Make features requiring std optional

This commit changes some of the functionality of this crate to not use
`std` or `alloc`.

It also adds the following optional features to this crate:
- `std`
- `signing`
- `dkg`

All the features except `dkg` are enabled by default and may be disabled
with `default-features = false` in `Cargo.toml`.

The main goal of this commit is to allow `no_std` creates to consume
a subset of this crate.

Author: andiflabs

.github/workflows/ci.yml

@@ -20,18 +20,18 @@ jobs:
           save-if: false
           shared-key: base
 
-      - name: Install Cargo tools
+      - name: Install rustfmt and clippy
         run: |
           rustup component add rustfmt clippy
 
       - name: Check for license headers
         run: ./ci/lintHeaders.sh
 
-      - name: "`cargo fmt` check"
+      - name: cargo fmt
         run: |
           cargo fmt --all -- --check
 
-      - name: "Clippy check on"
+      - name: cargo clippy
         run: |
           cargo clippy --all-targets -- -D warnings
 
@@ -47,10 +47,14 @@ jobs:
           save-if: false
           shared-key: base
 
+      - name: Install cargo-all-features
+        run: |
+          cargo install --locked cargo-all-features
+
       - name: Run tests (debug mode)
         run: |
-          cargo test
+          cargo test-all-features
 
       - name: Run tests (release mode)
         run: |
-          cargo test --release
+          cargo test-all-features --release

Cargo.toml

@@ -9,16 +9,23 @@ homepage = "https://ironfish.network/"
 repository = "https://github.com/iron-fish/ironfish-frost"
 
 [dependencies]
-blake3 = "1.5.0"
+blake3 = { version = "1.5.0", optional = true }
 chacha20 = "0.9.1"
-chacha20poly1305 = { version = "0.10.1", features = ["std"] }
+chacha20poly1305 = "0.10.1"
 ed25519-dalek = { version = "2.1.0", features = ["rand_core"] }
-rand_chacha = "0.3.1"
+rand_chacha = { version = "0.3.1", optional = true }
 rand_core = "0.6.4"
 reddsa = { git = "https://github.com/ZcashFoundation/reddsa.git", rev = "311baf8865f6e21527d1f20750d8f2cf5c9e531a", features = ["frost", "frost-rerandomized"] }
-siphasher = "1.0.0"
+siphasher = { version = "1.0.0", optional = true }
 x25519-dalek = { version = "2.0.0", features = ["reusable_secrets", "static_secrets"] }
 
 [dev-dependencies]
 hex-literal = "0.4.1"
 rand = "0.8.5"
+
+[features]
+default = ["std", "signing"]
+
+std = []
+signing = ["dep:blake3", "dep:rand_chacha", "dep:siphasher", "std"]
+dkg = ["std", "signing"]

src/dkg/group_key.rs

@@ -3,7 +3,6 @@
  * file, You can obtain one at https://mozilla.org/MPL/2.0/. */
 
 use crate::multienc;
-use crate::multienc::MultiRecipientBlob;
 use crate::participant::Identity;
 use crate::participant::Secret;
 use rand_core::CryptoRng;
@@ -70,16 +69,16 @@ impl GroupSecretKeyShard {
         Ok(Self { shard })
     }
 
-    pub fn export<'a, I, R>(&self, recipients: I, csrng: R) -> io::Result<Vec<u8>>
+    pub fn export<'a, I, R>(&self, recipients: I, csrng: R) -> Vec<u8>
     where
         I: IntoIterator<Item = &'a Identity>,
+        I::IntoIter: ExactSizeIterator,
         R: RngCore + CryptoRng,
     {
-        multienc::encrypt(&self.shard, recipients, csrng).serialize()
+        multienc::encrypt(&self.shard, recipients, csrng)
     }
 
     pub fn import(secret: &Secret, exported: &[u8]) -> io::Result<Self> {
-        let exported = MultiRecipientBlob::deserialize_from(exported)?;
         let bytes = multienc::decrypt(secret, &exported).map_err(io::Error::other)?;
 
         if bytes.len() != GROUP_SECRET_KEY_LEN {
@@ -184,9 +183,7 @@ mod tests {
         let shard = GroupSecretKeyShard::random(thread_rng());
 
         // Encrypt the shard with all the identities at once
-        let exported = shard
-            .export(&identities, thread_rng())
-            .expect("export failed");
+        let exported = shard.export(&identities, thread_rng());
 
         // Ensure that the exported blob does not contain the shard in cleartext
         let shard_cleartext = shard.serialize();

src/dkg/round1.rs

@@ -7,7 +7,6 @@ use crate::checksum::ChecksumHasher;
 use crate::checksum::CHECKSUM_LEN;
 use crate::dkg::error::Error;
 use crate::dkg::group_key::GroupSecretKeyShard;
-use crate::dkg::group_key::GroupSecretKeyShardSerialization;
 use crate::frost;
 use crate::frost::keys::dkg::round1::Package;
 use crate::frost::keys::dkg::round1::SecretPackage;
@@ -16,7 +15,7 @@ use crate::frost::Field;
 use crate::frost::Identifier;
 use crate::frost::JubjubScalarField;
 use crate::multienc;
-use crate::multienc::MultiRecipientBlob;
+use crate::multienc::read_encrypted_blob;
 use crate::participant;
 use crate::participant::Identity;
 use crate::serde::read_u16;
@@ -143,16 +142,18 @@ pub fn export_secret_package<R: RngCore + CryptoRng>(
     if serializable.identifier != identity.to_frost_identifier() {
         return Err(io::Error::other("identity mismatch"));
     }
+
     let mut serialized = Vec::new();
-    serializable.serialize_into(&mut serialized)?;
-    multienc::encrypt(&serialized, [identity], csrng).serialize()
+    serializable
+        .serialize_into(&mut serialized)
+        .expect("serialization failed");
+    Ok(multienc::encrypt(&serialized, [identity], csrng))
 }
 
 pub fn import_secret_package(
     exported: &[u8],
     secret: &participant::Secret,
 ) -> io::Result<SecretPackage> {
-    let exported = MultiRecipientBlob::deserialize_from(exported)?;
     let serialized = multienc::decrypt(secret, &exported).map_err(io::Error::other)?;
     SerializableSecretPackage::deserialize_from(&serialized[..]).map(|pkg| pkg.into())
 }
@@ -182,8 +183,7 @@ where
 pub struct PublicPackage {
     identity: Identity,
     frost_package: Package,
-    group_secret_key_shard_encrypted:
-        MultiRecipientBlob<Vec<GroupSecretKeyShardSerialization>, Vec<u8>>,
+    group_secret_key_shard_encrypted: Vec<u8>,
     checksum: Checksum,
 }
 
@@ -224,9 +224,7 @@ impl PublicPackage {
         &self.frost_package
     }
 
-    pub fn group_secret_key_shard_encrypted(
-        &self,
-    ) -> &MultiRecipientBlob<Vec<GroupSecretKeyShardSerialization>, Vec<u8>> {
+    pub fn group_secret_key_shard_encrypted(&self) -> &[u8] {
         &self.group_secret_key_shard_encrypted
     }
 
@@ -253,8 +251,7 @@ impl PublicPackage {
         self.identity.serialize_into(&mut writer)?;
         let frost_package = self.frost_package.serialize().map_err(io::Error::other)?;
         write_variable_length_bytes(&mut writer, &frost_package)?;
-        self.group_secret_key_shard_encrypted
-            .serialize_into(&mut writer)?;
+        writer.write_all(&self.group_secret_key_shard_encrypted[..])?;
         writer.write_all(&self.checksum.to_le_bytes())?;
         Ok(())
     }
@@ -265,7 +262,7 @@ impl PublicPackage {
         let frost_package = read_variable_length_bytes(&mut reader)?;
         let frost_package = Package::deserialize(&frost_package).map_err(io::Error::other)?;
 
-        let group_secret_key_shard_encrypted = MultiRecipientBlob::deserialize_from(&mut reader)?;
+        let group_secret_key_shard_encrypted = read_encrypted_blob(&mut reader)?;
 
         let mut checksum = [0u8; CHECKSUM_LEN];
         reader.read_exact(&mut checksum)?;

src/dkg/round2.rs

@@ -17,7 +17,6 @@ use crate::frost::Field;
 use crate::frost::Identifier;
 use crate::frost::JubjubScalarField;
 use crate::multienc;
-use crate::multienc::MultiRecipientBlob;
 use crate::participant;
 use crate::participant::Identity;
 use crate::serde::read_u16;
@@ -142,16 +141,18 @@ pub fn export_secret_package<R: RngCore + CryptoRng>(
     if serializable.identifier != identity.to_frost_identifier() {
         return Err(io::Error::other("identity mismatch"));
     }
+
     let mut serialized = Vec::new();
-    serializable.serialize_into(&mut serialized)?;
-    multienc::encrypt(&serialized, [identity], csrng).serialize()
+    serializable
+        .serialize_into(&mut serialized)
+        .expect("serialization failed");
+    Ok(multienc::encrypt(&serialized, [identity], csrng))
 }
 
 pub fn import_secret_package(
     exported: &[u8],
     secret: &participant::Secret,
 ) -> io::Result<SecretPackage> {
-    let exported = MultiRecipientBlob::deserialize_from(exported)?;
     let serialized = multienc::decrypt(secret, &exported).map_err(io::Error::other)?;
     SerializableSecretPackage::deserialize_from(&serialized[..]).map(|pkg| pkg.into())
 }

src/dkg/round3.rs

@@ -11,10 +11,99 @@ use crate::dkg::round2;
 use crate::dkg::round2::import_secret_package;
 use crate::frost::keys::dkg::part3;
 use crate::frost::keys::KeyPackage;
-use crate::keys::PublicKeyPackage;
+use crate::frost::keys::PublicKeyPackage as FrostPublicKeyPackage;
+use crate::participant::Identity;
 use crate::participant::Secret;
+use crate::serde::read_u16;
+use crate::serde::read_variable_length;
+use crate::serde::read_variable_length_bytes;
+use crate::serde::write_u16;
+use crate::serde::write_variable_length;
+use crate::serde::write_variable_length_bytes;
+use reddsa::frost::redjubjub::VerifyingKey;
 use std::borrow::Borrow;
 use std::collections::BTreeMap;
+use std::io;
+
+#[derive(Clone, Eq, PartialEq, Debug)]
+pub struct PublicKeyPackage {
+    frost_public_key_package: FrostPublicKeyPackage,
+    identities: Vec<Identity>,
+    min_signers: u16,
+}
+
+impl PublicKeyPackage {
+    #[must_use]
+    pub fn from_frost<I>(
+        frost_public_key_package: FrostPublicKeyPackage,
+        identities: I,
+        min_signers: u16,
+    ) -> Self
+    where
+        I: IntoIterator<Item = Identity>,
+    {
+        Self {
+            frost_public_key_package,
+            identities: identities.into_iter().collect(),
+            min_signers,
+        }
+    }
+
+    pub fn identities(&self) -> &[Identity] {
+        &self.identities[..]
+    }
+
+    pub fn verifying_key(&self) -> &VerifyingKey {
+        self.frost_public_key_package.verifying_key()
+    }
+
+    pub fn frost_public_key_package(&self) -> &FrostPublicKeyPackage {
+        &self.frost_public_key_package
+    }
+
+    pub fn min_signers(&self) -> u16 {
+        self.min_signers
+    }
+
+    pub fn serialize(&self) -> Vec<u8> {
+        let mut bytes = Vec::new();
+        self.serialize_into(&mut bytes)
+            .expect("serialization failed");
+        bytes
+    }
+
+    #[cfg(feature = "std")]
+    pub fn serialize_into<W: io::Write>(&self, mut writer: W) -> io::Result<()> {
+        let frost_public_key_package = self
+            .frost_public_key_package
+            .serialize()
+            .map_err(io::Error::other)?;
+        write_variable_length_bytes(&mut writer, &frost_public_key_package)?;
+        write_variable_length(&mut writer, &self.identities, |writer, identity| {
+            identity.serialize_into(writer)
+        })?;
+        write_u16(&mut writer, self.min_signers)?;
+
+        Ok(())
+    }
+
+    #[cfg(feature = "std")]
+    pub fn deserialize_from<R: io::Read>(mut reader: R) -> io::Result<Self> {
+        let frost_public_key_package = read_variable_length_bytes(&mut reader)?;
+        let frost_public_key_package =
+            FrostPublicKeyPackage::deserialize(&frost_public_key_package)
+                .map_err(io::Error::other)?;
+        let identities =
+            read_variable_length(&mut reader, |reader| Identity::deserialize_from(reader))?;
+        let min_signers = read_u16(&mut reader)?;
+
+        Ok(PublicKeyPackage {
+            frost_public_key_package,
+            identities,
+            min_signers,
+        })
+    }
+}
 
 pub fn round3<'a, P, Q>(
     secret: &Secret,
@@ -153,10 +242,71 @@ where
 
 #[cfg(test)]
 mod tests {
-    use super::*;
+    use super::round3;
+    use super::PublicKeyPackage;
+    use crate::dkg::error::Error;
     use crate::dkg::round1;
+    use crate::dkg::round2;
     use crate::participant::Secret;
+    use hex_literal::hex;
     use rand::thread_rng;
+    use reddsa::frost::redjubjub::keys::split;
+    use reddsa::frost::redjubjub::SigningKey;
+    use reddsa::frost::redpallas::frost::keys::IdentifierList;
+
+    #[test]
+    fn public_pkg_serialization_roundtrip() {
+        let secret1 = Secret::random(thread_rng());
+        let secret2 = Secret::random(thread_rng());
+        let id1 = secret1.to_identity();
+        let id2 = secret2.to_identity();
+
+        let mut rng = thread_rng();
+        let signing_key = SigningKey::new(&mut rng);
+
+        let (_, frost_public_key_package) = split(
+            &signing_key,
+            2,
+            2,
+            IdentifierList::Custom(&[id1.to_frost_identifier(), id2.to_frost_identifier()]),
+            &mut rng,
+        )
+        .expect("signing key split failed");
+
+        let public_key_package =
+            PublicKeyPackage::from_frost(frost_public_key_package, [id1, id2], 2);
+
+        let serialized = public_key_package.serialize();
+
+        let deserialized = PublicKeyPackage::deserialize_from(&serialized[..])
+            .expect("public key package deserialization failed");
+
+        assert_eq!(public_key_package, deserialized)
+    }
+
+    #[test]
+    fn public_pkg_deserialization_regression() {
+        let serialization = hex!(
+            "
+            a600000000c3d2051e02b62709a88950f3a75eb0d03a9510123a72947eb083b5822
+            e874793e8f40f6b0ba381109571a24f9f87421f0393f45cee913ef891bd75eb7ba7
+            a5611858a80305cf631451a7d94604cb32d11285ebd4b6ee797eceaa464b2dfcd09
+            7295cacf90c579265130e9e37225a23dfd51da2c4b8db499cb0e7aa6b03a15cde2d
+            b678e99c94974b2a766f83b134c5c782803f5f5a65bc4a6392f6a81062ad8292e84
+            4f3c00200000072cf6be086f2453ec7ce6f7b76fbb35c4dcf6fac1737dbcc2a2467
+            b3f0c8453574ad36e9dd2b092aa0870930ed6be8d9ba40c146c5b2110fbb03f7e3b
+            60e5d63347f47bd69c418630d0c4d3301f0a910c3d127c9d7064cedf26c0c2f0cea
+            9486a8993eea77744ead60ea210bc43a4c56be4933762dddaba145fb215c5dbaebc
+            a0272586e451ceb90d00fde8fa96f7eba99845066803aef4073ca39f3af9050b9f0
+            bc63deb3652c1455090070a8dd3376128e093726a055bab2e2d2325cb5c978b62eb
+            a97c6b42325cf4fc106321b7c8979fc123dc77a5da91ace3b3245405d680b9bcc13
+            5828ac28415305d74abe2ca084639dd1ab7bb8c69930cf0a55a1151022020200
+        "
+        );
+        let deserialized =
+            PublicKeyPackage::deserialize_from(&serialization[..]).expect("deserialization failed");
+        assert_eq!(&serialization[..], deserialized.serialize());
+    }
 
     #[test]
     fn test_round3_missing_round1_packages() {