From 70b6be1834e2ece8d9cfcf2ad12e4452c87cdc20 Mon Sep 17 00:00:00 2001 From: Jonas Nick Date: Sun, 13 Oct 2024 19:08:02 +0000 Subject: [PATCH 1/3] extrakeys: improve doc of keypair_create (don't suggest retry) --- include/secp256k1.h | 2 +- include/secp256k1_extrakeys.h | 9 ++++++--- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/include/secp256k1.h b/include/secp256k1.h index 6e96778da9..25196fb752 100644 --- a/include/secp256k1.h +++ b/include/secp256k1.h @@ -684,7 +684,7 @@ SECP256K1_API int secp256k1_ecdsa_sign( * A secret key is valid if it is not 0 and less than the secp256k1 curve order * when interpreted as an integer (most significant byte first). The * probability of choosing a 32-byte string uniformly at random which is an - * invalid secret key is negligible. However, if it does happen it should + * invalid secret key is negligible. However, if it does happen it should * be assumed that the randomness source is severely broken and there should * be no retry. * diff --git a/include/secp256k1_extrakeys.h b/include/secp256k1_extrakeys.h index ad70b92f95..13acb0325f 100644 --- a/include/secp256k1_extrakeys.h +++ b/include/secp256k1_extrakeys.h @@ -155,10 +155,13 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_xonly_pubkey_tweak_add_ const unsigned char *tweak32 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(4) SECP256K1_ARG_NONNULL(5); -/** Compute the keypair for a secret key. +/** Compute the keypair for a valid secret key. * - * Returns: 1: secret was valid, keypair is ready to use - * 0: secret was invalid, try again with a different secret + * See the documentation of `secp256k1_ec_seckey_verify` for more information + * about the validity of secret keys. + * + * Returns: 1: secret key is valid + * 0: secret key is invalid * Args: ctx: pointer to a context object (not secp256k1_context_static). * Out: keypair: pointer to the created keypair. * In: seckey: pointer to a 32-byte secret key. From e8908221a45a368c2c8ae0fed0e2310968d4815a Mon Sep 17 00:00:00 2001 From: Jonas Nick Date: Sun, 13 Oct 2024 19:10:45 +0000 Subject: [PATCH 2/3] examples: do not retry generating seckey randomness in musig --- examples/musig.c | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/examples/musig.c b/examples/musig.c index 396dbb9f17..0352dc40f3 100644 --- a/examples/musig.c +++ b/examples/musig.c @@ -38,14 +38,17 @@ struct signer { /* Create a key pair, store it in signer_secrets->keypair and signer->pubkey */ static int create_keypair(const secp256k1_context* ctx, struct signer_secrets *signer_secrets, struct signer *signer) { unsigned char seckey[32]; - while (1) { - if (!fill_random(seckey, sizeof(seckey))) { - printf("Failed to generate randomness\n"); - return 0; - } - if (secp256k1_keypair_create(ctx, &signer_secrets->keypair, seckey)) { - break; - } + + if (!fill_random(seckey, sizeof(seckey))) { + printf("Failed to generate randomness\n"); + return 0; + } + /* Try to create a keypair with a valid context. This only fails if the + * secret key is zero or out of range (greater than secp256k1's order). Note + * that the probability of this occurring is negligible with a properly + * functioning random number generator. */ + if (!secp256k1_keypair_create(ctx, &signer_secrets->keypair, seckey)) { + return 0; } if (!secp256k1_keypair_pub(ctx, &signer->pubkey, &signer_secrets->keypair)) { return 0; From 5bab8f6d3c4946f32bebd2a99b9975aa160ff794 Mon Sep 17 00:00:00 2001 From: Jonas Nick Date: Sun, 13 Oct 2024 19:11:02 +0000 Subject: [PATCH 3/3] examples: make key generation doc consistent --- examples/ecdh.c | 4 ++-- examples/ecdsa.c | 6 +++--- examples/ellswift.c | 7 +++---- examples/schnorr.c | 11 +++++------ 4 files changed, 13 insertions(+), 15 deletions(-) diff --git a/examples/ecdh.c b/examples/ecdh.c index ef9e8b896f..13aa760b2d 100644 --- a/examples/ecdh.c +++ b/examples/ecdh.c @@ -47,8 +47,8 @@ int main(void) { return 1; } /* If the secret key is zero or out of range (greater than secp256k1's - * order), we fail. Note that the probability of this occurring - * is negligible with a properly functioning random number generator. */ + * order), we fail. Note that the probability of this occurring is negligible + * with a properly functioning random number generator. */ if (!secp256k1_ec_seckey_verify(ctx, seckey1) || !secp256k1_ec_seckey_verify(ctx, seckey2)) { printf("Generated secret key is invalid. This indicates an issue with the random number generator.\n"); return 1; diff --git a/examples/ecdsa.c b/examples/ecdsa.c index 433c58ffb8..80ae9d46c5 100644 --- a/examples/ecdsa.c +++ b/examples/ecdsa.c @@ -49,13 +49,13 @@ int main(void) { assert(return_val); /*** Key Generation ***/ - /* If the secret key is zero or out of range (greater than secp256k1's - * order), we return 1. Note that the probability of this occurring - * is negligible with a properly functioning random number generator. */ if (!fill_random(seckey, sizeof(seckey))) { printf("Failed to generate randomness\n"); return 1; } + /* If the secret key is zero or out of range (greater than secp256k1's + * order), we fail. Note that the probability of this occurring is negligible + * with a properly functioning random number generator. */ if (!secp256k1_ec_seckey_verify(ctx, seckey)) { printf("Generated secret key is invalid. This indicates an issue with the random number generator.\n"); return 1; diff --git a/examples/ellswift.c b/examples/ellswift.c index e6159f36c9..afb2fee40b 100644 --- a/examples/ellswift.c +++ b/examples/ellswift.c @@ -47,14 +47,13 @@ int main(void) { assert(return_val); /*** Generate secret keys ***/ - - /* If the secret key is zero or out of range (greater than secp256k1's - * order), we return 1. Note that the probability of this occurring - * is negligible with a properly functioning random number generator. */ if (!fill_random(seckey1, sizeof(seckey1)) || !fill_random(seckey2, sizeof(seckey2))) { printf("Failed to generate randomness\n"); return 1; } + /* If the secret key is zero or out of range (greater than secp256k1's + * order), we fail. Note that the probability of this occurring is negligible + * with a properly functioning random number generator. */ if (!secp256k1_ec_seckey_verify(ctx, seckey1) || !secp256k1_ec_seckey_verify(ctx, seckey2)) { printf("Generated secret key is invalid. This indicates an issue with the random number generator.\n"); return 1; diff --git a/examples/schnorr.c b/examples/schnorr.c index adced235b3..909fcaa1f3 100644 --- a/examples/schnorr.c +++ b/examples/schnorr.c @@ -43,18 +43,17 @@ int main(void) { assert(return_val); /*** Key Generation ***/ - /* If the secret key is zero or out of range (greater than secp256k1's - * order), we return 1. Note that the probability of this occurring - * is negligible with a properly functioning random number generator. */ if (!fill_random(seckey, sizeof(seckey))) { printf("Failed to generate randomness\n"); return 1; } - /* Try to create a keypair with a valid context, it should only fail if - * the secret key is zero or out of range. */ + /* Try to create a keypair with a valid context. This only fails if the + * secret key is zero or out of range (greater than secp256k1's order). Note + * that the probability of this occurring is negligible with a properly + * functioning random number generator. */ if (!secp256k1_keypair_create(ctx, &keypair, seckey)) { printf("Generated secret key is invalid. This indicates an issue with the random number generator.\n"); - return 1; + return 1; } /* Extract the X-only public key from the keypair. We pass NULL for