@@ -41,13 +41,14 @@ pub const SECP256K1_SER_UNCOMPRESSED: c_uint = (1 << 1);
4141/// Flag for keys to indicate compressed serialization format
4242pub const SECP256K1_SER_COMPRESSED : c_uint = ( 1 << 1 ) | ( 1 << 8 ) ;
4343
44- /// A nonce generation function. Ordinary users of the library
45- /// never need to see this type; only if you need to control
46- /// nonce generation do you need to use it. I have deliberately
47- /// made this hard to do: you have to write your own wrapper
48- /// around the FFI functions to use it. And it's an unsafe type.
49- /// Nonces are generated deterministically by RFC6979 by
50- /// default; there should be no need to ever change this.
44+ /// A nonce generation function.
45+ ///
46+ /// Ordinary users of the library never need to see this type; the default
47+ /// nonce generation function should be sufficient for almost all usecases.
48+ ///
49+ /// To use this type, you must write your own (unsafe) wrapper. It is unsafe
50+ /// because any secure implementation must dereference the passed-in raw
51+ /// pointers and/or call FFI functions.
5152pub type NonceFn = Option < unsafe extern "C" fn (
5253 nonce32 : * mut c_uchar ,
5354 msg32 : * const c_uchar ,
@@ -66,11 +67,15 @@ pub type EcdhHashFn = Option<unsafe extern "C" fn(
6667 data : * mut c_void ,
6768) -> c_int > ;
6869
69- /// Same as secp256k1_nonce function with the exception of accepting an
70- /// additional pubkey argument and not requiring an attempt argument. The pubkey
71- /// argument can protect signature schemes with key-prefixed challenge hash
72- /// inputs against reusing the nonce when signing with the wrong precomputed
73- /// pubkey.
70+ /// Same as [`NonceFn`], but accepts an additional pubkey argument and does not
71+ /// accept an attempt argument.
72+ ///
73+ /// The pubkey argument will protect signature schemes with tweaked keys from
74+ /// reusing the nonce when signing with a different precomputed pubkey, which
75+ /// for BIP 340 signatures is just as bad as reusing a nonce across different
76+ /// messages.
77+ ///
78+ /// As with [`NonceFn`] ordinary users should never need to touch this type.
7479pub type SchnorrNonceFn = Option < unsafe extern "C" fn (
7580 nonce32 : * mut c_uchar ,
7681 msg32 : * const c_uchar ,
@@ -119,10 +124,19 @@ impl SchnorrSigExtraParams {
119124 }
120125}
121126
122- /// A Secp256k1 context, containing various precomputed values and such
123- /// needed to do elliptic curve computations. If you create one of these
124- /// with `secp256k1_context_create` you MUST destroy it with
125- /// `secp256k1_context_destroy`, or else you will have a memory leak.
127+ /// An opaque Secp256k1 context.
128+ ///
129+ /// Currently this object contains a blinding factor used internally to
130+ /// randomize computations to protect against sidechannel attacks. In the
131+ /// past it has contained precomputation tables to speed up crypto operations.
132+ ///
133+ /// It should be assumed to be expensive to create and therefore should be
134+ /// reused when possible.
135+ ///
136+ /// If you create one of these with `secp256k1_context_create` you must
137+ /// destroy it with `secp256k1_context_destroy`. (Failure to destroy it is
138+ /// a memory leak; destroying it using any other allocator is undefined
139+ /// behavior.)
126140#[ derive( Clone , Debug ) ]
127141#[ repr( C ) ] pub struct Context ( c_int ) ;
128142
0 commit comments