Put back in deprecated context methods

During the removal of the context from the public API I brashly
deleted a bunch of impls on the `Secp256k1` type when we could have
just deprecated them. This means that when upgrading downstream crates
the upgrade is way more painful than it is if we deprecate.

Add back in the context impls. To do this I copied from `v0.31.1`. I'm
not totally sure that there wasn't changes to this code in `master`
but since we are explicitly doing this to help upgrade then it seems
reasonable to do it like this.

Add deprecated since 0.32 attributes because we are going to push this
as a `0.32.0-beta.1` release.

Sorry for the pain in reviewing this, I'm not entirely sure how you
are supposed to convince yourself that the code is exactly as it was?

Author: tcharding

src/ecdsa/mod.rs

@@ -13,7 +13,7 @@ use core::{fmt, ptr, str};
 pub use self::recovery::{RecoverableSignature, RecoveryId};
 pub use self::serialized_signature::SerializedSignature;
 use crate::ffi::CPtr;
-use crate::{ecdsa, ffi, from_hex, Error, Message, PublicKey, Secp256k1, SecretKey};
+use crate::{ecdsa, ffi, from_hex, Error, Message, PublicKey, Secp256k1, SecretKey, Signing, Verification};
 
 /// An ECDSA signature
 #[derive(Copy, Clone, PartialOrd, Ord, PartialEq, Eq, Hash)]
@@ -341,6 +341,177 @@ pub fn sign_low_r(msg: impl Into<Message>, sk: &SecretKey) -> Signature {
     sign_grind_with_check(msg, sk, compact_sig_has_zero_first_bit)
 }
 
+impl<C: Signing> Secp256k1<C> {
+    #[deprecated(since = "0.32", note = "use ecdsa::sign_ecdsa_with_noncedata_pointer instead")]
+    fn sign_ecdsa_with_noncedata_pointer(
+        &self,
+        msg: impl Into<Message>,
+        sk: &SecretKey,
+        noncedata: Option<&[u8; 32]>,
+    ) -> Signature {
+        let msg = msg.into();
+        unsafe {
+            let mut ret = ffi::Signature::new();
+            let noncedata_ptr = match noncedata {
+                Some(arr) => arr.as_c_ptr() as *const _,
+                None => ptr::null(),
+            };
+            // We can assume the return value because it's not possible to construct
+            // an invalid signature from a valid `Message` and `SecretKey`
+            assert_eq!(
+                ffi::secp256k1_ecdsa_sign(
+                    self.ctx.as_ptr(),
+                    &mut ret,
+                    msg.as_c_ptr(),
+                    sk.as_c_ptr(),
+                    ffi::secp256k1_nonce_function_rfc6979,
+                    noncedata_ptr
+                ),
+                1
+            );
+            Signature::from(ret)
+        }
+    }
+
+    /// Constructs a signature for `msg` using the secret key `sk` and RFC6979 nonce
+    /// Requires a signing-capable context.
+    #[deprecated(since = "0.32", note = "use ecdsa::sign_ecdsa instead")]
+    pub fn sign_ecdsa(&self, msg: impl Into<Message>, sk: &SecretKey) -> Signature {
+        self.sign_ecdsa_with_noncedata_pointer(msg, sk, None)
+    }
+
+    /// Constructs a signature for `msg` using the secret key `sk` and RFC6979 nonce
+    /// and includes 32 bytes of noncedata in the nonce generation via inclusion in
+    /// one of the hash operations during nonce generation. This is useful when multiple
+    /// signatures are needed for the same Message and SecretKey while still using RFC6979.
+    /// Requires a signing-capable context.
+    #[deprecated(since = "0.32", note = "use ecdsa::sign_ecdsa_with_noncedata instead")]
+    pub fn sign_ecdsa_with_noncedata(
+        &self,
+        msg: impl Into<Message>,
+        sk: &SecretKey,
+        noncedata: &[u8; 32],
+    ) -> Signature {
+        self.sign_ecdsa_with_noncedata_pointer(msg, sk, Some(noncedata))
+    }
+
+    fn sign_grind_with_check(
+        &self,
+        msg: impl Into<Message>,
+        sk: &SecretKey,
+        check: impl Fn(&ffi::Signature) -> bool,
+    ) -> Signature {
+        let mut entropy_p: *const ffi::types::c_void = ptr::null();
+        let mut counter: u32 = 0;
+        let mut extra_entropy = [0u8; 32];
+        let msg = msg.into();
+        loop {
+            unsafe {
+                let mut ret = ffi::Signature::new();
+                // We can assume the return value because it's not possible to construct
+                // an invalid signature from a valid `Message` and `SecretKey`
+                assert_eq!(
+                    ffi::secp256k1_ecdsa_sign(
+                        self.ctx.as_ptr(),
+                        &mut ret,
+                        msg.as_c_ptr(),
+                        sk.as_c_ptr(),
+                        ffi::secp256k1_nonce_function_rfc6979,
+                        entropy_p
+                    ),
+                    1
+                );
+                if check(&ret) {
+                    return Signature::from(ret);
+                }
+
+                counter += 1;
+                extra_entropy[..4].copy_from_slice(&counter.to_le_bytes());
+                entropy_p = extra_entropy.as_c_ptr().cast::<ffi::types::c_void>();
+
+                // When fuzzing, these checks will usually spinloop forever, so just short-circuit them.
+                #[cfg(secp256k1_fuzz)]
+                return Signature::from(ret);
+            }
+        }
+    }
+
+    /// Constructs a signature for `msg` using the secret key `sk`, RFC6979 nonce
+    /// and "grinds" the nonce by passing extra entropy if necessary to produce
+    /// a signature that is less than 71 - `bytes_to_grind` bytes. The number
+    /// of signing operation performed by this function is exponential in the
+    /// number of bytes grinded.
+    /// Requires a signing capable context.
+    #[deprecated(since = "0.32", note = "use ecdsa::sign_ecdsa_grind_r instead")]
+    pub fn sign_ecdsa_grind_r(
+        &self,
+        msg: impl Into<Message>,
+        sk: &SecretKey,
+        bytes_to_grind: usize,
+    ) -> Signature {
+        let len_check = |s: &ffi::Signature| der_length_check(s, 71 - bytes_to_grind);
+        self.sign_grind_with_check(msg, sk, len_check)
+    }
+
+    /// Constructs a signature for `msg` using the secret key `sk`, RFC6979 nonce
+    /// and "grinds" the nonce by passing extra entropy if necessary to produce
+    /// a signature that is less than 71 bytes and compatible with the low r
+    /// signature implementation of bitcoin core. In average, this function
+    /// will perform two signing operations.
+    /// Requires a signing capable context.
+    #[deprecated(since = "0.32", note = "use ecdsa::sign_ecdsa_low_r instead")]
+    pub fn sign_ecdsa_low_r(&self, msg: impl Into<Message>, sk: &SecretKey) -> Signature {
+        self.sign_grind_with_check(msg, sk, compact_sig_has_zero_first_bit)
+    }
+}
+
+impl<C: Verification> Secp256k1<C> {
+    /// Checks that `sig` is a valid ECDSA signature for `msg` using the public
+    /// key `pubkey`. Returns `Ok(())` on success. Note that this function cannot
+    /// be used for Bitcoin consensus checking since there may exist signatures
+    /// which OpenSSL would verify but not libsecp256k1, or vice-versa. Requires a
+    /// verify-capable context.
+    ///
+    /// ```rust
+    /// # #[cfg(all(feature = "rand", feature = "std"))] {
+    /// # use secp256k1::{rand, Secp256k1, Message, Error};
+    /// #
+    /// # let secp = Secp256k1::new();
+    /// # let (secret_key, public_key) = secp.generate_keypair(&mut rand::rng());
+    /// #
+    /// let message = Message::from_digest_slice(&[0xab; 32]).expect("32 bytes");
+    /// let sig = secp.sign_ecdsa(message, &secret_key);
+    /// assert_eq!(secp.verify_ecdsa(&sig, message, &public_key), Ok(()));
+    ///
+    /// let message = Message::from_digest_slice(&[0xcd; 32]).expect("32 bytes");
+    /// assert_eq!(secp.verify_ecdsa(&sig, message, &public_key), Err(Error::IncorrectSignature));
+    /// # }
+    /// ```
+    #[inline]
+    #[deprecated(since = "0.32", note = "use ecdsa::verify instead")]
+    pub fn verify_ecdsa(
+        &self,
+        sig: &Signature,
+        msg: impl Into<Message>,
+        pk: &PublicKey,
+    ) -> Result<(), Error> {
+        let msg = msg.into();
+        unsafe {
+            if ffi::secp256k1_ecdsa_verify(
+                self.ctx.as_ptr(),
+                sig.as_c_ptr(),
+                msg.as_c_ptr(),
+                pk.as_c_ptr(),
+            ) == 0
+            {
+                Err(Error::IncorrectSignature)
+            } else {
+                Ok(())
+            }
+        }
+    }
+}
+
 /// Checks that `sig` is a valid ECDSA signature for `msg` using the public
 /// key `pubkey`. Returns `Ok(())` on success. Note that this function cannot
 /// be used for Bitcoin consensus checking since there may exist signatures

src/ecdsa/recovery.rs

@@ -10,7 +10,7 @@ use self::super_ffi::CPtr;
 use super::ffi as super_ffi;
 use crate::ecdsa::Signature;
 use crate::ffi::recovery as ffi;
-use crate::{key, Error, Message};
+use crate::{key, Error, Message, Secp256k1, Signing, Verification};
 
 /// A tag used for recovering the public key from a compact signature.
 #[derive(Copy, Clone, PartialEq, Eq, Debug)]
@@ -229,6 +229,88 @@ impl RecoverableSignature {
     }
 }
 
+impl<C: Signing> Secp256k1<C> {
+    fn sign_ecdsa_recoverable_with_noncedata_pointer(
+        &self,
+        msg: impl Into<Message>,
+        sk: &key::SecretKey,
+        noncedata_ptr: *const super_ffi::types::c_void,
+    ) -> RecoverableSignature {
+        let msg = msg.into();
+        let mut ret = ffi::RecoverableSignature::new();
+        unsafe {
+            // We can assume the return value because it's not possible to construct
+            // an invalid signature from a valid `Message` and `SecretKey`
+            assert_eq!(
+                ffi::secp256k1_ecdsa_sign_recoverable(
+                    self.ctx.as_ptr(),
+                    &mut ret,
+                    msg.as_c_ptr(),
+                    sk.as_c_ptr(),
+                    super_ffi::secp256k1_nonce_function_rfc6979,
+                    noncedata_ptr
+                ),
+                1
+            );
+        }
+
+        RecoverableSignature::from(ret)
+    }
+
+    /// Constructs a signature for `msg` using the secret key `sk` and RFC6979 nonce
+    /// Requires a signing-capable context.
+    #[deprecated(since = "0.32", note = "use ecdsa::sign_ecdsa_recoverable instead")]
+    pub fn sign_ecdsa_recoverable(
+        &self,
+        msg: impl Into<Message>,
+        sk: &key::SecretKey,
+    ) -> RecoverableSignature {
+        self.sign_ecdsa_recoverable_with_noncedata_pointer(msg, sk, ptr::null())
+    }
+
+    /// Constructs a signature for `msg` using the secret key `sk` and RFC6979 nonce
+    /// and includes 32 bytes of noncedata in the nonce generation via inclusion in
+    /// one of the hash operations during nonce generation. This is useful when multiple
+    /// signatures are needed for the same Message and SecretKey while still using RFC6979.
+    /// Requires a signing-capable context.
+    #[deprecated(since = "0.32", note = "use ecdsa::sign_ecdsa_recoverable_with_noncedata instead")]
+    pub fn sign_ecdsa_recoverable_with_noncedata(
+        &self,
+        msg: impl Into<Message>,
+        sk: &key::SecretKey,
+        noncedata: &[u8; 32],
+    ) -> RecoverableSignature {
+        let noncedata_ptr = noncedata.as_ptr() as *const super_ffi::types::c_void;
+        self.sign_ecdsa_recoverable_with_noncedata_pointer(msg, sk, noncedata_ptr)
+    }
+}
+
+impl<C: Verification> Secp256k1<C> {
+    /// Determines the public key for which `sig` is a valid signature for
+    /// `msg`. Requires a verify-capable context.
+    #[deprecated(since = "0.32", note = "use ecdsa::sign_ecdsa instead")]
+    pub fn recover_ecdsa(
+        &self,
+        msg: impl Into<Message>,
+        sig: &RecoverableSignature,
+    ) -> Result<key::PublicKey, Error> {
+        let msg = msg.into();
+        unsafe {
+            let mut pk = super_ffi::PublicKey::new();
+            if ffi::secp256k1_ecdsa_recover(
+                self.ctx.as_ptr(),
+                &mut pk,
+                sig.as_c_ptr(),
+                msg.as_c_ptr(),
+            ) != 1
+            {
+                return Err(Error::InvalidSignature);
+            }
+            Ok(key::PublicKey::from(pk))
+        }
+    }
+}
+
 #[cfg(test)]
 #[allow(unused_imports)]
 mod tests {

src/lib.rs

@@ -410,6 +410,22 @@ impl<C: Context> Secp256k1<C> {
     }
 }
 
+impl<C: Signing> Secp256k1<C> {
+    /// Generates a random keypair. Convenience function for [`SecretKey::new`] and
+    /// [`PublicKey::from_secret_key`].
+    #[inline]
+    #[cfg(feature = "rand")]
+    #[deprecated(since = "0.32", note = "use secp256k1::generate_keypair instead")]
+    pub fn generate_keypair<R: rand::Rng + ?Sized>(
+        &self,
+        rng: &mut R,
+    ) -> (key::SecretKey, key::PublicKey) {
+        let sk = key::SecretKey::new(rng);
+        let pk = key::PublicKey::from_secret_key(&sk);
+        (sk, pk)
+    }
+}
+
 /// Generates a random keypair. Convenience function for [`SecretKey::new`] and
 /// [`PublicKey::from_secret_key`].
 #[inline]