forked from bitcoin/bitcoin
-
Notifications
You must be signed in to change notification settings - Fork 5
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Squashed 'src/secp256k1/' changes from 199d27c..efe85c70a2
efe85c70a2 Merge bitcoin-core/secp256k1#1466: release cleanup: bump version after 0.4.1 4b2e06f460 release cleanup: bump version after 0.4.1 1ad5185 Merge bitcoin-core/secp256k1#1465: release: prepare for 0.4.1 672053d release: prepare for 0.4.1 1a81df8 Merge bitcoin-core/secp256k1#1380: Add ABI checking tool for release process 74a4d97 doc: Add ABI checking with `check-abi.sh` to the Release Process e7f830e Add `tools/check-abi.sh` 77af1da Merge bitcoin-core/secp256k1#1455: doc: improve secp256k1_fe_set_b32_mod doc 3928b7c doc: improve secp256k1_fe_set_b32_mod doc 5e9a4d7 Merge bitcoin-core/secp256k1#990: Add comment on length checks when parsing ECDSA sigs 4197d66 Merge bitcoin-core/secp256k1#1431: Add CONTRIBUTING.md 0e5ea62 CONTRIBUTING: add some coding and style conventions e2c9888 Merge bitcoin-core/secp256k1#1451: changelog: add entry for "field: Remove x86_64 asm" d2e36a2 changelog: add entry for "field: Remove x86_64 asm" 1a432cb README: update first sentence 0922a04 docs: move coverage report instructions to CONTRIBUTING 76880e4 Add CONTRIBUTING.md including scope and guidelines for new code d3e29db Merge bitcoin-core/secp256k1#1450: Add group.h ge/gej equality functions 04af0ba Replace ge_equals_ge[,j] calls with group.h equality calls 60525f6 Add unit tests for group.h equality functions a47cd97 Add group.h ge/gej equality functions 10e6d29 Merge bitcoin-core/secp256k1#1446: field: Remove x86_64 asm 07687e8 Merge bitcoin-core/secp256k1#1393: Implement new policy for VERIFY_CHECK and #ifdef VERIFY (issue bitcoin#1381) bb46723 remove VERIFY_SETUP define a3a3e11 remove unneeded VERIFY_SETUP uses in ECMULT_CONST_TABLE_GET_GE macro a0fb68a introduce and use SECP256K1_SCALAR_VERIFY macro cf25c86 introduce and use SECP256K1_{FE,GE,GEJ}_VERIFY macros 5d89bc0 remove superfluous `#ifdef VERIFY`/`#endif` preprocessor conditions c2688f8 redefine VERIFY_CHECK to empty in production (non-VERIFY) mode 5814d84 Merge bitcoin-core/secp256k1#1438: correct assertion for secp256k1_fe_mul_inner c1b4966 Merge bitcoin-core/secp256k1#1445: bench: add --help option to bench_internal f07cead build: Don't call assembly an optimization 2f0762f field: Remove x86_64 asm 1ddd76a bench: add --help option to bench_internal e721039 Merge bitcoin-core/secp256k1#1441: asm: add .note.GNU-stack section for non-exec stack ea47c82 Merge bitcoin-core/secp256k1#1442: Return temporaries to being unsigned in secp256k1_fe_sqr_inner dcdda31 Tighten secp256k1_fe_mul_inner's VERIFY_BITS checks 1027135 Return temporaries to being unsigned in secp256k1_fe_sqr_inner 33dc7e4 asm: add .note.GNU-stack section for non-exec stack c891c5c Merge bitcoin-core/secp256k1#1437: ci: Ignore internal errors of snapshot compilers 8185e72 ci: Ignore internal errors in snapshot compilers 40f50d0 Merge bitcoin-core/secp256k1#1184: Signed-digit based ecmult_const algorithm 8e2a5fe correct assertion for secp256k1_fe_mul_inner 355bbdf Add changelog entry for signed-digit ecmult_const algorithm 21f49d9 Remove unused secp256k1_scalar_shr_int 115fdc7 Remove unused secp256k1_wnaf_const aa9f3a3 ecmult_const: add/improve tests 4d16e90 Signed-digit based ecmult_const algorithm ba523be make SECP256K1_SCALAR_CONST reduce modulo exhaustive group order 2140da9 Add secp256k1_scalar_half for halving scalars (+ tests/benchmarks). 1f1bb78 Merge bitcoin-core/secp256k1#1430: README: remove CI badge 5dab0ba README: remove CI badge b314cf2 Merge bitcoin-core/secp256k1#1426: ci/cirrus: Add native ARM64 jobs fa4d6c7 ci/cirrus: Add native ARM64 persistent workers ee7aaf2 Merge bitcoin-core/secp256k1#1395: tests: simplify `random_fe_non_zero` (remove loop limit and unneeded normalize) ba9cb6f Merge bitcoin-core/secp256k1#1424: ci: Bump major versions for docker actions d9d80fd ci: Bump major versions for docker actions 4fd00f4 Merge bitcoin-core/secp256k1#1422: cmake: Install `libsecp256k1.pc` file 421d848 ci: Align Autotools/CMake `CI_INSTALL` directory names 9f005c6 cmake: Install `libsecp256k1.pc` file 2262d0e ci/cirrus: Bring back skeleton .cirrus.yml without jobs b10ddd2 Merge bitcoin-core/secp256k1#1416: doc: Align documented scripts with CI ones 49be5be Merge bitcoin-core/secp256k1#1390: tests: Replace counting_illegal_callbacks with CHECK_ILLEGAL_VOID cbf3053 Merge bitcoin-core/secp256k1#1417: release cleanup: bump version after 0.4.0 9b118bc release cleanup: bump version after 0.4.0 7030364 tests: add CHECK_ERROR_VOID and use it in scratch tests f8d7ea6 tests: Replace counting_illegal_callbacks with CHECK_ILLEGAL_VOID b0f7bfe doc: Do not mention soname in CHANGELOG.md "ABI Compatibility" section bd9d98d doc: Align documented scripts with CI ones a1d52e3 tests: remove unnecessary test in run_ec_pubkey_parse_test 875b0ad tests: remove unnecessary set_illegal_callback c45b7c4 refactor: introduce testutil.h (deduplicate `random_fe_`, `ge_equals_` helpers) dc55141 tests: simplify `random_fe_non_zero` (remove loop limit and unneeded normalize) e02f313 Add comment on length checks when parsing ECDSA sigs git-subtree-dir: src/secp256k1 git-subtree-split: efe85c70a2e357e3605a8901a9662295bae1001f
- Loading branch information
Showing
46 changed files
with
1,477 additions
and
1,926 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,95 @@ | ||
env: | ||
### cirrus config | ||
CIRRUS_CLONE_DEPTH: 1 | ||
### compiler options | ||
HOST: | ||
WRAPPER_CMD: | ||
# Specific warnings can be disabled with -Wno-error=foo. | ||
# -pedantic-errors is not equivalent to -Werror=pedantic and thus not implied by -Werror according to the GCC manual. | ||
WERROR_CFLAGS: -Werror -pedantic-errors | ||
MAKEFLAGS: -j4 | ||
BUILD: check | ||
### secp256k1 config | ||
ECMULTWINDOW: auto | ||
ECMULTGENPRECISION: auto | ||
ASM: no | ||
WIDEMUL: auto | ||
WITH_VALGRIND: yes | ||
EXTRAFLAGS: | ||
### secp256k1 modules | ||
EXPERIMENTAL: no | ||
ECDH: no | ||
RECOVERY: no | ||
SCHNORRSIG: no | ||
ELLSWIFT: no | ||
### test options | ||
SECP256K1_TEST_ITERS: | ||
BENCH: yes | ||
SECP256K1_BENCH_ITERS: 2 | ||
CTIMETESTS: yes | ||
# Compile and run the tests | ||
EXAMPLES: yes | ||
|
||
cat_logs_snippet: &CAT_LOGS | ||
always: | ||
cat_tests_log_script: | ||
- cat tests.log || true | ||
cat_noverify_tests_log_script: | ||
- cat noverify_tests.log || true | ||
cat_exhaustive_tests_log_script: | ||
- cat exhaustive_tests.log || true | ||
cat_ctime_tests_log_script: | ||
- cat ctime_tests.log || true | ||
cat_bench_log_script: | ||
- cat bench.log || true | ||
cat_config_log_script: | ||
- cat config.log || true | ||
cat_test_env_script: | ||
- cat test_env.log || true | ||
cat_ci_env_script: | ||
- env | ||
|
||
linux_arm64_container_snippet: &LINUX_ARM64_CONTAINER | ||
env_script: | ||
- env | tee /tmp/env | ||
build_script: | ||
- DOCKER_BUILDKIT=1 docker build --file "ci/linux-debian.Dockerfile" --tag="ci_secp256k1_arm" | ||
- docker image prune --force # Cleanup stale layers | ||
test_script: | ||
- docker run --rm --mount "type=bind,src=./,dst=/ci_secp256k1" --env-file /tmp/env --replace --name "ci_secp256k1_arm" "ci_secp256k1_arm" bash -c "cd /ci_secp256k1/ && ./ci/ci.sh" | ||
|
||
task: | ||
name: "ARM64: Linux (Debian stable)" | ||
persistent_worker: | ||
labels: | ||
type: arm64 | ||
env: | ||
ECDH: yes | ||
RECOVERY: yes | ||
SCHNORRSIG: yes | ||
ELLSWIFT: yes | ||
matrix: | ||
# Currently only gcc-snapshot, the other compilers are tested on GHA with QEMU | ||
- env: { CC: 'gcc-snapshot' } | ||
<< : *LINUX_ARM64_CONTAINER | ||
<< : *CAT_LOGS | ||
|
||
task: | ||
name: "ARM64: Linux (Debian stable), Valgrind" | ||
persistent_worker: | ||
labels: | ||
type: arm64 | ||
env: | ||
ECDH: yes | ||
RECOVERY: yes | ||
SCHNORRSIG: yes | ||
ELLSWIFT: yes | ||
WRAPPER_CMD: 'valgrind --error-exitcode=42' | ||
SECP256K1_TEST_ITERS: 2 | ||
matrix: | ||
- env: { CC: 'gcc' } | ||
- env: { CC: 'clang' } | ||
- env: { CC: 'gcc-snapshot' } | ||
- env: { CC: 'clang-snapshot' } | ||
<< : *LINUX_ARM64_CONTAINER | ||
<< : *CAT_LOGS |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,107 @@ | ||
# Contributing to libsecp256k1 | ||
|
||
## Scope | ||
|
||
libsecp256k1 is a library for elliptic curve cryptography on the curve secp256k1, not a general-purpose cryptography library. | ||
The library primarily serves the needs of the Bitcoin Core project but provides additional functionality for the benefit of the wider Bitcoin ecosystem. | ||
|
||
## Adding new functionality or modules | ||
|
||
The libsecp256k1 project welcomes contributions in the form of new functionality or modules, provided they are within the project's scope. | ||
|
||
It is the responsibility of the contributors to convince the maintainers that the proposed functionality is within the project's scope, high-quality and maintainable. | ||
Contributors are recommended to provide the following in addition to the new code: | ||
|
||
* **Specification:** | ||
A specification can help significantly in reviewing the new code as it provides documentation and context. | ||
It may justify various design decisions, give a motivation and outline security goals. | ||
If the specification contains pseudocode, a reference implementation or test vectors, these can be used to compare with the proposed libsecp256k1 code. | ||
* **Security Arguments:** | ||
In addition to a defining the security goals, it should be argued that the new functionality meets these goals. | ||
Depending on the nature of the new functionality, a wide range of security arguments are acceptable, ranging from being "obviously secure" to rigorous proofs of security. | ||
* **Relevance Arguments:** | ||
The relevance of the new functionality for the Bitcoin ecosystem should be argued by outlining clear use cases. | ||
|
||
These are not the only factors taken into account when considering to add new functionality. | ||
The proposed new libsecp256k1 code must be of high quality, including API documentation and tests, as well as featuring a misuse-resistant API design. | ||
|
||
We recommend reaching out to other contributors (see [Communication Channels](#communication-channels)) and get feedback before implementing new functionality. | ||
|
||
## Communication channels | ||
|
||
Most communication about libsecp256k1 occurs on the GitHub repository: in issues, pull request or on the discussion board. | ||
|
||
Additionally, there is an IRC channel dedicated to libsecp256k1, with biweekly meetings (see channel topic). | ||
The channel is `#secp256k1` on Libera Chat. | ||
The easiest way to participate on IRC is with the web client, [web.libera.chat](https://web.libera.chat/#secp256k1). | ||
Chat history logs can be found at https://gnusha.org/secp256k1/. | ||
|
||
## Contributor workflow & peer review | ||
|
||
The Contributor Workflow & Peer Review in libsecp256k1 are similar to Bitcoin Core's workflow and review processes described in its [CONTRIBUTING.md](https://github.com/bitcoin/bitcoin/blob/master/CONTRIBUTING.md). | ||
|
||
### Coding conventions | ||
|
||
In addition, libsecp256k1 tries to maintain the following coding conventions: | ||
|
||
* No runtime heap allocation (e.g., no `malloc`) unless explicitly requested by the caller (via `secp256k1_context_create` or `secp256k1_scratch_space_create`, for example). Morever, it should be possible to use the library without any heap allocations. | ||
* The tests should cover all lines and branches of the library (see [Test coverage](#coverage)). | ||
* Operations involving secret data should be tested for being constant time with respect to the secrets (see [src/ctime_tests.c](src/ctime_tests.c)). | ||
* Local variables containing secret data should be cleared explicitly to try to delete secrets from memory. | ||
* Use `secp256k1_memcmp_var` instead of `memcmp` (see [#823](https://github.com/bitcoin-core/secp256k1/issues/823)). | ||
|
||
#### Style conventions | ||
|
||
* Commits should be atomic and diffs should be easy to read. For this reason, do not mix any formatting fixes or code moves with actual code changes. Make sure each individual commit is hygienic: that it builds successfully on its own without warnings, errors, regressions, or test failures. | ||
* New code should adhere to the style of existing, in particular surrounding, code. Other than that, we do not enforce strict rules for code formatting. | ||
* The code conforms to C89. Most notably, that means that only `/* ... */` comments are allowed (no `//` line comments). Moreover, any declarations in a `{ ... }` block (e.g., a function) must appear at the beginning of the block before any statements. When you would like to declare a variable in the middle of a block, you can open a new block: | ||
```C | ||
void secp256k_foo(void) { | ||
unsigned int x; /* declaration */ | ||
int y = 2*x; /* declaration */ | ||
x = 17; /* statement */ | ||
{ | ||
int a, b; /* declaration */ | ||
a = x + y; /* statement */ | ||
secp256k_bar(x, &b); /* statement */ | ||
} | ||
} | ||
``` | ||
* Use `unsigned int` instead of just `unsigned`. | ||
* Use `void *ptr` instead of `void* ptr`. | ||
* Arguments of the publicly-facing API must have a specific order defined in [include/secp256k1.h](include/secp256k1.h). | ||
* User-facing comment lines in headers should be limited to 80 chars if possible. | ||
* All identifiers in file scope should start with `secp256k1_`. | ||
* Avoid trailing whitespace. | ||
|
||
### Tests | ||
|
||
#### Coverage | ||
|
||
This library aims to have full coverage of reachable lines and branches. | ||
|
||
To create a test coverage report, configure with `--enable-coverage` (use of GCC is necessary): | ||
|
||
$ ./configure --enable-coverage | ||
|
||
Run the tests: | ||
|
||
$ make check | ||
|
||
To create a report, `gcovr` is recommended, as it includes branch coverage reporting: | ||
|
||
$ gcovr --exclude 'src/bench*' --print-summary | ||
|
||
To create a HTML report with coloured and annotated source code: | ||
|
||
$ mkdir -p coverage | ||
$ gcovr --exclude 'src/bench*' --html --html-details -o coverage/coverage.html | ||
|
||
#### Exhaustive tests | ||
|
||
There are tests of several functions in which a small group replaces secp256k1. | ||
These tests are *exhaustive* since they provide all elements and scalars of the small group as input arguments (see [src/tests_exhaustive.c](src/tests_exhaustive.c)). | ||
|
||
### Benchmarks | ||
|
||
See `src/bench*.c` for examples of benchmarks. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.