Squashed 'src/secp256k1/' changes from 0559fc6..8746600

8746600 Merge bitcoin-core/secp256k1#1093: hash: Make code agnostic of endianness
37d3692 tests: Add tests for _read_be32 and _write_be32
912b7cc Merge bitcoin-core/secp256k1#1094: doc: Clarify configure flags for optional modules
55512d3 doc: clean up module help text in configure.ac
d9d94a9 doc: mention optional modules in README
616b43d util: Remove endianness detection
8d89b9e hash: Make code agnostic of endianness
d0ad581 Merge bitcoin-core/secp256k1#995: build: stop treating schnorrsig, extrakeys modules as experimental
1ac7e31 Merge bitcoin-core/secp256k1#1089: Schnorrsig API improvements
587239d Merge bitcoin-core/secp256k1#731: Change SHA256 byte counter from size_t to uint64_t
f8d9174 Add SHA256 bit counter tests
7f09d0f README: mention that ARM assembly is experimental
b8f8b99 docs: Fix return value for functions that don't have invalid inputs
f813bb0 schnorrsig: Adapt example to new API
99e6568 schnorrsig: Rename schnorrsig_sign to schnorsig_sign32 and deprecate
fc94a2d Use SECP256K1_DEPRECATED for existing deprecated API functions
3db0560 Add SECP256K1_DEPRECATED attribute for marking API parts as deprecated
80cf4ee build: stop treating schnorrsig, extrakeys modules as experimental
e0508ee Merge bitcoin-core/secp256k1#1090: configure: Remove redundant pkg-config code
21b2eba configure: Remove redundant pkg-config code
0e5cbd0 Merge bitcoin-core/secp256k1#1088: configure: Use modern way to set AR
0d253d5 configure: Use modern way to set AR
9b514ce Add test vector for very long SHA256 messages
8e3dde1 Simplify struct initializer for SHA256 padding
eb28464 Change SHA256 byte counter from size_t to uint64_t
ac83be3 Merge bitcoin-core/secp256k1#1079: configure: Add hidden --enable-dev-mode to enable all the stuff
e0838d6 configure: Add hidden --enable-dev-mode to enable all the stuff
fabd579 configure: Remove redundant code that sets _enable variables
0d4226c configure: Use canonical variable prefix _enable consistently
64b3497 Merge bitcoin-core/secp256k1#748: Add usage examples
7c9502c Add a copy of the CC0 license to the examples
42e0343 Add usage examples to the readme
517644e Optionally compile the examples in autotools, compile+run in travis
422a7cc Add a ecdh shared secret example
b0cfbcc Add a Schnorr signing and verifying example
fee7d4b Add an ECDSA signing and verifying example
1253a27 Merge bitcoin-core/secp256k1#1033: Add _fe_half and use in _gej_add_ge and _gej_double
3ef94aa Merge bitcoin-core/secp256k1#1026: ecdh: Add test computing shared_secret=basepoint with random inputs
3531a43 ecdh: Make generator_basepoint test depend on global iteration count
c881dd4 ecdh: Add test computing shared_secret=basepoint with random inputs
0775283 Merge bitcoin-core/secp256k1#1074: ci: Retry brew update a few times to avoid random failures
e51ad3b ci: Retry `brew update` a few times to avoid random failures
b1cb969 ci: Revert "Attempt to make macOS builds more reliable"
5dcc6f8 Merge bitcoin-core/secp256k1#1069: build: Replace use of deprecated autoconf macro AC_PROG_CC_C89
5954794 Merge bitcoin-core/secp256k1#1072: ci: Attempt to make macOS builds more reliable
85b00a1 Merge bitcoin-core/secp256k1#1068: sage: Fix incompatibility with sage 9.4
ebb1bee sage: Ensure that constraints are always fastfracs
d8d5485 ci: Run sage prover on CI
77cfa98 sage: Normalize sign of polynomial factors in prover
eae7586 sage: Exit with non-zero status in case of failures
d9396a5 ci: Attempt to make macOS builds more reliable
e0db3f8 build: Replace use of deprecated autoconf macro AC_PROG_CC_C89
e848c37 Update sage files for new formulae
d64bb5d Add fe_half tests for worst-case inputs
b54d843 sage: Fix printing of errors
4eb8b93 Further improve doubling formula using fe_half
557b31f Doubling formula using fe_half
2cbb4b1 Run more iterations of run_field_misc
9cc5c25 Add test for secp256k1_fe_half
925f78d Add _fe_half and use in _gej_add_ge
e108d00 sage: Fix incompatibility with sage 9.4
d8a2463 Merge bitcoin-core/secp256k1#899: Reduce stratch space needed by ecmult_strauss_wnaf.
0a40a48 Merge bitcoin-core/secp256k1#1049: Faster fixed-input ecmult tests
070e772 Faster fixed-input ecmult tests
c8aa516 Merge bitcoin-core/secp256k1#1064: Modulo-reduce msg32 inside RFC6979 nonce fn to match spec. Fixes bitcoin#1063
b797a50 Create a SECP256K1_ECMULT_TABLE_VERIFY macro.
a731200 Replace ECMULT_TABLE_GET_GE_STORAGE macro with a function.
fe34d9f Eliminate input_pos state field from ecmult_strauss_wnaf.
0397d00 Eliminate na_1 and na_lam state fields from ecmult_strauss_wnaf.
7ba3ffc Remove the unused pre_a_lam allocations.
b3b57ad Eliminate the pre_a_lam array from ecmult_strauss_wnaf.
ae7ba0f Remove the unused prej allocations.
e5c1889 Eliminate the prej array from ecmult_strauss_wnaf.
c9da1ba Move secp256k1_fe_one to field.h
45f37b6 Modulo-reduce msg32 inside RFC6979 nonce fn to match spec. Fixes bitcoin#1063.
a1102b1 Merge bitcoin-core/secp256k1#1029: Simpler and faster ecdh skew fixup
e82144e Fixup skew before global Z fixup
40b624c Add tests for _gej_cmov
8c13a9b ECDH skews by 0 or 1
1515099 Simpler and faster ecdh skew fixup
39a36db Merge bitcoin-core/secp256k1#1054: tests: Fix test whose result is implementation-defined
a310e79 Merge bitcoin-core/secp256k1#1052: Use xoshiro256++ instead of RFC6979 for tests
423b6d1 Merge bitcoin-core/secp256k1#964: Add release-process.md
9281c9f Merge bitcoin-core/secp256k1#1053: ecmult: move `_ecmult_odd_multiples_table_globalz_windowa`
77a1975 Use xoshiro256++ PRNG instead of RFC6979 in tests
5f2efe6 secp256k1_testrand_int(2**N) -> secp256k1_testrand_bits(N)
05e049b ecmult: move `_ecmult_odd_multiples_table_globalz_windowa`
3d7cbaf tests: Fix test whose result is implementation-defined
3ed0d02 doc: add CHANGELOG template
6f42dc1 doc: add release_process.md
0bd3e42 build: set library version to 0.0.0 explicitly
b4b02fd build: change libsecp version from 0.1 to 0.1.0-pre
09971a3 Merge bitcoin-core/secp256k1#1047: ci: Various improvements
0b83b20 Merge bitcoin-core/secp256k1#1030: doc: Fix upper bounds + cleanup in field_5x52_impl.h comment
1287786 doc: Add comment to top of field_10x26_impl.h
58da5bd doc: Fix upper bounds + cleanup in field_5x52_impl.h comment
b39d431 Merge bitcoin-core/secp256k1#1044: Add another ecmult_multi test
b4ac1a1 ci: Run valgrind/memcheck tasks with 2 CPUs
e70acab ci: Use Cirrus "greedy" flag to use idle CPU time when available
d07e301 ci: Update brew on macOS
22382f0 ci: Test different ecmult window sizes
a69df3a Merge bitcoin-core/secp256k1#816: Improve checks at top of _fe_negate methods
22d25c8 Add another ecmult_multi test
515e795 Improve checks at top of _fe_negate methods
26a022a ci: Remove STATICPRECOMPUTATION
10461d8 precompute_ecmult: Always compute all tables up to default WINDOW_G
be6944a Merge bitcoin-core/secp256k1#1042: Follow-ups to making all tables fully static
e05da9e Fix c++ build
c45386d Cleanup preprocessor indentation in precompute{,d}_ecmult{,_gen}
19d96e1 Split off .c file from precomputed_ecmult.h
1a6691a Split off .c file from precomputed_ecmult_gen.h
bb36331 Simplify precompute_ecmult_print_*
38cd84a Compute ecmult tables at runtime for tests_exhaustive
e458ec2 Move ecmult table computation code to separate file
fc1bf9f Split ecmult table computation and printing
31feab0 Rename function secp256k1_ecmult_gen_{create_prec -> compute}_table
725370c Rename ecmult_gen_prec -> ecmult_gen_compute_table
075252c Rename ecmult_static_pre_g -> precomputed_ecmult
7cf47f7 Rename ecmult_gen_static_prec_table -> precomputed_ecmult_gen
f95b810 Rename gen_ecmult_static_pre_g -> precompute_ecmult
bae7768 Rename gen_ecmult_gen_static_prec_table -> precompute_ecmult_gen

git-subtree-dir: src/secp256k1
git-subtree-split: 8746600

Author: fanquake

.cirrus.yml

@@ -4,10 +4,10 @@ env:
   # Specific warnings can be disabled with -Wno-error=foo.
   # -pedantic-errors is not equivalent to -Werror=pedantic and thus not implied by -Werror according to the GCC manual.
   WERROR_CFLAGS: -Werror -pedantic-errors
-  MAKEFLAGS: -j2
+  MAKEFLAGS: -j4
   BUILD: check
   ### secp256k1 config
-  STATICPRECOMPUTATION: yes
+  ECMULTWINDOW: auto
   ECMULTGENPRECISION: auto
   ASM: no
   WIDEMUL: auto
@@ -23,6 +23,8 @@ env:
   BENCH: yes
   SECP256K1_BENCH_ITERS: 2
   CTIMETEST: yes
+  # Compile and run the tests
+  EXAMPLES: yes
 
 cat_logs_snippet: &CAT_LOGS
   always:
@@ -50,28 +52,32 @@ merge_base_script_snippet: &MERGE_BASE
     - git config --global user.name "ci"
     - git merge FETCH_HEAD  # Merge base to detect silent merge conflicts
 
-task:
-  name: "x86_64: Linux (Debian stable)"
+linux_container_snippet: &LINUX_CONTAINER
   container:
     dockerfile: ci/linux-debian.Dockerfile
     # Reduce number of CPUs to be able to do more builds in parallel.
     cpu: 1
+    # Gives us more CPUs for free if they're available.
+    greedy: true
     # More than enough for our scripts.
     memory: 1G
+
+task:
+  name: "x86_64: Linux (Debian stable)"
+  << : *LINUX_CONTAINER
   matrix: &ENV_MATRIX
     - env: {WIDEMUL:  int64,  RECOVERY: yes}
-    - env: {WIDEMUL:  int64,                 ECDH: yes, EXPERIMENTAL: yes, SCHNORRSIG: yes}
+    - env: {WIDEMUL:  int64,                 ECDH: yes, SCHNORRSIG: yes}
     - env: {WIDEMUL: int128}
-    - env: {WIDEMUL: int128,  RECOVERY: yes,            EXPERIMENTAL: yes, SCHNORRSIG: yes}
-    - env: {WIDEMUL: int128,                 ECDH: yes, EXPERIMENTAL: yes, SCHNORRSIG: yes}
+    - env: {WIDEMUL: int128,  RECOVERY: yes,            SCHNORRSIG: yes}
+    - env: {WIDEMUL: int128,                 ECDH: yes, SCHNORRSIG: yes}
     - env: {WIDEMUL: int128,  ASM: x86_64}
-    - env: {                  RECOVERY: yes,            EXPERIMENTAL: yes, SCHNORRSIG: yes}
-    - env: {                  STATICPRECOMPUTATION: no}
+    - env: {                  RECOVERY: yes,            SCHNORRSIG: yes}
     - env: {BUILD: distcheck, WITH_VALGRIND: no, CTIMETEST: no, BENCH: no}
     - env: {CPPFLAGS: -DDETERMINISTIC}
     - env: {CFLAGS: -O0, CTIMETEST: no}
-    - env: { ECMULTGENPRECISION: 2 }
-    - env: { ECMULTGENPRECISION: 8 }
+    - env: { ECMULTGENPRECISION: 2, ECMULTWINDOW: 2 }
+    - env: { ECMULTGENPRECISION: 8, ECMULTWINDOW: 4 }
   matrix:
     - env:
         CC: gcc
@@ -84,15 +90,11 @@ task:
 
 task:
   name: "i686: Linux (Debian stable)"
-  container:
-    dockerfile: ci/linux-debian.Dockerfile
-    cpu: 1
-    memory: 1G
+  << : *LINUX_CONTAINER
   env:
     HOST: i686-linux-gnu
     ECDH: yes
     RECOVERY: yes
-    EXPERIMENTAL: yes
     SCHNORRSIG: yes
   matrix:
     - env:
@@ -134,8 +136,10 @@ task:
   ##   - rm /tmp/.com.apple.dt.CommandLineTools.installondemand.in-progress
   ##
   brew_valgrind_pre_script:
+    # Retry a few times because this tends to fail randomly.
+    - for i in {1..5}; do brew update && break || sleep 15; done
     - brew config
-    - brew tap --shallow LouisBrunner/valgrind
+    - brew tap LouisBrunner/valgrind
     # Fetch valgrind source but don't build it yet.
     - brew fetch --HEAD LouisBrunner/valgrind/valgrind
   brew_valgrind_cache:
@@ -165,18 +169,14 @@ task:
 
 task:
   name: "s390x (big-endian): Linux (Debian stable, QEMU)"
-  container:
-    dockerfile: ci/linux-debian.Dockerfile
-    cpu: 1
-    memory: 1G
+  << : *LINUX_CONTAINER
   env:
     WRAPPER_CMD: qemu-s390x
     SECP256K1_TEST_ITERS: 16
     HOST: s390x-linux-gnu
     WITH_VALGRIND: no
     ECDH: yes
     RECOVERY: yes
-    EXPERIMENTAL: yes
     SCHNORRSIG: yes
     CTIMETEST: no
   << : *MERGE_BASE
@@ -188,42 +188,34 @@ task:
 
 task:
   name: "ARM32: Linux (Debian stable, QEMU)"
-  container:
-    dockerfile: ci/linux-debian.Dockerfile
-    cpu: 1
-    memory: 1G
+  << : *LINUX_CONTAINER
   env:
     WRAPPER_CMD: qemu-arm
     SECP256K1_TEST_ITERS: 16
     HOST: arm-linux-gnueabihf
     WITH_VALGRIND: no
     ECDH: yes
     RECOVERY: yes
-    EXPERIMENTAL: yes
     SCHNORRSIG: yes
     CTIMETEST: no
   matrix:
     - env: {}
-    - env: {ASM: arm}
+    - env: {EXPERIMENTAL: yes, ASM: arm}
   << : *MERGE_BASE
   test_script:
     - ./ci/cirrus.sh
   << : *CAT_LOGS
 
 task:
   name: "ARM64: Linux (Debian stable, QEMU)"
-  container:
-    dockerfile: ci/linux-debian.Dockerfile
-    cpu: 1
-    memory: 1G
+  << : *LINUX_CONTAINER
   env:
     WRAPPER_CMD: qemu-aarch64
     SECP256K1_TEST_ITERS: 16
     HOST: aarch64-linux-gnu
     WITH_VALGRIND: no
     ECDH: yes
     RECOVERY: yes
-    EXPERIMENTAL: yes
     SCHNORRSIG: yes
     CTIMETEST: no
   << : *MERGE_BASE
@@ -233,18 +225,14 @@ task:
 
 task:
   name: "ppc64le: Linux (Debian stable, QEMU)"
-  container:
-    dockerfile: ci/linux-debian.Dockerfile
-    cpu: 1
-    memory: 1G
+  << : *LINUX_CONTAINER
   env:
     WRAPPER_CMD: qemu-ppc64le
     SECP256K1_TEST_ITERS: 16
     HOST: powerpc64le-linux-gnu
     WITH_VALGRIND: no
     ECDH: yes
     RECOVERY: yes
-    EXPERIMENTAL: yes
     SCHNORRSIG: yes
     CTIMETEST: no
   << : *MERGE_BASE
@@ -254,18 +242,14 @@ task:
 
 task:
   name: "x86_64 (mingw32-w64): Windows (Debian stable, Wine)"
-  container:
-    dockerfile: ci/linux-debian.Dockerfile
-    cpu: 1
-    memory: 1G
+  << : *LINUX_CONTAINER
   env:
     WRAPPER_CMD: wine64-stable
     SECP256K1_TEST_ITERS: 16
     HOST: x86_64-w64-mingw32
     WITH_VALGRIND: no
     ECDH: yes
     RECOVERY: yes
-    EXPERIMENTAL: yes
     SCHNORRSIG: yes
     CTIMETEST: no
   << : *MERGE_BASE
@@ -275,23 +259,23 @@ task:
 
 # Sanitizers
 task:
-  container:
-    dockerfile: ci/linux-debian.Dockerfile
-    cpu: 1
-    memory: 2G
+  << : *LINUX_CONTAINER
   env:
     ECDH: yes
     RECOVERY: yes
-    EXPERIMENTAL: yes
     SCHNORRSIG: yes
     CTIMETEST: no
   matrix:
     - name: "Valgrind (memcheck)"
+      container:
+        cpu: 2
       env:
         # The `--error-exitcode` is required to make the test fail if valgrind found errors, otherwise it'll return 0 (https://www.valgrind.org/docs/manual/manual-core.html)
         WRAPPER_CMD: "valgrind --error-exitcode=42"
         SECP256K1_TEST_ITERS: 2
     - name: "UBSan, ASan, LSan"
+      container:
+        memory: 2G
       env:
         CFLAGS: "-fsanitize=undefined,address -g"
         UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1"
@@ -302,11 +286,10 @@ task:
   matrix:
     - env:
         ASM: auto
-        STATICPRECOMPUTATION: yes
     - env:
         ASM: no
-        STATICPRECOMPUTATION: no
         ECMULTGENPRECISION: 2
+        ECMULTWINDOW: 2
   matrix:
     - env:
         CC: clang
@@ -320,21 +303,24 @@ task:
 
 task:
   name: "C++ -fpermissive"
-  container:
-    dockerfile: ci/linux-debian.Dockerfile
-    cpu: 1
-    memory: 1G
+  << : *LINUX_CONTAINER
   env:
     # ./configure correctly errors out when given CC=g++.
     # We hack around this by passing CC=g++ only to make.
     CC: gcc
-    MAKEFLAGS: -j2 CC=g++ CFLAGS=-fpermissive\ -g
+    MAKEFLAGS: -j4 CC=g++ CFLAGS=-fpermissive\ -g
     WERROR_CFLAGS:
-    EXPERIMENTAL: yes
     ECDH: yes
     RECOVERY: yes
     SCHNORRSIG: yes
   << : *MERGE_BASE
   test_script:
     - ./ci/cirrus.sh
   << : *CAT_LOGS
+
+task:
+  name: "sage prover"
+  << : *LINUX_CONTAINER
+  test_script:
+    - cd sage
+    - sage prove_group_implementations.sage

.gitattributes

@@ -1,2 +1,2 @@
-src/ecmult_static_pre_g.h linguist-generated
-src/ecmult_gen_static_prec_table.h linguist-generated
+src/precomputed_ecmult.c linguist-generated
+src/precomputed_ecmult_gen.c linguist-generated

.gitignore

@@ -3,14 +3,19 @@ bench_ecmult
 bench_internal
 tests
 exhaustive_tests
-gen_ecmult_gen_static_prec_table
-gen_ecmult_static_pre_g
+precompute_ecmult_gen
+precompute_ecmult
 valgrind_ctime_test
+ecdh_example
+ecdsa_example
+schnorr_example
 *.exe
 *.so
 *.a
 *.csv
 !.gitignore
+*.log
+*.trs
 
 Makefile
 configure
@@ -41,6 +46,7 @@ coverage.*.html
 
 src/libsecp256k1-config.h
 src/libsecp256k1-config.h.in
+build-aux/ar-lib
 build-aux/config.guess
 build-aux/config.sub
 build-aux/depcomp