zecfoundation
/
rust-secp256k1
mirror of https://github.com/ZcashFoundation/rust-secp256k1.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
rust-secp256k1/src/lib.rs

740 lines
26 KiB
Rust
Raw Normal View History

Add CC0 license and header to all files
2014-08-11 19:26:14 -07:00
// Bitcoin secp256k1 bindings
// Written in 2014 by
// Dawid Ciężarkiewicz
// Andrew Poelstra
//
// To the extent possible under law, the author(s) have dedicated all
// copyright and related and neighboring rights to this software to
// the public domain worldwide. This software is distributed without
// any warranty.
//
// You should have received a copy of the CC0 Public Domain Dedication
// along with this software.
// If not, see <http://creativecommons.org/publicdomain/zero/1.0/>.
//
Move FFI functions into separate module; add documentation and style lints
2014-08-09 13:27:08 -07:00
//! # Secp256k1
//! Rust bindings for Pieter Wuille's secp256k1 library, which is used for
//! fast and accurate manipulation of ECDSA signatures on the secp256k1
//! curve. Such signatures are used extensively by the Bitcoin network
//! and its derivatives.
//!
Initial (failing) implementation.
2014-07-06 22:41:22 -07:00
#![crate_type = "lib"]
#![crate_type = "rlib"]
#![crate_type = "dylib"]
Change name to secp256k1 from bitcoin-secp256k1-rs [breaking-change]
2015-03-25 15:20:44 -07:00
#![crate_name = "secp256k1"]
Update for rustc changes We can compile now, but not link -- there have been too many changes in libsecp256k1 behind the scenes. Next commit :)
2015-01-17 08:13:45 -08:00
// Keep this until 1.0 I guess; it's needed for `black_box` at least
Fiddle with crates, `cargo build` now succeeds :)
2015-03-25 18:44:04 -07:00
#![cfg_attr(test, feature(test))]
Update for newest Cargo
2014-07-23 16:11:18 -07:00
Move FFI functions into separate module; add documentation and style lints
2014-08-09 13:27:08 -07:00
// Coding conventions
Update for rustc changes We can compile now, but not link -- there have been too many changes in libsecp256k1 behind the scenes. Next commit :)
2015-01-17 08:13:45 -08:00
#![deny(non_upper_case_globals)]
Move FFI functions into separate module; add documentation and style lints
2014-08-09 13:27:08 -07:00
#![deny(non_camel_case_types)]
Change lint names for upstream
2014-08-30 07:24:44 -07:00
#![deny(non_snake_case)]
Move FFI functions into separate module; add documentation and style lints
2014-08-09 13:27:08 -07:00
#![deny(unused_mut)]
Update for rustc changes We can compile now, but not link -- there have been too many changes in libsecp256k1 behind the scenes. Next commit :)
2015-01-17 08:13:45 -08:00
#![warn(missing_docs)]
Initial (failing) implementation.
2014-07-06 22:41:22 -07:00
Change rustc-serialize for crate hyphen transition
2015-03-26 08:07:28 -07:00
extern crate rustc_serialize as serialize;
Add support for serde (de)serialization; add unit tests
2015-04-09 22:32:12 -07:00
extern crate serde;
Fiddle with crates, `cargo build` now succeeds :)
2015-03-25 18:44:04 -07:00
#[cfg(test)] extern crate test;
Generate keys from Fortuna rather than always using the OsRng When creating a Secp256k1, we attach a Fortuna CSRNG seeded from the OS RNG, rather than using the OS RNG all the time. This moves the potential RNG failure to the creation of the object, rather than at every single place that keys are generated. It also reduces trust in the operating system RNG. This does mean that Secp256k1::new() now returns an IoResult while the generate_* methods no longer return Results, so this is a breaking change. Also add a benchmark for key generation. On my system I get: test tests::generate_compressed ... bench: 492990 ns/iter (+/- 27981) test tests::generate_uncompressed ... bench: 495148 ns/iter (+/- 29829) Contrast the numbers with OsRng: test tests::generate_compressed ... bench: 66691 ns/iter (+/- 3640) test tests::generate_uncompressed ... bench: 67148 ns/iter (+/- 3806) Not too shabby :) [breaking-change]
2014-08-31 20:26:02 -07:00
Initial (failing) implementation.
2014-07-06 22:41:22 -07:00
extern crate libc;
Change std::rand to just rand::, though there is still a 'unimplemented trait' error :/
2015-03-25 16:22:24 -07:00
extern crate rand;
Initial (failing) implementation.
2014-07-06 22:41:22 -07:00
IoResult -> io::Result, copy_nonoverlapping_memory -> copy_nonoverlapping
2015-03-25 12:10:02 -07:00
use std::intrinsics::copy_nonoverlapping;
[API BREAK] Remove Rng from Secp256k1 and associated code The Rng was only used for key generation, and for BIP32 users not even then; thus hauling around a Rng is a waste of space in addition to causing a massive amount of syntactic noise. For example rust-bitcoin almost always uses `()` as the Rng; having `Secp256k1` default to a `Secp256k1<Fortuna>` then means even more syntactic noise, rather than less. Now key generation functions take a Rng as a parameter, and the rest can forget about having a Rng. This also means that the Secp256k1 context never needs a mutable reference and can be easily put into an Arc if so desired.
2015-04-12 13:54:22 -07:00
use std::{cmp, fmt, ops, ptr};
Move FFI functions into separate module; add documentation and style lints
2014-08-09 13:27:08 -07:00
use libc::c_int;
[API BREAK] Remove Rng from Secp256k1 and associated code The Rng was only used for key generation, and for BIP32 users not even then; thus hauling around a Rng is a waste of space in addition to causing a massive amount of syntactic noise. For example rust-bitcoin almost always uses `()` as the Rng; having `Secp256k1` default to a `Secp256k1<Fortuna>` then means even more syntactic noise, rather than less. Now key generation functions take a Rng as a parameter, and the rest can forget about having a Rng. This also means that the Secp256k1 context never needs a mutable reference and can be easily put into an Arc if so desired.
2015-04-12 13:54:22 -07:00
use rand::Rng;
Revert "Overhaul interface to use zero-on-free SecretKeys" This reverts commit 98890907849326a0e265d0ee12d3caa232b19602. This is not ready for primetime -- the move prevention also prevents reborrowing, which makes secret keys nearly unusable.
2014-09-12 06:28:35 -07:00
Update for rustc changes We can compile now, but not link -- there have been too many changes in libsecp256k1 behind the scenes. Next commit :)
2015-01-17 08:13:45 -08:00
#[macro_use]
Travis speaks rust now :D
2014-08-27 10:19:10 -07:00
mod macros;
Move FFI and constants into their own modules; replace outptrs with returns
2014-08-09 18:03:17 -07:00
pub mod constants;
Move FFI functions into separate module; add documentation and style lints
2014-08-09 13:27:08 -07:00
pub mod ffi;
Move FFI and constants into their own modules; replace outptrs with returns
2014-08-09 18:03:17 -07:00
pub mod key;
Initial (failing) implementation.
2014-07-06 22:41:22 -07:00
Move FFI and constants into their own modules; replace outptrs with returns
2014-08-09 18:03:17 -07:00
/// A tag used for recovering the public key from a compact signature
Update for language changes (rustc beta is out !!)
2015-04-04 10:20:38 -07:00
#[derive(Copy, Clone, PartialEq, Eq, Debug)]
Move FFI and constants into their own modules; replace outptrs with returns
2014-08-09 18:03:17 -07:00
pub struct RecoveryId(i32);
Move FFI functions into separate module; add documentation and style lints
2014-08-09 13:27:08 -07:00
Move FFI and constants into their own modules; replace outptrs with returns
2014-08-09 18:03:17 -07:00
/// An ECDSA signature
Update for language changes (rustc beta is out !!)
2015-04-04 10:20:38 -07:00
#[derive(Copy)]
Update for rustc changes We can compile now, but not link -- there have been too many changes in libsecp256k1 behind the scenes. Next commit :)
2015-01-17 08:13:45 -08:00
pub struct Signature(usize, [u8; constants::MAX_SIGNATURE_SIZE]);
Move FFI and constants into their own modules; replace outptrs with returns
2014-08-09 18:03:17 -07:00
impl Signature {
Make `verify` accept a `Signature` rather than a slice [breaking-change]
2014-09-04 09:52:25 -07:00
/// Converts the signature to a raw pointer suitable for use
/// with the FFI functions
#[inline]
pub fn as_ptr(&self) -> *const u8 {
let &Signature(_, ref data) = self;
Slicing fixes
2015-03-25 18:36:57 -07:00
data.as_ptr()
Make `verify` accept a `Signature` rather than a slice [breaking-change]
2014-09-04 09:52:25 -07:00
}
Move FFI and constants into their own modules; replace outptrs with returns
2014-08-09 18:03:17 -07:00
/// Converts the signature to a mutable raw pointer suitable for use
/// with the FFI functions
#[inline]
pub fn as_mut_ptr(&mut self) -> *mut u8 {
Update for rustc changes We can compile now, but not link -- there have been too many changes in libsecp256k1 behind the scenes. Next commit :)
2015-01-17 08:13:45 -08:00
let &mut Signature(_, ref mut data) = self;
Slicing fixes
2015-03-25 18:36:57 -07:00
data.as_mut_ptr()
Move FFI and constants into their own modules; replace outptrs with returns
2014-08-09 18:03:17 -07:00
}
Move FFI functions into separate module; add documentation and style lints
2014-08-09 13:27:08 -07:00
Remove allocations for Signature, use array instead As @dpc observes, embedded systems do not necessarily have allocators, so we should avoid using them if it is not too much hassle. (And it is no hassle at all.)
2014-08-15 23:43:40 -07:00
/// Returns the length of the signature
#[inline]
Update for rustc changes We can compile now, but not link -- there have been too many changes in libsecp256k1 behind the scenes. Next commit :)
2015-01-17 08:13:45 -08:00
pub fn len(&self) -> usize {
Remove allocations for Signature, use array instead As @dpc observes, embedded systems do not necessarily have allocators, so we should avoid using them if it is not too much hassle. (And it is no hassle at all.)
2014-08-15 23:43:40 -07:00
let &Signature(len, _) = self;
len
Move FFI and constants into their own modules; replace outptrs with returns
2014-08-09 18:03:17 -07:00
}
Make `verify` accept a `Signature` rather than a slice [breaking-change]
2014-09-04 09:52:25 -07:00
/// Converts a byte slice to a signature
#[inline]
Add `Display` impl to `Error`; cleanup `Result` mess
2015-04-05 18:27:43 -07:00
pub fn from_slice(data: &[u8]) -> Result<Signature, Error> {
Make `verify` accept a `Signature` rather than a slice [breaking-change]
2014-09-04 09:52:25 -07:00
if data.len() <= constants::MAX_SIGNATURE_SIZE {
Update for rustc changes We can compile now, but not link -- there have been too many changes in libsecp256k1 behind the scenes. Next commit :)
2015-01-17 08:13:45 -08:00
let mut ret = [0; constants::MAX_SIGNATURE_SIZE];
Make `verify` accept a `Signature` rather than a slice [breaking-change]
2014-09-04 09:52:25 -07:00
unsafe {
Update for language changes (rustc beta is out !!)
2015-04-04 10:20:38 -07:00
copy_nonoverlapping(data.as_ptr(),
ret.as_mut_ptr(),
IoResult -> io::Result, copy_nonoverlapping_memory -> copy_nonoverlapping
2015-03-25 12:10:02 -07:00
data.len());
Make `verify` accept a `Signature` rather than a slice [breaking-change]
2014-09-04 09:52:25 -07:00
}
Ok(Signature(data.len(), ret))
} else {
Update for rustc changes We can compile now, but not link -- there have been too many changes in libsecp256k1 behind the scenes. Next commit :)
2015-01-17 08:13:45 -08:00
Err(Error::InvalidSignature)
Make `verify` accept a `Signature` rather than a slice [breaking-change]
2014-09-04 09:52:25 -07:00
}
}
Initial (failing) implementation.
2014-07-06 22:41:22 -07:00
}
Add missing implementations; update FFI for libsecp256k1's new cloning fn
2015-04-12 07:36:49 -07:00
impl fmt::Debug for Signature {
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
try!(write!(f, "Signature("));
for i in self[..].iter().cloned() {
try!(write!(f, "{:02x}", i));
}
write!(f, ")")
}
}
More slicing
2015-03-25 18:52:09 -07:00
impl ops::Index<usize> for Signature {
type Output = u8;
#[inline]
fn index(&self, index: usize) -> &u8 {
Add missing implementations; update FFI for libsecp256k1's new cloning fn
2015-04-12 07:36:49 -07:00
assert!(index < self.0);
&self.1[index]
More slicing
2015-03-25 18:52:09 -07:00
}
}
impl ops::Index<ops::Range<usize>> for Signature {
type Output = [u8];
#[inline]
fn index(&self, index: ops::Range<usize>) -> &[u8] {
Add missing implementations; update FFI for libsecp256k1's new cloning fn
2015-04-12 07:36:49 -07:00
assert!(index.end < self.0);
&self.1[index]
More slicing
2015-03-25 18:52:09 -07:00
}
}
impl ops::Index<ops::RangeFrom<usize>> for Signature {
type Output = [u8];
#[inline]
fn index(&self, index: ops::RangeFrom<usize>) -> &[u8] {
Add missing implementations; update FFI for libsecp256k1's new cloning fn
2015-04-12 07:36:49 -07:00
&self.1[index.start..self.0]
More slicing
2015-03-25 18:52:09 -07:00
}
}
impl ops::Index<ops::RangeFull> for Signature {
type Output = [u8];
#[inline]
fn index(&self, _: ops::RangeFull) -> &[u8] {
Add missing implementations; update FFI for libsecp256k1's new cloning fn
2015-04-12 07:36:49 -07:00
&self.1[0..self.0]
}
}
impl cmp::PartialEq for Signature {
#[inline]
fn eq(&self, other: &Signature) -> bool {
&self[..] == &other[..]
More slicing
2015-03-25 18:52:09 -07:00
}
}
Add missing implementations; update FFI for libsecp256k1's new cloning fn
2015-04-12 07:36:49 -07:00
impl cmp::Eq for Signature { }
More slicing
2015-03-25 18:52:09 -07:00
Update for language changes (rustc beta is out !!)
2015-04-04 10:20:38 -07:00
impl Clone for Signature {
#[inline]
fn clone(&self) -> Signature {
unsafe {
use std::mem;
let mut ret: Signature = mem::uninitialized();
copy_nonoverlapping(self.as_ptr(),
ret.as_mut_ptr(),
mem::size_of::<Signature>());
ret
}
}
}
Update bindings to current secp256k1 library rust-secp256k1 was based off of https://github.com/sipa/secp256k1, which has been inactive nearly as long as this repository (prior to a couple days ago anyway). The correct repository is https://github.com/bitcoin/secp256k1 This is a major breaking change to the library for one reason: there are no longer any Nonce types in the safe interface. The signing functions do not take a nonce; this is generated internally. This also means that I was able to drop all my RFC6979 code, since libsecp256k1 has its own implementation. If you need to generate your own nonces, you need to create an unsafe function of type `ffi::NonceFn`, then pass it to the appropriate functions in the `ffi` module. There is no safe interface for doing this, deliberately: there is basically no need to directly fiddle with nonces ever.
2015-04-05 22:13:38 -07:00
/// A (hashed) message input to an ECDSA signature
pub struct Message([u8; constants::MESSAGE_SIZE]);
impl_array_newtype!(Message, u8, constants::MESSAGE_SIZE);
impl Message {
/// Converts a `MESSAGE_SIZE`-byte slice to a nonce
#[inline]
pub fn from_slice(data: &[u8]) -> Result<Message, Error> {
match data.len() {
constants::MESSAGE_SIZE => {
let mut ret = [0; constants::MESSAGE_SIZE];
unsafe {
copy_nonoverlapping(data.as_ptr(),
ret.as_mut_ptr(),
data.len());
}
Ok(Message(ret))
}
_ => Err(Error::InvalidMessage)
}
}
}
Add missing implementations; update FFI for libsecp256k1's new cloning fn
2015-04-12 07:36:49 -07:00
impl fmt::Debug for Message {
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
try!(write!(f, "Message("));
for i in self[..].iter().cloned() {
try!(write!(f, "{:02x}", i));
}
write!(f, ")")
}
}
Move FFI functions into separate module; add documentation and style lints
2014-08-09 13:27:08 -07:00
/// An ECDSA error
Update for language changes (rustc beta is out !!)
2015-04-04 10:20:38 -07:00
#[derive(Copy, PartialEq, Eq, Clone, Debug)]
Initial (failing) implementation.
2014-07-06 22:41:22 -07:00
pub enum Error {
[API BREAK] expose ability to create contexts without verify or signing caps There are a lot of cases in rust-bitcoin where we need a `Secp256k1` which doesn't need any signing or verification capabilities, only checking the validity of various objects. We can get away with a bare context (i.e. no precomputation) which can be cheaply created on demand, avoiding the need to pass around references to Secp256k1 objects everywhere. API break because the following functions can now fail (given an insufficiently capable context) and therefore now return a Result: Secp256k1::generate_keypair Secp256k1::sign Secp256k1::sign_compact
2015-04-13 20:04:43 -07:00
/// A `Secp256k1` was used for an operation, but it was not created to
/// support this (so necessary precomputations have not been done)
IncapableContext,
Move FFI and constants into their own modules; replace outptrs with returns
2014-08-09 18:03:17 -07:00
/// Signature failed verification
IncorrectSignature,
Update bindings to current secp256k1 library rust-secp256k1 was based off of https://github.com/sipa/secp256k1, which has been inactive nearly as long as this repository (prior to a couple days ago anyway). The correct repository is https://github.com/bitcoin/secp256k1 This is a major breaking change to the library for one reason: there are no longer any Nonce types in the safe interface. The signing functions do not take a nonce; this is generated internally. This also means that I was able to drop all my RFC6979 code, since libsecp256k1 has its own implementation. If you need to generate your own nonces, you need to create an unsafe function of type `ffi::NonceFn`, then pass it to the appropriate functions in the `ffi` module. There is no safe interface for doing this, deliberately: there is basically no need to directly fiddle with nonces ever.
2015-04-05 22:13:38 -07:00
/// Badly sized message
InvalidMessage,
Move FFI functions into separate module; add documentation and style lints
2014-08-09 13:27:08 -07:00
/// Bad public key
Initial (failing) implementation.
2014-07-06 22:41:22 -07:00
InvalidPublicKey,
Move FFI functions into separate module; add documentation and style lints
2014-08-09 13:27:08 -07:00
/// Bad signature
Initial (failing) implementation.
2014-07-06 22:41:22 -07:00
InvalidSignature,
Move FFI functions into separate module; add documentation and style lints
2014-08-09 13:27:08 -07:00
/// Bad secret key
Initial (failing) implementation.
2014-07-06 22:41:22 -07:00
InvalidSecretKey,
Expose tweak functions in FFI, wrap a couple
2014-08-28 09:16:53 -07:00
/// Boolean-returning function returned the wrong boolean
Unknown
Initial (failing) implementation.
2014-07-06 22:41:22 -07:00
}
Add `Display` impl to `Error`; cleanup `Result` mess
2015-04-05 18:27:43 -07:00
// Passthrough Debug to Display, since errors should be user-visible
impl fmt::Display for Error {
fn fmt(&self, f: &mut fmt::Formatter) -> Result<(), fmt::Error> {
fmt::Debug::fmt(self, f)
}
}
Move FFI and constants into their own modules; replace outptrs with returns
2014-08-09 18:03:17 -07:00
Revert "Overhaul interface to use zero-on-free SecretKeys" This reverts commit 98890907849326a0e265d0ee12d3caa232b19602. This is not ready for primetime -- the move prevention also prevents reborrowing, which makes secret keys nearly unusable.
2014-09-12 06:28:35 -07:00
/// The secp256k1 engine, used to execute all signature operations
[API BREAK] Remove Rng from Secp256k1 and associated code The Rng was only used for key generation, and for BIP32 users not even then; thus hauling around a Rng is a waste of space in addition to causing a massive amount of syntactic noise. For example rust-bitcoin almost always uses `()` as the Rng; having `Secp256k1` default to a `Secp256k1<Fortuna>` then means even more syntactic noise, rather than less. Now key generation functions take a Rng as a parameter, and the rest can forget about having a Rng. This also means that the Secp256k1 context never needs a mutable reference and can be easily put into an Arc if so desired.
2015-04-12 13:54:22 -07:00
pub struct Secp256k1 {
[API BREAK] expose ability to create contexts without verify or signing caps There are a lot of cases in rust-bitcoin where we need a `Secp256k1` which doesn't need any signing or verification capabilities, only checking the validity of various objects. We can get away with a bare context (i.e. no precomputation) which can be cheaply created on demand, avoiding the need to pass around references to Secp256k1 objects everywhere. API break because the following functions can now fail (given an insufficiently capable context) and therefore now return a Result: Secp256k1::generate_keypair Secp256k1::sign Secp256k1::sign_compact
2015-04-13 20:04:43 -07:00
ctx: ffi::Context,
caps: ContextFlag
}
/// Flags used to determine the capabilities of a `Secp256k1` object;
/// the more capabilities, the more expensive it is to create.
#[derive(PartialEq, Eq, Copy, Clone, Debug)]
pub enum ContextFlag {
/// Can neither sign nor verify signatures (cheapest to create, useful
/// for cases not involving signatures, such as creating keys from slices)
None,
/// Can sign but not verify signatures
SignOnly,
/// Can verify but not create signatures
VerifyOnly,
/// Can verify and create signatures
Full
}
// Passthrough Debug to Display, since caps should be user-visible
impl fmt::Display for ContextFlag {
fn fmt(&self, f: &mut fmt::Formatter) -> Result<(), fmt::Error> {
fmt::Debug::fmt(self, f)
}
Revert "Overhaul interface to use zero-on-free SecretKeys" This reverts commit 98890907849326a0e265d0ee12d3caa232b19602. This is not ready for primetime -- the move prevention also prevents reborrowing, which makes secret keys nearly unusable.
2014-09-12 06:28:35 -07:00
}
[API BREAK] Remove Rng from Secp256k1 and associated code The Rng was only used for key generation, and for BIP32 users not even then; thus hauling around a Rng is a waste of space in addition to causing a massive amount of syntactic noise. For example rust-bitcoin almost always uses `()` as the Rng; having `Secp256k1` default to a `Secp256k1<Fortuna>` then means even more syntactic noise, rather than less. Now key generation functions take a Rng as a parameter, and the rest can forget about having a Rng. This also means that the Secp256k1 context never needs a mutable reference and can be easily put into an Arc if so desired.
2015-04-12 13:54:22 -07:00
impl Clone for Secp256k1 {
fn clone(&self) -> Secp256k1 {
Add missing implementations; update FFI for libsecp256k1's new cloning fn
2015-04-12 07:36:49 -07:00
Secp256k1 {
[API BREAK] expose ability to create contexts without verify or signing caps There are a lot of cases in rust-bitcoin where we need a `Secp256k1` which doesn't need any signing or verification capabilities, only checking the validity of various objects. We can get away with a bare context (i.e. no precomputation) which can be cheaply created on demand, avoiding the need to pass around references to Secp256k1 objects everywhere. API break because the following functions can now fail (given an insufficiently capable context) and therefore now return a Result: Secp256k1::generate_keypair Secp256k1::sign Secp256k1::sign_compact
2015-04-13 20:04:43 -07:00
ctx: unsafe { ffi::secp256k1_context_clone(self.ctx) },
caps: self.caps
Add missing implementations; update FFI for libsecp256k1's new cloning fn
2015-04-12 07:36:49 -07:00
}
}
}
[API BREAK] Remove Rng from Secp256k1 and associated code The Rng was only used for key generation, and for BIP32 users not even then; thus hauling around a Rng is a waste of space in addition to causing a massive amount of syntactic noise. For example rust-bitcoin almost always uses `()` as the Rng; having `Secp256k1` default to a `Secp256k1<Fortuna>` then means even more syntactic noise, rather than less. Now key generation functions take a Rng as a parameter, and the rest can forget about having a Rng. This also means that the Secp256k1 context never needs a mutable reference and can be easily put into an Arc if so desired.
2015-04-12 13:54:22 -07:00
impl PartialEq for Secp256k1 {
[API BREAK] expose ability to create contexts without verify or signing caps There are a lot of cases in rust-bitcoin where we need a `Secp256k1` which doesn't need any signing or verification capabilities, only checking the validity of various objects. We can get away with a bare context (i.e. no precomputation) which can be cheaply created on demand, avoiding the need to pass around references to Secp256k1 objects everywhere. API break because the following functions can now fail (given an insufficiently capable context) and therefore now return a Result: Secp256k1::generate_keypair Secp256k1::sign Secp256k1::sign_compact
2015-04-13 20:04:43 -07:00
fn eq(&self, other: &Secp256k1) -> bool { self.caps == other.caps }
Add missing implementations; update FFI for libsecp256k1's new cloning fn
2015-04-12 07:36:49 -07:00
}
[API BREAK] Remove Rng from Secp256k1 and associated code The Rng was only used for key generation, and for BIP32 users not even then; thus hauling around a Rng is a waste of space in addition to causing a massive amount of syntactic noise. For example rust-bitcoin almost always uses `()` as the Rng; having `Secp256k1` default to a `Secp256k1<Fortuna>` then means even more syntactic noise, rather than less. Now key generation functions take a Rng as a parameter, and the rest can forget about having a Rng. This also means that the Secp256k1 context never needs a mutable reference and can be easily put into an Arc if so desired.
2015-04-12 13:54:22 -07:00
impl Eq for Secp256k1 { }
Add missing implementations; update FFI for libsecp256k1's new cloning fn
2015-04-12 07:36:49 -07:00
[API BREAK] Remove Rng from Secp256k1 and associated code The Rng was only used for key generation, and for BIP32 users not even then; thus hauling around a Rng is a waste of space in addition to causing a massive amount of syntactic noise. For example rust-bitcoin almost always uses `()` as the Rng; having `Secp256k1` default to a `Secp256k1<Fortuna>` then means even more syntactic noise, rather than less. Now key generation functions take a Rng as a parameter, and the rest can forget about having a Rng. This also means that the Secp256k1 context never needs a mutable reference and can be easily put into an Arc if so desired.
2015-04-12 13:54:22 -07:00
impl fmt::Debug for Secp256k1 {
Add missing implementations; update FFI for libsecp256k1's new cloning fn
2015-04-12 07:36:49 -07:00
fn fmt(&self, f: &mut fmt::Formatter) -> Result<(), fmt::Error> {
[API BREAK] expose ability to create contexts without verify or signing caps There are a lot of cases in rust-bitcoin where we need a `Secp256k1` which doesn't need any signing or verification capabilities, only checking the validity of various objects. We can get away with a bare context (i.e. no precomputation) which can be cheaply created on demand, avoiding the need to pass around references to Secp256k1 objects everywhere. API break because the following functions can now fail (given an insufficiently capable context) and therefore now return a Result: Secp256k1::generate_keypair Secp256k1::sign Secp256k1::sign_compact
2015-04-13 20:04:43 -07:00
write!(f, "Secp256k1 {{ [private], caps: {:?} }}", self.caps)
Add missing implementations; update FFI for libsecp256k1's new cloning fn
2015-04-12 07:36:49 -07:00
}
}
[API BREAK] Remove Rng from Secp256k1 and associated code The Rng was only used for key generation, and for BIP32 users not even then; thus hauling around a Rng is a waste of space in addition to causing a massive amount of syntactic noise. For example rust-bitcoin almost always uses `()` as the Rng; having `Secp256k1` default to a `Secp256k1<Fortuna>` then means even more syntactic noise, rather than less. Now key generation functions take a Rng as a parameter, and the rest can forget about having a Rng. This also means that the Secp256k1 context never needs a mutable reference and can be easily put into an Arc if so desired.
2015-04-12 13:54:22 -07:00
impl Drop for Secp256k1 {
[API BREAK] update for libsecp256k1 "explicit context" API break Rather than have global initialization functions, which required expensive synchronization on the part of the Rust library, libsecp256k1 now carries its context in thread-local data which must be passed to every function. What this means for the rust-secp256k1 API is: - Most functions on `PublicKey` and `SecretKey` now require a `Secp256k1` to be given to them. - `Secp256k1::verify` and `::verify_raw` now take a `&self` - `SecretKey::new` now takes a `Secp256k1` rather than a Rng; a future commit will allow specifying the Rng in the `Secp256k1` so that functionality is not lost. - The FFI functions have all changed to take a context argument - `secp256k1::init()` is gone, as is the dependency on std::sync - There is a `ffi::Context` type which must be handled carefully by anyone using it directly (hopefully nobody :))
2015-04-11 10:00:20 -07:00
fn drop(&mut self) {
unsafe { ffi::secp256k1_context_destroy(self.ctx); }
Pull out initialization code so that `PublicKey::from_secret_key` can be used safely
2014-08-09 20:34:16 -07:00
}
}
[API BREAK] Remove Rng from Secp256k1 and associated code The Rng was only used for key generation, and for BIP32 users not even then; thus hauling around a Rng is a waste of space in addition to causing a massive amount of syntactic noise. For example rust-bitcoin almost always uses `()` as the Rng; having `Secp256k1` default to a `Secp256k1<Fortuna>` then means even more syntactic noise, rather than less. Now key generation functions take a Rng as a parameter, and the rest can forget about having a Rng. This also means that the Secp256k1 context never needs a mutable reference and can be easily put into an Arc if so desired.
2015-04-12 13:54:22 -07:00
impl Secp256k1 {
/// Creates a new Secp256k1 context
[API BREAK] expose ability to create contexts without verify or signing caps There are a lot of cases in rust-bitcoin where we need a `Secp256k1` which doesn't need any signing or verification capabilities, only checking the validity of various objects. We can get away with a bare context (i.e. no precomputation) which can be cheaply created on demand, avoiding the need to pass around references to Secp256k1 objects everywhere. API break because the following functions can now fail (given an insufficiently capable context) and therefore now return a Result: Secp256k1::generate_keypair Secp256k1::sign Secp256k1::sign_compact
2015-04-13 20:04:43 -07:00
#[inline]
[API BREAK] Remove Rng from Secp256k1 and associated code The Rng was only used for key generation, and for BIP32 users not even then; thus hauling around a Rng is a waste of space in addition to causing a massive amount of syntactic noise. For example rust-bitcoin almost always uses `()` as the Rng; having `Secp256k1` default to a `Secp256k1<Fortuna>` then means even more syntactic noise, rather than less. Now key generation functions take a Rng as a parameter, and the rest can forget about having a Rng. This also means that the Secp256k1 context never needs a mutable reference and can be easily put into an Arc if so desired.
2015-04-12 13:54:22 -07:00
pub fn new() -> Secp256k1 {
[API BREAK] expose ability to create contexts without verify or signing caps There are a lot of cases in rust-bitcoin where we need a `Secp256k1` which doesn't need any signing or verification capabilities, only checking the validity of various objects. We can get away with a bare context (i.e. no precomputation) which can be cheaply created on demand, avoiding the need to pass around references to Secp256k1 objects everywhere. API break because the following functions can now fail (given an insufficiently capable context) and therefore now return a Result: Secp256k1::generate_keypair Secp256k1::sign Secp256k1::sign_compact
2015-04-13 20:04:43 -07:00
Secp256k1::with_caps(ContextFlag::Full)
}
/// Creates a new Secp256k1 context with the specified capabilities
pub fn with_caps(caps: ContextFlag) -> Secp256k1 {
let flag = match caps {
ContextFlag::None => 0,
ContextFlag::SignOnly => ffi::SECP256K1_START_SIGN,
ContextFlag::VerifyOnly => ffi::SECP256K1_START_VERIFY,
ContextFlag::Full => ffi::SECP256K1_START_SIGN | ffi::SECP256K1_START_VERIFY
[API BREAK] Remove Rng from Secp256k1 and associated code The Rng was only used for key generation, and for BIP32 users not even then; thus hauling around a Rng is a waste of space in addition to causing a massive amount of syntactic noise. For example rust-bitcoin almost always uses `()` as the Rng; having `Secp256k1` default to a `Secp256k1<Fortuna>` then means even more syntactic noise, rather than less. Now key generation functions take a Rng as a parameter, and the rest can forget about having a Rng. This also means that the Secp256k1 context never needs a mutable reference and can be easily put into an Arc if so desired.
2015-04-12 13:54:22 -07:00
};
[API BREAK] expose ability to create contexts without verify or signing caps There are a lot of cases in rust-bitcoin where we need a `Secp256k1` which doesn't need any signing or verification capabilities, only checking the validity of various objects. We can get away with a bare context (i.e. no precomputation) which can be cheaply created on demand, avoiding the need to pass around references to Secp256k1 objects everywhere. API break because the following functions can now fail (given an insufficiently capable context) and therefore now return a Result: Secp256k1::generate_keypair Secp256k1::sign Secp256k1::sign_compact
2015-04-13 20:04:43 -07:00
Secp256k1 { ctx: unsafe { ffi::secp256k1_context_create(flag) }, caps: caps }
Add `Secp256k1::with_rng`, parameterize `Secp256k1` over its RNG. Now that you can't create secret keys by directly passing a Rng to `SecretKey::new`, we need a way to allow user-chosed randomness. We add it to the `Secp256k1`.
2015-04-11 10:51:39 -07:00
}
Revert "Overhaul interface to use zero-on-free SecretKeys" This reverts commit 98890907849326a0e265d0ee12d3caa232b19602. This is not ready for primetime -- the move prevention also prevents reborrowing, which makes secret keys nearly unusable.
2014-09-12 06:28:35 -07:00
/// Generates a random keypair. Convenience function for `key::SecretKey::new`
/// and `key::PublicKey::from_secret_key`; call those functions directly for
[API BREAK] expose ability to create contexts without verify or signing caps There are a lot of cases in rust-bitcoin where we need a `Secp256k1` which doesn't need any signing or verification capabilities, only checking the validity of various objects. We can get away with a bare context (i.e. no precomputation) which can be cheaply created on demand, avoiding the need to pass around references to Secp256k1 objects everywhere. API break because the following functions can now fail (given an insufficiently capable context) and therefore now return a Result: Secp256k1::generate_keypair Secp256k1::sign Secp256k1::sign_compact
2015-04-13 20:04:43 -07:00
/// batch key generation. Requires a signing-capable context.
Revert "Overhaul interface to use zero-on-free SecretKeys" This reverts commit 98890907849326a0e265d0ee12d3caa232b19602. This is not ready for primetime -- the move prevention also prevents reborrowing, which makes secret keys nearly unusable.
2014-09-12 06:28:35 -07:00
#[inline]
[API BREAK] Remove Rng from Secp256k1 and associated code The Rng was only used for key generation, and for BIP32 users not even then; thus hauling around a Rng is a waste of space in addition to causing a massive amount of syntactic noise. For example rust-bitcoin almost always uses `()` as the Rng; having `Secp256k1` default to a `Secp256k1<Fortuna>` then means even more syntactic noise, rather than less. Now key generation functions take a Rng as a parameter, and the rest can forget about having a Rng. This also means that the Secp256k1 context never needs a mutable reference and can be easily put into an Arc if so desired.
2015-04-12 13:54:22 -07:00
pub fn generate_keypair<R: Rng>(&self, rng: &mut R, compressed: bool)
[API BREAK] expose ability to create contexts without verify or signing caps There are a lot of cases in rust-bitcoin where we need a `Secp256k1` which doesn't need any signing or verification capabilities, only checking the validity of various objects. We can get away with a bare context (i.e. no precomputation) which can be cheaply created on demand, avoiding the need to pass around references to Secp256k1 objects everywhere. API break because the following functions can now fail (given an insufficiently capable context) and therefore now return a Result: Secp256k1::generate_keypair Secp256k1::sign Secp256k1::sign_compact
2015-04-13 20:04:43 -07:00
-> Result<(key::SecretKey, key::PublicKey), Error> {
if self.caps == ContextFlag::VerifyOnly || self.caps == ContextFlag::None {
return Err(Error::IncapableContext);
}
[API BREAK] Remove Rng from Secp256k1 and associated code The Rng was only used for key generation, and for BIP32 users not even then; thus hauling around a Rng is a waste of space in addition to causing a massive amount of syntactic noise. For example rust-bitcoin almost always uses `()` as the Rng; having `Secp256k1` default to a `Secp256k1<Fortuna>` then means even more syntactic noise, rather than less. Now key generation functions take a Rng as a parameter, and the rest can forget about having a Rng. This also means that the Secp256k1 context never needs a mutable reference and can be easily put into an Arc if so desired.
2015-04-12 13:54:22 -07:00
let sk = key::SecretKey::new(self, rng);
[API BREAK] update for libsecp256k1 "explicit context" API break Rather than have global initialization functions, which required expensive synchronization on the part of the Rust library, libsecp256k1 now carries its context in thread-local data which must be passed to every function. What this means for the rust-secp256k1 API is: - Most functions on `PublicKey` and `SecretKey` now require a `Secp256k1` to be given to them. - `Secp256k1::verify` and `::verify_raw` now take a `&self` - `SecretKey::new` now takes a `Secp256k1` rather than a Rng; a future commit will allow specifying the Rng in the `Secp256k1` so that functionality is not lost. - The FFI functions have all changed to take a context argument - `secp256k1::init()` is gone, as is the dependency on std::sync - There is a `ffi::Context` type which must be handled carefully by anyone using it directly (hopefully nobody :))
2015-04-11 10:00:20 -07:00
let pk = key::PublicKey::from_secret_key(self, &sk, compressed);
[API BREAK] expose ability to create contexts without verify or signing caps There are a lot of cases in rust-bitcoin where we need a `Secp256k1` which doesn't need any signing or verification capabilities, only checking the validity of various objects. We can get away with a bare context (i.e. no precomputation) which can be cheaply created on demand, avoiding the need to pass around references to Secp256k1 objects everywhere. API break because the following functions can now fail (given an insufficiently capable context) and therefore now return a Result: Secp256k1::generate_keypair Secp256k1::sign Secp256k1::sign_compact
2015-04-13 20:04:43 -07:00
Ok((sk, pk))
Revert "Overhaul interface to use zero-on-free SecretKeys" This reverts commit 98890907849326a0e265d0ee12d3caa232b19602. This is not ready for primetime -- the move prevention also prevents reborrowing, which makes secret keys nearly unusable.
2014-09-12 06:28:35 -07:00
}
Initial (failing) implementation.
2014-07-06 22:41:22 -07:00
[API BREAK] expose ability to create contexts without verify or signing caps There are a lot of cases in rust-bitcoin where we need a `Secp256k1` which doesn't need any signing or verification capabilities, only checking the validity of various objects. We can get away with a bare context (i.e. no precomputation) which can be cheaply created on demand, avoiding the need to pass around references to Secp256k1 objects everywhere. API break because the following functions can now fail (given an insufficiently capable context) and therefore now return a Result: Secp256k1::generate_keypair Secp256k1::sign Secp256k1::sign_compact
2015-04-13 20:04:43 -07:00
/// Constructs a signature for `msg` using the secret key `sk` and nonce `nonce`.
/// Requires a signing-capable context.
Update bindings to current secp256k1 library rust-secp256k1 was based off of https://github.com/sipa/secp256k1, which has been inactive nearly as long as this repository (prior to a couple days ago anyway). The correct repository is https://github.com/bitcoin/secp256k1 This is a major breaking change to the library for one reason: there are no longer any Nonce types in the safe interface. The signing functions do not take a nonce; this is generated internally. This also means that I was able to drop all my RFC6979 code, since libsecp256k1 has its own implementation. If you need to generate your own nonces, you need to create an unsafe function of type `ffi::NonceFn`, then pass it to the appropriate functions in the `ffi` module. There is no safe interface for doing this, deliberately: there is basically no need to directly fiddle with nonces ever.
2015-04-05 22:13:38 -07:00
pub fn sign(&self, msg: &Message, sk: &key::SecretKey)
[API BREAK] expose ability to create contexts without verify or signing caps There are a lot of cases in rust-bitcoin where we need a `Secp256k1` which doesn't need any signing or verification capabilities, only checking the validity of various objects. We can get away with a bare context (i.e. no precomputation) which can be cheaply created on demand, avoiding the need to pass around references to Secp256k1 objects everywhere. API break because the following functions can now fail (given an insufficiently capable context) and therefore now return a Result: Secp256k1::generate_keypair Secp256k1::sign Secp256k1::sign_compact
2015-04-13 20:04:43 -07:00
-> Result<Signature, Error> {
if self.caps == ContextFlag::VerifyOnly || self.caps == ContextFlag::None {
return Err(Error::IncapableContext);
}
Update for rustc changes We can compile now, but not link -- there have been too many changes in libsecp256k1 behind the scenes. Next commit :)
2015-01-17 08:13:45 -08:00
let mut sig = [0; constants::MAX_SIGNATURE_SIZE];
Revert "Overhaul interface to use zero-on-free SecretKeys" This reverts commit 98890907849326a0e265d0ee12d3caa232b19602. This is not ready for primetime -- the move prevention also prevents reborrowing, which makes secret keys nearly unusable.
2014-09-12 06:28:35 -07:00
let mut len = constants::MAX_SIGNATURE_SIZE as c_int;
unsafe {
[minor API BREAK] Add unit tests to cover all error cases This comes with a couple bugfixes and the following API changes: - Secp256k1::sign and ::sign_compact no longer return Result; it is impossible to trigger their failure modes with safe code since the `Message` and `SecretKey` types validate when they are created. - constants::MAX_COMPACT_SIGNATURE_SIZE loses the MAX_; signatures are always constant size - the Debug output for everything is now hex-encoded rather than being a list of base-10 ints. It's just easier to read this way. kcov v26 now reports 100% test coverage; however, this does not guarantee that test coverage is actually complete. Patches are always welcome for improved unit tests.
2015-04-12 08:51:15 -07:00
// We can assume the return value because it's not possible to construct
// an invalid signature from a valid `Message` and `SecretKey`
assert_eq!(ffi::secp256k1_ecdsa_sign(self.ctx, msg.as_ptr(), sig.as_mut_ptr(),
&mut len, sk.as_ptr(),
ffi::secp256k1_nonce_function_rfc6979,
ptr::null()), 1);
Revert "Overhaul interface to use zero-on-free SecretKeys" This reverts commit 98890907849326a0e265d0ee12d3caa232b19602. This is not ready for primetime -- the move prevention also prevents reborrowing, which makes secret keys nearly unusable.
2014-09-12 06:28:35 -07:00
// This assertation is probably too late :)
Change inline assertions to debug_asserts All of these were things that are (should be) guaranteed true no matter what input is given to the API, barring unsafe operations on the data.
2015-04-11 11:07:43 -07:00
debug_assert!(len as usize <= constants::MAX_SIGNATURE_SIZE);
[minor API BREAK] Add unit tests to cover all error cases This comes with a couple bugfixes and the following API changes: - Secp256k1::sign and ::sign_compact no longer return Result; it is impossible to trigger their failure modes with safe code since the `Message` and `SecretKey` types validate when they are created. - constants::MAX_COMPACT_SIGNATURE_SIZE loses the MAX_; signatures are always constant size - the Debug output for everything is now hex-encoded rather than being a list of base-10 ints. It's just easier to read this way. kcov v26 now reports 100% test coverage; however, this does not guarantee that test coverage is actually complete. Patches are always welcome for improved unit tests.
2015-04-12 08:51:15 -07:00
}
[API BREAK] expose ability to create contexts without verify or signing caps There are a lot of cases in rust-bitcoin where we need a `Secp256k1` which doesn't need any signing or verification capabilities, only checking the validity of various objects. We can get away with a bare context (i.e. no precomputation) which can be cheaply created on demand, avoiding the need to pass around references to Secp256k1 objects everywhere. API break because the following functions can now fail (given an insufficiently capable context) and therefore now return a Result: Secp256k1::generate_keypair Secp256k1::sign Secp256k1::sign_compact
2015-04-13 20:04:43 -07:00
Ok(Signature(len as usize, sig))
Revert "Overhaul interface to use zero-on-free SecretKeys" This reverts commit 98890907849326a0e265d0ee12d3caa232b19602. This is not ready for primetime -- the move prevention also prevents reborrowing, which makes secret keys nearly unusable.
2014-09-12 06:28:35 -07:00
}
Overhaul interface to use zero-on-free SecretKeys Using the `secretdata` library, we can store SecretKeys in such a way that they cannot be moved or copied, and their memory is zeroed out on drop. This gives us some assurance that in the case of memory unsafety, there is not secret key data lying around anywhere that we don't expect. Unfortunately, it means that we cannot construct secret keys and then return them, which forces the interface to change a fair bit. I removed the `generate_keypair` function from Secp256k1, then `generate_nonce` for symmetry, then dropped the `Secp256k1` struct entirely because it turned out that none of the remaining functions used the `self` param. So here we are. I bumped the version number. Sorry about this.
2014-09-11 20:36:15 -07:00
[API BREAK] expose ability to create contexts without verify or signing caps There are a lot of cases in rust-bitcoin where we need a `Secp256k1` which doesn't need any signing or verification capabilities, only checking the validity of various objects. We can get away with a bare context (i.e. no precomputation) which can be cheaply created on demand, avoiding the need to pass around references to Secp256k1 objects everywhere. API break because the following functions can now fail (given an insufficiently capable context) and therefore now return a Result: Secp256k1::generate_keypair Secp256k1::sign Secp256k1::sign_compact
2015-04-13 20:04:43 -07:00
/// Constructs a compact signature for `msg` using the secret key `sk`.
/// Requires a signing-capable context.
Update bindings to current secp256k1 library rust-secp256k1 was based off of https://github.com/sipa/secp256k1, which has been inactive nearly as long as this repository (prior to a couple days ago anyway). The correct repository is https://github.com/bitcoin/secp256k1 This is a major breaking change to the library for one reason: there are no longer any Nonce types in the safe interface. The signing functions do not take a nonce; this is generated internally. This also means that I was able to drop all my RFC6979 code, since libsecp256k1 has its own implementation. If you need to generate your own nonces, you need to create an unsafe function of type `ffi::NonceFn`, then pass it to the appropriate functions in the `ffi` module. There is no safe interface for doing this, deliberately: there is basically no need to directly fiddle with nonces ever.
2015-04-05 22:13:38 -07:00
pub fn sign_compact(&self, msg: &Message, sk: &key::SecretKey)
[API BREAK] expose ability to create contexts without verify or signing caps There are a lot of cases in rust-bitcoin where we need a `Secp256k1` which doesn't need any signing or verification capabilities, only checking the validity of various objects. We can get away with a bare context (i.e. no precomputation) which can be cheaply created on demand, avoiding the need to pass around references to Secp256k1 objects everywhere. API break because the following functions can now fail (given an insufficiently capable context) and therefore now return a Result: Secp256k1::generate_keypair Secp256k1::sign Secp256k1::sign_compact
2015-04-13 20:04:43 -07:00
-> Result<(Signature, RecoveryId), Error> {
if self.caps == ContextFlag::VerifyOnly || self.caps == ContextFlag::None {
return Err(Error::IncapableContext);
}
Update for rustc changes We can compile now, but not link -- there have been too many changes in libsecp256k1 behind the scenes. Next commit :)
2015-01-17 08:13:45 -08:00
let mut sig = [0; constants::MAX_SIGNATURE_SIZE];
Revert "Overhaul interface to use zero-on-free SecretKeys" This reverts commit 98890907849326a0e265d0ee12d3caa232b19602. This is not ready for primetime -- the move prevention also prevents reborrowing, which makes secret keys nearly unusable.
2014-09-12 06:28:35 -07:00
let mut recid = 0;
unsafe {
[minor API BREAK] Add unit tests to cover all error cases This comes with a couple bugfixes and the following API changes: - Secp256k1::sign and ::sign_compact no longer return Result; it is impossible to trigger their failure modes with safe code since the `Message` and `SecretKey` types validate when they are created. - constants::MAX_COMPACT_SIGNATURE_SIZE loses the MAX_; signatures are always constant size - the Debug output for everything is now hex-encoded rather than being a list of base-10 ints. It's just easier to read this way. kcov v26 now reports 100% test coverage; however, this does not guarantee that test coverage is actually complete. Patches are always welcome for improved unit tests.
2015-04-12 08:51:15 -07:00
// We can assume the return value because it's not possible to construct
// an invalid signature from a valid `Message` and `SecretKey`
assert_eq!(ffi::secp256k1_ecdsa_sign_compact(self.ctx, msg.as_ptr(),
sig.as_mut_ptr(), sk.as_ptr(),
ffi::secp256k1_nonce_function_default,
ptr::null(), &mut recid), 1);
}
[API BREAK] expose ability to create contexts without verify or signing caps There are a lot of cases in rust-bitcoin where we need a `Secp256k1` which doesn't need any signing or verification capabilities, only checking the validity of various objects. We can get away with a bare context (i.e. no precomputation) which can be cheaply created on demand, avoiding the need to pass around references to Secp256k1 objects everywhere. API break because the following functions can now fail (given an insufficiently capable context) and therefore now return a Result: Secp256k1::generate_keypair Secp256k1::sign Secp256k1::sign_compact
2015-04-13 20:04:43 -07:00
Ok((Signature(constants::COMPACT_SIGNATURE_SIZE, sig), RecoveryId(recid)))
Revert "Overhaul interface to use zero-on-free SecretKeys" This reverts commit 98890907849326a0e265d0ee12d3caa232b19602. This is not ready for primetime -- the move prevention also prevents reborrowing, which makes secret keys nearly unusable.
2014-09-12 06:28:35 -07:00
}
Overhaul interface to use zero-on-free SecretKeys Using the `secretdata` library, we can store SecretKeys in such a way that they cannot be moved or copied, and their memory is zeroed out on drop. This gives us some assurance that in the case of memory unsafety, there is not secret key data lying around anywhere that we don't expect. Unfortunately, it means that we cannot construct secret keys and then return them, which forces the interface to change a fair bit. I removed the `generate_keypair` function from Secp256k1, then `generate_nonce` for symmetry, then dropped the `Secp256k1` struct entirely because it turned out that none of the remaining functions used the `self` param. So here we are. I bumped the version number. Sorry about this.
2014-09-11 20:36:15 -07:00
Revert "Overhaul interface to use zero-on-free SecretKeys" This reverts commit 98890907849326a0e265d0ee12d3caa232b19602. This is not ready for primetime -- the move prevention also prevents reborrowing, which makes secret keys nearly unusable.
2014-09-12 06:28:35 -07:00
/// Determines the public key for which `sig` is a valid signature for
[API BREAK] expose ability to create contexts without verify or signing caps There are a lot of cases in rust-bitcoin where we need a `Secp256k1` which doesn't need any signing or verification capabilities, only checking the validity of various objects. We can get away with a bare context (i.e. no precomputation) which can be cheaply created on demand, avoiding the need to pass around references to Secp256k1 objects everywhere. API break because the following functions can now fail (given an insufficiently capable context) and therefore now return a Result: Secp256k1::generate_keypair Secp256k1::sign Secp256k1::sign_compact
2015-04-13 20:04:43 -07:00
/// `msg`. Returns through the out-pointer `pubkey`. Requires a verify-capable
/// context.
Update bindings to current secp256k1 library rust-secp256k1 was based off of https://github.com/sipa/secp256k1, which has been inactive nearly as long as this repository (prior to a couple days ago anyway). The correct repository is https://github.com/bitcoin/secp256k1 This is a major breaking change to the library for one reason: there are no longer any Nonce types in the safe interface. The signing functions do not take a nonce; this is generated internally. This also means that I was able to drop all my RFC6979 code, since libsecp256k1 has its own implementation. If you need to generate your own nonces, you need to create an unsafe function of type `ffi::NonceFn`, then pass it to the appropriate functions in the `ffi` module. There is no safe interface for doing this, deliberately: there is basically no need to directly fiddle with nonces ever.
2015-04-05 22:13:38 -07:00
pub fn recover_compact(&self, msg: &Message, sig: &[u8],
Revert "Overhaul interface to use zero-on-free SecretKeys" This reverts commit 98890907849326a0e265d0ee12d3caa232b19602. This is not ready for primetime -- the move prevention also prevents reborrowing, which makes secret keys nearly unusable.
2014-09-12 06:28:35 -07:00
compressed: bool, recid: RecoveryId)
Add `Display` impl to `Error`; cleanup `Result` mess
2015-04-05 18:27:43 -07:00
-> Result<key::PublicKey, Error> {
[API BREAK] expose ability to create contexts without verify or signing caps There are a lot of cases in rust-bitcoin where we need a `Secp256k1` which doesn't need any signing or verification capabilities, only checking the validity of various objects. We can get away with a bare context (i.e. no precomputation) which can be cheaply created on demand, avoiding the need to pass around references to Secp256k1 objects everywhere. API break because the following functions can now fail (given an insufficiently capable context) and therefore now return a Result: Secp256k1::generate_keypair Secp256k1::sign Secp256k1::sign_compact
2015-04-13 20:04:43 -07:00
if self.caps == ContextFlag::SignOnly || self.caps == ContextFlag::None {
return Err(Error::IncapableContext);
}
Revert "Overhaul interface to use zero-on-free SecretKeys" This reverts commit 98890907849326a0e265d0ee12d3caa232b19602. This is not ready for primetime -- the move prevention also prevents reborrowing, which makes secret keys nearly unusable.
2014-09-12 06:28:35 -07:00
let mut pk = key::PublicKey::new(compressed);
let RecoveryId(recid) = recid;
[minor API BREAK] Add unit tests to cover all error cases This comes with a couple bugfixes and the following API changes: - Secp256k1::sign and ::sign_compact no longer return Result; it is impossible to trigger their failure modes with safe code since the `Message` and `SecretKey` types validate when they are created. - constants::MAX_COMPACT_SIGNATURE_SIZE loses the MAX_; signatures are always constant size - the Debug output for everything is now hex-encoded rather than being a list of base-10 ints. It's just easier to read this way. kcov v26 now reports 100% test coverage; however, this does not guarantee that test coverage is actually complete. Patches are always welcome for improved unit tests.
2015-04-12 08:51:15 -07:00
if sig.len() != constants::COMPACT_SIGNATURE_SIZE {
return Err(Error::InvalidSignature);
}
Revert "Overhaul interface to use zero-on-free SecretKeys" This reverts commit 98890907849326a0e265d0ee12d3caa232b19602. This is not ready for primetime -- the move prevention also prevents reborrowing, which makes secret keys nearly unusable.
2014-09-12 06:28:35 -07:00
unsafe {
let mut len = 0;
[API BREAK] update for libsecp256k1 "explicit context" API break Rather than have global initialization functions, which required expensive synchronization on the part of the Rust library, libsecp256k1 now carries its context in thread-local data which must be passed to every function. What this means for the rust-secp256k1 API is: - Most functions on `PublicKey` and `SecretKey` now require a `Secp256k1` to be given to them. - `Secp256k1::verify` and `::verify_raw` now take a `&self` - `SecretKey::new` now takes a `Secp256k1` rather than a Rng; a future commit will allow specifying the Rng in the `Secp256k1` so that functionality is not lost. - The FFI functions have all changed to take a context argument - `secp256k1::init()` is gone, as is the dependency on std::sync - There is a `ffi::Context` type which must be handled carefully by anyone using it directly (hopefully nobody :))
2015-04-11 10:00:20 -07:00
if ffi::secp256k1_ecdsa_recover_compact(self.ctx, msg.as_ptr(),
Revert "Overhaul interface to use zero-on-free SecretKeys" This reverts commit 98890907849326a0e265d0ee12d3caa232b19602. This is not ready for primetime -- the move prevention also prevents reborrowing, which makes secret keys nearly unusable.
2014-09-12 06:28:35 -07:00
sig.as_ptr(), pk.as_mut_ptr(), &mut len,
if compressed {1} else {0},
recid) != 1 {
Update for rustc changes We can compile now, but not link -- there have been too many changes in libsecp256k1 behind the scenes. Next commit :)
2015-01-17 08:13:45 -08:00
return Err(Error::InvalidSignature);
Revert "Overhaul interface to use zero-on-free SecretKeys" This reverts commit 98890907849326a0e265d0ee12d3caa232b19602. This is not ready for primetime -- the move prevention also prevents reborrowing, which makes secret keys nearly unusable.
2014-09-12 06:28:35 -07:00
}
Change inline assertions to debug_asserts All of these were things that are (should be) guaranteed true no matter what input is given to the API, barring unsafe operations on the data.
2015-04-11 11:07:43 -07:00
debug_assert_eq!(len as usize, pk.len());
Revert "Overhaul interface to use zero-on-free SecretKeys" This reverts commit 98890907849326a0e265d0ee12d3caa232b19602. This is not ready for primetime -- the move prevention also prevents reborrowing, which makes secret keys nearly unusable.
2014-09-12 06:28:35 -07:00
};
Ok(pk)
}
/// Checks that `sig` is a valid ECDSA signature for `msg` using the public
/// key `pubkey`. Returns `Ok(true)` on success. Note that this function cannot
[API BREAK] update for libsecp256k1 "explicit context" API break Rather than have global initialization functions, which required expensive synchronization on the part of the Rust library, libsecp256k1 now carries its context in thread-local data which must be passed to every function. What this means for the rust-secp256k1 API is: - Most functions on `PublicKey` and `SecretKey` now require a `Secp256k1` to be given to them. - `Secp256k1::verify` and `::verify_raw` now take a `&self` - `SecretKey::new` now takes a `Secp256k1` rather than a Rng; a future commit will allow specifying the Rng in the `Secp256k1` so that functionality is not lost. - The FFI functions have all changed to take a context argument - `secp256k1::init()` is gone, as is the dependency on std::sync - There is a `ffi::Context` type which must be handled carefully by anyone using it directly (hopefully nobody :))
2015-04-11 10:00:20 -07:00
/// be used for Bitcoin consensus checking since there may exist signatures
[API BREAK] expose ability to create contexts without verify or signing caps There are a lot of cases in rust-bitcoin where we need a `Secp256k1` which doesn't need any signing or verification capabilities, only checking the validity of various objects. We can get away with a bare context (i.e. no precomputation) which can be cheaply created on demand, avoiding the need to pass around references to Secp256k1 objects everywhere. API break because the following functions can now fail (given an insufficiently capable context) and therefore now return a Result: Secp256k1::generate_keypair Secp256k1::sign Secp256k1::sign_compact
2015-04-13 20:04:43 -07:00
/// which OpenSSL would verify but not libsecp256k1, or vice-versa. Requires a
/// verify-capable context.
Revert "Overhaul interface to use zero-on-free SecretKeys" This reverts commit 98890907849326a0e265d0ee12d3caa232b19602. This is not ready for primetime -- the move prevention also prevents reborrowing, which makes secret keys nearly unusable.
2014-09-12 06:28:35 -07:00
#[inline]
[API BREAK] update for libsecp256k1 "explicit context" API break Rather than have global initialization functions, which required expensive synchronization on the part of the Rust library, libsecp256k1 now carries its context in thread-local data which must be passed to every function. What this means for the rust-secp256k1 API is: - Most functions on `PublicKey` and `SecretKey` now require a `Secp256k1` to be given to them. - `Secp256k1::verify` and `::verify_raw` now take a `&self` - `SecretKey::new` now takes a `Secp256k1` rather than a Rng; a future commit will allow specifying the Rng in the `Secp256k1` so that functionality is not lost. - The FFI functions have all changed to take a context argument - `secp256k1::init()` is gone, as is the dependency on std::sync - There is a `ffi::Context` type which must be handled carefully by anyone using it directly (hopefully nobody :))
2015-04-11 10:00:20 -07:00
pub fn verify(&self, msg: &Message, sig: &Signature, pk: &key::PublicKey) -> Result<(), Error> {
self.verify_raw(msg, &sig[..], pk)
Revert "Overhaul interface to use zero-on-free SecretKeys" This reverts commit 98890907849326a0e265d0ee12d3caa232b19602. This is not ready for primetime -- the move prevention also prevents reborrowing, which makes secret keys nearly unusable.
2014-09-12 06:28:35 -07:00
}
[API BREAK] expose ability to create contexts without verify or signing caps There are a lot of cases in rust-bitcoin where we need a `Secp256k1` which doesn't need any signing or verification capabilities, only checking the validity of various objects. We can get away with a bare context (i.e. no precomputation) which can be cheaply created on demand, avoiding the need to pass around references to Secp256k1 objects everywhere. API break because the following functions can now fail (given an insufficiently capable context) and therefore now return a Result: Secp256k1::generate_keypair Secp256k1::sign Secp256k1::sign_compact
2015-04-13 20:04:43 -07:00
/// Verifies a signature described as a slice of bytes rather than opaque `Signature`.
/// Requires a verify-capable context.
[API BREAK] update for libsecp256k1 "explicit context" API break Rather than have global initialization functions, which required expensive synchronization on the part of the Rust library, libsecp256k1 now carries its context in thread-local data which must be passed to every function. What this means for the rust-secp256k1 API is: - Most functions on `PublicKey` and `SecretKey` now require a `Secp256k1` to be given to them. - `Secp256k1::verify` and `::verify_raw` now take a `&self` - `SecretKey::new` now takes a `Secp256k1` rather than a Rng; a future commit will allow specifying the Rng in the `Secp256k1` so that functionality is not lost. - The FFI functions have all changed to take a context argument - `secp256k1::init()` is gone, as is the dependency on std::sync - There is a `ffi::Context` type which must be handled carefully by anyone using it directly (hopefully nobody :))
2015-04-11 10:00:20 -07:00
pub fn verify_raw(&self, msg: &Message, sig: &[u8], pk: &key::PublicKey) -> Result<(), Error> {
[API BREAK] expose ability to create contexts without verify or signing caps There are a lot of cases in rust-bitcoin where we need a `Secp256k1` which doesn't need any signing or verification capabilities, only checking the validity of various objects. We can get away with a bare context (i.e. no precomputation) which can be cheaply created on demand, avoiding the need to pass around references to Secp256k1 objects everywhere. API break because the following functions can now fail (given an insufficiently capable context) and therefore now return a Result: Secp256k1::generate_keypair Secp256k1::sign Secp256k1::sign_compact
2015-04-13 20:04:43 -07:00
if self.caps == ContextFlag::SignOnly || self.caps == ContextFlag::None {
return Err(Error::IncapableContext);
}
Revert "Overhaul interface to use zero-on-free SecretKeys" This reverts commit 98890907849326a0e265d0ee12d3caa232b19602. This is not ready for primetime -- the move prevention also prevents reborrowing, which makes secret keys nearly unusable.
2014-09-12 06:28:35 -07:00
let res = unsafe {
[API BREAK] update for libsecp256k1 "explicit context" API break Rather than have global initialization functions, which required expensive synchronization on the part of the Rust library, libsecp256k1 now carries its context in thread-local data which must be passed to every function. What this means for the rust-secp256k1 API is: - Most functions on `PublicKey` and `SecretKey` now require a `Secp256k1` to be given to them. - `Secp256k1::verify` and `::verify_raw` now take a `&self` - `SecretKey::new` now takes a `Secp256k1` rather than a Rng; a future commit will allow specifying the Rng in the `Secp256k1` so that functionality is not lost. - The FFI functions have all changed to take a context argument - `secp256k1::init()` is gone, as is the dependency on std::sync - There is a `ffi::Context` type which must be handled carefully by anyone using it directly (hopefully nobody :))
2015-04-11 10:00:20 -07:00
ffi::secp256k1_ecdsa_verify(self.ctx, msg.as_ptr(),
Revert "Overhaul interface to use zero-on-free SecretKeys" This reverts commit 98890907849326a0e265d0ee12d3caa232b19602. This is not ready for primetime -- the move prevention also prevents reborrowing, which makes secret keys nearly unusable.
2014-09-12 06:28:35 -07:00
sig.as_ptr(), sig.len() as c_int,
pk.as_ptr(), pk.len() as c_int)
};
match res {
1 => Ok(()),
Update for rustc changes We can compile now, but not link -- there have been too many changes in libsecp256k1 behind the scenes. Next commit :)
2015-01-17 08:13:45 -08:00
0 => Err(Error::IncorrectSignature),
-1 => Err(Error::InvalidPublicKey),
-2 => Err(Error::InvalidSignature),
Revert "Overhaul interface to use zero-on-free SecretKeys" This reverts commit 98890907849326a0e265d0ee12d3caa232b19602. This is not ready for primetime -- the move prevention also prevents reborrowing, which makes secret keys nearly unusable.
2014-09-12 06:28:35 -07:00
_ => unreachable!()
}
Initial (failing) implementation.
2014-07-06 22:41:22 -07:00
}
}
fix unused import warning
2014-08-04 16:58:57 -07:00
#[cfg(test)]
Generate keys from Fortuna rather than always using the OsRng When creating a Secp256k1, we attach a Fortuna CSRNG seeded from the OS RNG, rather than using the OS RNG all the time. This moves the potential RNG failure to the creation of the object, rather than at every single place that keys are generated. It also reduces trust in the operating system RNG. This does mean that Secp256k1::new() now returns an IoResult while the generate_* methods no longer return Results, so this is a breaking change. Also add a benchmark for key generation. On my system I get: test tests::generate_compressed ... bench: 492990 ns/iter (+/- 27981) test tests::generate_uncompressed ... bench: 495148 ns/iter (+/- 29829) Contrast the numbers with OsRng: test tests::generate_compressed ... bench: 66691 ns/iter (+/- 3640) test tests::generate_uncompressed ... bench: 67148 ns/iter (+/- 3806) Not too shabby :) [breaking-change]
2014-08-31 20:26:02 -07:00
mod tests {
Change rand crate to crates.io version
2015-03-25 16:57:16 -07:00
use rand::{Rng, thread_rng};
Initial (failing) implementation.
2014-07-06 22:41:22 -07:00
Add a `Sequence` iterator for generating sequential keypairs; fix tests
2014-09-01 09:13:31 -07:00
use test::{Bencher, black_box};
Generate keys from Fortuna rather than always using the OsRng When creating a Secp256k1, we attach a Fortuna CSRNG seeded from the OS RNG, rather than using the OS RNG all the time. This moves the potential RNG failure to the creation of the object, rather than at every single place that keys are generated. It also reduces trust in the operating system RNG. This does mean that Secp256k1::new() now returns an IoResult while the generate_* methods no longer return Results, so this is a breaking change. Also add a benchmark for key generation. On my system I get: test tests::generate_compressed ... bench: 492990 ns/iter (+/- 27981) test tests::generate_uncompressed ... bench: 495148 ns/iter (+/- 29829) Contrast the numbers with OsRng: test tests::generate_compressed ... bench: 66691 ns/iter (+/- 3640) test tests::generate_uncompressed ... bench: 67148 ns/iter (+/- 3806) Not too shabby :) [breaking-change]
2014-08-31 20:26:02 -07:00
[minor API BREAK] Add unit tests to cover all error cases This comes with a couple bugfixes and the following API changes: - Secp256k1::sign and ::sign_compact no longer return Result; it is impossible to trigger their failure modes with safe code since the `Message` and `SecretKey` types validate when they are created. - constants::MAX_COMPACT_SIGNATURE_SIZE loses the MAX_; signatures are always constant size - the Debug output for everything is now hex-encoded rather than being a list of base-10 ints. It's just easier to read this way. kcov v26 now reports 100% test coverage; however, this does not guarantee that test coverage is actually complete. Patches are always welcome for improved unit tests.
2015-04-12 08:51:15 -07:00
use key::{SecretKey, PublicKey};
use super::constants;
[API BREAK] expose ability to create contexts without verify or signing caps There are a lot of cases in rust-bitcoin where we need a `Secp256k1` which doesn't need any signing or verification capabilities, only checking the validity of various objects. We can get away with a bare context (i.e. no precomputation) which can be cheaply created on demand, avoiding the need to pass around references to Secp256k1 objects everywhere. API break because the following functions can now fail (given an insufficiently capable context) and therefore now return a Result: Secp256k1::generate_keypair Secp256k1::sign Secp256k1::sign_compact
2015-04-13 20:04:43 -07:00
use super::{Secp256k1, Signature, Message, RecoveryId, ContextFlag};
use super::Error::{InvalidMessage, InvalidPublicKey, IncorrectSignature, InvalidSignature,
IncapableContext};
#[test]
fn capabilities() {
let none = Secp256k1::with_caps(ContextFlag::None);
let sign = Secp256k1::with_caps(ContextFlag::SignOnly);
let vrfy = Secp256k1::with_caps(ContextFlag::VerifyOnly);
let full = Secp256k1::with_caps(ContextFlag::Full);
let mut msg = [0u8; 32];
thread_rng().fill_bytes(&mut msg);
let msg = Message::from_slice(&msg).unwrap();
// Try key generation
assert_eq!(none.generate_keypair(&mut thread_rng(), true), Err(IncapableContext));
assert_eq!(none.generate_keypair(&mut thread_rng(), false), Err(IncapableContext));
assert_eq!(vrfy.generate_keypair(&mut thread_rng(), true), Err(IncapableContext));
assert_eq!(vrfy.generate_keypair(&mut thread_rng(), false), Err(IncapableContext));
assert!(sign.generate_keypair(&mut thread_rng(), true).is_ok());
assert!(sign.generate_keypair(&mut thread_rng(), false).is_ok());
assert!(full.generate_keypair(&mut thread_rng(), true).is_ok());
assert!(full.generate_keypair(&mut thread_rng(), false).is_ok());
let (sk, pk) = full.generate_keypair(&mut thread_rng(), true).unwrap();
// Try signing
assert_eq!(none.sign(&msg, &sk), Err(IncapableContext));
assert_eq!(vrfy.sign(&msg, &sk), Err(IncapableContext));
assert!(sign.sign(&msg, &sk).is_ok());
assert!(full.sign(&msg, &sk).is_ok());
assert_eq!(sign.sign(&msg, &sk), full.sign(&msg, &sk));
let sig = full.sign(&msg, &sk).unwrap();
// Try verifying
assert_eq!(none.verify(&msg, &sig, &pk), Err(IncapableContext));
assert_eq!(sign.verify(&msg, &sig, &pk), Err(IncapableContext));
assert!(vrfy.verify(&msg, &sig, &pk).is_ok());
assert!(full.verify(&msg, &sig, &pk).is_ok());
// Try compact signing
assert_eq!(none.sign_compact(&msg, &sk), Err(IncapableContext));
assert_eq!(vrfy.sign_compact(&msg, &sk), Err(IncapableContext));
assert!(sign.sign_compact(&msg, &sk).is_ok());
assert!(full.sign_compact(&msg, &sk).is_ok());
let (csig, recid) = full.sign_compact(&msg, &sk).unwrap();
// Try pk recovery
assert_eq!(none.recover_compact(&msg, &csig[..], true, recid), Err(IncapableContext));
assert_eq!(none.recover_compact(&msg, &csig[..], false, recid), Err(IncapableContext));
assert_eq!(sign.recover_compact(&msg, &csig[..], true, recid), Err(IncapableContext));
assert_eq!(sign.recover_compact(&msg, &csig[..], false, recid), Err(IncapableContext));
assert!(vrfy.recover_compact(&msg, &csig[..], false, recid).is_ok());
assert!(vrfy.recover_compact(&msg, &csig[..], true, recid).is_ok());
assert!(full.recover_compact(&msg, &csig[..], false, recid).is_ok());
assert!(full.recover_compact(&msg, &csig[..], true, recid).is_ok());
assert_eq!(vrfy.recover_compact(&msg, &csig[..], false, recid),
full.recover_compact(&msg, &csig[..], false, recid));
assert_eq!(vrfy.recover_compact(&msg, &csig[..], true, recid),
full.recover_compact(&msg, &csig[..], true, recid));
assert_eq!(full.recover_compact(&msg, &csig[..], true, recid), Ok(pk));
// Check that we can produce keys from slices with no precomputation
let (pk_slice, sk_slice) = (&pk[..], &sk[..]);
let new_pk = PublicKey::from_slice(&none, pk_slice).unwrap();
let new_sk = SecretKey::from_slice(&none, sk_slice).unwrap();
assert_eq!(sk, new_sk);
assert_eq!(pk, new_pk);
}
Add .travis.yml, update tests and Cargo.toml for upstream changes
2014-08-17 18:55:07 -07:00
Add sanity-check unit test for RecoveryId This is kinda silly but gets me 100% coverage from kcov
2015-04-13 20:21:56 -07:00
#[test]
fn recid_sanity_check() {
let one = RecoveryId(1);
assert_eq!(one, one.clone());
}
fix unused import warning
2014-08-04 16:58:57 -07:00
#[test]
fn invalid_pubkey() {
[API BREAK] Remove Rng from Secp256k1 and associated code The Rng was only used for key generation, and for BIP32 users not even then; thus hauling around a Rng is a waste of space in addition to causing a massive amount of syntactic noise. For example rust-bitcoin almost always uses `()` as the Rng; having `Secp256k1` default to a `Secp256k1<Fortuna>` then means even more syntactic noise, rather than less. Now key generation functions take a Rng as a parameter, and the rest can forget about having a Rng. This also means that the Secp256k1 context never needs a mutable reference and can be easily put into an Arc if so desired.
2015-04-12 13:54:22 -07:00
let s = Secp256k1::new();
Update for rustc changes We can compile now, but not link -- there have been too many changes in libsecp256k1 behind the scenes. Next commit :)
2015-01-17 08:13:45 -08:00
let sig = Signature::from_slice(&[0; 72]).unwrap();
Move FFI and constants into their own modules; replace outptrs with returns
2014-08-09 18:03:17 -07:00
let pk = PublicKey::new(true);
Update bindings to current secp256k1 library rust-secp256k1 was based off of https://github.com/sipa/secp256k1, which has been inactive nearly as long as this repository (prior to a couple days ago anyway). The correct repository is https://github.com/bitcoin/secp256k1 This is a major breaking change to the library for one reason: there are no longer any Nonce types in the safe interface. The signing functions do not take a nonce; this is generated internally. This also means that I was able to drop all my RFC6979 code, since libsecp256k1 has its own implementation. If you need to generate your own nonces, you need to create an unsafe function of type `ffi::NonceFn`, then pass it to the appropriate functions in the `ffi` module. There is no safe interface for doing this, deliberately: there is basically no need to directly fiddle with nonces ever.
2015-04-05 22:13:38 -07:00
let mut msg = [0u8; 32];
Update for language changes (rustc beta is out !!)
2015-04-04 10:20:38 -07:00
thread_rng().fill_bytes(&mut msg);
Update bindings to current secp256k1 library rust-secp256k1 was based off of https://github.com/sipa/secp256k1, which has been inactive nearly as long as this repository (prior to a couple days ago anyway). The correct repository is https://github.com/bitcoin/secp256k1 This is a major breaking change to the library for one reason: there are no longer any Nonce types in the safe interface. The signing functions do not take a nonce; this is generated internally. This also means that I was able to drop all my RFC6979 code, since libsecp256k1 has its own implementation. If you need to generate your own nonces, you need to create an unsafe function of type `ffi::NonceFn`, then pass it to the appropriate functions in the `ffi` module. There is no safe interface for doing this, deliberately: there is basically no need to directly fiddle with nonces ever.
2015-04-05 22:13:38 -07:00
let msg = Message::from_slice(&msg).unwrap();
Initial (failing) implementation.
2014-07-06 22:41:22 -07:00
[API BREAK] update for libsecp256k1 "explicit context" API break Rather than have global initialization functions, which required expensive synchronization on the part of the Rust library, libsecp256k1 now carries its context in thread-local data which must be passed to every function. What this means for the rust-secp256k1 API is: - Most functions on `PublicKey` and `SecretKey` now require a `Secp256k1` to be given to them. - `Secp256k1::verify` and `::verify_raw` now take a `&self` - `SecretKey::new` now takes a `Secp256k1` rather than a Rng; a future commit will allow specifying the Rng in the `Secp256k1` so that functionality is not lost. - The FFI functions have all changed to take a context argument - `secp256k1::init()` is gone, as is the dependency on std::sync - There is a `ffi::Context` type which must be handled carefully by anyone using it directly (hopefully nobody :))
2015-04-11 10:00:20 -07:00
assert_eq!(s.verify(&msg, &sig, &pk), Err(InvalidPublicKey));
fix unused import warning
2014-08-04 16:58:57 -07:00
}
Initial (failing) implementation.
2014-07-06 22:41:22 -07:00
fix unused import warning
2014-08-04 16:58:57 -07:00
#[test]
fn valid_pubkey_uncompressed() {
[API BREAK] Remove Rng from Secp256k1 and associated code The Rng was only used for key generation, and for BIP32 users not even then; thus hauling around a Rng is a waste of space in addition to causing a massive amount of syntactic noise. For example rust-bitcoin almost always uses `()` as the Rng; having `Secp256k1` default to a `Secp256k1<Fortuna>` then means even more syntactic noise, rather than less. Now key generation functions take a Rng as a parameter, and the rest can forget about having a Rng. This also means that the Secp256k1 context never needs a mutable reference and can be easily put into an Arc if so desired.
2015-04-12 13:54:22 -07:00
let s = Secp256k1::new();
Revert "Overhaul interface to use zero-on-free SecretKeys" This reverts commit 98890907849326a0e265d0ee12d3caa232b19602. This is not ready for primetime -- the move prevention also prevents reborrowing, which makes secret keys nearly unusable.
2014-09-12 06:28:35 -07:00
[API BREAK] expose ability to create contexts without verify or signing caps There are a lot of cases in rust-bitcoin where we need a `Secp256k1` which doesn't need any signing or verification capabilities, only checking the validity of various objects. We can get away with a bare context (i.e. no precomputation) which can be cheaply created on demand, avoiding the need to pass around references to Secp256k1 objects everywhere. API break because the following functions can now fail (given an insufficiently capable context) and therefore now return a Result: Secp256k1::generate_keypair Secp256k1::sign Secp256k1::sign_compact
2015-04-13 20:04:43 -07:00
let (_, pk) = s.generate_keypair(&mut thread_rng(), false).unwrap();
Initial (failing) implementation.
2014-07-06 22:41:22 -07:00
Update for rustc changes We can compile now, but not link -- there have been too many changes in libsecp256k1 behind the scenes. Next commit :)
2015-01-17 08:13:45 -08:00
let sig = Signature::from_slice(&[0; 72]).unwrap();
Update bindings to current secp256k1 library rust-secp256k1 was based off of https://github.com/sipa/secp256k1, which has been inactive nearly as long as this repository (prior to a couple days ago anyway). The correct repository is https://github.com/bitcoin/secp256k1 This is a major breaking change to the library for one reason: there are no longer any Nonce types in the safe interface. The signing functions do not take a nonce; this is generated internally. This also means that I was able to drop all my RFC6979 code, since libsecp256k1 has its own implementation. If you need to generate your own nonces, you need to create an unsafe function of type `ffi::NonceFn`, then pass it to the appropriate functions in the `ffi` module. There is no safe interface for doing this, deliberately: there is basically no need to directly fiddle with nonces ever.
2015-04-05 22:13:38 -07:00
let mut msg = [0u8; 32];
Update for language changes (rustc beta is out !!)
2015-04-04 10:20:38 -07:00
thread_rng().fill_bytes(&mut msg);
Update bindings to current secp256k1 library rust-secp256k1 was based off of https://github.com/sipa/secp256k1, which has been inactive nearly as long as this repository (prior to a couple days ago anyway). The correct repository is https://github.com/bitcoin/secp256k1 This is a major breaking change to the library for one reason: there are no longer any Nonce types in the safe interface. The signing functions do not take a nonce; this is generated internally. This also means that I was able to drop all my RFC6979 code, since libsecp256k1 has its own implementation. If you need to generate your own nonces, you need to create an unsafe function of type `ffi::NonceFn`, then pass it to the appropriate functions in the `ffi` module. There is no safe interface for doing this, deliberately: there is basically no need to directly fiddle with nonces ever.
2015-04-05 22:13:38 -07:00
let msg = Message::from_slice(&msg).unwrap();
Initial (failing) implementation.
2014-07-06 22:41:22 -07:00
[API BREAK] update for libsecp256k1 "explicit context" API break Rather than have global initialization functions, which required expensive synchronization on the part of the Rust library, libsecp256k1 now carries its context in thread-local data which must be passed to every function. What this means for the rust-secp256k1 API is: - Most functions on `PublicKey` and `SecretKey` now require a `Secp256k1` to be given to them. - `Secp256k1::verify` and `::verify_raw` now take a `&self` - `SecretKey::new` now takes a `Secp256k1` rather than a Rng; a future commit will allow specifying the Rng in the `Secp256k1` so that functionality is not lost. - The FFI functions have all changed to take a context argument - `secp256k1::init()` is gone, as is the dependency on std::sync - There is a `ffi::Context` type which must be handled carefully by anyone using it directly (hopefully nobody :))
2015-04-11 10:00:20 -07:00
assert_eq!(s.verify(&msg, &sig, &pk), Err(InvalidSignature));
fix unused import warning
2014-08-04 16:58:57 -07:00
}
Initial (failing) implementation.
2014-07-06 22:41:22 -07:00
fix unused import warning
2014-08-04 16:58:57 -07:00
#[test]
fn valid_pubkey_compressed() {
[API BREAK] Remove Rng from Secp256k1 and associated code The Rng was only used for key generation, and for BIP32 users not even then; thus hauling around a Rng is a waste of space in addition to causing a massive amount of syntactic noise. For example rust-bitcoin almost always uses `()` as the Rng; having `Secp256k1` default to a `Secp256k1<Fortuna>` then means even more syntactic noise, rather than less. Now key generation functions take a Rng as a parameter, and the rest can forget about having a Rng. This also means that the Secp256k1 context never needs a mutable reference and can be easily put into an Arc if so desired.
2015-04-12 13:54:22 -07:00
let s = Secp256k1::new();
Initial (failing) implementation.
2014-07-06 22:41:22 -07:00
[API BREAK] expose ability to create contexts without verify or signing caps There are a lot of cases in rust-bitcoin where we need a `Secp256k1` which doesn't need any signing or verification capabilities, only checking the validity of various objects. We can get away with a bare context (i.e. no precomputation) which can be cheaply created on demand, avoiding the need to pass around references to Secp256k1 objects everywhere. API break because the following functions can now fail (given an insufficiently capable context) and therefore now return a Result: Secp256k1::generate_keypair Secp256k1::sign Secp256k1::sign_compact
2015-04-13 20:04:43 -07:00
let (_, pk) = s.generate_keypair(&mut thread_rng(), true).unwrap();
Update for rustc changes We can compile now, but not link -- there have been too many changes in libsecp256k1 behind the scenes. Next commit :)
2015-01-17 08:13:45 -08:00
let sig = Signature::from_slice(&[0; 72]).unwrap();
Update bindings to current secp256k1 library rust-secp256k1 was based off of https://github.com/sipa/secp256k1, which has been inactive nearly as long as this repository (prior to a couple days ago anyway). The correct repository is https://github.com/bitcoin/secp256k1 This is a major breaking change to the library for one reason: there are no longer any Nonce types in the safe interface. The signing functions do not take a nonce; this is generated internally. This also means that I was able to drop all my RFC6979 code, since libsecp256k1 has its own implementation. If you need to generate your own nonces, you need to create an unsafe function of type `ffi::NonceFn`, then pass it to the appropriate functions in the `ffi` module. There is no safe interface for doing this, deliberately: there is basically no need to directly fiddle with nonces ever.
2015-04-05 22:13:38 -07:00
let mut msg = [0u8; 32];
Update for language changes (rustc beta is out !!)
2015-04-04 10:20:38 -07:00
thread_rng().fill_bytes(&mut msg);
Update bindings to current secp256k1 library rust-secp256k1 was based off of https://github.com/sipa/secp256k1, which has been inactive nearly as long as this repository (prior to a couple days ago anyway). The correct repository is https://github.com/bitcoin/secp256k1 This is a major breaking change to the library for one reason: there are no longer any Nonce types in the safe interface. The signing functions do not take a nonce; this is generated internally. This also means that I was able to drop all my RFC6979 code, since libsecp256k1 has its own implementation. If you need to generate your own nonces, you need to create an unsafe function of type `ffi::NonceFn`, then pass it to the appropriate functions in the `ffi` module. There is no safe interface for doing this, deliberately: there is basically no need to directly fiddle with nonces ever.
2015-04-05 22:13:38 -07:00
let msg = Message::from_slice(&msg).unwrap();
Initial (failing) implementation.
2014-07-06 22:41:22 -07:00
[API BREAK] update for libsecp256k1 "explicit context" API break Rather than have global initialization functions, which required expensive synchronization on the part of the Rust library, libsecp256k1 now carries its context in thread-local data which must be passed to every function. What this means for the rust-secp256k1 API is: - Most functions on `PublicKey` and `SecretKey` now require a `Secp256k1` to be given to them. - `Secp256k1::verify` and `::verify_raw` now take a `&self` - `SecretKey::new` now takes a `Secp256k1` rather than a Rng; a future commit will allow specifying the Rng in the `Secp256k1` so that functionality is not lost. - The FFI functions have all changed to take a context argument - `secp256k1::init()` is gone, as is the dependency on std::sync - There is a `ffi::Context` type which must be handled carefully by anyone using it directly (hopefully nobody :))
2015-04-11 10:00:20 -07:00
assert_eq!(s.verify(&msg, &sig, &pk), Err(InvalidSignature));
fix unused import warning
2014-08-04 16:58:57 -07:00
}
Initial (failing) implementation.
2014-07-06 22:41:22 -07:00
fix unused import warning
2014-08-04 16:58:57 -07:00
#[test]
Revert "Overhaul interface to use zero-on-free SecretKeys" This reverts commit 98890907849326a0e265d0ee12d3caa232b19602. This is not ready for primetime -- the move prevention also prevents reborrowing, which makes secret keys nearly unusable.
2014-09-12 06:28:35 -07:00
fn sign() {
[API BREAK] Remove Rng from Secp256k1 and associated code The Rng was only used for key generation, and for BIP32 users not even then; thus hauling around a Rng is a waste of space in addition to causing a massive amount of syntactic noise. For example rust-bitcoin almost always uses `()` as the Rng; having `Secp256k1` default to a `Secp256k1<Fortuna>` then means even more syntactic noise, rather than less. Now key generation functions take a Rng as a parameter, and the rest can forget about having a Rng. This also means that the Secp256k1 context never needs a mutable reference and can be easily put into an Arc if so desired.
2015-04-12 13:54:22 -07:00
let s = Secp256k1::new();
[minor API BREAK] Add unit tests to cover all error cases This comes with a couple bugfixes and the following API changes: - Secp256k1::sign and ::sign_compact no longer return Result; it is impossible to trigger their failure modes with safe code since the `Message` and `SecretKey` types validate when they are created. - constants::MAX_COMPACT_SIGNATURE_SIZE loses the MAX_; signatures are always constant size - the Debug output for everything is now hex-encoded rather than being a list of base-10 ints. It's just easier to read this way. kcov v26 now reports 100% test coverage; however, this does not guarantee that test coverage is actually complete. Patches are always welcome for improved unit tests.
2015-04-12 08:51:15 -07:00
let one = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1];
Initial (failing) implementation.
2014-07-06 22:41:22 -07:00
[minor API BREAK] Add unit tests to cover all error cases This comes with a couple bugfixes and the following API changes: - Secp256k1::sign and ::sign_compact no longer return Result; it is impossible to trigger their failure modes with safe code since the `Message` and `SecretKey` types validate when they are created. - constants::MAX_COMPACT_SIGNATURE_SIZE loses the MAX_; signatures are always constant size - the Debug output for everything is now hex-encoded rather than being a list of base-10 ints. It's just easier to read this way. kcov v26 now reports 100% test coverage; however, this does not guarantee that test coverage is actually complete. Patches are always welcome for improved unit tests.
2015-04-12 08:51:15 -07:00
let sk = SecretKey::from_slice(&s, &one).unwrap();
let msg = Message::from_slice(&one).unwrap();
Move FFI and constants into their own modules; replace outptrs with returns
2014-08-09 18:03:17 -07:00
[API BREAK] expose ability to create contexts without verify or signing caps There are a lot of cases in rust-bitcoin where we need a `Secp256k1` which doesn't need any signing or verification capabilities, only checking the validity of various objects. We can get away with a bare context (i.e. no precomputation) which can be cheaply created on demand, avoiding the need to pass around references to Secp256k1 objects everywhere. API break because the following functions can now fail (given an insufficiently capable context) and therefore now return a Result: Secp256k1::generate_keypair Secp256k1::sign Secp256k1::sign_compact
2015-04-13 20:04:43 -07:00
let sig = s.sign(&msg, &sk).unwrap();
[minor API BREAK] Add unit tests to cover all error cases This comes with a couple bugfixes and the following API changes: - Secp256k1::sign and ::sign_compact no longer return Result; it is impossible to trigger their failure modes with safe code since the `Message` and `SecretKey` types validate when they are created. - constants::MAX_COMPACT_SIGNATURE_SIZE loses the MAX_; signatures are always constant size - the Debug output for everything is now hex-encoded rather than being a list of base-10 ints. It's just easier to read this way. kcov v26 now reports 100% test coverage; however, this does not guarantee that test coverage is actually complete. Patches are always welcome for improved unit tests.
2015-04-12 08:51:15 -07:00
assert_eq!(sig, Signature(70, [
0x30, 0x44, 0x02, 0x20, 0x66, 0x73, 0xff, 0xad,
0x21, 0x47, 0x74, 0x1f, 0x04, 0x77, 0x2b, 0x6f,
0x92, 0x1f, 0x0b, 0xa6, 0xaf, 0x0c, 0x1e, 0x77,
0xfc, 0x43, 0x9e, 0x65, 0xc3, 0x6d, 0xed, 0xf4,
0x09, 0x2e, 0x88, 0x98, 0x02, 0x20, 0x4c, 0x1a,
0x97, 0x16, 0x52, 0xe0, 0xad, 0xa8, 0x80, 0x12,
0x0e, 0xf8, 0x02, 0x5e, 0x70, 0x9f, 0xff, 0x20,
0x80, 0xc4, 0xa3, 0x9a, 0xae, 0x06, 0x8d, 0x12,
0xee, 0xd0, 0x09, 0xb6, 0x8c, 0x89, 0x00, 0x00]))
fix unused import warning
2014-08-04 16:58:57 -07:00
}
Initial (failing) implementation.
2014-07-06 22:41:22 -07:00
fix unused import warning
2014-08-04 16:58:57 -07:00
#[test]
fn sign_and_verify() {
[API BREAK] Remove Rng from Secp256k1 and associated code The Rng was only used for key generation, and for BIP32 users not even then; thus hauling around a Rng is a waste of space in addition to causing a massive amount of syntactic noise. For example rust-bitcoin almost always uses `()` as the Rng; having `Secp256k1` default to a `Secp256k1<Fortuna>` then means even more syntactic noise, rather than less. Now key generation functions take a Rng as a parameter, and the rest can forget about having a Rng. This also means that the Secp256k1 context never needs a mutable reference and can be easily put into an Arc if so desired.
2015-04-12 13:54:22 -07:00
let s = Secp256k1::new();
Initial (failing) implementation.
2014-07-06 22:41:22 -07:00
[minor API BREAK] Add unit tests to cover all error cases This comes with a couple bugfixes and the following API changes: - Secp256k1::sign and ::sign_compact no longer return Result; it is impossible to trigger their failure modes with safe code since the `Message` and `SecretKey` types validate when they are created. - constants::MAX_COMPACT_SIGNATURE_SIZE loses the MAX_; signatures are always constant size - the Debug output for everything is now hex-encoded rather than being a list of base-10 ints. It's just easier to read this way. kcov v26 now reports 100% test coverage; however, this does not guarantee that test coverage is actually complete. Patches are always welcome for improved unit tests.
2015-04-12 08:51:15 -07:00
let mut msg = [0; 32];
for _ in 0..100 {
thread_rng().fill_bytes(&mut msg);
let msg = Message::from_slice(&msg).unwrap();
Revert "Overhaul interface to use zero-on-free SecretKeys" This reverts commit 98890907849326a0e265d0ee12d3caa232b19602. This is not ready for primetime -- the move prevention also prevents reborrowing, which makes secret keys nearly unusable.
2014-09-12 06:28:35 -07:00
[API BREAK] expose ability to create contexts without verify or signing caps There are a lot of cases in rust-bitcoin where we need a `Secp256k1` which doesn't need any signing or verification capabilities, only checking the validity of various objects. We can get away with a bare context (i.e. no precomputation) which can be cheaply created on demand, avoiding the need to pass around references to Secp256k1 objects everywhere. API break because the following functions can now fail (given an insufficiently capable context) and therefore now return a Result: Secp256k1::generate_keypair Secp256k1::sign Secp256k1::sign_compact
2015-04-13 20:04:43 -07:00
let (sk, pk) = s.generate_keypair(&mut thread_rng(), false).unwrap();
let sig = s.sign(&msg, &sk).unwrap();
[minor API BREAK] Add unit tests to cover all error cases This comes with a couple bugfixes and the following API changes: - Secp256k1::sign and ::sign_compact no longer return Result; it is impossible to trigger their failure modes with safe code since the `Message` and `SecretKey` types validate when they are created. - constants::MAX_COMPACT_SIGNATURE_SIZE loses the MAX_; signatures are always constant size - the Debug output for everything is now hex-encoded rather than being a list of base-10 ints. It's just easier to read this way. kcov v26 now reports 100% test coverage; however, this does not guarantee that test coverage is actually complete. Patches are always welcome for improved unit tests.
2015-04-12 08:51:15 -07:00
assert_eq!(s.verify(&msg, &sig, &pk), Ok(()));
}
fix unused import warning
2014-08-04 16:58:57 -07:00
}
Initial (failing) implementation.
2014-07-06 22:41:22 -07:00
fix unused import warning
2014-08-04 16:58:57 -07:00
#[test]
Add extreme value sign/verify test
2015-04-28 11:46:17 -07:00
fn sign_and_verify_extreme() {
let s = Secp256k1::new();
// Wild keys: 1, CURVE_ORDER - 1
// Wild msgs: 0, 1, CURVE_ORDER - 1, CURVE_ORDER
let mut wild_keys = [[0; 32]; 2];
let mut wild_msgs = [[0; 32]; 4];
wild_keys[0][0] = 1;
wild_msgs[1][0] = 1;
unsafe {
use constants;
use std::intrinsics::copy_nonoverlapping;
copy_nonoverlapping(constants::CURVE_ORDER.as_ptr(),
wild_keys[1].as_mut_ptr(),
32);
copy_nonoverlapping(constants::CURVE_ORDER.as_ptr(),
wild_msgs[1].as_mut_ptr(),
32);
copy_nonoverlapping(constants::CURVE_ORDER.as_ptr(),
wild_msgs[2].as_mut_ptr(),
32);
wild_keys[1][0] -= 1;
wild_msgs[1][0] -= 1;
}
for key in wild_keys.iter().map(|k| SecretKey::from_slice(&s, &k[..]).unwrap()) {
for msg in wild_msgs.iter().map(|m| Message::from_slice(&m[..]).unwrap()) {
let sig = s.sign(&msg, &key).unwrap();
let pk = PublicKey::from_secret_key(&s, &key, true);
assert_eq!(s.verify(&msg, &sig, &pk), Ok(()));
}
}
}
#[test]
fix unused import warning
2014-08-04 16:58:57 -07:00
fn sign_and_verify_fail() {
[API BREAK] Remove Rng from Secp256k1 and associated code The Rng was only used for key generation, and for BIP32 users not even then; thus hauling around a Rng is a waste of space in addition to causing a massive amount of syntactic noise. For example rust-bitcoin almost always uses `()` as the Rng; having `Secp256k1` default to a `Secp256k1<Fortuna>` then means even more syntactic noise, rather than less. Now key generation functions take a Rng as a parameter, and the rest can forget about having a Rng. This also means that the Secp256k1 context never needs a mutable reference and can be easily put into an Arc if so desired.
2015-04-12 13:54:22 -07:00
let s = Secp256k1::new();
Initial (failing) implementation.
2014-07-06 22:41:22 -07:00
Update bindings to current secp256k1 library rust-secp256k1 was based off of https://github.com/sipa/secp256k1, which has been inactive nearly as long as this repository (prior to a couple days ago anyway). The correct repository is https://github.com/bitcoin/secp256k1 This is a major breaking change to the library for one reason: there are no longer any Nonce types in the safe interface. The signing functions do not take a nonce; this is generated internally. This also means that I was able to drop all my RFC6979 code, since libsecp256k1 has its own implementation. If you need to generate your own nonces, you need to create an unsafe function of type `ffi::NonceFn`, then pass it to the appropriate functions in the `ffi` module. There is no safe interface for doing this, deliberately: there is basically no need to directly fiddle with nonces ever.
2015-04-05 22:13:38 -07:00
let mut msg = [0u8; 32];
Update for language changes (rustc beta is out !!)
2015-04-04 10:20:38 -07:00
thread_rng().fill_bytes(&mut msg);
Update bindings to current secp256k1 library rust-secp256k1 was based off of https://github.com/sipa/secp256k1, which has been inactive nearly as long as this repository (prior to a couple days ago anyway). The correct repository is https://github.com/bitcoin/secp256k1 This is a major breaking change to the library for one reason: there are no longer any Nonce types in the safe interface. The signing functions do not take a nonce; this is generated internally. This also means that I was able to drop all my RFC6979 code, since libsecp256k1 has its own implementation. If you need to generate your own nonces, you need to create an unsafe function of type `ffi::NonceFn`, then pass it to the appropriate functions in the `ffi` module. There is no safe interface for doing this, deliberately: there is basically no need to directly fiddle with nonces ever.
2015-04-05 22:13:38 -07:00
let msg = Message::from_slice(&msg).unwrap();
Initial (failing) implementation.
2014-07-06 22:41:22 -07:00
[API BREAK] expose ability to create contexts without verify or signing caps There are a lot of cases in rust-bitcoin where we need a `Secp256k1` which doesn't need any signing or verification capabilities, only checking the validity of various objects. We can get away with a bare context (i.e. no precomputation) which can be cheaply created on demand, avoiding the need to pass around references to Secp256k1 objects everywhere. API break because the following functions can now fail (given an insufficiently capable context) and therefore now return a Result: Secp256k1::generate_keypair Secp256k1::sign Secp256k1::sign_compact
2015-04-13 20:04:43 -07:00
let (sk, pk) = s.generate_keypair(&mut thread_rng(), false).unwrap();
Revert "Overhaul interface to use zero-on-free SecretKeys" This reverts commit 98890907849326a0e265d0ee12d3caa232b19602. This is not ready for primetime -- the move prevention also prevents reborrowing, which makes secret keys nearly unusable.
2014-09-12 06:28:35 -07:00
[API BREAK] expose ability to create contexts without verify or signing caps There are a lot of cases in rust-bitcoin where we need a `Secp256k1` which doesn't need any signing or verification capabilities, only checking the validity of various objects. We can get away with a bare context (i.e. no precomputation) which can be cheaply created on demand, avoiding the need to pass around references to Secp256k1 objects everywhere. API break because the following functions can now fail (given an insufficiently capable context) and therefore now return a Result: Secp256k1::generate_keypair Secp256k1::sign Secp256k1::sign_compact
2015-04-13 20:04:43 -07:00
let sig = s.sign(&msg, &sk).unwrap();
let (sig_compact, recid) = s.sign_compact(&msg, &sk).unwrap();
Revert "Overhaul interface to use zero-on-free SecretKeys" This reverts commit 98890907849326a0e265d0ee12d3caa232b19602. This is not ready for primetime -- the move prevention also prevents reborrowing, which makes secret keys nearly unusable.
2014-09-12 06:28:35 -07:00
Update bindings to current secp256k1 library rust-secp256k1 was based off of https://github.com/sipa/secp256k1, which has been inactive nearly as long as this repository (prior to a couple days ago anyway). The correct repository is https://github.com/bitcoin/secp256k1 This is a major breaking change to the library for one reason: there are no longer any Nonce types in the safe interface. The signing functions do not take a nonce; this is generated internally. This also means that I was able to drop all my RFC6979 code, since libsecp256k1 has its own implementation. If you need to generate your own nonces, you need to create an unsafe function of type `ffi::NonceFn`, then pass it to the appropriate functions in the `ffi` module. There is no safe interface for doing this, deliberately: there is basically no need to directly fiddle with nonces ever.
2015-04-05 22:13:38 -07:00
let mut msg = [0u8; 32];
Update for language changes (rustc beta is out !!)
2015-04-04 10:20:38 -07:00
thread_rng().fill_bytes(&mut msg);
Update bindings to current secp256k1 library rust-secp256k1 was based off of https://github.com/sipa/secp256k1, which has been inactive nearly as long as this repository (prior to a couple days ago anyway). The correct repository is https://github.com/bitcoin/secp256k1 This is a major breaking change to the library for one reason: there are no longer any Nonce types in the safe interface. The signing functions do not take a nonce; this is generated internally. This also means that I was able to drop all my RFC6979 code, since libsecp256k1 has its own implementation. If you need to generate your own nonces, you need to create an unsafe function of type `ffi::NonceFn`, then pass it to the appropriate functions in the `ffi` module. There is no safe interface for doing this, deliberately: there is basically no need to directly fiddle with nonces ever.
2015-04-05 22:13:38 -07:00
let msg = Message::from_slice(&msg).unwrap();
[API BREAK] update for libsecp256k1 "explicit context" API break Rather than have global initialization functions, which required expensive synchronization on the part of the Rust library, libsecp256k1 now carries its context in thread-local data which must be passed to every function. What this means for the rust-secp256k1 API is: - Most functions on `PublicKey` and `SecretKey` now require a `Secp256k1` to be given to them. - `Secp256k1::verify` and `::verify_raw` now take a `&self` - `SecretKey::new` now takes a `Secp256k1` rather than a Rng; a future commit will allow specifying the Rng in the `Secp256k1` so that functionality is not lost. - The FFI functions have all changed to take a context argument - `secp256k1::init()` is gone, as is the dependency on std::sync - There is a `ffi::Context` type which must be handled carefully by anyone using it directly (hopefully nobody :))
2015-04-11 10:00:20 -07:00
assert_eq!(s.verify(&msg, &sig, &pk), Err(IncorrectSignature));
[minor API BREAK] Add unit tests to cover all error cases This comes with a couple bugfixes and the following API changes: - Secp256k1::sign and ::sign_compact no longer return Result; it is impossible to trigger their failure modes with safe code since the `Message` and `SecretKey` types validate when they are created. - constants::MAX_COMPACT_SIGNATURE_SIZE loses the MAX_; signatures are always constant size - the Debug output for everything is now hex-encoded rather than being a list of base-10 ints. It's just easier to read this way. kcov v26 now reports 100% test coverage; however, this does not guarantee that test coverage is actually complete. Patches are always welcome for improved unit tests.
2015-04-12 08:51:15 -07:00
let recovered_key = s.recover_compact(&msg, &sig_compact[..], false, recid).unwrap();
assert!(recovered_key != pk);
fix unused import warning
2014-08-04 16:58:57 -07:00
}
Initial (failing) implementation.
2014-07-06 22:41:22 -07:00
fix unused import warning
2014-08-04 16:58:57 -07:00
#[test]
fn sign_compact_with_recovery() {
[API BREAK] Remove Rng from Secp256k1 and associated code The Rng was only used for key generation, and for BIP32 users not even then; thus hauling around a Rng is a waste of space in addition to causing a massive amount of syntactic noise. For example rust-bitcoin almost always uses `()` as the Rng; having `Secp256k1` default to a `Secp256k1<Fortuna>` then means even more syntactic noise, rather than less. Now key generation functions take a Rng as a parameter, and the rest can forget about having a Rng. This also means that the Secp256k1 context never needs a mutable reference and can be easily put into an Arc if so desired.
2015-04-12 13:54:22 -07:00
let s = Secp256k1::new();
Initial (failing) implementation.
2014-07-06 22:41:22 -07:00
Update for rustc changes We can compile now, but not link -- there have been too many changes in libsecp256k1 behind the scenes. Next commit :)
2015-01-17 08:13:45 -08:00
let mut msg = [0u8; 32];
Update for language changes (rustc beta is out !!)
2015-04-04 10:20:38 -07:00
thread_rng().fill_bytes(&mut msg);
Update bindings to current secp256k1 library rust-secp256k1 was based off of https://github.com/sipa/secp256k1, which has been inactive nearly as long as this repository (prior to a couple days ago anyway). The correct repository is https://github.com/bitcoin/secp256k1 This is a major breaking change to the library for one reason: there are no longer any Nonce types in the safe interface. The signing functions do not take a nonce; this is generated internally. This also means that I was able to drop all my RFC6979 code, since libsecp256k1 has its own implementation. If you need to generate your own nonces, you need to create an unsafe function of type `ffi::NonceFn`, then pass it to the appropriate functions in the `ffi` module. There is no safe interface for doing this, deliberately: there is basically no need to directly fiddle with nonces ever.
2015-04-05 22:13:38 -07:00
let msg = Message::from_slice(&msg).unwrap();
Revert "Overhaul interface to use zero-on-free SecretKeys" This reverts commit 98890907849326a0e265d0ee12d3caa232b19602. This is not ready for primetime -- the move prevention also prevents reborrowing, which makes secret keys nearly unusable.
2014-09-12 06:28:35 -07:00
[API BREAK] expose ability to create contexts without verify or signing caps There are a lot of cases in rust-bitcoin where we need a `Secp256k1` which doesn't need any signing or verification capabilities, only checking the validity of various objects. We can get away with a bare context (i.e. no precomputation) which can be cheaply created on demand, avoiding the need to pass around references to Secp256k1 objects everywhere. API break because the following functions can now fail (given an insufficiently capable context) and therefore now return a Result: Secp256k1::generate_keypair Secp256k1::sign Secp256k1::sign_compact
2015-04-13 20:04:43 -07:00
let (sk, pk) = s.generate_keypair(&mut thread_rng(), false).unwrap();
Initial (failing) implementation.
2014-07-06 22:41:22 -07:00
[API BREAK] expose ability to create contexts without verify or signing caps There are a lot of cases in rust-bitcoin where we need a `Secp256k1` which doesn't need any signing or verification capabilities, only checking the validity of various objects. We can get away with a bare context (i.e. no precomputation) which can be cheaply created on demand, avoiding the need to pass around references to Secp256k1 objects everywhere. API break because the following functions can now fail (given an insufficiently capable context) and therefore now return a Result: Secp256k1::generate_keypair Secp256k1::sign Secp256k1::sign_compact
2015-04-13 20:04:43 -07:00
let (sig, recid) = s.sign_compact(&msg, &sk).unwrap();
Initial (failing) implementation.
2014-07-06 22:41:22 -07:00
`Cargo test` now builds and passes locally :)
2015-03-25 18:54:06 -07:00
assert_eq!(s.recover_compact(&msg, &sig[..], false, recid), Ok(pk));
fix unused import warning
2014-08-04 16:58:57 -07:00
}
Generate keys from Fortuna rather than always using the OsRng When creating a Secp256k1, we attach a Fortuna CSRNG seeded from the OS RNG, rather than using the OS RNG all the time. This moves the potential RNG failure to the creation of the object, rather than at every single place that keys are generated. It also reduces trust in the operating system RNG. This does mean that Secp256k1::new() now returns an IoResult while the generate_* methods no longer return Results, so this is a breaking change. Also add a benchmark for key generation. On my system I get: test tests::generate_compressed ... bench: 492990 ns/iter (+/- 27981) test tests::generate_uncompressed ... bench: 495148 ns/iter (+/- 29829) Contrast the numbers with OsRng: test tests::generate_compressed ... bench: 66691 ns/iter (+/- 3640) test tests::generate_uncompressed ... bench: 67148 ns/iter (+/- 3806) Not too shabby :) [breaking-change]
2014-08-31 20:26:02 -07:00
[minor API BREAK] Add unit tests to cover all error cases This comes with a couple bugfixes and the following API changes: - Secp256k1::sign and ::sign_compact no longer return Result; it is impossible to trigger their failure modes with safe code since the `Message` and `SecretKey` types validate when they are created. - constants::MAX_COMPACT_SIGNATURE_SIZE loses the MAX_; signatures are always constant size - the Debug output for everything is now hex-encoded rather than being a list of base-10 ints. It's just easier to read this way. kcov v26 now reports 100% test coverage; however, this does not guarantee that test coverage is actually complete. Patches are always welcome for improved unit tests.
2015-04-12 08:51:15 -07:00
#[test]
fn bad_recovery() {
[API BREAK] Remove Rng from Secp256k1 and associated code The Rng was only used for key generation, and for BIP32 users not even then; thus hauling around a Rng is a waste of space in addition to causing a massive amount of syntactic noise. For example rust-bitcoin almost always uses `()` as the Rng; having `Secp256k1` default to a `Secp256k1<Fortuna>` then means even more syntactic noise, rather than less. Now key generation functions take a Rng as a parameter, and the rest can forget about having a Rng. This also means that the Secp256k1 context never needs a mutable reference and can be easily put into an Arc if so desired.
2015-04-12 13:54:22 -07:00
let s = Secp256k1::new();
[minor API BREAK] Add unit tests to cover all error cases This comes with a couple bugfixes and the following API changes: - Secp256k1::sign and ::sign_compact no longer return Result; it is impossible to trigger their failure modes with safe code since the `Message` and `SecretKey` types validate when they are created. - constants::MAX_COMPACT_SIGNATURE_SIZE loses the MAX_; signatures are always constant size - the Debug output for everything is now hex-encoded rather than being a list of base-10 ints. It's just easier to read this way. kcov v26 now reports 100% test coverage; however, this does not guarantee that test coverage is actually complete. Patches are always welcome for improved unit tests.
2015-04-12 08:51:15 -07:00
let msg = Message::from_slice(&[0x55; 32]).unwrap();
// Bad length
assert_eq!(s.recover_compact(&msg, &[1; 63], false, RecoveryId(0)), Err(InvalidSignature));
assert_eq!(s.recover_compact(&msg, &[1; 65], false, RecoveryId(0)), Err(InvalidSignature));
// Zero is not a valid sig
assert_eq!(s.recover_compact(&msg, &[0; 64], false, RecoveryId(0)), Err(InvalidSignature));
// ...but 111..111 is
assert!(s.recover_compact(&msg, &[1; 64], false, RecoveryId(0)).is_ok());
}
#[test]
fn test_bad_slice() {
assert_eq!(Signature::from_slice(&[0; constants::MAX_SIGNATURE_SIZE + 1]),
Err(InvalidSignature));
assert!(Signature::from_slice(&[0; constants::MAX_SIGNATURE_SIZE]).is_ok());
assert_eq!(Message::from_slice(&[0; constants::MESSAGE_SIZE - 1]),
Err(InvalidMessage));
assert_eq!(Message::from_slice(&[0; constants::MESSAGE_SIZE + 1]),
Err(InvalidMessage));
assert!(Signature::from_slice(&[0; constants::MESSAGE_SIZE]).is_ok());
}
#[test]
fn test_debug_output() {
let sig = Signature(0, [4; 72]);
assert_eq!(&format!("{:?}", sig), "Signature()");
let sig = Signature(10, [5; 72]);
assert_eq!(&format!("{:?}", sig), "Signature(05050505050505050505)");
let sig = Signature(72, [6; 72]);
assert_eq!(&format!("{:?}", sig), "Signature(060606060606060606060606060606060606060606060606060606060606060606060606060606060606060606060606060606060606060606060606060606060606060606060606)");
let msg = Message([1, 2, 3, 4, 5, 6, 7, 8,
9, 10, 11, 12, 13, 14, 15, 16,
17, 18, 19, 20, 21, 22, 23, 24,
25, 26, 27, 28, 29, 30, 31, 255]);
assert_eq!(&format!("{:?}", msg), "Message(0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1fff)");
}
Generate keys from Fortuna rather than always using the OsRng When creating a Secp256k1, we attach a Fortuna CSRNG seeded from the OS RNG, rather than using the OS RNG all the time. This moves the potential RNG failure to the creation of the object, rather than at every single place that keys are generated. It also reduces trust in the operating system RNG. This does mean that Secp256k1::new() now returns an IoResult while the generate_* methods no longer return Results, so this is a breaking change. Also add a benchmark for key generation. On my system I get: test tests::generate_compressed ... bench: 492990 ns/iter (+/- 27981) test tests::generate_uncompressed ... bench: 495148 ns/iter (+/- 29829) Contrast the numbers with OsRng: test tests::generate_compressed ... bench: 66691 ns/iter (+/- 3640) test tests::generate_uncompressed ... bench: 67148 ns/iter (+/- 3806) Not too shabby :) [breaking-change]
2014-08-31 20:26:02 -07:00
#[bench]
pub fn generate_compressed(bh: &mut Bencher) {
[API BREAK] Remove Rng from Secp256k1 and associated code The Rng was only used for key generation, and for BIP32 users not even then; thus hauling around a Rng is a waste of space in addition to causing a massive amount of syntactic noise. For example rust-bitcoin almost always uses `()` as the Rng; having `Secp256k1` default to a `Secp256k1<Fortuna>` then means even more syntactic noise, rather than less. Now key generation functions take a Rng as a parameter, and the rest can forget about having a Rng. This also means that the Secp256k1 context never needs a mutable reference and can be easily put into an Arc if so desired.
2015-04-12 13:54:22 -07:00
struct CounterRng(u32);
impl Rng for CounterRng {
fn next_u32(&mut self) -> u32 { self.0 += 1; self.0 }
}
let s = Secp256k1::new();
let mut r = CounterRng(0);
Generate keys from Fortuna rather than always using the OsRng When creating a Secp256k1, we attach a Fortuna CSRNG seeded from the OS RNG, rather than using the OS RNG all the time. This moves the potential RNG failure to the creation of the object, rather than at every single place that keys are generated. It also reduces trust in the operating system RNG. This does mean that Secp256k1::new() now returns an IoResult while the generate_* methods no longer return Results, so this is a breaking change. Also add a benchmark for key generation. On my system I get: test tests::generate_compressed ... bench: 492990 ns/iter (+/- 27981) test tests::generate_uncompressed ... bench: 495148 ns/iter (+/- 29829) Contrast the numbers with OsRng: test tests::generate_compressed ... bench: 66691 ns/iter (+/- 3640) test tests::generate_uncompressed ... bench: 67148 ns/iter (+/- 3806) Not too shabby :) [breaking-change]
2014-08-31 20:26:02 -07:00
bh.iter( || {
[API BREAK] expose ability to create contexts without verify or signing caps There are a lot of cases in rust-bitcoin where we need a `Secp256k1` which doesn't need any signing or verification capabilities, only checking the validity of various objects. We can get away with a bare context (i.e. no precomputation) which can be cheaply created on demand, avoiding the need to pass around references to Secp256k1 objects everywhere. API break because the following functions can now fail (given an insufficiently capable context) and therefore now return a Result: Secp256k1::generate_keypair Secp256k1::sign Secp256k1::sign_compact
2015-04-13 20:04:43 -07:00
let (sk, pk) = s.generate_keypair(&mut r, true).unwrap();
Revert "Overhaul interface to use zero-on-free SecretKeys" This reverts commit 98890907849326a0e265d0ee12d3caa232b19602. This is not ready for primetime -- the move prevention also prevents reborrowing, which makes secret keys nearly unusable.
2014-09-12 06:28:35 -07:00
black_box(sk);
black_box(pk);
Generate keys from Fortuna rather than always using the OsRng When creating a Secp256k1, we attach a Fortuna CSRNG seeded from the OS RNG, rather than using the OS RNG all the time. This moves the potential RNG failure to the creation of the object, rather than at every single place that keys are generated. It also reduces trust in the operating system RNG. This does mean that Secp256k1::new() now returns an IoResult while the generate_* methods no longer return Results, so this is a breaking change. Also add a benchmark for key generation. On my system I get: test tests::generate_compressed ... bench: 492990 ns/iter (+/- 27981) test tests::generate_uncompressed ... bench: 495148 ns/iter (+/- 29829) Contrast the numbers with OsRng: test tests::generate_compressed ... bench: 66691 ns/iter (+/- 3640) test tests::generate_uncompressed ... bench: 67148 ns/iter (+/- 3806) Not too shabby :) [breaking-change]
2014-08-31 20:26:02 -07:00
});
}
#[bench]
pub fn generate_uncompressed(bh: &mut Bencher) {
[API BREAK] Remove Rng from Secp256k1 and associated code The Rng was only used for key generation, and for BIP32 users not even then; thus hauling around a Rng is a waste of space in addition to causing a massive amount of syntactic noise. For example rust-bitcoin almost always uses `()` as the Rng; having `Secp256k1` default to a `Secp256k1<Fortuna>` then means even more syntactic noise, rather than less. Now key generation functions take a Rng as a parameter, and the rest can forget about having a Rng. This also means that the Secp256k1 context never needs a mutable reference and can be easily put into an Arc if so desired.
2015-04-12 13:54:22 -07:00
struct CounterRng(u32);
impl Rng for CounterRng {
fn next_u32(&mut self) -> u32 { self.0 += 1; self.0 }
}
let s = Secp256k1::new();
let mut r = CounterRng(0);
Generate keys from Fortuna rather than always using the OsRng When creating a Secp256k1, we attach a Fortuna CSRNG seeded from the OS RNG, rather than using the OS RNG all the time. This moves the potential RNG failure to the creation of the object, rather than at every single place that keys are generated. It also reduces trust in the operating system RNG. This does mean that Secp256k1::new() now returns an IoResult while the generate_* methods no longer return Results, so this is a breaking change. Also add a benchmark for key generation. On my system I get: test tests::generate_compressed ... bench: 492990 ns/iter (+/- 27981) test tests::generate_uncompressed ... bench: 495148 ns/iter (+/- 29829) Contrast the numbers with OsRng: test tests::generate_compressed ... bench: 66691 ns/iter (+/- 3640) test tests::generate_uncompressed ... bench: 67148 ns/iter (+/- 3806) Not too shabby :) [breaking-change]
2014-08-31 20:26:02 -07:00
bh.iter( || {
[API BREAK] expose ability to create contexts without verify or signing caps There are a lot of cases in rust-bitcoin where we need a `Secp256k1` which doesn't need any signing or verification capabilities, only checking the validity of various objects. We can get away with a bare context (i.e. no precomputation) which can be cheaply created on demand, avoiding the need to pass around references to Secp256k1 objects everywhere. API break because the following functions can now fail (given an insufficiently capable context) and therefore now return a Result: Secp256k1::generate_keypair Secp256k1::sign Secp256k1::sign_compact
2015-04-13 20:04:43 -07:00
let (sk, pk) = s.generate_keypair(&mut r, false).unwrap();
Revert "Overhaul interface to use zero-on-free SecretKeys" This reverts commit 98890907849326a0e265d0ee12d3caa232b19602. This is not ready for primetime -- the move prevention also prevents reborrowing, which makes secret keys nearly unusable.
2014-09-12 06:28:35 -07:00
black_box(sk);
black_box(pk);
Generate keys from Fortuna rather than always using the OsRng When creating a Secp256k1, we attach a Fortuna CSRNG seeded from the OS RNG, rather than using the OS RNG all the time. This moves the potential RNG failure to the creation of the object, rather than at every single place that keys are generated. It also reduces trust in the operating system RNG. This does mean that Secp256k1::new() now returns an IoResult while the generate_* methods no longer return Results, so this is a breaking change. Also add a benchmark for key generation. On my system I get: test tests::generate_compressed ... bench: 492990 ns/iter (+/- 27981) test tests::generate_uncompressed ... bench: 495148 ns/iter (+/- 29829) Contrast the numbers with OsRng: test tests::generate_compressed ... bench: 66691 ns/iter (+/- 3640) test tests::generate_uncompressed ... bench: 67148 ns/iter (+/- 3806) Not too shabby :) [breaking-change]
2014-08-31 20:26:02 -07:00
});
}
fix unused import warning
2014-08-04 16:58:57 -07:00
}