Bixin dev:update secp256k1 submodule && fix pin issues (#342)

* chore(vendor): replace secp256k1-zkp with secp256k1 (v0.3.0)

* chore(vendor): update secp256k1 submodule

* fix(legacy):fix pin related issues

Author: lihuanhuan

.gitmodules

@@ -7,7 +7,7 @@
 	ignore = untracked
 [submodule "vendor/secp256k1-zkp"]
 	path = vendor/secp256k1-zkp
-	url = https://github.com/ElementsProject/secp256k1-zkp.git
+	url = https://github.com/bitcoin-core/secp256k1.git
 [submodule "common/defs/ethereum/tokens"]
 	path = common/defs/ethereum/tokens
 	url = https://github.com/ethereum-lists/tokens.git

crypto/zkp_bip340.c

@@ -101,7 +101,7 @@ int zkp_bip340_get_public_key(const uint8_t *private_key_bytes,
 // private_key_bytes has 32 bytes
 // digest has 32 bytes
 // signature_bytes has 64 bytes
-// auxiliary_data has 32 bytes or is NULL
+// auxiliary_data has 32 bytes or is NULL (32 zero bytes are used)
 // returns 0 on success
 int zkp_bip340_sign_digest(const uint8_t *private_key_bytes,
                            const uint8_t *digest, uint8_t *signature_bytes,
@@ -136,8 +136,8 @@ int zkp_bip340_sign_digest(const uint8_t *private_key_bytes,
   }
 
   if (result == 0) {
-    if (secp256k1_schnorrsig_sign(context_writable, signature_bytes, digest,
-                                  &keypair, auxiliary_data) != 1) {
+    if (secp256k1_schnorrsig_sign32(context_writable, signature_bytes, digest,
+                                    &keypair, auxiliary_data) != 1) {
       result = -1;
     }
   }
@@ -184,6 +184,27 @@ int zkp_bip340_verify_digest(const uint8_t *public_key_bytes,
   return result;
 }
 
+// BIP340 Schnorr public key verification
+// public_key_bytes has 32 bytes
+// returns 0 if verification succeeded
+int zkp_bip340_verify_publickey(const uint8_t *public_key_bytes) {
+  int result = 0;
+
+  secp256k1_xonly_pubkey xonly_pubkey = {0};
+  const secp256k1_context *context_read_only = zkp_context_get_read_only();
+
+  if (result == 0) {
+    if (secp256k1_xonly_pubkey_parse(context_read_only, &xonly_pubkey,
+                                     public_key_bytes) != 1) {
+      result = 1;
+    }
+  }
+
+  memzero(&xonly_pubkey, sizeof(xonly_pubkey));
+
+  return result;
+}
+
 // BIP340 Schnorr public key tweak
 // internal_public_key has 32 bytes
 // root_hash has 32 bytes or is empty (NULL)

crypto/zkp_bip340.h

@@ -11,6 +11,7 @@ int zkp_bip340_sign_digest(const uint8_t *private_key_bytes,
 int zkp_bip340_verify_digest(const uint8_t *public_key_bytes,
                              const uint8_t *signature_bytes,
                              const uint8_t *digest);
+int zkp_bip340_verify_publickey(const uint8_t *public_key_bytes);
 int zkp_bip340_tweak_public_key(const uint8_t *internal_public_key,
                                 const uint8_t *root_hash,
                                 uint8_t *output_public_key);

crypto/zkp_context.c

@@ -51,7 +51,7 @@ int secp256k1_context_writable_randomize(secp256k1_context *context_writable) {
 bool zkp_context_is_initialized(void) { return context != NULL; }
 
 // returns 0 on success
-int zkp_context_init() {
+int zkp_context_init(void) {
   assert(context == NULL);
 
   const unsigned int context_flags =
@@ -78,22 +78,23 @@ int zkp_context_init() {
   return 0;
 }
 
-void zkp_context_destroy() {
+void zkp_context_destroy(void) {
   assert(context != NULL);
 
   secp256k1_context_preallocated_destroy(context);
   memzero(context_buffer, sizeof(context_buffer));
   atomic_flag_clear(&locked);
+  context = NULL;
 }
 
-const secp256k1_context *zkp_context_get_read_only() {
+const secp256k1_context *zkp_context_get_read_only(void) {
   assert(context != NULL);
 
   return context;
 }
 
 // returns NULL if context cannot be acquired
-secp256k1_context *zkp_context_acquire_writable() {
+secp256k1_context *zkp_context_acquire_writable(void) {
   assert(context != NULL);
 
   // We don't expect the context to be used by multiple threads
@@ -104,7 +105,7 @@ secp256k1_context *zkp_context_acquire_writable() {
   return context;
 }
 
-void zkp_context_release_writable() {
+void zkp_context_release_writable(void) {
   assert(context != NULL);
 
   atomic_flag_clear(&locked);

crypto/zkp_context.h

@@ -6,6 +6,7 @@
 #include "vendor/secp256k1-zkp/include/secp256k1_preallocated.h"
 
 int secp256k1_context_writable_randomize(secp256k1_context *context);
+bool zkp_context_is_initialized(void);
 int zkp_context_init(void);
 void zkp_context_destroy(void);
 const secp256k1_context *zkp_context_get_read_only(void);

legacy/Makefile.include

@@ -232,12 +232,15 @@ $(NAME).elf: $(OBJS) $(LDSCRIPT) $(LIBDEPS)
 	@printf "  LD      $@\n"
 	$(Q)$(LD) -o $(NAME).elf $(OBJS) $(LDLIBS) $(LDFLAGS)
 
-$(ZKP_PATH)/src/ecmult_static_context.h: $(ZKP_PATH)/src/gen_context.c
-	@printf "  GEN     $@\n"
-	$(Q)$(CC_FOR_BUILD) $(ZKP_CFLAGS) $(ZKP_PATH)/src/gen_context.c -o $(ZKP_PATH)/gen_context
-	$(Q)cd $(ZKP_PATH) && ./gen_context
+precomputed_ecmult.o:
+	@printf "  CC      $@\n"
+	$(Q)$(CC) $(CFLAGS) -Wno-unused-function $(ZKP_CFLAGS) -c $(ZKP_PATH)/src/precomputed_ecmult.c -o precomputed_ecmult.o
+
+precomputed_ecmult_gen.o:
+	@printf "  CC      $@\n"
+	$(Q)$(CC) $(CFLAGS) -Wno-unused-function $(ZKP_CFLAGS) -c $(ZKP_PATH)/src/precomputed_ecmult_gen.c -o precomputed_ecmult_gen.o
 
-secp256k1-zkp.o: $(ZKP_PATH)/src/ecmult_static_context.h
+secp256k1-zkp.o:
 	@printf "  CC      $@\n"
 	$(Q)$(CC) $(CFLAGS) -Wno-unused-function $(ZKP_CFLAGS) -I$(ZKP_PATH) -I$(ZKP_PATH)/src -c $(ZKP_PATH)/src/secp256k1.c -o secp256k1-zkp.o
 

legacy/common.c

@@ -32,6 +32,8 @@ uint8_t HW_ENTROPY_DATA[HW_ENTROPY_LEN];
 
 uint8_t ui_language = 0;
 
+uint8_t cpu_mode = 0;
+
 bool g_bSelectSEFlag = false;
 bool g_bIsBixinAPP = false;
 uint32_t g_uiFastPayFlag = 0;

legacy/common.h

@@ -32,6 +32,13 @@ extern uint8_t HW_ENTROPY_DATA[HW_ENTROPY_LEN];
 #define WORK_MODE_USB 0x20
 #define WORK_MODE_NFC 0x30
 
+typedef enum {
+  PRIVILEGED = 0,
+  UNPRIVILEGED,
+} CPU_MODE;
+
+extern uint8_t cpu_mode;
+
 extern uint8_t ui_language;
 
 extern bool g_bSelectSEFlag;

legacy/firmware/Makefile

@@ -9,36 +9,33 @@ else
 NAME=classic.$(FIRMWARE_BUILD_VERSION)-Alpha-$(FIRMWARE_BUILD_DATE)-$(BUILD_ID)
 endif
 
-SECP256K1_ZKP ?= 0
+SECP256K1_ZKP ?= 1
 
 
 ifeq ($(SECP256K1_ZKP),1)
+CFLAGS   += -DSECP256K1_ZKP
 CFLAGS   += -DUSE_SECP256K1_ZKP
 CFLAGS   += -DUSE_SECP256K1_ZKP_ECDSA
 ifeq ($(EMULATOR),1)
 CFLAGS += -DSECP256K1_CONTEXT_SIZE=208
 else
-CFLAGS += -DSECP256K1_CONTEXT_SIZE=184
+CFLAGS += -DSECP256K1_CONTEXT_SIZE=180
 OBJS += field_10x26_arm.o
 endif
 ZKP_CFLAGS = \
 	-DUSE_ASM_ARM \
-	-DUSE_NUM_NONE \
-	-DUSE_FIELD_INV_BUILTIN \
-	-DUSE_SCALAR_INV_BUILTIN \
 	-DUSE_EXTERNAL_ASM \
-	-DUSE_FIELD_10X26 \
-	-DUSE_SCALAR_8X32 \
-	-DUSE_ECMULT_STATIC_PRECOMPUTATION \
 	-DUSE_EXTERNAL_DEFAULT_CALLBACKS \
-	-DECMULT_GEN_PREC_BITS=4 \
+	-DECMULT_GEN_PREC_BITS=2 \
 	-DECMULT_WINDOW_SIZE=8 \
 	-DENABLE_MODULE_GENERATOR \
 	-DENABLE_MODULE_RECOVERY \
 	-DENABLE_MODULE_SCHNORRSIG \
 	-DENABLE_MODULE_EXTRAKEYS
 
 OBJS += secp256k1-zkp.o
+OBJS += precomputed_ecmult.o
+OBJS += precomputed_ecmult_gen.o
 OBJS += ../vendor/trezor-crypto/zkp_bip340.o
 OBJS += ../vendor/trezor-crypto/zkp_context.o
 OBJS += ../vendor/trezor-crypto/zkp_ecdsa.o
@@ -236,7 +233,7 @@ DEBUG_LOG  ?= 0
 ifeq ($(EMULATOR),1)
 CFLAGS += --warn-no-unused-parameter
 endif
-CFLAGS += -fstack-protector-all
+CFLAGS += -fstack-protector-strong
 CFLAGS += -Wno-sequence-point
 CFLAGS += -I../vendor/nanopb -Iprotob -DPB_FIELD_16BIT=1 -DPB_ENCODE_ARRAYS_UNPACKED=1 -DPB_VALIDATE_UTF8=1
 CFLAGS += -DDEBUG_LINK=$(DEBUG_LINK)

legacy/firmware/config.c

@@ -488,6 +488,12 @@ void config_init(void) {
     g_bSelectSEFlag = false;
   }
 
+  uint32_t fails = config_getPinFails();
+
+  if (fails >= 10) {
+    config_wipe();
+  }
+
   // Auto-unlock storage if no PIN is set.
   if (storage_is_unlocked() == secfalse && storage_has_pin() == secfalse) {
     storage_unlock(PIN_EMPTY, PIN_EMPTY_LEN, NULL);