Make bls12_381_plus dependency more flexible again

.github/actions/iota-sandbox/tear-down/action.yml

@@ -7,6 +7,6 @@ runs:
       shell: bash
       run: |
         cd iota-sandbox/sandbox
-        docker-compose down
+        docker compose down
         cd ../..
         sudo rm -rf iota-sandbox

Cargo.toml

@@ -20,7 +20,7 @@ members = [
 exclude = ["bindings/wasm", "bindings/grpc"]
 
 [workspace.dependencies]
-bls12_381_plus = { version = "=0.8.15" }
+bls12_381_plus = { version = "0.8.17" }
 serde = { version = "1.0", default-features = false, features = ["alloc", "derive"] }
 thiserror = { version = "1.0", default-features = false }
 strum = { version = "0.25", default-features = false, features = ["std", "derive"] }

bindings/wasm/Cargo.toml

@@ -17,7 +17,7 @@ crate-type = ["cdylib", "rlib"]
 
 [dependencies]
 async-trait = { version = "0.1", default-features = false }
-bls12_381_plus = "=0.8.15"
+bls12_381_plus = "0.8.17"
 console_error_panic_hook = { version = "0.1" }
 futures = { version = "0.3" }
 identity_eddsa_verifier = { path = "../../identity_eddsa_verifier", default-features = false, features = ["ed25519"] }

identity_core/Cargo.toml

@@ -12,7 +12,7 @@ rust-version.workspace = true
 description = "The core traits and types for the identity-rs library."
 
 [dependencies]
-iota-crypto = { version = "0.23", default-features = false, features = ["ed25519", "random", "sha", "x25519", "std"] }
+iota-crypto = { version = "0.23.2", default-features = false, features = ["ed25519", "random", "sha", "x25519", "std"] }
 multibase = { version = "0.9", default-features = false, features = ["std"] }
 serde = { workspace = true, features = ["std"] }
 serde_json = { workspace = true, features = ["std"] }

identity_core/src/common/ordered_set.rs

@@ -488,7 +488,7 @@ mod tests {
   /// Produces a strategy for generating an ordered set together with two values according to the following algorithm:
   /// 1. Call `f` to get a pair of sets (x,y).
   /// 2. Toss a coin to decide whether to pick an element from x at random, or from y (if the chosen set is empty
-  /// Default is called). 3. Repeat step 2 and let the two outcomes be denoted a and b.
+  ///    Default is called). 3. Repeat step 2 and let the two outcomes be denoted a and b.
   /// 4. Toss a coin to decide whether to swap the keys of a and b.
   /// 5. return (x,a,b)
   fn set_with_values<F, T, U>(f: F) -> impl Strategy<Value = (OrderedSet<T>, T, T)>

identity_credential/Cargo.toml

@@ -39,7 +39,7 @@ zkryptium = { workspace = true, optional = true }
 [dev-dependencies]
 anyhow = "1.0.62"
 identity_eddsa_verifier = { path = "../identity_eddsa_verifier", default-features = false, features = ["ed25519"] }
-iota-crypto = { version = "0.23", default-features = false, features = ["ed25519", "std", "random"] }
+iota-crypto = { version = "0.23.2", default-features = false, features = ["ed25519", "std", "random"] }
 proptest = { version = "1.4.0", default-features = false, features = ["std"] }
 tokio = { version = "1.35.0", default-features = false, features = ["rt-multi-thread", "macros"] }
 

identity_credential/src/credential/jwt_serialization.rs

@@ -32,7 +32,7 @@ use crate::Result;
 /// This type is opinionated in the following ways:
 /// 1. Serialization tries to duplicate as little as possible between the required registered claims and the `vc` entry.
 /// 2. Only allows serializing/deserializing claims "exp, iss, nbf &/or iat, jti, sub and vc". Other custom properties
-/// must be set in the `vc` entry.
+///    must be set in the `vc` entry.
 #[derive(Serialize, Deserialize)]
 pub(crate) struct CredentialJwtClaims<'credential, T = Object>
 where

identity_credential/src/domain_linkage/domain_linkage_validator.rs

@@ -38,15 +38,15 @@ impl<V: JwsVerifier> JwtDomainLinkageValidator<V> {
   /// Validates the linkage between a domain and a DID.
   /// [`DomainLinkageConfiguration`] is validated according to [DID Configuration Resource Verification](https://identity.foundation/.well-known/resources/did-configuration/#did-configuration-resource-verification).
   ///
-  /// * `issuer`: DID Document of the linked DID. Issuer of the Domain Linkage Credential included
-  /// in the Domain Linkage Configuration.
+  /// * `issuer`: DID Document of the linked DID. Issuer of the Domain Linkage Credential included in the Domain Linkage
+  ///   Configuration.
   /// * `configuration`: Domain Linkage Configuration fetched from the domain at "/.well-known/did-configuration.json".
   /// * `domain`: domain from which the Domain Linkage Configuration has been fetched.
   /// * `validation_options`: Further validation options to be applied on the Domain Linkage Credential.
   ///
   /// # Note:
   /// - Only the [JSON Web Token Proof Format](https://identity.foundation/.well-known/resources/did-configuration/#json-web-token-proof-format)
-  /// is supported.
+  ///   is supported.
   /// - Only the Credential issued by `issuer` is verified.
   ///
   /// # Errors

identity_credential/src/revocation/status_list_2021/credential.rs

@@ -123,7 +123,7 @@ impl StatusList2021Credential {
   ///
   /// ## Note:
   /// - A revoked credential cannot ever be unrevoked and will lead to a
-  /// [`StatusList2021CredentialError::UnreversibleRevocation`].
+  ///   [`StatusList2021CredentialError::UnreversibleRevocation`].
   /// - Trying to set `revoked_or_suspended` to `false` for an already valid credential will have no impact.
   pub fn set_credential_status(
     &mut self,

identity_credential/src/validator/jwt_presentation_validation/jwt_presentation_validator.rs

@@ -47,11 +47,11 @@ where
   /// # Warning
   ///
   /// * This method does NOT validate the constituent credentials and therefore also not the relationship between the
-  /// credentials' subjects and the presentation holder. This can be done with
-  /// [`JwtCredentialValidationOptions`](crate::validator::JwtCredentialValidationOptions).
+  ///   credentials' subjects and the presentation holder. This can be done with
+  ///   [`JwtCredentialValidationOptions`](crate::validator::JwtCredentialValidationOptions).
   /// * The lack of an error returned from this method is in of itself not enough to conclude that the presentation can
-  /// be trusted. This section contains more information on additional checks that should be carried out before and
-  /// after calling this method.
+  ///   be trusted. This section contains more information on additional checks that should be carried out before and
+  ///   after calling this method.
   ///
   /// ## The state of the supplied DID Documents.
   ///

identity_credential/src/validator/sd_jwt/validator.rs

@@ -53,10 +53,10 @@ impl<V: JwsVerifier> SdJwtCredentialValidator<V> {
   ///
   /// # Warning
   /// * The key binding JWT is not validated. If needed, it must be validated separately using
-  /// `SdJwtValidator::validate_key_binding_jwt`.
+  ///   `SdJwtValidator::validate_key_binding_jwt`.
   /// * The lack of an error returned from this method is in of itself not enough to conclude that the credential can be
-  /// trusted. This section contains more information on additional checks that should be carried out before and after
-  /// calling this method.
+  ///   trusted. This section contains more information on additional checks that should be carried out before and after
+  ///   calling this method.
   ///
   /// ## The state of the issuer's DID Document
   /// The caller must ensure that `issuer` represents an up-to-date DID Document.

identity_document/src/document/core_document.rs

@@ -938,8 +938,8 @@ impl CoreDocument {
   /// Regardless of which options are passed the following conditions must be met in order for a verification attempt to
   /// take place.
   /// - The JWS must be encoded according to the JWS compact serialization.
-  /// - The `kid` value in the protected header must be an identifier of a verification method in this DID document,
-  /// or set explicitly in the `options`.
+  /// - The `kid` value in the protected header must be an identifier of a verification method in this DID document, or
+  ///   set explicitly in the `options`.
   //
   // NOTE: This is tested in `identity_storage` and `identity_credential`.
   pub fn verify_jws<'jws, T: JwsVerifier>(

identity_eddsa_verifier/Cargo.toml

@@ -13,7 +13,7 @@ description = "JWS EdDSA signature verification for IOTA Identity"
 
 [dependencies]
 identity_jose = { version = "=1.3.1", path = "../identity_jose", default-features = false }
-iota-crypto = { version = "0.23", default-features = false, features = ["std"] }
+iota-crypto = { version = "0.23.2", default-features = false, features = ["std"] }
 
 [features]
 ed25519 = ["iota-crypto/ed25519"]

identity_iota_core/Cargo.toml

@@ -31,7 +31,7 @@ thiserror.workspace = true
 
 [dev-dependencies]
 anyhow = { version = "1.0.57" }
-iota-crypto = { version = "0.23", default-features = false, features = ["bip39", "bip39-en"] }
+iota-crypto = { version = "0.23.2", default-features = false, features = ["bip39", "bip39-en"] }
 proptest = { version = "1.0.0", default-features = false, features = ["std"] }
 tokio = { version = "1.29.0", default-features = false, features = ["rt-multi-thread", "macros"] }
 

identity_jose/Cargo.toml

@@ -14,7 +14,7 @@ description = "A library for JOSE (JSON Object Signing and Encryption)"
 [dependencies]
 bls12_381_plus.workspace = true
 identity_core = { version = "=1.3.1", path = "../identity_core", default-features = false }
-iota-crypto = { version = "0.23", default-features = false, features = ["std", "sha"] }
+iota-crypto = { version = "0.23.2", default-features = false, features = ["std", "sha"] }
 json-proof-token.workspace = true
 serde.workspace = true
 serde_json = { version = "1.0", default-features = false, features = ["std"] }
@@ -24,7 +24,7 @@ zeroize = { version = "1.6", default-features = false, features = ["std", "zeroi
 
 [dev-dependencies]
 anyhow = "1"
-iota-crypto = { version = "0.23", features = ["ed25519", "random", "hmac"] }
+iota-crypto = { version = "0.23.2", features = ["ed25519", "random", "hmac"] }
 p256 = { version = "0.12.0", default-features = false, features = ["std", "ecdsa", "ecdsa-core"] }
 signature = { version = "2", default-features = false }
 

identity_jose/src/jwu/serde.rs

@@ -57,8 +57,7 @@ pub(crate) fn validate_jws_headers(protected: Option<&JwsHeader>, unprotected: O
 /// Validates that the "crit" parameter satisfies the following requirements:
 /// 1. It is integrity protected.
 /// 2. It is not encoded as an empty list.
-/// 3. It does not contain any header parameters defined by the
-///  JOSE JWS/JWA specifications.
+/// 3. It does not contain any header parameters defined by the JOSE JWS/JWA specifications.
 /// 4. It's values are contained in the given `permitted` array.
 /// 5. All values in "crit" are present in at least one of the `protected` or `unprotected` headers.
 ///

identity_jose/src/tests/rfc8037.rs

@@ -50,21 +50,20 @@ fn test_rfc8037_ed25519() {
       .and_then(|decoded| decoded.verify(&jws_verifier, &public))
       .unwrap();
 
-    #[cfg(feature = "eddsa")]
-    {
-      let jws_signature_verifier = JwsVerifierFn::from(|input: VerificationInput, key: &Jwk| match input.alg {
-        JwsAlgorithm::EdDSA => ed25519::verify(input, key),
-        other => unimplemented!("{other}"),
-      });
-
-      let decoder = Decoder::new();
-      let token_with_default = decoder
-        .decode_compact_serialization(jws.as_bytes(), None)
-        .and_then(|decoded| decoded.verify(&jws_signature_verifier, &public))
-        .unwrap();
-      assert_eq!(token, token_with_default);
-    }
     assert_eq!(token.protected, header);
     assert_eq!(token.claims, tv.payload.as_bytes());
+
+    let jws_signature_verifier = JwsVerifierFn::from(|input: VerificationInput, key: &Jwk| match input.alg {
+      JwsAlgorithm::EdDSA => ed25519::verify(input, key),
+      other => unimplemented!("{other}"),
+    });
+
+    let decoder = Decoder::new();
+    let token_with_default = decoder
+      .decode_compact_serialization(jws.as_bytes(), None)
+      .and_then(|decoded| decoded.verify(&jws_signature_verifier, &public))
+      .unwrap();
+
+    assert_eq!(token, token_with_default);
   }
 }

identity_resolver/src/resolution/resolver.rs

@@ -301,10 +301,10 @@ mod iota_handler {
     ///
     /// # Note
     ///
-    /// - Using `attach_iota_handler` or `attach_handler` for the IOTA method would override all
-    /// previously added clients.
-    /// - This function does not validate the provided configuration. Ensure that the provided
-    /// network name corresponds with the client, possibly by using `client.network_name()`.
+    /// - Using `attach_iota_handler` or `attach_handler` for the IOTA method would override all previously added
+    ///   clients.
+    /// - This function does not validate the provided configuration. Ensure that the provided network name corresponds
+    ///   with the client, possibly by using `client.network_name()`.
     pub fn attach_multiple_iota_handlers<CLI, I>(&mut self, clients: I)
     where
       CLI: IotaIdentityClientExt + Send + Sync + 'static,

identity_storage/Cargo.toml

@@ -21,11 +21,11 @@ identity_credential = { version = "=1.3.1", path = "../identity_credential", def
 identity_did = { version = "=1.3.1", path = "../identity_did", default-features = false }
 identity_document = { version = "=1.3.1", path = "../identity_document", default-features = false }
 identity_iota_core = { version = "=1.3.1", path = "../identity_iota_core", default-features = false, optional = true }
-identity_verification = { version = "=1.3.1", path = "../identity_verification", default_features = false }
-iota-crypto = { version = "0.23", default-features = false, features = ["ed25519"], optional = true }
+identity_verification = { version = "=1.3.1", path = "../identity_verification", default-features = false }
+iota-crypto = { version = "0.23.2", default-features = false, features = ["ed25519"], optional = true }
 json-proof-token = { workspace = true, optional = true }
 rand = { version = "0.8.5", default-features = false, features = ["std", "std_rng"], optional = true }
-seahash = { version = "4.1.0", default_features = false }
+seahash = { version = "4.1.0", default-features = false }
 serde.workspace = true
 serde_json.workspace = true
 thiserror.workspace = true

identity_stronghold/Cargo.toml

@@ -14,22 +14,22 @@ description = "Secure JWK storage with Stronghold for IOTA Identity"
 [dependencies]
 async-trait = { version = "0.1.64", default-features = false }
 bls12_381_plus = { workspace = true, optional = true }
-identity_storage = { version = "=1.3.1", path = "../identity_storage", default_features = false }
-identity_verification = { version = "=1.3.1", path = "../identity_verification", default_features = false }
-iota-crypto = { version = "0.23", default-features = false, features = ["ed25519"] }
+identity_storage = { version = "=1.3.1", path = "../identity_storage", default-features = false }
+identity_verification = { version = "=1.3.1", path = "../identity_verification", default-features = false }
+iota-crypto = { version = "0.23.2", default-features = false, features = ["ed25519"] }
 iota-sdk = { version = "1.1.5", default-features = false, features = ["client", "stronghold"] }
 iota_stronghold = { version = "2.1.0", default-features = false }
 json-proof-token = { workspace = true, optional = true }
 rand = { version = "0.8.5", default-features = false, features = ["std", "std_rng"] }
 tokio = { version = "1.29.0", default-features = false, features = ["macros", "sync"] }
-zeroize = { version = "1.6.0", default_features = false }
+zeroize = { version = "1.6.0", default-features = false }
 zkryptium = { workspace = true, optional = true }
 
 [dev-dependencies]
 anyhow = "1.0.82"
 bls12_381_plus = { workspace = true }
-identity_did = { version = "=1.3.1", path = "../identity_did", default_features = false }
-identity_storage = { version = "=1.3.1", path = "../identity_storage", default_features = false, features = ["jpt-bbs-plus"] }
+identity_did = { version = "=1.3.1", path = "../identity_did", default-features = false }
+identity_storage = { version = "=1.3.1", path = "../identity_storage", default-features = false, features = ["jpt-bbs-plus"] }
 json-proof-token = { workspace = true }
 tokio = { version = "1.29.0", default-features = false, features = ["macros", "sync", "rt"] }
 zkryptium = { workspace = true }