Squashed 'src/secp256k1/' changes from 705ce7ed8c..c545fdc374

c545fdc374 Merge bitcoin-core/secp256k1#1298: Remove randomness tests
b40e2d30b7 Merge bitcoin-core/secp256k1#1378: ellswift: fix probabilistic test failure when swapping sides
c424e2fb43 ellswift: fix probabilistic test failure when swapping sides
907a67212e Merge bitcoin-core/secp256k1#1313: ci: Test on development snapshots of GCC and Clang
0f7657d59c Merge bitcoin-core/secp256k1#1366: field: Use `restrict` consistently in fe_sqrt
cc55757552 Merge bitcoin-core/secp256k1#1340: clean up in-comment Sage code (refer to secp256k1_params.sage, update to Python3)
600c5adcd5 clean up in-comment Sage code (refer to secp256k1_params.sage, update to Python3)
981e5be38c ci: Fix typo in comment
e9e9648219 ci: Reduce number of macOS tasks from 28 to 8
609093b387 ci: Add x86_64 Linux tasks for gcc and clang snapshots
1deecaaf3b ci: Install development snapshots of gcc and clang
b79ba8aa4c field: Use `restrict` consistently in fe_sqrt
c9ebca95f9 Merge bitcoin-core/secp256k1#1363: doc: minor ellswift.md updates
afd7eb4a55 Merge bitcoin-core/secp256k1#1371: Add exhaustive tests for ellswift (with create+decode roundtrip)
2792119278 Add exhaustive test for ellswift (create+decode roundtrip)
c7d900ffd1 doc: minor ellswift.md updates
332af315fc Merge bitcoin-core/secp256k1#1344: group: save normalize_weak calls in `secp256k1_ge_is_valid_var`/`secp256k1_gej_eq_x_var`
9e6d1b0e9b Merge bitcoin-core/secp256k1#1367: build: Improvements to symbol visibility logic on Windows (attempt 3)
0aacf64352 Merge bitcoin-core/secp256k1#1370: Corrected some typos
b6b9834e8d small fixes
07c0e8b82e group: remove unneeded normalize_weak in `secp256k1_gej_eq_x_var`
3fc1de5c55 Merge bitcoin-core/secp256k1#1364: Avoid `-Wmaybe-uninitialized` when compiling with `gcc -O1`
fb758fe8d6 Merge bitcoin-core/secp256k1#1323: tweak_add: fix API doc for tweak=0
c6cd2b15a0 ci: Add task for static library on Windows + CMake
020bf69a44 build: Add extensive docs on visibility issues
0196e8ade1 build: Introduce `SECP256k1_DLL_EXPORT` macro
9f1b1904a3 refactor: Replace `SECP256K1_API_VAR` with `SECP256K1_API`
ae9db95cea build: Introduce `SECP256K1_STATIC` macro for Windows users
7966aee31d Merge bitcoin-core/secp256k1#1369: ci: Print commit in Windows container
a7bec34231 ci: Print commit in Windows container
249c81eaa3 Merge bitcoin-core/secp256k1#1368: ci: Drop manual checkout of merge commit
98579e297b ci: Drop manual checkout of merge commit
5b9f37f136 ci: Add `CFLAGS: -O1` to task matrix
a6ca76cdf2 Avoid `-Wmaybe-uninitialized` when compiling with `gcc -O1`
0fa84f869d Merge bitcoin-core/secp256k1#1358: tests: introduce helper for non-zero `random_fe_test()` results
5a95a268b9 tests: introduce helper for non-zero `random_fe_test` results
304421d57b tests: refactor: remove duplicate function `random_field_element_test`
3aef6ab8e1 Merge bitcoin-core/secp256k1#1345: field: Static-assert that int args affecting magnitude are constant
4494a369b6 Merge bitcoin-core/secp256k1#1357: tests: refactor: take use of `secp256k1_ge_x_on_curve_var`
799f4eec27 Merge bitcoin-core/secp256k1#1356: ci: Adjust Docker image to Debian 12 "bookworm"
c862a9fb49 ci: Adjust Docker image to Debian 12 "bookworm"
a1782098a9 ci: Force DWARF v4 for Clang when Valgrind tests are expected
7d8d5c86df tests: refactor: take use of `secp256k1_ge_x_on_curve_var`
8a7273465b Help the compiler prove that a loop is entered
fd491ea1bb Merge bitcoin-core/secp256k1#1355: Fix a typo in the error message
ac43613d25 Merge bitcoin-core/secp256k1#1354: Add ellswift to CHANGELOG
67887ae65c Fix a typo in the error message
926dd3e962 Merge bitcoin-core/secp256k1#1295: abi: Use dllexport for mingw builds
10836832e7 Merge bitcoin-core/secp256k1#1336: Use `__shiftright128` intrinsic in `secp256k1_u128_rshift` on MSVC
7c7467ab7f Refer to ellswift.md in API docs
c32ffd8d8c Add ellswift to CHANGELOG
3c1a0fd37f Merge bitcoin-core/secp256k1#1347: field: Document return value of fe_sqrt()
5779137457 field: Document return value of fe_sqrt()
be8ff3a02a field: Static-assert that int args affecting magnitude are constant
efa76c4bf7 group: remove unneeded normalize_weak in `secp256k1_ge_is_valid_var`
5b7bf2e9d4 Use `__shiftright128` intrinsic in `secp256k1_u128_rshift` on MSVC
05873bb6b1 tweak_add: fix API doc for tweak=0
6ec3731e8c Simplify test PRNG implementation
fb5bfa4eed Add static test vector for Xoshiro256++
723e8ca8f7 Remove randomness tests
bc7c8db179 abi: Use dllexport for mingw builds

git-subtree-dir: src/secp256k1
git-subtree-split: c545fdc374964424683d9dac31a828adedabe860

.cirrus.yml

@@ -52,43 +52,47 @@ cat_logs_snippet: &CAT_LOGS
  cat_ci_env_script:
  - env
 
-persistent_worker_template: &PERSISTENT_WORKER_TEMPLATE
- persistent_worker: {} # https://cirrus-ci.org/guide/persistent-workers/
-
-# https://cirrus-ci.org/guide/tips-and-tricks/#sharing-configuration-between-tasks
-filter_template: &FILTER_TEMPLATE
- skip: $CIRRUS_REPO_FULL_NAME == "BGL-core/gui" && $CIRRUS_PR == "" # No need to run on the read-only mirror, unless it is a PR. https://cirrus-ci.org/guide/writing-tasks/#conditional-task-execution
- stateful: false # https://cirrus-ci.org/guide/writing-tasks/#stateful-tasks
-
-base_template: &BASE_TEMPLATE
- << : *FILTER_TEMPLATE
- merge_base_script:
- # Unconditionally install git (used in fingerprint_script).
- - bash -c "$PACKAGE_MANAGER_INSTALL git"
- - if [ "$CIRRUS_PR" = "" ]; then exit 0; fi
- - git fetch --depth=1 $CIRRUS_REPO_CLONE_URL "pull/${CIRRUS_PR}/merge"
- - git checkout FETCH_HEAD # Use merged changes to detect silent merge conflicts
-
-global_task_template: &GLOBAL_TASK_TEMPLATE
- << : *BASE_TEMPLATE
+linux_container_snippet: &LINUX_CONTAINER
  container:
- # https://cirrus-ci.org/faq/#are-there-any-limits
- # Each project has 16 CPU in total, assign 2 to each container, so that 8 tasks run in parallel
- cpu: 2
- memory: 8G # Set to 8GB to avoid OOM. https://cirrus-ci.org/guide/linux/#linux-containers
- dockerfile: ci/test_imagefile # https://cirrus-ci.org/guide/docker-builder-vm/#dockerfile-as-a-ci-environment
- depends_built_cache:
- folder: "depends/built"
- fingerprint_script: echo $CIRRUS_TASK_NAME $(git rev-parse HEAD:depends)
-
-global_task_template: &GLOBAL_TASK_TEMPLATE
- << : *CONTAINER_DEPENDS_TEMPLATE
- << : *MAIN_TEMPLATE
+ dockerfile: ci/linux-debian.Dockerfile
+ # Reduce number of CPUs to be able to do more builds in parallel.
+ cpu: 1
+ # Gives us more CPUs for free if they're available.
+ greedy: true
+ # More than enough for our scripts.
+ memory: 2G
 
-compute_credits_template: &CREDITS_TEMPLATE
- # https://cirrus-ci.org/pricing/#compute-credits
- # Only use credits for pull requests to the main repo
- use_compute_credits: $CIRRUS_REPO_FULL_NAME == 'BGL/BGL' && $CIRRUS_PR != ""
+task:
+ name: "x86_64: Linux (Debian stable)"
+ << : *LINUX_CONTAINER
+ matrix:
+ - env: {WIDEMUL: int64, RECOVERY: yes}
+ - env: {WIDEMUL: int64, ECDH: yes, SCHNORRSIG: yes, ELLSWIFT: yes}
+ - env: {WIDEMUL: int128}
+ - env: {WIDEMUL: int128_struct, ELLSWIFT: yes}
+ - env: {WIDEMUL: int128, RECOVERY: yes, SCHNORRSIG: yes, ELLSWIFT: yes}
+ - env: {WIDEMUL: int128, ECDH: yes, SCHNORRSIG: yes}
+ - env: {WIDEMUL: int128, ASM: x86_64 , ELLSWIFT: yes}
+ - env: { RECOVERY: yes, SCHNORRSIG: yes}
+ - env: {CTIMETESTS: no, RECOVERY: yes, ECDH: yes, SCHNORRSIG: yes, CPPFLAGS: -DVERIFY}
+ - env: {BUILD: distcheck, WITH_VALGRIND: no, CTIMETESTS: no, BENCH: no}
+ - env: {CPPFLAGS: -DDETERMINISTIC}
+ - env: {CFLAGS: -O0, CTIMETESTS: no}
+ - env: {CFLAGS: -O1, RECOVERY: yes, ECDH: yes, SCHNORRSIG: yes, ELLSWIFT: yes}
+ - env: { ECMULTGENPRECISION: 2, ECMULTWINDOW: 2 }
+ - env: { ECMULTGENPRECISION: 8, ECMULTWINDOW: 4 }
+ matrix:
+ - env:
+ CC: gcc
+ - env:
+ CC: clang
+ - env:
+ CC: gcc-snapshot
+ - env:
+ CC: clang-snapshot
+ test_script:
+ - ./ci/cirrus.sh
+ << : *CAT_LOGS
 
 task:
  name: 'lint [bookworm]'
@@ -107,7 +111,18 @@ task:
  lint_script:
  - ./ci/lint_run_all.sh
  env:
- << : *CIRRUS_EPHEMERAL_WORKER_TEMPLATE_ENV
+ HOST: i686-linux-gnu
+ ECDH: yes
+ RECOVERY: yes
+ SCHNORRSIG: yes
+ matrix:
+ - env:
+ CC: i686-linux-gnu-gcc
+ - env:
+ CC: clang --target=i686-pc-linux-gnu -isystem /usr/i686-linux-gnu/include
+ test_script:
+ - ./ci/cirrus.sh
+ << : *CAT_LOGS
 
 task:
  name: 'tidy [lunar]'
@@ -119,28 +134,26 @@ task:
  CI_IMAGE_NAME_TAG: ubuntu:lunar
  FILE_ENV: "./ci/test/00_setup_env_native_tidy.sh"
  env:
- << : *CIRRUS_EPHEMERAL_WORKER_TEMPLATE_ENV
-
-task:
- name: "Win64 native [vs2022]"
- << : *FILTER_TEMPLATE
- windows_container:
- cpu: 6
- memory: 12G
- image: cirrusci/windowsservercore:visualstudio2022
- timeout_in: 120m
+ HOMEBREW_NO_AUTO_UPDATE: 1
+ HOMEBREW_NO_INSTALL_CLEANUP: 1
+ # Cirrus gives us a fixed number of 4 virtual CPUs. Not that we even have that many jobs at the moment...
+ MAKEFLAGS: -j5
  env:
  ASM: no
  WITH_VALGRIND: no
  CTIMETESTS: no
+ CC: clang
  matrix:
- - env:
- CC: gcc
- - env:
- CC: clang
+ - env: {WIDEMUL: int64, RECOVERY: yes, ECDH: yes, SCHNORRSIG: yes, ELLSWIFT: yes}
+ - env: {WIDEMUL: int64, RECOVERY: yes, ECDH: yes, SCHNORRSIG: yes, ELLSWIFT: yes, CC: gcc}
+ - env: {WIDEMUL: int128_struct, ECMULTGENPRECISION: 2, ECMULTWINDOW: 4}
+ - env: {WIDEMUL: int128, ECDH: yes, SCHNORRSIG: yes, ELLSWIFT: yes}
+ - env: {WIDEMUL: int128, RECOVERY: yes, SCHNORRSIG: yes}
+ - env: {WIDEMUL: int128, RECOVERY: yes, ECDH: yes, SCHNORRSIG: yes, ELLSWIFT: yes, CC: gcc}
+ - env: {WIDEMUL: int128, RECOVERY: yes, ECDH: yes, SCHNORRSIG: yes, ELLSWIFT: yes, CPPFLAGS: -DVERIFY}
+ - env: {BUILD: distcheck}
  brew_script:
  - brew install automake libtool gcc
- << : *MERGE_BASE
  test_script:
  - ./ci/cirrus.sh
  << : *CAT_LOGS
@@ -164,7 +177,6 @@ task:
  SCHNORRSIG: yes
  ELLSWIFT: yes
  CTIMETESTS: no
- << : *MERGE_BASE
  test_script:
  # https://sourceware.org/bugzilla/show_bug.cgi?id=27008
  - rm /etc/ld.so.cache
@@ -192,7 +204,6 @@ task:
  matrix:
  - env: {}
  - env: {EXPERIMENTAL: yes, ASM: arm32}
- << : *MERGE_BASE
  test_script:
  - ./ci/cirrus.sh
  << : *CAT_LOGS
@@ -226,7 +237,6 @@ task:
  SCHNORRSIG: yes
  ELLSWIFT: yes
  CTIMETESTS: no
- << : *MERGE_BASE
  test_script:
  - ./ci/cirrus.sh
  << : *CAT_LOGS
@@ -250,7 +260,6 @@ task:
  SCHNORRSIG: yes
  ELLSWIFT: yes
  CTIMETESTS: no
- << : *MERGE_BASE
  test_script:
  - ./ci/cirrus.sh
  << : *CAT_LOGS
@@ -263,8 +272,22 @@ task:
  CI_IMAGE_NAME_TAG: ubuntu:jammy
  FILE_ENV: "./ci/test/00_setup_env_native_msan.sh"
  env:
- << : *CIRRUS_EPHEMERAL_WORKER_TEMPLATE_ENV
- MAKEJOBS: "-j4" # Avoid excessive memory use due to MSan
+ WRAPPER_CMD: wine
+ WITH_VALGRIND: no
+ ECDH: yes
+ RECOVERY: yes
+ SCHNORRSIG: yes
+ CTIMETESTS: no
+ matrix:
+ - name: "x86_64 (mingw32-w64): Windows (Debian stable, Wine)"
+ env:
+ HOST: x86_64-w64-mingw32
+ - name: "i686 (mingw32-w64): Windows (Debian stable, Wine)"
+ env:
+ HOST: i686-w64-mingw32
+ test_script:
+ - ./ci/cirrus.sh
+ << : *CAT_LOGS
 
 task:
  name: '[ASan + LSan + UBSan + integer, no depends, USDT] [lunar]'
@@ -315,7 +338,6 @@ task:
  CC: /opt/msvc/bin/x86/cl
  AR: /opt/msvc/bin/x86/lib
  NM: /opt/msvc/bin/x86/dumpbin -symbols -headers
- << : *MERGE_BASE
  test_script:
  - ./ci/cirrus.sh
  << : *CAT_LOGS
@@ -366,7 +388,6 @@ task:
  - env:
  HOST: i686-linux-gnu
  CC: i686-linux-gnu-gcc
- << : *MERGE_BASE
  test_script:
  - ./ci/cirrus.sh
  << : *CAT_LOGS
@@ -375,11 +396,21 @@ task:
  name: '[multiprocess, i686, DEBUG] [focal]'
  << : *GLOBAL_TASK_TEMPLATE
  container:
- cpu: 4
- memory: 16G # The default memory is too small, so double everything
- docker_arguments:
- CI_IMAGE_NAME_TAG: ubuntu:focal
- FILE_ENV: "./ci/test/00_setup_env_i686_multiprocess.sh"
+ memory: 2G
+ matrix:
+ - env:
+ CFLAGS: "-fsanitize=memory -g"
+ - env:
+ ECMULTGENPRECISION: 2
+ ECMULTWINDOW: 2
+ CFLAGS: "-fsanitize=memory -g -O3"
+ test_script:
+ - ./ci/cirrus.sh
+ << : *CAT_LOGS
+
+task:
+ name: "C++ -fpermissive (entire project)"
+ << : *LINUX_CONTAINER
  env:
  CC: g++
  CFLAGS: -fpermissive -g
@@ -389,7 +420,6 @@ task:
  RECOVERY: yes
  SCHNORRSIG: yes
  ELLSWIFT: yes
- << : *MERGE_BASE
  test_script:
  - ./ci/cirrus.sh
  << : *CAT_LOGS
@@ -439,11 +469,17 @@ task:
  # Ignore MSBuild warning MSB8029.
  # See: https://learn.microsoft.com/en-us/visualstudio/msbuild/errors/msb8029?view=vs-2022
  IgnoreWarnIntDirInTempDetected: 'true'
- merge_script:
- - PowerShell -NoLogo -Command if ($env:CIRRUS_PR -ne $null) { git fetch $env:CIRRUS_REPO_CLONE_URL pull/$env:CIRRUS_PR/merge; git reset --hard FETCH_HEAD; }
+ matrix:
+ - env:
+ BUILD_SHARED_LIBS: ON
+ - env:
+ BUILD_SHARED_LIBS: OFF
+ git_show_script:
+ # Print commit to allow reproducing the job outside of CI.
+ - git show --no-patch
  configure_script:
  - '%x64_NATIVE_TOOLS%'
- - cmake -E env CFLAGS="/WX" cmake -G "Visual Studio 17 2022" -A x64 -S . -B build -DSECP256K1_ENABLE_MODULE_RECOVERY=ON -DSECP256K1_BUILD_EXAMPLES=ON
+ - cmake -E env CFLAGS="/WX" cmake -A x64 -B build -DSECP256K1_ENABLE_MODULE_RECOVERY=ON -DSECP256K1_BUILD_EXAMPLES=ON -DBUILD_SHARED_LIBS=%BUILD_SHARED_LIBS%
  build_script:
  - '%x64_NATIVE_TOOLS%'
  - cmake --build build --config RelWithDebInfo -- -property:UseMultiToolTask=true;CL_MPcount=5

CHANGELOG.md

@@ -7,6 +7,16 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+#### Added
+ - New module `ellswift` implements ElligatorSwift encoding for public keys and x-only Diffie-Hellman key exchange for them.
+ ElligatorSwift permits representing secp256k1 public keys as 64-byte arrays which cannot be distinguished from uniformly random. See:
+ - Header file `include/secp256k1_ellswift.h` which defines the new API.
+ - Document `doc/ellswift.md` which explains the mathematical background of the scheme.
+ - The [paper](https://eprint.iacr.org/2022/759) on which the scheme is based.
+
+#### Changed
+ - When consuming libsecp256k1 as a static library on Windows, the user must now define the `SECP256K1_STATIC` macro before including `secp256k1.h`.
+
 ## [0.3.2] - 2023-05-13
 We strongly recommend updating to 0.3.2 if you use or plan to use GCC >=13 to compile libsecp256k1. When in doubt, check the GCC version using `gcc -v`.
 

Makefile.am

@@ -149,41 +149,38 @@ exhaustive_tests_LDFLAGS = -static
 TESTS += exhaustive_tests
 endif
 
-BIN_CHECKS=$(top_srcdir)/contrib/devtools/symbol-check.py \
- $(top_srcdir)/contrib/devtools/security-check.py \
- $(top_srcdir)/contrib/devtools/utils.py
-
-WINDOWS_PACKAGING = $(top_srcdir)/share/pixmaps/BGL.ico \
- $(top_srcdir)/share/pixmaps/nsis-header.bmp \
- $(top_srcdir)/share/pixmaps/nsis-wizard.bmp \
- $(top_srcdir)/doc/README_windows.txt
-
-OSX_PACKAGING = $(OSX_DEPLOY_SCRIPT) $(OSX_INSTALLER_ICONS) \
- $(top_srcdir)/contrib/macdeploy/detached-sig-create.sh
-
-COVERAGE_INFO = $(COV_TOOL_WRAPPER) baseline.info \
- test_BGL_filtered.info total_coverage.info \
- baseline_filtered.info functional_test.info functional_test_filtered.info \
- test_BGL_coverage.info test_BGL.info fuzz.info fuzz_filtered.info fuzz_coverage.info
-
-dist-hook:
- -$(GIT) archive --format=tar HEAD -- src/clientversion.cpp | $(AMTAR) -C $(top_distdir) -xf -
-
-if TARGET_WINDOWS
-$(BGL_WIN_INSTALLER): all-recursive
- $(MKDIR_P) $(top_builddir)/release
- STRIPPROG="$(STRIP)" $(INSTALL_STRIP_PROGRAM) $(BGLD_BIN) $(top_builddir)/release
- STRIPPROG="$(STRIP)" $(INSTALL_STRIP_PROGRAM) $(BGL_QT_BIN) $(top_builddir)/release
- STRIPPROG="$(STRIP)" $(INSTALL_STRIP_PROGRAM) $(BGL_TEST_BIN) $(top_builddir)/release
- STRIPPROG="$(STRIP)" $(INSTALL_STRIP_PROGRAM) $(BGL_CLI_BIN) $(top_builddir)/release
- STRIPPROG="$(STRIP)" $(INSTALL_STRIP_PROGRAM) $(BGL_TX_BIN) $(top_builddir)/release
- STRIPPROG="$(STRIP)" $(INSTALL_STRIP_PROGRAM) $(BGL_WALLET_BIN) $(top_builddir)/release
- STRIPPROG="$(STRIP)" $(INSTALL_STRIP_PROGRAM) $(BGL_UTIL_BIN) $(top_builddir)/release
- @test -f $(MAKENSIS) && echo 'OutFile "$@"' | cat $(top_builddir)/share/setup.nsi - | $(MAKENSIS) -V2 - || \
- echo error: could not build $@
- @echo built $@
-
-deploy: $(BGL_WIN_INSTALLER)
+if USE_EXAMPLES
+noinst_PROGRAMS += ecdsa_example
+ecdsa_example_SOURCES = examples/ecdsa.c
+ecdsa_example_CPPFLAGS = -I$(top_srcdir)/include -DSECP256K1_STATIC
+ecdsa_example_LDADD = libsecp256k1.la
+ecdsa_example_LDFLAGS = -static
+if BUILD_WINDOWS
+ecdsa_example_LDFLAGS += -lbcrypt
+endif
+TESTS += ecdsa_example
+if ENABLE_MODULE_ECDH
+noinst_PROGRAMS += ecdh_example
+ecdh_example_SOURCES = examples/ecdh.c
+ecdh_example_CPPFLAGS = -I$(top_srcdir)/include -DSECP256K1_STATIC
+ecdh_example_LDADD = libsecp256k1.la
+ecdh_example_LDFLAGS = -static
+if BUILD_WINDOWS
+ecdh_example_LDFLAGS += -lbcrypt
+endif
+TESTS += ecdh_example
+endif
+if ENABLE_MODULE_SCHNORRSIG
+noinst_PROGRAMS += schnorr_example
+schnorr_example_SOURCES = examples/schnorr.c
+schnorr_example_CPPFLAGS = -I$(top_srcdir)/include -DSECP256K1_STATIC
+schnorr_example_LDADD = libsecp256k1.la
+schnorr_example_LDFLAGS = -static
+if BUILD_WINDOWS
+schnorr_example_LDFLAGS += -lbcrypt
+endif
+TESTS += schnorr_example
+endif
 endif
 
 ### Precomputed tables