Merge pull request #5506

7873633 Squashed 'src/secp256k1/' changes from bccaf86..50cc6ab (Pieter Wuille) 1a9576d Use libsecp256k1's RFC6979 implementation (Pieter Wuille)
bitcoin · Jan 26, 2015 · 6b5f529 · 6b5f529
2 parents 23ef5b7 + 602ebf5
commit 6b5f529
Show file tree

Hide file tree

Showing 28 changed files with 1,193 additions and 673 deletions.
diff --git a/src/Makefile.am b/src/Makefile.am
@@ -209,14 +209,12 @@ crypto_libbitcoin_crypto_a_SOURCES = \
   crypto/sha256.cpp \
   crypto/sha512.cpp \
   crypto/hmac_sha256.cpp \
-  crypto/rfc6979_hmac_sha256.cpp \
   crypto/hmac_sha512.cpp \
   crypto/ripemd160.cpp \
   crypto/common.h \
   crypto/sha256.h \
   crypto/sha512.h \
   crypto/hmac_sha256.h \
-  crypto/rfc6979_hmac_sha256.h \
   crypto/hmac_sha512.h \
   crypto/sha1.h \
   crypto/ripemd160.h

diff --git a/src/crypto/rfc6979_hmac_sha256.cpp b/src/crypto/rfc6979_hmac_sha256.cpp
diff --git a/src/crypto/rfc6979_hmac_sha256.h b/src/crypto/rfc6979_hmac_sha256.h
diff --git a/src/key.cpp b/src/key.cpp
@@ -6,7 +6,6 @@
 
 #include "arith_uint256.h"
 #include "crypto/hmac_sha512.h"
-#include "crypto/rfc6979_hmac_sha256.h"
 #include "eccryptoverify.h"
 #include "pubkey.h"
 #include "random.h"
@@ -74,23 +73,28 @@ CPubKey CKey::GetPubKey() const {
     return result;
 }
 
+extern "C"
+{
+static int secp256k1_nonce_function_test_case(unsigned char *nonce32, const unsigned char *msg32, const unsigned char *key32, unsigned int attempt, const void *data)
+{
+    const uint32_t *test_case = static_cast<const uint32_t*>(data);
+    uint256 nonce;
+    secp256k1_nonce_function_rfc6979(nonce.begin(), msg32, key32, attempt, NULL);
+    nonce = ArithToUint256(UintToArith256(nonce) + *test_case);
+    memcpy(nonce32, nonce.begin(), 32);
+    return 1;
+}
+}
+
 bool CKey::Sign(const uint256 &hash, std::vector<unsigned char>& vchSig, uint32_t test_case) const {
     if (!fValid)
         return false;
     vchSig.resize(72);
-    RFC6979_HMAC_SHA256 prng(begin(), 32, (unsigned char*)&hash, 32);
-    do {
-        uint256 nonce;
-        prng.Generate((unsigned char*)&nonce, 32);
-        nonce = ArithToUint256(UintToArith256(nonce) + test_case);
-        int nSigLen = 72;
-        int ret = secp256k1_ecdsa_sign((const unsigned char*)&hash, (unsigned char*)&vchSig[0], &nSigLen, begin(), (unsigned char*)&nonce);
-        nonce = uint256();
-        if (ret) {
-            vchSig.resize(nSigLen);
-            return true;
-        }
-    } while(true);
+    int nSigLen = 72;
+    int ret = secp256k1_ecdsa_sign(hash.begin(), (unsigned char*)&vchSig[0], &nSigLen, begin(), test_case == 0 ? secp256k1_nonce_function_rfc6979 : secp256k1_nonce_function_test_case, test_case == 0 ? NULL : &test_case);
+    assert(ret);
+    vchSig.resize(nSigLen);
+    return true;
 }
 
 bool CKey::VerifyPubKey(const CPubKey& pubkey) const {
@@ -101,7 +105,7 @@ bool CKey::VerifyPubKey(const CPubKey& pubkey) const {
     std::string str = "Bitcoin key verification\n";
     GetRandBytes(rnd, sizeof(rnd));
     uint256 hash;
-    CHash256().Write((unsigned char*)str.data(), str.size()).Write(rnd, sizeof(rnd)).Finalize((unsigned char*)&hash);
+    CHash256().Write((unsigned char*)str.data(), str.size()).Write(rnd, sizeof(rnd)).Finalize(hash.begin());
     std::vector<unsigned char> vchSig;
     Sign(hash, vchSig);
     return pubkey.Verify(hash, vchSig);
@@ -112,15 +116,8 @@ bool CKey::SignCompact(const uint256 &hash, std::vector<unsigned char>& vchSig)
         return false;
     vchSig.resize(65);
     int rec = -1;
-    RFC6979_HMAC_SHA256 prng(begin(), 32, (unsigned char*)&hash, 32);
-    do {
-        uint256 nonce;
-        prng.Generate((unsigned char*)&nonce, 32);
-        int ret = secp256k1_ecdsa_sign_compact((const unsigned char*)&hash, &vchSig[1], begin(), (unsigned char*)&nonce, &rec);
-        nonce = uint256();
-        if (ret)
-            break;
-    } while(true);
+    int ret = secp256k1_ecdsa_sign_compact(hash.begin(), &vchSig[1], begin(), secp256k1_nonce_function_rfc6979, NULL, &rec);
+    assert(ret);
     assert(rec != -1);
     vchSig[0] = 27 + rec + (fCompressed ? 4 : 0);
     return true;

diff --git a/src/secp256k1/.gitignore b/src/secp256k1/.gitignore
@@ -1,6 +1,7 @@
 bench_inv
 bench_sign
 bench_verify
+bench_recover
 tests
 *.exe
 *.so

diff --git a/src/secp256k1/.travis.yml b/src/secp256k1/.travis.yml
@@ -4,24 +4,22 @@ compiler:
   - gcc
 install:
   - sudo apt-get install -qq libssl-dev
-  - if [ "$BIGNUM" = "gmp" -o "$BIGNUM" = "auto" -o "$FIELD" = "gmp" ]; then sudo apt-get install --no-install-recommends --no-upgrade -qq libgmp-dev; fi
+  - if [ "$BIGNUM" = "gmp" -o "$BIGNUM" = "auto" ]; then sudo apt-get install --no-install-recommends --no-upgrade -qq libgmp-dev; fi
   - if [ -n "$EXTRAPACKAGES" ]; then sudo apt-get update && sudo apt-get install --no-install-recommends --no-upgrade $EXTRAPACKAGES; fi
 env:
   global:
-    - FIELD=auto  BIGNUM=auto  SCALAR=auto  ENDOMORPHISM=no  BUILD=check  EXTRAFLAGS= HOST= EXTRAPACKAGES=
+    - FIELD=auto  BIGNUM=auto  SCALAR=auto  ENDOMORPHISM=no  ASM=no  BUILD=check  EXTRAFLAGS= HOST= EXTRAPACKAGES=
   matrix:
     - SCALAR=32bit
     - SCALAR=64bit
-    - FIELD=gmp
-    - FIELD=gmp       ENDOMORPHISM=yes
-    - FIELD=64bit_asm
-    - FIELD=64bit_asm ENDOMORPHISM=yes
     - FIELD=64bit
     - FIELD=64bit     ENDOMORPHISM=yes
+    - FIELD=64bit                       ASM=x86_64
+    - FIELD=64bit     ENDOMORPHISM=yes  ASM=x86_64
     - FIELD=32bit
     - FIELD=32bit     ENDOMORPHISM=yes
-    - BIGNUM=none
-    - BIGNUM=none     ENDOMORPHISM=yes
+    - BIGNUM=no
+    - BIGNUM=no       ENDOMORPHISM=yes
     - BUILD=distcheck
     - EXTRAFLAGS=CFLAGS=-DDETERMINISTIC
     - HOST=i686-linux-gnu EXTRAPACKAGES="gcc-multilib"

diff --git a/src/secp256k1/Makefile.am b/src/secp256k1/Makefile.am
@@ -33,8 +33,8 @@ noinst_HEADERS += src/java/org_bitcoin_NativeSecp256k1.h
 noinst_HEADERS += src/util.h
 noinst_HEADERS += src/testrand.h
 noinst_HEADERS += src/testrand_impl.h
-noinst_HEADERS += src/field_gmp.h
-noinst_HEADERS += src/field_gmp_impl.h
+noinst_HEADERS += src/hash.h
+noinst_HEADERS += src/hash_impl.h
 noinst_HEADERS += src/field.h
 noinst_HEADERS += src/field_impl.h
 noinst_HEADERS += src/bench.h

diff --git a/src/secp256k1/build-aux/m4/bitcoin_secp.m4 b/src/secp256k1/build-aux/m4/bitcoin_secp.m4
@@ -1,12 +1,6 @@
 dnl libsecp25k1 helper checks
 AC_DEFUN([SECP_INT128_CHECK],[
 has_int128=$ac_cv_type___int128
-if test x"$has_int128" != x"yes" && test x"$set_field" = x"64bit"; then
-  AC_MSG_ERROR([$set_field field support explicitly requested but is not compatible with this host])
-fi
-if test x"$has_int128" != x"yes" && test x"$set_scalar" = x"64bit"; then
-  AC_MSG_ERROR([$set_scalar scalar support explicitly requested but is not compatible with this host])
-fi
 ])
 
 dnl 
@@ -18,11 +12,6 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
   __asm__ __volatile__("movq $0x100000000,%1; mulq %%rsi" : "+a"(a) : "S"(tmp) : "cc", "%rdx");
   ]])],[has_64bit_asm=yes],[has_64bit_asm=no])
 AC_MSG_RESULT([$has_64bit_asm])
-if test x"$set_field" == x"64bit_asm"; then
-  if test x"$has_64bit_asm" == x"no"; then
-    AC_MSG_ERROR([$set_field field support explicitly requested but no x86_64 assembly available])
-  fi
-fi
 ])
 
 dnl
@@ -43,7 +32,7 @@ else
 )])
   LIBS=
 fi
-if test x"$has_libcrypto" == x"yes" && test x"$has_openssl_ec" = x; then
+if test x"$has_libcrypto" = x"yes" && test x"$has_openssl_ec" = x; then
   AC_MSG_CHECKING(for EC functions in libcrypto)
   AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
     #include <openssl/ec.h>
@@ -69,11 +58,4 @@ if test x"$has_gmp" != x"yes"; then
   CPPFLAGS="$CPPFLAGS_TEMP"
   LIBS="$LIBS_TEMP"
 fi
-if test x"$set_field" = x"gmp" && test x"$has_gmp" != x"yes"; then
-    AC_MSG_ERROR([$set_field field support explicitly requested but libgmp was not found])
-fi
-if test x"$set_bignum" = x"gmp" && test x"$has_gmp" != x"yes"; then
-    AC_MSG_ERROR([$set_bignum field support explicitly requested but libgmp was not found])
-fi
 ])
-