Merge pull request #228 from EOSIO/upstream_secp256k1_dec2020-boxed

replace old libsecp256k1 fork with upstream

.gitmodules

@@ -1,6 +1,6 @@
-[submodule "secp256k1/upstream"]
-	path = secp256k1/upstream
-	url = https://github.com/cryptonomex/secp256k1-zkp.git
 [submodule "include/fc/crypto/webauthn_json"]
 	path = include/fc/crypto/webauthn_json
 	url = https://github.com/Tencent/rapidjson/
+[submodule "secp256k1/secp256k1"]
+	path = secp256k1/secp256k1
+	url = https://github.com/bitcoin-core/secp256k1

include/fc/crypto/elliptic.hpp

@@ -24,7 +24,6 @@ namespace fc {
     typedef fc::array<char,65>          public_key_point_data; ///< the full non-compressed version of the ECC point
     typedef fc::array<char,72>          signature;
     typedef fc::array<unsigned char,65> compact_signature;
-    typedef std::vector<char>           range_proof_type;
     typedef fc::array<char,78>          extended_key_data;
     typedef fc::sha256                  blinded_hash;
     typedef fc::sha256                  blind_signature;
@@ -53,11 +52,6 @@ namespace fc {
            public_key child( const fc::sha256& offset )const;
 
            bool valid()const;
-           /** Computes new pubkey = generator * offset + old pubkey ?! */
-//           public_key mult( const fc::sha256& offset )const;
-           /** Computes new pubkey = regenerate(offset).pubkey + old pubkey
-            *                      = offset * G + 1 * old pubkey ?! */
-           public_key add( const fc::sha256& offset )const;
 
            public_key( public_key&& pk );
            public_key& operator=( public_key&& pk );
@@ -150,39 +144,6 @@ namespace fc {
            fc::fwd<detail::private_key_impl,32> my;
     };
 
-     struct range_proof_info
-     {
-         int          exp;
-         int          mantissa;
-         uint64_t     min_value;
-         uint64_t     max_value;
-     };
-
-     commitment_type   blind( const blind_factor_type& blind, uint64_t value );
-     blind_factor_type blind_sum( const std::vector<blind_factor_type>& blinds, uint32_t non_neg );
-     /**  verifies taht commnits + neg_commits + excess == 0 */
-     bool            verify_sum( const std::vector<commitment_type>& commits, const std::vector<commitment_type>& neg_commits, int64_t excess );
-     bool            verify_range( uint64_t& min_val, uint64_t& max_val, const commitment_type& commit, const range_proof_type& proof );
-
-     range_proof_type range_proof_sign( uint64_t min_value,
-                                       const commitment_type& commit,
-                                       const blind_factor_type& commit_blind,
-                                       const blind_factor_type& nonce,
-                                       int8_t base10_exp,
-                                       uint8_t min_bits,
-                                       uint64_t actual_value
-                                     );
-
-     bool            verify_range_proof_rewind( blind_factor_type& blind_out,
-                                          uint64_t& value_out,
-                                          string& message_out,
-                                          const blind_factor_type& nonce,
-                                          uint64_t& min_val,
-                                          uint64_t& max_val,
-                                          commitment_type commit,
-                                          const range_proof_type& proof );
-     range_proof_info range_get_info( const range_proof_type& proof );
-
       /**
        * Shims
        */
@@ -273,7 +234,6 @@ namespace fc {
 
 FC_REFLECT_TYPENAME( fc::ecc::private_key )
 FC_REFLECT_TYPENAME( fc::ecc::public_key )
-FC_REFLECT( fc::ecc::range_proof_info, (exp)(mantissa)(min_value)(max_value) )
 FC_REFLECT_DERIVED( fc::ecc::public_key_shim, (fc::crypto::shim<fc::ecc::public_key_data>), BOOST_PP_SEQ_NIL )
 FC_REFLECT_DERIVED( fc::ecc::signature_shim, (fc::crypto::shim<fc::ecc::compact_signature>), BOOST_PP_SEQ_NIL )
 FC_REFLECT_DERIVED( fc::ecc::private_key_shim, (fc::crypto::shim<fc::ecc::private_key_secret>), BOOST_PP_SEQ_NIL )

include/fc/crypto/elliptic_r1.hpp

@@ -37,7 +37,6 @@ namespace fc {
            ~public_key();
            bool verify( const fc::sha256& digest, const signature& sig );
            public_key_data serialize()const;
-           public_key_point_data serialize_ecc_point()const;
 
            operator public_key_data()const { return serialize(); }
 

secp256k1/CMakeLists.txt

@@ -21,16 +21,16 @@ else()
 endif()
 
 add_library(secp256k1 STATIC
-  upstream/src/secp256k1.c
+  secp256k1/src/secp256k1.c
 )
 
 target_include_directories(secp256k1
     PUBLIC
-        ${CMAKE_CURRENT_SOURCE_DIR}/upstream/
-        ${CMAKE_CURRENT_SOURCE_DIR}/upstream/include
+        secp256k1
+        secp256k1/include
     PRIVATE
-        ${CMAKE_CURRENT_SOURCE_DIR}/upstream/src
-        ${SECP256K1_CONFIG_INC_DIR}
+        secp256k1/src
+        "${SECP256K1_CONFIG_INC_DIR}"
         ${GMP_INCLUDE_DIR}
 )
 

secp256k1/config_with_gmp/libsecp256k1-config.h

@@ -1,20 +1,16 @@
 #pragma once
 
-//optimizations that any compiler we target have
-#define HAVE_BUILTIN_CLZLL 1
-#define HAVE_BUILTIN_EXPECT 1
-#define HAVE___INT128 1
+#define ENABLE_MODULE_RECOVERY 1
+
+#define ECMULT_GEN_PREC_BITS 4
+#define ECMULT_WINDOW_SIZE 15
 
 //use GMP for bignum
 #define HAVE_LIBGMP 1
 #define USE_NUM_GMP 1
 #define USE_FIELD_INV_NUM 1
 #define USE_SCALAR_INV_NUM 1
 
-//use impls best for 64-bit
-#define USE_FIELD_5X52 1
-#define USE_SCALAR_4X64 1
-
 //enable asm
 #ifdef __x86_64__
   #define USE_ASM_X86_64 1

secp256k1/config_without_gmp/libsecp256k1-config.h

@@ -1,19 +1,15 @@
 #pragma once
 
-//optimizations that any compiler we target have
-#define HAVE_BUILTIN_CLZLL 1
-#define HAVE_BUILTIN_EXPECT 1
-#define HAVE___INT128 1
+#define ENABLE_MODULE_RECOVERY 1
+
+#define ECMULT_GEN_PREC_BITS 4
+#define ECMULT_WINDOW_SIZE 15
 
 //use internal field & num impls
 #define USE_FIELD_INV_BUILTIN 1
 #define USE_SCALAR_INV_BUILTIN 1
 #define USE_NUM_NONE 1
 
-//use impls best for 64-bit
-#define USE_FIELD_5X52 1
-#define USE_SCALAR_4X64 1
-
 //enable asm
 #ifdef __x86_64__
   #define USE_ASM_X86_64 1

src/crypto/_elliptic_impl_priv.hpp

@@ -8,7 +8,7 @@
 namespace fc { namespace ecc { namespace detail {
 
 
-const secp256k1_context_t* _get_context();
+const secp256k1_context* _get_context();
 void _init_lib();
 
 class private_key_impl

src/crypto/elliptic_common.cpp

@@ -110,15 +110,6 @@ namespace fc { namespace ecc {
         return public_key(data);
     }
 
-    public_key public_key::child( const fc::sha256& offset )const
-    {
-       fc::sha256::encoder enc;
-       fc::raw::pack( enc, *this );
-       fc::raw::pack( enc, offset );
-
-       return add( enc.result() );
-    }
-
     private_key private_key::child( const fc::sha256& offset )const
     {
        fc::sha256::encoder enc;

src/crypto/elliptic_impl_priv.cpp

@@ -1,6 +1,7 @@
 #include <fc/fwd_impl.hpp>
 
 #include <secp256k1.h>
+#include <secp256k1_recovery.h>
 
 #include "_elliptic_impl_priv.hpp"
 
@@ -71,30 +72,35 @@ namespace fc { namespace ecc {
     {
        FC_ASSERT( my->_key != empty_priv );
        public_key_data pub;
-       unsigned int pk_len;
-       FC_ASSERT( secp256k1_ec_pubkey_create( detail::_get_context(), (unsigned char*) pub.begin(), (int*) &pk_len, (unsigned char*) my->_key.data(), 1 ) );
-       FC_ASSERT( pk_len == pub.size() );
+       size_t pub_len = sizeof(pub);
+       secp256k1_pubkey secp_pub;
+       FC_ASSERT( secp256k1_ec_pubkey_create( detail::_get_context(), &secp_pub, (unsigned char*) my->_key.data() ) );
+       secp256k1_ec_pubkey_serialize( detail::_get_context(), (unsigned char*)&pub, &pub_len, &secp_pub, SECP256K1_EC_COMPRESSED );
+       FC_ASSERT( pub_len == pub.size() );
        return public_key(pub);
     }
 
     static int extended_nonce_function( unsigned char *nonce32, const unsigned char *msg32,
-                                        const unsigned char *key32, unsigned int attempt,
-                                        const void *data ) {
+                                        const unsigned char *key32, const unsigned char* algo16,
+                                        void* data, unsigned int attempt ) {
         unsigned int* extra = (unsigned int*) data;
         (*extra)++;
-        return secp256k1_nonce_function_default( nonce32, msg32, key32, *extra, nullptr );
+        return secp256k1_nonce_function_default( nonce32, msg32, key32, algo16, nullptr, *extra );
     }
 
     compact_signature private_key::sign_compact( const fc::sha256& digest, bool require_canonical )const
     {
         FC_ASSERT( my->_key != empty_priv );
         compact_signature result;
+        secp256k1_ecdsa_recoverable_signature secp_sig;
         int recid;
         unsigned int counter = 0;
         do
         {
-            FC_ASSERT( secp256k1_ecdsa_sign_compact( detail::_get_context(), (unsigned char*) digest.data(), (unsigned char*) result.begin() + 1, (unsigned char*) my->_key.data(), extended_nonce_function, &counter, &recid ));
+            FC_ASSERT( secp256k1_ecdsa_sign_recoverable( detail::_get_context(), &secp_sig, (unsigned char*) digest.data(), (unsigned char*) my->_key.data(), extended_nonce_function, &counter ));
+            secp256k1_ecdsa_recoverable_signature_serialize_compact( detail::_get_context(), result.data + 1, &recid, &secp_sig);
         } while( require_canonical && !public_key::is_canonical( result ) );
+
         result.begin()[0] = 27 + 4 + recid;
         return result;
     }

src/crypto/elliptic_r1.cpp

@@ -458,15 +458,6 @@ namespace fc { namespace crypto { namespace r1 {
        EC_POINT_get_affine_coordinates_GFp( group, pub, self.my->_pub_x.get(), self.my->_pub_y.get(), nullptr );
        */
     }
-    public_key_point_data public_key::serialize_ecc_point()const
-    {
-      public_key_point_data dat;
-      if( !my->_key ) return dat;
-      EC_KEY_set_conv_form( my->_key, POINT_CONVERSION_UNCOMPRESSED );
-      char* front = &dat.data[0];
-      i2o_ECPublicKey( my->_key, (unsigned char**)&front  );
-      return dat;
-    }
 
     public_key::public_key()
     {