Use fixed width serde impls for keys #406
Conversation
tcharding
force-pushed
the
fixed-width-serde
branch
from
64754a5
to
50ab92c
Compare
tcharding
force-pushed
the
fixed-width-serde
branch
6 times, most recently
from
6e3e256
to
d8a0399
Compare
tcharding
changed the title
tcharding
changed the title
tcharding
force-pushed
the
fixed-width-serde
branch
6 times, most recently
from
cd44138
to
4e8e095
Compare
tcharding
force-pushed
the
fixed-width-serde
branch
from
4e8e095
to
a58dc21
Compare
tcharding
force-pushed
the
fixed-width-serde
branch
from
a58dc21
to
ba9e23d
Compare
|
I think we can just use a fixed-size array of size 74 rather than a |
no_std_test/src/main.rs
Outdated
| let _ = SharedSecret::new(&public_key, &secret_key); | ||
| let _ = ecdh::shared_secret_point(&public_key, &secret_key); | ||
|
|
||
| #[cfg(feature = "use-serde")] { |
There was a problem hiding this comment.
This style is inconsistent with the rest of the code and quite confusing.
There was a problem hiding this comment.
Do you mean inconsistent with the scratch through because removal of rust-secp256k1 crate? This is a separate crate and the features are only used, as far as I can tell, to run this crate and selectively run parts of the test (start function).Vec removes the need for this feature anyways.
FTR I'm not sure why this is a separate crate, I'm not super deep in the no-std stuff, @elichai do you remember off the top of your head why we had to put it in a separate crate and not in the tests directory (i.e., standard integration tests directory)?
There was a problem hiding this comment.
The goal was to simulate macro usage from rust-bitcoin, which has less visibility of symbols than anything within the crate (including, I think (?) stuff in the tests/ directory).
I believe this also predates the tests directory.
src/key.rs
Outdated
| impl<'de> ::serde::Deserialize<'de> for PublicKey { | ||
| fn deserialize<D: ::serde::Deserializer<'de>>(d: D) -> Result<PublicKey, D::Error> { | ||
| if d.is_human_readable() { | ||
| d.deserialize_str(super::serde_util::FromStrVisitor::new( | ||
| "an ASCII hex string representing a public key" | ||
| )) | ||
| } else { | ||
| d.deserialize_bytes(super::serde_util::BytesVisitor::new( | ||
| d.deserialize_seq(super::serde_util::SeqVisitor::new( |
There was a problem hiding this comment.
This should be deserialize_tuple
There was a problem hiding this comment.
Oh so implement de::Visitor for each fixed size type we have and use deserialize_tuple, interesting. I'll give it a shot.
There was a problem hiding this comment.
Yes, if you want to keep it generic I suspect you'll have to use PhantomData<fn() -> T>
There was a problem hiding this comment.
With a macro for the serde impls, and serializing with tuple this PR is way cleaner now!
Cargo.toml
Outdated
| @@ -39,6 +39,7 @@ global-context-less-secure = [] | |||
| secp256k1-sys = { version = "0.4.2", default-features = false, path = "./secp256k1-sys" } | |||
| bitcoin_hashes = { version = "0.10", optional = true } | |||
| rand = { version = "0.6", default-features = false, optional = true } | |||
| # Our custom serde code requires an allocator, enable secp256k1 feature `std` or `alloc`. | |||
There was a problem hiding this comment.
Where does it allocate? I don't see any such instance.
Besides, TODO after MSRV bump: use crate renaming trick instead.
There was a problem hiding this comment.
Allocates due to use of the Vec in visit_seq method.
There was a problem hiding this comment.
Ah, I see. Looks like using array is feasible?
There was a problem hiding this comment.
Besides, TODO after MSRV bump: use crate renaming trick instead.
Not sure what you mean here mate, is this comment still relevant with the removal of alloc/vec stuff?
If we follow @Kixunil's suggestion above the |
tcharding
force-pushed
the
fixed-width-serde
branch
from
ba9e23d
to
4169e1f
Compare
src/serde_util.rs
Outdated
| v[i] = value; | ||
| } else { | ||
| let msg = format!("tuple too short, index: {}, expected length: {}", i, $len); | ||
| return Err(de::Error::custom(msg)); |
There was a problem hiding this comment.
invalid_length() would be better. Also I think de::Error is a bit confusing because it refers to the trait not type. Err:: would look better but Err is also special - even used here - how come it even works? I suggest either calling it Error or just E.
src/serde_util.rs
Outdated
| return Err(de::Error::custom(msg)); | ||
| } | ||
| } | ||
| (self.parse_fn)(&v).map_err(de::Error::custom) |
There was a problem hiding this comment.
This error could be specialized too. Maybe parse_fn should return appropriate serde error already?
src/serde_util.rs
Outdated
| macro_rules! impl_tuple_visitor { | ||
| ($thing:ident, $len:expr) => { | ||
| /// Visitor type for de/ser a 32 byte sequence. | ||
| #[cfg(any(feature = "std", feature = "alloc"))] |
There was a problem hiding this comment.
I think this is no longer needed and the reason why test fails. FTR, if it was needed it'd be a demonstration of the compatibility issues I mentioned a few times.
There was a problem hiding this comment.
Oh, sloppy work by me. This is not needed.
Don't the unit tests check that? They test the token is exactly the expected type? Or do you mean that we should pick a binary codec and add a unit test that serializes and checks the number of bytes is as expected? |
|
Thanks for the review @Kixunil, I'll re-spin tomorrow. |
|
I mean this could be regression in data size for some formats. We don't have tests for specific data. |
tcharding
force-pushed
the
fixed-width-serde
branch
from
4169e1f
to
330a18e
Compare
tcharding
force-pushed
the
fixed-width-serde
branch
from
4e4f089
to
a9a129c
Compare
| /// Implements de/serialization with the `serde` feature enabled. Serialized data is fixed width (32 | ||
| /// bytes) if you use `bincode` to do serialization, other binary formats may add metadata to the | ||
| /// serialized data (e.g. cbor and tycho). | ||
| /// |
There was a problem hiding this comment.
I think it'd be very useful to explicitly say we treat it as tuple of 32 u8s for non-human formats. I think it's a good idea to mention serialization formats but I would word it like this:
"This representation is optimal for e.g. bincode format. Some formats may be less optimal."
There was a problem hiding this comment.
While implementing this suggestion I realized that we do not differentiate between human-readable and non-humand-readable in secp as we do in bitcoin. Is this by design or an omission?
There was a problem hiding this comment.
This also means that the docs are now slightly misleading because they imply that we do something different for human-readable formats.
Implements de/serialization with the serde feature enabled. We treat the byte value as a tuple of 33 u8s for non-human-readable formats. This representation is optimal for for some formats (e.g. bincode) however other formats may be less optimal (e.g. cbor).
There was a problem hiding this comment.
Damn, I realized it may sound like we don't implement human-readable format. So should say we do it as hex.
There was a problem hiding this comment.
I documented the hex string for human-readable formats.
tests/serde.rs
Outdated
| let mut e = cbor::Encoder::from_memory(); | ||
| e.encode(sk.as_ref()).unwrap(); | ||
|
|
||
| assert_ne!(e.as_bytes().len(), 32); |
There was a problem hiding this comment.
If cbor adds a byte for each item shouldn't this be 64?
There was a problem hiding this comment.
It only adds metadata if the value is < 24 (no clue why). I've changed the test to check against len==52 and explained the '52' in a code comment. This is a regression test after all so I think its ok to have that hard coded value.
tests/serde.rs
Outdated
| let pk = PublicKey::from_slice(&PK_BYTES).expect("failed to create pk from slice"); | ||
| let ser = bincode::serialize(&pk).unwrap(); | ||
|
|
||
| // We cannot use assert_eq on the whole array because 33 byte array does not implement Debug. |
There was a problem hiding this comment.
I believe assert_eq!(ser, &PK_BYTES as &[u8]) should work.
tcharding
force-pushed
the
fixed-width-serde
branch
2 times, most recently
from
f498e1b
to
7ebb6a5
Compare
|
Changes in foce-push:
|
tcharding
force-pushed
the
fixed-width-serde
branch
from
7ebb6a5
to
f11c1d6
Compare
|
Changes in force-push: Updated serde unit test for |
tcharding
force-pushed
the
fixed-width-serde
branch
2 times, most recently
from
f7eba2b
to
db656a5
Compare
|
And added the hex docs suggestion from above. |
There was a problem hiding this comment.
ACK db656a5
Thank you for checking the actual behavior! And for adding integration tests that will detect if we break things in the future.
I am a little bit wary of this PR beacuse it will result in serialization breakage. It will definitely need to go in a major release at least.
Do you want me to look into adding some sort of compatibility code for migrating from the current serialization to the one in this PR? |
|
@tcharding sure -- but I'm not optimistic because there is no versioning or anything in our encoding. One strategy might be to continue to allow decoding the old format, while only encoding the new format ... but that has the potential to just make the breakage harder-to-find for downstream users. |
|
Ok, without a clear positive way forward I'll leave it as is and hide behind 'not version 1.0 yet' :) |
tcharding
force-pushed
the
fixed-width-serde
branch
from
db656a5
to
76d7cf3
Compare
|
Changes in force push: rebase, the only merge conflict was a path (add |
Currently we serialize keys using the `BytesVisitor`, this causes the serialized data to contain additional metadata encoding the length (an extra 8 bytes) when serialized with the `bincode` crate. This extra data is unnecessary since we know in advance the length of these types. It would be useful for users of the lib to be able to get a fixed width binary serialization, this can be done but it depends on the crate used to do the serialization. We elect to optimise for `bincode` and add docs noting that other binary serialization crates may differ (rustdocs added in separate patches). Implement a tuple based visitor that encodes the keys as fixed width data. Do fixed width serde implementations for: - `SecretKey` - `PublicKey` - `KeyPair` - `XOnlyPublicKey`
Currently the rustdocs for `KeyPair` are stale in regards to serde, we _do_ implement `Serialize` and `Deserialize` for `KeyPair`. Improve the rustdocs for `KeyPair` by removing stale docs and adding docs on fixed width binary serialization.
We recently added fixed width serialization for some types however serialization is only fixed width when data is serialized with the `bincode` crate. Add rustdocs describing fixed width serde to `SecretKey`, `PublicKey`, and `XOnlyPublicKey` (`KeyPair` is already done).
Add a `tests` directory. Add `serde` tests for the recently added fixed width binary serialization code. Please note, serialization is only fixed width when serialized with the `bincode` crate.
tcharding
force-pushed
the
fixed-width-serde
branch
from
76d7cf3
to
3ca7f49
Compare
|
FTR I do not intend to push for this PR to be merged, I am unclear whether it is worth having or not. I will keep rebasing it to give others a chance to comment. |
|
I think up to 25% space saving is worth breaking already unstable library. :) |
|
I have mixed feelings, but concept ACK from me because @Kixunil is so persuasive. Also, selfishly, I think that my personal applications will be unaffected because I always store keys in the ASCII serialization.. Will re-review and merge this shortly. |
Currently we serialize keys using the
BytesVisitor, this causes the serialized data to contain additional metadata encoding the length (an extra 8 bytes) when serialized with bincode.. This extra data is unnecessary since we know in advance the length of these two types.We do not control the data output by serialization of our types because it depends on which crate is used to do the serialization. This PR improves the situation for serialization using the
bincodecrate, and this PR introduces mentions ofbincodein the rustdocs, is this acceptable? See below for a table that describes binary serialization by other crates.Implement a sequence based visitor that encodes the keys as fixed width data for:
SecretKeyPublicKeyKeyPairXOnlyPublicKeyFixes: #295
Question: PR only does keys, do we want to do signatures as well?