Pull in the 0.10.1 code changes

.github/workflows/aes-gcm.yml

@@ -33,7 +33,7 @@ jobs:
       - uses: actions/checkout@v1
       - uses: actions-rs/toolchain@v1
         with:
-          toolchain: 1.51.0 # MSRV (highest in repo)
+          toolchain: 1.56.0 # MSRV (highest in repo)
           components: clippy
           override: true
           profile: minimal
@@ -62,7 +62,7 @@ jobs:
     strategy:
       matrix:
         rust:
-          - 1.51.0 # MSRV
+          - 1.56.0 # MSRV
           - stable
         target:
           - armv7a-none-eabi
@@ -85,15 +85,15 @@ jobs:
         include:
           # 32-bit Linux
           - target: i686-unknown-linux-gnu
-            rust: 1.51.0 # MSRV
+            rust: 1.56.0 # MSRV
             deps: sudo apt update && sudo apt install gcc-multilib
           - target: i686-unknown-linux-gnu
             rust: stable
             deps: sudo apt update && sudo apt install gcc-multilib
 
           # 64-bit Linux
           - target: x86_64-unknown-linux-gnu
-            rust: 1.51.0 # MSRV
+            rust: 1.56.0 # MSRV
           - target: x86_64-unknown-linux-gnu
             rust: stable
     steps:

CHANGELOG.md

@@ -4,6 +4,28 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## 0.10.1 (2022-07-31)
+### Fixed
+- rustdoc typos and formatting ([#461], [#462])
+
+[#461]: https://github.com/RustCrypto/AEADs/pull/461
+[#462]: https://github.com/RustCrypto/AEADs/pull/462
+
+## 0.10.0 (2022-07-31)
+### Added
+- `getrandom` feature ([#446])
+
+### Changed
+- Bump `aes` dependency to v0.8 ([#430])
+- Rust 2021 edition upgrade; MSRV 1.56+ ([#435])
+- Bump `aead` dependency to v0.5 ([#444])
+- Bump `ghash` dependency to v0.5 ([#454])
+
+[#435]: https://github.com/RustCrypto/AEADs/pull/435
+[#444]: https://github.com/RustCrypto/AEADs/pull/444
+[#446]: https://github.com/RustCrypto/AEADs/pull/446
+[#454]: https://github.com/RustCrypto/AEADs/pull/454
+
 ## 0.9.4 (2021-08-28)
 ### Changed
 - Relax `subtle` and `zeroize` requirements ([#360])

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "mc-oblivious-aes-gcm"
-version = "0.9.4"
+version = "0.10.1"
 description = """
 WARNING: This crate is not intended for general use, you should use the official RustCrypto crate instead.
 
@@ -10,33 +10,32 @@ authors = [
     "MobileCoin",
     "RustCrypto Developers"
 ]
-edition = "2018"
+edition = "2021"
 license = "Apache-2.0 OR MIT"
 readme = "README.md"
 documentation = "https://docs.rs/mc-oblivious-aes-gcm"
 repository = "https://github.com/mobilecoinfoundation/oblivious-aes-gcm"
 
 [dependencies]
-aead = { version = "0.4", default-features = false }
-aes = { version = "0.7.5", optional = true }
-cipher = "0.3"
-ctr = "0.8"
-ghash = { version = "0.4.2", default-features = false }
-subtle = { version = ">=2, <2.5", default-features = false }
-zeroize = { version = ">=1, <1.4", optional = true, default-features = false }
+aead = { version = "0.5", default-features = false }
+aes = { version = "0.8", optional = true }
+cipher = "0.4"
+ctr = "0.9"
+ghash = { version = "0.5", default-features = false }
+subtle = { version = "2", default-features = false }
+zeroize = { version = "1", optional = true, default-features = false }
 
 [dev-dependencies]
-aead = { version = "0.4", features = ["dev"], default-features = false }
+aead = { version = "0.5", features = ["dev"], default-features = false }
 hex-literal = "0.3"
 
 [features]
-default    = ["aes", "alloc"]
-std        = ["aead/std", "alloc"]
-alloc      = ["aead/alloc"]
-armv8      = ["aes/armv8", "ghash/armv8"] # nightly-only
-force-soft = ["aes/force-soft", "ghash/force-soft"]
-heapless   = ["aead/heapless"]
-stream     = ["aead/stream"]
+default   = ["aes", "alloc", "getrandom"]
+std       = ["aead/std", "alloc"]
+alloc     = ["aead/alloc"]
+getrandom = ["aead/getrandom"]
+heapless  = ["aead/heapless"]
+stream    = ["aead/stream"]
 
 [package.metadata.docs.rs]
 all-features = true

src/ct.rs

@@ -5,16 +5,14 @@ use aead::AeadInPlace;
 use cipher::{
     consts::U16,
     generic_array::{ArrayLength, GenericArray},
-    Block, BlockCipher, BlockEncrypt, StreamCipher,
+    BlockCipher, BlockEncrypt, BlockSizeUser, StreamCipherCore,
 };
 use subtle::{Choice, ConditionallySelectable, ConstantTimeEq};
 use zeroize::Zeroize;
 
 #[cfg(all(feature = "alloc", not(feature = "std")))]
 use alloc::vec::Vec;
 
-use aes::NewBlockCipher;
-
 /// API for Aead in-place decryption which is constant-time with respect to
 /// the mac check failing
 ///
@@ -74,8 +72,7 @@ impl From<CtDecryptResult> for bool {
 
 impl<Aes, NonceSize> CtAeadDecrypt for AesGcm<Aes, NonceSize>
 where
-    Aes: BlockCipher<BlockSize = U16> + BlockEncrypt + NewBlockCipher,
-    Aes::ParBlocks: ArrayLength<Block<Aes>>,
+    Aes: BlockCipher + BlockSizeUser<BlockSize = U16> + BlockEncrypt,
     NonceSize: ArrayLength<u8>,
 {
     /// A constant time version of the original
@@ -93,17 +90,16 @@ where
             return CtDecryptResult(Choice::from(0));
         }
 
+        let (ctr, mask) = self.init_ctr(nonce);
+
         // TODO(tarcieri): interleave encryption with GHASH
         // See: <https://github.com/RustCrypto/AEADs/issues/74>
-        let mut expected_tag = self.compute_tag(associated_data, buffer);
-        let mut ctr = self.init_ctr(nonce);
+        let expected_tag = self.compute_tag(mask, associated_data, buffer);
         let mut ciphertext = Vec::with_capacity(len);
         ciphertext.extend_from_slice(buffer);
+        ctr.apply_keystream_partial(ciphertext.as_mut_slice().into());
 
-        ctr.apply_keystream(expected_tag.as_mut_slice());
-        ctr.apply_keystream(&mut ciphertext);
-
-        let result = expected_tag.ct_eq(&tag);
+        let result = expected_tag.ct_eq(tag);
 
         // Conditionally copy the actual plaintext _only_ if the tag verified
         // correctly, in order to increase misuse resistance and reduce attack