Description
We would like to enable some for of secure erasure downstream. I'm not able to do this but I'd at least like to provide a "non-secure erase" and then people can put compiler fences or whatever around that and vet their own assembler or whatever they think will be sufficient.
However, in rust-secp our types have invariants to maintain -- in particular, secret keys cannot be 0 or out-of-range, public keys must be on the curve, and keypairs must have consistent secret and public keys. Violating these will potentially trigger ARG_CHECKs. So users can't simply memset stuff to 0 and call it a day (or rather, if they do this, they need unsafe code and then need to be very careful not to use the zeroed-out object again).
OTOH, it's hard in rust-secp for us to provide "dummy" values of these types, because they're opaque types and the C library reserves the right to change them out from under us without warning (and already, they're inconsistent between machines of different endianness).
So I'd like upstream libsecp to provide these "dummy" values. Specifically:
- a
secp256k1_pubkeycorresponding to a secret key whose value is 1 (or 0xDEADBEEF, or whatever) - a
secp256k1_xonly_pubkeywith the same story - a
secp256k1_keypair
I don't care whether these have the same secret key, or whether they commit to having any particular secret key, or being consistent across versions, or whatever. They just have to be valid and uncorrelated with any actual secret data.
Opening an issue first rather than PR'ing so we can discuss the merits of this.