Using dedicated safe_debug for secret key containing types

dr-orlovsky · dr-orlovsky · commit adfda2efa4d1 · 2021-06-27T20:29:19.000+02:00
diff --git a/src/key.rs b/src/key.rs
@@ -29,7 +29,7 @@ use ffi::{self, CPtr};
 /// Secret 256-bit key used as `x` in an ECDSA signature
 pub struct SecretKey(pub(crate) [u8; constants::SECRET_KEY_SIZE]);
 impl_array_newtype!(SecretKey, u8, constants::SECRET_KEY_SIZE);
-impl_pretty_debug!(SecretKey);
+impl_safe_debug!(SecretKey);
 
 impl fmt::LowerHex for SecretKey {
     fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
@@ -675,8 +675,15 @@ mod test {
         let s = Secp256k1::new();
         let (sk, _) = s.generate_keypair(&mut DumbRng(0));
 
+        #[cfg(all(feature = "bitcoin_hashes", not(fuzzing)))]
         assert_eq!(&format!("{:?}", sk),
-                   "SecretKey(0100000000000000020000000000000003000000000000000400000000000000)");
+                   "SecretKey(#73e200e2...29d234a4)");
+        #[cfg(all(not(feature = "bitcoin_hashes"), feature = "std"))]
+        assert_eq!(&format!("{:?}", sk),
+                   "SecretKey(#a463cd1b7ffe86b0)");
+        #[allow(deprecated)] {
+        assert_eq!(sk.format_secret_key(),
+                   "0100000000000000020000000000000003000000000000000400000000000000"); };
     }
 
     #[test]
diff --git a/src/macros.rs b/src/macros.rs
@@ -18,10 +18,84 @@ macro_rules! impl_pretty_debug {
         impl ::core::fmt::Debug for $thing {
             fn fmt(&self, f: &mut ::core::fmt::Formatter) -> ::core::fmt::Result {
                 write!(f, "{}(", stringify!($thing))?;
-                for i in self[..].iter().cloned() {
+                for i in &self[..] {
                     write!(f, "{:02x}", i)?;
                 }
-                write!(f, ")")
+                f.write_str(")")
+            }
+        }
+     }
+}
+
+macro_rules! impl_safe_debug {
+    ($thing:ident) => {
+        #[cfg(feature = "alloc")]
+        use alloc::string::String;
+
+        #[cfg(feature = "bitcoin_hashes")]
+        impl ::core::fmt::Debug for $thing {
+            fn fmt(&self, f: &mut ::core::fmt::Formatter) -> ::core::fmt::Result {
+                use ::bitcoin_hashes::{Hash, sha256};
+                write!(f, "{}(#", stringify!($thing))?;
+                let hash = sha256::Hash::hash(&self.0[..]);
+                for i in &hash[..4] {
+                    write!(f, "{:02x}", i)?;
+                }
+                f.write_str("...")?;
+                for i in &hash[28..] {
+                    write!(f, "{:02x}", i)?;
+                }
+                f.write_str(")")
+            }
+        }
+
+        #[cfg(all(not(feature = "bitcoin_hashes"), feature = "std"))]
+        impl ::core::fmt::Debug for $thing {
+            fn fmt(&self, f: &mut ::core::fmt::Formatter) -> ::core::fmt::Result {
+                use ::core::hash::Hasher;
+                let mut hasher = ::std::collections::hash_map::DefaultHasher::new();
+
+                hasher.write(&self.0[..]);
+                let hash = hasher.finish();
+
+                write!(f, "{}(#{:016x})", stringify!($thing), hash)
+            }
+        }
+
+        impl $thing {
+            /// Formats the explicit byte value of the secret key kept inside the type as a
+            /// little-endian hexadecimal string using the provided formatter.
+            ///
+            /// This is the only method that outputs the actual secret key value, and, thus,
+            /// should be used with extreme precaution.
+            #[deprecated(
+                note = "Caution: you are explicitly outputting secret key value! This can be done
+                only in debug environment and that's why always considered as ``deprecated''"
+            )]
+            pub fn fmt_secret_key(&self, f: &mut ::core::fmt::Formatter) -> ::core::fmt::Result {
+                for i in &self.0[..] {
+                    write!(f, "{:02x}", i)?;
+                }
+                Ok(())
+            }
+
+            /// Formats the explicit byte value of the secret key kept inside the type as a
+            /// little-endian hexadecimal string.
+            ///
+            /// This is the only method that outputs the actual secret key value, and, thus,
+            /// should be used with extreme precaution.
+            #[deprecated(
+                note = "Caution: you are explicitly outputting secret key value! This can be done
+                only in debug environment and that's why always considered as ``deprecated''"
+            )]
+            #[cfg(any(feature = "std", feature = "alloc"))]
+            pub fn format_secret_key(&self) -> String {
+                #[cfg(feature = "alloc")] use alloc::vec::Vec;
+                let mut s = Vec::with_capacity(self.0.len());
+                for i in &self.0[..] {
+                    s.push(format!("{:02x}", i));
+                }
+                s.join("")
             }
         }
      }
diff --git a/src/schnorrsig.rs b/src/schnorrsig.rs
@@ -76,8 +76,9 @@ impl str::FromStr for Signature {
 }
 
 /// Opaque data structure that holds a keypair consisting of a secret and a public key.
-#[derive(Copy, Clone, PartialEq, Eq, Debug, PartialOrd, Ord, Hash)]
+#[derive(Clone)]
 pub struct KeyPair(ffi::KeyPair);
+impl_safe_debug!(KeyPair);
 
 /// A Schnorr public key, used for verification of Schnorr signatures
 #[derive(Copy, Clone, PartialEq, Eq, Debug, PartialOrd, Ord, Hash)]

Original file line number	Diff line number	Diff line change
`@@ -76,8 +76,9 @@ impl str::FromStr for Signature {`
`76`	`76`	`}`
`77`	`77`
`78`	`78`	`/// Opaque data structure that holds a keypair consisting of a secret and a public key.`
`79`		`-#[derive(Copy, Clone, PartialEq, Eq, Debug, PartialOrd, Ord, Hash)]`
	`79`	`+#[derive(Clone)]`
`80`	`80`	`pub struct KeyPair(ffi::KeyPair);`
	`81`	`+impl_safe_debug!(KeyPair);`
`81`	`82`
`82`	`83`	`/// A Schnorr public key, used for verification of Schnorr signatures`
`83`	`84`	`#[derive(Copy, Clone, PartialEq, Eq, Debug, PartialOrd, Ord, Hash)]`