pub fn crypto_core_ed25519_is_valid_point(p: &Ed25519Point) -> boolExpand description
Checks if a given point is on the Ed25519 curve.
This function determines if a given point is a valid point on the Ed25519 curve that can be safely used for cryptographic operations.
§Security Note
This implementation uses curve25519-dalek for validation and is stricter
than libsodium’s crypto_core_ed25519_is_valid_point. Specifically, it may
reject certain points, such as small-order points (e.g., the point
represented by [1, 0, ..., 0]), which libsodium might accept. While
libsodium’s behavior provides compatibility, using points rejected by this
function can lead to security vulnerabilities in certain protocols. Relying
on this stricter check is generally recommended for new applications.
By default, this function enforces canonical encoding by requiring the high
bit of the last byte to be 0. If you’re working with Ed25519 keys generated
by crypto_sign_keypair
that might have the high bit set, you should use
crypto_core_ed25519_is_valid_point_relaxed instead.
§Example
use dryoc::classic::crypto_core::{
Ed25519Point, crypto_core_ed25519_is_valid_point,
crypto_core_ed25519_is_valid_point_relaxed,
};
use dryoc::classic::crypto_sign::crypto_sign_keypair;
// Get a valid Ed25519 public key (valid point)
let (pk, _) = crypto_sign_keypair();
// For keys from crypto_sign_keypair(), use the relaxed validation
// as they may have the high bit set
assert!(crypto_core_ed25519_is_valid_point_relaxed(&pk));
// Strict validation for a manually constructed point
let mut invalid_point = [0u8; 32];
invalid_point[31] = 0x80; // Set high bit, making it invalid
assert!(!crypto_core_ed25519_is_valid_point(&invalid_point));Not fully compatible with libsodium’s crypto_core_ed25519_is_valid_point
due to stricter checks.