v0.4.1 - draft-11 compatible, builds on latest Rust (#135)

* Fix Clippy (#85) * Update `curve25519-dalek` to 4.0.0-pre.5 (#86) * Update `curve25519-dalek` * Improve documentation * Adding all-features CI test (#87) * Upgrade `p256` to v0.12 (#90) * Upgrade `p256` to v0.12 * Upgrade MSRV to 1.60 (cherry picked from commit daa8dc0) * Replace `json` with `serde_json` (#92) (cherry picked from commit c8de516) * Fix Clippy (#96) (cherry picked from commit 74eaebe) * Depend on `ProjectivePoint: ToEncodedPoint` (#95) (cherry picked from commit 0409db6) * Update `curve25519-dalek` (#94) (cherry picked from commit 2787151) * Use explicit crate features (#100) (cherry picked from commit 5bce3e3) * Bump `curve25519-dalek` to v4.0.0-rc.1 (#102) (cherry picked from commit 8363d26) * Test P-384 (#84) (cherry picked from commit 83eb78b) * Update RustCrypto dependencies to v0.13 (#106) (cherry picked from commit 8b895cc) * Update curve25519-dalek requirement from =4.0.0-rc.1 to =4.0.0-rc.2 (#108) Updates the requirements on [curve25519-dalek](https://github.com/dalek-cryptography/curve25519-dalek) to permit the latest version. - [Release notes](https://github.com/dalek-cryptography/curve25519-dalek/releases) - [Changelog](https://github.com/dalek-cryptography/curve25519-dalek/blob/main/CHANGELOG.md) - [Commits](dalek-cryptography/curve25519-dalek@4.0.0-rc.1...4.0.0-rc.2) --- updated-dependencies: - dependency-name: curve25519-dalek dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (cherry picked from commit 4bd2cf4) * Updating dual-license language (#110) (cherry picked from commit f79ebf9) * Bump `curve25519-dalek` to v4.0.0-rc.3 (#113) (cherry picked from commit 209b957) * Bump `curve25519-dalek` to v4 (#116) (cherry picked from commit 0fdfdfd) * Fixing clippy IntoIterator warnings (#123) (cherry picked from commit c0162ec) * Bump actions/checkout from 3 to 4 (#120) Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v3...v4) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (cherry picked from commit 8da5684) * Updating setup-rust-action (#125) (cherry picked from commit 59e3fed) * Test P-521 (#127) (cherry picked from commit 68cc7d3) * Fix ambiguous lifetime elision (#131) (cherry picked from commit 40769f7) * Bump actions/cache from 3 to 4 (#132) Bumps [actions/cache](https://github.com/actions/cache) from 3 to 4. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@v3...v4) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (cherry picked from commit c93884a) * Fixups + cherry-picking changes from #101 * Fix Clippy warnings * More fixups, tests passing * Ensure CI runs on branch v0.4 --------- Co-authored-by: daxpedda <[email protected]> Co-authored-by: Kevin Lewi <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
facebook · Sep 24, 2024 · 8f20115 · 8f20115
1 parent 2dc6a8b
commit 8f20115
Show file tree

Hide file tree

Showing 26 changed files with 459 additions and 278 deletions.
diff --git a/.cargo/license.rs b/.cargo/license.rs
@@ -1,6 +1,7 @@
-// Copyright (c) Facebook, Inc. and its affiliates.
+// Copyright (c) Meta Platforms, Inc. and affiliates.
 //
-// This source code is licensed under both the MIT license found in the
-// LICENSE-MIT file in the root directory of this source tree and the Apache
+// This source code is dual-licensed under either the MIT license found in the
+// LICENSE-MIT file in the root directory of this source tree or the Apache
 // License, Version 2.0 found in the LICENSE-APACHE file in the root directory
-// of this source tree.
+// of this source tree. You may select, at your option, one of the above-listed
+// licenses.
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -3,16 +3,17 @@ on:
   push:
     branches:
       - main
+      - v0.4
   pull_request:
-    types: [opened, repoened, synchronize]
+    types: [opened, reopened, synchronize]
 
 jobs:
   cargo-audit:
     name: Audit
     runs-on: ubuntu-latest
     steps:
       - name: Cache cargo-audit
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           path: |
             ~/.cargo/.crates.toml
@@ -24,7 +25,7 @@ jobs:
         run: cargo install cargo-audit
 
       - name: Checkout sources
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Run cargo audit
         run: cargo audit -D warnings
@@ -35,20 +36,19 @@ jobs:
       fail-fast: false
       matrix:
         backend_feature:
-          - --features ristretto255-ciphersuite,ristretto255-u64
-          - --features ristretto255-ciphersuite,ristretto255-u32
+          - --features ristretto255-ciphersuite
           -
         frontend_feature:
           -
           - --features danger
           - --features serde
         toolchain:
           - stable
-          - 1.57.0
+          - 1.65.0
     name: test
     steps:
       - name: Checkout sources
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Install ${{ matrix.toolchain }} toolchain
         uses: actions-rs/toolchain@v1
@@ -75,6 +75,12 @@ jobs:
           command: test
           args: --no-default-features ${{ matrix.frontend_feature }},std ${{ matrix.backend_feature }}
 
+      - name: Run cargo test with all features enabled
+        uses: actions-rs/cargo@v1
+        with:
+          command: test
+          args: --all-features
+
   build-no-std:
     name: Build with no-std on ${{ matrix.target }}
     runs-on: ubuntu-latest
@@ -88,15 +94,14 @@ jobs:
           - thumbv6m-none-eabi
         backend_feature:
           -
-          - --features ristretto255-ciphersuite,ristretto255-u64
-          - --features ristretto255-ciphersuite,ristretto255-u32
+          - --features ristretto255-ciphersuite
         frontend_feature:
           -
           - --features danger
           - --features serde
     steps:
-      - uses: actions/checkout@v3
-      - uses: hecrj/setup-rust-action@v1
+      - uses: actions/checkout@v4
+      - uses: hecrj/setup-rust-action@v2
       - run: rustup target add ${{ matrix.target }}
       - run: cargo build --verbose --target=${{ matrix.target }} --no-default-features ${{ matrix.frontend_feature }} ${{ matrix.backend_feature }}
 
@@ -106,7 +111,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout sources
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Install stable toolchain
         uses: actions-rs/toolchain@v1
@@ -120,7 +125,7 @@ jobs:
         uses: actions-rs/cargo@v1
         with:
           command: clippy
-          args: --all-targets -- -D warnings
+          args: --all-features --all-targets -- -D warnings
 
       - name: Run cargo doc
         uses: actions-rs/cargo@v1
@@ -136,7 +141,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout sources
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Install nightly toolchain
         uses: actions-rs/toolchain@v1
@@ -157,7 +162,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Cache
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           path: |
             ~/.cargo/.crates.toml
@@ -166,10 +171,10 @@ jobs:
           key: taplo
 
       - name: Install Taplo
-        run: cargo install taplo-cli
+        run: cargo install taplo-cli --locked
 
       - name: Checkout sources
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Run Taplo
         run: taplo fmt --check
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -10,9 +10,10 @@ jobs:
     strategy:
       matrix:
         os: [ubuntu-latest]
+        rust: [stable]
 
     steps:
-    - uses: hecrj/setup-rust-action@v1
+    - uses: hecrj/setup-rust-action@v2
       with:
         rust-version: ${{ matrix.rust }}
     - uses: actions/checkout@master

diff --git a/.gitignore b/.gitignore
@@ -8,3 +8,7 @@ Cargo.lock
 
 # These are backup files generated by rustfmt
 **/*.rs.bk
+
+# Editors
+.idea
+.vscode
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,10 @@
 # Changelog
 
+## 0.4.1 (TBD)
+* Backport all non-protocol-breaking changes from versions 0.5+
+  * Fixes Rust 1.81+ compatibility, compatible with 0.4.0 (draft 11), incompatible with 0.5+ (final RFC)
+* Updated dependencies
+
 ## 0.4.0 (September 15, 2022)
 * Updated to be in sync with draft-irtf-cfrg-voprf-11, with
   the addition of the POPRF mode

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -27,4 +27,5 @@ outlined on that page and do not file a public issue.
 
 ## License
 By contributing to voprf, you agree that your contributions will be
-licensed under the LICENSE file in the root directory of this source tree.
+licensed under both the LICENSE-MIT and LICENSE-APACHE files in the root
+directory of this source tree.
diff --git a/Cargo.toml b/Cargo.toml
@@ -7,56 +7,63 @@ keywords = ["oprf"]
 license = "MIT"
 name = "voprf"
 readme = "README.md"
-repository = "https://github.com/novifinancial/voprf/"
-rust-version = "1.57"
-version = "0.4.0"
+repository = "https://github.com/facebook/voprf/"
+rust-version = "1.65"
+version = "0.4.1"
 
 [features]
 alloc = []
 danger = []
-default = ["ristretto255-ciphersuite", "ristretto255-u64", "serde"]
-ristretto255 = ["curve25519-dalek", "generic-array/more_lengths"]
-ristretto255-ciphersuite = ["ristretto255", "sha2"]
-ristretto255-fiat-u32 = ["curve25519-dalek/fiat_u32_backend", "ristretto255"]
-ristretto255-fiat-u64 = ["curve25519-dalek/fiat_u64_backend", "ristretto255"]
-ristretto255-simd = ["curve25519-dalek/simd_backend", "ristretto255"]
-ristretto255-u32 = ["curve25519-dalek/u32_backend", "ristretto255"]
-ristretto255-u64 = ["curve25519-dalek/u64_backend", "ristretto255"]
-serde = ["generic-array/serde", "serde_"]
+default = ["ristretto255-ciphersuite", "dep:serde"]
+ristretto255 = ["dep:curve25519-dalek", "generic-array/more_lengths"]
+ristretto255-ciphersuite = ["ristretto255", "dep:sha2"]
+serde = ["generic-array/serde", "dep:serde"]
 std = ["alloc"]
 
 [dependencies]
-curve25519-dalek = { version = "=4.0.0-pre.1", default-features = false, optional = true }
+curve25519-dalek = { version = "4", default-features = false, features = [
+  "rand_core",
+  "zeroize",
+], optional = true }
 derive-where = { version = "1", features = ["zeroize-on-drop"] }
 digest = "0.10"
 displaydoc = { version = "0.2", default-features = false }
-elliptic-curve = { version = "0.12", features = [
+elliptic-curve = { version = "0.13", features = [
   "hash2curve",
   "sec1",
   "voprf",
 ] }
 generic-array = "0.14"
 rand_core = { version = "0.6", default-features = false }
-serde_ = { version = "1", package = "serde", default-features = false, features = [
+serde = { version = "1", default-features = false, features = [
   "derive",
 ], optional = true }
 sha2 = { version = "0.10", default-features = false, optional = true }
-subtle = { version = "2.3", default-features = false }
-zeroize = { version = "1.5", default-features = false }
+subtle = { version = "2.6", default-features = false }
+zeroize = { version = "1.8", default-features = false }
 
 [dev-dependencies]
 generic-array = { version = "0.14", features = ["more_lengths"] }
 hex = "0.4"
-json = "0.12"
-p256 = { version = "0.11", default-features = false, features = [
+p256 = { version = "0.13", default-features = false, features = [
+  "hash2curve",
+  "voprf",
+] }
+p384 = { version = "0.13", default-features = false, features = [
+  "hash2curve",
+  "voprf",
+] }
+p521 = { version = "0.13.3", default-features = false, features = [
   "hash2curve",
   "voprf",
 ] }
 proptest = "1"
 rand = "0.8"
 regex = "1"
+serde_json = "1"
 sha2 = "0.10"
 
 [package.metadata.docs.rs]
-features = ["danger", "std"]
+all-features = true
+rustdoc-args = ["--cfg", "docsrs"]
 targets = []
diff --git a/LICENSE b/LICENSE
diff --git a/README.md b/README.md
@@ -1,4 +1,4 @@
-# voprf ![Build Status](https://github.com/novifinancial/voprf/workflows/Rust%20CI/badge.svg)
+# voprf ![Build Status](https://github.com/facebook/voprf/workflows/Rust%20CI/badge.svg)
 An implementation of a (verifiable) oblivious pseudorandom function (VOPRF)
 
 A VOPRF is a verifiable oblivious pseudorandom function, a protocol between a client and a server. The regular (non-verifiable) OPRF is also supported in this implementation.
@@ -16,12 +16,12 @@ Installation
 Add the following line to the dependencies of your `Cargo.toml`:
 
 ```
-voprf = "0.4"
+voprf = "0.4.1"
 ```
 
 ### Minimum Supported Rust Version
 
-Rust **1.57** or higher.
+Rust **1.65** or higher.
 
 Contributors
 ------------
@@ -32,4 +32,6 @@ To learn more about contributing to this project, [see this document](./CONTRIBU
 License
 -------
 
-This project is [licensed](./LICENSE) under either Apache 2.0 or MIT, at your option.
+This project is dual-licensed under either the [MIT license](./LICENSE-MIT)
+or the [Apache License, Version 2.0](./LICENSE-APACHE).
+You may select, at your option, one of the above-listed licenses.
diff --git a/src/ciphersuite.rs b/src/ciphersuite.rs
@@ -1,14 +1,15 @@
-// Copyright (c) Facebook, Inc. and its affiliates.
+// Copyright (c) Meta Platforms, Inc. and affiliates.
 //
-// This source code is licensed under both the MIT license found in the
-// LICENSE-MIT file in the root directory of this source tree and the Apache
+// This source code is dual-licensed under either the MIT license found in the
+// LICENSE-MIT file in the root directory of this source tree or the Apache
 // License, Version 2.0 found in the LICENSE-APACHE file in the root directory
-// of this source tree.
+// of this source tree. You may select, at your option, one of the above-listed
+// licenses.
 
 //! Defines the CipherSuite trait to specify the underlying primitives for VOPRF
 
 use digest::core_api::BlockSizeUser;
-use digest::{Digest, OutputSizeUser};
+use digest::{FixedOutput, HashMarker, OutputSizeUser};
 use elliptic_curve::VoprfParameters;
 use generic_array::typenum::{IsLess, IsLessOrEqual, U256};
 
@@ -22,25 +23,25 @@ where
 {
     /// The ciphersuite identifier as dictated by
     /// <https://datatracker.ietf.org/doc/draft-irtf-cfrg-voprf/>
-    const ID: u16;
+    const ID: &'static str;
 
     /// A finite cyclic group along with a point representation that allows some
     /// customization on how to hash an input to a curve point. See [`Group`].
     type Group: Group;
 
     /// The main hash function to use (for HKDF computations and hashing
     /// transcripts).
-    type Hash: BlockSizeUser + Digest;
+    type Hash: BlockSizeUser + Default + FixedOutput + HashMarker;
 }
 
 impl<T: VoprfParameters> CipherSuite for T
 where
     T: Group,
-    T::Hash: BlockSizeUser + Digest,
+    T::Hash: BlockSizeUser + Default + FixedOutput + HashMarker,
     <T::Hash as OutputSizeUser>::OutputSize:
         IsLess<U256> + IsLessOrEqual<<T::Hash as BlockSizeUser>::BlockSize>,
 {
-    const ID: u16 = T::ID;
+    const ID: &'static str = T::ID;
 
     type Group = T;