Commit Graph

412 Commits

Author SHA1 Message Date
Andrew Poelstra 609f658bee [API BREAK] Remove `Sequence` iterator over secret keys
Y'know, I can't for the life of me think what this was supposed to
be used for. Given that the library did not compile for several
months until last week, I assume there are no users, let alone
users of such a weird feature.
2015-04-11 12:24:04 -05:00
Andrew Poelstra ac61baf040 Add support for serde (de)serialization; add unit tests 2015-04-10 00:32:12 -05:00
Andrew Poelstra 1b2858bc8a Rename secp256k1.rs to lib.rs 2015-04-09 10:35:38 -05:00
Andrew Poelstra 1591bba3f9 Update bindings to current secp256k1 library
rust-secp256k1 was based off of https://github.com/sipa/secp256k1,
which has been inactive nearly as long as this repository (prior to
a couple days ago anyway). The correct repository is

   https://github.com/bitcoin/secp256k1

This is a major breaking change to the library for one reason: there
are no longer any Nonce types in the safe interface. The signing functions
do not take a nonce; this is generated internally.

This also means that I was able to drop all my RFC6979 code, since
libsecp256k1 has its own implementation.

If you need to generate your own nonces, you need to create an unsafe
function of type `ffi::NonceFn`, then pass it to the appropriate
functions in the `ffi` module. There is no safe interface for doing
this, deliberately: there is basically no need to directly fiddle
with nonces ever.
2015-04-06 00:13:38 -05:00
Andrew Poelstra f6585616b1 Add `Display` impl to `Error`; cleanup `Result` mess 2015-04-05 20:27:43 -05:00
Andrew Poelstra ff29303da1 Add Travis build status to README 2015-04-05 12:37:49 -05:00
Andrew Poelstra 5b3858e0ce Simplify Index implementations 2015-04-05 12:16:56 -05:00
Andrew Poelstra c3786888d7 Make note about non-allocations 2015-04-05 11:45:40 -05:00
Andrew Poelstra 15e552b190 Add link to full docs to README 2015-04-04 15:51:06 -05:00
Andrew Poelstra ec5d5e4ca9 Add README 2015-04-04 12:30:07 -05:00
Andrew Poelstra e2daaf875d Update for language changes (rustc beta is out !!) 2015-04-04 12:20:38 -05:00
Andrew Poelstra abc5b865e7 Change rustc-serialize for crate hyphen transition 2015-03-26 10:07:28 -05:00
Andrew Poelstra 16b6dc73ca `Cargo test` now builds and passes locally :) 2015-03-25 20:55:01 -05:00
Andrew Poelstra 42dfa752ce More slicing 2015-03-25 20:52:09 -05:00
Andrew Poelstra ec6aea7ca1 Fiddle with crates, `cargo build` now succeeds :) 2015-03-25 20:44:04 -05:00
Andrew Poelstra d858d7f7e6 Slicing fixes 2015-03-25 20:36:57 -05:00
Andrew Poelstra f910355043 Change rand crate to crates.io version 2015-03-25 18:57:16 -05:00
Andrew Poelstra d0418d4ba7 Remove the MIT/CC0 license in favor of just CC0
I'm taking advantage of the CC0 license on any of David's code to
give me permission to do this :). Almost all of it is my code by
this point so I am also morally in the clear.

-a
2015-03-25 18:36:30 -05:00
Andrew Poelstra 7bd24615f6 Change std::rand to just rand::, though there is still a 'unimplemented trait' error :/ 2015-03-25 18:22:24 -05:00
Andrew Poelstra d2fcbbe95a Change name to secp256k1 from bitcoin-secp256k1-rs
[breaking-change]
2015-03-25 17:20:44 -05:00
Andrew Poelstra 825e77519f for in range(a,b) -> for in a..b 2015-03-25 14:42:05 -05:00
Andrew Poelstra d0519f0b3a IoResult -> io::Result, copy_nonoverlapping_memory -> copy_nonoverlapping 2015-03-25 14:10:02 -05:00
Andrew Poelstra 1e24549ef5 Show -> Debug 2015-03-25 13:59:54 -05:00
Andrew Poelstra 5a6c6c8d0a Fix for secp256k1 ffi changes
All tests pass, compile now
2015-01-17 10:38:16 -06:00
Andrew Poelstra d495d9ca06 Update for rustc changes
We can compile now, but not link -- there have been too many changes
in libsecp256k1 behind the scenes. Next commit :)
2015-01-17 10:13:45 -06:00
Andrew Poelstra 9cab4e023d Revert "Overhaul interface to use zero-on-free SecretKeys"
This reverts commit 9889090784.

This is not ready for primetime -- the move prevention also prevents
reborrowing, which makes secret keys nearly unusable.
2014-09-12 08:28:35 -05:00
Andrew Poelstra 9889090784 Overhaul interface to use zero-on-free SecretKeys
Using the `secretdata` library, we can store SecretKeys in such a way
that they cannot be moved or copied, and their memory is zeroed out on
drop. This gives us some assurance that in the case of memory unsafety,
there is not secret key data lying around anywhere that we don't expect.

Unfortunately, it means that we cannot construct secret keys and then
return them, which forces the interface to change a fair bit. I removed
the `generate_keypair` function from Secp256k1, then `generate_nonce`
for symmetry, then dropped the `Secp256k1` struct entirely because it
turned out that none of the remaining functions used the `self` param.

So here we are. I bumped the version number. Sorry about this.
2014-09-12 08:28:26 -05:00
Andrew Poelstra 62504165e4 Reimplement non-typesafe `verify` fn, call it `verify_raw`.
The typesafe version could not accept illegally padded signatures because
`Signature` is a fixed-width type. Unfortunately such signatures are on
the blockchain, and we need a way to verify them.
2014-09-04 20:32:49 -05:00
Andrew Poelstra eabe57e403 Also make PublicKey encodable 2014-09-04 20:21:09 -05:00
Andrew Poelstra 71312b032a Impl encodable/decodable for the array newtypes 2014-09-04 20:09:18 -05:00
Andrew Poelstra 17daebf15d Implement deterministic nonce generation with HMAC-SHA512
Testing was done against python-ecdsa; python code in the test case
comments.
2014-09-04 16:21:35 -05:00
Andrew Poelstra 46f646dabb Make `verify` accept a `Signature` rather than a slice
[breaking-change]
2014-09-04 11:52:25 -05:00
Andrew Poelstra 770ebbafc4 Add a `Sequence` iterator for generating sequential keypairs; fix tests 2014-09-01 11:13:31 -05:00
Andrew Poelstra 204524117c Make Secp256k1::verify() static
This avoids the overhead of creating and seeding a Fortuna just to do verification.
2014-08-31 22:33:19 -05:00
Andrew Poelstra d94345f721 Generate keys from Fortuna rather than always using the OsRng
When creating a Secp256k1, we attach a Fortuna CSRNG seeded from the
OS RNG, rather than using the OS RNG all the time. This moves the
potential RNG failure to the creation of the object, rather than at
every single place that keys are generated. It also reduces trust
in the operating system RNG.

This does mean that Secp256k1::new() now returns an IoResult while
the generate_* methods no longer return Results, so this is a breaking
change.

Also add a benchmark for key generation. On my system I get:

test tests::generate_compressed   ... bench:    492990 ns/iter (+/- 27981)
test tests::generate_uncompressed ... bench:    495148 ns/iter (+/- 29829)

Contrast the numbers with OsRng:

test tests::generate_compressed   ... bench:     66691 ns/iter (+/- 3640)
test tests::generate_uncompressed ... bench:     67148 ns/iter (+/- 3806)

Not too shabby :)

[breaking-change]
2014-08-31 22:26:02 -05:00
Andrew Poelstra 059c72aa60 Do validation in pubkey::from_slice 2014-08-31 16:04:14 -05:00
Andrew Poelstra a0ecfe9e29 Change lint names for upstream 2014-08-30 07:24:44 -07:00
Andrew Poelstra 15b8183ea8 Remove error return from `PublicKey::from_secret_key()`
Make sure that you cannot create an invalid `SecretKey` in the first place.
Unbreaks the API.

[unbreaking-change]
2014-08-28 11:11:25 -07:00
Andrew Poelstra a67260eb3a Remove unsafe markers and just call `init` everywhere
It turns out I need to run `init` before pretty-much every FFI function,
which means that most everything would have to be marked unsafe if I'm
expecting the Rust user to do this. This is unacceptable -- users who
need to sacrifice safety for speed can just use the `ffi::` functions
instead.

Also, I noticed that I was locking up in `PublicKey::from_secret_key`.
Fix to return an error value -- unfortunately a breaking change since
it changes the function signature.

[breaking-change]
2014-08-28 10:59:44 -07:00
Andrew Poelstra a5951eff47 Expose tweak functions in FFI, wrap a couple 2014-08-28 09:16:53 -07:00
Andrew Poelstra e13b23d720 Add curve order and generator coordinates to constants 2014-08-27 22:49:22 -07:00
Andrew Poelstra a0f11d0f92 Travis speaks rust now :D 2014-08-27 10:58:24 -07:00
Andrew Poelstra 83f2ccf5d7 Add verification to SecretKey::from_slice() 2014-08-24 16:13:08 -07:00
Andrew Poelstra 79815e225b Add .travis.yml, update tests and Cargo.toml for upstream changes 2014-08-17 18:58:20 -07:00
Andrew Poelstra bf011f956e Merge pull request #2 from dpc/random_32
Simpler `random_32_bytes`.
2014-08-16 10:23:40 -07:00
Dawid Ciężarkiewicz 1ce6e3fd3b Simpler `random_32_bytes`. 2014-08-16 02:21:35 -07:00
Andrew Poelstra 6c8a72ba5d Remove allocations for Signature, use array instead
As @dpc observes, embedded systems do not necessarily have allocators, so we
should avoid using them if it is not too much hassle. (And it is no hassle at
all.)
2014-08-15 23:43:40 -07:00
Andrew Poelstra db37829904 Add CC0 license and header to all files 2014-08-11 19:26:45 -07:00
Andrew Poelstra 4be48ecb1b Move Rng failure from `Secp256k1::new` to functions that actually use randomness
Verifying signatures does not require any randomness, but requires the user
to create a `Secp256k1` object nonetheless (this is just a way to guarantee
that `init` is called --- an alternate API would be to have an independent
unsafe `verify` function). If a Rng can't be created, rather than failing
the `Secp256k1` initialization, fail the functions that actually try to use
the Rng.

This way signing and verifying, which require no randomness beyond that input
to them, will work correctly.

To avoid checking for a working Rng on each call to `generate_keypair` and
`generate_nonce` (which is probably trivial next to the cost of actually
generating the randomness, but w/e, user knows best), the user should use
the generation functions in the `key` module, which take an Rng as input.
2014-08-11 19:24:19 -07:00
Andrew Poelstra d6bf4039bd Pull out initialization code so that `PublicKey::from_secret_key` can be used safely 2014-08-11 19:24:19 -07:00