ed448-goldilocks: reject identity points in Group::try_from_rng() (#1347)

daxpedda · web-flow · commit 999e0c902fd4 · 2025-08-02T18:12:51.000-06:00
diff --git a/ed448-goldilocks/src/decaf/points.rs b/ed448-goldilocks/src/decaf/points.rs
@@ -177,8 +177,11 @@ impl Group for DecafPoint {
         let mut bytes = DecafPointRepr::default();
 
         loop {
-            rng.try_fill_bytes(bytes.as_mut())?;
-            if let Some(point) = Self::from_bytes(&bytes).into() {
+            rng.try_fill_bytes(&mut bytes)?;
+            if let Some(point) = Self::from_bytes(&bytes)
+                .into_option()
+                .filter(|&point| point != Self::IDENTITY)
+            {
                 return Ok(point);
             }
         }
diff --git a/ed448-goldilocks/src/edwards/extended.rs b/ed448-goldilocks/src/edwards/extended.rs
@@ -344,8 +344,11 @@ impl Group for EdwardsPoint {
         let mut bytes = Array::default();
 
         loop {
-            rng.try_fill_bytes(bytes.as_mut())?;
-            if let Some(point) = Self::from_bytes(&bytes).into() {
+            rng.try_fill_bytes(&mut bytes)?;
+            if let Some(point) = Self::from_bytes(&bytes)
+                .into_option()
+                .filter(|&point| point != Self::IDENTITY)
+            {
                 return Ok(point);
             }
         }

Original file line number	Diff line number	Diff line change
`@@ -177,8 +177,11 @@ impl Group for DecafPoint {`
`177`	`177`	`let mut bytes = DecafPointRepr::default();`
`178`	`178`
`179`	`179`	`loop {`
`180`		`- rng.try_fill_bytes(bytes.as_mut())?;`
`181`		`- if let Some(point) = Self::from_bytes(&bytes).into() {`
	`180`	`+ rng.try_fill_bytes(&mut bytes)?;`
	`181`	`+ if let Some(point) = Self::from_bytes(&bytes)`
	`182`	`+ .into_option()`
	`183`	`+ .filter(\|&point\| point != Self::IDENTITY)`
	`184`	`+ {`
`182`	`185`	`return Ok(point);`
`183`	`186`	`}`
`184`	`187`	`}`
Original file line number	Diff line number	Diff line change
`@@ -344,8 +344,11 @@ impl Group for EdwardsPoint {`
`344`	`344`	`let mut bytes = Array::default();`
`345`	`345`
`346`	`346`	`loop {`
`347`		`- rng.try_fill_bytes(bytes.as_mut())?;`
`348`		`- if let Some(point) = Self::from_bytes(&bytes).into() {`
	`347`	`+ rng.try_fill_bytes(&mut bytes)?;`
	`348`	`+ if let Some(point) = Self::from_bytes(&bytes)`
	`349`	`+ .into_option()`
	`350`	`+ .filter(\|&point\| point != Self::IDENTITY)`
	`351`	`+ {`
`349`	`352`	`return Ok(point);`
`350`	`353`	`}`
`351`	`354`	`}`