Skip to content
  1. Apr 04, 2015
  2. Mar 26, 2015
  3. Mar 25, 2015
  4. Jan 17, 2015
  5. Sep 12, 2014
    • Andrew Poelstra's avatar
      Revert "Overhaul interface to use zero-on-free SecretKeys" · 9cab4e02
      Andrew Poelstra authored
      This reverts commit 98890907.
      
      This is not ready for primetime -- the move prevention also prevents
      reborrowing, which makes secret keys nearly unusable.
      9cab4e02
    • Andrew Poelstra's avatar
      Overhaul interface to use zero-on-free SecretKeys · 98890907
      Andrew Poelstra authored
      Using the `secretdata` library, we can store SecretKeys in such a way
      that they cannot be moved or copied, and their memory is zeroed out on
      drop. This gives us some assurance that in the case of memory unsafety,
      there is not secret key data lying around anywhere that we don't expect.
      
      Unfortunately, it means that we cannot construct secret keys and then
      return them, which forces the interface to change a fair bit. I removed
      the `generate_keypair` function from Secp256k1, then `generate_nonce`
      for symmetry, then dropped the `Secp256k1` struct entirely because it
      turned out that none of the remaining functions used the `self` param.
      
      So here we are. I bumped the version number. Sorry about this.
      98890907
  6. Sep 05, 2014
  7. Sep 04, 2014
  8. Sep 01, 2014
    • Andrew Poelstra's avatar
    • Andrew Poelstra's avatar
      Make Secp256k1::verify() static · 20452411
      Andrew Poelstra authored
      This avoids the overhead of creating and seeding a Fortuna just to do verification.
      20452411
    • Andrew Poelstra's avatar
      Generate keys from Fortuna rather than always using the OsRng · d94345f7
      Andrew Poelstra authored
      When creating a Secp256k1, we attach a Fortuna CSRNG seeded from the
      OS RNG, rather than using the OS RNG all the time. This moves the
      potential RNG failure to the creation of the object, rather than at
      every single place that keys are generated. It also reduces trust
      in the operating system RNG.
      
      This does mean that Secp256k1::new() now returns an IoResult while
      the generate_* methods no longer return Results, so this is a breaking
      change.
      
      Also add a benchmark for key generation. On my system I get:
      
      test tests::generate_compressed   ... bench:    492990 ns/iter (+/- 27981)
      test tests::generate_uncompressed ... bench:    495148 ns/iter (+/- 29829)
      
      Contrast the numbers with OsRng:
      
      test tests::generate_compressed   ... bench:     66691 ns/iter (+/- 3640)
      test tests::generate_uncompressed ... bench:     67148 ns/iter (+/- 3806)
      
      Not too shabby :)
      
      [breaking-change]
      d94345f7
  9. Aug 31, 2014
  10. Aug 30, 2014
  11. Aug 28, 2014
  12. Aug 27, 2014
  13. Aug 24, 2014
  14. Aug 18, 2014
  15. Aug 16, 2014
  16. Aug 12, 2014
    • Andrew Poelstra's avatar
      Add CC0 license and header to all files · db378299
      Andrew Poelstra authored
      db378299
    • Andrew Poelstra's avatar
      Move Rng failure from `Secp256k1::new` to functions that actually use randomness · 4be48ecb
      Andrew Poelstra authored
      Verifying signatures does not require any randomness, but requires the user
      to create a `Secp256k1` object nonetheless (this is just a way to guarantee
      that `init` is called --- an alternate API would be to have an independent
      unsafe `verify` function). If a Rng can't be created, rather than failing
      the `Secp256k1` initialization, fail the functions that actually try to use
      the Rng.
      
      This way signing and verifying, which require no randomness beyond that input
      to them, will work correctly.
      
      To avoid checking for a working Rng on each call to `generate_keypair` and
      `generate_nonce` (which is probably trivial next to the cost of actually
      generating the randomness, but w/e, user knows best), the user should use
      the generation functions in the `key` module, which take an Rng as input.
      4be48ecb