ecc.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

(limited to 'src/util/crypto_ecc.c')

diff --git a/src/util/crypto_ecc.c b/src/util/crypto_ecc.c
index 96d546185..e1608ae55 100644
--- a/src/util/crypto_ecc.c
+++ b/src/util/crypto_ecc.c
@@ -544,10 +544,18 @@ void
 GNUNET_CRYPTO_eddsa_key_create (struct GNUNET_CRYPTO_EddsaPrivateKey *pk)
 {
   BENCHMARK_START (eddsa_key_create);
+  /*
+   * We do not clamp for EdDSA, since all functions that use the private key do
+   * their own clamping (just like in libsodium).  What we call "private key"
+   * here, actually corresponds to the seed in libsodium.
+   *
+   * (Contrast this to ECDSA, where functions using the private key can't clamp
+   * due to properties needed for GNS.  That is a worse/unsafer API, but
+   * required for the GNS constructions to work.)
+   */
   GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
                               pk,
                               sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey));
-  // FIXME: should we not do the clamping here? Or is this done elsewhere?
   BENCHMARK_END (eddsa_key_create);
 }
 
-- 
cgit v1.2.3