ff 0.13 (#269)

* Partial move to ff 0.13

It turns out the newly released k256 0.12 isn't on ff 0.13, preventing further
work at this time.

* Update all crates to work on ff 0.13

The provided curves still need to be expanded to fit the new API.

* Finish adding dalek-ff-group ff 0.13 constants

* Correct FieldElement::product definition

Also stops exporting macros.

* Test most new parts of ff 0.13

* Additionally test ff-group-tests with BLS12-381 and the pasta curves

We only tested curves from RustCrypto. Now we test a curve offered by zk-crypto,
the group behind ff/group, and the pasta curves, which is by Zcash (though
Zcash developers are also behind zk-crypto).

* Finish Ed448

Fully specifies all constants, passes all tests in ff-group-tests, and finishes moving to ff-0.13.

* Add RustCrypto/elliptic-curves to allowed git repos

Needed due to k256/p256 incorrectly defining product.

* Finish writing ff 0.13 tests

* Add additional comments to dalek

* Further comments

* Update ethereum-serai to ff 0.13

crypto/schnorr/src/tests/mod.rs

@@ -28,7 +28,7 @@ pub(crate) fn sign<C: Ciphersuite>() {
 // This verifies invalid signatures don't pass, using zero signatures, which should effectively be
 // random
 pub(crate) fn verify<C: Ciphersuite>() {
-  assert!(!SchnorrSignature::<C> { R: C::G::identity(), s: C::F::zero() }
+  assert!(!SchnorrSignature::<C> { R: C::G::identity(), s: C::F::ZERO }
     .verify(C::generator() * C::random_nonzero_F(&mut OsRng), C::random_nonzero_F(&mut OsRng)));
 }
 
@@ -62,10 +62,10 @@ pub(crate) fn batch_verify<C: Ciphersuite>() {
     let mut batch = BatchVerifier::new(5);
     for (i, mut sig) in sigs.clone().drain(..).enumerate() {
       if i == 1 {
-        sig.s += C::F::one();
+        sig.s += C::F::ONE;
       }
       if i == 2 {
-        sig.s -= C::F::one();
+        sig.s -= C::F::ONE;
       }
       sig.batch_verify(&mut OsRng, &mut batch, i, C::generator() * keys[i].deref(), challenges[i]);
     }