types/key: restore Curve25519 clamping in NewPrivate

It was lost during a copy from wgcfg.NewPresharedKey (which doesn't clamp) instead of wgcfg.NewPrivateKey (which does). Fortunately this was only use for discovery messages (not WireGuard) and only for ephemeral process-lifetime keys.
2025-12-23 00:56:20 +00:00 · 2020-08-20 14:12:35 -07:00
parent e415991256
commit 309c15dfdd
2 changed files with 32 additions and 0 deletions
--- a/types/key/key.go
+++ b/types/key/key.go
@@ -28,6 +28,8 @@ func NewPrivate() Private {
 	if _, err := io.ReadFull(crand.Reader, p[:]); err != nil {
 		panic(err)
 	}
+	p[0] &= 248
+	p[31] = (p[31] & 127) | 64
 	return p
 }