From bd24a81e56f06de87f0632988c6be1e7b292fdcc Mon Sep 17 00:00:00 2001 From: Tibo-lg Date: Mon, 26 Dec 2022 21:10:22 +0900 Subject: [PATCH] Update to secp 0.25 and secp-sys 0.7 --- Cargo.toml | 2 +- secp256k1-zkp-sys/Cargo.toml | 2 +- secp256k1-zkp-sys/src/zkp.rs | 58 +++++++++++++++++++++++++++++------- src/zkp/ecdsa_adaptor.rs | 18 ++++++----- src/zkp/generator.rs | 9 +++--- src/zkp/pedersen.rs | 18 +++++++---- src/zkp/rangeproof.rs | 14 +++++---- src/zkp/surjection_proof.rs | 11 +++---- src/zkp/whitelist.rs | 8 ++--- 9 files changed, 97 insertions(+), 43 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 1e7bf600..0d62f188 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -31,7 +31,7 @@ use-serde = ["serde", "secp256k1/serde"] use-rand = ["rand", "secp256k1/rand"] [dependencies] -secp256k1 = "0.24.0" +secp256k1 = "0.25.0" secp256k1-zkp-sys = { version = "0.7.0", default-features = false, path = "./secp256k1-zkp-sys" } rand = { version = "0.8", default-features = false, optional = true } serde = { version = "1.0", default-features = false, optional = true } diff --git a/secp256k1-zkp-sys/Cargo.toml b/secp256k1-zkp-sys/Cargo.toml index 27ad68f9..c090dde6 100644 --- a/secp256k1-zkp-sys/Cargo.toml +++ b/secp256k1-zkp-sys/Cargo.toml @@ -23,7 +23,7 @@ features = [ "recovery", "lowmemory" ] cc = "1.0.28" [dependencies] -secp256k1-sys = "0.6.0" +secp256k1-sys = "0.7.0" [features] default = ["std"] diff --git a/secp256k1-zkp-sys/src/zkp.rs b/secp256k1-zkp-sys/src/zkp.rs index 75bd1992..dba7ff70 100644 --- a/secp256k1-zkp-sys/src/zkp.rs +++ b/secp256k1-zkp-sys/src/zkp.rs @@ -1,4 +1,7 @@ -use core::{fmt, hash}; +use core::{ + fmt, + hash::{self, Hash}, +}; use {types::*, Context, PublicKey, Signature}; /// Rangeproof maximum length @@ -472,6 +475,8 @@ impl RangeProof { } #[repr(C)] +#[derive(Copy, Clone)] +#[cfg_attr(not(fuzzing), derive(Eq, PartialEq, Hash, Ord, PartialOrd))] pub struct Tag([c_uchar; 32]); impl_array_newtype!(Tag, c_uchar, 32); impl_raw_debug!(Tag); @@ -502,6 +507,7 @@ impl From for [u8; 32] { // TODO: Replace this with ffi::PublicKey? #[repr(C)] +#[derive(Copy, Clone)] pub struct PedersenCommitment([c_uchar; 64]); impl_array_newtype!(PedersenCommitment, c_uchar, 64); impl_raw_debug!(PedersenCommitment); @@ -518,6 +524,23 @@ impl Default for PedersenCommitment { } } +#[cfg(not(fuzzing))] +impl PartialEq for PedersenCommitment { + fn eq(&self, other: &Self) -> bool { + &self.0[..] == &other.0[..] + } +} + +#[cfg(not(fuzzing))] +impl Eq for PedersenCommitment {} + +#[cfg(not(fuzzing))] +impl Hash for PedersenCommitment { + fn hash(&self, state: &mut H) { + self.0.hash(state); + } +} + /// A ring signature for the "whitelist" scheme. #[repr(C)] #[derive(Clone)] @@ -566,22 +589,37 @@ pub type EcdsaAdaptorNonceFn = Option< >; #[repr(C)] +#[derive(Copy, Clone)] pub struct EcdsaAdaptorSignature([u8; ECDSA_ADAPTOR_SIGNATURE_LENGTH]); impl_array_newtype!(EcdsaAdaptorSignature, u8, ECDSA_ADAPTOR_SIGNATURE_LENGTH); impl_raw_debug!(EcdsaAdaptorSignature); -impl From<[u8; 162]> for EcdsaAdaptorSignature { - fn from(bytes: [u8; ECDSA_ADAPTOR_SIGNATURE_LENGTH]) -> Self { - EcdsaAdaptorSignature(bytes) +impl EcdsaAdaptorSignature { + /// Create a new (zeroed) ecdsa adaptor signature usable for the FFI interface + pub fn new() -> Self { + EcdsaAdaptorSignature([0u8; ECDSA_ADAPTOR_SIGNATURE_LENGTH]) } -} -impl EcdsaAdaptorSignature { - pub fn new() -> EcdsaAdaptorSignature { - EcdsaAdaptorSignature([0; ECDSA_ADAPTOR_SIGNATURE_LENGTH]) + /// Create a new ecdsa adaptor signature usable for the FFI interface from raw bytes + /// + /// # Safety + /// + /// Does not check the validity of the underlying representation. If it is + /// invalid the result may be assertation failures (and process aborts) from + /// the underlying library. You should not use this method except with data + /// that you obtained from the FFI interface of the same version of this + /// library. + pub unsafe fn from_array_unchecked(data: [c_uchar; ECDSA_ADAPTOR_SIGNATURE_LENGTH]) -> Self { + Self(data) } +} - pub fn as_bytes(&self) -> &[u8; ECDSA_ADAPTOR_SIGNATURE_LENGTH] { - &self.0 +#[cfg(not(fuzzing))] +impl PartialEq for EcdsaAdaptorSignature { + fn eq(&self, other: &Self) -> bool { + &self.0[..] == &other.0[..] } } + +#[cfg(not(fuzzing))] +impl Eq for EcdsaAdaptorSignature {} diff --git a/src/zkp/ecdsa_adaptor.rs b/src/zkp/ecdsa_adaptor.rs index 6606c722..ba12a902 100644 --- a/src/zkp/ecdsa_adaptor.rs +++ b/src/zkp/ecdsa_adaptor.rs @@ -24,7 +24,7 @@ pub struct EcdsaAdaptorSignature(ffi::EcdsaAdaptorSignature); impl fmt::LowerHex for EcdsaAdaptorSignature { fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { - for ch in self.0.as_bytes().iter() { + for ch in self.0.as_ref().iter() { write!(f, "{:02x}", ch)?; } Ok(()) @@ -56,7 +56,7 @@ impl ::serde::Serialize for EcdsaAdaptorSignature { if s.is_human_readable() { s.collect_str(self) } else { - s.serialize_bytes(self.0.as_bytes()) + s.serialize_bytes(self.0.as_ref()) } } } @@ -102,7 +102,11 @@ impl EcdsaAdaptorSignature { ECDSA_ADAPTOR_SIGNATURE_LENGTH => { let mut ret = [0; ECDSA_ADAPTOR_SIGNATURE_LENGTH]; ret[..].copy_from_slice(data); - Ok(EcdsaAdaptorSignature(ffi::EcdsaAdaptorSignature::from(ret))) + unsafe { + Ok(EcdsaAdaptorSignature( + ffi::EcdsaAdaptorSignature::from_array_unchecked(ret), + )) + } } _ => Err(Error::InvalidEcdsaAdaptorSignature), } @@ -169,7 +173,7 @@ impl EcdsaAdaptorSignature { let res = unsafe { ffi::secp256k1_ecdsa_adaptor_encrypt( - *secp.ctx(), + secp.ctx().as_ptr(), &mut adaptor_sig, sk.as_c_ptr(), enckey.as_c_ptr(), @@ -198,7 +202,7 @@ impl EcdsaAdaptorSignature { let res = unsafe { ffi::secp256k1_ecdsa_adaptor_encrypt( - *secp.ctx(), + secp.ctx().as_ptr(), &mut adaptor_sig, sk.as_c_ptr(), enckey.as_c_ptr(), @@ -242,7 +246,7 @@ impl EcdsaAdaptorSignature { let ret = unsafe { ffi::secp256k1_ecdsa_adaptor_recover( - *secp.ctx(), + secp.ctx().as_ptr(), data.as_mut_c_ptr(), sig.as_c_ptr(), self.as_c_ptr(), @@ -267,7 +271,7 @@ impl EcdsaAdaptorSignature { ) -> Result<(), Error> { let res = unsafe { ffi::secp256k1_ecdsa_adaptor_verify( - *secp.ctx(), + secp.ctx().as_ptr(), self.as_c_ptr(), pubkey.as_c_ptr(), msg.as_c_ptr(), diff --git a/src/zkp/generator.rs b/src/zkp/generator.rs index 7f684c25..d673141f 100644 --- a/src/zkp/generator.rs +++ b/src/zkp/generator.rs @@ -8,7 +8,8 @@ use rand::Rng; /// /// Contrary to a [`crate::SecretKey`], the value 0 is also a valid tweak. /// Values outside secp curve order are invalid tweaks. -#[derive(Default)] +#[derive(Default, Copy, Clone)] +#[cfg_attr(not(fuzzing), derive(Eq, PartialEq))] pub struct Tweak([u8; constants::SECRET_KEY_SIZE]); impl_array_newtype!(Tweak, u8, constants::SECRET_KEY_SIZE); @@ -156,10 +157,10 @@ impl Generator { let ret = unsafe { ffi::secp256k1_generator_generate_blinded( - *secp.ctx(), + secp.ctx().as_ptr(), &mut generator, - tag.into_inner().as_ptr(), - blinding_factor.as_ptr(), + tag.into_inner().as_c_ptr(), + blinding_factor.as_c_ptr(), ) }; assert_eq!(ret, 1); diff --git a/src/zkp/pedersen.rs b/src/zkp/pedersen.rs index 71e256a5..d5b9b5a0 100644 --- a/src/zkp/pedersen.rs +++ b/src/zkp/pedersen.rs @@ -1,3 +1,5 @@ +use ffi::CPtr; + use crate::ffi; use crate::{from_hex, Error, Generator, Secp256k1, Signing, Tweak, ZERO_TWEAK}; use core::{fmt, slice, str}; @@ -58,9 +60,9 @@ impl PedersenCommitment { let ret = unsafe { ffi::secp256k1_pedersen_commit( - *secp.ctx(), + secp.ctx().as_ptr(), &mut commitment, - blinding_factor.as_ptr(), + blinding_factor.as_c_ptr(), value, generator.as_inner(), ) @@ -141,12 +143,12 @@ pub fn compute_adaptive_blinding_factor( let (vbf, gbf) = secrets .iter_mut() - .map(|(s_v, s_g)| (s_v.as_mut_ptr(), s_g.as_ptr())) + .map(|(s_v, s_g)| (s_v.as_mut_c_ptr(), s_g.as_c_ptr())) .unzip::<_, _, Vec<_>, Vec<_>>(); let ret = unsafe { ffi::secp256k1_pedersen_blind_generator_blind_sum( - *secp.ctx(), + secp.ctx().as_ptr(), values.as_ptr(), gbf.as_ptr(), vbf.as_ptr(), @@ -172,7 +174,13 @@ pub fn verify_commitments_sum_to_equal( let b = b.iter().map(|c| &c.0).collect::>(); let ret = unsafe { - ffi::secp256k1_pedersen_verify_tally(*secp.ctx(), a.as_ptr(), a.len(), b.as_ptr(), b.len()) + ffi::secp256k1_pedersen_verify_tally( + secp.ctx().as_ptr(), + a.as_ptr(), + a.len(), + b.as_ptr(), + b.len(), + ) }; ret == 1 diff --git a/src/zkp/rangeproof.rs b/src/zkp/rangeproof.rs index 67626644..bb48a83f 100644 --- a/src/zkp/rangeproof.rs +++ b/src/zkp/rangeproof.rs @@ -1,3 +1,5 @@ +use ffi::CPtr; + use crate::ffi::RANGEPROOF_MAX_LENGTH; use crate::from_hex; use crate::Error; @@ -81,13 +83,13 @@ impl RangeProof { let ret = unsafe { ffi::secp256k1_rangeproof_sign( - *secp.ctx(), + secp.ctx().as_ptr(), proof.as_mut_ptr(), &mut proof_length, min_value, commitment.as_inner(), - commitment_blinding.as_ptr(), - sk.as_ptr(), + commitment_blinding.as_c_ptr(), + sk.as_c_ptr(), exp, min_bits as i32, value, @@ -123,7 +125,7 @@ impl RangeProof { let ret = unsafe { ffi::secp256k1_rangeproof_verify( - *secp.ctx(), + secp.ctx().as_ptr(), &mut min_value, &mut max_value, commitment.as_inner(), @@ -164,12 +166,12 @@ impl RangeProof { let ret = unsafe { ffi::secp256k1_rangeproof_rewind( - *secp.ctx(), + secp.ctx().as_ptr(), blinding_factor.as_mut_ptr(), &mut value, message.as_mut_ptr(), &mut message_length, - sk.as_ptr(), + sk.as_c_ptr(), &mut min_value, &mut max_value, commitment.as_inner(), diff --git a/src/zkp/surjection_proof.rs b/src/zkp/surjection_proof.rs index 755091b7..fea11ea0 100644 --- a/src/zkp/surjection_proof.rs +++ b/src/zkp/surjection_proof.rs @@ -15,6 +15,7 @@ pub struct SurjectionProof { mod with_rand { use super::*; use crate::{Signing, Tag, Tweak}; + use ffi::CPtr; use rand::Rng; impl SurjectionProof { @@ -49,7 +50,7 @@ mod with_rand { let ret = unsafe { ffi::secp256k1_surjectionproof_initialize( - *secp.ctx(), + secp.ctx().as_ptr(), &mut proof, &mut domain_index, domain_tags.as_ptr(), @@ -70,7 +71,7 @@ mod with_rand { let ret = unsafe { ffi::secp256k1_surjectionproof_generate( - *secp.ctx(), + secp.ctx().as_ptr(), &mut proof, domain_blinded_tags.as_ptr(), domain.len(), @@ -80,8 +81,8 @@ mod with_rand { .get(domain_index) .ok_or(Error::CannotProveSurjection)? .2 - .as_ptr(), // TODO: Return dedicated error here? - codomain_blinding_factor.as_ptr(), + .as_c_ptr(), // TODO: Return dedicated error here? + codomain_blinding_factor.as_c_ptr(), ) }; @@ -168,7 +169,7 @@ impl SurjectionProof { let ret = unsafe { ffi::secp256k1_surjectionproof_verify( - *secp.ctx(), + secp.ctx().as_ptr(), &self.inner, domain_blinded_tags.as_ptr(), domain_blinded_tags.len(), diff --git a/src/zkp/whitelist.rs b/src/zkp/whitelist.rs index c96be9bc..ca28d4ee 100644 --- a/src/zkp/whitelist.rs +++ b/src/zkp/whitelist.rs @@ -82,15 +82,15 @@ impl WhitelistSignature { let mut sig = ffi::WhitelistSignature::default(); let ret = unsafe { ffi::secp256k1_whitelist_sign( - *secp.ctx(), + secp.ctx().as_ptr(), &mut sig, // These two casts are legit because PublicKey has repr(transparent). online_keys.as_c_ptr() as *const ffi::PublicKey, offline_keys.as_c_ptr() as *const ffi::PublicKey, n_keys, whitelist_key.as_c_ptr(), - online_secret_key.as_ptr(), - summed_secret_key.as_ptr(), + online_secret_key.as_c_ptr(), + summed_secret_key.as_c_ptr(), key_index, ) }; @@ -116,7 +116,7 @@ impl WhitelistSignature { let ret = unsafe { ffi::secp256k1_whitelist_verify( - *secp.ctx(), + secp.ctx().as_ptr(), &self.0, // These two casts are legit because PublicKey has repr(transparent). online_keys.as_c_ptr() as *const ffi::PublicKey,