nymtech / sphinx

Here the answer is yes :)

Line 114 in b168f70

// TODO: do we have to clamp it here?

And here too:

Lines 104 to 110 in b168f70

    
           impl From<Scalar> for EphemeralSecret { 
        
               fn from(scalar: Scalar) -> EphemeralSecret { 
        
                   // TODO: should we ensure it's a valid scalar by performing 
        
                   // montgomery reduction and/or clamping? 
        
                   PrivateKey(scalar) 
        
               } 
        
           }

This is because there is no guarantee that the received bytes or scalar are valid ones wrt Curve25519.

Also, public keys must be validated when instantiated, that is, From<[u8; PUBLIC_KEY_SIZE]> should verify that the point is not the point at infinity

	impl From<Scalar> for EphemeralSecret {
	fn from(scalar: Scalar) -> EphemeralSecret {
	// TODO: should we ensure it's a valid scalar by performing
	// montgomery reduction and/or clamping?
	PrivateKey(scalar)
	}
	}

Missing key validations