diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c942a2e..17a78e9 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -67,20 +67,23 @@ jobs: command: fmt args: --all -- --check - # Enable this once x25519-dalek has another 2.0-pre.X release - #msrv: - # name: Current MSRV is 1.65.0 - # runs-on: ubuntu-latest - # steps: - # - uses: actions/checkout@v3 - # # First run `cargo +nightly -Z minimal-verisons check` in order to get a - # # Cargo.lock with the oldest possible deps - # - uses: dtolnay/rust-toolchain@nightly - # - run: cargo -Z minimal-versions check --all-features - # # Now check that `cargo build` works with respect to the oldest possible - # # deps and the stated MSRV - # - uses: dtolnay/rust-toolchain@1.65.0 - # - run: cargo build --all-features + msrv: + name: Current MSRV is 1.63.0 + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + # First run `cargo +nightly -Z minimal-verisons check` in order to get a + # Cargo.lock with the oldest possible deps + - uses: dtolnay/rust-toolchain@nightly + - run: cargo -Z minimal-versions check --all-features + # Now check that `cargo build` works with respect to the oldest possible + # deps and the stated MSRV + - uses: dtolnay/rust-toolchain@1.63.0 + - name: Pin MSRV dependencies + run: | + cargo update -p half --precise 2.2.1 + cargo update -p regex --precise 1.9.6 + - run: cargo build --all-features clippy: runs-on: ubuntu-latest diff --git a/Cargo.toml b/Cargo.toml index 0cce5c4..a1ed84c 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -13,7 +13,7 @@ categories = ["cryptography", "no-std"] [features] default = ["alloc", "secp"] -secp = ["bitcoin", "secp256k1/global-context", "secp256k1/rand-std"] +secp = ["secp256k1/global-context", "secp256k1/rand-std"] # Include allocating methods like open() and seal() alloc = [] # Includes an implementation of `std::error::Error` for `HpkeError`. Also does what `alloc` does. @@ -22,7 +22,6 @@ std = [] [dependencies] aead = "0.5" aes-gcm = "0.10" -bitcoin = { version = "0.32.0", optional = true } secp256k1 = { version = "0.29", optional = true } chacha20poly1305 = "0.10" generic-array = { version = "0.14", default-features = false } diff --git a/README.md b/README.md index 43ebf29..f10b285 100644 --- a/README.md +++ b/README.md @@ -64,7 +64,14 @@ The `serde_impls` feature was removed. If you were using this and require backwa MSRV ---- -The current minimum supported Rust version (MSRV) is 1.65.0 (897e37553 2022-11-02). +The current minimum supported Rust version (MSRV) is 1.63.0. + +To build and test with the MSRV you will need to pin the below dependency versions: + +``` +cargo update -p half --precise 2.2.1 +cargo update -p regex --precise 1.9.6 +``` Changelog --------- diff --git a/src/dhkex/secp256k1.rs b/src/dhkex/secp256k1.rs index b290107..b719ac9 100644 --- a/src/dhkex/secp256k1.rs +++ b/src/dhkex/secp256k1.rs @@ -12,11 +12,11 @@ use subtle::{Choice, ConstantTimeEq}; /// A secp256k1 public key #[derive(Clone, Debug, Eq, PartialEq)] -pub struct PublicKey(bitcoin::secp256k1::PublicKey); +pub struct PublicKey(secp256k1::PublicKey); /// A secp256k1 private key #[derive(Clone)] -pub struct PrivateKey(bitcoin::secp256k1::SecretKey); +pub struct PrivateKey(secp256k1::SecretKey); impl ConstantTimeEq for PrivateKey { fn ct_eq(&self, other: &Self) -> Choice { @@ -51,15 +51,15 @@ impl Deserializable for PublicKey { // secp256k1 lets us convert [u8; 65] to pubkeys. Assuming the input length is correct, this // conversion is infallible, so no ValidationErrors are raised. fn from_bytes(encoded: &[u8]) -> Result { - // TODO can I get rid of equal len since bitcoin::secp256k1 already does this? + // TODO can I get rid of equal len since secp256k1 already does this? // Pubkeys must be 65 bytes enforce_equal_len(Self::OutputSize::to_usize(), encoded.len())?; // Copy to a fixed-size array - let mut arr = [0u8; bitcoin::secp256k1::constants::UNCOMPRESSED_PUBLIC_KEY_SIZE]; + let mut arr = [0u8; secp256k1::constants::UNCOMPRESSED_PUBLIC_KEY_SIZE]; arr.copy_from_slice(encoded); Ok(PublicKey( - bitcoin::secp256k1::PublicKey::from_slice(&arr) + secp256k1::PublicKey::from_slice(&arr) .map_err(|_| HpkeError::ValidationError)?, )) } @@ -85,7 +85,7 @@ impl Deserializable for PrivateKey { enforce_equal_len(Self::OutputSize::to_usize(), encoded.len())?; // Copy to a fixed-size array - let mut arr = [0u8; bitcoin::secp256k1::constants::SECRET_KEY_SIZE]; + let mut arr = [0u8; secp256k1::constants::SECRET_KEY_SIZE]; arr.copy_from_slice(encoded); // * Invariant: PrivateKey is in [1,p). This is preserved here. @@ -93,7 +93,7 @@ impl Deserializable for PrivateKey { // its submethod, // * ffi::secp256k1_ec_seckey_verify() checks that the value doesn't exceed the // curve order. - let sk = bitcoin::secp256k1::SecretKey::from_slice(&arr) + let sk = secp256k1::SecretKey::from_slice(&arr) .map_err(|_| HpkeError::ValidationError)?; Ok(PrivateKey(sk)) } @@ -109,7 +109,7 @@ impl Serializable for KexResult { enforce_outbuf_len::(buf); // Dalek lets us convert shared secrets to to [u8; 32] - buf.copy_from_slice(&self.0[..bitcoin::secp256k1::constants::SECRET_KEY_SIZE]); + buf.copy_from_slice(&self.0[..secp256k1::constants::SECRET_KEY_SIZE]); } } @@ -127,7 +127,7 @@ impl DhKeyExchange for Secp256k1 { /// Converts an Secp256k1 private key to a public key #[doc(hidden)] fn sk_to_pk(sk: &PrivateKey) -> PublicKey { - PublicKey(bitcoin::secp256k1::PublicKey::from_secret_key_global(&sk.0)) + PublicKey(secp256k1::PublicKey::from_secret_key_global(&sk.0)) } /// Does the DH operation. Returns an error if and only if the DH result was all zeros. This is @@ -135,8 +135,8 @@ impl DhKeyExchange for Secp256k1 { /// by the caller, i.e., `HpkeError::EncapError` or `HpkeError::DecapError`. #[doc(hidden)] fn dh(sk: &PrivateKey, pk: &PublicKey) -> Result { - use bitcoin::secp256k1::constants::SECRET_KEY_SIZE; - let res = bitcoin::secp256k1::ecdh::shared_secret_point(&pk.0, &sk.0); + use secp256k1::constants::SECRET_KEY_SIZE; + let res = secp256k1::ecdh::shared_secret_point(&pk.0, &sk.0); // "Senders and recipients MUST check whether the shared secret is the all-zero value // and abort if so" if res[..SECRET_KEY_SIZE].ct_eq(&[0u8; SECRET_KEY_SIZE]).into() { @@ -165,8 +165,8 @@ impl DhKeyExchange for Secp256k1 { .labeled_expand(suite_id, b"sk", &[], &mut buf) .unwrap(); - let sk = bitcoin::secp256k1::SecretKey::from_slice(&buf).expect("clamped private key"); - let pk = bitcoin::secp256k1::PublicKey::from_secret_key_global(&sk); + let sk = secp256k1::SecretKey::from_slice(&buf).expect("clamped private key"); + let pk = secp256k1::PublicKey::from_secret_key_global(&sk); (PrivateKey(sk), PublicKey(pk)) } }