elliptic-curve: RNG followups (#2208)

tarcieri · web-flow · commit fed493a82155 · 2026-01-20T10:29:12.000-07:00
- Impls the `Generate` trait for `NonIdentity`, deprecates
`NonIdentity::random`
- Impls a `Generate`-like API for `BlindedScalar` (it can't use the
`Generate` trait because it needs the scalar to blind in addition to an
RNG)
- Note: above changes `BlindedScalar::new` not to have an RNG argument
and implicitly using `getrandom::SysRng`, and the old function is
preserved as `BlindedSclar::new_with_rng`
diff --git a/elliptic-curve/src/point/non_identity.rs b/elliptic-curve/src/point/non_identity.rs
@@ -2,15 +2,14 @@
 
 #![cfg(feature = "arithmetic")]
 
+use common::Generate;
 use core::ops::{Deref, Mul};
-
 use group::{Group, GroupEncoding, prime::PrimeCurveAffine};
-use rand_core::{CryptoRng, TryCryptoRng, TryRngCore};
+use rand_core::{CryptoRng, TryCryptoRng};
 use subtle::{Choice, ConditionallySelectable, ConstantTimeEq, CtOption};
 
 #[cfg(feature = "alloc")]
 use alloc::vec::Vec;
-
 #[cfg(feature = "serde")]
 use serdect::serde::{Deserialize, Serialize, de, ser};
 use zeroize::Zeroize;
@@ -56,7 +55,7 @@ where
 impl<P> NonIdentity<P> {
     /// Transform array reference containing [`NonIdentity`] points to an array reference to the
     /// inner point type.
-    pub fn cast_array_as_inner<const N: usize>(points: &[Self; N]) -> &[P; N] {
+    pub fn array_as_inner<const N: usize>(points: &[Self; N]) -> &[P; N] {
         // SAFETY: `NonIdentity` is a `repr(transparent)` newtype for `P` so it's safe to cast to
         // the inner `P` type.
         #[allow(unsafe_code)]
@@ -66,14 +65,27 @@ impl<P> NonIdentity<P> {
     }
 
     /// Transform slice containing [`NonIdentity`] points to a slice of the inner point type.
-    pub fn cast_slice_as_inner(points: &[Self]) -> &[P] {
+    pub fn slice_as_inner(points: &[Self]) -> &[P] {
         // SAFETY: `NonIdentity` is a `repr(transparent)` newtype for `P` so it's safe to cast to
         // the inner `P` type.
         #[allow(unsafe_code)]
         unsafe {
             &*(points as *const [NonIdentity<P>] as *const [P])
         }
     }
+
+    /// Transform array reference containing [`NonIdentity`] points to an array reference to the
+    /// inner point type.
+    #[deprecated(since = "0.14.0", note = "use `NonIdentity::array_as_inner` instead")]
+    pub fn cast_array_as_inner<const N: usize>(points: &[Self; N]) -> &[P; N] {
+        Self::array_as_inner(points)
+    }
+
+    /// Transform slice containing [`NonIdentity`] points to a slice of the inner point type.
+    #[deprecated(since = "0.14.0", note = "use `NonIdentity::slice_as_inner` instead")]
+    pub fn cast_slice_as_inner(points: &[Self]) -> &[P] {
+        Self::slice_as_inner(points)
+    }
 }
 
 impl<P: Copy> NonIdentity<P> {
@@ -88,6 +100,7 @@ where
     P: ConditionallySelectable + ConstantTimeEq + CurveGroup + Default,
 {
     /// Generate a random `NonIdentity<ProjectivePoint>`.
+    #[deprecated(since = "0.14.0", note = "use the `Generate` trait instead")]
     pub fn random<R: CryptoRng + ?Sized>(rng: &mut R) -> Self {
         loop {
             if let Some(point) = Self::new(P::random(rng)).into() {
@@ -96,17 +109,6 @@ where
         }
     }
 
-    /// Generate a random `NonIdentity<ProjectivePoint>`.
-    pub fn try_from_rng<R: TryCryptoRng + TryRngCore + ?Sized>(
-        rng: &mut R,
-    ) -> Result<Self, R::Error> {
-        loop {
-            if let Some(point) = Self::new(P::try_from_rng(rng)?).into() {
-                break Ok(point);
-            }
-        }
-    }
-
     /// Converts this element into its affine representation.
     pub fn to_affine(self) -> NonIdentity<P::AffineRepr> {
         NonIdentity {
@@ -150,7 +152,7 @@ where
     type Output = [NonIdentity<P::AffineRepr>; N];
 
     fn batch_normalize(points: &[Self; N]) -> [NonIdentity<P::AffineRepr>; N] {
-        let points = Self::cast_array_as_inner::<N>(points);
+        let points = Self::array_as_inner::<N>(points);
         let affine_points = <P as BatchNormalize<_>>::batch_normalize(points);
         affine_points.map(|point| NonIdentity { point })
     }
@@ -164,7 +166,7 @@ where
     type Output = Vec<NonIdentity<P::AffineRepr>>;
 
     fn batch_normalize(points: &[Self]) -> Vec<NonIdentity<P::AffineRepr>> {
-        let points = Self::cast_slice_as_inner(points);
+        let points = Self::slice_as_inner(points);
         let affine_points = <P as BatchNormalize<_>>::batch_normalize(points);
         affine_points
             .into_iter()
@@ -201,6 +203,19 @@ impl<P> Deref for NonIdentity<P> {
     }
 }
 
+impl<P> Generate for NonIdentity<P>
+where
+    P: ConditionallySelectable + ConstantTimeEq + Default + Generate,
+{
+    fn try_generate_from_rng<R: TryCryptoRng + ?Sized>(rng: &mut R) -> Result<Self, R::Error> {
+        loop {
+            if let Some(point) = Self::new(P::try_generate_from_rng(rng)?).into() {
+                break Ok(point);
+            }
+        }
+    }
+}
+
 impl<P> GroupEncoding for NonIdentity<P>
 where
     P: ConditionallySelectable + ConstantTimeEq + Default + GroupEncoding,
diff --git a/elliptic-curve/src/scalar/blinded.rs b/elliptic-curve/src/scalar/blinded.rs
@@ -2,12 +2,15 @@
 
 use super::Scalar;
 use crate::{CurveArithmetic, ops::Invert};
+use common::Generate;
 use core::fmt;
-use group::ff::Field;
-use rand_core::CryptoRng;
+use rand_core::{CryptoRng, TryCryptoRng};
 use subtle::CtOption;
 use zeroize::Zeroize;
 
+#[cfg(feature = "getrandom")]
+use common::getrandom::{self, SysRng};
+
 /// Scalar blinded with a randomly generated masking value.
 ///
 /// This provides a randomly blinded impl of [`Invert`] which is useful for
@@ -37,12 +40,31 @@ impl<C> BlindedScalar<C>
 where
     C: CurveArithmetic,
 {
+    /// Create a new [`BlindedScalar`] using the system's ambient secure RNG.
+    #[cfg(feature = "getrandom")]
+    pub fn new(scalar: Scalar<C>) -> Self {
+        Self::try_new(scalar).expect("RNG error")
+    }
+
+    /// Create a new [`BlindedScalar`] using the system's ambient secure RNG.
+    #[cfg(feature = "getrandom")]
+    pub fn try_new(scalar: Scalar<C>) -> Result<Self, getrandom::Error> {
+        Self::try_new_from_rng(scalar, &mut SysRng)
+    }
+
+    /// Create a new [`BlindedScalar`] from a scalar and a [`CryptoRng`].
+    pub fn new_from_rng<R: CryptoRng + ?Sized>(scalar: Scalar<C>, rng: &mut R) -> Self {
+        let Ok(ret) = Self::try_new_from_rng(scalar, rng);
+        ret
+    }
+
     /// Create a new [`BlindedScalar`] from a scalar and a [`CryptoRng`].
-    pub fn new<R: CryptoRng + ?Sized>(scalar: Scalar<C>, rng: &mut R) -> Self {
-        Self {
-            scalar,
-            mask: Scalar::<C>::random(rng),
-        }
+    pub fn try_new_from_rng<R>(scalar: Scalar<C>, rng: &mut R) -> Result<Self, R::Error>
+    where
+        R: TryCryptoRng + ?Sized,
+    {
+        let mask = Scalar::<C>::try_generate_from_rng(rng)?;
+        Ok(Self { scalar, mask })
     }
 }
 
