Merge #307: various FFI cleanups and soundness fixes

405487e ffi: move Raw* structs out of FFI crate (Andrew Poelstra)
c42a375 ffi: don't use empty enums for opaque types (Andrew Poelstra)
2d8c56e ffi: remove c_set_rawElementsTapEnv (Andrew Poelstra)
4bc03bf ffi: remove c_set_rawElementsTransaction (Andrew Poelstra)
b0e8484 ffi: remove c_set_rawBuffer method (Andrew Poelstra)
5dab248 ffi: delete the c_set_rawElementsInput method (Andrew Poelstra)
32c66e0 ffi: store pegin genesis hash in RawInputData (Andrew Poelstra)
224645a ffi: delete the c_set_rawElementsOutput method (Andrew Poelstra)
818b380 ffi: replace some "pointer to assumed length" types with optional references (Andrew Poelstra)
e23a1b3 ffi: don't flatten CRawInput structure (Andrew Poelstra)
66a468c simplicity-sys: delete dead links to C code (Andrew Poelstra)
a925cd9 simplicity-sys: move all the elements FFI stuff into its own module (Andrew Poelstra)
78568e6 simplicity_sys: rename c_env.rs to c_env/mod.rs (Andrew Poelstra)

Pull request description:

  Currently our transaction environment construction is quite complicated, and (as a consequence) unsound in a couple of places. This was implemented in PRs #49 through #52 in the early days of this crate with very little review, using a strategy copied from Haskell but not really appropriate for Rust.
  
  In particular:
  
  * We do not need custom marshalling functions in Rust because we can directly define `repr(C)` structs
  * ...in doing so, we may use Rust references in place of raw pointers, as long as the C code upholds the Rust aliasing rules (which it does, at least for these read-only POD types); in fact we may use optional references in place of nullable pointers
  * ...and we can use arrays and pointers to arrays in place of pointers to primitive types which are supposed to point to a specific number of elements
  * ...but we must make sure that any data we produce a pointer or reference to outlives the pointer/reference!
  
  There was at least one instance where we were creating a temporary variable and extracting a pointer from it, which would then outlive the object it pointed into. (This occurred for the annex, though in dead code, and for the pegin genesis hash, in live code that has never been used.)
  
  As an aside, we used empty enums in a couple places for opaque types. We should not do this, according to the nomicon.


ACKs for top commit:
  canndrew:
    ACK 405487e


Tree-SHA512: 76e08be787fdfa99ccbe3778cf5553c671fa8b556f071658e9dd1c58c0d0dff8aa1a132b77f3e12eea018dbdb47906e0c0e4d3135c53948a2472d4d16c927237

Author: apoelstra

simplicity-sys/depend/env.c

@@ -25,49 +25,6 @@ const size_t rustsimplicity_0_5_c_alignof_rawElementsTransaction = alignof(rawEl
 const size_t rustsimplicity_0_5_c_alignof_rawElementsTapEnv = alignof(rawElementsTapEnv);
 const size_t rustsimplicity_0_5_c_alignof_txEnv = alignof(txEnv);
 
-void rustsimplicity_0_5_c_set_rawElementsBuffer(rawElementsBuffer *result, const unsigned char *buf, unsigned int len)
-{
-    *result = (rawElementsBuffer){.buf = buf, .len = len};
-}
-
-void rustsimplicity_0_5_c_set_rawElementsOutput(rawElementsOutput *result, const unsigned char *asset, const unsigned char *value, const unsigned char *nonce, const rawElementsBuffer *scriptPubKey,
-                     const rawElementsBuffer *surjectionProof, const rawElementsBuffer *rangeProof)
-{
-    *result = (rawElementsOutput){.asset = asset, .value = value, .nonce = nonce, .scriptPubKey = *scriptPubKey, .surjectionProof = *surjectionProof, .rangeProof = *rangeProof};
-}
-
-void rustsimplicity_0_5_c_set_rawElementsInput(rawElementsInput *result, const rawElementsBuffer *annex, const unsigned char *pegin, const rawElementsBuffer *scriptSig,
-                    const unsigned char *prevTxid, unsigned int prevIx,
-                    const unsigned char *asset, const unsigned char *value, const rawElementsBuffer *scriptPubKey,
-                    unsigned int sequence,
-                    const unsigned char *blindingNonce, const unsigned char *assetEntropy, const unsigned char *amount, const unsigned char *inflationKeys,
-                    const rawElementsBuffer *amountRangePrf, const rawElementsBuffer *inflationKeysRangePrf)
-{
-    *result = (rawElementsInput){.annex = annex, .scriptSig = *scriptSig, .prevTxid = prevTxid, .pegin = pegin, .issuance = {.blindingNonce = blindingNonce, .assetEntropy = assetEntropy, .amount = amount, .inflationKeys = inflationKeys, .amountRangePrf = *amountRangePrf, .inflationKeysRangePrf = *inflationKeysRangePrf}, .txo = {.asset = asset, .value = value, .scriptPubKey = *scriptPubKey}, .prevIx = prevIx, .sequence = sequence};
-}
-
-void rustsimplicity_0_5_c_set_rawElementsTransaction(rawElementsTransaction *result, unsigned int version,
-                          const unsigned char *txid,
-                          const rawElementsInput *input, unsigned int numInputs,
-                          const rawElementsOutput *output, unsigned int numOutputs,
-                          unsigned int lockTime)
-{
-    *result = (rawElementsTransaction){
-        .version = version,
-        .txid = txid,
-        .input = input,
-        .numInputs = numInputs,
-        .output = output,
-        .numOutputs = numOutputs,
-        .lockTime = lockTime,
-    };
-}
-
-void rustsimplicity_0_5_c_set_rawElementsTapEnv(rawElementsTapEnv *result, const unsigned char *controlBlock, unsigned char pathLen, const unsigned char *scriptCMR)
-{
-    *result = (rawElementsTapEnv){.controlBlock = controlBlock, .pathLen = pathLen, .scriptCMR = scriptCMR};
-}
-
 void rustsimplicity_0_5_c_set_txEnv(txEnv *result, const elementsTransaction *tx, const elementsTapEnv *taproot, const unsigned char *genesisHash, unsigned int ix)
 {
     sha256_midstate genesis;