-
-
Notifications
You must be signed in to change notification settings - Fork 655
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unify secp256k1_zkp usage #2385
Conversation
int recid) { | ||
#ifdef USE_SECP256K1_ZKP_ECDSA | ||
if (curve == &secp256k1) { | ||
return zkp_ecdsa_recover_pub_from_sig(curve, pub_key, sig, digest, recid); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What do you think about moving these wrappers into a separate file?
I'm thinking about something like
- renaming
ecdsa.c
tonative_ecdsa.c
, - renaming
ecdsa_internal.h
tonative_ecdsa.h
and - moving the wrappers back to
ecdsa.c
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So let me get this straight. Based on the described scheme all the other ecdsa functions such as scalar_multiply()
would be implemented in native_ecdsa.c
, but their declaration would remain in ecdsa.h
while there exists a file called native_ecdsa.h
? That seems confusing.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Based on the described scheme all the other ecdsa functions such as scalar_multiply() would be implemented in native_ecdsa.c, but their declaration would remain in ecdsa.h while there exists a file called native_ecdsa.h?
A would move the declaration of scalar_multiply()
to native_ecdsa.h
.
The thing I don't like about the architecture is ecdsa.c
contains both the ecdsa wrappers and the native implementation of ecdsa. These functions should be in separate files, in my opinion.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
[I] would move the declaration of scalar_multiply() to native_ecdsa.h.
Then any code that uses functions that were originally declared in ecdsa.h
but do not have a counterpart in the secp256k1
library, i.e. are not wrapped, would have to include native_ecdsa.h
instead of ecdsa.h
(or both). Again seems confusing and technically breaks the API although only a little.
The thing I don't like about the architecture is
ecdsa.c
contains both the ecdsa wrappers and the native implementation of ecdsa.
I don't see a problem with that other than unit testing, which is an internal matter.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Then any code that uses functions that were originally declared in ecdsa.h but do not have a counterpart in the secp256k1 library, i.e. are not wrapped, would have to include native_ecdsa.h instead of ecdsa.h (or both).
Exactly.
Again seems confusing and technically breaks the API although only a little.
What is confusing about it? Which API does it breaks and how?
I think it's the most natural approach. I see it as ecdsa.c
being an interface and zkp_ecdsa.c
and native_ecdsa.c
being two implementations.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What is confusing about it? Which API does it breaks and how?
It moves certain functions to different header files, such as scalar_multiply()
and others.
I think it's the most natural approach. I see it as ecdsa.c being an interface and zkp_ecdsa.c and native_ecdsa.c being two implementations.
If it's meant to be an "interface", then we would also have to add dummy wrappers to ecdsa.c
for the functions that are in native_ecdsa.c
only. The caller shouldn't have to deal with the question of whether the implementation is native or non-native.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It moves certain functions to different header files, such as scalar_multiply() and others.
What is wrong about it? What is confusing about it?
If it's meant to be an "interface", then we would also have to add dummy wrappers to ecdsa.c for the functions that are in native_ecdsa.c only. The caller shouldn't have to deal with the question of whether the implementation is native or non-native.
This may surprise you but I'm all for it. Nevertheless, I don't think it's necessary because I see nothing wrong with using an "implementation" directly instead of an "interface".
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What is wrong about it? What is confusing about it?
As I stated, the caller shouldn't have to deal with the question of whether the implementation is native or non-native. The whole point of this PR is to simplify the usage of the ecdsa calls.
I am not a fan of creating dummy code where it serves no purpose. So I don't like that option either. This is purely a matter of style. It makes no difference in terms of functionality, usability, maintainability or in any other respect. Feel free to create a separate issue.
@andrewkozlik What is the state of this pr? |
Awaiting review from @onvej-sl. Probably needs manual rebase afterwards. |
I announce in advance I'm not going to approve this pull request. The pull request is ok in terms of functionality and security (this is the last comment that has to be resolved in this sense) but I don't agree with one of the architectural decisions made. To be specific, I don't like that
See this thread. In my opinion, I and Andrew have a different perspective on this. Let someone else review this part of the pull request. |
I did a very brief review of the A larger refactor, with possible header API breakage, would be nice -- but this PR is not it and doesn't need to be it. (that said, my view into trezor-crypto architecture is limited and i might be missing something) As such I'm approving the PR as it is now. Please resolve the conflicts and let's get this merged. |
eaa0afe
to
81f081f
Compare
81f081f
to
ad31d1b
Compare
The last unresolved requested change is unrelated to this PR.
Resolves #1864.
zkp_ecdsa_*()
vs.ecdsa_*()
functions toecdsa.c
to simplify usage (no more#ifdefs
for this incore
andlegacy
code).crypto/bip32.c
to use the secp256k1_zkp functions for public key derivation and signing without any code changes inbip32.c
.ecdsa_*
functions totc_ecdsa_*
so that they can be tested independently in thecrypto
tests.bip32.c
causes a different amount of data to be taken from the PRNG, which in turn causes the PIN matrix layouts to change, hence the changes to UI tests.