Skip to content

key: don't use Hasher to generate fingerprints; just use hashes crate #726

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Aug 26, 2024
Merged

key: don't use Hasher to generate fingerprints; just use hashes crate #726

merged 2 commits into from
Aug 26, 2024

Conversation

apoelstra
Copy link
Member

@apoelstra apoelstra commented Aug 26, 2024
edited
Loading

In addition to changing SecretKey and SharedSecret to use hashes, we also unconditionally use the public half of KeyPair as a fingerprint, since that's always available and does not need extra deps.

This patches the existing unit tests but doesn't add more. Maybe they should be removed; it's a bit weird to have unit tests for Debug output. But in this case we're doing some nontrivial logic and I guess we wanted to double-check that it was taking effect.

I'd also like to change the manual tagged-hash implementation to use bitcoin_hashes methods but those are under construction rust-bitcoin/rust-bitcoin#3184 and the existing stuff is neither faster nor less code than what's currently done. So we'll live with it.

Fixes #725

@tcharding
Copy link
Member

conceptACK. You missed setting the PR title.

@apoelstra apoelstra changed the title 2024 08 no hasher key: don't use Hasher to generate fingerprints; just use hashes crate Aug 26, 2024
@apoelstra
secret keys: debug output only when hashes is enabled
a16e5ec
@apoelstra
keypair: use public key for Debug output
b8ac971 
There is no need to hash up the secret for Keypair. It already has a
"fingerprint" in the form of its public key. We should just use that.
@apoelstra
Copy link
Member Author

CI failure looks like some unrelated xargo thing. We definitely gotta start pinning nightly here.

Kixunil
Kixunil approved these changes Aug 26, 2024
View reviewed changes
Copy link
Collaborator

@Kixunil Kixunil left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ACK b8ac971

I agree with having Debug tests in cases like this since failing to implement it correctly may lead to key leaks.

src/key.rs
fn fmt(&self, f: &mut ::core::fmt::Formatter) -> ::core::fmt::Result {
f.debug_struct("Keypair")
.field("pubkey", &self.public_key())
.field("secret", &"<hidden>")
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good idea.

apoelstra
apoelstra commented Aug 26, 2024
View reviewed changes
Copy link
Member Author

@apoelstra apoelstra left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Successfully ran local tests on b8ac971.

@apoelstra apoelstra merged commit fb188dd into rust-bitcoin:master Aug 26, 2024
19 of 20 checks passed
@apoelstra apoelstra deleted the 2024-08--no-hasher branch August 26, 2024 18:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Kixunil Kixunil Kixunil approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Don't use std's siphash to produce secret key fingerprints
3 participants
@apoelstra @tcharding @Kixunil