#1570 improve examples: remove key generation loop #1599

pull Cheapshot003 wants to merge 4 commits into bitcoin-core:master from Cheapshot003:#1570-improve-examples changing 5 files +46 −51
  1. Cheapshot003 commented at 8:39 pm on August 29, 2024: none

    Hi! As discussed in #1570 I propose this as a change to the examples.c

    If the key is either zero or out of range we just return 1 and end the example instead of looping until a good key is found. This is all very unlikely but could indicate a faulty/manipulated RNG. Anybody knows where I can find the docs for this? First commit to this library, hope I don’t break anything!

  2. in examples/ellswift.c:59 in edb863dffb outdated
    64+    if (!fill_random(seckey1, sizeof(seckey1)) || !fill_random(seckey2, sizeof(seckey2))) {
    65+        printf("Failed to generate randomness\n");
    66+        return 1;
    67+    }
    68+    if (!secp256k1_ec_seckey_verify(ctx, seckey1) || !secp256k1_ec_seckey_verify(ctx, seckey2)) {
    69+        printf("Generated secret key is invalid. This could indicate an issue with the random number generator.\n")
    


    jonasnick commented at 7:58 pm on September 2, 2024:
    This misses a semicolon. I think we should print this message in any example where seckey_verify fails. Also, “could indicate” -> “indicates”.
  3. in examples/ellswift.c:53 in edb863dffb outdated
    58-        }
    59-        if (secp256k1_ec_seckey_verify(ctx, seckey1) && secp256k1_ec_seckey_verify(ctx, seckey2)) {
    60-            break;
    61-        }
    62+     * order), we return 1. Note that the probability of this
    63+     * happening is negligible, though it could indicate a faulty RNG */
    


    jonasnick commented at 8:01 pm on September 2, 2024:
    0/* If the secret key is zero or out of range (greater than secp256k1's
    1 * order), we return 1. Note that the probability of this occurring
    2 * is negligible with a properly functioning random number generator. */
    
  4. jonasnick commented at 8:01 pm on September 2, 2024: contributor
    Hey @Cheapshot003, thanks for the contribution. What sort of docs are you looking for exactly?
  5. Cheapshot003 commented at 11:59 am on September 3, 2024: none

    Hey @Cheapshot003, thanks for the contribution. What sort of docs are you looking for exactly?

    If you look here someone talks about API docs that should be changed. I don’t find any docs related to the examples.

  6. jonasnick commented at 12:04 pm on September 3, 2024: contributor
    Ah. I don’t know which API docs @real-or-random meant.
  7. Cheapshot003 commented at 2:41 pm on September 3, 2024: none
    ok @jonasnick should be all fixed now :)
  8. theStack commented at 3:12 pm on September 3, 2024: contributor
    @Cheapshot003: can you squash your commits please, see e.g. https://github.com/bitcoin/bitcoin/blob/9cb9651d92ddb5d92724f6a52440601c7a0bbcf8/CONTRIBUTING.md?plain=1#L202-L230? You may also want to ensure that the resulting commit has the correct username and e-mail address set, so it will be attributed to you (the last few commits have just the user name “root” :-))
  9. Improve examples: remove key generation loops
    improving examples #2: fixing my mistakes; changing comments
    
    improving examples #3: changing comments
    
    fixing syntax - adjustment to schnorr examples
    
    fixing comments
    
    fix schnorr signature tests
    3e8170c06d
  10. Cheapshot003 force-pushed on Sep 3, 2024
  11. Cheapshot003 commented at 5:01 pm on September 3, 2024: none
    Ah I pushed from another machine that wasn’t properly configured. Squashed commits, should be alright now. Thx for the help!
  12. real-or-random commented at 0:24 am on September 4, 2024: contributor

    Ah. I don’t know which API docs @real-or-random meant.

    My thinking was that the docs of secp256k1_ec_seckey_verify could not only say that the probability of getting an invalid key is negligible, but also spell out the truth that if this occurs on a randomly generated key, then the caller should assume that the randomness source is severely broken and not retry.
    https://github.com/bitcoin-core/secp256k1/blob/1988855079fa8161521b86515e77965120fdc734/include/secp256k1.h#L682-L697

    Please don’t hesitate to add a commit, but we can also do this in a different PR instead.

    (Now that I see this, we should also replace “ECDSA secret key” by “elliptic curve secret key” or just “secret key”. This dates back to the early days of the library, when it supported only ECDSA.)

  13. real-or-random added the label user-documentation on Sep 4, 2024
  14. real-or-random added the label refactor/smell on Sep 4, 2024
  15. Cheapshot003 commented at 6:30 am on September 4, 2024: none
    Oh thx, I’ll adjust these when I come home in the afternoon. I think it would make sense to do it within this pull request
  16. adjust documentation: secp256k1_ec_seckey_verify c6933910f1
  17. in examples/ellswift.c:53 in 3e8170c06d outdated
    59-        if (secp256k1_ec_seckey_verify(ctx, seckey1) && secp256k1_ec_seckey_verify(ctx, seckey2)) {
    60-            break;
    61-        }
    62+/* If the secret key is zero or out of range (greater than secp256k1's
    63+* order), we return 1. Note that the probability of this occurring
    64+* is negligible with a properly functioning random number generator. */
    


    theStack commented at 1:25 pm on September 5, 2024:

    here and in examples/schnorr.c, the comment should be at the same indentation level as the code

    0    /* If the secret key is zero or out of range (greater than secp256k1's
    1     * order), we return 1. Note that the probability of this occurring
    2     * is negligible with a properly functioning random number generator. */
    
  18. schnorr.c: fixing comment indentation 839c00e13b
  19. Update examples/ellswift.c
    Co-authored-by: Sebastian Falbesoner <sebastian.falbesoner@gmail.com>
    cce986cd4e
  20. in examples/ecdh.c:54 in cce986cd4e
    61+        printf("Failed to generate randomness\n");
    62+        return 1;
    63+    }
    64+    if (!secp256k1_ec_seckey_verify(ctx, seckey1) || !secp256k1_ec_seckey_verify(ctx, seckey2)) {
    65+        printf("Generated secret key is invalid. This indicates an issue with the random number generator.\n");
    66+        return 1;
    


    real-or-random commented at 1:48 pm on September 17, 2024:

    Two final minor remarks from my side (applies to all the example files):

    • I think the code comment should be moved right above the second if because it applies to that one.
    • Perhaps change “we return 1” (which is obvious from the code itself and doesn’t deserve a comment) to “we fail”.
  21. real-or-random commented at 1:52 pm on September 17, 2024: contributor

    Looks good from my side except minor corrections.

    Can you squash your commits again after addressing the comments? I recommend either keeping it two logical commits (one for the examples and one for the docs), or just squashing everything in a single commit if that’s easier. (It’s a bit a matter of taste in the end. The example changes and the doc changes are not exactly of the same nature, but certainly closely related.)


github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin-core/secp256k1. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-09-20 03:15 UTC

This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me