-
Notifications
You must be signed in to change notification settings - Fork 36.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add ChaCha20Poly1305@Bitcoin AEAD #15649
Conversation
Benchmark compared with dbl-SHA256 (Intel x86 and ARM64 both with enabled and supported SHA256 asm) EDIT: Attention, those benchmark test a decryption that fails the MAC test (that's why its faster).
|
The following sections might be updated with supplementary metadata relevant to reviewers and maintainers. ConflictsReviewers, this pull request conflicts with the following ones:
If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first. |
src/bench/chacha_poly_aead.cpp
Outdated
static void CHACHA20_POLY1305_AEAD(benchmark::State& state, size_t buffersize, bool encrypt) | ||
{ | ||
std::vector<unsigned char> in(buffersize + 3 + 16, 0); | ||
std::vector<unsigned char> out(buffersize + 3 + 16, 0); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
not sure if these magic numbers are supposed to be obvious, but some named constants might be nice for people who are new to this stuff
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks. Using the available constantes now.
|
||
// encrypt / decrypt 1000 packets | ||
for (size_t i = 0; i < 1000; ++i) { | ||
res = aead.Crypt(seqnr_payload, seqnr_aad, aad_pos, ciphertext_buf.data(), ciphertext_buf.size(), plaintext_buf.data(), plaintext_buf.size(), true); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This res
is never used. Should be checked?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks. Fixed.
return false; | ||
} | ||
|
||
unsigned char expected_tag[POLY1305_TAGLEN], poly_key[POLY1305_KEYLEN]; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Scope can be reduced?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You mean of expected_tag
? Not sure it this makes things cleaner or more optimized.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would say it makes things cleaner by virtue of narrower scope. 🤷♂
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it's fine as it is.
Why is encrypting ~3 times slower than decrypting? |
Because the decryption in the benchmark always fails the MAC check... facepalm. Currently fixing. |
0d9fcd6
to
a07f18c
Compare
Overhauled the AEAD benchmark, now it measures:
|
Feel like posting new numbers? |
|
uint32_t len = 0; | ||
while (state.KeepRunning()) { | ||
// encrypt or decrypt the buffer with a static key | ||
assert(aead.Crypt(seqnr_payload, seqnr_aad, aad_pos, out.data(), out.size(), in.data(), buffersize, true)); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could be bool ok = aead.Crypt(…); assert(ok);
to guarantee side-effect free use of assert(...);
?
if (include_decryption) { | ||
// if we decrypt, include the GetLength | ||
assert(aead.GetLength(&len, seqnr_aad, aad_pos, in.data())); | ||
assert(aead.Crypt(seqnr_payload, seqnr_aad, aad_pos, out.data(), out.size(), in.data(), buffersize, true)); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same here :-)
a07f18c
to
63851d3
Compare
rebased |
63851d3
to
70dd53d
Compare
Rebased |
70dd53d
to
61b33f7
Compare
Here are some number of the comparison against the @openssh form of the AEAD (quick implementation is here) on Intel i7 and RK [arm64]) There are moderate gains with our @bitcoin AEAD construct especially for 64byte messages (~1.4 times faster) I also added HASH (dbl sha256) with no asm (to compare apples with apples since ChaCha20 is also not NI accelerated). i7-8700 CPU @ 3.20GHz
ChaCha20Poly1305AEAD@Bitcoin
CHACHA20_POLY1305_AEAD_1MB_ENCRYPT_DECRYPT, 5, 340, 6.96947, 0.00405818, 0.00418744, 0.00407654
CHACHA20_POLY1305_AEAD_1MB_ONLY_ENCRYPT, 5, 340, 3.483, 0.00202816, 0.00208079, 0.00204615
CHACHA20_POLY1305_AEAD_256BYTES_ENCRYPT_DECRYPT, 5, 250000, 1.72781, 1.35975e-06, 1.44466e-06, 1.36874e-06
CHACHA20_POLY1305_AEAD_256BYTES_ONLY_ENCRYPT, 5, 250000, 0.883109, 6.80501e-07, 7.98644e-07, 6.83484e-07
CHACHA20_POLY1305_AEAD_64BYTES_ENCRYPT_DECRYPT, 5, 500000, 1.58456, 6.14057e-07, 6.57714e-07, 6.38866e-07
CHACHA20_POLY1305_AEAD_64BYTES_ONLY_ENCRYPT, 5, 500000, 0.791489, 3.05361e-07, 3.57775e-07, 3.062e-07
ChaCha20Poly1305AEAD@OpenSSH
CHACHA20_POLY1305_OPENSSH_AEAD_1MB_ENCRYPT_DECRYPT, 5, 340, 7.0763, 0.00410207, 0.00423358, 0.00416736
CHACHA20_POLY1305_OPENSSH_AEAD_1MB_ONLY_ENCRYPT, 5, 340, 3.50153, 0.00202787, 0.00211423, 0.00204805
CHACHA20_POLY1305_OPENSSH_AEAD_256BYTES_ENCRYPT_DECRYPT, 5, 250000, 2.10268, 1.64571e-06, 1.76881e-06, 1.66784e-06
CHACHA20_POLY1305_OPENSSH_AEAD_256BYTES_ONLY_ENCRYPT, 5, 250000, 0.990221, 7.72714e-07, 8.65131e-07, 7.74143e-07
CHACHA20_POLY1305_OPENSSH_AEAD_64BYTES_ENCRYPT_DECRYPT, 5, 500000, 2.29661, 9.06308e-07, 9.4192e-07, 9.1748e-07
CHACHA20_POLY1305_OPENSSH_AEAD_64BYTES_ONLY_ENCRYPT, 5, 500000, 1.03205, 4.03511e-07, 4.38993e-07, 4.05953e-07
(NO ASM DBL-SHA256)
HASH_1MB, 5, 340, 6.18416, 0.003603, 0.0036835, 0.00363839
HASH_256BYTES, 5, 250000, 1.84485, 1.45055e-06, 1.53387e-06, 1.46062e-06
HASH_64BYTES, 5, 500000, 1.81658, 7.14499e-07, 7.56105e-07, 7.21112e-07
|
61b33f7
to
9985e3c
Compare
a6397f1
to
8e71527
Compare
8e71527
to
4f53406
Compare
src/test/crypto_tests.cpp
Outdated
BOOST_CHECK(memcmp(ciphertext_buf.data(), expected_ciphertext_and_mac.data(), ciphertext_buf.size()) == 0); | ||
|
||
// manually construct the AAD keystream | ||
cmp_ctx.SetIV(htole64(seqnr_aad)); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
there's still IV byte swapping here (another one below)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Missed the ones in test. Will fix asap.
Is the construct RFC7539 compliant? |
Thanks for asking. It probably belongs more to the mailing list discussion (here we discuss the actual implementation). However: Initially, the plan was to use the OpenSSH version of the AEAD construct over the IETF one because encrypting the length field seems desirable in our case (would allow new message types that could pad arbitrary data to make packet inspection harder). Since the OpenSSH version is not very efficient for small messages, and, most nodes in synced state deal with around 40% of messages below 64 bytes, we decided to further optimize the AEAD construct to require less ChaCha20 operations, thus making it faster. Even faster than the current non-encrypted packet transport on most systems (hence the dbl-sha256 cpu cost). Again, this discussion doesn't belong here so please move further questions regarding the concept to the mailing list. |
|
4f53406
to
bb326ad
Compare
code review ACK bb326ad there's nothing to test yet (besides running the unit tests), as this is the first step and the code here is currently unused |
bb326ad Add ChaCha20Poly1305@Bitcoin AEAD benchmark (Jonas Schnelli) 99aea04 Add ChaCha20Poly1305@Bitcoin tests (Jonas Schnelli) af5d1b5 Add ChaCha20Poly1305@Bitcoin AEAD implementation (Jonas Schnelli) Pull request description: This adds a new AEAD (authenticated encryption with additional data) construct optimised for small messages (like used in Bitcoins p2p network). Includes: #15519, #15512 (please review those first). The construct is specified here. https://gist.github.com/jonasschnelli/c530ea8421b8d0e80c51486325587c52#ChaCha20Poly1305Bitcoin_Cipher_Suite This aims for being used in v2 peer-to-peer messages. ACKs for top commit: laanwj: code review ACK bb326ad Tree-SHA512: 15bcb86c510fce7abb7a73536ff2ae89893b24646bf108c6cf18f064d672dbbbea8b1dd0868849fdac0c6854e498f1345d01dab56d1c92031afd728302234686
bb326ad Add ChaCha20Poly1305@Bitcoin AEAD benchmark (Jonas Schnelli) 99aea04 Add ChaCha20Poly1305@Bitcoin tests (Jonas Schnelli) af5d1b5 Add ChaCha20Poly1305@Bitcoin AEAD implementation (Jonas Schnelli) Pull request description: This adds a new AEAD (authenticated encryption with additional data) construct optimised for small messages (like used in Bitcoins p2p network). Includes: bitcoin#15519, bitcoin#15512 (please review those first). The construct is specified here. https://gist.github.com/jonasschnelli/c530ea8421b8d0e80c51486325587c52#ChaCha20Poly1305Bitcoin_Cipher_Suite This aims for being used in v2 peer-to-peer messages. ACKs for top commit: laanwj: code review ACK bb326ad Tree-SHA512: 15bcb86c510fce7abb7a73536ff2ae89893b24646bf108c6cf18f064d672dbbbea8b1dd0868849fdac0c6854e498f1345d01dab56d1c92031afd728302234686
bb326ad Add ChaCha20Poly1305@Bitcoin AEAD benchmark (Jonas Schnelli) 99aea04 Add ChaCha20Poly1305@Bitcoin tests (Jonas Schnelli) af5d1b5 Add ChaCha20Poly1305@Bitcoin AEAD implementation (Jonas Schnelli) Pull request description: This adds a new AEAD (authenticated encryption with additional data) construct optimised for small messages (like used in Bitcoins p2p network). Includes: bitcoin#15519, bitcoin#15512 (please review those first). The construct is specified here. https://gist.github.com/jonasschnelli/c530ea8421b8d0e80c51486325587c52#ChaCha20Poly1305Bitcoin_Cipher_Suite This aims for being used in v2 peer-to-peer messages. ACKs for top commit: laanwj: code review ACK bb326ad Tree-SHA512: 15bcb86c510fce7abb7a73536ff2ae89893b24646bf108c6cf18f064d672dbbbea8b1dd0868849fdac0c6854e498f1345d01dab56d1c92031afd728302234686
bb326ad Add ChaCha20Poly1305@Bitcoin AEAD benchmark (Jonas Schnelli) 99aea04 Add ChaCha20Poly1305@Bitcoin tests (Jonas Schnelli) af5d1b5 Add ChaCha20Poly1305@Bitcoin AEAD implementation (Jonas Schnelli) Pull request description: This adds a new AEAD (authenticated encryption with additional data) construct optimised for small messages (like used in Bitcoins p2p network). Includes: bitcoin#15519, bitcoin#15512 (please review those first). The construct is specified here. https://gist.github.com/jonasschnelli/c530ea8421b8d0e80c51486325587c52#ChaCha20Poly1305Bitcoin_Cipher_Suite This aims for being used in v2 peer-to-peer messages. ACKs for top commit: laanwj: code review ACK bb326ad Tree-SHA512: 15bcb86c510fce7abb7a73536ff2ae89893b24646bf108c6cf18f064d672dbbbea8b1dd0868849fdac0c6854e498f1345d01dab56d1c92031afd728302234686 Add new line
bb326ad Add ChaCha20Poly1305@Bitcoin AEAD benchmark (Jonas Schnelli) 99aea04 Add ChaCha20Poly1305@Bitcoin tests (Jonas Schnelli) af5d1b5 Add ChaCha20Poly1305@Bitcoin AEAD implementation (Jonas Schnelli) Pull request description: This adds a new AEAD (authenticated encryption with additional data) construct optimised for small messages (like used in Bitcoins p2p network). Includes: bitcoin#15519, bitcoin#15512 (please review those first). The construct is specified here. https://gist.github.com/jonasschnelli/c530ea8421b8d0e80c51486325587c52#ChaCha20Poly1305Bitcoin_Cipher_Suite This aims for being used in v2 peer-to-peer messages. ACKs for top commit: laanwj: code review ACK bb326ad Tree-SHA512: 15bcb86c510fce7abb7a73536ff2ae89893b24646bf108c6cf18f064d672dbbbea8b1dd0868849fdac0c6854e498f1345d01dab56d1c92031afd728302234686 Add new line
bb326ad Add ChaCha20Poly1305@Bitcoin AEAD benchmark (Jonas Schnelli) 99aea04 Add ChaCha20Poly1305@Bitcoin tests (Jonas Schnelli) af5d1b5 Add ChaCha20Poly1305@Bitcoin AEAD implementation (Jonas Schnelli) Pull request description: This adds a new AEAD (authenticated encryption with additional data) construct optimised for small messages (like used in Bitcoins p2p network). Includes: bitcoin#15519, bitcoin#15512 (please review those first). The construct is specified here. https://gist.github.com/jonasschnelli/c530ea8421b8d0e80c51486325587c52#ChaCha20Poly1305Bitcoin_Cipher_Suite This aims for being used in v2 peer-to-peer messages. ACKs for top commit: laanwj: code review ACK bb326ad Tree-SHA512: 15bcb86c510fce7abb7a73536ff2ae89893b24646bf108c6cf18f064d672dbbbea8b1dd0868849fdac0c6854e498f1345d01dab56d1c92031afd728302234686 Add new line
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I understand this is already merged, But below are two following small doubts that occurred to me while reviewing.
// use lower 32bytes for the poly1305 key | ||
// (throws away 32 unused bytes (upper 32) from this ChaCha20 round) | ||
m_chacha_main.Seek(0); | ||
m_chacha_main.Crypt(poly_key, poly_key, sizeof(poly_key)); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
BIP324 says the following on poly1305 key.
The AEAD is constructed as follows: for each packet, generate a Poly1305 key by taking the first 256 bits of ChaCha20 stream output generated using K_2, an IV consisting of the packet sequence number encoded as an LE uint64 and a ChaCha20 block counter of zero.
Here to me, it seems the key is being derived by encrypting a vector of zeros with m_chacha_main
instead of simply taking the keystream of m_chacha_main
? Are they the same thing? if not, then should the bip draft be changed to reflect this?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
encrypting in chacha means generating a random string and XORing with the plaintext, so yes taking a stream is equal to encrypting zeros.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for clarifying.
m_chacha_main.SetKey(K_1, CHACHA20_POLY1305_AEAD_KEY_LEN); | ||
m_chacha_header.SetKey(K_2, CHACHA20_POLY1305_AEAD_KEY_LEN); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit:
From BIP draft
The instance keyed by K_1 is a stream cipher that is used only to encrypt the 3 byte packet length field and has its own sequence number. The second instance, keyed by K_2, is used in conjunction with poly1305 to build an AEAD (Authenticated Encryption with Associated Data) that is used to encrypt and authenticate the entire packet.
To keep parity with the BIP should K_1
and K_2
be interchanged (either in BIP or in code)?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good point. It's technically not wrong but confusing. Code update would probably be better.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If it's helpful, I've created #22331 to fix this.
Summary: * Add ChaCha20Poly1305@Bitcoin tests * Add ChaCha20Poly1305@Bitcoin AEAD benchmark This is a backport of Core [[bitcoin/bitcoin#15649 | PR15649]] Depends on D7493 and D7491 Test Plan: ninja all check bench-bitcoin Reviewers: #bitcoin_abc, Fabien Reviewed By: #bitcoin_abc, Fabien Differential Revision: https://reviews.bitcoinabc.org/D7494
cd37356 [crypto] Fix K1/K2 use in ChaCha20-Poly1305 AEAD (Dhruv Mehta) Pull request description: BIP324 mentions K1 is used for the associated data and K2 is used for the payload. The code does the opposite. This is not a security problem but will be a problem across implementations based on the HKDF key derivations. BIP324 author Jonas Schnelli thinks a [code update will be better](#15649 (comment)) than a BIP update. If this PR is merged: - [ ] We need to update the test vector 3 in BIP324 ACKs for top commit: jonasschnelli: utACK cd37356 Tree-SHA512: e2165117bfbf7a031060e7376912f9af1c1bfc57916383799a0fa2c040e2caaab0d6aafc3425c083a233b96c84fafec75c938e00ceb6bd7d52607d58607cb145
cd37356 [crypto] Fix K1/K2 use in ChaCha20-Poly1305 AEAD (Dhruv Mehta) Pull request description: BIP324 mentions K1 is used for the associated data and K2 is used for the payload. The code does the opposite. This is not a security problem but will be a problem across implementations based on the HKDF key derivations. BIP324 author Jonas Schnelli thinks a [code update will be better](bitcoin#15649 (comment)) than a BIP update. If this PR is merged: - [ ] We need to update the test vector 3 in BIP324 ACKs for top commit: jonasschnelli: utACK cd37356 Tree-SHA512: e2165117bfbf7a031060e7376912f9af1c1bfc57916383799a0fa2c040e2caaab0d6aafc3425c083a233b96c84fafec75c938e00ceb6bd7d52607d58607cb145
Code introduced in bitcoin#15649 added usage of `timingsafe_bcmp()`, if available, otherwise falling back to our own implementation. However the relevant build system check was never added, so currently, we'll always just use our implementation, as HAVE_TIMINGSAFE_BCMP will never be defined. Add the check for timingsafe_bcmp. Note that as far as I'm aware, it's only available on OpenBSD.
Code introduced in bitcoin#15649 added usage of `timingsafe_bcmp()`, if available, otherwise falling back to our own implementation. However the relevant build system check was never added, so currently, we'll always just use our implementation, as HAVE_TIMINGSAFE_BCMP will never be defined. Add the check for timingsafe_bcmp. Note that as far as I'm aware, it's only available on OpenBSD.
491bb14 build: test for timingsafe_bcmp (fanquake) Pull request description: Code introduced in #15649 added usage of [`timingsafe_bcmp()`](https://man.openbsd.org/timingsafe_bcmp.3), if available, otherwise falling back to our own implementation. However the relevant build system check was never added, so currently, we'll always just use our implementation, as `HAVE_TIMINGSAFE_BCMP` will never be defined. Add the check for `timingsafe_bcmp`. Note that as far as I'm aware, it's only available on OpenBSD. https://github.com/bitcoin/bitcoin/blob/c3daa321f921f4e2514ef93c48d39ae39e7f2d46/src/crypto/chacha_poly_aead.cpp#L16-L28 Guix Build (x86_64): ```bash 0a890839e3de040e084d4df6aeabd924f6c6b04e724d7d2a87ef366d5493ac94 guix-build-491bb14c0c9c/output/aarch64-linux-gnu/SHA256SUMS.part fd5e1c4531f1739d63e8d552495c24c044ce9ddd34a424d6da1317830e625527 guix-build-491bb14c0c9c/output/aarch64-linux-gnu/bitcoin-491bb14c0c9c-aarch64-linux-gnu-debug.tar.gz 551f58234ba5acf5c5125df85fccb49f8536399d2a1b7126848e4709b7edb61e guix-build-491bb14c0c9c/output/aarch64-linux-gnu/bitcoin-491bb14c0c9c-aarch64-linux-gnu.tar.gz 5a6f7630d36af7e4317f660232c52a5c8c983b1999f57e176a628d83a5eb7b4a guix-build-491bb14c0c9c/output/arm-linux-gnueabihf/SHA256SUMS.part d1eba598d69498e899663cfcba295747ac5808218157adaca79d45459aac8ecf guix-build-491bb14c0c9c/output/arm-linux-gnueabihf/bitcoin-491bb14c0c9c-arm-linux-gnueabihf-debug.tar.gz 1e2559a99b89770501308416edc6cfeec94bfea9e9cadb6b64a4df7a487350d1 guix-build-491bb14c0c9c/output/arm-linux-gnueabihf/bitcoin-491bb14c0c9c-arm-linux-gnueabihf.tar.gz bc961b8b930df8123a6cad1c55f250658ea600d4a617ec4fceec2bfc28ec779f guix-build-491bb14c0c9c/output/arm64-apple-darwin/SHA256SUMS.part f65118d324a8c1a3d80190dc0a80a2175b116a5ef5b0d977e8ffeaa7a8114851 guix-build-491bb14c0c9c/output/arm64-apple-darwin/bitcoin-491bb14c0c9c-arm64-apple-darwin-unsigned.dmg d27cd6193b1b5ecdab50d1fe2b4c3d0bfba04813506ecf63e27a6e9edb32913e guix-build-491bb14c0c9c/output/arm64-apple-darwin/bitcoin-491bb14c0c9c-arm64-apple-darwin-unsigned.tar.gz 76fc93a9c11909a826c9bd310ae4a70dc2083b96540c875d9cfb3b31bb86dd3e guix-build-491bb14c0c9c/output/arm64-apple-darwin/bitcoin-491bb14c0c9c-arm64-apple-darwin.tar.gz 43f157994432c16cfd481de2ce4894f7c241a0b87ce3797ffc492e219ed00c19 guix-build-491bb14c0c9c/output/dist-archive/bitcoin-491bb14c0c9c.tar.gz d04bc01a7b207e2d9e833ef4399d5daa789f5d7476df3915f426ea1c71578cb5 guix-build-491bb14c0c9c/output/powerpc64-linux-gnu/SHA256SUMS.part d815ab7157ca87a51c0c08907ba76f6bcec11cf9c0db77c2fd2885bf78796f97 guix-build-491bb14c0c9c/output/powerpc64-linux-gnu/bitcoin-491bb14c0c9c-powerpc64-linux-gnu-debug.tar.gz 9f912bedf53d6921cf10f48569fb74ef4f42c8571fb976b50e67a64f6754833c guix-build-491bb14c0c9c/output/powerpc64-linux-gnu/bitcoin-491bb14c0c9c-powerpc64-linux-gnu.tar.gz 0651ed89f9a7cd4a4a196a48b330aec82f6ca1df5d842e6da863a87ae69f57f4 guix-build-491bb14c0c9c/output/powerpc64le-linux-gnu/SHA256SUMS.part 4c5f1ea788580a99318dc91cb3ac51f11829163a5821a01d90459911b0ff791d guix-build-491bb14c0c9c/output/powerpc64le-linux-gnu/bitcoin-491bb14c0c9c-powerpc64le-linux-gnu-debug.tar.gz 61c91db6b7f34d43292b6e0c0a1e4bd5f6e2d532df835410daca337cf94c66af guix-build-491bb14c0c9c/output/powerpc64le-linux-gnu/bitcoin-491bb14c0c9c-powerpc64le-linux-gnu.tar.gz be4d94e812c02a3955343d7a92a26deff9ced37aada049fd328118e01a8e3c53 guix-build-491bb14c0c9c/output/riscv64-linux-gnu/SHA256SUMS.part d73589e28311c8b442bb873d233181988f79d728965ccef395b19683b78203e9 guix-build-491bb14c0c9c/output/riscv64-linux-gnu/bitcoin-491bb14c0c9c-riscv64-linux-gnu-debug.tar.gz a1b15c96fcc936928aa183e7b06552c68a2dd5d178122394c3ed2cbd3f07ab2f guix-build-491bb14c0c9c/output/riscv64-linux-gnu/bitcoin-491bb14c0c9c-riscv64-linux-gnu.tar.gz 2d608c6b79be12cdc179e5e6414ea21d06d8b2816e098fbdb4e929b8f9338fa5 guix-build-491bb14c0c9c/output/x86_64-apple-darwin/SHA256SUMS.part ce11298ab92f388bd43ff2c6cb8c07c777dab44f0f6ea93b909805552bafd20d guix-build-491bb14c0c9c/output/x86_64-apple-darwin/bitcoin-491bb14c0c9c-x86_64-apple-darwin-unsigned.dmg 5d0626fc72d473157376efe0736f4d2b5836a5394a4869368bc65bf9d264d238 guix-build-491bb14c0c9c/output/x86_64-apple-darwin/bitcoin-491bb14c0c9c-x86_64-apple-darwin-unsigned.tar.gz d9f250bb45c4663f8160b7d22c1ccde8f1abad62dc6667e01fe71d577f00e9f9 guix-build-491bb14c0c9c/output/x86_64-apple-darwin/bitcoin-491bb14c0c9c-x86_64-apple-darwin.tar.gz 72b3afe2d6124598eddbeed8d0799a8bd23536b4a3e4611162094601c75b923e guix-build-491bb14c0c9c/output/x86_64-linux-gnu/SHA256SUMS.part eef6c0928762c77a23b485b55c350660b111ffdf3446825648d7da05e5e681eb guix-build-491bb14c0c9c/output/x86_64-linux-gnu/bitcoin-491bb14c0c9c-x86_64-linux-gnu-debug.tar.gz a130d87e851f0192bf89dd5ecbe52d63231ce5dbbf584d1e4fb33a36ebb8bf7a guix-build-491bb14c0c9c/output/x86_64-linux-gnu/bitcoin-491bb14c0c9c-x86_64-linux-gnu.tar.gz 0f00372e30ea12ca9d16d70c4905b6b8492464987bb6b272ed4f9a945941d6b9 guix-build-491bb14c0c9c/output/x86_64-w64-mingw32/SHA256SUMS.part 2852dff8d38ef6eee759bf9fe717a4288db46c300f061acb3212cd1499607d8d guix-build-491bb14c0c9c/output/x86_64-w64-mingw32/bitcoin-491bb14c0c9c-win64-debug.zip ef087e9d6160e183f6ef6d64f9141b499e893d88705be5d1426ced6c49531c18 guix-build-491bb14c0c9c/output/x86_64-w64-mingw32/bitcoin-491bb14c0c9c-win64-setup-unsigned.exe 79392686b9f5781275e346badf8d7166baa0b4f2c0037ddd6df0b4bc23eaedf6 guix-build-491bb14c0c9c/output/x86_64-w64-mingw32/bitcoin-491bb14c0c9c-win64-unsigned.tar.gz da8c9f6922bdab660dfbd757ec89ce7a2493bf1d02e32172b77c1a21b09daaa9 guix-build-491bb14c0c9c/output/x86_64-w64-mingw32/bitcoin-491bb14c0c9c-win64.zip ``` Guix Build (arm64): ```bash ff7afe1f43ac18df89cf1932568b0713f6f22fd2b449a4a87f9aebf404449897 guix-build-491bb14c0c9c/output/arm-linux-gnueabihf/SHA256SUMS.part 5e727cc3273615e6f75c6e15bc004946ab7494ee169ecf830f23290cf6f5c3de guix-build-491bb14c0c9c/output/arm-linux-gnueabihf/bitcoin-491bb14c0c9c-arm-linux-gnueabihf-debug.tar.gz 4aff5487b129dc483780646994246890a5917c8956980ec52682accfe5a0d02e guix-build-491bb14c0c9c/output/arm-linux-gnueabihf/bitcoin-491bb14c0c9c-arm-linux-gnueabihf.tar.gz cabfeb29771017dfde35a1c8f08c7066255ad84a05d6d565cfcf852a5d869d16 guix-build-491bb14c0c9c/output/arm64-apple-darwin/SHA256SUMS.part 99360c7135967e1d9709830abcc8f5b6ebc7bc37c5be0eac1ddebe0ce5dbe344 guix-build-491bb14c0c9c/output/arm64-apple-darwin/bitcoin-491bb14c0c9c-arm64-apple-darwin-unsigned.dmg 9caa58d1efe18c7ad68fec2a71455ade61939f32ae2da0b0457b459204227046 guix-build-491bb14c0c9c/output/arm64-apple-darwin/bitcoin-491bb14c0c9c-arm64-apple-darwin-unsigned.tar.gz d9b0ad26346869aa6a4229aa77796535f68880fc50f8b7b7a4297f2e14d2e3ad guix-build-491bb14c0c9c/output/arm64-apple-darwin/bitcoin-491bb14c0c9c-arm64-apple-darwin.tar.gz 43f157994432c16cfd481de2ce4894f7c241a0b87ce3797ffc492e219ed00c19 guix-build-491bb14c0c9c/output/dist-archive/bitcoin-491bb14c0c9c.tar.gz e2f95f50ae973cef815731485be6b917f39eea92ef4e93fa63aa1ad6cb52a3c9 guix-build-491bb14c0c9c/output/powerpc64-linux-gnu/SHA256SUMS.part 452f3091a1e841920e958f14f1650e94b3a61cb430cb99930fb5941d8a8aad3d guix-build-491bb14c0c9c/output/powerpc64-linux-gnu/bitcoin-491bb14c0c9c-powerpc64-linux-gnu-debug.tar.gz a371cee3dae3d5cf5ca792b58a1bb492a6a6147e0b515e69869d3543edbeaea5 guix-build-491bb14c0c9c/output/powerpc64-linux-gnu/bitcoin-491bb14c0c9c-powerpc64-linux-gnu.tar.gz 89153f4b6a3bc6d47787c4d63b57e1dade8116822abb547fc1759c84e6ff6fa2 guix-build-491bb14c0c9c/output/powerpc64le-linux-gnu/SHA256SUMS.part 9f51353abe7b6154a48da5db3fce29d2dac1dbe9a6c78aade1b9e1b6b12370fa guix-build-491bb14c0c9c/output/powerpc64le-linux-gnu/bitcoin-491bb14c0c9c-powerpc64le-linux-gnu-debug.tar.gz 25b21eb2d8e3982dac5e1510b78339b7c4bddf164b986c929036369e403ddadd guix-build-491bb14c0c9c/output/powerpc64le-linux-gnu/bitcoin-491bb14c0c9c-powerpc64le-linux-gnu.tar.gz 92c4c404f7355897bca4ba7e38a908828da73617cac7b0fbd89952ce20859d83 guix-build-491bb14c0c9c/output/riscv64-linux-gnu/SHA256SUMS.part 230361b5a493b3ac17780b3d5496cc10a37d3345b96874b04092c06aab36cb0d guix-build-491bb14c0c9c/output/riscv64-linux-gnu/bitcoin-491bb14c0c9c-riscv64-linux-gnu-debug.tar.gz d8110e6d738a40ccd076cbd286557931b2a433e27c8defcc496ac56f60fe5327 guix-build-491bb14c0c9c/output/riscv64-linux-gnu/bitcoin-491bb14c0c9c-riscv64-linux-gnu.tar.gz 2d608c6b79be12cdc179e5e6414ea21d06d8b2816e098fbdb4e929b8f9338fa5 guix-build-491bb14c0c9c/output/x86_64-apple-darwin/SHA256SUMS.part ce11298ab92f388bd43ff2c6cb8c07c777dab44f0f6ea93b909805552bafd20d guix-build-491bb14c0c9c/output/x86_64-apple-darwin/bitcoin-491bb14c0c9c-x86_64-apple-darwin-unsigned.dmg 5d0626fc72d473157376efe0736f4d2b5836a5394a4869368bc65bf9d264d238 guix-build-491bb14c0c9c/output/x86_64-apple-darwin/bitcoin-491bb14c0c9c-x86_64-apple-darwin-unsigned.tar.gz d9f250bb45c4663f8160b7d22c1ccde8f1abad62dc6667e01fe71d577f00e9f9 guix-build-491bb14c0c9c/output/x86_64-apple-darwin/bitcoin-491bb14c0c9c-x86_64-apple-darwin.tar.gz de7a52a67f243b6db1086c2ab2cc3f01784d38b43b7aaf795b7713c33799ab62 guix-build-491bb14c0c9c/output/x86_64-linux-gnu/SHA256SUMS.part 88228ef3007e81ade481d0c3fa757ac3ae86bda50aeef2631335c5d54fb4194c guix-build-491bb14c0c9c/output/x86_64-linux-gnu/bitcoin-491bb14c0c9c-x86_64-linux-gnu-debug.tar.gz b1f2ddf50658f4d1bd0667cc16502f9a45d9e0eef4c1d103cd7780cebfc2766d guix-build-491bb14c0c9c/output/x86_64-linux-gnu/bitcoin-491bb14c0c9c-x86_64-linux-gnu.tar.gz f0cc08231ed964fcb4f2c5a697c52160dad8ed374f8d9537eb7f2ca9f47e7b2c guix-build-491bb14c0c9c/output/x86_64-w64-mingw32/SHA256SUMS.part d9c49c031bde4f80e63955fdeb14a7fb8f74a27d09bcf01881648917df10a836 guix-build-491bb14c0c9c/output/x86_64-w64-mingw32/bitcoin-491bb14c0c9c-win64-debug.zip ef087e9d6160e183f6ef6d64f9141b499e893d88705be5d1426ced6c49531c18 guix-build-491bb14c0c9c/output/x86_64-w64-mingw32/bitcoin-491bb14c0c9c-win64-setup-unsigned.exe 79392686b9f5781275e346badf8d7166baa0b4f2c0037ddd6df0b4bc23eaedf6 guix-build-491bb14c0c9c/output/x86_64-w64-mingw32/bitcoin-491bb14c0c9c-win64-unsigned.tar.gz 1d76ceae8c3feef573d4e60fe6c7be5f3bea4afd3994ddc16759d8b381767015 guix-build-491bb14c0c9c/output/x86_64-w64-mingw32/bitcoin-491bb14c0c9c-win64.zip ``` ACKs for top commit: laanwj: Code review ACK 491bb14 theStack: ACK 491bb14 Tree-SHA512: 50d273706e92016783f6a9d552f56b703c3c26ec2f0fafb9a0d1c1047456eee7c08e76ebc57077d2ecf95aaf5a3804c88a629a2e02a48c8be91b87ffa44cdb3e
491bb14 build: test for timingsafe_bcmp (fanquake) Pull request description: Code introduced in bitcoin#15649 added usage of [`timingsafe_bcmp()`](https://man.openbsd.org/timingsafe_bcmp.3), if available, otherwise falling back to our own implementation. However the relevant build system check was never added, so currently, we'll always just use our implementation, as `HAVE_TIMINGSAFE_BCMP` will never be defined. Add the check for `timingsafe_bcmp`. Note that as far as I'm aware, it's only available on OpenBSD. https://github.com/bitcoin/bitcoin/blob/c3daa321f921f4e2514ef93c48d39ae39e7f2d46/src/crypto/chacha_poly_aead.cpp#L16-L28 Guix Build (x86_64): ```bash 0a890839e3de040e084d4df6aeabd924f6c6b04e724d7d2a87ef366d5493ac94 guix-build-491bb14c0c9c/output/aarch64-linux-gnu/SHA256SUMS.part fd5e1c4531f1739d63e8d552495c24c044ce9ddd34a424d6da1317830e625527 guix-build-491bb14c0c9c/output/aarch64-linux-gnu/bitcoin-491bb14c0c9c-aarch64-linux-gnu-debug.tar.gz 551f58234ba5acf5c5125df85fccb49f8536399d2a1b7126848e4709b7edb61e guix-build-491bb14c0c9c/output/aarch64-linux-gnu/bitcoin-491bb14c0c9c-aarch64-linux-gnu.tar.gz 5a6f7630d36af7e4317f660232c52a5c8c983b1999f57e176a628d83a5eb7b4a guix-build-491bb14c0c9c/output/arm-linux-gnueabihf/SHA256SUMS.part d1eba598d69498e899663cfcba295747ac5808218157adaca79d45459aac8ecf guix-build-491bb14c0c9c/output/arm-linux-gnueabihf/bitcoin-491bb14c0c9c-arm-linux-gnueabihf-debug.tar.gz 1e2559a99b89770501308416edc6cfeec94bfea9e9cadb6b64a4df7a487350d1 guix-build-491bb14c0c9c/output/arm-linux-gnueabihf/bitcoin-491bb14c0c9c-arm-linux-gnueabihf.tar.gz bc961b8b930df8123a6cad1c55f250658ea600d4a617ec4fceec2bfc28ec779f guix-build-491bb14c0c9c/output/arm64-apple-darwin/SHA256SUMS.part f65118d324a8c1a3d80190dc0a80a2175b116a5ef5b0d977e8ffeaa7a8114851 guix-build-491bb14c0c9c/output/arm64-apple-darwin/bitcoin-491bb14c0c9c-arm64-apple-darwin-unsigned.dmg d27cd6193b1b5ecdab50d1fe2b4c3d0bfba04813506ecf63e27a6e9edb32913e guix-build-491bb14c0c9c/output/arm64-apple-darwin/bitcoin-491bb14c0c9c-arm64-apple-darwin-unsigned.tar.gz 76fc93a9c11909a826c9bd310ae4a70dc2083b96540c875d9cfb3b31bb86dd3e guix-build-491bb14c0c9c/output/arm64-apple-darwin/bitcoin-491bb14c0c9c-arm64-apple-darwin.tar.gz 43f157994432c16cfd481de2ce4894f7c241a0b87ce3797ffc492e219ed00c19 guix-build-491bb14c0c9c/output/dist-archive/bitcoin-491bb14c0c9c.tar.gz d04bc01a7b207e2d9e833ef4399d5daa789f5d7476df3915f426ea1c71578cb5 guix-build-491bb14c0c9c/output/powerpc64-linux-gnu/SHA256SUMS.part d815ab7157ca87a51c0c08907ba76f6bcec11cf9c0db77c2fd2885bf78796f97 guix-build-491bb14c0c9c/output/powerpc64-linux-gnu/bitcoin-491bb14c0c9c-powerpc64-linux-gnu-debug.tar.gz 9f912bedf53d6921cf10f48569fb74ef4f42c8571fb976b50e67a64f6754833c guix-build-491bb14c0c9c/output/powerpc64-linux-gnu/bitcoin-491bb14c0c9c-powerpc64-linux-gnu.tar.gz 0651ed89f9a7cd4a4a196a48b330aec82f6ca1df5d842e6da863a87ae69f57f4 guix-build-491bb14c0c9c/output/powerpc64le-linux-gnu/SHA256SUMS.part 4c5f1ea788580a99318dc91cb3ac51f11829163a5821a01d90459911b0ff791d guix-build-491bb14c0c9c/output/powerpc64le-linux-gnu/bitcoin-491bb14c0c9c-powerpc64le-linux-gnu-debug.tar.gz 61c91db6b7f34d43292b6e0c0a1e4bd5f6e2d532df835410daca337cf94c66af guix-build-491bb14c0c9c/output/powerpc64le-linux-gnu/bitcoin-491bb14c0c9c-powerpc64le-linux-gnu.tar.gz be4d94e812c02a3955343d7a92a26deff9ced37aada049fd328118e01a8e3c53 guix-build-491bb14c0c9c/output/riscv64-linux-gnu/SHA256SUMS.part d73589e28311c8b442bb873d233181988f79d728965ccef395b19683b78203e9 guix-build-491bb14c0c9c/output/riscv64-linux-gnu/bitcoin-491bb14c0c9c-riscv64-linux-gnu-debug.tar.gz a1b15c96fcc936928aa183e7b06552c68a2dd5d178122394c3ed2cbd3f07ab2f guix-build-491bb14c0c9c/output/riscv64-linux-gnu/bitcoin-491bb14c0c9c-riscv64-linux-gnu.tar.gz 2d608c6b79be12cdc179e5e6414ea21d06d8b2816e098fbdb4e929b8f9338fa5 guix-build-491bb14c0c9c/output/x86_64-apple-darwin/SHA256SUMS.part ce11298ab92f388bd43ff2c6cb8c07c777dab44f0f6ea93b909805552bafd20d guix-build-491bb14c0c9c/output/x86_64-apple-darwin/bitcoin-491bb14c0c9c-x86_64-apple-darwin-unsigned.dmg 5d0626fc72d473157376efe0736f4d2b5836a5394a4869368bc65bf9d264d238 guix-build-491bb14c0c9c/output/x86_64-apple-darwin/bitcoin-491bb14c0c9c-x86_64-apple-darwin-unsigned.tar.gz d9f250bb45c4663f8160b7d22c1ccde8f1abad62dc6667e01fe71d577f00e9f9 guix-build-491bb14c0c9c/output/x86_64-apple-darwin/bitcoin-491bb14c0c9c-x86_64-apple-darwin.tar.gz 72b3afe2d6124598eddbeed8d0799a8bd23536b4a3e4611162094601c75b923e guix-build-491bb14c0c9c/output/x86_64-linux-gnu/SHA256SUMS.part eef6c0928762c77a23b485b55c350660b111ffdf3446825648d7da05e5e681eb guix-build-491bb14c0c9c/output/x86_64-linux-gnu/bitcoin-491bb14c0c9c-x86_64-linux-gnu-debug.tar.gz a130d87e851f0192bf89dd5ecbe52d63231ce5dbbf584d1e4fb33a36ebb8bf7a guix-build-491bb14c0c9c/output/x86_64-linux-gnu/bitcoin-491bb14c0c9c-x86_64-linux-gnu.tar.gz 0f00372e30ea12ca9d16d70c4905b6b8492464987bb6b272ed4f9a945941d6b9 guix-build-491bb14c0c9c/output/x86_64-w64-mingw32/SHA256SUMS.part 2852dff8d38ef6eee759bf9fe717a4288db46c300f061acb3212cd1499607d8d guix-build-491bb14c0c9c/output/x86_64-w64-mingw32/bitcoin-491bb14c0c9c-win64-debug.zip ef087e9d6160e183f6ef6d64f9141b499e893d88705be5d1426ced6c49531c18 guix-build-491bb14c0c9c/output/x86_64-w64-mingw32/bitcoin-491bb14c0c9c-win64-setup-unsigned.exe 79392686b9f5781275e346badf8d7166baa0b4f2c0037ddd6df0b4bc23eaedf6 guix-build-491bb14c0c9c/output/x86_64-w64-mingw32/bitcoin-491bb14c0c9c-win64-unsigned.tar.gz da8c9f6922bdab660dfbd757ec89ce7a2493bf1d02e32172b77c1a21b09daaa9 guix-build-491bb14c0c9c/output/x86_64-w64-mingw32/bitcoin-491bb14c0c9c-win64.zip ``` Guix Build (arm64): ```bash ff7afe1f43ac18df89cf1932568b0713f6f22fd2b449a4a87f9aebf404449897 guix-build-491bb14c0c9c/output/arm-linux-gnueabihf/SHA256SUMS.part 5e727cc3273615e6f75c6e15bc004946ab7494ee169ecf830f23290cf6f5c3de guix-build-491bb14c0c9c/output/arm-linux-gnueabihf/bitcoin-491bb14c0c9c-arm-linux-gnueabihf-debug.tar.gz 4aff5487b129dc483780646994246890a5917c8956980ec52682accfe5a0d02e guix-build-491bb14c0c9c/output/arm-linux-gnueabihf/bitcoin-491bb14c0c9c-arm-linux-gnueabihf.tar.gz cabfeb29771017dfde35a1c8f08c7066255ad84a05d6d565cfcf852a5d869d16 guix-build-491bb14c0c9c/output/arm64-apple-darwin/SHA256SUMS.part 99360c7135967e1d9709830abcc8f5b6ebc7bc37c5be0eac1ddebe0ce5dbe344 guix-build-491bb14c0c9c/output/arm64-apple-darwin/bitcoin-491bb14c0c9c-arm64-apple-darwin-unsigned.dmg 9caa58d1efe18c7ad68fec2a71455ade61939f32ae2da0b0457b459204227046 guix-build-491bb14c0c9c/output/arm64-apple-darwin/bitcoin-491bb14c0c9c-arm64-apple-darwin-unsigned.tar.gz d9b0ad26346869aa6a4229aa77796535f68880fc50f8b7b7a4297f2e14d2e3ad guix-build-491bb14c0c9c/output/arm64-apple-darwin/bitcoin-491bb14c0c9c-arm64-apple-darwin.tar.gz 43f157994432c16cfd481de2ce4894f7c241a0b87ce3797ffc492e219ed00c19 guix-build-491bb14c0c9c/output/dist-archive/bitcoin-491bb14c0c9c.tar.gz e2f95f50ae973cef815731485be6b917f39eea92ef4e93fa63aa1ad6cb52a3c9 guix-build-491bb14c0c9c/output/powerpc64-linux-gnu/SHA256SUMS.part 452f3091a1e841920e958f14f1650e94b3a61cb430cb99930fb5941d8a8aad3d guix-build-491bb14c0c9c/output/powerpc64-linux-gnu/bitcoin-491bb14c0c9c-powerpc64-linux-gnu-debug.tar.gz a371cee3dae3d5cf5ca792b58a1bb492a6a6147e0b515e69869d3543edbeaea5 guix-build-491bb14c0c9c/output/powerpc64-linux-gnu/bitcoin-491bb14c0c9c-powerpc64-linux-gnu.tar.gz 89153f4b6a3bc6d47787c4d63b57e1dade8116822abb547fc1759c84e6ff6fa2 guix-build-491bb14c0c9c/output/powerpc64le-linux-gnu/SHA256SUMS.part 9f51353abe7b6154a48da5db3fce29d2dac1dbe9a6c78aade1b9e1b6b12370fa guix-build-491bb14c0c9c/output/powerpc64le-linux-gnu/bitcoin-491bb14c0c9c-powerpc64le-linux-gnu-debug.tar.gz 25b21eb2d8e3982dac5e1510b78339b7c4bddf164b986c929036369e403ddadd guix-build-491bb14c0c9c/output/powerpc64le-linux-gnu/bitcoin-491bb14c0c9c-powerpc64le-linux-gnu.tar.gz 92c4c404f7355897bca4ba7e38a908828da73617cac7b0fbd89952ce20859d83 guix-build-491bb14c0c9c/output/riscv64-linux-gnu/SHA256SUMS.part 230361b5a493b3ac17780b3d5496cc10a37d3345b96874b04092c06aab36cb0d guix-build-491bb14c0c9c/output/riscv64-linux-gnu/bitcoin-491bb14c0c9c-riscv64-linux-gnu-debug.tar.gz d8110e6d738a40ccd076cbd286557931b2a433e27c8defcc496ac56f60fe5327 guix-build-491bb14c0c9c/output/riscv64-linux-gnu/bitcoin-491bb14c0c9c-riscv64-linux-gnu.tar.gz 2d608c6b79be12cdc179e5e6414ea21d06d8b2816e098fbdb4e929b8f9338fa5 guix-build-491bb14c0c9c/output/x86_64-apple-darwin/SHA256SUMS.part ce11298ab92f388bd43ff2c6cb8c07c777dab44f0f6ea93b909805552bafd20d guix-build-491bb14c0c9c/output/x86_64-apple-darwin/bitcoin-491bb14c0c9c-x86_64-apple-darwin-unsigned.dmg 5d0626fc72d473157376efe0736f4d2b5836a5394a4869368bc65bf9d264d238 guix-build-491bb14c0c9c/output/x86_64-apple-darwin/bitcoin-491bb14c0c9c-x86_64-apple-darwin-unsigned.tar.gz d9f250bb45c4663f8160b7d22c1ccde8f1abad62dc6667e01fe71d577f00e9f9 guix-build-491bb14c0c9c/output/x86_64-apple-darwin/bitcoin-491bb14c0c9c-x86_64-apple-darwin.tar.gz de7a52a67f243b6db1086c2ab2cc3f01784d38b43b7aaf795b7713c33799ab62 guix-build-491bb14c0c9c/output/x86_64-linux-gnu/SHA256SUMS.part 88228ef3007e81ade481d0c3fa757ac3ae86bda50aeef2631335c5d54fb4194c guix-build-491bb14c0c9c/output/x86_64-linux-gnu/bitcoin-491bb14c0c9c-x86_64-linux-gnu-debug.tar.gz b1f2ddf50658f4d1bd0667cc16502f9a45d9e0eef4c1d103cd7780cebfc2766d guix-build-491bb14c0c9c/output/x86_64-linux-gnu/bitcoin-491bb14c0c9c-x86_64-linux-gnu.tar.gz f0cc08231ed964fcb4f2c5a697c52160dad8ed374f8d9537eb7f2ca9f47e7b2c guix-build-491bb14c0c9c/output/x86_64-w64-mingw32/SHA256SUMS.part d9c49c031bde4f80e63955fdeb14a7fb8f74a27d09bcf01881648917df10a836 guix-build-491bb14c0c9c/output/x86_64-w64-mingw32/bitcoin-491bb14c0c9c-win64-debug.zip ef087e9d6160e183f6ef6d64f9141b499e893d88705be5d1426ced6c49531c18 guix-build-491bb14c0c9c/output/x86_64-w64-mingw32/bitcoin-491bb14c0c9c-win64-setup-unsigned.exe 79392686b9f5781275e346badf8d7166baa0b4f2c0037ddd6df0b4bc23eaedf6 guix-build-491bb14c0c9c/output/x86_64-w64-mingw32/bitcoin-491bb14c0c9c-win64-unsigned.tar.gz 1d76ceae8c3feef573d4e60fe6c7be5f3bea4afd3994ddc16759d8b381767015 guix-build-491bb14c0c9c/output/x86_64-w64-mingw32/bitcoin-491bb14c0c9c-win64.zip ``` ACKs for top commit: laanwj: Code review ACK 491bb14 theStack: ACK 491bb14 Tree-SHA512: 50d273706e92016783f6a9d552f56b703c3c26ec2f0fafb9a0d1c1047456eee7c08e76ebc57077d2ecf95aaf5a3804c88a629a2e02a48c8be91b87ffa44cdb3e
This adds a new AEAD (authenticated encryption with additional data) construct optimised for small messages (like used in Bitcoins p2p network).
Includes: #15519, #15512 (please review those first).
The construct is specified here.
https://gist.github.com/jonasschnelli/c530ea8421b8d0e80c51486325587c52#ChaCha20Poly1305Bitcoin_Cipher_Suite
This aims for being used in v2 peer-to-peer messages.