Commit Graph

393 Commits

Author SHA1 Message Date
Tobin Harding fbc64c7725 Add opaque parity type
Two functions in the FFI secp code return and accept a parity int.
Currently we are manually converting this to a bool. Doing so forces
readers of the code to think what the bool means even though
understanding this bool is not needed since in is just passed back down
to the FFI code. We can abstract this away by using an opaque type to
hold the original int and not converting it to a boolean value.

Add 'Return' and 'Error' sections to `tweak_add_assign` while fixing the
docs to describe the new opaque parity type.
2022-01-04 09:19:05 +11:00
Tobin Harding 1b768b2749 Make tweak_add_assign return statements uniform
We have two `tweak_add_assign` methods (one for keypair and one for
x-only pubkey). Both check the return value from a FFI function call.
We can make both sites uniform to _slightly_ reduce cognitive load when
reading the code.

Use C style code to make it obvious to readers that this is basically C
code.
2022-01-04 09:01:34 +11:00
Tobin Harding edafb88f8c Move key unit tests to key module
There are currently two unit tests in the `schnorr` module that are
testing keys from the `key` module. This is possible because the tests
are only testing the public interface, none the less they are better
placed in the `key` module.
2022-01-04 08:23:05 +11:00
Tobin Harding e3d21a3d87 Clean up test imports with key module
The import statements can be simplified by using an import
wildcard (`super::*`). While we are at it put them in std, external
crate, this crate order.
2022-01-04 08:18:44 +11:00
sanket1729 eab549c46c Re-export types to reduce breaking changes downstream 2022-01-03 08:55:54 +05:30
Andrew Poelstra 50034ccb18
Merge rust-bitcoin/rust-secp256k1#342: Change context objects for verification methods
21aa914ad2 Change context objects for schnorr sig methods (sanket1729)

Pull request description:

  - The current schnorrsig verify methods should operate on verify context
  as is done throughout the bitcoin core
  - Finally, and importantly the XonlyPublicKey::from_keypair now operates
  without any context parameter.

ACKs for top commit:
  apoelstra:
    ACK 21aa914ad2

Tree-SHA512: 035338f19839805a080eb262ae7b93ab187dabb63086c8b7f6015f3a6006986604dc2c6f329a99a20ddfa78c1ee518f44cd5eee2f73810fbdc83ff8df7d12506
2021-12-24 14:34:07 +00:00
sanket1729 21aa914ad2 Change context objects for schnorr sig methods
- The current schnorrsig verify methods should operate on verify context
as is done throughout the bitcoin core
- Scondly, and importantly the XonlyPublicKey::from_keypair now operates
without any context objects.
2021-12-24 00:54:06 +05:30
Dr Maxim Orlovsky de77518d3a
Serde serialization for KeyPair 2021-11-12 21:18:53 +01:00
Thomas Eizinger d244b4d747
Fix typo in docs 2021-11-11 13:43:51 +11:00
Thomas Eizinger c5c95513f2
Move helper function below usage
This is not C89. We can declare the more important things first.
2021-11-11 13:43:50 +11:00
Thomas Eizinger ce4427747d
Move ECDSA functionality into ECDSA module 2021-11-11 13:43:50 +11:00
Thomas Eizinger e0c3bb28c4
Rename schnorr functions on `Secp256k1` to match naming of ecdsa
The naming scheme we employ is `{sign,verify, ...}_{ecdsa,schnorr}`.
2021-11-11 13:43:50 +11:00
Thomas Eizinger 760559c70e
Rename `schnorrsig` module to `schnorr`
Schnorr is commenly known as a signature algorithm, we don't need
to restate that in the name of the module.
2021-11-11 13:43:50 +11:00
Thomas Eizinger d4fb819d80
Move `XOnlyPublicKey` to `key` module 2021-11-11 13:43:49 +11:00
Thomas Eizinger 87d936a765
Rename `schnorr::PublicKey` to `schnorr::XOnlyPublicKey`
The public key is unrelated to the signature algorithm. It will
be moved out of the module in another commit. For ease of review,
the renamed is kept separate.
2021-11-11 13:43:49 +11:00
Thomas Eizinger 2e0e731664
Move `KeyPair` to `key` module
The `KeyPair` type is semantically unrelated to the schnorr signature
algorithm.
2021-11-11 13:43:48 +11:00
Thomas Eizinger c47ead9967
Move `Signature` and `SerializedSignature` to new `ecdsa` module
With the introduction of Schnorr signatures, exporting a `Signature`
type without any further qualification is ambiguous. To minimize the
ambiguity, the `ecdsa` module is public which should encourage users
to refer to its types as `ecdsa::Signature` and `ecdsa::SerializedSignature`.

To reduce ambiguity in the APIs on `Secp256k1`, we deprecate several
fucntions and introduce new variants that explicitly mention the use of
the ECDSA signature algorithm.

Due to the move of `Signature` and `SerializedSignature` to a new module,
this patch is a breaking change. The impact is minimal though and fixing the
compile errors encourages a qualified naming of the type.
2021-11-11 13:43:48 +11:00
Thomas Eizinger 49c7e21486
Prefer `use super::*` import over manually picking items
Tests are usually placed next to the code they are testing. As such,
importing `super::*` is a good starting point.
2021-11-11 13:38:54 +11:00
Thomas Eizinger 52d0554423
Fully qualify Error to simplify imports 2021-11-11 13:38:52 +11:00
Thomas Eizinger 8e96abae39
Make `key` module private
We re-export all structs residing in that module. There is no reason
to expose the internal module structure of the library publicly.
2021-11-11 13:38:49 +11:00
Andrew Poelstra 476ced62fe
Merge rust-bitcoin/rust-secp256k1#307: Fixing documentation for BIP 340-related functions
931b560dc7 Fixing documentation for BIP 340-related functions (Dr Maxim Orlovsky)

Pull request description:

ACKs for top commit:
  thomaseizinger:
    ACK 931b560dc7
  apoelstra:
    ACK 931b560dc7

Tree-SHA512: d78fbda138e636c04c6f356e2a41fcdd0270eea710a9af6c965ff90acfd6740bd650a8909638c558badd52d307cbdcd914fa25846236b064ca8c38faccec8be8
2021-11-02 18:39:09 +00:00
Andrew Poelstra 6a774bd47c
Merge rust-bitcoin/rust-secp256k1#334: Use explicit u8 when assigning a byte slice
24d6f62603 Use explicit u8 when assigning a byte slice (junderw)

Pull request description:

  Is there a way to tell the compiler to not allow `[0; 64]` and require that either the type is explicitly given to the variable, or that each member uses explicit `0u8` notation?

  I noticed the usage was a mix of explicit and implicit, so I changed all to explicit.

ACKs for top commit:
  apoelstra:
    ACK 24d6f62603

Tree-SHA512: f7796dcc3ae240983257bef0f25bd0df741943f75d86e9bca7c45076af179d96ce213bd9c339a01f721f7dc9b96a0a4a56ef2cf44339f4c91d208103b7659d9f
2021-11-02 18:21:14 +00:00
junderw 24d6f62603
Use explicit u8 when assigning a byte slice 2021-10-17 10:07:51 +09:00
Dr Maxim Orlovsky 931b560dc7
Fixing documentation for BIP 340-related functions 2021-09-27 15:20:33 +02:00
Dr Maxim Orlovsky 6810c2b547
Dedicated display_secret fn for secret-containing types
Debug-print secrets as tagged hashes

Refactoring Display/Debug for secret values with display_secret
2021-09-27 14:03:58 +02:00
Elichai Turkel 635a6ae441
Add to_hex converter and add tests for hex conversion 2021-09-27 12:50:08 +02:00
Andrew Poelstra 24a9c9c765
Merge pull request #304 from p2pderivatives/combine-keys-test-and-doc
Add error type for combine keys + test and doc
2021-09-24 22:37:19 +00:00
Andrew Poelstra cd62343407
Merge rust-bitcoin/rust-secp256k1#326: Bump bitcoin_hashes to version 0.10
bc42529a16 Rename `secp256k1::bitcoin_hashes` module to `secp256k1::hashes` (Thomas Eizinger)
ae1f8f4609 Bump bitcoin_hashes to version 0.10 (Thomas Eizinger)

Pull request description:

  Requires for interoperability of the `ThirtyTwoByteHash` trait with
  rust-bitcoin.

ACKs for top commit:
  apoelstra:
    ACK bc42529a16

Tree-SHA512: 85fcb284ff82b543a0c3ea2b568351b3af938a26ac42c6a975480ae97def84e4f0795105bd4572f930a7bf82654eba416cf0c5e25f62809e2ea331443ffb5807
2021-09-09 13:19:49 +00:00
Andrew Poelstra c72e7cc743
Merge pull request #308 from LNP-BP/extrakeys/keypair-ser
Adding KeyPair::serialize_sec. Closes #298
2021-09-08 21:37:32 +00:00
Thomas Eizinger bc42529a16
Rename `secp256k1::bitcoin_hashes` module to `secp256k1::hashes` 2021-09-08 15:46:38 +10:00
Tibo-lg 674cc79d87 Add error type for combine keys + test and doc 2021-09-02 21:19:21 +09:00
Elichai Turkel ea4eae8a20
Merge pull request #315 from LNP-BP/fix/feat-warning
Fixing warning in context mod under feature-specific compilation
2021-06-30 15:32:35 +03:00
sanket1729 5bac4e4bac Change error enum for KeyPair::from_seckey_slice
Also does another nit in the file which removes a trailing whitespace
2021-06-27 17:20:23 -07:00
Dr Maxim Orlovsky 593a550e3f
Fixing warning in context mod under feature-specific compilation 2021-06-27 20:09:41 +02:00
Dr Maxim Orlovsky 8ee4e05e63
Removing uneeded Secp context arguments 2021-06-20 17:15:10 +02:00
Dr Maxim Orlovsky 7e2f7fef72
Adding KeyPair::serialize_sec. Closes #298 2021-06-19 14:02:48 +02:00
Dr Maxim Orlovsky aa6bdaff3c
Creating SecretKey and PublicKey from BIP-340 KeyPair 2021-06-16 10:56:59 +02:00
Andrew Poelstra bb25ed4715
Merge pull request #282 from TheBlueMatt/2021-02-redo-fuzz
Reduce cryptography usage in --cfg=fuzzing
2021-06-09 15:01:52 +00:00
Matt Corallo 940a51c2c6 Reduce cryptography usage in --cfg=fuzzing
This reduces the usage of real cryptography in --cfg=fuzzing,
specifically replacing the secret->public key derivation with a
simple copy and ECDH with XOR of the public and private parts
(plus a stream of 1s to make a test pass that expected non-0
output).

It leaves secret tweak addition/multiplication as-is.

It also changes the context creation to over-allocate and store
the context flags at the end of the context buffer, allowing us
to easily test context flags in each function.

While it would be nice to have something fancier (eg XOR-based),
its not immediately obvious how to accomplish this, and better to
fix the issues I have than spend too much time on it.

Fixes #271.

This partially reverts b811ec133a
2021-06-08 19:17:08 +00:00
Matt Corallo f2e4b297e1 Do not test secret->public derivation or pk validity in fuzzing cfg
In the next commit the secret->public key derivation in fuzzing cfg
is changed to be simpler, as well as the validity rules of public
keys relaxed.

This adds a new test to ensure random keys can be added, not just
the hard-coded keys test that exists today.
2021-06-08 19:17:07 +00:00
Devrandom b5ff47a1a8 New alloc feature
Allows use of `Secp256k1::new` and related API if an allocator is available
2021-06-08 20:41:49 +02:00
Andrew Poelstra e89fd5d269
Merge pull request #291 from p2pderivatives/add-combine-keys
Add combine_keys function to PublicKey
2021-06-08 18:09:35 +00:00
Andrew Poelstra a5dfd09e94
Merge pull request #294 from LNP-BP/feat/from_secret_key
Adding schnorrsig::KeyPair::from_secret_key convenience function
2021-06-08 18:05:20 +00:00
Matt Corallo ce930ab6b7 Add a global-context-less-secure feature which skips randomization
This is useful for us downstream as we wish to target WASM with a
global context, and using rand in such a build doesn't seem like a
safe idea.
2021-06-08 01:48:50 +00:00
sanket1729 6265b2558a Fix SecretKey FromStr bug
Secret::from_str did not check if the secret key
was a valid one or not.
2021-04-26 14:17:39 -07:00
Elichai Turkel 3c2bee31f2
Merge pull request #270 from thomaseizinger/serde-owned-types
Rebased version of `[Alternative] Allow deserializing from owned types` + support for new schnorr module
2021-04-21 19:06:29 +03:00
Dr Maxim Orlovsky bf9a276342
Adding schnorrsig::KeyPair::from_secret_key convenience function 2021-04-12 15:25:50 +02:00
Tibo-lg 7d32182537 Add combine_keys function to PublicKey 2021-04-08 06:28:03 +09:00
Tim Ruffing 1eb2c32df7 Manually test that panicking from C will abort the process
Panicking from C is not UB in newer rust versions and will reliably
trigger an abort (without unwinding). In older rust versions, it is
technically UB but empirically it seems to "just work" (and what should
it realistically do except crashing, which is what we intent).

Since there's potentially no unwinding, we can't test this behavior
using [should_panic]. This PR will instead check the libtest output
explicitly in our CI tests.

Fixes #228.
2021-03-24 21:54:02 +01:00
Dr Maxim Orlovsky 519857cd83
More standard derives for Error 2021-01-30 12:35:41 +01:00
Thomas Eizinger c2fd5cefa4
Remove `visit_bytes` implementation from `FromStrVisitor`
This visitor is meant to deserialize strings using `FromStr` not
bytes.
2021-01-13 09:57:09 +11:00
Thomas Eizinger e6e23e9dd6
Rename `HexVisitor` to `FromStrVisitor`
The visitor works with all types that implement `FromStr`. Whether or
not that ends up being hex encoding depends on the implementation
of `FromStr`.
2021-01-13 09:54:33 +11:00
Thomas Eizinger 18890d3b86
Extend schnorr-sig serde test suite with owned and slice variants 2021-01-12 11:52:24 +11:00
Thomas Eizinger b4040f0a82
Update test names to reflect what they are doing
These tests are testing more than just the signature serialization.
2021-01-12 11:52:06 +11:00
Elichai Turkel 1f08a313e5
Replace serde macros with generic visitor module
Co-authored-by: Elichai Turkel <elichai.turkel@gmail.com>
Co-authored-by: Sebastian Geisler <sebastian@blockstream.io>
2021-01-12 11:51:29 +11:00
Andrew Poelstra 65ff814a39 rename `rust_secp_fuzz` to `fuzzing` 2021-01-11 19:14:42 +00:00
Matt Corallo 1f043216a0 Add ability to randomize context without the `rand` feature.
There is little reason to pull in the `rand` dep just for the `Rng`
trait for users who want to randomize contexts. We should expose a
randomize function that just takes 32 bytes.
2020-12-29 16:45:07 -05:00
Andrew Poelstra d1714ce0ac fuzz: disable sig-grinding tests, prevent spin-looping 2020-12-28 18:55:33 +00:00
Andrew Poelstra 96862b6a74 fuzz: implement recoverable signatures, get all tests passing, run them in CI 2020-12-28 18:42:46 +00:00
Andrew Poelstra b811ec133a fuzz: only replace signing and verification, leave everything else alone
We can now run unit tests with the fuzz feature on, and they'll pass,
which is some assurance that fuzzing with the feature on won't lead to
spurious failures due to the fuzz harness inadequately simulating message
signing.
2020-12-23 17:59:52 +00:00
Andrew Poelstra 40c31342f2 ffi: make function types nullable 2020-12-23 17:59:52 +00:00
Andrew Poelstra a2c25f2e83
Merge pull request #259 from p2pderivatives/implement-low-r-signing
Implement low r signing
2020-12-22 23:28:34 +00:00
Andrew Poelstra b31bf2f611
Merge pull request #258 from thomaseizinger/better-wasm-tests
Run more tests in wasm
2020-12-22 06:12:01 +00:00
Tibo-lg 1d166d061b Implement low r signing 2020-12-22 14:50:37 +09:00
Tobin Harding a584643486 Use ManuallyDrop
Suggested by clippy, we need to use ManuallyDrop for these types in
order to correctly free up the memory.
2020-12-22 14:56:17 +11:00
Tobin Harding c38136b6bc Use for loop instead of map
Currently we are misusing `map` on an iterator to loop `n` times,
additionally the assertion is pointless. Use a for loop and assert
against the length of the set.
2020-12-22 14:56:17 +11:00
Tobin Harding c92b946493 Remove unnecessary clone
Type is `Copy`, no need for clone.
2020-12-22 14:56:17 +11:00
Tobin Harding ef23cb8167 Return Ok directly
Clippy emits warning:

	warning: passing a unit value to a function

Just return `Ok(())` after calling `fill_bytes`.
2020-12-22 14:56:17 +11:00
Tobin Harding 34ad4110f1 Remove unused error return value
This helper never returns an error, remove the `Result` return type.
Found by clippy.
2020-12-22 14:56:17 +11:00
Tobin Harding ed29f12216
Remove unnecessary return statements
Found by clippy. We don't need a `return` for the final statement.
2020-12-22 13:38:02 +11:00
Tobin Harding 4e87e6fe94
Implement is_empty method
Clippy warns of missing `is_empty`, trivially implement it by calling
through to `self.data.is_empty()`.
2020-12-22 13:37:25 +11:00
Thomas Eizinger 8b8e482f79
Run more tests in wasm
Instead of repeating ourselves in defining one big test for the wasm
target, we can override the `test` attribute with the `wasm-bindgen-test`
one and therefore automatically run all (supported) tests in wasm.

Unfortunately, wasm doesn't support catching panics yet which means we
have to disable the `test_panic_raw_ctx` test.
2020-12-22 10:30:56 +11:00
Elichai Turkel 767246a282
Make preallocated use AlignedType 2020-12-18 12:48:19 +02:00
Elichai Turkel fd206ab57c
Replace use of boxes with global allocator 2020-12-18 12:48:19 +02:00
Andrew Poelstra ea027ce258 schnorrsig: change tweak_add_check to return a bool, take a fixed-length array 2020-12-09 16:49:48 +00:00
Andrew Poelstra 0ec8fab82c stop explicitly casting references to rawptrs 2020-11-30 02:47:34 +00:00
Andrew Poelstra 37049d743e schnorrsig: expose tweak_check_add API 2020-11-27 18:42:14 +00:00
Andrew Poelstra 12b0abbcf8 make `ffi::Type::new` functions all unsafe, expand documentation 2020-11-27 18:42:12 +00:00
Andrew Poelstra be9a78f39e
Merge pull request #237 from p2pderivatives/add-bip340-schnorr
Add bip340 schnorr
2020-11-27 18:04:44 +00:00
Andrew Poelstra 9083babbe2
Merge pull request #248 from justinmoon/pubkey-ordering
Implement lexigraphic ordering for PubKey
2020-11-26 03:03:17 +00:00
Justin Moon 6f8a480974 Implement lexigraphic ordering for PubKey 2020-11-25 19:27:31 -06:00
Andrew Poelstra 1859ddc28a switch from travis to github workflows 2020-11-10 23:58:03 +00:00
Tibo-lg 0c937d04f5 Add key::PublicKey to schnorrsig::PublicKey conversion 2020-11-10 14:15:34 +09:00
Tibo-lg 09b04560bc Add schnorrsig module 2020-11-10 13:43:34 +09:00
Tibo-lg 47b33828bc Add serde macros for public keys 2020-11-09 16:00:28 +09:00
Elichai Turkel 9e5a351ea7
remove redundant code after MSRV bump 2020-08-27 22:51:36 +03:00
Andrew Poelstra 19f5138925 Update MSRV to 1.29; increase version to 0.19 and -sys version to 0.3 2020-08-27 14:18:06 +00:00
Elichai Turkel c69d43d84e Update key.rs to use the new seckey functions 2020-08-26 21:16:19 +00:00
Andrew Poelstra 5c451f78c6
Merge pull request #207 from sorpaas/sp-message-zero
Allow all-zero messages
2020-08-26 18:02:51 +00:00
Andrew Poelstra 3692c94a0f
Merge pull request #220 from rantan/add_negate_support
Add negate support
2020-08-26 17:43:46 +00:00
Sebastian Geisler 2046a40905 Randomize context on initialization
Signed-off-by: Sebastian Geisler <sebastian@blockstream.io>
2020-08-03 12:07:26 +02:00
Sebastian Geisler a959de4174 Add an optional global, static context 2020-07-08 16:05:42 +02:00
Kohei Taniguchi 02ed0616e4 Add assert for the response of ffi negate interface
The interfaces for negate should always returns 1 as mentioned secp256k1.h L574, L563.
But in the future it might return 0 if the seckey or pubkey is invalid, but our type system doesn't allow that to ever happen.
2020-06-10 09:59:55 +09:00
Kohei Taniguchi d45f709cd4 Add negation support 2020-06-09 10:05:07 +09:00
Sebastian Geisler 8979a932ab Document proper usage of `from_slice` 2020-05-14 18:24:40 +02:00
Sebastian Geisler 0d857533fa Add optional bitcoin_hashes feature to implement ThirtyTwoByteHash 2020-05-14 18:24:39 +02:00
Kirill Fomichev 0dcc59c2b9
Add doctest to Secp256k1::verify 2020-05-05 17:30:07 +03:00
Andrew Poelstra 0782872fb0
Merge pull request #208 from TheBlueMatt/202-04-wasm
Re-support WASM via simple stub headers
2020-04-29 19:48:03 +00:00
Elichai Turkel affc6b4027 Add sanity checks for wasm32 for size and alignment of types 2020-04-29 15:32:57 -04:00
Matt Corallo d9d398ccc9 Re-support WASM via simple stub headers
libsecp256k1 really only barely uses libc at all, and in practice,
things like memcpy/memcmp get optimized into something other than a
libc call. Thus, if we provide simple stub headers, things seem to
work with wasm-pack just fine.
2020-04-29 15:32:54 -04:00