Commit Graph

620 Commits

Author SHA1 Message Date
Tobin C. Harding 9f28cf6ad0
Deprecate ThirtyTwoByteHash
The implementations of `ThirtyTwoByteHash` for types from the `hashes`
crate are problematic during upgrades because both `bitcoin` and
`secp256k1` depend on `hashes` and when the versions of `hashes` get
out of sync usage of the trait breaks.

Deprecate the `ThirtyTwoByteHash` trait and remove the impls for types
from `bitcoin_hashes`.

Add an explanation in the changelog because its too long to go in the
deprecation message.
2024-04-02 11:11:29 +11:00
Tobin C. Harding 88c8c58d8d
Fix import warnings
Recent rustc upgrade introduced some new warnings for incorrect imports,
fix them.
2024-04-02 11:11:20 +11:00
Tobin C. Harding 0da394e648
Remove wildcard re-exports of key types
Wildcards make it hard to grep for where stuff comes from, explicit
imports and re-exports are ... more explicit.

Re-export the `key` types explicitly.
2024-03-27 11:49:59 +11:00
Tobin C. Harding d63e95b99b
Remove wildcard re-exports of context types
Wildcards make it hard to grep for where stuff comes from, explicit
imports and re-exports are ... more explicit.

Import and re-export explicitly instead of by using wildcards.
2024-03-27 11:49:57 +11:00
Steven Roose adee34fe18
schnorr: Change verify_schnorr error return type
From InvalidSignature to IncorrectSignature; the former prints the
message "malformed signature", which doesn't represent the correct
error.
2024-01-31 15:19:42 +00:00
Martin Habovstiak 7fe89c488b Add byte accessors to `ElligatorSwiftSharedSecret`
The inner bytes of `ElligatorSwiftSharedSecret` were almost inaccessible
making the type almost useless, so this commit adds methods to access
inner bytes.

Closes #675
2024-01-30 17:01:23 +01:00
benthecarman dbc546596f
Impl Ord and PartialOrd for RecoverableSignature 2024-01-22 14:50:29 +00:00
Jiri Jakes f87dc91151
Derive Hash for Scalar 2024-01-18 19:23:31 +08:00
Andrew Poelstra 484e5d8d5b
fix incorrect FFI binding for pubkey_combine 2023-12-18 21:28:27 +00:00
Tobin C. Harding 458712212d
Improve code comments
"what" comments add no value. Remove one and make the other describe
"why" the cast is ok.
2023-11-15 10:13:50 +11:00
Andrew Poelstra fb280a3179
Merge rust-bitcoin/rust-secp256k1#664: Fix unit test import statements
dd6bf7c10d Fix unit test import statements (Tobin C. Harding)

Pull request description:

  In `lib.rs` unit tests we are getting build warnings because of how we are importing things, just import with `super::*` unconditionally and be done with it.

  This patch is the only good one out of #661.

ACKs for top commit:
  apoelstra:
    ACK dd6bf7c10d
  Kixunil:
    ACK dd6bf7c10d

Tree-SHA512: 3970f4c1374ec6de4798bfb52b561e9ac4611ec3a3885edc79639566f777e1fbb502cb36fa7abd015f3fd4a9ca4b6a4931b4ecb2e629e967b4e49391db97a97f
2023-11-03 19:33:50 +00:00
Tobin C. Harding dd6bf7c10d
Fix unit test import statements
In `lib.rs` unit tests we are getting build warnings because of how we
are importing things, just import with `super::*` unconditionally and be
done with it.
2023-11-01 09:06:16 +11:00
Martin Habovstiak e55c1f0960 Implement `Ord` for `SerializedSignature` 2023-10-31 20:23:27 +01:00
Martin Habovstiak 62c839c9e0 Implement conversion traits
Converting signature to serialized signature and back is natural, so the
conversion traits should be implemented.
2023-10-31 15:07:01 +01:00
Martin Habovstiak dc3eab7aaa Implement `Borrow<[u8]>`, `PartialEq<[u8]>`, `Hash`
These traits were missing and could be useful if e.g. one wants to store
serialized signatures in a set/map and access them using `[u8]`.
2023-10-31 15:06:20 +01:00
Martin Habovstiak 7dac91d973 Deprecate `capacity` and `is_empty`
These functions always return the same value so are not useful and
actually calling them is a red flag.
2023-10-31 14:12:39 +01:00
Davidson Souza 39febcb866
Create rust-bidings
Create bindings for all methods and static types in ellswift.h in
secp256k1-sys and their respective safe-rust types.

All methods are extensively commented and tested using BIP324's
test vectors
2023-10-09 14:57:54 -03:00
Andrew Poelstra acf9ac13e9
delete `test_manual_create_destroy` test
This is just a bad test. It constructs a preallocated context object by
starting from a non-preallocated context object, in a way that can't be
done by users (since it directly constructs a `Secp256k1` struct) and a
way that is very difficult to unwind, because you wind up with two
pointers to the same underlying context object, one a "preallocated" one
and one a normal one.

If you then drop the preallocated one, it will call
`secp256k1_context_destroy`, forcing you to manually deallocate the
other one. If you drop the normally-allocated one, you need to
mem::forget the preallocated one to avoid calling
`secp256k1_context_destroy` twice. The whole thing is pretty fragile.

There is another unit test, `test_raw_ctx`, which gets into the same
situation but using the public API, and demonstrates a few ways to get
out of it.
2023-09-30 12:04:45 -03:00
Andrew Poelstra 04ce50891b
lib: fix bad unit test 2023-09-30 12:04:44 -03:00
Andrew Poelstra 83a2245582
Merge rust-bitcoin/rust-secp256k1#643: Update docs to mention ECDSA
aa4489c71b key: Improve docs (Tobin C. Harding)

Pull request description:

  `PublicKey` types are for verifying ECDSA signatures, when these docs where written there were no other types of signatures. With the addition of taproot these docs have become stale.

ACKs for top commit:
  apoelstra:
    ACK aa4489c71b

Tree-SHA512: bb24d82f2bf316f8907b1bf02132d454d21f0b13d57f06f09f9985bc7fbf7b36e6972a0fdaf3a68967577dbe1995f2a14fd06fddd38eb46718f04bca1c50a445
2023-08-20 14:04:38 +00:00
Tobin C. Harding 33747bb16f
Rename KeyPair to Keypair
We use "keypair" in identifiers (local vars and function names) but
`KeyPair` - one of them is wrong.

Elect to follow upstream and define keypair as a single word i.e., use
`Keypair` for type name and `keypair` in identifiers.

This patch can be reproduced mechanically by doing two
search-and-replace operations on all files excluding the CHANGELOG

- Replace "KeyPair" with "Keypair"
- Replace "key_pair" with "keypair"
2023-08-19 08:35:47 +10:00
Tobin C. Harding aa4489c71b
key: Improve docs
Crypto is _hard_. Make an effort to improve the docs with a minimum of
exactly correct information.
2023-08-19 07:50:24 +10:00
Tobin C. Harding 6fdd3b1da5
Clean up hashes import statements
Now that we have `hashes` as the crate name of `bitcoin_hashes` we can
slightly clean up the import statements.

This is based on the convention we have to import things directly from
the crate if we depend on it and not from the crate level re-export.
2023-08-15 14:54:55 +10:00
Tobin C. Harding 6d7c653b64
Use hashes instead of bitcoin_hashes
Use the more terse `hashes` by way of the `package` field in the
manifest.

Allows us to remove the ugly feature alias "bitcoin-hashes" ->
"bitcoin_hashes" and removes all the bother with the underscore.

Why did we not think of this 2 years ago?
2023-08-15 14:54:55 +10:00
Tobin C. Harding b9cb37d69f
Add a verify function to PublicKey
To be uniform with `XOnlyPublicKey` add a `verify` function to the
`PublicKey`.
2023-08-11 11:49:09 +10:00
Andrew Poelstra 14e82186d1
Merge rust-bitcoin/rust-secp256k1#644: Improve `Message` constructors
cd40ae7f19 Improve Message constructors (Tobin C. Harding)

Pull request description:

  Observe:

  - The word "hash" can be a verb or a noun, its usage in function names is therefore at times ambiguous.
  - The function name `from_slice` gives no indication as to what the slice input is.

  Improve Message constructors by doing:

  - Add a constructor `Message::from_digest` that takes a 32 byte array as input.
  - Rename `Message::from_slice` to `Message::from_digest_slice` (deprecate `from_slice` and add `from_digest_slice`)
  - Improve the docs while we are at it.

  ### Note

  The original PR conflate 2 separate issues, the `Message` constructor naming clarity issue and the upgrade difficulty issue, PR is now only a solution to the first. The second will be done as a separate PR.

ACKs for top commit:
  apoelstra:
    ACK cd40ae7f19

Tree-SHA512: 4e5aeccf15cca95073f4c3a518b9e1f54f0e33c92c45dfecd1daa31d052022cd28c71bb6df6cff8a6548993e3e22788f11cd2633214ab5a580c753e66d2ea749
2023-08-10 15:05:43 +00:00
Tobin C. Harding cf5f1034ca
Target panic message at lib users
Currently the panic message refers to stuff related to development of
the library, this is meaningless for users of the lib. Target panic
message at secp users instead.
2023-08-10 09:16:13 +10:00
Tobin C. Harding ec9c9643d7
Allow stuff after unconditional panic
We have an unconditional panic for some combination of features, this
causes clippy to give a bunch of useless warnings.

Add allow attributes to quieten down clippy.
2023-08-10 09:16:13 +10:00
Tobin C. Harding cd40ae7f19
Improve Message constructors
Observe:

- The word "hash" can be a verb or a noun, its usage in function names
  is therefore at times ambiguous.
- The function name `from_slice` gives no indication as to what the
  slice input is.

Improve Message constructors by doing:

- Add a constructor `Message::from_digest` that takes a 32 byte array as
  input.
- Rename `Message::from_slice` to `Message::from_digest_slice`
  (deprecate `from_slice` and add `from_digest_slice`)
- Improve the docs while we are at it.
2023-08-10 08:20:46 +10:00
Tobin C. Harding d60b891126
Add a verify function to PublicKey
Expose signature verification functionality for schnorr signatures on
the `XOnlyPublicKey` type.
2023-06-21 09:49:32 +10:00
Andrew Poelstra 5817d3227d
Merge rust-bitcoin/rust-secp256k1#607: Add serialize function for schnorr::Signature
8af2cf12da add .serialize() function to schnorr signature (isaac-asdf)

Pull request description:

  convert from Signature to a byte_array

ACKs for top commit:
  Kixunil:
    ACK 8af2cf12da
  tcharding:
    ACK 8af2cf12da
  apoelstra:
    ACK 8af2cf12da

Tree-SHA512: b69d58646cdba4d83a79189f18628590970f471771feef0e11e089d73bd934777e3554a448b88a3643203522fde98084fd7570a5cec400516166583a3433c000
2023-05-10 14:30:08 +00:00
isaac-asdf 8af2cf12da add .serialize() function to schnorr signature 2023-05-08 21:29:12 -05:00
Andrew Poelstra be7f9398fa
Merge rust-bitcoin/rust-secp256k1#609: Introduce SPDX license identifiers
896e6c7f2d Introduce SPDX license identifiers (Tobin C. Harding)

Pull request description:

  Licenses are boring as hell, so is are all the comments at the top of each file. This patch makes no comment on the merit of license comments in each file, rather this patch reduces the license comment to the minimum possible with no loss of meaning - an SPDX license identifier.

  Note also please that we remove the "written by" comments as well for the following reasons (discussed recently on rust-bitcoin repo):

  - they are not descriptive because many devs contributed
  - they have a tendency to include the wrong date because of cut'n'pasta
  - all this info is in the git history

  ref: https://spdx.dev/ids/#how

  cc elichai because this PR removes your name but you were not explicitly part of the conversation on `rust-bitcoin` about this topic. Here is the issue: https://github.com/rust-bitcoin/rust-bitcoin/issues/1816 also for more on SPDX see https://github.com/rust-bitcoin/rust-bitcoin/pull/1076

ACKs for top commit:
  Kixunil:
    ACK 896e6c7f2d
  apoelstra:
    ACK 896e6c7f2d

Tree-SHA512: 6f0ff7ec2632aed510df362e2fb9cf25fe02cae347bdd4a481804a3ea2b9e060c4ec2c85de3e9d1d40920e4b9c4eecfab127e61f3d076886fe8f2fb4bff9f5a7
2023-05-04 18:17:24 +00:00
Tobin C. Harding b6d0c3bfcd
Use doc_auto_cfg
We can build docs using feature markers by using `doc_auto_cfg` now, no
need to manually call the `doc` attribute.
2023-05-03 12:06:25 +10:00
Tobin C. Harding 896e6c7f2d
Introduce SPDX license identifiers
Licenses are boring as hell, so is are all the comments at the top of
each file. This patch makes no comment on the merit of license comments
in each file, rather this patch reduces the license comment to the
minimum possible with no loss of meaning - an SPDX license identifier.

Note also please that we remove the "written by" comments as well for
the following reasons (discussed recently on rust-bitcoin repo):

- they are not descriptive because many devs contributed
- they have a tendency to include the wrong date because of cut'n'pasta
- all this info is in the git history

ref: https://spdx.dev/ids/#how
2023-05-03 11:37:07 +10:00
Andrew Poelstra 9bdab89562
change --cfg=fuzzing to --cfg=secp256k1_fuzz 2023-05-01 16:11:44 +00:00
Matt Corallo f6c68ec329 Clarify the documentation of `normalize_s`
I was reading the docs for `normalize_s` and got confused what the
point was - it says that libsecp "will only accept" signatures that
are normalized, which led me to believe it would refuse to
deserialize such signatures. This is untrue, it only refuses to
*validate* such signatures.
2023-04-20 02:46:18 +00:00
Tobin C. Harding a815272bfc
secp256k1: Remove custom implementations of Eq, Ord and friends
Now that we have Rust 1.48 as the MSRV we no longer need the custom
implementations of `PartialEq`, `Eq`, `PartialOrd`, `Ord`, and `Hash`.
We can just let users of the `impl_array_newtype` macro derive these
traits if they want them.

Remove the custom implementations and add derives to our two users of
the macro.
2023-03-31 09:43:52 +11:00
Thomas DuBuisson 866cf8c732 Fix rustdoc link 2023-03-29 12:16:33 -07:00
Thomas M. DuBuisson 6e0ae2a7bb
Document sig verify's intentional limitation 2023-03-29 10:32:17 -07:00
Tobin C. Harding 8e772493dc
Depend on bitcoin_hashes v0.12
Upgrade to use the newly released `bitcoin_hashes`.
2023-03-15 14:56:28 +11:00
kwantam 8fffbeab13
implement "non_secure_erase" methods
This PR implements a `non_secure_erase()` method on SecretKey,
KeyPair, SharedSecret, Scalar, and DisplaySecret. The purpose
of this method is to (attempt to) overwrite secret data with
valid default values. This method can be used by libraries
to implement Zeroize on structs containing secret values.

`non_secure_erase()` attempts to avoid being optimized away or
reordered using the same mechanism as the zeroize crate: first,
using `std::ptr::write_volatile` (which will not be optimized
away) to overwrite the memory, then using a memory fence to
prevent subtle issues due to load or store reordering.

Note, however, that this method is *very unlikely* to do anything
useful on its own. Effective use involves carefully placing these
values inside non-Copy structs and pinning those structs in place.
See the [`zeroize`](https://docs.rs/zeroize) documentation for tips
and tricks, and for further discussion.

[this commit includes a squashed-in commit from tcharding to fix docs
and helpful suggestions from apoelstra and Kixunil]
2023-02-21 08:56:03 -05:00
Andrew Poelstra 6ec968a522
Merge rust-bitcoin/rust-secp256k1#561: Fully describe safety requirements
e705bcffb5 Fully describe safety requirements (Tobin C. Harding)

Pull request description:

  Currently we have a wildcard on safety requirements, saying more or less "plus a bunch of other stuff we don't mention". This is not helpful.

  Attempt to fully describe the safety requirements of creating a context from a raw context (all, signing only, and verification only).

  Fix: #544

  ## Note

  This is best effort only, will require some thought to review. To do this I read https://doc.rust-lang.org/reference/behavior-considered-undefined.html and then I flicked through `depend/secp256k1/src/secp256k1.c` and `util.h` to look for things that could cause things in the linked to list of UB.

ACKs for top commit:
  apoelstra:
    ACK e705bcffb5
  Kixunil:
    ACK e705bcffb5

Tree-SHA512: 0180d196f6d528e3c7a06da54ef58d015df19c351d98030453ae5c5e62e0565797b06169f27f5d8b40ea0b9adba377cadd45dd306c8213d0bdc98b20651766c7
2023-02-06 13:50:47 +00:00
Arik Sosman e597860a64
Followup: Disallow missing `Debug` implementations for `Scalar` type. 2023-02-02 13:29:05 -08:00
Arik Sosman 8ed8cac2fe
Implement `Debug` trait for `Scalar` type. 2023-02-02 09:34:00 -08:00
Tobin C. Harding e705bcffb5 Fully describe safety requirements
Currently we have a wildcard on safety requirements, saying more or less
"plus a bunch of other stuff we don't mention". This is not helpful.

Attempt to fully describe the safety requirements of creating a context
from a raw context (all, signing only, and verification only).

Fix: #544
2023-01-31 17:20:22 +11:00
Tobin C. Harding d1184156c6 Fix CI
Currently CI is broken because we use the latest version of `rustfmt`
and `clippy` in CI. We can resolve the `rustfmt` issue permanently by
removing the `required_version` config option. We also need to fix the
latest clippy warnings.

Done as a single patch so that all patches pass CI.
2023-01-31 08:14:08 +11:00
Tobin C. Harding bdfa0ffcd0
Use library to_hex function
We do not need to use the `hex` module from `bitcoin_hashes` to encode
into hex, we have a function in this library.

Use library hex encoding logic, removes dependency on the `hex` module
of `bitcoin_hashes` entirely from this crate.
2023-01-25 07:36:33 +11:00
Tobin C. Harding b3cd414a5a Remove unnecessary cast
A recent update to clippy introduced a new class of warning.

Clippy emits:

 warning: casting to the same type is unnecessary (`usize` -> `usize`)

As suggested remove the unnecessary cast.
2022-12-16 11:02:02 +11:00
Andrew Poelstra ff4be18e0d
Merge rust-bitcoin/rust-secp256k1#557: Add additional changelog entry
494b07a415 Add changelog entry (Tobin C. Harding)
d0c4af0e26 Add newline after docs heading (Tobin C. Harding)

Pull request description:

  ~Bump version to 0.25.1 ready to release~ Add changelog entry for the recently fixed unsoundness issue.

  Patch 1 is an annoyingly trivial fix to docs.

ACKs for top commit:
  apoelstra:
    ACK 494b07a415

Tree-SHA512: 8de8d735d3dce06683ec8e66b78b966406f42ea0a8e679e8e82143a984251addd74bea3658cc63ba9d9eada3517e461e9c28085d5261d9c0db2dceb15a8cbcc2
2022-12-09 20:50:26 +00:00