From 11d675dce8edab6cece4524c3ffb3de809bea72f Mon Sep 17 00:00:00 2001 From: Andrew Poelstra Date: Thu, 6 Jan 2022 19:12:14 +0000 Subject: [PATCH] whitelist: remove ability to specific nonce function This functionality is inappropriate to expose for a zero-knowledge proof, and was confusingly (and potentially dangerously) implemented. --- include/secp256k1_whitelist.h | 8 ++------ src/bench_whitelist.c | 2 +- src/modules/whitelist/main_impl.h | 10 +++------- src/modules/whitelist/tests_impl.h | 2 +- 4 files changed, 7 insertions(+), 15 deletions(-) diff --git a/include/secp256k1_whitelist.h b/include/secp256k1_whitelist.h index c0dafd917..5b14df7c8 100644 --- a/include/secp256k1_whitelist.h +++ b/include/secp256k1_whitelist.h @@ -101,8 +101,6 @@ SECP256K1_API int secp256k1_whitelist_signature_serialize( * online_seckey: the secret key to the signer's online pubkey * summed_seckey: the secret key to the sum of (whitelisted key, signer's offline pubkey) * index: the signer's index in the lists of keys - * noncefp:pointer to a nonce generation function. If NULL, secp256k1_nonce_function_default is used - * ndata: pointer to arbitrary data used by the nonce generation function (can be NULL) * Out: sig: The produced signature. * * The signatures are of the list of all passed pubkeys in the order @@ -120,10 +118,8 @@ SECP256K1_API int secp256k1_whitelist_sign( const size_t n_keys, const secp256k1_pubkey *sub_pubkey, const unsigned char *online_seckey, - const unsigned char *summed_seckey, - const size_t index, - secp256k1_nonce_function noncefp, - const void *noncedata + const unsigned char *summed_seckeyx, + const size_t index ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4) SECP256K1_ARG_NONNULL(6) SECP256K1_ARG_NONNULL(7) SECP256K1_ARG_NONNULL(8); /** Verify a whitelist signature diff --git a/src/bench_whitelist.c b/src/bench_whitelist.c index 8964cd19b..e4908306f 100644 --- a/src/bench_whitelist.c +++ b/src/bench_whitelist.c @@ -39,7 +39,7 @@ static void bench_whitelist(void* arg, int iters) { static void bench_whitelist_setup(void* arg) { bench_data* data = (bench_data*)arg; int i = 0; - CHECK(secp256k1_whitelist_sign(data->ctx, &data->sig, data->online_pubkeys, data->offline_pubkeys, data->n_keys, &data->sub_pubkey, data->online_seckey[i], data->summed_seckey[i], i, NULL, NULL)); + CHECK(secp256k1_whitelist_sign(data->ctx, &data->sig, data->online_pubkeys, data->offline_pubkeys, data->n_keys, &data->sub_pubkey, data->online_seckey[i], data->summed_seckey[i], i)); } static void run_test(bench_data* data, int iters) { diff --git a/src/modules/whitelist/main_impl.h b/src/modules/whitelist/main_impl.h index f16ea8451..a37e16ffe 100644 --- a/src/modules/whitelist/main_impl.h +++ b/src/modules/whitelist/main_impl.h @@ -12,17 +12,13 @@ #define MAX_KEYS SECP256K1_WHITELIST_MAX_N_KEYS /* shorter alias */ -int secp256k1_whitelist_sign(const secp256k1_context* ctx, secp256k1_whitelist_signature *sig, const secp256k1_pubkey *online_pubkeys, const secp256k1_pubkey *offline_pubkeys, const size_t n_keys, const secp256k1_pubkey *sub_pubkey, const unsigned char *online_seckey, const unsigned char *summed_seckey, const size_t index, secp256k1_nonce_function noncefp, const void *noncedata) { +int secp256k1_whitelist_sign(const secp256k1_context* ctx, secp256k1_whitelist_signature *sig, const secp256k1_pubkey *online_pubkeys, const secp256k1_pubkey *offline_pubkeys, const size_t n_keys, const secp256k1_pubkey *sub_pubkey, const unsigned char *online_seckey, const unsigned char *summed_seckey, const size_t index) { secp256k1_gej pubs[MAX_KEYS]; secp256k1_scalar s[MAX_KEYS]; secp256k1_scalar sec, non; unsigned char msg32[32]; int ret; - if (noncefp == NULL) { - noncefp = secp256k1_nonce_function_default; - } - /* Sanity checks */ VERIFY_CHECK(ctx != NULL); ARG_CHECK(secp256k1_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx)); @@ -53,7 +49,7 @@ int secp256k1_whitelist_sign(const secp256k1_context* ctx, secp256k1_whitelist_s size_t i; unsigned char nonce32[32]; int done; - ret = noncefp(nonce32, msg32, seckey32, NULL, (void*)noncedata, count); + ret = secp256k1_nonce_function_default(nonce32, msg32, seckey32, NULL, NULL, count); if (!ret) { break; } @@ -67,7 +63,7 @@ int secp256k1_whitelist_sign(const secp256k1_context* ctx, secp256k1_whitelist_s for (i = 0; i < n_keys; i++) { msg32[0] ^= i + 1; msg32[1] ^= (i + 1) / 0x100; - ret = noncefp(&sig->data[32 * (i + 1)], msg32, seckey32, NULL, (void*)noncedata, count); + ret = secp256k1_nonce_function_default(&sig->data[32 * (i + 1)], msg32, seckey32, NULL, NULL, count); if (!ret) { break; } diff --git a/src/modules/whitelist/tests_impl.h b/src/modules/whitelist/tests_impl.h index c420518c7..10e8693e6 100644 --- a/src/modules/whitelist/tests_impl.h +++ b/src/modules/whitelist/tests_impl.h @@ -15,7 +15,7 @@ void test_whitelist_end_to_end_internal(const unsigned char *summed_seckey, cons secp256k1_whitelist_signature sig; secp256k1_whitelist_signature sig1; - CHECK(secp256k1_whitelist_sign(ctx, &sig, online_pubkeys, offline_pubkeys, n_keys, sub_pubkey, online_seckey, summed_seckey, signer_i, NULL, NULL)); + CHECK(secp256k1_whitelist_sign(ctx, &sig, online_pubkeys, offline_pubkeys, n_keys, sub_pubkey, online_seckey, summed_seckey, signer_i)); CHECK(secp256k1_whitelist_verify(ctx, &sig, online_pubkeys, offline_pubkeys, n_keys, sub_pubkey) == 1); /* Check that exchanging keys causes a failure */ CHECK(secp256k1_whitelist_verify(ctx, &sig, offline_pubkeys, online_pubkeys, n_keys, sub_pubkey) != 1);