Merge pull request #1 from payjoin/secp-only

Prune crate to only use secp256k1 dhkem

.github/workflows/ci.yml

@@ -37,30 +37,6 @@ jobs:
           RUSTFLAGS: -D warnings -A dead_code -A unused_imports
         run: cargo test --no-default-features --features="secp"
 
-      - name: Run cargo test with just X25519 enabled
-        env:
-          CARGO_INCREMENTAL: 0
-          RUSTFLAGS: -D warnings -A dead_code -A unused_imports
-        run: cargo test --no-default-features --features="x25519"
-
-      - name: Run cargo test with just P256 enabled
-        env:
-          CARGO_INCREMENTAL: 0
-          RUSTFLAGS: -D warnings -A dead_code -A unused_imports
-        run: cargo test --no-default-features --features="p256"
-
-      - name: Run cargo test with just P384 enabled
-        env:
-          CARGO_INCREMENTAL: 0
-          RUSTFLAGS: -D warnings -A dead_code -A unused_imports
-        run: cargo test --no-default-features --features="p384"
-
-      - name: Run cargo test with just P521 enabled
-        env:
-          CARGO_INCREMENTAL: 0
-          RUSTFLAGS: -D warnings -A dead_code -A unused_imports
-        run: cargo test --no-default-features --features="p521"
-
       - name: Run cargo test with all features enabled
         env:
           CARGO_INCREMENTAL: 0
@@ -91,20 +67,20 @@ jobs:
           command: fmt
           args: --all -- --check
 
-  # Enable this once x25519-dalek has another 2.0-pre.X release
-  #msrv:
-  #  name: Current MSRV is 1.65.0
-  #  runs-on: ubuntu-latest
-  #  steps:
-  #  - uses: actions/checkout@v3
-  #  # First run `cargo +nightly -Z minimal-verisons check` in order to get a
-  #  # Cargo.lock with the oldest possible deps
-  #  - uses: dtolnay/rust-toolchain@nightly
-  #  - run: cargo -Z minimal-versions check --all-features
-  #  # Now check that `cargo build` works with respect to the oldest possible
-  #  # deps and the stated MSRV
-  #  - uses: dtolnay/[email protected]
-  #  - run: cargo build --all-features
+  msrv:
+   name: Current MSRV is 1.63.0
+   runs-on: ubuntu-latest
+   steps:
+   - uses: actions/checkout@v3
+   # Check that `cargo build` works with respect to the oldest possible
+   # deps and the stated MSRV
+   - uses: dtolnay/[email protected]
+   - name: Pin MSRV dependencies
+     run: |
+       cargo update
+       cargo update -p half --precise 2.2.1
+       cargo update -p regex --precise 1.9.6
+   - run: cargo build --all-features
 
   clippy:
     runs-on: ubuntu-latest

Cargo.toml

@@ -1,27 +1,19 @@
 [package]
-name = "hpke"
-repository = "https://github.com/rozbb/rust-hpke"
-documentation = "https://docs.rs/rust-hpke"
-description = "An implementation of the HPKE hybrid encryption standard (RFC 9180) in pure Rust"
+name = "bitcoin-hpke"
+repository = "https://github.com/payjoin/bitcoin-hpke"
+documentation = "https://docs.rs/bitcoin-hpke"
+description = "An implementation of the HPKE hybrid encryption standard (RFC 9180) on libsecp256k1"
 readme = "README.md"
 version = "0.12.0"
-authors = ["Michael Rosenberg <[email protected]>"]
+authors = ["Dan Gould <[email protected]>"]
 edition = "2021"
 license = "MIT/Apache-2.0"
-keywords = ["cryptography", "crypto", "key-exchange", "encryption", "aead"]
+keywords = ["cryptography", "crypto", "key-exchange", "encryption", "aead", "secp256k1", "bitcoin"]
 categories = ["cryptography", "no-std"]
 
 [features]
-# "p256" enables the use of ECDH-NIST-P256 as a KEM
-# "p384" enables the use of ECDH-NIST-P384 as a KEM
-# "x25519" enables the use of the X25519 as a KEM
-default = ["alloc", "p256", "x25519"]
-x25519 = ["dep:x25519-dalek"]
-p384 = ["dep:p384"]
-p256 = ["dep:p256"]
-p521 = ["dep:p521"]
-k256 = ["dep:k256"]
-secp = ["bitcoin", "secp256k1/global-context", "secp256k1/rand-std"]
+default = ["alloc", "secp"]
+secp = ["secp256k1/global-context", "secp256k1/rand-std"]
 # Include allocating methods like open() and seal()
 alloc = []
 # Includes an implementation of `std::error::Error` for `HpkeError`. Also does what `alloc` does.
@@ -30,21 +22,15 @@ std = []
 [dependencies]
 aead = "0.5"
 aes-gcm = "0.10"
-bitcoin = { version = "0.32.0", optional = true }
 secp256k1 = { version = "0.29", optional = true }
 chacha20poly1305 = "0.10"
 generic-array = { version = "0.14", default-features = false }
 digest = "0.10"
 hkdf = "0.12"
 hmac = "0.12"
 rand_core = { version = "0.6", default-features = false }
-k256 = { version = "0.13", default-features = false, features = ["arithmetic", "ecdh"], optional = true}
-p256 = { version = "0.13", default-features = false, features = ["arithmetic", "ecdh"], optional = true}
-p384 = { version = "0.13", default-features = false, features = ["arithmetic", "ecdh"], optional = true}
-p521 = { version = "0.13", default-features = false, features = ["arithmetic", "ecdh"], optional = true}
 sha2 = { version = "0.10", default-features = false }
 subtle = { version = "2.6", default-features = false }
-x25519-dalek = { version = "2", default-features = false, features = ["static_secrets"], optional = true }
 zeroize = { version = "1", default-features = false, features = ["zeroize_derive"] }
 
 [dev-dependencies]
@@ -55,14 +41,6 @@ serde = { version = "1.0", features = ["derive"] }
 serde_json = "1.0"
 rand = { version = "0.8", default-features = false, features = ["getrandom", "std_rng"] }
 
-[[example]]
-name = "client_server"
-required-features = ["x25519"]
-
-[[example]]
-name = "agility"
-required-features = ["p256", "p384", "p521", "x25519"]
-
 # Tell docs.rs to build docs with `--all-features` and `--cfg docsrs` (for nightly docs features)
 [package.metadata.docs.rs]
 all-features = true

README.md

@@ -1,10 +1,10 @@
-rust-hpke
+bitcoin-hpke
 =========
-[![Version](https://img.shields.io/crates/v/hpke.svg)](https://crates.io/crates/hpke)
-[![Docs](https://docs.rs/hpke/badge.svg)](https://docs.rs/hpke)
-[![CI](https://github.com/rozbb/rust-hpke/workflows/CI/badge.svg)](https://github.com/rozbb/rust-hpke/actions)
+[![Version](https://img.shields.io/crates/v/hpke.svg)](https://crates.io/crates/bitcoin-hpke)
+[![Docs](https://docs.rs/bitcoin-hpke/badge.svg)](https://docs.rs/bitcoin-hpke)
+[![CI](https://github.com/payjoin/bitcoin-hpke/workflows/CI/badge.svg)](https://github.com/payjoin/bitcoin-hpke/actions)
 
-This is an implementation of the [HPKE](https://www.rfc-editor.org/rfc/rfc9180.html) hybrid encryption standard (RFC 9180).
+This is an implementation of the [HPKE](https://www.rfc-editor.org/rfc/rfc9180.html) hybrid encryption standard (RFC 9180) on secp256k1.
 
 Warning
 -------
@@ -26,11 +26,6 @@ This implementation complies with the [HPKE standard](https://www.rfc-editor.org
 Here are all the primitives listed in the spec. The primitives with checked boxes are the ones that are implemented.
 
 * KEMs
-    - [X] DHKEM(Curve25519, HKDF-SHA256)
-    - [ ] DHKEM(Curve448, HKDF-SHA512)
-    - [X] DHKEM(P-256, HKDF-SHA256)
-    - [X] DHKEM(P-384, HKDF-SHA384)
-    - [X] DHKEM(P-521, HKDF-SHA512)
     - [X] DHKEM(secp256k1, HKDF-SHA256)
 * KDFs
     - [X] HKDF-SHA256
@@ -44,15 +39,12 @@ Here are all the primitives listed in the spec. The primitives with checked boxe
 Crate Features
 --------------
 
-Default features flags: `alloc`, `x25519`, `p256`.
+Default features flags: `alloc`, `secp`.
 
 Feature flag list:
 
 * `alloc` - Includes allocating methods like `AeadCtxR::open()` and `AeadCtxS::seal()`
-* `x25519` - Enables X25519-based KEMs
-* `p256` - Enables NIST P-256-based KEMs
-* `p384` - Enables NIST P-384-based KEMs
-* `p521` - Enables NIST P-521-based KEMs
+* `secp` - Enables secp256k1-based KEMs
 * `std` - Includes an implementation of `std::error::Error` for `HpkeError`. Also does what `alloc` does.
 
 For info on how to omit or include feature flags, see the [cargo docs on features](https://doc.rust-lang.org/cargo/reference/specifying-dependencies.html#choosing-features).
@@ -72,7 +64,14 @@ The `serde_impls` feature was removed. If you were using this and require backwa
 MSRV
 ----
 
-The current minimum supported Rust version (MSRV) is 1.65.0 (897e37553 2022-11-02).
+The current minimum supported Rust version (MSRV) is 1.63.0.
+
+To build and test with the MSRV you will need to pin the below dependency versions:
+
+```
+cargo update -p half --precise 2.2.1
+cargo update -p regex --precise 1.9.6
+```
 
 Changelog
 ---------
@@ -91,8 +90,7 @@ To run all benchmarks, execute `cargo bench --all-features`. If you set your own
 
 Ciphersuites benchmarked:
 
-* NIST Ciphersuite with 128-bit security: AES-GCM-128, HKDF-SHA256, ECDH-P256
-* Non-NIST Ciphersuite with 128-bit security: ChaCha20-Poly1305, HKDF-SHA256, X25519
+* NIST Ciphersuite with 128-bit security: AES-GCM-128, HKDF-SHA256, secp256k1
 
 Functions benchmarked in each ciphersuite:
 
@@ -107,7 +105,7 @@ Agility
 
 A definition: *crypto agility* refers to the ability of a cryptosystem or protocol to vary its underlying primitives. For example, TLS has "crypto agility" in that you can run the protocol with many different ciphersuites.
 
-This crate does not support crypto agility out of the box. This is because the cryptographic primitives are encoded as types satisfying certain constraints, and types need to be determined at compile time (broadly speaking). That said, there is nothing preventing you from implementing agility yourself. There is a [sample implementation](examples/agility.rs) in the examples folder. The sample implementation is messy because agility is messy.
+This crate does not support crypto agility out of the box. This is because the cryptographic primitives are encoded as types satisfying certain constraints, and types need to be determined at compile time (broadly speaking). That said, there is nothing preventing you from implementing agility yourself.
 
 License
 -------

benches/benches.rs

@@ -1,4 +1,4 @@
-use hpke::{
+use bitcoin_hpke::{
     aead::{Aead as AeadTrait, AeadCtxR, AeadTag},
     kdf::Kdf as KdfTrait,
     kem::Kem as KemTrait,
@@ -210,25 +210,12 @@ where
 pub fn benches() {
     let mut c = Criterion::default().configure_from_args();
 
-    // NIST ciphersuite at the 128-bit security level is AES-GCM-128, HKDF-SHA256, and ECDH-P256
-    #[cfg(feature = "p256")]
-    bench_ciphersuite::<hpke::aead::AesGcm128, hpke::kdf::HkdfSha256, hpke::kem::DhP256HkdfSha256>(
-        "NIST[seclevel=128]",
-        &mut c,
-    );
-
-    // Non-NIST ciphersuite at the 128-bit security level is ChaCha20Poly1305, HKDF-SHA256, and X25519
-    #[cfg(feature = "x25519")]
-    bench_ciphersuite::<
-        hpke::aead::ChaCha20Poly1305,
-        hpke::kdf::HkdfSha256,
-        hpke::kem::X25519HkdfSha256,
-    >("Non-NIST[seclevel=128]", &mut c);
-
     #[cfg(feature = "secp")]
-    bench_ciphersuite::<hpke::aead::AesGcm128, hpke::kdf::HkdfSha256, hpke::kem::SecpK256HkdfSha256>(
-        "secp", &mut c,
-    );
+    bench_ciphersuite::<
+        bitcoin_hpke::aead::AesGcm128,
+        bitcoin_hpke::kdf::HkdfSha256,
+        bitcoin_hpke::kem::SecpK256HkdfSha256,
+    >("secp", &mut c);
 }
 
 criterion_main!(benches);