From 12feb33dba2061415d6f39fa59dec16fafcda2a0 Mon Sep 17 00:00:00 2001 From: vnugent Date: Sun, 21 Jul 2024 17:51:04 -0400 Subject: Push latest changes, patches, and internal upgrades --- Taskfile.yaml | 53 +++++++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 43 insertions(+), 10 deletions(-) (limited to 'Taskfile.yaml') diff --git a/Taskfile.yaml b/Taskfile.yaml index a79921c..93ea182 100644 --- a/Taskfile.yaml +++ b/Taskfile.yaml @@ -14,6 +14,7 @@ version: '3' vars: CMAKE_BUILD_DIR: 'build/{{ OS }}' + TEST_EXE_NAME: 'nctest' tasks: @@ -29,14 +30,6 @@ tasks: - task: build-internal vars: { CMAKE_TEST_STATUS: 'ON', BUILD_CONFIG: 'Debug' } - build-internal: - internal: true - cmds: - - cmake -S . -B{{.CMAKE_BUILD_DIR}} -DCMAKE_BUILD_TYPE={{.BUILD_CONFIG}} -DNC_BUILD_TESTS={{ .CMAKE_TEST_STATUS }} {{.CLI_ARGS}} - - cmake --build {{.CMAKE_BUILD_DIR}} --config {{.BUILD_CONFIG}} - - cmd: echo "Build complete. Your files can be found in the {{.CMAKE_BUILD_DIR}} directory" - silent: true - #available to users and vnbuild runner test: desc: "Builds a local copy of the library in a debug configuration, then runs the test executable" @@ -44,6 +37,37 @@ tasks: - task: build-debug - cmd: cd {{.CMAKE_BUILD_DIR}} && ctest -C Debug --verbose + test-mbedtls: + desc: "Builds and runs tests for noscrypt using the mbedtls crypto library for the current platform" + cmds: + - task: build-internal + vars: + CMAKE_TEST_STATUS: 'ON' + BUILD_CONFIG: 'Debug' + CLI_ARGS: '-DNC_FETCH_MBEDTLS=ON {{.CLI_ARGS}}' #fetches and enabled medtls + - cmd: cd {{.CMAKE_BUILD_DIR}} && ctest -C Debug --verbose + + test-dev: + desc: "Re-runs compilation phase and test execution" + cmds: + - task: compile + vars: { BUILD_CONFIG: 'Debug' } + - cmd: cd {{.CMAKE_BUILD_DIR}} && ctest -C Debug --verbose --output-on-failure + + compile: + internal: true + cmds: + - cmake --build {{.CMAKE_BUILD_DIR}} --config {{.BUILD_CONFIG}} + + build-internal: + internal: true + cmds: + - cmake -S . -B{{.CMAKE_BUILD_DIR}} -DCMAKE_BUILD_TYPE={{.BUILD_CONFIG}} -DNC_BUILD_TESTS={{ .CMAKE_TEST_STATUS }} {{.CLI_ARGS}} + - task: compile + vars: { BUILD_CONFIG: '{{.BUILD_CONFIG}}' } + - cmd: echo "Build complete. Your files can be found in the {{.CMAKE_BUILD_DIR}} directory" + silent: true + install: desc: "Uses cmake to install the library on your system" cmds: @@ -115,17 +139,26 @@ tasks: desc: "Packs up the project source code and creates a tarball in the builds binary directory" vars: TARGET_SOURCE: '{{.PROJECT_DIR}}/{{.BINARY_DIR}}/{{.PROJECT_NAME}}-src.tgz' - SOURCE_FILES: 'CMakeLists.txt src include license tests vendor readme.md Taskfile.yaml' + SOURCE_FILES: [ CMakeLists.txt, Taskfile.yaml, src, include, license, tests, vendor, readme.md, CMakePresets.json ] cmds: #tar up the source - - tar -czf "{{.TARGET_SOURCE}}" {{.SOURCE_FILES}} + - tar -czf "{{.TARGET_SOURCE}}" {{ .SOURCE_FILES | join " " }} ################################# # # DEV TASKS # ################################# + + dev-gdb-test: + platforms: [ linux ] + desc: "Starts a new gdb session on the test executable" + interactive: true + cmds: + - task: compile + vars: { BUILD_CONFIG: 'Debug' } + - cmd: gdb '{{.CMAKE_BUILD_DIR}}/{{.TEST_EXE_NAME}}' dev-update-deps: desc: "Updates vendored projects files (headers mostly) from their source repositories to the latest version" -- cgit From 54f520e4bfc0fe23e2719d44b09739aa8709451c Mon Sep 17 00:00:00 2001 From: vnugent Date: Tue, 23 Jul 2024 19:55:13 -0400 Subject: latest changes --- Taskfile.yaml | 11 +++++- src/hkdf.c | 2 +- src/providers/bcrypt.c | 3 +- src/providers/openssl.c | 94 ++++++++++++++++++++++++++++++++----------------- 4 files changed, 75 insertions(+), 35 deletions(-) (limited to 'Taskfile.yaml') diff --git a/Taskfile.yaml b/Taskfile.yaml index 93ea182..9c123ec 100644 --- a/Taskfile.yaml +++ b/Taskfile.yaml @@ -139,7 +139,16 @@ tasks: desc: "Packs up the project source code and creates a tarball in the builds binary directory" vars: TARGET_SOURCE: '{{.PROJECT_DIR}}/{{.BINARY_DIR}}/{{.PROJECT_NAME}}-src.tgz' - SOURCE_FILES: [ CMakeLists.txt, Taskfile.yaml, src, include, license, tests, vendor, readme.md, CMakePresets.json ] + SOURCE_FILES: + CMakeLists.txt + Taskfile.yaml + src + include + license + tests + vendor + readme.md + CMakePresets.json cmds: #tar up the source diff --git a/src/hkdf.c b/src/hkdf.c index ab661de..16e0b5b 100644 --- a/src/hkdf.c +++ b/src/hkdf.c @@ -61,7 +61,7 @@ cstatus_t hkdfExpandProcess( counter[0] = 1; /* counter is offset by 1 for init */ result = CSTATUS_FAIL; /* Start in fail state */ - /* counter as a span */ + /* span over counter value that points to the counter buffer */ ncSpanInitC(&counterSpan, counter, sizeof(counter)); /* Compute T(N) = HMAC(prk, T(n-1) | info | n) */ diff --git a/src/providers/bcrypt.c b/src/providers/bcrypt.c index 67ae695..10cf801 100644 --- a/src/providers/bcrypt.c +++ b/src/providers/bcrypt.c @@ -223,7 +223,8 @@ _IMPLSTB void _bcDestroyCtx(struct _bcrypt_ctx* ctx) cstatus_t _bcrypt_hkdf_finish(void* ctx, sha256_t hmacOut32) { - DEBUG_ASSERT(ctx != NULL) + DEBUG_ASSERT(ctx != NULL); + DEBUG_ASSERT(hmacOut32 != NULL); BC_FAIL(_bcFinishHash((struct _bcrypt_ctx*)ctx, hmacOut32)) return CSTATUS_OK; diff --git a/src/providers/openssl.c b/src/providers/openssl.c index 1f31796..5bade3b 100644 --- a/src/providers/openssl.c +++ b/src/providers/openssl.c @@ -26,6 +26,8 @@ #define _OSSL_FAIL(x) if(!(x)) return CSTATUS_FAIL; +#define ossl_md_sha256() EVP_MD_fetch(NULL, "SHA2-256", NULL) + #ifndef _IMPL_SECURE_ZERO_MEMSET #define _IMPL_SECURE_ZERO_MEMSET _ossl_secure_zero_memset @@ -63,11 +65,11 @@ #define _IMPL_CRYPTO_SHA256_DIGEST _ossl_sha256_digest - _IMPLSTB cstatus_t _ossl_sha256_digest(const cspan_t* data, sha256_t digestOut32) + _IMPLSTB cstatus_t _ossl_sha256_digest(cspan_t data, sha256_t digestOut32) { - _overflow_check(data->size) + _overflow_check(data.size) - _OSSL_FAIL(SHA256(data->data, data->size, digestOut32)) + _OSSL_FAIL(SHA256(data.data, data.size, digestOut32)) return CSTATUS_OK; } @@ -81,22 +83,22 @@ /* Export function */ #define _IMPL_CRYPTO_SHA256_HMAC _ossl_hmac_sha256 - _IMPLSTB cstatus_t _ossl_hmac_sha256(const cspan_t* key, const cspan_t* data, sha256_t hmacOut32) + _IMPLSTB cstatus_t _ossl_hmac_sha256(cspan_t key, cspan_t data, sha256_t hmacOut32) { unsigned int hmacLen; - _overflow_check(key->size) - _overflow_check(data->size) + _overflow_check(key.size) + _overflow_check(data.size) hmacLen = sizeof(sha256_t); _OSSL_FAIL( HMAC( - EVP_sha256(), - key->data, - key->size, - data->data, - data->size, + ossl_md_sha256(), + key.data, + key.size, + data.data, + data.size, hmacOut32, &hmacLen ) @@ -112,30 +114,44 @@ #ifndef _IMPL_CRYPTO_SHA256_HKDF_EXPAND - #include + #include #define _IMPL_CRYPTO_SHA256_HKDF_EXPAND _ossl_sha256_hkdf_expand - cstatus_t _ossl_hkdf_update(void* ctx, const cspan_t* data) + cstatus_t _ossl_hkdf_update(void* ctx, cspan_t data) { DEBUG_ASSERT(ctx != NULL) - _overflow_check(data->size) + _overflow_check(data.size) - _OSSL_FAIL(EVP_DigestUpdate((EVP_MD_CTX*)ctx, data->data, data->size)) + _OSSL_FAIL( + EVP_MAC_update( + (EVP_MAC_CTX*)ctx, + data.data, + data.size + ) + ) return CSTATUS_OK; } cstatus_t _ossl_hkdf_finish(void* ctx, sha256_t hmacOut32) { - unsigned int hmacSize; + size_t hmacSize; - DEBUG_ASSERT(ctx != NULL) + DEBUG_ASSERT(ctx != NULL); + DEBUG_ASSERT(hmacOut32 != NULL) - hmacSize = sizeof(sha256_t); + hmacSize = 0; - _OSSL_FAIL(EVP_DigestFinal_ex((EVP_MD_CTX*)ctx, hmacOut32, &hmacSize)) + _OSSL_FAIL( + EVP_MAC_final( + (EVP_MAC_CTX*)ctx, + hmacOut32, + &hmacSize, + sizeof(sha256_t) + ) + ) /* When configured for sha256, should always be the same size in/out */ DEBUG_ASSERT(hmacSize == sizeof(sha256_t)) @@ -143,42 +159,56 @@ return CSTATUS_OK; } - _IMPLSTB cstatus_t _ossl_sha256_hkdf_expand(const cspan_t* prk, const cspan_t* info, span_t* okm) + _IMPLSTB cstatus_t _ossl_sha256_hkdf_expand(cspan_t prk, cspan_t info, span_t okm) { - EVP_MD_CTX* ctx; + EVP_MAC* mac; + EVP_MAC_CTX* ctx; cstatus_t result; + OSSL_PARAM params[2]; struct nc_hkdf_fn_cb_struct handler; result = CSTATUS_FAIL; + + handler.update = _ossl_hkdf_update; + handler.finish = _ossl_hkdf_finish; + _overflow_check(prk.size); + /* - * NOTE! Hmac reusable flag must be set to allow for multiple - * calls to the finish function without losing the context. + * Silly openssl stuff. Enable hmac with sha256 using the system default + * security provider. The one-shot flag must also be disabled (0) because + * we need to call update multiple times. + * + * "provider=default,digest=SHA256,digest-oneshot=0" */ - if ((ctx = EVP_MD_CTX_create()) == NULL) + ctx = NULL; + mac = EVP_MAC_fetch(NULL, "HMAC", NULL); + + if (mac == NULL) { - return CSTATUS_FAIL; + goto Cleanup; } - if (!EVP_DigestInit_ex2(ctx, EVP_sha256(), NULL)) + if ((ctx = EVP_MAC_CTX_new(mac)) == NULL) { goto Cleanup; } - if (!EVP_DigestUpdate(ctx, prk->data, prk->size)) + params[0] = OSSL_PARAM_construct_utf8_string("digest", "SHA2-256", 0); + params[1] = OSSL_PARAM_construct_end(); + + if (!EVP_MAC_init(ctx, prk.data, prk.size, params)) { goto Cleanup; } - - handler.update = _ossl_hkdf_update; - handler.finish = _ossl_hkdf_finish; result = hkdfExpandProcess(&handler, ctx, info, okm); Cleanup: - - EVP_MD_CTX_destroy(ctx); + + if (ctx) EVP_MAC_CTX_free(ctx); + if (mac) EVP_MAC_free(mac); return result; } -- cgit From 7989a2660997b909e0b99fc1dfb3bcfbb0528df3 Mon Sep 17 00:00:00 2001 From: vnugent Date: Tue, 6 Aug 2024 19:42:25 -0400 Subject: update openssl to 3.3.1 --- Taskfile.yaml | 7 ++- vendor/openssl/include/openssl/cmp.h.in | 27 +-------- vendor/openssl/include/openssl/cmperr.h | 4 -- vendor/openssl/include/openssl/comp.h.in | 76 ++++++++++++++++++++++++++ vendor/openssl/include/openssl/crypto.h.in | 9 --- vendor/openssl/include/openssl/e_os2.h | 4 +- vendor/openssl/include/openssl/indicator.h | 31 +++++++++++ vendor/openssl/include/openssl/pem.h | 1 - vendor/openssl/include/openssl/sslerr.h | 1 - vendor/openssl/include/openssl/tls1.h | 6 -- vendor/openssl/include/openssl/x509.h.in | 28 ++++------ vendor/openssl/include/openssl/x509_acert.h.in | 36 ++++++++++++ vendor/openssl/include/openssl/x509v3.h.in | 22 +++----- 13 files changed, 169 insertions(+), 83 deletions(-) create mode 100644 vendor/openssl/include/openssl/comp.h.in create mode 100644 vendor/openssl/include/openssl/indicator.h (limited to 'Taskfile.yaml') diff --git a/Taskfile.yaml b/Taskfile.yaml index 9c123ec..053cef2 100644 --- a/Taskfile.yaml +++ b/Taskfile.yaml @@ -176,6 +176,7 @@ tasks: - task: dev-update-monocypher - task: dev-update-mbedtls-headers - task: dev-update-openssl-headers + - task: dev-set-secp256-headers dev-update-monocypher: vars: @@ -204,13 +205,13 @@ tasks: - git clone --branch {{ .MBEDTLS_GIT_BRANCH }} {{ .MBEDTLS_GIT_URL }} '{{ .TMP_DIR }}' - - for: [ 'include/mbedtls', 'include/psa' ] + - for: [ 'include/mbedtls' ] cmd: powershell cp -Recurse -Force '{{ .TMP_DIR }}/{{ .ITEM }}' '{{.MBEDTLS_DIR}}/include' dev-update-openssl-headers: vars: - OPENSSL_GIT_URL: 'git://git.openssl.org/openssl.git' - OPENSSL_GIT_BRANCH: 'master' + OPENSSL_GIT_URL: 'https://github.com/openssl/openssl' + OPENSSL_GIT_BRANCH: 'openssl-3.3.1' OPENSSL_DIR: 'vendor/openssl' TMP_DIR: '.update/openssl' cmds: diff --git a/vendor/openssl/include/openssl/cmp.h.in b/vendor/openssl/include/openssl/cmp.h.in index c46b9ab..ad9eb34 100644 --- a/vendor/openssl/include/openssl/cmp.h.in +++ b/vendor/openssl/include/openssl/cmp.h.in @@ -228,12 +228,6 @@ DECLARE_ASN1_DUP_FUNCTION(OSSL_CMP_ITAV) {- generate_stack_macros("OSSL_CMP_ITAV"); -} - -typedef struct ossl_cmp_crlstatus_st OSSL_CMP_CRLSTATUS; -{- - generate_stack_macros("OSSL_CMP_CRLSTATUS"); --} - typedef struct ossl_cmp_revrepcontent_st OSSL_CMP_REVREPCONTENT; typedef struct ossl_cmp_pkisi_st OSSL_CMP_PKISI; DECLARE_ASN1_FUNCTIONS(OSSL_CMP_PKISI) @@ -263,7 +257,7 @@ void OSSL_CMP_ITAV_set0(OSSL_CMP_ITAV *itav, ASN1_OBJECT *type, ASN1_TYPE *value); ASN1_OBJECT *OSSL_CMP_ITAV_get0_type(const OSSL_CMP_ITAV *itav); ASN1_TYPE *OSSL_CMP_ITAV_get0_value(const OSSL_CMP_ITAV *itav); -int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **sk_p, +int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **itav_sk_p, OSSL_CMP_ITAV *itav); void OSSL_CMP_ITAV_free(OSSL_CMP_ITAV *itav); @@ -284,22 +278,6 @@ int OSSL_CMP_ITAV_get0_rootCaKeyUpdate(const OSSL_CMP_ITAV *itav, X509 **newWithOld, X509 **oldWithNew); -OSSL_CMP_CRLSTATUS *OSSL_CMP_CRLSTATUS_create(const X509_CRL *crl, - const X509 *cert, int only_DN); -OSSL_CMP_CRLSTATUS *OSSL_CMP_CRLSTATUS_new1(const DIST_POINT_NAME *dpn, - const GENERAL_NAMES *issuer, - const ASN1_TIME *thisUpdate); -int OSSL_CMP_CRLSTATUS_get0(const OSSL_CMP_CRLSTATUS *crlstatus, - DIST_POINT_NAME **dpn, GENERAL_NAMES **issuer, - ASN1_TIME **thisUpdate); -void OSSL_CMP_CRLSTATUS_free(OSSL_CMP_CRLSTATUS *crlstatus); -OSSL_CMP_ITAV -*OSSL_CMP_ITAV_new0_crlStatusList(STACK_OF(OSSL_CMP_CRLSTATUS) *crlStatusList); -int OSSL_CMP_ITAV_get0_crlStatusList(const OSSL_CMP_ITAV *itav, - STACK_OF(OSSL_CMP_CRLSTATUS) **out); -OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_crls(const X509_CRL *crls); -int OSSL_CMP_ITAV_get0_crls(const OSSL_CMP_ITAV *it, STACK_OF(X509_CRL) **out); - void OSSL_CMP_MSG_free(OSSL_CMP_MSG *msg); /* from cmp_ctx.c */ @@ -543,9 +521,6 @@ int OSSL_CMP_get1_caCerts(OSSL_CMP_CTX *ctx, STACK_OF(X509) **out); int OSSL_CMP_get1_rootCaKeyUpdate(OSSL_CMP_CTX *ctx, const X509 *oldWithOld, X509 **newWithNew, X509 **newWithOld, X509 **oldWithNew); -int OSSL_CMP_get1_crlUpdate(OSSL_CMP_CTX *ctx, const X509 *crlcert, - const X509_CRL *last_crl, - X509_CRL **crl); # ifdef __cplusplus } diff --git a/vendor/openssl/include/openssl/cmperr.h b/vendor/openssl/include/openssl/cmperr.h index 700ffbe..0d876e5 100644 --- a/vendor/openssl/include/openssl/cmperr.h +++ b/vendor/openssl/include/openssl/cmperr.h @@ -60,9 +60,7 @@ # define CMP_R_FAILED_EXTRACTING_PUBKEY 141 # define CMP_R_FAILURE_OBTAINING_RANDOM 110 # define CMP_R_FAIL_INFO_OUT_OF_RANGE 129 -# define CMP_R_GENERATE_CRLSTATUS 198 # define CMP_R_GETTING_GENP 192 -# define CMP_R_GET_ITAV 199 # define CMP_R_INVALID_ARGS 100 # define CMP_R_INVALID_GENP 193 # define CMP_R_INVALID_OPTION 174 @@ -102,7 +100,6 @@ # define CMP_R_TRANSFER_ERROR 159 # define CMP_R_UNCLEAN_CTX 191 # define CMP_R_UNEXPECTED_CERTPROFILE 196 -# define CMP_R_UNEXPECTED_CRLSTATUSLIST 201 # define CMP_R_UNEXPECTED_PKIBODY 133 # define CMP_R_UNEXPECTED_PKISTATUS 185 # define CMP_R_UNEXPECTED_POLLREQ 105 @@ -110,7 +107,6 @@ # define CMP_R_UNEXPECTED_SENDER 106 # define CMP_R_UNKNOWN_ALGORITHM_ID 134 # define CMP_R_UNKNOWN_CERT_TYPE 135 -# define CMP_R_UNKNOWN_CRL_ISSUER 200 # define CMP_R_UNKNOWN_PKISTATUS 186 # define CMP_R_UNSUPPORTED_ALGORITHM 136 # define CMP_R_UNSUPPORTED_KEY_TYPE 137 diff --git a/vendor/openssl/include/openssl/comp.h.in b/vendor/openssl/include/openssl/comp.h.in new file mode 100644 index 0000000..bd1efdc --- /dev/null +++ b/vendor/openssl/include/openssl/comp.h.in @@ -0,0 +1,76 @@ +/* + * Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +{- +use OpenSSL::stackhash qw(generate_stack_macros); +-} + +#ifndef OPENSSL_COMP_H +# define OPENSSL_COMP_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_COMP_H +# endif + +# include + +# include +# include +# ifdef __cplusplus +extern "C" { +# endif + + + +# ifndef OPENSSL_NO_COMP + +COMP_CTX *COMP_CTX_new(COMP_METHOD *meth); +const COMP_METHOD *COMP_CTX_get_method(const COMP_CTX *ctx); +int COMP_CTX_get_type(const COMP_CTX* comp); +int COMP_get_type(const COMP_METHOD *meth); +const char *COMP_get_name(const COMP_METHOD *meth); +void COMP_CTX_free(COMP_CTX *ctx); + +int COMP_compress_block(COMP_CTX *ctx, unsigned char *out, int olen, + unsigned char *in, int ilen); +int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen, + unsigned char *in, int ilen); + +COMP_METHOD *COMP_zlib(void); +COMP_METHOD *COMP_zlib_oneshot(void); +COMP_METHOD *COMP_brotli(void); +COMP_METHOD *COMP_brotli_oneshot(void); +COMP_METHOD *COMP_zstd(void); +COMP_METHOD *COMP_zstd_oneshot(void); + +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define COMP_zlib_cleanup() while(0) continue +# endif + +# ifdef OPENSSL_BIO_H +const BIO_METHOD *BIO_f_zlib(void); +const BIO_METHOD *BIO_f_brotli(void); +const BIO_METHOD *BIO_f_zstd(void); +# endif + +# endif + +typedef struct ssl_comp_st SSL_COMP; + +{- + generate_stack_macros("SSL_COMP"); +-} + + +# ifdef __cplusplus +} +# endif +#endif diff --git a/vendor/openssl/include/openssl/crypto.h.in b/vendor/openssl/include/openssl/crypto.h.in index 034f150..b2d691b 100644 --- a/vendor/openssl/include/openssl/crypto.h.in +++ b/vendor/openssl/include/openssl/crypto.h.in @@ -90,7 +90,6 @@ int CRYPTO_atomic_or(uint64_t *val, uint64_t op, uint64_t *ret, CRYPTO_RWLOCK *lock); int CRYPTO_atomic_load(uint64_t *val, uint64_t *ret, CRYPTO_RWLOCK *lock); int CRYPTO_atomic_load_int(int *val, int *ret, CRYPTO_RWLOCK *lock); -int CRYPTO_atomic_store(uint64_t *dst, uint64_t val, CRYPTO_RWLOCK *lock); /* No longer needed, so this is a no-op */ #define OPENSSL_malloc_init() while(0) continue @@ -99,9 +98,6 @@ int CRYPTO_atomic_store(uint64_t *dst, uint64_t val, CRYPTO_RWLOCK *lock); CRYPTO_malloc(num, OPENSSL_FILE, OPENSSL_LINE) # define OPENSSL_zalloc(num) \ CRYPTO_zalloc(num, OPENSSL_FILE, OPENSSL_LINE) -# define OPENSSL_aligned_alloc(num, alignment, freeptr) \ - CRYPTO_aligned_alloc(num, alignment, freeptr, \ - OPENSSL_FILE, OPENSSL_LINE) # define OPENSSL_realloc(addr, num) \ CRYPTO_realloc(addr, num, OPENSSL_FILE, OPENSSL_LINE) # define OPENSSL_clear_realloc(addr, old_num, num) \ @@ -325,9 +321,6 @@ void CRYPTO_get_mem_functions(CRYPTO_malloc_fn *malloc_fn, OSSL_CRYPTO_ALLOC void *CRYPTO_malloc(size_t num, const char *file, int line); OSSL_CRYPTO_ALLOC void *CRYPTO_zalloc(size_t num, const char *file, int line); -OSSL_CRYPTO_ALLOC void *CRYPTO_aligned_alloc(size_t num, size_t align, - void **freeptr, const char *file, - int line); OSSL_CRYPTO_ALLOC void *CRYPTO_memdup(const void *str, size_t siz, const char *file, int line); OSSL_CRYPTO_ALLOC char *CRYPTO_strdup(const char *str, const char *file, int line); OSSL_CRYPTO_ALLOC char *CRYPTO_strndup(const char *str, size_t s, const char *file, int line); @@ -536,8 +529,6 @@ int OSSL_LIB_CTX_load_config(OSSL_LIB_CTX *ctx, const char *config_file); void OSSL_LIB_CTX_free(OSSL_LIB_CTX *); OSSL_LIB_CTX *OSSL_LIB_CTX_get0_global_default(void); OSSL_LIB_CTX *OSSL_LIB_CTX_set0_default(OSSL_LIB_CTX *libctx); -int OSSL_LIB_CTX_get_conf_diagnostics(OSSL_LIB_CTX *ctx); -void OSSL_LIB_CTX_set_conf_diagnostics(OSSL_LIB_CTX *ctx, int value); void OSSL_sleep(uint64_t millis); diff --git a/vendor/openssl/include/openssl/e_os2.h b/vendor/openssl/include/openssl/e_os2.h index a4aea0b..f1e1795 100644 --- a/vendor/openssl/include/openssl/e_os2.h +++ b/vendor/openssl/include/openssl/e_os2.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -200,7 +200,6 @@ extern "C" { # endif # ifndef ossl_ssize_t -# include # define ossl_ssize_t ssize_t # if defined(SSIZE_MAX) # define OSSL_SSIZE_MAX SSIZE_MAX @@ -229,6 +228,7 @@ typedef INT32 int32_t; typedef UINT32 uint32_t; typedef INT64 int64_t; typedef UINT64 uint64_t; +typedef UINTN uintptr_t; # elif (defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L) || \ defined(__osf__) || defined(__sgi) || defined(__hpux) || \ defined(OPENSSL_SYS_VMS) || defined (__OpenBSD__) diff --git a/vendor/openssl/include/openssl/indicator.h b/vendor/openssl/include/openssl/indicator.h new file mode 100644 index 0000000..3ea0122 --- /dev/null +++ b/vendor/openssl/include/openssl/indicator.h @@ -0,0 +1,31 @@ +/* + * Copyright 2024 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_INDICATOR_H +# define OPENSSL_INDICATOR_H +# pragma once + +# ifdef __cplusplus +extern "C" { +# endif + +#include + +typedef int (OSSL_INDICATOR_CALLBACK)(const char *type, const char *desc, + const OSSL_PARAM params[]); + +void OSSL_INDICATOR_set_callback(OSSL_LIB_CTX *libctx, + OSSL_INDICATOR_CALLBACK *cb); +void OSSL_INDICATOR_get_callback(OSSL_LIB_CTX *libctx, + OSSL_INDICATOR_CALLBACK **cb); + +# ifdef __cplusplus +} +# endif +#endif /* OPENSSL_INDICATOR_H */ diff --git a/vendor/openssl/include/openssl/pem.h b/vendor/openssl/include/openssl/pem.h index 6ea1a49..0446c77 100644 --- a/vendor/openssl/include/openssl/pem.h +++ b/vendor/openssl/include/openssl/pem.h @@ -58,7 +58,6 @@ extern "C" { # define PEM_STRING_PARAMETERS "PARAMETERS" # define PEM_STRING_CMS "CMS" # define PEM_STRING_SM2PARAMETERS "SM2 PARAMETERS" -# define PEM_STRING_ACERT "ATTRIBUTE CERTIFICATE" # define PEM_TYPE_ENCRYPTED 10 # define PEM_TYPE_MIC_ONLY 20 diff --git a/vendor/openssl/include/openssl/sslerr.h b/vendor/openssl/include/openssl/sslerr.h index 8222b25..ec35df6 100644 --- a/vendor/openssl/include/openssl/sslerr.h +++ b/vendor/openssl/include/openssl/sslerr.h @@ -117,7 +117,6 @@ # define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST 354 # define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150 # define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151 -# define SSL_R_ERROR_IN_SYSTEM_DEFAULT_CONFIG 419 # define SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN 204 # define SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE 194 # define SSL_R_EXCESSIVE_MESSAGE_SIZE 152 diff --git a/vendor/openssl/include/openssl/tls1.h b/vendor/openssl/include/openssl/tls1.h index 8ff39e3..7e3d1a7 100644 --- a/vendor/openssl/include/openssl/tls1.h +++ b/vendor/openssl/include/openssl/tls1.h @@ -622,10 +622,6 @@ int SSL_CTX_set_tlsext_ticket_key_evp_cb # define TLS1_3_CK_AES_128_CCM_SHA256 0x03001304 # define TLS1_3_CK_AES_128_CCM_8_SHA256 0x03001305 -/* Integrity-only ciphersuites from RFC 9150 */ -# define TLS1_3_CK_SHA256_SHA256 0x0300C0B4 -# define TLS1_3_CK_SHA384_SHA384 0x0300C0B5 - /* Aria ciphersuites from RFC6209 */ # define TLS1_CK_RSA_WITH_ARIA_128_GCM_SHA256 0x0300C050 # define TLS1_CK_RSA_WITH_ARIA_256_GCM_SHA384 0x0300C051 @@ -703,8 +699,6 @@ int SSL_CTX_set_tlsext_ticket_key_evp_cb # define TLS1_3_RFC_AES_128_GCM_SHA256 "TLS_AES_128_GCM_SHA256" # define TLS1_3_RFC_AES_256_GCM_SHA384 "TLS_AES_256_GCM_SHA384" # define TLS1_3_RFC_CHACHA20_POLY1305_SHA256 "TLS_CHACHA20_POLY1305_SHA256" -# define TLS1_3_RFC_SHA256_SHA256 "TLS_SHA256_SHA256" -# define TLS1_3_RFC_SHA384_SHA384 "TLS_SHA384_SHA384" # define TLS1_3_RFC_AES_128_CCM_SHA256 "TLS_AES_128_CCM_SHA256" # define TLS1_3_RFC_AES_128_CCM_8_SHA256 "TLS_AES_128_CCM_8_SHA256" # define TLS1_RFC_ECDHE_ECDSA_WITH_NULL_SHA "TLS_ECDHE_ECDSA_WITH_NULL_SHA" diff --git a/vendor/openssl/include/openssl/x509.h.in b/vendor/openssl/include/openssl/x509.h.in index 7d7ffa2..7210391 100644 --- a/vendor/openssl/include/openssl/x509.h.in +++ b/vendor/openssl/include/openssl/x509.h.in @@ -67,24 +67,16 @@ extern "C" { # define X509_FILETYPE_ASN1 2 # define X509_FILETYPE_DEFAULT 3 -/*- - * : - * The KeyUsage BITSTRING is treated as a little-endian integer, hence bit `0` - * is 0x80, while bit `7` is 0x01 (the LSB of the integer value), bit `8` is - * then the MSB of the second octet, or 0x8000. - */ -# define X509v3_KU_DIGITAL_SIGNATURE 0x0080 /* (0) */ -# define X509v3_KU_NON_REPUDIATION 0x0040 /* (1) */ -# define X509v3_KU_KEY_ENCIPHERMENT 0x0020 /* (2) */ -# define X509v3_KU_DATA_ENCIPHERMENT 0x0010 /* (3) */ -# define X509v3_KU_KEY_AGREEMENT 0x0008 /* (4) */ -# define X509v3_KU_KEY_CERT_SIGN 0x0004 /* (5) */ -# define X509v3_KU_CRL_SIGN 0x0002 /* (6) */ -# define X509v3_KU_ENCIPHER_ONLY 0x0001 /* (7) */ -# define X509v3_KU_DECIPHER_ONLY 0x8000 /* (8) */ -# ifndef OPENSSL_NO_DEPRECATED_3_4 -# define X509v3_KU_UNDEF 0xffff /* vestigial, not used */ -# endif +# define X509v3_KU_DIGITAL_SIGNATURE 0x0080 +# define X509v3_KU_NON_REPUDIATION 0x0040 +# define X509v3_KU_KEY_ENCIPHERMENT 0x0020 +# define X509v3_KU_DATA_ENCIPHERMENT 0x0010 +# define X509v3_KU_KEY_AGREEMENT 0x0008 +# define X509v3_KU_KEY_CERT_SIGN 0x0004 +# define X509v3_KU_CRL_SIGN 0x0002 +# define X509v3_KU_ENCIPHER_ONLY 0x0001 +# define X509v3_KU_DECIPHER_ONLY 0x8000 +# define X509v3_KU_UNDEF 0xffff struct X509_algor_st { ASN1_OBJECT *algorithm; diff --git a/vendor/openssl/include/openssl/x509_acert.h.in b/vendor/openssl/include/openssl/x509_acert.h.in index 42376a6..70facf8 100644 --- a/vendor/openssl/include/openssl/x509_acert.h.in +++ b/vendor/openssl/include/openssl/x509_acert.h.in @@ -153,4 +153,40 @@ int OSSL_IETF_ATTR_SYNTAX_add1_value(OSSL_IETF_ATTR_SYNTAX *a, int type, void *data); int OSSL_IETF_ATTR_SYNTAX_print(BIO *bp, OSSL_IETF_ATTR_SYNTAX *a, int indent); +struct TARGET_CERT_st { + OSSL_ISSUER_SERIAL *targetCertificate; + GENERAL_NAME *targetName; + OSSL_OBJECT_DIGEST_INFO *certDigestInfo; +}; + +typedef struct TARGET_CERT_st OSSL_TARGET_CERT; + +# define OSSL_TGT_TARGET_NAME 0 +# define OSSL_TGT_TARGET_GROUP 1 +# define OSSL_TGT_TARGET_CERT 2 + +typedef struct TARGET_st { + int type; + union { + GENERAL_NAME *targetName; + GENERAL_NAME *targetGroup; + OSSL_TARGET_CERT *targetCert; + } choice; +} OSSL_TARGET; + +typedef STACK_OF(OSSL_TARGET) OSSL_TARGETS; +typedef STACK_OF(OSSL_TARGETS) OSSL_TARGETING_INFORMATION; + +{- + generate_stack_macros("OSSL_TARGET"); +-} + +{- + generate_stack_macros("OSSL_TARGETS"); +-} + +DECLARE_ASN1_FUNCTIONS(OSSL_TARGET) +DECLARE_ASN1_FUNCTIONS(OSSL_TARGETS) +DECLARE_ASN1_FUNCTIONS(OSSL_TARGETING_INFORMATION) + #endif diff --git a/vendor/openssl/include/openssl/x509v3.h.in b/vendor/openssl/include/openssl/x509v3.h.in index a967064..5696803 100644 --- a/vendor/openssl/include/openssl/x509v3.h.in +++ b/vendor/openssl/include/openssl/x509v3.h.in @@ -178,8 +178,6 @@ typedef struct ACCESS_DESCRIPTION_st { GENERAL_NAME *location; } ACCESS_DESCRIPTION; -int GENERAL_NAME_set1_X509_NAME(GENERAL_NAME **tgt, const X509_NAME *src); - {- generate_stack_macros("ACCESS_DESCRIPTION") .generate_stack_macros("GENERAL_NAME"); @@ -203,7 +201,6 @@ typedef struct DIST_POINT_NAME_st { /* If relativename then this contains the full distribution point name */ X509_NAME *dpname; } DIST_POINT_NAME; -DECLARE_ASN1_DUP_FUNCTION(DIST_POINT_NAME) /* All existing reasons */ # define CRLDP_ALL_REASONS 0x807f @@ -425,16 +422,15 @@ struct ISSUING_DIST_POINT_st { # define EXFLAG_SAN_CRITICAL 0x80000 # define EXFLAG_NO_FINGERPRINT 0x100000 -/* https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.3 */ -# define KU_DIGITAL_SIGNATURE X509v3_KU_DIGITAL_SIGNATURE -# define KU_NON_REPUDIATION X509v3_KU_NON_REPUDIATION -# define KU_KEY_ENCIPHERMENT X509v3_KU_KEY_ENCIPHERMENT -# define KU_DATA_ENCIPHERMENT X509v3_KU_DATA_ENCIPHERMENT -# define KU_KEY_AGREEMENT X509v3_KU_KEY_AGREEMENT -# define KU_KEY_CERT_SIGN X509v3_KU_KEY_CERT_SIGN -# define KU_CRL_SIGN X509v3_KU_CRL_SIGN -# define KU_ENCIPHER_ONLY X509v3_KU_ENCIPHER_ONLY -# define KU_DECIPHER_ONLY X509v3_KU_DECIPHER_ONLY +# define KU_DIGITAL_SIGNATURE 0x0080 +# define KU_NON_REPUDIATION 0x0040 +# define KU_KEY_ENCIPHERMENT 0x0020 +# define KU_DATA_ENCIPHERMENT 0x0010 +# define KU_KEY_AGREEMENT 0x0008 +# define KU_KEY_CERT_SIGN 0x0004 +# define KU_CRL_SIGN 0x0002 +# define KU_ENCIPHER_ONLY 0x0001 +# define KU_DECIPHER_ONLY 0x8000 # define NS_SSL_CLIENT 0x80 # define NS_SSL_SERVER 0x40 -- cgit From 3b97f84fd0477eafcd6567eb8597b213e4136664 Mon Sep 17 00:00:00 2001 From: vnugent Date: Tue, 6 Aug 2024 19:57:10 -0400 Subject: update libsecp256k1 to v0.5.1 --- CMakeLists.txt | 2 +- Taskfile.yaml | 4 +- .../include/secp256k1/secp256k1_ellswift.h | 200 +++++++++++++++++++++ .../include/secp256k1/secp256k1_recovery.h | 113 ++++++++++++ 4 files changed, 316 insertions(+), 3 deletions(-) create mode 100644 vendor/secp256k1/include/secp256k1/secp256k1_ellswift.h create mode 100644 vendor/secp256k1/include/secp256k1/secp256k1_recovery.h (limited to 'Taskfile.yaml') diff --git a/CMakeLists.txt b/CMakeLists.txt index 6dad383..89b2026 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -51,7 +51,7 @@ if(NC_FETCH_SECP256K1) FetchContent_Declare( libsecp256k1 GIT_REPOSITORY https://github.com/bitcoin-core/secp256k1 - GIT_TAG e3a885d42a7800c1ccebad94ad1e2b82c4df5c65 # release-0.5.0 + GIT_TAG 642c885b6102725e25623738529895a95addc4f4 # release-0.5.1 GIT_PROGRESS TRUE ) diff --git a/Taskfile.yaml b/Taskfile.yaml index 053cef2..0af15f3 100644 --- a/Taskfile.yaml +++ b/Taskfile.yaml @@ -226,9 +226,9 @@ tasks: dev-set-secp256-headers: vars: SECP256_GIT_URL: 'https://github.com/bitcoin-core/secp256k1' - SECP256_GIT_BRANCH: 'v0.5.0' + SECP256_GIT_BRANCH: 'v0.5.1' SECP256_DIR: 'vendor/secp256k1' - TMP_DIR: '.update/openssl' + TMP_DIR: '.update/secp256k1' cmds: - cmd: powershell mkdir '{{.TMP_DIR}}' -Force ignore_error: true diff --git a/vendor/secp256k1/include/secp256k1/secp256k1_ellswift.h b/vendor/secp256k1/include/secp256k1/secp256k1_ellswift.h new file mode 100644 index 0000000..ae37287 --- /dev/null +++ b/vendor/secp256k1/include/secp256k1/secp256k1_ellswift.h @@ -0,0 +1,200 @@ +#ifndef SECP256K1_ELLSWIFT_H +#define SECP256K1_ELLSWIFT_H + +#include "secp256k1.h" + +#ifdef __cplusplus +extern "C" { +#endif + +/* This module provides an implementation of ElligatorSwift as well as a + * version of x-only ECDH using it (including compatibility with BIP324). + * + * ElligatorSwift is described in https://eprint.iacr.org/2022/759 by + * Chavez-Saab, Rodriguez-Henriquez, and Tibouchi. It permits encoding + * uniformly chosen public keys as 64-byte arrays which are indistinguishable + * from uniformly random arrays. + * + * Let f be the function from pairs of field elements to point X coordinates, + * defined as follows (all operations modulo p = 2^256 - 2^32 - 977) + * f(u,t): + * - Let C = 0xa2d2ba93507f1df233770c2a797962cc61f6d15da14ecd47d8d27ae1cd5f852, + * a square root of -3. + * - If u=0, set u=1 instead. + * - If t=0, set t=1 instead. + * - If u^3 + t^2 + 7 = 0, multiply t by 2. + * - Let X = (u^3 + 7 - t^2) / (2 * t) + * - Let Y = (X + t) / (C * u) + * - Return the first in [u + 4 * Y^2, (-X/Y - u) / 2, (X/Y - u) / 2] that is an + * X coordinate on the curve (at least one of them is, for any u and t). + * + * Then an ElligatorSwift encoding of x consists of the 32-byte big-endian + * encodings of field elements u and t concatenated, where f(u,t) = x. + * The encoding algorithm is described in the paper, and effectively picks a + * uniformly random pair (u,t) among those which encode x. + * + * If the Y coordinate is relevant, it is given the same parity as t. + * + * Changes w.r.t. the the paper: + * - The u=0, t=0, and u^3+t^2+7=0 conditions result in decoding to the point + * at infinity in the paper. Here they are remapped to finite points. + * - The paper uses an additional encoding bit for the parity of y. Here the + * parity of t is used (negating t does not affect the decoded x coordinate, + * so this is possible). + * + * For mathematical background about the scheme, see the doc/ellswift.md file. + */ + +/** A pointer to a function used by secp256k1_ellswift_xdh to hash the shared X + * coordinate along with the encoded public keys to a uniform shared secret. + * + * Returns: 1 if a shared secret was successfully computed. + * 0 will cause secp256k1_ellswift_xdh to fail and return 0. + * Other return values are not allowed, and the behaviour of + * secp256k1_ellswift_xdh is undefined for other return values. + * Out: output: pointer to an array to be filled by the function + * In: x32: pointer to the 32-byte serialized X coordinate + * of the resulting shared point (will not be NULL) + * ell_a64: pointer to the 64-byte encoded public key of party A + * (will not be NULL) + * ell_b64: pointer to the 64-byte encoded public key of party B + * (will not be NULL) + * data: arbitrary data pointer that is passed through + */ +typedef int (*secp256k1_ellswift_xdh_hash_function)( + unsigned char *output, + const unsigned char *x32, + const unsigned char *ell_a64, + const unsigned char *ell_b64, + void *data +); + +/** An implementation of an secp256k1_ellswift_xdh_hash_function which uses + * SHA256(prefix64 || ell_a64 || ell_b64 || x32), where prefix64 is the 64-byte + * array pointed to by data. */ +SECP256K1_API const secp256k1_ellswift_xdh_hash_function secp256k1_ellswift_xdh_hash_function_prefix; + +/** An implementation of an secp256k1_ellswift_xdh_hash_function compatible with + * BIP324. It returns H_tag(ell_a64 || ell_b64 || x32), where H_tag is the + * BIP340 tagged hash function with tag "bip324_ellswift_xonly_ecdh". Equivalent + * to secp256k1_ellswift_xdh_hash_function_prefix with prefix64 set to + * SHA256("bip324_ellswift_xonly_ecdh")||SHA256("bip324_ellswift_xonly_ecdh"). + * The data argument is ignored. */ +SECP256K1_API const secp256k1_ellswift_xdh_hash_function secp256k1_ellswift_xdh_hash_function_bip324; + +/** Construct a 64-byte ElligatorSwift encoding of a given pubkey. + * + * Returns: 1 always. + * Args: ctx: pointer to a context object + * Out: ell64: pointer to a 64-byte array to be filled + * In: pubkey: pointer to a secp256k1_pubkey containing an + * initialized public key + * rnd32: pointer to 32 bytes of randomness + * + * It is recommended that rnd32 consists of 32 uniformly random bytes, not + * known to any adversary trying to detect whether public keys are being + * encoded, though 16 bytes of randomness (padded to an array of 32 bytes, + * e.g., with zeros) suffice to make the result indistinguishable from + * uniform. The randomness in rnd32 must not be a deterministic function of + * the pubkey (it can be derived from the private key, though). + * + * It is not guaranteed that the computed encoding is stable across versions + * of the library, even if all arguments to this function (including rnd32) + * are the same. + * + * This function runs in variable time. + */ +SECP256K1_API int secp256k1_ellswift_encode( + const secp256k1_context *ctx, + unsigned char *ell64, + const secp256k1_pubkey *pubkey, + const unsigned char *rnd32 +) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4); + +/** Decode a 64-bytes ElligatorSwift encoded public key. + * + * Returns: always 1 + * Args: ctx: pointer to a context object + * Out: pubkey: pointer to a secp256k1_pubkey that will be filled + * In: ell64: pointer to a 64-byte array to decode + * + * This function runs in variable time. + */ +SECP256K1_API int secp256k1_ellswift_decode( + const secp256k1_context *ctx, + secp256k1_pubkey *pubkey, + const unsigned char *ell64 +) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); + +/** Compute an ElligatorSwift public key for a secret key. + * + * Returns: 1: secret was valid, public key was stored. + * 0: secret was invalid, try again. + * Args: ctx: pointer to a context object + * Out: ell64: pointer to a 64-byte array to receive the ElligatorSwift + * public key + * In: seckey32: pointer to a 32-byte secret key + * auxrnd32: (optional) pointer to 32 bytes of randomness + * + * Constant time in seckey and auxrnd32, but not in the resulting public key. + * + * It is recommended that auxrnd32 contains 32 uniformly random bytes, though + * it is optional (and does result in encodings that are indistinguishable from + * uniform even without any auxrnd32). It differs from the (mandatory) rnd32 + * argument to secp256k1_ellswift_encode in this regard. + * + * This function can be used instead of calling secp256k1_ec_pubkey_create + * followed by secp256k1_ellswift_encode. It is safer, as it uses the secret + * key as entropy for the encoding (supplemented with auxrnd32, if provided). + * + * Like secp256k1_ellswift_encode, this function does not guarantee that the + * computed encoding is stable across versions of the library, even if all + * arguments (including auxrnd32) are the same. + */ +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ellswift_create( + const secp256k1_context *ctx, + unsigned char *ell64, + const unsigned char *seckey32, + const unsigned char *auxrnd32 +) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); + +/** Given a private key, and ElligatorSwift public keys sent in both directions, + * compute a shared secret using x-only Elliptic Curve Diffie-Hellman (ECDH). + * + * Returns: 1: shared secret was successfully computed + * 0: secret was invalid or hashfp returned 0 + * Args: ctx: pointer to a context object. + * Out: output: pointer to an array to be filled by hashfp. + * In: ell_a64: pointer to the 64-byte encoded public key of party A + * (will not be NULL) + * ell_b64: pointer to the 64-byte encoded public key of party B + * (will not be NULL) + * seckey32: pointer to our 32-byte secret key + * party: boolean indicating which party we are: zero if we are + * party A, non-zero if we are party B. seckey32 must be + * the private key corresponding to that party's ell_?64. + * This correspondence is not checked. + * hashfp: pointer to a hash function. + * data: arbitrary data pointer passed through to hashfp. + * + * Constant time in seckey32. + * + * This function is more efficient than decoding the public keys, and performing + * ECDH on them. + */ +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ellswift_xdh( + const secp256k1_context *ctx, + unsigned char *output, + const unsigned char *ell_a64, + const unsigned char *ell_b64, + const unsigned char *seckey32, + int party, + secp256k1_ellswift_xdh_hash_function hashfp, + void *data +) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4) SECP256K1_ARG_NONNULL(5) SECP256K1_ARG_NONNULL(7); + +#ifdef __cplusplus +} +#endif + +#endif /* SECP256K1_ELLSWIFT_H */ diff --git a/vendor/secp256k1/include/secp256k1/secp256k1_recovery.h b/vendor/secp256k1/include/secp256k1/secp256k1_recovery.h new file mode 100644 index 0000000..341b8ba --- /dev/null +++ b/vendor/secp256k1/include/secp256k1/secp256k1_recovery.h @@ -0,0 +1,113 @@ +#ifndef SECP256K1_RECOVERY_H +#define SECP256K1_RECOVERY_H + +#include "secp256k1.h" + +#ifdef __cplusplus +extern "C" { +#endif + +/** Opaque data structured that holds a parsed ECDSA signature, + * supporting pubkey recovery. + * + * The exact representation of data inside is implementation defined and not + * guaranteed to be portable between different platforms or versions. It is + * however guaranteed to be 65 bytes in size, and can be safely copied/moved. + * If you need to convert to a format suitable for storage or transmission, use + * the secp256k1_ecdsa_signature_serialize_* and + * secp256k1_ecdsa_signature_parse_* functions. + * + * Furthermore, it is guaranteed that identical signatures (including their + * recoverability) will have identical representation, so they can be + * memcmp'ed. + */ +typedef struct { + unsigned char data[65]; +} secp256k1_ecdsa_recoverable_signature; + +/** Parse a compact ECDSA signature (64 bytes + recovery id). + * + * Returns: 1 when the signature could be parsed, 0 otherwise + * Args: ctx: pointer to a context object + * Out: sig: pointer to a signature object + * In: input64: pointer to a 64-byte compact signature + * recid: the recovery id (0, 1, 2 or 3) + */ +SECP256K1_API int secp256k1_ecdsa_recoverable_signature_parse_compact( + const secp256k1_context *ctx, + secp256k1_ecdsa_recoverable_signature *sig, + const unsigned char *input64, + int recid +) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); + +/** Convert a recoverable signature into a normal signature. + * + * Returns: 1 + * Args: ctx: pointer to a context object. + * Out: sig: pointer to a normal signature. + * In: sigin: pointer to a recoverable signature. + */ +SECP256K1_API int secp256k1_ecdsa_recoverable_signature_convert( + const secp256k1_context *ctx, + secp256k1_ecdsa_signature *sig, + const secp256k1_ecdsa_recoverable_signature *sigin +) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); + +/** Serialize an ECDSA signature in compact format (64 bytes + recovery id). + * + * Returns: 1 + * Args: ctx: pointer to a context object. + * Out: output64: pointer to a 64-byte array of the compact signature. + * recid: pointer to an integer to hold the recovery id. + * In: sig: pointer to an initialized signature object. + */ +SECP256K1_API int secp256k1_ecdsa_recoverable_signature_serialize_compact( + const secp256k1_context *ctx, + unsigned char *output64, + int *recid, + const secp256k1_ecdsa_recoverable_signature *sig +) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4); + +/** Create a recoverable ECDSA signature. + * + * Returns: 1: signature created + * 0: the nonce generation function failed, or the secret key was invalid. + * Args: ctx: pointer to a context object (not secp256k1_context_static). + * Out: sig: pointer to an array where the signature will be placed. + * In: msghash32: the 32-byte message hash being signed. + * seckey: pointer to a 32-byte secret key. + * noncefp: pointer to a nonce generation function. If NULL, + * secp256k1_nonce_function_default is used. + * ndata: pointer to arbitrary data used by the nonce generation function + * (can be NULL for secp256k1_nonce_function_default). + */ +SECP256K1_API int secp256k1_ecdsa_sign_recoverable( + const secp256k1_context *ctx, + secp256k1_ecdsa_recoverable_signature *sig, + const unsigned char *msghash32, + const unsigned char *seckey, + secp256k1_nonce_function noncefp, + const void *ndata +) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4); + +/** Recover an ECDSA public key from a signature. + * + * Returns: 1: public key successfully recovered (which guarantees a correct signature). + * 0: otherwise. + * Args: ctx: pointer to a context object. + * Out: pubkey: pointer to the recovered public key. + * In: sig: pointer to initialized signature that supports pubkey recovery. + * msghash32: the 32-byte message hash assumed to be signed. + */ +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ecdsa_recover( + const secp256k1_context *ctx, + secp256k1_pubkey *pubkey, + const secp256k1_ecdsa_recoverable_signature *sig, + const unsigned char *msghash32 +) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4); + +#ifdef __cplusplus +} +#endif + +#endif /* SECP256K1_RECOVERY_H */ -- cgit