Merge branch 'ci-add-gitlab' of https://github.com/paritytech/rust-secp256k1 into ci-add-gitlab

Author: gabreal

Cargo.toml

@@ -31,4 +31,5 @@ clippy = {version = "0.0", optional = true}
 rand = "0.6"
 
 [dev-dependencies]
-hex = "0.3.1"
+hex-literal = "0.2"
+rand_core = "0.4.2"

depend/secp256k1/src/ext.c

@@ -7,33 +7,21 @@
 
 #include "src/secp256k1.c"
 
+
+static int ecdh_hash_function_raw(unsigned char *output, const unsigned char *x, const unsigned char *y, void *data) {
+    (void)y;
+    (void)data;
+
+    memcpy(output, x, 32);
+
+    return 1;
+}
+
+const secp256k1_ecdh_hash_function secp256k1_ecdh_hash_function_raw = ecdh_hash_function_raw;
+
 int secp256k1_ecdh_raw(const secp256k1_context* ctx, unsigned char *result, const secp256k1_pubkey *point, const unsigned char *scalar)
 {
-	int ret = 0;
-	int overflow = 0;
-	secp256k1_gej res;
-	secp256k1_ge pt;
-	secp256k1_scalar s;
-	ARG_CHECK(result != NULL);
-	ARG_CHECK(point != NULL);
-	ARG_CHECK(scalar != NULL);
-
-	secp256k1_pubkey_load(ctx, &pt, point);
-	secp256k1_scalar_set_b32(&s, scalar, &overflow);
-	if (overflow || secp256k1_scalar_is_zero(&s))
-		ret = 0;
-	else
-	{
-		secp256k1_ecmult_const(&res, &pt, &s, 256);
-		secp256k1_ge_set_gej(&pt, &res);
-		secp256k1_fe_normalize(&pt.x);
-		secp256k1_fe_normalize(&pt.y);
-		secp256k1_fe_get_b32(result, &pt.x);
-		ret = 1;
-	}
-
-	secp256k1_scalar_clear(&s);
-	return ret;
+    return secp256k1_ecdh(ctx, result, point, scalar, secp256k1_ecdh_hash_function_raw, NULL);
 }
 
 /// Returns inverse (1 / n) of secret key `seckey`

src/ecdh.rs

@@ -33,7 +33,12 @@ impl SharedSecret {
     pub fn new(secp: &Secp256k1, point: &PublicKey, scalar: &SecretKey) -> SharedSecret {
         unsafe {
             let mut ss = ffi::SharedSecret::blank();
-            let res = ffi::secp256k1_ecdh(secp.ctx, &mut ss, point.as_ptr(), scalar.as_ptr());
+            let res = ffi::secp256k1_ecdh(secp.ctx,
+                                          &mut ss,
+                                          point.as_ptr(),
+                                          scalar.as_ptr(),
+                                          ffi::secp256k1_ecdh_hash_function_default,
+                                          std::ptr::null_mut());
             debug_assert_eq!(res, 1);
             SharedSecret(ss)
         }
@@ -120,6 +125,19 @@ mod tests {
         assert_eq!(sec1, sec2);
         assert!(sec_odd != sec2);
     }
+
+    #[test]
+    fn ecdh_raw() {
+        let s = Secp256k1::with_caps(::ContextFlag::SignOnly);
+        let (sk1, pk1) = s.generate_keypair(&mut thread_rng()).unwrap();
+        let (sk2, pk2) = s.generate_keypair(&mut thread_rng()).unwrap();
+
+        let sec1 = SharedSecret::new_raw(&s, &pk1, &sk2);
+        let sec2 = SharedSecret::new_raw(&s, &pk2, &sk1);
+        let sec_odd = SharedSecret::new_raw(&s, &pk1, &sk1);
+        assert_eq!(sec1, sec2);
+        assert!(sec_odd != sec2);
+    }
 }
 
 #[cfg(all(test, feature = "unstable"))]

src/ffi.rs

@@ -45,6 +45,22 @@ pub type NonceFn = unsafe extern "C" fn(nonce32: *mut c_uchar,
                                         attempt: c_uint,
                                         data: *const c_void);
 
+/// A pointer to a function that applies a hash function to a point
+///
+/// Returns: 1 if a point was successfully hashed. 0 will cause ecdh to fail
+///
+/// Out:    output:     pointer to an array to be filled by the function
+/// In:     x:          pointer to a 32-byte x coordinate
+///         y:          pointer to a 32-byte y coordinate
+///         data:       Arbitrary data pointer that is passed through
+///
+pub type EcdhHashFn = unsafe extern "C" fn(output: *mut c_uchar,
+                                           x: *const c_uchar,
+                                           y: *const c_uchar,
+                                           data: *mut c_void)
+                                           -> c_int;
+
+
 
 /// A Secp256k1 context, containing various precomputed values and such
 /// needed to do elliptic curve computations. If you create one of these
@@ -116,6 +132,10 @@ extern "C" {
 
     pub static secp256k1_nonce_function_default: NonceFn;
 
+    pub static secp256k1_ecdh_hash_function_sha256: EcdhHashFn;
+
+    pub static secp256k1_ecdh_hash_function_default: EcdhHashFn;
+
     // Contexts
     pub fn secp256k1_context_create(flags: c_uint) -> *mut Context;
 
@@ -202,27 +222,6 @@ extern "C" {
                                    msg32: *const c_uchar)
                                    -> c_int;
 
-    // Schnorr
-    pub fn secp256k1_schnorr_sign(cx: *const Context,
-                                  sig64: *mut c_uchar,
-                                  msg32: *const c_uchar,
-                                  sk: *const c_uchar,
-                                  noncefn: NonceFn,
-                                  noncedata: *const c_void)
-                                  -> c_int;
-
-    pub fn secp256k1_schnorr_verify(cx: *const Context,
-                                    sig64: *const c_uchar,
-                                    msg32: *const c_uchar,
-                                    pk: *const PublicKey)
-                                    -> c_int;
-
-    pub fn secp256k1_schnorr_recover(cx: *const Context,
-                                     pk: *mut PublicKey,
-                                     sig64: *const c_uchar,
-                                     msg32: *const c_uchar)
-                                     -> c_int;
-
     // EC
     pub fn secp256k1_ec_seckey_verify(cx: *const Context,
                                       sk: *const c_uchar) -> c_int;
@@ -262,14 +261,16 @@ extern "C" {
     pub fn secp256k1_ecdh(cx: *const Context,
                           out: *mut SharedSecret,
                           point: *const PublicKey,
-                          scalar: *const c_uchar)
+                          scalar: *const c_uchar,
+                          hash_fn: EcdhHashFn,
+                          data: *mut c_void)
                           -> c_int;
 
     pub fn secp256k1_ecdh_raw(cx: *const Context,
-                          out: *mut SharedSecret,
-                          point: *const PublicKey,
-                          scalar: *const c_uchar)
-                          -> c_int;
+                              out: *mut SharedSecret,
+                              point: *const PublicKey,
+                              scalar: *const c_uchar)
+                              -> c_int;
 
     pub fn secp256k1_ec_privkey_inverse(cx: *const Context,
                           out: *mut c_uchar,

src/key.rs

@@ -285,7 +285,7 @@ mod test {
     use super::{PublicKey, SecretKey};
     use super::super::constants;
 
-    use rand::{Rng, thread_rng};
+    use rand::{RngCore, thread_rng};
 
     #[test]
     fn skey_from_slice() {
@@ -378,8 +378,9 @@ mod test {
     fn test_out_of_range() {
 
         struct BadRng(u8);
-        impl Rng for BadRng {
+        impl RngCore for BadRng {
             fn next_u32(&mut self) -> u32 { unimplemented!() }
+            fn next_u64(&mut self) -> u64 { unimplemented!() }
             // This will set a secret key to a little over the
             // group order, then decrement with repeated calls
             // until it returns a valid key
@@ -394,6 +395,9 @@ mod test {
                 data[31] = self.0;
                 self.0 -= 1;
             }
+            fn try_fill_bytes(&mut self, dest: &mut [u8]) -> Result<(), rand::Error> {
+                Ok(self.fill_bytes(dest))
+            }
         }
 
         let s = Secp256k1::new();
@@ -420,16 +424,28 @@ mod test {
                    Err(InvalidPublicKey));
     }
 
-    #[test]
-    fn test_debug_output() {
-        struct DumbRng(u32);
-        impl Rng for DumbRng {
-            fn next_u32(&mut self) -> u32 {
-                self.0 = self.0.wrapping_add(1);
-                self.0
-            }
+    struct DumbRng(u32);
+    impl RngCore for DumbRng {
+        fn next_u32(&mut self) -> u32 {
+            self.0 = self.0.wrapping_add(1);
+            self.0
+        }
+        fn next_u64(&mut self) -> u64 {
+            let hi = self.next_u32();
+            let lo = self.next_u32();
+            ((hi as u64) << 32 | lo as u64)
+        }
+        fn fill_bytes(&mut self, data: &mut [u8]) {
+            rand_core::impls::fill_bytes_via_next(self, data);
+        }
+        fn try_fill_bytes(&mut self, dest: &mut [u8]) -> Result<(), rand::Error> {
+            Ok(self.fill_bytes(dest))
         }
+    }
+
 
+    #[test]
+    fn test_debug_output() {
         let s = Secp256k1::new();
         let (sk, _) = s.generate_keypair(&mut DumbRng(0)).unwrap();
 
@@ -439,14 +455,6 @@ mod test {
 
     #[test]
     fn test_pubkey_serialize() {
-        struct DumbRng(u32);
-        impl Rng for DumbRng {
-            fn next_u32(&mut self) -> u32 {
-                self.0 = self.0.wrapping_add(1);
-                self.0
-            }
-        }
-
         let s = Secp256k1::new();
         let (_, pk1) = s.generate_keypair(&mut DumbRng(0)).unwrap();
         assert_eq!(&pk1.serialize_vec(&s, false)[..],

src/lib.rs

@@ -42,6 +42,11 @@
 extern crate arrayvec;
 
 pub extern crate rand;
+#[cfg(test)]
+extern crate rand_core;
+#[cfg(test)]
+#[macro_use]
+extern crate hex_literal;
 
 use std::{error, fmt, ops, ptr};
 use rand::Rng;
@@ -52,7 +57,6 @@ pub mod constants;
 pub mod ecdh;
 pub mod ffi;
 pub mod key;
-pub mod schnorr;
 
 /// A tag used for recovering the public key from a compact signature
 #[derive(Copy, Clone, PartialEq, Eq, Debug)]
@@ -536,17 +540,14 @@ impl Secp256k1 {
 
 #[cfg(test)]
 mod tests {
-    extern crate hex;
-    use rand::{Rng, thread_rng};
+    use rand::{RngCore, thread_rng};
 
     use key::{SecretKey, PublicKey};
     use super::constants;
     use super::{Secp256k1, Signature, RecoverableSignature, Message, RecoveryId, ContextFlag};
     use super::Error::{InvalidMessage, InvalidPublicKey, IncorrectSignature, InvalidSignature,
                        IncapableContext};
 
-    macro_rules! hex (($hex:expr) => (hex::decode($hex).unwrap()));
-
     #[test]
     fn capabilities() {
         let none = Secp256k1::with_caps(ContextFlag::None);