Add usage examples #748
Add usage examples #748
Conversation
elichai
force-pushed
the
2020-04-examples
branch
from
5365586 to
2e7decf
Compare
jonasnick
left a comment
jonasnick
left a comment
There was a problem hiding this comment.
Very nice!
Alternatively the module-specific examples could be in their respective module directory. But I think either way is fine.
I thought about it, but I think that for newcomers it's easier to see an examples directory at the top level and start from there. |
|
My feeling is this entire issue of secret key handling deserves a broader discussion. We don't have a key generation function and Core won't need one. If we're now targeting different users more, maybe it's time to have one. But it's hard, see all the discussion points above. And it really depends on the user's platform. So actually I'd be happy with good examples and some references to correct methods to get randomness on different OSes. On the other hand, nothing should stop us from exporting a cleaning function in #636, even if we don't have one for key gen. What are other libraries doing for key generation? |
examples/keygen.c
Outdated
| size_t len; | ||
| secp256k1_pubkey pubkey; | ||
| secp256k1_context* ctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN); | ||
| while (1) { |
There was a problem hiding this comment.
I'd prefer not to loop here and instead bail out if we hit an invalid key.
The probability of hitting an invalid key is negligible if your randomness is good.
So this loop is only relevant if your randomness is broken. And then it hides the fact that your randomness is broken.
There was a problem hiding this comment.
Hm, I see. I still think that my argument holds up. Maybe @sipa can chime in for the code in Core.
There was a problem hiding this comment.
While the probability of an invalid key is negligible (something like 1/2^128?), I feel that if the verify function is provided in the library then it could still be informative to include in the examples.
if (!secp256k1_ec_seckey_verify(ctx, seckey)) {
printf("Invalid secret key\n");
return 1;
}
| * Which is why we create a context for signing(SECP256K1_CONTEXT_SIGN). | ||
| * (The docs for `secp256k1_ecdh` don't require any special context, just some context) */ | ||
|
|
||
| secp256k1_context* ctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN); |
There was a problem hiding this comment.
The context should be randomized here.
elichai
force-pushed
the
2020-04-examples
branch
from
485c68b to
b7077be
Compare
|
Would be cool to revive this PR since it's really helpful, well-documented and provides best practices for getting randomness on different platforms. In particular, I don't think this PR should be blocked on the result of the key generation discussion. @elichai if you want to add examples for the schnorrsig module, feel free to do it, but we can also add this in a different PR. |
elichai
force-pushed
the
2020-04-examples
branch
2 times, most recently
from
7e16921 to
0be44b4
Compare
|
Rebased, and replaced the |
I think we should make them CC0 to avoid any doubt. |
|
As a new user, simple example programs are really great. Thanks! |
|
Rebased and fixed review comments, |
|
Rebasing on master again so the CI will work |
|
Tested ACK
|
elichai
force-pushed
the
2020-04-examples
branch
from
4c43382 to
beecb9a
Compare
|
Fixed comments, and squashed |
real-or-random
left a comment
real-or-random
left a comment
There was a problem hiding this comment.
@elichai Can you quickly fix the copyright and the msg_hash comment?
I think then this is good to go. We had many eyes on it and I can address the other two comments in another PR.
| /************************************************************************* | ||
| * Copyright (c) 2020-2021 Elichai Turkel * | ||
| * Distributed under the CC0 software license, see the accompanying file * | ||
| * EXAMPLES_COPYING or https://creativecommons.org/publicdomain/zero/1.0 * | ||
| *************************************************************************/ |
There was a problem hiding this comment.
Sorry interrupting with legal stuff and not noticing earlier... I think it's weird to say "Copyright" and CC0 at the same time. And CC0 is strictly speaking not a software license. https://wiki.creativecommons.org/wiki/CC0_FAQ#May_I_apply_CC0_to_computer_software.3F_If_so.2C_is_there_a_recommended_implementation.3F provides some boilerplate.
Here's a suggestion, slightly adopted from the above to make sure it applies only to a single file.
| /************************************************************************* | |
| * Copyright (c) 2020-2021 Elichai Turkel * | |
| * Distributed under the CC0 software license, see the accompanying file * | |
| * EXAMPLES_COPYING or https://creativecommons.org/publicdomain/zero/1.0 * | |
| *************************************************************************/ | |
| /************************************************************************* | |
| * Written in 2020-2022 by Elichai Turkel * | |
| * To the extent possible under law, the author(s) have dedicated all * | |
| * copyright and related and neighboring rights to the software in this * | |
| * file to the public domain worldwide. This software is distributed * | |
| * without any warranty. For the CC0 Public Domain Dedication, see * | |
| * EXAMPLES_COPYING or https://creativecommons.org/publicdomain/zero/1.0 * | |
| *************************************************************************/ |
There was a problem hiding this comment.
Yeah, I hate dealing with licenses. fixed
examples/ecdsa.c
Outdated
| /* Generate an ECDSA signature, note that even though here `msg_hash` is set | ||
| * to zeros, it MUST contain a hash, otherwise ECDSA is easily broken. |
There was a problem hiding this comment.
msg_hash is not set to zeros.
| /* It's best practice to try to clear secrets from memory after using them. | ||
| * This is done because some bugs can allow an attacker to leak memory, for | ||
| * example through "out of bounds" array access (see Heartbleed), Or the OS | ||
| * swapping them to disk. Hence, we overwrite the secret key buffer with zeros. | ||
| * | ||
| * TODO: Prevent these writes from being optimized out, as any good compiler | ||
| * will remove any writes that aren't used. */ | ||
| memset(seckey, 0, sizeof(seckey)); |
There was a problem hiding this comment.
I don't like the idea of having a TODO here. I mean we spent days getting the randomness right, then this feels wrong.
We could copy https://github.com/bitcoin/bitcoin/blob/7fcf53f7b4524572d1d0c9a5fdc388e87eb02416/src/support/cleanse.cpp#L14 and then really call the file util.h or refer to it...
In the interest of moving this forward, we suggest to leave this as is and I'm happy to open a further PR that fixes it.
| return_val = secp256k1_context_randomize(ctx, randomize); | ||
| assert(return_val); | ||
|
|
||
| /*** Key Generation ***/ |
There was a problem hiding this comment.
It may be good to add a header to every code section in this part, e.g., "Party 1: " and "Party 2:" or similar, to make sure.
This would require splitting the key generation loop but I think that's really better than. Real code wouldn't work like this, so I think we should avoid it in example code.
This is also something I can do in a follow-up PR.
Co-authored-by: Jonas Nick <jonasd.nick@gmail.com>
Co-authored-by: Jonas Nick <jonasd.nick@gmail.com>
Co-authored-by: Jonas Nick <jonasd.nick@gmail.com>
elichai
force-pushed
the
2020-04-examples
branch
from
beecb9a to
7c9502c
Compare
real-or-random
left a comment
real-or-random
left a comment
There was a problem hiding this comment.
ACK 7c9502c
As I said, I can create a follow-up PR.
The one CI failure for the sage prover is harmless and only because just sage on CI was introduced after the last rebase of this PR. It will work on master.
15 participants
Resolves #184
I didn't add a sign/verify/recover example yet because I'd prefer that the example included hashing a message,
but we don't provide a hash function so I decided to start only with key generation and ECDH, and get feedback.
I did not check the example on windows, but did try to implement it correctly, if anyone has access to a windows machine(and knows how to build on windows hehe) please test this :)
P.S. Should the usage examples be MIT or CC0(Public Domain)?