Skip to content

Commit

Permalink
Remove non-secp256k1 features
Browse files Browse the repository at this point in the history
  • Loading branch information
DanGould committed Aug 10, 2024
1 parent bb6bb85 commit cf1ff5d
Show file tree
Hide file tree
Showing 16 changed files with 41 additions and 2,123 deletions.
24 changes: 0 additions & 24 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -37,30 +37,6 @@ jobs:
RUSTFLAGS: -D warnings -A dead_code -A unused_imports
run: cargo test --no-default-features --features="secp"

- name: Run cargo test with just X25519 enabled
env:
CARGO_INCREMENTAL: 0
RUSTFLAGS: -D warnings -A dead_code -A unused_imports
run: cargo test --no-default-features --features="x25519"

- name: Run cargo test with just P256 enabled
env:
CARGO_INCREMENTAL: 0
RUSTFLAGS: -D warnings -A dead_code -A unused_imports
run: cargo test --no-default-features --features="p256"

- name: Run cargo test with just P384 enabled
env:
CARGO_INCREMENTAL: 0
RUSTFLAGS: -D warnings -A dead_code -A unused_imports
run: cargo test --no-default-features --features="p384"

- name: Run cargo test with just P521 enabled
env:
CARGO_INCREMENTAL: 0
RUSTFLAGS: -D warnings -A dead_code -A unused_imports
run: cargo test --no-default-features --features="p521"

- name: Run cargo test with all features enabled
env:
CARGO_INCREMENTAL: 0
Expand Down
23 changes: 1 addition & 22 deletions Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -12,15 +12,7 @@ keywords = ["cryptography", "crypto", "key-exchange", "encryption", "aead", "sec
categories = ["cryptography", "no-std"]

[features]
# "p256" enables the use of ECDH-NIST-P256 as a KEM
# "p384" enables the use of ECDH-NIST-P384 as a KEM
# "x25519" enables the use of the X25519 as a KEM
default = ["alloc", "p256", "x25519"]
x25519 = ["dep:x25519-dalek"]
p384 = ["dep:p384"]
p256 = ["dep:p256"]
p521 = ["dep:p521"]
k256 = ["dep:k256"]
default = ["alloc", "secp"]
secp = ["bitcoin", "secp256k1/global-context", "secp256k1/rand-std"]
# Include allocating methods like open() and seal()
alloc = []
Expand All @@ -38,13 +30,8 @@ digest = "0.10"
hkdf = "0.12"
hmac = "0.12"
rand_core = { version = "0.6", default-features = false }
k256 = { version = "0.13", default-features = false, features = ["arithmetic", "ecdh"], optional = true}
p256 = { version = "0.13", default-features = false, features = ["arithmetic", "ecdh"], optional = true}
p384 = { version = "0.13", default-features = false, features = ["arithmetic", "ecdh"], optional = true}
p521 = { version = "0.13", default-features = false, features = ["arithmetic", "ecdh"], optional = true}
sha2 = { version = "0.10", default-features = false }
subtle = { version = "2.6", default-features = false }
x25519-dalek = { version = "2", default-features = false, features = ["static_secrets"], optional = true }
zeroize = { version = "1", default-features = false, features = ["zeroize_derive"] }

[dev-dependencies]
Expand All @@ -55,14 +42,6 @@ serde = { version = "1.0", features = ["derive"] }
serde_json = "1.0"
rand = { version = "0.8", default-features = false, features = ["getrandom", "std_rng"] }

[[example]]
name = "client_server"
required-features = ["x25519"]

[[example]]
name = "agility"
required-features = ["p256", "p384", "p521", "x25519"]

# Tell docs.rs to build docs with `--all-features` and `--cfg docsrs` (for nightly docs features)
[package.metadata.docs.rs]
all-features = true
Expand Down
27 changes: 9 additions & 18 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
rust-hpke
bitcoin-hpke
=========
[![Version](https://img.shields.io/crates/v/hpke.svg)](https://crates.io/crates/hpke)
[![Docs](https://docs.rs/hpke/badge.svg)](https://docs.rs/hpke)
[![CI](https://github.com/rozbb/rust-hpke/workflows/CI/badge.svg)](https://github.com/rozbb/rust-hpke/actions)
[![Version](https://img.shields.io/crates/v/hpke.svg)](https://crates.io/crates/bitcoin-hpke)
[![Docs](https://docs.rs/bitcoin-hpke/badge.svg)](https://docs.rs/bitcoin-hpke)
[![CI](https://github.com/payjoin/bitcoin-hpke/workflows/CI/badge.svg)](https://github.com/payjoin/bitcoin-hpke/actions)

This is an implementation of the [HPKE](https://www.rfc-editor.org/rfc/rfc9180.html) hybrid encryption standard (RFC 9180).
This is an implementation of the [HPKE](https://www.rfc-editor.org/rfc/rfc9180.html) hybrid encryption standard (RFC 9180) on secp256k1.

Warning
-------
Expand All @@ -26,11 +26,6 @@ This implementation complies with the [HPKE standard](https://www.rfc-editor.org
Here are all the primitives listed in the spec. The primitives with checked boxes are the ones that are implemented.

* KEMs
- [X] DHKEM(Curve25519, HKDF-SHA256)
- [ ] DHKEM(Curve448, HKDF-SHA512)
- [X] DHKEM(P-256, HKDF-SHA256)
- [X] DHKEM(P-384, HKDF-SHA384)
- [X] DHKEM(P-521, HKDF-SHA512)
- [X] DHKEM(secp256k1, HKDF-SHA256)
* KDFs
- [X] HKDF-SHA256
Expand All @@ -44,15 +39,12 @@ Here are all the primitives listed in the spec. The primitives with checked boxe
Crate Features
--------------

Default features flags: `alloc`, `x25519`, `p256`.
Default features flags: `alloc`, `secp`.

Feature flag list:

* `alloc` - Includes allocating methods like `AeadCtxR::open()` and `AeadCtxS::seal()`
* `x25519` - Enables X25519-based KEMs
* `p256` - Enables NIST P-256-based KEMs
* `p384` - Enables NIST P-384-based KEMs
* `p521` - Enables NIST P-521-based KEMs
* `secp` - Enables secp256k1-based KEMs
* `std` - Includes an implementation of `std::error::Error` for `HpkeError`. Also does what `alloc` does.

For info on how to omit or include feature flags, see the [cargo docs on features](https://doc.rust-lang.org/cargo/reference/specifying-dependencies.html#choosing-features).
Expand Down Expand Up @@ -91,8 +83,7 @@ To run all benchmarks, execute `cargo bench --all-features`. If you set your own

Ciphersuites benchmarked:

* NIST Ciphersuite with 128-bit security: AES-GCM-128, HKDF-SHA256, ECDH-P256
* Non-NIST Ciphersuite with 128-bit security: ChaCha20-Poly1305, HKDF-SHA256, X25519
* NIST Ciphersuite with 128-bit security: AES-GCM-128, HKDF-SHA256, secp256k1

Functions benchmarked in each ciphersuite:

Expand All @@ -107,7 +98,7 @@ Agility

A definition: *crypto agility* refers to the ability of a cryptosystem or protocol to vary its underlying primitives. For example, TLS has "crypto agility" in that you can run the protocol with many different ciphersuites.

This crate does not support crypto agility out of the box. This is because the cryptographic primitives are encoded as types satisfying certain constraints, and types need to be determined at compile time (broadly speaking). That said, there is nothing preventing you from implementing agility yourself. There is a [sample implementation](examples/agility.rs) in the examples folder. The sample implementation is messy because agility is messy.
This crate does not support crypto agility out of the box. This is because the cryptographic primitives are encoded as types satisfying certain constraints, and types need to be determined at compile time (broadly speaking). That said, there is nothing preventing you from implementing agility yourself.

License
-------
Expand Down
23 changes: 5 additions & 18 deletions benches/benches.rs
Original file line number Diff line number Diff line change
Expand Up @@ -210,25 +210,12 @@ where
pub fn benches() {
let mut c = Criterion::default().configure_from_args();

// NIST ciphersuite at the 128-bit security level is AES-GCM-128, HKDF-SHA256, and ECDH-P256
#[cfg(feature = "p256")]
bench_ciphersuite::<hpke::aead::AesGcm128, hpke::kdf::HkdfSha256, hpke::kem::DhP256HkdfSha256>(
"NIST[seclevel=128]",
&mut c,
);

// Non-NIST ciphersuite at the 128-bit security level is ChaCha20Poly1305, HKDF-SHA256, and X25519
#[cfg(feature = "x25519")]
bench_ciphersuite::<
hpke::aead::ChaCha20Poly1305,
hpke::kdf::HkdfSha256,
hpke::kem::X25519HkdfSha256,
>("Non-NIST[seclevel=128]", &mut c);

#[cfg(feature = "secp")]
bench_ciphersuite::<hpke::aead::AesGcm128, hpke::kdf::HkdfSha256, hpke::kem::SecpK256HkdfSha256>(
"secp", &mut c,
);
bench_ciphersuite::<
bitcoin_hpke::aead::AesGcm128,
bitcoin_hpke::kdf::HkdfSha256,
bitcoin_hpke::kem::SecpK256HkdfSha256,
>("secp", &mut c);
}

criterion_main!(benches);
Loading

0 comments on commit cf1ff5d

Please sign in to comment.