Update NIX reference

.github/workflows/haskell.yml

@@ -152,8 +152,7 @@ jobs:
         git clone https://github.com/supranational/blst
         cd blst
         ./build.sh
-        sudo install libblst.a /usr/local/lib/
-        sudo cp bindings/*.h /usr/local/include/
+        sudo install libblst.a /usr/local/lib/libblst.a
         cd ../..
 
     - name: Install blst (MacOS)
@@ -165,7 +164,6 @@ jobs:
         cd blst
         ./build.sh
         sudo install libblst.a /usr/local/lib/libblst.a
-        sudo cp bindings/*.h /usr/local/include/
         cd ../..
 
     - uses: haskell/actions/setup@v1

cabal.project

@@ -30,4 +30,3 @@ packages:
 
 -- Ensures colourized output from test runners
 test-show-details: direct
-

cardano-crypto-class/cardano-crypto-class.cabal

@@ -19,7 +19,7 @@ category:            Currency
 build-type:          Simple
 extra-source-files:  README.md
 extra-source-files:  cbits/blst.h
-                  ,  cbits/blst_util.c
+                  ,  cbits/blst_aux.h
 
 flag development
   description: Disable `-Werror`

cardano-crypto-class/cbits/blst.h

@@ -72,11 +72,11 @@ void blst_lendian_from_scalar(byte out[32], const blst_scalar *a);
 bool blst_scalar_fr_check(const blst_scalar *a);
 bool blst_sk_check(const blst_scalar *a);
 bool blst_sk_add_n_check(blst_scalar *out, const blst_scalar *a,
-                                           const blst_scalar *b);
+                         const blst_scalar *b);
 bool blst_sk_sub_n_check(blst_scalar *out, const blst_scalar *a,
-                                           const blst_scalar *b);
+                         const blst_scalar *b);
 bool blst_sk_mul_n_check(blst_scalar *out, const blst_scalar *a,
-                                           const blst_scalar *b);
+                         const blst_scalar *b);
 void blst_sk_inverse(blst_scalar *out, const blst_scalar *a);
 bool blst_scalar_from_le_bytes(blst_scalar *out, const byte *in, size_t len);
 bool blst_scalar_from_be_bytes(blst_scalar *out, const byte *in, size_t len);
@@ -147,7 +147,7 @@ void blst_fp12_sqr(blst_fp12 *ret, const blst_fp12 *a);
 void blst_fp12_cyclotomic_sqr(blst_fp12 *ret, const blst_fp12 *a);
 void blst_fp12_mul(blst_fp12 *ret, const blst_fp12 *a, const blst_fp12 *b);
 void blst_fp12_mul_by_xy00z0(blst_fp12 *ret, const blst_fp12 *a,
-                                             const blst_fp6 *xy00z0);
+                             const blst_fp6 *xy00z0);
 void blst_fp12_conjugate(blst_fp12 *a);
 void blst_fp12_inverse(blst_fp12 *ret, const blst_fp12 *a);
 /* caveat lector! |n| has to be non-zero and not more than 3! */
@@ -167,12 +167,12 @@ typedef struct { blst_fp x, y; } blst_p1_affine;
 void blst_p1_add(blst_p1 *out, const blst_p1 *a, const blst_p1 *b);
 void blst_p1_add_or_double(blst_p1 *out, const blst_p1 *a, const blst_p1 *b);
 void blst_p1_add_affine(blst_p1 *out, const blst_p1 *a,
-                                      const blst_p1_affine *b);
+                        const blst_p1_affine *b);
 void blst_p1_add_or_double_affine(blst_p1 *out, const blst_p1 *a,
-                                                const blst_p1_affine *b);
+                                  const blst_p1_affine *b);
 void blst_p1_double(blst_p1 *out, const blst_p1 *a);
 void blst_p1_mult(blst_p1 *out, const blst_p1 *p, const byte *scalar,
-                                                  size_t nbits);
+                  size_t nbits);
 void blst_p1_cneg(blst_p1 *p, bool cbit);
 void blst_p1_to_affine(blst_p1_affine *out, const blst_p1 *in);
 void blst_p1_from_affine(blst_p1 *out, const blst_p1_affine *in);
@@ -194,12 +194,12 @@ typedef struct { blst_fp2 x, y; } blst_p2_affine;
 void blst_p2_add(blst_p2 *out, const blst_p2 *a, const blst_p2 *b);
 void blst_p2_add_or_double(blst_p2 *out, const blst_p2 *a, const blst_p2 *b);
 void blst_p2_add_affine(blst_p2 *out, const blst_p2 *a,
-                                      const blst_p2_affine *b);
+                        const blst_p2_affine *b);
 void blst_p2_add_or_double_affine(blst_p2 *out, const blst_p2 *a,
-                                                const blst_p2_affine *b);
+                                  const blst_p2_affine *b);
 void blst_p2_double(blst_p2 *out, const blst_p2 *a);
 void blst_p2_mult(blst_p2 *out, const blst_p2 *p, const byte *scalar,
-                                                  size_t nbits);
+                  size_t nbits);
 void blst_p2_cneg(blst_p2 *p, bool cbit);
 void blst_p2_to_affine(blst_p2_affine *out, const blst_p2 *in);
 void blst_p2_from_affine(blst_p2 *out, const blst_p2_affine *in);
@@ -222,7 +222,7 @@ const blst_p2_affine *blst_p2_affine_generator();
 void blst_p1s_to_affine(blst_p1_affine dst[], const blst_p1 *const points[],
                         size_t npoints);
 void blst_p1s_add(blst_p1 *ret, const blst_p1_affine *const points[],
-                                size_t npoints);
+                  size_t npoints);
 
 size_t blst_p1s_mult_wbits_precompute_sizeof(size_t wbits, size_t npoints);
 void blst_p1s_mult_wbits_precompute(blst_p1_affine table[], size_t wbits,
@@ -246,7 +246,7 @@ void blst_p1s_tile_pippenger(blst_p1 *ret, const blst_p1_affine *const points[],
 void blst_p2s_to_affine(blst_p2_affine dst[], const blst_p2 *const points[],
                         size_t npoints);
 void blst_p2s_add(blst_p2 *ret, const blst_p2_affine *const points[],
-                                size_t npoints);
+                  size_t npoints);
 
 size_t blst_p2s_mult_wbits_precompute_sizeof(size_t wbits, size_t npoints);
 void blst_p2s_mult_wbits_precompute(blst_p2_affine table[], size_t wbits,
@@ -326,21 +326,21 @@ void blst_keygen(blst_scalar *out_SK, const byte *IKM, size_t IKM_len,
                  const byte *info DEFNULL, size_t info_len DEFNULL);
 void blst_sk_to_pk_in_g1(blst_p1 *out_pk, const blst_scalar *SK);
 void blst_sign_pk_in_g1(blst_p2 *out_sig, const blst_p2 *hash,
-                                          const blst_scalar *SK);
+                        const blst_scalar *SK);
 void blst_sk_to_pk_in_g2(blst_p2 *out_pk, const blst_scalar *SK);
 void blst_sign_pk_in_g2(blst_p1 *out_sig, const blst_p1 *hash,
-                                          const blst_scalar *SK);
+                        const blst_scalar *SK);
 
 /*
  * Pairing interface.
  */
 #ifndef SWIG
 void blst_miller_loop(blst_fp12 *ret, const blst_p2_affine *Q,
-                                      const blst_p1_affine *P);
+                      const blst_p1_affine *P);
 void blst_final_exp(blst_fp12 *ret, const blst_fp12 *f);
 void blst_precompute_lines(blst_fp6 Qlines[68], const blst_p2_affine *Q);
 void blst_miller_loop_lines(blst_fp12 *ret, const blst_fp6 Qlines[68],
-                                            const blst_p1_affine *P);
+                            const blst_p1_affine *P);
 bool blst_fp12_finalverify(const blst_fp12 *gt1, const blst_fp12 *gt2);
 #endif
 
@@ -439,9 +439,9 @@ bool blst_pairing_finalverify(const blst_pairing *ctx,
  * not.
  */
 BLST_ERROR blst_aggregate_in_g1(blst_p1 *out, const blst_p1 *in,
-                                              const byte *zwire);
+                                const byte *zwire);
 BLST_ERROR blst_aggregate_in_g2(blst_p2 *out, const blst_p2 *in,
-                                              const byte *zwire);
+                                const byte *zwire);
 
 void blst_aggregated_in_g1(blst_fp12 *out, const blst_p1_affine *signature);
 void blst_aggregated_in_g2(blst_fp12 *out, const blst_p2_affine *signature);
@@ -476,4 +476,4 @@ extern const blst_p2_affine BLS12_381_NEG_G2;
 #ifdef __cplusplus
 }
 #endif
-#endif
+#endif

cardano-crypto-class/cbits/blst_aux.h

@@ -0,0 +1,79 @@
+/*
+ * Copyright Supranational LLC
+ * Licensed under the Apache License, Version 2.0, see LICENSE for details.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+#ifndef __BLST_AUX_H__
+#define __BLST_AUX_H__
+/*
+ * This file lists interfaces that might be promoted to blst.h or removed,
+ * depending on their proven/unproven worthiness.
+ */
+
+void blst_fr_to(blst_fr *ret, const blst_fr *a);
+void blst_fr_from(blst_fr *ret, const blst_fr *a);
+
+void blst_fp_to(blst_fp *ret, const blst_fp *a);
+void blst_fp_from(blst_fp *ret, const blst_fp *a);
+
+bool blst_fp_is_square(const blst_fp *a);
+bool blst_fp2_is_square(const blst_fp2 *a);
+
+void blst_p1_from_jacobian(blst_p1 *out, const blst_p1 *in);
+void blst_p2_from_jacobian(blst_p2 *out, const blst_p2 *in);
+
+/*
+ * Below functions produce both point and deserialized outcome of
+ * SkToPk and Sign. However, deserialized outputs are pre-decorated
+ * with sign and infinity bits. This means that you have to bring the
+ * output into compliance prior returning to application. If you want
+ * compressed point value, then do [equivalent of]
+ *
+ *  byte temp[96];
+ *  blst_sk_to_pk2_in_g1(temp, out_pk, SK);
+ *  temp[0] |= 0x80;
+ *  memcpy(out, temp, 48);
+ *
+ * Otherwise do
+ *
+ *  blst_sk_to_pk2_in_g1(out, out_pk, SK);
+ *  out[0] &= ~0x20;
+ *
+ * Either |out| or |out_<point>| can be NULL.
+ */
+void blst_sk_to_pk2_in_g1(byte out[96], blst_p1_affine *out_pk,
+                          const blst_scalar *SK);
+void blst_sign_pk2_in_g1(byte out[192], blst_p2_affine *out_sig,
+                         const blst_p2 *hash, const blst_scalar *SK);
+void blst_sk_to_pk2_in_g2(byte out[192], blst_p2_affine *out_pk,
+                          const blst_scalar *SK);
+void blst_sign_pk2_in_g2(byte out[96], blst_p1_affine *out_sig,
+                         const blst_p1 *hash, const blst_scalar *SK);
+
+typedef struct {} blst_uniq;
+
+size_t blst_uniq_sizeof(size_t n_nodes);
+void blst_uniq_init(blst_uniq *tree);
+bool blst_uniq_test(blst_uniq *tree, const byte *msg, size_t len);
+
+#ifdef expand_message_xmd
+void expand_message_xmd(unsigned char *bytes, size_t len_in_bytes,
+                        const unsigned char *aug, size_t aug_len,
+                        const unsigned char *msg, size_t msg_len,
+                        const unsigned char *DST, size_t DST_len);
+#else
+void blst_expand_message_xmd(byte *out, size_t out_len,
+                             const byte *msg, size_t msg_len,
+                             const byte *DST, size_t DST_len);
+#endif
+
+void blst_p1_unchecked_mult(blst_p1 *out, const blst_p1 *p, const byte *scalar,
+                                                            size_t nbits);
+void blst_p2_unchecked_mult(blst_p2 *out, const blst_p2 *p, const byte *scalar,
+                                                            size_t nbits);
+
+void blst_pairing_raw_aggregate(blst_pairing *ctx, const blst_p2_affine *q,
+                                                   const blst_p1_affine *p);
+blst_fp12 *blst_pairing_as_fp12(blst_pairing *ctx);
+
+#endif

cardano-crypto-class/cbits/blst_util.c

@@ -1,4 +1,4 @@
-#include <blst.h>
+#include "blst.h"
 #include <memory.h>
 
 const size_t size_blst_p1 () { return sizeof(blst_p1); }

cardano-crypto-tests/src/Test/Crypto/EllipticCurve.hs

@@ -10,9 +10,9 @@ import qualified Cardano.Crypto.EllipticCurve.BLS12_381 as BLS
 import qualified Cardano.Crypto.EllipticCurve.BLS12_381.Internal as BLS
 import Test.Crypto.Instances ()
 import Test.QuickCheck (
-    (===), 
-    (==>), 
-    Arbitrary(..), 
+    (===),
+    (==>),
+    Arbitrary(..),
     Property,
     suchThatMap,
   )

nix/haskell.nix

@@ -42,7 +42,7 @@ let
         # otherwise choose. Unfortunately, this means that we also override any other 
         # pkgconfig libraries that haskell.nix would pick for us. So we also need to 
         # manually include those here.
-        packages.cardano-crypto-class.components.library.pkgconfig = lib.mkForce [[ pkgs.libsodium-vrf pkgs.secp256k1 ]];
+        packages.cardano-crypto-class.components.library.pkgconfig = lib.mkForce [[ pkgs.libsodium-vrf pkgs.secp256k1 pkgs.blst ]];
         packages.cardano-crypto-praos.components.library.pkgconfig = lib.mkForce [[ pkgs.libsodium-vrf ]];
         packages.slotting.configureFlags = [ "--ghc-option=-Werror" ];
         enableLibraryProfiling = profiling;

nix/sources.json

@@ -38,15 +38,15 @@
         "version": "962ecfed3a4fb656b5a91d89159291e00ed766bc"
     },
     "iohk-nix": {
-        "branch": "master",
+        "branch": "iquerejeta/include-blst",
         "description": "nix scripts shared across projects",
         "homepage": null,
         "owner": "input-output-hk",
         "repo": "iohk-nix",
-        "rev": "9a604d01bd4420ab7f396f14d1947fbe2ce7db8b",
-        "sha256": "0w562wdmdhp83dw9rabiijj5hk1f4l8p8f3bwlr7virakgbg8lf8",
+        "rev": "7737550ee747584471c047df9172ad459fa56247",
+        "sha256": "102fj629jscqcg5mw5b3isj5gyg4a6nfnh62nzhzz7hwdw0lz1xk",
         "type": "tarball",
-        "url": "https://github.com/input-output-hk/iohk-nix/archive/9a604d01bd4420ab7f396f14d1947fbe2ce7db8b.tar.gz",
+        "url": "https://github.com/input-output-hk/iohk-nix/archive/7737550ee747584471c047df9172ad459fa56247.tar.gz",
         "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
     },
     "nixpkgs": {