Skip to content

Commit

Permalink
Merge bitcoin-core#1599: bitcoin-core#1570 improve examples: remove k…
Browse files Browse the repository at this point in the history
…ey generation loop

cd4f84f Improve examples/documentation: remove key generation loops (cheapshot003)

Pull request description:

ACKs for top commit:
  real-or-random:
    utACK cd4f84f
  jonasnick:
    ACK cd4f84f

Tree-SHA512: 242ab99c36302b539fc95421142c3eec5ccfa2cf918989457886338febde45a33b1794e0f08e7a632747bc21cbf5c47b7361fd9a28b9a1c6dff7caecf7b31a9f
  • Loading branch information
jonasnick committed Oct 13, 2024
2 parents a88aa93 + cd4f84f commit 01b5893
Show file tree
Hide file tree
Showing 5 changed files with 46 additions and 51 deletions.
22 changes: 10 additions & 12 deletions examples/ecdh.c
Original file line number Diff line number Diff line change
Expand Up @@ -42,18 +42,16 @@ int main(void) {
assert(return_val);

/*** Key Generation ***/

/* If the secret key is zero or out of range (bigger than secp256k1's
* order), we try to sample a new key. Note that the probability of this
* happening is negligible. */
while (1) {
if (!fill_random(seckey1, sizeof(seckey1)) || !fill_random(seckey2, sizeof(seckey2))) {
printf("Failed to generate randomness\n");
return 1;
}
if (secp256k1_ec_seckey_verify(ctx, seckey1) && secp256k1_ec_seckey_verify(ctx, seckey2)) {
break;
}
if (!fill_random(seckey1, sizeof(seckey1)) || !fill_random(seckey2, sizeof(seckey2))) {
printf("Failed to generate randomness\n");
return 1;
}
/* If the secret key is zero or out of range (greater than secp256k1's
* order), we fail. Note that the probability of this occurring
* is negligible with a properly functioning random number generator. */
if (!secp256k1_ec_seckey_verify(ctx, seckey1) || !secp256k1_ec_seckey_verify(ctx, seckey2)) {
printf("Generated secret key is invalid. This indicates an issue with the random number generator.\n");
return 1;
}

/* Public key creation using a valid context with a verified secret key should never fail */
Expand Down
22 changes: 10 additions & 12 deletions examples/ecdsa.c
Original file line number Diff line number Diff line change
Expand Up @@ -49,18 +49,16 @@ int main(void) {
assert(return_val);

/*** Key Generation ***/

/* If the secret key is zero or out of range (bigger than secp256k1's
* order), we try to sample a new key. Note that the probability of this
* happening is negligible. */
while (1) {
if (!fill_random(seckey, sizeof(seckey))) {
printf("Failed to generate randomness\n");
return 1;
}
if (secp256k1_ec_seckey_verify(ctx, seckey)) {
break;
}
/* If the secret key is zero or out of range (greater than secp256k1's
* order), we return 1. Note that the probability of this occurring
* is negligible with a properly functioning random number generator. */
if (!fill_random(seckey, sizeof(seckey))) {
printf("Failed to generate randomness\n");
return 1;
}
if (!secp256k1_ec_seckey_verify(ctx, seckey)) {
printf("Generated secret key is invalid. This indicates an issue with the random number generator.\n");
return 1;
}

/* Public key creation using a valid context with a verified secret key should never fail */
Expand Down
21 changes: 10 additions & 11 deletions examples/ellswift.c
Original file line number Diff line number Diff line change
Expand Up @@ -48,17 +48,16 @@ int main(void) {

/*** Generate secret keys ***/

/* If the secret key is zero or out of range (bigger than secp256k1's
* order), we try to sample a new key. Note that the probability of this
* happening is negligible. */
while (1) {
if (!fill_random(seckey1, sizeof(seckey1)) || !fill_random(seckey2, sizeof(seckey2))) {
printf("Failed to generate randomness\n");
return 1;
}
if (secp256k1_ec_seckey_verify(ctx, seckey1) && secp256k1_ec_seckey_verify(ctx, seckey2)) {
break;
}
/* If the secret key is zero or out of range (greater than secp256k1's
* order), we return 1. Note that the probability of this occurring
* is negligible with a properly functioning random number generator. */
if (!fill_random(seckey1, sizeof(seckey1)) || !fill_random(seckey2, sizeof(seckey2))) {
printf("Failed to generate randomness\n");
return 1;
}
if (!secp256k1_ec_seckey_verify(ctx, seckey1) || !secp256k1_ec_seckey_verify(ctx, seckey2)) {
printf("Generated secret key is invalid. This indicates an issue with the random number generator.\n");
return 1;
}

/* Generate ElligatorSwift public keys. This should never fail with valid context and
Expand Down
26 changes: 12 additions & 14 deletions examples/schnorr.c
Original file line number Diff line number Diff line change
Expand Up @@ -43,20 +43,18 @@ int main(void) {
assert(return_val);

/*** Key Generation ***/

/* If the secret key is zero or out of range (bigger than secp256k1's
* order), we try to sample a new key. Note that the probability of this
* happening is negligible. */
while (1) {
if (!fill_random(seckey, sizeof(seckey))) {
printf("Failed to generate randomness\n");
return 1;
}
/* Try to create a keypair with a valid context, it should only fail if
* the secret key is zero or out of range. */
if (secp256k1_keypair_create(ctx, &keypair, seckey)) {
break;
}
/* If the secret key is zero or out of range (greater than secp256k1's
* order), we return 1. Note that the probability of this occurring
* is negligible with a properly functioning random number generator. */
if (!fill_random(seckey, sizeof(seckey))) {
printf("Failed to generate randomness\n");
return 1;
}
/* Try to create a keypair with a valid context, it should only fail if
* the secret key is zero or out of range. */
if (!secp256k1_keypair_create(ctx, &keypair, seckey)) {
printf("Generated secret key is invalid. This indicates an issue with the random number generator.\n");
return 1;
}

/* Extract the X-only public key from the keypair. We pass NULL for
Expand Down
6 changes: 4 additions & 2 deletions include/secp256k1.h
Original file line number Diff line number Diff line change
Expand Up @@ -679,12 +679,14 @@ SECP256K1_API int secp256k1_ecdsa_sign(
const void *ndata
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4);

/** Verify an ECDSA secret key.
/** Verify an elliptic curve secret key.
*
* A secret key is valid if it is not 0 and less than the secp256k1 curve order
* when interpreted as an integer (most significant byte first). The
* probability of choosing a 32-byte string uniformly at random which is an
* invalid secret key is negligible.
* invalid secret key is negligible. However, if it does happen it should
* be assumed that the randomness source is severely broken and there should
* be no retry.
*
* Returns: 1: secret key is valid
* 0: secret key is invalid
Expand Down

0 comments on commit 01b5893

Please sign in to comment.