Commit Graph

1200 Commits

Author SHA1 Message Date
Tobin C. Harding c36b4375c0 Enable rand/std_rng feature
We recently upgraded the rand dependency and we use it behind code
feature gated on "rand-std". In that code we use `thread_rng` but this
is only available if the "std_rng" feature is turned on, however in
non-dev builds we do not enable this feature, we have a "rand-std"
feature that enables "rand/std", it should also enable "std_rng".

Enable "rand/std_rng" in the "rand-std" feature.
2022-06-24 13:41:51 +10:00
Andrew Poelstra ff7c34792a
Merge rust-bitcoin/rust-secp256k1#457: secp256k1-sys: bump version to 0.6.0
79a4ee333b secp256k1-sys: bump version to 0.6.0 (Andrew Poelstra)

Pull request description:

  Needed for release of secp256k1 0.23.0

ACKs for top commit:
  tcharding:
    ACK 79a4ee333b
  sanket1729:
    utACK 79a4ee333b

Tree-SHA512: 25c35145a1b4bc4bc997e136b727345b5f43921efdc983fb5866a717ee2b2bab501c0801fa3e613672027f5b35117890a0384a396770cb59467405ae374079ee
2022-06-22 17:02:29 +00:00
Andrew Poelstra 568f16a519
Merge rust-bitcoin/rust-secp256k1#458: Removed `Default` from `SerializedSignature`
b18f5d0454 Removed `Default` from `SerializedSignature` (Martin Habovstiak)

Pull request description:

  `Default` was pointless, so it was replaced with internal
  `from_raw_parts` method which also checks the length.

  This commit also documents changes to `SerializedSignature`.

  Closes #454

ACKs for top commit:
  tcharding:
    utACK b18f5d0454
  apoelstra:
    ACK b18f5d0454

Tree-SHA512: 5ee32160721d4d22cfe7c5dcc433bf013fc78a350e86b3d8d42c207fec7f2bf11c47fce77269ae816567be77602fdc86231d86e2c62aa2d327540056ab445842
2022-06-22 16:59:58 +00:00
Martin Habovstiak b18f5d0454 Removed `Default` from `SerializedSignature`
`Default` was pointless, so it was replaced with internal
`from_raw_parts` method which also checks the length.

This commit also documents changes to `SerializedSignature`.

Closes #454
2022-06-22 00:29:57 +02:00
Andrew Poelstra 7975be53cf
Merge rust-bitcoin/rust-secp256k1#456: `SerializedSignature` improvements
0e0fa06e41 Simplify `Display` impl of `SerializedSignature` (Martin Habovstiak)
5d51b9d94b Added `MAX_LEN` constant to `serialized_signature` (Martin Habovstiak)
e642a52e7d Add `#[inline]` to methods of `SerializedSignatre` (Martin Habovstiak)
e92540beb8 `impl IntoIterator for SerializedSignature` (Martin Habovstiak)
7f2d3d2452 Move `SerializedSignature` into its own module (Martin Habovstiak)
901d5ffeb9 `impl<'a> IntoIterator for &'a SerializedSignature` (Martin Habovstiak)
1d2a1c3fee Deduplicate `self.data[..self.len]` expressions (Martin Habovstiak)

Pull request description:

  This

  * Deduplicates slicing operations
  * Implements `IntoIterator` (owned and borrowed)
  * Reorganizes the code for better clarity
  * Adds `#[inline]`s
  * Checks length set by libsep256k1

  Closes #367
  Closes #368

  Individual commits are hopefully easier to review.

ACKs for top commit:
  apoelstra:
    ACK 0e0fa06e41

Tree-SHA512: bbc759af767c8b84bfd6720456efc1e86da501aa193641dae3c99847a3c882f7d4aa7e5cbec074fdd9c2595f1f65e5fbb4c80620539a6357927149e5c2fbc734
2022-06-21 20:46:42 +00:00
Andrew Poelstra 79a4ee333b secp256k1-sys: bump version to 0.6.0
Needed for release of secp256k1 0.23.0
2022-06-21 20:37:45 +00:00
Andrew Poelstra 8ecb75caed
Merge rust-bitcoin/rust-secp256k1#444: Bump crate version to 0.23.0
c1d735802c Bump crate version to 0.23.0 (Tobin C. Harding)

Pull request description:

  ~We just did an MSRV bump, this typically would require bumping our major
  version number but since we are pre 1.0 we bump the minor version
  number.~

  In preparation for release, write CHANGELOG release notes and bump the crate version  to 0.23.0

  Thanks to Kixunil for sifting through the PRs to make the changelog list, I added links to the relevant PRs.

ACKs for top commit:
  apoelstra:
    ACK c1d735802c

Tree-SHA512: b320f061c78c9646a0c51a54b7fcdd676e7487b10a5a5323f20cf5ed11d3ea97a7a330764c934f3e4756679ac3daebbff2d725c9a15ec15216b60c7dfea9706b
2022-06-21 20:29:25 +00:00
Andrew Poelstra 81e580183b
Merge rust-bitcoin/rust-secp256k1#453: Remove mentions of 32-byte slice from tweak APIs
e612458dc7 Remove mentions of 32-byte slice from tweak APIs (Martin Habovštiak)

Pull request description:

  These methods accept `&Scalar`, not slice and `&Scalar` already guarantees 32-bytes, so this failure case is impossible.

ACKs for top commit:
  sanket1729:
    ACK e612458dc7.
  apoelstra:
    ACK e612458dc7

Tree-SHA512: f1c083756cb99b16b16764c4d603196a99b7bae864ca7f62908866667cf0218c459447b95298edc71de92c1abe1268a1c085495e1626bb0b9168e1af6aaf2af6
2022-06-21 20:28:09 +00:00
Martin Habovstiak 0e0fa06e41 Simplify `Display` impl of `SerializedSignature`
This is shorter and avoids duplication of slicing logic.
2022-06-21 21:14:14 +02:00
Martin Habovstiak 5d51b9d94b Added `MAX_LEN` constant to `serialized_signature`
This also asserts that libsecp256k1 set the correct length to help the
compiler elide bound checks.
2022-06-21 21:12:35 +02:00
Martin Habovstiak e642a52e7d Add `#[inline]` to methods of `SerializedSignatre`
These methods are trivial so great candidates for inlining.
2022-06-21 21:12:25 +02:00
Martin Habovstiak e92540beb8 `impl IntoIterator for SerializedSignature`
This adds owned iterator for `SerializedSignature` and implements
`IntoIterator`.
2022-06-21 21:12:22 +02:00
Martin Habovstiak 7f2d3d2452 Move `SerializedSignature` into its own module
This de-clutters the code and prepares for the next step of adding
`IntoIterator`. The type is still re-exported so the change is neither
breaking nor inconvenient.

This also adds more datialed explanation of `SerializedSignature` and
why it's needed.
2022-06-21 20:41:38 +02:00
Martin Habovstiak 901d5ffeb9 `impl<'a> IntoIterator for &'a SerializedSignature`
This allows using `&SerializedSignature` in `for` loops and methods like
`Iterator::zip`.
2022-06-21 19:26:43 +02:00
Martin Habovstiak 1d2a1c3fee Deduplicate `self.data[..self.len]` expressions
This removes the duplication ensuring single source of truth and making
the code simpler.
2022-06-21 19:23:01 +02:00
Martin Habovštiak e612458dc7
Remove mentions of 32-byte slice from tweak APIs
These methods accept `&Scalar`, not slice and `&Scalar` already guarantees 32-bytes, so this failure case is impossible.
2022-06-21 18:37:35 +02:00
Tobin C. Harding c1d735802c Bump crate version to 0.23.0
In preparation for release, write CHANGELOG release notes and bump the
crate version  to 0.23.0
2022-06-21 08:57:14 +10:00
Andrew Poelstra a1ac3fb311
Merge rust-bitcoin/rust-secp256k1#448: Add clippy to CI
65186e732a Add githooks (Tobin C. Harding)
6d76bd4a89 Add clippy to CI (Tobin C. Harding)
9f1ebb93cb Allow nonminimal_bool in unit test (Tobin C. Harding)
685444c342 Use "a".repeats() instead of manual implementation (Tobin C. Harding)
42de876e01 Allow let_and_return for feature guarded code (Tobin C. Harding)
d64132cd4b Allow missing_safety_doc (Tobin C. Harding)
2cb687fc69 Use to_le_bytes instead of mem::transmute (Tobin C. Harding)
c15b9d2699 Remove unneeded explicit reference (Tobin C. Harding)
35d59e7cc6 Remove explicit 'static lifetime (Tobin C. Harding)
1a582db160 Remove redundant import (Tobin C. Harding)

Pull request description:

  The first 8 patches clear clippy warnings. Next we add a CI job to run clippy. Finally we add a `githooks` directory that includes running clippy, also adds a section to the README on how to use the githooks. This is identical to the text in the [open PR](https://github.com/rust-bitcoin/rust-bitcoin/pull/1044) on `rust-bitcoin` that adds githooks _without_ yet adding clippy.

  **Note**: The new clippy CI job runs and is green :)

ACKs for top commit:
  Kixunil:
    ACK 65186e732a
  apoelstra:
    ACK 65186e732a

Tree-SHA512: f70a157896ce2a83af8cfc10f2fbacc8f68256ac96ef7dec4d190aa72324b568d2267418eb4fe99099aeda5486957c31070943d7c209973859b7b9290676ccd7
2022-06-17 17:12:12 +00:00
Tobin C. Harding 65186e732a Add githooks
Add `githooks` directory and:

- Copy the default pre-commit hook into new githooks directory
- Add a call to clippy to the pre-commit hook
- Add a section to the README instructing devs how to use the new
  githooks
2022-06-17 10:17:21 +10:00
Tobin C. Harding 6d76bd4a89 Add clippy to CI
In order to keep the codebase linting cleanly add a CI job to run
clippy.
2022-06-17 10:17:21 +10:00
Tobin C. Harding 9f1ebb93cb Allow nonminimal_bool in unit test
We are explicitly testing various boolean statements, tell clippy to
allow less than minimal statements.
2022-06-17 10:17:21 +10:00
Tobin C. Harding 685444c342 Use "a".repeats() instead of manual implementation
Clippy emits:

  warning: manual implementation of `str::repeat` using iterators

As suggested, use `"a".repeats()`.
2022-06-17 10:17:21 +10:00
Tobin C. Harding 42de876e01 Allow let_and_return for feature guarded code
Clippy emits:

  warning: returning the result of a `let` binding from a block

This is due to feature guarded code, add 'allow' attribute. Use
`cfg_attr` to restrict the allow to when it is needed. Add the already
present `unused_mut` inside the `cfg_attr` guard also.
2022-06-17 10:17:21 +10:00
Tobin C. Harding d64132cd4b Allow missing_safety_doc
We have a whole bunch of unsafe code that calls down to the FFI layer.
It would be nice to have clippy running on CI, these safety docs
warnings are prohibiting that. Until we can add the docs add a compiler
attribute to allow the lint.
2022-06-17 10:17:21 +10:00
Tobin C. Harding 2cb687fc69 Use to_le_bytes instead of mem::transmute
Since we bumped the MSRV we have `to_le_bytes` available now, use it
instead of `mem::transmute`.

Remove code comment suggesting to do exactly this and clear clippy
warning.

While we are at it, use `cast` instead of `as`.
2022-06-17 10:16:00 +10:00
Andrew Poelstra 1c4dd0de1e
Merge rust-bitcoin/rust-secp256k1#451: Fix getting parity from keypair in fuzzing
f419fe884b Fix getting parity from keypair in fuzzing (Tim Ruffing)

Pull request description:

  This also enables a test that was failung due to the parity bug.

ACKs for top commit:
  tcharding:
    ACK f419fe884b
  elichai:
    ACK f419fe884b
  apoelstra:
    ACK f419fe884b

Tree-SHA512: bec00d517495cf010c37079e3d71f1d9547a319aac50cecbca74e6d62eca7188aa79d61ee3d50ef81512c30a31b61b947e2f19e45a95b1b17a1f5cf7cf3f1019
2022-06-16 13:25:33 +00:00
Tobin C. Harding c15b9d2699 Remove unneeded explicit reference
Clippy emits:

  warning: this expression creates a reference which is immediately
  dereferenced by the compiler

Remove the explicit reference.
2022-06-16 09:56:52 +10:00
Tobin C. Harding 35d59e7cc6 Remove explicit 'static lifetime
Clippy emits:

  warning: statics have by default a `'static` lifetime

Static strings no longer need an explicit lifetime, remove it.
2022-06-16 09:56:52 +10:00
Tobin C. Harding 1a582db160 Remove redundant import
Clippy emits:

  warning: this import is redundant

This is a remnant of edition 2015, now we have edition 2018 we no longer
need this import statement.
2022-06-16 09:54:00 +10:00
Tim Ruffing f419fe884b Fix getting parity from keypair in fuzzing
This also enables a test that was failung due to the parity bug.
2022-06-15 22:41:36 +02:00
Andrew Poelstra aba2663bc8
Merge rust-bitcoin/rust-secp256k1#449: Re-implement public key ordering using underlying FFI functions
13af51926a Make key comparison non-fuzzable (Dr Maxim Orlovsky)
739660499b Implement PublicKey ordering using FFI (Dr Maxim Orlovsky)
0faf404f0e Benchmark for key ordering (Dr Maxim Orlovsky)
999d165c68 FFI for pubkey comparison ops (Dr Maxim Orlovsky)

Pull request description:

  Re-base #309 for @dr-orlovsky on request by @Kixunil.

  To do the rebase I just had to change instances of cfg_attr to use `v0_5_0` instead of `v0_4_1` e.g.,
  ```
      #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_5_0_xonly_pubkey_cmp")]
  ```

  And drop the changes to `src/schnorrsig.rs`, all these changes are covered by the changes in `key.rs` I believe.

ACKs for top commit:
  Kixunil:
    ACK 13af51926a
  apoelstra:
    ACK 13af51926a

Tree-SHA512: 3054fcbc1707679f54466cdc91162c286394ad691e4f5c8ee18635a22b0854a4e60f1186ef3ca1532aacd8a637d0a153601ec203947e9e58dfcebf1bcb619955
2022-06-15 15:45:49 +00:00
Andrew Poelstra 4dacf55ed5
Merge rust-bitcoin/rust-secp256k1#435: Add functional style methods to various keys
12d4583638 Implement negate that consumes self (Tobin Harding)
5eb2d745b7 Rename tweak_add_assign -> add_tweak (Tobin Harding)
b9d08db8eb Replace _assign with _tweak (Tobin Harding)

Pull request description:

  The various `_assign` methods (`add_assign`, `add_expr_assign`, `mul_assign`, `tweak_add_assign`) are cumbersome to use because a local variable that uses these methods changes meaning but keeps the same identifier. It would be more useful if we had methods that consumed `self` and returned the newly modified type.

  We notice also that this API is for adding/multiplying tweaks not arbitraryly adding keys.

  - Patch 1: Changes add/mul_assign -> add/mul_tweak for `PublicKey` and `SecretKey` (incl. re-working unit tests)
  - Patch 2: Changes `tweak_add_assign` -> `add_tweak` for `KeyPair` and `XOnlyPublicKey`
  - Patch 3: Changes `negate_assign` -> `negate`

  All methods changed include:
  - New method consumes self and returns the tweaked key
  - Original  method remains with a `deprecated` attribute, however I've left a TODO in there for adding the `since` field.

  Close: #415

ACKs for top commit:
  apoelstra:
    ACK 12d4583638

Tree-SHA512: 026e8722892f3a0f18956281e4d2356d2789ef535a7ab71a375758201b180663d068397cde2dca5f60858ab7158069e53d7096326bfbd5a364269b0be680940c
2022-06-15 15:39:30 +00:00
Andrew Poelstra 613d7dc1cb
Merge rust-bitcoin/rust-secp256k1#406: Use fixed width serde impls for keys
3ca7f499e0 Add fixed-width-serde integration tests (Tobin Harding)
bf9f556225 Add rustdocs describing fixed width serde (Tobin Harding)
c28808c5a4 Improve rustdocs for KeyPair (Tobin Harding)
6842383161 Use fixed width serde impls for keys (Tobin Harding)

Pull request description:

  Currently we serialize keys using the `BytesVisitor`, this causes the serialized data to contain additional metadata encoding the length (an extra 8 bytes) when serialized with [bincode.](https://docs.rs/bincode/latest/bincode/index.html). This extra data is unnecessary since we know in advance the length of these two types.

  We do not control the data output by serialization of our types because it depends on which crate is used to do the serialization. This PR improves the situation for serialization using the `bincode` crate, and this PR introduces mentions of `bincode` in the rustdocs, is this acceptable? See below for a table that describes binary serialization by other crates.

  Implement a sequence based visitor that encodes the keys as fixed width data for:

  - `SecretKey`
  - `PublicKey`
  - `KeyPair`
  - `XOnlyPublicKey`

  Fixes: #295

  **Question**: PR only does keys, do we want to do signatures as well?

ACKs for top commit:
  apoelstra:
    ACK 3ca7f499e0

Tree-SHA512: 77babce74fa9f0981bb3b869c4e77a68a4d1ec28d22d2c3be4305e27ef01d4828dac210e20b968cbbe5de8a0563cd985d7969bccf75cfe627a34a116fed1a5df
2022-06-15 15:21:28 +00:00
Andrew Poelstra 73ad30dda1
Merge rust-bitcoin/rust-secp256k1#409: After MSRV bump: Implemented `TryFrom<{u8, i32}>` for `Parity`
df081bede0 Changed impl `Error::cause()` to `Error::source()` (Martin Habovstiak)
cabb8f9e6f Implemented `TryFrom<{u8, i32}>` for `Parity` (Martin Habovstiak)

Pull request description:

ACKs for top commit:
  tcharding:
    ACK df081bede0
  apoelstra:
    ACK df081bede0

Tree-SHA512: 5587a9684a4bfc1f659548a3787ff3602c56b2d6db72e89783529b85b670b681bce7e99683c751a03697c8faa1c2aa2f314c2c9b28e16e4c53fd07b01e949af2
2022-06-15 15:09:25 +00:00
Andrew Poelstra 6577fba537
Merge rust-bitcoin/rust-secp256k1#446: Introduce `write_err` macro
946cd83106 Improve Error display (Tobin C. Harding)

Pull request description:

  Introduce `write_err` macro and improve the `Display` implementation on `Error`.

  This PR is re-written after review below. The `std::error::Error` implementation is removed in favour of #409. Now only includes the `Display` stuff.

ACKs for top commit:
  apoelstra:
    ACK 946cd83106 nice!

Tree-SHA512: a62e9593c2ed1ba6136136e6b575219d68c25736069f55448f8411048efae27f2467bcb65260a78ff065de9c8c2994873804c687fb37a55b705cddfe20544f37
2022-06-15 13:47:37 +00:00
Dr Maxim Orlovsky 13af51926a Make key comparison non-fuzzable
Feature guard the custom implementations of `Ord` and `PartialOrd` on
`cfg(not(fuzzing))`. When fuzzing, auto-derive implementations.

Co-authored-by: Tobin C. Harding <me@tobin.cc>
2022-06-15 08:35:50 +10:00
Dr Maxim Orlovsky 739660499b Implement PublicKey ordering using FFI
Instead of selializing the key we can call down to the ffi layer to do
ordering.

Co-authored-by: Tobin C. Harding <me@tobin.cc>
2022-06-15 08:34:05 +10:00
Tobin Harding 12d4583638 Implement negate that consumes self
The method `negate_assign` (on pub/sec key) is cumbersome to use because
a local variable that uses these methods changes meaning but keeps the
same identifier. It would be more useful if we had methods that consumed
`self` and returned a new key.

Add method `negate` that consumes self and returns the negated key.
Deprecated the `negate_assign` methods.
2022-06-15 08:13:45 +10:00
Tobin Harding 5eb2d745b7 Rename tweak_add_assign -> add_tweak
We now have a method `add_tweak` on the `SecretKey` and `PublicKey`. We
can add similar methods that consumes self and return the tweaked key
for the `KeyPair` and `XOnlyPublicKey` types.

The justification for doing so is that a local variable that calls
`tweak_add_assign` changes in meaning but the identifier remains the
same, this leads to cumbersome renaming of the local variable.

The tweaking done to the `KeyPair` is actually done via the xonly public
key not the public key. To reflect this call the method
`add_xonly_tweak`, this is similar to how it is named in secp
`secp256k1_keypair_xonly_tweak_add`.
2022-06-15 08:13:42 +10:00
Dr Maxim Orlovsky 0faf404f0e Benchmark for key ordering 2022-06-14 11:46:47 +10:00
Dr Maxim Orlovsky 999d165c68 FFI for pubkey comparison ops 2022-06-14 11:18:11 +10:00
Tobin Harding b9d08db8eb Replace _assign with _tweak
The key methods `add_assign`, `add_expr_assign`, and `mul_assign` are
cumbersome to use because a local variable that uses these methods
changes meaning but keeps the same identifier. It would be more useful
if we had methods that consumed `self` and returned a new key.

Observe also that these to methods are for adding/multiplying a key by a
tweak, rename the methods appropriately.

Add methods `add_tweak`, `add_expr_tweak`, and `mul_tweak` to the
`SecretKey` and `PublicKey` type. Deprecate `add_assign`,
`add_expr_assign`, and `mul_assign`.
2022-06-14 09:46:17 +10:00
Tobin C. Harding 946cd83106 Improve Error display
The current display code for `Error` is a little unusual. We typically
just implement `Display` and if a `str` is needed use `format!`.

Improve the `Error` type by doing

- Remove the `as_str` function and implement `Display` directly.
- Remove the 'secp: ' prefix of all the error messages.
- Use a newly defined macro `write_err` that writes the error if `std`
  feature is not enabled so that no-std builds do not loose error info.

Note: The `write_err` macro is currently being introduced in
`rust-bitcoin` also. Elect to just duplicate it here and not share it
between the crates.
2022-06-14 09:33:48 +10:00
Martin Habovstiak df081bede0 Changed impl `Error::cause()` to `Error::source()`
This implements `source()` method instead of `cause()` allowing
downcasting.
2022-06-10 13:36:15 +02:00
Martin Habovstiak cabb8f9e6f Implemented `TryFrom<{u8, i32}>` for `Parity` 2022-06-10 13:35:42 +02:00
Andrew Poelstra aab77b16c2
Merge rust-bitcoin/rust-secp256k1#445: Add `Scalar` newtype and use it in tweaking APIs
5a0332463d Add `Scalar` newtype and use it in tweaking APIs (Martin Habovstiak)

Pull request description:

  This adds `Scalar` newtype to better represent values accepted by
  tweaking functions. This type is always 32-bytes and guarantees being
  within curve order.

  This is an initial iteration. Things I'm not 100% sure of, would appreciate help:

  * Is it actually required for scalar to be within curve order?
  * Are non-constant-time operations actually an issue?

  Alterntive tweaking API designs:

  * Accept `Into<Scalar>` generic argument, so people can pass `SecretKey`, may slightly worsen performance
  * `unsafe`-ly implement `AsRef<Scalar> for SecretKey` (casting raw pointers) and accept that

  Possible extension: API to convert from slices so that the user doesn't need two steps (convert to array first).

ACKs for top commit:
  apoelstra:
    ACK 5a0332463d

Tree-SHA512: cf639c91f0c6f6e0178d8a6d4125fd041708a59661fbd2f1924881001011e4cfe2b998148ae652995cdc9a3791c6644fcd5f004e059d76d9182a5e409b791446
2022-06-09 13:25:56 +00:00
Martin Habovstiak 5a0332463d Add `Scalar` newtype and use it in tweaking APIs
This adds `Scalar` newtype to better represent values accepted by
tweaking functions. This type is always 32-bytes and guarantees being
within curve order.
2022-06-09 15:08:19 +02:00
Tobin Harding 3ca7f499e0 Add fixed-width-serde integration tests
Add a `tests` directory. Add `serde` tests for the recently added fixed
width binary serialization code.

Please note, serialization is only fixed width when serialized with
the `bincode` crate.
2022-06-09 16:17:11 +10:00
Tobin Harding bf9f556225 Add rustdocs describing fixed width serde
We recently added fixed width serialization for some types however
serialization is only fixed width when data is serialized with the
`bincode` crate.

Add rustdocs describing fixed width serde to `SecretKey`, `PublicKey`,
and `XOnlyPublicKey` (`KeyPair` is already done).
2022-06-09 16:17:10 +10:00
Tobin Harding c28808c5a4 Improve rustdocs for KeyPair
Currently the rustdocs for `KeyPair` are stale in regards to serde, we
_do_ implement `Serialize` and `Deserialize` for `KeyPair`.

Improve the rustdocs for `KeyPair` by removing stale docs and adding
docs on fixed width binary serialization.
2022-06-09 16:17:05 +10:00