Currently Curve25519.mult() accepts all-zero public keys, for which the result (DH shared secret) will always be zero regardless of the private key used.
Against this, libsodium's crypto_scalarmult_curve25519() returns a non-zero value if it encounters such degenerate keys. You should therefore check its return value when calling self.class.scalarmult_curve25519(result, integer, @point).
Currently
Curve25519.mult()
accepts all-zero public keys, for which the result (DH shared secret) will always be zero regardless of the private key used.Against this, libsodium's
crypto_scalarmult_curve25519()
returns a non-zero value if it encounters such degenerate keys. You should therefore check its return value when callingself.class.scalarmult_curve25519(result, integer, @point)
.Code concerned at https://github.com/cryptosphere/rbnacl/blob/d443d94fc7addc35d7ad519830b9380523551d88/lib/rbnacl/group_elements/curve25519.rb#L59
This is a similar issue as just reported to sodiumoxide https://github.com/dnaq/sodiumoxide/issues/154