Add SGX recipe

CMakeLists.txt

@@ -41,11 +41,17 @@ set(${PROJECT_NAME}_LIB_VERSION_AGE 1)
 set(CMAKE_C_STANDARD 90)
 set(CMAKE_C_EXTENSIONS OFF)
 
+if(SGX)
+  set(CMAKE_RUNTIME_OUTPUT_DIRECTORY ${PROJECT_BINARY_DIR}/bin)
+  set(CMAKE_INSTALL_PREFIX ${PROJECT_BINARY_DIR}/install)
+  add_definitions(-DSGX)
+endif()
+
 list(APPEND CMAKE_MODULE_PATH ${PROJECT_SOURCE_DIR}/cmake)
 
 option(BUILD_SHARED_LIBS "Build shared libraries." ON)
 option(SECP256K1_DISABLE_SHARED "Disable shared library. Overrides BUILD_SHARED_LIBS." OFF)
-if(SECP256K1_DISABLE_SHARED)
+if(SECP256K1_DISABLE_SHARED OR SGX)
   set(BUILD_SHARED_LIBS OFF)
 endif()
 
@@ -57,16 +63,19 @@ option(SECP256K1_INSTALL "Enable installation." ${PROJECT_IS_TOP_LEVEL})
 # dependendencies while processing.
 option(SECP256K1_ENABLE_MODULE_ECDH "Enable ECDH module." ON)
 option(SECP256K1_ENABLE_MODULE_RECOVERY "Enable ECDSA pubkey recovery module." OFF)
+if(SGX)
+  set(SECP256K1_ENABLE_MODULE_RECOVERY ON)
+endif()
+if(SECP256K1_ENABLE_MODULE_RECOVERY)
+  add_compile_definitions(ENABLE_MODULE_RECOVERY=1)
+endif()
+
 option(SECP256K1_ENABLE_MODULE_EXTRAKEYS "Enable extrakeys module." ON)
 option(SECP256K1_ENABLE_MODULE_SCHNORRSIG "Enable schnorrsig module." ON)
-option(SECP256K1_ENABLE_MODULE_ELLSWIFT "Enable ElligatorSwift module." ON)
-
-# Processing must be done in a topological sorting of the dependency graph
-# (dependent module first).
-if(SECP256K1_ENABLE_MODULE_ELLSWIFT)
-  add_compile_definitions(ENABLE_MODULE_ELLSWIFT=1)
+if(SGX)
+  set(SECP256K1_ENABLE_MODULE_EXTRAKEYS OFF)
+  set(SECP256K1_ENABLE_MODULE_SCHNORRSIG OFF)
 endif()
-
 if(SECP256K1_ENABLE_MODULE_SCHNORRSIG)
   if(DEFINED SECP256K1_ENABLE_MODULE_EXTRAKEYS AND NOT SECP256K1_ENABLE_MODULE_EXTRAKEYS)
     message(FATAL_ERROR "Module dependency error: You have disabled the extrakeys module explicitly, but it is required by the schnorrsig module.")
@@ -79,12 +88,12 @@ if(SECP256K1_ENABLE_MODULE_EXTRAKEYS)
   add_compile_definitions(ENABLE_MODULE_EXTRAKEYS=1)
 endif()
 
-if(SECP256K1_ENABLE_MODULE_RECOVERY)
-  add_compile_definitions(ENABLE_MODULE_RECOVERY=1)
+option(SECP256K1_ENABLE_MODULE_ELLSWIFT "Enable ElligatorSwift module." ON)
+if(SGX)
+  set(SECP256K1_ENABLE_MODULE_ELLSWIFT OFF)
 endif()
-
-if(SECP256K1_ENABLE_MODULE_ECDH)
-  add_compile_definitions(ENABLE_MODULE_ECDH=1)
+if(SECP256K1_ENABLE_MODULE_ELLSWIFT)
+  add_compile_definitions(ENABLE_MODULE_ELLSWIFT=1)
 endif()
 
 option(SECP256K1_USE_EXTERNAL_DEFAULT_CALLBACKS "Enable external default callback functions." OFF)
@@ -172,6 +181,14 @@ option(SECP256K1_BUILD_EXHAUSTIVE_TESTS "Build exhaustive tests." ON)
 option(SECP256K1_BUILD_CTIME_TESTS "Build constant-time tests." ${SECP256K1_VALGRIND})
 option(SECP256K1_BUILD_EXAMPLES "Build examples." OFF)
 
+if(SGX)
+  SET(SECP256K1_BUILD_BENCHMARK OFF)
+  SET(SECP256K1_BUILD_TESTS OFF)
+  SET(SECP256K1_BUILD_EXHAUSTIVE_TESTS OFF)
+  SET(SECP256K1_BUILD_CTIME_TESTS OFF)
+  SET(SECP256K1_BUILD_EXAMPLES OFF)
+endif()
+
 # Redefine configuration flags.
 # We leave assertions on, because they are only used in the examples, and we want them always on there.
 if(MSVC)
@@ -226,6 +243,10 @@ else()
 endif()
 
 include(TryAppendCFlags)
+if(SGX)
+  try_append_c_flags(-fPIE)
+endif()
+
 if(MSVC)
   # Keep the following commands ordered lexicographically.
   try_append_c_flags(/W3) # Production quality warning level.

README.md

@@ -78,10 +78,10 @@ To maintain a pristine source tree, CMake encourages to perform an out-of-source
 ### Building on POSIX systems
 
     $ mkdir build && cd build
-    $ cmake ..
-    $ cmake --build .
-    $ ctest  # run the test suite
-    $ sudo cmake --build . --target install  # optional
+    $ cmake .. -DSGX=true
+    $ make
+    $ make check  # run the test suite
+    $ sudo make install
 
 To compile optional modules (such as Schnorr signatures), you need to run `cmake` with additional flags (such as `-DSECP256K1_ENABLE_MODULE_SCHNORRSIG=ON`). Run `cmake .. -LH` to see the full list of available flags.
 

src/CMakeLists.txt

@@ -6,32 +6,34 @@ add_library(secp256k1_precomputed OBJECT EXCLUDE_FROM_ALL
   precomputed_ecmult_gen.c
 )
 
+set(SECP256K1_LIB "secp256k1_t")
+
 # Add objects explicitly rather than linking to the object libs to keep them
 # from being exported.
-add_library(secp256k1 secp256k1.c $<TARGET_OBJECTS:secp256k1_precomputed>)
+add_library(${SECP256K1_LIB} secp256k1.c $<TARGET_OBJECTS:secp256k1_precomputed>)
 
 add_library(secp256k1_asm INTERFACE)
 if(SECP256K1_ASM STREQUAL "arm32")
   add_library(secp256k1_asm_arm OBJECT EXCLUDE_FROM_ALL)
   target_sources(secp256k1_asm_arm PUBLIC
     asm/field_10x26_arm.s
   )
-  target_sources(secp256k1 PRIVATE $<TARGET_OBJECTS:secp256k1_asm_arm>)
+  target_sources(${SECP256K1_LIB} PRIVATE $<TARGET_OBJECTS:secp256k1_asm_arm>)
   target_link_libraries(secp256k1_asm INTERFACE secp256k1_asm_arm)
 endif()
 
 if(WIN32)
   # Define our export symbol only for shared libs.
-  set_target_properties(secp256k1 PROPERTIES DEFINE_SYMBOL SECP256K1_DLL_EXPORT)
-  target_compile_definitions(secp256k1 INTERFACE $<$<NOT:$<BOOL:${BUILD_SHARED_LIBS}>>:SECP256K1_STATIC>)
+  set_target_properties(${SECP256K1_LIB} PROPERTIES DEFINE_SYMBOL SECP256K1_DLL_EXPORT)
+  target_compile_definitions(${SECP256K1_LIB} INTERFACE $<$<NOT:$<BOOL:${BUILD_SHARED_LIBS}>>:SECP256K1_STATIC>)
 endif()
 
 # Object libs don't know if they're being built for a shared or static lib.
-# Grab the PIC property from secp256k1 which knows.
-get_target_property(use_pic secp256k1 POSITION_INDEPENDENT_CODE)
+# Grab the PIC property from ${SECP256K1_LIB} which knows.
+get_target_property(use_pic ${SECP256K1_LIB} POSITION_INDEPENDENT_CODE)
 set_target_properties(secp256k1_precomputed PROPERTIES POSITION_INDEPENDENT_CODE ${use_pic})
 
-target_include_directories(secp256k1 INTERFACE
+target_include_directories(${SECP256K1_LIB} INTERFACE
   # Add the include path for parent projects so that they don't have to manually add it.
   $<BUILD_INTERFACE:$<$<NOT:$<BOOL:${PROJECT_IS_TOP_LEVEL}>>:${PROJECT_SOURCE_DIR}/include>>
   $<INSTALL_INTERFACE:${CMAKE_INSTALL_INCLUDEDIR}>
@@ -40,17 +42,17 @@ target_include_directories(secp256k1 INTERFACE
 # This emulates Libtool to make sure Libtool and CMake agree on the ABI version,
 # see below "Calculate the version variables" in build-aux/ltmain.sh.
 math(EXPR ${PROJECT_NAME}_soversion "${${PROJECT_NAME}_LIB_VERSION_CURRENT} - ${${PROJECT_NAME}_LIB_VERSION_AGE}")
-set_target_properties(secp256k1 PROPERTIES
+set_target_properties(${SECP256K1_LIB} PROPERTIES
   SOVERSION ${${PROJECT_NAME}_soversion}
 )
 if(CMAKE_SYSTEM_NAME STREQUAL "Linux")
-  set_target_properties(secp256k1 PROPERTIES
+  set_target_properties(${SECP256K1_LIB} PROPERTIES
     VERSION ${${PROJECT_NAME}_soversion}.${${PROJECT_NAME}_LIB_VERSION_AGE}.${${PROJECT_NAME}_LIB_VERSION_REVISION}
   )
 elseif(APPLE)
   if(CMAKE_VERSION VERSION_GREATER_EQUAL 3.17)
     math(EXPR ${PROJECT_NAME}_compatibility_version "${${PROJECT_NAME}_LIB_VERSION_CURRENT} + 1")
-    set_target_properties(secp256k1 PROPERTIES
+    set_target_properties(${SECP256K1_LIB} PROPERTIES
       MACHO_COMPATIBILITY_VERSION ${${PROJECT_NAME}_compatibility_version}
       MACHO_CURRENT_VERSION ${${PROJECT_NAME}_compatibility_version}.${${PROJECT_NAME}_LIB_VERSION_REVISION}
     )
@@ -63,11 +65,11 @@ elseif(APPLE)
     )
   endif()
 elseif(CMAKE_SYSTEM_NAME STREQUAL "Windows")
-  set(${PROJECT_NAME}_windows "secp256k1")
+  set(${PROJECT_NAME}_windows ${SECP256K1_LIB})
   if(MSVC)
     set(${PROJECT_NAME}_windows "${PROJECT_NAME}")
   endif()
-  set_target_properties(secp256k1 PROPERTIES
+  set_target_properties(${SECP256K1_LIB} PROPERTIES
     ARCHIVE_OUTPUT_NAME "${${PROJECT_NAME}_windows}"
     RUNTIME_OUTPUT_NAME "${${PROJECT_NAME}_windows}-${${PROJECT_NAME}_soversion}"
   )
@@ -77,7 +79,7 @@ unset(${PROJECT_NAME}_soversion)
 
 if(SECP256K1_BUILD_BENCHMARK)
   add_executable(bench bench.c)
-  target_link_libraries(bench secp256k1)
+  target_link_libraries(bench ${SECP256K1_LIB})
   add_executable(bench_internal bench_internal.c)
   target_link_libraries(bench_internal secp256k1_precomputed secp256k1_asm)
   add_executable(bench_ecmult bench_ecmult.c)
@@ -106,11 +108,11 @@ endif()
 
 if(SECP256K1_BUILD_CTIME_TESTS)
   add_executable(ctime_tests ctime_tests.c)
-  target_link_libraries(ctime_tests secp256k1)
+  target_link_libraries(ctime_tests ${SECP256K1_LIB})
 endif()
 
 if(SECP256K1_INSTALL)
-  install(TARGETS secp256k1
+  install(TARGETS ${SECP256K1_LIB}
     EXPORT ${PROJECT_NAME}-targets
     RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR}
     LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR}

src/util.h

@@ -90,12 +90,16 @@ static SECP256K1_INLINE void secp256k1_callback_call(const secp256k1_callback *
 #ifndef USE_EXTERNAL_DEFAULT_CALLBACKS
 static void secp256k1_default_illegal_callback_fn(const char* str, void* data) {
     (void)data;
+#ifndef SGX
     fprintf(stderr, "[libsecp256k1] illegal argument: %s\n", str);
+#endif
     abort();
 }
 static void secp256k1_default_error_callback_fn(const char* str, void* data) {
     (void)data;
-    fprintf(stderr, "[libsecp256k1] internal consistency check failed: %s\n", str);
+#ifndef SGX
+    fprintf(stderr, "[libsecp256k1] illegal argument: %s\n", str); */
+#endif
     abort();
 }
 #else