From cd4f84f3ba8de37726274f61d5a34477c88433cf Mon Sep 17 00:00:00 2001
From: cheapshot003 <dercheapi@protonmail.com>
Date: Thu, 29 Aug 2024 22:24:20 +0200
Subject: [PATCH] Improve examples/documentation: remove key generation loops

Co-Authored by: Sebastian Falbesoner <sebastian.falbesoner@gmail.com>
---
 examples/ecdh.c     | 22 ++++++++++------------
 examples/ecdsa.c    | 22 ++++++++++------------
 examples/ellswift.c | 21 ++++++++++-----------
 examples/schnorr.c  | 26 ++++++++++++--------------
 include/secp256k1.h |  6 ++++--
 5 files changed, 46 insertions(+), 51 deletions(-)

diff --git a/examples/ecdh.c b/examples/ecdh.c
index d71fd2f604..ef9e8b896f 100644
--- a/examples/ecdh.c
+++ b/examples/ecdh.c
@@ -42,18 +42,16 @@ int main(void) {
     assert(return_val);
 
     /*** Key Generation ***/
-
-    /* If the secret key is zero or out of range (bigger than secp256k1's
-     * order), we try to sample a new key. Note that the probability of this
-     * happening is negligible. */
-    while (1) {
-        if (!fill_random(seckey1, sizeof(seckey1)) || !fill_random(seckey2, sizeof(seckey2))) {
-            printf("Failed to generate randomness\n");
-            return 1;
-        }
-        if (secp256k1_ec_seckey_verify(ctx, seckey1) && secp256k1_ec_seckey_verify(ctx, seckey2)) {
-            break;
-        }
+    if (!fill_random(seckey1, sizeof(seckey1)) || !fill_random(seckey2, sizeof(seckey2))) {
+        printf("Failed to generate randomness\n");
+        return 1;
+    }
+    /* If the secret key is zero or out of range (greater than secp256k1's
+    * order), we fail. Note that the probability of this occurring
+    * is negligible with a properly functioning random number generator. */
+    if (!secp256k1_ec_seckey_verify(ctx, seckey1) || !secp256k1_ec_seckey_verify(ctx, seckey2)) {
+        printf("Generated secret key is invalid. This indicates an issue with the random number generator.\n");
+        return 1;
     }
 
     /* Public key creation using a valid context with a verified secret key should never fail */
diff --git a/examples/ecdsa.c b/examples/ecdsa.c
index d5c4613d9c..433c58ffb8 100644
--- a/examples/ecdsa.c
+++ b/examples/ecdsa.c
@@ -49,18 +49,16 @@ int main(void) {
     assert(return_val);
 
     /*** Key Generation ***/
-
-    /* If the secret key is zero or out of range (bigger than secp256k1's
-     * order), we try to sample a new key. Note that the probability of this
-     * happening is negligible. */
-    while (1) {
-        if (!fill_random(seckey, sizeof(seckey))) {
-            printf("Failed to generate randomness\n");
-            return 1;
-        }
-        if (secp256k1_ec_seckey_verify(ctx, seckey)) {
-            break;
-        }
+    /* If the secret key is zero or out of range (greater than secp256k1's
+    * order), we return 1. Note that the probability of this occurring
+    * is negligible with a properly functioning random number generator. */
+    if (!fill_random(seckey, sizeof(seckey))) {
+        printf("Failed to generate randomness\n");
+        return 1;
+    }
+    if (!secp256k1_ec_seckey_verify(ctx, seckey)) {
+        printf("Generated secret key is invalid. This indicates an issue with the random number generator.\n");
+        return 1;
     }
 
     /* Public key creation using a valid context with a verified secret key should never fail */
diff --git a/examples/ellswift.c b/examples/ellswift.c
index 52be7eebfb..e6159f36c9 100644
--- a/examples/ellswift.c
+++ b/examples/ellswift.c
@@ -48,17 +48,16 @@ int main(void) {
 
     /*** Generate secret keys ***/
 
-    /* If the secret key is zero or out of range (bigger than secp256k1's
-     * order), we try to sample a new key. Note that the probability of this
-     * happening is negligible. */
-    while (1) {
-        if (!fill_random(seckey1, sizeof(seckey1)) || !fill_random(seckey2, sizeof(seckey2))) {
-            printf("Failed to generate randomness\n");
-            return 1;
-        }
-        if (secp256k1_ec_seckey_verify(ctx, seckey1) && secp256k1_ec_seckey_verify(ctx, seckey2)) {
-            break;
-        }
+    /* If the secret key is zero or out of range (greater than secp256k1's
+     * order), we return 1. Note that the probability of this occurring
+     * is negligible with a properly functioning random number generator. */
+    if (!fill_random(seckey1, sizeof(seckey1)) || !fill_random(seckey2, sizeof(seckey2))) {
+        printf("Failed to generate randomness\n");
+        return 1;
+    }
+    if (!secp256k1_ec_seckey_verify(ctx, seckey1) || !secp256k1_ec_seckey_verify(ctx, seckey2)) {
+        printf("Generated secret key is invalid. This indicates an issue with the random number generator.\n");
+        return 1;
     }
 
     /* Generate ElligatorSwift public keys. This should never fail with valid context and
diff --git a/examples/schnorr.c b/examples/schnorr.c
index 8d5d14bdaf..adced235b3 100644
--- a/examples/schnorr.c
+++ b/examples/schnorr.c
@@ -43,20 +43,18 @@ int main(void) {
     assert(return_val);
 
     /*** Key Generation ***/
-
-    /* If the secret key is zero or out of range (bigger than secp256k1's
-     * order), we try to sample a new key. Note that the probability of this
-     * happening is negligible. */
-    while (1) {
-        if (!fill_random(seckey, sizeof(seckey))) {
-            printf("Failed to generate randomness\n");
-            return 1;
-        }
-        /* Try to create a keypair with a valid context, it should only fail if
-         * the secret key is zero or out of range. */
-        if (secp256k1_keypair_create(ctx, &keypair, seckey)) {
-            break;
-        }
+    /* If the secret key is zero or out of range (greater than secp256k1's
+    * order), we return 1. Note that the probability of this occurring
+    * is negligible with a properly functioning random number generator. */
+    if (!fill_random(seckey, sizeof(seckey))) {
+        printf("Failed to generate randomness\n");
+        return 1;
+    }
+    /* Try to create a keypair with a valid context, it should only fail if
+     * the secret key is zero or out of range. */
+    if (!secp256k1_keypair_create(ctx, &keypair, seckey)) {
+        printf("Generated secret key is invalid. This indicates an issue with the random number generator.\n");
+	return 1;
     }
 
     /* Extract the X-only public key from the keypair. We pass NULL for
diff --git a/include/secp256k1.h b/include/secp256k1.h
index cfbdd528c2..88928111c4 100644
--- a/include/secp256k1.h
+++ b/include/secp256k1.h
@@ -679,12 +679,14 @@ SECP256K1_API int secp256k1_ecdsa_sign(
     const void *ndata
 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4);
 
-/** Verify an ECDSA secret key.
+/** Verify an elliptic curve secret key.
  *
  *  A secret key is valid if it is not 0 and less than the secp256k1 curve order
  *  when interpreted as an integer (most significant byte first). The
  *  probability of choosing a 32-byte string uniformly at random which is an
- *  invalid secret key is negligible.
+ *  invalid secret key is negligible. However, if it does happen it should 
+ *  be assumed that the randomness source is severely broken and there should
+ *  be no retry.
  *
  *  Returns: 1: secret key is valid
  *           0: secret key is invalid