Skip to content

Commit

Permalink
Set MSRV to 1.63.0
Browse files Browse the repository at this point in the history
  • Loading branch information
DanGould committed Aug 11, 2024
1 parent cf1ff5d commit a1ced9b
Show file tree
Hide file tree
Showing 4 changed files with 36 additions and 32 deletions.
28 changes: 14 additions & 14 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -67,20 +67,20 @@ jobs:
command: fmt
args: --all -- --check

# Enable this once x25519-dalek has another 2.0-pre.X release
#msrv:
# name: Current MSRV is 1.65.0
# runs-on: ubuntu-latest
# steps:
# - uses: actions/checkout@v3
# # First run `cargo +nightly -Z minimal-verisons check` in order to get a
# # Cargo.lock with the oldest possible deps
# - uses: dtolnay/rust-toolchain@nightly
# - run: cargo -Z minimal-versions check --all-features
# # Now check that `cargo build` works with respect to the oldest possible
# # deps and the stated MSRV
# - uses: dtolnay/rust-toolchain@1.65.0
# - run: cargo build --all-features
msrv:
name: Current MSRV is 1.63.0
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
# Check that `cargo build` works with respect to the oldest possible
# deps and the stated MSRV
- uses: dtolnay/rust-toolchain@1.63.0
- name: Pin MSRV dependencies
run: |
cargo update
cargo update -p half --precise 2.2.1
cargo update -p regex --precise 1.9.6
- run: cargo build --all-features

clippy:
runs-on: ubuntu-latest
Expand Down
3 changes: 1 addition & 2 deletions Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ categories = ["cryptography", "no-std"]

[features]
default = ["alloc", "secp"]
secp = ["bitcoin", "secp256k1/global-context", "secp256k1/rand-std"]
secp = ["secp256k1/global-context", "secp256k1/rand-std"]
# Include allocating methods like open() and seal()
alloc = []
# Includes an implementation of `std::error::Error` for `HpkeError`. Also does what `alloc` does.
Expand All @@ -22,7 +22,6 @@ std = []
[dependencies]
aead = "0.5"
aes-gcm = "0.10"
bitcoin = { version = "0.32.0", optional = true }
secp256k1 = { version = "0.29", optional = true }
chacha20poly1305 = "0.10"
generic-array = { version = "0.14", default-features = false }
Expand Down
9 changes: 8 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,14 @@ The `serde_impls` feature was removed. If you were using this and require backwa
MSRV
----

The current minimum supported Rust version (MSRV) is 1.65.0 (897e37553 2022-11-02).
The current minimum supported Rust version (MSRV) is 1.63.0.

To build and test with the MSRV you will need to pin the below dependency versions:

```
cargo update -p half --precise 2.2.1
cargo update -p regex --precise 1.9.6
```

Changelog
---------
Expand Down
28 changes: 13 additions & 15 deletions src/dhkex/secp256k1.rs
Original file line number Diff line number Diff line change
Expand Up @@ -12,11 +12,11 @@ use subtle::{Choice, ConstantTimeEq};

/// A secp256k1 public key
#[derive(Clone, Debug, Eq, PartialEq)]
pub struct PublicKey(bitcoin::secp256k1::PublicKey);
pub struct PublicKey(secp256k1::PublicKey);

/// A secp256k1 private key
#[derive(Clone)]
pub struct PrivateKey(bitcoin::secp256k1::SecretKey);
pub struct PrivateKey(secp256k1::SecretKey);

impl ConstantTimeEq for PrivateKey {
fn ct_eq(&self, other: &Self) -> Choice {
Expand Down Expand Up @@ -51,16 +51,15 @@ impl Deserializable for PublicKey {
// secp256k1 lets us convert [u8; 65] to pubkeys. Assuming the input length is correct, this
// conversion is infallible, so no ValidationErrors are raised.
fn from_bytes(encoded: &[u8]) -> Result<Self, HpkeError> {
// TODO can I get rid of equal len since bitcoin::secp256k1 already does this?
// TODO can I get rid of equal len since secp256k1 already does this?
// Pubkeys must be 65 bytes
enforce_equal_len(Self::OutputSize::to_usize(), encoded.len())?;

// Copy to a fixed-size array
let mut arr = [0u8; bitcoin::secp256k1::constants::UNCOMPRESSED_PUBLIC_KEY_SIZE];
let mut arr = [0u8; secp256k1::constants::UNCOMPRESSED_PUBLIC_KEY_SIZE];
arr.copy_from_slice(encoded);
Ok(PublicKey(
bitcoin::secp256k1::PublicKey::from_slice(&arr)
.map_err(|_| HpkeError::ValidationError)?,
secp256k1::PublicKey::from_slice(&arr).map_err(|_| HpkeError::ValidationError)?,
))
}
}
Expand All @@ -85,16 +84,15 @@ impl Deserializable for PrivateKey {
enforce_equal_len(Self::OutputSize::to_usize(), encoded.len())?;

// Copy to a fixed-size array
let mut arr = [0u8; bitcoin::secp256k1::constants::SECRET_KEY_SIZE];
let mut arr = [0u8; secp256k1::constants::SECRET_KEY_SIZE];
arr.copy_from_slice(encoded);

// * Invariant: PrivateKey is in [1,p). This is preserved here.
// * SecretKey::from_slice() directly checks that the value isn't zero. And
// its submethod,
// * ffi::secp256k1_ec_seckey_verify() checks that the value doesn't exceed the
// curve order.
let sk = bitcoin::secp256k1::SecretKey::from_slice(&arr)
.map_err(|_| HpkeError::ValidationError)?;
let sk = secp256k1::SecretKey::from_slice(&arr).map_err(|_| HpkeError::ValidationError)?;
Ok(PrivateKey(sk))
}
}
Expand All @@ -109,7 +107,7 @@ impl Serializable for KexResult {
enforce_outbuf_len::<Self>(buf);

// Dalek lets us convert shared secrets to to [u8; 32]
buf.copy_from_slice(&self.0[..bitcoin::secp256k1::constants::SECRET_KEY_SIZE]);
buf.copy_from_slice(&self.0[..secp256k1::constants::SECRET_KEY_SIZE]);
}
}

Expand All @@ -127,16 +125,16 @@ impl DhKeyExchange for Secp256k1 {
/// Converts an Secp256k1 private key to a public key
#[doc(hidden)]
fn sk_to_pk(sk: &PrivateKey) -> PublicKey {
PublicKey(bitcoin::secp256k1::PublicKey::from_secret_key_global(&sk.0))
PublicKey(secp256k1::PublicKey::from_secret_key_global(&sk.0))
}

/// Does the DH operation. Returns an error if and only if the DH result was all zeros. This is
/// required by the HPKE spec. The error is converted into the appropriate higher-level error
/// by the caller, i.e., `HpkeError::EncapError` or `HpkeError::DecapError`.
#[doc(hidden)]
fn dh(sk: &PrivateKey, pk: &PublicKey) -> Result<KexResult, DhError> {
use bitcoin::secp256k1::constants::SECRET_KEY_SIZE;
let res = bitcoin::secp256k1::ecdh::shared_secret_point(&pk.0, &sk.0);
use secp256k1::constants::SECRET_KEY_SIZE;
let res = secp256k1::ecdh::shared_secret_point(&pk.0, &sk.0);
// "Senders and recipients MUST check whether the shared secret is the all-zero value
// and abort if so"
if res[..SECRET_KEY_SIZE].ct_eq(&[0u8; SECRET_KEY_SIZE]).into() {
Expand Down Expand Up @@ -165,8 +163,8 @@ impl DhKeyExchange for Secp256k1 {
.labeled_expand(suite_id, b"sk", &[], &mut buf)
.unwrap();

let sk = bitcoin::secp256k1::SecretKey::from_slice(&buf).expect("clamped private key");
let pk = bitcoin::secp256k1::PublicKey::from_secret_key_global(&sk);
let sk = secp256k1::SecretKey::from_slice(&buf).expect("clamped private key");
let pk = secp256k1::PublicKey::from_secret_key_global(&sk);
(PrivateKey(sk), PublicKey(pk))
}
}
Expand Down

0 comments on commit a1ced9b

Please sign in to comment.