-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathCargo.toml
391 lines (365 loc) · 16.4 KB
/
Cargo.toml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
[workspace]
resolver = "2"
members = [
"app-rs",
"app-rs-codegen",
"byte-array",
"common",
"const-utils",
"gdrive",
"hex",
"lexe-api",
"lexe-ln",
"logger",
"node",
"payment-uri",
"run-sgx",
"sgx-test",
"sgx-toml",
"sgxs-sign",
"sha256",
]
[workspace.package]
authors = [
"Max Fang <[email protected]>",
"Philip Hayes <[email protected]>"
]
edition = "2021"
license = "PolyForm Noncommercial License 1.0.0"
# This is just a default version which can be inherited by workspace members
# that don't actually need semver versioning. Crates that require versioning
# will specify their version in their Cargo.toml as usual.
version = "0.1.0"
[workspace.dependencies]
# Use this section to declare dependencies used across multiple lexe crates.
# Lexe crates can then inherit the dependency using `workspace = true`.
# This makes it easier to keep dependency versions in sync. More info:
# https://doc.rust-lang.org/cargo/reference/workspaces.html#the-dependencies-table
# For verifying SGX Report MACs
aes = { version = "0.8", features = ["zeroize"] }
# Ad hoc error definition, easy error propagation, error chains
anyhow = "1"
# Like `RwLock<Arc<T>>` for read-mostly, write-seldom scenarios.
arc-swap = "1.7"
# Derive-based command line argument parsing
argh = "0.1"
# BER and DER parsers / encoders
# TODO(phlip9): avoid this extra dependency and just use `yasna` directly
asn1-rs = { version = "0.5", default-features = false }
# async fn's in trait methods
async-trait = "0.1"
# Web framework from tokio-rs community based on tokio, hyper, and tower.
axum = { version = "0.7", default-features = false, features = [
"http1",
"http2",
"macros" # Exposes `#[debug_handler]` and other useful macros
] }
# Converting to/from base 64.
base64 = "0.22"
# Binary canonical serialization format
bcs = "0.1"
# BDK (Bitcoin Dev Kit) libraries
bdk_wallet = { version = "=1.0.0-beta.5", default-features = false, features = ["std"] }
bdk_chain = { version = "0.20", default-features = false, features = ["std"] }
bdk_esplora = { version = "0.19", default-features = false, features = ["std", "async"] }
# Encoding and decoding of the Bech32 format.
bech32 = "0.9"
# BIP39 mnemonic codes
bip39 = { version = "2", features = ["zeroize"] }
# rust-bitcoin suite of libraries
bitcoin = { version = "0.32", features = ["serde"] }
bitcoin-bech32 = "0.12"
bitcoin_hashes = "0.14"
# For casting byte buffers to/from the AESM client from/to structured data.
bytemuck = { version = "1", default-features = false, features = ["derive", "min_const_generics"] }
# Abstractions for working with bytes
bytes = { version = "1", features = ["serde"] }
# Write #[cfg(..)] if-else statements without repeating clauses
cfg-if = "1"
# Datetime utilities
chrono = { version = "0.4", default-features = false, features = [
"std",
"clock"
] }
# For verifying SGX Report MACs
cmac = { version = "0.7", features = ["std", "zeroize"] }
# Allows setting environment variables using a .env file.
# dotenvy is a better maintained fork of dotenv
dotenvy = "0.15"
# General purpose sum type with two cases (left and right)
either = "1"
# High-level memory-safe Rust<->Dart FFI bindings.
# Keep this version in sync with `app_rs_dart/pubspec.yaml`.
flutter_rust_bridge = { version = "=2.7.1", default-features = false }
# The Rust+Dart codegen for flutter_rust_bridge
# Keep this version in sync with `app_rs_dart/pubspec.yaml`.
flutter_rust_bridge_codegen = { version = "=2.7.1", default-features = false, features = [] }
# Utils for working with futures
futures = "0.3"
# Core HTTP types and utils
http = "1"
http-body-util = "0.1"
# Low-level async HTTP library and server
# Use both hyper 0.14.28 and 1.0 at the same time while we transition
hyper = { version = "1", default-features = false, features = ["http2"] }
hyper_old = { version = "=0.14.28", package = "hyper", default-features = false, features = ["deprecated"] }
# Recursively walk directory, respecting .gitignore and other glob filters.
ignore = "0.4"
# Cross-platform access to host secret storage
keyring = { version = "2.0", default-features = false }
# For symbolizing backtrace frames from the enclave
object = { version = "0.30", default-features = false, features = ["read_core", "compression", "elf"] }
# Pieter Wuille's simpler alternative to Bitcoin Script
# The version should match that used by BDK.
miniscript = { version = "12", features = ["std"] }
# Small conversion from fixed ECDSA signature to ASN.1 format
num-bigint = { version = "0.4", default-features = false, features = [] }
# Encode/decode URLs with %-escaped characters
percent-encoding = "2.3"
# Property-based testing
proptest = { version = "1", default-features = false }
# Arbitrary derive macro
proptest-derive = "0.5"
# Traits and utilities for generating randomness
rand = { version = "0.8", default-features = false }
rand_core = { version = "0.6", default-features = false, features = ["alloc"] }
# Easily generate x509 certs with ring
rcgen = { version = "0.12", default-features = false, features = ["ring", "zeroize"] }
# Safely cast &T to &U when T is a single field new-type
ref-cast = "1"
# Efficient sparse bitmap data structure
roaring = "0.10"
# Pure Rust RSA implementation by RustCrypto. Used for SGX .sigstruct signing.
rsa = { version = "0.9.6", default-features = false, features = ["u64_digit"] }
# Decimal number representation suitable for financial calculations
rust_decimal = { version = "1", default-features = false, features = ["serde"] }
rust_decimal_macros = { version = "1", default-features = false }
# For demangling backtrace symbols into human-readable format
rustc-demangle = "0.1"
# TLS library
rustls = { version = "0.22", default-features = false }
# Deserialize PEM certs
rustls-pemfile = "1"
# TODO(max): Remove once esplora-client no longer needs it...
rustls21 = { package = "rustls", version = "0.21", default-features = false }
# Required to name our signature algorithms.
# The version should match that used by rustls.
# For some reason this breaks if we don't specify `package = "rustls-webpki"`
rustls-webpki = { version = "0.102", package = "rustls-webpki" }
# Rust bindings to libsecp256k1. Implements ECDSA and BIP 340 signatures.
# Version should match that used by the `bitcoin` crate.
secp256k1 = "0.29"
# A wrapper type for carefully handling secrets
secrecy = "0.8"
# SemVer version newtype for parsing and precedence
semver = "1"
# Serialization / deserialization framework
serde = { version = "1", features = ["derive"] }
serde_json = "1"
serde_urlencoded = "0.7" # keep in sync with axum version
serde_with = { version = "3", default-features = false, features = ["macros"] }
# Enum #[derive(..)] helpers
strum = { version = "0.26", features = ["derive"] }
# Temporary files and directories
tempfile = "3"
# Easy error definition
thiserror = "1"
# Datetime library used by rcgen. Should match rcgen's `time` version
time = "0.3"
# Lower-level async TLS interface
tokio-rustls = { version = "0.25", default-features = false }
# Utilities for testing futures
tokio-test = "0.4"
# serde-compatible TOML-parsing library
toml = "0.8"
# `Service` and `Layer`-based async middleware
tower = "0.4"
tower-http = "0.5"
tower-service = "0.3"
# Scoped, structured logging for asynchronous systems
tracing = "0.1"
tracing-core = "0.1"
tracing-subscriber = { version = "0.3", default-features = false, features = ["smallvec"] }
# Verify x509 certificates
webpki = { version = "0.22", default-features = false, features = ["std"] }
# Mozilla's set of trusted webpki root certificates hard-coded into a const
webpki-roots = "0.26"
# Parsing x509 cert extensions
# TODO(phlip9): avoid this extra dependency and just use `yasna` directly
x509-parser = { version = "0.15", default-features = false }
# For constructing/parsing ASN.1 data in x509 certs
yasna = { version = "0.5", default-features = false, features = ["num-bigint"] }
# --- PATCHED DEPENDENCIES --- #
# Use this section to declare patched dependencies.
# - See the following [patch.crates-io] section for patch declarations.
# - The version should use `=` to pin the exact version our patch applies to.
# `=` ensures `cargo update` doesn't accidentally update the dependency,
# leading to it becoming incompatible with our patch.
# A client for the Intel AESM service. Used during attestation to get quoted.
aesm-client = { version = "=0.6.0", default-features = false }
# High level webserver based on axum, tokio, hyper, and tower
axum-server = "=0.6.0"
# SGX Quote types
dcap-ql = { version = "=0.4.0", default-features = false }
# Fortanix EDP crate for running SGX applications, includes usercall extensions
enclave-runner = { version = "=0.6.0", default-features = false }
# Async Esplora client
esplora-client = { version = "0.10", default-features = false, features = ["async", "tokio"] }
# Hyper-related utilities
hyper-util = { version = "=0.1.5", default-features = false, features = ["http2"] }
# LDK (rust-lightning) libraries
lightning = { version = "=0.0.125", features = ["max_level_trace"] }
lightning-invoice = { version = "=0.32", features = ["std"] }
lightning-transaction-sync = { version = "=0.0.125", features = ["esplora-async"] }
# Required by tokio
mio = "=0.8.11"
# High-level HTTP client
reqwest = { version = "=0.12.1", default-features = false, features = ["http2", "rustls-tls-manual-roots"] }
# TODO(max): Remove once esplora-client no longer needs it
reqwest11 = { version = "=0.11.26", package = "reqwest", default-features = false }
# Safe and small crypto primitives based on BoringSSL
ring = "=0.17.8"
ring16 = { version = "=0.16.20", package = "ring" } # TODO(max): Remove
# Core SGX types and platform intrinsics (for sealing, reports, etc...)
sgx-isa = "=0.4.1"
sgxs = "=0.8.0"
sgxs-loaders = "=0.4.0"
# Asynchronous runtime
tokio = { version = "=1.36.0", default-features = false }
[patch.crates-io]
# NOTE: Make sure to duplicate any changes to the root Cargo.toml.
# Fortanix EDP (rust-sgx) crates.
# These patches remain licensed under MPL 2.0.
# * rust-sgx: hide all fortanixvme crates
# * ftx-sgx-tools: can build just `ftxsgx-elf2sgxs` on non-x86_64
# * enclave-runner: allow redirecting enclave standard input/output
# * enclave-runner: tighten tokio+futures features
aesm-client = { git = "https://github.com/lexe-app/rust-sgx", branch = "lexe-30cfd65c-2024_08_29" }
async-usercalls = { git = "https://github.com/lexe-app/rust-sgx", branch = "lexe-30cfd65c-2024_08_29" }
dcap-ql = { git = "https://github.com/lexe-app/rust-sgx", branch = "lexe-30cfd65c-2024_08_29" }
enclave-runner = { git = "https://github.com/lexe-app/rust-sgx", branch = "lexe-30cfd65c-2024_08_29" }
sgx-isa = { git = "https://github.com/lexe-app/rust-sgx", branch = "lexe-30cfd65c-2024_08_29" }
sgxs = { git = "https://github.com/lexe-app/rust-sgx", branch = "lexe-30cfd65c-2024_08_29" }
sgxs-loaders = { git = "https://github.com/lexe-app/rust-sgx", branch = "lexe-30cfd65c-2024_08_29" }
# * license: Add dual license information
# * server: Propagate current span across `tokio::spawn`
# * fix: propagate graceful shutdown to inner hyper connection
# PR: <https://github.com/programatik29/axum-server/pull/119>
axum-server = { git = "https://github.com/lexe-app/axum-server", branch = "lexe-v0.6.0-2024_10_11" }
# * license: Add dual license information
# * refactor(async)!: remove async-std dependency, allow custom runtime
# - TODO(max): Remove once merged
# * cargo: Reduce `tokio` requirement to 1.36
# - TODO(max): Remove
esplora-client = { git = "https://github.com/lexe-app/rust-esplora-client", branch = "lexe-v0.10.0-2024_11_14" }
# esplora-client.path = "../../forks/rust-esplora-client"
# * license: Add dual license information
# * sgx: socket2 requires `client-legacy-socket2` cfg
# * sgx: Skip DNS resolution in SGX
hyper-util = { git = "https://github.com/lexe-app/hyper-util", branch = "lexe-v0.1.5-2024_10_11" }
# * license: Add dual license information
# * support sgx: Remove socket2 dependency. Just use tokio APIs directly.
# TODO(max): Remove this patch once everything updates to hyper 1.0
hyper_old = { package = "hyper", git = "https://github.com/lexe-app/hyper", branch = "lexe-v0.14.28-2024_10_11" }
# * license: Add dual license information
# * lightning-transaction-sync: esplora-client -> 0.10 TODO(max): Remove
# * lightning-net-tokio: Add `*_with_executor` APIs TODO(max): Remove
# * lightning-net-tokio: Switch to tokio `TcpStream`s TODO(max): Remove
lightning = { git = "https://github.com/lexe-app/rust-lightning", branch = "lexe-v0.0.125-2025_01_17" }
lightning-invoice = { git = "https://github.com/lexe-app/rust-lightning", branch = "lexe-v0.0.125-2025_01_17" }
lightning-transaction-sync = { git = "https://github.com/lexe-app/rust-lightning", branch = "lexe-v0.0.125-2025_01_17" }
# lightning.path = "../../ldk/lightning"
# lightning-invoice.path = "../../ldk/lightning-invoice"
# lightning-transaction-sync.path = "../../ldk/lightning-transaction-sync"
# * fortanix: SGX port
# * license: Add dual license information
# * test: fix testing script
# * net: add `TcpStream::try_into_std`, used by our `tokio` SGX patchset
# * Revert "Support compilers with stdlibs that don't have `Send` `User<T>` types"
mio = { git = "https://github.com/lexe-app/mio", branch = "lexe-v0.8.11-2024_10_11" }
# * license: Add dual license information
# * proxy: Expose `ProxyScheme`, `set_custom_http_auth`
# * lib: Fail compilation if using insecure TLS roots
reqwest = { git = "https://github.com/lexe-app/reqwest", branch = "lexe-v0.12.1-2024_10_11" }
reqwest11 = { package = "reqwest", git = "https://github.com/lexe-app/reqwest", branch = "lexe-v0.11.26-2024_10_11" }
# * license: Add dual license information
# * cpu: use static cpuid feature set in SGX enclaves
# * rand: Use `RDRAND` implementation in SGX
# * build: Always build from source
ring = { git = "https://github.com/lexe-app/ring", branch = "lexe-v0.17.8-2024_10_11" }
ring16 = { package = "ring", git = "https://github.com/lexe-app/ring", branch = "lexe-v0.16.20-2024_10_11" }
# * license: Add dual license information
# * fortanix: SGX port
# * test: fix testing script
# * net: add SGX `TcpStream::into_std` used by `lightning-net-tokio` TODO(phlip9): Remove
tokio = { git = "https://github.com/lexe-app/tokio", branch = "lexe-v1.36.0-2024_10_11" }
[profile.release]
# Enable "thin" LTO (link-time optimization) for better perf+binary size. "fat"
# LTO is marginally better perf-wise but much slower linking time.
lto = "thin"
strip = "debuginfo"
# For some reason, the `ring` build via nix + x86_64-unknown-linux-gnu is
# failing in its `build.rs` because it's compiling the native code with `-O0`
# (no optimizations)...
[profile.release.build-override]
opt-level = 3
# The Rust profile used when building the node SGX enclave in release mode.
# These options are tuned through trial and error to minimize reproducibility
# issues :)
[profile.release-sgx]
inherits = "release"
# panic = "unwind" # sometimes repro diff?
# TODO(phlip9): fix `panic` -> `catch_unwind` -> `resume_unwind` swallowing
# panic message and backtrace in enclave.
panic = "abort"
codegen-units = 1
# lto = "fat" # big repro diff
lto = "thin"
# opt-level = 3 # big repro diff
opt-level = 2
debug = 0
strip = "debuginfo"
# NOTE: dev includes `check`, `clippy`, `test`, etc
[profile.dev]
# Our debug binaries are seriously bloated with sections like `.debug_pubtypes`
# eating literally _hundreds_ of MiB. All this debug info is useless outside of
# a debugger, which we rarely use.
#
# > Generates the minimal amount of debug info for backtraces with filename/line
# > number info, but not anything else, i.e. no variable or function parameter
# > info.
debug = "line-tables-only"
# This fixes 'warning: can't find symbol' when debugging, but breaks the
# server's build.rs, so it should always be commented out in git. More info:
# https://github.com/rust-lang/rust/issues/40787#issuecomment-1019465942
# https://doc.rust-lang.org/cargo/reference/profiles.html#split-debuginfo
# split-debuginfo = "packed"
#
# optimize some hot crypto/low-level packages even in debug mode
#
# ring
[profile.dev.package.ring]
opt-level = 3
[profile.dev.package.spin]
opt-level = 3
[profile.dev.package.untrusted]
opt-level = 3
# bitcoin
[profile.dev.package.secp256k1]
opt-level = 3
[profile.dev.package.secp256k1-sys]
opt-level = 3
[profile.dev.package.bitcoin_hashes]
opt-level = 3
# misc encoding
[profile.dev.package.base64]
opt-level = 3
[profile.dev.package.bytes]
opt-level = 3
# proptest
[profile.dev.package.proptest]
opt-level = 3
[profile.dev.package.rand_chacha]
opt-level = 3
[profile.dev.package.rand_xorshift]
opt-level = 3