embed/extmod/modtrezorcrypto: add secp256k1_zkp module

This includes the https://github.com/ElementsProject/secp256k1-zkp library
(which is a fork from sipa/secp256k1 used in Bitcoin Core) as a module. It
is currently not used in any app.

This commit the first step towards integrating Liquid (tracking issue #282).

Note that this creates a new 64 kiB read-only data section in .flash2 for
pre-computed tables (secp256k1_ecmult_static_context) which speed up
signature creation and related private key operations.

Co-authored-by: Roman Zeyde <[email protected]>
Co-authored-by: Andrew Poelstra <[email protected]>
Co-authored-by: Pavol Rusnak <[email protected]>

Author: 4 people

.gitmodules

@@ -16,3 +16,7 @@
 [submodule "vendor/QR-Code-generator"]
 	path = vendor/QR-Code-generator
 	url = https://github.com/nayuki/QR-Code-generator.git
+[submodule "vendor/secp256k1-zkp"]
+	path = vendor/secp256k1-zkp
+	url = https://github.com/romanz/secp256k1-zkp.git
+	branch = zkp-trezor

SConscript.firmware

@@ -6,6 +6,7 @@ CCFLAGS_MOD = ''
 CPPPATH_MOD = []
 CPPDEFINES_MOD = []
 SOURCE_MOD = []
+SOURCE_MOD_SECP256K1_ZKP = []
 
 PYOPT = '1'
 
@@ -85,6 +86,32 @@ SOURCE_MOD += [
     'vendor/trezor-crypto/sha3.c',
 ]
 
+# libsecp256k1-zkp
+CPPPATH_MOD += [
+    'vendor/secp256k1-zkp',
+    'vendor/secp256k1-zkp/src',
+    'vendor/secp256k1-zkp/include',
+]
+CPPDEFINES_MOD += [
+    'SECP256K1_BUILD',
+    'USE_ASM_ARM',
+    'USE_NUM_NONE',
+    'USE_FIELD_INV_BUILTIN',
+    'USE_SCALAR_INV_BUILTIN',
+    'USE_FIELD_10X26',
+    'USE_SCALAR_8X32',
+    'USE_ECMULT_STATIC_PRECOMPUTATION',
+    'USE_EXTERNAL_DEFAULT_CALLBACKS',
+    ('ECMULT_WINDOW_SIZE', '8'),
+    'ENABLE_MODULE_GENERATOR',
+    'ENABLE_MODULE_RANGEPROOF',
+    'ENABLE_MODULE_RECOVERY',
+    'ENABLE_MODULE_ECDH',
+]
+SOURCE_MOD_SECP256K1_ZKP += [
+    'vendor/secp256k1-zkp/src/secp256k1.c',
+]
+
 # modtrezorio
 SOURCE_MOD += [
     'embed/extmod/modtrezorio/modtrezorio.c',
@@ -403,12 +430,34 @@ source_mpyc = env.FrozenCFile(
 
 env.Depends(source_mpyc, qstr_generated)
 
+#
+# static secp256-zkp ecmult context
+#
+
+host_env = Environment(ENV=os.environ)
+host_env.Replace(
+    CC=os.getenv('CC_FOR_BUILD') or 'gcc',
+    COPT='-O2',
+    CPPPATH='vendor/secp256k1-zkp',
+)
+gen_context = host_env.Program(
+    target='vendor/secp256k1-zkp/gen_context',
+    source='vendor/secp256k1-zkp/src/gen_context.c',
+)
+
+secp256k1_zkp_ecmult_static_context = host_env.Command(
+    target='vendor/secp256k1-zkp/src/ecmult_static_context.h',
+    source='vendor/secp256k1-zkp/gen_context',
+    action='cd ${SOURCE.dir}; ./gen_context',
+)
+
 #
 # Program objects
 #
 
 obj_program = []
 obj_program.extend(env.Object(source=SOURCE_MOD))
+obj_program.extend(env.Object(source=SOURCE_MOD_SECP256K1_ZKP, CCFLAGS='$CCFLAGS -Wno-unused-function'))
 obj_program.extend(env.Object(source=SOURCE_FIRMWARE))
 obj_program.extend(env.Object(source=SOURCE_MICROPYTHON))
 obj_program.extend(env.Object(source=SOURCE_MICROPYTHON_SPEED, COPT='-O3'))
@@ -435,6 +484,7 @@ obj_program.extend(
         ' $SOURCE $TARGET', ))
 
 env.Depends(obj_program, qstr_generated)
+env.Depends(obj_program, secp256k1_zkp_ecmult_static_context)
 
 program_elf = env.Command(
     target='firmware.elf',

SConscript.unix

@@ -5,6 +5,7 @@ import os
 CCFLAGS_MOD = ''
 CPPPATH_MOD = []
 CPPDEFINES_MOD = []
+SOURCE_MOD_SECP256K1_ZKP = []
 SOURCE_MOD = []
 LIBS_MOD = []
 
@@ -82,6 +83,31 @@ SOURCE_MOD += [
     'vendor/trezor-crypto/nem.c',
 ]
 
+# libsecp256k1-zkp
+CPPPATH_MOD += [
+    'vendor/secp256k1-zkp/',
+    'vendor/secp256k1-zkp/src',
+    'vendor/secp256k1-zkp/include',
+]
+CPPDEFINES_MOD += [
+    'SECP256K1_BUILD',
+    'USE_NUM_NONE',
+    'USE_FIELD_INV_BUILTIN',
+    'USE_SCALAR_INV_BUILTIN',
+    'USE_FIELD_10X26',
+    'USE_SCALAR_8X32',
+    'USE_ECMULT_STATIC_PRECOMPUTATION',
+    'USE_EXTERNAL_DEFAULT_CALLBACKS',
+    ('ECMULT_WINDOW_SIZE', '8'),
+    'ENABLE_MODULE_GENERATOR',
+    'ENABLE_MODULE_RANGEPROOF',
+    'ENABLE_MODULE_RECOVERY',
+    'ENABLE_MODULE_ECDH',
+]
+SOURCE_MOD_SECP256K1_ZKP += [
+    'vendor/secp256k1-zkp/src/secp256k1.c',
+]
+
 # modtrezorio
 SOURCE_MOD += [
     'embed/extmod/modtrezorio/modtrezorio.c',
@@ -346,16 +372,39 @@ qstr_generated = env.GenerateQstrDefs(
 
 env.Ignore(qstr_collected, qstr_generated)
 
+#
+# static secp256-zkp ecmult context
+#
+
+host_env = Environment(ENV=os.environ)
+host_env.Replace(
+    CC=os.getenv('CC_FOR_BUILD') or 'gcc',
+    COPT='-O2',
+    CPPPATH='vendor/secp256k1-zkp',
+)
+gen_context = host_env.Program(
+    target='vendor/secp256k1-zkp/gen_context',
+    source='vendor/secp256k1-zkp/src/gen_context.c',
+)
+
+secp256k1_zkp_ecmult_static_context = host_env.Command(
+    target='vendor/secp256k1-zkp/src/ecmult_static_context.h',
+    source='vendor/secp256k1-zkp/gen_context',
+    action='cd ${SOURCE.dir}; ./gen_context',
+)
+
 #
 # Program objects
 #
 
 obj_program = []
 obj_program += env.Object(source=SOURCE_MOD)
+obj_program += env.Object(source=SOURCE_MOD_SECP256K1_ZKP, CCFLAGS='$CCFLAGS -Wno-unused-function')
 obj_program += env.Object(source=SOURCE_MICROPYTHON)
 obj_program += env.Object(source=SOURCE_UNIX)
 
 env.Depends(obj_program, qstr_generated)
+env.Depends(obj_program, secp256k1_zkp_ecmult_static_context)
 
 program = env.Command(
     target='micropython',

embed/extmod/modtrezorcrypto/modtrezorcrypto-secp256k1.h

@@ -19,8 +19,8 @@
 
 #include "py/objstr.h"
 
-#include "ecdsa.h"
-#include "secp256k1.h"
+#include "vendor/trezor-crypto/ecdsa.h"
+#include "vendor/trezor-crypto/secp256k1.h"
 
 /// package: trezorcrypto.secp256k1