refactor: update lints and improve function signatures in blst implementation

Author: varex83

crates/charon-crypto/Cargo.toml

@@ -16,7 +16,7 @@ hex.workspace = true
 
 [lints.rust]
 # Allow unsafe code for blst C bindings (overrides workspace forbid)
-unsafe_code = "allow"
+unsafe_code = "deny"
 missing_docs = "deny"
 
 [lints.clippy]

crates/charon-crypto/src/blst_impl.rs

@@ -3,6 +3,7 @@
 //! Implementation of threshold BLS signatures using the blst library.
 //! This implementation is compatible with the Herumi BLS library used in the Go
 //! implementation.
+#![allow(unsafe_code)]
 
 use std::collections::HashMap;
 
@@ -107,7 +108,7 @@ impl Tbls for BlstImpl {
         self.threshold_split_insecure(secret_key, total, threshold, OsRng)
     }
 
-    fn recover_secret(&self, shares: HashMap<Index, PrivateKey>) -> Result<PrivateKey, Error> {
+    fn recover_secret(&self, shares: &HashMap<Index, PrivateKey>) -> Result<PrivateKey, Error> {
         if shares.is_empty() {
             return Err(Error::InvalidThreshold {
                 threshold: 0,
@@ -161,7 +162,7 @@ impl Tbls for BlstImpl {
 
     fn threshold_aggregate(
         &self,
-        partial_signatures_by_idx: HashMap<Index, Signature>,
+        partial_signatures_by_idx: &HashMap<Index, Signature>,
     ) -> Result<Signature, Error> {
         if partial_signatures_by_idx.is_empty() {
             return Err(Error::EmptySignatureArray);
@@ -598,7 +599,7 @@ mod tests {
         }
 
         // Aggregate the threshold signatures
-        let total_sig = blst.threshold_aggregate(signatures).unwrap();
+        let total_sig = blst.threshold_aggregate(&signatures).unwrap();
 
         // Expected signature from the Go implementation
         let expected_sig = hex::decode("b46736c3a1fb5d7977acc6abf3cb3a10fd1a5aed301437022f28cf616326186654d747fda7cd530c2bf18c640e4c024b01d7ba38d90e4abe0cc5356ef63b8e20f717ef0a1f68c3292bd62b4f891345ecafa89a8604f8f6c3ce193dc239215adf").unwrap();
@@ -658,7 +659,7 @@ mod tests {
             .map(|(k, v)| (*k, *v))
             .collect();
 
-        let recovered_sk = blst.recover_secret(subset).unwrap();
+        let recovered_sk = blst.recover_secret(&subset).unwrap();
         assert_eq!(sk, recovered_sk);
     }
 
@@ -675,7 +676,7 @@ mod tests {
         assert_eq!(shares.len(), total as usize);
 
         // Recover using all shares
-        let recovered = blst.recover_secret(shares).unwrap();
+        let recovered = blst.recover_secret(&shares).unwrap();
         assert_eq!(
             secret, recovered,
             "Secret recovered from all shares should match original"
@@ -703,7 +704,7 @@ mod tests {
         }
 
         // Aggregate threshold signatures
-        let aggregated_sig = blst.threshold_aggregate(signatures).unwrap();
+        let aggregated_sig = blst.threshold_aggregate(&signatures).unwrap();
 
         // Both signatures should be identical
         assert_eq!(
@@ -891,7 +892,7 @@ mod tests {
         let subset: HashMap<Index, PrivateKey> =
             shares.iter().take(2).map(|(k, v)| (*k, *v)).collect();
 
-        let recovered = blst.recover_secret(subset).unwrap();
+        let recovered = blst.recover_secret(&subset).unwrap();
         assert_eq!(sk, recovered);
     }
 

crates/charon-crypto/src/tbls.rs

@@ -10,21 +10,21 @@ use crate::types::{Error, Index, PrivateKey, PublicKey, Signature};
 
 /// Tbls trait
 pub trait Tbls {
-    /// GenerateSecretKey generates a secret key and returns its compressed
+    /// Generates a secret key and returns its compressed
     /// serialized representation.
     fn generate_secret_key(&self, rng: impl RngCore + CryptoRng) -> Result<PrivateKey, Error>;
 
-    /// generateInsecureSecret generates a secret that is not cryptographically
+    /// Generates a secret that is not cryptographically
     /// secure using the provided random number generator. This is useful
     /// for testing.
     fn generate_insecure_secret(&self, rng: impl RngCore + CryptoRng) -> Result<PrivateKey, Error>;
 
-    /// SecretToPublicKey extracts the public key associated with the secret
+    /// Extracts the public key associated with the secret
     /// passed in input, and returns its compressed serialized
     /// representation.
     fn secret_to_public_key(&self, secret_key: &PrivateKey) -> Result<PublicKey, Error>;
 
-    /// thresholdSplitInsecure splits a compressed secret into total units of
+    /// Splits a compressed secret into total units of
     /// secret keys, with the given threshold. It returns a map that
     /// associates each private, compressed private key to its ID.
     ///
@@ -55,25 +55,25 @@ pub trait Tbls {
         threshold: Index,
     ) -> Result<HashMap<Index, PrivateKey>, Error>;
 
-    /// RecoverSecret recovers a secret from a set of shares
+    /// Recovers a secret from a set of shares
     ///
     /// # Limitations
     ///
     /// Share IDs must be < 255 due to underlying BLS library constraints.
-    fn recover_secret(&self, shares: HashMap<Index, PrivateKey>) -> Result<PrivateKey, Error>;
+    fn recover_secret(&self, shares: &HashMap<Index, PrivateKey>) -> Result<PrivateKey, Error>;
 
-    /// Aggregate aggregates a set of signatures into a single signature
+    /// Aggregates a set of signatures into a single signature
     fn aggregate(&self, signatures: Vec<Signature>) -> Result<Signature, Error>;
 
-    /// ThresholdAggregate aggregates a set of partial signatures into a single
+    /// Aggregates a set of partial signatures into a single
     /// signature
     ///
     /// # Limitations
     ///
     /// Share IDs must be < 255 due to underlying BLS library constraints.
     fn threshold_aggregate(
         &self,
-        partial_signatures_by_idx: HashMap<Index, Signature>,
+        partial_signatures_by_idx: &HashMap<Index, Signature>,
     ) -> Result<Signature, Error>;
 
     /// Verify verifies a signature
@@ -84,10 +84,10 @@ pub trait Tbls {
         raw_signature: &Signature,
     ) -> Result<(), Error>;
 
-    /// Sign signs a message with a private key
+    /// Signs a message with a private key
     fn sign(&self, private_key: &PrivateKey, data: &[u8]) -> Result<Signature, Error>;
 
-    /// ThresholdSign signs a message with a set of private keys
+    /// Verifies an aggregate signature
     fn verify_aggregate(
         &self,
         public_keys: Vec<PublicKey>,