diff --git a/examples/sign_verify.rs b/examples/sign_verify.rs index ca474a8..20dfde3 100644 --- a/examples/sign_verify.rs +++ b/examples/sign_verify.rs @@ -2,22 +2,22 @@ extern crate bitcoin_hashes; extern crate secp256k1; use bitcoin_hashes::{sha256, Hash}; -use secp256k1::{Error, Message, PublicKey, Secp256k1, SecretKey, Signature, Signing, Verification}; +use secp256k1::{Error, Message, PublicKey, Secp256k1, SecretKey, ecdsa, Signing, Verification}; fn verify(secp: &Secp256k1, msg: &[u8], sig: [u8; 64], pubkey: [u8; 33]) -> Result { let msg = sha256::Hash::hash(msg); let msg = Message::from_slice(&msg)?; - let sig = Signature::from_compact(&sig)?; + let sig = ecdsa::Signature::from_compact(&sig)?; let pubkey = PublicKey::from_slice(&pubkey)?; - Ok(secp.verify(&msg, &sig, &pubkey).is_ok()) + Ok(secp.verify_ecdsa(&msg, &sig, &pubkey).is_ok()) } -fn sign(secp: &Secp256k1, msg: &[u8], seckey: [u8; 32]) -> Result { +fn sign(secp: &Secp256k1, msg: &[u8], seckey: [u8; 32]) -> Result { let msg = sha256::Hash::hash(msg); let msg = Message::from_slice(&msg)?; let seckey = SecretKey::from_slice(&seckey)?; - Ok(secp.sign(&msg, &seckey)) + Ok(secp.sign_ecdsa(&msg, &seckey)) } fn main() { diff --git a/examples/sign_verify_recovery.rs b/examples/sign_verify_recovery.rs index 1644be4..627bbdc 100644 --- a/examples/sign_verify_recovery.rs +++ b/examples/sign_verify_recovery.rs @@ -3,23 +3,22 @@ extern crate bitcoin_hashes; extern crate secp256k1; use bitcoin_hashes::{sha256, Hash}; -use secp256k1::recovery::{RecoverableSignature, RecoveryId}; -use secp256k1::{Error, Message, PublicKey, Secp256k1, SecretKey, Signing, Verification}; +use secp256k1::{Error, Message, PublicKey, Secp256k1, SecretKey, Signing, Verification, ecdsa}; fn recover(secp: &Secp256k1,msg: &[u8],sig: [u8; 64],recovery_id: u8) -> Result { let msg = sha256::Hash::hash(msg); let msg = Message::from_slice(&msg)?; - let id = RecoveryId::from_i32(recovery_id as i32)?; - let sig = RecoverableSignature::from_compact(&sig, id)?; + let id = ecdsa::RecoveryId::from_i32(recovery_id as i32)?; + let sig = ecdsa::RecoverableSignature::from_compact(&sig, id)?; - secp.recover(&msg, &sig) + secp.recover_ecdsa(&msg, &sig) } -fn sign_recovery(secp: &Secp256k1, msg: &[u8], seckey: [u8; 32]) -> Result { +fn sign_recovery(secp: &Secp256k1, msg: &[u8], seckey: [u8; 32]) -> Result { let msg = sha256::Hash::hash(msg); let msg = Message::from_slice(&msg)?; let seckey = SecretKey::from_slice(&seckey)?; - Ok(secp.sign_recoverable(&msg, &seckey)) + Ok(secp.sign_ecdsa_recoverable(&msg, &seckey)) } fn main() { diff --git a/no_std_test/src/main.rs b/no_std_test/src/main.rs index f6ecd95..d245ce9 100644 --- a/no_std_test/src/main.rs +++ b/no_std_test/src/main.rs @@ -106,14 +106,14 @@ fn start(_argc: isize, _argv: *const *const u8) -> isize { let public_key = PublicKey::from_secret_key(&secp, &secret_key); let message = Message::from_slice(&[0xab; 32]).expect("32 bytes"); - let sig = secp.sign(&message, &secret_key); - assert!(secp.verify(&message, &sig, &public_key).is_ok()); + let sig = secp.sign_ecdsa(&message, &secret_key); + assert!(secp.verify_ecdsa(&message, &sig, &public_key).is_ok()); - let rec_sig = secp.sign_recoverable(&message, &secret_key); - assert!(secp.verify(&message, &rec_sig.to_standard(), &public_key).is_ok()); - assert_eq!(public_key, secp.recover(&message, &rec_sig).unwrap()); + let rec_sig = secp.sign_ecdsa_recoverable(&message, &secret_key); + assert!(secp.verify_ecdsa(&message, &rec_sig.to_standard(), &public_key).is_ok()); + assert_eq!(public_key, secp.recover_ecdsa(&message, &rec_sig).unwrap()); let (rec_id, data) = rec_sig.serialize_compact(); - let new_rec_sig = recovery::RecoverableSignature::from_compact(&data, rec_id).unwrap(); + let new_rec_sig = ecdsa::RecoverableSignature::from_compact(&data, rec_id).unwrap(); assert_eq!(rec_sig, new_rec_sig); let mut cbor_ser = [0u8; 100]; @@ -121,7 +121,7 @@ fn start(_argc: isize, _argv: *const *const u8) -> isize { let mut ser = Serializer::new(writer); sig.serialize(&mut ser).unwrap(); let size = ser.into_inner().bytes_written(); - let new_sig: Signature = de::from_mut_slice(&mut cbor_ser[..size]).unwrap(); + let new_sig: ecdsa::Signature = de::from_mut_slice(&mut cbor_ser[..size]).unwrap(); assert_eq!(sig, new_sig); let _ = SharedSecret::new(&public_key, &secret_key); diff --git a/src/ecdsa/mod.rs b/src/ecdsa/mod.rs new file mode 100644 index 0000000..cd88c04 --- /dev/null +++ b/src/ecdsa/mod.rs @@ -0,0 +1,307 @@ +//! Structs and functionality related to the ECDSA signature algorithm. + +use core::{fmt, str, ops}; +use Error; +use ffi::CPtr; +use ffi; +use from_hex; + +#[cfg(feature = "recovery")] +mod recovery; + +#[cfg(feature = "recovery")] +pub use self::recovery::{RecoveryId, RecoverableSignature}; + +/// An ECDSA signature +#[derive(Copy, Clone, PartialEq, Eq)] +pub struct Signature(pub(crate) ffi::Signature); + +/// A DER serialized Signature +#[derive(Copy, Clone)] +pub struct SerializedSignature { + data: [u8; 72], + len: usize, +} + +impl fmt::Debug for Signature { + fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { + fmt::Display::fmt(self, f) + } +} + +impl fmt::Display for Signature { + fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { + let sig = self.serialize_der(); + for v in sig.iter() { + write!(f, "{:02x}", v)?; + } + Ok(()) + } +} + +impl str::FromStr for Signature { + type Err = Error; + fn from_str(s: &str) -> Result { + let mut res = [0u8; 72]; + match from_hex(s, &mut res) { + Ok(x) => Signature::from_der(&res[0..x]), + _ => Err(Error::InvalidSignature), + } + } +} + +impl Default for SerializedSignature { + fn default() -> SerializedSignature { + SerializedSignature { + data: [0u8; 72], + len: 0, + } + } +} + +impl PartialEq for SerializedSignature { + fn eq(&self, other: &SerializedSignature) -> bool { + self.data[..self.len] == other.data[..other.len] + } +} + +impl AsRef<[u8]> for SerializedSignature { + fn as_ref(&self) -> &[u8] { + &self.data[..self.len] + } +} + +impl ops::Deref for SerializedSignature { + type Target = [u8]; + + fn deref(&self) -> &[u8] { + &self.data[..self.len] + } +} + +impl Eq for SerializedSignature {} + +impl SerializedSignature { + /// Get a pointer to the underlying data with the specified capacity. + pub(crate) fn get_data_mut_ptr(&mut self) -> *mut u8 { + self.data.as_mut_ptr() + } + + /// Get the capacity of the underlying data buffer. + pub fn capacity(&self) -> usize { + self.data.len() + } + + /// Get the len of the used data. + pub fn len(&self) -> usize { + self.len + } + + /// Set the length of the object. + pub(crate) fn set_len(&mut self, len: usize) { + self.len = len; + } + + /// Convert the serialized signature into the Signature struct. + /// (This DER deserializes it) + pub fn to_signature(&self) -> Result { + Signature::from_der(&self) + } + + /// Create a SerializedSignature from a Signature. + /// (this DER serializes it) + pub fn from_signature(sig: &Signature) -> SerializedSignature { + sig.serialize_der() + } + + /// Check if the space is zero. + pub fn is_empty(&self) -> bool { self.len() == 0 } +} + +impl Signature { + #[inline] + /// Converts a DER-encoded byte slice to a signature + pub fn from_der(data: &[u8]) -> Result { + if data.is_empty() {return Err(Error::InvalidSignature);} + + unsafe { + let mut ret = ffi::Signature::new(); + if ffi::secp256k1_ecdsa_signature_parse_der( + ffi::secp256k1_context_no_precomp, + &mut ret, + data.as_c_ptr(), + data.len() as usize, + ) == 1 + { + Ok(Signature(ret)) + } else { + Err(Error::InvalidSignature) + } + } + } + + /// Converts a 64-byte compact-encoded byte slice to a signature + pub fn from_compact(data: &[u8]) -> Result { + if data.len() != 64 { + return Err(Error::InvalidSignature) + } + + unsafe { + let mut ret = ffi::Signature::new(); + if ffi::secp256k1_ecdsa_signature_parse_compact( + ffi::secp256k1_context_no_precomp, + &mut ret, + data.as_c_ptr(), + ) == 1 + { + Ok(Signature(ret)) + } else { + Err(Error::InvalidSignature) + } + } + } + + /// Converts a "lax DER"-encoded byte slice to a signature. This is basically + /// only useful for validating signatures in the Bitcoin blockchain from before + /// 2016. It should never be used in new applications. This library does not + /// support serializing to this "format" + pub fn from_der_lax(data: &[u8]) -> Result { + if data.is_empty() {return Err(Error::InvalidSignature);} + + unsafe { + let mut ret = ffi::Signature::new(); + if ffi::ecdsa_signature_parse_der_lax( + ffi::secp256k1_context_no_precomp, + &mut ret, + data.as_c_ptr(), + data.len() as usize, + ) == 1 + { + Ok(Signature(ret)) + } else { + Err(Error::InvalidSignature) + } + } + } + + /// Normalizes a signature to a "low S" form. In ECDSA, signatures are + /// of the form (r, s) where r and s are numbers lying in some finite + /// field. The verification equation will pass for (r, s) iff it passes + /// for (r, -s), so it is possible to ``modify'' signatures in transit + /// by flipping the sign of s. This does not constitute a forgery since + /// the signed message still cannot be changed, but for some applications, + /// changing even the signature itself can be a problem. Such applications + /// require a "strong signature". It is believed that ECDSA is a strong + /// signature except for this ambiguity in the sign of s, so to accommodate + /// these applications libsecp256k1 will only accept signatures for which + /// s is in the lower half of the field range. This eliminates the + /// ambiguity. + /// + /// However, for some systems, signatures with high s-values are considered + /// valid. (For example, parsing the historic Bitcoin blockchain requires + /// this.) For these applications we provide this normalization function, + /// which ensures that the s value lies in the lower half of its range. + pub fn normalize_s(&mut self) { + unsafe { + // Ignore return value, which indicates whether the sig + // was already normalized. We don't care. + ffi::secp256k1_ecdsa_signature_normalize( + ffi::secp256k1_context_no_precomp, + self.as_mut_c_ptr(), + self.as_c_ptr(), + ); + } + } + + /// Obtains a raw pointer suitable for use with FFI functions + #[inline] + pub fn as_ptr(&self) -> *const ffi::Signature { + &self.0 + } + + /// Obtains a raw mutable pointer suitable for use with FFI functions + #[inline] + pub fn as_mut_ptr(&mut self) -> *mut ffi::Signature { + &mut self.0 + } + + #[inline] + /// Serializes the signature in DER format + pub fn serialize_der(&self) -> SerializedSignature { + let mut ret = SerializedSignature::default(); + let mut len: usize = ret.capacity(); + unsafe { + let err = ffi::secp256k1_ecdsa_signature_serialize_der( + ffi::secp256k1_context_no_precomp, + ret.get_data_mut_ptr(), + &mut len, + self.as_c_ptr(), + ); + debug_assert!(err == 1); + ret.set_len(len); + } + ret + } + + #[inline] + /// Serializes the signature in compact format + pub fn serialize_compact(&self) -> [u8; 64] { + let mut ret = [0u8; 64]; + unsafe { + let err = ffi::secp256k1_ecdsa_signature_serialize_compact( + ffi::secp256k1_context_no_precomp, + ret.as_mut_c_ptr(), + self.as_c_ptr(), + ); + debug_assert!(err == 1); + } + ret + } +} + +impl CPtr for Signature { + type Target = ffi::Signature; + + fn as_c_ptr(&self) -> *const Self::Target { + self.as_ptr() + } + + fn as_mut_c_ptr(&mut self) -> *mut Self::Target { + self.as_mut_ptr() + } +} + +/// Creates a new signature from a FFI signature +impl From for Signature { + #[inline] + fn from(sig: ffi::Signature) -> Signature { + Signature(sig) + } +} + +#[cfg(feature = "serde")] +impl ::serde::Serialize for Signature { + fn serialize(&self, s: S) -> Result { + if s.is_human_readable() { + s.collect_str(self) + } else { + s.serialize_bytes(&self.serialize_der()) + } + } +} + +#[cfg(feature = "serde")] +impl<'de> ::serde::Deserialize<'de> for Signature { + fn deserialize>(d: D) -> Result { + if d.is_human_readable() { + d.deserialize_str(::serde_util::FromStrVisitor::new( + "a hex string representing a DER encoded Signature" + )) + } else { + d.deserialize_bytes(::serde_util::BytesVisitor::new( + "raw byte stream, that represents a DER encoded Signature", + Signature::from_der + )) + } + } +} diff --git a/src/recovery.rs b/src/ecdsa/recovery.rs similarity index 92% rename from src/recovery.rs rename to src/ecdsa/recovery.rs index 21217cb..55c9e72 100644 --- a/src/recovery.rs +++ b/src/ecdsa/recovery.rs @@ -19,13 +19,11 @@ use core::ptr; use key; -use super::{Secp256k1, Message, Error, Signature, Verification, Signing}; use super::ffi as super_ffi; -pub use key::SecretKey; -pub use key::PublicKey; use self::super_ffi::CPtr; - use ffi::recovery as ffi; +use super::*; +use {Verification, Secp256k1, Signing, Message}; /// A tag used for recovering the public key from a compact signature #[derive(Copy, Clone, PartialEq, Eq, Debug)] @@ -148,9 +146,14 @@ impl From for RecoverableSignature { impl Secp256k1 { /// Constructs a signature for `msg` using the secret key `sk` and RFC6979 nonce /// Requires a signing-capable context. - pub fn sign_recoverable(&self, msg: &Message, sk: &key::SecretKey) - -> RecoverableSignature { + #[deprecated(since = "0.21.0", note = "Use sign_ecdsa_recoverable instead.")] + pub fn sign_recoverable(&self, msg: &Message, sk: &key::SecretKey) -> RecoverableSignature { + self.sign_ecdsa_recoverable(msg, sk) + } + /// Constructs a signature for `msg` using the secret key `sk` and RFC6979 nonce + /// Requires a signing-capable context. + pub fn sign_ecdsa_recoverable(&self, msg: &Message, sk: &key::SecretKey) -> RecoverableSignature { let mut ret = ffi::RecoverableSignature::new(); unsafe { // We can assume the return value because it's not possible to construct @@ -175,7 +178,14 @@ impl Secp256k1 { impl Secp256k1 { /// Determines the public key for which `sig` is a valid signature for /// `msg`. Requires a verify-capable context. - pub fn recover(&self, msg: &Message, sig: &RecoverableSignature) + #[deprecated(since = "0.21.0", note = "Use recover_ecdsa instead.")] + pub fn recover(&self, msg: &Message, sig: &RecoverableSignature) -> Result { + self.recover_ecdsa(msg, sig) + } + + /// Determines the public key for which `sig` is a valid signature for + /// `msg`. Requires a verify-capable context. + pub fn recover_ecdsa(&self, msg: &Message, sig: &RecoverableSignature) -> Result { unsafe { @@ -192,12 +202,9 @@ impl Secp256k1 { #[cfg(test)] mod tests { + use super::*; use rand::{RngCore, thread_rng}; - use key::SecretKey; - use super::{RecoveryId, RecoverableSignature}; - use super::super::{Secp256k1, Message}; - use super::super::Error::{IncorrectSignature, InvalidSignature}; #[cfg(target_arch = "wasm32")] use wasm_bindgen_test::wasm_bindgen_test as test; @@ -275,7 +282,7 @@ mod tests { let mut msg = [0u8; 32]; thread_rng().fill_bytes(&mut msg); let msg = Message::from_slice(&msg).unwrap(); - assert_eq!(s.verify(&msg, &sig, &pk), Err(IncorrectSignature)); + assert_eq!(s.verify_ecdsa(&msg, &sig, &pk), Err(Error::IncorrectSignature)); let recovered_key = s.recover(&msg, &sigr).unwrap(); assert!(recovered_key != pk); @@ -306,7 +313,7 @@ mod tests { // Zero is not a valid sig let sig = RecoverableSignature::from_compact(&[0; 64], RecoveryId(0)).unwrap(); - assert_eq!(s.recover(&msg, &sig), Err(InvalidSignature)); + assert_eq!(s.recover(&msg, &sig), Err(Error::InvalidSignature)); // ...but 111..111 is let sig = RecoverableSignature::from_compact(&[1; 64], RecoveryId(0)).unwrap(); assert!(s.recover(&msg, &sig).is_ok()); diff --git a/src/lib.rs b/src/lib.rs index 02c10f1..b007b94 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -47,8 +47,8 @@ //! let (secret_key, public_key) = secp.generate_keypair(&mut rng); //! let message = Message::from_hashed_data::("Hello World!".as_bytes()); //! -//! let sig = secp.sign(&message, &secret_key); -//! assert!(secp.verify(&message, &sig, &public_key).is_ok()); +//! let sig = secp.sign_ecdsa(&message, &secret_key); +//! assert!(secp.verify_ecdsa(&message, &sig, &public_key).is_ok()); //! # } //! ``` //! @@ -66,14 +66,14 @@ //! // See the above example for how to use this library together with bitcoin_hashes. //! let message = Message::from_slice(&[0xab; 32]).expect("32 bytes"); //! -//! let sig = secp.sign(&message, &secret_key); -//! assert!(secp.verify(&message, &sig, &public_key).is_ok()); +//! let sig = secp.sign_ecdsa(&message, &secret_key); +//! assert!(secp.verify_ecdsa(&message, &sig, &public_key).is_ok()); //! ``` //! //! Users who only want to verify signatures can use a cheaper context, like so: //! //! ```rust -//! use secp256k1::{Secp256k1, Message, Signature, PublicKey}; +//! use secp256k1::{Secp256k1, Message, ecdsa, PublicKey}; //! //! let secp = Secp256k1::verification_only(); //! @@ -92,7 +92,7 @@ //! 0xd5, 0x44, 0x53, 0xcf, 0x6e, 0x82, 0xb4, 0x50, //! ]).expect("messages must be 32 bytes and are expected to be hashes"); //! -//! let sig = Signature::from_compact(&[ +//! let sig = ecdsa::Signature::from_compact(&[ //! 0xdc, 0x4d, 0xc2, 0x64, 0xa9, 0xfe, 0xf1, 0x7a, //! 0x3f, 0x25, 0x34, 0x49, 0xcf, 0x8c, 0x39, 0x7a, //! 0xb6, 0xf1, 0x6f, 0xb3, 0xd6, 0x3d, 0x86, 0x94, @@ -104,7 +104,7 @@ //! ]).expect("compact signatures are 64 bytes; DER signatures are 68-72 bytes"); //! //! # #[cfg(not(fuzzing))] -//! assert!(secp.verify(&message, &sig, &public_key).is_ok()); +//! assert!(secp.verify_ecdsa(&message, &sig, &public_key).is_ok()); //! ``` //! //! Observe that the same code using, say [`signing_only`](struct.Secp256k1.html#method.signing_only) @@ -147,9 +147,8 @@ mod key; pub mod constants; pub mod ecdh; +pub mod ecdsa; pub mod schnorrsig; -#[cfg(feature = "recovery")] -pub mod recovery; #[cfg(feature = "serde")] mod serde_util; @@ -158,7 +157,6 @@ pub use key::PublicKey; pub use key::ONE_KEY; pub use context::*; use core::marker::PhantomData; -use core::ops::Deref; use core::{mem, fmt, ptr, str}; use ffi::{CPtr, types::AlignedType}; @@ -168,44 +166,6 @@ pub use context::global::SECP256K1; #[cfg(feature = "bitcoin_hashes")] use hashes::Hash; -/// An ECDSA signature -#[derive(Copy, Clone, PartialEq, Eq)] -pub struct Signature(ffi::Signature); - -/// A DER serialized Signature -#[derive(Copy, Clone)] -pub struct SerializedSignature { - data: [u8; 72], - len: usize, -} - -impl fmt::Debug for Signature { -fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { - fmt::Display::fmt(self, f) -} -} - -impl fmt::Display for Signature { -fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { - let sig = self.serialize_der(); - for v in sig.iter() { - write!(f, "{:02x}", v)?; - } - Ok(()) -} -} - -impl str::FromStr for Signature { -type Err = Error; -fn from_str(s: &str) -> Result { - let mut res = [0u8; 72]; - match from_hex(s, &mut res) { - Ok(x) => Signature::from_der(&res[0..x]), - _ => Err(Error::InvalidSignature), - } -} -} - /// Trait describing something that promises to be a 32-byte random number; in particular, /// it has negligible probability of being zero or overflowing the group order. Such objects /// may be converted to `Message`s without any error paths. @@ -235,231 +195,6 @@ impl ThirtyTwoByteHash for hashes::sha256t::Hash { } } -impl SerializedSignature { - /// Get a pointer to the underlying data with the specified capacity. - pub(crate) fn get_data_mut_ptr(&mut self) -> *mut u8 { - self.data.as_mut_ptr() - } - - /// Get the capacity of the underlying data buffer. - pub fn capacity(&self) -> usize { - self.data.len() - } - - /// Get the len of the used data. - pub fn len(&self) -> usize { - self.len - } - - /// Set the length of the object. - pub(crate) fn set_len(&mut self, len: usize) { - self.len = len; - } - - /// Convert the serialized signature into the Signature struct. - /// (This DER deserializes it) - pub fn to_signature(&self) -> Result { - Signature::from_der(&self) - } - - /// Create a SerializedSignature from a Signature. - /// (this DER serializes it) - pub fn from_signature(sig: &Signature) -> SerializedSignature { - sig.serialize_der() - } - - /// Check if the space is zero. - pub fn is_empty(&self) -> bool { self.len() == 0 } -} - -impl Signature { -#[inline] - /// Converts a DER-encoded byte slice to a signature - pub fn from_der(data: &[u8]) -> Result { - if data.is_empty() {return Err(Error::InvalidSignature);} - - unsafe { - let mut ret = ffi::Signature::new(); - if ffi::secp256k1_ecdsa_signature_parse_der( - ffi::secp256k1_context_no_precomp, - &mut ret, - data.as_c_ptr(), - data.len() as usize, - ) == 1 - { - Ok(Signature(ret)) - } else { - Err(Error::InvalidSignature) - } - } - } - - /// Converts a 64-byte compact-encoded byte slice to a signature - pub fn from_compact(data: &[u8]) -> Result { - if data.len() != 64 { - return Err(Error::InvalidSignature) - } - - unsafe { - let mut ret = ffi::Signature::new(); - if ffi::secp256k1_ecdsa_signature_parse_compact( - ffi::secp256k1_context_no_precomp, - &mut ret, - data.as_c_ptr(), - ) == 1 - { - Ok(Signature(ret)) - } else { - Err(Error::InvalidSignature) - } - } - } - - /// Converts a "lax DER"-encoded byte slice to a signature. This is basically - /// only useful for validating signatures in the Bitcoin blockchain from before - /// 2016. It should never be used in new applications. This library does not - /// support serializing to this "format" - pub fn from_der_lax(data: &[u8]) -> Result { - if data.is_empty() {return Err(Error::InvalidSignature);} - - unsafe { - let mut ret = ffi::Signature::new(); - if ffi::ecdsa_signature_parse_der_lax( - ffi::secp256k1_context_no_precomp, - &mut ret, - data.as_c_ptr(), - data.len() as usize, - ) == 1 - { - Ok(Signature(ret)) - } else { - Err(Error::InvalidSignature) - } - } - } - - /// Normalizes a signature to a "low S" form. In ECDSA, signatures are - /// of the form (r, s) where r and s are numbers lying in some finite - /// field. The verification equation will pass for (r, s) iff it passes - /// for (r, -s), so it is possible to ``modify'' signatures in transit - /// by flipping the sign of s. This does not constitute a forgery since - /// the signed message still cannot be changed, but for some applications, - /// changing even the signature itself can be a problem. Such applications - /// require a "strong signature". It is believed that ECDSA is a strong - /// signature except for this ambiguity in the sign of s, so to accommodate - /// these applications libsecp256k1 will only accept signatures for which - /// s is in the lower half of the field range. This eliminates the - /// ambiguity. - /// - /// However, for some systems, signatures with high s-values are considered - /// valid. (For example, parsing the historic Bitcoin blockchain requires - /// this.) For these applications we provide this normalization function, - /// which ensures that the s value lies in the lower half of its range. - pub fn normalize_s(&mut self) { - unsafe { - // Ignore return value, which indicates whether the sig - // was already normalized. We don't care. - ffi::secp256k1_ecdsa_signature_normalize( - ffi::secp256k1_context_no_precomp, - self.as_mut_c_ptr(), - self.as_c_ptr(), - ); - } - } - - /// Obtains a raw pointer suitable for use with FFI functions - #[inline] - pub fn as_ptr(&self) -> *const ffi::Signature { - &self.0 - } - - /// Obtains a raw mutable pointer suitable for use with FFI functions - #[inline] - pub fn as_mut_ptr(&mut self) -> *mut ffi::Signature { - &mut self.0 - } - - #[inline] - /// Serializes the signature in DER format - pub fn serialize_der(&self) -> SerializedSignature { - let mut ret = SerializedSignature::default(); - let mut len: usize = ret.capacity(); - unsafe { - let err = ffi::secp256k1_ecdsa_signature_serialize_der( - ffi::secp256k1_context_no_precomp, - ret.get_data_mut_ptr(), - &mut len, - self.as_c_ptr(), - ); - debug_assert!(err == 1); - ret.set_len(len); - } - ret - } - - #[inline] - /// Serializes the signature in compact format - pub fn serialize_compact(&self) -> [u8; 64] { - let mut ret = [0u8; 64]; - unsafe { - let err = ffi::secp256k1_ecdsa_signature_serialize_compact( - ffi::secp256k1_context_no_precomp, - ret.as_mut_c_ptr(), - self.as_c_ptr(), - ); - debug_assert!(err == 1); - } - ret - } -} - -impl CPtr for Signature { - type Target = ffi::Signature; - fn as_c_ptr(&self) -> *const Self::Target { - self.as_ptr() - } - - fn as_mut_c_ptr(&mut self) -> *mut Self::Target { - self.as_mut_ptr() - } -} - -/// Creates a new signature from a FFI signature -impl From for Signature { - #[inline] - fn from(sig: ffi::Signature) -> Signature { - Signature(sig) - } -} - - -#[cfg(feature = "serde")] -impl ::serde::Serialize for Signature { - fn serialize(&self, s: S) -> Result { - if s.is_human_readable() { - s.collect_str(self) - } else { - s.serialize_bytes(&self.serialize_der()) - } - } -} - -#[cfg(feature = "serde")] -impl<'de> ::serde::Deserialize<'de> for Signature { - fn deserialize>(d: D) -> Result { - if d.is_human_readable() { - d.deserialize_str(serde_util::FromStrVisitor::new( - "a hex string representing a DER encoded Signature" - )) - } else { - d.deserialize_bytes(serde_util::BytesVisitor::new( - "raw byte stream, that represents a DER encoded Signature", - Signature::from_der - )) - } - } -} - /// A (hashed) message input to an ECDSA signature pub struct Message([u8; constants::MESSAGE_SIZE]); impl_array_newtype!(Message, u8, constants::MESSAGE_SIZE); @@ -575,41 +310,10 @@ unsafe impl Send for Secp256k1 {} // The API does not permit any mutation of `Secp256k1` objects except through `&mut` references unsafe impl Sync for Secp256k1 {} - impl PartialEq for Secp256k1 { fn eq(&self, _other: &Secp256k1) -> bool { true } } -impl Default for SerializedSignature { - fn default() -> SerializedSignature { - SerializedSignature { - data: [0u8; 72], - len: 0, - } - } -} - -impl PartialEq for SerializedSignature { - fn eq(&self, other: &SerializedSignature) -> bool { - self.data[..self.len] == other.data[..other.len] - } -} - -impl AsRef<[u8]> for SerializedSignature { - fn as_ref(&self) -> &[u8] { - &self.data[..self.len] - } -} - -impl Deref for SerializedSignature { - type Target = [u8]; - fn deref(&self) -> &[u8] { - &self.data[..self.len] - } -} - -impl Eq for SerializedSignature {} - impl Eq for Secp256k1 { } impl Drop for Secp256k1 { @@ -706,9 +410,14 @@ impl Secp256k1 { /// Constructs a signature for `msg` using the secret key `sk` and RFC6979 nonce /// Requires a signing-capable context. - pub fn sign(&self, msg: &Message, sk: &key::SecretKey) - -> Signature { + #[deprecated(since = "0.21.0", note = "Use sign_ecdsa instead.")] + pub fn sign(&self, msg: &Message, sk: &key::SecretKey) -> ecdsa::Signature { + self.sign_ecdsa(msg, sk) + } + /// Constructs a signature for `msg` using the secret key `sk` and RFC6979 nonce + /// Requires a signing-capable context. + pub fn sign_ecdsa(&self, msg: &Message, sk: &key::SecretKey) -> ecdsa::Signature { unsafe { let mut ret = ffi::Signature::new(); // We can assume the return value because it's not possible to construct @@ -716,14 +425,14 @@ impl Secp256k1 { assert_eq!(ffi::secp256k1_ecdsa_sign(self.ctx, &mut ret, msg.as_c_ptr(), sk.as_c_ptr(), ffi::secp256k1_nonce_function_rfc6979, ptr::null()), 1); - Signature::from(ret) + ecdsa::Signature::from(ret) } } fn sign_grind_with_check( &self, msg: &Message, - sk: &key::SecretKey, - check: impl Fn(&ffi::Signature) -> bool) -> Signature { + sk: &SecretKey, + check: impl Fn(&ffi::Signature) -> bool) -> ecdsa::Signature { let mut entropy_p : *const ffi::types::c_void = ptr::null(); let mut counter : u32 = 0; let mut extra_entropy = [0u8; 32]; @@ -736,7 +445,7 @@ impl Secp256k1 { sk.as_c_ptr(), ffi::secp256k1_nonce_function_rfc6979, entropy_p), 1); if check(&ret) { - return Signature::from(ret); + return ecdsa::Signature::from(ret); } counter += 1; @@ -751,7 +460,7 @@ impl Secp256k1 { // When fuzzing, these checks will usually spinloop forever, so just short-circuit them. #[cfg(fuzzing)] - return Signature::from(ret); + return ecdsa::Signature::from(ret); } } } @@ -762,7 +471,18 @@ impl Secp256k1 { /// of signing operation performed by this function is exponential in the /// number of bytes grinded. /// Requires a signing capable context. - pub fn sign_grind_r(&self, msg: &Message, sk: &key::SecretKey, bytes_to_grind: usize) -> Signature { + #[deprecated(since = "0.21.0", note = "Use sign_ecdsa_grind_r instead.")] + pub fn sign_grind_r(&self, msg: &Message, sk: &SecretKey, bytes_to_grind: usize) -> ecdsa::Signature { + self.sign_ecdsa_grind_r(msg, sk, bytes_to_grind) + } + + /// Constructs a signature for `msg` using the secret key `sk`, RFC6979 nonce + /// and "grinds" the nonce by passing extra entropy if necessary to produce + /// a signature that is less than 71 - bytes_to_grund bytes. The number + /// of signing operation performed by this function is exponential in the + /// number of bytes grinded. + /// Requires a signing capable context. + pub fn sign_ecdsa_grind_r(&self, msg: &Message, sk: &SecretKey, bytes_to_grind: usize) -> ecdsa::Signature { let len_check = |s : &ffi::Signature| der_length_check(s, 71 - bytes_to_grind); return self.sign_grind_with_check(msg, sk, len_check); } @@ -773,7 +493,18 @@ impl Secp256k1 { /// signature implementation of bitcoin core. In average, this function /// will perform two signing operations. /// Requires a signing capable context. - pub fn sign_low_r(&self, msg: &Message, sk: &key::SecretKey) -> Signature { + #[deprecated(since = "0.21.0", note = "Use sign_ecdsa_grind_r instead.")] + pub fn sign_low_r(&self, msg: &Message, sk: &SecretKey) -> ecdsa::Signature { + return self.sign_grind_with_check(msg, sk, compact_sig_has_zero_first_bit) + } + + /// Constructs a signature for `msg` using the secret key `sk`, RFC6979 nonce + /// and "grinds" the nonce by passing extra entropy if necessary to produce + /// a signature that is less than 71 bytes and compatible with the low r + /// signature implementation of bitcoin core. In average, this function + /// will perform two signing operations. + /// Requires a signing capable context. + pub fn sign_ecdsa_low_r(&self, msg: &Message, sk: &SecretKey) -> ecdsa::Signature { return self.sign_grind_with_check(msg, sk, compact_sig_has_zero_first_bit) } @@ -816,7 +547,36 @@ impl Secp256k1 { /// # } /// ``` #[inline] - pub fn verify(&self, msg: &Message, sig: &Signature, pk: &key::PublicKey) -> Result<(), Error> { + #[deprecated(since = "0.21.0", note = "Use verify_ecdsa instead")] + pub fn verify(&self, msg: &Message, sig: &ecdsa::Signature, pk: &PublicKey) -> Result<(), Error> { + self.verify_ecdsa(msg, sig, pk) + } + + /// Checks that `sig` is a valid ECDSA signature for `msg` using the public + /// key `pubkey`. Returns `Ok(())` on success. Note that this function cannot + /// be used for Bitcoin consensus checking since there may exist signatures + /// which OpenSSL would verify but not libsecp256k1, or vice-versa. Requires a + /// verify-capable context. + /// + /// ```rust + /// # #[cfg(feature="rand")] { + /// # use secp256k1::rand::rngs::OsRng; + /// # use secp256k1::{Secp256k1, Message, Error}; + /// # + /// # let secp = Secp256k1::new(); + /// # let mut rng = OsRng::new().expect("OsRng"); + /// # let (secret_key, public_key) = secp.generate_keypair(&mut rng); + /// # + /// let message = Message::from_slice(&[0xab; 32]).expect("32 bytes"); + /// let sig = secp.sign_ecdsa(&message, &secret_key); + /// assert_eq!(secp.verify_ecdsa(&message, &sig, &public_key), Ok(())); + /// + /// let message = Message::from_slice(&[0xcd; 32]).expect("32 bytes"); + /// assert_eq!(secp.verify_ecdsa(&message, &sig, &public_key), Err(Error::IncorrectSignature)); + /// # } + /// ``` + #[inline] + pub fn verify_ecdsa(&self, msg: &Message, sig: &ecdsa::Signature, pk: &PublicKey) -> Result<(), Error> { unsafe { if ffi::secp256k1_ecdsa_verify(self.ctx, sig.as_c_ptr(), msg.as_c_ptr(), pk.as_c_ptr()) == 0 { Err(Error::IncorrectSignature) @@ -911,12 +671,12 @@ mod tests { let (sk, pk) = full.generate_keypair(&mut thread_rng()); let msg = Message::from_slice(&[2u8; 32]).unwrap(); // Try signing - assert_eq!(sign.sign(&msg, &sk), full.sign(&msg, &sk)); - let sig = full.sign(&msg, &sk); + assert_eq!(sign.sign_ecdsa(&msg, &sk), full.sign_ecdsa(&msg, &sk)); + let sig = full.sign_ecdsa(&msg, &sk); // Try verifying - assert!(vrfy.verify(&msg, &sig, &pk).is_ok()); - assert!(full.verify(&msg, &sig, &pk).is_ok()); + assert!(vrfy.verify_ecdsa(&msg, &sig, &pk).is_ok()); + assert!(full.verify_ecdsa(&msg, &sig, &pk).is_ok()); drop(full);drop(sign);drop(vrfy); @@ -940,12 +700,12 @@ mod tests { let (sk, pk) = full.generate_keypair(&mut thread_rng()); let msg = Message::from_slice(&[2u8; 32]).unwrap(); // Try signing - assert_eq!(sign.sign(&msg, &sk), full.sign(&msg, &sk)); - let sig = full.sign(&msg, &sk); + assert_eq!(sign.sign_ecdsa(&msg, &sk), full.sign_ecdsa(&msg, &sk)); + let sig = full.sign_ecdsa(&msg, &sk); // Try verifying - assert!(vrfy.verify(&msg, &sig, &pk).is_ok()); - assert!(full.verify(&msg, &sig, &pk).is_ok()); + assert!(vrfy.verify_ecdsa(&msg, &sig, &pk).is_ok()); + assert!(full.verify_ecdsa(&msg, &sig, &pk).is_ok()); unsafe { ManuallyDrop::drop(&mut full); @@ -984,12 +744,12 @@ mod tests { let (sk, pk) = full.generate_keypair(&mut thread_rng()); let msg = Message::from_slice(&[2u8; 32]).unwrap(); // Try signing - assert_eq!(sign.sign(&msg, &sk), full.sign(&msg, &sk)); - let sig = full.sign(&msg, &sk); + assert_eq!(sign.sign_ecdsa(&msg, &sk), full.sign_ecdsa(&msg, &sk)); + let sig = full.sign_ecdsa(&msg, &sk); // Try verifying - assert!(vrfy.verify(&msg, &sig, &pk).is_ok()); - assert!(full.verify(&msg, &sig, &pk).is_ok()); + assert!(vrfy.verify_ecdsa(&msg, &sig, &pk).is_ok()); + assert!(full.verify_ecdsa(&msg, &sig, &pk).is_ok()); } #[test] @@ -1006,12 +766,12 @@ mod tests { let (sk, pk) = full.generate_keypair(&mut thread_rng()); // Try signing - assert_eq!(sign.sign(&msg, &sk), full.sign(&msg, &sk)); - let sig = full.sign(&msg, &sk); + assert_eq!(sign.sign_ecdsa(&msg, &sk), full.sign_ecdsa(&msg, &sk)); + let sig = full.sign_ecdsa(&msg, &sk); // Try verifying - assert!(vrfy.verify(&msg, &sig, &pk).is_ok()); - assert!(full.verify(&msg, &sig, &pk).is_ok()); + assert!(vrfy.verify_ecdsa(&msg, &sig, &pk).is_ok()); + assert!(full.verify_ecdsa(&msg, &sig, &pk).is_ok()); // Check that we can produce keys from slices with no precomputation let (pk_slice, sk_slice) = (&pk.serialize(), &sk[..]); @@ -1032,19 +792,19 @@ mod tests { let msg = Message::from_slice(&msg).unwrap(); let (sk, _) = s.generate_keypair(&mut thread_rng()); - let sig1 = s.sign(&msg, &sk); + let sig1 = s.sign_ecdsa(&msg, &sk); let der = sig1.serialize_der(); - let sig2 = Signature::from_der(&der[..]).unwrap(); + let sig2 = ecdsa::Signature::from_der(&der[..]).unwrap(); assert_eq!(sig1, sig2); let compact = sig1.serialize_compact(); - let sig2 = Signature::from_compact(&compact[..]).unwrap(); + let sig2 = ecdsa::Signature::from_compact(&compact[..]).unwrap(); assert_eq!(sig1, sig2); - assert!(Signature::from_compact(&der[..]).is_err()); - assert!(Signature::from_compact(&compact[0..4]).is_err()); - assert!(Signature::from_der(&compact[..]).is_err()); - assert!(Signature::from_der(&der[0..4]).is_err()); + assert!(ecdsa::Signature::from_compact(&der[..]).is_err()); + assert!(ecdsa::Signature::from_compact(&compact[0..4]).is_err()); + assert!(ecdsa::Signature::from_der(&compact[..]).is_err()); + assert!(ecdsa::Signature::from_der(&der[0..4]).is_err()); } } @@ -1054,27 +814,27 @@ mod tests { let byte_str = hex!(hex_str); assert_eq!( - Signature::from_der(&byte_str).expect("byte str decode"), - Signature::from_str(&hex_str).expect("byte str decode") + ecdsa::Signature::from_der(&byte_str).expect("byte str decode"), + ecdsa::Signature::from_str(&hex_str).expect("byte str decode") ); - let sig = Signature::from_str(&hex_str).expect("byte str decode"); + let sig = ecdsa::Signature::from_str(&hex_str).expect("byte str decode"); assert_eq!(&sig.to_string(), hex_str); assert_eq!(&format!("{:?}", sig), hex_str); - assert!(Signature::from_str( + assert!(ecdsa::Signature::from_str( "3046022100839c1fbc5304de944f697c9f4b1d01d1faeba32d751c0f7acb21ac8a0f436a\ 72022100e89bd46bb3a5a62adc679f659b7ce876d83ee297c7a5587b2011c4fcc72eab4" ).is_err()); - assert!(Signature::from_str( + assert!(ecdsa::Signature::from_str( "3046022100839c1fbc5304de944f697c9f4b1d01d1faeba32d751c0f7acb21ac8a0f436a\ 72022100e89bd46bb3a5a62adc679f659b7ce876d83ee297c7a5587b2011c4fcc72eab" ).is_err()); - assert!(Signature::from_str( + assert!(ecdsa::Signature::from_str( "3046022100839c1fbc5304de944f697c9f4b1d01d1faeba32d751c0f7acb21ac8a0f436a\ 72022100e89bd46bb3a5a62adc679f659b7ce876d83ee297c7a5587b2011c4fcc72eabxx" ).is_err()); - assert!(Signature::from_str( + assert!(ecdsa::Signature::from_str( "3046022100839c1fbc5304de944f697c9f4b1d01d1faeba32d751c0f7acb21ac8a0f436a\ 72022100e89bd46bb3a5a62adc679f659b7ce876d83ee297c7a5587b2011c4fcc72eab45\ 72022100e89bd46bb3a5a62adc679f659b7ce876d83ee297c7a5587b2011c4fcc72eab45\ @@ -1085,7 +845,7 @@ mod tests { // 71 byte signature let hex_str = "30450221009d0bad576719d32ae76bedb34c774866673cbde3f4e12951555c9408e6ce774b02202876e7102f204f6bfee26c967c3926ce702cf97d4b010062e193f763190f6776"; - let sig = Signature::from_str(&hex_str).expect("byte str decode"); + let sig = ecdsa::Signature::from_str(&hex_str).expect("byte str decode"); assert_eq!(&format!("{}", sig), hex_str); } @@ -1094,7 +854,7 @@ mod tests { macro_rules! check_lax_sig( ($hex:expr) => ({ let sig = hex!($hex); - assert!(Signature::from_der_lax(&sig[..]).is_ok()); + assert!(ecdsa::Signature::from_der_lax(&sig[..]).is_ok()); }) ); @@ -1108,7 +868,7 @@ mod tests { } #[test] - fn sign_and_verify() { + fn sign_and_verify_ecdsa() { let mut s = Secp256k1::new(); s.randomize(&mut thread_rng()); @@ -1118,12 +878,12 @@ mod tests { let msg = Message::from_slice(&msg).unwrap(); let (sk, pk) = s.generate_keypair(&mut thread_rng()); - let sig = s.sign(&msg, &sk); - assert_eq!(s.verify(&msg, &sig, &pk), Ok(())); - let low_r_sig = s.sign_low_r(&msg, &sk); - assert_eq!(s.verify(&msg, &low_r_sig, &pk), Ok(())); - let grind_r_sig = s.sign_grind_r(&msg, &sk, 1); - assert_eq!(s.verify(&msg, &grind_r_sig, &pk), Ok(())); + let sig = s.sign_ecdsa(&msg, &sk); + assert_eq!(s.verify_ecdsa(&msg, &sig, &pk), Ok(())); + let low_r_sig = s.sign_ecdsa_low_r(&msg, &sk); + assert_eq!(s.verify_ecdsa(&msg, &low_r_sig, &pk), Ok(())); + let grind_r_sig = s.sign_ecdsa_grind_r(&msg, &sk, 1); + assert_eq!(s.verify_ecdsa(&msg, &grind_r_sig, &pk), Ok(())); let compact = sig.serialize_compact(); if compact[0] < 0x80 { assert_eq!(sig, low_r_sig); @@ -1160,13 +920,13 @@ mod tests { for key in wild_keys.iter().map(|k| SecretKey::from_slice(&k[..]).unwrap()) { for msg in wild_msgs.iter().map(|m| Message::from_slice(&m[..]).unwrap()) { - let sig = s.sign(&msg, &key); - let low_r_sig = s.sign_low_r(&msg, &key); - let grind_r_sig = s.sign_grind_r(&msg, &key, 1); + let sig = s.sign_ecdsa(&msg, &key); + let low_r_sig = s.sign_ecdsa_low_r(&msg, &key); + let grind_r_sig = s.sign_ecdsa_grind_r(&msg, &key, 1); let pk = PublicKey::from_secret_key(&s, &key); - assert_eq!(s.verify(&msg, &sig, &pk), Ok(())); - assert_eq!(s.verify(&msg, &low_r_sig, &pk), Ok(())); - assert_eq!(s.verify(&msg, &grind_r_sig, &pk), Ok(())); + assert_eq!(s.verify_ecdsa(&msg, &sig, &pk), Ok(())); + assert_eq!(s.verify_ecdsa(&msg, &low_r_sig, &pk), Ok(())); + assert_eq!(s.verify_ecdsa(&msg, &grind_r_sig, &pk), Ok(())); } } } @@ -1182,19 +942,19 @@ mod tests { let (sk, pk) = s.generate_keypair(&mut thread_rng()); - let sig = s.sign(&msg, &sk); + let sig = s.sign_ecdsa(&msg, &sk); let mut msg = [0u8; 32]; thread_rng().fill_bytes(&mut msg); let msg = Message::from_slice(&msg).unwrap(); - assert_eq!(s.verify(&msg, &sig, &pk), Err(Error::IncorrectSignature)); + assert_eq!(s.verify_ecdsa(&msg, &sig, &pk), Err(Error::IncorrectSignature)); } #[test] fn test_bad_slice() { - assert_eq!(Signature::from_der(&[0; constants::MAX_SIGNATURE_SIZE + 1]), + assert_eq!(ecdsa::Signature::from_der(&[0; constants::MAX_SIGNATURE_SIZE + 1]), Err(Error::InvalidSignature)); - assert_eq!(Signature::from_der(&[0; constants::MAX_SIGNATURE_SIZE]), + assert_eq!(ecdsa::Signature::from_der(&[0; constants::MAX_SIGNATURE_SIZE]), Err(Error::InvalidSignature)); assert_eq!(Message::from_slice(&[0; constants::MESSAGE_SIZE - 1]), @@ -1242,15 +1002,15 @@ mod tests { let msg = hex!("a4965ca63b7d8562736ceec36dfa5a11bf426eb65be8ea3f7a49ae363032da0d"); let secp = Secp256k1::new(); - let mut sig = Signature::from_der(&sig[..]).unwrap(); + let mut sig = ecdsa::Signature::from_der(&sig[..]).unwrap(); let pk = PublicKey::from_slice(&pk[..]).unwrap(); let msg = Message::from_slice(&msg[..]).unwrap(); // without normalization we expect this will fail - assert_eq!(secp.verify(&msg, &sig, &pk), Err(Error::IncorrectSignature)); + assert_eq!(secp.verify_ecdsa(&msg, &sig, &pk), Err(Error::IncorrectSignature)); // after normalization it should pass sig.normalize_s(); - assert_eq!(secp.verify(&msg, &sig, &pk), Ok(())); + assert_eq!(secp.verify_ecdsa(&msg, &sig, &pk), Ok(())); } #[test] @@ -1261,9 +1021,9 @@ mod tests { let msg = Message::from_slice(&msg).unwrap(); let sk = SecretKey::from_str("57f0148f94d13095cfda539d0da0d1541304b678d8b36e243980aab4e1b7cead").unwrap(); let expected_sig = hex!("047dd4d049db02b430d24c41c7925b2725bcd5a85393513bdec04b4dc363632b1054d0180094122b380f4cfa391e6296244da773173e78fc745c1b9c79f7b713"); - let expected_sig = Signature::from_compact(&expected_sig).unwrap(); + let expected_sig = ecdsa::Signature::from_compact(&expected_sig).unwrap(); - let sig = secp.sign_low_r(&msg, &sk); + let sig = secp.sign_ecdsa_low_r(&msg, &sk); assert_eq!(expected_sig, sig); } @@ -1275,9 +1035,9 @@ mod tests { let msg = hex!("ef2d5b9a7c61865a95941d0f04285420560df7e9d76890ac1b8867b12ce43167"); let msg = Message::from_slice(&msg).unwrap(); let sk = SecretKey::from_str("848355d75fe1c354cf05539bb29b2015f1863065bcb6766b44d399ab95c3fa0b").unwrap(); - let expected_sig = Signature::from_str("304302202ffc447100d518c8ba643d11f3e6a83a8640488e7d2537b1954b942408be6ea3021f26e1248dd1e52160c3a38af9769d91a1a806cab5f9d508c103464d3c02d6e1").unwrap(); + let expected_sig = ecdsa::Signature::from_str("304302202ffc447100d518c8ba643d11f3e6a83a8640488e7d2537b1954b942408be6ea3021f26e1248dd1e52160c3a38af9769d91a1a806cab5f9d508c103464d3c02d6e1").unwrap(); - let sig = secp.sign_grind_r(&msg, &sk, 2); + let sig = secp.sign_ecdsa_grind_r(&msg, &sk, 2); assert_eq!(expected_sig, sig); } @@ -1292,7 +1052,7 @@ mod tests { let msg = Message::from_slice(&[1; 32]).unwrap(); let sk = SecretKey::from_slice(&[2; 32]).unwrap(); - let sig = s.sign(&msg, &sk); + let sig = s.sign_ecdsa(&msg, &sk); static SIG_BYTES: [u8; 71] = [ 48, 69, 2, 33, 0, 157, 11, 173, 87, 103, 25, 211, 42, 231, 107, 237, 179, 76, 119, 72, 102, 103, 60, 189, 227, 244, 225, 41, 81, 85, 92, 148, @@ -1329,8 +1089,8 @@ mod tests { let pk = PublicKey::from_secret_key(&SECP256K1, &sk); // Check usage as self - let sig = SECP256K1.sign(&msg, &sk); - assert!(SECP256K1.verify(&msg, &sig, &pk).is_ok()); + let sig = SECP256K1.sign_ecdsa(&msg, &sk); + assert!(SECP256K1.verify_ecdsa(&msg, &sig, &pk).is_ok()); } #[cfg(feature = "bitcoin_hashes")] @@ -1402,7 +1162,7 @@ mod benches { } #[bench] - pub fn bench_sign(bh: &mut Bencher) { + pub fn bench_sign_ecdsa(bh: &mut Bencher) { let s = Secp256k1::new(); let mut msg = [0u8; 32]; thread_rng().fill_bytes(&mut msg); @@ -1410,22 +1170,22 @@ mod benches { let (sk, _) = s.generate_keypair(&mut thread_rng()); bh.iter(|| { - let sig = s.sign(&msg, &sk); + let sig = s.sign_ecdsa(&msg, &sk); black_box(sig); }); } #[bench] - pub fn bench_verify(bh: &mut Bencher) { + pub fn bench_verify_ecdsa(bh: &mut Bencher) { let s = Secp256k1::new(); let mut msg = [0u8; 32]; thread_rng().fill_bytes(&mut msg); let msg = Message::from_slice(&msg).unwrap(); let (sk, pk) = s.generate_keypair(&mut thread_rng()); - let sig = s.sign(&msg, &sk); + let sig = s.sign_ecdsa(&msg, &sk); bh.iter(|| { - let res = s.verify(&msg, &sig, &pk).unwrap(); + let res = s.verify_ecdsa(&msg, &sig, &pk).unwrap(); black_box(res); }); }