frost/secp256k1-zkp
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
secp256k1-zkp/Makefile.am

327 lines
10 KiB
Makefile
Raw Normal View History

Use same build template as bitcoin. Add bitcoin_secp.m4.
2014-11-07 01:55:27 +13:00
ACLOCAL_AMFLAGS = -I build-aux/m4
Remove INCLUDES. Obsolete, appears unused anyway.
2014-11-06 22:35:41 +13:00
build: Use own variable SECP_CFLAGS instead of touching user CFLAGS Fixes one of the items in #923, namely the warnings of the form '_putenv' redeclared without dllimport attribute: previous dllimport ignored [-Wattributes] This also cleans up the way we add CFLAGS, in particular flags enabling warnings. Now we perform some more fine-grained checking for flag support, which is not strictly necessary but the changes also help to document autoconf.ac.
2021-05-13 17:06:16 +02:00
# AM_CFLAGS will be automatically prepended to CFLAGS by Automake when compiling some foo
# which does not have an explicit foo_CFLAGS variable set.
AM_CFLAGS = $(SECP_CFLAGS)
autotools: autotools'ify libsecp256k1
2014-01-17 22:52:33 -05:00
lib_LTLIBRARIES = libsecp256k1.la
include_HEADERS = include/secp256k1.h
Move _preallocated functions to separate header
2018-11-27 16:48:57 +01:00
include_HEADERS += include/secp256k1_preallocated.h
autotools: autotools'ify libsecp256k1
2014-01-17 22:52:33 -05:00
noinst_HEADERS =
Introduce secp256k1_scalar_t for future constant-time mod order operations
2014-10-28 04:08:15 -07:00
noinst_HEADERS += src/scalar.h
Implementations for scalar without data-dependent branches.
2014-10-29 00:35:49 -07:00
noinst_HEADERS += src/scalar_4x64.h
noinst_HEADERS += src/scalar_8x32.h
Add exhaustive tests for group arithmetic, signing, and ecmult on a small group If you compile without ./configure --enable-exhaustive-tests=no, this will create a binary ./exhaustive_tests which will execute every function possible on a group of small order obtained by moving to a twist of our curve and locating a generator of small order. Currently defaults to order 13, though by changing some #ifdefs you can get a couple other ones. (Currently 199, which will take forever to run, and 14, which won't work because it's composite.) TODO exhaustive tests for the various modules
2016-07-07 10:11:30 +00:00
noinst_HEADERS += src/scalar_low.h
Introduce secp256k1_scalar_t for future constant-time mod order operations
2014-10-28 04:08:15 -07:00
noinst_HEADERS += src/scalar_impl.h
Implementations for scalar without data-dependent branches.
2014-10-29 00:35:49 -07:00
noinst_HEADERS += src/scalar_4x64_impl.h
noinst_HEADERS += src/scalar_8x32_impl.h
Add exhaustive tests for group arithmetic, signing, and ecmult on a small group If you compile without ./configure --enable-exhaustive-tests=no, this will create a binary ./exhaustive_tests which will execute every function possible on a group of small order obtained by moving to a twist of our curve and locating a generator of small order. Currently defaults to order 13, though by changing some #ifdefs you can get a couple other ones. (Currently 199, which will take forever to run, and 14, which won't work because it's composite.) TODO exhaustive tests for the various modules
2016-07-07 10:11:30 +00:00
noinst_HEADERS += src/scalar_low_impl.h
autotools: autotools'ify libsecp256k1
2014-01-17 22:52:33 -05:00
noinst_HEADERS += src/group.h
Move implementations from impl/*.h to *_impl.h
2014-03-07 01:11:01 +01:00
noinst_HEADERS += src/group_impl.h
add eccommit functionality Co-authored-by: Marko Bencun <mbencun+pgp@gmail.com> Co-authored-by: Jonas Nick <jonasd.nick@gmail.com>
2020-12-05 22:40:54 +00:00
noinst_HEADERS += src/eccommit.h
noinst_HEADERS += src/eccommit_impl.h
autotools: autotools'ify libsecp256k1
2014-01-17 22:52:33 -05:00
noinst_HEADERS += src/ecdsa.h
Move implementations from impl/*.h to *_impl.h
2014-03-07 01:11:01 +01:00
noinst_HEADERS += src/ecdsa_impl.h
Move non-ECDSA operations from ecdsa to eckey
2014-10-27 02:57:27 -07:00
noinst_HEADERS += src/eckey.h
noinst_HEADERS += src/eckey_impl.h
autotools: autotools'ify libsecp256k1
2014-01-17 22:52:33 -05:00
noinst_HEADERS += src/ecmult.h
Move implementations from impl/*.h to *_impl.h
2014-03-07 01:11:01 +01:00
noinst_HEADERS += src/ecmult_impl.h
Move ecmult table computation code to separate file
2021-12-17 12:02:40 -05:00
noinst_HEADERS += src/ecmult_compute_table.h
noinst_HEADERS += src/ecmult_compute_table_impl.h
Add constant-time multiply `secp256k1_ecmult_const` for ECDH Designed with clear separation of the wNAF conversion, precomputation and exponentiation (since the precomp at least we will probably want to separate in the API for users who reuse points a lot. Future work: - actually separate precomp in the API - do multiexp rather than single exponentiation
2015-05-13 17:31:47 -05:00
noinst_HEADERS += src/ecmult_const.h
noinst_HEADERS += src/ecmult_const_impl.h
Split up ecmult and ecmult_gen entirely
2014-10-26 03:42:24 -07:00
noinst_HEADERS += src/ecmult_gen.h
noinst_HEADERS += src/ecmult_gen_impl.h
Rename ecmult_gen_prec -> ecmult_gen_compute_table
2021-12-17 11:33:38 -05:00
noinst_HEADERS += src/ecmult_gen_compute_table.h
noinst_HEADERS += src/ecmult_gen_compute_table_impl.h
autotools: autotools'ify libsecp256k1
2014-01-17 22:52:33 -05:00
noinst_HEADERS += src/field_10x26.h
Move implementations from impl/*.h to *_impl.h
2014-03-07 01:11:01 +01:00
noinst_HEADERS += src/field_10x26_impl.h
autotools: autotools'ify libsecp256k1
2014-01-17 22:52:33 -05:00
noinst_HEADERS += src/field_5x52.h
Move implementations from impl/*.h to *_impl.h
2014-03-07 01:11:01 +01:00
noinst_HEADERS += src/field_5x52_impl.h
noinst_HEADERS += src/field_5x52_int128_impl.h
Add safegcd based modular inverse modules Refactored by: Pieter Wuille <pieter@wuille.net>
2020-11-29 14:01:03 -08:00
noinst_HEADERS += src/modinv32.h
noinst_HEADERS += src/modinv32_impl.h
noinst_HEADERS += src/modinv64.h
noinst_HEADERS += src/modinv64_impl.h
Split off .c file from precomputed_ecmult.h
2021-12-17 14:21:38 -05:00
noinst_HEADERS += src/precomputed_ecmult.h
Split off .c file from precomputed_ecmult_gen.h
2021-12-17 13:50:39 -05:00
noinst_HEADERS += src/precomputed_ecmult_gen.h
Compile-time check assumptions on integer types
2020-08-12 15:52:20 -07:00
noinst_HEADERS += src/assumptions.h
Abstract interactions with valgrind behind new checkmem.h
2022-12-06 16:35:35 -05:00
noinst_HEADERS += src/checkmem.h
refactor: introduce testutil.h (deduplicate `random_fe_`, `ge_equals_` helpers)
2023-08-17 19:25:56 +02:00
noinst_HEADERS += src/testutil.h
autotools: autotools'ify libsecp256k1
2014-01-17 22:52:33 -05:00
noinst_HEADERS += src/util.h
Simulated int128 type.
2022-07-27 11:09:51 -04:00
noinst_HEADERS += src/int128.h
noinst_HEADERS += src/int128_impl.h
noinst_HEADERS += src/int128_native.h
noinst_HEADERS += src/int128_native_impl.h
noinst_HEADERS += src/int128_struct.h
noinst_HEADERS += src/int128_struct_impl.h
add resizeable scratch space API Alignment support by Pieter Wuille.
2017-07-22 18:03:17 +00:00
noinst_HEADERS += src/scratch.h
noinst_HEADERS += src/scratch_impl.h
Add SHA256 selftest
2020-08-17 13:48:22 -07:00
noinst_HEADERS += src/selftest.h
field_gmp's negate doesn't need to use the magnitude argument.
2014-11-12 15:59:26 -08:00
noinst_HEADERS += src/testrand.h
noinst_HEADERS += src/testrand_impl.h
Use rfc6979 as default nonce generation function
2014-12-13 18:06:33 +01:00
noinst_HEADERS += src/hash.h
noinst_HEADERS += src/hash_impl.h
autotools: autotools'ify libsecp256k1
2014-01-17 22:52:33 -05:00
noinst_HEADERS += src/field.h
Move implementations from impl/*.h to *_impl.h
2014-03-07 01:11:01 +01:00
noinst_HEADERS += src/field_impl.h
Make the benchmarks print out stats
2014-12-04 20:26:54 +01:00
noinst_HEADERS += src/bench.h
autotools: Move Wycheproof header from EXTRA_DIST to noinst_HEADERS
2023-04-14 07:11:46 +02:00
noinst_HEADERS += src/wycheproof/ecdsa_secp256k1_sha256_bitcoin_test.h
Add contrib/lax_der_parsing.h This shows a snippet of code to do lax DER parsing, without obeying to any particular standard.
2015-10-14 17:43:20 +02:00
noinst_HEADERS += contrib/lax_der_parsing.h
Change contrib/laxder from headers-only to files compilable as standalone C Verified that both programs compile with gcc -I. -I../include -lsecp256k1 -c -W -Wextra -Wall -Werror -ansi -pedantic lax_der_privatekey_parsing.c gcc -I. -I../include -lsecp256k1 -c -W -Wextra -Wall -Werror -ansi -pedantic lax_der_parsing.c
2015-10-26 15:21:53 -05:00
noinst_HEADERS += contrib/lax_der_parsing.c
Move secp256k1_ec_privkey_import/export to contrib. These functions are intended for compatibility with legacy software, and are not normally needed in new secp256k1 applications. They also do not obeying any particular standard (and likely cannot without without undermining their compatibility), and so are a better fit for contrib.
2015-10-21 04:02:30 +00:00
noinst_HEADERS += contrib/lax_der_privatekey_parsing.h
Change contrib/laxder from headers-only to files compilable as standalone C Verified that both programs compile with gcc -I. -I../include -lsecp256k1 -c -W -Wextra -Wall -Werror -ansi -pedantic lax_der_privatekey_parsing.c gcc -I. -I../include -lsecp256k1 -c -W -Wextra -Wall -Werror -ansi -pedantic lax_der_parsing.c
2015-10-26 15:21:53 -05:00
noinst_HEADERS += contrib/lax_der_privatekey_parsing.c
prevent optimization in algorithms Signed-off-by: Harshil Jani <harshiljani2002@gmail.com> Add secure_erase function to clear secrets Signed-off-by: Harshil Jani <harshiljani2002@gmail.com> Update the function with good practices Signed-off-by: Harshil Jani <harshiljani2002@gmail.com> Renaming random.h to examples_util.h Signed-off-by: Harshil Jani <harshiljani2002@gmail.com>
2023-02-17 14:08:06 +05:30
noinst_HEADERS += examples/examples_util.h
autotools: autotools'ify libsecp256k1
2014-01-17 22:52:33 -05:00
Split off .c file from precomputed_ecmult_gen.h
2021-12-17 13:50:39 -05:00
PRECOMPUTED_LIB = libsecp256k1_precomputed.la
noinst_LTLIBRARIES = $(PRECOMPUTED_LIB)
Split off .c file from precomputed_ecmult.h
2021-12-17 14:21:38 -05:00
libsecp256k1_precomputed_la_SOURCES = src/precomputed_ecmult.c src/precomputed_ecmult_gen.c
Makefile: add -I$(top_srcdir)/src to CPPFLAGS for precomputed When performing an out-of-source-tree build, regenerating the source files for the precomputed ecmult tables places them outside the source tree. Then, when they are to be compiled, they cannot find the headers they need because the source tree is absent from their include search path. This appears to have been an oversight, as the relevant -I options are present in libsecp256k1_la_CPPFLAGS but were missing from libsecp256k1_precomputed_la_CPPFLAGS. This commit adds them.
2022-11-21 22:13:04 -05:00
# We need `-I$(top_srcdir)/src` in VPATH builds if libsecp256k1_precomputed_la_SOURCES have been recreated in the build tree.
# This helps users and packagers who insist on recreating the precomputed files (e.g., Gentoo).
Drop no longer used `SECP_{LIBS,INCLUDE}` variables The last usage of the `SECP_INCLUDE` variable was removed in https://github.com/bitcoin-core/secp256k1/pull/1169.
2023-01-19 09:43:28 +00:00
libsecp256k1_precomputed_la_CPPFLAGS = -I$(top_srcdir)/src $(SECP_CONFIG_DEFINES)
Split off .c file from precomputed_ecmult_gen.h
2021-12-17 13:50:39 -05:00
ARM assembly implementation of field_10x26 inner Rebased-by: Pieter Wuille <pieter.wuille@gmail.com>
2014-12-24 12:12:37 +01:00
if USE_EXTERNAL_ASM
COMMON_LIB = libsecp256k1_common.la
else
COMMON_LIB =
endif
Split off .c file from precomputed_ecmult_gen.h
2021-12-17 13:50:39 -05:00
noinst_LTLIBRARIES += $(COMMON_LIB)
ARM assembly implementation of field_10x26 inner Rebased-by: Pieter Wuille <pieter.wuille@gmail.com>
2014-12-24 12:12:37 +01:00
packaging: remove the --with-pkgconfigdir option It was not necessary and would only confuse packagers.
2014-05-20 20:59:11 -04:00
pkgconfigdir = $(libdir)/pkgconfig
add pkg-config support
2014-05-07 06:10:08 +00:00
pkgconfig_DATA = libsecp256k1.pc
ARM assembly implementation of field_10x26 inner Rebased-by: Pieter Wuille <pieter.wuille@gmail.com>
2014-12-24 12:12:37 +01:00
if USE_EXTERNAL_ASM
if USE_ASM_ARM
libsecp256k1_common_la_SOURCES = src/asm/field_10x26_arm.s
endif
endif
Make tests and bench just use asm directly instead of library Thanks to Cory Fields for the suggestion.
2014-08-19 13:39:58 +02:00
libsecp256k1_la_SOURCES = src/secp256k1.c
Drop no longer used `SECP_{LIBS,INCLUDE}` variables The last usage of the `SECP_INCLUDE` variable was removed in https://github.com/bitcoin-core/secp256k1/pull/1169.
2023-01-19 09:43:28 +00:00
libsecp256k1_la_CPPFLAGS = $(SECP_CONFIG_DEFINES)
libsecp256k1_la_LIBADD = $(COMMON_LIB) $(PRECOMPUTED_LIB)
build: set library version to 0.0.0 explicitly
2021-07-06 21:06:46 +00:00
libsecp256k1_la_LDFLAGS = -no-undefined -version-info $(LIB_VERSION_CURRENT):$(LIB_VERSION_REVISION):$(LIB_VERSION_AGE)
Make tests and bench just use asm directly instead of library Thanks to Cory Fields for the suggestion.
2014-08-19 13:39:58 +02:00
autotools: autotools'ify libsecp256k1
2014-01-17 22:52:33 -05:00
noinst_PROGRAMS =
if USE_BENCHMARK
Combine bench_sign and bench_verify into single bench
2021-10-17 12:08:06 -04:00
noinst_PROGRAMS += bench bench_internal bench_ecmult
bench_SOURCES = src/bench.c
Do not link `bench` and `ctime_tests` to `COMMON_LIB` The `bench` and `ctime_tests` are users of the library, they should only be linked to the library, not the objects it was built from.
2023-01-30 22:42:39 +00:00
bench_LDADD = libsecp256k1.la
Bugfix: pass SECP_CONFIG_DEFINES to bench compilation
2022-12-29 14:52:14 -05:00
bench_CPPFLAGS = $(SECP_CONFIG_DEFINES)
Benchmarks for all internal operations
2015-01-31 16:12:10 -04:00
bench_internal_SOURCES = src/bench_internal.c
Drop no longer used `SECP_{LIBS,INCLUDE}` variables The last usage of the `SECP_INCLUDE` variable was removed in https://github.com/bitcoin-core/secp256k1/pull/1169.
2023-01-19 09:43:28 +00:00
bench_internal_LDADD = $(COMMON_LIB) $(PRECOMPUTED_LIB)
bench_internal_CPPFLAGS = $(SECP_CONFIG_DEFINES)
Add bench_ecmult
2017-09-12 20:05:39 -07:00
bench_ecmult_SOURCES = src/bench_ecmult.c
Drop no longer used `SECP_{LIBS,INCLUDE}` variables The last usage of the `SECP_INCLUDE` variable was removed in https://github.com/bitcoin-core/secp256k1/pull/1169.
2023-01-19 09:43:28 +00:00
bench_ecmult_LDADD = $(COMMON_LIB) $(PRECOMPUTED_LIB)
bench_ecmult_CPPFLAGS = $(SECP_CONFIG_DEFINES)
autotools: autotools'ify libsecp256k1
2014-01-17 22:52:33 -05:00
endif
Add exhaustive test for group functions on a low-order subgroup We observe that when changing the b-value in the elliptic curve formula `y^2 = x^3 + ax + b`, the group law is unchanged. Therefore our functions for secp256k1 will be correct if and only if they are correct when applied to the curve defined by `y^2 = x^3 + 4` defined over the same field. This curve has a point P of order 199. This commit adds a test which computes the subgroup generated by P and exhaustively checks that addition of every pair of points gives the correct result. Unfortunately we cannot test const-time scalar multiplication by the same mechanism. The reason is that these ecmult functions both compute a wNAF representation of the scalar, and this representation is tied to the order of the group. Testing with the incomplete version of gej_add_ge (found in 5de4c5dff^) shows that this detects the incompleteness when adding P - 106P, which is exactly what we expected since 106 is a cube root of 1 mod 199.
2015-09-17 18:54:52 -05:00
TESTS =
autotools: autotools'ify libsecp256k1
2014-01-17 22:52:33 -05:00
if USE_TESTS
tests: Add noverify_tests which is like tests but without VERIFY
2023-01-05 11:37:40 +01:00
TESTS += noverify_tests
noinst_PROGRAMS += noverify_tests
noverify_tests_SOURCES = src/tests.c
Drop no longer used `SECP_{LIBS,INCLUDE}` variables The last usage of the `SECP_INCLUDE` variable was removed in https://github.com/bitcoin-core/secp256k1/pull/1169.
2023-01-19 09:43:28 +00:00
noverify_tests_CPPFLAGS = $(SECP_CONFIG_DEFINES)
noverify_tests_LDADD = $(COMMON_LIB) $(PRECOMPUTED_LIB)
tests: Add noverify_tests which is like tests but without VERIFY
2023-01-05 11:37:40 +01:00
noverify_tests_LDFLAGS = -static
configure: add --enable-coverage to set options for coverage analysis
2016-11-26 20:34:15 +00:00
if !ENABLE_COVERAGE
Add exhaustive test for group functions on a low-order subgroup We observe that when changing the b-value in the elliptic curve formula `y^2 = x^3 + ax + b`, the group law is unchanged. Therefore our functions for secp256k1 will be correct if and only if they are correct when applied to the curve defined by `y^2 = x^3 + 4` defined over the same field. This curve has a point P of order 199. This commit adds a test which computes the subgroup generated by P and exhaustively checks that addition of every pair of points gives the correct result. Unfortunately we cannot test const-time scalar multiplication by the same mechanism. The reason is that these ecmult functions both compute a wNAF representation of the scalar, and this representation is tied to the order of the group. Testing with the incomplete version of gej_add_ge (found in 5de4c5dff^) shows that this detects the incompleteness when adding P - 106P, which is exactly what we expected since 106 is a cube root of 1 mod 199.
2015-09-17 18:54:52 -05:00
TESTS += tests
tests: Add noverify_tests which is like tests but without VERIFY
2023-01-05 11:37:40 +01:00
noinst_PROGRAMS += tests
tests_SOURCES = $(noverify_tests_SOURCES)
tests_CPPFLAGS = $(noverify_tests_CPPFLAGS) -DVERIFY
tests_LDADD = $(noverify_tests_LDADD)
tests_LDFLAGS = $(noverify_tests_LDFLAGS)
endif
Add exhaustive test for group functions on a low-order subgroup We observe that when changing the b-value in the elliptic curve formula `y^2 = x^3 + ax + b`, the group law is unchanged. Therefore our functions for secp256k1 will be correct if and only if they are correct when applied to the curve defined by `y^2 = x^3 + 4` defined over the same field. This curve has a point P of order 199. This commit adds a test which computes the subgroup generated by P and exhaustively checks that addition of every pair of points gives the correct result. Unfortunately we cannot test const-time scalar multiplication by the same mechanism. The reason is that these ecmult functions both compute a wNAF representation of the scalar, and this representation is tied to the order of the group. Testing with the incomplete version of gej_add_ge (found in 5de4c5dff^) shows that this detects the incompleteness when adding P - 106P, which is exactly what we expected since 106 is a cube root of 1 mod 199.
2015-09-17 18:54:52 -05:00
endif
Make ctime tests building configurable
2022-12-06 23:12:15 -05:00
if USE_CTIME_TESTS
noinst_PROGRAMS += ctime_tests
ctime_tests_SOURCES = src/ctime_tests.c
Do not link `bench` and `ctime_tests` to `COMMON_LIB` The `bench` and `ctime_tests` are users of the library, they should only be linked to the library, not the objects it was built from.
2023-01-30 22:42:39 +00:00
ctime_tests_LDADD = libsecp256k1.la
Make ctime tests building configurable
2022-12-06 23:12:15 -05:00
ctime_tests_CPPFLAGS = $(SECP_CONFIG_DEFINES)
endif
Add exhaustive test for group functions on a low-order subgroup We observe that when changing the b-value in the elliptic curve formula `y^2 = x^3 + ax + b`, the group law is unchanged. Therefore our functions for secp256k1 will be correct if and only if they are correct when applied to the curve defined by `y^2 = x^3 + 4` defined over the same field. This curve has a point P of order 199. This commit adds a test which computes the subgroup generated by P and exhaustively checks that addition of every pair of points gives the correct result. Unfortunately we cannot test const-time scalar multiplication by the same mechanism. The reason is that these ecmult functions both compute a wNAF representation of the scalar, and this representation is tied to the order of the group. Testing with the incomplete version of gej_add_ge (found in 5de4c5dff^) shows that this detects the incompleteness when adding P - 106P, which is exactly what we expected since 106 is a cube root of 1 mod 199.
2015-09-17 18:54:52 -05:00
if USE_EXHAUSTIVE_TESTS
noinst_PROGRAMS += exhaustive_tests
exhaustive_tests_SOURCES = src/tests_exhaustive.c
Drop no longer used `SECP_{LIBS,INCLUDE}` variables The last usage of the `SECP_INCLUDE` variable was removed in https://github.com/bitcoin-core/secp256k1/pull/1169.
2023-01-19 09:43:28 +00:00
exhaustive_tests_CPPFLAGS = $(SECP_CONFIG_DEFINES)
configure: add --enable-coverage to set options for coverage analysis
2016-11-26 20:34:15 +00:00
if !ENABLE_COVERAGE
exhaustive_tests_CPPFLAGS += -DVERIFY
endif
Split off .c file from precomputed_ecmult_gen.h
2021-12-17 13:50:39 -05:00
# Note: do not include $(PRECOMPUTED_LIB) in exhaustive_tests (it uses runtime-generated tables).
Drop no longer used `SECP_{LIBS,INCLUDE}` variables The last usage of the `SECP_INCLUDE` variable was removed in https://github.com/bitcoin-core/secp256k1/pull/1169.
2023-01-19 09:43:28 +00:00
exhaustive_tests_LDADD = $(COMMON_LIB)
Add exhaustive test for group functions on a low-order subgroup We observe that when changing the b-value in the elliptic curve formula `y^2 = x^3 + ax + b`, the group law is unchanged. Therefore our functions for secp256k1 will be correct if and only if they are correct when applied to the curve defined by `y^2 = x^3 + 4` defined over the same field. This curve has a point P of order 199. This commit adds a test which computes the subgroup generated by P and exhaustively checks that addition of every pair of points gives the correct result. Unfortunately we cannot test const-time scalar multiplication by the same mechanism. The reason is that these ecmult functions both compute a wNAF representation of the scalar, and this representation is tied to the order of the group. Testing with the incomplete version of gej_add_ge (found in 5de4c5dff^) shows that this detects the incompleteness when adding P - 106P, which is exactly what we expected since 106 is a cube root of 1 mod 199.
2015-09-17 18:54:52 -05:00
exhaustive_tests_LDFLAGS = -static
TESTS += exhaustive_tests
autotools: autotools'ify libsecp256k1
2014-01-17 22:52:33 -05:00
endif
Optionally compile the examples in autotools, compile+run in travis
2020-04-30 14:34:24 +03:00
if USE_EXAMPLES
noinst_PROGRAMS += ecdsa_example
ecdsa_example_SOURCES = examples/ecdsa.c
build: Introduce `SECP256K1_STATIC` macro for Windows users It is a non-Libtool-specific way to explicitly specify the user's intention to consume a static `libseck256k1`. This change allows to get rid of MSVC linker warnings LNK4217 and LNK4286. Also, it makes possible to merge the `SECP256K1_API` and `SECP256K1_API_VAR` into one.
2023-06-30 09:26:48 +01:00
ecdsa_example_CPPFLAGS = -I$(top_srcdir)/include -DSECP256K1_STATIC
Optionally compile the examples in autotools, compile+run in travis
2020-04-30 14:34:24 +03:00
ecdsa_example_LDADD = libsecp256k1.la
ecdsa_example_LDFLAGS = -static
if BUILD_WINDOWS
ecdsa_example_LDFLAGS += -lbcrypt
endif
TESTS += ecdsa_example
if ENABLE_MODULE_ECDH
noinst_PROGRAMS += ecdh_example
ecdh_example_SOURCES = examples/ecdh.c
build: Introduce `SECP256K1_STATIC` macro for Windows users It is a non-Libtool-specific way to explicitly specify the user's intention to consume a static `libseck256k1`. This change allows to get rid of MSVC linker warnings LNK4217 and LNK4286. Also, it makes possible to merge the `SECP256K1_API` and `SECP256K1_API_VAR` into one.
2023-06-30 09:26:48 +01:00
ecdh_example_CPPFLAGS = -I$(top_srcdir)/include -DSECP256K1_STATIC
Optionally compile the examples in autotools, compile+run in travis
2020-04-30 14:34:24 +03:00
ecdh_example_LDADD = libsecp256k1.la
ecdh_example_LDFLAGS = -static
if BUILD_WINDOWS
ecdh_example_LDFLAGS += -lbcrypt
endif
TESTS += ecdh_example
endif
if ENABLE_MODULE_SCHNORRSIG
noinst_PROGRAMS += schnorr_example
schnorr_example_SOURCES = examples/schnorr.c
build: Introduce `SECP256K1_STATIC` macro for Windows users It is a non-Libtool-specific way to explicitly specify the user's intention to consume a static `libseck256k1`. This change allows to get rid of MSVC linker warnings LNK4217 and LNK4286. Also, it makes possible to merge the `SECP256K1_API` and `SECP256K1_API_VAR` into one.
2023-06-30 09:26:48 +01:00
schnorr_example_CPPFLAGS = -I$(top_srcdir)/include -DSECP256K1_STATIC
Optionally compile the examples in autotools, compile+run in travis
2020-04-30 14:34:24 +03:00
schnorr_example_LDADD = libsecp256k1.la
schnorr_example_LDFLAGS = -static
if BUILD_WINDOWS
schnorr_example_LDFLAGS += -lbcrypt
endif
TESTS += schnorr_example
endif
musig: replace MuSig(1) with MuSig2
2021-05-05 15:45:31 +00:00
if ENABLE_MODULE_MUSIG
examples: rename example_musig to musig_example for consistency
2022-03-30 15:06:46 +00:00
noinst_PROGRAMS += musig_example
musig_example_SOURCES = examples/musig.c
build: Fix linkage of extra binaries in -zkp modules
2023-07-28 11:28:58 +02:00
musig_example_CPPFLAGS = -I$(top_srcdir)/include -DSECP256K1_STATIC
examples: rename example_musig to musig_example for consistency
2022-03-30 15:06:46 +00:00
musig_example_LDADD = libsecp256k1.la
musig_example_LDFLAGS = -static
Merge commits 'c8aa516b 0a40a486 d8a24632 85b00a1c 59547943 5dcc6f8d 07752831 3ef94aa5 1253a277 64b34979 ac83be33 0e5cbd01 e0508ee9 587239db 1ac7e31c d0ad5814 912b7ccc 8746600e ' into temp-merge-1093 Revert: util: Remove endianness detection
2022-03-30 15:00:03 +00:00
if BUILD_WINDOWS
examples: rename example_musig to musig_example for consistency
2022-03-30 15:06:46 +00:00
musig_example_LDFLAGS += -lbcrypt
Merge commits 'c8aa516b 0a40a486 d8a24632 85b00a1c 59547943 5dcc6f8d 07752831 3ef94aa5 1253a277 64b34979 ac83be33 0e5cbd01 e0508ee9 587239db 1ac7e31c d0ad5814 912b7ccc 8746600e ' into temp-merge-1093 Revert: util: Remove endianness detection
2022-03-30 15:00:03 +00:00
endif
examples: rename example_musig to musig_example for consistency
2022-03-30 15:06:46 +00:00
TESTS += musig_example
musig: replace MuSig(1) with MuSig2
2021-05-05 15:45:31 +00:00
endif
Optionally compile the examples in autotools, compile+run in travis
2020-04-30 14:34:24 +03:00
endif
musig: replace MuSig(1) with MuSig2
2021-05-05 15:45:31 +00:00
build: Prebuild and distribute ecmult_gen table - Improve Makefile.am for both prebuilt tables files - On the way, tidy EXTRA_DIST: Move the header files to noinst_HEADERS, where they conceptually belong, and add missing SECURITY.md to EXTRA_DIST
2021-08-27 17:53:44 +02:00
### Precomputed tables
Rename gen_ecmult_static_pre_g -> precompute_ecmult
2021-12-17 11:19:45 -05:00
EXTRA_PROGRAMS = precompute_ecmult precompute_ecmult_gen
build: Prebuild and distribute ecmult_gen table - Improve Makefile.am for both prebuilt tables files - On the way, tidy EXTRA_DIST: Move the header files to noinst_HEADERS, where they conceptually belong, and add missing SECURITY.md to EXTRA_DIST
2021-08-27 17:53:44 +02:00
CLEANFILES = $(EXTRA_PROGRAMS)
Generate ecmult_static_pre_g.h This header contains a static array that replaces the ecmult_context pre_g and pre_g_128 tables. The gen_ecmult_static_pre_g program generates this header file.
2021-06-28 16:33:03 -04:00
Rename gen_ecmult_static_pre_g -> precompute_ecmult
2021-12-17 11:19:45 -05:00
precompute_ecmult_SOURCES = src/precompute_ecmult.c
build: Enable -DVERIFY for precomputation binaries
2023-05-17 23:28:36 +02:00
precompute_ecmult_CPPFLAGS = $(SECP_CONFIG_DEFINES) -DVERIFY
Drop no longer used `SECP_{LIBS,INCLUDE}` variables The last usage of the `SECP_INCLUDE` variable was removed in https://github.com/bitcoin-core/secp256k1/pull/1169.
2023-01-19 09:43:28 +00:00
precompute_ecmult_LDADD = $(COMMON_LIB)
Add ability to use a statically generated ecmult context. This vastly shrinks the size of the context required for signing on devices with memory-mapped Flash. Tables are generated by the new gen_context tool into a header.
2015-05-19 17:32:35 -07:00
Rename gen_ecmult_gen_static_prec_table -> precompute_ecmult_gen
2021-12-17 11:15:37 -05:00
precompute_ecmult_gen_SOURCES = src/precompute_ecmult_gen.c
build: Enable -DVERIFY for precomputation binaries
2023-05-17 23:28:36 +02:00
precompute_ecmult_gen_CPPFLAGS = $(SECP_CONFIG_DEFINES) -DVERIFY
Drop no longer used `SECP_{LIBS,INCLUDE}` variables The last usage of the `SECP_INCLUDE` variable was removed in https://github.com/bitcoin-core/secp256k1/pull/1169.
2023-01-19 09:43:28 +00:00
precompute_ecmult_gen_LDADD = $(COMMON_LIB)
Add ability to use a statically generated ecmult context. This vastly shrinks the size of the context required for signing on devices with memory-mapped Flash. Tables are generated by the new gen_context tool into a header.
2015-05-19 17:32:35 -07:00
build: Prebuild and distribute ecmult_gen table - Improve Makefile.am for both prebuilt tables files - On the way, tidy EXTRA_DIST: Move the header files to noinst_HEADERS, where they conceptually belong, and add missing SECURITY.md to EXTRA_DIST
2021-08-27 17:53:44 +02:00
# See Automake manual, Section "Errors with distclean".
# We don't list any dependencies for the prebuilt files here because
# otherwise make's decision whether to rebuild them (even in the first
# build by a normal user) depends on mtimes, and thus is very fragile.
# This means that rebuilds of the prebuilt files always need to be
autotools: Use same conventions for all pregenerated files
2023-04-14 07:37:10 +02:00
# forced by deleting them.
Split off .c file from precomputed_ecmult.h
2021-12-17 14:21:38 -05:00
src/precomputed_ecmult.c:
Rename gen_ecmult_static_pre_g -> precompute_ecmult
2021-12-17 11:19:45 -05:00
$(MAKE) $(AM_MAKEFLAGS) precompute_ecmult$(EXEEXT)
./precompute_ecmult$(EXEEXT)
Split off .c file from precomputed_ecmult_gen.h
2021-12-17 13:50:39 -05:00
src/precomputed_ecmult_gen.c:
Rename gen_ecmult_gen_static_prec_table -> precompute_ecmult_gen
2021-12-17 11:15:37 -05:00
$(MAKE) $(AM_MAKEFLAGS) precompute_ecmult_gen$(EXEEXT)
./precompute_ecmult_gen$(EXEEXT)
Add ability to use a statically generated ecmult context. This vastly shrinks the size of the context required for signing on devices with memory-mapped Flash. Tables are generated by the new gen_context tool into a header.
2015-05-19 17:32:35 -07:00
Split off .c file from precomputed_ecmult.h
2021-12-17 14:21:38 -05:00
PRECOMP = src/precomputed_ecmult_gen.c src/precomputed_ecmult.c
build: Prebuild and distribute ecmult_gen table - Improve Makefile.am for both prebuilt tables files - On the way, tidy EXTRA_DIST: Move the header files to noinst_HEADERS, where they conceptually belong, and add missing SECURITY.md to EXTRA_DIST
2021-08-27 17:53:44 +02:00
precomp: $(PRECOMP)
Add ability to use a statically generated ecmult context. This vastly shrinks the size of the context required for signing on devices with memory-mapped Flash. Tables are generated by the new gen_context tool into a header.
2015-05-19 17:32:35 -07:00
build: Prebuild and distribute ecmult_gen table - Improve Makefile.am for both prebuilt tables files - On the way, tidy EXTRA_DIST: Move the header files to noinst_HEADERS, where they conceptually belong, and add missing SECURITY.md to EXTRA_DIST
2021-08-27 17:53:44 +02:00
# Ensure the prebuilt files will be build first (only if they don't exist,
# e.g., after `make maintainer-clean`).
BUILT_SOURCES = $(PRECOMP)
Add gen_context src/ecmult_static_context.h to CLEANFILES to fix distclean.
2015-07-16 00:05:32 +00:00
autotools: Make all "pregenerated" targets .PHONY This follows the automake conventions more, see: https://www.gnu.org/software/automake/manual/html_node/Clean.html
2023-04-14 07:45:49 +02:00
.PHONY: clean-precomp
build: Prebuild and distribute ecmult_gen table - Improve Makefile.am for both prebuilt tables files - On the way, tidy EXTRA_DIST: Move the header files to noinst_HEADERS, where they conceptually belong, and add missing SECURITY.md to EXTRA_DIST
2021-08-27 17:53:44 +02:00
clean-precomp:
rm -f $(PRECOMP)
autotools: Make all "pregenerated" targets .PHONY This follows the automake conventions more, see: https://www.gnu.org/software/automake/manual/html_node/Clean.html
2023-04-14 07:45:49 +02:00
maintainer-clean-local: clean-precomp
Add ability to use a statically generated ecmult context. This vastly shrinks the size of the context required for signing on devices with memory-mapped Flash. Tables are generated by the new gen_context tool into a header.
2015-05-19 17:32:35 -07:00
autotools: Move code around to tidy Makefile
2023-04-14 07:22:01 +02:00
### Pregenerated test vectors
autotools: Use same conventions for all pregenerated files
2023-04-14 07:37:10 +02:00
### (see the comments in the previous section for detailed rationale)
autotools: Move code around to tidy Makefile
2023-04-14 07:22:01 +02:00
TESTVECTORS = src/wycheproof/ecdsa_secp256k1_sha256_bitcoin_test.h
src/wycheproof/ecdsa_secp256k1_sha256_bitcoin_test.h:
autotools: Create src/wycheproof dir before creating file in it This directory may not exist in a VPATH build, see https://github.com/bitcoin/bitcoin/pull/27445#issuecomment-1502994264 .
2023-04-14 07:54:24 +02:00
mkdir -p $(@D)
autotools: Take VPATH builds into account when generating testvectors
2023-04-25 11:44:25 +01:00
python3 $(top_srcdir)/tools/tests_wycheproof_generate.py $(top_srcdir)/src/wycheproof/ecdsa_secp256k1_sha256_bitcoin_test.json > $@
autotools: Move code around to tidy Makefile
2023-04-14 07:22:01 +02:00
testvectors: $(TESTVECTORS)
autotools: Use same conventions for all pregenerated files
2023-04-14 07:37:10 +02:00
BUILT_SOURCES += $(TESTVECTORS)
autotools: Make all "pregenerated" targets .PHONY This follows the automake conventions more, see: https://www.gnu.org/software/automake/manual/html_node/Clean.html
2023-04-14 07:45:49 +02:00
.PHONY: clean-testvectors
autotools: Move code around to tidy Makefile
2023-04-14 07:22:01 +02:00
clean-testvectors:
rm -f $(TESTVECTORS)
autotools: Make all "pregenerated" targets .PHONY This follows the automake conventions more, see: https://www.gnu.org/software/automake/manual/html_node/Clean.html
2023-04-14 07:45:49 +02:00
maintainer-clean-local: clean-testvectors
autotools: Move code around to tidy Makefile
2023-04-14 07:22:01 +02:00
### Additional files to distribute
build: add missing files to EXTRA_DIST
2022-12-12 21:20:52 +00:00
EXTRA_DIST = autogen.sh CHANGELOG.md SECURITY.md
EXTRA_DIST += doc/release-process.md doc/safegcd_implementation.md
EXTRA_DIST += examples/EXAMPLES_COPYING
EXTRA_DIST += sage/gen_exhaustive_groups.sage
EXTRA_DIST += sage/gen_split_lambda_constants.sage
EXTRA_DIST += sage/group_prover.sage
EXTRA_DIST += sage/prove_group_implementations.sage
EXTRA_DIST += sage/secp256k1_params.sage
EXTRA_DIST += sage/weierstrass_prover.sage
autotools: Move code around to tidy Makefile
2023-04-14 07:22:01 +02:00
EXTRA_DIST += src/wycheproof/WYCHEPROOF_COPYING
EXTRA_DIST += src/wycheproof/ecdsa_secp256k1_sha256_bitcoin_test.json
EXTRA_DIST += tools/tests_wycheproof_generate.py
Add ECDH module which works by hashing the output of ecmult_const
2015-06-29 15:06:28 -05:00
New Experimental Module: Incremental Half-Aggregation for Schnorr Signatures
2023-11-26 16:44:23 +01:00
if ENABLE_MODULE_SCHNORRSIG_HALFAGG
include src/modules/schnorrsig_halfagg/Makefile.am.include
endif
Rename buletproof_pp* to bppp*
2023-02-06 13:53:02 -08:00
if ENABLE_MODULE_BPPP
include src/modules/bppp/Makefile.am.include
bulletproofs: add new empty module
2022-08-27 15:02:44 +00:00
endif
Add ECDH module which works by hashing the output of ecmult_const
2015-06-29 15:06:28 -05:00
if ENABLE_MODULE_ECDH
include src/modules/ecdh/Makefile.am.include
endif
Add support for custom EC-Schnorr-SHA256 signatures
2015-07-24 15:44:49 +02:00
re-enable musig module
2020-10-14 15:03:26 +00:00
if ENABLE_MODULE_MUSIG
include src/modules/musig/Makefile.am.include
endif
Add MuSig module which allows creating n-of-n multisignatures and adaptor signatures.
2018-12-22 22:12:35 +00:00
Move pubkey recovery code to separate module
2015-08-27 03:42:57 +02:00
if ENABLE_MODULE_RECOVERY
include src/modules/recovery/Makefile.am.include
endif
Pedersen commitments, borromean ring signatures, and ZK range proofs. This commit adds three new cryptosystems to libsecp256k1: Pedersen commitments are a system for making blinded commitments to a value. Functionally they work like: commit_b,v = H(blind_b || value_v), except they are additively homorphic, e.g. C(b1, v1) - C(b2, v2) = C(b1 - b2, v1 - v2) and C(b1, v1) - C(b1, v1) = 0, etc. The commitments themselves are EC points, serialized as 33 bytes. In addition to the commit function this implementation includes utility functions for verifying that a set of commitments sums to zero, and for picking blinding factors that sum to zero. If the blinding factors are uniformly random, pedersen commitments have information theoretic privacy. Borromean ring signatures are a novel efficient ring signature construction for AND/OR admissions policies (the code here implements an AND of ORs, each of any size). This construction requires 32 bytes of signature per pubkey used plus 32 bytes of constant overhead. With these you can construct signatures like "Given pubkeys A B C D E F G, the signer knows the discrete logs satisifying (A || B) & (C || D || E) & (F || G)". ZK range proofs allow someone to prove a pedersen commitment is in a particular range (e.g. [0..2^64)) without revealing the specific value. The construction here is based on the above borromean ring signature and uses a radix-4 encoding and other optimizations to maximize efficiency. It also supports encoding proofs with a non-private base-10 exponent and minimum-value to allow trading off secrecy for size and speed (or just avoiding wasting space keeping data private that was already public due to external constraints). A proof for a 32-bit mantissa takes 2564 bytes, but 2048 bytes of this can be used to communicate a private message to a receiver who shares a secret random seed with the prover. Also: get rid of precomputed H tables (Pieter Wuille)
2015-08-05 19:04:14 +02:00
Constant-time generator module
2016-07-07 00:47:41 +02:00
if ENABLE_MODULE_GENERATOR
include src/modules/generator/Makefile.am.include
endif
Pedersen commitments, borromean ring signatures, and ZK range proofs. This commit adds three new cryptosystems to libsecp256k1: Pedersen commitments are a system for making blinded commitments to a value. Functionally they work like: commit_b,v = H(blind_b || value_v), except they are additively homorphic, e.g. C(b1, v1) - C(b2, v2) = C(b1 - b2, v1 - v2) and C(b1, v1) - C(b1, v1) = 0, etc. The commitments themselves are EC points, serialized as 33 bytes. In addition to the commit function this implementation includes utility functions for verifying that a set of commitments sums to zero, and for picking blinding factors that sum to zero. If the blinding factors are uniformly random, pedersen commitments have information theoretic privacy. Borromean ring signatures are a novel efficient ring signature construction for AND/OR admissions policies (the code here implements an AND of ORs, each of any size). This construction requires 32 bytes of signature per pubkey used plus 32 bytes of constant overhead. With these you can construct signatures like "Given pubkeys A B C D E F G, the signer knows the discrete logs satisifying (A || B) & (C || D || E) & (F || G)". ZK range proofs allow someone to prove a pedersen commitment is in a particular range (e.g. [0..2^64)) without revealing the specific value. The construction here is based on the above borromean ring signature and uses a radix-4 encoding and other optimizations to maximize efficiency. It also supports encoding proofs with a non-private base-10 exponent and minimum-value to allow trading off secrecy for size and speed (or just avoiding wasting space keeping data private that was already public due to external constraints). A proof for a 32-bit mantissa takes 2564 bytes, but 2048 bytes of this can be used to communicate a private message to a receiver who shares a secret random seed with the prover. Also: get rid of precomputed H tables (Pieter Wuille)
2015-08-05 19:04:14 +02:00
if ENABLE_MODULE_RANGEPROOF
include src/modules/rangeproof/Makefile.am.include
endif
Implement ring-signature based whitelist delegation scheme
2016-04-21 22:22:39 +00:00
if ENABLE_MODULE_WHITELIST
include src/modules/whitelist/Makefile.am.include
endif
add surjection proof module Includes fix and tests by Jonas Nick.
2016-07-01 15:51:07 +00:00
if ENABLE_MODULE_SURJECTIONPROOF
include src/modules/surjection/Makefile.am.include
endif
Merge commit '8ab24e8d' into tmp
2020-11-04 21:46:54 +00:00
extrakeys: Init empty experimental module This is to prepare for xonly_pubkeys and keypairs.
2020-05-12 13:58:47 +00:00
if ENABLE_MODULE_EXTRAKEYS
include src/modules/extrakeys/Makefile.am.include
endif
schnorrsig: Init empty experimental module
2020-05-12 21:19:03 +00:00
if ENABLE_MODULE_SCHNORRSIG
include src/modules/schnorrsig/Makefile.am.include
endif
ecdsa-s2c: block in module Co-authored-by: Marko Bencun <mbencun+pgp@gmail.com> Co-authored-by: Jonas Nick <jonasd.nick@gmail.com>
2020-12-05 23:18:54 +00:00
Add ellswift module implementing ElligatorSwift The scheme implemented is described below, and largely follows the paper "SwiftEC: Shallue–van de Woestijne Indifferentiable Function To Elliptic Curves", by Chavez-Saab, Rodriguez-Henriquez, and Tibouchi (https://eprint.iacr.org/2022/759). A new 64-byte public key format is introduced, with the property that *every* 64-byte array is an encoding for a non-infinite curve point. Each curve point has roughly 2^256 distinct encodings. This permits disguising public keys as uniformly random bytes. The new API functions: * secp256k1_ellswift_encode: convert a normal public key to an ellswift 64-byte public key, using additional entropy to pick among the many possible encodings. * secp256k1_ellswift_decode: convert an ellswift 64-byte public key to a normal public key. * secp256k1_ellswift_create: a faster and safer equivalent to calling secp256k1_ec_pubkey_create + secp256k1_ellswift_encode. * secp256k1_ellswift_xdh: x-only ECDH directly on ellswift 64-byte public keys, where the key encodings are fed to the hash function. The scheme itself is documented in secp256k1_ellswift.h.
2022-11-04 16:18:40 -04:00
if ENABLE_MODULE_ELLSWIFT
include src/modules/ellswift/Makefile.am.include
endif
Merge commits '83186db3 e9e4526a 5f7903c7 d373a721 09df0bfb 20a5da5f 908e02d5 d75dc59b debf3e5c bf29f8d0 60556c9f cb1a5927 67214f5f 45c5ca76 30574f22 0702ecb0 705ce7ed 3c1a0fd3 10836832 926dd3e9 ac43613d fd491ea1 799f4eec ' into temp-merge-1356
2023-07-26 15:19:08 +00:00
ecdsa-s2c: block in module Co-authored-by: Marko Bencun <mbencun+pgp@gmail.com> Co-authored-by: Jonas Nick <jonasd.nick@gmail.com>
2020-12-05 23:18:54 +00:00
if ENABLE_MODULE_ECDSA_S2C
include src/modules/ecdsa_s2c/Makefile.am.include
endif
ecdsa_adaptor: initialize project This commit adds the foundational configuration and building scripts and an initial structure for the project.
2021-03-04 23:38:48 -08:00
if ENABLE_MODULE_ECDSA_ADAPTOR
include src/modules/ecdsa_adaptor/Makefile.am.include
endif
frost: initialize project This commit adds the foundational configuration and building scripts and an initial structure for the project.
2024-06-17 17:06:25 -07:00
if ENABLE_MODULE_FROST
include src/modules/frost/Makefile.am.include
endif
Reference in New Issue Copy Permalink