Merge rust-bitcoin/rust-bitcoin#1066: Upgrade to secp256k1 v0.23.0

36f29d4357 Upgrade to secp256k1 v0.23.0 (Tobin C. Harding)

Pull request description:

  We recently released a new version of `rust-secp256k1`, upgrade to use it.

ACKs for top commit:
  apoelstra:
    ACK 36f29d4357
  Kixunil:
    ACK 36f29d4357

Tree-SHA512: 46a909dec8bc59daa78acdb76824d93f4f1da0e9736cf6ca443d3bbadfa43867e720293bb7c4919cb0658e75ec59daeffea080611f0e7eed4df439ddac0305de
This commit is contained in:
Andrew Poelstra 2022-07-12 14:03:15 +00:00
commit 4965495354
No known key found for this signature in database
GPG Key ID: C588D63CE41B97C1
7 changed files with 29 additions and 27 deletions

View File

@ -36,7 +36,7 @@ rustdoc-args = ["--cfg", "docsrs"]
[dependencies] [dependencies]
bech32 = { version = "0.8.1", default-features = false } bech32 = { version = "0.8.1", default-features = false }
bitcoin_hashes = { version = "0.10.0", default-features = false } bitcoin_hashes = { version = "0.10.0", default-features = false }
secp256k1 = { version = "0.22.0", default-features = false } secp256k1 = { version = "0.23.0", default-features = false }
core2 = { version = "0.3.0", optional = true, default-features = false } core2 = { version = "0.3.0", optional = true, default-features = false }
base64 = { version = "0.13.0", optional = true } base64 = { version = "0.13.0", optional = true }
@ -48,7 +48,7 @@ hashbrown = { version = "0.8", optional = true }
[dev-dependencies] [dev-dependencies]
serde_json = "<1.0.45" serde_json = "<1.0.45"
serde_test = "1" serde_test = "1"
secp256k1 = { version = "0.22.0", features = [ "recovery", "rand-std" ] } secp256k1 = { version = "0.23.0", features = [ "recovery", "rand-std" ] }
bincode = "1.3.1" bincode = "1.3.1"
[[example]] [[example]]

View File

@ -1115,7 +1115,7 @@ mod tests {
data.clear(); data.clear();
data64.clear(); data64.clear();
let len = thread_rng().gen_range(1, 256); let len = thread_rng().gen_range(1..256);
data.resize(len, 0u8); data.resize(len, 0u8);
data64.resize(len, 0u64); data64.resize(len, 0u64);
let mut arr33 = [0u8; 33]; let mut arr33 = [0u8; 33];

View File

@ -590,15 +590,15 @@ impl ExtendedPrivKey {
hmac_engine.input(&endian::u32_to_array_be(u32::from(i))); hmac_engine.input(&endian::u32_to_array_be(u32::from(i)));
let hmac_result: Hmac<sha512::Hash> = Hmac::from_engine(hmac_engine); let hmac_result: Hmac<sha512::Hash> = Hmac::from_engine(hmac_engine);
let mut sk = secp256k1::SecretKey::from_slice(&hmac_result[..32])?; let sk = secp256k1::SecretKey::from_slice(&hmac_result[..32]).expect("statistically impossible to hit");
sk.add_assign(&self.private_key[..])?; let tweaked = sk.add_tweak(&self.private_key.into()).expect("statistically impossible to hit");
Ok(ExtendedPrivKey { Ok(ExtendedPrivKey {
network: self.network, network: self.network,
depth: self.depth + 1, depth: self.depth + 1,
parent_fingerprint: self.fingerprint(secp), parent_fingerprint: self.fingerprint(secp),
child_number: i, child_number: i,
private_key: sk, private_key: tweaked,
chain_code: ChainCode::from(&hmac_result[32..]) chain_code: ChainCode::from(&hmac_result[32..])
}) })
} }
@ -731,15 +731,14 @@ impl ExtendedPubKey {
i: ChildNumber, i: ChildNumber,
) -> Result<ExtendedPubKey, Error> { ) -> Result<ExtendedPubKey, Error> {
let (sk, chain_code) = self.ckd_pub_tweak(i)?; let (sk, chain_code) = self.ckd_pub_tweak(i)?;
let mut pk = self.public_key; let tweaked = self.public_key.add_exp_tweak(secp, &sk.into())?;
pk.add_exp_assign(secp, &sk[..])?;
Ok(ExtendedPubKey { Ok(ExtendedPubKey {
network: self.network, network: self.network,
depth: self.depth + 1, depth: self.depth + 1,
parent_fingerprint: self.fingerprint(), parent_fingerprint: self.fingerprint(),
child_number: i, child_number: i,
public_key: pk, public_key: tweaked,
chain_code, chain_code,
}) })
} }

View File

@ -715,7 +715,7 @@ mod tests {
impl PartialMerkleTree { impl PartialMerkleTree {
/// Flip one bit in one of the hashes - this should break the authentication /// Flip one bit in one of the hashes - this should break the authentication
fn damage(&mut self, rng: &mut ThreadRng) { fn damage(&mut self, rng: &mut ThreadRng) {
let n = rng.gen_range(0, self.hashes.len()); let n = rng.gen_range(0..self.hashes.len());
let bit = rng.gen::<u8>(); let bit = rng.gen::<u8>();
let hashes = &mut self.hashes; let hashes = &mut self.hashes;
let mut hash = hashes[n].into_inner(); let mut hash = hashes[n].into_inner();

View File

@ -12,7 +12,6 @@ use core::fmt;
use crate::prelude::*; use crate::prelude::*;
use secp256k1::{self, Secp256k1, Verification, constants}; use secp256k1::{self, Secp256k1, Verification, constants};
use crate::hashes::Hash;
use crate::util::taproot::{TapBranchHash, TapTweakHash}; use crate::util::taproot::{TapBranchHash, TapTweakHash};
use crate::SchnorrSighashType; use crate::SchnorrSighashType;
@ -101,11 +100,10 @@ impl TapTweak for UntweakedPublicKey {
/// # Returns /// # Returns
/// The tweaked key and its parity. /// The tweaked key and its parity.
fn tap_tweak<C: Verification>(self, secp: &Secp256k1<C>, merkle_root: Option<TapBranchHash>) -> (TweakedPublicKey, secp256k1::Parity) { fn tap_tweak<C: Verification>(self, secp: &Secp256k1<C>, merkle_root: Option<TapBranchHash>) -> (TweakedPublicKey, secp256k1::Parity) {
let tweak_value = TapTweakHash::from_key_and_tweak(self, merkle_root).into_inner(); let tweak = TapTweakHash::from_key_and_tweak(self, merkle_root).to_scalar();
let mut output_key = self; let (output_key, parity) = self.add_tweak(secp, &tweak).expect("Tap tweak failed");
let parity = output_key.tweak_add_assign(secp, &tweak_value).expect("Tap tweak failed");
debug_assert!(self.tweak_add_check(secp, &output_key, parity, tweak_value)); debug_assert!(self.tweak_add_check(secp, &output_key, parity, tweak));
(TweakedPublicKey(output_key), parity) (TweakedPublicKey(output_key), parity)
} }
@ -130,11 +128,11 @@ impl TapTweak for UntweakedKeyPair {
/// ///
/// # Returns /// # Returns
/// The tweaked key and its parity. /// The tweaked key and its parity.
fn tap_tweak<C: Verification>(mut self, secp: &Secp256k1<C>, merkle_root: Option<TapBranchHash>) -> TweakedKeyPair { fn tap_tweak<C: Verification>(self, secp: &Secp256k1<C>, merkle_root: Option<TapBranchHash>) -> TweakedKeyPair {
let pubkey = crate::XOnlyPublicKey::from_keypair(&self); let (pubkey, _parity) = crate::XOnlyPublicKey::from_keypair(&self);
let tweak_value = TapTweakHash::from_key_and_tweak(pubkey, merkle_root).into_inner(); let tweak = TapTweakHash::from_key_and_tweak(pubkey, merkle_root).to_scalar();
self.tweak_add_assign(secp, &tweak_value).expect("Tap tweak failed"); let tweaked = self.add_xonly_tweak(secp, &tweak).expect("Tap tweak failed");
TweakedKeyPair(self) TweakedKeyPair(tweaked)
} }
fn dangerous_assume_tweaked(self) -> TweakedKeyPair { fn dangerous_assume_tweaked(self) -> TweakedKeyPair {

View File

@ -1125,11 +1125,10 @@ mod tests {
}; };
// tests // tests
let keypair = secp256k1::KeyPair::from_secret_key(secp, internal_priv_key); let keypair = secp256k1::KeyPair::from_secret_key(secp, &internal_priv_key);
let internal_key = XOnlyPublicKey::from_keypair(&keypair); let (internal_key, _parity) = XOnlyPublicKey::from_keypair(&keypair);
let tweak = TapTweakHash::from_key_and_tweak(internal_key, merkle_root); let tweak = TapTweakHash::from_key_and_tweak(internal_key, merkle_root);
let mut tweaked_keypair = keypair; let tweaked_keypair = keypair.add_xonly_tweak(secp, &tweak.to_scalar()).unwrap();
tweaked_keypair.tweak_add_assign(secp, &tweak).unwrap();
let mut sig_msg = Vec::new(); let mut sig_msg = Vec::new();
cache.taproot_encode_signing_data_to( cache.taproot_encode_signing_data_to(
&mut sig_msg, &mut sig_msg,

View File

@ -7,7 +7,7 @@
use crate::prelude::*; use crate::prelude::*;
use crate::io; use crate::io;
use secp256k1::{self, Secp256k1}; use secp256k1::{self, Secp256k1, Scalar};
use core::convert::TryFrom; use core::convert::TryFrom;
use core::fmt; use core::fmt;
@ -79,6 +79,12 @@ impl TapTweakHash {
} }
TapTweakHash::from_engine(eng) TapTweakHash::from_engine(eng)
} }
/// Converts a `TapTweakHash` into a `Scalar` ready for use with key tweaking API.
pub fn to_scalar(&self) -> Scalar {
// This is statistically extremely unlikely to panic.
Scalar::from_be_bytes(self.into_inner()).expect("hash value greater than curve order")
}
} }
impl TapLeafHash { impl TapLeafHash {
@ -836,12 +842,12 @@ impl ControlBlock {
); );
} }
// compute the taptweak // compute the taptweak
let tweak = TapTweakHash::from_key_and_tweak(self.internal_key, Some(curr_hash)); let tweak = TapTweakHash::from_key_and_tweak(self.internal_key, Some(curr_hash)).to_scalar();
self.internal_key.tweak_add_check( self.internal_key.tweak_add_check(
secp, secp,
&output_key, &output_key,
self.output_key_parity, self.output_key_parity,
tweak.into_inner(), tweak,
) )
} }
} }