diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index c7ff0a3..5ef9966 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -107,4 +107,4 @@ jobs: toolchain: ${{ matrix.rust }} override: true - name: Running cargo in release mode - run: cargo test --features="global-context" --release + run: cargo update -p cc --precise 1.0.94 && cargo test --features="global-context" --release diff --git a/Cargo.toml b/Cargo.toml index 473286e..d70be09 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -33,7 +33,7 @@ rand = ["actual-rand", "secp256k1/rand"] [dependencies] actual-serde = { package = "serde", version = "1.0", default-features = false, optional = true } actual-rand = { package = "rand", version = "0.8", default-features = false, optional = true } -secp256k1 = "0.28.0" +secp256k1 = "0.29.0" secp256k1-zkp-sys = { version = "0.9.0", default-features = false, path = "./secp256k1-zkp-sys" } internals = { package = "bitcoin-private", version = "0.1.0" } @@ -46,3 +46,6 @@ getrandom = { version = "0.2", features = ["js"] } [lib] crate-type = ["cdylib", "rlib"] + +[lints.rust] +unexpected_cfgs = { level = "deny", check-cfg = [ "cfg(rust_secp_fuzz)" ] } diff --git a/contrib/test.sh b/contrib/test.sh index 5a32f56..60abe44 100755 --- a/contrib/test.sh +++ b/contrib/test.sh @@ -8,6 +8,11 @@ rustc --version # Make all cargo invocations verbose export CARGO_TERM_VERBOSE=true +# Pin dependencies as required if we are using MSRV toolchain. +if cargo --version | grep "1\.56"; then + cargo update -p cc --precise 1.0.94 +fi + # Defaults / sanity checks cargo build --all cargo test --all diff --git a/secp256k1-zkp-sys/Cargo.toml b/secp256k1-zkp-sys/Cargo.toml index 05d0a01..7d312ce 100644 --- a/secp256k1-zkp-sys/Cargo.toml +++ b/secp256k1-zkp-sys/Cargo.toml @@ -23,10 +23,13 @@ features = [ "recovery", "lowmemory" ] cc = "1.0.28" [dependencies] -secp256k1-sys = "0.9.0" +secp256k1-sys = "0.10.0" [features] default = ["std"] recovery = ["secp256k1-sys/recovery"] lowmemory = ["secp256k1-sys/lowmemory"] std = [] + +[lints.rust] +unexpected_cfgs = { level = "deny", check-cfg = [ "cfg(rust_secp_zkp_no_symbol_renaming)" ] } diff --git a/secp256k1-zkp-sys/README.md b/secp256k1-zkp-sys/README.md index c6551cc..325c95b 100644 --- a/secp256k1-zkp-sys/README.md +++ b/secp256k1-zkp-sys/README.md @@ -27,9 +27,9 @@ revision the default branch is pointing to. ## Linking to external symbols -For the more exotic use cases, this crate can be used with existing libsecp256k1-zkp -symbols by using the `external-symbols` feature. How to setup rustc to link -against those existing symbols is left as an exercise to the reader. +If you want to compile this library without using the bundled symbols (which may +be required for integration into other build systems), you can do so by adding +`--cfg=rust_secp_no_symbol_renaming'` to your `RUSTFLAGS` variable. ## Minimum Supported Rust Version diff --git a/secp256k1-zkp-sys/build.rs b/secp256k1-zkp-sys/build.rs index e0fc708..05dc3e7 100644 --- a/secp256k1-zkp-sys/build.rs +++ b/secp256k1-zkp-sys/build.rs @@ -26,11 +26,6 @@ extern crate cc; use std::env; fn main() { - if cfg!(feature = "external-symbols") { - println!("cargo:rustc-link-lib=static=secp256k1zkp"); - return; - } - // Actual build let mut base_config = cc::Build::new(); base_config diff --git a/secp256k1-zkp-sys/src/error_callbacks.rs b/secp256k1-zkp-sys/src/error_callbacks.rs index bf59d9d..a4ecc05 100644 --- a/secp256k1-zkp-sys/src/error_callbacks.rs +++ b/secp256k1-zkp-sys/src/error_callbacks.rs @@ -8,7 +8,7 @@ use secp256k1_sys::types::{c_char, c_void}; #[no_mangle] -#[cfg(not(feature = "external-symbols"))] +#[cfg(not(rust_secp_zkp_no_symbol_renaming))] pub unsafe extern "C" fn rustsecp256k1zkp_v0_8_0_default_illegal_callback_fn( _: *const c_char, _data: *mut c_void, @@ -17,7 +17,7 @@ pub unsafe extern "C" fn rustsecp256k1zkp_v0_8_0_default_illegal_callback_fn( } #[no_mangle] -#[cfg(not(feature = "external-symbols"))] +#[cfg(not(rust_secp_zkp_no_symbol_renaming))] pub unsafe extern "C" fn rustsecp256k1zkp_v0_8_0_default_error_callback_fn( _: *const c_char, _data: *mut c_void, diff --git a/secp256k1-zkp-sys/src/zkp.rs b/secp256k1-zkp-sys/src/zkp.rs index 0af8268..eac14b5 100644 --- a/secp256k1-zkp-sys/src/zkp.rs +++ b/secp256k1-zkp-sys/src/zkp.rs @@ -13,7 +13,7 @@ pub const WHITELIST_MAX_N_KEYS: size_t = 255; extern "C" { #[cfg_attr( - not(feature = "external-symbols"), + not(rust_secp_zkp_no_symbol_renaming), link_name = "rustsecp256k1zkp_v0_8_0_pedersen_commitment_parse" )] // Parse a 33-byte commitment into 64 byte internal commitment object @@ -24,7 +24,7 @@ extern "C" { ) -> c_int; #[cfg_attr( - not(feature = "external-symbols"), + not(rust_secp_zkp_no_symbol_renaming), link_name = "rustsecp256k1zkp_v0_8_0_pedersen_commitment_serialize" )] // Serialize a 64-byte commit object into a 33 byte serialized byte sequence @@ -35,7 +35,7 @@ extern "C" { ) -> c_int; #[cfg_attr( - not(feature = "external-symbols"), + not(rust_secp_zkp_no_symbol_renaming), link_name = "rustsecp256k1zkp_v0_8_0_pedersen_commit" )] // Generates a pedersen commitment: *commit = blind * G + value * G2. @@ -49,7 +49,7 @@ extern "C" { ) -> c_int; #[cfg_attr( - not(feature = "external-symbols"), + not(rust_secp_zkp_no_symbol_renaming), link_name = "rustsecp256k1zkp_v0_8_0_pedersen_blind_generator_blind_sum" )] /// Sets the final Pedersen blinding factor correctly when the generators themselves @@ -91,7 +91,7 @@ extern "C" { ) -> c_int; #[cfg_attr( - not(feature = "external-symbols"), + not(rust_secp_zkp_no_symbol_renaming), link_name = "rustsecp256k1zkp_v0_8_0_pedersen_verify_tally" )] // Takes two list of 64-byte commitments and sums the first set and @@ -106,7 +106,7 @@ extern "C" { #[cfg(feature = "std")] #[cfg_attr( - not(feature = "external-symbols"), + not(rust_secp_zkp_no_symbol_renaming), link_name = "rustsecp256k1zkp_v0_8_0_rangeproof_info" )] pub fn secp256k1_rangeproof_info( @@ -121,7 +121,7 @@ extern "C" { #[cfg(feature = "std")] #[cfg_attr( - not(feature = "external-symbols"), + not(rust_secp_zkp_no_symbol_renaming), link_name = "rustsecp256k1zkp_v0_8_0_rangeproof_rewind" )] pub fn secp256k1_rangeproof_rewind( @@ -143,7 +143,7 @@ extern "C" { #[cfg(feature = "std")] #[cfg_attr( - not(feature = "external-symbols"), + not(rust_secp_zkp_no_symbol_renaming), link_name = "rustsecp256k1zkp_v0_8_0_rangeproof_verify" )] pub fn secp256k1_rangeproof_verify( @@ -160,7 +160,7 @@ extern "C" { #[cfg(feature = "std")] #[cfg_attr( - not(feature = "external-symbols"), + not(rust_secp_zkp_no_symbol_renaming), link_name = "rustsecp256k1zkp_v0_8_0_rangeproof_sign" )] pub fn secp256k1_rangeproof_sign( @@ -182,7 +182,7 @@ extern "C" { ) -> c_int; #[cfg_attr( - not(feature = "external-symbols"), + not(rust_secp_zkp_no_symbol_renaming), link_name = "rustsecp256k1zkp_v0_8_0_surjectionproof_initialize" )] pub fn secp256k1_surjectionproof_initialize( @@ -198,7 +198,7 @@ extern "C" { ) -> c_int; #[cfg_attr( - not(feature = "external-symbols"), + not(rust_secp_zkp_no_symbol_renaming), link_name = "rustsecp256k1zkp_v0_8_0_surjectionproof_serialize" )] pub fn secp256k1_surjectionproof_serialize( @@ -209,7 +209,7 @@ extern "C" { ) -> c_int; #[cfg_attr( - not(feature = "external-symbols"), + not(rust_secp_zkp_no_symbol_renaming), link_name = "rustsecp256k1zkp_v0_8_0_surjectionproof_serialized_size" )] pub fn secp256k1_surjectionproof_serialized_size( @@ -218,7 +218,7 @@ extern "C" { ) -> size_t; #[cfg_attr( - not(feature = "external-symbols"), + not(rust_secp_zkp_no_symbol_renaming), link_name = "rustsecp256k1zkp_v0_8_0_surjectionproof_parse" )] pub fn secp256k1_surjectionproof_parse( @@ -229,7 +229,7 @@ extern "C" { ) -> c_int; #[cfg_attr( - not(feature = "external-symbols"), + not(rust_secp_zkp_no_symbol_renaming), link_name = "rustsecp256k1zkp_v0_8_0_surjectionproof_generate" )] pub fn secp256k1_surjectionproof_generate( @@ -244,7 +244,7 @@ extern "C" { ) -> c_int; #[cfg_attr( - not(feature = "external-symbols"), + not(rust_secp_zkp_no_symbol_renaming), link_name = "rustsecp256k1zkp_v0_8_0_surjectionproof_verify" )] pub fn secp256k1_surjectionproof_verify( @@ -256,7 +256,7 @@ extern "C" { ) -> c_int; #[cfg_attr( - not(feature = "external-symbols"), + not(rust_secp_zkp_no_symbol_renaming), link_name = "rustsecp256k1zkp_v0_8_0_generator_generate_blinded" )] pub fn secp256k1_generator_generate_blinded( @@ -267,7 +267,7 @@ extern "C" { ) -> c_int; #[cfg_attr( - not(feature = "external-symbols"), + not(rust_secp_zkp_no_symbol_renaming), link_name = "rustsecp256k1zkp_v0_8_0_generator_serialize" )] pub fn secp256k1_generator_serialize( @@ -277,7 +277,7 @@ extern "C" { ) -> c_int; #[cfg_attr( - not(feature = "external-symbols"), + not(rust_secp_zkp_no_symbol_renaming), link_name = "rustsecp256k1zkp_v0_8_0_generator_parse" )] pub fn secp256k1_generator_parse( @@ -287,13 +287,13 @@ extern "C" { ) -> c_int; #[cfg_attr( - not(feature = "external-symbols"), + not(rust_secp_zkp_no_symbol_renaming), link_name = "rustsecp256k1zkp_v0_8_0_nonce_function_ecdsa_adaptor" )] pub static secp256k1_nonce_function_ecdsa_adaptor: EcdsaAdaptorNonceFn; #[cfg_attr( - not(feature = "external-symbols"), + not(rust_secp_zkp_no_symbol_renaming), link_name = "rustsecp256k1zkp_v0_8_0_ecdsa_adaptor_encrypt" )] pub fn secp256k1_ecdsa_adaptor_encrypt( @@ -307,7 +307,7 @@ extern "C" { ) -> c_int; #[cfg_attr( - not(feature = "external-symbols"), + not(rust_secp_zkp_no_symbol_renaming), link_name = "rustsecp256k1zkp_v0_8_0_ecdsa_adaptor_verify" )] pub fn secp256k1_ecdsa_adaptor_verify( @@ -319,7 +319,7 @@ extern "C" { ) -> c_int; #[cfg_attr( - not(feature = "external-symbols"), + not(rust_secp_zkp_no_symbol_renaming), link_name = "rustsecp256k1zkp_v0_8_0_ecdsa_adaptor_decrypt" )] pub fn secp256k1_ecdsa_adaptor_decrypt( @@ -330,7 +330,7 @@ extern "C" { ) -> c_int; #[cfg_attr( - not(feature = "external-symbols"), + not(rust_secp_zkp_no_symbol_renaming), link_name = "rustsecp256k1zkp_v0_8_0_ecdsa_adaptor_recover" )] pub fn secp256k1_ecdsa_adaptor_recover( @@ -342,7 +342,7 @@ extern "C" { ) -> c_int; #[cfg_attr( - not(feature = "external-symbols"), + not(rust_secp_zkp_no_symbol_renaming), link_name = "rustsecp256k1zkp_v0_8_0_whitelist_signature_parse" )] pub fn secp256k1_whitelist_signature_parse( @@ -353,7 +353,7 @@ extern "C" { ) -> c_int; #[cfg_attr( - not(feature = "external-symbols"), + not(rust_secp_zkp_no_symbol_renaming), link_name = "rustsecp256k1zkp_v0_8_0_whitelist_signature_serialize" )] pub fn secp256k1_whitelist_signature_serialize( @@ -364,7 +364,7 @@ extern "C" { ) -> c_int; #[cfg_attr( - not(feature = "external-symbols"), + not(rust_secp_zkp_no_symbol_renaming), link_name = "rustsecp256k1zkp_v0_8_0_whitelist_sign" )] pub fn secp256k1_whitelist_sign( @@ -380,7 +380,7 @@ extern "C" { ) -> c_int; #[cfg_attr( - not(feature = "external-symbols"), + not(rust_secp_zkp_no_symbol_renaming), link_name = "rustsecp256k1zkp_v0_8_0_whitelist_verify" )] pub fn secp256k1_whitelist_verify( diff --git a/src/zkp/ecdsa_adaptor.rs b/src/zkp/ecdsa_adaptor.rs index 2f69206..b43f192 100644 --- a/src/zkp/ecdsa_adaptor.rs +++ b/src/zkp/ecdsa_adaptor.rs @@ -3,7 +3,7 @@ //! //! WARNING: ECDSA adaptor signatures are insecure when the secret key is reused //! in certain other crypto schemes. See -//! https://github.com/ElementsProject/secp256k1-zkp/blob/6955af5ca8930aa674e5fdbc4343e722b25e0ca8/include/secp256k1_ecdsa_adaptor.h#L14 +//! //! for details. //! @@ -302,14 +302,14 @@ mod tests { let mut rng = thread_rng(); let (seckey, pubkey) = SECP256K1.generate_keypair(&mut rng); let (adaptor_secret, adaptor) = SECP256K1.generate_keypair(&mut rng); - let msg = Message::from_slice(&[2u8; 32]).unwrap(); + let msg = Message::from_digest_slice(&[2u8; 32]).unwrap(); let adaptor_sig = encrypt(&msg, &seckey, &adaptor, &mut rng); adaptor_sig - .verify(&SECP256K1, &msg, &pubkey, &adaptor) + .verify(SECP256K1, &msg, &pubkey, &adaptor) .expect("adaptor signature to be valid"); adaptor_sig - .verify(&SECP256K1, &msg, &adaptor, &pubkey) + .verify(SECP256K1, &msg, &adaptor, &pubkey) .expect_err("adaptor signature to be invalid"); let sig = adaptor_sig .decrypt(&adaptor_secret) @@ -318,7 +318,7 @@ mod tests { .verify_ecdsa(&msg, &sig, &pubkey) .expect("signature to be valid"); let recovered = adaptor_sig - .recover(&SECP256K1, &sig, &adaptor) + .recover(SECP256K1, &sig, &adaptor) .expect("to be able to recover the secret"); assert_eq!(adaptor_secret, recovered); } @@ -327,7 +327,7 @@ mod tests { #[cfg(not(rust_secp_fuzz))] fn test_ecdsa_adaptor_signature_encrypt() { test_ecdsa_adaptor_signature_helper(|msg, sk, adaptor, _| { - EcdsaAdaptorSignature::encrypt(&SECP256K1, msg, sk, adaptor) + EcdsaAdaptorSignature::encrypt(SECP256K1, msg, sk, adaptor) }) } @@ -335,7 +335,7 @@ mod tests { #[cfg(not(rust_secp_fuzz))] fn test_ecdsa_adaptor_signature_encrypt_with_rng() { test_ecdsa_adaptor_signature_helper(|msg, sk, adaptor, rng| { - EcdsaAdaptorSignature::encrypt_with_rng(&SECP256K1, msg, sk, adaptor, rng) + EcdsaAdaptorSignature::encrypt_with_rng(SECP256K1, msg, sk, adaptor, rng) }) } @@ -345,7 +345,7 @@ mod tests { test_ecdsa_adaptor_signature_helper(|msg, sk, adaptor, rng| { let mut aux_rand = [0; 32]; rng.fill_bytes(&mut aux_rand); - EcdsaAdaptorSignature::encrypt_with_aux_rand(&SECP256K1, msg, sk, adaptor, &aux_rand) + EcdsaAdaptorSignature::encrypt_with_aux_rand(SECP256K1, msg, sk, adaptor, &aux_rand) }) } @@ -353,7 +353,7 @@ mod tests { #[cfg(not(rust_secp_fuzz))] fn test_ecdsa_adaptor_signature_encrypt_no_aux_rand() { test_ecdsa_adaptor_signature_helper(|msg, sk, adaptor, _| { - EcdsaAdaptorSignature::encrypt_no_aux_rand(&SECP256K1, msg, sk, adaptor) + EcdsaAdaptorSignature::encrypt_no_aux_rand(SECP256K1, msg, sk, adaptor) }) } @@ -371,7 +371,7 @@ mod tests { .unwrap(); adaptor_sig - .verify(&SECP256K1, &msg, &pubkey, &encryption_key) + .verify(SECP256K1, &msg, &pubkey, &encryption_key) .expect("adaptor signature verification to pass"); let sig = compact_sig_from_str("424d14a5471c048ab87b3b83f6085d125d5864249ae4297a57c84e74710bb67329e80e0ee60e57af3e625bbae1672b1ecaa58effe613426b024fa1621d903394"); @@ -381,7 +381,7 @@ mod tests { .unwrap(); let recovered = adaptor_sig - .recover(&SECP256K1, &sig, &encryption_key) + .recover(SECP256K1, &sig, &encryption_key) .expect("to be able to recover the decryption key"); assert_eq!(expected_decryption_key, recovered); @@ -401,7 +401,7 @@ mod tests { .unwrap(); adaptor_sig - .verify(&SECP256K1, &msg, &pubkey, &encryption_key) + .verify(SECP256K1, &msg, &pubkey, &encryption_key) .expect_err("providing a wrong proof should fail validation"); } @@ -416,7 +416,7 @@ mod tests { let sig = compact_sig_from_str("f7f7fe6bd056fc4abd70d335f72d0aa1e8406bba68f3e579e4789475323564a452c46176c7fb40aa37d5651341f55697dab27d84a213b30c93011a7790bace8c"); adaptor_sig - .recover(&SECP256K1, &sig, &encryption_key) + .recover(SECP256K1, &sig, &encryption_key) .expect_err("providing wrong r value should prevent us from recovering decryption key"); } @@ -435,7 +435,7 @@ mod tests { .parse() .unwrap(); let recovered = adaptor_sig - .recover(&SECP256K1, &sig, &encryption_key) + .recover(SECP256K1, &sig, &encryption_key) .expect("with high s we should still be able to recover the decryption key"); assert_eq!(expected_decryption_key, recovered); @@ -487,7 +487,7 @@ mod tests { fn msg_from_str(input: &str) -> Message { let mut buf = [0u8; 32]; from_hex(input, &mut buf).unwrap(); - Message::from_slice(&buf).unwrap() + Message::from_digest_slice(&buf).unwrap() } fn compact_sig_from_str(input: &str) -> Signature { diff --git a/src/zkp/pedersen.rs b/src/zkp/pedersen.rs index 4d38d32..83f99ee 100644 --- a/src/zkp/pedersen.rs +++ b/src/zkp/pedersen.rs @@ -94,7 +94,7 @@ impl PedersenCommitment { /// /// A Pedersen commitment of the form `P = vT' + r'G` can be expressed as `vT + (vr + r')G` if `T' = T + rG` with: /// - `v` = `value` -/// - `T` being a public key generated from a [`Tag`] +/// - `T` being a public key generated from a [`crate::Tag`] /// - `r` = `generator_blinding_factor` /// - `r'` = `value_blinding_factor` #[derive(Debug)] diff --git a/src/zkp/whitelist.rs b/src/zkp/whitelist.rs index ff1c855..7f68d82 100644 --- a/src/zkp/whitelist.rs +++ b/src/zkp/whitelist.rs @@ -238,7 +238,6 @@ mod tests { // sign let summed_key = keys_offline[our_idx] - .clone() .add_tweak(&whitelist_sk.into()) .unwrap(); @@ -303,7 +302,6 @@ mod tests { let our_idx = 100; let summed_key = keys_offline[our_idx] - .clone() .add_tweak(&whitelist_sk.into()) .unwrap(); @@ -398,7 +396,7 @@ mod tests { // incorrectly serialized with byte changed let mut encoded = correct_signature.serialize(); let len = encoded.len(); - encoded[len - 1] = encoded[len - 1] ^ 0x01; + encoded[len - 1] ^= 0x01; let decoded = WhitelistSignature::from_slice(&encoded).unwrap(); assert_eq!( Err(Error::InvalidWhitelistProof),