[WIP] Merge our own rust-secp256k1-zkp into rust-bitcoin/rust-secp256k1-zkp #1
Conversation
src/ecdh.rs
Outdated
|
|
||
| #[test] | ||
| fn ecdh_with_hash_callback() { | ||
| let s = Secp256k1::signing_only(); | ||
| let (sk1, pk1) = s.generate_keypair(&mut thread_rng()); | ||
| let expect_result: [u8; 64] = [123; 64]; | ||
| let mut x_out = [0u8; 32]; | ||
| let mut y_out = [0u8; 32]; | ||
| let result = SharedSecret::new_with_hash(&pk1, &sk1, |x, y| { | ||
| x_out = x; | ||
| y_out = y; | ||
| expect_result.into() | ||
| }); | ||
| assert_eq!(&expect_result[..], &result[..]); | ||
| assert_ne!(x_out, [0u8; 32]); | ||
| assert_ne!(y_out, [0u8; 32]); | ||
| } | ||
|
|
||
| #[test] | ||
| fn test_c_callback() { | ||
| let x = [5u8; 32]; | ||
| let y = [7u8; 32]; | ||
| let mut output = [0u8; 64]; | ||
| let res = unsafe { super::c_callback(output.as_mut_ptr(), x.as_ptr(), y.as_ptr(), ::ptr::null_mut()) }; | ||
| assert_eq!(res, 1); | ||
| let mut new_x = [0u8; 32]; | ||
| let mut new_y = [0u8; 32]; | ||
| new_x.copy_from_slice(&output[..32]); | ||
| new_y.copy_from_slice(&output[32..]); | ||
| assert_eq!(x, new_x); | ||
| assert_eq!(y, new_y); | ||
| } |
There was a problem hiding this comment.
I've reintroduced both tests along with the unsafe c_callback function. However for some reason x_out is NOT null thus the ecdh_with_hash_callback test fails.
There was a problem hiding this comment.
Do we have any idea why the test is failing here?
| #[inline] | ||
| /// Negates one secret key. | ||
| pub fn negate_assign( | ||
| &mut self | ||
| ) { | ||
| unsafe { | ||
| let res = ffi::secp256k1_ec_seckey_negate( | ||
| let res = ffi::secp256k1_ec_privkey_negate( |
There was a problem hiding this comment.
These APIs are deprecated upstream. It would be a good idea to update the FFI library to use the latest seckey version.
There was a problem hiding this comment.
Couldn't agree more. For now, I think it's safe to use the deprecated one until someone add the newer function into our secp256k1-zkp.
| @@ -258,239 +300,128 @@ impl hash::Hash for KeyPair { | |||
| } | |||
|
|
|||
| extern "C" { | |||
| /// Default ECDH hash function | |||
| #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_4_0_ecdh_hash_function_default")] | |||
| // Extra keys | ||
| #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_4_0_keypair_create")] | ||
| pub fn secp256k1_keypair_create( | ||
| cx: *const Context, | ||
| keypair: *mut KeyPair, | ||
| seckey: *const c_uchar, | ||
| ) -> c_int; | ||
|
|
||
| #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_4_0_xonly_pubkey_parse")] | ||
| pub fn secp256k1_xonly_pubkey_parse( | ||
| cx: *const Context, | ||
| pubkey: *mut XOnlyPublicKey, | ||
| input32: *const c_uchar, | ||
| ) -> c_int; | ||
|
|
||
| #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_4_0_xonly_pubkey_serialize")] | ||
| pub fn secp256k1_xonly_pubkey_serialize( | ||
| cx: *const Context, | ||
| output32: *mut c_uchar, | ||
| pubkey: *const XOnlyPublicKey, | ||
| ) -> c_int; | ||
|
|
||
| #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_4_0_xonly_pubkey_from_pubkey")] | ||
| pub fn secp256k1_xonly_pubkey_from_pubkey( | ||
| cx: *const Context, | ||
| xonly_pubkey: *mut XOnlyPublicKey, | ||
| pk_parity: *mut c_int, | ||
| pubkey: *const PublicKey, | ||
| ) -> c_int; | ||
|
|
||
| #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_4_0_xonly_pubkey_tweak_add")] | ||
| pub fn secp256k1_xonly_pubkey_tweak_add( | ||
| cx: *const Context, | ||
| output_pubkey: *mut PublicKey, | ||
| internal_pubkey: *const XOnlyPublicKey, | ||
| tweak32: *const c_uchar, | ||
| ) -> c_int; | ||
|
|
||
| #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_4_0_keypair_xonly_pub")] | ||
| pub fn secp256k1_keypair_xonly_pub( | ||
| cx: *const Context, | ||
| pubkey: *mut XOnlyPublicKey, | ||
| pk_parity: *mut c_int, | ||
| keypair: *const KeyPair | ||
| ) -> c_int; | ||
|
|
||
| #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_4_0_keypair_xonly_tweak_add")] | ||
| pub fn secp256k1_keypair_xonly_tweak_add( | ||
| cx: *const Context, | ||
| keypair: *mut KeyPair, | ||
| tweak32: *const c_uchar, | ||
| ) -> c_int; | ||
|
|
||
| #[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_4_0_xonly_pubkey_tweak_add_check")] | ||
| pub fn secp256k1_xonly_pubkey_tweak_add_check( | ||
| cx: *const Context, | ||
| tweaked_pubkey32: *const c_uchar, | ||
| tweaked_pubkey_parity: c_int, | ||
| internal_pubkey: *const XOnlyPublicKey, | ||
| tweak32: *const c_uchar, | ||
| ) -> c_int; |
There was a problem hiding this comment.
All of these functions does not yet exist in https://github.com/mimblewimble/secp256k1-zkp
There was a problem hiding this comment.
Can we leave these in and stub them out (for now) in the lib? This would allow us to remain closer to upstream here.
| @@ -530,7 +749,7 @@ extern "C" { | |||
| // In: flags: which parts of the context to initialize. | |||
| #[no_mangle] | |||
| #[cfg(all(feature = "std", not(rust_secp_no_symbol_renaming)))] | |||
| pub unsafe extern "C" fn rustsecp256k1_v0_4_0_context_create(flags: c_uint) -> *mut Context { | |||
There was a problem hiding this comment.
nit: Since upstream uses symbol renaming to prevent collisions, maybe keeping this convention is a good idea? Pretty minor, though.
It is annoying when doing development that has functionally the same library for most of it, but preventing symbol collision could improve security.
|
|
||
| /// Verifies that sig is msg32||pk[32..] | ||
| pub unsafe fn secp256k1_schnorrsig_verify( | ||
| cx: *const Context, | ||
| sig64: *const c_uchar, | ||
| msg32: *const c_uchar, | ||
| pubkey: *const XOnlyPublicKey, | ||
| ) -> c_int { | ||
| // Check context is built for verification | ||
| let mut new_pk = PublicKey::new(); | ||
| let _ = secp256k1_xonly_pubkey_tweak_add(cx, &mut new_pk, pubkey, msg32); | ||
| // Actually verify | ||
| let sig_sl = slice::from_raw_parts(sig64 as *const u8, 64); | ||
| let msg_sl = slice::from_raw_parts(msg32 as *const u8, 32); | ||
| if &sig_sl[..32] == msg_sl && sig_sl[32..] == (*pubkey).0[..32] { | ||
| 1 | ||
| } else { | ||
| 0 | ||
| } | ||
| } | ||
|
|
||
| /// Sets sig to msg32||pk[..32] | ||
| pub unsafe fn secp256k1_schnorrsig_sign( | ||
| cx: *const Context, | ||
| sig64: *mut c_uchar, | ||
| msg32: *const c_uchar, | ||
| keypair: *const KeyPair, | ||
| noncefp: SchnorrNonceFn, | ||
| noncedata: *const c_void | ||
| ) -> c_int { | ||
| // Check context is built for signing | ||
| let mut new_kp = KeyPair::new(); | ||
| if secp256k1_keypair_create(cx, &mut new_kp, (*keypair).0.as_ptr()) != 1 { | ||
| return 0; | ||
| } | ||
| assert_eq!(new_kp, *keypair); | ||
| // Sign | ||
| let sig_sl = slice::from_raw_parts_mut(sig64 as *mut u8, 64); | ||
| let msg_sl = slice::from_raw_parts(msg32 as *const u8, 32); | ||
| sig_sl[..32].copy_from_slice(msg_sl); | ||
| sig_sl[32..].copy_from_slice(&new_kp.0[32..64]); | ||
| 1 | ||
| } |
There was a problem hiding this comment.
Why were these removed from the fuzzing mocks?
| /// The maximum size of a message embedded in a range proof | ||
| #[cfg(not(feature = "bullet-proof-sizing"))] | ||
| pub const PROOF_MSG_SIZE: usize = 2048; | ||
| #[cfg(feature = "bullet-proof-sizing")] | ||
| pub const PROOF_MSG_SIZE: usize = 2048; |
There was a problem hiding this comment.
Why the conditional compilation with the same values?
There was a problem hiding this comment.
This is directly taken from the base repo https://github.com/mimblewimble/rust-secp256k1-zkp. I agree that it does not make sense for me too. I'd think about removing the not case.
There was a problem hiding this comment.
I'm guessing this is a holdover from an old change somewhere. Presumably they used to have different values.
Should be no problem removing this conditional logic.
|
Did an initial review with some questions, and a couple minor suggestions. Skipped reviewing Will review those files when this is closer to being final. |
| @@ -1,26 +0,0 @@ | |||
| 13,37d12 | |||
There was a problem hiding this comment.
Instead of making secp256k1-zkp a submodule, it would be easier to track changes against upstream with those files inline.
What are your thoughts on including secp256k1-zkp in a future version of this PR?
There was a problem hiding this comment.
Yeah I'm wondering that too. I'd be closer to upstream too.
| /// The maximum size of a message embedded in a range proof | ||
| #[cfg(not(feature = "bullet-proof-sizing"))] | ||
| pub const PROOF_MSG_SIZE: usize = 2048; | ||
| #[cfg(feature = "bullet-proof-sizing")] | ||
| pub const PROOF_MSG_SIZE: usize = 2048; |
There was a problem hiding this comment.
I'm guessing this is a holdover from an old change somewhere. Presumably they used to have different values.
Should be no problem removing this conditional logic.
| @@ -1,784 +0,0 @@ | |||
| //! # schnorrsig | |||
There was a problem hiding this comment.
Is this removed because we do not use this?
Does it make it harder to keep this fork sync'd with upstream if we remove this? Is it worth considering leaving it in for ease of keeping the repo up to date?
| @@ -1,2 +0,0 @@ | |||
| # This file was automatically created by ./vendor-libsecp.sh | |||
There was a problem hiding this comment.
Probably a dumb question but we are doing this to use the mimblewimble specific libs here?
And it replaces all the removed vendored code below?
| .map($mapfn) | ||
| .collect::<Vec<_>>(); | ||
| } | ||
| } |
| @@ -144,7 +145,8 @@ mod context; | |||
| pub mod constants; | |||
| pub mod ecdh; | |||
| pub mod key; | |||
| pub mod schnorrsig; | |||
There was a problem hiding this comment.
See comment below. Is it worth leaving schnorrsig in place and simply not exposing it here?
As titled. Work in progress.