Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add API docs for secp256k1_instruction and secp256k1_recover #26065

Merged
merged 4 commits into from
Aug 8, 2022

Conversation

brson
Copy link
Contributor

@brson brson commented Jun 19, 2022

Problem

The secp256k1 facilities are underdocumented.

Summary of Changes

This adds fairly comprehensive API documentation to the secp256k1_instruction and secp256k1_recover modules, with examples containing copyable code snippets.

These APIs are difficult to use and warrant the addition of more helper functions, but I have not tried to address that here.

A few things to note:

There is one sentence here I am unsure about, regarding secp256k1_recover:

In practice this function will not succeed if given a recovery ID of 2 or 3, as these values represent an “overflowing” signature, and this function returns an error when parsing overflowing signatures.

Recovery IDs are two bits. From reading the code of both Parity's libsecp256k1 and Bitcoin's secp256k1 I gather the second bit is set to "1" if the signature is "overflowing". I also see that Solana parses signatures with Signature::parse_standard which rejects overflowing signatures. I also see that Ethereum always rejects signatures with the second bit set to "1". I do not know what it means to overflow here, nor if both these uses of "overflowing" are the same, and have been unable to find any documentation about this matter, and the math in these libraries is beyond my understanding. It would be desirable for a cryptographer to review this and explain.

Secondly, I was surprised to discover that these APIs allow for signature malleability - Bitcoin's library disallows it by default, but Parity's does not. I have added a lot of text and links about this with code snippets explaining how to guard against it. I added test cases confirming malleability in both the secp256k1 program and secp256k1_recover.

This mostly addresses #23617, though it does not add any new APIs as proposed in that issue.

cc @tlambertz if you could have a look at this I would be grateful, re secp256k1 APIs

@mergify mergify bot added the community Community contribution label Jun 19, 2022
@mergify mergify bot requested a review from a team June 19, 2022 04:44
@brson brson force-pushed the docs-secp256k1 branch 9 times, most recently from 014ce2f to e7bd798 Compare June 24, 2022 20:59
@brson brson force-pushed the docs-secp256k1 branch 2 times, most recently from 59feee3 to 1d33e59 Compare July 4, 2022 22:18
@jackcmay jackcmay requested a review from seanyoung July 5, 2022 21:29
@jackcmay
Copy link
Contributor

jackcmay commented Jul 6, 2022

@seanyoung Can you take a look at these changes?

@seanyoung
Copy link
Contributor

@seanyoung Can you take a look at these changes?

Absolutely, I started looking this morning. I haven't read all the linked documentation yet.

Copy link
Contributor

@seanyoung seanyoung left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a very thorough description. Looks good! I have found a few minor typos.

sdk/Cargo.toml Show resolved Hide resolved
sdk/program/src/secp256k1_recover.rs Outdated Show resolved Hide resolved
sdk/src/secp256k1_instruction.rs Show resolved Hide resolved
@brson brson force-pushed the docs-secp256k1 branch from 1d33e59 to a9092e4 Compare July 8, 2022 00:30
@mergify mergify bot dismissed seanyoung’s stale review July 8, 2022 00:31

Pull request has been modified.

@brson brson force-pushed the docs-secp256k1 branch 2 times, most recently from abc54ba to 51b03d8 Compare July 12, 2022 00:14
@brson
Copy link
Contributor Author

brson commented Jul 29, 2022

This PR gets merge conflicts frequently. Could use another round of review to get this landed.

@seanyoung
Copy link
Contributor

LGTM

@CriesofCarrots CriesofCarrots merged commit ebe25fd into solana-labs:master Aug 8, 2022
mergify bot pushed a commit that referenced this pull request Aug 8, 2022
* Add API docs for secp256k1_instruction and secp256k1_recover

* typo

* Remove unused variable from secp256k1 program test

* Bump solana_bpf_rust_secp256k1_recover ix count

Co-authored-by: Tyera Eulberg <[email protected]>
(cherry picked from commit ebe25fd)

# Conflicts:
#	programs/bpf/Cargo.lock
#	programs/bpf/rust/secp256k1_recover/Cargo.toml
#	programs/bpf/tests/programs.rs
mergify bot added a commit that referenced this pull request Aug 9, 2022
…#26065) (#27007)

* Add API docs for secp256k1_instruction and secp256k1_recover (#26065)

* Add API docs for secp256k1_instruction and secp256k1_recover

* typo

* Remove unused variable from secp256k1 program test

* Bump solana_bpf_rust_secp256k1_recover ix count

Co-authored-by: Tyera Eulberg <[email protected]>
(cherry picked from commit ebe25fd)

# Conflicts:
#	programs/bpf/Cargo.lock
#	programs/bpf/rust/secp256k1_recover/Cargo.toml
#	programs/bpf/tests/programs.rs

* Fix conflicts

Co-authored-by: Brian Anderson <[email protected]>
Co-authored-by: Tyera Eulberg <[email protected]>
xiangzhu70 pushed a commit to xiangzhu70/solana that referenced this pull request Aug 17, 2022
…labs#26065)

* Add API docs for secp256k1_instruction and secp256k1_recover

* typo

* Remove unused variable from secp256k1 program test

* Bump solana_bpf_rust_secp256k1_recover ix count

Co-authored-by: Tyera Eulberg <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
community Community contribution
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants