Safe array type macro impl for secret-key containing types

dr-orlovsky · dr-orlovsky · commit 68896be44926 · 2021-06-19T13:16:24.000+02:00
diff --git a/secp256k1-sys/src/macros.rs b/secp256k1-sys/src/macros.rs
@@ -13,23 +13,23 @@
 // If not, see <http://creativecommons.org/publicdomain/zero/1.0/>.
 //
 
-// This is a macro that routinely comes in handy
+/// Implements array accessing methods for a type that must be considered safe
 #[macro_export]
-macro_rules! impl_array_newtype {
+macro_rules! impl_safe_array_newtype {
     ($thing:ident, $ty:ty, $len:expr) => {
-        impl Copy for $thing {}
-
         impl $thing {
             #[inline]
+            #[allow(unused)]
             /// Converts the object to a raw pointer for FFI interfacing
-            pub fn as_ptr(&self) -> *const $ty {
+            pub(crate) fn as_ptr(&self) -> *const $ty {
                 let &$thing(ref dat) = self;
                 dat.as_ptr()
             }
 
             #[inline]
+            #[allow(unused)]
             /// Converts the object to a mutable raw pointer for FFI interfacing
-            pub fn as_mut_ptr(&mut self) -> *mut $ty {
+            pub(crate) fn as_mut_ptr(&mut self) -> *mut $ty {
                 let &mut $thing(ref mut dat) = self;
                 dat.as_mut_ptr()
             }
@@ -43,6 +43,47 @@ macro_rules! impl_array_newtype {
             pub fn is_empty(&self) -> bool { false }
         }
 
+        impl $crate::CPtr for $thing {
+            type Target = $ty;
+
+            fn as_c_ptr(&self) -> *const Self::Target {
+                if self.is_empty() {
+                    ::core::ptr::null()
+                } else {
+                    let &$thing(ref dat) = self;
+                    dat.as_ptr()
+                }
+            }
+
+            fn as_mut_c_ptr(&mut self) -> *mut Self::Target {
+                if self.is_empty() {
+                    ::core::ptr::null::<Self::Target>() as *mut _
+                } else {
+                    let &mut $thing(ref mut dat) = self;
+                    dat.as_mut_ptr()
+                }
+            }
+        }
+    }
+}
+
+/// Generates implementation of main array accessing methods for a newtype wrapping some inner array
+/// type
+#[macro_export]
+macro_rules! impl_array_newtype {
+    ($thing:ident, $ty:ty, $len:expr) => {
+        impl_safe_array_newtype!($thing, $ty, $len);
+
+        impl Copy for $thing {}
+
+        impl Clone for $thing {
+            #[inline]
+            fn clone(&self) -> $thing {
+                let &$thing(ref dat) = self;
+                $thing(dat.clone())
+            }
+        }
+
         impl AsRef<[$ty; $len]> for $thing {
             #[inline]
             /// Gets a reference to the underlying array
@@ -55,7 +96,7 @@ macro_rules! impl_array_newtype {
         impl PartialEq for $thing {
             #[inline]
             fn eq(&self, other: &$thing) -> bool {
-                &self[..] == &other[..]
+                &self.0[..] == &other[..]
             }
         }
 
@@ -75,14 +116,6 @@ macro_rules! impl_array_newtype {
             }
         }
 
-        impl Clone for $thing {
-            #[inline]
-            fn clone(&self) -> $thing {
-                let &$thing(ref dat) = self;
-                $thing(dat.clone())
-            }
-        }
-
         impl ::core::ops::Index<usize> for $thing {
             type Output = $ty;
 
@@ -132,24 +165,6 @@ macro_rules! impl_array_newtype {
                 &dat[..]
             }
         }
-        impl $crate::CPtr for $thing {
-            type Target = $ty;
-            fn as_c_ptr(&self) -> *const Self::Target {
-                if self.is_empty() {
-                    ::core::ptr::null()
-                } else {
-                    self.as_ptr()
-                }
-            }
-
-            fn as_mut_c_ptr(&mut self) -> *mut Self::Target {
-                if self.is_empty() {
-                    ::core::ptr::null::<Self::Target>() as *mut _
-                } else {
-                    self.as_mut_ptr()
-                }
-            }
-        }
     }
 }
 
diff --git a/src/key.rs b/src/key.rs
@@ -27,8 +27,9 @@ use constants;
 use ffi::{self, CPtr};
 
 /// Secret 256-bit key used as `x` in an ECDSA signature
+#[derive(Clone, PartialEq, Eq, PartialOrd, Ord)]
 pub struct SecretKey(pub(crate) [u8; constants::SECRET_KEY_SIZE]);
-impl_array_newtype!(SecretKey, u8, constants::SECRET_KEY_SIZE);
+impl_safe_array_newtype!(SecretKey, u8, constants::SECRET_KEY_SIZE);
 impl_safe_debug!(SecretKey);
 
 impl fmt::LowerHex for SecretKey {
@@ -220,7 +221,7 @@ impl ::serde::Serialize for SecretKey {
         if s.is_human_readable() {
             s.collect_str(self)
         } else {
-            s.serialize_bytes(&self[..])
+            s.serialize_bytes(&self.0[..])
         }
     }
 }
@@ -529,7 +530,7 @@ mod test {
         let s = Secp256k1::new();
 
         let (sk1, pk1) = s.generate_keypair(&mut thread_rng());
-        assert_eq!(SecretKey::from_slice(&sk1[..]), Ok(sk1));
+        assert_eq!(SecretKey::from_slice(&sk1.0[..]), Ok(sk1));
         assert_eq!(PublicKey::from_slice(&pk1.serialize()[..]), Ok(pk1));
         assert_eq!(PublicKey::from_slice(&pk1.serialize_uncompressed()[..]), Ok(pk1));
     }
@@ -784,13 +785,13 @@ mod test {
         let (mut sk2, mut pk2) = s.generate_keypair(&mut thread_rng());
 
         assert_eq!(PublicKey::from_secret_key(&s, &sk1), pk1);
-        assert!(sk1.add_assign(&sk2[..]).is_ok());
-        assert!(pk1.add_exp_assign(&s, &sk2[..]).is_ok());
+        assert!(sk1.add_assign(&sk2.0[..]).is_ok());
+        assert!(pk1.add_exp_assign(&s, &sk2.0[..]).is_ok());
         assert_eq!(PublicKey::from_secret_key(&s, &sk1), pk1);
 
         assert_eq!(PublicKey::from_secret_key(&s, &sk2), pk2);
-        assert!(sk2.add_assign(&sk1[..]).is_ok());
-        assert!(pk2.add_exp_assign(&s, &sk1[..]).is_ok());
+        assert!(sk2.add_assign(&sk1.0[..]).is_ok());
+        assert!(pk2.add_exp_assign(&s, &sk1.0[..]).is_ok());
         assert_eq!(PublicKey::from_secret_key(&s, &sk2), pk2);
     }
 
@@ -802,13 +803,13 @@ mod test {
         let (mut sk2, mut pk2) = s.generate_keypair(&mut thread_rng());
 
         assert_eq!(PublicKey::from_secret_key(&s, &sk1), pk1);
-        assert!(sk1.mul_assign(&sk2[..]).is_ok());
-        assert!(pk1.mul_assign(&s, &sk2[..]).is_ok());
+        assert!(sk1.mul_assign(&sk2.0[..]).is_ok());
+        assert!(pk1.mul_assign(&s, &sk2.0[..]).is_ok());
         assert_eq!(PublicKey::from_secret_key(&s, &sk1), pk1);
 
         assert_eq!(PublicKey::from_secret_key(&s, &sk2), pk2);
-        assert!(sk2.mul_assign(&sk1[..]).is_ok());
-        assert!(pk2.mul_assign(&s, &sk1[..]).is_ok());
+        assert!(sk2.mul_assign(&sk1.0[..]).is_ok());
+        assert!(pk2.mul_assign(&s, &sk1.0[..]).is_ok());
         assert_eq!(PublicKey::from_secret_key(&s, &sk2), pk2);
     }
 
@@ -818,7 +819,7 @@ mod test {
 
         let (mut sk, mut pk) = s.generate_keypair(&mut thread_rng());
 
-        let original_sk = sk;
+        let original_sk = sk.clone();
         let original_pk = pk;
 
         assert_eq!(PublicKey::from_secret_key(&s, &sk), pk);
@@ -913,7 +914,7 @@ mod test {
         assert!(sum2.is_ok());
         assert_eq!(sum1, sum2);
 
-        assert!(sk1.add_assign(&sk2.as_ref()[..]).is_ok());
+        assert!(sk1.add_assign(&sk2.0[..]).is_ok());
         let sksum = PublicKey::from_secret_key(&s, &sk1);
         assert_eq!(Ok(sksum), sum1);
     }
@@ -974,13 +975,13 @@ mod test {
         #[cfg(fuzzing)]
         let pk = PublicKey::from_slice(&PK_BYTES).expect("pk");
 
-        assert_tokens(&sk.compact(), &[Token::BorrowedBytes(&SK_BYTES[..])]);
-        assert_tokens(&sk.compact(), &[Token::Bytes(&SK_BYTES)]);
-        assert_tokens(&sk.compact(), &[Token::ByteBuf(&SK_BYTES)]);
+        assert_tokens(&sk.clone().compact(), &[Token::BorrowedBytes(&SK_BYTES[..])]);
+        assert_tokens(&sk.clone().compact(), &[Token::Bytes(&SK_BYTES)]);
+        assert_tokens(&sk.clone().compact(), &[Token::ByteBuf(&SK_BYTES)]);
 
-        assert_tokens(&sk.readable(), &[Token::BorrowedStr(SK_STR)]);
-        assert_tokens(&sk.readable(), &[Token::Str(SK_STR)]);
-        assert_tokens(&sk.readable(), &[Token::String(SK_STR)]);
+        assert_tokens(&sk.clone().readable(), &[Token::BorrowedStr(SK_STR)]);
+        assert_tokens(&sk.clone().readable(), &[Token::Str(SK_STR)]);
+        assert_tokens(&sk.clone().readable(), &[Token::String(SK_STR)]);
 
         assert_tokens(&pk.compact(), &[Token::BorrowedBytes(&PK_BYTES[..])]);
         assert_tokens(&pk.compact(), &[Token::Bytes(&PK_BYTES)]);
diff --git a/src/lib.rs b/src/lib.rs
@@ -995,7 +995,7 @@ mod tests {
         assert!(full.verify(&msg, &sig, &pk).is_ok());
 
         // Check that we can produce keys from slices with no precomputation
-        let (pk_slice, sk_slice) = (&pk.serialize(), &sk[..]);
+        let (pk_slice, sk_slice) = (&pk.serialize(), &sk.0[..]);
         let new_pk = PublicKey::from_slice(pk_slice).unwrap();
         let new_sk = SecretKey::from_slice(sk_slice).unwrap();
         assert_eq!(sk, new_sk);
