rbsecp256k1 4.0.0 → 5.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e0bda0a3b5513e2716322c5bd47668b1fe17493ee6a542848d4d3add50cabd67
-  data.tar.gz: 45d1d8dccfa8303b5d750f270dd65331ae6c72948982863e430628cfe9ce2b9a
+  metadata.gz: '09bce1370a196e16d15f8d923add9097a24e54cd16d6966252eaef876b43e8e2'
+  data.tar.gz: 59c16c569f2ea9a18d67f041b0a6bcd4b334d747a165e8801192094518a0a11b
 SHA512:
-  metadata.gz: 980d07a3fb920d7c873aca6969dc7102896379005e5a30741f637387fd43c06efdfddb09905e5c24a1dd1bb780211ebe9d46e3a8d16f02f95bf0a180cc6a7652
-  data.tar.gz: acb8d3284c484d946a5e22ebb4f4f2fb2c72f4e0e1e3b9bdb5b8beed2890283c361a14eda2453817401c0a8d98ace34219208f10d8997d98d21ef49766843d0c
+  metadata.gz: 457122cce9314f5f6af45c73fc2b55977e98765d5aa13e18e6a7f6ea614f0af0559857a6a735c4c066760b62af9fa970200645fb93f1f4fd333a6f3412297ad5
+  data.tar.gz: 4f503461cc54439ea891b4c0827d93a8e403abac1e9503f5be7b422c09abfae59917507d029ea0a3d6bb2cde10c64c256e9c6463ef0e1faace5e568d4d7d6282

data/README.md

@@ -2,10 +2,11 @@
 
 [![Build Status](https://travis-ci.com/etscrivner/rbsecp256k1.svg?branch=master)](https://travis-ci.com/etscrivner/rbsecp256k1) [![Gem Version](https://badge.fury.io/rb/rbsecp256k1.svg)](https://badge.fury.io/rb/rbsecp256k1)
 
-Compiled Ruby extension gem for [libsecp256k1](https://github.com/bitcoin-core/secp256k1). In rbsecp256k1 3.0.0
-and later libsecp256k1 is bundled with the gem.
+Native extension gem for secp256k1 ECDSA. Wraps [libsecp256k1](https://github.com/bitcoin-core/secp256k1). In
+rbsecp256k1 3.0.0 and later libsecp256k1 is bundled with the gem.
 
-[Documentation](documentation/index.md)
+* [Documentation](documentation/index.md)
+* [Examples](examples/README.md)
 
 ### Why wrap libsecp256k1?
 
@@ -16,6 +17,9 @@ faster than the OpenSSL implementation of the same curve. It is the only library
 that provides constant time signing of this curve and has been deployed as part
 of Bitcoin since [v0.10.0](https://bitcoin.org/en/release/v0.10.0#improved-signing-security)
 
+Natively wrapping the library in an extension gem means users don't have to
+worry about compiling or locating the library, unlike many [FFI](https://github.com/ffi/ffi) based gems.
+
 ## Installation
 
 The simplest installation:

data/Rakefile

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require "rake/extensiontask"
 
 Rake::ExtensionTask.new "rbsecp256k1" do |ext|

data/documentation/context.md

@@ -10,10 +10,25 @@ for multiple operations as much as possible.
 Initializers
 ------------
 
-#### new
+#### new(context_randomization_bytes: nil)
 
 Returns a newly initialized libsecp256k1 context. The context is randomized at
-initialization.
+initialization if given `context_randomization_bytes`. The
+`context_randomization_bytes` argument can optionally take a string containing
+32 bytes of random data, if not provided then the Context is not randomized and
+may be vulnerable to side-channel attacks.
+
+Class Methods
+-------------
+
+#### create
+
+Creates and returns a new randomized `Context` using `SecureRandom` for the
+random initialization bytes. This is the recommended method for initialization.
+
+#### create_unrandomized
+
+Creates a new unrandomized `Context`.
 
 Instance Methods
 ----------------
@@ -23,7 +38,7 @@ Instance Methods
 **Requires:** libsecp256k1 was built with the experimental ECDH module.
 
 Takes a `point` ([PublicKey](public_key.md)) and a `scalar` ([PrivateKey](private_key.md)) and returns a new
-[SharedSecret](shared_secret.md) containing the 32-byte shared secret. Raises a `RuntimeError` if
+[SharedSecret](shared_secret.md) containing the 32-byte shared secret. Raises a `Secp256k1::Error` if
 the `scalar` is invalid (zero or causes an overflow).
 
 #### generate_key_pair
@@ -34,7 +49,7 @@ secure random number generator (CSRNG) provided by OpenSSL.
 #### key_pair_from_private_key(private_key_data)
 
 Returns a new [KeyPair](key_pair.md) from the given `private_key_data`. The
-`private_key_data` is expected to be a binary string. Raises a `RuntimeError`
+`private_key_data` is expected to be a binary string. Raises a `Secp256k1::Error`
 if the private key is invalid or key derivation fails.
 
 #### recoverable_signature_from_compact(compact_signature, recovery_id)
@@ -42,7 +57,7 @@ if the private key is invalid or key derivation fails.
 **Requires:** libsecp256k1 was build with recovery module.
 
 Attempts to load a [RecoverableSignature](recoverable_signature.md) from the given `compact_signature`
-and `recovery_id`. Raises a RuntimeError if the signature data or recovery ID are invalid.
+and `recovery_id`. Raises a `Secp256k1::DeserializationError` if the signature data or recovery ID are invalid.
 
 #### sign(private_key, hash32)
 

data/documentation/index.md

@@ -48,7 +48,7 @@ This example demonstrates how to create a new libsecp256k1 context. This is the
 first step of using this library:
 
 ```ruby
-context = Secp256k1::Context.new
+context = Secp256k1::Context.create
 # => #<Secp256k1::Context:0x0000559b0bd8f5d0>
 ```
 
@@ -57,7 +57,7 @@ context = Secp256k1::Context.new
 This example shows how to generate a new public-private key pair:
 
 ```ruby
-context = Secp256k1::Context.new
+context = Secp256k1::Context.create
 key_pair = context.generate_key_pair
 # => #<Secp256k1::KeyPair:0x0000559b0bc876b0 @public_key=#<Secp256k1::PublicKey:0x0000559b0bc876d8>, @private_key=#<Secp256k1::PrivateKey:0x0000559b0bc87700 @data="\r\xA7\xB3<\x92\xCDw\xC1\xDB\xEB[BB;=\x80\xB83\xA8]\x06\xD9\x90\xF8v\xFFi\xF0/\x1E\x96\xF9">>
 ```
@@ -67,7 +67,7 @@ key_pair = context.generate_key_pair
 This example shows how to generate compressed and uncompressed public keys:
 
 ```ruby
-context = Secp256k1::Context.new
+context = Secp256k1::Context.create
 key_pair = context.generate_key_pair
 
 # 1. Get the binary representation of compressed public key
@@ -94,7 +94,7 @@ This example shows how to sign a message using your private key:
 ```ruby
 require 'digest'
 
-context = Secp256k1::Context.new
+context = Secp256k1::Context.create
 key_pair = context.generate_key_pair
 
 signature = context.sign(key_pair.private_key, Digest::SHA256.digest("test message"))
@@ -109,7 +109,7 @@ representations of a signature:
 ```ruby
 require 'digest'
 
-context = Secp256k1::Context.new
+context = Secp256k1::Context.create
 key_pair = context.generate_key_pair
 
 signature = context.sign(key_pair.private_key, Digest::SHA256.digest("test message"))
@@ -138,7 +138,7 @@ This example shows how to verify a signature using a public key:
 ```ruby
 require 'digest'
 
-context = Secp256k1::Context.new
+context = Secp256k1::Context.create
 key_pair = context.generate_key_pair
 hash = Digest::SHA256.digest("test message")
 
@@ -158,7 +158,7 @@ context.verify(signature, key_pair.public_key, hash)
 This example shows how to load a key pair from raw binary private key data:
 
 ```ruby
-context = Secp256k1::Context.new
+context = Secp256k1::Context.create
 
 #1. Load private key alone
 private_key = Secp256k1::PrivateKey.from_data("I\nX\x85\xAEz}\n\x9B\xA4\\\x81)\xD4\x9Aq\xFDH\t\xBE\x8EP\xC5.\xC6\x1F7-\x86\xA0\xCB\xF9")
@@ -218,7 +218,7 @@ You can sign data producing a recoverable signature as follows:
 require 'digest'
 
 hash = Digest::SHA256.digest('test message')
-context = Secp256k1::Context.new
+context = Secp256k1::Context.create
 key_pair = context.generate_key_pair
 
 signature = context.sign_recoverable(key_pair.private_key, hash)
@@ -233,7 +233,7 @@ You can produce the compact binary serialization of a recoverable signature:
 require 'digest'
 
 hash = Digest::SHA256.digest('test message')
-context = Secp256k1::Context.new
+context = Secp256k1::Context.create
 key_pair = context.generate_key_pair
 
 signature = context.sign_recoverable(key_pair.private_key, hash)
@@ -247,7 +247,7 @@ You can load a recoverable signature give its compact representation and
 recovery ID:
 
 ```ruby
-context = Secp256k1::Context.new
+context = Secp256k1::Context.create
 
 compact_data = "D,\x9C\xA6%I\x14-\xCA\xC0\x11\x0F\xEB\x1E\xB0\xB6\\-\xE2\b\x98\xFB\xEA\xD5\x9BZ\xE6\xDF#\xC1\x1A\xEEL\xF02\xB1\xE9{\r\xEBhh<\\\xCF\xB6\x98\xEA\x8F\xF65\xF2\xBF\x84\xD8\xE5x\xF0\xA5)\xA2Wb\x9D"
 recovery_id = 1
@@ -265,7 +265,7 @@ for use by all methods that take a [Signature](signature.md) object:
 require 'digest'
 
 hash = Digest::SHA256.digest('test message')
-context = Secp256k1::Context.new
+context = Secp256k1::Context.create
 key_pair = context.generate_key_pair
 
 recoverable_signature = context.sign_recoverable(key_pair.private_key, hash)
@@ -281,7 +281,7 @@ You can recover the [PublicKey](public_key.md) associated with a recoverable sig
 require 'digest'
 
 hash = Digest::SHA256.digest('test message')
-context = Secp256k1::Context.new
+context = Secp256k1::Context.create
 key_pair = context.generate_key_pair
 
 recoverable_signature = context.sign_recoverable(key_pair.private_key, hash)
@@ -310,7 +310,7 @@ Secp256k1.have_ecdh?
 To generate a shared secret run the following:
 
 ```ruby
-context = Secp256k1::Context.new
+context = Secp256k1::Context.create
 key_pair = context.generate_key_pair
 
 shared_secret = context.ecdh(key_pair.public_key, key_pair.private_key)

data/documentation/private_key.md

@@ -11,7 +11,7 @@ Class Methods
 #### from_data(private_key_data)
 
 Loads new private key from the given binary `private_key_data` string. Raises
-`ArgumentError` if the given data is invalid.
+`Secp256k1::Error` if the given data is invalid.
 
 Instance Methods
 ----------------

data/documentation/public_key.md

@@ -13,8 +13,8 @@ Class Methods
 #### from_data(public_key_data)
 
 Parses compressed or uncompressed from binary string `public_key_data` and
-creates and returns a new public key from it. Raises a `RuntimeError` if the
-given public key data is invalid.
+creates and returns a new public key from it. Raises a `Secp256k1::DeserializationError`
+if the given public key data is invalid.
 
 Instance Methods
 ----------------

data/documentation/signature.md

@@ -12,12 +12,12 @@ Class Methods
 #### from_compact(compact_signature)
 
 Parses a signature from binary string `compact_signature`. Raises a
-`RuntimeError` ig the signature data is invalid.
+`Secp256k1::DeserializationError` if the signature data is invalid.
 
 #### from_der_encoded(der_encoded_signature)
 
 Parses a signature from binary string `der_encoded_signature`. Raises a
-`RuntimeError` ig the signature data is invalid.
+`Secp256k1::DeserializationError` if the signature data is invalid.
 
 Instance Methods
 ----------------

data/ext/rbsecp256k1/extconf.rb

@@ -1,27 +1,16 @@
+# frozen_string_literal: true
+
 require 'mini_portile2'
 require 'mkmf'
 require 'zip'
 
-# Indicates the platform on which the package is being installed
-INSTALLING_OS =
-  if RUBY_PLATFORM =~ /darwin/
-    :macos
-  elsif RUBY_PLATFORM =~ /linux/
-    :linux
-  else
-    :unknown
-  end
-
-# Fixed path to Homebrew OpenSSL pkgconfig file
-HOMEBREW_OPENSSL_PKGCONFIG = '/usr/local/opt/openssl/lib/pkgconfig'.freeze
-
 # Recipe for downloading and building libsecp256k1 as part of installation
 class Secp256k1Recipe < MiniPortile
   # Hard-coded URL for libsecp256k1 zipfile (HEAD of master as of 26-11-2018)
-  LIBSECP256K1_ZIP_URL = 'https://github.com/bitcoin-core/secp256k1/archive/e34ceb333b1c0e6f4115ecbb80c632ac1042fa49.zip'.freeze
+  LIBSECP256K1_ZIP_URL = 'https://github.com/bitcoin-core/secp256k1/archive/e34ceb333b1c0e6f4115ecbb80c632ac1042fa49.zip'
 
   # Expected SHA-256 of the zipfile above (computed using sha256sum)
-  LIBSECP256K1_SHA256 = 'd87d3ca7ebc42edbabb0f38e79205040b24b09b3e6d1c9ac89585de9bf302143'.freeze
+  LIBSECP256K1_SHA256 = 'd87d3ca7ebc42edbabb0f38e79205040b24b09b3e6d1c9ac89585de9bf302143'
 
   WITH_RECOVERY = ENV.fetch('WITH_RECOVERY', '1') == '1'
   WITH_ECDH = ENV.fetch('WITH_ECDH', '1') == '1'
@@ -82,46 +71,6 @@ class Secp256k1Recipe < MiniPortile
   end
 end
 
-# OpenSSL flags
-message("checking for OpenSSL\n")
-results = pkg_config('openssl')
-
-# Failed to find package OpenSSL
-unless results && results[1]
-  # Check if the user happens to have OpenSSL installed via Homebrew on a path
-  # we know about.
-  # rubocop:disable Style/GlobalVars
-  if INSTALLING_OS == :macos && File.exist?(HOMEBREW_OPENSSL_PKGCONFIG)
-    begin
-      require 'rubygems'
-      gem 'pkg-config', (gem_ver = '~> 1.3')
-      require 'pkg-config'
-    rescue LoadError
-      message(
-        "pkg-config could not be used to find openssl\n" \
-        "Please install either `pkg-config` or the pkg-config gem via\n" \
-        "gem install pkg-config -v #{gem_ver.inspect}\n\n"
-      )
-    else
-      message("Initial check failed. Trying homebrew openssl path...\n")
-      message("Using pkg-config gem version #{PKGConfig::VERSION}\n")
-      PKGConfig.add_path(HOMEBREW_OPENSSL_PKGCONFIG)
-
-      cflags = PKGConfig.cflags('openssl')
-      ldflags = PKGConfig.libs_only_L('openssl')
-      libs = PKGConfig.libs_only_l('openssl')
-
-      $CFLAGS += " " << cflags if cflags
-      $libs += " " << libs if libs
-      $LDFLAGS = [$LDFLAGS, ldflags].join(' ')
-
-      results = [cflags, libs, ldflags]
-    end
-  end
-  # rubocop:enable Style/GlobalVars
-end
-abort "missing openssl pkg-config information" unless results && results[1]
-
 if with_config('system-library')
   # Require that libsecp256k1 be installed using `make install` or similar.
   message("checking for libsecp256k1\n")
@@ -142,6 +91,11 @@ else
       "-Wall"
     ]
   )
+  append_ldflags(
+    [
+      "-Wl,--no-as-needed"
+    ]
+  )
   # rubocop:disable Style/GlobalVars
   $LIBPATH = ["#{recipe.path}/lib"] | $LIBPATH
   # rubocop:enable Style/GlobalVars

data/ext/rbsecp256k1/rbsecp256k1.c

@@ -6,12 +6,8 @@
 // and verifying signatures using the library.
 //
 // Dependencies:
-// * libsecp256k1
-// * openssl
+//   * libsecp256k1
 #include <ruby.h>
-
-#include <openssl/rand.h>
-
 #include <secp256k1.h>
 
 // Include recoverable signatures functionality if available
@@ -44,6 +40,14 @@
 // applications. Context initialization is expensive so it is recommended that
 // a single context be initialized and used throughout an application when
 // possible.
+//
+// Exception Hierarchy:
+//
+// The following hierarchy is used for exceptions raised from the library:
+//
+// +- Error (Descends from StandardError)
+// |-- SerializationError
+// |-- DeserializationError
 
 //
 // The section below contains purely internal methods used exclusively by the
@@ -61,6 +65,9 @@ const size_t COMPACT_SIG_SIZE_BYTES = 64;
 // objects from anywhere. The use of global variables seems to be inline with
 // how the Ruby project builds its own extension gems.
 static VALUE Secp256k1_module;
+static VALUE Secp256k1_Error_class;
+static VALUE Secp256k1_SerializationError_class;
+static VALUE Secp256k1_DeserializationError_class;
 static VALUE Secp256k1_Context_class;
 static VALUE Secp256k1_KeyPair_class;
 static VALUE Secp256k1_PublicKey_class;
@@ -262,33 +269,6 @@ typedef enum ResultT_dummy {
   RESULT_FAILURE
 } ResultT;
 
-/**
- * Generate a series of cryptographically secure random bytes using OpenSSL.
- *
- * \param out_bytes Desired number of bytes will be written here.
- * \param in_size Number of bytes of random data to be generated.
- * \return RESULT_SUCCESS if the bytes were generated successfully,
- *   RESULT_FAILURE otherwise.
- */
-static ResultT
-GenerateRandomBytes(unsigned char *out_bytes, int in_size)
-{
-  // OpenSSL RNG has not been seeded with enough data and is therefore
-  // not usable.
-  if (RAND_status() == 0)
-  {
-    return RESULT_FAILURE;
-  }
-
-  // Attempt to generate random bytes using the OpenSSL RNG
-  if (RAND_bytes(out_bytes, in_size) != 1)
-  {
-    return RESULT_FAILURE;
-  }
-
-  return RESULT_SUCCESS;
-}
-
 /**
  * Computes the ECDSA signature of the given 32-byte SHA-256 hash.
  *
@@ -462,7 +442,7 @@ PublicKey_create_from_private_key(Context *in_context,
         (&public_key->pubkey),
         private_key_data) != 1)
   {
-    rb_raise(rb_eTypeError, "invalid private key data");
+    rb_raise(Secp256k1_DeserializationError_class, "invalid private key data");
   }
 
   return result;
@@ -483,7 +463,7 @@ PublicKey_create_from_data(unsigned char *in_public_key_data,
                                 in_public_key_data,
                                 in_public_key_data_len) != 1)
   {
-    rb_raise(rb_eRuntimeError, "invalid public key data");
+    rb_raise(Secp256k1_DeserializationError_class, "invalid public key data");
   }
 
   return result;
@@ -495,7 +475,7 @@ PublicKey_create_from_data(unsigned char *in_public_key_data,
  * @param in_public_key_data [String] binary string with compressed or
  *   uncompressed public key data.
  * @return [Secp256k1::PublicKey] public key derived from data.
- * @raise [RuntimeError] if public key data is invalid.
+ * @raise [Secp256k1::DeserializationError] if public key data is invalid.
  */
 static VALUE
 PublicKey_from_data(VALUE klass, VALUE in_public_key_data)
@@ -631,7 +611,7 @@ PrivateKey_create(unsigned char *in_private_key_data)
   if (secp256k1_ec_seckey_verify(secp256k1_context_no_precomp,
                                  in_private_key_data) != 1)
   {
-    rb_raise(rb_eArgError, "invalid private key data");
+    rb_raise(Secp256k1_Error_class, "invalid private key data");
   }
 
   result = PrivateKey_alloc(Secp256k1_PrivateKey_class);
@@ -649,7 +629,7 @@ PrivateKey_create(unsigned char *in_private_key_data)
  * @param in_private_key_data [String] 32 byte binary string of private key
  *   data.
  * @return [Secp256k1::PrivateKey] private key loaded from the given data.
- * @raise [ArgumentError] if private key data is not 32 bytes or is invalid.
+ * @raise [Secp256k1::Error] if private key data is not 32 bytes or is invalid.
  */
 static VALUE
 PrivateKey_from_data(VALUE klass, VALUE in_private_key_data)
@@ -659,7 +639,10 @@ PrivateKey_from_data(VALUE klass, VALUE in_private_key_data)
   Check_Type(in_private_key_data, T_STRING);
   if (RSTRING_LEN(in_private_key_data) != 32)
   {
-    rb_raise(rb_eArgError, "private key data must be 32 bytes in length");
+    rb_raise(
+      Secp256k1_Error_class,
+      "private key data must be 32 bytes in length"
+    );
   }
 
   private_key_data = (unsigned char*)StringValuePtr(in_private_key_data);
@@ -714,7 +697,7 @@ Signature_alloc(VALUE klass)
  * @param in_compact_signature [String] compact signature as 64-byte binary
  *   string.
  * @return [Secp256k1::Signature] object deserialized from compact signature.
- * @raise [ArgumentError] if signature data is invalid.
+ * @raise [Secp256k1::DeserializationError] if signature data is invalid.
  */
 static VALUE
 Signature_from_compact(VALUE klass, VALUE in_compact_signature)
@@ -727,7 +710,7 @@ Signature_from_compact(VALUE klass, VALUE in_compact_signature)
 
   if (RSTRING_LEN(in_compact_signature) != 64)
   {
-    rb_raise(rb_eArgError, "compact signature must be 64 bytes");
+    rb_raise(Secp256k1_Error_class, "compact signature must be 64 bytes");
   }
 
   signature_data = (unsigned char*)StringValuePtr(in_compact_signature);
@@ -739,7 +722,7 @@ Signature_from_compact(VALUE klass, VALUE in_compact_signature)
                                               &(signature->sig),
                                               signature_data) != 1)
   {
-    rb_raise(rb_eArgError, "invalid compact signature");
+    rb_raise(Secp256k1_DeserializationError_class, "invalid compact signature");
   }
 
   return signature_result;
@@ -752,7 +735,7 @@ Signature_from_compact(VALUE klass, VALUE in_compact_signature)
  *   string.
  * @return [Secp256k1::Signature] signature object initialized using signature
  *   data.
- * @raise [ArgumentError] if signature data is invalid.
+ * @raise [Secp256k1::DeserializationError] if signature data is invalid.
  */
 static VALUE
 Signature_from_der_encoded(VALUE klass, VALUE in_der_encoded_signature)
@@ -773,7 +756,7 @@ Signature_from_der_encoded(VALUE klass, VALUE in_der_encoded_signature)
                                           signature_data,
                                           RSTRING_LEN(in_der_encoded_signature)) != 1)
   {
-    rb_raise(rb_eArgError, "invalid DER encoded signature");
+    rb_raise(Secp256k1_DeserializationError_class, "invalid DER encoded signature");
   }
 
   return signature_result;
@@ -800,7 +783,10 @@ Signature_der_encoded(VALUE self)
                                               &der_signature_len,
                                               &(signature->sig)) != 1)
   {
-    rb_raise(rb_eRuntimeError, "could not compute DER encoded signature");
+    rb_raise(
+      Secp256k1_SerializationError_class,
+      "could not compute DER encoded signature"
+    );
   }
 
   return rb_str_new((char*)der_signature, der_signature_len);
@@ -824,7 +810,10 @@ Signature_compact(VALUE self)
                                                   compact_signature,
                                                   &(signature->sig)) != 1)
   {
-    rb_raise(rb_eRuntimeError, "unable to compute compact signature");
+    rb_raise(
+      Secp256k1_SerializationError_class,
+      "unable to compute compact signature"
+    );
   }
 
   return rb_str_new((char*)compact_signature, COMPACT_SIG_SIZE_BYTES);
@@ -932,7 +921,7 @@ RecoverableSignature_alloc(VALUE klass)
  *
  * @return [Array] first element is the 64 byte compact encoding of signature,
  *   the second element is the integer recovery ID.
- * @raise [RuntimeError] if signature serialization fails.
+ * @raise [Secp256k1::SerializationError] if signature serialization fails.
  */
 static VALUE
 RecoverableSignature_compact(VALUE self)
@@ -955,7 +944,10 @@ RecoverableSignature_compact(VALUE self)
         &recovery_id,
         &(recoverable_signature->sig)) != 1)
   {
-    rb_raise(rb_eRuntimeError, "unable to serialize recoverable signature");
+    rb_raise(
+      Secp256k1_SerializationError_class,
+      "unable to serialize recoverable signature"
+    );
   }
 
   // Create a new array with room for 2 elements and push data onto it
@@ -1008,7 +1000,9 @@ RecoverableSignature_to_signature(VALUE self)
  *
  * @param in_hash32 [String] 32-byte SHA-256 hash of data.
  * @return [Secp256k1::PublicKey] recovered public key.
- * @raise [RuntimeError] if the public key could not be recovered.
+ * @raise [Secp256k1::Error] if hash given is not 32 bytes.
+ * @raise [Secp256k1::DeserializationError] if public key could not be
+ *   recovered.
  */
 static VALUE
 RecoverableSignature_recover_public_key(VALUE self, VALUE in_hash32)
@@ -1021,7 +1015,7 @@ RecoverableSignature_recover_public_key(VALUE self, VALUE in_hash32)
   Check_Type(in_hash32, T_STRING);
   if (RSTRING_LEN(in_hash32) != 32)
   {
-    rb_raise(rb_eArgError, "in_hash32 is not 32 bytes in length");
+    rb_raise(Secp256k1_Error_class, "in_hash32 is not 32 bytes in length");
   }
 
   TypedData_Get_Struct(
@@ -1043,7 +1037,7 @@ RecoverableSignature_recover_public_key(VALUE self, VALUE in_hash32)
     return result;
   }
 
-  rb_raise(rb_eRuntimeError, "unable to recover public key");
+  rb_raise(Secp256k1_DeserializationError_class, "unable to recover public key");
 }
 
 /**
@@ -1131,14 +1125,27 @@ Context_alloc(VALUE klass)
  *
  * Context initialization should be infrequent as it is an expensive operation.
  *
+ * @param context_randomization_bytes [String,nil] (Optional) 32 bytes of
+ *   random data used to randomize the context. If omitted then the
+ *   context remains unrandomized. It is recommended that you provide this
+ *   argument.
  * @return [Secp256k1::Context] 
- * @raise [RuntimeError] if context randomization fails.
+ * @raise [Secp256k1::Error] if context randomization fails.
  */
 static VALUE
-Context_initialize(VALUE self)
+Context_initialize(int argc, const VALUE* argv, VALUE self)
 {
   Context *context;
-  unsigned char seed[32];
+  unsigned char *seed32;
+  VALUE context_randomization_bytes;
+  VALUE opts;
+  static ID kwarg_ids;
+
+  context_randomization_bytes = Qnil;
+  if (!kwarg_ids)
+  {
+    CONST_ID(kwarg_ids, "context_randomization_bytes");
+  }
 
   TypedData_Get_Struct(self, Context, &Context_DataType, context);
 
@@ -1146,50 +1153,46 @@ Context_initialize(VALUE self)
     SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY
   );
 
-  // Randomize the context at initialization time rather than before calls so
-  // the same context can be used across threads safely.
-  GenerateRandomBytes(seed, 32);
-  if (secp256k1_context_randomize(context->ctx, seed) != 1)
+  // Handle optional second argument containing random bytes to use for
+  // randomization. We pass ":" to rb_scan_args to say that we expect keyword
+  // arguments. We then parse the opts result of the scan in order to grab
+  // context_randomization_bytes from the hash.
+  rb_scan_args(argc, argv, ":", &opts);
+  rb_get_kwargs(opts, &kwarg_ids, 0, 1, &context_randomization_bytes);
+
+  // We need this check because rb_get_kwargs will set the result to Qundef if
+  // the keyword argument is not provided. This lets us use the NIL_P
+  // predicate.
+  if (context_randomization_bytes == Qundef)
   {
-    rb_raise(rb_eRuntimeError, "context randomization failed");
+    context_randomization_bytes = Qnil;
   }
 
-  return self;
-}
-
-/**
- * Generate a new public-private key pair.
- *
- * @return [Secp256k1::KeyPair] newly generated key pair.
- * @raise [RuntimeError] if private key generation fails.
- */
-static VALUE
-Context_generate_key_pair(VALUE self)
-{
-  Context *context;
-  VALUE private_key;
-  VALUE public_key;
-  VALUE result;
-  unsigned char private_key_bytes[32];
-
-  if (FAILURE(GenerateRandomBytes(private_key_bytes, 32)))
+  if (!NIL_P(context_randomization_bytes)) // Random bytes given
   {
-    rb_raise(rb_eRuntimeError, "unable to generate private key bytes.");
+    Check_Type(context_randomization_bytes, T_STRING);
+    if (RSTRING_LEN(context_randomization_bytes) != 32)
+    {
+      rb_raise(
+        Secp256k1_Error_class,
+        "context_randomization_bytes must be 32 bytes in length"
+      );
+    }
+
+    seed32 = (unsigned char*)StringValuePtr(context_randomization_bytes);
+
+    // Randomize the context at initialization time rather than before calls so
+    // the same context can be used across threads safely.
+    if (secp256k1_context_randomize(context->ctx, seed32) != 1)
+    {
+      rb_raise(
+        Secp256k1_Error_class,
+        "context randomization failed"
+      );
+    }
   }
 
-  TypedData_Get_Struct(self, Context, &Context_DataType, context);
-
-  private_key = PrivateKey_create(private_key_bytes);
-  public_key = PublicKey_create_from_private_key(context, private_key_bytes);
-  result = rb_funcall(
-    Secp256k1_KeyPair_class,
-    rb_intern("new"),
-    2,
-    public_key,
-    private_key
-  );
-
-  return result;
+  return self;
 }
 
 /**
@@ -1197,7 +1200,7 @@ Context_generate_key_pair(VALUE self)
  *
  * @param in_private_key_data [String] binary private key data
  * @return [Secp256k1::KeyPair] key pair initialized from the private key data.
- * @raise [ArgumentError] if the private key data is invalid or key derivation
+ * @raise [Secp256k1::Error] if the private key data is invalid or key derivation
  *   fails.
  */
 static VALUE
@@ -1213,7 +1216,7 @@ Context_key_pair_from_private_key(VALUE self, VALUE in_private_key_data)
 
   if (RSTRING_LEN(in_private_key_data) != 32)
   {
-    rb_raise(rb_eArgError, "private key data must be 32 bytes in length");
+    rb_raise(Secp256k1_Error_class, "private key data must be 32 bytes in length");
   }
 
   private_key_data = (unsigned char*)StringValuePtr(in_private_key_data);
@@ -1237,8 +1240,8 @@ Context_key_pair_from_private_key(VALUE self, VALUE in_private_key_data)
  *   signing.
  * @param in_hash32 [String] 32-byte binary string with SHA-256 hash of data.
  * @return [Secp256k1::Signature] signature resulting from signing data.
- * @raise [RuntimeError] if signature computation fails.
- * @raise [ArgumentError] if hash is not 32-bytes in length.
+ * @raise [Secp256k1::Error] if hash is not 32-bytes in length or signature
+ *   computation fails.
  */
 static VALUE
 Context_sign(VALUE self, VALUE in_private_key, VALUE in_hash32)
@@ -1253,7 +1256,7 @@ Context_sign(VALUE self, VALUE in_private_key, VALUE in_hash32)
 
   if (RSTRING_LEN(in_hash32) != 32)
   {
-    rb_raise(rb_eArgError, "in_hash32 is not 32 bytes in length");
+    rb_raise(Secp256k1_Error_class, "in_hash32 is not 32 bytes in length");
   }
 
   TypedData_Get_Struct(self, Context, &Context_DataType, context);
@@ -1272,7 +1275,7 @@ Context_sign(VALUE self, VALUE in_private_key, VALUE in_hash32)
     return signature_result;
   }
 
-  rb_raise(rb_eRuntimeError, "unable to compute signature");
+  rb_raise(Secp256k1_Error_class, "unable to compute signature");
 }
 
 /**
@@ -1284,7 +1287,7 @@ Context_sign(VALUE self, VALUE in_private_key, VALUE in_hash32)
  * @param in_hash32 [String] 32-byte binary string containing SHA-256 hash of
  *   data.
  * @return [Boolean] True if the signature is valid, false otherwise.
- * @raise [ArgumentError] if hash is not 32-bytes in length.
+ * @raise [Secp256k1::Error] if hash is not 32-bytes in length.
  */
 static VALUE
 Context_verify(VALUE self, VALUE in_signature, VALUE in_pubkey, VALUE in_hash32)
@@ -1298,7 +1301,7 @@ Context_verify(VALUE self, VALUE in_signature, VALUE in_pubkey, VALUE in_hash32)
 
   if (RSTRING_LEN(in_hash32) != 32)
   {
-    rb_raise(rb_eArgError, "in_hash32 is not 32-bytes in length");
+    rb_raise(Secp256k1_Error_class, "in_hash32 is not 32-bytes in length");
   }
 
   TypedData_Get_Struct(self, Context, &Context_DataType, context);
@@ -1328,7 +1331,8 @@ Context_verify(VALUE self, VALUE in_signature, VALUE in_pubkey, VALUE in_hash32)
  * @param in_hash32 [String] 32-byte binary string with SHA-256 hash of data.
  * @return [Secp256k1::RecoverableSignature] recoverable signature produced by
  *   signing the SHA-256 hash `in_hash32` with `in_private_key`.
- * @raise [ArgumentError] if the hash is not 32 bytes
+ * @raise [Secp256k1::Error] if the hash is not 32 bytes or signature could not
+ *   be computed.
  */
 static VALUE
 Context_sign_recoverable(VALUE self, VALUE in_private_key, VALUE in_hash32)
@@ -1342,7 +1346,7 @@ Context_sign_recoverable(VALUE self, VALUE in_private_key, VALUE in_hash32)
   Check_Type(in_hash32, T_STRING);
   if (RSTRING_LEN(in_hash32) != 32)
   {
-    rb_raise(rb_eArgError, "in_hash32 is not 32 bytes in length");
+    rb_raise(Secp256k1_Error_class, "in_hash32 is not 32 bytes in length");
   }
 
   TypedData_Get_Struct(self, Context, &Context_DataType, context);
@@ -1368,7 +1372,7 @@ Context_sign_recoverable(VALUE self, VALUE in_private_key, VALUE in_hash32)
     return result;
   }
 
-  rb_raise(rb_eRuntimeError, "unable to compute recoverable signature");
+  rb_raise(Secp256k1_Error_class, "unable to compute recoverable signature");
 }
 
 /**
@@ -1378,8 +1382,9 @@ Context_sign_recoverable(VALUE self, VALUE in_private_key, VALUE in_hash32)
  *   data.
  * @param in_recovery_id [Integer] recovery ID (range [0, 3])
  * @return [Secp256k1::RecoverableSignature] signature parsed from data.
- * @raise [RuntimeError] if signature data or recovery ID is invalid.
- * @raise [ArgumentError] if compact signature is not 64 bytes or recovery ID
+ * @raise [Secp256k1::DeserializationError] if signature data or recovery ID is
+ *   invalid.
+ * @raise [Secp256k1::Error] if compact signature is not 64 bytes or recovery ID
  *   is not in range [0, 3].
  */
 static VALUE
@@ -1401,12 +1406,12 @@ Context_recoverable_signature_from_compact(
 
   if (RSTRING_LEN(in_compact_sig) != 64)
   {
-    rb_raise(rb_eArgError, "compact signature is not 64 bytes");
+    rb_raise(Secp256k1_Error_class, "compact signature is not 64 bytes");
   }
 
   if (recovery_id < 0 || recovery_id > 3)
   {
-    rb_raise(rb_eArgError, "invalid recovery ID, must be in range [0, 3]");
+    rb_raise(Secp256k1_Error_class, "invalid recovery ID, must be in range [0, 3]");
   }
 
   result = RecoverableSignature_alloc(Secp256k1_RecoverableSignature_class);
@@ -1427,7 +1432,7 @@ Context_recoverable_signature_from_compact(
     return result;
   }
   
-  rb_raise(rb_eRuntimeError, "unable to parse recoverable signature");
+  rb_raise(Secp256k1_DeserializationError_class, "unable to parse recoverable signature");
 }
 
 #endif // HAVE_SECP256K1_RECOVERY_H
@@ -1443,7 +1448,7 @@ Context_recoverable_signature_from_compact(
  * @param point [Secp256k1::PublicKey] public-key representing ECDH point.
  * @param scalar [Secp256k1::PrivateKey] private-key representing ECDH scalar.
  * @return [Secp256k1::SharedSecret] shared secret
- * @raise [RuntimeError] If scalar was invalid (zero or caused overflow).
+ * @raise [Secp256k1::Error] If scalar was invalid (zero or caused overflow).
  */
 static VALUE
 Context_ecdh(VALUE self, VALUE point, VALUE scalar)
@@ -1470,7 +1475,7 @@ Context_ecdh(VALUE self, VALUE point, VALUE scalar)
                      NULL,
                      NULL) != 1)
   {
-    rb_raise(rb_eRuntimeError, "invalid scalar provided to ecdh");
+    rb_raise(Secp256k1_Error_class, "invalid scalar provided to ecdh");
   }
 
   rb_iv_set(result, "@data", rb_str_new((char*)shared_secret->data, 32));
@@ -1522,13 +1527,6 @@ Secp256k1_have_ecdh(VALUE module)
 
 void Init_rbsecp256k1()
 {
-  // NOTE: All classes derive from Data (rb_cData) rather than Object
-  // (rb_cObject). This makes it so we don't have to call rb_undef_alloc_func
-  // for each class and can instead simply define the allocation methods for
-  // each class.
-  //
-  // See: https://github.com/ruby/ruby/blob/trunk/doc/extension.rdoc#encapsulate-c-data-into-a-ruby-object
-
   // Secp256k1
   Secp256k1_module = rb_define_module("Secp256k1");
   rb_define_singleton_method(
@@ -1544,19 +1542,27 @@ void Init_rbsecp256k1()
     0
   );
 
+  // Secp256k1 exception hierarchy
+  Secp256k1_Error_class = rb_define_class_under(
+    Secp256k1_module, "Error", rb_eStandardError
+  );
+  Secp256k1_SerializationError_class = rb_define_class_under(
+    Secp256k1_module, "SerializationError", Secp256k1_Error_class
+  );
+  Secp256k1_DeserializationError_class = rb_define_class_under(
+    Secp256k1_module, "DeserializationError", Secp256k1_Error_class
+  );
+
   // Secp256k1::Context
   Secp256k1_Context_class = rb_define_class_under(
-    Secp256k1_module, "Context", rb_cData
+    Secp256k1_module, "Context", rb_cObject
   );
+  rb_undef_alloc_func(Secp256k1_Context_class);
   rb_define_alloc_func(Secp256k1_Context_class, Context_alloc);
   rb_define_method(Secp256k1_Context_class,
                    "initialize",
                    Context_initialize,
-                   0);
-  rb_define_method(Secp256k1_Context_class,
-                   "generate_key_pair",
-                   Context_generate_key_pair,
-                   0);
+                   -1);
   rb_define_method(Secp256k1_Context_class,
                    "key_pair_from_private_key",
                    Context_key_pair_from_private_key,
@@ -1573,7 +1579,8 @@ void Init_rbsecp256k1()
   // Secp256k1::KeyPair
   Secp256k1_KeyPair_class = rb_define_class_under(Secp256k1_module,
                                                   "KeyPair",
-                                                  rb_cData);
+                                                  rb_cObject);
+  rb_undef_alloc_func(Secp256k1_KeyPair_class);
   rb_define_alloc_func(Secp256k1_KeyPair_class, KeyPair_alloc);
   rb_define_attr(Secp256k1_KeyPair_class, "public_key", 1, 0);
   rb_define_attr(Secp256k1_KeyPair_class, "private_key", 1, 0);
@@ -1586,7 +1593,8 @@ void Init_rbsecp256k1()
   // Secp256k1::PublicKey
   Secp256k1_PublicKey_class = rb_define_class_under(Secp256k1_module,
                                                     "PublicKey",
-                                                    rb_cData);
+                                                    rb_cObject);
+  rb_undef_alloc_func(Secp256k1_PublicKey_class);
   rb_define_alloc_func(Secp256k1_PublicKey_class, PublicKey_alloc);
   rb_define_method(Secp256k1_PublicKey_class,
                    "compressed",
@@ -1606,8 +1614,9 @@ void Init_rbsecp256k1()
 
   // Secp256k1::PrivateKey
   Secp256k1_PrivateKey_class = rb_define_class_under(
-    Secp256k1_module, "PrivateKey", rb_cData
+    Secp256k1_module, "PrivateKey", rb_cObject
   );
+  rb_undef_alloc_func(Secp256k1_PrivateKey_class);
   rb_define_alloc_func(Secp256k1_PrivateKey_class, PrivateKey_alloc);
   rb_define_attr(Secp256k1_PrivateKey_class, "data", 1, 0);
   rb_define_method(Secp256k1_PrivateKey_class, "==", PrivateKey_equals, 1);
@@ -1621,7 +1630,8 @@ void Init_rbsecp256k1()
   // Secp256k1::Signature
   Secp256k1_Signature_class = rb_define_class_under(Secp256k1_module,
                                                     "Signature",
-                                                    rb_cData);
+                                                    rb_cObject);
+  rb_undef_alloc_func(Secp256k1_Signature_class);
   rb_define_alloc_func(Secp256k1_Signature_class, Signature_alloc);
   rb_define_method(Secp256k1_Signature_class,
                    "der_encoded",
@@ -1657,8 +1667,9 @@ void Init_rbsecp256k1()
   Secp256k1_RecoverableSignature_class = rb_define_class_under(
     Secp256k1_module,
     "RecoverableSignature",
-    rb_cData
+    rb_cObject
   );
+  rb_undef_alloc_func(Secp256k1_RecoverableSignature_class);
   rb_define_alloc_func(
     Secp256k1_RecoverableSignature_class,
     RecoverableSignature_alloc
@@ -1707,8 +1718,9 @@ void Init_rbsecp256k1()
   Secp256k1_SharedSecret_class = rb_define_class_under(
     Secp256k1_module,
     "SharedSecret",
-    rb_cData
+    rb_cObject
   );
+  rb_undef_alloc_func(Secp256k1_SharedSecret_class);
   rb_define_alloc_func(Secp256k1_SharedSecret_class, SharedSecret_alloc);
   rb_define_attr(Secp256k1_SharedSecret_class, "data", 1, 0);
 

data/lib/rbsecp256k1.rb

@@ -1,7 +1,10 @@
+# frozen_string_literal: true
+
 # Wraps libsecp256k1 in a ruby module and provides object interfaces.
 module Secp256k1
 end
 
+require 'rbsecp256k1/context'
 require 'rbsecp256k1/util'
 require 'rbsecp256k1/version'
 require 'rbsecp256k1/rbsecp256k1'

data/lib/rbsecp256k1/context.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+require 'securerandom'
+
+module Secp256k1
+  # Wrapper around a secp256k1_context object.
+  class Context
+    # Create a new randomized context.
+    #
+    # @return [Secp256k1::Context] randomized context
+    def self.create
+      new(context_randomization_bytes: SecureRandom.random_bytes(32))
+    end
+
+    # Create a new non-randomized context.
+    #
+    # @return [Secp256k1::Context] non-randomized context
+    def self.create_unrandomized
+      new
+    end
+
+    # Generates a new random key pair.
+    #
+    # @return [Secp256k1::KeyPair] public-private key pair.
+    def generate_key_pair
+      key_pair_from_private_key(SecureRandom.random_bytes(32))
+    end
+  end
+end

data/lib/rbsecp256k1/util.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Secp256k1
   # Contains utility methods that complement the functionality of the library.
   module Util

data/lib/rbsecp256k1/version.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Secp256k1
-  VERSION = '4.0.0'.freeze
+  VERSION = '5.0.0'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rbsecp256k1
 version: !ruby/object:Gem::Version
-  version: 4.0.0
+  version: 5.0.0
 platform: ruby
 authors:
 - Eric Scrivner
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-01-05 00:00:00.000000000 Z
+date: 2019-06-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: mini_portile2
@@ -100,14 +100,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.61'
+        version: '0.7'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.61'
+        version: '0.7'
 - !ruby/object:Gem::Dependency
   name: yard
   requirement: !ruby/object:Gem::Requirement
@@ -144,6 +144,7 @@ files:
 - ext/rbsecp256k1/extconf.rb
 - ext/rbsecp256k1/rbsecp256k1.c
 - lib/rbsecp256k1.rb
+- lib/rbsecp256k1/context.rb
 - lib/rbsecp256k1/util.rb
 - lib/rbsecp256k1/version.rb
 homepage: https://github.com/etscrivner/rbsecp256k1
@@ -170,6 +171,6 @@ rubyforge_project:
 rubygems_version: 2.7.6
 signing_key: 
 specification_version: 4
-summary: Compiled, native ruby extension interfaces to libsecp256k1. In rbsecp256k1
+summary: Native extension gem for secp256k1 ECDSA. Wraps libsecp256k1. In rbsecp256k1
   3.0.0 and later libsecp256k1 is bundled with the gem.
 test_files: []