feat: enable global secp256k1 context

Author: tmpolaczyk

crypto/Cargo.toml

@@ -22,7 +22,7 @@ hmac = "0.7.1"
 memzero = "0.1.0"
 rand = "0.7.3"
 ring = "0.16.11"
-secp256k1 = "0.22.1"
+secp256k1 = { version = "0.22.1", features = ["global-context"] }
 serde = { version = "1.0.104", optional = true }
 sha2 = "0.8.1"
 tiny-bip39 = "0.7.0"

crypto/src/key.rs

@@ -19,7 +19,7 @@ use bech32::{FromBase32, ToBase32 as _};
 use byteorder::{BigEndian, ReadBytesExt as _};
 use failure::Fail;
 use hmac::{Hmac, Mac};
-use secp256k1::{PublicKey, Secp256k1, SecretKey, SignOnly, Signing, VerifyOnly};
+use secp256k1::{PublicKey, SecretKey};
 #[cfg(feature = "serde")]
 use serde::{Deserialize, Serialize};
 
@@ -160,22 +160,6 @@ pub type SK = SecretKey;
 /// Public Key
 pub type PK = PublicKey;
 
-/// The secp256k1 engine, used to execute all signature operations.
-///
-/// `Engine::new()`: all capabilities
-/// `Engine::signing_only()`: only be used for signing
-/// `Engine::verification_only()`: only be used for verification
-pub type Engine<C> = Secp256k1<C>;
-
-/// Secp256k1 engine that can only be used for signing.
-pub type SignEngine = Secp256k1<SignOnly>;
-
-/// Secp256k1 engine that can only be used for verifying.
-pub type VerifyEngine = Secp256k1<VerifyOnly>;
-
-/// Secp256k1 engine that can be used for signing and for verifying.
-pub type CryptoEngine = Secp256k1<secp256k1::All>;
-
 /// Extended Key is just a Key with a Chain Code
 #[derive(Clone, PartialEq, Eq, Debug)]
 #[cfg_attr(feature = "serde", derive(Serialize, Deserialize))]
@@ -292,25 +276,17 @@ impl ExtendedSK {
     }
 
     /// Try to derive an extended private key from a given path
-    pub fn derive<C: Signing>(
-        &self,
-        engine: &Engine<C>,
-        path: &KeyPath,
-    ) -> Result<ExtendedSK, KeyDerivationError> {
+    pub fn derive(&self, path: &KeyPath) -> Result<ExtendedSK, KeyDerivationError> {
         let mut extended_sk = self.clone();
         for index in path.iter() {
-            extended_sk = extended_sk.child(engine, index)?
+            extended_sk = extended_sk.child(index)?
         }
 
         Ok(extended_sk)
     }
 
     /// Try to get a private child key from parent
-    pub fn child<C: Signing>(
-        &self,
-        engine: &Engine<C>,
-        index: &KeyPathIndex,
-    ) -> Result<ExtendedSK, KeyDerivationError> {
+    pub fn child(&self, index: &KeyPathIndex) -> Result<ExtendedSK, KeyDerivationError> {
         let mut hmac512: Hmac<sha2::Sha512> =
             Hmac::new_varkey(&self.chain_code).map_err(|_| KeyDerivationError::InvalidKeyLength)?;
         let index_bytes = index.as_ref().to_be_bytes();
@@ -319,7 +295,7 @@ impl ExtendedSK {
             hmac512.input(&[0]); // BIP-32 padding that makes key 33 bytes long
             hmac512.input(&self.secret_key[..]);
         } else {
-            hmac512.input(&PublicKey::from_secret_key(engine, &self.secret_key).serialize());
+            hmac512.input(&PublicKey::from_secret_key_global(&self.secret_key).serialize());
         }
 
         let (chain_code, mut secret_key) = get_chain_code_and_secret(&index_bytes, hmac512)?;
@@ -355,12 +331,12 @@ pub struct ExtendedPK {
 
 impl ExtendedPK {
     /// Derive the public key from a private key.
-    pub fn from_secret_key<C: Signing>(engine: &Engine<C>, key: &ExtendedSK) -> Self {
+    pub fn from_secret_key(key: &ExtendedSK) -> Self {
         let ExtendedSK {
             secret_key,
             chain_code,
         } = key;
-        let key = PublicKey::from_secret_key(engine, secret_key);
+        let key = PublicKey::from_secret_key_global(secret_key);
         Self {
             key,
             chain_code: chain_code.clone(),
@@ -577,8 +553,7 @@ mod tests {
             .hardened(0) // account: hardened 0
             .index(0) // change: 0
             .index(0); // address: 0
-        let engine = SignEngine::signing_only();
-        let account = extended_sk.derive(&engine, &path).unwrap();
+        let account = extended_sk.derive(&path).unwrap();
 
         let expected_account = [
             137, 174, 230, 121, 4, 190, 53, 238, 47, 181, 52, 226, 109, 68, 153, 170, 112, 150, 84,
@@ -598,10 +573,9 @@ mod tests {
         let mnemonic = bip39::Mnemonic::from_phrase(phrase.into()).unwrap();
         let seed = mnemonic.seed(&"".into());
         let master_key = MasterKeyGen::new(&seed).generate().unwrap();
-        let engine = Secp256k1::signing_only();
 
         for (expected, keypath) in slip32_vectors() {
-            let key = master_key.derive(&engine, &keypath).unwrap();
+            let key = master_key.derive(&keypath).unwrap();
             let xprv = key.to_slip32(&keypath).unwrap();
 
             assert_eq!(expected, xprv);

crypto/src/signature.rs

@@ -1,6 +1,5 @@
 //! Signature module
 
-use crate::key::CryptoEngine;
 use secp256k1::{Error, Message, SecretKey};
 
 /// Signature
@@ -12,46 +11,42 @@ pub type PublicKey = secp256k1::PublicKey;
 /// Sign `data` with provided secret key. `data` must be the 32-byte output of a cryptographically
 /// secure hash function, otherwise this function is not secure.
 /// - Returns an Error if data is not a 32-byte array
-pub fn sign(secp: &CryptoEngine, secret_key: SecretKey, data: &[u8]) -> Result<Signature, Error> {
+pub fn sign(secret_key: SecretKey, data: &[u8]) -> Result<Signature, Error> {
     let msg = Message::from_slice(data)?;
 
-    Ok(secp.sign_ecdsa(&msg, &secret_key))
+    Ok(secret_key.sign_ecdsa(msg))
 }
 /// Verify signature with a provided public key.
 /// - Returns an Error if data is not a 32-byte array
-pub fn verify(
-    secp: &CryptoEngine,
-    public_key: &PublicKey,
-    data: &[u8],
-    sig: &Signature,
-) -> Result<(), Error> {
+pub fn verify(public_key: &PublicKey, data: &[u8], sig: &Signature) -> Result<(), Error> {
     let msg = Message::from_slice(data)?;
 
-    secp.verify_ecdsa(&msg, sig, public_key)
+    sig.verify(&msg, public_key)
 }
 
 #[cfg(test)]
 mod tests {
-    use crate::hash::{calculate_sha256, Sha256};
-    use crate::signature::{sign, verify};
-    use secp256k1::{ecdsa::Signature, PublicKey, Secp256k1, SecretKey};
+    use crate::{
+        hash::{calculate_sha256, Sha256},
+        signature::{sign, verify},
+    };
+    use secp256k1::{ecdsa::Signature, PublicKey, SecretKey};
 
     #[test]
     fn test_sign_and_verify() {
         let data = [0xab; 32];
-        let secp = &Secp256k1::new();
         let secret_key = SecretKey::from_slice(&[0xcd; 32]).expect("32 bytes, within curve order");
-        let public_key = PublicKey::from_secret_key(secp, &secret_key);
+        let public_key = PublicKey::from_secret_key_global(&secret_key);
 
-        let signature = sign(secp, secret_key, &data).unwrap();
+        let signature = sign(secret_key, &data).unwrap();
         let signature_expected = "3044\
                                   0220\
                                   3dc4fa74655c21b7ffc0740e29bfd88647e8dfe2b68c507cf96264e4e7439c1f\
                                   0220\
                                   7aa61261b18eebdfdb704ca7bab4c7bcf7961ae0ade5309f6f1398e21aec0f9f";
         assert_eq!(signature_expected.to_string(), signature.to_string());
 
-        assert!(verify(secp, &public_key, &data, &signature).is_ok());
+        assert!(verify(&public_key, &data, &signature).is_ok());
     }
 
     #[test]
@@ -100,7 +95,6 @@ mod tests {
 
     #[test]
     fn test_sign_and_verify_before_hash() {
-        let secp = &Secp256k1::new();
         let secret_key = SecretKey::from_slice(&[0xcd; 32]).expect("32 bytes, within curve order");
 
         let i = 9;
@@ -111,7 +105,7 @@ mod tests {
 
         let Sha256(hashed_data) = calculate_sha256(message.as_bytes());
 
-        let signature = sign(secp, secret_key, &hashed_data).unwrap();
+        let signature = sign(secret_key, &hashed_data).unwrap();
 
         let r_s = signature.serialize_compact();
         let (r, s) = r_s.split_at(32);

data_structures/src/chain/mod.rs

@@ -4013,9 +4013,7 @@ pub fn block_example() -> Block {
 mod tests {
     use witnet_crypto::{
         merkle::{merkle_tree_root, InclusionProof},
-        secp256k1::{
-            PublicKey as Secp256k1_PublicKey, Secp256k1, SecretKey as Secp256k1_SecretKey,
-        },
+        secp256k1::{PublicKey as Secp256k1_PublicKey, SecretKey as Secp256k1_SecretKey},
         signature::sign,
     };
 
@@ -6460,13 +6458,12 @@ mod tests {
     fn sign_tx<H: Hashable>(mk: [u8; 32], tx: &H) -> KeyedSignature {
         let Hash::SHA256(data) = tx.hash();
 
-        let secp = &Secp256k1::new();
         let secret_key =
             Secp256k1_SecretKey::from_slice(&mk).expect("32 bytes, within curve order");
-        let public_key = Secp256k1_PublicKey::from_secret_key(secp, &secret_key);
+        let public_key = Secp256k1_PublicKey::from_secret_key_global(&secret_key);
         let public_key = PublicKey::from(public_key);
 
-        let signature = sign(secp, secret_key, &data).unwrap();
+        let signature = sign(secret_key, &data).unwrap();
 
         KeyedSignature {
             signature: Signature::from(signature),

node/src/actors/chain_manager/actor.rs

@@ -11,7 +11,6 @@ use crate::{
     },
     config_mngr, signature_mngr, storage_mngr,
 };
-use witnet_crypto::key::CryptoEngine;
 use witnet_data_structures::{
     chain::{
         ChainInfo, ChainState, CheckpointBeacon, CheckpointVRF, GenesisBlockInfo, PublicKeyHash,
@@ -52,8 +51,6 @@ impl Actor for ChainManager {
                 ctx.stop();
             })
             .ok();
-
-        self.secp = Some(CryptoEngine::new());
     }
 }
 

node/src/actors/chain_manager/handlers.rs

@@ -147,10 +147,7 @@ impl Handler<EpochNotification<EveryEpochPayload>> for ChainManager {
                         reputation_engine: Some(_),
                         ..
                     } => {
-                        if self.epoch_constants.is_none()
-                            || self.vrf_ctx.is_none()
-                            || self.secp.is_none()
-                        {
+                        if self.epoch_constants.is_none() || self.vrf_ctx.is_none() {
                             log::error!("{}", ChainManagerError::ChainNotReady);
                             return;
                         }

node/src/actors/chain_manager/mining.rs

@@ -1013,7 +1013,7 @@ mod tests {
     use std::convert::TryInto;
 
     use witnet_crypto::secp256k1::{
-        PublicKey as Secp256k1_PublicKey, Secp256k1, SecretKey as Secp256k1_SecretKey,
+        PublicKey as Secp256k1_PublicKey, SecretKey as Secp256k1_SecretKey,
     };
     use witnet_crypto::signature::{sign, verify};
     use witnet_data_structures::{chain::*, transaction::*, vrf::VrfCtx};
@@ -1142,11 +1142,10 @@ mod tests {
 
         // Create a KeyedSignature
         let Hash::SHA256(data) = block_header.hash();
-        let secp = &Secp256k1::new();
         let secret_key =
             Secp256k1_SecretKey::from_slice(&[0xcd; 32]).expect("32 bytes, within curve order");
-        let public_key = Secp256k1_PublicKey::from_secret_key(secp, &secret_key);
-        let signature = sign(secp, secret_key, &data).unwrap();
+        let public_key = Secp256k1_PublicKey::from_secret_key_global(&secret_key);
+        let signature = sign(secret_key, &data).unwrap();
         let witnet_pk = PublicKey::from(public_key);
         let witnet_signature = Signature::from(signature);
 
@@ -1160,7 +1159,7 @@ mod tests {
         );
 
         // Check Signature
-        assert!(verify(secp, &public_key, &data, &signature).is_ok());
+        assert!(verify(&public_key, &data, &signature).is_ok());
 
         // Check if block only contains the Mint Transaction
         assert_eq!(block.txns.mint.len(), 1);
@@ -1173,7 +1172,7 @@ mod tests {
         // Validate block signature
         let mut signatures_to_verify = vec![];
         assert!(validate_block_signature(&block, &mut signatures_to_verify).is_ok());
-        assert!(verify_signatures(signatures_to_verify, vrf, secp).is_ok());
+        assert!(verify_signatures(signatures_to_verify, vrf).is_ok());
     }
 
     static MILLION_TX_OUTPUT: &str =
@@ -1580,17 +1579,16 @@ mod tests {
         };
         let sk: Secp256k1_SecretKey = secret_key.into();
 
-        let secp = &Secp256k1::new();
-        let public_key = Secp256k1_PublicKey::from_secret_key(secp, &sk);
+        let public_key = Secp256k1_PublicKey::from_secret_key_global(&sk);
 
         let data = [
             0xca, 0x18, 0xf5, 0xad, 0xc2, 0x18, 0x45, 0x25, 0x0e, 0x88, 0x14, 0x18, 0x1f, 0xf7,
             0x8c, 0x5b, 0x83, 0x68, 0x5c, 0x0c, 0xda, 0x55, 0x62, 0xda, 0x30, 0xc1, 0x95, 0x8d,
             0x84, 0x9e, 0xc6, 0xb9,
         ];
 
-        let signature = sign(secp, sk, &data).unwrap();
-        assert!(verify(secp, &public_key, &data, &signature).is_ok());
+        let signature = sign(sk, &data).unwrap();
+        assert!(verify(&public_key, &data, &signature).is_ok());
 
         // Conversion step
         let witnet_signature = Signature::from(signature);
@@ -1602,6 +1600,6 @@ mod tests {
         assert_eq!(signature, signature2);
         assert_eq!(public_key, public_key2);
 
-        assert!(verify(secp, &public_key2, &data, &signature2).is_ok());
+        assert!(verify(&public_key2, &data, &signature2).is_ok());
     }
 }