Upgrade to AES 0.8

Now that we require Rust 1.56, we can upgrade to AES 0.8.  This
forces us to have some slight API changes.

We require cipher 0.4.1, not cipher 0.4.0, since 0.4.0 has
compatibility issues with Rust 1.56.

Cargo.lock

@@ -19,15 +19,13 @@ checksum = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe"
 
 [[package]]
 name = "aes"
-version = "0.7.5"
+version = "0.8.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9e8b47f52ea9bae42228d07ec09eb676433d7c4ed1ebdf0f1d1c29ed446f1ab8"
+checksum = "bfe0133578c0986e1fe3dfcd4af1cc5b2dd6c3dbf534d69916ce16a2701d40ba"
 dependencies = [
  "cfg-if 1.0.0",
  "cipher",
  "cpufeatures",
- "ctr",
- "opaque-debug",
 ]
 
 [[package]]
@@ -630,11 +628,12 @@ checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"
 
 [[package]]
 name = "cipher"
-version = "0.3.0"
+version = "0.4.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7ee52072ec15386f770805afd189a01c8841be8696bed250fa2f13c4c0d6dfb7"
+checksum = "d1873270f8f7942c191139cb8a40fd228da6c3fd2fc376d7e92d47aa14aeb59e"
 dependencies = [
- "generic-array",
+ "crypto-common",
+ "inout",
 ]
 
 [[package]]
@@ -796,9 +795,9 @@ dependencies = [
 
 [[package]]
 name = "ctr"
-version = "0.8.0"
+version = "0.9.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "049bb91fb4aaf0e3c7efa6cd5ef877dbbbd15b39dad06d9948de4ec8a75761ea"
+checksum = "0d14f329cfbaf5d0e06b5e87fff7e265d2673c5ea7d2c27691a2c107db1442a0"
 dependencies = [
  "cipher",
 ]
@@ -1600,6 +1599,15 @@ dependencies = [
  "libc",
 ]
 
+[[package]]
+name = "inout"
+version = "0.1.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a0c10553d664a4d0bcff9f4215d0aac67a639cc68ef660840afe309b807bc9f5"
+dependencies = [
+ "generic-array",
+]
+
 [[package]]
 name = "instant"
 version = "0.1.12"
@@ -3507,6 +3515,7 @@ dependencies = [
  "base64",
  "cargo-husky",
  "cipher",
+ "ctr",
  "curve25519-dalek",
  "digest 0.10.3",
  "ed25519-dalek",

crates/tor-llcrypto/Cargo.toml

@@ -21,10 +21,11 @@ relay = []
 hsv3-client = []
 
 [dependencies]
-aes = { version = "0.7.0", features = ["ctr"] }
+aes = { version = "0.8" }
 arrayref = "0.3"
 base64 = "0.13.0"
 curve25519-dalek = "3.2"
+ctr = "0.9"
 digest = "0.10.0"
 ed25519-dalek = { version = "1", features = ["batch"] }
 hex = "0.4"
@@ -45,7 +46,7 @@ thiserror = "1"
 [dev-dependencies]
 hex-literal = "0.3"
 rand = "0.8"
-cipher = "0.3.0"
+cipher = "0.4.1"
 serde_test = "1.0.124"
 
 # This is a magic crate that runs the tests and checks the format

crates/tor-llcrypto/src/cipher.rs

@@ -9,5 +9,9 @@
 /// the [`cipher`](https://docs.rs/cipher) crate to access them.
 pub mod aes {
     // These implement StreamCipher.
-    pub use ::aes::{Aes128Ctr, Aes256Ctr};
+    /// AES128 in counter mode as used by Tor.
+    pub type Aes128Ctr = ctr::Ctr128BE<aes::Aes128>;
+
+    /// AES256 in counter mode as used by Tor.  
+    pub type Aes256Ctr = ctr::Ctr128BE<aes::Aes256>;
 }

crates/tor-llcrypto/tests/testvec.rs

@@ -1,4 +1,4 @@
-use cipher::{NewCipher, StreamCipher};
+use cipher::{KeyIvInit, StreamCipher};
 use digest::{self, Digest, ExtendableOutput};
 use hex_literal::hex;
 use tor_llcrypto as ll;

crates/tor-proto/Cargo.toml

@@ -30,7 +30,7 @@ tor-cell = { path = "../tor-cell", version = "0.2.0" }
 
 arrayref = "0.3"
 bytes = "1"
-cipher = "0.3.0"
+cipher = "0.4.1"
 coarsetime = "0.1.20"
 digest = "0.10.0"
 educe = "0.4.6"

crates/tor-proto/src/crypto/cell.rs

@@ -224,7 +224,7 @@ pub(crate) type Tor1RelayCrypto =
 /// Incomplete untested implementation of Tor's current cell crypto.
 pub(crate) mod tor1 {
     use super::*;
-    use cipher::{NewCipher, StreamCipher};
+    use cipher::{KeyIvInit, StreamCipher};
     use digest::Digest;
     use typenum::Unsigned;
 
@@ -251,7 +251,7 @@ pub(crate) mod tor1 {
         back: CryptState<SC, D>,
     }
 
-    impl<SC: StreamCipher + NewCipher, D: Digest + Clone> CryptInit for CryptStatePair<SC, D> {
+    impl<SC: StreamCipher + KeyIvInit, D: Digest + Clone> CryptInit for CryptStatePair<SC, D> {
         fn seed_len() -> usize {
             SC::KeySize::to_usize() * 2 + D::OutputSize::to_usize() * 2
         }

crates/tor-proto/src/crypto/handshake/hs_ntor.rs

@@ -32,7 +32,7 @@ use tor_llcrypto::d::Sha3_256;
 use tor_llcrypto::pk::{curve25519, ed25519};
 use tor_llcrypto::util::rand_compat::RngCompatExt;
 
-use cipher::{NewCipher, StreamCipher};
+use cipher::{KeyIvInit, StreamCipher};
 
 use digest::Digest;
 use generic_array::GenericArray;

crates/tor-proto/src/crypto/handshake/ntor_v3.rs

@@ -21,7 +21,7 @@ use tor_llcrypto::d::{Sha3_256, Shake256};
 use tor_llcrypto::pk::{curve25519, ed25519::Ed25519Identity};
 use tor_llcrypto::util::rand_compat::RngCompatExt;
 
-use cipher::{NewCipher, StreamCipher};
+use cipher::{KeyIvInit, StreamCipher};
 
 use generic_array::GenericArray;
 use rand_core::{CryptoRng, RngCore};

doc/semver_status.md

@@ -57,6 +57,10 @@ BREAKING: AuthorityBuilder::build now throws ConfigBuildError, not a custom erro
 MODIFIED: New functions to get estimated clock skew.
 MODIFIED: New functions to report observed clock skew.
 
+### tor-llcrypto
+
+BREAKING: AES implementations now implement cipher 0.4 traits.
+
 ### tor-proto
 
 MODIFIED: New accessors in tor_proto::Channel.