-
Notifications
You must be signed in to change notification settings - Fork 4.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add API docs for secp256k1_instruction and secp256k1_recover #26065
Conversation
014ce2f
to
e7bd798
Compare
59feee3
to
1d33e59
Compare
@seanyoung Can you take a look at these changes? |
Absolutely, I started looking this morning. I haven't read all the linked documentation yet. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is a very thorough description. Looks good! I have found a few minor typos.
abc54ba
to
51b03d8
Compare
This PR gets merge conflicts frequently. Could use another round of review to get this landed. |
f175667
to
c793f54
Compare
LGTM |
* Add API docs for secp256k1_instruction and secp256k1_recover * typo * Remove unused variable from secp256k1 program test * Bump solana_bpf_rust_secp256k1_recover ix count Co-authored-by: Tyera Eulberg <[email protected]> (cherry picked from commit ebe25fd) # Conflicts: # programs/bpf/Cargo.lock # programs/bpf/rust/secp256k1_recover/Cargo.toml # programs/bpf/tests/programs.rs
…#26065) (#27007) * Add API docs for secp256k1_instruction and secp256k1_recover (#26065) * Add API docs for secp256k1_instruction and secp256k1_recover * typo * Remove unused variable from secp256k1 program test * Bump solana_bpf_rust_secp256k1_recover ix count Co-authored-by: Tyera Eulberg <[email protected]> (cherry picked from commit ebe25fd) # Conflicts: # programs/bpf/Cargo.lock # programs/bpf/rust/secp256k1_recover/Cargo.toml # programs/bpf/tests/programs.rs * Fix conflicts Co-authored-by: Brian Anderson <[email protected]> Co-authored-by: Tyera Eulberg <[email protected]>
…labs#26065) * Add API docs for secp256k1_instruction and secp256k1_recover * typo * Remove unused variable from secp256k1 program test * Bump solana_bpf_rust_secp256k1_recover ix count Co-authored-by: Tyera Eulberg <[email protected]>
Problem
The secp256k1 facilities are underdocumented.
Summary of Changes
This adds fairly comprehensive API documentation to the secp256k1_instruction and secp256k1_recover modules, with examples containing copyable code snippets.
These APIs are difficult to use and warrant the addition of more helper functions, but I have not tried to address that here.
A few things to note:
There is one sentence here I am unsure about, regarding secp256k1_recover:
Recovery IDs are two bits. From reading the code of both Parity's libsecp256k1 and Bitcoin's secp256k1 I gather the second bit is set to "1" if the signature is "overflowing". I also see that Solana parses signatures with
Signature::parse_standard
which rejects overflowing signatures. I also see that Ethereum always rejects signatures with the second bit set to "1". I do not know what it means to overflow here, nor if both these uses of "overflowing" are the same, and have been unable to find any documentation about this matter, and the math in these libraries is beyond my understanding. It would be desirable for a cryptographer to review this and explain.Secondly, I was surprised to discover that these APIs allow for signature malleability - Bitcoin's library disallows it by default, but Parity's does not. I have added a lot of text and links about this with code snippets explaining how to guard against it. I added test cases confirming malleability in both the secp256k1 program and secp256k1_recover.
This mostly addresses #23617, though it does not add any new APIs as proposed in that issue.
cc @tlambertz if you could have a look at this I would be grateful, re secp256k1 APIs