noise: store clamped key instead of raw key

2019-02-03 22:00:36 +01:00 · 2019-02-03 22:00:36 +01:00 · 3af9aa88a3
commit 3af9aa88a3
parent a5ca02d79a
2 changed files with 11 additions and 7 deletions
--- a/noise-helpers.go
+++ b/noise-helpers.go
@ -78,12 +78,14 @@ func setZero(arr []byte) {
 	}
 }

-func newPrivateKey() (sk NoisePrivateKey, err error) {
-	// clamping: https://cr.yp.to/ecdh.html
-	_, err = rand.Read(sk[:])
+func (sk *NoisePrivateKey) clamp() {
 	sk[0] &= 248
-	sk[31] &= 127
-	sk[31] |= 64
+	sk[31] = (sk[31] & 127) | 64
+}
+
+func newPrivateKey() (sk NoisePrivateKey, err error) {
+	_, err = rand.Read(sk[:])
+	sk.clamp()
 	return
 }

--- a/noise-types.go
+++ b/noise-types.go
@ -45,8 +45,10 @@ func (key NoisePrivateKey) Equals(tar NoisePrivateKey) bool {
 	return subtle.ConstantTimeCompare(key[:], tar[:]) == 1
 }

-func (key *NoisePrivateKey) FromHex(src string) error {
-	return loadExactHex(key[:], src)
+func (key *NoisePrivateKey) FromHex(src string) (err error) {
+	err = loadExactHex(key[:], src)
+	key.clamp()
+	return
 }

 func (key NoisePrivateKey) ToHex() string {