milksad
/
rust-secp256k1-unsafe-fast
14
0
Fork 0
Code Issues Pull Requests Activity
Custom fork of rust-secp256k1 with unsafe modifications for higher speed. Unsuitable for production.
728 Commits 1 Branch 0 Tags 217 MiB
C 76.3%
Rust 16.6%
Sage 1.9%
Assembly 1.3%
CMake 1.2%
Other 2.7%
Go to file
Andrew Poelstra 86447eea20
Merge rust-bitcoin/rust-secp256k1#385: Randomize context on creation 
8339ca5706 Add documentation guiding users towards randomization (Tobin Harding)
cf1496b64e Add documentation about rand-std feature (Tobin Harding)
1693d51ce7 Randomize context on creation (Tobin Harding)
a0465ea279 Remove feature global-context-less-secure (Tobin Harding)

Pull request description:

  Currently it is easy for users to mis-use our API because they may not know that `randomize()` should be called after context creation for maximum defence against side channel attacks.

  This PR entails the first two parts of the plan outlined in #388. The commit messages are a bit light of information as to _why_ we are doing this so please see #388 for more context.

  In light of @real-or-random's [comment](https://github.com/rust-bitcoin/rust-secp256k1/issues/388#issuecomment-1026613592) about verification contexts the randomization is done in `gen_new` i.e., for _all_ contexts not just signing ones.

  Also, I think we should add some docs about exactly _what_ randomization buys the user and what it costs. I do not know exactly what this is, can someone please write a sentence or two that we can include in the docs to `gen_new`?

  @TheBlueMatt please review patch 4.

  Resolves: #225

  **Note**: This is a total re-write of the original PR, most of the discussion below is stale. Of note, the additional API that takes a seed during construction is not implemented here.

ACKs for top commit:
  apoelstra:
    ACK 8339ca5706

Tree-SHA512: e74fe9a6eaf8ac40e4e06997602006eb8ca95216b5bc6dca3f5f96b5b4d3bf8610d851d8f1ef5c199ab7fbe85b34d162f2ee0073647f45105a486d20d8c0722a
 		2022-02-04 14:05:42 +00:00
.github/workflows disable illumos and netbsd 2021-10-28 12:10:46 +02:00
contrib Enable running tests without default features 2022-02-01 15:20:44 +11:00
examples Move `Signature` and `SerializedSignature` to new `ecdsa` module 2021-11-11 13:43:48 +11:00
no_std_test Move `Signature` and `SerializedSignature` to new `ecdsa` module 2021-11-11 13:43:48 +11:00
secp256k1-sys Use fully qualified path for mem 2022-01-26 13:25:33 +11:00
src Add documentation guiding users towards randomization 2022-02-04 08:36:15 +11:00
.gitignore Added ECMULT window size 2019-07-03 17:48:35 -04:00
CHANGELOG.md Release 0.21.0 2022-01-04 14:30:00 +00:00
Cargo.toml Remove feature global-context-less-secure 2022-02-04 08:34:39 +11:00
LICENSE Remove the MIT/CC0 license in favor of just CC0 2015-03-25 18:36:30 -05:00
README.md rename `rust_secp_fuzz` to `fuzzing` 2021-01-11 19:14:42 +00:00
clippy.toml Add clippy.toml 2022-01-12 18:54:30 +11:00
rustfmt.toml Add a disabled rustfmt.toml 2022-01-21 10:04:46 +11:00

README.md

Build Status

Full documentation

rust-secp256k1

rust-secp256k1 is a wrapper around libsecp256k1, a C library by Pieter Wuille for producing ECDSA signatures using the SECG curve secp256k1. This library

  • exposes type-safe Rust bindings for all libsecp256k1 functions
  • implements key generation
  • implements deterministic nonce generation via RFC6979
  • implements many unit tests, adding to those already present in libsecp256k1
  • makes no allocations (except in unit tests) for efficiency and use in freestanding implementations

Contributing

Contributions to this library are welcome. A few guidelines:

  • Any breaking changes must have an accompanied entry in CHANGELOG.md
  • No new dependencies, please.
  • No crypto should be implemented in Rust, with the possible exception of hash functions. Cryptographic contributions should be directed upstream to libsecp256k1.
  • This library should always compile with any combination of features on Rust 1.29.

A note on Rust 1.29 support

The build dependency cc might require a more recent version of the Rust compiler. To ensure compilation with Rust 1.29.0, pin its version in your Cargo.lock with cargo update -p cc --precise 1.0.41. If you're using secp256k1 in a library, to make sure it compiles in CI, you'll need to generate a lockfile first. Example for Travis CI:

before_script:
  - if [ "$TRAVIS_RUST_VERSION" == "1.29.0" ]; then
    cargo generate-lockfile --verbose && cargo update -p cc --precise "1.0.41" --verbose;
    fi

Fuzzing

If you want to fuzz this library, or any library which depends on it, you will probably want to disable the actual cryptography, since fuzzers are unable to forge signatures and therefore won't test many interesting codepaths. To instead use a trivially-broken but fuzzer-accessible signature scheme, compile with --cfg=fuzzing in your RUSTFLAGS variable.

Note that cargo hfuzz sets this config flag automatically.