Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement pre allocation context creation #125

Merged
merged 7 commits into from
Jul 5, 2019
Merged

Implement pre allocation context creation #125

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
5f93474
Added the preallocated FFI
elichai May 28, 2019
b4b52a9
Moved the context specific traits/enums into a separate file with `st…
elichai Jul 4, 2019
1c0ae7d
Added structs and functions for manual allocation
elichai Jul 4, 2019
9186f02
Added preallocation size functions and added a test for the prealloca…
elichai Jul 4, 2019
811e8d2
Removed context_create/destroy/clone and scratch_create/destroy/clone…
elichai Jul 4, 2019
49f0cc1
Updated the fuzzing dummy functions
elichai Jul 4, 2019
96ca40f
Exposed generic functions to create the Context
elichai Jul 5, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
207 changes: 207 additions & 0 deletions src/context.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,207 @@
use core::marker::PhantomData;
use {ffi, types::{c_uint, c_void}, Error, Secp256k1};

#[cfg(feature = "std")]
pub use self::std_only::*;

/// A trait for all kinds of Context's that let's you define the exact flags and a function to deallocate memory.
/// * DO NOT * implement it for your own types.
pub unsafe trait Context {
apoelstra marked this conversation as resolved.
Show resolved Hide resolved
/// Flags for the ffi.
const FLAGS: c_uint;
/// A constant description of the context.
const DESCRIPTION: &'static str;
/// A function to deallocate the memory when the context is dropped.
fn deallocate(ptr: *mut [u8]);
}

/// Marker trait for indicating that an instance of `Secp256k1` can be used for signing.
pub trait Signing: Context {}

/// Marker trait for indicating that an instance of `Secp256k1` can be used for verification.
pub trait Verification: Context {}

/// Represents the set of capabilities needed for signing with a user preallocated memory.
pub struct SignOnlyPreallocated<'buf> {
phantom: PhantomData<&'buf ()>,
}

/// Represents the set of capabilities needed for verification with a user preallocated memory.
pub struct VerifyOnlyPreallocated<'buf> {
phantom: PhantomData<&'buf ()>,
}

/// Represents the set of all capabilities with a user preallocated memory.
pub struct AllPreallocated<'buf> {
phantom: PhantomData<&'buf ()>,
}

#[cfg(feature = "std")]
mod std_only {
use super::*;

/// Represents the set of capabilities needed for signing.
pub enum SignOnly {}

/// Represents the set of capabilities needed for verification.
pub enum VerifyOnly {}

/// Represents the set of all capabilities.
pub enum All {}

impl Signing for SignOnly {}
impl Signing for All {}

impl Verification for VerifyOnly {}
impl Verification for All {}

unsafe impl Context for SignOnly {
const FLAGS: c_uint = ffi::SECP256K1_START_SIGN;
const DESCRIPTION: &'static str = "signing only";

fn deallocate(ptr: *mut [u8]) {
let _ = unsafe { Box::from_raw(ptr) };
}
}

unsafe impl Context for VerifyOnly {
const FLAGS: c_uint = ffi::SECP256K1_START_VERIFY;
const DESCRIPTION: &'static str = "verification only";

fn deallocate(ptr: *mut [u8]) {
let _ = unsafe { Box::from_raw(ptr) };
}
}

unsafe impl Context for All {
const FLAGS: c_uint = VerifyOnly::FLAGS | SignOnly::FLAGS;
const DESCRIPTION: &'static str = "all capabilities";

fn deallocate(ptr: *mut [u8]) {
let _ = unsafe { Box::from_raw(ptr) };
}
}

impl<C: Context> Secp256k1<C> {
fn gen_new() -> Secp256k1<C> {
let buf = vec![0u8; Self::preallocate_size()].into_boxed_slice();
let ptr = Box::into_raw(buf);
Secp256k1 {
ctx: unsafe { ffi::secp256k1_context_preallocated_create(ptr as *mut c_void, C::FLAGS) },
phantom: PhantomData,
buf: ptr,
}
}
}

impl Secp256k1<All> {
/// Creates a new Secp256k1 context with all capabilities
pub fn new() -> Secp256k1<All> {
Secp256k1::gen_new()
}
}

impl Secp256k1<SignOnly> {
/// Creates a new Secp256k1 context that can only be used for signing
pub fn signing_only() -> Secp256k1<SignOnly> {
Secp256k1::gen_new()
}
}

impl Secp256k1<VerifyOnly> {
/// Creates a new Secp256k1 context that can only be used for verification
pub fn verification_only() -> Secp256k1<VerifyOnly> {
Secp256k1::gen_new()
}
}

impl Default for Secp256k1<All> {
fn default() -> Self {
Self::new()
}
}

impl<C: Context> Clone for Secp256k1<C> {
fn clone(&self) -> Secp256k1<C> {
let buf = vec![0u8; unsafe { (&*self.buf).len() }].into_boxed_slice();
let ptr = Box::into_raw(buf);
Secp256k1 {
ctx: unsafe { ffi::secp256k1_context_preallocated_create(ptr as *mut c_void, C::FLAGS) },
phantom: PhantomData,
buf: ptr,
}
apoelstra marked this conversation as resolved.
Show resolved Hide resolved
}
}

}

impl<'buf> Signing for SignOnlyPreallocated<'buf> {}
impl<'buf> Signing for AllPreallocated<'buf> {}

impl<'buf> Verification for VerifyOnlyPreallocated<'buf> {}
impl<'buf> Verification for AllPreallocated<'buf> {}

unsafe impl<'buf> Context for SignOnlyPreallocated<'buf> {
const FLAGS: c_uint = ffi::SECP256K1_START_SIGN;
const DESCRIPTION: &'static str = "signing only";

fn deallocate(ptr: *mut [u8]) {
let _ = ptr;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it'd be clearer to write

fn deallocate(_: *mut [u8]) {
    // do nothing
}

I read let _ = ptr as "drop ptr" which is technically what's happening but it's a bit weird because dropping a pointer is a noop.

}
}

unsafe impl<'buf> Context for VerifyOnlyPreallocated<'buf> {
const FLAGS: c_uint = ffi::SECP256K1_START_VERIFY;
const DESCRIPTION: &'static str = "verification only";

fn deallocate(ptr: *mut [u8]) {
let _ = ptr;
}
}

unsafe impl<'buf> Context for AllPreallocated<'buf> {
const FLAGS: c_uint = SignOnlyPreallocated::FLAGS | VerifyOnlyPreallocated::FLAGS;
const DESCRIPTION: &'static str = "all capabilities";

fn deallocate(ptr: *mut [u8]) {
let _ = ptr;
}
}

impl<'buf, C: Context + 'buf> Secp256k1<C> {
fn preallocated_gen_new(buf: &'buf mut [u8]) -> Result<Secp256k1<C>, Error> {
if buf.len() < Self::preallocate_size() {
return Err(Error::NotEnoughMemory);
}
Ok(Secp256k1 {
ctx: unsafe {
ffi::secp256k1_context_preallocated_create(
buf.as_mut_ptr() as *mut c_void,
AllPreallocated::FLAGS)
},
phantom: PhantomData,
buf: buf as *mut [u8],
})
}
}

impl<'buf> Secp256k1<AllPreallocated<'buf>> {
/// Creates a new Secp256k1 context with all capabilities
pub fn preallocated_new(buf: &'buf mut [u8]) -> Result<Secp256k1<AllPreallocated<'buf>>, Error> {
Secp256k1::preallocated_gen_new(buf)
}
}

impl<'buf> Secp256k1<SignOnlyPreallocated<'buf>> {
/// Creates a new Secp256k1 context that can only be used for signing
pub fn preallocated_new(buf: &'buf mut [u8]) -> Result<Secp256k1<SignOnlyPreallocated<'buf>>, Error> {
Secp256k1::preallocated_gen_new(buf)
}
}

impl<'buf> Secp256k1<VerifyOnlyPreallocated<'buf>> {
/// Creates a new Secp256k1 context that can only be used for verification
pub fn preallocated_new(buf: &'buf mut [u8]) -> Result<Secp256k1<VerifyOnlyPreallocated<'buf>>, Error> {
Secp256k1::preallocated_gen_new(buf)
}
}
10 changes: 10 additions & 0 deletions src/ffi.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -144,6 +144,16 @@ extern "C" {
// Contexts
pub fn secp256k1_context_create(flags: c_uint) -> *mut Context;

pub fn secp256k1_context_preallocated_size(flags: c_uint) -> usize;

pub fn secp256k1_context_preallocated_create(prealloc: *mut c_void, flags: c_uint) -> *mut Context;

pub fn secp256k1_context_preallocated_destroy(cx: *mut Context);

pub fn secp256k1_context_preallocated_clone_size(cx: *const Context) -> usize;

pub fn secp256k1_context_preallocated_clone(cx: *const Context, prealloc: *mut c_void) -> *mut Context;

pub fn secp256k1_context_clone(cx: *mut Context) -> *mut Context;

pub fn secp256k1_context_destroy(cx: *mut Context);
Expand Down
101 changes: 23 additions & 78 deletions src/lib.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -148,6 +148,7 @@ use core::{fmt, ptr, str};
#[macro_use]
mod macros;
mod types;
mod context;
pub mod constants;
pub mod ecdh;
pub mod ffi;
Expand All @@ -157,6 +158,7 @@ pub mod recovery;

pub use key::SecretKey;
pub use key::PublicKey;
pub use context::*;
use core::marker::PhantomData;
use core::ops::Deref;

Expand Down Expand Up @@ -463,6 +465,9 @@ pub enum Error {
InvalidRecoveryId,
/// Invalid tweak for add_*_assign or mul_*_assign
InvalidTweak,
/// Didn't pass enough memory to context creation with preallocated memory
NotEnoughMemory,

}

impl Error {
Expand All @@ -475,6 +480,7 @@ impl Error {
Error::InvalidSecretKey => "secp: malformed or out-of-range secret key",
Error::InvalidRecoveryId => "secp: bad recovery id",
Error::InvalidTweak => "secp: bad tweak",
Error::NotEnoughMemory => "secp: not enough memory allocated",
}
}
}
Expand All @@ -491,48 +497,21 @@ impl std::error::Error for Error {
fn description(&self) -> &str { self.as_str() }
}

/// Marker trait for indicating that an instance of `Secp256k1` can be used for signing.
pub trait Signing {}

/// Marker trait for indicating that an instance of `Secp256k1` can be used for verification.
pub trait Verification {}

/// Represents the set of capabilities needed for signing.
pub struct SignOnly {}

/// Represents the set of capabilities needed for verification.
pub struct VerifyOnly {}

/// Represents the set of all capabilities.
pub struct All {}

impl Signing for SignOnly {}
impl Signing for All {}

impl Verification for VerifyOnly {}
impl Verification for All {}

/// The secp256k1 engine, used to execute all signature operations
pub struct Secp256k1<C> {
pub struct Secp256k1<C: Context> {
ctx: *mut ffi::Context,
phantom: PhantomData<C>
phantom: PhantomData<C>,
buf: *mut [u8],
}

// The underlying secp context does not contain any references to memory it does not own
unsafe impl<C> Send for Secp256k1<C> {}
unsafe impl<C: Context> Send for Secp256k1<C> {}
// The API does not permit any mutation of `Secp256k1` objects except through `&mut` references
unsafe impl<C> Sync for Secp256k1<C> {}
unsafe impl<C: Context> Sync for Secp256k1<C> {}

impl<C> Clone for Secp256k1<C> {
fn clone(&self) -> Secp256k1<C> {
Secp256k1 {
ctx: unsafe { ffi::secp256k1_context_clone(self.ctx) },
phantom: self.phantom
}
}
}

impl<C> PartialEq for Secp256k1<C> {
impl<C: Context> PartialEq for Secp256k1<C> {
fn eq(&self, _other: &Secp256k1<C>) -> bool { true }
}

Expand Down Expand Up @@ -566,60 +545,21 @@ impl Deref for SerializedSignature {

impl Eq for SerializedSignature {}

impl<C> Eq for Secp256k1<C> { }
impl<C: Context> Eq for Secp256k1<C> { }

impl<C> Drop for Secp256k1<C> {
impl<C: Context> Drop for Secp256k1<C> {
fn drop(&mut self) {
unsafe { ffi::secp256k1_context_destroy(self.ctx); }
}
}

impl fmt::Debug for Secp256k1<SignOnly> {
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
write!(f, "<secp256k1 context {:?}, signing only>", self.ctx)
}
}

impl fmt::Debug for Secp256k1<VerifyOnly> {
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
write!(f, "<secp256k1 context {:?}, verification only>", self.ctx)
C::deallocate(self.buf)
}
}

impl fmt::Debug for Secp256k1<All> {
impl<C: Context> fmt::Debug for Secp256k1<C> {
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
write!(f, "<secp256k1 context {:?}, all capabilities>", self.ctx)
}
}

impl Secp256k1<All> {
/// Creates a new Secp256k1 context with all capabilities
pub fn new() -> Secp256k1<All> {
Secp256k1 { ctx: unsafe { ffi::secp256k1_context_create(ffi::SECP256K1_START_SIGN | ffi::SECP256K1_START_VERIFY) }, phantom: PhantomData }
}
}

impl Default for Secp256k1<All> {
fn default() -> Self {
Self::new()
write!(f, "<secp256k1 context {:?}, {}>", self.ctx, C::DESCRIPTION)
}
}

impl Secp256k1<SignOnly> {
/// Creates a new Secp256k1 context that can only be used for signing
pub fn signing_only() -> Secp256k1<SignOnly> {
Secp256k1 { ctx: unsafe { ffi::secp256k1_context_create(ffi::SECP256K1_START_SIGN) }, phantom: PhantomData }
}
}

impl Secp256k1<VerifyOnly> {
/// Creates a new Secp256k1 context that can only be used for verification
pub fn verification_only() -> Secp256k1<VerifyOnly> {
Secp256k1 { ctx: unsafe { ffi::secp256k1_context_create(ffi::SECP256K1_START_VERIFY) }, phantom: PhantomData }
}
}

impl<C> Secp256k1<C> {
impl<C: Context> Secp256k1<C> {

/// Getter for the raw pointer to the underlying secp256k1 context. This
/// shouldn't be needed with normal usage of the library. It enables
Expand All @@ -629,6 +569,11 @@ impl<C> Secp256k1<C> {
&self.ctx
}

/// Uses the ffi `secp256k1_context_preallocated_size` to check the memory size needed for a context
pub fn preallocate_size() -> usize {
unsafe { ffi::secp256k1_context_preallocated_size(C::FLAGS) }
}

/// (Re)randomizes the Secp256k1 context for cheap sidechannel resistance;
/// see comment in libsecp256k1 commit d2275795f by Gregory Maxwell. Requires
/// compilation with "rand" feature.
Expand Down