aes 0.7

2025-04-04 19:37:51 +03:00 · 2021-05-14 20:44:21 +01:00 · 2021-05-14 20:44:21 +01:00 · ee68e17487
commit ee68e17487
parent 071588d44f
3 changed files with 23 additions and 55 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -23,44 +23,14 @@ dependencies = [

 [[package]]
 name = "aes"
-version = "0.6.0"
+version = "0.7.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "884391ef1066acaa41e766ba8f596341b96e93ce34f9a43e7d24bf0a0eaf0561"
+checksum = "32380222440685202b62f23002e668519a6bf2d8df5e7655ed96223b6482b4be"
 dependencies = [
- "aes-soft",
- "aesni",
- "cipher 0.2.5",
-]
-
-[[package]]
-name = "aes-ctr"
-version = "0.6.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7729c3cde54d67063be556aeac75a81330d802f0259500ca40cb52967f975763"
-dependencies = [
- "aes-soft",
- "aesni",
- "cipher 0.2.5",
+ "cfg-if",
+ "cipher 0.3.0",
+ "cpufeatures",
 "ctr",
-]
-
-[[package]]
-name = "aes-soft"
-version = "0.6.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "be14c7498ea50828a38d0e24a765ed2effe92a705885b57d029cd67d45744072"
-dependencies = [
- "cipher 0.2.5",
- "opaque-debug",
-]
-
-[[package]]
-name = "aesni"
-version = "0.10.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ea2e11f5e94c2f7d386164cc2aa1f97823fed6f259e486940a71c174dd01b0ce"
-dependencies = [
- "cipher 0.2.5",
 "opaque-debug",
 ]

@ -69,7 +39,6 @@ name = "age"
 version = "0.6.0"
 dependencies = [
 "aes",
- "aes-ctr",
 "age-core",
 "base64",
 "bcrypt-pbkdf",
@ -229,12 +198,12 @@ dependencies = [

 [[package]]
 name = "block-modes"
-version = "0.7.0"
+version = "0.8.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "57a0e8073e8baa88212fb5823574c02ebccb395136ba9a164ab89379ec6072f0"
+checksum = "2cb03d1bed155d89dce0f845b7899b18a9a163e148fd004e1c28421a783e2d8e"
 dependencies = [
 "block-padding",
- "cipher 0.2.5",
+ "cipher 0.3.0",
 ]

 [[package]]
@ -594,11 +563,11 @@ dependencies = [

 [[package]]
 name = "ctr"
-version = "0.6.0"
+version = "0.7.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fb4a30d54f7443bf3d6191dcd486aca19e67cb3c49fa7a06a319966346707e7f"
+checksum = "a232f92a03f37dd7d7dd2adc67166c77e9cd88de5b019b9a9eecfaeaf7bfd481"
 dependencies = [
- "cipher 0.2.5",
+ "cipher 0.3.0",
 ]

 [[package]]
--- a/age/Cargo.toml
+++ b/age/Cargo.toml
@ -51,10 +51,9 @@ rsa = { version = "0.3", optional = true }
 curve25519-dalek = { version = "3", optional = true }

 # - Encrypted keys
-aes = { version = "0.6", optional = true }
-aes-ctr = { version = "0.6", optional = true }
+aes = { version = "0.7", optional = true, features = ["ctr"] }
 bcrypt-pbkdf = { version = "0.6", optional = true }
-block-modes = { version = "0.7", optional = true }
+block-modes = { version = "0.8", optional = true }

 # Parsing
 cookie-factory = "0.3.1"
@ -102,7 +101,6 @@ cli-common = ["console", "pinentry", "rpassword"]
 plugin = ["age-core/plugin", "which", "wsl"]
 ssh = [
    "aes",
-    "aes-ctr",
    "bcrypt-pbkdf",
    "block-modes",
    "curve25519-dalek",
--- a/age/src/ssh.rs
+++ b/age/src/ssh.rs
@ -7,8 +7,7 @@
 //! Note that these recipient types are not anonymous: the encrypted message will include
 //! a short 32-bit ID of the public key.

-use aes::Aes256;
-use aes_ctr::{Aes128Ctr, Aes192Ctr, Aes256Ctr};
+use aes::{Aes128Ctr, Aes192Ctr, Aes256, Aes256Ctr};
 use bcrypt_pbkdf::bcrypt_pbkdf;
 use secrecy::{ExposeSecret, SecretString};
 use sha2::{Digest, Sha256};
@ -111,15 +110,16 @@ impl EncryptedKey {
 }

 mod decrypt {
-    use aes::cipher::block::{BlockCipher, NewBlockCipher};
-    use aes_ctr::cipher::stream::{NewStreamCipher, StreamCipher};
+    use aes::cipher::{
+        BlockCipher, BlockDecrypt, BlockEncrypt, NewBlockCipher, NewCipher, StreamCipher,
+    };
    use block_modes::{block_padding::NoPadding, BlockMode, Cbc};
    use secrecy::SecretString;

    use super::OpenSshKdf;
    use crate::error::DecryptError;

-    pub(super) fn aes_cbc<C: BlockCipher + NewBlockCipher>(
+    pub(super) fn aes_cbc<C: BlockCipher + BlockEncrypt + BlockDecrypt + NewBlockCipher>(
        kdf: &OpenSshKdf,
        passphrase: SecretString,
        ciphertext: &[u8],
@ -128,13 +128,14 @@ mod decrypt {
        let kdf_output = kdf.derive(passphrase, key_len + 16);
        let (key, iv) = kdf_output.split_at(key_len);

-        let cipher = Cbc::<C, NoPadding>::new_var(key, iv).expect("key and IV are correct length");
+        let cipher =
+            Cbc::<C, NoPadding>::new_from_slices(key, iv).expect("key and IV are correct length");
        cipher
            .decrypt_vec(&ciphertext)
            .map_err(|_| DecryptError::KeyDecryptionFailed)
    }

-    pub(super) fn aes_ctr<C: NewStreamCipher + StreamCipher>(
+    pub(super) fn aes_ctr<C: NewCipher + StreamCipher>(
        kdf: &OpenSshKdf,
        passphrase: SecretString,
        ciphertext: &[u8],
@ -143,10 +144,10 @@ mod decrypt {
        let kdf_output = kdf.derive(passphrase, key_len + 16);
        let (key, nonce) = kdf_output.split_at(key_len);

-        let mut cipher = C::new_var(key, nonce).expect("key and nonce are correct length");
+        let mut cipher = C::new_from_slices(key, nonce).expect("key and nonce are correct length");

        let mut plaintext = ciphertext.to_vec();
-        cipher.decrypt(&mut plaintext);
+        cipher.apply_keystream(&mut plaintext);
        plaintext
    }
 }