From 79c5638e10e45b4e7d04d8bfa96e99ad4a86e5df Mon Sep 17 00:00:00 2001
From: Felix Moessbauer <felix.moessbauer@gmail.com>
Date: Fri, 1 Nov 2024 12:55:54 +0100
Subject: [PATCH] document scalar clamping of curve25519 keys

The "scalars" are just random bytes. To make them secure curve25519
keys, they need to be clamped according to rfc7748 section 5.
As this is not obvious, we need to add a reference to the RFC.

No functional change.

Closes: #324
---
 src/core/utils/x25519.ts | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/core/utils/x25519.ts b/src/core/utils/x25519.ts
index 2729d80a..7e69f339 100644
--- a/src/core/utils/x25519.ts
+++ b/src/core/utils/x25519.ts
@@ -3,6 +3,8 @@ import { x25519 } from "@noble/curves/ed25519";
 export function getX25519PrivateKey(): Uint8Array {
   const key = x25519.utils.randomPrivateKey();
 
+  // scalar clamping for curve25519, according to
+  // https://www.rfc-editor.org/rfc/rfc7748#section-5
   key[0] &= 248;
   key[31] &= 127;
   key[31] |= 64;