Merge #842: Add API test and fix up SecretKey API

44dae89 key/secret: encapsulate SecretKey in module that enforces invariants (Andrew Poelstra)
41bb442 key: add {from,to,as}_secret_bytes methods (Andrew Poelstra)
9b84072 move SecretKey into its own module (Andrew Poelstra)
e86555a move key.rs to key/mod.rs (Andrew Poelstra)
0619163 tests: add API test (Andrew Poelstra)
4853f67 test: remove deprecated StepRng (Andrew Poelstra)

Pull request description:

  Now that we unconditionally have a global context object we can basically redo the whole API of this crate to avoid requiring these objects (although for the next release we should continue to support the old API, to make the transition easier).
  
  We know a lot more about Rust and API design than we did when we put together the old one, so we can do this in a consistent and principled way. This isn't a huge crate. We should be able to do the "main" data structures (`SecretKey', `PublicKey`, `ecdsa::Signature`, `schnorr:Signature`, `Message`) in a week or so, then cut a new release which enables context-free keygen, verification and signing.


ACKs for top commit:
  tcharding:
    ACK 44dae89


Tree-SHA512: 60659532b7ac65c85ac0c7bf9b78d0f080d4b3f556a02623bcb2b737ab73d02bf493153f751b435c7be5041435900870868b4e18b321207d50aaceb96b2f56da

Author: apoelstra

Cargo-minimal.lock

@@ -183,6 +183,15 @@ dependencies = [
  "getrandom",
 ]
 
+[[package]]
+name = "rand_xoshiro"
+version = "0.7.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f703f4665700daf5512dcca5f43afa6af89f09db47fb56be587f80636bda2d41"
+dependencies = [
+ "rand_core",
+]
+
 [[package]]
 name = "rustversion"
 version = "1.0.20"
@@ -204,7 +213,7 @@ dependencies = [
  "getrandom",
  "hex_lit",
  "rand",
- "rand_core",
+ "rand_xoshiro",
  "secp256k1-sys",
  "serde",
  "serde_cbor",

Cargo-recent.lock

@@ -174,6 +174,15 @@ dependencies = [
  "getrandom",
 ]
 
+[[package]]
+name = "rand_xoshiro"
+version = "0.7.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f703f4665700daf5512dcca5f43afa6af89f09db47fb56be587f80636bda2d41"
+dependencies = [
+ "rand_core",
+]
+
 [[package]]
 name = "rustversion"
 version = "1.0.20"
@@ -195,7 +204,7 @@ dependencies = [
  "getrandom",
  "hex_lit",
  "rand",
- "rand_core",
+ "rand_xoshiro",
  "secp256k1-sys",
  "serde",
  "serde_cbor",

Cargo.toml

@@ -42,7 +42,7 @@ rand = { version = "0.9", default-features = false, optional = true }
 serde = { version = "1.0.103", default-features = false, optional = true }
 
 [dev-dependencies]
-rand_core = "0.9"
+rand_xoshiro = { version = "0.7.0", default-features = false }
 serde_cbor = "0.10.0"
 serde_test = "1.0.19"
 bincode = "1.3.3"

examples/sign_verify.rs

@@ -36,7 +36,7 @@ fn sign<C: Signing>(
     seckey: [u8; 32],
 ) -> Result<ecdsa::Signature, Error> {
     let msg = Message::from_digest(msg_digest);
-    let seckey = SecretKey::from_byte_array(seckey)?;
+    let seckey = SecretKey::from_secret_bytes(seckey)?;
     Ok(secp.sign_ecdsa(msg, &seckey))
 }
 

examples/sign_verify_recovery.rs

@@ -15,7 +15,7 @@ fn sign_recovery(
     seckey: [u8; 32],
 ) -> Result<ecdsa::RecoverableSignature, Error> {
     let msg = Message::from_digest(msg_digest);
-    let seckey = SecretKey::from_byte_array(seckey)?;
+    let seckey = SecretKey::from_secret_bytes(seckey)?;
     Ok(ecdsa::RecoverableSignature::sign_ecdsa_recoverable(msg, &seckey))
 }
 

src/ecdsa/recovery.rs

@@ -170,7 +170,7 @@ impl RecoverableSignature {
         let mut ret = ffi::RecoverableSignature::new();
         // xor the secret key and message together to get a rerandomization seed
         // for timing analysis defense-in-depth
-        let mut rerandomize = sk.secret_bytes();
+        let mut rerandomize = sk.to_secret_bytes();
         for (rera, byte) in rerandomize.iter_mut().zip(msg[..].iter()) {
             *rera ^= *byte;
         }
@@ -272,7 +272,7 @@ mod tests {
     #[cfg(not(secp256k1_fuzz))]  // fixed sig vectors can't work with fuzz-sigs
     #[rustfmt::skip]
     fn sign() {
-        let sk = SecretKey::from_byte_array(ONE).unwrap();
+        let sk = SecretKey::from_secret_bytes(ONE).unwrap();
         let msg = Message::from_digest(ONE);
         let sig = RecoverableSignature::sign_ecdsa_recoverable(msg, &sk);
 
@@ -292,7 +292,7 @@ mod tests {
     #[cfg(not(secp256k1_fuzz))]  // fixed sig vectors can't work with fuzz-sigs
     #[rustfmt::skip]
     fn sign_with_noncedata() {
-        let sk = SecretKey::from_byte_array(ONE).unwrap();
+        let sk = SecretKey::from_secret_bytes(ONE).unwrap();
         let noncedata = [42u8; 32];
         let msg = Message::from_digest(ONE);
 

src/ellswift.rs

@@ -111,7 +111,7 @@ impl ElligatorSwift {
     /// # #[cfg(feature = "alloc")] {
     ///     use secp256k1::{ellswift::ElligatorSwift, PublicKey, Secp256k1, SecretKey};
     ///     let secp = Secp256k1::new();
-    ///     let sk = SecretKey::from_slice(&[1; 32]).unwrap();
+    ///     let sk = SecretKey::from_secret_bytes([1; 32]).unwrap();
     ///     let es = ElligatorSwift::from_seckey(&secp, sk, None);
     /// # }
     /// ```
@@ -140,7 +140,7 @@ impl ElligatorSwift {
     /// # #[cfg(feature = "alloc")] {
     ///     use secp256k1::{ellswift::ElligatorSwift, PublicKey, Secp256k1, SecretKey};
     ///     let secp = Secp256k1::new();
-    ///     let sk = SecretKey::from_slice(&[1; 32]).unwrap();
+    ///     let sk = SecretKey::from_secret_bytes([1; 32]).unwrap();
     ///     let pk = PublicKey::from_secret_key(&secp, &sk);
     ///     let es = ElligatorSwift::from_pubkey(pk);
     /// # }
@@ -377,7 +377,7 @@ mod tests {
         // Test that we can round trip an ElligatorSwift encoding
         let secp = crate::Secp256k1::new();
         let public_key =
-            PublicKey::from_secret_key(&secp, &SecretKey::from_byte_array([1u8; 32]).unwrap());
+            PublicKey::from_secret_key(&secp, &SecretKey::from_secret_bytes([1u8; 32]).unwrap());
 
         let ell = ElligatorSwift::from_pubkey(public_key);
         let pk = PublicKey::from_ellswift(ell);
@@ -391,10 +391,10 @@ mod tests {
         let rand32 = [1u8; 32];
         let priv32 = [1u8; 32];
         let ell =
-            ElligatorSwift::from_seckey(&secp, SecretKey::from_byte_array(rand32).unwrap(), None);
+            ElligatorSwift::from_seckey(&secp, SecretKey::from_secret_bytes(rand32).unwrap(), None);
         let pk = PublicKey::from_ellswift(ell);
         let expected =
-            PublicKey::from_secret_key(&secp, &SecretKey::from_byte_array(priv32).unwrap());
+            PublicKey::from_secret_key(&secp, &SecretKey::from_secret_bytes(priv32).unwrap());
 
         assert_eq!(pk, expected);
     }
@@ -407,13 +407,13 @@ mod tests {
         let priv32 = [2u8; 32];
         let ell = ElligatorSwift::from_seckey(
             &secp,
-            SecretKey::from_byte_array(rand32).unwrap(),
+            SecretKey::from_secret_bytes(rand32).unwrap(),
             Some(rand32),
         );
         let pk = ElligatorSwift::shared_secret_with_hasher(
             ell,
             ell,
-            SecretKey::from_byte_array(priv32).unwrap(),
+            SecretKey::from_secret_bytes(priv32).unwrap(),
             Party::Initiator,
             |_, _, _| ElligatorSwiftSharedSecret([0xff; 32]),
         );
@@ -627,7 +627,7 @@ mod tests {
                     ElligatorSwift::from_array(ellswift_theirs),
                 )
             };
-            let sec_key = SecretKey::from_byte_array(my_secret).unwrap();
+            let sec_key = SecretKey::from_secret_bytes(my_secret).unwrap();
             let initiator = if initiator == 0 { Party::Responder } else { Party::Initiator };
 
             let shared = ElligatorSwift::shared_secret(el_a, el_b, sec_key, initiator);