From 5600e6fc4bb4f8e82adc58fc676ec44730e3cec4 Mon Sep 17 00:00:00 2001 From: fanquake Date: Tue, 22 Jul 2025 09:35:01 +0100 Subject: [PATCH] Squashed 'src/secp256k1/' changes from 4187a46649..b9313c6e1a b9313c6e1a Merge bitcoin-core/secp256k1#1708: release cleanup: bump version after 0.7.0 a660a4976e Merge bitcoin-core/secp256k1#1707: release: Prepare for 0.7.0 7ab8b0cc01 release cleanup: bump version after 0.7.0 a3e742d947 release: Prepare for 0.7.0 f67b0ac1a0 ci: Don't hardcode ABI version 020ee60495 Merge bitcoin-core/secp256k1#1706: musig/tests: initialize keypair cde4130898 musig/tests: initialize keypair 6037833c9e Merge bitcoin-core/secp256k1#1702: changelog: update 40b4a06520 changelog: update 5e74086dc8 Merge bitcoin-core/secp256k1#1705: musig/test: Remove dead code 7c3380423c Merge bitcoin-core/secp256k1#1696: build: Refactor visibility logic and add override 8d967a602b musig/test: Remove dead code 983711cd6d musig/tests: Refactor vectors_signverify 73a695958a Merge bitcoin-core/secp256k1#1704: cmake: Make `secp256k1_objs` inherit interface defines from `secp256k1` bf082221ff cmake: Make `secp256k1_objs` inherit interface defines from `secp256k1` c82d84bb86 build: add CMake option for disabling symbol visibility attributes ce7923874f build: Add SECP256K1_NO_API_VISIBILITY_ATTRIBUTES e5297f6d79 build: Refactor visibility logic cbbbf3bd6e Merge bitcoin-core/secp256k1#1699: ci: enable musig module for native macOS arm64 job 943479a7a3 Merge bitcoin-core/secp256k1#1694: Revert "cmake: configure libsecp256k1.pc during install" 3352f9d667 ci: enable musig module for native macOS arm64 job ad60ef7ea7 Merge bitcoin-core/secp256k1#1689: ci: Convert `arm64` Cirrus tasks to GHA jobs c498779096 Merge bitcoin-core/secp256k1#1687: cmake: support the use of launchers in ctest -S scripts 44b205e9ee Revert "cmake: configure libsecp256k1.pc during install" 0dfe387dbe cmake: support the use of launchers in ctest -S scripts 89096c234d Merge bitcoin-core/secp256k1#1692: cmake: configure libsecp256k1.pc during install 7106dce6fd cmake: configure libsecp256k1.pc during install 29e73f4ba5 Merge bitcoin-core/secp256k1#1685: cmake: Emulate Libtool's behavior on FreeBSD 746e36b141 Merge bitcoin-core/secp256k1#1678: cmake: add a helper for linking into static libs a28c2ffa5c Merge bitcoin-core/secp256k1#1683: README: add link to musig example 2a9d374735 Merge bitcoin-core/secp256k1#1690: ci: Bump GCC snapshot major version to 16 add146e101 ci: Bump GCC snapshot major version to 16 004f57fcd8 ci: Move Valgrind build for `arm64` from Cirrus to GHA 5fafdfc30f ci: Move `gcc-snapshot` build for `arm64` from Cirrus to GHA e814b79a8b ci: Switch `arm64_debian` from QEMU to native `arm64` Docker image bcf77346b9 ci: Add `arm64` architecture to `docker_cache` job b77aae9226 ci: Rename Docker image tag to reflect architecture 145ae3e28d cmake: add a helper for linking into static libs 819210974b README: add link to musig example, generalize module enabling hint 95db29b144 Merge bitcoin-core/secp256k1#1679: cmake: Use `PUBLIC_HEADER` target property in installation logic 37dd422b5c cmake: Emulate Libtool's behavior on FreeBSD f24b838bed Merge bitcoin-core/secp256k1#1680: doc: Promote "Building with CMake" to standard procedure 3f31ac43e0 doc: Promote "Building with CMake" to standard procedure 6f67151ee2 cmake: Use `PUBLIC_HEADER` target property c32715b2a0 cmake, move-only: Move module option processing to `src/CMakeLists.txt` 201b2b8f06 Merge bitcoin-core/secp256k1#1675: cmake: Bump minimum required CMake version to 3.22 3af71987a8 cmake: Bump minimum required CMake version to 3.22 92394476e9 Merge bitcoin-core/secp256k1#1673: Assert field magnitude at control-flow join 3a4f448cb4 Assert field magnitude at control-flow join 9fab425256 Merge bitcoin-core/secp256k1#1668: bench_ecmult: add benchmark for ecmult_const_xonly 05445377f4 bench_ecmult: add benchmark for ecmult_const_xonly bb597b3d39 Merge bitcoin-core/secp256k1#1670: tests: update wycheproof files d73ed99479 tests: update wycheproof files git-subtree-dir: src/secp256k1 git-subtree-split: b9313c6e1a6082a66b4c75777e18ca4b176fcf9d --- .cirrus.yml | 104 --------------- .github/workflows/ci.yml | 112 ++++++++++------- CHANGELOG.md | 23 +++- CMakeLists.txt | 55 ++------ CMakePresets.json | 1 - README.md | 7 +- ci/ci.sh | 2 +- ci/linux-debian.Dockerfile | 2 +- configure.ac | 4 +- include/secp256k1.h | 88 +++++++------ src/CMakeLists.txt | 119 +++++++++++------- src/bench_ecmult.c | 31 +++++ src/ecmult_const_impl.h | 2 + src/modules/musig/tests_impl.h | 13 +- src/wycheproof/WYCHEPROOF_COPYING | 12 +- src/wycheproof/ecdh_secp256k1_test.json | 5 +- .../ecdsa_secp256k1_sha256_bitcoin_test.json | 4 +- 17 files changed, 281 insertions(+), 303 deletions(-) delete mode 100644 .cirrus.yml diff --git a/.cirrus.yml b/.cirrus.yml deleted file mode 100644 index 023cd1916c2..00000000000 --- a/.cirrus.yml +++ /dev/null @@ -1,104 +0,0 @@ -env: - ### cirrus config - CIRRUS_CLONE_DEPTH: 1 - ### compiler options - HOST: - WRAPPER_CMD: - # Specific warnings can be disabled with -Wno-error=foo. - # -pedantic-errors is not equivalent to -Werror=pedantic and thus not implied by -Werror according to the GCC manual. - WERROR_CFLAGS: -Werror -pedantic-errors - MAKEFLAGS: -j4 - BUILD: check - ### secp256k1 config - ECMULTWINDOW: 15 - ECMULTGENKB: 22 - ASM: no - WIDEMUL: auto - WITH_VALGRIND: yes - EXTRAFLAGS: - ### secp256k1 modules - EXPERIMENTAL: no - ECDH: no - RECOVERY: no - EXTRAKEYS: no - SCHNORRSIG: no - MUSIG: no - ELLSWIFT: no - ### test options - SECP256K1_TEST_ITERS: 64 - BENCH: yes - SECP256K1_BENCH_ITERS: 2 - CTIMETESTS: yes - SYMBOL_CHECK: yes - VIRTUAL_ENV: /root/venv - # Compile and run the tests - EXAMPLES: yes - -cat_logs_snippet: &CAT_LOGS - always: - cat_tests_log_script: - - cat tests.log || true - cat_noverify_tests_log_script: - - cat noverify_tests.log || true - cat_exhaustive_tests_log_script: - - cat exhaustive_tests.log || true - cat_ctime_tests_log_script: - - cat ctime_tests.log || true - cat_bench_log_script: - - cat bench.log || true - cat_config_log_script: - - cat config.log || true - cat_test_env_script: - - cat test_env.log || true - cat_ci_env_script: - - env - -linux_arm64_container_snippet: &LINUX_ARM64_CONTAINER - env_script: - - export PATH="$VIRTUAL_ENV/bin:$PATH" - - env | tee /tmp/env - build_script: - - DOCKER_BUILDKIT=1 docker build --file "ci/linux-debian.Dockerfile" --tag="ci_secp256k1_arm" - - docker image prune --force # Cleanup stale layers - test_script: - - docker run --rm --mount "type=bind,src=./,dst=/ci_secp256k1" --env-file /tmp/env --replace --name "ci_secp256k1_arm" "ci_secp256k1_arm" bash -c "cd /ci_secp256k1/ && ./ci/ci.sh" - -task: - name: "ARM64: Linux (Debian stable)" - persistent_worker: - labels: - type: arm64 - env: - ECDH: yes - RECOVERY: yes - EXTRAKEYS: yes - SCHNORRSIG: yes - MUSIG: yes - ELLSWIFT: yes - matrix: - # Currently only gcc-snapshot, the other compilers are tested on GHA with QEMU - - env: { CC: 'gcc-snapshot' } - << : *LINUX_ARM64_CONTAINER - << : *CAT_LOGS - -task: - name: "ARM64: Linux (Debian stable), Valgrind" - persistent_worker: - labels: - type: arm64 - env: - ECDH: yes - RECOVERY: yes - EXTRAKEYS: yes - SCHNORRSIG: yes - MUSIG: yes - ELLSWIFT: yes - WRAPPER_CMD: 'valgrind --error-exitcode=42' - SECP256K1_TEST_ITERS: 2 - matrix: - - env: { CC: 'gcc' } - - env: { CC: 'clang' } - - env: { CC: 'gcc-snapshot' } - - env: { CC: 'clang-snapshot' } - << : *LINUX_ARM64_CONTAINER - << : *CAT_LOGS diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index a3108d6bb1a..d5196c53bfb 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -46,8 +46,18 @@ env: jobs: docker_cache: - name: "Build Docker image" - runs-on: ubuntu-latest + name: "Build ${{ matrix.arch }} Docker image" + runs-on: ${{ matrix.runner }} + + strategy: + fail-fast: false + matrix: + include: + - arch: x64 + runner: ubuntu-latest + - arch: arm64 + runner: ubuntu-24.04-arm + steps: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 @@ -60,11 +70,11 @@ jobs: uses: docker/build-push-action@v5 with: file: ./ci/linux-debian.Dockerfile - tags: linux-debian-image + tags: ${{ matrix.arch }}-debian-image cache-from: type=gha cache-to: type=gha,mode=min - linux_debian: + x86_64-debian: name: "x86_64: Linux (Debian stable)" runs-on: ubuntu-latest needs: docker_cache @@ -106,7 +116,7 @@ jobs: uses: ./.github/actions/run-in-docker-action with: dockerfile: ./ci/linux-debian.Dockerfile - tag: linux-debian-image + tag: x64-debian-image - name: Print logs uses: ./.github/actions/print-logs @@ -142,7 +152,7 @@ jobs: uses: ./.github/actions/run-in-docker-action with: dockerfile: ./ci/linux-debian.Dockerfile - tag: linux-debian-image + tag: x64-debian-image - name: Print logs uses: ./.github/actions/print-logs @@ -174,7 +184,7 @@ jobs: uses: ./.github/actions/run-in-docker-action with: dockerfile: ./ci/linux-debian.Dockerfile - tag: linux-debian-image + tag: x64-debian-image - name: Print logs uses: ./.github/actions/print-logs @@ -215,21 +225,19 @@ jobs: uses: ./.github/actions/run-in-docker-action with: dockerfile: ./ci/linux-debian.Dockerfile - tag: linux-debian-image + tag: x64-debian-image - name: Print logs uses: ./.github/actions/print-logs if: ${{ !cancelled() }} - arm64_debian: - name: "ARM64: Linux (Debian stable, QEMU)" - runs-on: ubuntu-latest + arm64-debian: + name: "arm64: Linux (Debian stable)" + runs-on: ubuntu-24.04-arm needs: docker_cache env: - WRAPPER_CMD: 'qemu-aarch64' SECP256K1_TEST_ITERS: 16 - HOST: 'aarch64-linux-gnu' WITH_VALGRIND: 'no' ECDH: 'yes' RECOVERY: 'yes' @@ -238,27 +246,26 @@ jobs: MUSIG: 'yes' ELLSWIFT: 'yes' CTIMETESTS: 'no' + CC: ${{ matrix.cc }} strategy: fail-fast: false matrix: - configuration: - - env_vars: { } # gcc - - env_vars: # clang - CC: 'clang --target=aarch64-linux-gnu' - - env_vars: # clang-snapshot - CC: 'clang-snapshot --target=aarch64-linux-gnu' + cc: + - 'gcc' + - 'clang' + - 'gcc-snapshot' + - 'clang-snapshot' steps: - name: Checkout uses: actions/checkout@v4 - name: CI script - env: ${{ matrix.configuration.env_vars }} uses: ./.github/actions/run-in-docker-action with: dockerfile: ./ci/linux-debian.Dockerfile - tag: linux-debian-image + tag: arm64-debian-image - name: Print logs uses: ./.github/actions/print-logs @@ -290,7 +297,7 @@ jobs: uses: ./.github/actions/run-in-docker-action with: dockerfile: ./ci/linux-debian.Dockerfile - tag: linux-debian-image + tag: x64-debian-image - name: Print logs uses: ./.github/actions/print-logs @@ -298,18 +305,38 @@ jobs: valgrind_debian: - name: "Valgrind (memcheck)" - runs-on: ubuntu-latest + name: "Valgrind ${{ matrix.binary_arch }} (memcheck)" + runs-on: ${{ matrix.runner }} needs: docker_cache strategy: fail-fast: false matrix: - configuration: - - env_vars: { CC: 'clang', ASM: 'auto' } - - env_vars: { CC: 'i686-linux-gnu-gcc', HOST: 'i686-linux-gnu', ASM: 'auto' } - - env_vars: { CC: 'clang', ASM: 'no', ECMULTGENKB: 2, ECMULTWINDOW: 2 } - - env_vars: { CC: 'i686-linux-gnu-gcc', HOST: 'i686-linux-gnu', ASM: 'no', ECMULTGENKB: 2, ECMULTWINDOW: 2 } + include: + - docker_arch: x64 + runner: ubuntu-latest + binary_arch: x64 + env_vars: { CC: 'clang', ASM: 'auto' } + - docker_arch: x64 + runner: ubuntu-latest + binary_arch: i686 + env_vars: { CC: 'i686-linux-gnu-gcc', HOST: 'i686-linux-gnu', ASM: 'auto' } + - docker_arch: arm64 + runner: ubuntu-24.04-arm + binary_arch: arm64 + env_vars: { CC: 'clang', ASM: 'auto' } + - docker_arch: x64 + runner: ubuntu-latest + binary_arch: x64 + env_vars: { CC: 'clang', ASM: 'no', ECMULTGENKB: 2, ECMULTWINDOW: 2 } + - docker_arch: x64 + runner: ubuntu-latest + binary_arch: i686 + env_vars: { CC: 'i686-linux-gnu-gcc', HOST: 'i686-linux-gnu', ASM: 'no', ECMULTGENKB: 2, ECMULTWINDOW: 2 } + - docker_arch: arm64 + runner: ubuntu-24.04-arm + binary_arch: arm64 + env_vars: { CC: 'clang', ASM: 'no', ECMULTGENKB: 2, ECMULTWINDOW: 2 } env: # The `--error-exitcode` is required to make the test fail if valgrind found errors, @@ -329,11 +356,11 @@ jobs: uses: actions/checkout@v4 - name: CI script - env: ${{ matrix.configuration.env_vars }} + env: ${{ matrix.env_vars }} uses: ./.github/actions/run-in-docker-action with: dockerfile: ./ci/linux-debian.Dockerfile - tag: linux-debian-image + tag: ${{ matrix.docker_arch }}-debian-image - name: Print logs uses: ./.github/actions/print-logs @@ -377,7 +404,7 @@ jobs: uses: ./.github/actions/run-in-docker-action with: dockerfile: ./ci/linux-debian.Dockerfile - tag: linux-debian-image + tag: x64-debian-image - name: Print logs uses: ./.github/actions/print-logs @@ -428,7 +455,7 @@ jobs: uses: ./.github/actions/run-in-docker-action with: dockerfile: ./ci/linux-debian.Dockerfile - tag: linux-debian-image + tag: x64-debian-image - name: Print logs uses: ./.github/actions/print-logs @@ -471,7 +498,7 @@ jobs: uses: ./.github/actions/run-in-docker-action with: dockerfile: ./ci/linux-debian.Dockerfile - tag: linux-debian-image + tag: x64-debian-image - name: Print logs uses: ./.github/actions/print-logs @@ -546,13 +573,13 @@ jobs: fail-fast: false matrix: env_vars: - - { WIDEMUL: 'int64', RECOVERY: 'yes', ECDH: 'yes', EXTRAKEYS: 'yes', SCHNORRSIG: 'yes', ELLSWIFT: 'yes' } + - { WIDEMUL: 'int64', RECOVERY: 'yes', ECDH: 'yes', EXTRAKEYS: 'yes', SCHNORRSIG: 'yes', MUSIG: 'yes', ELLSWIFT: 'yes' } - { WIDEMUL: 'int128_struct', ECMULTGENPRECISION: 2, ECMULTWINDOW: 4 } - - { WIDEMUL: 'int128', ECDH: 'yes', EXTRAKEYS: 'yes', SCHNORRSIG: 'yes', ELLSWIFT: 'yes' } + - { WIDEMUL: 'int128', ECDH: 'yes', EXTRAKEYS: 'yes', SCHNORRSIG: 'yes', MUSIG: 'yes', ELLSWIFT: 'yes' } - { WIDEMUL: 'int128', RECOVERY: 'yes' } - - { WIDEMUL: 'int128', RECOVERY: 'yes', ECDH: 'yes', EXTRAKEYS: 'yes', SCHNORRSIG: 'yes', ELLSWIFT: 'yes' } - - { WIDEMUL: 'int128', RECOVERY: 'yes', ECDH: 'yes', EXTRAKEYS: 'yes', SCHNORRSIG: 'yes', ELLSWIFT: 'yes', CC: 'gcc' } - - { WIDEMUL: 'int128', RECOVERY: 'yes', ECDH: 'yes', EXTRAKEYS: 'yes', SCHNORRSIG: 'yes', ELLSWIFT: 'yes', CPPFLAGS: '-DVERIFY' } + - { WIDEMUL: 'int128', RECOVERY: 'yes', ECDH: 'yes', EXTRAKEYS: 'yes', SCHNORRSIG: 'yes', MUSIG: 'yes', ELLSWIFT: 'yes' } + - { WIDEMUL: 'int128', RECOVERY: 'yes', ECDH: 'yes', EXTRAKEYS: 'yes', SCHNORRSIG: 'yes', MUSIG: 'yes', ELLSWIFT: 'yes', CC: 'gcc' } + - { WIDEMUL: 'int128', RECOVERY: 'yes', ECDH: 'yes', EXTRAKEYS: 'yes', SCHNORRSIG: 'yes', MUSIG: 'yes', ELLSWIFT: 'yes', CPPFLAGS: '-DVERIFY' } - BUILD: 'distcheck' steps: @@ -625,10 +652,11 @@ jobs: - name: Symbol check if: ${{ matrix.configuration.symbol_check }} + shell: bash run: | py -3 --version py -3 -m pip install lief - py -3 .\tools\symbol-check.py build\bin\RelWithDebInfo\libsecp256k1-5.dll + py -3 ./tools/symbol-check.py build/bin/RelWithDebInfo/libsecp256k1-*.dll - name: Check run: | @@ -678,7 +706,7 @@ jobs: uses: ./.github/actions/run-in-docker-action with: dockerfile: ./ci/linux-debian.Dockerfile - tag: linux-debian-image + tag: x64-debian-image - name: Print logs uses: ./.github/actions/print-logs @@ -697,7 +725,7 @@ jobs: uses: ./.github/actions/run-in-docker-action with: dockerfile: ./ci/linux-debian.Dockerfile - tag: linux-debian-image + tag: x64-debian-image command: | g++ -Werror include/*.h clang -Werror -x c++-header include/*.h diff --git a/CHANGELOG.md b/CHANGELOG.md index 7042171135d..53c787b38f7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,11 +7,29 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +## [0.7.0] - 2025-07-21 + +#### Added + - CMake: Added `secp256k1_objs` interface library to allow parent projects to embed libsecp256k1 object files into their own static libraries. + - build: Added `SECP256K1_NO_API_VISIBILITY_ATTRIBUTES` preprocessor flag (CMake option: `SECP256K1_ENABLE_API_VISIBILITY_ATTRIBUTES`) that disables explicit "visibility" attributes for API symbols. Defining this macro enables the user to control the visibility of the API symbols via `-fvisibility=` when building libsecp256k1. (All non-API declarations will always have hidden visibility, even with `SECP256K1_ENABLE_API_VISIBILITY_ATTRIBUTES` defined.) For instance, `-fvisibility=hidden` can be useful even for the API symbols, e.g., when building a static libsecp256k1 which is linked into a shared library, and the latter should not re-export the libsecp256k1 API. + +#### Changed + - The pointers `secp256k1_context_static` and `secp256k1_context_no_precomp` to the constant context objects are now `const`. + - Removed `SECP256K1_WARN_UNUSED_RESULT` attribute (defined as `__attribute__ ((__warn_unused_result__))`) from several API functions that always return 1. Compilers will no longer warn if the return value is unused. + - CMake: Building with CMake is no longer considered experimental. + - CMake: The minimum required CMake version was increased to 3.22. + - CMake: Shared libraries built with CMake on FreeBSD now create the full versioned filename and symlink chain, matching the behavior of autotools builds. + #### Removed - Removed previously deprecated function aliases `secp256k1_ec_privkey_negate`, `secp256k1_ec_privkey_tweak_add` and `secp256k1_ec_privkey_tweak_mul`. Use `secp256k1_ec_seckey_negate`, `secp256k1_ec_seckey_tweak_add` and `secp256k1_ec_seckey_tweak_mul` instead. +#### ABI Compatibility +The symbols `secp256k1_ec_privkey_negate`, `secp256k1_ec_privkey_tweak_add`, and `secp256k1_ec_privkey_tweak_mul` were removed. +The pointers `secp256k1_context_static` and `secp256k1_context_no_precomp` have been made `const`. +Otherwise, the library maintains backward compatibility with version 0.6.0. + ## [0.6.0] - 2024-11-04 #### Added @@ -115,7 +133,7 @@ We strongly recommend updating to 0.3.1 if you use or plan to use Clang >=14 to - Fix "constant-timeness" issue with Clang >=14 that could leave applications using libsecp256k1 vulnerable to a timing side-channel attack. The fix avoids secret-dependent control flow and secret-dependent memory accesses in conditional moves of memory objects when libsecp256k1 is compiled with Clang >=14. #### Added - - Added tests against [Project Wycheproof's](https://github.com/google/wycheproof/) set of ECDSA test vectors (Bitcoin "low-S" variant), a fixed set of test cases designed to trigger various edge cases. + - Added tests against [Project Wycheproof's](https://github.com/C2SP/wycheproof/) set of ECDSA test vectors (Bitcoin "low-S" variant), a fixed set of test cases designed to trigger various edge cases. #### Changed - Increased minimum required CMake version to 3.13. CMake builds remain experimental. @@ -169,7 +187,8 @@ This version was in fact never released. The number was given by the build system since the introduction of autotools in Jan 2014 (ea0fe5a5bf0c04f9cc955b2966b614f5f378c6f6). Therefore, this version number does not uniquely identify a set of source files. -[unreleased]: https://github.com/bitcoin-core/secp256k1/compare/v0.6.0...HEAD +[unreleased]: https://github.com/bitcoin-core/secp256k1/compare/v0.7.0...HEAD +[0.7.0]: https://github.com/bitcoin-core/secp256k1/compare/v0.6.0...v0.7.0 [0.6.0]: https://github.com/bitcoin-core/secp256k1/compare/v0.5.1...v0.6.0 [0.5.1]: https://github.com/bitcoin-core/secp256k1/compare/v0.5.0...v0.5.1 [0.5.0]: https://github.com/bitcoin-core/secp256k1/compare/v0.4.1...v0.5.0 diff --git a/CMakeLists.txt b/CMakeLists.txt index 2b7737146d2..25919fd5e60 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -1,4 +1,4 @@ -cmake_minimum_required(VERSION 3.16) +cmake_minimum_required(VERSION 3.22) #============================= # Project / Package metadata @@ -7,31 +7,21 @@ project(libsecp256k1 # The package (a.k.a. release) version is based on semantic versioning 2.0.0 of # the API. All changes in experimental modules are treated as # backwards-compatible and therefore at most increase the minor version. - VERSION 0.6.1 + VERSION 0.7.1 DESCRIPTION "Optimized C library for ECDSA signatures and secret/public key operations on curve secp256k1." HOMEPAGE_URL "https://github.com/bitcoin-core/secp256k1" LANGUAGES C ) enable_testing() +include(CTestUseLaunchers) # Allow users to set CTEST_USE_LAUNCHERS in custom `ctest -S` scripts. list(APPEND CMAKE_MODULE_PATH ${PROJECT_SOURCE_DIR}/cmake) -if(CMAKE_VERSION VERSION_LESS 3.21) - # Emulates CMake 3.21+ behavior. - if(CMAKE_SOURCE_DIR STREQUAL CMAKE_CURRENT_SOURCE_DIR) - set(PROJECT_IS_TOP_LEVEL ON) - set(${PROJECT_NAME}_IS_TOP_LEVEL ON) - else() - set(PROJECT_IS_TOP_LEVEL OFF) - set(${PROJECT_NAME}_IS_TOP_LEVEL OFF) - endif() -endif() - # The library version is based on libtool versioning of the ABI. The set of # rules for updating the version can be found here: # https://www.gnu.org/software/libtool/manual/html_node/Updating-version-info.html # All changes in experimental modules are treated as if they don't affect the # interface and therefore only increase the revision. -set(${PROJECT_NAME}_LIB_VERSION_CURRENT 5) +set(${PROJECT_NAME}_LIB_VERSION_CURRENT 6) set(${PROJECT_NAME}_LIB_VERSION_REVISION 1) set(${PROJECT_NAME}_LIB_VERSION_AGE 0) @@ -52,6 +42,8 @@ endif() option(SECP256K1_INSTALL "Enable installation." ${PROJECT_IS_TOP_LEVEL}) +option(SECP256K1_ENABLE_API_VISIBILITY_ATTRIBUTES "Enable visibility attributes in the API." ON) + ## Modules # We declare all options before processing them, to make sure we can express @@ -63,40 +55,6 @@ option(SECP256K1_ENABLE_MODULE_SCHNORRSIG "Enable schnorrsig module." ON) option(SECP256K1_ENABLE_MODULE_MUSIG "Enable musig module." ON) option(SECP256K1_ENABLE_MODULE_ELLSWIFT "Enable ElligatorSwift module." ON) -# Processing must be done in a topological sorting of the dependency graph -# (dependent module first). -if(SECP256K1_ENABLE_MODULE_ELLSWIFT) - add_compile_definitions(ENABLE_MODULE_ELLSWIFT=1) -endif() - -if(SECP256K1_ENABLE_MODULE_MUSIG) - if(DEFINED SECP256K1_ENABLE_MODULE_SCHNORRSIG AND NOT SECP256K1_ENABLE_MODULE_SCHNORRSIG) - message(FATAL_ERROR "Module dependency error: You have disabled the schnorrsig module explicitly, but it is required by the musig module.") - endif() - set(SECP256K1_ENABLE_MODULE_SCHNORRSIG ON) - add_compile_definitions(ENABLE_MODULE_MUSIG=1) -endif() - -if(SECP256K1_ENABLE_MODULE_SCHNORRSIG) - if(DEFINED SECP256K1_ENABLE_MODULE_EXTRAKEYS AND NOT SECP256K1_ENABLE_MODULE_EXTRAKEYS) - message(FATAL_ERROR "Module dependency error: You have disabled the extrakeys module explicitly, but it is required by the schnorrsig module.") - endif() - set(SECP256K1_ENABLE_MODULE_EXTRAKEYS ON) - add_compile_definitions(ENABLE_MODULE_SCHNORRSIG=1) -endif() - -if(SECP256K1_ENABLE_MODULE_EXTRAKEYS) - add_compile_definitions(ENABLE_MODULE_EXTRAKEYS=1) -endif() - -if(SECP256K1_ENABLE_MODULE_RECOVERY) - add_compile_definitions(ENABLE_MODULE_RECOVERY=1) -endif() - -if(SECP256K1_ENABLE_MODULE_ECDH) - add_compile_definitions(ENABLE_MODULE_ECDH=1) -endif() - option(SECP256K1_USE_EXTERNAL_DEFAULT_CALLBACKS "Enable external default callback functions." OFF) if(SECP256K1_USE_EXTERNAL_DEFAULT_CALLBACKS) add_compile_definitions(USE_EXTERNAL_DEFAULT_CALLBACKS=1) @@ -356,6 +314,7 @@ else() set(cross_status "FALSE") endif() message("Cross compiling ....................... ${cross_status}") +message("API visibility attributes ............. ${SECP256K1_ENABLE_API_VISIBILITY_ATTRIBUTES}") message("Valgrind .............................. ${SECP256K1_VALGRIND}") get_directory_property(definitions COMPILE_DEFINITIONS) string(REPLACE ";" " " definitions "${definitions}") diff --git a/CMakePresets.json b/CMakePresets.json index b35cd80579f..6ed52b8fa63 100644 --- a/CMakePresets.json +++ b/CMakePresets.json @@ -1,5 +1,4 @@ { - "cmakeMinimumRequired": {"major": 3, "minor": 21, "patch": 0}, "version": 3, "configurePresets": [ { diff --git a/README.md b/README.md index f7a59b2b966..3d3118adf97 100644 --- a/README.md +++ b/README.md @@ -108,8 +108,8 @@ Building with Autotools To compile optional modules (such as Schnorr signatures), you need to run `./configure` with additional flags (such as `--enable-module-schnorrsig`). Run `./configure --help` to see the full list of available flags. -Building with CMake (experimental) ----------------------------------- +Building with CMake +------------------- To maintain a pristine source tree, CMake encourages to perform an out-of-source build by using a separate dedicated build tree. @@ -151,8 +151,9 @@ Usage examples can be found in the [examples](examples) directory. To compile th * [Schnorr signatures example](examples/schnorr.c) * [Deriving a shared secret (ECDH) example](examples/ecdh.c) * [ElligatorSwift key exchange example](examples/ellswift.c) + * [MuSig2 Schnorr multi-signatures example](examples/musig.c) -To compile the Schnorr signature and ECDH examples, you also need to configure with `--enable-module-schnorrsig` and `--enable-module-ecdh`. +To compile the examples, make sure the corresponding modules are enabled. Benchmark ------------ diff --git a/ci/ci.sh b/ci/ci.sh index 3285ecc951d..08e84efd4f7 100755 --- a/ci/ci.sh +++ b/ci/ci.sh @@ -113,7 +113,7 @@ then case "$HOST" in *mingw*) ls -l .libs - python3 ./tools/symbol-check.py .libs/libsecp256k1-5.dll + python3 ./tools/symbol-check.py .libs/libsecp256k1-*.dll ;; *) python3 ./tools/symbol-check.py .libs/libsecp256k1.so diff --git a/ci/linux-debian.Dockerfile b/ci/linux-debian.Dockerfile index 547b402232a..92ec80d2b1b 100644 --- a/ci/linux-debian.Dockerfile +++ b/ci/linux-debian.Dockerfile @@ -40,7 +40,7 @@ RUN apt-get update && apt-get install --no-install-recommends -y \ apt-get clean && rm -rf /var/lib/apt/lists/* # Build and install gcc snapshot -ARG GCC_SNAPSHOT_MAJOR=15 +ARG GCC_SNAPSHOT_MAJOR=16 RUN apt-get update && apt-get install --no-install-recommends -y wget libgmp-dev libmpfr-dev libmpc-dev flex && \ mkdir gcc && cd gcc && \ wget --progress=dot:giga --https-only --recursive --accept '*.tar.xz' --level 1 --no-directories "https://gcc.gnu.org/pub/gcc/snapshots/LATEST-${GCC_SNAPSHOT_MAJOR}" && \ diff --git a/configure.ac b/configure.ac index 406227fcd10..ce24248fa3f 100644 --- a/configure.ac +++ b/configure.ac @@ -4,7 +4,7 @@ AC_PREREQ([2.60]) # the API. All changes in experimental modules are treated as # backwards-compatible and therefore at most increase the minor version. define(_PKG_VERSION_MAJOR, 0) -define(_PKG_VERSION_MINOR, 6) +define(_PKG_VERSION_MINOR, 7) define(_PKG_VERSION_PATCH, 1) define(_PKG_VERSION_IS_RELEASE, false) @@ -13,7 +13,7 @@ define(_PKG_VERSION_IS_RELEASE, false) # https://www.gnu.org/software/libtool/manual/html_node/Updating-version-info.html # All changes in experimental modules are treated as if they don't affect the # interface and therefore only increase the revision. -define(_LIB_VERSION_CURRENT, 5) +define(_LIB_VERSION_CURRENT, 6) define(_LIB_VERSION_REVISION, 1) define(_LIB_VERSION_AGE, 0) diff --git a/include/secp256k1.h b/include/secp256k1.h index 1d25a02ab29..f55a6ab9768 100644 --- a/include/secp256k1.h +++ b/include/secp256k1.h @@ -121,45 +121,57 @@ typedef int (*secp256k1_nonce_function)( #endif /* Symbol visibility. */ -#if defined(_WIN32) - /* GCC for Windows (e.g., MinGW) accepts the __declspec syntax - * for MSVC compatibility. A __declspec declaration implies (but is not - * exactly equivalent to) __attribute__ ((visibility("default"))), and so we - * actually want __declspec even on GCC, see "Microsoft Windows Function - * Attributes" in the GCC manual and the recommendations in - * https://gcc.gnu.org/wiki/Visibility. */ -# if defined(SECP256K1_BUILD) -# if defined(DLL_EXPORT) || defined(SECP256K1_DLL_EXPORT) - /* Building libsecp256k1 as a DLL. - * 1. If using Libtool, it defines DLL_EXPORT automatically. - * 2. In other cases, SECP256K1_DLL_EXPORT must be defined. */ -# define SECP256K1_API extern __declspec (dllexport) -# else - /* Building libsecp256k1 as a static library on Windows. - * No declspec is needed, and so we would want the non-Windows-specific - * logic below take care of this case. However, this may result in setting - * __attribute__ ((visibility("default"))), which is supposed to be a noop - * on Windows but may trigger warnings when compiling with -flto due to a - * bug in GCC, see - * https://gcc.gnu.org/bugzilla/show_bug.cgi?id=116478 . */ -# define SECP256K1_API extern -# endif - /* The user must define SECP256K1_STATIC when consuming libsecp256k1 as a static - * library on Windows. */ -# elif !defined(SECP256K1_STATIC) - /* Consuming libsecp256k1 as a DLL. */ -# define SECP256K1_API extern __declspec (dllimport) -# endif +#if !defined(SECP256K1_API) && defined(SECP256K1_NO_API_VISIBILITY_ATTRIBUTES) + /* The user has requested that we don't specify visibility attributes in + * the public API. + * + * Since all our non-API declarations use the static qualifier, this means + * that the user can use -fvisibility= to set the visibility of the + * API symbols. For instance, -fvisibility=hidden can be useful *even for + * the API symbols*, e.g., when building a static library which is linked + * into a shared library, and the latter should not re-export the + * libsecp256k1 API. + * + * While visibility is a concept that applies only to shared libraries, + * setting visibility will still make a difference when building a static + * library: the visibility settings will be stored in the static library, + * solely for the potential case that the static library will be linked into + * a shared library. In that case, the stored visibility settings will + * resurface and be honored for the shared library. */ +# define SECP256K1_API extern #endif -#ifndef SECP256K1_API -/* All cases not captured by the Windows-specific logic. */ -# if defined(__GNUC__) && (__GNUC__ >= 4) && defined(SECP256K1_BUILD) - /* Building libsecp256k1 using GCC or compatible. */ -# define SECP256K1_API extern __attribute__ ((visibility ("default"))) -# else - /* Fall back to standard C's extern. */ -# define SECP256K1_API extern -# endif +#if !defined(SECP256K1_API) +# if defined(SECP256K1_BUILD) + /* On Windows, assume a shared library only if explicitly requested. + * 1. If using Libtool, it defines DLL_EXPORT automatically. + * 2. In other cases, SECP256K1_DLL_EXPORT must be defined. */ +# if defined(_WIN32) && (defined(SECP256K1_DLL_EXPORT) || defined(DLL_EXPORT)) + /* GCC for Windows (e.g., MinGW) accepts the __declspec syntax for + * MSVC compatibility. A __declspec declaration implies (but is not + * exactly equivalent to) __attribute__ ((visibility("default"))), + * and so we actually want __declspec even on GCC, see "Microsoft + * Windows Function Attributes" in the GCC manual and the + * recommendations in https://gcc.gnu.org/wiki/Visibility . */ +# define SECP256K1_API extern __declspec(dllexport) + /* Avoid __attribute__ ((visibility("default"))) on Windows to get rid + * of warnings when compiling with -flto due to a bug in GCC, see + * https://gcc.gnu.org/bugzilla/show_bug.cgi?id=116478 . */ +# elif !defined(_WIN32) && defined (__GNUC__) && (__GNUC__ >= 4) +# define SECP256K1_API extern __attribute__ ((visibility("default"))) +# else +# define SECP256K1_API extern +# endif +# else + /* On Windows, SECP256K1_STATIC must be defined when consuming + * libsecp256k1 as a static library. Note that SECP256K1_STATIC is a + * "consumer-only" macro, and it has no meaning when building + * libsecp256k1. */ +# if defined(_WIN32) && !defined(SECP256K1_STATIC) +# define SECP256K1_API extern __declspec(dllimport) +# else +# define SECP256K1_API extern +# endif +# endif #endif /* Warning attributes diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index f31b8c8f551..fa3b2903eb5 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -1,5 +1,49 @@ -# Must be included before CMAKE_INSTALL_INCLUDEDIR is used. -include(GNUInstallDirs) +add_library(secp256k1) + +set_property(TARGET secp256k1 PROPERTY PUBLIC_HEADER + ${PROJECT_SOURCE_DIR}/include/secp256k1.h + ${PROJECT_SOURCE_DIR}/include/secp256k1_preallocated.h +) + +# Processing must be done in a topological sorting of the dependency graph +# (dependent module first). +if(SECP256K1_ENABLE_MODULE_ELLSWIFT) + add_compile_definitions(ENABLE_MODULE_ELLSWIFT=1) + set_property(TARGET secp256k1 APPEND PROPERTY PUBLIC_HEADER ${PROJECT_SOURCE_DIR}/include/secp256k1_ellswift.h) +endif() + +if(SECP256K1_ENABLE_MODULE_MUSIG) + if(DEFINED SECP256K1_ENABLE_MODULE_SCHNORRSIG AND NOT SECP256K1_ENABLE_MODULE_SCHNORRSIG) + message(FATAL_ERROR "Module dependency error: You have disabled the schnorrsig module explicitly, but it is required by the musig module.") + endif() + set(SECP256K1_ENABLE_MODULE_SCHNORRSIG ON) + add_compile_definitions(ENABLE_MODULE_MUSIG=1) + set_property(TARGET secp256k1 APPEND PROPERTY PUBLIC_HEADER ${PROJECT_SOURCE_DIR}/include/secp256k1_musig.h) +endif() + +if(SECP256K1_ENABLE_MODULE_SCHNORRSIG) + if(DEFINED SECP256K1_ENABLE_MODULE_EXTRAKEYS AND NOT SECP256K1_ENABLE_MODULE_EXTRAKEYS) + message(FATAL_ERROR "Module dependency error: You have disabled the extrakeys module explicitly, but it is required by the schnorrsig module.") + endif() + set(SECP256K1_ENABLE_MODULE_EXTRAKEYS ON) + add_compile_definitions(ENABLE_MODULE_SCHNORRSIG=1) + set_property(TARGET secp256k1 APPEND PROPERTY PUBLIC_HEADER ${PROJECT_SOURCE_DIR}/include/secp256k1_schnorrsig.h) +endif() + +if(SECP256K1_ENABLE_MODULE_EXTRAKEYS) + add_compile_definitions(ENABLE_MODULE_EXTRAKEYS=1) + set_property(TARGET secp256k1 APPEND PROPERTY PUBLIC_HEADER ${PROJECT_SOURCE_DIR}/include/secp256k1_extrakeys.h) +endif() + +if(SECP256K1_ENABLE_MODULE_RECOVERY) + add_compile_definitions(ENABLE_MODULE_RECOVERY=1) + set_property(TARGET secp256k1 APPEND PROPERTY PUBLIC_HEADER ${PROJECT_SOURCE_DIR}/include/secp256k1_recovery.h) +endif() + +if(SECP256K1_ENABLE_MODULE_ECDH) + add_compile_definitions(ENABLE_MODULE_ECDH=1) + set_property(TARGET secp256k1 APPEND PROPERTY PUBLIC_HEADER ${PROJECT_SOURCE_DIR}/include/secp256k1_ecdh.h) +endif() add_library(secp256k1_precomputed OBJECT EXCLUDE_FROM_ALL precomputed_ecmult.c @@ -8,7 +52,16 @@ add_library(secp256k1_precomputed OBJECT EXCLUDE_FROM_ALL # Add objects explicitly rather than linking to the object libs to keep them # from being exported. -add_library(secp256k1 secp256k1.c $) +target_sources(secp256k1 PRIVATE secp256k1.c $) + +if(NOT SECP256K1_ENABLE_API_VISIBILITY_ATTRIBUTES) + target_compile_definitions(secp256k1 PRIVATE SECP256K1_NO_API_VISIBILITY_ATTRIBUTES) +endif() + +# Create a helper lib that parent projects can use to link secp256k1 into a +# static lib. +add_library(secp256k1_objs INTERFACE) +target_sources(secp256k1_objs INTERFACE $ $) add_library(secp256k1_asm INTERFACE) if(SECP256K1_ASM STREQUAL "arm32") @@ -17,6 +70,7 @@ if(SECP256K1_ASM STREQUAL "arm32") asm/field_10x26_arm.s ) target_sources(secp256k1 PRIVATE $) + target_sources(secp256k1_objs INTERFACE $) target_link_libraries(secp256k1_asm INTERFACE secp256k1_asm_arm) endif() @@ -31,10 +85,13 @@ endif() get_target_property(use_pic secp256k1 POSITION_INDEPENDENT_CODE) set_target_properties(secp256k1_precomputed PROPERTIES POSITION_INDEPENDENT_CODE ${use_pic}) +# Add the include path for parent projects so that they don't have to manually add it. target_include_directories(secp256k1 INTERFACE - # Add the include path for parent projects so that they don't have to manually add it. $>:${PROJECT_SOURCE_DIR}/include>> - $ +) +set_target_properties(secp256k1_objs PROPERTIES + INTERFACE_COMPILE_DEFINITIONS "$" + INTERFACE_INCLUDE_DIRECTORIES "$" ) # This emulates Libtool to make sure Libtool and CMake agree on the ABI version, @@ -43,25 +100,17 @@ math(EXPR ${PROJECT_NAME}_soversion "${${PROJECT_NAME}_LIB_VERSION_CURRENT} - ${ set_target_properties(secp256k1 PROPERTIES SOVERSION ${${PROJECT_NAME}_soversion} ) -if(CMAKE_SYSTEM_NAME STREQUAL "Linux") +if(CMAKE_SYSTEM_NAME MATCHES "^(Linux|FreeBSD)$") set_target_properties(secp256k1 PROPERTIES VERSION ${${PROJECT_NAME}_soversion}.${${PROJECT_NAME}_LIB_VERSION_AGE}.${${PROJECT_NAME}_LIB_VERSION_REVISION} ) elseif(APPLE) - if(CMAKE_VERSION VERSION_GREATER_EQUAL 3.17) - math(EXPR ${PROJECT_NAME}_compatibility_version "${${PROJECT_NAME}_LIB_VERSION_CURRENT} + 1") - set_target_properties(secp256k1 PROPERTIES - MACHO_COMPATIBILITY_VERSION ${${PROJECT_NAME}_compatibility_version} - MACHO_CURRENT_VERSION ${${PROJECT_NAME}_compatibility_version}.${${PROJECT_NAME}_LIB_VERSION_REVISION} - ) - unset(${PROJECT_NAME}_compatibility_version) - elseif(BUILD_SHARED_LIBS) - message(WARNING - "The 'compatibility version' and 'current version' values of the DYLIB " - "will diverge from the values set by the GNU Libtool. To ensure " - "compatibility, it is recommended to upgrade CMake to at least version 3.17." - ) - endif() + math(EXPR ${PROJECT_NAME}_compatibility_version "${${PROJECT_NAME}_LIB_VERSION_CURRENT} + 1") + set_target_properties(secp256k1 PROPERTIES + MACHO_COMPATIBILITY_VERSION ${${PROJECT_NAME}_compatibility_version} + MACHO_CURRENT_VERSION ${${PROJECT_NAME}_compatibility_version}.${${PROJECT_NAME}_LIB_VERSION_REVISION} + ) + unset(${PROJECT_NAME}_compatibility_version) elseif(CMAKE_SYSTEM_NAME STREQUAL "Windows") set(${PROJECT_NAME}_windows "secp256k1") if(MSVC) @@ -110,36 +159,16 @@ if(SECP256K1_BUILD_CTIME_TESTS) endif() if(SECP256K1_INSTALL) + include(GNUInstallDirs) + target_include_directories(secp256k1 INTERFACE + $ + ) install(TARGETS secp256k1 EXPORT ${PROJECT_NAME}-targets RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR} LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR} ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR} - ) - set(${PROJECT_NAME}_headers - "${PROJECT_SOURCE_DIR}/include/secp256k1.h" - "${PROJECT_SOURCE_DIR}/include/secp256k1_preallocated.h" - ) - if(SECP256K1_ENABLE_MODULE_ECDH) - list(APPEND ${PROJECT_NAME}_headers "${PROJECT_SOURCE_DIR}/include/secp256k1_ecdh.h") - endif() - if(SECP256K1_ENABLE_MODULE_RECOVERY) - list(APPEND ${PROJECT_NAME}_headers "${PROJECT_SOURCE_DIR}/include/secp256k1_recovery.h") - endif() - if(SECP256K1_ENABLE_MODULE_EXTRAKEYS) - list(APPEND ${PROJECT_NAME}_headers "${PROJECT_SOURCE_DIR}/include/secp256k1_extrakeys.h") - endif() - if(SECP256K1_ENABLE_MODULE_SCHNORRSIG) - list(APPEND ${PROJECT_NAME}_headers "${PROJECT_SOURCE_DIR}/include/secp256k1_schnorrsig.h") - endif() - if(SECP256K1_ENABLE_MODULE_MUSIG) - list(APPEND ${PROJECT_NAME}_headers "${PROJECT_SOURCE_DIR}/include/secp256k1_musig.h") - endif() - if(SECP256K1_ENABLE_MODULE_ELLSWIFT) - list(APPEND ${PROJECT_NAME}_headers "${PROJECT_SOURCE_DIR}/include/secp256k1_ellswift.h") - endif() - install(FILES ${${PROJECT_NAME}_headers} - DESTINATION ${CMAKE_INSTALL_INCLUDEDIR} + PUBLIC_HEADER DESTINATION ${CMAKE_INSTALL_INCLUDEDIR} ) install(EXPORT ${PROJECT_NAME}-targets diff --git a/src/bench_ecmult.c b/src/bench_ecmult.c index 172292d5706..b2bab65d265 100644 --- a/src/bench_ecmult.c +++ b/src/bench_ecmult.c @@ -56,6 +56,7 @@ typedef struct { /* Benchmark output. */ secp256k1_gej* output; + secp256k1_fe* output_xonly; } bench_data; /* Hashes x into [0, POINTS) twice and store the result in offset1 and offset2. */ @@ -123,6 +124,32 @@ static void bench_ecmult_const_teardown(void* arg, int iters) { bench_ecmult_teardown_helper(data, &data->offset1, &data->offset2, NULL, iters); } +static void bench_ecmult_const_xonly(void* arg, int iters) { + bench_data* data = (bench_data*)arg; + int i; + + for (i = 0; i < iters; ++i) { + const secp256k1_ge* pubkey = &data->pubkeys[(data->offset1+i) % POINTS]; + const secp256k1_scalar* scalar = &data->scalars[(data->offset2+i) % POINTS]; + int known_on_curve = 1; + secp256k1_ecmult_const_xonly(&data->output_xonly[i], &pubkey->x, NULL, scalar, known_on_curve); + } +} + +static void bench_ecmult_const_xonly_teardown(void* arg, int iters) { + bench_data* data = (bench_data*)arg; + int i; + + /* verify by comparing with x coordinate of regular ecmult result */ + for (i = 0; i < iters; ++i) { + const secp256k1_gej* pubkey_gej = &data->pubkeys_gej[(data->offset1+i) % POINTS]; + const secp256k1_scalar* scalar = &data->scalars[(data->offset2+i) % POINTS]; + secp256k1_gej expected_gej; + secp256k1_ecmult(&expected_gej, pubkey_gej, scalar, NULL); + CHECK(secp256k1_gej_eq_x_var(&data->output_xonly[i], &expected_gej)); + } +} + static void bench_ecmult_1p(void* arg, int iters) { bench_data* data = (bench_data*)arg; int i; @@ -171,6 +198,8 @@ static void run_ecmult_bench(bench_data* data, int iters) { run_benchmark(str, bench_ecmult_gen, bench_ecmult_setup, bench_ecmult_gen_teardown, data, 10, iters); sprintf(str, "ecmult_const"); run_benchmark(str, bench_ecmult_const, bench_ecmult_setup, bench_ecmult_const_teardown, data, 10, iters); + sprintf(str, "ecmult_const_xonly"); + run_benchmark(str, bench_ecmult_const_xonly, bench_ecmult_setup, bench_ecmult_const_xonly_teardown, data, 10, iters); /* ecmult with non generator point */ sprintf(str, "ecmult_1p"); run_benchmark(str, bench_ecmult_1p, bench_ecmult_setup, bench_ecmult_1p_teardown, data, 10, iters); @@ -319,6 +348,7 @@ int main(int argc, char **argv) { data.pubkeys_gej = malloc(sizeof(secp256k1_gej) * POINTS); data.expected_output = malloc(sizeof(secp256k1_gej) * (iters + 1)); data.output = malloc(sizeof(secp256k1_gej) * (iters + 1)); + data.output_xonly = malloc(sizeof(secp256k1_fe) * (iters + 1)); /* Generate a set of scalars, and private/public keypairs. */ secp256k1_gej_set_ge(&data.pubkeys_gej[0], &secp256k1_ge_const_g); @@ -361,6 +391,7 @@ int main(int argc, char **argv) { free(data.pubkeys); free(data.pubkeys_gej); free(data.seckeys); + free(data.output_xonly); free(data.output); free(data.expected_output); diff --git a/src/ecmult_const_impl.h b/src/ecmult_const_impl.h index 0d78f7c3ce3..4f66209105e 100644 --- a/src/ecmult_const_impl.h +++ b/src/ecmult_const_impl.h @@ -373,6 +373,8 @@ static int secp256k1_ecmult_const_xonly(secp256k1_fe* r, const secp256k1_fe *n, } } + SECP256K1_FE_VERIFY_MAGNITUDE(&g, 2); + /* Compute base point P = (n*g, g^2), the effective affine version of (n*g, g^2, v), which has * corresponding affine X coordinate n/d. */ secp256k1_fe_mul(&p.x, &g, n); diff --git a/src/modules/musig/tests_impl.h b/src/modules/musig/tests_impl.h index ce6ae1784d1..4694c31a325 100644 --- a/src/modules/musig/tests_impl.h +++ b/src/modules/musig/tests_impl.h @@ -910,12 +910,15 @@ static void musig_test_vectors_signverify(void) { * the signing key does not belong to any pubkey. */ continue; } + expected = c->error != MUSIG_PUBKEY; CHECK(expected == musig_vectors_keyagg_and_tweak(&error, &keyagg_cache, NULL, vector->pubkeys, NULL, c->key_indices_len, c->key_indices, 0, NULL, NULL)); CHECK(expected || c->error == error); if (!expected) { continue; } + CHECK(secp256k1_ec_pubkey_parse(CTX, &pubkey, vector->pubkeys[0], sizeof(vector->pubkeys[0]))); + CHECK(secp256k1_keypair_create(CTX, &keypair, vector->sk)); expected = c->error != MUSIG_AGGNONCE; CHECK(expected == secp256k1_musig_aggnonce_parse(CTX, &aggnonce, vector->aggnonces[c->aggnonce_index])); @@ -924,14 +927,10 @@ static void musig_test_vectors_signverify(void) { } CHECK(secp256k1_musig_nonce_process(CTX, &session, &aggnonce, vector->msgs[c->msg_index], &keyagg_cache)); - CHECK(secp256k1_ec_pubkey_parse(CTX, &pubkey, vector->pubkeys[0], sizeof(vector->pubkeys[0]))); - musig_test_set_secnonce(&secnonce, vector->secnonces[c->secnonce_index], &pubkey); expected = c->error != MUSIG_SECNONCE; - if (expected) { - CHECK(secp256k1_musig_partial_sign(CTX, &partial_sig, &secnonce, &keypair, &keyagg_cache, &session)); - } else { - CHECK_ILLEGAL(CTX, secp256k1_musig_partial_sign(CTX, &partial_sig, &secnonce, &keypair, &keyagg_cache, &session)); - } + CHECK(!expected); + musig_test_set_secnonce(&secnonce, vector->secnonces[c->secnonce_index], &pubkey); + CHECK_ILLEGAL(CTX, secp256k1_musig_partial_sign(CTX, &partial_sig, &secnonce, &keypair, &keyagg_cache, &session)); } for (i = 0; i < sizeof(vector->verify_fail_case)/sizeof(vector->verify_fail_case[0]); i++) { const struct musig_verify_fail_error_case *c = &vector->verify_fail_case[i]; diff --git a/src/wycheproof/WYCHEPROOF_COPYING b/src/wycheproof/WYCHEPROOF_COPYING index efe3e8bf4ec..269570434cc 100644 --- a/src/wycheproof/WYCHEPROOF_COPYING +++ b/src/wycheproof/WYCHEPROOF_COPYING @@ -1,12 +1,12 @@ * The file `ecdsa_secp256k1_sha256_bitcoin_test.json` in this directory - comes from Google's project Wycheproof with git commit - `b063b4aedae951c69df014cd25fa6d69ae9e8cb9`, see - https://github.com/google/wycheproof/blob/b063b4aedae951c69df014cd25fa6d69ae9e8cb9/testvectors_v1/ecdsa_secp256k1_sha256_bitcoin_test.json + comes from project Wycheproof with git commit + `df4e933efef449fc88af0c06e028d425d84a9495`, see + https://github.com/C2SP/wycheproof/blob/df4e933efef449fc88af0c06e028d425d84a9495/testvectors_v1/ecdsa_secp256k1_sha256_bitcoin_test.json * The file `ecdh_secp256k1_test.json` in this directory - comes from Google's project Wycheproof with git commit - `d9f6ec7d8bd8c96da05368999094e4a75ba5cb3d`, see - https://github.com/google/wycheproof/blob/d9f6ec7d8bd8c96da05368999094e4a75ba5cb3d/testvectors_v1/ecdh_secp256k1_test.json + comes from project Wycheproof with git commit + `df4e933efef449fc88af0c06e028d425d84a9495`, see + https://github.com/C2SP/wycheproof/blob/df4e933efef449fc88af0c06e028d425d84a9495/testvectors_v1/ecdh_secp256k1_test.json * The file `ecdsa_secp256k1_sha256_bitcoin_test.h` is generated from `ecdsa_secp256k1_sha256_bitcoin_test.json` using the script diff --git a/src/wycheproof/ecdh_secp256k1_test.json b/src/wycheproof/ecdh_secp256k1_test.json index 16db6189128..71da94723c1 100644 --- a/src/wycheproof/ecdh_secp256k1_test.json +++ b/src/wycheproof/ecdh_secp256k1_test.json @@ -1,7 +1,6 @@ { "algorithm" : "ECDH", "schema" : "ecdh_test_schema.json", - "generatorVersion" : "0.9rc5", "numberOfTests" : 752, "header" : [ "Test vectors of type EcdhTest are intended for", @@ -124,6 +123,10 @@ "testGroups" : [ { "type" : "EcdhTest", + "source" : { + "name" : "google-wycheproof", + "version" : "0.9rc5" + }, "curve" : "secp256k1", "encoding" : "asn", "tests" : [ diff --git a/src/wycheproof/ecdsa_secp256k1_sha256_bitcoin_test.json b/src/wycheproof/ecdsa_secp256k1_sha256_bitcoin_test.json index 9c90747993d..aa0cc8a4259 100644 --- a/src/wycheproof/ecdsa_secp256k1_sha256_bitcoin_test.json +++ b/src/wycheproof/ecdsa_secp256k1_sha256_bitcoin_test.json @@ -10,7 +10,7 @@ "notes" : { "ArithmeticError" : { "bugType" : "EDGE_CASE", - "description" : "Some implementations of ECDSA have arithmetic errors that occur when intermediate results have extreme values. This test vector has been constructed to test such occurences.", + "description" : "Some implementations of ECDSA have arithmetic errors that occur when intermediate results have extreme values. This test vector has been constructed to test such occurrences.", "cves" : [ "CVE-2017-18146" ] @@ -95,7 +95,7 @@ }, "SignatureMalleabilityBitcoin" : { "bugType" : "SIGNATURE_MALLEABILITY", - "description" : "\"BitCoins\"-curves are curves where signature malleability can be a serious issue. An implementation should only accept a signature s where s < n/2. If an implementation is not meant for uses cases that require signature malleability then this implemenation should be tested with another set of test vectors.", + "description" : "\"BitCoins\"-curves are curves where signature malleability can be a serious issue. An implementation should only accept a signature s where s < n/2. If an implementation is not meant for uses cases that require signature malleability then this implementation should be tested with another set of test vectors.", "effect" : "In bitcoin exchanges, it may be used to make a double deposits or double withdrawals", "links" : [ "https://en.bitcoin.it/wiki/Transaction_malleability",