Commit Graph

428 Commits

Author SHA1 Message Date
Tobin Harding 5c7c76eb74
Rename serialize_secret -> secret_bytes
The `serialize_secret` method is a getter method, it does not do any
serialisation. However we use the method on secret keys and key types so
in order for the name to be uniform use the descriptive name
`secret_bytes`.

Rename `serialize_secret` to be `secret_bytes`.
2022-02-28 07:11:24 +00:00
Tobin Harding 4ded2c0478
Use byte instead of i
The identifier `i` is predominantly used for indexing an array but we
are using it as a place holder for the iterated value of an array that
is then printed. The identifier `byte` is more descriptive.

Done in preparation for adding similar code to the `ecdh` module.
2022-02-24 19:48:23 +00:00
Tobin Harding 91106f5685
Remove magic number
In array initialisation we use magic number 64, this is the secret bytes
length multiplied by 2.

Please note; we still use the magic number 32, left as such because it
is used in various ways and its not immediately clear that using a
single const would be any more descriptive.

Use `SECRET_KEY_SIZE * 2` instead of magic number 64.
2022-02-24 19:48:19 +00:00
Tobin Harding 6dca99631f
Mention bitcoin_hashes in obfuscated secret msg
Hashing the debug output for secrets can be done with `bitcoin_hashes`
not just `std`. Mention this in the obfuscated string output when
neither are available.
2022-02-24 19:48:15 +00:00
Andrew Poelstra 8b2edad041
Merge rust-bitcoin/rust-secp256k1#402: Limit SharedSecret to 32 byte buffer
5603d71ad3 Limit SharedSecret to 32 byte buffer (Tobin Harding)
d5eeb099ad Use more intuitive local var numbering (Tobin Harding)
834f63c26c Separate new_with_hash into public function (Tobin Harding)

Pull request description:

  Currently `SharedSecret` provides a way to get a shared secret using SHA256 _as well as_ a way to use a custom hash function to get the shared secret. Internally `SharedSecret` uses a 256 byte buffer, this is a tad wasteful. We would like to keep the current functionality but reduce memory usage.

  - Patch 1: Pulls the `new_with_hash` logic out into a standalone public function that just returns the 64 bytes representing the x,y co-ordinates of the computed shared secret point. Callers are then responsible for hashing this point to get the shared secret (idea by @Kixunil, thanks).
  - Patch 2: Does trivial refactor
  - Patch 3: Uses a 32 byte buffer internally for `SharedSecret`. This is basically a revert of the work @elichai did to add the custom hashing logic. @elichai please holla if you are not happy with me walking all over this code :)

  ### Note to reviewers

  Secret obfuscation is done on top of this in https://github.com/rust-bitcoin/rust-secp256k1/pull/396, they could be reviewed in order if this work is of interest to you.

ACKs for top commit:
  apoelstra:
    ACK 5603d71ad3

Tree-SHA512: 48982a4a6a700a111e4c1d5d21d62503d34f433d8cb303d11ff018d2f2be2467fa806107018db16b6d0fcc5ff1a0325dd5790c62c47831c7cd2141a1b6f9467d
2022-02-24 15:17:44 +00:00
Andrew Poelstra c7d6cdbaba
Merge rust-bitcoin/rust-secp256k1#401: Breaking: changed Parity serialization to u8
e6cb588a23 Breaking: changed `Parity` serialization to `u8` (Martin Habovstiak)

Pull request description:

  Serializing the value as `u8` is more compact but this is a breaking
  change.

  `Visitor` was renamed to avoid hungarian notation and maybe allow other
  integers in the future.

  For next major version, depends on #400

ACKs for top commit:
  tcharding:
    tACK e6cb588
  apoelstra:
    ACK e6cb588a23

Tree-SHA512: 1432a2f3c913c3a7eaec5228fd2dd4e8320d828128bec71812cbf56dd8950c969ed22c69867402eb9e820127868d29b291f3374c6e15de0a3ff2341420c4bbab
2022-02-24 15:16:21 +00:00
Tobin Harding 5603d71ad3
Limit SharedSecret to 32 byte buffer
The `SharedSecret` uses sha256 to hash the secret, this implies the
secret is 32 bytes of data.

Currently we use a buffer of 256 bytes, this is unnecessary.

Change the implementation of `SharedSecret` to use a 32 byte buffer.
2022-02-21 13:33:17 +00:00
Tobin Harding d5eeb099ad
Use more intuitive local var numbering
In test code we use multiple pub/sec keys. It is more intuitive if the
'secret 1' is generated by the owner of secret key 1.

Refactor only, no logic changes.
2022-02-21 13:11:30 +00:00
Tobin Harding 834f63c26c
Separate new_with_hash into public function
In preparation for simplifying the `SharedSecret` internals pull the
`new_with_hash` function logic out into a standalone public function
that provides similar functionality without use of the `SharedSecret`
struct. Function now returns the 64 bytes of data representing a shared
point on the curve, callers are expected to the hash these bytes to get
a shared secret.
2022-02-18 09:51:06 +00:00
Andrew Poelstra 2a25e5eae8 restore `global-context-less-secure` feature 2022-02-16 23:46:52 +00:00
Tobin Harding 4c9bab9f6e
Remove explicit mention of feature requirements
We are using `cfg_attr` to instruct the rustdocs build system to
highlight feature requirements for functions, there is no need to
explicitly mention feature requirements in the text.
2022-02-11 07:47:52 +00:00
Tobin Harding 806eaca5f1
Use feature std with rand-std
Recently we fixed a bunch of feature gates to use `rand-std` instead
of `rand` but in doing so did not notice that the same feature gates
were using `alloc` which is meaningless if `std` is enabled.

Feature gate on `std` if we are using `rand-std`.
2022-02-11 07:44:16 +00:00
Andrew Poelstra df7520e951
Merge rust-bitcoin/rust-secp256k1#340: Improve documentation
c73eb2f391 Use 'extra' instead of 'cheap' (Tobin Harding)
c79eb976ca Remove unnecessary explanation (Tobin Harding)
f95e91a6da Use isn't instead of shouldn't (Tobin Harding)
c9e6ca1680 Use rust-bitcoin module doc style (Tobin Harding)
3fa6762437 Add link to referenced commit (Tobin Harding)
f5e68f3ba7 Add ticks around code snippet (Tobin Harding)
d25431c1da Use 3rd person tense for function docs (Tobin Harding)
c3be285c1d Fix size constant docs (Tobin Harding)
5e07e7596b Add period to sentences (Tobin Harding)
269bde042f Remove unnecessary capitalisation (Tobin Harding)

Pull request description:

  In a continued effort to find my feet around here, and inspired by issue #128 I've done a codebase wide audit of the docs (primarily just rustdocs but I glanced at `//` docs as well). Each change is in a separate commit so can be removed if resistance is met. (_"resistance is futile"_).

  I've based the stylistic decisions on [work done](https://github.com/rust-bitcoin/rust-bitcoin/pull/704) in rust-bitcoin.

  I believe the only controversial change is the last (commit: da161c9 Use rust-bitcoin module doc style), please review that one carefully.

ACKs for top commit:
  apoelstra:
    ACK c73eb2f391

Tree-SHA512: 5ea215de3fd23ca2a4f25d8f8d59a85a299044fe495269c43b621291ea50c58856fa8544e36cc109b7bdb1a7a59bcab8711f30113572ddce4509d3b06ff0d3b6
2022-02-10 15:42:30 +00:00
Tobin Harding c73eb2f391
Use 'extra' instead of 'cheap'
The word 'extra' better describes the sidechannel resistance gained by
re-randomising the context.
2022-02-10 09:57:15 +00:00
Tobin Harding c79eb976ca
Remove unnecessary explanation
The nested pub inside a private module is easy to understand, we do not
need an explanation.
2022-02-10 09:55:41 +00:00
Tobin Harding f95e91a6da
Use isn't instead of shouldn't
This definitely isn't possible, change the phrase.
2022-02-10 09:54:35 +00:00
Martin Habovstiak e6cb588a23 Breaking: changed `Parity` serialization to `u8`
Serializing the value as `u8` is more compact but this is a breaking
change.

`Visitor` was renamed to avoid hungarian notation and maybe allow other
integers in the future.
2022-02-09 20:46:20 +01:00
Martin Habovstiak 662843e73b Improved error handling in `Parity` serde impl
* Fixes error message to be according to the trait documentation
* Uses `unexpected_value` to provide more information about the error
2022-02-09 20:42:12 +01:00
Andrew Poelstra 8bf29271de
Merge rust-bitcoin/rust-secp256k1#399: Clarified conversions between `Parity` and integers
705c9cfbc1 Clarified conversions between `Parity` and integers (Martin Habovstiak)

Pull request description:

  This was discussed in https://github.com/rust-bitcoin/rust-secp256k1/pull/390#issuecomment-1033018430

ACKs for top commit:
  apoelstra:
    ACK 705c9cfbc1

Tree-SHA512: 3ba2ec566099c3c6d1c6f830e4959312b818b8766d924e3d995e6b23bd196ab747cc03d46f494ef451569188b0163f53e3236cacd20bfae9118ee76bcdbc9c02
2022-02-09 18:36:19 +00:00
Andrew Poelstra f97e41ae21
Merge rust-bitcoin/rust-secp256k1#398: Implement LowerHex and Display for Message
a209836a99 Implement LowerHex and Display for Message (Tobin Harding)

Pull request description:

  Implement `fmt::LowerHex` for `Message`. Implement `Display` by calling `LowerHex`.

  Resolves: #251

ACKs for top commit:
  apoelstra:
    ACK a209836a99

Tree-SHA512: 64eeafc57ea2814108228d8427cd650076eb3cbb85ae14a7c5a6f39f5e20ca9b83b4ccc27c201668fd57a34fde0a37be4098aa5c602208a81a2018293b40b64d
2022-02-09 18:33:34 +00:00
Andrew Poelstra bc278fa351
Merge rust-bitcoin/rust-secp256k1#393: Add custom Debug impl for RecoverableSignature
4c43d5e20f Add custom Debug impl for RecoverableSignature (Tobin Harding)

Pull request description:

  Currently when debug printing the `RecoverableSignature` we do so byte by byte, this means that the output differs depending on the endianess of the machine. If instead we serialize the signature in compact form then the output is the same irrespective of the endianess.

  With this applied the following two commands now pass:

  ```
  cargo test test_debug_output --features=recovery
  ```
  ```
  cross test --target powerpc-unknown-linux-gnu test_debug_output --features=recovery
  ```

  Fixes: #375

ACKs for top commit:
  apoelstra:
    ACK 4c43d5e20f

Tree-SHA512: 073c2e0e23ce41a2b35f1b1193b07a755b726bf565d61e6bcb23b6bdaab31ba3591f31aa92230b07f7dfc018de0401eba09a6858dc261e66dacb331355f40d76
2022-02-09 18:31:33 +00:00
Andrew Poelstra b8615e2132
Merge rust-bitcoin/rust-secp256k1#397: Fix example dependency list
3c9dd2fb32 Fix example dependency list (Tobin Harding)

Pull request description:

  Example relies on `rand-std` not plain `rand` dependency.

  I do not understand why the following command passes without this patch
  applied

  ```
  cargo test --no-default-features --features=std,rand,bitcoin_hashes
  ```

  But if we put the same code in a standalone binary it fails as expected?

  Since the running of this test is _unusual_ and it is primarily meant as
  an entry point example to the library, remove the mention of "alloc"
  feature and just depend upon "std".

  Fixes: #395

ACKs for top commit:
  apoelstra:
    ACK 3c9dd2fb32

Tree-SHA512: 8e7ec7ac846e2916c29b74c7485650e5242ae1141c12c69b50d74efdfee71c11a52cd454231d2a7cdd6f8f683d3ba4369f9bf898a6b9351dc92c2a4e2bd626cd
2022-02-09 18:26:58 +00:00
Martin Habovstiak 705c9cfbc1 Clarified conversions between `Parity` and integers 2022-02-09 15:33:25 +01:00
Tobin Harding a209836a99
Implement LowerHex and Display for Message
Implement `fmt::LowerHex` for `Message`. Implement `Display` by calling
`LowerHex`.

Resolves: #251
2022-02-09 09:22:07 +00:00
Tobin Harding eb453b8227
Add global context API
Our API often involves a `Secp256k1` parameter, when users enable the
`global-context` feature they must then pass `SECP256K1` into these
functions. This is kind of clunky since the global is by definition
available everywhere.

Make the API more ergonomic for `global-context` builds by adding
various API functions/methods that use the global context implicitly.
2022-02-09 09:09:06 +00:00
Tobin Harding 3ecb5e41b3
Refactor from_secret_key definition
The `from_secret_key` method definition currently uses non-standard
indentation.

Improve uniformity by using 'standard' indentation.
2022-02-09 09:04:13 +00:00
Tobin Harding e2d47a29e2
Remove unnecessary import statement
The global context is already in scope in tests since we use a glob
import. No clue why Clippy does not warn for this.

Remove unnecessary import statement in test function.
2022-02-09 08:53:31 +00:00
Tobin Harding d79989bc95
Remove erroneous duplicate feature
When we removed the "global-context-less-secure" a duplicate feature
snuck in, remove it.
2022-02-09 08:53:31 +00:00
Tobin Harding c9e6ca1680
Use rust-bitcoin module doc style
Recently we introduced uniform styling for module docs over in
`rust-bitcoin` repo. We can do the same here but its a bit controversial
because it removes the heading from module docs and every single public
module in rust-secp256k1 uses a heading. Instead we use a full
sentences. Also makes uniform the trailing `//!`.
2022-02-09 07:31:55 +00:00
Tobin Harding 3fa6762437
Add link to referenced commit
To save devs looking up the commit themselves add a link to it in the
rustdoc.
2022-02-09 07:31:55 +00:00
Tobin Harding f5e68f3ba7
Add ticks around code snippet
For added clarity add ticks around words that are code.
2022-02-09 07:31:54 +00:00
Tobin Harding d25431c1da
Use 3rd person tense for function docs
As is typical in the Rust ecosystem use the third person tense when
documenting functions. E.g.,

```
/// Creates a new Foo.
```
As opposed to

```
/// Create a new Foo.
```
2022-02-09 07:31:54 +00:00
Tobin Harding c3be285c1d
Fix size constant docs
Make all the various size constant docs uniform by using form 'The size
...' and also by ending with a period.
2022-02-09 07:31:54 +00:00
Tobin Harding 5e07e7596b
Add period to sentences
Add the terminating period to all docs sentences. (Also one instance of
capitialize initial character in sentence.)
2022-02-09 07:31:53 +00:00
Tobin Harding 269bde042f
Remove unnecessary capitalisation
'context' does not need need a capital letter in the middle of a
sentence.
2022-02-09 07:29:45 +00:00
Tobin Harding 3c9dd2fb32
Fix example dependency list
Example relies on `rand-std` not plain `rand` dependency.

I do not understand why the following command passes without this patch
applied

```
cargo test --no-default-features --features=std,rand,bitcoin_hashes
```

But if we put the same code in a standalone binary it fails as expected?

Since the running of this test is _unusual_ and it is primarily meant as
an entry point example to the library, remove the mention of "alloc"
feature and just depend upon "std".
2022-02-09 06:35:54 +00:00
Tobin Harding 4c43d5e20f
Add custom Debug impl for RecoverableSignature
Currently when debug printing the `RecoverableSignature` we do so byte
by byte, this means that the output differs depending on the endianess
of the machine. If instead we serialize the signature in compact form
then the output is the same irrespective of the endianess.

With this applied the following two commands now pass:

```
cargo test test_debug_output --features=recovery

```
cross test --target powerpc-unknown-linux-gnu test_debug_output --features=recovery
```

Fixes: #375
2022-02-08 08:14:30 +00:00
Andrew Poelstra ecb62612b5
Merge rust-bitcoin/rust-secp256k1#391: Add example to SharedSecret
b3503ba148 Add example to SharedSecret (Tobin Harding)

Pull request description:

  Currently the rustdoc on `SharedSecret` is wildly incorrect (possibly a cut'n'pasta error).

  Fix the rustdoc for `SharedSecret` and add an examples section to assist testing the public API.

  Fixes: #249

ACKs for top commit:
  apoelstra:
    ACK b3503ba148

Tree-SHA512: 650092388099bb415c11ea335ca6b64c90094f1a51ceecc403911316ee62da0279488af6fa66e00ee5269c129f06d4641085f8ab9be91c98d24a7a4449d235c2
2022-02-04 14:14:48 +00:00
Tobin Harding b3503ba148 Add example to SharedSecret
Currently the rustdoc on `SharedSecret` is wildly incorrect (possibly a
cut'n'pasta error).

Fix the rustdoc for `SharedSecret` and add an examples section to assist
testing the public API.

Fixes: 249
2022-02-04 11:55:06 +11:00
Tobin Harding 8339ca5706 Add documentation guiding users towards randomization
Now that we opportunistically randomize the context on creation if
`rand-std` is enabled it would be nice to encourage users who do not
wish to use `rand-std` to randomize the context. We already have an API
to do this but it requires a separate call to do so. Instead of adding a
bunch of additional constructors elect to add documentation to the
current constructors guiding users towards randomization.
2022-02-04 08:36:15 +11:00
Tobin Harding cf1496b64e Add documentation about rand-std feature
We recently implemented opportunistic randomization of the context
object if the the `rand-std` feature is enabled. Both for the global
context and also for signing context constructors.

Add documentation about `rand-std` feature in relation to the context
object.
2022-02-04 08:36:15 +11:00
Tobin Harding 1693d51ce7 Randomize context on creation
Randomize context on creation if `rand-std` feature is enabled.
2022-02-04 08:36:03 +11:00
Tobin Harding a0465ea279 Remove feature global-context-less-secure
Instead of providing a mechanism for users to opt out of randomization
we can just feature gate the call site i.e., opportunistically randomize
the global context on creation if `rand-std` feature is enabled.
2022-02-04 08:34:39 +11:00
Andrew Poelstra 7a3736a0f9
Merge rust-bitcoin/rust-secp256k1#389: On key-generation example (documentation), "rand" should be "rand-std" instead
2732891359 Change rand to rand-std in lib.rs documentation (Vincent Liao)

Pull request description:

  I copy-pasted the key-generation example written on the documentation, but it didn't work. It only worked when I used the feature `rand-std` instead of `rand`.

  To reproduce, boot up a new Rust project, and add this to main.rs:

  ```
  use secp256k1::rand::rngs::OsRng;
  use secp256k1::{Secp256k1, Message};
  use secp256k1::hashes::sha256;

  let secp = Secp256k1::new();
  let mut rng = OsRng::new().expect("OsRng");
  let (secret_key, public_key) = secp.generate_keypair(&mut rng);
  let message = Message::from_hashed_data::<sha256::Hash>("Hello World!".as_bytes());

  let sig = secp.sign_ecdsa(&message, &secret_key);
  assert!(secp.verify_ecdsa(&message, &sig, &public_key).is_ok());
  ```

  Using this dependencies causes error: `secp256k1 = {version="0.21.2", features=["rand", "bitcoin_hashes"]}`. After replacing `rand` with `rand-std`, it works.

ACKs for top commit:
  apoelstra:
    ACK 2732891
  tcharding:
    tACK 2732891359

Tree-SHA512: 6b5436bc71bab7535e432e119679bc6bcb11d2575b609e039cc25c122ae92b528f95a673e9c643a6cfa2ee3a663f7efdd61731b6084261c52a220448b6f72d12
2022-02-03 15:10:37 +00:00
Tobin Harding c30026d08b Fix typo 'epected' -> 'expected'
Fix minor spelling mistake in code comments.
2022-02-03 08:36:36 +11:00
Tobin Harding f3688ecf56 Use rand-std in key rustdoc examples
Seems there is a bug in cargo, the tests in `key.rs` run successfully
but AFAICT they should fail. Here is an example, running `cargo test
--features=rand` should make this test fail but it doesn't?
```
/// Secret 256-bit key used as `x` in an ECDSA signature.
///
/// # Examples
///
/// Basic usage:
///
/// ```
/// # #[cfg(all(feature = "rand", any(feature =  "alloc", feature = "std")))] {
/// use secp256k1::{rand, Secp256k1, SecretKey};
///
/// let secp = Secp256k1::new();
/// let secret_key = SecretKey::new(&mut rand::thread_rng());
/// # }
/// ```

Anywho, use the correct feature gate: `rand-std`.
2022-02-01 15:21:30 +11:00
Tobin Harding ae3e06f95b Fix lint warnings in test code
Various combinations of features trigger lint warnings for unused code,
all warnings are caused by incorrect feature gating.

Correct feature gating to remove Clippy warnings during testing.
2022-02-01 15:21:30 +11:00
Tobin Harding c01cd8f1f3 Enable running tests without default features
Currently various features fail to build when enabled without default
features. This is because many tests need feature gating.

Feature gating the import statements quickly turns into spaghetti when
trying to cover all combinations of two features correctly, instead just
allow unused imports on `tests` modules where needed.

Add correct feature requirements to the examples so they also can be run
without default features.

Improve the CI script by doing:

- Add `std` to the feature matrix.
- Add `--no-default-features` to test runs in the CI script.
2022-02-01 15:20:44 +11:00
Tobin Harding 433c350424 Add multiple implementations of Debug for secrets
The `Debug` implementation for secrets is feature gated on `std` because
it uses a hasher from `std`. If `bitcoin_hashes` is enabled we can use
it for hashing. If neither `std` nor `bitcoin_hashes` is enabled fall
back to outputting:

<secret requires std or bitcoin_hashes feature to display>

Remove the docs conditional since we now implement `Debug` always.
2022-02-01 14:51:40 +11:00
Vincent Liao 2732891359 Change rand to rand-std in lib.rs documentation 2022-01-27 23:45:56 +07:00