Merge pull request #46 from nyonson/packet-handler-interface

Simplify packet handler interface and add alloc feature flag

.github/workflows/ci.yml

@@ -35,5 +35,5 @@ jobs:
         run: |
           rustup target add --toolchain ${{ matrix.toolchain }} thumbv7m-none-eabi
           cargo install cross
-          cross build --package bip324 --target thumbv7m-none-eabi --no-default-features
+          cross build --package bip324 --target thumbv7m-none-eabi --no-default-features --features alloc
         

protocol/Cargo.toml

@@ -10,7 +10,8 @@ rust-version = "1.56.1"
 
 [features]
 default = ["std"]
-std = ["secp256k1/std", "rand/std", "rand/std_rng"]
+std = ["alloc", "secp256k1/std", "rand/std", "rand/std_rng"]
+alloc = []
 
 [dependencies]
 secp256k1 = { version="0.29.0", default-features = false}

protocol/README.md

@@ -2,10 +2,17 @@
 
 Alice and Bob initiate a connection by sending three messages to each other to derive a number of shared secrets. Alice begins the connection by deriving a public/private keypair over `secp256k1`, the typical Bitcoin curve. Alice is known as the *initiator*. She encodes the public key in the [Elligator Swift](https://eprint.iacr.org/2022/759.pdf) format (64-bytes), optionally pads it with some random garbage bytes, and sends the message to Bob. Bob, known as the *responder*, decodes the Elligator Swift public key, and derives an ephemeral public/private keypair himself. Using his public and private keys, as well as Alice's public key, Bob performs a variation of the Elliptic Curve Diffie Hellman algorithm to derive a shared key. From this shared key, Bob derives multiple keys and a session ID using the HKDF algorithm. Next, Bob creates garbage data, and sends his public key, garbage data, an encrypted packet using the garbage data, and a version negotiation to Alice. With Bob's public key, Alice derives the shared secret and ensures the decrypted packet is authenticated with the garbage Bob sent her. Finally, Alice sends a "garbage terminator" and an encrypted packet using her garbage data, so Bob may authenticate she derived the correct secret and he can decode her messages. Alice and Bob may now freely exchange encrypted messages over the Bitcoin P2P protocol.
 
+## Interface
+
 The library exposes two core structures, the `Handshake` and the `PacketHandler`. The handshake is used to generate a packet handler and performs the one-and-a-half roundtrips dance between the peers described above. A successful handshake results in a packet handler which performs the encrypt and decrypt operations for the channel.
 
 Both structures are designed with a bare `no_std` and "Sans I/O" interface to keep them as agnostic as possible to application runtimes. 
 
+## Feature Flags
+
+- `alloc` -- Expose memory allocation dependent features.
+- `std` -- Includes the `alloc` memory allocation feature as well as extra standard library dependencies for I/O and random number generators.
+
 ## ChaCha20Poly1305
 
 BIP324 elects to use the ChaCha20Poly1305 Authenticated Encryption with Addition Data (AEAD) algorithm under the hood. This is a combination of the ChaCha20 stream cipher and the Poly1305 message authentication code (MAC). In this context, "authentication" refers to the encrypted message's integrity, not to the identity of either party communicating.

protocol/src/chacha20poly1305.rs

@@ -5,7 +5,7 @@ mod poly1305;
 use chacha20::ChaCha20;
 use poly1305::Poly1305;
 
-use alloc::fmt;
+use core::fmt;
 
 /// Zero array for padding slices.
 const ZEROES: [u8; 16] = [0u8; 16];

protocol/src/chacha20poly1305/chacha20.rs

@@ -1,6 +1,6 @@
 //! The ChaCha20 stream cipher based on RFC7539.
 
-use alloc::fmt;
+use core::fmt;
 
 /// Possible errors using the ChaCha20 cipher.
 #[derive(Copy, Clone, Debug, PartialEq, Eq)]

protocol/src/chacha20poly1305/poly1305.rs

@@ -3,7 +3,7 @@
 //! Implementation heavily inspired by [this implementation in C](https://github.com/floodyberry/poly1305-donna/blob/master/poly1305-donna-32.h)
 //! referred to as "Donna". Further reference to [this](https://loup-vaillant.fr/tutorials/poly1305-design) article was used to formulate the multiplication loop.
 
-use alloc::fmt;
+use core::fmt;
 
 /// 2^26 for the 26-bit limbs.
 const BITMASK: u32 = 0x03ffffff;

protocol/src/fschacha20poly1305.rs

@@ -1,4 +1,4 @@
-use alloc::fmt;
+use core::fmt;
 
 use crate::chacha20poly1305::chacha20::ChaCha20;
 use crate::chacha20poly1305::ChaCha20Poly1305;