#1570 improve examples: remove key generation loop #1599

pull Cheapshot003 wants to merge 1 commits into bitcoin-core:master from Cheapshot003:#1570-improve-examples changing 5 files +46 −51
  1. Cheapshot003 commented at 8:39 pm on August 29, 2024: contributor

    Hi! As discussed in #1570 I propose this as a change to the examples.c

    If the key is either zero or out of range we just return 1 and end the example instead of looping until a good key is found. This is all very unlikely but could indicate a faulty/manipulated RNG. Anybody knows where I can find the docs for this? First commit to this library, hope I don’t break anything!

  2. in examples/ellswift.c:59 in edb863dffb outdated 
    64+    if (!fill_random(seckey1, sizeof(seckey1)) || !fill_random(seckey2, sizeof(seckey2))) {
65+        printf("Failed to generate randomness\n");
66+        return 1;
67+    }
68+    if (!secp256k1_ec_seckey_verify(ctx, seckey1) || !secp256k1_ec_seckey_verify(ctx, seckey2)) {
69+        printf("Generated secret key is invalid. This could indicate an issue with the random number generator.\n")
    jonasnick commented at 7:58 pm on September 2, 2024:
    This misses a semicolon. I think we should print this message in any example where seckey_verify fails. Also, “could indicate” -> “indicates”.
  3. in examples/ellswift.c:53 in edb863dffb outdated 
    58-        }
59-        if (secp256k1_ec_seckey_verify(ctx, seckey1) && secp256k1_ec_seckey_verify(ctx, seckey2)) {
60-            break;
61-        }
62+     * order), we return 1. Note that the probability of this
63+     * happening is negligible, though it could indicate a faulty RNG */
    jonasnick commented at 8:01 pm on September 2, 2024: 
    0/* If the secret key is zero or out of range (greater than secp256k1's
1 * order), we return 1. Note that the probability of this occurring
2 * is negligible with a properly functioning random number generator. */
  4. jonasnick commented at 8:01 pm on September 2, 2024: contributor
    Hey @Cheapshot003, thanks for the contribution. What sort of docs are you looking for exactly?
  5. Cheapshot003 commented at 11:59 am on September 3, 2024: contributor

    Hey @Cheapshot003, thanks for the contribution. What sort of docs are you looking for exactly?

    If you look here someone talks about API docs that should be changed. I don’t find any docs related to the examples.

  6. jonasnick commented at 12:04 pm on September 3, 2024: contributor
    Ah. I don’t know which API docs @real-or-random meant.
  7. Cheapshot003 commented at 2:41 pm on September 3, 2024: contributor
    ok @jonasnick should be all fixed now :)
  8. theStack commented at 3:12 pm on September 3, 2024: contributor
    @Cheapshot003: can you squash your commits please, see e.g. https://github.com/bitcoin/bitcoin/blob/9cb9651d92ddb5d92724f6a52440601c7a0bbcf8/CONTRIBUTING.md?plain=1#L202-L230? You may also want to ensure that the resulting commit has the correct username and e-mail address set, so it will be attributed to you (the last few commits have just the user name “root” :-))
  9. Cheapshot003 force-pushed on Sep 3, 2024
  10. Cheapshot003 commented at 5:01 pm on September 3, 2024: contributor
    Ah I pushed from another machine that wasn’t properly configured. Squashed commits, should be alright now. Thx for the help!
  11. real-or-random commented at 0:24 am on September 4, 2024: contributor

    Ah. I don’t know which API docs @real-or-random meant.

    My thinking was that the docs of secp256k1_ec_seckey_verify could not only say that the probability of getting an invalid key is negligible, but also spell out the truth that if this occurs on a randomly generated key, then the caller should assume that the randomness source is severely broken and not retry.
    https://github.com/bitcoin-core/secp256k1/blob/1988855079fa8161521b86515e77965120fdc734/include/secp256k1.h#L682-L697

    Please don’t hesitate to add a commit, but we can also do this in a different PR instead.

    (Now that I see this, we should also replace “ECDSA secret key” by “elliptic curve secret key” or just “secret key”. This dates back to the early days of the library, when it supported only ECDSA.)

  12. real-or-random added the label user-documentation on Sep 4, 2024
  13. real-or-random added the label refactor/smell on Sep 4, 2024
  14. Cheapshot003 commented at 6:30 am on September 4, 2024: contributor
    Oh thx, I’ll adjust these when I come home in the afternoon. I think it would make sense to do it within this pull request
  15. in examples/ellswift.c:53 in 3e8170c06d outdated 
    59-        if (secp256k1_ec_seckey_verify(ctx, seckey1) && secp256k1_ec_seckey_verify(ctx, seckey2)) {
60-            break;
61-        }
62+/* If the secret key is zero or out of range (greater than secp256k1's
63+* order), we return 1. Note that the probability of this occurring
64+* is negligible with a properly functioning random number generator. */
    theStack commented at 1:25 pm on September 5, 2024:

    here and in examples/schnorr.c, the comment should be at the same indentation level as the code

    0    /* If the secret key is zero or out of range (greater than secp256k1's
1     * order), we return 1. Note that the probability of this occurring
2     * is negligible with a properly functioning random number generator. */
  16. in examples/ecdh.c:54 in cce986cd4e outdated 
    61+        printf("Failed to generate randomness\n");
62+        return 1;
63+    }
64+    if (!secp256k1_ec_seckey_verify(ctx, seckey1) || !secp256k1_ec_seckey_verify(ctx, seckey2)) {
65+        printf("Generated secret key is invalid. This indicates an issue with the random number generator.\n");
66+        return 1;
    real-or-random commented at 1:48 pm on September 17, 2024:

    Two final minor remarks from my side (applies to all the example files):

    • I think the code comment should be moved right above the second if because it applies to that one.
    • Perhaps change “we return 1” (which is obvious from the code itself and doesn’t deserve a comment) to “we fail”.
  17. real-or-random commented at 1:52 pm on September 17, 2024: contributor

    Looks good from my side except minor corrections.

    Can you squash your commits again after addressing the comments? I recommend either keeping it two logical commits (one for the examples and one for the docs), or just squashing everything in a single commit if that’s easier. (It’s a bit a matter of taste in the end. The example changes and the doc changes are not exactly of the same nature, but certainly closely related.)

  18. real-or-random commented at 12:08 pm on October 8, 2024: contributor
    friendly ping :) @Cheapshot003
  19. Improve examples/documentation: remove key generation loops 
    Co-Authored by: Sebastian Falbesoner <sebastian.falbesoner@gmail.com>
    cd4f84f3ba
  20. Cheapshot003 force-pushed on Oct 9, 2024
  21. Cheapshot003 commented at 1:38 pm on October 9, 2024: contributor
    Heyo! Back from vacation! The force push looked a bit scary at first but I think I didn’t break anything. Should be alright now! Greetings
  22. real-or-random approved
  23. real-or-random commented at 9:00 pm on October 10, 2024: contributor
    utACK cd4f84f3ba8de37726274f61d5a34477c88433cf
  24. jonasnick approved
  25. jonasnick commented at 7:20 am on October 13, 2024: contributor
    ACK cd4f84f3ba8de37726274f61d5a34477c88433cf
  26. jonasnick merged this on Oct 13, 2024
  27. jonasnick closed this on Oct 13, 2024


Cheapshot003 jonasnick theStack real-or-random

Labels
user-documentation refactor/smell

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin-core/secp256k1. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-11-21 08:15 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me