aes 0.7

Cargo.lock

@@ -23,44 +23,14 @@ dependencies = [
 
 [[package]]
 name = "aes"
-version = "0.6.0"
+version = "0.7.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "884391ef1066acaa41e766ba8f596341b96e93ce34f9a43e7d24bf0a0eaf0561"
+checksum = "32380222440685202b62f23002e668519a6bf2d8df5e7655ed96223b6482b4be"
 dependencies = [
- "aes-soft",
+ "cfg-if",
- "aesni",
+ "cipher 0.3.0",
- "cipher 0.2.5",
+ "cpufeatures",
-]
-
-[[package]]
-name = "aes-ctr"
-version = "0.6.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7729c3cde54d67063be556aeac75a81330d802f0259500ca40cb52967f975763"
-dependencies = [
- "aes-soft",
- "aesni",
- "cipher 0.2.5",
  "ctr",
-]
-
-[[package]]
-name = "aes-soft"
-version = "0.6.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "be14c7498ea50828a38d0e24a765ed2effe92a705885b57d029cd67d45744072"
-dependencies = [
- "cipher 0.2.5",
- "opaque-debug",
-]
-
-[[package]]
-name = "aesni"
-version = "0.10.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ea2e11f5e94c2f7d386164cc2aa1f97823fed6f259e486940a71c174dd01b0ce"
-dependencies = [
- "cipher 0.2.5",
  "opaque-debug",
 ]
 
@@ -69,7 +39,6 @@ name = "age"
 version = "0.6.0"
 dependencies = [
  "aes",
- "aes-ctr",
  "age-core",
  "base64",
  "bcrypt-pbkdf",
@@ -229,12 +198,12 @@ dependencies = [
 
 [[package]]
 name = "block-modes"
-version = "0.7.0"
+version = "0.8.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "57a0e8073e8baa88212fb5823574c02ebccb395136ba9a164ab89379ec6072f0"
+checksum = "2cb03d1bed155d89dce0f845b7899b18a9a163e148fd004e1c28421a783e2d8e"
 dependencies = [
  "block-padding",
- "cipher 0.2.5",
+ "cipher 0.3.0",
 ]
 
 [[package]]
@@ -594,11 +563,11 @@ dependencies = [
 
 [[package]]
 name = "ctr"
-version = "0.6.0"
+version = "0.7.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fb4a30d54f7443bf3d6191dcd486aca19e67cb3c49fa7a06a319966346707e7f"
+checksum = "a232f92a03f37dd7d7dd2adc67166c77e9cd88de5b019b9a9eecfaeaf7bfd481"
 dependencies = [
- "cipher 0.2.5",
+ "cipher 0.3.0",
 ]
 
 [[package]]

age/Cargo.toml

@@ -51,10 +51,9 @@ rsa = { version = "0.3", optional = true }
 curve25519-dalek = { version = "3", optional = true }
 
 # - Encrypted keys
-aes = { version = "0.6", optional = true }
+aes = { version = "0.7", optional = true, features = ["ctr"] }
-aes-ctr = { version = "0.6", optional = true }
 bcrypt-pbkdf = { version = "0.6", optional = true }
-block-modes = { version = "0.7", optional = true }
+block-modes = { version = "0.8", optional = true }
 
 # Parsing
 cookie-factory = "0.3.1"
@@ -102,7 +101,6 @@ cli-common = ["console", "pinentry", "rpassword"]
 plugin = ["age-core/plugin", "which", "wsl"]
 ssh = [
     "aes",
-    "aes-ctr",
     "bcrypt-pbkdf",
     "block-modes",
     "curve25519-dalek",

age/src/ssh.rs

@@ -7,8 +7,7 @@
 //! Note that these recipient types are not anonymous: the encrypted message will include
 //! a short 32-bit ID of the public key.
 
-use aes::Aes256;
+use aes::{Aes128Ctr, Aes192Ctr, Aes256, Aes256Ctr};
-use aes_ctr::{Aes128Ctr, Aes192Ctr, Aes256Ctr};
 use bcrypt_pbkdf::bcrypt_pbkdf;
 use secrecy::{ExposeSecret, SecretString};
 use sha2::{Digest, Sha256};
@@ -111,15 +110,16 @@ impl EncryptedKey {
 }
 
 mod decrypt {
-    use aes::cipher::block::{BlockCipher, NewBlockCipher};
+    use aes::cipher::{
-    use aes_ctr::cipher::stream::{NewStreamCipher, StreamCipher};
+        BlockCipher, BlockDecrypt, BlockEncrypt, NewBlockCipher, NewCipher, StreamCipher,
+    };
     use block_modes::{block_padding::NoPadding, BlockMode, Cbc};
     use secrecy::SecretString;
 
     use super::OpenSshKdf;
     use crate::error::DecryptError;
 
-    pub(super) fn aes_cbc<C: BlockCipher + NewBlockCipher>(
+    pub(super) fn aes_cbc<C: BlockCipher + BlockEncrypt + BlockDecrypt + NewBlockCipher>(
         kdf: &OpenSshKdf,
         passphrase: SecretString,
         ciphertext: &[u8],
@@ -128,13 +128,14 @@ mod decrypt {
         let kdf_output = kdf.derive(passphrase, key_len + 16);
         let (key, iv) = kdf_output.split_at(key_len);
 
-        let cipher = Cbc::<C, NoPadding>::new_var(key, iv).expect("key and IV are correct length");
+        let cipher =
+            Cbc::<C, NoPadding>::new_from_slices(key, iv).expect("key and IV are correct length");
         cipher
             .decrypt_vec(&ciphertext)
             .map_err(|_| DecryptError::KeyDecryptionFailed)
     }
 
-    pub(super) fn aes_ctr<C: NewStreamCipher + StreamCipher>(
+    pub(super) fn aes_ctr<C: NewCipher + StreamCipher>(
         kdf: &OpenSshKdf,
         passphrase: SecretString,
         ciphertext: &[u8],
@@ -143,10 +144,10 @@ mod decrypt {
         let kdf_output = kdf.derive(passphrase, key_len + 16);
         let (key, nonce) = kdf_output.split_at(key_len);
 
-        let mut cipher = C::new_var(key, nonce).expect("key and nonce are correct length");
+        let mut cipher = C::new_from_slices(key, nonce).expect("key and nonce are correct length");
 
         let mut plaintext = ciphertext.to_vec();
-        cipher.decrypt(&mut plaintext);
+        cipher.apply_keystream(&mut plaintext);
         plaintext
     }
 }