feat: port payjoin core to no_std#1615
Conversation
Coverage Report for CI Build 27080196308Coverage decreased (-0.5%) to 84.823%Details
Uncovered Changes
Coverage Regressions56 previously-covered lines in 6 files lost coverage.
Coverage Stats
💛 - Coveralls |
|
Great to see this take off here. My biggest question is about |
benalleng
left a comment
benalleng
left a comment
There was a problem hiding this comment.
Looks like a good start, though there are some feature organizations I have some questions about.
There was a problem hiding this comment.
Keep in mind that the test-utils dep needs to sanitize its v2 feature from payjoin so that the tests run properly as according to ./payjoin/contrib/test.sh namely v2 should gate the payjoin-test-utils/v2 feature and it should not always be pulled in
| "io", | ||
| "_manual-tls", | ||
| "_test-utils", |
There was a problem hiding this comment.
Could you explain why this was necessary?
| tracing = { version = "0.1.41", default-features = false, features = [ | ||
| "attributes", | ||
| ] } | ||
| url = { version = "2.5.4", optional = true, default-features = false } |
There was a problem hiding this comment.
We put a lot of effort into removing the url as anything but a transitive dep outside of the io feature, was this deemed unavoidable?
| # secp256k1-sys build.rs invokes cc-rs for the wasm32-unknown-unknown | ||
| # target; cc-rs defaults to clang for wasm and needs llvm-ar. | ||
| llvmPackages.clang-unwrapped | ||
| llvmPackages.bintools-unwrapped | ||
| lld | ||
| # Version must match the wasm-bindgen crate locked in | ||
| # payjoin-ffi/javascript/rust_modules/wasm/Cargo.lock. | ||
| wasm-bindgen-cli_0_2_108 | ||
| gcc-arm-embedded |
There was a problem hiding this comment.
Keep in mind we now have the ability to run nix develop .#javascript so as to not need these across all shells.
| DOTNET_ROOT = "${dotnetSdk}/share/dotnet"; | ||
| DOTNET_CLI_TELEMETRY_OPTOUT = "1"; | ||
| CC_wasm32_unknown_unknown = "${pkgs.llvmPackages.clang-unwrapped}/bin/clang"; | ||
| AR_wasm32_unknown_unknown = "${pkgs.llvmPackages.bintools-unwrapped}/bin/llvm-ar"; | ||
| CC_thumbv7em_none_eabihf = "arm-none-eabi-gcc"; |
There was a problem hiding this comment.
Same here they seem language specific.
| ] | ||
| directory = [] | ||
| v1 = ["_core"] | ||
| v2 = ["_core", "hpke", "bhttp", "ohttp", "directory", "payjoin-test-utils/v2"] |
There was a problem hiding this comment.
Ideally we want to keep the payjoin-test-utils/v2 locked behind the v2 feature or _test-utils +v2
4 participants
Summary
This is a implementation of
no_stdsupport for thepayjoincrate,enabling its use on embedded devices
As discussed in #942, running payjoin logic on a hardware signer enables
stronger security guarantees: the device can verify the fallback transaction,
compare it against the payjoin proposal, and only sign previously-approved
inputs — without trusting the host machine.
Feature Architecture
A new
v2-stdfeature was introduced to separate the state machine logicfrom networking dependencies:
allocv2v2-stdv2+ networking (url,ohttp,hpke,bhttp,http)stdtokio,serde_json,bitcoin/base64Verified Build Targets
cargo build -p payjoin --no-default-features --features v2,alloccargo build -p payjoin --no-default-features --features v2,alloc --target thumbv7em-none-eabihf-p payjoincargo build -p payjoin --no-default-features --features v2,stdNotes for Reviewers
Please review commit by commit:
refactor: introduce no_std/alloc feature split in payjoin coreThe main structural change — replaces
std::withcore::/alloc::and gates std-only deps behind#[cfg(feature = "std")]or#[cfg(feature = "v2-std")].fix: gate v2 std-only code behind cfg featuresExtends gating to v2 send/receive and persist. Key decisions:
HasReplyableErrornow carriesfallback_txin both configs to preserve fallback through replay;MaybeSuccessTransition::deconstructusesSaveinstead ofSaveAndCloseon success.fix: update payjoin-ffi for no_std feature splitMinimal FFI updates to match new
AsyncSessionPersisterbounds.fix: restore OHTTP test constants and enable v2 feature in test utilsKEM,KEY_ID,SYMMETRICwere dropped upstream without updating internal tests. Restores them inpayjoin-test-utils/src/v2.rs.chore: update CI, lock files and flake for no_std targetsAdds
thumbv7em-none-eabihfto CI and ARM cross-toolchain to the Nix dev shell.AI Assistance
This implementation was developed with AI assistance (Claude, Anthropic).
Pull Request Checklist
Please confirm the following before requesting review:
AI
in the body of this PR.