From 9411d0c95137af31ca8c5d638bc8644fba2b321a Mon Sep 17 00:00:00 2001
From: DanGould <d@ngould.dev>
Date: Sat, 10 Aug 2024 18:44:39 -0400
Subject: [PATCH] Set MSRV to 1.63.0

---
 .github/workflows/ci.yml | 31 +++++++++++++++++--------------
 Cargo.toml               |  3 +--
 README.md                |  9 ++++++++-
 src/dhkex/secp256k1.rs   | 26 +++++++++++++-------------
 4 files changed, 39 insertions(+), 30 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index c942a2e..17a78e9 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -67,20 +67,23 @@ jobs:
           command: fmt
           args: --all -- --check
 
-  # Enable this once x25519-dalek has another 2.0-pre.X release
-  #msrv:
-  #  name: Current MSRV is 1.65.0
-  #  runs-on: ubuntu-latest
-  #  steps:
-  #  - uses: actions/checkout@v3
-  #  # First run `cargo +nightly -Z minimal-verisons check` in order to get a
-  #  # Cargo.lock with the oldest possible deps
-  #  - uses: dtolnay/rust-toolchain@nightly
-  #  - run: cargo -Z minimal-versions check --all-features
-  #  # Now check that `cargo build` works with respect to the oldest possible
-  #  # deps and the stated MSRV
-  #  - uses: dtolnay/rust-toolchain@1.65.0
-  #  - run: cargo build --all-features
+  msrv:
+   name: Current MSRV is 1.63.0
+   runs-on: ubuntu-latest
+   steps:
+   - uses: actions/checkout@v3
+   # First run `cargo +nightly -Z minimal-verisons check` in order to get a
+   # Cargo.lock with the oldest possible deps
+   - uses: dtolnay/rust-toolchain@nightly
+   - run: cargo -Z minimal-versions check --all-features
+   # Now check that `cargo build` works with respect to the oldest possible
+   # deps and the stated MSRV
+   - uses: dtolnay/rust-toolchain@1.63.0
+   - name: Pin MSRV dependencies
+     run: |
+       cargo update -p half --precise 2.2.1
+       cargo update -p regex --precise 1.9.6
+   - run: cargo build --all-features
 
   clippy:
     runs-on: ubuntu-latest
diff --git a/Cargo.toml b/Cargo.toml
index 0cce5c4..a1ed84c 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -13,7 +13,7 @@ categories = ["cryptography", "no-std"]
 
 [features]
 default = ["alloc", "secp"]
-secp = ["bitcoin", "secp256k1/global-context", "secp256k1/rand-std"]
+secp = ["secp256k1/global-context", "secp256k1/rand-std"]
 # Include allocating methods like open() and seal()
 alloc = []
 # Includes an implementation of `std::error::Error` for `HpkeError`. Also does what `alloc` does.
@@ -22,7 +22,6 @@ std = []
 [dependencies]
 aead = "0.5"
 aes-gcm = "0.10"
-bitcoin = { version = "0.32.0", optional = true }
 secp256k1 = { version = "0.29", optional = true }
 chacha20poly1305 = "0.10"
 generic-array = { version = "0.14", default-features = false }
diff --git a/README.md b/README.md
index 43ebf29..f10b285 100644
--- a/README.md
+++ b/README.md
@@ -64,7 +64,14 @@ The `serde_impls` feature was removed. If you were using this and require backwa
 MSRV
 ----
 
-The current minimum supported Rust version (MSRV) is 1.65.0 (897e37553 2022-11-02).
+The current minimum supported Rust version (MSRV) is 1.63.0.
+
+To build and test with the MSRV you will need to pin the below dependency versions:
+
+```
+cargo update -p half --precise 2.2.1
+cargo update -p regex --precise 1.9.6
+```
 
 Changelog
 ---------
diff --git a/src/dhkex/secp256k1.rs b/src/dhkex/secp256k1.rs
index b290107..b719ac9 100644
--- a/src/dhkex/secp256k1.rs
+++ b/src/dhkex/secp256k1.rs
@@ -12,11 +12,11 @@ use subtle::{Choice, ConstantTimeEq};
 
 /// A secp256k1 public key
 #[derive(Clone, Debug, Eq, PartialEq)]
-pub struct PublicKey(bitcoin::secp256k1::PublicKey);
+pub struct PublicKey(secp256k1::PublicKey);
 
 /// A secp256k1 private key
 #[derive(Clone)]
-pub struct PrivateKey(bitcoin::secp256k1::SecretKey);
+pub struct PrivateKey(secp256k1::SecretKey);
 
 impl ConstantTimeEq for PrivateKey {
     fn ct_eq(&self, other: &Self) -> Choice {
@@ -51,15 +51,15 @@ impl Deserializable for PublicKey {
     // secp256k1 lets us convert [u8; 65] to pubkeys. Assuming the input length is correct, this
     // conversion is infallible, so no ValidationErrors are raised.
     fn from_bytes(encoded: &[u8]) -> Result<Self, HpkeError> {
-        // TODO can I get rid of equal len since bitcoin::secp256k1 already does this?
+        // TODO can I get rid of equal len since secp256k1 already does this?
         // Pubkeys must be 65 bytes
         enforce_equal_len(Self::OutputSize::to_usize(), encoded.len())?;
 
         // Copy to a fixed-size array
-        let mut arr = [0u8; bitcoin::secp256k1::constants::UNCOMPRESSED_PUBLIC_KEY_SIZE];
+        let mut arr = [0u8; secp256k1::constants::UNCOMPRESSED_PUBLIC_KEY_SIZE];
         arr.copy_from_slice(encoded);
         Ok(PublicKey(
-            bitcoin::secp256k1::PublicKey::from_slice(&arr)
+            secp256k1::PublicKey::from_slice(&arr)
                 .map_err(|_| HpkeError::ValidationError)?,
         ))
     }
@@ -85,7 +85,7 @@ impl Deserializable for PrivateKey {
         enforce_equal_len(Self::OutputSize::to_usize(), encoded.len())?;
 
         // Copy to a fixed-size array
-        let mut arr = [0u8; bitcoin::secp256k1::constants::SECRET_KEY_SIZE];
+        let mut arr = [0u8; secp256k1::constants::SECRET_KEY_SIZE];
         arr.copy_from_slice(encoded);
 
         // * Invariant: PrivateKey is in [1,p). This is preserved here.
@@ -93,7 +93,7 @@ impl Deserializable for PrivateKey {
         //   its submethod,
         // * ffi::secp256k1_ec_seckey_verify() checks that the value doesn't exceed the
         //   curve order.
-        let sk = bitcoin::secp256k1::SecretKey::from_slice(&arr)
+        let sk = secp256k1::SecretKey::from_slice(&arr)
             .map_err(|_| HpkeError::ValidationError)?;
         Ok(PrivateKey(sk))
     }
@@ -109,7 +109,7 @@ impl Serializable for KexResult {
         enforce_outbuf_len::<Self>(buf);
 
         // Dalek lets us convert shared secrets to to [u8; 32]
-        buf.copy_from_slice(&self.0[..bitcoin::secp256k1::constants::SECRET_KEY_SIZE]);
+        buf.copy_from_slice(&self.0[..secp256k1::constants::SECRET_KEY_SIZE]);
     }
 }
 
@@ -127,7 +127,7 @@ impl DhKeyExchange for Secp256k1 {
     /// Converts an Secp256k1 private key to a public key
     #[doc(hidden)]
     fn sk_to_pk(sk: &PrivateKey) -> PublicKey {
-        PublicKey(bitcoin::secp256k1::PublicKey::from_secret_key_global(&sk.0))
+        PublicKey(secp256k1::PublicKey::from_secret_key_global(&sk.0))
     }
 
     /// Does the DH operation. Returns an error if and only if the DH result was all zeros. This is
@@ -135,8 +135,8 @@ impl DhKeyExchange for Secp256k1 {
     /// by the caller, i.e., `HpkeError::EncapError` or `HpkeError::DecapError`.
     #[doc(hidden)]
     fn dh(sk: &PrivateKey, pk: &PublicKey) -> Result<KexResult, DhError> {
-        use bitcoin::secp256k1::constants::SECRET_KEY_SIZE;
-        let res = bitcoin::secp256k1::ecdh::shared_secret_point(&pk.0, &sk.0);
+        use secp256k1::constants::SECRET_KEY_SIZE;
+        let res = secp256k1::ecdh::shared_secret_point(&pk.0, &sk.0);
         // "Senders and recipients MUST check whether the shared secret is the all-zero value
         // and abort if so"
         if res[..SECRET_KEY_SIZE].ct_eq(&[0u8; SECRET_KEY_SIZE]).into() {
@@ -165,8 +165,8 @@ impl DhKeyExchange for Secp256k1 {
             .labeled_expand(suite_id, b"sk", &[], &mut buf)
             .unwrap();
 
-        let sk = bitcoin::secp256k1::SecretKey::from_slice(&buf).expect("clamped private key");
-        let pk = bitcoin::secp256k1::PublicKey::from_secret_key_global(&sk);
+        let sk = secp256k1::SecretKey::from_slice(&buf).expect("clamped private key");
+        let pk = secp256k1::PublicKey::from_secret_key_global(&sk);
         (PrivateKey(sk), PublicKey(pk))
     }
 }