Update to secp 0.26 and secp-sys 0.8

.github/workflows/rust.yml

@@ -74,11 +74,9 @@ jobs:
           - 1.41.1
           - beta
           - stable
-        target: [ x86_64-unknown-linux-gnu, x86_64-apple-darwin ]
-        include:
-          - target: x86_64-unknown-linux-gnu
-            os: ubuntu-latest
-          - target: x86_64-apple-darwin
+        os: [ ubuntu-latest, macos-latest ]
+        exclude:
+          - rust: 1.41.1
             os: macos-latest
     runs-on: ${{ matrix.os }}
     steps:
@@ -108,11 +106,9 @@ jobs:
           - 1.41.1
           - beta
           - stable
-        target: [ x86_64-unknown-linux-gnu, x86_64-apple-darwin ]
-        include:
-          - target: x86_64-unknown-linux-gnu
-            os: ubuntu-latest
-          - target: x86_64-apple-darwin
+        os: [ ubuntu-latest, macos-latest ]
+        exclude:
+          - rust: 1.41.1
             os: macos-latest
     runs-on: ${{ matrix.os }}
     steps:

Cargo.toml

@@ -31,7 +31,7 @@ use-serde = ["serde", "secp256k1/serde"]
 use-rand = ["rand", "secp256k1/rand"]
 
 [dependencies]
-secp256k1 = "0.24.0"
+secp256k1 = "0.26.0"
 secp256k1-zkp-sys = { version = "0.7.0", default-features = false, path = "./secp256k1-zkp-sys" }
 rand = { version = "0.8", default-features = false, optional = true }
 serde = { version = "1.0", default-features = false, optional = true }

secp256k1-zkp-sys/Cargo.toml

@@ -23,7 +23,7 @@ features = [ "recovery", "lowmemory" ]
 cc = "1.0.28"
 
 [dependencies]
-secp256k1-sys = "0.6.0"
+secp256k1-sys = "0.8.0"
 
 [features]
 default = ["std"]

secp256k1-zkp-sys/src/zkp.rs

@@ -1,4 +1,7 @@
-use core::{fmt, hash};
+use core::{
+    fmt,
+    hash::{self, Hash},
+};
 use {types::*, Context, PublicKey, Signature};
 
 /// Rangeproof maximum length
@@ -472,6 +475,8 @@ impl RangeProof {
 }
 
 #[repr(C)]
+#[derive(Copy, Clone)]
+#[cfg_attr(not(fuzzing), derive(Eq, PartialEq, Hash, Ord, PartialOrd))]
 pub struct Tag([c_uchar; 32]);
 impl_array_newtype!(Tag, c_uchar, 32);
 impl_raw_debug!(Tag);
@@ -502,6 +507,7 @@ impl From<Tag> for [u8; 32] {
 
 // TODO: Replace this with ffi::PublicKey?
 #[repr(C)]
+#[derive(Copy, Clone)]
 pub struct PedersenCommitment([c_uchar; 64]);
 impl_array_newtype!(PedersenCommitment, c_uchar, 64);
 impl_raw_debug!(PedersenCommitment);
@@ -518,6 +524,23 @@ impl Default for PedersenCommitment {
     }
 }
 
+#[cfg(not(fuzzing))]
+impl PartialEq for PedersenCommitment {
+    fn eq(&self, other: &Self) -> bool {
+        &self.0[..] == &other.0[..]
+    }
+}
+
+#[cfg(not(fuzzing))]
+impl Eq for PedersenCommitment {}
+
+#[cfg(not(fuzzing))]
+impl Hash for PedersenCommitment {
+    fn hash<H: hash::Hasher>(&self, state: &mut H) {
+        self.0.hash(state);
+    }
+}
+
 /// A ring signature for the "whitelist" scheme.
 #[repr(C)]
 #[derive(Clone)]
@@ -566,22 +589,37 @@ pub type EcdsaAdaptorNonceFn = Option<
 >;
 
 #[repr(C)]
+#[derive(Copy, Clone)]
 pub struct EcdsaAdaptorSignature([u8; ECDSA_ADAPTOR_SIGNATURE_LENGTH]);
 impl_array_newtype!(EcdsaAdaptorSignature, u8, ECDSA_ADAPTOR_SIGNATURE_LENGTH);
 impl_raw_debug!(EcdsaAdaptorSignature);
 
-impl From<[u8; 162]> for EcdsaAdaptorSignature {
-    fn from(bytes: [u8; ECDSA_ADAPTOR_SIGNATURE_LENGTH]) -> Self {
-        EcdsaAdaptorSignature(bytes)
+impl EcdsaAdaptorSignature {
+    /// Create a new (zeroed) ecdsa adaptor signature usable for the FFI interface
+    pub fn new() -> Self {
+        EcdsaAdaptorSignature([0u8; ECDSA_ADAPTOR_SIGNATURE_LENGTH])
     }
-}
 
-impl EcdsaAdaptorSignature {
-    pub fn new() -> EcdsaAdaptorSignature {
-        EcdsaAdaptorSignature([0; ECDSA_ADAPTOR_SIGNATURE_LENGTH])
+    /// Create a new ecdsa adaptor signature usable for the FFI interface from raw bytes
+    ///
+    /// # Safety
+    ///
+    /// Does not check the validity of the underlying representation. If it is
+    /// invalid the result may be assertation failures (and process aborts) from
+    /// the underlying library. You should not use this method except with data
+    /// that you obtained from the FFI interface of the same version of this
+    /// library.
+    pub unsafe fn from_array_unchecked(data: [c_uchar; ECDSA_ADAPTOR_SIGNATURE_LENGTH]) -> Self {
+        Self(data)
     }
+}
 
-    pub fn as_bytes(&self) -> &[u8; ECDSA_ADAPTOR_SIGNATURE_LENGTH] {
-        &self.0
+#[cfg(not(fuzzing))]
+impl PartialEq for EcdsaAdaptorSignature {
+    fn eq(&self, other: &Self) -> bool {
+        &self.0[..] == &other.0[..]
     }
 }
+
+#[cfg(not(fuzzing))]
+impl Eq for EcdsaAdaptorSignature {}

src/zkp/ecdsa_adaptor.rs

@@ -24,7 +24,7 @@ pub struct EcdsaAdaptorSignature(ffi::EcdsaAdaptorSignature);
 
 impl fmt::LowerHex for EcdsaAdaptorSignature {
     fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
-        for ch in self.0.as_bytes().iter() {
+        for ch in self.0.as_ref().iter() {
             write!(f, "{:02x}", ch)?;
         }
         Ok(())
@@ -56,7 +56,7 @@ impl ::serde::Serialize for EcdsaAdaptorSignature {
         if s.is_human_readable() {
             s.collect_str(self)
         } else {
-            s.serialize_bytes(self.0.as_bytes())
+            s.serialize_bytes(self.0.as_ref())
         }
     }
 }
@@ -102,7 +102,11 @@ impl EcdsaAdaptorSignature {
             ECDSA_ADAPTOR_SIGNATURE_LENGTH => {
                 let mut ret = [0; ECDSA_ADAPTOR_SIGNATURE_LENGTH];
                 ret[..].copy_from_slice(data);
-                Ok(EcdsaAdaptorSignature(ffi::EcdsaAdaptorSignature::from(ret)))
+                unsafe {
+                    Ok(EcdsaAdaptorSignature(
+                        ffi::EcdsaAdaptorSignature::from_array_unchecked(ret),
+                    ))
+                }
             }
             _ => Err(Error::InvalidEcdsaAdaptorSignature),
         }
@@ -169,7 +173,7 @@ impl EcdsaAdaptorSignature {
 
         let res = unsafe {
             ffi::secp256k1_ecdsa_adaptor_encrypt(
-                *secp.ctx(),
+                secp.ctx().as_ptr(),
                 &mut adaptor_sig,
                 sk.as_c_ptr(),
                 enckey.as_c_ptr(),
@@ -198,7 +202,7 @@ impl EcdsaAdaptorSignature {
 
         let res = unsafe {
             ffi::secp256k1_ecdsa_adaptor_encrypt(
-                *secp.ctx(),
+                secp.ctx().as_ptr(),
                 &mut adaptor_sig,
                 sk.as_c_ptr(),
                 enckey.as_c_ptr(),
@@ -242,7 +246,7 @@ impl EcdsaAdaptorSignature {
 
         let ret = unsafe {
             ffi::secp256k1_ecdsa_adaptor_recover(
-                *secp.ctx(),
+                secp.ctx().as_ptr(),
                 data.as_mut_c_ptr(),
                 sig.as_c_ptr(),
                 self.as_c_ptr(),
@@ -267,7 +271,7 @@ impl EcdsaAdaptorSignature {
     ) -> Result<(), Error> {
         let res = unsafe {
             ffi::secp256k1_ecdsa_adaptor_verify(
-                *secp.ctx(),
+                secp.ctx().as_ptr(),
                 self.as_c_ptr(),
                 pubkey.as_c_ptr(),
                 msg.as_c_ptr(),

src/zkp/generator.rs

@@ -8,7 +8,8 @@ use rand::Rng;
 ///
 /// Contrary to a [`crate::SecretKey`], the value 0 is also a valid tweak.
 /// Values outside secp curve order are invalid tweaks.
-#[derive(Default)]
+#[derive(Default, Copy, Clone)]
+#[cfg_attr(not(fuzzing), derive(Eq, PartialEq))]
 pub struct Tweak([u8; constants::SECRET_KEY_SIZE]);
 impl_array_newtype!(Tweak, u8, constants::SECRET_KEY_SIZE);
 
@@ -156,10 +157,10 @@ impl Generator {
 
         let ret = unsafe {
             ffi::secp256k1_generator_generate_blinded(
-                *secp.ctx(),
+                secp.ctx().as_ptr(),
                 &mut generator,
-                tag.into_inner().as_ptr(),
-                blinding_factor.as_ptr(),
+                tag.into_inner().as_c_ptr(),
+                blinding_factor.as_c_ptr(),
             )
         };
         assert_eq!(ret, 1);

src/zkp/pedersen.rs

@@ -1,3 +1,5 @@
+use ffi::CPtr;
+
 use crate::ffi;
 use crate::{from_hex, Error, Generator, Secp256k1, Signing, Tweak, ZERO_TWEAK};
 use core::{fmt, slice, str};
@@ -58,9 +60,9 @@ impl PedersenCommitment {
 
         let ret = unsafe {
             ffi::secp256k1_pedersen_commit(
-                *secp.ctx(),
+                secp.ctx().as_ptr(),
                 &mut commitment,
-                blinding_factor.as_ptr(),
+                blinding_factor.as_c_ptr(),
                 value,
                 generator.as_inner(),
             )
@@ -141,12 +143,12 @@ pub fn compute_adaptive_blinding_factor<C: Signing>(
 
     let (vbf, gbf) = secrets
         .iter_mut()
-        .map(|(s_v, s_g)| (s_v.as_mut_ptr(), s_g.as_ptr()))
+        .map(|(s_v, s_g)| (s_v.as_mut_c_ptr(), s_g.as_c_ptr()))
         .unzip::<_, _, Vec<_>, Vec<_>>();
 
     let ret = unsafe {
         ffi::secp256k1_pedersen_blind_generator_blind_sum(
-            *secp.ctx(),
+            secp.ctx().as_ptr(),
             values.as_ptr(),
             gbf.as_ptr(),
             vbf.as_ptr(),
@@ -172,7 +174,13 @@ pub fn verify_commitments_sum_to_equal<C: Signing>(
     let b = b.iter().map(|c| &c.0).collect::<Vec<_>>();
 
     let ret = unsafe {
-        ffi::secp256k1_pedersen_verify_tally(*secp.ctx(), a.as_ptr(), a.len(), b.as_ptr(), b.len())
+        ffi::secp256k1_pedersen_verify_tally(
+            secp.ctx().as_ptr(),
+            a.as_ptr(),
+            a.len(),
+            b.as_ptr(),
+            b.len(),
+        )
     };
 
     ret == 1

src/zkp/rangeproof.rs

@@ -1,3 +1,5 @@
+use ffi::CPtr;
+
 use crate::ffi::RANGEPROOF_MAX_LENGTH;
 use crate::from_hex;
 use crate::Error;
@@ -81,13 +83,13 @@ impl RangeProof {
 
         let ret = unsafe {
             ffi::secp256k1_rangeproof_sign(
-                *secp.ctx(),
+                secp.ctx().as_ptr(),
                 proof.as_mut_ptr(),
                 &mut proof_length,
                 min_value,
                 commitment.as_inner(),
-                commitment_blinding.as_ptr(),
-                sk.as_ptr(),
+                commitment_blinding.as_c_ptr(),
+                sk.as_c_ptr(),
                 exp,
                 min_bits as i32,
                 value,
@@ -123,7 +125,7 @@ impl RangeProof {
 
         let ret = unsafe {
             ffi::secp256k1_rangeproof_verify(
-                *secp.ctx(),
+                secp.ctx().as_ptr(),
                 &mut min_value,
                 &mut max_value,
                 commitment.as_inner(),
@@ -164,12 +166,12 @@ impl RangeProof {
 
         let ret = unsafe {
             ffi::secp256k1_rangeproof_rewind(
-                *secp.ctx(),
+                secp.ctx().as_ptr(),
                 blinding_factor.as_mut_ptr(),
                 &mut value,
                 message.as_mut_ptr(),
                 &mut message_length,
-                sk.as_ptr(),
+                sk.as_c_ptr(),
                 &mut min_value,
                 &mut max_value,
                 commitment.as_inner(),

src/zkp/surjection_proof.rs

@@ -15,6 +15,7 @@ pub struct SurjectionProof {
 mod with_rand {
     use super::*;
     use crate::{Signing, Tag, Tweak};
+    use ffi::CPtr;
     use rand::Rng;
 
     impl SurjectionProof {
@@ -49,7 +50,7 @@ mod with_rand {
 
             let ret = unsafe {
                 ffi::secp256k1_surjectionproof_initialize(
-                    *secp.ctx(),
+                    secp.ctx().as_ptr(),
                     &mut proof,
                     &mut domain_index,
                     domain_tags.as_ptr(),
@@ -70,7 +71,7 @@ mod with_rand {
 
             let ret = unsafe {
                 ffi::secp256k1_surjectionproof_generate(
-                    *secp.ctx(),
+                    secp.ctx().as_ptr(),
                     &mut proof,
                     domain_blinded_tags.as_ptr(),
                     domain.len(),
@@ -80,8 +81,8 @@ mod with_rand {
                         .get(domain_index)
                         .ok_or(Error::CannotProveSurjection)?
                         .2
-                        .as_ptr(), // TODO: Return dedicated error here?
-                    codomain_blinding_factor.as_ptr(),
+                        .as_c_ptr(), // TODO: Return dedicated error here?
+                    codomain_blinding_factor.as_c_ptr(),
                 )
             };
 
@@ -168,7 +169,7 @@ impl SurjectionProof {
 
         let ret = unsafe {
             ffi::secp256k1_surjectionproof_verify(
-                *secp.ctx(),
+                secp.ctx().as_ptr(),
                 &self.inner,
                 domain_blinded_tags.as_ptr(),
                 domain_blinded_tags.len(),