Commit Graph

161 Commits

Author SHA1 Message Date
Christian Reitter 36af387bea Improve default settings and documentation 2024-04-28 20:46:46 +02:00
Christian Reitter 43aea399d1 Add several unsafe optimizations, special trade-off decisions
Partially based on https://github.com/llamasoft/secp256k1_fast_unsafe , adopted for newer secp256k1.
2024-04-27 13:04:08 +02:00
Tobin C. Harding 2bba8f9f5a
secp256k1-sys: Vendor latest secp256k1
Vendor the latest secp256k1 `v0.4.1`. Bump the version number of
`secp256k1-sys` to `v0.10.0` and run the vendor script.

Also depend on the new version in `rust-secp256k1`, and add a changelog
entry.
2024-04-03 06:58:25 +11:00
Tobin C. Harding 2d0c7835f1
Tighten the version grep in vendor script
We just added `rust-version = ` to the `secp256k1-sys` manifest, doing
so causes a grep statement from the vendor script to match this line -
we don't want that.

Tighten up the grep statement by only matching on `version` at the start
of the line.
2024-03-28 10:13:27 +11:00
Tobin C. Harding a2b78f4022
Bump MSRV to 1.56.1
As we have done in other parts of the ecosystem bump the MSRV to Rust
`v1.56.1`.

Done for `secp256k1` and `secp256k1-sys`.
2024-03-28 08:40:48 +11:00
Tobin C. Harding 873ad47343
Allow dead_code on AlignedType
We use the `AlignedType` and take a pointer to its inner data, never
access the data directly - this confuses clippy causing a "field is
never used" warning.

Shoosh the lint and add a code comment explaining why.
2024-03-26 09:33:38 +11:00
Andrew Poelstra 3373cc930e
secp256k1-sys: update all symbols from 0.9.1 to 0.9.2 2024-01-02 16:22:20 +00:00
Andrew Poelstra 484e5d8d5b
fix incorrect FFI binding for pubkey_combine 2023-12-18 21:28:27 +00:00
Tobin C. Harding c1ccda18b6
secp256k1-sys: Bump version to 0.9.1
In preparation for doing a point release add a changelog entry, bump the
version, and update all the `0_9_0` identifiers in the vendored code.

Done so we can release the wasm-build bug fix.
2023-12-07 10:21:38 +11:00
Andrew Poelstra 7a0c60edcd
secp256k1-sys: patch out checked_malloc 2023-11-06 14:50:13 +00:00
Andrew Poelstra 942a0e5e2c
build.rs: patch out any calls to `printf` 2023-11-01 17:34:21 +00:00
Andrew Poelstra 51dab7ac04
vendor-libsecp: remove util.h patch
This patch adds a declaration of the `ecdsa_parse_compact` function to
util.h. This function isn't called from within libsecp proper; it is
called in lax_der_parse.c (which we patch separately with a declaration)
and in example code (which we don't compile at all).
2023-11-01 17:01:04 +00:00
Tobin C. Harding 3dc5b16540
Bump version to v0.28.0
Prepare for release by doing:

- Add changelog entry to `secp256k1-sys` for the recent version bump ready
  for release.
- Bump the version of secp256k1 to 0.28.0
- Add changelog entry to `secp256k1` for the imminent release.
2023-10-10 09:40:07 +11:00
Davidson Souza 39febcb866
Create rust-bidings
Create bindings for all methods and static types in ellswift.h in
secp256k1-sys and their respective safe-rust types.

All methods are extensively commented and tested using BIP324's
test vectors
2023-10-09 14:57:54 -03:00
Davidson Souza 80b2a8d4aa
Update vendored libsecp to v0.4.0 2023-09-30 12:04:45 -03:00
Tobin C. Harding 33747bb16f
Rename KeyPair to Keypair
We use "keypair" in identifiers (local vars and function names) but
`KeyPair` - one of them is wrong.

Elect to follow upstream and define keypair as a single word i.e., use
`Keypair` for type name and `keypair` in identifiers.

This patch can be reproduced mechanically by doing two
search-and-replace operations on all files excluding the CHANGELOG

- Replace "KeyPair" with "Keypair"
- Replace "key_pair" with "keypair"
2023-08-19 08:35:47 +10:00
Tobin C. Harding 81b154fed5
Remove docsrs cfg_attributes
We no longer need to manually configure the docsrs build to highlight
feature guards since we use the `doc_auto_cfg` feature. Somehow when we
added usage of that feature we forgot to remove the other attributes.
2023-07-13 10:36:58 +10:00
Tobin C. Harding 47aa740c74
Improve the README files
Improve the secp256k1 readme by:

- Use a top level markdown header (level 1)
- Add a link to the SECG's website (www.secg.org)
- Add a link for `secp256k1` to bitcoin.it explaining the curve

Improve the secp256k1-sys readme by:

- Mirror secp256k1 readme badges, heading, docs link
- Basic cleanup
 - Use 100 column width
 - Use backticks
 - Use capitals
2023-05-16 08:49:03 +10:00
Andrew Poelstra be7f9398fa
Merge rust-bitcoin/rust-secp256k1#609: Introduce SPDX license identifiers
896e6c7f2d Introduce SPDX license identifiers (Tobin C. Harding)

Pull request description:

  Licenses are boring as hell, so is are all the comments at the top of each file. This patch makes no comment on the merit of license comments in each file, rather this patch reduces the license comment to the minimum possible with no loss of meaning - an SPDX license identifier.

  Note also please that we remove the "written by" comments as well for the following reasons (discussed recently on rust-bitcoin repo):

  - they are not descriptive because many devs contributed
  - they have a tendency to include the wrong date because of cut'n'pasta
  - all this info is in the git history

  ref: https://spdx.dev/ids/#how

  cc elichai because this PR removes your name but you were not explicitly part of the conversation on `rust-bitcoin` about this topic. Here is the issue: https://github.com/rust-bitcoin/rust-bitcoin/issues/1816 also for more on SPDX see https://github.com/rust-bitcoin/rust-bitcoin/pull/1076

ACKs for top commit:
  Kixunil:
    ACK 896e6c7f2d
  apoelstra:
    ACK 896e6c7f2d

Tree-SHA512: 6f0ff7ec2632aed510df362e2fb9cf25fe02cae347bdd4a481804a3ea2b9e060c4ec2c85de3e9d1d40920e4b9c4eecfab127e61f3d076886fe8f2fb4bff9f5a7
2023-05-04 18:17:24 +00:00
Tobin C. Harding b6d0c3bfcd
Use doc_auto_cfg
We can build docs using feature markers by using `doc_auto_cfg` now, no
need to manually call the `doc` attribute.
2023-05-03 12:06:25 +10:00
Tobin C. Harding 896e6c7f2d
Introduce SPDX license identifiers
Licenses are boring as hell, so is are all the comments at the top of
each file. This patch makes no comment on the merit of license comments
in each file, rather this patch reduces the license comment to the
minimum possible with no loss of meaning - an SPDX license identifier.

Note also please that we remove the "written by" comments as well for
the following reasons (discussed recently on rust-bitcoin repo):

- they are not descriptive because many devs contributed
- they have a tendency to include the wrong date because of cut'n'pasta
- all this info is in the git history

ref: https://spdx.dev/ids/#how
2023-05-03 11:37:07 +10:00
Andrew Poelstra 9bdab89562
change --cfg=fuzzing to --cfg=secp256k1_fuzz 2023-05-01 16:11:44 +00:00
Andrew Poelstra 493eaf723f
Merge rust-bitcoin/rust-secp256k1#594: Rewrite revendoring script
2ae7ca9cf2 secp-sys: update README for new vendoring script (Andrew Poelstra)
4b02e9c405 run new vendor-libsecp.sh; fix upstream CHANGELOG. (Andrew Poelstra)
b58a60fd6c rewrite ./vendor-libsecp.sh (Andrew Poelstra)

Pull request description:

  For Nix purposes I need the revendoring script to work without network access and without user interaction. I also realized it would be convenient if the script could figure out what the right version prefix is supposed to be. Then I noticed some shellcheck issues.

  Anyway I just rewrote the whole thing. I'm now able to run this script within nix and vet that the current contents of the `depend/` directory are consistent with the secp256k1-HEAD-revision.txt, for all commits.

ACKs for top commit:
  tcharding:
    ACK 2ae7ca9cf2
  sanket1729:
    reACK 2ae7ca9cf2

Tree-SHA512: ea3028e3517b2dbe0f34bcf20685945ecf543fc42e01f10d435432ad290088586b2a2b0f0e94bc3ce59ec38727656eb04eef57c5df6a34da77070e0f288b1d84
2023-03-31 21:26:24 +00:00
Tobin C. Harding 7bba2bc3b5
secp256k1-sys: Remove custom implementations of Eq, Ord and friends
Note: Only effects code when fuzzing is enabled, as such does not
include a mention in the changelog.

Now that we have Rust 1.48 as the MSRV we no longer need the custom
implementations of `PartialEq`, `Eq`, `PartialOrd`, `Ord`, and `Hash`.
We can just let users of the `impl_array_newtype` macro derive these
traits if they want them.

Remove the custom implementations and add derives to our two users of
the macro.
2023-03-31 09:43:52 +11:00
Tobin C. Harding ee83c3a4f9
Bump MSRV to 1.48
We are upgrading the MSRV across the whole Rust Bitcoin ecosystem.

Update the README, clippy config file, and CI to use the new MSRV.
Changes to use the new MSRV will be done later.

Add mention of MSRV to `secp256k1-sys`, add unreleased section to both
changelogs.
2023-03-31 09:43:50 +11:00
Tobin C. Harding 0e2579fb96
Fix release date in changelogs
We have a typo in the release date of the cahngelogs, release was in
March not in the mythical 13th month.
2023-03-31 09:42:33 +11:00
Andrew Poelstra 2ae7ca9cf2
secp-sys: update README for new vendoring script
Also a couple minor tweaks to the vendoring script itself.
2023-03-30 12:40:18 +00:00
Andrew Poelstra 4b02e9c405
run new vendor-libsecp.sh; fix upstream CHANGELOG. 2023-03-29 23:48:15 +00:00
Andrew Poelstra b58a60fd6c
rewrite ./vendor-libsecp.sh
This rewrite:
   * Fixes some shellcheck issues (bad quoting, use of | instead of ||
     near the beginning of the file)
   * Automatically computes the version prefix, depend directory, etc.,
     and provides instructions to override this with env vars if the
     user really wants to do this.
   * Detects when it would be destructive and refuses to run unless
     passed the -f flag, rather than prompting the user for a yes/no
   * Adds the capability to use cp rather than git clone, which I need
     to run this from within Nix.
   * Whitelists CHANGELOG.md which shouldn't get substituted.
2023-03-29 23:48:09 +00:00
Tobin C. Harding 5ae136d7bd
Bump secp256k1-sys version to 0.8.1
We are ready to release a new minor version of `secp256k1-sys`, in order
to do so we must make change the symbol names to reflect the new version
as well as the usual changelog and version bump.

In preparation for releasing `secp256k1-sys` v0.8.1 do:

- Rename symbols to from `0_8_0` -> `0_8_1`, done mechanically (search
  and replace)
- Add changes log notes (includes changelog entry for 0.8.0)
- Bump `secp256k1-sys` crate version 0.8.0 -> 0.8.1, justified because
  we have added a new public function.
2023-03-17 16:22:01 +11:00
kwantam 8fffbeab13
implement "non_secure_erase" methods
This PR implements a `non_secure_erase()` method on SecretKey,
KeyPair, SharedSecret, Scalar, and DisplaySecret. The purpose
of this method is to (attempt to) overwrite secret data with
valid default values. This method can be used by libraries
to implement Zeroize on structs containing secret values.

`non_secure_erase()` attempts to avoid being optimized away or
reordered using the same mechanism as the zeroize crate: first,
using `std::ptr::write_volatile` (which will not be optimized
away) to overwrite the memory, then using a memory fence to
prevent subtle issues due to load or store reordering.

Note, however, that this method is *very unlikely* to do anything
useful on its own. Effective use involves carefully placing these
values inside non-Copy structs and pinning those structs in place.
See the [`zeroize`](https://docs.rs/zeroize) documentation for tips
and tricks, and for further discussion.

[this commit includes a squashed-in commit from tcharding to fix docs
and helpful suggestions from apoelstra and Kixunil]
2023-02-21 08:56:03 -05:00
Tibo-lg 43370d8128 Add secp256k1_schnorrsig_sign_custom in fuzzing config 2022-12-22 16:59:59 +09:00
Tobin C. Harding 2dad589394 Upgrade the vendored libsecp256k1 code
`libsecp256k1` v0.2.0 was just released.

Update the vendored code using

 `./vendor-libsecp.sh depend 0_8_0 21ffe4b`

```
git show 21ffe4b
commit 21ffe4b22a9683cf24ae0763359e401d1284cc7a (tag: v0.2.0)
Merge: 8c949f5 e025ccd
Author: Pieter Wuille <pieter@wuille.net>
Date:   Mon Dec 12 17:00:52 2022 -0500

    Merge bitcoin-core/secp256k1#1055: Prepare initial release

    e025ccdf7473702a76bb13d763dc096548ffefba release: prepare for initial release 0.2.0 (Jonas Nick)
    6d1784a2e2c1c5a8d89ffb08a7f76fa15e84fff5 build: add missing files to EXTRA_DIST (Jonas Nick)
    13bf1b6b324f2ed1c1fb4c8d17a4febd3556839e changelog: make order of change types match keepachangelog.com (Jonas Nick)
    b1f992a552785395d2e60b10862626fd11f66f84 doc: improve release process (Jonas Nick)
    ad39e2dc417f85c1577a6a6a9c519f5c60453def build: change package version to 0.1.0-dev (Jonas Nick)
    90618e9263ebc2a0d73d487d6d94fd3af96b973c doc: move CHANGELOG from doc/ to root directory (Jonas Nick)

    Pull request description:

      Based on #964

    ACKs for top commit:
      sipa:
        ACK e025ccdf7473702a76bb13d763dc096548ffefba

    Tree-SHA512: b9ab71d7362537d383a32b5e321ef44069f00e3e92340375bcd662267bc5a60c2bad60222998e6602cfac24ad65efb23d772eac37c86065036b90ef090b54c49
    ```

Requires a new version of `secp256k1-sys`, use v0.8.0

- Update the `secp256k1-sys` manifest (including links field)
- Update symbols to use 0_8_0
- Add a changelog entry
- depend on the new version in `secp256k1`

Which in turn requires a new version of `secp256k1`, use v0.26.0
2022-12-21 08:11:14 +11:00
Tobin C. Harding 2d4aacc4ad Update scratch_impl.h patch file
To mirror recent changes to the `scratch_impl.h` file update the patch
file.
2022-12-19 15:12:23 +11:00
Tobin C. Harding 3fa2436272 Bump secp256k1-sys version to 0.7.0
We are ready to release a new minor version of `secp256k1-sys`, in order
to do so we must make change the symbol names to reflect the new version
as well as the usual changelog and version bump.

In preparation for releasing `secp256k1-sys` v0.7.0 do:

- Rename symbols to from `0_6_1` -> `0_7_0`, done mechanically (search
  and replace)
- Add changes log notes
- Bump `secp256k1-sys` crate version 0.6.1 -> 0.7.0, justified because
  we have added new public methods to various types (e.g.,
  `PublicKey::cmp_fast_unstable`)
2022-12-12 09:13:00 +11:00
Tobin C. Harding 9b07e8e8c5 secp-sys: Use NonNull in API instead of *mut T
Currently we expect non-null pointers when we take `*mut T` parameters,
however we do not check that the pointers are non-null because we never
set VERIFY in our C build. We can use the `NonNull` type to enforce
no-null-ness as long as we use `NonNull::new`. In a couple of instances
we manually check that a buffer is not empty and therefore that the
pointer to it is non-null so we can safely use `NonNull::new_unchecked`.

Replace mutable pointer parameters `*mut T` (e.g. `*mut c_void`) and
return types with `NonNull<T>`.

Fix #546
2022-12-01 15:45:32 +11:00
Andrew Poelstra 8ab0bbccbc
Merge rust-bitcoin/rust-secp256k1#535: call the alloc error handle if we get NULL from the allocator
8b17fc016d call the alloc error handle if we get NULL from the allocator (Elichai Turkel)

Pull request description:

  Found that this was missing in this discussion: https://github.com/rust-bitcoin/rust-secp256k1/issues/529#issuecomment-1324832163

  It is documented here that it returns a NULL on memory exhaustion: https://doc.rust-lang.org/alloc/alloc/trait.GlobalAlloc.html#tymethod.alloc
  And you can see that this is called in this example: https://doc.rust-lang.org/alloc/alloc/fn.alloc.html
  Docs for the handle itself: https://doc.rust-lang.org/alloc/alloc/fn.handle_alloc_error.html

ACKs for top commit:
  apoelstra:
    ACK 8b17fc016d
  Kixunil:
    Good argument, ACK 8b17fc016d

Tree-SHA512: 4b8f79ab5f691cb92621a314ceb8556c26fa7e159de359697b766043a0269e1ecf9746e6d4bfd5b45f18bccaff435c1fff491168b8bb77459ae849c38664d563
2022-11-24 15:38:26 +00:00
Andrew Poelstra e4baf79deb
Merge rust-bitcoin/rust-secp256k1#536: secp256k1-sys: Remove unused flags in build.rs
7d3dc354d7 secp256k1-sys: Remove unused flags in build.rs (Elichai Turkel)

Pull request description:

  These are no longer used in upstream, so there's no reason for us to set them

ACKs for top commit:
  apoelstra:
    ACK 7d3dc354d7

Tree-SHA512: 79ecbed19ba9eb61640306bc5413b139e902ee84b7e122e8ae57e451f2b132371440554f21ed075ed34d9d702c4316e4b170ca638c774532ecf5a11456b4e2ad
2022-11-24 14:49:38 +00:00
Elichai Turkel 7d3dc354d7
secp256k1-sys: Remove unused flags in build.rs 2022-11-24 13:38:40 +02:00
Elichai Turkel 8b17fc016d
call the alloc error handle if we get NULL from the allocator 2022-11-24 13:14:23 +02:00
Tobin C. Harding 85681cece7 secp256k1-sys: Document safety constraints
Functions that are `unsafe` should include a `# Safety` section. Because
we have wrapper functions to handle symbol renaming we essentially have
duplicate functions i.e., they require the same docs, instead of
duplicating the docs put the symbol renamed function below the
non-renamed function and add a docs linking to the non-renamed function.
Also add attribute to stop the linter warning about the missing safety
docs section.

Remove the clippy attribute for `missing_safety_doc`.
2022-11-24 09:17:15 +11:00
Tobin C. Harding 9850550734 Move AsRef impl block next to Index
These two traits are related, in as much as they both give access to the
inner byte array. Put them next to each other to assist clarity.
2022-11-18 10:57:32 +11:00
Tobin C. Harding 4d42e8e906 Derive Copy and Clone
There is no obvious reason why not to derive `Copy` and `Clone` for
types that use the `impl_newtype_macro`. Derives are less surprising so
deriving makes the code marginally easier to read.
2022-11-18 10:56:24 +11:00
Tobin C. Harding b38ae97eaf Implement stable comparison functionality
Currently we rely on the inner bytes with types that are passed across
the FFI boundry when implementing comparison functions (e.g. `Ord`,
`PartialEq`), this is incorrect because the bytes are opaque, meaning
the byte layout is not guaranteed across versions of `libsecp26k1`.

Implement stable comparison functionality by doing:

- Implement `core::cmp` traits by first coercing the data into a stable
  form e.g., by serializing it.
- Add fast comparison methods to `secp256k1-sys` types that wrap types
  from libsecp, add similar methods to types in `secp256k1` that wrap
  `secp256k1-sys` types (just call through to inner type).
- In `secp256k1-sys` feature gate the new `core::cmp` impls on
  `not(fuzzing)`, when fuzzing just derive the impls instead.

Any additional methods added to `secp256k1-sys` types are private,
justified by the fact the -sys is meant to be just a thin wrapper around
libsecp256k1, we don't want to commit to supporting additional API
functions.

Please note, the solution presented in this patch is already present for
`secp256k1::PublicKey`, this PR removes that code in favour of deriving
traits that then call down to the same logic in `secp256k1-sys`.
2022-11-18 10:24:46 +11:00
Tobin C. Harding 630fc1fcb6 Remove len and is_empty from impl_array_newtype macros
An array in Rust has no concept of length, it is a fixed size data type.
Equally an array cannot be "empty", again since it is a fixed size data
type. These are methods/concepts seen in slices and vectors.

Remove the `len` and `is_empty` methods.
2022-11-18 07:57:39 +11:00
Tobin C. Harding 9788b6df88 Remove leading colons from impl_array_newtype methods
The leading colons are an artifact of Rust 1.29, remove them.
2022-11-18 07:57:39 +11:00
Tobin C. Harding 2bb08c21e5 Remove as_[mut_]ptr from impl_array_newtype macros
For interfacing with the FFI layer we implement `ffi::CPtr`, there is
not need to provide methods `as_ptr` and `as_mut_ptr` as well.
2022-11-18 07:57:39 +11:00
Tobin C. Harding 635890322a Add newline to end of file
Inline with UNIX convention add a trailing newline to file.
2022-11-18 07:57:39 +11:00
Andrew Poelstra 5a546945ad
Merge rust-bitcoin/rust-secp256k1#488: Support non-WASM platforms that are missing `string.h`
92b733386f Support non-WASM platforms that are missing `string.h` (Matt Corallo)

Pull request description:

  Dunno why we haven't seen this elsewhere, but when trying to build locally for an ARM embedded target `secp256k1-sys` failed to compile as it was missing `string.h`, just like WASM.

  This patch adds a trivial fallback - if we fail to compile initially we unconditionally retry with the wasm-sysroot, giving us a valid `string.h`.

ACKs for top commit:
  tcharding:
    ACK 92b733386f
  apoelstra:
    ACK 92b733386f

Tree-SHA512: 81cbc5023f349681a3bef138506d9314be948b8b7b78bb2b2ffacf43b0c97d92ea67238105009a94b05a0a3adbd4113ed68f79a0a303708d95c6a7f520d5170e
2022-11-14 14:40:56 +00:00
Andrew Poelstra 432f2939c6
Merge rust-bitcoin/rust-secp256k1#507: Minimise FFI in the public API
68c73850d8 Minimise FFI in the public API (Tobin C. Harding)

Pull request description:

  Normal users should never need to directly interact with the FFI layer.

  Audit and reduce the use of `ffi` types in the public API of various types. Leave only the implementation of `CPtr`, and document this clearly as not required by normal users. Done for:

  - PublicKey
  - XOnlyPublicKey
  - KeyPair
  - ecdsa::Signature
  - ecdsa::RecoverableSignature

ACKs for top commit:
  apoelstra:
    ACK 68c73850d8

Tree-SHA512: 8242527837872f9aba2aab19b02c2280ca1eb1dfd33c8ca619726d981811d72de3e5a57cbde2fbe621eb8e50e43f488804cd51d27949459da1c0ceb03fca35e3
2022-11-14 14:13:22 +00:00