Merge #64: Replace revendoring script; update to upstream 1d256089004a19bdbead7c5676e52c8e07b09fce

8e2d798 add CHANGELOG message; update CI MSRV so rust-secp will build (Andrew Poelstra)
acd7758 Update to upstream 0.27.0 (Andrew Poelstra)
76db255 update to upstream 1d256089004a19bdbead7c5676e52c8e07b09fce (Andrew Poelstra)
ceb92f4 secp256k1-zkp-sys: add new revendoring script (Andrew Poelstra)

Pull request description:

  The first commit copies the new revendoring script from rust-secp; it can be verified by just diffing the two files. There are minimal changes.

  The other two commits are copies of #63 which can be verified using `git range-diff`. (The commit which updates upstream was actually created fresh using the new revendoring script; but the result is identical, as expected.)

ACKs for top commit:
  sanket1729:
    ACK 8e2d798

Tree-SHA512: a8f8ef844be7269b15f2cc9f080661579e563d1169bc5fff416199105be418962555b95fbd756158d37eda6435f09a382979aab2bfeb577466376ef32246fab2

Author: apoelstra

.github/workflows/rust.yml

@@ -71,12 +71,12 @@ jobs:
     strategy:
       matrix:
         rust:
-          - 1.41.1
+          - 1.48.0
           - beta
           - stable
         os: [ ubuntu-latest, macos-latest ]
         exclude:
-          - rust: 1.41.1
+          - rust: 1.48.0
             os: macos-latest
     runs-on: ${{ matrix.os }}
     steps:
@@ -103,12 +103,12 @@ jobs:
     strategy:
       matrix:
         rust:
-          - 1.41.1
+          - 1.48.0
           - beta
           - stable
         os: [ ubuntu-latest, macos-latest ]
         exclude:
-          - rust: 1.41.1
+          - rust: 1.48.0
             os: macos-latest
     runs-on: ${{ matrix.os }}
     steps:

CHANGELOG.md

@@ -1,5 +1,11 @@
 # Unreleased
 
+# 0.8.0 - 2023-04-13
+
+- Increment MSRV to 1.48.0
+- Increment `secp256k1` dependency to 0.27.0
+- Update upstream to 1d256089004a19bdbead7c5676e52c8e07b09fce
+
 # 0.7.0 - 2022-09-27
 
 - Increment MSRV to 1.41.1 and edition to 2018

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "secp256k1-zkp"
-version = "0.7.0"
+version = "0.8.0"
 authors = [ "Dawid Ciężarkiewicz <[email protected]>",
             "Andrew Poelstra <[email protected]>",
             "Lucas Soriano <[email protected]>",
@@ -31,10 +31,11 @@ use-serde = ["serde", "secp256k1/serde"]
 use-rand = ["rand", "secp256k1/rand"]
 
 [dependencies]
-secp256k1 = "0.26.0"
-secp256k1-zkp-sys = { version = "0.7.0", default-features = false, path = "./secp256k1-zkp-sys" }
+secp256k1 = "0.27.0"
+secp256k1-zkp-sys = { version = "0.8.0", default-features = false, path = "./secp256k1-zkp-sys" }
 rand = { version = "0.8", default-features = false, optional = true }
 serde = { version = "1.0", default-features = false, optional = true }
+bitcoin-private = "0.1.0"
 
 [dev-dependencies]
 rand = "0.8"

secp256k1-zkp-sys/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "secp256k1-zkp-sys"
-version = "0.7.0"
+version = "0.8.0"
 authors = [ "Dawid Ciężarkiewicz <[email protected]>",
             "Andrew Poelstra <[email protected]>",
             "Steven Roose <[email protected]>",
@@ -13,7 +13,7 @@ description = "FFI for `libsecp256k1-zkp` library."
 keywords = [ "secp256k1", "libsecp256k1-zkp", "ffi" ]
 readme = "README.md"
 build = "build.rs"
-links = "rustsecp256k1zkp_v0_7_0"
+links = "rustsecp256k1zkp_v0_8_0"
 
 # Should make docs.rs show all functions, even those behind non-default features
 [package.metadata.docs.rs]

secp256k1-zkp-sys/README.md

@@ -18,14 +18,19 @@ This prefix ensures that no symbol collision can happen:
 To update the vendored sources, use the `vendor-libsecp.sh` script:
 
 ```
-$ ./vendor-libsecp.sh depend <version-code> <rev>
+$ ./vendor-libsecp.sh <rev>
 ```
 
-- Where `<version-code>` is the secp256k1-zkp-sys version number underscored: `0_1_2`.
-- Where `<rev>` is the git revision of libsecp256k1-zkp to checkout.
+Where `<rev>` is the git revision of libsecp256k1 to checkout. If you do not
+specify a revision, the script will simply clone the repo and use whatever
+revision the default branch is pointing to.
 
 ## Linking to external symbols
 
 For the more exotic use cases, this crate can be used with existing libsecp256k1-zkp
 symbols by using the `external-symbols` feature. How to setup rustc to link
 against those existing symbols is left as an exercise to the reader.
+
+## Minimum Supported Rust Version
+
+This library should always compile with any combination of features on **Rust 1.48.0**.

secp256k1-zkp-sys/depend/secp256k1-HEAD-revision.txt

@@ -1,2 +1,2 @@
-# This file was automatically created by ./vendor-libsecp.sh
-d22774e248c703a191049b78f8d04f37d6fcfa05
+# This file was automatically created by vendor-libsecp.sh
+1d256089004a19bdbead7c5676e52c8e07b09fce

secp256k1-zkp-sys/depend/secp256k1/.cirrus.yml

@@ -23,6 +23,7 @@ env:
   WHITELIST: no
   MUSIG: no
   ECDSAADAPTOR: no
+  BPPP: no
   ### test options
   SECP256K1_TEST_ITERS:
   BENCH: yes
@@ -72,12 +73,12 @@ task:
   << : *LINUX_CONTAINER
   matrix: &ENV_MATRIX
     - env: {WIDEMUL:  int64,  RECOVERY: yes}
-    - env: {WIDEMUL:  int64,                 ECDH: yes, SCHNORRSIG: yes, EXPERIMENTAL: yes, ECDSA_S2C: yes,  RANGEPROOF: yes, WHITELIST: yes, GENERATOR: yes, MUSIG: yes, ECDSAADAPTOR: yes}
+    - env: {WIDEMUL:  int64,                 ECDH: yes, SCHNORRSIG: yes, EXPERIMENTAL: yes, ECDSA_S2C: yes,  RANGEPROOF: yes, WHITELIST: yes, GENERATOR: yes, MUSIG: yes, ECDSAADAPTOR: yes, BPPP: yes}
     - env: {WIDEMUL: int128}
     - env: {WIDEMUL: int128,  RECOVERY: yes,            SCHNORRSIG: yes}
-    - env: {WIDEMUL: int128,                 ECDH: yes, SCHNORRSIG: yes, EXPERIMENTAL: yes, ECDSA_S2C: yes, RANGEPROOF: yes, WHITELIST: yes, GENERATOR: yes, MUSIG: yes, ECDSAADAPTOR: yes}
+    - env: {WIDEMUL: int128,                 ECDH: yes, SCHNORRSIG: yes, EXPERIMENTAL: yes, ECDSA_S2C: yes, RANGEPROOF: yes, WHITELIST: yes, GENERATOR: yes, MUSIG: yes, ECDSAADAPTOR: yes, BPPP: yes}
     - env: {WIDEMUL: int128,  ASM: x86_64}
-    - env: {                  RECOVERY: yes,            SCHNORRSIG: yes, EXPERIMENTAL: yes, ECDSA_S2C: yes, RANGEPROOF: yes, WHITELIST: yes, GENERATOR: yes, MUSIG: yes, ECDSAADAPTOR: yes}
+    - env: {                  RECOVERY: yes,            SCHNORRSIG: yes, EXPERIMENTAL: yes, ECDSA_S2C: yes, RANGEPROOF: yes, WHITELIST: yes, GENERATOR: yes, MUSIG: yes, ECDSAADAPTOR: yes, BPPP: yes}
     - env: {BUILD: distcheck, WITH_VALGRIND: no, CTIMETEST: no, BENCH: no}
     - env: {CPPFLAGS: -DDETERMINISTIC}
     - env: {CFLAGS: -O0, CTIMETEST: no}
@@ -108,6 +109,7 @@ task:
     GENERATOR: yes
     MUSIG: yes
     ECDSAADAPTOR: yes
+    BPPP: yes
   matrix:
     - env:
         CC: i686-linux-gnu-gcc
@@ -119,63 +121,29 @@ task:
   << : *CAT_LOGS
 
 task:
-  name: "x86_64: macOS Catalina"
+  name: "arm64: macOS Ventura"
   macos_instance:
-    image: catalina-base
+    image: ghcr.io/cirruslabs/macos-ventura-base:latest
   # tasks with valgrind enabled take about 90 minutes
   timeout_in: 120m
   env:
     HOMEBREW_NO_AUTO_UPDATE: 1
     HOMEBREW_NO_INSTALL_CLEANUP: 1
-    # Cirrus gives us a fixed number of 12 virtual CPUs. Not that we even have that many jobs at the moment...
-    MAKEFLAGS: -j13
+    # Cirrus gives us a fixed number of 4 virtual CPUs. Not that we even have that many jobs at the moment...
+    MAKEFLAGS: -j5
   matrix:
     << : *ENV_MATRIX
+  env:
+    ASM: no
+    WITH_VALGRIND: no
+    CTIMETEST: no
   matrix:
     - env:
-        CC: gcc-9
+        CC: gcc
     - env:
         CC: clang
-  # Update Command Line Tools
-  # Uncomment this if the Command Line Tools on the CirrusCI macOS image are too old to brew valgrind.
-  # See https://apple.stackexchange.com/a/195963 for the implementation.
-  ## update_clt_script:
-  ##   - system_profiler SPSoftwareDataType
-  ##   - touch /tmp/.com.apple.dt.CommandLineTools.installondemand.in-progress
-  ##   - |-
-  ##     PROD=$(softwareupdate -l | grep "*.*Command Line" | tail -n 1 | awk -F"*" '{print $2}' | sed -e 's/^ *//' | sed 's/Label: //g' | tr -d '\n')
-  ##   # For debugging
-  ##   - softwareupdate -l && echo "PROD: $PROD"
-  ##   - softwareupdate -i "$PROD" --verbose
-  ##   - rm /tmp/.com.apple.dt.CommandLineTools.installondemand.in-progress
-  ##
-  brew_valgrind_pre_script:
-    # Retry a few times because this tends to fail randomly.
-    - for i in {1..5}; do brew update && break || sleep 15; done
-    - brew config
-    - brew tap LouisBrunner/valgrind
-    # Fetch valgrind source but don't build it yet.
-    - brew fetch --HEAD LouisBrunner/valgrind/valgrind
-  brew_valgrind_cache:
-    # This is $(brew --cellar valgrind) but command substition does not work here.
-    folder: /usr/local/Cellar/valgrind
-    # Rebuild cache if ...
-    fingerprint_script:
-      # ... macOS version changes:
-      - sw_vers
-      # ... brew changes:
-      - brew config
-      # ... valgrind changes:
-      - git -C "$(brew --cache)/valgrind--git" rev-parse HEAD
-    populate_script:
-      # If there's no hit in the cache, build and install valgrind.
-      - brew install --HEAD LouisBrunner/valgrind/valgrind
-  brew_valgrind_post_script:
-    # If we have restored valgrind from the cache, tell brew to create symlink to the PATH.
-    # If we haven't restored from cached (and just run brew install), this is a no-op.
-    - brew link valgrind
   brew_script:
-    - brew install automake libtool gcc@9
+    - brew install automake libtool gcc
   << : *MERGE_BASE
   test_script:
     - ./ci/cirrus.sh
@@ -199,6 +167,7 @@ task:
     GENERATOR: yes
     MUSIG: yes
     ECDSAADAPTOR: yes
+    BPPP: yes
     CTIMETEST: no
   << : *MERGE_BASE
   test_script:
@@ -293,6 +262,7 @@ task:
     GENERATOR: yes
     MUSIG: yes
     ECDSAADAPTOR: yes
+    BPPP: yes
     CTIMETEST: no
   matrix:
     - name: "Valgrind (memcheck)"

secp256k1-zkp-sys/depend/secp256k1/.gitignore

@@ -1,9 +1,12 @@
 bench
+bench_bppp
 bench_ecmult
 bench_generator
 bench_rangeproof
 bench_internal
+bench_whitelist
 tests
+example_musig
 exhaustive_tests
 precompute_ecmult_gen
 precompute_ecmult
@@ -66,4 +69,4 @@ src/stamp-h1
 libsecp256k1.pc
 contrib/gh-pr-create.sh
 
-musig_example
+musig_example

secp256k1-zkp-sys/depend/secp256k1/Makefile.am

@@ -8,7 +8,7 @@ AM_CFLAGS = $(SECP_CFLAGS)
 
 lib_LTLIBRARIES = libsecp256k1.la
 include_HEADERS = include/secp256k1.h
-include_HEADERS += include/rustsecp256k1zkp_v0_7_0_preallocated.h
+include_HEADERS += include/rustsecp256k1zkp_v0_8_0_preallocated.h
 noinst_HEADERS =
 noinst_HEADERS += src/scalar.h
 noinst_HEADERS += src/scalar_4x64.h
@@ -67,13 +67,13 @@ noinst_HEADERS += contrib/lax_der_privatekey_parsing.h
 noinst_HEADERS += contrib/lax_der_privatekey_parsing.c
 noinst_HEADERS += examples/random.h
 
-PRECOMPUTED_LIB = librustsecp256k1zkp_v0_7_0_precomputed.la
+PRECOMPUTED_LIB = librustsecp256k1zkp_v0_8_0_precomputed.la
 noinst_LTLIBRARIES = $(PRECOMPUTED_LIB)
-librustsecp256k1zkp_v0_7_0_precomputed_la_SOURCES =  src/precomputed_ecmult.c src/precomputed_ecmult_gen.c
-librustsecp256k1zkp_v0_7_0_precomputed_la_CPPFLAGS = $(SECP_INCLUDES)
+librustsecp256k1zkp_v0_8_0_precomputed_la_SOURCES =  src/precomputed_ecmult.c src/precomputed_ecmult_gen.c
+librustsecp256k1zkp_v0_8_0_precomputed_la_CPPFLAGS = $(SECP_INCLUDES)
 
 if USE_EXTERNAL_ASM
-COMMON_LIB = librustsecp256k1zkp_v0_7_0_common.la
+COMMON_LIB = librustsecp256k1zkp_v0_8_0_common.la
 else
 COMMON_LIB =
 endif
@@ -84,17 +84,17 @@ pkgconfig_DATA = libsecp256k1.pc
 
 if USE_EXTERNAL_ASM
 if USE_ASM_ARM
-librustsecp256k1zkp_v0_7_0_common_la_SOURCES = src/asm/field_10x26_arm.s
+librustsecp256k1zkp_v0_8_0_common_la_SOURCES = src/asm/field_10x26_arm.s
 endif
 endif
 
-librustsecp256k1zkp_v0_7_0_la_SOURCES = src/secp256k1.c
-librustsecp256k1zkp_v0_7_0_la_CPPFLAGS = -I$(top_srcdir)/include -I$(top_srcdir)/src $(SECP_INCLUDES)
-librustsecp256k1zkp_v0_7_0_la_LIBADD = $(SECP_LIBS) $(COMMON_LIB) $(PRECOMPUTED_LIB)
-librustsecp256k1zkp_v0_7_0_la_LDFLAGS = -no-undefined -version-info $(LIB_VERSION_CURRENT):$(LIB_VERSION_REVISION):$(LIB_VERSION_AGE)
+librustsecp256k1zkp_v0_8_0_la_SOURCES = src/secp256k1.c
+librustsecp256k1zkp_v0_8_0_la_CPPFLAGS = -I$(top_srcdir)/include -I$(top_srcdir)/src $(SECP_INCLUDES)
+librustsecp256k1zkp_v0_8_0_la_LIBADD = $(SECP_LIBS) $(COMMON_LIB) $(PRECOMPUTED_LIB)
+librustsecp256k1zkp_v0_8_0_la_LDFLAGS = -no-undefined -version-info $(LIB_VERSION_CURRENT):$(LIB_VERSION_REVISION):$(LIB_VERSION_AGE)
 
 if VALGRIND_ENABLED
-librustsecp256k1zkp_v0_7_0_la_CPPFLAGS += -DVALGRIND
+librustsecp256k1zkp_v0_8_0_la_CPPFLAGS += -DVALGRIND
 endif
 
 noinst_PROGRAMS =
@@ -226,6 +226,10 @@ clean-precomp:
 
 EXTRA_DIST = autogen.sh SECURITY.md
 
+if ENABLE_MODULE_BPPP
+include src/modules/bppp/Makefile.am.include
+endif
+
 if ENABLE_MODULE_ECDH
 include src/modules/ecdh/Makefile.am.include
 endif

secp256k1-zkp-sys/depend/secp256k1/ci/cirrus.sh

@@ -19,6 +19,7 @@ valgrind --version || true
     --with-ecmult-gen-precision="$ECMULTGENPRECISION" \
     --enable-module-ecdh="$ECDH" --enable-module-recovery="$RECOVERY" \
     --enable-module-ecdsa-s2c="$ECDSA_S2C" \
+    --enable-module-bppp="$BPPP" \
     --enable-module-rangeproof="$RANGEPROOF" --enable-module-whitelist="$WHITELIST" --enable-module-generator="$GENERATOR" \
     --enable-module-schnorrsig="$SCHNORRSIG"  --enable-module-musig="$MUSIG" --enable-module-ecdsa-adaptor="$ECDSAADAPTOR" \
     --enable-module-schnorrsig="$SCHNORRSIG" \
@@ -51,6 +52,10 @@ then
         $EXEC ./bench_ecmult
         $EXEC ./bench_internal
         $EXEC ./bench
+        if [ "$BPPP" = "yes" ]
+        then
+            $EXEC ./bench_bppp
+        fi
     } >> bench.log 2>&1
 fi
 

secp256k1-zkp-sys/depend/secp256k1/configure.ac

@@ -140,6 +140,11 @@ AC_ARG_ENABLE(examples,
     AS_HELP_STRING([--enable-examples],[compile the examples [default=no]]), [],
     [SECP_SET_DEFAULT([enable_examples], [no], [yes])])
 
+AC_ARG_ENABLE(module_bppp,
+    AS_HELP_STRING([--enable-module-bppp],[enable Bulletproofs++ module (experimental)]),
+    [],
+    [SECP_SET_DEFAULT([enable_module_bppp], [no], [yes])])
+
 AC_ARG_ENABLE(module_ecdh,
     AS_HELP_STRING([--enable-module-ecdh],[enable ECDH module [default=no]]), [],
     [SECP_SET_DEFAULT([enable_module_ecdh], [no], [yes])])
@@ -417,6 +422,11 @@ if test x"$enable_module_rangeproof" = x"yes"; then
   AC_DEFINE(ENABLE_MODULE_RANGEPROOF, 1, [Define this symbol to enable the Pedersen / zero knowledge range proof module])
 fi
 
+if test x"$enable_module_bppp" = x"yes"; then
+  enable_module_generator=yes
+  AC_DEFINE(ENABLE_MODULE_BPPP, 1, [Define this symbol to enable the Bulletproofs++ module])
+fi
+
 if test x"$enable_module_generator" = x"yes"; then
   AC_DEFINE(ENABLE_MODULE_GENERATOR, 1, [Define this symbol to enable the NUMS generator module])
 fi
@@ -460,6 +470,9 @@ else
   # module (which automatically enables the module dependencies) we want to
   # print an error for the dependent module, not the module dependency. Hence,
   # we first test dependent modules.
+  if test x"$enable_module_bppp" = x"yes"; then
+    AC_MSG_ERROR([Bulletproofs++ module is experimental. Use --enable-experimental to allow.])
+  fi
   if test x"$enable_module_whitelist" = x"yes"; then
     AC_MSG_ERROR([Key whitelisting module is experimental. Use --enable-experimental to allow.])
   fi
@@ -502,6 +515,7 @@ AM_CONDITIONAL([USE_TESTS], [test x"$enable_tests" != x"no"])
 AM_CONDITIONAL([USE_EXHAUSTIVE_TESTS], [test x"$enable_exhaustive_tests" != x"no"])
 AM_CONDITIONAL([USE_EXAMPLES], [test x"$enable_examples" != x"no"])
 AM_CONDITIONAL([USE_BENCHMARK], [test x"$enable_benchmark" = x"yes"])
+AM_CONDITIONAL([ENABLE_MODULE_BPPP], [test x"$enable_module_bppp" = x"yes"])
 AM_CONDITIONAL([ENABLE_MODULE_ECDH], [test x"$enable_module_ecdh" = x"yes"])
 AM_CONDITIONAL([ENABLE_MODULE_MUSIG], [test x"$enable_module_musig" = x"yes"])
 AM_CONDITIONAL([ENABLE_MODULE_RECOVERY], [test x"$enable_module_recovery" = x"yes"])
@@ -541,6 +555,7 @@ echo "  module whitelist        = $enable_module_whitelist"
 echo "  module musig            = $enable_module_musig"
 echo "  module ecdsa-s2c        = $enable_module_ecdsa_s2c"
 echo "  module ecdsa-adaptor    = $enable_module_ecdsa_adaptor"
+echo "  module bppp             = $enable_module_bppp"
 echo
 echo "  asm                     = $set_asm"
 echo "  ecmult window size      = $set_ecmult_window"