2014-01-17 22:52:33 -05:00
AC_PREREQ([2.60])
2021-07-06 21:23:33 +00:00
# The package (a.k.a. release) version is based on semantic versioning 2.0.0 of
# the API. All changes in experimental modules are treated as
# backwards-compatible and therefore at most increase the minor version.
define(_PKG_VERSION_MAJOR, 0)
define(_PKG_VERSION_MINOR, 1)
define(_PKG_VERSION_BUILD, 0)
define(_PKG_VERSION_IS_RELEASE, false)
2021-07-06 21:06:46 +00:00
# The library version is based on libtool versioning of the ABI. The set of
# rules for updating the version can be found here:
# https://www.gnu.org/software/libtool/manual/html_node/Updating-version-info.html
# All changes in experimental modules are treated as if they don't affect the
# interface and therefore only increase the revision.
define(_LIB_VERSION_CURRENT, 0)
define(_LIB_VERSION_REVISION, 0)
define(_LIB_VERSION_AGE, 0)
2021-07-06 21:23:33 +00:00
AC_INIT([libsecp256k1],m4_join([.], _PKG_VERSION_MAJOR, _PKG_VERSION_MINOR, _PKG_VERSION_BUILD)m4_if(_PKG_VERSION_IS_RELEASE, [true], [], [-pre]),[https://github.com/bitcoin-core/secp256k1/issues],[libsecp256k1],[https://github.com/bitcoin-core/secp256k1])
2014-11-07 01:55:27 +13:00
AC_CONFIG_AUX_DIR([build-aux])
AC_CONFIG_MACRO_DIR([build-aux/m4])
2014-01-17 22:52:33 -05:00
AC_CANONICAL_HOST
AH_TOP([#ifndef LIBSECP256K1_CONFIG_H])
AH_TOP([#define LIBSECP256K1_CONFIG_H])
2015-01-25 17:32:08 +00:00
AH_BOTTOM([#endif /*LIBSECP256K1_CONFIG_H*/])
2019-12-17 12:41:44 +00:00
2022-03-13 10:39:55 +01:00
# Require Automake 1.11.2 for AM_PROG_AR
AM_INIT_AUTOMAKE([1.11.2 foreign subdir-objects])
2014-01-17 22:52:33 -05:00
2021-01-08 15:18:08 +01:00
# Make the compilation flags quiet unless V=1 is used.
2014-06-19 22:36:24 -04:00
m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
2022-02-02 16:46:13 +01:00
AC_PROG_CC
2015-01-25 17:32:08 +00:00
if test x"$ac_cv_prog_cc_c89" = x"no"; then
AC_MSG_ERROR([c89 compiler support required])
2014-01-17 22:52:33 -05:00
fi
2014-12-24 12:12:37 +01:00
AM_PROG_AS
2022-03-13 10:39:55 +01:00
AM_PROG_AR
LT_INIT([win32-dll])
2014-01-17 22:52:33 -05:00
2020-04-30 14:34:24 +03:00
build_windows=no
2014-01-17 22:52:33 -05:00
2014-05-20 11:39:54 +07:00
case $host_os in
2014-11-24 11:13:16 -05:00
*darwin*)
if test x$cross_compiling != xyes; then
2021-06-15 19:33:57 +03:00
AC_CHECK_PROG([BREW], brew, brew)
if test x$BREW = xbrew; then
2021-01-08 15:18:08 +01:00
# These Homebrew packages may be keg-only, meaning that they won't be found
# in expected paths because they may conflict with system files. Ask
# Homebrew where each one is located, then adjust paths accordingly.
2021-11-23 11:24:12 +08:00
if $BREW list --versions valgrind >/dev/null; then
2021-12-03 15:18:45 +08:00
valgrind_prefix=$($BREW --prefix valgrind 2>/dev/null)
2020-12-23 22:08:03 +01:00
VALGRIND_CPPFLAGS="-I$valgrind_prefix/include"
fi
2014-11-24 11:13:16 -05:00
else
2021-06-15 19:33:57 +03:00
AC_CHECK_PROG([PORT], port, port)
2021-01-08 15:18:08 +01:00
# If homebrew isn't installed and macports is, add the macports default paths
# as a last resort.
2021-06-15 19:33:57 +03:00
if test x$PORT = xport; then
2014-11-24 11:13:16 -05:00
CPPFLAGS="$CPPFLAGS -isystem /opt/local/include"
LDFLAGS="$LDFLAGS -L/opt/local/lib"
fi
fi
fi
;;
2020-04-30 14:34:24 +03:00
cygwin*|mingw*)
build_windows=yes
;;
2014-05-20 11:39:54 +07:00
esac
2021-05-13 17:06:16 +02:00
# Try if some desirable compiler flags are supported and append them to SECP_CFLAGS.
#
# These are our own flags, so we append them to our own SECP_CFLAGS variable (instead of CFLAGS) as
# recommended in the automake manual (Section "Flag Variables Ordering"). CFLAGS belongs to the user
# and we are not supposed to touch it. In the Makefile, we will need to ensure that SECP_CFLAGS
# is prepended to CFLAGS when invoking the compiler so that the user always has the last word (flag).
#
# Another advantage of not touching CFLAGS is that the contents of CFLAGS will be picked up by
# libtool for compiling helper executables. For example, when compiling for Windows, libtool will
# generate entire wrapper executables (instead of simple wrapper scripts as on Unix) to ensure
# proper operation of uninstalled programs linked by libtool against the uninstalled shared library.
# These executables are compiled from C source file for which our flags may not be appropriate,
# e.g., -std=c89 flag has lead to undesirable warnings in the past.
#
# TODO We should analogously not touch CPPFLAGS and LDFLAGS but currently there are no issues.
AC_DEFUN([SECP_TRY_APPEND_DEFAULT_CFLAGS], [
# Try to append -Werror=unknown-warning-option to CFLAGS temporarily. Otherwise clang will
# not error out if it gets unknown warning flags and the checks here will always succeed
# no matter if clang knows the flag or not.
SECP_TRY_APPEND_DEFAULT_CFLAGS_saved_CFLAGS="$CFLAGS"
SECP_TRY_APPEND_CFLAGS([-Werror=unknown-warning-option], CFLAGS)
SECP_TRY_APPEND_CFLAGS([-std=c89 -pedantic -Wno-long-long -Wnested-externs -Wshadow -Wstrict-prototypes -Wundef], $1) # GCC >= 3.0, -Wlong-long is implied by -pedantic.
SECP_TRY_APPEND_CFLAGS([-Wno-overlength-strings], $1) # GCC >= 4.2, -Woverlength-strings is implied by -pedantic.
SECP_TRY_APPEND_CFLAGS([-Wall], $1) # GCC >= 2.95 and probably many other compilers
SECP_TRY_APPEND_CFLAGS([-Wno-unused-function], $1) # GCC >= 3.0, -Wunused-function is implied by -Wall.
SECP_TRY_APPEND_CFLAGS([-Wextra], $1) # GCC >= 3.4, this is the newer name of -W, which we don't use because older GCCs will warn about unused functions.
SECP_TRY_APPEND_CFLAGS([-Wcast-align], $1) # GCC >= 2.95
2021-05-13 17:14:56 +02:00
SECP_TRY_APPEND_CFLAGS([-Wcast-align=strict], $1) # GCC >= 8.0
2021-05-13 17:06:16 +02:00
SECP_TRY_APPEND_CFLAGS([-Wconditional-uninitialized], $1) # Clang >= 3.0 only
SECP_TRY_APPEND_CFLAGS([-fvisibility=hidden], $1) # GCC >= 4.0
CFLAGS="$SECP_TRY_APPEND_DEFAULT_CFLAGS_saved_CFLAGS"
])
SECP_TRY_APPEND_DEFAULT_CFLAGS(SECP_CFLAGS)
2014-11-12 16:07:48 -08:00
2021-01-08 15:18:08 +01:00
###
### Define config arguments
###
2022-02-23 21:03:15 +01:00
# In dev mode, we enable all binaries and modules by default but individual options can still be overridden explicitly.
# Check for dev mode first because SECP_SET_DEFAULT needs enable_dev_mode set.
AC_ARG_ENABLE(dev_mode, [], [],
[enable_dev_mode=no])
2014-01-17 22:52:33 -05:00
AC_ARG_ENABLE(benchmark,
2022-02-23 20:44:36 +01:00
AS_HELP_STRING([--enable-benchmark],[compile benchmark [default=yes]]), [],
2022-02-23 21:03:15 +01:00
[SECP_SET_DEFAULT([enable_benchmark], [yes], [yes])])
2014-01-17 22:52:33 -05:00
2016-11-26 20:34:15 +00:00
AC_ARG_ENABLE(coverage,
2022-02-23 20:44:36 +01:00
AS_HELP_STRING([--enable-coverage],[enable compiler flags to support kcov coverage analysis [default=no]]), [],
2022-02-23 21:03:15 +01:00
[SECP_SET_DEFAULT([enable_coverage], [no], [no])])
2016-11-26 20:34:15 +00:00
2014-01-17 22:52:33 -05:00
AC_ARG_ENABLE(tests,
2022-02-23 20:44:36 +01:00
AS_HELP_STRING([--enable-tests],[compile tests [default=yes]]), [],
2022-02-23 21:03:15 +01:00
[SECP_SET_DEFAULT([enable_tests], [yes], [yes])])
2014-01-17 22:52:33 -05:00
2015-11-26 00:06:41 +01:00
AC_ARG_ENABLE(experimental,
2022-02-23 20:44:36 +01:00
AS_HELP_STRING([--enable-experimental],[allow experimental configure options [default=no]]), [],
2022-02-23 21:03:15 +01:00
[SECP_SET_DEFAULT([enable_experimental], [no], [yes])])
2015-11-26 00:06:41 +01:00
2015-09-17 18:54:52 -05:00
AC_ARG_ENABLE(exhaustive_tests,
2022-02-23 20:44:36 +01:00
AS_HELP_STRING([--enable-exhaustive-tests],[compile exhaustive tests [default=yes]]), [],
2022-02-23 21:03:15 +01:00
[SECP_SET_DEFAULT([enable_exhaustive_tests], [yes], [yes])])
2015-09-17 18:54:52 -05:00
2020-04-30 14:34:24 +03:00
AC_ARG_ENABLE(examples,
2022-02-23 20:44:36 +01:00
AS_HELP_STRING([--enable-examples],[compile the examples [default=no]]), [],
2022-02-23 21:03:15 +01:00
[SECP_SET_DEFAULT([enable_examples], [no], [yes])])
2015-09-17 18:54:52 -05:00
2015-06-29 15:06:28 -05:00
AC_ARG_ENABLE(module_ecdh,
2022-03-25 07:13:08 -07:00
AS_HELP_STRING([--enable-module-ecdh],[enable ECDH module [default=no]]), [],
2022-02-23 21:03:15 +01:00
[SECP_SET_DEFAULT([enable_module_ecdh], [no], [yes])])
2015-06-29 15:06:28 -05:00
2020-10-14 15:03:26 +00:00
AC_ARG_ENABLE(module_musig,
AS_HELP_STRING([--enable-module-musig],[enable MuSig module (experimental)]),
2022-03-30 15:18:07 +00:00
[],
[SECP_SET_DEFAULT([enable_module_musig], [no], [yes])])
2018-12-22 22:12:35 +00:00
2015-08-27 03:42:57 +02:00
AC_ARG_ENABLE(module_recovery,
2022-02-23 20:44:36 +01:00
AS_HELP_STRING([--enable-module-recovery],[enable ECDSA pubkey recovery module [default=no]]), [],
2022-02-23 21:03:15 +01:00
[SECP_SET_DEFAULT([enable_module_recovery], [no], [yes])])
2015-08-27 03:42:57 +02:00
2016-07-07 00:47:41 +02:00
AC_ARG_ENABLE(module_generator,
2019-04-05 21:26:19 +02:00
AS_HELP_STRING([--enable-module-generator],[enable NUMS generator module [default=no]]),
2022-03-30 15:18:07 +00:00
[],
[SECP_SET_DEFAULT([enable_module_generator], [no], [yes])])
Pedersen commitments, borromean ring signatures, and ZK range proofs.
This commit adds three new cryptosystems to libsecp256k1:
Pedersen commitments are a system for making blinded commitments
to a value. Functionally they work like:
commit_b,v = H(blind_b || value_v),
except they are additively homorphic, e.g.
C(b1, v1) - C(b2, v2) = C(b1 - b2, v1 - v2) and
C(b1, v1) - C(b1, v1) = 0, etc.
The commitments themselves are EC points, serialized as 33 bytes.
In addition to the commit function this implementation includes
utility functions for verifying that a set of commitments sums
to zero, and for picking blinding factors that sum to zero.
If the blinding factors are uniformly random, pedersen commitments
have information theoretic privacy.
Borromean ring signatures are a novel efficient ring signature
construction for AND/OR admissions policies (the code here implements
an AND of ORs, each of any size). This construction requires
32 bytes of signature per pubkey used plus 32 bytes of constant
overhead. With these you can construct signatures like "Given pubkeys
A B C D E F G, the signer knows the discrete logs
satisifying (A || B) & (C || D || E) & (F || G)".
ZK range proofs allow someone to prove a pedersen commitment is in
a particular range (e.g. [0..2^64)) without revealing the specific
value. The construction here is based on the above borromean
ring signature and uses a radix-4 encoding and other optimizations
to maximize efficiency. It also supports encoding proofs with a
non-private base-10 exponent and minimum-value to allow trading
off secrecy for size and speed (or just avoiding wasting space
keeping data private that was already public due to external
constraints).
A proof for a 32-bit mantissa takes 2564 bytes, but 2048 bytes of
this can be used to communicate a private message to a receiver
who shares a secret random seed with the prover.
Also: get rid of precomputed H tables (Pieter Wuille)
2015-08-05 19:04:14 +02:00
AC_ARG_ENABLE(module_rangeproof,
2019-04-05 21:26:19 +02:00
AS_HELP_STRING([--enable-module-rangeproof],[enable Pedersen / zero-knowledge range proofs module [default=no]]),
2022-03-30 15:18:07 +00:00
[],
[SECP_SET_DEFAULT([enable_module_rangeproof], [no], [yes])])
Pedersen commitments, borromean ring signatures, and ZK range proofs.
This commit adds three new cryptosystems to libsecp256k1:
Pedersen commitments are a system for making blinded commitments
to a value. Functionally they work like:
commit_b,v = H(blind_b || value_v),
except they are additively homorphic, e.g.
C(b1, v1) - C(b2, v2) = C(b1 - b2, v1 - v2) and
C(b1, v1) - C(b1, v1) = 0, etc.
The commitments themselves are EC points, serialized as 33 bytes.
In addition to the commit function this implementation includes
utility functions for verifying that a set of commitments sums
to zero, and for picking blinding factors that sum to zero.
If the blinding factors are uniformly random, pedersen commitments
have information theoretic privacy.
Borromean ring signatures are a novel efficient ring signature
construction for AND/OR admissions policies (the code here implements
an AND of ORs, each of any size). This construction requires
32 bytes of signature per pubkey used plus 32 bytes of constant
overhead. With these you can construct signatures like "Given pubkeys
A B C D E F G, the signer knows the discrete logs
satisifying (A || B) & (C || D || E) & (F || G)".
ZK range proofs allow someone to prove a pedersen commitment is in
a particular range (e.g. [0..2^64)) without revealing the specific
value. The construction here is based on the above borromean
ring signature and uses a radix-4 encoding and other optimizations
to maximize efficiency. It also supports encoding proofs with a
non-private base-10 exponent and minimum-value to allow trading
off secrecy for size and speed (or just avoiding wasting space
keeping data private that was already public due to external
constraints).
A proof for a 32-bit mantissa takes 2564 bytes, but 2048 bytes of
this can be used to communicate a private message to a receiver
who shares a secret random seed with the prover.
Also: get rid of precomputed H tables (Pieter Wuille)
2015-08-05 19:04:14 +02:00
2016-04-21 22:22:39 +00:00
AC_ARG_ENABLE(module_whitelist,
2019-04-05 21:26:19 +02:00
AS_HELP_STRING([--enable-module-whitelist],[enable key whitelisting module [default=no]]),
2022-03-30 15:18:07 +00:00
[],
[SECP_SET_DEFAULT([enable_module_whitelist], [no], [yes])])
2016-04-21 22:22:39 +00:00
2020-05-12 13:58:47 +00:00
AC_ARG_ENABLE(module_extrakeys,
2022-03-25 07:13:08 -07:00
AS_HELP_STRING([--enable-module-extrakeys],[enable extrakeys module [default=no]]), [],
2022-02-23 21:03:15 +01:00
[SECP_SET_DEFAULT([enable_module_extrakeys], [no], [yes])])
2020-05-12 13:58:47 +00:00
2020-05-12 21:19:03 +00:00
AC_ARG_ENABLE(module_schnorrsig,
2022-03-25 07:13:08 -07:00
AS_HELP_STRING([--enable-module-schnorrsig],[enable schnorrsig module [default=no]]), [],
2022-02-23 21:03:15 +01:00
[SECP_SET_DEFAULT([enable_module_schnorrsig], [no], [yes])])
2020-05-12 21:19:03 +00:00
2020-12-05 23:18:54 +00:00
AC_ARG_ENABLE(module_ecdsa_s2c,
AS_HELP_STRING([--enable-module-ecdsa-s2c],[enable ECDSA sign-to-contract module [default=no]]),
2022-03-30 15:18:07 +00:00
[],
[SECP_SET_DEFAULT([enable_module_ecdsa_s2c], [no], [yes])])
2020-12-05 23:18:54 +00:00
2021-03-04 23:38:48 -08:00
AC_ARG_ENABLE(module_ecdsa-adaptor,
AS_HELP_STRING([--enable-module-ecdsa-adaptor],[enable ECDSA adaptor module [default=no]]),
2022-03-30 15:18:07 +00:00
[],
[SECP_SET_DEFAULT([enable_module_ecdsa_adaptor], [no], [yes])])
2021-03-04 23:38:48 -08:00
2019-03-04 15:36:35 +01:00
AC_ARG_ENABLE(external_default_callbacks,
2022-02-23 20:44:36 +01:00
AS_HELP_STRING([--enable-external-default-callbacks],[enable external default callback functions [default=no]]), [],
2022-02-23 21:03:15 +01:00
[SECP_SET_DEFAULT([enable_external_default_callbacks], [no], [no])])
2019-03-04 15:36:35 +01:00
2016-07-01 15:51:07 +00:00
AC_ARG_ENABLE(module_surjectionproof,
2019-04-05 21:26:19 +02:00
AS_HELP_STRING([--enable-module-surjectionproof],[enable surjection proof module [default=no]]),
2022-03-30 15:18:07 +00:00
[],
[SECP_SET_DEFAULT([enable_module_surjectionproof], [no], [yes])])
2016-07-01 15:51:07 +00:00
2019-05-30 09:04:40 +03:00
AC_ARG_ENABLE(reduced_surjection_proof_size,
AS_HELP_STRING([--enable-reduced-surjection-proof-size],[use reduced surjection proof size (disabling parsing and verification) [default=no]]),
2022-03-30 15:18:07 +00:00
[],
[SECP_SET_DEFAULT([use_reduced_surjection_proof_size], [no], [no])])
2019-05-30 09:04:40 +03:00
2021-01-08 15:18:08 +01:00
# Test-only override of the (autodetected by the C code) "widemul" setting.
# Legal values are int64 (for [u]int64_t), int128 (for [unsigned] __int128), and auto (the default).
2020-08-09 10:58:40 -07:00
AC_ARG_WITH([test-override-wide-multiply], [] ,[set_widemul=$withval], [set_widemul=auto])
2014-01-17 22:52:33 -05:00
2019-03-06 14:10:38 +01:00
AC_ARG_WITH([asm], [AS_HELP_STRING([--with-asm=x86_64|arm|no|auto],
2021-11-24 07:16:19 +08:00
[assembly optimizations to use (experimental: arm) [default=auto]])],[req_asm=$withval], [req_asm=auto])
2014-12-12 16:20:47 +01:00
2019-03-06 13:12:33 +01:00
AC_ARG_WITH([ecmult-window], [AS_HELP_STRING([--with-ecmult-window=SIZE|auto],
[window size for ecmult precomputation for verification, specified as integer in range [2..24].]
[Larger values result in possibly better performance at the cost of an exponentially larger precomputed table.]
2020-09-25 20:06:36 -07:00
[The table will store 2^(SIZE-1) * 64 bytes of data but can be larger in memory due to platform-specific padding and alignment.]
2021-12-17 14:21:38 -05:00
[A window size larger than 15 will require you delete the prebuilt precomputed_ecmult.c file so that it can be rebuilt.]
2021-06-28 16:33:03 -04:00
[For very large window sizes, use "make -j 1" to reduce memory use during compilation.]
2019-03-06 13:12:33 +01:00
["auto" is a reasonable setting for desktop machines (currently 15). [default=auto]]
)],
[req_ecmult_window=$withval], [req_ecmult_window=auto])
2015-10-18 10:35:16 +02:00
AC_ARG_WITH([ecmult-gen-precision], [AS_HELP_STRING([--with-ecmult-gen-precision=2|4|8|auto],
[Precision bits to tune the precomputed table size for signing.]
[The size of the table is 32kB for 2 bits, 64kB for 4 bits, 512kB for 8 bits of precision.]
[A larger table size usually results in possible faster signing.]
["auto" is a reasonable setting for desktop machines (currently 4). [default=auto]]
)],
[req_ecmult_gen_precision=$withval], [req_ecmult_gen_precision=auto])
2020-09-12 19:15:56 +00:00
AC_ARG_WITH([valgrind], [AS_HELP_STRING([--with-valgrind=yes|no|auto],
[Build with extra checks for running inside Valgrind [default=auto]]
)],
[req_valgrind=$withval], [req_valgrind=auto])
2021-01-08 15:18:08 +01:00
###
### Handle config options (except for modules)
###
2020-09-12 19:15:56 +00:00
if test x"$req_valgrind" = x"no"; then
enable_valgrind=no
else
2020-12-23 22:08:03 +01:00
SECP_VALGRIND_CHECK
if test x"$has_valgrind" != x"yes"; then
2020-09-12 19:15:56 +00:00
if test x"$req_valgrind" = x"yes"; then
AC_MSG_ERROR([Valgrind support explicitly requested but valgrind/memcheck.h header not available])
fi
enable_valgrind=no
2020-12-23 22:08:03 +01:00
else
enable_valgrind=yes
fi
2020-09-12 19:15:56 +00:00
fi
2020-01-11 13:31:50 +00:00
AM_CONDITIONAL([VALGRIND_ENABLED],[test "$enable_valgrind" = "yes"])
2016-11-26 20:34:15 +00:00
if test x"$enable_coverage" = x"yes"; then
AC_DEFINE(COVERAGE, 1, [Define this symbol to compile out all VERIFY code])
2021-05-13 19:34:16 +02:00
SECP_CFLAGS="-O0 --coverage $SECP_CFLAGS"
2019-12-17 12:37:48 +00:00
LDFLAGS="--coverage $LDFLAGS"
2016-11-26 20:34:15 +00:00
else
2021-05-13 19:34:16 +02:00
# Most likely the CFLAGS already contain -O2 because that is autoconf's default.
# We still add it here because passing it twice is not an issue, and handling
# this case would just add unnecessary complexity (see #896).
SECP_CFLAGS="-O2 $SECP_CFLAGS"
2016-11-26 20:34:15 +00:00
fi
2016-07-01 15:51:07 +00:00
AC_MSG_CHECKING([for __builtin_popcount])
2022-03-31 17:41:54 +02:00
AC_LINK_IFELSE([AC_LANG_SOURCE([[void myfunc() {__builtin_popcount(0);}]])],
2016-07-01 15:51:07 +00:00
[ AC_MSG_RESULT([yes]);AC_DEFINE(HAVE_BUILTIN_POPCOUNT,1,[Define this symbol if __builtin_popcount is available]) ],
[ AC_MSG_RESULT([no])
])
2015-08-05 16:17:50 +02:00
AC_MSG_CHECKING([for __builtin_clzll])
2022-03-31 17:41:54 +02:00
AC_LINK_IFELSE([AC_LANG_SOURCE([[void myfunc() { __builtin_clzll(1);}]])],
2015-08-05 16:17:50 +02:00
[ AC_MSG_RESULT([yes]);AC_DEFINE(HAVE_BUILTIN_CLZLL,1,[Define this symbol if __builtin_clzll is available]) ],
[ AC_MSG_RESULT([no])
])
2014-12-12 16:20:47 +01:00
if test x"$req_asm" = x"auto"; then
2014-01-24 16:57:13 -05:00
SECP_64BIT_ASM_CHECK
if test x"$has_64bit_asm" = x"yes"; then
2014-12-12 16:20:47 +01:00
set_asm=x86_64
fi
if test x"$set_asm" = x; then
set_asm=no
2014-01-17 22:52:33 -05:00
fi
2014-12-12 16:20:47 +01:00
else
set_asm=$req_asm
case $set_asm in
x86_64)
SECP_64BIT_ASM_CHECK
if test x"$has_64bit_asm" != x"yes"; then
AC_MSG_ERROR([x86_64 assembly optimization requested but not available])
fi
;;
2014-12-24 12:12:37 +01:00
arm)
;;
2014-12-12 16:20:47 +01:00
no)
;;
*)
AC_MSG_ERROR([invalid assembly optimization selection])
;;
esac
fi
2014-01-17 22:52:33 -05:00
2021-01-08 15:18:08 +01:00
# Select assembly optimization
2022-02-23 20:40:18 +01:00
enable_external_asm=no
2014-12-24 12:12:37 +01:00
2014-12-12 16:20:47 +01:00
case $set_asm in
x86_64)
AC_DEFINE(USE_ASM_X86_64, 1, [Define this symbol to enable x86_64 assembly optimizations])
;;
2014-12-24 12:12:37 +01:00
arm)
2022-02-23 20:40:18 +01:00
enable_external_asm=yes
2014-12-24 12:12:37 +01:00
;;
2014-12-12 16:20:47 +01:00
no)
;;
*)
AC_MSG_ERROR([invalid assembly optimizations])
;;
esac
2022-02-23 20:40:18 +01:00
if test x"$enable_external_asm" = x"yes"; then
2021-01-08 15:18:08 +01:00
AC_DEFINE(USE_EXTERNAL_ASM, 1, [Define this symbol if an external (non-inline) assembly implementation is used])
fi
# Select wide multiplication implementation
2020-08-09 10:58:40 -07:00
case $set_widemul in
int128)
AC_DEFINE(USE_FORCE_WIDEMUL_INT128, 1, [Define this symbol to force the use of the (unsigned) __int128 based wide multiplication implementation])
2014-01-17 22:52:33 -05:00
;;
2020-08-09 10:58:40 -07:00
int64)
AC_DEFINE(USE_FORCE_WIDEMUL_INT64, 1, [Define this symbol to force the use of the (u)int64_t based wide multiplication implementation])
2014-01-17 22:52:33 -05:00
;;
2020-08-09 10:58:40 -07:00
auto)
2014-01-17 22:52:33 -05:00
;;
*)
2020-08-09 10:58:40 -07:00
AC_MSG_ERROR([invalid wide multiplication implementation])
2014-01-17 22:52:33 -05:00
;;
esac
2021-01-08 15:18:08 +01:00
# Set ecmult window size
2019-03-06 13:12:33 +01:00
if test x"$req_ecmult_window" = x"auto"; then
set_ecmult_window=15
else
set_ecmult_window=$req_ecmult_window
fi
error_window_size=['window size for ecmult precomputation not an integer in range [2..24] or "auto"']
case $set_ecmult_window in
''|*[[!0-9]]*)
# no valid integer
AC_MSG_ERROR($error_window_size)
;;
*)
if test "$set_ecmult_window" -lt 2 -o "$set_ecmult_window" -gt 24 ; then
# not in range
AC_MSG_ERROR($error_window_size)
fi
AC_DEFINE_UNQUOTED(ECMULT_WINDOW_SIZE, $set_ecmult_window, [Set window size for ecmult precomputation])
;;
esac
2021-01-08 15:18:08 +01:00
# Set ecmult gen precision
2015-10-18 10:35:16 +02:00
if test x"$req_ecmult_gen_precision" = x"auto"; then
set_ecmult_gen_precision=4
else
set_ecmult_gen_precision=$req_ecmult_gen_precision
fi
case $set_ecmult_gen_precision in
2|4|8)
AC_DEFINE_UNQUOTED(ECMULT_GEN_PREC_BITS, $set_ecmult_gen_precision, [Set ecmult gen precision bits])
;;
*)
AC_MSG_ERROR(['ecmult gen precision not 2, 4, 8 or "auto"'])
;;
esac
2020-12-23 22:08:03 +01:00
if test x"$enable_valgrind" = x"yes"; then
SECP_INCLUDES="$SECP_INCLUDES $VALGRIND_CPPFLAGS"
fi
2021-05-06 14:02:00 +02:00
# Add -Werror and similar flags passed from the outside (for testing, e.g., in CI)
SECP_CFLAGS="$SECP_CFLAGS $WERROR_CFLAGS"
2021-01-08 15:18:08 +01:00
###
### Handle module options
###
2022-08-09 19:17:30 +00:00
# Besides testing whether modules are enabled, the following code also enables
# module dependencies. The order of the tests matters: the dependency must be
# tested first.
2015-06-29 15:06:28 -05:00
if test x"$enable_module_ecdh" = x"yes"; then
AC_DEFINE(ENABLE_MODULE_ECDH, 1, [Define this symbol to enable the ECDH module])
fi
2020-10-14 15:03:26 +00:00
if test x"$enable_module_musig" = x"yes"; then
AC_DEFINE(ENABLE_MODULE_MUSIG, 1, [Define this symbol to enable the MuSig module])
2021-04-03 22:03:09 +00:00
enable_module_schnorrsig=yes
2020-10-14 15:03:26 +00:00
fi
2018-12-22 22:12:35 +00:00
2015-08-27 03:42:57 +02:00
if test x"$enable_module_recovery" = x"yes"; then
AC_DEFINE(ENABLE_MODULE_RECOVERY, 1, [Define this symbol to enable the ECDSA pubkey recovery module])
fi
2022-08-09 19:17:30 +00:00
if test x"$enable_module_whitelist" = x"yes"; then
enable_module_rangeproof=yes
AC_DEFINE(ENABLE_MODULE_WHITELIST, 1, [Define this symbol to enable the key whitelisting module])
fi
if test x"$enable_module_surjectionproof" = x"yes"; then
enable_module_rangeproof=yes
AC_DEFINE(ENABLE_MODULE_SURJECTIONPROOF, 1, [Define this symbol to enable the surjection proof module])
2016-07-07 00:47:41 +02:00
fi
Pedersen commitments, borromean ring signatures, and ZK range proofs.
This commit adds three new cryptosystems to libsecp256k1:
Pedersen commitments are a system for making blinded commitments
to a value. Functionally they work like:
commit_b,v = H(blind_b || value_v),
except they are additively homorphic, e.g.
C(b1, v1) - C(b2, v2) = C(b1 - b2, v1 - v2) and
C(b1, v1) - C(b1, v1) = 0, etc.
The commitments themselves are EC points, serialized as 33 bytes.
In addition to the commit function this implementation includes
utility functions for verifying that a set of commitments sums
to zero, and for picking blinding factors that sum to zero.
If the blinding factors are uniformly random, pedersen commitments
have information theoretic privacy.
Borromean ring signatures are a novel efficient ring signature
construction for AND/OR admissions policies (the code here implements
an AND of ORs, each of any size). This construction requires
32 bytes of signature per pubkey used plus 32 bytes of constant
overhead. With these you can construct signatures like "Given pubkeys
A B C D E F G, the signer knows the discrete logs
satisifying (A || B) & (C || D || E) & (F || G)".
ZK range proofs allow someone to prove a pedersen commitment is in
a particular range (e.g. [0..2^64)) without revealing the specific
value. The construction here is based on the above borromean
ring signature and uses a radix-4 encoding and other optimizations
to maximize efficiency. It also supports encoding proofs with a
non-private base-10 exponent and minimum-value to allow trading
off secrecy for size and speed (or just avoiding wasting space
keeping data private that was already public due to external
constraints).
A proof for a 32-bit mantissa takes 2564 bytes, but 2048 bytes of
this can be used to communicate a private message to a receiver
who shares a secret random seed with the prover.
Also: get rid of precomputed H tables (Pieter Wuille)
2015-08-05 19:04:14 +02:00
if test x"$enable_module_rangeproof" = x"yes"; then
2022-08-09 19:17:30 +00:00
enable_module_generator=yes
Pedersen commitments, borromean ring signatures, and ZK range proofs.
This commit adds three new cryptosystems to libsecp256k1:
Pedersen commitments are a system for making blinded commitments
to a value. Functionally they work like:
commit_b,v = H(blind_b || value_v),
except they are additively homorphic, e.g.
C(b1, v1) - C(b2, v2) = C(b1 - b2, v1 - v2) and
C(b1, v1) - C(b1, v1) = 0, etc.
The commitments themselves are EC points, serialized as 33 bytes.
In addition to the commit function this implementation includes
utility functions for verifying that a set of commitments sums
to zero, and for picking blinding factors that sum to zero.
If the blinding factors are uniformly random, pedersen commitments
have information theoretic privacy.
Borromean ring signatures are a novel efficient ring signature
construction for AND/OR admissions policies (the code here implements
an AND of ORs, each of any size). This construction requires
32 bytes of signature per pubkey used plus 32 bytes of constant
overhead. With these you can construct signatures like "Given pubkeys
A B C D E F G, the signer knows the discrete logs
satisifying (A || B) & (C || D || E) & (F || G)".
ZK range proofs allow someone to prove a pedersen commitment is in
a particular range (e.g. [0..2^64)) without revealing the specific
value. The construction here is based on the above borromean
ring signature and uses a radix-4 encoding and other optimizations
to maximize efficiency. It also supports encoding proofs with a
non-private base-10 exponent and minimum-value to allow trading
off secrecy for size and speed (or just avoiding wasting space
keeping data private that was already public due to external
constraints).
A proof for a 32-bit mantissa takes 2564 bytes, but 2048 bytes of
this can be used to communicate a private message to a receiver
who shares a secret random seed with the prover.
Also: get rid of precomputed H tables (Pieter Wuille)
2015-08-05 19:04:14 +02:00
AC_DEFINE(ENABLE_MODULE_RANGEPROOF, 1, [Define this symbol to enable the Pedersen / zero knowledge range proof module])
fi
2022-08-09 19:17:30 +00:00
if test x"$enable_module_generator" = x"yes"; then
AC_DEFINE(ENABLE_MODULE_GENERATOR, 1, [Define this symbol to enable the NUMS generator module])
2016-04-21 22:22:39 +00:00
fi
2020-05-12 21:19:03 +00:00
if test x"$enable_module_schnorrsig" = x"yes"; then
AC_DEFINE(ENABLE_MODULE_SCHNORRSIG, 1, [Define this symbol to enable the schnorrsig module])
enable_module_extrakeys=yes
fi
2020-05-12 13:58:47 +00:00
if test x"$enable_module_extrakeys" = x"yes"; then
AC_DEFINE(ENABLE_MODULE_EXTRAKEYS, 1, [Define this symbol to enable the extrakeys module])
fi
2020-12-05 23:18:54 +00:00
if test x"$enable_module_ecdsa_s2c" = x"yes"; then
AC_DEFINE(ENABLE_MODULE_ECDSA_S2C, 1, [Define this symbol to enable the ECDSA sign-to-contract module])
fi
2022-02-23 20:40:18 +01:00
if test x"$enable_external_default_callbacks" = x"yes"; then
2019-03-04 15:36:35 +01:00
AC_DEFINE(USE_EXTERNAL_DEFAULT_CALLBACKS, 1, [Define this symbol if an external implementation of the default callbacks is used])
fi
2019-05-30 09:04:40 +03:00
if test x"$use_reduced_surjection_proof_size" = x"yes"; then
AC_DEFINE(USE_REDUCED_SURJECTION_PROOF_SIZE, 1, [Define this symbol to reduce SECP256K1_SURJECTIONPROOF_MAX_N_INPUTS to 16, disabling parsing and verification])
fi
2021-03-04 23:38:48 -08:00
if test x"$enable_module_ecdsa_adaptor" = x"yes"; then
AC_DEFINE(ENABLE_MODULE_ECDSA_ADAPTOR, 1, [Define this symbol to enable the ECDSA adaptor module])
fi
2021-01-08 15:18:08 +01:00
###
### Check for --enable-experimental if necessary
###
2015-11-26 00:06:41 +01:00
if test x"$enable_experimental" = x"yes"; then
AC_MSG_NOTICE([******])
AC_MSG_NOTICE([WARNING: experimental build])
AC_MSG_NOTICE([Experimental features do not have stable APIs or properties, and may not be safe for production use.])
AC_MSG_NOTICE([******])
else
2022-08-10 09:20:26 +00:00
# The order of the following tests matters. If the user enables a dependent
# module (which automatically enables the module dependencies) we want to
# print an error for the dependent module, not the module dependency. Hence,
# we first test dependent modules.
if test x"$enable_module_whitelist" = x"yes"; then
AC_MSG_ERROR([Key whitelisting module is experimental. Use --enable-experimental to allow.])
fi
if test x"$enable_module_surjectionproof" = x"yes"; then
AC_MSG_ERROR([Surjection proof module is experimental. Use --enable-experimental to allow.])
fi
if test x"$enable_module_rangeproof" = x"yes"; then
AC_MSG_ERROR([Range proof module is experimental. Use --enable-experimental to allow.])
fi
if test x"$enable_module_generator" = x"yes"; then
AC_MSG_ERROR([NUMS generator module is experimental. Use --enable-experimental to allow.])
fi
2020-10-14 15:03:26 +00:00
if test x"$enable_module_musig" = x"yes"; then
AC_MSG_ERROR([MuSig module is experimental. Use --enable-experimental to allow.])
fi
2020-12-05 23:18:54 +00:00
if test x"$enable_module_ecdsa_s2c" = x"yes"; then
AC_MSG_ERROR([ECDSA sign-to-contract module module is experimental. Use --enable-experimental to allow.])
fi
2021-03-04 23:38:48 -08:00
if test x"$enable_module_ecdsa_adaptor" = x"yes"; then
AC_MSG_ERROR([ecdsa adaptor signatures module is experimental. Use --enable-experimental to allow.])
fi
2014-12-24 12:12:37 +01:00
if test x"$set_asm" = x"arm"; then
AC_MSG_ERROR([ARM assembly optimization is experimental. Use --enable-experimental to allow.])
fi
2015-11-26 00:06:41 +01:00
fi
2021-01-08 15:18:08 +01:00
###
### Generate output
###
2014-01-17 22:52:33 -05:00
AC_CONFIG_HEADERS([src/libsecp256k1-config.h])
2014-05-07 06:10:08 +00:00
AC_CONFIG_FILES([Makefile libsecp256k1.pc])
2014-01-17 22:52:33 -05:00
AC_SUBST(SECP_INCLUDES)
AC_SUBST(SECP_LIBS)
AC_SUBST(SECP_TEST_LIBS)
AC_SUBST(SECP_TEST_INCLUDES)
2021-05-13 17:06:16 +02:00
AC_SUBST(SECP_CFLAGS)
2016-11-26 20:34:15 +00:00
AM_CONDITIONAL([ENABLE_COVERAGE], [test x"$enable_coverage" = x"yes"])
2022-02-23 20:40:18 +01:00
AM_CONDITIONAL([USE_TESTS], [test x"$enable_tests" != x"no"])
AM_CONDITIONAL([USE_EXHAUSTIVE_TESTS], [test x"$enable_exhaustive_tests" != x"no"])
AM_CONDITIONAL([USE_EXAMPLES], [test x"$enable_examples" != x"no"])
AM_CONDITIONAL([USE_BENCHMARK], [test x"$enable_benchmark" = x"yes"])
2015-06-29 15:06:28 -05:00
AM_CONDITIONAL([ENABLE_MODULE_ECDH], [test x"$enable_module_ecdh" = x"yes"])
2020-10-14 15:03:26 +00:00
AM_CONDITIONAL([ENABLE_MODULE_MUSIG], [test x"$enable_module_musig" = x"yes"])
2015-08-27 03:42:57 +02:00
AM_CONDITIONAL([ENABLE_MODULE_RECOVERY], [test x"$enable_module_recovery" = x"yes"])
2016-07-07 00:47:41 +02:00
AM_CONDITIONAL([ENABLE_MODULE_GENERATOR], [test x"$enable_module_generator" = x"yes"])
Pedersen commitments, borromean ring signatures, and ZK range proofs.
This commit adds three new cryptosystems to libsecp256k1:
Pedersen commitments are a system for making blinded commitments
to a value. Functionally they work like:
commit_b,v = H(blind_b || value_v),
except they are additively homorphic, e.g.
C(b1, v1) - C(b2, v2) = C(b1 - b2, v1 - v2) and
C(b1, v1) - C(b1, v1) = 0, etc.
The commitments themselves are EC points, serialized as 33 bytes.
In addition to the commit function this implementation includes
utility functions for verifying that a set of commitments sums
to zero, and for picking blinding factors that sum to zero.
If the blinding factors are uniformly random, pedersen commitments
have information theoretic privacy.
Borromean ring signatures are a novel efficient ring signature
construction for AND/OR admissions policies (the code here implements
an AND of ORs, each of any size). This construction requires
32 bytes of signature per pubkey used plus 32 bytes of constant
overhead. With these you can construct signatures like "Given pubkeys
A B C D E F G, the signer knows the discrete logs
satisifying (A || B) & (C || D || E) & (F || G)".
ZK range proofs allow someone to prove a pedersen commitment is in
a particular range (e.g. [0..2^64)) without revealing the specific
value. The construction here is based on the above borromean
ring signature and uses a radix-4 encoding and other optimizations
to maximize efficiency. It also supports encoding proofs with a
non-private base-10 exponent and minimum-value to allow trading
off secrecy for size and speed (or just avoiding wasting space
keeping data private that was already public due to external
constraints).
A proof for a 32-bit mantissa takes 2564 bytes, but 2048 bytes of
this can be used to communicate a private message to a receiver
who shares a secret random seed with the prover.
Also: get rid of precomputed H tables (Pieter Wuille)
2015-08-05 19:04:14 +02:00
AM_CONDITIONAL([ENABLE_MODULE_RANGEPROOF], [test x"$enable_module_rangeproof" = x"yes"])
2016-04-21 22:22:39 +00:00
AM_CONDITIONAL([ENABLE_MODULE_WHITELIST], [test x"$enable_module_whitelist" = x"yes"])
2020-05-12 21:19:03 +00:00
AM_CONDITIONAL([ENABLE_MODULE_EXTRAKEYS], [test x"$enable_module_extrakeys" = x"yes"])
AM_CONDITIONAL([ENABLE_MODULE_SCHNORRSIG], [test x"$enable_module_schnorrsig" = x"yes"])
2020-12-05 23:18:54 +00:00
AM_CONDITIONAL([ENABLE_MODULE_ECDSA_S2C], [test x"$enable_module_ecdsa_s2c" = x"yes"])
2021-03-04 23:38:48 -08:00
AM_CONDITIONAL([ENABLE_MODULE_ECDSA_ADAPTOR], [test x"$enable_module_ecdsa_adaptor" = x"yes"])
2022-02-23 20:40:18 +01:00
AM_CONDITIONAL([USE_EXTERNAL_ASM], [test x"$enable_external_asm" = x"yes"])
2014-12-24 12:12:37 +01:00
AM_CONDITIONAL([USE_ASM_ARM], [test x"$set_asm" = x"arm"])
2016-07-01 15:51:07 +00:00
AM_CONDITIONAL([ENABLE_MODULE_SURJECTIONPROOF], [test x"$enable_module_surjectionproof" = x"yes"])
2019-05-30 09:04:40 +03:00
AM_CONDITIONAL([USE_REDUCED_SURJECTION_PROOF_SIZE], [test x"$use_reduced_surjection_proof_size" = x"yes"])
2020-04-30 14:34:24 +03:00
AM_CONDITIONAL([BUILD_WINDOWS], [test "$build_windows" = "yes"])
2021-07-06 21:06:46 +00:00
AC_SUBST(LIB_VERSION_CURRENT, _LIB_VERSION_CURRENT)
AC_SUBST(LIB_VERSION_REVISION, _LIB_VERSION_REVISION)
AC_SUBST(LIB_VERSION_AGE, _LIB_VERSION_AGE)
2014-11-24 11:13:16 -05:00
2014-01-17 22:52:33 -05:00
AC_OUTPUT
2018-03-10 10:36:59 -08:00
echo
echo "Build Options:"
2022-02-23 20:40:18 +01:00
echo " with external callbacks = $enable_external_default_callbacks"
echo " with benchmarks = $enable_benchmark"
echo " with tests = $enable_tests"
2019-03-04 15:36:35 +01:00
echo " with coverage = $enable_coverage"
2022-02-23 20:40:18 +01:00
echo " with examples = $enable_examples"
2019-03-04 15:36:35 +01:00
echo " module ecdh = $enable_module_ecdh"
echo " module recovery = $enable_module_recovery"
2020-05-12 13:58:47 +00:00
echo " module extrakeys = $enable_module_extrakeys"
2020-05-12 21:19:03 +00:00
echo " module schnorrsig = $enable_module_schnorrsig"
2022-08-10 09:04:47 +00:00
echo " module generator = $enable_module_generator"
echo " module rangeproof = $enable_module_rangeproof"
echo " module surjectionproof = $enable_module_surjectionproof"
echo " module whitelist = $enable_module_whitelist"
2021-04-03 22:03:09 +00:00
echo " module musig = $enable_module_musig"
2020-12-05 23:18:54 +00:00
echo " module ecdsa-s2c = $enable_module_ecdsa_s2c"
2021-03-04 23:38:48 -08:00
echo " module ecdsa-adaptor = $enable_module_ecdsa_adaptor"
2018-03-10 10:36:59 -08:00
echo
2019-03-04 15:36:35 +01:00
echo " asm = $set_asm"
echo " ecmult window size = $set_ecmult_window"
2015-10-18 10:35:16 +02:00
echo " ecmult gen prec. bits = $set_ecmult_gen_precision"
2021-01-08 15:18:08 +01:00
# Hide test-only options unless they're used.
2020-08-09 10:58:40 -07:00
if test x"$set_widemul" != xauto; then
echo " wide multiplication = $set_widemul"
fi
2018-03-10 10:36:59 -08:00
echo
2020-01-08 11:56:15 +00:00
echo " valgrind = $enable_valgrind"
2019-03-04 15:36:35 +01:00
echo " CC = $CC"
echo " CPPFLAGS = $CPPFLAGS"
2021-05-13 17:06:16 +02:00
echo " SECP_CFLAGS = $SECP_CFLAGS"
2019-03-04 15:36:35 +01:00
echo " CFLAGS = $CFLAGS"
echo " LDFLAGS = $LDFLAGS"
