2014-01-17 22:52:33 -05:00
|
|
|
|
AC_PREREQ([2.60])
|
|
|
|
|
|
AC_INIT([libsecp256k1],[0.1])
|
2014-11-07 01:55:27 +13:00
|
|
|
|
AC_CONFIG_AUX_DIR([build-aux])
|
|
|
|
|
|
AC_CONFIG_MACRO_DIR([build-aux/m4])
|
2014-01-17 22:52:33 -05:00
|
|
|
|
AC_CANONICAL_HOST
|
|
|
|
|
|
AH_TOP([#ifndef LIBSECP256K1_CONFIG_H])
|
|
|
|
|
|
AH_TOP([#define LIBSECP256K1_CONFIG_H])
|
2015-01-25 17:32:08 +00:00
|
|
|
|
AH_BOTTOM([#endif /*LIBSECP256K1_CONFIG_H*/])
|
2014-12-11 20:18:54 -05:00
|
|
|
|
AM_INIT_AUTOMAKE([foreign subdir-objects])
|
2014-01-17 22:52:33 -05:00
|
|
|
|
LT_INIT
|
|
|
|
|
|
|
2014-06-19 22:36:24 -04:00
|
|
|
|
dnl make the compilation flags quiet unless V=1 is used
|
|
|
|
|
|
m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
|
|
|
|
|
|
|
2014-01-17 22:52:33 -05:00
|
|
|
|
PKG_PROG_PKG_CONFIG
|
|
|
|
|
|
|
2014-07-24 17:19:59 -04:00
|
|
|
|
AC_PATH_TOOL(AR, ar)
|
|
|
|
|
|
AC_PATH_TOOL(RANLIB, ranlib)
|
|
|
|
|
|
AC_PATH_TOOL(STRIP, strip)
|
2015-05-19 17:32:35 -07:00
|
|
|
|
AX_PROG_CC_FOR_BUILD
|
2014-07-24 17:19:59 -04:00
|
|
|
|
|
2014-12-09 11:48:34 +01:00
|
|
|
|
if test "x$CFLAGS" = "x"; then
|
2016-11-26 20:34:15 +00:00
|
|
|
|
CFLAGS="-g"
|
2014-12-09 01:30:43 +01:00
|
|
|
|
fi
|
|
|
|
|
|
|
2015-07-19 16:07:46 +02:00
|
|
|
|
AM_PROG_CC_C_O
|
|
|
|
|
|
|
2015-01-25 17:32:08 +00:00
|
|
|
|
AC_PROG_CC_C89
|
|
|
|
|
|
if test x"$ac_cv_prog_cc_c89" = x"no"; then
|
|
|
|
|
|
AC_MSG_ERROR([c89 compiler support required])
|
2014-01-17 22:52:33 -05:00
|
|
|
|
fi
|
2014-12-24 12:12:37 +01:00
|
|
|
|
AM_PROG_AS
|
2014-01-17 22:52:33 -05:00
|
|
|
|
|
2014-05-20 11:39:54 +07:00
|
|
|
|
case $host_os in
|
2014-11-24 11:13:16 -05:00
|
|
|
|
*darwin*)
|
|
|
|
|
|
if test x$cross_compiling != xyes; then
|
|
|
|
|
|
AC_PATH_PROG([BREW],brew,)
|
|
|
|
|
|
if test x$BREW != x; then
|
|
|
|
|
|
dnl These Homebrew packages may be keg-only, meaning that they won't be found
|
|
|
|
|
|
dnl in expected paths because they may conflict with system files. Ask
|
|
|
|
|
|
dnl Homebrew where each one is located, then adjust paths accordingly.
|
|
|
|
|
|
|
|
|
|
|
|
openssl_prefix=`$BREW --prefix openssl 2>/dev/null`
|
|
|
|
|
|
gmp_prefix=`$BREW --prefix gmp 2>/dev/null`
|
|
|
|
|
|
if test x$openssl_prefix != x; then
|
|
|
|
|
|
PKG_CONFIG_PATH="$openssl_prefix/lib/pkgconfig:$PKG_CONFIG_PATH"
|
|
|
|
|
|
export PKG_CONFIG_PATH
|
|
|
|
|
|
fi
|
|
|
|
|
|
if test x$gmp_prefix != x; then
|
|
|
|
|
|
GMP_CPPFLAGS="-I$gmp_prefix/include"
|
|
|
|
|
|
GMP_LIBS="-L$gmp_prefix/lib"
|
|
|
|
|
|
fi
|
|
|
|
|
|
else
|
|
|
|
|
|
AC_PATH_PROG([PORT],port,)
|
|
|
|
|
|
dnl if homebrew isn't installed and macports is, add the macports default paths
|
|
|
|
|
|
dnl as a last resort.
|
|
|
|
|
|
if test x$PORT != x; then
|
|
|
|
|
|
CPPFLAGS="$CPPFLAGS -isystem /opt/local/include"
|
|
|
|
|
|
LDFLAGS="$LDFLAGS -L/opt/local/lib"
|
|
|
|
|
|
fi
|
|
|
|
|
|
fi
|
|
|
|
|
|
fi
|
|
|
|
|
|
;;
|
2014-05-20 11:39:54 +07:00
|
|
|
|
esac
|
|
|
|
|
|
|
2014-11-12 16:07:48 -08:00
|
|
|
|
CFLAGS="$CFLAGS -W"
|
|
|
|
|
|
|
2015-02-23 14:12:25 -08:00
|
|
|
|
warn_CFLAGS="-std=c89 -pedantic -Wall -Wextra -Wcast-align -Wnested-externs -Wshadow -Wstrict-prototypes -Wno-unused-function -Wno-long-long -Wno-overlength-strings"
|
2014-11-12 16:07:48 -08:00
|
|
|
|
saved_CFLAGS="$CFLAGS"
|
|
|
|
|
|
CFLAGS="$CFLAGS $warn_CFLAGS"
|
|
|
|
|
|
AC_MSG_CHECKING([if ${CC} supports ${warn_CFLAGS}])
|
|
|
|
|
|
AC_COMPILE_IFELSE([AC_LANG_SOURCE([[char foo;]])],
|
|
|
|
|
|
[ AC_MSG_RESULT([yes]) ],
|
|
|
|
|
|
[ AC_MSG_RESULT([no])
|
|
|
|
|
|
CFLAGS="$saved_CFLAGS"
|
|
|
|
|
|
])
|
|
|
|
|
|
|
2015-09-20 19:36:37 +00:00
|
|
|
|
saved_CFLAGS="$CFLAGS"
|
|
|
|
|
|
CFLAGS="$CFLAGS -fvisibility=hidden"
|
|
|
|
|
|
AC_MSG_CHECKING([if ${CC} supports -fvisibility=hidden])
|
|
|
|
|
|
AC_COMPILE_IFELSE([AC_LANG_SOURCE([[char foo;]])],
|
|
|
|
|
|
[ AC_MSG_RESULT([yes]) ],
|
|
|
|
|
|
[ AC_MSG_RESULT([no])
|
|
|
|
|
|
CFLAGS="$saved_CFLAGS"
|
|
|
|
|
|
])
|
2014-11-12 16:07:48 -08:00
|
|
|
|
|
2014-01-17 22:52:33 -05:00
|
|
|
|
AC_ARG_ENABLE(benchmark,
|
2019-03-06 14:10:38 +01:00
|
|
|
|
AS_HELP_STRING([--enable-benchmark],[compile benchmark [default=yes]]),
|
2014-01-17 22:52:33 -05:00
|
|
|
|
[use_benchmark=$enableval],
|
2017-09-27 15:13:38 -07:00
|
|
|
|
[use_benchmark=yes])
|
2014-01-17 22:52:33 -05:00
|
|
|
|
|
2016-11-26 20:34:15 +00:00
|
|
|
|
AC_ARG_ENABLE(coverage,
|
2019-03-06 14:10:38 +01:00
|
|
|
|
AS_HELP_STRING([--enable-coverage],[enable compiler flags to support kcov coverage analysis [default=no]]),
|
2016-11-26 20:34:15 +00:00
|
|
|
|
[enable_coverage=$enableval],
|
|
|
|
|
|
[enable_coverage=no])
|
|
|
|
|
|
|
2014-01-17 22:52:33 -05:00
|
|
|
|
AC_ARG_ENABLE(tests,
|
2019-03-06 14:10:38 +01:00
|
|
|
|
AS_HELP_STRING([--enable-tests],[compile tests [default=yes]]),
|
2014-01-17 22:52:33 -05:00
|
|
|
|
[use_tests=$enableval],
|
|
|
|
|
|
[use_tests=yes])
|
|
|
|
|
|
|
2016-07-05 11:00:39 +00:00
|
|
|
|
AC_ARG_ENABLE(openssl_tests,
|
2019-03-06 14:10:38 +01:00
|
|
|
|
AS_HELP_STRING([--enable-openssl-tests],[enable OpenSSL tests [default=auto]]),
|
2016-07-05 11:00:39 +00:00
|
|
|
|
[enable_openssl_tests=$enableval],
|
|
|
|
|
|
[enable_openssl_tests=auto])
|
|
|
|
|
|
|
2015-11-26 00:06:41 +01:00
|
|
|
|
AC_ARG_ENABLE(experimental,
|
2019-03-06 14:10:38 +01:00
|
|
|
|
AS_HELP_STRING([--enable-experimental],[allow experimental configure options [default=no]]),
|
2015-11-26 00:06:41 +01:00
|
|
|
|
[use_experimental=$enableval],
|
|
|
|
|
|
[use_experimental=no])
|
|
|
|
|
|
|
2015-09-17 18:54:52 -05:00
|
|
|
|
AC_ARG_ENABLE(exhaustive_tests,
|
2019-03-06 14:10:38 +01:00
|
|
|
|
AS_HELP_STRING([--enable-exhaustive-tests],[compile exhaustive tests [default=yes]]),
|
2015-09-17 18:54:52 -05:00
|
|
|
|
[use_exhaustive_tests=$enableval],
|
|
|
|
|
|
[use_exhaustive_tests=yes])
|
|
|
|
|
|
|
2014-01-17 22:52:33 -05:00
|
|
|
|
AC_ARG_ENABLE(endomorphism,
|
2019-03-06 14:10:38 +01:00
|
|
|
|
AS_HELP_STRING([--enable-endomorphism],[enable endomorphism [default=no]]),
|
2014-01-17 22:52:33 -05:00
|
|
|
|
[use_endomorphism=$enableval],
|
2014-01-24 16:57:13 -05:00
|
|
|
|
[use_endomorphism=no])
|
2015-11-26 00:06:41 +01:00
|
|
|
|
|
2015-05-19 17:32:35 -07:00
|
|
|
|
AC_ARG_ENABLE(ecmult_static_precomputation,
|
2019-03-06 14:10:38 +01:00
|
|
|
|
AS_HELP_STRING([--enable-ecmult-static-precomputation],[enable precomputed ecmult table for signing [default=auto]]),
|
2015-05-19 17:32:35 -07:00
|
|
|
|
[use_ecmult_static_precomputation=$enableval],
|
2016-02-16 15:50:17 -05:00
|
|
|
|
[use_ecmult_static_precomputation=auto])
|
2014-01-17 22:52:33 -05:00
|
|
|
|
|
2015-06-29 15:06:28 -05:00
|
|
|
|
AC_ARG_ENABLE(module_ecdh,
|
2015-11-26 00:06:41 +01:00
|
|
|
|
AS_HELP_STRING([--enable-module-ecdh],[enable ECDH shared secret computation (experimental)]),
|
2015-06-29 15:06:28 -05:00
|
|
|
|
[enable_module_ecdh=$enableval],
|
|
|
|
|
|
[enable_module_ecdh=no])
|
|
|
|
|
|
|
2018-05-09 15:37:35 +00:00
|
|
|
|
AC_ARG_ENABLE(module_schnorrsig,
|
|
|
|
|
|
AS_HELP_STRING([--enable-module-schnorrsig],[enable schnorrsig module (experimental)]),
|
|
|
|
|
|
[enable_module_schnorrsig=$enableval],
|
|
|
|
|
|
[enable_module_schnorrsig=no])
|
|
|
|
|
|
|
2018-12-22 22:12:35 +00:00
|
|
|
|
AC_ARG_ENABLE(module_musig,
|
|
|
|
|
|
AS_HELP_STRING([--enable-module-musig],[enable MuSig module (experimental)]),
|
|
|
|
|
|
[enable_module_musig=$enableval],
|
|
|
|
|
|
[enable_module_musig=no])
|
|
|
|
|
|
|
2015-08-27 03:42:57 +02:00
|
|
|
|
AC_ARG_ENABLE(module_recovery,
|
2019-03-06 14:10:38 +01:00
|
|
|
|
AS_HELP_STRING([--enable-module-recovery],[enable ECDSA pubkey recovery module [default=no]]),
|
2015-08-27 03:42:57 +02:00
|
|
|
|
[enable_module_recovery=$enableval],
|
|
|
|
|
|
[enable_module_recovery=no])
|
|
|
|
|
|
|
2016-07-07 00:47:41 +02:00
|
|
|
|
AC_ARG_ENABLE(module_generator,
|
2019-04-05 21:26:19 +02:00
|
|
|
|
AS_HELP_STRING([--enable-module-generator],[enable NUMS generator module [default=no]]),
|
2016-07-07 00:47:41 +02:00
|
|
|
|
[enable_module_generator=$enableval],
|
|
|
|
|
|
[enable_module_generator=no])
|
|
|
|
|
|
|
Pedersen commitments, borromean ring signatures, and ZK range proofs.
This commit adds three new cryptosystems to libsecp256k1:
Pedersen commitments are a system for making blinded commitments
to a value. Functionally they work like:
commit_b,v = H(blind_b || value_v),
except they are additively homorphic, e.g.
C(b1, v1) - C(b2, v2) = C(b1 - b2, v1 - v2) and
C(b1, v1) - C(b1, v1) = 0, etc.
The commitments themselves are EC points, serialized as 33 bytes.
In addition to the commit function this implementation includes
utility functions for verifying that a set of commitments sums
to zero, and for picking blinding factors that sum to zero.
If the blinding factors are uniformly random, pedersen commitments
have information theoretic privacy.
Borromean ring signatures are a novel efficient ring signature
construction for AND/OR admissions policies (the code here implements
an AND of ORs, each of any size). This construction requires
32 bytes of signature per pubkey used plus 32 bytes of constant
overhead. With these you can construct signatures like "Given pubkeys
A B C D E F G, the signer knows the discrete logs
satisifying (A || B) & (C || D || E) & (F || G)".
ZK range proofs allow someone to prove a pedersen commitment is in
a particular range (e.g. [0..2^64)) without revealing the specific
value. The construction here is based on the above borromean
ring signature and uses a radix-4 encoding and other optimizations
to maximize efficiency. It also supports encoding proofs with a
non-private base-10 exponent and minimum-value to allow trading
off secrecy for size and speed (or just avoiding wasting space
keeping data private that was already public due to external
constraints).
A proof for a 32-bit mantissa takes 2564 bytes, but 2048 bytes of
this can be used to communicate a private message to a receiver
who shares a secret random seed with the prover.
2015-08-05 19:04:14 +02:00
|
|
|
|
AC_ARG_ENABLE(module_rangeproof,
|
2019-04-05 21:26:19 +02:00
|
|
|
|
AS_HELP_STRING([--enable-module-rangeproof],[enable Pedersen / zero-knowledge range proofs module [default=no]]),
|
Pedersen commitments, borromean ring signatures, and ZK range proofs.
This commit adds three new cryptosystems to libsecp256k1:
Pedersen commitments are a system for making blinded commitments
to a value. Functionally they work like:
commit_b,v = H(blind_b || value_v),
except they are additively homorphic, e.g.
C(b1, v1) - C(b2, v2) = C(b1 - b2, v1 - v2) and
C(b1, v1) - C(b1, v1) = 0, etc.
The commitments themselves are EC points, serialized as 33 bytes.
In addition to the commit function this implementation includes
utility functions for verifying that a set of commitments sums
to zero, and for picking blinding factors that sum to zero.
If the blinding factors are uniformly random, pedersen commitments
have information theoretic privacy.
Borromean ring signatures are a novel efficient ring signature
construction for AND/OR admissions policies (the code here implements
an AND of ORs, each of any size). This construction requires
32 bytes of signature per pubkey used plus 32 bytes of constant
overhead. With these you can construct signatures like "Given pubkeys
A B C D E F G, the signer knows the discrete logs
satisifying (A || B) & (C || D || E) & (F || G)".
ZK range proofs allow someone to prove a pedersen commitment is in
a particular range (e.g. [0..2^64)) without revealing the specific
value. The construction here is based on the above borromean
ring signature and uses a radix-4 encoding and other optimizations
to maximize efficiency. It also supports encoding proofs with a
non-private base-10 exponent and minimum-value to allow trading
off secrecy for size and speed (or just avoiding wasting space
keeping data private that was already public due to external
constraints).
A proof for a 32-bit mantissa takes 2564 bytes, but 2048 bytes of
this can be used to communicate a private message to a receiver
who shares a secret random seed with the prover.
2015-08-05 19:04:14 +02:00
|
|
|
|
[enable_module_rangeproof=$enableval],
|
|
|
|
|
|
[enable_module_rangeproof=no])
|
|
|
|
|
|
|
2016-04-21 22:22:39 +00:00
|
|
|
|
AC_ARG_ENABLE(module_whitelist,
|
2019-04-05 21:26:19 +02:00
|
|
|
|
AS_HELP_STRING([--enable-module-whitelist],[enable key whitelisting module [default=no]]),
|
2016-04-21 22:22:39 +00:00
|
|
|
|
[enable_module_whitelist=$enableval],
|
|
|
|
|
|
[enable_module_whitelist=no])
|
|
|
|
|
|
|
2019-03-04 15:36:35 +01:00
|
|
|
|
AC_ARG_ENABLE(external_default_callbacks,
|
2019-04-05 21:26:19 +02:00
|
|
|
|
AS_HELP_STRING([--enable-external-default-callbacks],[enable external default callback functions [default=no]]),
|
2019-03-04 15:36:35 +01:00
|
|
|
|
[use_external_default_callbacks=$enableval],
|
|
|
|
|
|
[use_external_default_callbacks=no])
|
|
|
|
|
|
|
2014-12-16 22:23:17 -05:00
|
|
|
|
AC_ARG_ENABLE(jni,
|
2019-03-06 14:10:38 +01:00
|
|
|
|
AS_HELP_STRING([--enable-jni],[enable libsecp256k1_jni [default=no]]),
|
2014-12-16 22:23:17 -05:00
|
|
|
|
[use_jni=$enableval],
|
2017-08-16 15:45:07 +09:00
|
|
|
|
[use_jni=no])
|
2014-12-16 22:23:17 -05:00
|
|
|
|
|
2016-07-01 15:51:07 +00:00
|
|
|
|
AC_ARG_ENABLE(module_surjectionproof,
|
2019-04-05 21:26:19 +02:00
|
|
|
|
AS_HELP_STRING([--enable-module-surjectionproof],[enable surjection proof module [default=no]]),
|
2016-07-01 15:51:07 +00:00
|
|
|
|
[enable_module_surjectionproof=$enableval],
|
|
|
|
|
|
[enable_module_surjectionproof=no])
|
|
|
|
|
|
|
2014-12-17 12:41:31 +01:00
|
|
|
|
AC_ARG_WITH([field], [AS_HELP_STRING([--with-field=64bit|32bit|auto],
|
2019-03-06 14:10:38 +01:00
|
|
|
|
[finite field implementation to use [default=auto]])],[req_field=$withval], [req_field=auto])
|
2014-01-17 22:52:33 -05:00
|
|
|
|
|
2014-12-12 16:20:47 +01:00
|
|
|
|
AC_ARG_WITH([bignum], [AS_HELP_STRING([--with-bignum=gmp|no|auto],
|
2019-03-06 14:10:38 +01:00
|
|
|
|
[bignum implementation to use [default=auto]])],[req_bignum=$withval], [req_bignum=auto])
|
2014-01-17 22:52:33 -05:00
|
|
|
|
|
2014-10-29 00:35:49 -07:00
|
|
|
|
AC_ARG_WITH([scalar], [AS_HELP_STRING([--with-scalar=64bit|32bit|auto],
|
2019-03-06 14:10:38 +01:00
|
|
|
|
[scalar implementation to use [default=auto]])],[req_scalar=$withval], [req_scalar=auto])
|
2014-10-29 00:35:49 -07:00
|
|
|
|
|
2019-03-06 14:10:38 +01:00
|
|
|
|
AC_ARG_WITH([asm], [AS_HELP_STRING([--with-asm=x86_64|arm|no|auto],
|
|
|
|
|
|
[assembly optimizations to use (experimental: arm) [default=auto]])],[req_asm=$withval], [req_asm=auto])
|
2014-12-12 16:20:47 +01:00
|
|
|
|
|
2019-03-06 13:12:33 +01:00
|
|
|
|
# Default is window size 16 (or window size 15 with endomorphism) which needs 1.375 MiB. */
|
|
|
|
|
|
AC_ARG_WITH([ecmult-window], [AS_HELP_STRING([--with-ecmult-window=SIZE|auto],
|
|
|
|
|
|
[window size for ecmult precomputation for verification, specified as integer in range [3..24].]
|
|
|
|
|
|
[Larger values result in possibly better performance at the cost of an exponentially larger precomputed table.]
|
|
|
|
|
|
[The table will store 2^(SIZE-2) * 64 bytes of data but can be larger in memory due]
|
|
|
|
|
|
[to platform-specific padding and alignment. "auto" is a reasonable setting for desktop machines]
|
|
|
|
|
|
[(currently 15 if the endomorphism optimization is disabled and 16 if it is enabled). [default=auto]]
|
|
|
|
|
|
)],
|
|
|
|
|
|
[req_ecmult_window=$withval], [req_ecmult_window=auto])
|
|
|
|
|
|
|
2014-01-17 22:52:33 -05:00
|
|
|
|
AC_CHECK_TYPES([__int128])
|
|
|
|
|
|
|
2014-12-08 19:08:49 -05:00
|
|
|
|
AC_MSG_CHECKING([for __builtin_expect])
|
|
|
|
|
|
AC_COMPILE_IFELSE([AC_LANG_SOURCE([[void myfunc() {__builtin_expect(0,0);}]])],
|
|
|
|
|
|
[ AC_MSG_RESULT([yes]);AC_DEFINE(HAVE_BUILTIN_EXPECT,1,[Define this symbol if __builtin_expect is available]) ],
|
|
|
|
|
|
[ AC_MSG_RESULT([no])
|
|
|
|
|
|
])
|
2014-08-18 23:07:46 +02:00
|
|
|
|
|
2016-11-26 20:34:15 +00:00
|
|
|
|
if test x"$enable_coverage" = x"yes"; then
|
|
|
|
|
|
AC_DEFINE(COVERAGE, 1, [Define this symbol to compile out all VERIFY code])
|
|
|
|
|
|
CFLAGS="$CFLAGS -O0 --coverage"
|
|
|
|
|
|
LDFLAGS="--coverage"
|
|
|
|
|
|
else
|
|
|
|
|
|
CFLAGS="$CFLAGS -O3"
|
|
|
|
|
|
fi
|
|
|
|
|
|
|
2016-07-01 15:51:07 +00:00
|
|
|
|
AC_MSG_CHECKING([for __builtin_popcount])
|
|
|
|
|
|
AC_COMPILE_IFELSE([AC_LANG_SOURCE([[void myfunc() {__builtin_popcount(0);}]])],
|
|
|
|
|
|
[ AC_MSG_RESULT([yes]);AC_DEFINE(HAVE_BUILTIN_POPCOUNT,1,[Define this symbol if __builtin_popcount is available]) ],
|
|
|
|
|
|
[ AC_MSG_RESULT([no])
|
|
|
|
|
|
])
|
|
|
|
|
|
|
2016-02-16 15:50:17 -05:00
|
|
|
|
if test x"$use_ecmult_static_precomputation" != x"no"; then
|
|
|
|
|
|
save_cross_compiling=$cross_compiling
|
|
|
|
|
|
cross_compiling=no
|
|
|
|
|
|
TEMP_CC="$CC"
|
|
|
|
|
|
CC="$CC_FOR_BUILD"
|
|
|
|
|
|
AC_MSG_CHECKING([native compiler: ${CC_FOR_BUILD}])
|
|
|
|
|
|
AC_RUN_IFELSE(
|
|
|
|
|
|
[AC_LANG_PROGRAM([], [return 0])],
|
|
|
|
|
|
[working_native_cc=yes],
|
|
|
|
|
|
[working_native_cc=no],[dnl])
|
|
|
|
|
|
CC="$TEMP_CC"
|
|
|
|
|
|
cross_compiling=$save_cross_compiling
|
|
|
|
|
|
|
|
|
|
|
|
if test x"$working_native_cc" = x"no"; then
|
|
|
|
|
|
set_precomp=no
|
|
|
|
|
|
if test x"$use_ecmult_static_precomputation" = x"yes"; then
|
|
|
|
|
|
AC_MSG_ERROR([${CC_FOR_BUILD} does not produce working binaries. Please set CC_FOR_BUILD])
|
|
|
|
|
|
else
|
|
|
|
|
|
AC_MSG_RESULT([${CC_FOR_BUILD} does not produce working binaries. Please set CC_FOR_BUILD])
|
|
|
|
|
|
fi
|
|
|
|
|
|
else
|
|
|
|
|
|
AC_MSG_RESULT([ok])
|
|
|
|
|
|
set_precomp=yes
|
|
|
|
|
|
fi
|
|
|
|
|
|
else
|
|
|
|
|
|
set_precomp=no
|
|
|
|
|
|
fi
|
|
|
|
|
|
|
2015-08-05 16:17:50 +02:00
|
|
|
|
AC_MSG_CHECKING([for __builtin_clzll])
|
|
|
|
|
|
AC_COMPILE_IFELSE([AC_LANG_SOURCE([[void myfunc() { __builtin_clzll(1);}]])],
|
|
|
|
|
|
[ AC_MSG_RESULT([yes]);AC_DEFINE(HAVE_BUILTIN_CLZLL,1,[Define this symbol if __builtin_clzll is available]) ],
|
|
|
|
|
|
[ AC_MSG_RESULT([no])
|
|
|
|
|
|
])
|
|
|
|
|
|
|
2014-12-12 16:20:47 +01:00
|
|
|
|
if test x"$req_asm" = x"auto"; then
|
2014-01-24 16:57:13 -05:00
|
|
|
|
SECP_64BIT_ASM_CHECK
|
|
|
|
|
|
if test x"$has_64bit_asm" = x"yes"; then
|
2014-12-12 16:20:47 +01:00
|
|
|
|
set_asm=x86_64
|
|
|
|
|
|
fi
|
|
|
|
|
|
if test x"$set_asm" = x; then
|
|
|
|
|
|
set_asm=no
|
2014-01-17 22:52:33 -05:00
|
|
|
|
fi
|
2014-12-12 16:20:47 +01:00
|
|
|
|
else
|
|
|
|
|
|
set_asm=$req_asm
|
|
|
|
|
|
case $set_asm in
|
|
|
|
|
|
x86_64)
|
|
|
|
|
|
SECP_64BIT_ASM_CHECK
|
|
|
|
|
|
if test x"$has_64bit_asm" != x"yes"; then
|
|
|
|
|
|
AC_MSG_ERROR([x86_64 assembly optimization requested but not available])
|
|
|
|
|
|
fi
|
|
|
|
|
|
;;
|
2014-12-24 12:12:37 +01:00
|
|
|
|
arm)
|
|
|
|
|
|
;;
|
2014-12-12 16:20:47 +01:00
|
|
|
|
no)
|
|
|
|
|
|
;;
|
|
|
|
|
|
*)
|
|
|
|
|
|
AC_MSG_ERROR([invalid assembly optimization selection])
|
|
|
|
|
|
;;
|
|
|
|
|
|
esac
|
|
|
|
|
|
fi
|
2014-01-17 22:52:33 -05:00
|
|
|
|
|
2014-12-12 16:20:47 +01:00
|
|
|
|
if test x"$req_field" = x"auto"; then
|
|
|
|
|
|
if test x"set_asm" = x"x86_64"; then
|
|
|
|
|
|
set_field=64bit
|
|
|
|
|
|
fi
|
2014-01-17 22:52:33 -05:00
|
|
|
|
if test x"$set_field" = x; then
|
|
|
|
|
|
SECP_INT128_CHECK
|
|
|
|
|
|
if test x"$has_int128" = x"yes"; then
|
2014-01-24 16:57:13 -05:00
|
|
|
|
set_field=64bit
|
2014-01-17 22:52:33 -05:00
|
|
|
|
fi
|
|
|
|
|
|
fi
|
|
|
|
|
|
if test x"$set_field" = x; then
|
2014-01-24 16:57:13 -05:00
|
|
|
|
set_field=32bit
|
2014-01-17 22:52:33 -05:00
|
|
|
|
fi
|
|
|
|
|
|
else
|
|
|
|
|
|
set_field=$req_field
|
|
|
|
|
|
case $set_field in
|
2014-01-24 16:57:13 -05:00
|
|
|
|
64bit)
|
2014-12-12 16:20:47 +01:00
|
|
|
|
if test x"$set_asm" != x"x86_64"; then
|
|
|
|
|
|
SECP_INT128_CHECK
|
|
|
|
|
|
if test x"$has_int128" != x"yes"; then
|
|
|
|
|
|
AC_MSG_ERROR([64bit field explicitly requested but neither __int128 support or x86_64 assembly available])
|
|
|
|
|
|
fi
|
|
|
|
|
|
fi
|
2014-01-17 22:52:33 -05:00
|
|
|
|
;;
|
2014-01-24 16:57:13 -05:00
|
|
|
|
32bit)
|
2014-01-17 22:52:33 -05:00
|
|
|
|
;;
|
|
|
|
|
|
*)
|
|
|
|
|
|
AC_MSG_ERROR([invalid field implementation selection])
|
|
|
|
|
|
;;
|
|
|
|
|
|
esac
|
|
|
|
|
|
fi
|
|
|
|
|
|
|
2014-10-29 00:35:49 -07:00
|
|
|
|
if test x"$req_scalar" = x"auto"; then
|
2014-12-12 16:20:47 +01:00
|
|
|
|
SECP_INT128_CHECK
|
|
|
|
|
|
if test x"$has_int128" = x"yes"; then
|
|
|
|
|
|
set_scalar=64bit
|
2014-10-29 00:35:49 -07:00
|
|
|
|
fi
|
|
|
|
|
|
if test x"$set_scalar" = x; then
|
|
|
|
|
|
set_scalar=32bit
|
|
|
|
|
|
fi
|
|
|
|
|
|
else
|
|
|
|
|
|
set_scalar=$req_scalar
|
|
|
|
|
|
case $set_scalar in
|
|
|
|
|
|
64bit)
|
|
|
|
|
|
SECP_INT128_CHECK
|
2014-12-12 16:20:47 +01:00
|
|
|
|
if test x"$has_int128" != x"yes"; then
|
|
|
|
|
|
AC_MSG_ERROR([64bit scalar explicitly requested but __int128 support not available])
|
|
|
|
|
|
fi
|
2014-10-29 00:35:49 -07:00
|
|
|
|
;;
|
|
|
|
|
|
32bit)
|
|
|
|
|
|
;;
|
|
|
|
|
|
*)
|
|
|
|
|
|
AC_MSG_ERROR([invalid scalar implementation selected])
|
|
|
|
|
|
;;
|
|
|
|
|
|
esac
|
|
|
|
|
|
fi
|
|
|
|
|
|
|
2014-01-17 22:52:33 -05:00
|
|
|
|
if test x"$req_bignum" = x"auto"; then
|
|
|
|
|
|
SECP_GMP_CHECK
|
|
|
|
|
|
if test x"$has_gmp" = x"yes"; then
|
|
|
|
|
|
set_bignum=gmp
|
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
|
|
if test x"$set_bignum" = x; then
|
2014-12-12 16:20:47 +01:00
|
|
|
|
set_bignum=no
|
2014-01-17 22:52:33 -05:00
|
|
|
|
fi
|
|
|
|
|
|
else
|
|
|
|
|
|
set_bignum=$req_bignum
|
|
|
|
|
|
case $set_bignum in
|
|
|
|
|
|
gmp)
|
|
|
|
|
|
SECP_GMP_CHECK
|
2014-12-12 16:20:47 +01:00
|
|
|
|
if test x"$has_gmp" != x"yes"; then
|
|
|
|
|
|
AC_MSG_ERROR([gmp bignum explicitly requested but libgmp not available])
|
|
|
|
|
|
fi
|
2014-01-17 22:52:33 -05:00
|
|
|
|
;;
|
2014-12-12 16:20:47 +01:00
|
|
|
|
no)
|
2014-01-17 22:52:33 -05:00
|
|
|
|
;;
|
|
|
|
|
|
*)
|
|
|
|
|
|
AC_MSG_ERROR([invalid bignum implementation selection])
|
|
|
|
|
|
;;
|
|
|
|
|
|
esac
|
|
|
|
|
|
fi
|
|
|
|
|
|
|
2014-12-12 16:20:47 +01:00
|
|
|
|
# select assembly optimization
|
2014-12-24 12:12:37 +01:00
|
|
|
|
use_external_asm=no
|
|
|
|
|
|
|
2014-12-12 16:20:47 +01:00
|
|
|
|
case $set_asm in
|
|
|
|
|
|
x86_64)
|
|
|
|
|
|
AC_DEFINE(USE_ASM_X86_64, 1, [Define this symbol to enable x86_64 assembly optimizations])
|
|
|
|
|
|
;;
|
2014-12-24 12:12:37 +01:00
|
|
|
|
arm)
|
|
|
|
|
|
use_external_asm=yes
|
|
|
|
|
|
;;
|
2014-12-12 16:20:47 +01:00
|
|
|
|
no)
|
|
|
|
|
|
;;
|
|
|
|
|
|
*)
|
|
|
|
|
|
AC_MSG_ERROR([invalid assembly optimizations])
|
|
|
|
|
|
;;
|
|
|
|
|
|
esac
|
|
|
|
|
|
|
2014-01-17 22:52:33 -05:00
|
|
|
|
# select field implementation
|
|
|
|
|
|
case $set_field in
|
2014-01-24 16:57:13 -05:00
|
|
|
|
64bit)
|
2014-01-17 22:52:33 -05:00
|
|
|
|
AC_DEFINE(USE_FIELD_5X52, 1, [Define this symbol to use the FIELD_5X52 implementation])
|
|
|
|
|
|
;;
|
2014-01-24 16:57:13 -05:00
|
|
|
|
32bit)
|
2014-01-17 22:52:33 -05:00
|
|
|
|
AC_DEFINE(USE_FIELD_10X26, 1, [Define this symbol to use the FIELD_10X26 implementation])
|
|
|
|
|
|
;;
|
|
|
|
|
|
*)
|
|
|
|
|
|
AC_MSG_ERROR([invalid field implementation])
|
|
|
|
|
|
;;
|
|
|
|
|
|
esac
|
|
|
|
|
|
|
|
|
|
|
|
# select bignum implementation
|
|
|
|
|
|
case $set_bignum in
|
|
|
|
|
|
gmp)
|
2014-11-28 01:23:55 +01:00
|
|
|
|
AC_DEFINE(HAVE_LIBGMP, 1, [Define this symbol if libgmp is installed])
|
|
|
|
|
|
AC_DEFINE(USE_NUM_GMP, 1, [Define this symbol to use the gmp implementation for num])
|
2014-11-26 16:04:24 +01:00
|
|
|
|
AC_DEFINE(USE_FIELD_INV_NUM, 1, [Define this symbol to use the num-based field inverse implementation])
|
|
|
|
|
|
AC_DEFINE(USE_SCALAR_INV_NUM, 1, [Define this symbol to use the num-based scalar inverse implementation])
|
2014-01-17 22:52:33 -05:00
|
|
|
|
;;
|
2014-12-12 16:20:47 +01:00
|
|
|
|
no)
|
2014-11-28 01:23:55 +01:00
|
|
|
|
AC_DEFINE(USE_NUM_NONE, 1, [Define this symbol to use no num implementation])
|
|
|
|
|
|
AC_DEFINE(USE_FIELD_INV_BUILTIN, 1, [Define this symbol to use the native field inverse implementation])
|
|
|
|
|
|
AC_DEFINE(USE_SCALAR_INV_BUILTIN, 1, [Define this symbol to use the native scalar inverse implementation])
|
|
|
|
|
|
;;
|
2014-01-17 22:52:33 -05:00
|
|
|
|
*)
|
|
|
|
|
|
AC_MSG_ERROR([invalid bignum implementation])
|
|
|
|
|
|
;;
|
|
|
|
|
|
esac
|
|
|
|
|
|
|
2014-10-29 00:35:49 -07:00
|
|
|
|
#select scalar implementation
|
|
|
|
|
|
case $set_scalar in
|
|
|
|
|
|
64bit)
|
|
|
|
|
|
AC_DEFINE(USE_SCALAR_4X64, 1, [Define this symbol to use the 4x64 scalar implementation])
|
|
|
|
|
|
;;
|
|
|
|
|
|
32bit)
|
|
|
|
|
|
AC_DEFINE(USE_SCALAR_8X32, 1, [Define this symbol to use the 8x32 scalar implementation])
|
|
|
|
|
|
;;
|
|
|
|
|
|
*)
|
|
|
|
|
|
AC_MSG_ERROR([invalid scalar implementation])
|
|
|
|
|
|
;;
|
|
|
|
|
|
esac
|
|
|
|
|
|
|
2019-03-06 13:12:33 +01:00
|
|
|
|
#set ecmult window size
|
|
|
|
|
|
if test x"$req_ecmult_window" = x"auto"; then
|
|
|
|
|
|
if test x"$use_endomorphism" = x"yes"; then
|
|
|
|
|
|
set_ecmult_window=16
|
|
|
|
|
|
else
|
|
|
|
|
|
set_ecmult_window=15
|
|
|
|
|
|
fi
|
|
|
|
|
|
else
|
|
|
|
|
|
set_ecmult_window=$req_ecmult_window
|
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
|
|
error_window_size=['window size for ecmult precomputation not an integer in range [3..24] or "auto"']
|
|
|
|
|
|
case $set_ecmult_window in
|
|
|
|
|
|
''|*[[!0-9]]*)
|
|
|
|
|
|
# no valid integer
|
|
|
|
|
|
AC_MSG_ERROR($error_window_size)
|
|
|
|
|
|
;;
|
|
|
|
|
|
*)
|
|
|
|
|
|
if test "$set_ecmult_window" -lt 3 -o "$set_ecmult_window" -gt 24 ; then
|
|
|
|
|
|
# not in range
|
|
|
|
|
|
AC_MSG_ERROR($error_window_size)
|
|
|
|
|
|
fi
|
|
|
|
|
|
AC_DEFINE_UNQUOTED(ECMULT_WINDOW_SIZE, $set_ecmult_window, [Set window size for ecmult precomputation])
|
|
|
|
|
|
;;
|
|
|
|
|
|
esac
|
|
|
|
|
|
|
2014-01-17 22:52:33 -05:00
|
|
|
|
if test x"$use_tests" = x"yes"; then
|
|
|
|
|
|
SECP_OPENSSL_CHECK
|
2014-12-11 21:24:35 -05:00
|
|
|
|
if test x"$has_openssl_ec" = x"yes"; then
|
2016-07-05 11:00:39 +00:00
|
|
|
|
if test x"$enable_openssl_tests" != x"no"; then
|
|
|
|
|
|
AC_DEFINE(ENABLE_OPENSSL_TESTS, 1, [Define this symbol if OpenSSL EC functions are available])
|
|
|
|
|
|
SECP_TEST_INCLUDES="$SSL_CFLAGS $CRYPTO_CFLAGS"
|
|
|
|
|
|
SECP_TEST_LIBS="$CRYPTO_LIBS"
|
|
|
|
|
|
|
|
|
|
|
|
case $host in
|
|
|
|
|
|
*mingw*)
|
|
|
|
|
|
SECP_TEST_LIBS="$SECP_TEST_LIBS -lgdi32"
|
|
|
|
|
|
;;
|
|
|
|
|
|
esac
|
|
|
|
|
|
fi
|
|
|
|
|
|
else
|
|
|
|
|
|
if test x"$enable_openssl_tests" = x"yes"; then
|
|
|
|
|
|
AC_MSG_ERROR([OpenSSL tests requested but OpenSSL with EC support is not available])
|
|
|
|
|
|
fi
|
|
|
|
|
|
fi
|
|
|
|
|
|
else
|
|
|
|
|
|
if test x"$enable_openssl_tests" = x"yes"; then
|
|
|
|
|
|
AC_MSG_ERROR([OpenSSL tests requested but tests are not enabled])
|
2014-01-17 22:52:33 -05:00
|
|
|
|
fi
|
|
|
|
|
|
fi
|
|
|
|
|
|
|
2014-12-16 22:23:17 -05:00
|
|
|
|
if test x"$use_jni" != x"no"; then
|
|
|
|
|
|
AX_JNI_INCLUDE_DIR
|
2016-05-25 19:15:42 +02:00
|
|
|
|
have_jni_dependencies=yes
|
|
|
|
|
|
if test x"$enable_module_ecdh" = x"no"; then
|
|
|
|
|
|
have_jni_dependencies=no
|
|
|
|
|
|
fi
|
2014-12-16 22:23:17 -05:00
|
|
|
|
if test "x$JNI_INCLUDE_DIRS" = "x"; then
|
2016-05-25 19:15:42 +02:00
|
|
|
|
have_jni_dependencies=no
|
|
|
|
|
|
fi
|
|
|
|
|
|
if test "x$have_jni_dependencies" = "xno"; then
|
2014-12-16 22:23:17 -05:00
|
|
|
|
if test x"$use_jni" = x"yes"; then
|
2016-11-17 17:49:11 -08:00
|
|
|
|
AC_MSG_ERROR([jni support explicitly requested but headers/dependencies were not found. Enable ECDH and try again.])
|
2014-12-16 22:23:17 -05:00
|
|
|
|
fi
|
2016-05-25 19:15:42 +02:00
|
|
|
|
AC_MSG_WARN([jni headers/dependencies not found. jni support disabled])
|
2014-12-16 22:23:17 -05:00
|
|
|
|
use_jni=no
|
|
|
|
|
|
else
|
|
|
|
|
|
use_jni=yes
|
|
|
|
|
|
for JNI_INCLUDE_DIR in $JNI_INCLUDE_DIRS; do
|
|
|
|
|
|
JNI_INCLUDES="$JNI_INCLUDES -I$JNI_INCLUDE_DIR"
|
|
|
|
|
|
done
|
|
|
|
|
|
fi
|
|
|
|
|
|
fi
|
|
|
|
|
|
|
2014-12-17 12:41:31 +01:00
|
|
|
|
if test x"$set_bignum" = x"gmp"; then
|
2014-01-17 22:52:33 -05:00
|
|
|
|
SECP_LIBS="$SECP_LIBS $GMP_LIBS"
|
2014-11-24 11:13:16 -05:00
|
|
|
|
SECP_INCLUDES="$SECP_INCLUDES $GMP_CPPFLAGS"
|
2014-01-17 22:52:33 -05:00
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
|
|
if test x"$use_endomorphism" = x"yes"; then
|
2014-12-01 18:22:04 +01:00
|
|
|
|
AC_DEFINE(USE_ENDOMORPHISM, 1, [Define this symbol to use endomorphism optimization])
|
2014-01-17 22:52:33 -05:00
|
|
|
|
fi
|
|
|
|
|
|
|
2016-09-07 12:14:18 -04:00
|
|
|
|
if test x"$set_precomp" = x"yes"; then
|
2015-05-19 17:32:35 -07:00
|
|
|
|
AC_DEFINE(USE_ECMULT_STATIC_PRECOMPUTATION, 1, [Define this symbol to use a statically generated ecmult table])
|
|
|
|
|
|
fi
|
|
|
|
|
|
|
2015-06-29 15:06:28 -05:00
|
|
|
|
if test x"$enable_module_ecdh" = x"yes"; then
|
|
|
|
|
|
AC_DEFINE(ENABLE_MODULE_ECDH, 1, [Define this symbol to enable the ECDH module])
|
|
|
|
|
|
fi
|
|
|
|
|
|
|
2018-05-09 15:37:35 +00:00
|
|
|
|
if test x"$enable_module_schnorrsig" = x"yes"; then
|
|
|
|
|
|
AC_DEFINE(ENABLE_MODULE_SCHNORRSIG, 1, [Define this symbol to enable the schnorrsig module])
|
|
|
|
|
|
fi
|
|
|
|
|
|
|
2018-12-22 22:12:35 +00:00
|
|
|
|
if test x"$enable_module_musig" = x"yes"; then
|
|
|
|
|
|
AC_DEFINE(ENABLE_MODULE_MUSIG, 1, [Define this symbol to enable the MuSig module])
|
|
|
|
|
|
fi
|
|
|
|
|
|
|
2015-08-27 03:42:57 +02:00
|
|
|
|
if test x"$enable_module_recovery" = x"yes"; then
|
|
|
|
|
|
AC_DEFINE(ENABLE_MODULE_RECOVERY, 1, [Define this symbol to enable the ECDSA pubkey recovery module])
|
|
|
|
|
|
fi
|
|
|
|
|
|
|
2016-07-07 00:47:41 +02:00
|
|
|
|
if test x"$enable_module_generator" = x"yes"; then
|
|
|
|
|
|
AC_DEFINE(ENABLE_MODULE_GENERATOR, 1, [Define this symbol to enable the NUMS generator module])
|
|
|
|
|
|
fi
|
|
|
|
|
|
|
Pedersen commitments, borromean ring signatures, and ZK range proofs.
This commit adds three new cryptosystems to libsecp256k1:
Pedersen commitments are a system for making blinded commitments
to a value. Functionally they work like:
commit_b,v = H(blind_b || value_v),
except they are additively homorphic, e.g.
C(b1, v1) - C(b2, v2) = C(b1 - b2, v1 - v2) and
C(b1, v1) - C(b1, v1) = 0, etc.
The commitments themselves are EC points, serialized as 33 bytes.
In addition to the commit function this implementation includes
utility functions for verifying that a set of commitments sums
to zero, and for picking blinding factors that sum to zero.
If the blinding factors are uniformly random, pedersen commitments
have information theoretic privacy.
Borromean ring signatures are a novel efficient ring signature
construction for AND/OR admissions policies (the code here implements
an AND of ORs, each of any size). This construction requires
32 bytes of signature per pubkey used plus 32 bytes of constant
overhead. With these you can construct signatures like "Given pubkeys
A B C D E F G, the signer knows the discrete logs
satisifying (A || B) & (C || D || E) & (F || G)".
ZK range proofs allow someone to prove a pedersen commitment is in
a particular range (e.g. [0..2^64)) without revealing the specific
value. The construction here is based on the above borromean
ring signature and uses a radix-4 encoding and other optimizations
to maximize efficiency. It also supports encoding proofs with a
non-private base-10 exponent and minimum-value to allow trading
off secrecy for size and speed (or just avoiding wasting space
keeping data private that was already public due to external
constraints).
A proof for a 32-bit mantissa takes 2564 bytes, but 2048 bytes of
this can be used to communicate a private message to a receiver
who shares a secret random seed with the prover.
2015-08-05 19:04:14 +02:00
|
|
|
|
if test x"$enable_module_rangeproof" = x"yes"; then
|
|
|
|
|
|
AC_DEFINE(ENABLE_MODULE_RANGEPROOF, 1, [Define this symbol to enable the Pedersen / zero knowledge range proof module])
|
|
|
|
|
|
fi
|
|
|
|
|
|
|
2016-04-21 22:22:39 +00:00
|
|
|
|
if test x"$enable_module_whitelist" = x"yes"; then
|
|
|
|
|
|
AC_DEFINE(ENABLE_MODULE_WHITELIST, 1, [Define this symbol to enable the key whitelisting module])
|
|
|
|
|
|
fi
|
|
|
|
|
|
|
2016-07-01 15:51:07 +00:00
|
|
|
|
if test x"$enable_module_surjectionproof" = x"yes"; then
|
|
|
|
|
|
AC_DEFINE(ENABLE_MODULE_SURJECTIONPROOF, 1, [Define this symbol to enable the surjection proof module])
|
|
|
|
|
|
fi
|
|
|
|
|
|
|
2015-02-22 05:54:56 -08:00
|
|
|
|
AC_C_BIGENDIAN()
|
|
|
|
|
|
|
2014-12-24 12:12:37 +01:00
|
|
|
|
if test x"$use_external_asm" = x"yes"; then
|
|
|
|
|
|
AC_DEFINE(USE_EXTERNAL_ASM, 1, [Define this symbol if an external (non-inline) assembly implementation is used])
|
|
|
|
|
|
fi
|
|
|
|
|
|
|
2019-03-04 15:36:35 +01:00
|
|
|
|
if test x"$use_external_default_callbacks" = x"yes"; then
|
|
|
|
|
|
AC_DEFINE(USE_EXTERNAL_DEFAULT_CALLBACKS, 1, [Define this symbol if an external implementation of the default callbacks is used])
|
|
|
|
|
|
fi
|
2015-07-24 15:44:49 +02:00
|
|
|
|
|
2015-11-26 00:06:41 +01:00
|
|
|
|
if test x"$enable_experimental" = x"yes"; then
|
|
|
|
|
|
AC_MSG_NOTICE([******])
|
|
|
|
|
|
AC_MSG_NOTICE([WARNING: experimental build])
|
|
|
|
|
|
AC_MSG_NOTICE([Experimental features do not have stable APIs or properties, and may not be safe for production use.])
|
|
|
|
|
|
AC_MSG_NOTICE([Building ECDH module: $enable_module_ecdh])
|
2016-07-07 00:47:41 +02:00
|
|
|
|
AC_MSG_NOTICE([Building NUMS generator module: $enable_module_generator])
|
Pedersen commitments, borromean ring signatures, and ZK range proofs.
This commit adds three new cryptosystems to libsecp256k1:
Pedersen commitments are a system for making blinded commitments
to a value. Functionally they work like:
commit_b,v = H(blind_b || value_v),
except they are additively homorphic, e.g.
C(b1, v1) - C(b2, v2) = C(b1 - b2, v1 - v2) and
C(b1, v1) - C(b1, v1) = 0, etc.
The commitments themselves are EC points, serialized as 33 bytes.
In addition to the commit function this implementation includes
utility functions for verifying that a set of commitments sums
to zero, and for picking blinding factors that sum to zero.
If the blinding factors are uniformly random, pedersen commitments
have information theoretic privacy.
Borromean ring signatures are a novel efficient ring signature
construction for AND/OR admissions policies (the code here implements
an AND of ORs, each of any size). This construction requires
32 bytes of signature per pubkey used plus 32 bytes of constant
overhead. With these you can construct signatures like "Given pubkeys
A B C D E F G, the signer knows the discrete logs
satisifying (A || B) & (C || D || E) & (F || G)".
ZK range proofs allow someone to prove a pedersen commitment is in
a particular range (e.g. [0..2^64)) without revealing the specific
value. The construction here is based on the above borromean
ring signature and uses a radix-4 encoding and other optimizations
to maximize efficiency. It also supports encoding proofs with a
non-private base-10 exponent and minimum-value to allow trading
off secrecy for size and speed (or just avoiding wasting space
keeping data private that was already public due to external
constraints).
A proof for a 32-bit mantissa takes 2564 bytes, but 2048 bytes of
this can be used to communicate a private message to a receiver
who shares a secret random seed with the prover.
2015-08-05 19:04:14 +02:00
|
|
|
|
AC_MSG_NOTICE([Building range proof module: $enable_module_rangeproof])
|
2016-04-21 22:22:39 +00:00
|
|
|
|
AC_MSG_NOTICE([Building key whitelisting module: $enable_module_whitelist])
|
2016-07-01 15:51:07 +00:00
|
|
|
|
AC_MSG_NOTICE([Building surjection proof module: $enable_module_surjectionproof])
|
2018-05-09 15:37:35 +00:00
|
|
|
|
AC_MSG_NOTICE([Building schnorrsig module: $enable_module_schnorrsig])
|
2018-12-22 22:12:35 +00:00
|
|
|
|
AC_MSG_NOTICE([Building MuSig module: $enable_module_musig])
|
2015-11-26 00:06:41 +01:00
|
|
|
|
AC_MSG_NOTICE([******])
|
2016-04-21 22:22:39 +00:00
|
|
|
|
|
2018-12-22 22:12:35 +00:00
|
|
|
|
|
|
|
|
|
|
if test x"$enable_module_schnorrsig" != x"yes"; then
|
|
|
|
|
|
if test x"$enable_module_musig" = x"yes"; then
|
|
|
|
|
|
AC_MSG_ERROR([MuSig module requires the schnorrsig module. Use --enable-module-schnorrsig to allow.])
|
|
|
|
|
|
fi
|
|
|
|
|
|
fi
|
|
|
|
|
|
|
2016-07-07 00:47:41 +02:00
|
|
|
|
if test x"$enable_module_generator" != x"yes"; then
|
|
|
|
|
|
if test x"$enable_module_rangeproof" = x"yes"; then
|
|
|
|
|
|
AC_MSG_ERROR([Rangeproof module requires the generator module. Use --enable-module-generator to allow.])
|
|
|
|
|
|
fi
|
|
|
|
|
|
fi
|
2016-04-21 22:22:39 +00:00
|
|
|
|
|
2016-07-01 15:51:07 +00:00
|
|
|
|
if test x"$enable_module_rangeproof" != x"yes"; then
|
|
|
|
|
|
if test x"$enable_module_whitelist" = x"yes"; then
|
2016-04-21 22:22:39 +00:00
|
|
|
|
AC_MSG_ERROR([Whitelist module requires the rangeproof module. Use --enable-module-rangeproof to allow.])
|
|
|
|
|
|
fi
|
2016-07-01 15:51:07 +00:00
|
|
|
|
if test x"$enable_module_surjectionproof" = x"yes"; then
|
|
|
|
|
|
AC_MSG_ERROR([Surjection proof module requires the rangeproof module. Use --enable-module-rangeproof to allow.])
|
|
|
|
|
|
fi
|
2016-04-21 22:22:39 +00:00
|
|
|
|
fi
|
2015-11-26 00:06:41 +01:00
|
|
|
|
else
|
|
|
|
|
|
if test x"$enable_module_ecdh" = x"yes"; then
|
|
|
|
|
|
AC_MSG_ERROR([ECDH module is experimental. Use --enable-experimental to allow.])
|
|
|
|
|
|
fi
|
2018-05-09 15:37:35 +00:00
|
|
|
|
if test x"$enable_module_schnorrsig" = x"yes"; then
|
|
|
|
|
|
AC_MSG_ERROR([schnorrsig module is experimental. Use --enable-experimental to allow.])
|
|
|
|
|
|
fi
|
2018-12-22 22:12:35 +00:00
|
|
|
|
if test x"$enable_module_musig" = x"yes"; then
|
|
|
|
|
|
AC_MSG_ERROR([MuSig module is experimental. Use --enable-experimental to allow.])
|
|
|
|
|
|
fi
|
2014-12-24 12:12:37 +01:00
|
|
|
|
if test x"$set_asm" = x"arm"; then
|
|
|
|
|
|
AC_MSG_ERROR([ARM assembly optimization is experimental. Use --enable-experimental to allow.])
|
|
|
|
|
|
fi
|
2016-07-07 00:47:41 +02:00
|
|
|
|
if test x"$enable_module_generator" = x"yes"; then
|
|
|
|
|
|
AC_MSG_ERROR([NUMS generator module is experimental. Use --enable-experimental to allow.])
|
|
|
|
|
|
fi
|
Pedersen commitments, borromean ring signatures, and ZK range proofs.
This commit adds three new cryptosystems to libsecp256k1:
Pedersen commitments are a system for making blinded commitments
to a value. Functionally they work like:
commit_b,v = H(blind_b || value_v),
except they are additively homorphic, e.g.
C(b1, v1) - C(b2, v2) = C(b1 - b2, v1 - v2) and
C(b1, v1) - C(b1, v1) = 0, etc.
The commitments themselves are EC points, serialized as 33 bytes.
In addition to the commit function this implementation includes
utility functions for verifying that a set of commitments sums
to zero, and for picking blinding factors that sum to zero.
If the blinding factors are uniformly random, pedersen commitments
have information theoretic privacy.
Borromean ring signatures are a novel efficient ring signature
construction for AND/OR admissions policies (the code here implements
an AND of ORs, each of any size). This construction requires
32 bytes of signature per pubkey used plus 32 bytes of constant
overhead. With these you can construct signatures like "Given pubkeys
A B C D E F G, the signer knows the discrete logs
satisifying (A || B) & (C || D || E) & (F || G)".
ZK range proofs allow someone to prove a pedersen commitment is in
a particular range (e.g. [0..2^64)) without revealing the specific
value. The construction here is based on the above borromean
ring signature and uses a radix-4 encoding and other optimizations
to maximize efficiency. It also supports encoding proofs with a
non-private base-10 exponent and minimum-value to allow trading
off secrecy for size and speed (or just avoiding wasting space
keeping data private that was already public due to external
constraints).
A proof for a 32-bit mantissa takes 2564 bytes, but 2048 bytes of
this can be used to communicate a private message to a receiver
who shares a secret random seed with the prover.
2015-08-05 19:04:14 +02:00
|
|
|
|
if test x"$enable_module_rangeproof" = x"yes"; then
|
|
|
|
|
|
AC_MSG_ERROR([Range proof module is experimental. Use --enable-experimental to allow.])
|
|
|
|
|
|
fi
|
2016-04-21 22:22:39 +00:00
|
|
|
|
if test x"$enable_module_whitelist" = x"yes"; then
|
|
|
|
|
|
AC_MSG_ERROR([Key whitelisting module is experimental. Use --enable-experimental to allow.])
|
|
|
|
|
|
fi
|
2016-07-01 15:51:07 +00:00
|
|
|
|
if test x"$enable_module_surjectionproof" = x"yes"; then
|
|
|
|
|
|
AC_MSG_ERROR([Surjection proof module is experimental. Use --enable-experimental to allow.])
|
|
|
|
|
|
fi
|
2015-11-26 00:06:41 +01:00
|
|
|
|
fi
|
|
|
|
|
|
|
2014-01-17 22:52:33 -05:00
|
|
|
|
AC_CONFIG_HEADERS([src/libsecp256k1-config.h])
|
2014-05-07 06:10:08 +00:00
|
|
|
|
AC_CONFIG_FILES([Makefile libsecp256k1.pc])
|
2014-12-16 22:23:17 -05:00
|
|
|
|
AC_SUBST(JNI_INCLUDES)
|
2014-01-17 22:52:33 -05:00
|
|
|
|
AC_SUBST(SECP_INCLUDES)
|
|
|
|
|
|
AC_SUBST(SECP_LIBS)
|
|
|
|
|
|
AC_SUBST(SECP_TEST_LIBS)
|
|
|
|
|
|
AC_SUBST(SECP_TEST_INCLUDES)
|
2016-11-26 20:34:15 +00:00
|
|
|
|
AM_CONDITIONAL([ENABLE_COVERAGE], [test x"$enable_coverage" = x"yes"])
|
2014-01-17 22:52:33 -05:00
|
|
|
|
AM_CONDITIONAL([USE_TESTS], [test x"$use_tests" != x"no"])
|
2015-09-17 18:54:52 -05:00
|
|
|
|
AM_CONDITIONAL([USE_EXHAUSTIVE_TESTS], [test x"$use_exhaustive_tests" != x"no"])
|
2014-12-11 20:09:19 -05:00
|
|
|
|
AM_CONDITIONAL([USE_BENCHMARK], [test x"$use_benchmark" = x"yes"])
|
2016-09-07 12:14:18 -04:00
|
|
|
|
AM_CONDITIONAL([USE_ECMULT_STATIC_PRECOMPUTATION], [test x"$set_precomp" = x"yes"])
|
2015-06-29 15:06:28 -05:00
|
|
|
|
AM_CONDITIONAL([ENABLE_MODULE_ECDH], [test x"$enable_module_ecdh" = x"yes"])
|
2018-05-09 15:37:35 +00:00
|
|
|
|
AM_CONDITIONAL([ENABLE_MODULE_SCHNORRSIG], [test x"$enable_module_schnorrsig" = x"yes"])
|
2018-12-22 22:12:35 +00:00
|
|
|
|
AM_CONDITIONAL([ENABLE_MODULE_MUSIG], [test x"$enable_module_musig" = x"yes"])
|
2015-08-27 03:42:57 +02:00
|
|
|
|
AM_CONDITIONAL([ENABLE_MODULE_RECOVERY], [test x"$enable_module_recovery" = x"yes"])
|
2016-07-07 00:47:41 +02:00
|
|
|
|
AM_CONDITIONAL([ENABLE_MODULE_GENERATOR], [test x"$enable_module_generator" = x"yes"])
|
Pedersen commitments, borromean ring signatures, and ZK range proofs.
This commit adds three new cryptosystems to libsecp256k1:
Pedersen commitments are a system for making blinded commitments
to a value. Functionally they work like:
commit_b,v = H(blind_b || value_v),
except they are additively homorphic, e.g.
C(b1, v1) - C(b2, v2) = C(b1 - b2, v1 - v2) and
C(b1, v1) - C(b1, v1) = 0, etc.
The commitments themselves are EC points, serialized as 33 bytes.
In addition to the commit function this implementation includes
utility functions for verifying that a set of commitments sums
to zero, and for picking blinding factors that sum to zero.
If the blinding factors are uniformly random, pedersen commitments
have information theoretic privacy.
Borromean ring signatures are a novel efficient ring signature
construction for AND/OR admissions policies (the code here implements
an AND of ORs, each of any size). This construction requires
32 bytes of signature per pubkey used plus 32 bytes of constant
overhead. With these you can construct signatures like "Given pubkeys
A B C D E F G, the signer knows the discrete logs
satisifying (A || B) & (C || D || E) & (F || G)".
ZK range proofs allow someone to prove a pedersen commitment is in
a particular range (e.g. [0..2^64)) without revealing the specific
value. The construction here is based on the above borromean
ring signature and uses a radix-4 encoding and other optimizations
to maximize efficiency. It also supports encoding proofs with a
non-private base-10 exponent and minimum-value to allow trading
off secrecy for size and speed (or just avoiding wasting space
keeping data private that was already public due to external
constraints).
A proof for a 32-bit mantissa takes 2564 bytes, but 2048 bytes of
this can be used to communicate a private message to a receiver
who shares a secret random seed with the prover.
2015-08-05 19:04:14 +02:00
|
|
|
|
AM_CONDITIONAL([ENABLE_MODULE_RANGEPROOF], [test x"$enable_module_rangeproof" = x"yes"])
|
2016-04-21 22:22:39 +00:00
|
|
|
|
AM_CONDITIONAL([ENABLE_MODULE_WHITELIST], [test x"$enable_module_whitelist" = x"yes"])
|
2014-12-16 22:23:17 -05:00
|
|
|
|
AM_CONDITIONAL([USE_JNI], [test x"$use_jni" == x"yes"])
|
2014-12-24 12:12:37 +01:00
|
|
|
|
AM_CONDITIONAL([USE_EXTERNAL_ASM], [test x"$use_external_asm" = x"yes"])
|
|
|
|
|
|
AM_CONDITIONAL([USE_ASM_ARM], [test x"$set_asm" = x"arm"])
|
2016-07-01 15:51:07 +00:00
|
|
|
|
AM_CONDITIONAL([ENABLE_MODULE_SURJECTIONPROOF], [test x"$enable_module_surjectionproof" = x"yes"])
|
2014-11-24 11:13:16 -05:00
|
|
|
|
|
|
|
|
|
|
dnl make sure nothing new is exported so that we don't break the cache
|
|
|
|
|
|
PKGCONFIG_PATH_TEMP="$PKG_CONFIG_PATH"
|
|
|
|
|
|
unset PKG_CONFIG_PATH
|
|
|
|
|
|
PKG_CONFIG_PATH="$PKGCONFIG_PATH_TEMP"
|
|
|
|
|
|
|
2014-01-17 22:52:33 -05:00
|
|
|
|
AC_OUTPUT
|
2019-03-04 15:36:35 +01:00
|
|
|
|
|
|
|
|
|
|
echo
|
|
|
|
|
|
echo "Build Options:"
|
|
|
|
|
|
echo " with endomorphism = $use_endomorphism"
|
|
|
|
|
|
echo " with ecmult precomp = $set_precomp"
|
|
|
|
|
|
echo " with external callbacks = $use_external_default_callbacks"
|
|
|
|
|
|
echo " with jni = $use_jni"
|
|
|
|
|
|
echo " with benchmarks = $use_benchmark"
|
|
|
|
|
|
echo " with coverage = $enable_coverage"
|
|
|
|
|
|
echo " module ecdh = $enable_module_ecdh"
|
|
|
|
|
|
echo " module recovery = $enable_module_recovery"
|
|
|
|
|
|
echo
|
|
|
|
|
|
echo " asm = $set_asm"
|
|
|
|
|
|
echo " bignum = $set_bignum"
|
|
|
|
|
|
echo " field = $set_field"
|
|
|
|
|
|
echo " scalar = $set_scalar"
|
2019-03-06 13:12:33 +01:00
|
|
|
|
echo " ecmult window size = $set_ecmult_window"
|
2019-03-04 15:36:35 +01:00
|
|
|
|
echo
|
|
|
|
|
|
echo " CC = $CC"
|
|
|
|
|
|
echo " CFLAGS = $CFLAGS"
|
|
|
|
|
|
echo " CPPFLAGS = $CPPFLAGS"
|
|
|
|
|
|
echo " LDFLAGS = $LDFLAGS"
|
|
|
|
|
|
echo
|
