Make secp256k1 optional (#266)

libp2p/Cargo.toml

@@ -4,7 +4,8 @@ version = "0.1.0"
 authors = ["Parity Technologies <admin@parity.io>"]
 
 [features]
-default = ["libp2p-secio"]
+default = ["libp2p-secio", "libp2p-secio-secp256k1"]
+libp2p-secio-secp256k1 = ["libp2p-secio/secp256k1"]
 
 [dependencies]
 bytes = "0.4"
@@ -24,7 +25,7 @@ tokio-io = "0.1"
 
 [target.'cfg(not(target_os = "emscripten"))'.dependencies]
 libp2p-dns = { path = "../dns" }
-libp2p-secio = { path = "../secio", optional = true }
+libp2p-secio = { path = "../secio", optional = true, default-features = false }
 libp2p-tcp-transport = { path = "../tcp-transport" }
 tokio-core = "0.1"
 

secio/Cargo.toml

@@ -14,10 +14,13 @@ rand = "0.3.17"
 ring = { version = "0.12.1", features = ["rsa_signing"] }
 rust-crypto = "^0.2"
 rw-stream-sink = { path = "../rw-stream-sink" }
-secp256k1 = "0.9"
+secp256k1 = { version = "0.9", optional = true }
 tokio-io = "0.1.0"
 untrusted = "0.5.1"
 
+[features]
+default = ["secp256k1"]
+
 [dev-dependencies]
 libp2p-tcp-transport = { path = "../tcp-transport" }
 tokio-core = "0.1.6"

secio/src/handshake.rs

@@ -36,6 +36,7 @@ use ring::rand::SecureRandom;
 use ring::signature::verify as signature_verify;
 use ring::signature::{RSASigningState, RSA_PKCS1_2048_8192_SHA256, RSA_PKCS1_SHA256, ED25519};
 use ring::{agreement, digest, rand};
+#[cfg(feature = "secp256k1")]
 use secp256k1;
 use std::cmp::{self, Ordering};
 use std::io::{Error as IoError, ErrorKind as IoErrorKind};
@@ -152,6 +153,7 @@ where
                 SecioKeyPairInner::Ed25519 { .. } => {
                     public_key.set_Type(KeyTypeProtobuf::Ed25519);
                 },
+                #[cfg(feature = "secp256k1")]
                 SecioKeyPairInner::Secp256k1 { .. } => {
                     public_key.set_Type(KeyTypeProtobuf::Secp256k1);
                 },
@@ -335,6 +337,7 @@ where
                             let signature = key_pair.sign(&data_to_sign);
                             signature.as_ref().to_owned()
                         },
+                        #[cfg(feature = "secp256k1")]
                         SecioKeyPairInner::Secp256k1 { ref private } => {
                             let data_to_sign = digest::digest(&digest::SHA256, &data_to_sign);
                             let message = secp256k1::Message::from_slice(data_to_sign.as_ref())
@@ -429,6 +432,7 @@ where
                         },
                     }
                 },
+                #[cfg(feature = "secp256k1")]
                 Some(SecioPublicKey::Secp256k1(ref remote_public_key)) => {
                     let data_to_verify = digest::digest(&digest::SHA256, &data_to_verify);
                     let message = secp256k1::Message::from_slice(data_to_verify.as_ref())
@@ -449,6 +453,11 @@ where
                         return Err(SecioError::SignatureVerificationFailed)
                     }
                 },
+                #[cfg(not(feature = "secp256k1"))]
+                Some(SecioPublicKey::Secp256k1(_)) => {
+                    debug!("support for secp256k1 was disabled at compile-time");
+                    return Err(SecioError::SignatureVerificationFailed);
+                },
                 None => unreachable!("we store a Some in the remote public key before reaching \
                                       this point")
             };
@@ -618,6 +627,7 @@ mod tests {
     }
 
     #[test]
+    #[cfg(feature = "secp256k1")]
     fn handshake_with_self_succeeds_secp256k1() {
         let key1 = {
             let key = include_bytes!("../tests/test-secp256k1-private-key.der");

secio/src/lib.rs

@@ -81,6 +81,7 @@
 //! `SecioMiddleware` that implements `Sink` and `Stream` and can be used to send packets of data.
 //!
 
+#[cfg(feature = "secp256k1")]
 extern crate asn1_der;
 extern crate bytes;
 extern crate crypto;
@@ -92,12 +93,14 @@ extern crate protobuf;
 extern crate rand;
 extern crate ring;
 extern crate rw_stream_sink;
+#[cfg(feature = "secp256k1")]
 extern crate secp256k1;
 extern crate tokio_io;
 extern crate untrusted;
 
 pub use self::error::SecioError;
 
+#[cfg(feature = "secp256k1")]
 use asn1_der::{DerObject, traits::FromDerEncoded, traits::FromDerObject};
 use bytes::{Bytes, BytesMut};
 use futures::stream::MapErr as StreamMapErr;
@@ -198,6 +201,7 @@ impl SecioKeyPair {
     }
 
     /// Builds a `SecioKeyPair` from a raw secp256k1 32 bytes private key.
+    #[cfg(feature = "secp256k1")]
     pub fn secp256k1_raw_key<K>(key: K) -> Result<SecioKeyPair, Box<Error + Send + Sync>>
         where K: AsRef<[u8]>
     {
@@ -212,6 +216,7 @@ impl SecioKeyPair {
     }
 
     /// Builds a `SecioKeyPair` from a secp256k1 private key in DER format.
+    #[cfg(feature = "secp256k1")]
     pub fn secp256k1_from_der<K>(key: K) -> Result<SecioKeyPair, Box<Error + Send + Sync>>
         where K: AsRef<[u8]>
     {
@@ -233,6 +238,7 @@ impl SecioKeyPair {
             SecioKeyPairInner::Ed25519 { ref key_pair } => {
                 SecioPublicKey::Ed25519(key_pair.public_key_bytes().to_vec())
             },
+            #[cfg(feature = "secp256k1")]
             SecioKeyPairInner::Secp256k1 { ref private } => {
                 let secp = secp256k1::Secp256k1::with_caps(secp256k1::ContextFlag::SignOnly);
                 let pubkey = secp256k1::key::PublicKey::from_secret_key(&secp, private)
@@ -251,6 +257,7 @@ impl SecioKeyPair {
             SecioKeyPairInner::Ed25519 { ref key_pair } => {
                 PublicKeyBytesSlice(key_pair.public_key_bytes()).into()
             },
+            #[cfg(feature = "secp256k1")]
             SecioKeyPairInner::Secp256k1 { ref private } => {
                 let secp = secp256k1::Secp256k1::with_caps(secp256k1::ContextFlag::None);
                 let pubkey = secp256k1::key::PublicKey::from_secret_key(&secp, private)
@@ -276,6 +283,7 @@ enum SecioKeyPairInner {
         // We use an `Arc` so that we can clone the enum.
         key_pair: Arc<Ed25519KeyPair>,
     },
+    #[cfg(feature = "secp256k1")]
     Secp256k1 {
         private: secp256k1::key::SecretKey,
     },