Fix 32-bit, no-std builds of crypto limbs

crypto/dkg/evrf/Cargo.toml

@@ -19,9 +19,9 @@ workspace = true
 [dependencies]
 thiserror = { version = "2", default-features = false }
 
-rand_core = { version = "0.6", default-features = false }
+rand_core = { version = "0.6", default-features = false, features = ["alloc"] }
 
-zeroize = { version = "^1.5", default-features = false, features = ["zeroize_derive"] }
+zeroize = { version = "^1.5", default-features = false, features = ["alloc", "zeroize_derive"] }
 
 std-shims = { version = "0.1", path = "../../../common/std-shims", default-features = false }
 
@@ -39,11 +39,11 @@ ec-divisors = { git = "https://github.com/monero-oxide/monero-oxide", rev = "a6f
 generalized-bulletproofs-circuit-abstraction = { git = "https://github.com/monero-oxide/monero-oxide", rev = "a6f8797007e768488568b821435cf5006517a962", default-features = false }
 generalized-bulletproofs-ec-gadgets = { git = "https://github.com/monero-oxide/monero-oxide", rev = "a6f8797007e768488568b821435cf5006517a962", default-features = false }
 
-dkg = { path = ".." }
+dkg = { path = "..", default-features = false }
 
-ciphersuite-kp256 = { path = "../../ciphersuite/kp256", default-features = false, optional = true }
+ciphersuite-kp256 = { path = "../../ciphersuite/kp256", default-features = false, features = ["alloc"], optional = true }
-secq256k1 = { path = "../../secq256k1", optional = true }
+secq256k1 = { path = "../../secq256k1", default-features = false, features = ["alloc"], optional = true }
-dalek-ff-group = { path = "../../dalek-ff-group", default-features = false, optional = true }
+dalek-ff-group = { path = "../../dalek-ff-group", default-features = false, features = ["alloc"], optional = true }
 embedwards25519 = { path = "../../embedwards25519", default-features = false, features = ["alloc"], optional = true }
 
 [dev-dependencies]

crypto/embedwards25519/src/lib.rs

@@ -2,9 +2,10 @@
 #![doc = include_str!("../README.md")]
 #![cfg_attr(not(feature = "std"), no_std)]
 
+#[cfg(feature = "alloc")]
 #[allow(unused_imports)]
 use std_shims::prelude::*;
-#[cfg(any(feature = "alloc", feature = "std"))]
+#[cfg(feature = "alloc")]
 use std_shims::io::{self, Read};
 
 use prime_field::{subtle::Choice, zeroize::Zeroize};

crypto/prime-field/src/lib.rs

@@ -11,6 +11,7 @@ pub use ff;
 #[doc(hidden)]
 pub mod __prime_field_private {
   pub use paste;
+  #[cfg(feature = "std")]
   pub use ff_group_tests;
 
   use crypto_bigint::{Word, Uint, modular::ConstMontyParams};
@@ -38,15 +39,16 @@ pub mod __prime_field_private {
     let mut i = 0;
     while i < Uint::<LIMBS>::LIMBS {
       let word: Word = value.as_limbs()[i].0;
+      let word = word as u64;
       let bits = i * (Word::BITS as usize);
       let j = bits / (u64::BITS as usize);
-      res[j] |= word << (bits % (u64::BITS as usize));
+      res[j] |= (word << (bits % (u64::BITS as usize))) as u64;
       if (j + 1) < WORDS {
         if let Some(remaining_bits) =
           ((bits % (u64::BITS as usize)) + (Word::BITS as usize)).checked_sub(u64::BITS as usize)
         {
           if remaining_bits != 0 {
-            res[j + 1] |= word >> ((Word::BITS as usize) - remaining_bits);
+            res[j + 1] |= (word >> ((Word::BITS as usize) - remaining_bits)) as u64;
           }
         }
       }
@@ -126,7 +128,12 @@ macro_rules! odd_prime_field {
           hex_str_without_prefix($multiplicative_generator_as_be_hex);
 
         const MODULUS_BYTES: usize = MODULUS_WITHOUT_PREFIX.len() / 2;
-        type UnderlyingUint = Uint<{ MODULUS_BYTES.div_ceil(Limb::BYTES) }>;
+        /*
+          `crypto-bigint` only implements some methods for some limbs, due to the lack of const
+          generics. `next_power_of_two` pays a performance penalty yet effectively ensures this
+          `Uint` type is fully defined.
+        */
+        type UnderlyingUint = Uint<{ MODULUS_BYTES.div_ceil(Limb::BYTES).next_power_of_two() }>;
 
         const PADDED_MODULUS_WITHOUT_PREFIX_BYTES: [u8; 2 * UnderlyingUint::BYTES] = {
           let mut res = [b'0'; 2 * UnderlyingUint::BYTES];

crypto/secq256k1/src/lib.rs

@@ -2,16 +2,14 @@
 #![doc = include_str!("../README.md")]
 #![cfg_attr(not(feature = "std"), no_std)]
 
+#[cfg(feature = "alloc")]
 #[allow(unused_imports)]
 use std_shims::prelude::*;
 #[cfg(feature = "alloc")]
 use std_shims::io::{self, Read};
 
 // Doesn't use the `generic-array 0.14` exported by `k256::elliptic_curve` as we need `1.0`
-use generic_array::{
+use generic_array::{typenum::U33, GenericArray};
-  typenum::{U, U33},
-  GenericArray,
-};
 use k256::elliptic_curve::{
   subtle::{Choice, ConstantTimeEq, ConditionallySelectable},
   zeroize::Zeroize,
@@ -152,7 +150,7 @@ impl ciphersuite::Ciphersuite for Secq256k1 {
 
 #[cfg(feature = "alloc")]
 impl generalized_bulletproofs_ec_gadgets::DiscreteLogParameter for Secq256k1 {
-  type ScalarBits = U<{ Scalar::NUM_BITS as usize }>;
+  type ScalarBits = generic_array::typenum::U<{ Scalar::NUM_BITS as usize }>;
 }
 
 #[test]

networks/bitcoin/src/crypto.rs

@@ -1,9 +1,7 @@
+#[cfg(feature = "std")]
 use subtle::{Choice, ConstantTimeEq, ConditionallySelectable};
 
-use k256::{
+use k256::{elliptic_curve::sec1::ToEncodedPoint, ProjectivePoint};
-  elliptic_curve::sec1::{Tag, ToEncodedPoint},
-  ProjectivePoint,
-};
 
 use bitcoin::key::XOnlyPublicKey;
 
@@ -23,7 +21,9 @@ pub(crate) fn x_only(key: &ProjectivePoint) -> XOnlyPublicKey {
 }
 
 /// Return if a point must be negated to have an even Y coordinate and be eligible for use.
+#[cfg(feature = "std")]
 pub(crate) fn needs_negation(key: &ProjectivePoint) -> Choice {
+  use k256::elliptic_curve::sec1::Tag;
   u8::from(key.to_encoded_point(true).tag()).ct_eq(&u8::from(Tag::CompressedOddY))
 }