Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add ChaCha20Poly1305@Bitcoin AEAD #15649

Merged
merged 3 commits into from
Jul 11, 2019

Conversation

jonasschnelli
Copy link
Contributor

This adds a new AEAD (authenticated encryption with additional data) construct optimised for small messages (like used in Bitcoins p2p network).

Includes: #15519, #15512 (please review those first).

The construct is specified here.
https://gist.github.com/jonasschnelli/c530ea8421b8d0e80c51486325587c52#ChaCha20Poly1305Bitcoin_Cipher_Suite

This aims for being used in v2 peer-to-peer messages.

@jonasschnelli
Copy link
Contributor Author

jonasschnelli commented Mar 22, 2019

Benchmark compared with dbl-SHA256 (Intel x86 and ARM64 both with enabled and supported SHA256 asm)

EDIT: Attention, those benchmark test a decryption that fails the MAC test (that's why its faster).

i7-8700 CPU @ 3.20GHz
# Benchmark, evals, iterations, total, min, max, median
CHACHA20_POLY1305_AEAD_1MB_DECRYPT, 5, 340, 0.974806, 0.000571213, 0.000575483, 0.000573147
CHACHA20_POLY1305_AEAD_1MB_ENCRYPT, 5, 340, 3.45589, 0.00200816, 0.00206032, 0.00203075
CHACHA20_POLY1305_AEAD_256BYTES_DECRYPT, 5, 250000, 0.353133, 2.7904e-07, 2.87463e-07, 2.81879e-07
CHACHA20_POLY1305_AEAD_256BYTES_ENCRYPT, 5, 250000, 0.844029, 6.69314e-07, 6.84823e-07, 6.73278e-07
CHACHA20_POLY1305_AEAD_64BYTES_DECRYPT, 5, 500000, 0.445114, 1.74585e-07, 1.79382e-07, 1.79109e-07
CHACHA20_POLY1305_AEAD_64BYTES_ENCRYPT, 5, 500000, 0.756779, 3.02316e-07, 3.03721e-07, 3.02433e-07
HASH_1MB, 5, 340, 4.05031, 0.00234962, 0.00239718, 0.00238811
HASH_256BYTES, 5, 250000, 1.13878, 9.01793e-07, 9.20163e-07, 9.1145e-07
HASH_64BYTES, 5, 500000, 1.19347, 4.71828e-07, 4.8229e-07, 4.76693e-07
RK3399 64-bit Hexa Core A72/A53 CPU (aarch64)
CPU Features	: fp asimd evtstrm aes pmull sha1 sha2 crc32
CHACHA20_POLY1305_AEAD_1MB_DECRYPT, 5, 340, 4.77829, 0.00277495, 0.00295277, 0.00277533
CHACHA20_POLY1305_AEAD_1MB_ENCRYPT, 5, 340, 12.8776, 0.00757471, 0.00757529, 0.00757509
CHACHA20_POLY1305_AEAD_256BYTES_DECRYPT, 5, 250000, 1.45431, 1.159e-06, 1.16777e-06, 1.16348e-06
CHACHA20_POLY1305_AEAD_256BYTES_ENCRYPT, 5, 250000, 3.15133, 2.51743e-06, 2.5251e-06, 2.52047e-06
CHACHA20_POLY1305_AEAD_64BYTES_DECRYPT, 5, 500000, 1.64303, 6.5714e-07, 6.57362e-07, 6.57166e-07
CHACHA20_POLY1305_AEAD_64BYTES_ENCRYPT, 5, 500000, 2.84952, 1.13826e-06, 1.14302e-06, 1.13909e-06
HASH_1MB, 5, 340, 11.9929, 0.00705427, 0.00705483, 0.00705473
HASH_256BYTES, 5, 250000, 3.44999, 2.75893e-06, 2.76146e-06, 2.75963e-06
HASH_64BYTES, 5, 500000, 3.68293, 1.47287e-06, 1.47352e-06, 1.4732e-06

@DrahtBot
Copy link
Contributor

DrahtBot commented Mar 22, 2019

The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

Conflicts

Reviewers, this pull request conflicts with the following ones:

  • #14032 (Add p2p layer encryption with ECDH/ChaCha20Poly1305 by jonasschnelli)

If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

static void CHACHA20_POLY1305_AEAD(benchmark::State& state, size_t buffersize, bool encrypt)
{
std::vector<unsigned char> in(buffersize + 3 + 16, 0);
std::vector<unsigned char> out(buffersize + 3 + 16, 0);
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

not sure if these magic numbers are supposed to be obvious, but some named constants might be nice for people who are new to this stuff

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks. Using the available constantes now.

src/test/crypto_tests.cpp Outdated Show resolved Hide resolved

// encrypt / decrypt 1000 packets
for (size_t i = 0; i < 1000; ++i) {
res = aead.Crypt(seqnr_payload, seqnr_aad, aad_pos, ciphertext_buf.data(), ciphertext_buf.size(), plaintext_buf.data(), plaintext_buf.size(), true);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This res is never used. Should be checked?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks. Fixed.

return false;
}

unsigned char expected_tag[POLY1305_TAGLEN], poly_key[POLY1305_KEYLEN];
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Scope can be reduced?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You mean of expected_tag? Not sure it this makes things cleaner or more optimized.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would say it makes things cleaner by virtue of narrower scope. 🤷‍♂

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it's fine as it is.

@sipa
Copy link
Member

sipa commented Mar 26, 2019

Why is encrypting ~3 times slower than decrypting?

@jonasschnelli
Copy link
Contributor Author

Why is encrypting ~3 times slower than decrypting?

Because the decryption in the benchmark always fails the MAC check... facepalm. Currently fixing.

@jonasschnelli jonasschnelli force-pushed the 2019/03/chachapoly1305 branch 2 times, most recently from 0d9fcd6 to a07f18c Compare March 26, 2019 21:17
@jonasschnelli
Copy link
Contributor Author

Overhauled the AEAD benchmark, now it measures:

  • only encryption of 64, 256 and 1MB
  • encryption and decryption (also including the previous-to-decryption GetLength() call)

@sipa
Copy link
Member

sipa commented Mar 26, 2019

Feel like posting new numbers?

@jonasschnelli
Copy link
Contributor Author

i7-8700 CPU @ 3.20GHz
# Benchmark, evals, iterations, total, min, max, median
CHACHA20_POLY1305_AEAD_1MB_ENCRYPT_DECRYPT, 5, 340, 6.89749, 0.00401996, 0.004089, 0.00405691
CHACHA20_POLY1305_AEAD_1MB_ONLY_ENCRYPT, 5, 340, 3.42802, 0.00199702, 0.00206066, 0.00200356
CHACHA20_POLY1305_AEAD_256BYTES_ENCRYPT_DECRYPT, 5, 250000, 1.73244, 1.38097e-06, 1.39262e-06, 1.38631e-06
CHACHA20_POLY1305_AEAD_256BYTES_ONLY_ENCRYPT, 5, 250000, 0.866814, 6.89058e-07, 6.98332e-07, 6.92555e-07
CHACHA20_POLY1305_AEAD_64BYTES_ENCRYPT_DECRYPT, 5, 500000, 1.61924, 6.33995e-07, 6.61294e-07, 6.45421e-07
CHACHA20_POLY1305_AEAD_64BYTES_ONLY_ENCRYPT, 5, 500000, 0.794098, 3.15846e-07, 3.22632e-07, 3.16612e-07
HASH_1MB, 5, 340, 4.02255, 0.00233675, 0.00239431, 0.00236953
HASH_256BYTES, 5, 250000, 1.14968, 9.16826e-07, 9.2569e-07, 9.17793e-07
HASH_64BYTES, 5, 500000, 1.20545, 4.78177e-07, 4.87008e-07, 4.80163e-07
RK3399 64-bit Hexa Core A72/A53 CPU (aarch64)
CPU Features	: fp asimd evtstrm aes pmull sha1 sha2 crc32
CHACHA20_POLY1305_AEAD_1MB_ENCRYPT_DECRYPT, 5, 340, 25.8159, 0.0151542, 0.015309, 0.0151552
CHACHA20_POLY1305_AEAD_1MB_ONLY_ENCRYPT, 5, 340, 12.8818, 0.00757678, 0.00757883, 0.00757744
CHACHA20_POLY1305_AEAD_256BYTES_ENCRYPT_DECRYPT, 5, 250000, 6.28925, 5.02614e-06, 5.0389e-06, 5.0307e-06
CHACHA20_POLY1305_AEAD_256BYTES_ONLY_ENCRYPT, 5, 250000, 3.1574, 2.5177e-06, 2.53455e-06, 2.52181e-06
CHACHA20_POLY1305_AEAD_64BYTES_ENCRYPT_DECRYPT, 5, 500000, 5.67636, 2.26775e-06, 2.27397e-06, 2.26921e-06
CHACHA20_POLY1305_AEAD_64BYTES_ONLY_ENCRYPT, 5, 500000, 2.85557, 1.13888e-06, 1.14831e-06, 1.14157e-06
HASH_1MB, 5, 340, 11.9764, 0.00704443, 0.0070454, 0.00704505
HASH_256BYTES, 5, 250000, 3.43234, 2.74542e-06, 2.74639e-06, 2.74585e-06
HASH_64BYTES, 5, 500000, 3.6589, 1.4629e-06, 1.46428e-06, 1.46323e-06

uint32_t len = 0;
while (state.KeepRunning()) {
// encrypt or decrypt the buffer with a static key
assert(aead.Crypt(seqnr_payload, seqnr_aad, aad_pos, out.data(), out.size(), in.data(), buffersize, true));
Copy link
Contributor

@practicalswift practicalswift Mar 27, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could be bool ok = aead.Crypt(…); assert(ok); to guarantee side-effect free use of assert(...);?

if (include_decryption) {
// if we decrypt, include the GetLength
assert(aead.GetLength(&len, seqnr_aad, aad_pos, in.data()));
assert(aead.Crypt(seqnr_payload, seqnr_aad, aad_pos, out.data(), out.size(), in.data(), buffersize, true));
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same here :-)

@jonasschnelli
Copy link
Contributor Author

rebased

@jonasschnelli
Copy link
Contributor Author

Rebased

@jonasschnelli
Copy link
Contributor Author

Here are some number of the comparison against the @openssh form of the AEAD (quick implementation is here) on Intel i7 and RK [arm64])

There are moderate gains with our @bitcoin AEAD construct especially for 64byte messages (~1.4 times faster)

I also added HASH (dbl sha256) with no asm (to compare apples with apples since ChaCha20 is also not NI accelerated).

i7-8700 CPU @ 3.20GHz

ChaCha20Poly1305AEAD@Bitcoin
CHACHA20_POLY1305_AEAD_1MB_ENCRYPT_DECRYPT, 5, 340, 6.96947, 0.00405818, 0.00418744, 0.00407654
CHACHA20_POLY1305_AEAD_1MB_ONLY_ENCRYPT, 5, 340, 3.483, 0.00202816, 0.00208079, 0.00204615
CHACHA20_POLY1305_AEAD_256BYTES_ENCRYPT_DECRYPT, 5, 250000, 1.72781, 1.35975e-06, 1.44466e-06, 1.36874e-06
CHACHA20_POLY1305_AEAD_256BYTES_ONLY_ENCRYPT, 5, 250000, 0.883109, 6.80501e-07, 7.98644e-07, 6.83484e-07
CHACHA20_POLY1305_AEAD_64BYTES_ENCRYPT_DECRYPT, 5, 500000, 1.58456, 6.14057e-07, 6.57714e-07, 6.38866e-07
CHACHA20_POLY1305_AEAD_64BYTES_ONLY_ENCRYPT, 5, 500000, 0.791489, 3.05361e-07, 3.57775e-07, 3.062e-07

ChaCha20Poly1305AEAD@OpenSSH
CHACHA20_POLY1305_OPENSSH_AEAD_1MB_ENCRYPT_DECRYPT, 5, 340, 7.0763, 0.00410207, 0.00423358, 0.00416736
CHACHA20_POLY1305_OPENSSH_AEAD_1MB_ONLY_ENCRYPT, 5, 340, 3.50153, 0.00202787, 0.00211423, 0.00204805
CHACHA20_POLY1305_OPENSSH_AEAD_256BYTES_ENCRYPT_DECRYPT, 5, 250000, 2.10268, 1.64571e-06, 1.76881e-06, 1.66784e-06
CHACHA20_POLY1305_OPENSSH_AEAD_256BYTES_ONLY_ENCRYPT, 5, 250000, 0.990221, 7.72714e-07, 8.65131e-07, 7.74143e-07
CHACHA20_POLY1305_OPENSSH_AEAD_64BYTES_ENCRYPT_DECRYPT, 5, 500000, 2.29661, 9.06308e-07, 9.4192e-07, 9.1748e-07
CHACHA20_POLY1305_OPENSSH_AEAD_64BYTES_ONLY_ENCRYPT, 5, 500000, 1.03205, 4.03511e-07, 4.38993e-07, 4.05953e-07

(NO ASM DBL-SHA256)
HASH_1MB, 5, 340, 6.18416, 0.003603, 0.0036835, 0.00363839
HASH_256BYTES, 5, 250000, 1.84485, 1.45055e-06, 1.53387e-06, 1.46062e-06
HASH_64BYTES, 5, 500000, 1.81658, 7.14499e-07, 7.56105e-07, 7.21112e-07
RK3399 64-bit Hexa Core A72/A53 CPU (aarch64)
CHACHA20_POLY1305_AEAD_1MB_ENCRYPT_DECRYPT, 5, 340, 25.8472, 0.015143, 0.0153498, 0.0151757
CHACHA20_POLY1305_AEAD_1MB_ONLY_ENCRYPT, 5, 340, 12.8757, 0.00756406, 0.00758074, 0.00757862
CHACHA20_POLY1305_AEAD_256BYTES_ENCRYPT_DECRYPT, 5, 250000, 6.44229, 5.15237e-06, 5.1555e-06, 5.15375e-06
CHACHA20_POLY1305_AEAD_256BYTES_ONLY_ENCRYPT, 5, 250000, 3.22662, 2.57975e-06, 2.58201e-06, 2.5817e-06
CHACHA20_POLY1305_AEAD_64BYTES_ENCRYPT_DECRYPT, 5, 500000, 5.96034, 2.37337e-06, 2.38984e-06, 2.38668e-06
CHACHA20_POLY1305_AEAD_64BYTES_ONLY_ENCRYPT, 5, 500000, 2.97761, 1.18648e-06, 1.19878e-06, 1.18715e-06

CHACHA20_POLY1305_OPENSSH_AEAD_1MB_ENCRYPT_DECRYPT, 5, 340, 25.7817, 0.0151531, 0.0151865, 0.0151633
CHACHA20_POLY1305_OPENSSH_AEAD_1MB_ONLY_ENCRYPT, 5, 340, 12.8959, 0.00757261, 0.00759154, 0.00758821
CHACHA20_POLY1305_OPENSSH_AEAD_256BYTES_ENCRYPT_DECRYPT, 5, 250000, 7.6112, 6.08182e-06, 6.10197e-06, 6.08393e-06
CHACHA20_POLY1305_OPENSSH_AEAD_256BYTES_ONLY_ENCRYPT, 5, 250000, 3.59548, 2.87162e-06, 2.87949e-06, 2.87783e-06
CHACHA20_POLY1305_OPENSSH_AEAD_64BYTES_ENCRYPT_DECRYPT, 5, 500000, 8.39425, 3.3108e-06, 3.53569e-06, 3.31353e-06
CHACHA20_POLY1305_OPENSSH_AEAD_64BYTES_ONLY_ENCRYPT, 5, 500000, 3.73337, 1.48799e-06, 1.49965e-06, 1.49489e-06

src/test/crypto_tests.cpp Outdated Show resolved Hide resolved
BOOST_CHECK(memcmp(ciphertext_buf.data(), expected_ciphertext_and_mac.data(), ciphertext_buf.size()) == 0);

// manually construct the AAD keystream
cmp_ctx.SetIV(htole64(seqnr_aad));
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

there's still IV byte swapping here (another one below)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Missed the ones in test. Will fix asap.

@prusnak
Copy link
Contributor

prusnak commented Jul 2, 2019

Is the construct RFC7539 compliant?

@jonasschnelli
Copy link
Contributor Author

@prusnak

Thanks for asking. It probably belongs more to the mailing list discussion (here we discuss the actual implementation). However:

Initially, the plan was to use the OpenSSH version of the AEAD construct over the IETF one because encrypting the length field seems desirable in our case (would allow new message types that could pad arbitrary data to make packet inspection harder).

Since the OpenSSH version is not very efficient for small messages, and, most nodes in synced state deal with around 40% of messages below 64 bytes, we decided to further optimize the AEAD construct to require less ChaCha20 operations, thus making it faster. Even faster than the current non-encrypted packet transport on most systems (hence the dbl-sha256 cpu cost).

Again, this discussion doesn't belong here so please move further questions regarding the concept to the mailing list.
The details are described in the BIP: https://gist.github.com/jonasschnelli/c530ea8421b8d0e80c51486325587c52

@jonasschnelli
Copy link
Contributor Author

  • Removed the invalid byte swapping in crypto_tests
  • Followed @practicalswift recommondation to not directly check and execute in assert() in the chacha_poly_aead bench

@laanwj
Copy link
Member

laanwj commented Jul 11, 2019

code review ACK bb326ad

there's nothing to test yet (besides running the unit tests), as this is the first step and the code here is currently unused

@laanwj laanwj merged commit bb326ad into bitcoin:master Jul 11, 2019
laanwj added a commit that referenced this pull request Jul 11, 2019
bb326ad Add ChaCha20Poly1305@Bitcoin AEAD benchmark (Jonas Schnelli)
99aea04 Add ChaCha20Poly1305@Bitcoin tests (Jonas Schnelli)
af5d1b5 Add ChaCha20Poly1305@Bitcoin AEAD implementation (Jonas Schnelli)

Pull request description:

  This adds a new AEAD (authenticated encryption with additional data) construct optimised for small messages (like used in Bitcoins p2p network).

  Includes: #15519, #15512 (please review those first).

  The construct is specified here.
  https://gist.github.com/jonasschnelli/c530ea8421b8d0e80c51486325587c52#ChaCha20Poly1305Bitcoin_Cipher_Suite

  This aims for being used in v2 peer-to-peer messages.

ACKs for top commit:
  laanwj:
    code review ACK bb326ad

Tree-SHA512: 15bcb86c510fce7abb7a73536ff2ae89893b24646bf108c6cf18f064d672dbbbea8b1dd0868849fdac0c6854e498f1345d01dab56d1c92031afd728302234686
sidhujag pushed a commit to syscoin/syscoin that referenced this pull request Jul 11, 2019
bb326ad Add ChaCha20Poly1305@Bitcoin AEAD benchmark (Jonas Schnelli)
99aea04 Add ChaCha20Poly1305@Bitcoin tests (Jonas Schnelli)
af5d1b5 Add ChaCha20Poly1305@Bitcoin AEAD implementation (Jonas Schnelli)

Pull request description:

  This adds a new AEAD (authenticated encryption with additional data) construct optimised for small messages (like used in Bitcoins p2p network).

  Includes: bitcoin#15519, bitcoin#15512 (please review those first).

  The construct is specified here.
  https://gist.github.com/jonasschnelli/c530ea8421b8d0e80c51486325587c52#ChaCha20Poly1305Bitcoin_Cipher_Suite

  This aims for being used in v2 peer-to-peer messages.

ACKs for top commit:
  laanwj:
    code review ACK bb326ad

Tree-SHA512: 15bcb86c510fce7abb7a73536ff2ae89893b24646bf108c6cf18f064d672dbbbea8b1dd0868849fdac0c6854e498f1345d01dab56d1c92031afd728302234686
PastaPastaPasta pushed a commit to PastaPastaPasta/dash that referenced this pull request Jul 18, 2019
bb326ad Add ChaCha20Poly1305@Bitcoin AEAD benchmark (Jonas Schnelli)
99aea04 Add ChaCha20Poly1305@Bitcoin tests (Jonas Schnelli)
af5d1b5 Add ChaCha20Poly1305@Bitcoin AEAD implementation (Jonas Schnelli)

Pull request description:

  This adds a new AEAD (authenticated encryption with additional data) construct optimised for small messages (like used in Bitcoins p2p network).

  Includes: bitcoin#15519, bitcoin#15512 (please review those first).

  The construct is specified here.
  https://gist.github.com/jonasschnelli/c530ea8421b8d0e80c51486325587c52#ChaCha20Poly1305Bitcoin_Cipher_Suite

  This aims for being used in v2 peer-to-peer messages.

ACKs for top commit:
  laanwj:
    code review ACK bb326ad

Tree-SHA512: 15bcb86c510fce7abb7a73536ff2ae89893b24646bf108c6cf18f064d672dbbbea8b1dd0868849fdac0c6854e498f1345d01dab56d1c92031afd728302234686
PastaPastaPasta pushed a commit to PastaPastaPasta/dash that referenced this pull request Jul 23, 2019
bb326ad Add ChaCha20Poly1305@Bitcoin AEAD benchmark (Jonas Schnelli)
99aea04 Add ChaCha20Poly1305@Bitcoin tests (Jonas Schnelli)
af5d1b5 Add ChaCha20Poly1305@Bitcoin AEAD implementation (Jonas Schnelli)

Pull request description:

  This adds a new AEAD (authenticated encryption with additional data) construct optimised for small messages (like used in Bitcoins p2p network).

  Includes: bitcoin#15519, bitcoin#15512 (please review those first).

  The construct is specified here.
  https://gist.github.com/jonasschnelli/c530ea8421b8d0e80c51486325587c52#ChaCha20Poly1305Bitcoin_Cipher_Suite

  This aims for being used in v2 peer-to-peer messages.

ACKs for top commit:
  laanwj:
    code review ACK bb326ad

Tree-SHA512: 15bcb86c510fce7abb7a73536ff2ae89893b24646bf108c6cf18f064d672dbbbea8b1dd0868849fdac0c6854e498f1345d01dab56d1c92031afd728302234686

Add new line
PastaPastaPasta pushed a commit to PastaPastaPasta/dash that referenced this pull request Aug 6, 2019
bb326ad Add ChaCha20Poly1305@Bitcoin AEAD benchmark (Jonas Schnelli)
99aea04 Add ChaCha20Poly1305@Bitcoin tests (Jonas Schnelli)
af5d1b5 Add ChaCha20Poly1305@Bitcoin AEAD implementation (Jonas Schnelli)

Pull request description:

  This adds a new AEAD (authenticated encryption with additional data) construct optimised for small messages (like used in Bitcoins p2p network).

  Includes: bitcoin#15519, bitcoin#15512 (please review those first).

  The construct is specified here.
  https://gist.github.com/jonasschnelli/c530ea8421b8d0e80c51486325587c52#ChaCha20Poly1305Bitcoin_Cipher_Suite

  This aims for being used in v2 peer-to-peer messages.

ACKs for top commit:
  laanwj:
    code review ACK bb326ad

Tree-SHA512: 15bcb86c510fce7abb7a73536ff2ae89893b24646bf108c6cf18f064d672dbbbea8b1dd0868849fdac0c6854e498f1345d01dab56d1c92031afd728302234686

Add new line
barrystyle pushed a commit to PACGlobalOfficial/PAC that referenced this pull request Jan 22, 2020
bb326ad Add ChaCha20Poly1305@Bitcoin AEAD benchmark (Jonas Schnelli)
99aea04 Add ChaCha20Poly1305@Bitcoin tests (Jonas Schnelli)
af5d1b5 Add ChaCha20Poly1305@Bitcoin AEAD implementation (Jonas Schnelli)

Pull request description:

  This adds a new AEAD (authenticated encryption with additional data) construct optimised for small messages (like used in Bitcoins p2p network).

  Includes: bitcoin#15519, bitcoin#15512 (please review those first).

  The construct is specified here.
  https://gist.github.com/jonasschnelli/c530ea8421b8d0e80c51486325587c52#ChaCha20Poly1305Bitcoin_Cipher_Suite

  This aims for being used in v2 peer-to-peer messages.

ACKs for top commit:
  laanwj:
    code review ACK bb326ad

Tree-SHA512: 15bcb86c510fce7abb7a73536ff2ae89893b24646bf108c6cf18f064d672dbbbea8b1dd0868849fdac0c6854e498f1345d01dab56d1c92031afd728302234686

Add new line
Copy link
Contributor

@rajarshimaitra rajarshimaitra left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I understand this is already merged, But below are two following small doubts that occurred to me while reviewing.

// use lower 32bytes for the poly1305 key
// (throws away 32 unused bytes (upper 32) from this ChaCha20 round)
m_chacha_main.Seek(0);
m_chacha_main.Crypt(poly_key, poly_key, sizeof(poly_key));
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

BIP324 says the following on poly1305 key.

The AEAD is constructed as follows: for each packet, generate a Poly1305 key by taking the first 256 bits of ChaCha20 stream output generated using K_2, an IV consisting of the packet sequence number encoded as an LE uint64 and a ChaCha20 block counter of zero.

Here to me, it seems the key is being derived by encrypting a vector of zeros with m_chacha_main instead of simply taking the keystream of m_chacha_main? Are they the same thing? if not, then should the bip draft be changed to reflect this?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

encrypting in chacha means generating a random string and XORing with the plaintext, so yes taking a stream is equal to encrypting zeros.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for clarifying.

Comment on lines +35 to +36
m_chacha_main.SetKey(K_1, CHACHA20_POLY1305_AEAD_KEY_LEN);
m_chacha_header.SetKey(K_2, CHACHA20_POLY1305_AEAD_KEY_LEN);
Copy link
Contributor

@rajarshimaitra rajarshimaitra Jun 16, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit:
From BIP draft

The instance keyed by K_1 is a stream cipher that is used only to encrypt the 3 byte packet length field and has its own sequence number. The second instance, keyed by K_2, is used in conjunction with poly1305 to build an AEAD (Authenticated Encryption with Associated Data) that is used to encrypt and authenticate the entire packet.

To keep parity with the BIP should K_1 and K_2 be interchanged (either in BIP or in code)?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good point. It's technically not wrong but confusing. Code update would probably be better.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If it's helpful, I've created #22331 to fix this.

jasonbcox pushed a commit to Bitcoin-ABC/bitcoin-abc that referenced this pull request Sep 21, 2020
Summary:
 * Add ChaCha20Poly1305@Bitcoin tests

 * Add ChaCha20Poly1305@Bitcoin AEAD benchmark

This is a backport of Core [[bitcoin/bitcoin#15649 | PR15649]]

Depends on D7493 and D7491

Test Plan:
  ninja all check bench-bitcoin

Reviewers: #bitcoin_abc, Fabien

Reviewed By: #bitcoin_abc, Fabien

Differential Revision: https://reviews.bitcoinabc.org/D7494
fanquake added a commit that referenced this pull request Aug 19, 2021
cd37356 [crypto] Fix K1/K2 use in ChaCha20-Poly1305 AEAD (Dhruv Mehta)

Pull request description:

  BIP324 mentions K1 is used for the associated data and K2 is used for the payload. The code does the opposite. This is not a security problem but will be a problem across implementations based on the HKDF key derivations.

  BIP324 author Jonas Schnelli thinks a [code update will be better](#15649 (comment)) than a BIP update.

  If this PR is merged:

  - [ ] We need to update the test vector 3 in BIP324

ACKs for top commit:
  jonasschnelli:
    utACK cd37356

Tree-SHA512: e2165117bfbf7a031060e7376912f9af1c1bfc57916383799a0fa2c040e2caaab0d6aafc3425c083a233b96c84fafec75c938e00ceb6bd7d52607d58607cb145
sidhujag pushed a commit to syscoin/syscoin that referenced this pull request Aug 20, 2021
cd37356 [crypto] Fix K1/K2 use in ChaCha20-Poly1305 AEAD (Dhruv Mehta)

Pull request description:

  BIP324 mentions K1 is used for the associated data and K2 is used for the payload. The code does the opposite. This is not a security problem but will be a problem across implementations based on the HKDF key derivations.

  BIP324 author Jonas Schnelli thinks a [code update will be better](bitcoin#15649 (comment)) than a BIP update.

  If this PR is merged:

  - [ ] We need to update the test vector 3 in BIP324

ACKs for top commit:
  jonasschnelli:
    utACK cd37356

Tree-SHA512: e2165117bfbf7a031060e7376912f9af1c1bfc57916383799a0fa2c040e2caaab0d6aafc3425c083a233b96c84fafec75c938e00ceb6bd7d52607d58607cb145
fanquake added a commit to fanquake/bitcoin that referenced this pull request Jun 10, 2022
Code introduced in bitcoin#15649 added usage of `timingsafe_bcmp()`, if
available, otherwise falling back to our own implementation. However
the relevant build system check was never added, so currently, we'll
always just use our implementation, as HAVE_TIMINGSAFE_BCMP will never
be defined.

Add the check for timingsafe_bcmp. Note that as far as I'm aware, it's
only available on OpenBSD.
fanquake added a commit to fanquake/bitcoin that referenced this pull request Jun 10, 2022
Code introduced in bitcoin#15649 added usage of `timingsafe_bcmp()`, if
available, otherwise falling back to our own implementation. However
the relevant build system check was never added, so currently, we'll
always just use our implementation, as HAVE_TIMINGSAFE_BCMP will never
be defined.

Add the check for timingsafe_bcmp. Note that as far as I'm aware, it's
only available on OpenBSD.
laanwj added a commit that referenced this pull request Jun 14, 2022
491bb14 build: test for timingsafe_bcmp (fanquake)

Pull request description:

  Code introduced in #15649 added usage of [`timingsafe_bcmp()`](https://man.openbsd.org/timingsafe_bcmp.3), if
  available, otherwise falling back to our own implementation. However
  the relevant build system check was never added, so currently, we'll
  always just use our implementation, as `HAVE_TIMINGSAFE_BCMP` will never
  be defined.

  Add the check for `timingsafe_bcmp`. Note that as far as I'm aware, it's
  only available on OpenBSD.

  https://github.com/bitcoin/bitcoin/blob/c3daa321f921f4e2514ef93c48d39ae39e7f2d46/src/crypto/chacha_poly_aead.cpp#L16-L28

  Guix Build (x86_64):
  ```bash
  0a890839e3de040e084d4df6aeabd924f6c6b04e724d7d2a87ef366d5493ac94  guix-build-491bb14c0c9c/output/aarch64-linux-gnu/SHA256SUMS.part
  fd5e1c4531f1739d63e8d552495c24c044ce9ddd34a424d6da1317830e625527  guix-build-491bb14c0c9c/output/aarch64-linux-gnu/bitcoin-491bb14c0c9c-aarch64-linux-gnu-debug.tar.gz
  551f58234ba5acf5c5125df85fccb49f8536399d2a1b7126848e4709b7edb61e  guix-build-491bb14c0c9c/output/aarch64-linux-gnu/bitcoin-491bb14c0c9c-aarch64-linux-gnu.tar.gz
  5a6f7630d36af7e4317f660232c52a5c8c983b1999f57e176a628d83a5eb7b4a  guix-build-491bb14c0c9c/output/arm-linux-gnueabihf/SHA256SUMS.part
  d1eba598d69498e899663cfcba295747ac5808218157adaca79d45459aac8ecf  guix-build-491bb14c0c9c/output/arm-linux-gnueabihf/bitcoin-491bb14c0c9c-arm-linux-gnueabihf-debug.tar.gz
  1e2559a99b89770501308416edc6cfeec94bfea9e9cadb6b64a4df7a487350d1  guix-build-491bb14c0c9c/output/arm-linux-gnueabihf/bitcoin-491bb14c0c9c-arm-linux-gnueabihf.tar.gz
  bc961b8b930df8123a6cad1c55f250658ea600d4a617ec4fceec2bfc28ec779f  guix-build-491bb14c0c9c/output/arm64-apple-darwin/SHA256SUMS.part
  f65118d324a8c1a3d80190dc0a80a2175b116a5ef5b0d977e8ffeaa7a8114851  guix-build-491bb14c0c9c/output/arm64-apple-darwin/bitcoin-491bb14c0c9c-arm64-apple-darwin-unsigned.dmg
  d27cd6193b1b5ecdab50d1fe2b4c3d0bfba04813506ecf63e27a6e9edb32913e  guix-build-491bb14c0c9c/output/arm64-apple-darwin/bitcoin-491bb14c0c9c-arm64-apple-darwin-unsigned.tar.gz
  76fc93a9c11909a826c9bd310ae4a70dc2083b96540c875d9cfb3b31bb86dd3e  guix-build-491bb14c0c9c/output/arm64-apple-darwin/bitcoin-491bb14c0c9c-arm64-apple-darwin.tar.gz
  43f157994432c16cfd481de2ce4894f7c241a0b87ce3797ffc492e219ed00c19  guix-build-491bb14c0c9c/output/dist-archive/bitcoin-491bb14c0c9c.tar.gz
  d04bc01a7b207e2d9e833ef4399d5daa789f5d7476df3915f426ea1c71578cb5  guix-build-491bb14c0c9c/output/powerpc64-linux-gnu/SHA256SUMS.part
  d815ab7157ca87a51c0c08907ba76f6bcec11cf9c0db77c2fd2885bf78796f97  guix-build-491bb14c0c9c/output/powerpc64-linux-gnu/bitcoin-491bb14c0c9c-powerpc64-linux-gnu-debug.tar.gz
  9f912bedf53d6921cf10f48569fb74ef4f42c8571fb976b50e67a64f6754833c  guix-build-491bb14c0c9c/output/powerpc64-linux-gnu/bitcoin-491bb14c0c9c-powerpc64-linux-gnu.tar.gz
  0651ed89f9a7cd4a4a196a48b330aec82f6ca1df5d842e6da863a87ae69f57f4  guix-build-491bb14c0c9c/output/powerpc64le-linux-gnu/SHA256SUMS.part
  4c5f1ea788580a99318dc91cb3ac51f11829163a5821a01d90459911b0ff791d  guix-build-491bb14c0c9c/output/powerpc64le-linux-gnu/bitcoin-491bb14c0c9c-powerpc64le-linux-gnu-debug.tar.gz
  61c91db6b7f34d43292b6e0c0a1e4bd5f6e2d532df835410daca337cf94c66af  guix-build-491bb14c0c9c/output/powerpc64le-linux-gnu/bitcoin-491bb14c0c9c-powerpc64le-linux-gnu.tar.gz
  be4d94e812c02a3955343d7a92a26deff9ced37aada049fd328118e01a8e3c53  guix-build-491bb14c0c9c/output/riscv64-linux-gnu/SHA256SUMS.part
  d73589e28311c8b442bb873d233181988f79d728965ccef395b19683b78203e9  guix-build-491bb14c0c9c/output/riscv64-linux-gnu/bitcoin-491bb14c0c9c-riscv64-linux-gnu-debug.tar.gz
  a1b15c96fcc936928aa183e7b06552c68a2dd5d178122394c3ed2cbd3f07ab2f  guix-build-491bb14c0c9c/output/riscv64-linux-gnu/bitcoin-491bb14c0c9c-riscv64-linux-gnu.tar.gz
  2d608c6b79be12cdc179e5e6414ea21d06d8b2816e098fbdb4e929b8f9338fa5  guix-build-491bb14c0c9c/output/x86_64-apple-darwin/SHA256SUMS.part
  ce11298ab92f388bd43ff2c6cb8c07c777dab44f0f6ea93b909805552bafd20d  guix-build-491bb14c0c9c/output/x86_64-apple-darwin/bitcoin-491bb14c0c9c-x86_64-apple-darwin-unsigned.dmg
  5d0626fc72d473157376efe0736f4d2b5836a5394a4869368bc65bf9d264d238  guix-build-491bb14c0c9c/output/x86_64-apple-darwin/bitcoin-491bb14c0c9c-x86_64-apple-darwin-unsigned.tar.gz
  d9f250bb45c4663f8160b7d22c1ccde8f1abad62dc6667e01fe71d577f00e9f9  guix-build-491bb14c0c9c/output/x86_64-apple-darwin/bitcoin-491bb14c0c9c-x86_64-apple-darwin.tar.gz
  72b3afe2d6124598eddbeed8d0799a8bd23536b4a3e4611162094601c75b923e  guix-build-491bb14c0c9c/output/x86_64-linux-gnu/SHA256SUMS.part
  eef6c0928762c77a23b485b55c350660b111ffdf3446825648d7da05e5e681eb  guix-build-491bb14c0c9c/output/x86_64-linux-gnu/bitcoin-491bb14c0c9c-x86_64-linux-gnu-debug.tar.gz
  a130d87e851f0192bf89dd5ecbe52d63231ce5dbbf584d1e4fb33a36ebb8bf7a  guix-build-491bb14c0c9c/output/x86_64-linux-gnu/bitcoin-491bb14c0c9c-x86_64-linux-gnu.tar.gz
  0f00372e30ea12ca9d16d70c4905b6b8492464987bb6b272ed4f9a945941d6b9  guix-build-491bb14c0c9c/output/x86_64-w64-mingw32/SHA256SUMS.part
  2852dff8d38ef6eee759bf9fe717a4288db46c300f061acb3212cd1499607d8d  guix-build-491bb14c0c9c/output/x86_64-w64-mingw32/bitcoin-491bb14c0c9c-win64-debug.zip
  ef087e9d6160e183f6ef6d64f9141b499e893d88705be5d1426ced6c49531c18  guix-build-491bb14c0c9c/output/x86_64-w64-mingw32/bitcoin-491bb14c0c9c-win64-setup-unsigned.exe
  79392686b9f5781275e346badf8d7166baa0b4f2c0037ddd6df0b4bc23eaedf6  guix-build-491bb14c0c9c/output/x86_64-w64-mingw32/bitcoin-491bb14c0c9c-win64-unsigned.tar.gz
  da8c9f6922bdab660dfbd757ec89ce7a2493bf1d02e32172b77c1a21b09daaa9  guix-build-491bb14c0c9c/output/x86_64-w64-mingw32/bitcoin-491bb14c0c9c-win64.zip
  ```

  Guix Build (arm64):
  ```bash
  ff7afe1f43ac18df89cf1932568b0713f6f22fd2b449a4a87f9aebf404449897  guix-build-491bb14c0c9c/output/arm-linux-gnueabihf/SHA256SUMS.part
  5e727cc3273615e6f75c6e15bc004946ab7494ee169ecf830f23290cf6f5c3de  guix-build-491bb14c0c9c/output/arm-linux-gnueabihf/bitcoin-491bb14c0c9c-arm-linux-gnueabihf-debug.tar.gz
  4aff5487b129dc483780646994246890a5917c8956980ec52682accfe5a0d02e  guix-build-491bb14c0c9c/output/arm-linux-gnueabihf/bitcoin-491bb14c0c9c-arm-linux-gnueabihf.tar.gz
  cabfeb29771017dfde35a1c8f08c7066255ad84a05d6d565cfcf852a5d869d16  guix-build-491bb14c0c9c/output/arm64-apple-darwin/SHA256SUMS.part
  99360c7135967e1d9709830abcc8f5b6ebc7bc37c5be0eac1ddebe0ce5dbe344  guix-build-491bb14c0c9c/output/arm64-apple-darwin/bitcoin-491bb14c0c9c-arm64-apple-darwin-unsigned.dmg
  9caa58d1efe18c7ad68fec2a71455ade61939f32ae2da0b0457b459204227046  guix-build-491bb14c0c9c/output/arm64-apple-darwin/bitcoin-491bb14c0c9c-arm64-apple-darwin-unsigned.tar.gz
  d9b0ad26346869aa6a4229aa77796535f68880fc50f8b7b7a4297f2e14d2e3ad  guix-build-491bb14c0c9c/output/arm64-apple-darwin/bitcoin-491bb14c0c9c-arm64-apple-darwin.tar.gz
  43f157994432c16cfd481de2ce4894f7c241a0b87ce3797ffc492e219ed00c19  guix-build-491bb14c0c9c/output/dist-archive/bitcoin-491bb14c0c9c.tar.gz
  e2f95f50ae973cef815731485be6b917f39eea92ef4e93fa63aa1ad6cb52a3c9  guix-build-491bb14c0c9c/output/powerpc64-linux-gnu/SHA256SUMS.part
  452f3091a1e841920e958f14f1650e94b3a61cb430cb99930fb5941d8a8aad3d  guix-build-491bb14c0c9c/output/powerpc64-linux-gnu/bitcoin-491bb14c0c9c-powerpc64-linux-gnu-debug.tar.gz
  a371cee3dae3d5cf5ca792b58a1bb492a6a6147e0b515e69869d3543edbeaea5  guix-build-491bb14c0c9c/output/powerpc64-linux-gnu/bitcoin-491bb14c0c9c-powerpc64-linux-gnu.tar.gz
  89153f4b6a3bc6d47787c4d63b57e1dade8116822abb547fc1759c84e6ff6fa2  guix-build-491bb14c0c9c/output/powerpc64le-linux-gnu/SHA256SUMS.part
  9f51353abe7b6154a48da5db3fce29d2dac1dbe9a6c78aade1b9e1b6b12370fa  guix-build-491bb14c0c9c/output/powerpc64le-linux-gnu/bitcoin-491bb14c0c9c-powerpc64le-linux-gnu-debug.tar.gz
  25b21eb2d8e3982dac5e1510b78339b7c4bddf164b986c929036369e403ddadd  guix-build-491bb14c0c9c/output/powerpc64le-linux-gnu/bitcoin-491bb14c0c9c-powerpc64le-linux-gnu.tar.gz
  92c4c404f7355897bca4ba7e38a908828da73617cac7b0fbd89952ce20859d83  guix-build-491bb14c0c9c/output/riscv64-linux-gnu/SHA256SUMS.part
  230361b5a493b3ac17780b3d5496cc10a37d3345b96874b04092c06aab36cb0d  guix-build-491bb14c0c9c/output/riscv64-linux-gnu/bitcoin-491bb14c0c9c-riscv64-linux-gnu-debug.tar.gz
  d8110e6d738a40ccd076cbd286557931b2a433e27c8defcc496ac56f60fe5327  guix-build-491bb14c0c9c/output/riscv64-linux-gnu/bitcoin-491bb14c0c9c-riscv64-linux-gnu.tar.gz
  2d608c6b79be12cdc179e5e6414ea21d06d8b2816e098fbdb4e929b8f9338fa5  guix-build-491bb14c0c9c/output/x86_64-apple-darwin/SHA256SUMS.part
  ce11298ab92f388bd43ff2c6cb8c07c777dab44f0f6ea93b909805552bafd20d  guix-build-491bb14c0c9c/output/x86_64-apple-darwin/bitcoin-491bb14c0c9c-x86_64-apple-darwin-unsigned.dmg
  5d0626fc72d473157376efe0736f4d2b5836a5394a4869368bc65bf9d264d238  guix-build-491bb14c0c9c/output/x86_64-apple-darwin/bitcoin-491bb14c0c9c-x86_64-apple-darwin-unsigned.tar.gz
  d9f250bb45c4663f8160b7d22c1ccde8f1abad62dc6667e01fe71d577f00e9f9  guix-build-491bb14c0c9c/output/x86_64-apple-darwin/bitcoin-491bb14c0c9c-x86_64-apple-darwin.tar.gz
  de7a52a67f243b6db1086c2ab2cc3f01784d38b43b7aaf795b7713c33799ab62  guix-build-491bb14c0c9c/output/x86_64-linux-gnu/SHA256SUMS.part
  88228ef3007e81ade481d0c3fa757ac3ae86bda50aeef2631335c5d54fb4194c  guix-build-491bb14c0c9c/output/x86_64-linux-gnu/bitcoin-491bb14c0c9c-x86_64-linux-gnu-debug.tar.gz
  b1f2ddf50658f4d1bd0667cc16502f9a45d9e0eef4c1d103cd7780cebfc2766d  guix-build-491bb14c0c9c/output/x86_64-linux-gnu/bitcoin-491bb14c0c9c-x86_64-linux-gnu.tar.gz
  f0cc08231ed964fcb4f2c5a697c52160dad8ed374f8d9537eb7f2ca9f47e7b2c  guix-build-491bb14c0c9c/output/x86_64-w64-mingw32/SHA256SUMS.part
  d9c49c031bde4f80e63955fdeb14a7fb8f74a27d09bcf01881648917df10a836  guix-build-491bb14c0c9c/output/x86_64-w64-mingw32/bitcoin-491bb14c0c9c-win64-debug.zip
  ef087e9d6160e183f6ef6d64f9141b499e893d88705be5d1426ced6c49531c18  guix-build-491bb14c0c9c/output/x86_64-w64-mingw32/bitcoin-491bb14c0c9c-win64-setup-unsigned.exe
  79392686b9f5781275e346badf8d7166baa0b4f2c0037ddd6df0b4bc23eaedf6  guix-build-491bb14c0c9c/output/x86_64-w64-mingw32/bitcoin-491bb14c0c9c-win64-unsigned.tar.gz
  1d76ceae8c3feef573d4e60fe6c7be5f3bea4afd3994ddc16759d8b381767015  guix-build-491bb14c0c9c/output/x86_64-w64-mingw32/bitcoin-491bb14c0c9c-win64.zip
  ```

ACKs for top commit:
  laanwj:
    Code review ACK 491bb14
  theStack:
    ACK 491bb14

Tree-SHA512: 50d273706e92016783f6a9d552f56b703c3c26ec2f0fafb9a0d1c1047456eee7c08e76ebc57077d2ecf95aaf5a3804c88a629a2e02a48c8be91b87ffa44cdb3e
sidhujag pushed a commit to syscoin/syscoin that referenced this pull request Jun 15, 2022
491bb14 build: test for timingsafe_bcmp (fanquake)

Pull request description:

  Code introduced in bitcoin#15649 added usage of [`timingsafe_bcmp()`](https://man.openbsd.org/timingsafe_bcmp.3), if
  available, otherwise falling back to our own implementation. However
  the relevant build system check was never added, so currently, we'll
  always just use our implementation, as `HAVE_TIMINGSAFE_BCMP` will never
  be defined.

  Add the check for `timingsafe_bcmp`. Note that as far as I'm aware, it's
  only available on OpenBSD.

  https://github.com/bitcoin/bitcoin/blob/c3daa321f921f4e2514ef93c48d39ae39e7f2d46/src/crypto/chacha_poly_aead.cpp#L16-L28

  Guix Build (x86_64):
  ```bash
  0a890839e3de040e084d4df6aeabd924f6c6b04e724d7d2a87ef366d5493ac94  guix-build-491bb14c0c9c/output/aarch64-linux-gnu/SHA256SUMS.part
  fd5e1c4531f1739d63e8d552495c24c044ce9ddd34a424d6da1317830e625527  guix-build-491bb14c0c9c/output/aarch64-linux-gnu/bitcoin-491bb14c0c9c-aarch64-linux-gnu-debug.tar.gz
  551f58234ba5acf5c5125df85fccb49f8536399d2a1b7126848e4709b7edb61e  guix-build-491bb14c0c9c/output/aarch64-linux-gnu/bitcoin-491bb14c0c9c-aarch64-linux-gnu.tar.gz
  5a6f7630d36af7e4317f660232c52a5c8c983b1999f57e176a628d83a5eb7b4a  guix-build-491bb14c0c9c/output/arm-linux-gnueabihf/SHA256SUMS.part
  d1eba598d69498e899663cfcba295747ac5808218157adaca79d45459aac8ecf  guix-build-491bb14c0c9c/output/arm-linux-gnueabihf/bitcoin-491bb14c0c9c-arm-linux-gnueabihf-debug.tar.gz
  1e2559a99b89770501308416edc6cfeec94bfea9e9cadb6b64a4df7a487350d1  guix-build-491bb14c0c9c/output/arm-linux-gnueabihf/bitcoin-491bb14c0c9c-arm-linux-gnueabihf.tar.gz
  bc961b8b930df8123a6cad1c55f250658ea600d4a617ec4fceec2bfc28ec779f  guix-build-491bb14c0c9c/output/arm64-apple-darwin/SHA256SUMS.part
  f65118d324a8c1a3d80190dc0a80a2175b116a5ef5b0d977e8ffeaa7a8114851  guix-build-491bb14c0c9c/output/arm64-apple-darwin/bitcoin-491bb14c0c9c-arm64-apple-darwin-unsigned.dmg
  d27cd6193b1b5ecdab50d1fe2b4c3d0bfba04813506ecf63e27a6e9edb32913e  guix-build-491bb14c0c9c/output/arm64-apple-darwin/bitcoin-491bb14c0c9c-arm64-apple-darwin-unsigned.tar.gz
  76fc93a9c11909a826c9bd310ae4a70dc2083b96540c875d9cfb3b31bb86dd3e  guix-build-491bb14c0c9c/output/arm64-apple-darwin/bitcoin-491bb14c0c9c-arm64-apple-darwin.tar.gz
  43f157994432c16cfd481de2ce4894f7c241a0b87ce3797ffc492e219ed00c19  guix-build-491bb14c0c9c/output/dist-archive/bitcoin-491bb14c0c9c.tar.gz
  d04bc01a7b207e2d9e833ef4399d5daa789f5d7476df3915f426ea1c71578cb5  guix-build-491bb14c0c9c/output/powerpc64-linux-gnu/SHA256SUMS.part
  d815ab7157ca87a51c0c08907ba76f6bcec11cf9c0db77c2fd2885bf78796f97  guix-build-491bb14c0c9c/output/powerpc64-linux-gnu/bitcoin-491bb14c0c9c-powerpc64-linux-gnu-debug.tar.gz
  9f912bedf53d6921cf10f48569fb74ef4f42c8571fb976b50e67a64f6754833c  guix-build-491bb14c0c9c/output/powerpc64-linux-gnu/bitcoin-491bb14c0c9c-powerpc64-linux-gnu.tar.gz
  0651ed89f9a7cd4a4a196a48b330aec82f6ca1df5d842e6da863a87ae69f57f4  guix-build-491bb14c0c9c/output/powerpc64le-linux-gnu/SHA256SUMS.part
  4c5f1ea788580a99318dc91cb3ac51f11829163a5821a01d90459911b0ff791d  guix-build-491bb14c0c9c/output/powerpc64le-linux-gnu/bitcoin-491bb14c0c9c-powerpc64le-linux-gnu-debug.tar.gz
  61c91db6b7f34d43292b6e0c0a1e4bd5f6e2d532df835410daca337cf94c66af  guix-build-491bb14c0c9c/output/powerpc64le-linux-gnu/bitcoin-491bb14c0c9c-powerpc64le-linux-gnu.tar.gz
  be4d94e812c02a3955343d7a92a26deff9ced37aada049fd328118e01a8e3c53  guix-build-491bb14c0c9c/output/riscv64-linux-gnu/SHA256SUMS.part
  d73589e28311c8b442bb873d233181988f79d728965ccef395b19683b78203e9  guix-build-491bb14c0c9c/output/riscv64-linux-gnu/bitcoin-491bb14c0c9c-riscv64-linux-gnu-debug.tar.gz
  a1b15c96fcc936928aa183e7b06552c68a2dd5d178122394c3ed2cbd3f07ab2f  guix-build-491bb14c0c9c/output/riscv64-linux-gnu/bitcoin-491bb14c0c9c-riscv64-linux-gnu.tar.gz
  2d608c6b79be12cdc179e5e6414ea21d06d8b2816e098fbdb4e929b8f9338fa5  guix-build-491bb14c0c9c/output/x86_64-apple-darwin/SHA256SUMS.part
  ce11298ab92f388bd43ff2c6cb8c07c777dab44f0f6ea93b909805552bafd20d  guix-build-491bb14c0c9c/output/x86_64-apple-darwin/bitcoin-491bb14c0c9c-x86_64-apple-darwin-unsigned.dmg
  5d0626fc72d473157376efe0736f4d2b5836a5394a4869368bc65bf9d264d238  guix-build-491bb14c0c9c/output/x86_64-apple-darwin/bitcoin-491bb14c0c9c-x86_64-apple-darwin-unsigned.tar.gz
  d9f250bb45c4663f8160b7d22c1ccde8f1abad62dc6667e01fe71d577f00e9f9  guix-build-491bb14c0c9c/output/x86_64-apple-darwin/bitcoin-491bb14c0c9c-x86_64-apple-darwin.tar.gz
  72b3afe2d6124598eddbeed8d0799a8bd23536b4a3e4611162094601c75b923e  guix-build-491bb14c0c9c/output/x86_64-linux-gnu/SHA256SUMS.part
  eef6c0928762c77a23b485b55c350660b111ffdf3446825648d7da05e5e681eb  guix-build-491bb14c0c9c/output/x86_64-linux-gnu/bitcoin-491bb14c0c9c-x86_64-linux-gnu-debug.tar.gz
  a130d87e851f0192bf89dd5ecbe52d63231ce5dbbf584d1e4fb33a36ebb8bf7a  guix-build-491bb14c0c9c/output/x86_64-linux-gnu/bitcoin-491bb14c0c9c-x86_64-linux-gnu.tar.gz
  0f00372e30ea12ca9d16d70c4905b6b8492464987bb6b272ed4f9a945941d6b9  guix-build-491bb14c0c9c/output/x86_64-w64-mingw32/SHA256SUMS.part
  2852dff8d38ef6eee759bf9fe717a4288db46c300f061acb3212cd1499607d8d  guix-build-491bb14c0c9c/output/x86_64-w64-mingw32/bitcoin-491bb14c0c9c-win64-debug.zip
  ef087e9d6160e183f6ef6d64f9141b499e893d88705be5d1426ced6c49531c18  guix-build-491bb14c0c9c/output/x86_64-w64-mingw32/bitcoin-491bb14c0c9c-win64-setup-unsigned.exe
  79392686b9f5781275e346badf8d7166baa0b4f2c0037ddd6df0b4bc23eaedf6  guix-build-491bb14c0c9c/output/x86_64-w64-mingw32/bitcoin-491bb14c0c9c-win64-unsigned.tar.gz
  da8c9f6922bdab660dfbd757ec89ce7a2493bf1d02e32172b77c1a21b09daaa9  guix-build-491bb14c0c9c/output/x86_64-w64-mingw32/bitcoin-491bb14c0c9c-win64.zip
  ```

  Guix Build (arm64):
  ```bash
  ff7afe1f43ac18df89cf1932568b0713f6f22fd2b449a4a87f9aebf404449897  guix-build-491bb14c0c9c/output/arm-linux-gnueabihf/SHA256SUMS.part
  5e727cc3273615e6f75c6e15bc004946ab7494ee169ecf830f23290cf6f5c3de  guix-build-491bb14c0c9c/output/arm-linux-gnueabihf/bitcoin-491bb14c0c9c-arm-linux-gnueabihf-debug.tar.gz
  4aff5487b129dc483780646994246890a5917c8956980ec52682accfe5a0d02e  guix-build-491bb14c0c9c/output/arm-linux-gnueabihf/bitcoin-491bb14c0c9c-arm-linux-gnueabihf.tar.gz
  cabfeb29771017dfde35a1c8f08c7066255ad84a05d6d565cfcf852a5d869d16  guix-build-491bb14c0c9c/output/arm64-apple-darwin/SHA256SUMS.part
  99360c7135967e1d9709830abcc8f5b6ebc7bc37c5be0eac1ddebe0ce5dbe344  guix-build-491bb14c0c9c/output/arm64-apple-darwin/bitcoin-491bb14c0c9c-arm64-apple-darwin-unsigned.dmg
  9caa58d1efe18c7ad68fec2a71455ade61939f32ae2da0b0457b459204227046  guix-build-491bb14c0c9c/output/arm64-apple-darwin/bitcoin-491bb14c0c9c-arm64-apple-darwin-unsigned.tar.gz
  d9b0ad26346869aa6a4229aa77796535f68880fc50f8b7b7a4297f2e14d2e3ad  guix-build-491bb14c0c9c/output/arm64-apple-darwin/bitcoin-491bb14c0c9c-arm64-apple-darwin.tar.gz
  43f157994432c16cfd481de2ce4894f7c241a0b87ce3797ffc492e219ed00c19  guix-build-491bb14c0c9c/output/dist-archive/bitcoin-491bb14c0c9c.tar.gz
  e2f95f50ae973cef815731485be6b917f39eea92ef4e93fa63aa1ad6cb52a3c9  guix-build-491bb14c0c9c/output/powerpc64-linux-gnu/SHA256SUMS.part
  452f3091a1e841920e958f14f1650e94b3a61cb430cb99930fb5941d8a8aad3d  guix-build-491bb14c0c9c/output/powerpc64-linux-gnu/bitcoin-491bb14c0c9c-powerpc64-linux-gnu-debug.tar.gz
  a371cee3dae3d5cf5ca792b58a1bb492a6a6147e0b515e69869d3543edbeaea5  guix-build-491bb14c0c9c/output/powerpc64-linux-gnu/bitcoin-491bb14c0c9c-powerpc64-linux-gnu.tar.gz
  89153f4b6a3bc6d47787c4d63b57e1dade8116822abb547fc1759c84e6ff6fa2  guix-build-491bb14c0c9c/output/powerpc64le-linux-gnu/SHA256SUMS.part
  9f51353abe7b6154a48da5db3fce29d2dac1dbe9a6c78aade1b9e1b6b12370fa  guix-build-491bb14c0c9c/output/powerpc64le-linux-gnu/bitcoin-491bb14c0c9c-powerpc64le-linux-gnu-debug.tar.gz
  25b21eb2d8e3982dac5e1510b78339b7c4bddf164b986c929036369e403ddadd  guix-build-491bb14c0c9c/output/powerpc64le-linux-gnu/bitcoin-491bb14c0c9c-powerpc64le-linux-gnu.tar.gz
  92c4c404f7355897bca4ba7e38a908828da73617cac7b0fbd89952ce20859d83  guix-build-491bb14c0c9c/output/riscv64-linux-gnu/SHA256SUMS.part
  230361b5a493b3ac17780b3d5496cc10a37d3345b96874b04092c06aab36cb0d  guix-build-491bb14c0c9c/output/riscv64-linux-gnu/bitcoin-491bb14c0c9c-riscv64-linux-gnu-debug.tar.gz
  d8110e6d738a40ccd076cbd286557931b2a433e27c8defcc496ac56f60fe5327  guix-build-491bb14c0c9c/output/riscv64-linux-gnu/bitcoin-491bb14c0c9c-riscv64-linux-gnu.tar.gz
  2d608c6b79be12cdc179e5e6414ea21d06d8b2816e098fbdb4e929b8f9338fa5  guix-build-491bb14c0c9c/output/x86_64-apple-darwin/SHA256SUMS.part
  ce11298ab92f388bd43ff2c6cb8c07c777dab44f0f6ea93b909805552bafd20d  guix-build-491bb14c0c9c/output/x86_64-apple-darwin/bitcoin-491bb14c0c9c-x86_64-apple-darwin-unsigned.dmg
  5d0626fc72d473157376efe0736f4d2b5836a5394a4869368bc65bf9d264d238  guix-build-491bb14c0c9c/output/x86_64-apple-darwin/bitcoin-491bb14c0c9c-x86_64-apple-darwin-unsigned.tar.gz
  d9f250bb45c4663f8160b7d22c1ccde8f1abad62dc6667e01fe71d577f00e9f9  guix-build-491bb14c0c9c/output/x86_64-apple-darwin/bitcoin-491bb14c0c9c-x86_64-apple-darwin.tar.gz
  de7a52a67f243b6db1086c2ab2cc3f01784d38b43b7aaf795b7713c33799ab62  guix-build-491bb14c0c9c/output/x86_64-linux-gnu/SHA256SUMS.part
  88228ef3007e81ade481d0c3fa757ac3ae86bda50aeef2631335c5d54fb4194c  guix-build-491bb14c0c9c/output/x86_64-linux-gnu/bitcoin-491bb14c0c9c-x86_64-linux-gnu-debug.tar.gz
  b1f2ddf50658f4d1bd0667cc16502f9a45d9e0eef4c1d103cd7780cebfc2766d  guix-build-491bb14c0c9c/output/x86_64-linux-gnu/bitcoin-491bb14c0c9c-x86_64-linux-gnu.tar.gz
  f0cc08231ed964fcb4f2c5a697c52160dad8ed374f8d9537eb7f2ca9f47e7b2c  guix-build-491bb14c0c9c/output/x86_64-w64-mingw32/SHA256SUMS.part
  d9c49c031bde4f80e63955fdeb14a7fb8f74a27d09bcf01881648917df10a836  guix-build-491bb14c0c9c/output/x86_64-w64-mingw32/bitcoin-491bb14c0c9c-win64-debug.zip
  ef087e9d6160e183f6ef6d64f9141b499e893d88705be5d1426ced6c49531c18  guix-build-491bb14c0c9c/output/x86_64-w64-mingw32/bitcoin-491bb14c0c9c-win64-setup-unsigned.exe
  79392686b9f5781275e346badf8d7166baa0b4f2c0037ddd6df0b4bc23eaedf6  guix-build-491bb14c0c9c/output/x86_64-w64-mingw32/bitcoin-491bb14c0c9c-win64-unsigned.tar.gz
  1d76ceae8c3feef573d4e60fe6c7be5f3bea4afd3994ddc16759d8b381767015  guix-build-491bb14c0c9c/output/x86_64-w64-mingw32/bitcoin-491bb14c0c9c-win64.zip
  ```

ACKs for top commit:
  laanwj:
    Code review ACK 491bb14
  theStack:
    ACK 491bb14

Tree-SHA512: 50d273706e92016783f6a9d552f56b703c3c26ec2f0fafb9a0d1c1047456eee7c08e76ebc57077d2ecf95aaf5a3804c88a629a2e02a48c8be91b87ffa44cdb3e
@bitcoin bitcoin locked as resolved and limited conversation to collaborators Aug 16, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
Projects
No open projects
Status: Merged
Development

Successfully merging this pull request may close these issues.