From cdadf157ad0df052dda8efae948dd62e29448d8e Mon Sep 17 00:00:00 2001 From: Volker Mische Date: Fri, 24 May 2024 17:32:55 +0200 Subject: [PATCH] fix: remove the pairing feature from fvm_shared (#2009) The `pairing` feature from the `fvm_shared` crate isn't used. It causes problems, as it forces the `subtle` dependency to v2.4.1, although the rest is happy to have v2.5.0. Here is a detailed dependency graph and issue outline: `fvm_shared` depends on `bls-signatures`. In `bls-signatures` we depend on an old version (v0.11) of `hkdf`. That version depends on `hmac` v0.11, which depends on `crypto-mac` v0.11. `crypto-mac` v0.11.0 depends on `subtle` v2. That is fine, it would automatically select v2.5.0. The problem is that `crypto-mac` v0.11.1 pins `subtle` to exactly v2.4, therefore v2.5.0 won't be selected. The obvious thing is to upgrade in`bls-signatures` the version of `hkdf` to the latest v0.12. That would make it possible to use `subtle` v2.5.0. The problem is that such an upgrade is not easily possible. `hkdf` v0.12 depends on a newer version v0.10 of the `sha2` crate. Updating that breaks the `bls12_381` crate. The reason is the current version v0.8.0 of `bls12_381` depends on an old version v0.9 of the `digest` crate. The obvious thing is to upgrade in `bls12_381` the version of `digest` to v0.10. That would make it possible to get `hkdf` v0.12 built. But such an upgrade is and open issue at https://github.com/zkcrypto/bls12_381/issues/102, which mentions that it's blocked on https://github.com/zkcrypto/bls12_381/pull/90. That pull request is about updating do the hash-to-curve draft v16, currently it's using v12. We use that code path in `bls-signatures`, else we wouldn't enable the `experimental` feature of `bls12_381`. So it's even not clear if we'd want such a change to v16. --- Cargo.lock | 55 ++++++----------------------------------------- shared/Cargo.toml | 1 - 2 files changed, 7 insertions(+), 49 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index ae32bdb64..10ed6b1cd 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -443,33 +443,16 @@ version = "0.15.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ecc7fce0356b52c2483bb6188cc8bdc11add526bce75d1a44e5e5d889a6ab008" dependencies = [ - "bls12_381", "blst", "blstrs", "ff", "group", - "hkdf", "pairing", "rand_core", - "sha2 0.9.9", "subtle", "thiserror", ] -[[package]] -name = "bls12_381" -version = "0.8.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d7bc6d6292be3a19e6379786dac800f551e5865a5bb51ebbe3064ab80433f403" -dependencies = [ - "digest 0.9.0", - "ff", - "group", - "pairing", - "rand_core", - "subtle", -] - [[package]] name = "blst" version = "0.3.11" @@ -982,16 +965,6 @@ dependencies = [ "subtle", ] -[[package]] -name = "crypto-mac" -version = "0.11.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b1d1a86f49236c215f271d40892d5fc950490551400b02ef360692c29815c714" -dependencies = [ - "generic-array", - "subtle", -] - [[package]] name = "cs_serde_bytes" version = "0.12.2" @@ -1988,14 +1961,10 @@ dependencies = [ ] [[package]] -name = "hkdf" -version = "0.11.0" +name = "hex-literal" +version = "0.3.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "01706d578d5c281058480e673ae4086a9f4710d8df1ad80a5b03e39ece5f886b" -dependencies = [ - "digest 0.9.0", - "hmac 0.11.0", -] +checksum = "7ebdb29d2ea9ed0083cd8cece49bbd968021bd99b0849edb4a9a7ee0fdf6a4e0" [[package]] name = "hmac" @@ -2003,17 +1972,7 @@ version = "0.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "126888268dcc288495a26bf004b38c5fdbb31682f992c84ceb046a1f0fe38840" dependencies = [ - "crypto-mac 0.8.0", - "digest 0.9.0", -] - -[[package]] -name = "hmac" -version = "0.11.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2a2a2320eb7ec0ebe8da8f744d7812d9fc4cb4d09344ac01898dbcb6a20ae69b" -dependencies = [ - "crypto-mac 0.11.1", + "crypto-mac", "digest 0.9.0", ] @@ -2025,7 +1984,7 @@ checksum = "17ea0a1394df5b6574da6e0c1ade9e78868c9fb0a4e5ef4428e32da4676b85b1" dependencies = [ "digest 0.9.0", "generic-array", - "hmac 0.8.1", + "hmac", ] [[package]] @@ -3435,9 +3394,9 @@ checksum = "73473c0e59e6d5812c5dfe2a064a6444949f089e20eec9a2e5506596494e4623" [[package]] name = "subtle" -version = "2.4.1" +version = "2.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6bdef32e8150c2a081110b42772ffe7d7c9032b606bc226c8260fd97e0976601" +checksum = "81cdd64d312baedb58e21336b31bc043b77e01cc99033ce76ef539f78e965ebc" [[package]] name = "supraseal-c2" diff --git a/shared/Cargo.toml b/shared/Cargo.toml index e4315643f..fac241a3c 100644 --- a/shared/Cargo.toml +++ b/shared/Cargo.toml @@ -50,6 +50,5 @@ crypto = ["libsecp256k1", "blst", "proofs"] proofs = ["filecoin-proofs-api"] secp256k1 = ["libsecp256k1"] blst = ["bls-signatures/blst"] -pairing = ["bls-signatures/pairing"] testing = [] arb = ["arbitrary"]