Commit Graph

255 Commits

Author SHA1 Message Date
Marius van der Wijden
d10a2f6ab7
tests/fuzzers: update fuzzers to be based on go-native fuzzing (#28352)
This change modifies the fuzzers to use the native golang fuzzing framework instead of go-fuzz
2023-10-18 15:01:16 +02:00
cui
4abc412348
crypto/bn256: eliminate dead store (#27944) 2023-08-23 21:26:30 +02:00
lonika
05a8b887a9
crypto/bls12381: fix typo in comment (#27930) 2023-08-15 14:37:34 +02:00
Justin Traglia
2274a03e33
crypto/kzg4844: do lazy init in all ckzg funcs (#27679)
* crypto/kzg4844: remove unnecessary init call & fix typo

* Fix kzg4844 tests/benchmarks

* Make init lazy & revert changes to tests
2023-07-24 19:13:34 +03:00
Francisco de Borja Aranda Castillejo
942ba4ddaa
crypto/secp256k1: define NDEBUG only if not defined (#27550) 2023-06-23 19:02:05 +02:00
Delweng
21c87e0f1b
crypto: replace noarg fmt.Errorf with errors.New (#27333)
Signed-off-by: jsvisa <delweng@gmail.com>
2023-05-24 14:45:51 +02:00
Justin Traglia
9ca84e6b0b
crypto/kzg4844: upgrade c-kzg-4844 to v0.2.0 (#27257)
Upgrade c-kzg-4844 to v0.2.0
2023-05-12 20:16:14 +03:00
Péter Szilágyi
2169fa343a
crypto/kzg4844: pull in the C and Go libs for KZG cryptography (#27155)
* cryto/kzg4844: pull in the C and Go libs for KZG cryptography

* go.mod: pull in the KZG libraries

* crypto/kzg4844: add basic becnhmarks for ballpark numbers

* cmd, crypto: integrate both CKZG and GoKZG all the time, add flag

* cmd/utils, crypto/kzg4844: run library init on startup

* crypto/kzg4844: make linter happy

* crypto/kzg4844: push missing file

* crypto/kzg4844: fully disable CKZG but leave in the sources

* build, crypto/kzg4844, internal: link CKZG by default and with portable mode

* crypto/kzg4844: drop verifying the trusted setup in gokzg

* internal/build: yolo until it works?

* cmd/utils: make flag description friendlier

Co-authored-by: Martin Holst Swende <martin@swende.se>

* crypto/ckzg: no need for double availability check

* build: tiny flag cleanup nitpick

---------

Co-authored-by: Martin Holst Swende <martin@swende.se>
2023-05-10 14:54:14 +03:00
Martin Holst Swende
4d3525610e
all: remove deprecated uses of math.rand (#26710)
This PR is a (superior) alternative to https://github.com/ethereum/go-ethereum/pull/26708, it handles deprecation, primarily two specific cases. 

`rand.Seed` is typically used in two ways
- `rand.Seed(time.Now().UnixNano())` -- we seed it, just to be sure to get some random, and not always get the same thing on every run. This is not needed, with global seeding, so those are just removed. 
- `rand.Seed(1)` this is typically done to ensure we have a stable test. If we rely on this, we need to fix up the tests to use a deterministic prng-source. A few occurrences like this has been replaced with a proper custom source. 

`rand.Read` has been replaced by `crypto/rand`.`Read` in this PR.
2023-02-16 14:36:58 -05:00
jwasinger
faff980d97
crypto/bls12381: use worst case scalar for input to G1/G2 mul benchmarks (#26447)
* test

* crypto/bls12381: use worst case scalar for input to G1/G2 mul benchmarks
2023-01-10 03:16:17 -05:00
jwasinger
9a4e8e222e
crypto/bls12381: docs - fix broken links to references (#26095) 2022-11-03 08:48:13 +01:00
Martin Holst Swende
5a02b2d6d0
all: fix spelling mistakes (#25961) 2022-10-11 09:37:00 +02:00
George Carder
d213cb0924
crypto/bls12381: docfix of g1 Affine (#25729)
bls12381: docfix of g1 Affine.
2022-09-16 11:40:42 +02:00
Felix Lange
b628d72766
build: upgrade to go 1.19 (#25726)
This changes the CI / release builds to use the latest Go version. It also
upgrades golangci-lint to a newer version compatible with Go 1.19.

In Go 1.19, godoc has gained official support for links and lists. The
syntax for code blocks in doc comments has changed and now requires a
leading tab character. gofmt adapts comments to the new syntax
automatically, so there are a lot of comment re-formatting changes in this
PR. We need to apply the new format in order to pass the CI lint stage with
Go 1.19.

With the linter upgrade, I have decided to disable 'gosec' - it produces
too many false-positive warnings. The 'deadcode' and 'varcheck' linters
have also been removed because golangci-lint warns about them being
unmaintained. 'unused' provides similar coverage and we already have it
enabled, so we don't lose much with this change.
2022-09-10 13:25:40 +02:00
Justin Traglia
2c5648d891
all: fix some typos (#25551)
* Fix some typos

* Fix some mistakes

* Revert 4byte.json

* Fix an incorrect fix

* Change files to fails
2022-08-19 09:00:21 +03:00
Delweng
b196ad1c16
all: add whitespace linter (#25312)
* golangci: typo

Signed-off-by: Delweng <delweng@gmail.com>

* golangci: add whietspace

Signed-off-by: Delweng <delweng@gmail.com>

* *: rm whitesapce using golangci-lint

Signed-off-by: Delweng <delweng@gmail.com>

* cmd/puppeth: revert accidental resurrection

Co-authored-by: Péter Szilágyi <peterke@gmail.com>
2022-07-25 13:14:03 +03:00
Martin Holst Swende
a907d7e81a
all: more linters (#24783)
This enables the following linters

- typecheck
- unused
- staticcheck
- bidichk
- durationcheck
- exportloopref
- gosec

WIth a few exceptions.

- We use a deprecated protobuf in trezor. I didn't want to mess with that, since I cannot meaningfully test any changes there.
- The deprecated TypeMux is used in a few places still, so the warning for it is silenced for now.
- Using string type in context.WithValue is apparently wrong, one should use a custom type, to prevent collisions between different places in the hierarchy of callers. That should be fixed at some point, but may require some attention.
- The warnings for using weak random generator are squashed, since we use a lot of random without need for cryptographic guarantees.
2022-06-13 16:24:45 +02:00
Håvard Anda Estensen
07508ac0e9
all: replace uses of ioutil with io and os (#24869) 2022-05-16 11:59:35 +02:00
ucwong
34501ed235
crypto/bls12381: go format 2022-03-22 10:32:13 +01:00
Jonathan Chappelow
830231c1c4
crypto: use btcec/v2 for no-cgo (#24533)
This updates the no-cgo implementations in the crypto package to use
the github.com/btcsuite/btcd/btcec/v2 module instead of the older btcec
package that was part of the main github.com/btcsuite/btcd module.

name                   old time/op  new time/op  delta
EcrecoverSignature-32   198µs ± 0%   144µs ± 0%  -27.11%
VerifySignature-32      177µs ± 0%   128µs ± 0%  -27.44%
DecompressPubkey-32    20.9µs ± 0%  10.1µs ± 0%  -51.51%

Use (*ModNScalar).IsOverHalfOrder instead of math/big.Int when checking
for malleable signatures.
2022-03-16 14:23:14 +01:00
uji
ec64358ac9
crypto/bn256/cloudflare: fix asm for dynamic linking (#24476)
When using -buildmode=shared, R15 is clobbered by a global variable
access; use a different register instead.

Fixes: #24439
2022-03-09 00:23:13 +01:00
Ikko Ashimine
0a4ec1dde5
crypto/bls12381: fix typo in comment (#24509) 2022-03-08 10:48:25 +01:00
xq840622
045e90c897
crypto/ecies: use AES-192 for curve P384 (#24139)
Using curve P384 for encryption causes the error "ecies: shared key params
are too big". Also, readme.md says curve P384 should use AES192 not AES256.

Co-authored-by: Marius van der Wijden <m.vanderwijden@live.de>
2022-01-12 11:09:10 +01:00
Taeik Lim
85064ed09b
all: fix 'the the' in comments (#24036) 2021-12-02 15:42:09 +01:00
Felix Lange
8a134014b4
all: add go:build lines (#23468)
Generated by go1.17 fmt ./...
2021-08-25 18:46:29 +02:00
Guillaume Ballet
887902ea4d
crypto/cloudflare/bn256: fix in-place addition and unmarshalling (#23419) 2021-08-25 17:33:09 +02:00
Martin Holst Swende
bbbeb7d8ba
crypto: gofuzz build directives (#23137) 2021-06-30 23:04:28 +02:00
Martin Holst Swende
a750bf8686
crypto: fix build directives 2021-06-22 15:21:11 +02:00
Marius van der Wijden
0703ef62d3
crypto/secp256k1: fix undefined behavior in BitCurve.Add (#22621)
This commit changes the behavior of BitCurve.Add to be more inline
with btcd. It fixes two different bugs:

1) When adding a point at infinity to another point, the other point
   should be returned. While this is undefined behavior, it is better
   to be more inline with the go standard library.
   Thus (0,0) + (a, b) = (a,b)

2) Adding the same point to itself produced the point at infinity.
   This is incorrect, now doubleJacobian is used to correctly calculate it.
   Thus (a,b) + (a,b) == 2* (a,b) and not (0,0) anymore.

The change also adds a differential fuzzer for Add, testing it against btcd.

Co-authored-by: Felix Lange <fjl@twurst.com>
2021-05-27 13:30:25 +02:00
Alex Prut
ef84da8481
all: remove unneeded parentheses (#21921)
* remove uneeded convertion type

* remove redundant type in composite literal

* omit explicit type where implicit

* remove unused redundant parenthesis

* remove redundant import alias duktape
2021-02-02 11:32:44 +02:00
Martin Holst Swende
1e1865b73f
core: implement background trie prefetcher
Squashed from the following commits:

core/state: lazily init snapshot storage map
core/state: fix flawed meter on storage reads
core/state: make statedb/stateobjects reuse a hasher
core/blockchain, core/state: implement new trie prefetcher
core: make trie prefetcher deliver tries to statedb
core/state: refactor trie_prefetcher, export storage tries
blockchain: re-enable the next-block-prefetcher
state: remove panics in trie prefetcher
core/state/trie_prefetcher: address some review concerns

sq
2021-01-21 01:46:38 +02:00
Marius van der Wijden
d667ee2d10
crypto: fix ineffectual assignments (#22124)
* crypto/bls12381: fixed ineffectual assignment

* crypto/signify: fix ineffectual assignment
2021-01-06 13:06:44 +02:00
Martin Holst Swende
b9012a039b
common,crypto: move fuzzers out of core (#22029)
* common,crypto: move fuzzers out of core

* fuzzers: move vm fuzzer out from core

* fuzzing: rework cover package logic

* fuzzers: lint
2020-12-23 17:44:45 +01:00
Felix Lange
f935b1d542
crypto/signify, build: fix archive signing with signify (#21977)
This fixes some issues in crypto/signify and makes release signing work.

The archive signing step in ci.go used getenvBase64, which decodes the key data.
This is incorrect here because crypto/signify already base64-decodes the key.
2020-12-09 15:43:36 +01:00
Steve Ruckdashel
6a4e730003
crypto/secp256k1: add workaround for go mod vendor (#21735)
Go won't vendor C files if there are no Go files present in the directory.
Workaround is to add dummy Go files.

Fixes: #20232
2020-12-08 10:47:56 +01:00
Guillaume Ballet
fa572cd297
crypto: signing builds with signify/minisign (#21798)
* internal/build: implement signify's signing func
* Add signify to the ci utility
* fix output file format
* Add unit test for signify
* holiman's + travis' feedback
* internal/build: verify signify's output
* crypto: move signify to common dir
* use go-minisign to verify binaries
* more holiman feedback
* crypto, ci: support minisign output
* only accept one-line trusted comments
* configurable untrusted comments
* code cleanup in tests
* revert to use ed25519 from the stdlib
* bug: fix for empty untrusted comments
* write timestamp as comment if trusted comment isn't present
* rename line checker to commentHasManyLines
* crypto: added signify fuzzer (#6)
* crypto: added signify fuzzer
* stuff
* crypto: updated signify fuzzer to fuzz comments
* crypto: repro signify crashes
* rebased fuzzer on build-signify branch
* hide fuzzer behind gofuzz build flag
* extract key data inside a single function
* don't treat \r as a newline
* travis: fix signing command line
* do not use an external binary in tests
* crypto: move signify to crypto/signify
* travis: fix formatting issue
* ci: fix linter build after package move

Co-authored-by: Marius van der Wijden <m.vanderwijden@live.de>
2020-11-27 12:13:54 +01:00
Alex Prut
c92faee66e
all: simplify nested complexity and if blocks ending with a return statement (#21854)
Changes:

    Simplify nested complexity
    If an if blocks ends with a return statement then remove the else nesting.

Most of the changes has also been reported in golint https://goreportcard.com/report/github.com/ethereum/go-ethereum#golint
2020-11-25 09:24:50 +01:00
Martin Holst Swende
6104ab6b6d
tests/fuzzers/bls1381: add bls fuzzer (#21796)
* added bls fuzzer

* crypto/bls12381: revert bls-changes, fixup fuzzer tests

* fuzzers: split bls fuzzing into 8 different units

* fuzzers/bls: remove (now stale) corpus

* crypto/bls12381: added blsfuzz corpus

* fuzzers/bls12381: fix the bls corpus

* fuzzers: fix oss-fuzz script

* tests/fuzzers: fixups on bls corpus

* test/fuzzers: remove leftover corpus

Co-authored-by: Marius van der Wijden <m.vanderwijden@live.de>
2020-11-23 15:49:16 +01:00
Martin Holst Swende
ebb9591c4d
crypto/bn256: fix bn256Mul fuzzer to not hang on large input (#21872)
* crypto/bn256: fix bn256Mul fuzzer to not hang on large input

* Update crypto/bn256/bn256_fuzz.go

Co-authored-by: ligi <ligi@ligi.de>

Co-authored-by: ligi <ligi@ligi.de>
2020-11-20 08:53:10 +01:00
Abd ar-Rahman Hamidi
db87223269
crypto/secp256k1: add checking z sign in affineFromJacobian (#18419)
The z == 0 check is hit whenever we Add two points with the same x1/x2
coordinate. crypto/elliptic uses the same check in their affineFromJacobian
function. This change does not affect block processing or tx signature verification
in any way, because it does not use the Add or Double methods.
2020-11-17 11:47:17 +01:00
Sad Pencil
1ea7537997
crypto/bn256: refine comments according to #19577, #21595, and #21836 (#21847) 2020-11-17 09:51:36 +01:00
Marius van der Wijden
9ded4e33c5
crypto/bn256: better comments for u, P and Order (#21836) 2020-11-13 10:17:23 +01:00
Martin Holst Swende
a19b4235c7
crypto/bn256: improve bn256 fuzzer (#21815)
* crypto/cloudflare: fix nil deref in random G1/G2 reading

* crypto/bn256: improve fuzzer

* crypto/bn256: fix some flaws in fuzzer
2020-11-13 09:27:57 +01:00
Marius van der Wijden
ddeea1e0c6
core: types: less allocations when hashing and tx handling (#21265)
* core, crypto: various allocation savings regarding tx handling

* core: reduce allocs for gas price comparison

This change reduces the allocations needed for comparing different transactions to each other.
A call to `tx.GasPrice()` copies the gas price as it has to be safe against modifications and
also needs to be threadsafe. For comparing and ordering different transactions we don't need
these guarantees

* core: added tx.GasPriceIntCmp for comparison without allocation

adds a method to remove unneeded allocation in comparison to tx.gasPrice

* core/types: pool legacykeccak256 objects in rlpHash

rlpHash is by far the most used function in core that allocates a legacyKeccak256 object on each call.
Since it is so widely used it makes sense to add pooling here so we relieve the GC.
On my machine these changes result in > 100 MILLION less allocations and > 30 GB less allocated memory.

* reverted some changes

* reverted some changes

* trie: use crypto.KeccakState instead of replicating code

Co-authored-by: Martin Holst Swende <martin@swende.se>
2020-06-30 11:59:06 +02:00
Felix Lange
23f1a0b783
crypto/secp256k1: enable 128-bit int code and endomorphism optimization (#21203)
* crypto/secp256k1: enable use of __int128

This speeds up scalar & field calculations a lot.

* crypto/secp256k1: enable endomorphism optimization
2020-06-24 13:51:32 +03:00
Yang Hau
e30c0af861
build, internal/ethapi, crypto/bls12381: fix typos (#21210)
speicifc -> specific
assigened -> assigned
frobenious -> frobenius
2020-06-10 23:25:32 +03:00
Marius van der Wijden
55f30db0ae
core/vm, crypt/bls12381: fixed comments in bls (#21182)
* core/vm: crypto/bls12381: minor code comments

* crypto/bls12381: fix comment
2020-06-08 10:53:19 +03:00
kilic
4fc678542d
core/vm, crypto/bls12381, params: add bls12-381 elliptic curve precompiles (#21018)
* crypto: add bls12-381 elliptic curve wrapper

* params: add bls12-381 precompile gas parameters

* core/vm: add bls12-381 precompiles

* core/vm: add bls12-381 precompile tests

* go.mod, go.sum: use latest bls12381 lib

* core/vm: move point encode/decode functions to base library

* crypto/bls12381: introduce bls12-381 library init function

* crypto/bls12381: import bls12381 elliptic curve implementation

* go.mod, go.sum: remove bls12-381 library

* remove unsued frobenious coeffs

supress warning for inp that used in asm

* add mappings tests for zero inputs

fix swu g2 minus z inverse constant

* crypto/bls12381: fix typo

* crypto/bls12381: better comments for bls12381 constants

* crypto/bls12381: swu, use single conditional for e2

* crypto/bls12381: utils, delete empty line

* crypto/bls12381: utils, use FromHex for string to big

* crypto/bls12381: g1, g2, strict length check for FromBytes

* crypto/bls12381: field_element, comparision changes

* crypto/bls12381: change swu, isogeny constants with hex values

* core/vm: fix point multiplication comments

* core/vm: fix multiexp gas calculation and lookup for g1 and g2

* core/vm: simpler imput length check for multiexp and pairing precompiles

* core/vm: rm empty multiexp result declarations

* crypto/bls12381: remove modulus type definition

* crypto/bls12381: use proper init function

* crypto/bls12381: get rid of new lines at fatal desciprtions

* crypto/bls12-381: fix no-adx assembly multiplication

* crypto/bls12-381: remove old config function

* crypto/bls12381: update multiplication backend

this commit changes mul backend to 6limb eip1962 backend

mul assign operations are dropped

* core/vm/contracts_tests: externalize test vectors for precompiles

* core/vm/contracts_test: externalize failure-cases for precompiles

* core/vm: linting

* go.mod: tiny up sum file

* core/vm: fix goimports linter issues

* crypto/bls12381: build tags for plain ASM or ADX implementation

Co-authored-by: Martin Holst Swende <martin@swende.se>
Co-authored-by: Péter Szilágyi <peterke@gmail.com>
2020-06-03 09:44:32 +03:00
Adam Schmideg
fe9ffa5953
crypto: improve error messages in LoadECDSA (#20718)
This improves error messages when the file is too short or too long.
Also rewrite the test for SaveECDSA because LoadECDSA has its own
test now.

Co-authored-by: Felix Lange <fjl@twurst.com>
2020-04-08 16:01:11 +02:00
Luke Champine
462ddce5b2
crypto/ecies: improve concatKDF (#20836)
This removes a bunch of weird code around the counter overflow check in
concatKDF and makes it actually work for different hash output sizes.

The overflow check worked as follows: concatKDF applies the hash function N
times, where N is roundup(kdLen, hashsize) / hashsize. N should not
overflow 32 bits because that would lead to a repetition in the KDF output.

A couple issues with the overflow check:

- It used the hash.BlockSize, which is wrong because the
  block size is about the input of the hash function. Luckily, all standard
  hash functions have a block size that's greater than the output size, so
  concatKDF didn't crash, it just generated too much key material.
- The check used big.Int to compare against 2^32-1.
- The calculation could still overflow before reaching the check.

The new code in concatKDF doesn't check for overflow. Instead, there is a
new check on ECIESParams which ensures that params.KeyLen is < 512. This
removes any possibility of overflow.

There are a couple of miscellaneous improvements bundled in with this
change:

- The key buffer is pre-allocated instead of appending the hash output
  to an initially empty slice.
- The code that uses concatKDF to derive keys is now shared between Encrypt
  and Decrypt.
- There was a redundant invocation of IsOnCurve in Decrypt. This is now removed
  because elliptic.Unmarshal already checks whether the input is a valid curve
  point since Go 1.5.

Co-authored-by: Felix Lange <fjl@twurst.com>
2020-04-03 11:57:24 +02:00