chore: bump RustCrypto deps

Cargo.toml

@@ -87,9 +87,9 @@ spansy = { git = "https://github.com/tlsnotary/tlsn-utils", rev = "6168663" }
 uid-mux = { version = "0.2" }
 websocket-relay = { git = "https://github.com/tlsnotary/tlsn-utils", rev = "6168663" }
 
-aead = { version = "0.4" }
-aes = { version = "0.8" }
-aes-gcm = { version = "0.9" }
+aead = { version = "0.6.0-rc.2" }
+aes = { version = "0.9.0-rc.1" }
+aes-gcm = { version = "0.11.0-rc.1" }
 anyhow = { version = "1.0" }
 async-trait = { version = "0.1" }
 axum = { version = "0.8" }
@@ -101,10 +101,10 @@ bytes = { version = "1.4" }
 cfg-if = { version = "1" }
 chromiumoxide = { version = "0.7" }
 chrono = { version = "0.4" }
-cipher = { version = "0.4" }
+cipher = { version = "0.5.0-rc.1" }
 clap = { version = "4.5" }
 criterion = { version = "0.5" }
-ctr = { version = "0.9" }
+ctr = { version = "0.10.0-rc.1" }
 derive_builder = { version = "0.12" }
 digest = { version = "0.10" }
 elliptic-curve = { version = "0.13" }
@@ -112,11 +112,11 @@ enum-try-as-inner = { version = "0.1" }
 env_logger = { version = "0.10" }
 futures = { version = "0.3" }
 futures-rustls = { version = "0.25" }
-generic-array = { version = "0.14" }
 ghash = { version = "0.5" }
 hex = { version = "0.4" }
-hmac = { version = "0.12" }
+hmac = { version = "0.13.0-rc.2" }
 http-body-util = { version = "0.1" }
+hybrid-array = { version = "0.4" }
 hyper = { version = "1.1" }
 hyper-util = { version = "0.1" }
 ipnet = { version = "2.11" }
@@ -147,7 +147,7 @@ sct = { version = "0.7" }
 semver = { version = "1.0" }
 serde = { version = "1.0" }
 serde_json = { version = "1.0" }
-sha2 = { version = "0.10" }
+sha2 = { version = "0.11.0-rc.2" }
 signature = { version = "2.2" }
 thiserror = { version = "1.0" }
 tiny-keccak = { version = "2.0" }

crates/components/cipher/Cargo.toml

@@ -11,9 +11,6 @@ edition = "2021"
 [lints]
 workspace = true
 
-[lib]
-name = "cipher"
-
 [dependencies]
 mpz-circuits = { workspace = true }
 mpz-vm-core = { workspace = true }

crates/components/cipher/src/aes/mod.rs

@@ -171,6 +171,7 @@ impl Cipher for Aes128 {
 mod tests {
     use super::*;
     use crate::Cipher;
+    use aes::cipher::KeyIvInit;
     use mpz_common::context::test_st_context;
     use mpz_garble::protocol::semihonest::{Evaluator, Garbler};
     use mpz_memory_core::{
@@ -344,7 +345,7 @@ mod tests {
         start_ctr: usize,
         msg: Vec<u8>,
     ) -> Vec<u8> {
-        use ::cipher::{KeyIvInit, StreamCipher, StreamCipherSeek};
+        use ::cipher::{StreamCipher, StreamCipherSeek};
         use aes::Aes128;
         use ctr::Ctr32BE;
 
@@ -365,7 +366,7 @@ mod tests {
 
     fn aes128(key: [u8; 16], msg: [u8; 16]) -> [u8; 16] {
         use ::aes::Aes128 as TestAes128;
-        use ::cipher::{BlockEncrypt, KeyInit};
+        use ::cipher::{BlockCipherEncrypt, KeyInit};
 
         let mut msg = msg.into();
         let cipher = TestAes128::new(&key.into());

crates/components/hmac-sha256/Cargo.toml

@@ -11,9 +11,6 @@ edition = "2021"
 [lints]
 workspace = true
 
-[lib]
-name = "hmac_sha256"
-
 [dependencies]
 mpz-vm-core = { workspace = true }
 mpz-core = { workspace = true }
@@ -23,6 +20,7 @@ mpz-hash = { workspace = true }
 thiserror = { workspace = true }
 tracing = { workspace = true }
 sha2 = { workspace = true }
+hybrid-array = { workspace = true }
 
 [dev-dependencies]
 mpz-ot = { workspace = true, features = ["ideal"] }

crates/components/hmac-sha256/benches/prf.rs

@@ -2,7 +2,6 @@
 
 use criterion::{criterion_group, criterion_main, Criterion};
 
-use hmac_sha256::{Mode, MpcPrf};
 use mpz_common::context::test_mt_context;
 use mpz_garble::protocol::semihonest::{Evaluator, Garbler};
 use mpz_ot::ideal::cot::ideal_cot;
@@ -12,6 +11,7 @@ use mpz_vm_core::{
     Execute,
 };
 use rand::{rngs::StdRng, SeedableRng};
+use tlsn_hmac_sha256::{Mode, MpcPrf};
 
 #[allow(clippy::unit_arg)]
 fn criterion_benchmark(c: &mut Criterion) {

crates/components/hmac-sha256/src/lib.rs

@@ -45,17 +45,19 @@ pub struct SessionKeys {
 
 fn sha256(mut state: [u32; 8], pos: usize, msg: &[u8]) -> [u32; 8] {
     use sha2::{
-        compress256,
+        block_api::compress256,
         digest::{
             block_buffer::{BlockBuffer, Eager},
-            generic_array::typenum::U64,
+            consts::U64,
         },
     };
 
     let mut buffer = BlockBuffer::<U64, Eager>::default();
-    buffer.digest_blocks(msg, |b| compress256(&mut state, b));
+    buffer.digest_blocks(msg, |b| {
+        compress256(&mut state, hybrid_array::Array::cast_slice_to_core(b))
+    });
     buffer.digest_pad(0x80, &(((msg.len() + pos) * 8) as u64).to_be_bytes(), |b| {
-        compress256(&mut state, &[*b])
+        compress256(&mut state, &[b.0])
     });
     state
 }

crates/components/hmac-sha256/src/test_utils.rs

@@ -128,15 +128,17 @@ pub(crate) fn compute_inner_local(mut key: Vec<u8>, msg: &[u8]) -> [u32; 8] {
 
 pub(crate) fn compress_256(mut state: [u32; 8], msg: &[u8]) -> [u32; 8] {
     use sha2::{
-        compress256,
+        block_api::compress256,
         digest::{
             block_buffer::{BlockBuffer, Eager},
-            generic_array::typenum::U64,
+            consts::U64,
         },
     };
 
     let mut buffer = BlockBuffer::<U64, Eager>::default();
-    buffer.digest_blocks(msg, |b| compress256(&mut state, b));
+    buffer.digest_blocks(msg, |b| {
+        compress256(&mut state, hybrid_array::Array::cast_slice_to_core(b))
+    });
     state
 }
 

crates/core/Cargo.toml

@@ -13,13 +13,7 @@ workspace = true
 
 [features]
 default = []
-fixtures = [
-    "dep:hex",
-    "dep:tlsn-data-fixtures",
-    "dep:aead",
-    "dep:aes-gcm",
-    "dep:generic-array",
-]
+fixtures = ["dep:hex", "dep:tlsn-data-fixtures", "dep:aead", "dep:aes-gcm"]
 
 [dependencies]
 tlsn-data-fixtures = { workspace = true, optional = true }
@@ -29,7 +23,6 @@ rangeset = { workspace = true, features = ["serde"] }
 
 aead = { workspace = true, features = ["alloc"], optional = true }
 aes-gcm = { workspace = true, optional = true }
-generic-array = { workspace = true, optional = true }
 bimap = { version = "0.6", features = ["serde"] }
 blake3 = { workspace = true }
 hex = { workspace = true, optional = true }
@@ -53,7 +46,6 @@ zeroize = { workspace = true, features = ["zeroize_derive"] }
 [dev-dependencies]
 aead = { workspace = true, features = ["alloc"] }
 aes-gcm = { workspace = true }
-generic-array = { workspace = true }
 bincode = { workspace = true }
 hex = { workspace = true }
 rstest = { workspace = true }

crates/core/src/fixtures/transcript.rs

@@ -1,8 +1,7 @@
 //! Transcript fixtures for testing.
 
-use aead::Payload as AeadPayload;
-use aes_gcm::{aead::Aead, Aes128Gcm, NewAead};
-use generic_array::GenericArray;
+use aead::{KeyInit, Payload as AeadPayload};
+use aes_gcm::{aead::Aead, Aes128Gcm, Nonce};
 use rand::{rngs::StdRng, Rng, SeedableRng};
 use tls_core::msgs::{
     base::Payload,
@@ -180,11 +179,11 @@ fn aes_gcm_encrypt(
     let mut nonce = [0u8; 12];
     nonce[..4].copy_from_slice(&iv);
     nonce[4..].copy_from_slice(&explicit_nonce);
-    let nonce = GenericArray::from_slice(&nonce);
+    let nonce = Nonce::from(nonce);
     let cipher = Aes128Gcm::new_from_slice(&key).unwrap();
 
     // ciphertext will have the MAC appended
-    let ciphertext = cipher.encrypt(nonce, payload).unwrap();
+    let ciphertext = cipher.encrypt(&nonce, payload).unwrap();
 
     // prepend the explicit nonce
     let mut nonce_ct_mac = vec![0u8; 0];

crates/mpc-tls/Cargo.toml

@@ -51,7 +51,7 @@ opaque-debug = { workspace = true }
 aes = { workspace = true }
 aes-gcm = { workspace = true }
 ctr = { workspace = true }
-ghash_rc = { package = "ghash", version = "0.5" }
+ghash = { workspace = true }
 tokio = { workspace = true, features = ["sync"] }
 pin-project-lite = { workspace = true }
 web-time = { workspace = true }
@@ -61,8 +61,7 @@ mpz-ole = { workspace = true, features = ["test-utils"] }
 mpz-ot = { workspace = true }
 mpz-garble = { workspace = true }
 
-cipher-crate = { package = "cipher", version = "0.4" }
-generic-array = { workspace = true }
+cipher = { workspace = true }
 rand_chacha = { workspace = true }
 rstest = { workspace = true }
 tls-server-fixture = { workspace = true }

crates/mpc-tls/src/config.rs

@@ -1,5 +1,5 @@
 use derive_builder::Builder;
-use hmac_sha256::Mode as PrfMode;
+use tlsn_hmac_sha256::Mode as PrfMode;
 
 /// Number of TLS protocol bytes that will be sent.
 const PROTOCOL_DATA_SENT: usize = 32;

crates/mpc-tls/src/error.rs

@@ -1,6 +1,6 @@
-use hmac_sha256::PrfError;
 use key_exchange::KeyExchangeError;
 use tls_backend::BackendError;
+use tlsn_hmac_sha256::PrfError;
 
 /// MPC-TLS error.
 #[derive(Debug, thiserror::Error)]

crates/mpc-tls/src/follower.rs

@@ -3,7 +3,6 @@ use crate::{
     record_layer::{aead::MpcAesGcm, RecordLayer},
     Config, MpcTlsError, Role, SessionKeys, Vm,
 };
-use hmac_sha256::{MpcPrf, PrfOutput};
 use ke::KeyExchange;
 use key_exchange::{self as ke, MpcKeyExchange};
 use mpz_common::{Context, Flush};
@@ -25,6 +24,7 @@ use tlsn_core::{
     connection::{CertBinding, CertBindingV1_2, TlsVersion, VerifyData},
     transcript::TlsTranscript,
 };
+use tlsn_hmac_sha256::{MpcPrf, PrfOutput};
 use tracing::{debug, instrument};
 
 // Maximum handshake time difference in seconds.

crates/mpc-tls/src/leader.rs

@@ -11,7 +11,6 @@ use crate::{
     Config, Role, SessionKeys, Vm,
 };
 use async_trait::async_trait;
-use hmac_sha256::{MpcPrf, PrfOutput};
 use ke::KeyExchange;
 use key_exchange::{self as ke, MpcKeyExchange};
 use ludi::Context as LudiContext;
@@ -48,6 +47,7 @@ use tlsn_core::{
     transcript::TlsTranscript,
     webpki::CertificateDer,
 };
+use tlsn_hmac_sha256::{MpcPrf, PrfOutput};
 use tracing::{debug, instrument, trace, warn};
 
 /// Controller for MPC-TLS leader.

crates/mpc-tls/src/record_layer/aead.rs

@@ -2,8 +2,8 @@ mod aes_gcm;
 mod ghash;
 
 pub(crate) use aes_gcm::MpcAesGcm;
-use cipher::{aes::AesError, CipherError};
 pub(crate) use ghash::{ComputeTags, VerifyTags};
+use tlsn_cipher::{aes::AesError, CipherError};
 
 use mpz_memory_core::{binary::U8, Array};
 use mpz_vm_core::VmError;

crates/mpc-tls/src/record_layer/aead/aes_gcm.rs

@@ -1,6 +1,5 @@
 use std::{future::Future, sync::Arc};
 
-use cipher::{aes::Aes128, Cipher, CtrBlock, Keystream};
 use mpz_common::{Context, Flush};
 use mpz_fields::gf2_128::Gf2_128;
 use mpz_memory_core::{
@@ -9,6 +8,7 @@ use mpz_memory_core::{
 };
 use mpz_share_conversion::ShareConvert;
 use mpz_vm_core::{prelude::*, Vm};
+use tlsn_cipher::{aes::Aes128, Cipher, CtrBlock, Keystream};
 use tracing::instrument;
 
 use crate::{
@@ -450,10 +450,7 @@ fn assign_j0(
 #[cfg(test)]
 mod tests {
     use super::*;
-    use aes_gcm::{
-        aead::{AeadInPlace, NewAead},
-        Aes128Gcm,
-    };
+    use aes_gcm::{AeadInOut, Aes128Gcm, KeyInit};
     use mpz_common::context::test_st_context;
     use mpz_core::Block;
     use mpz_garble::protocol::semihonest::{Evaluator, Garbler};
@@ -667,7 +664,7 @@ mod tests {
 
         let mut payload = msg.to_vec();
         let tag = aes
-            .encrypt_in_place_detached(&nonce.into(), aad, &mut payload)
+            .encrypt_inout_detached(&nonce.into(), aad, payload.as_mut_slice().into())
             .unwrap();
 
         (payload, tag.to_vec())

crates/mpc-tls/src/record_layer/aead/ghash.rs

@@ -336,7 +336,7 @@ impl From<GhashError> for AeadError {
 #[cfg(test)]
 mod tests {
     use super::*;
-    use ghash_rc::{
+    use ::ghash::{
         universal_hash::{KeyInit, UniversalHash as UniversalHashReference},
         GHash as GhashReference,
     };

crates/mpc-tls/src/record_layer/aes_gcm.rs

@@ -1,4 +1,4 @@
-use aes_gcm::{aead::AeadMutInPlace, Aes128Gcm, NewAead};
+use aes_gcm::{aead::AeadInOut, Aes128Gcm, KeyInit};
 use mpz_core::bitvec::BitVec;
 use mpz_memory_core::{
     binary::{Binary, U8},
@@ -200,18 +200,20 @@ impl AesGcm {
         let key = key.as_ref().expect("leader knows key");
         let iv = iv.as_ref().expect("leader knows iv");
 
-        let mut aes_gcm = Aes128Gcm::new(key.into());
+        let aes_gcm = Aes128Gcm::new(key.into());
 
         let mut full_iv = [0u8; 12];
         full_iv[..4].copy_from_slice(iv);
         full_iv[4..12].copy_from_slice(&explicit_nonce);
 
         aes_gcm
-            .decrypt_in_place_detached(
+            .decrypt_inout_detached(
                 (&full_iv).into(),
                 &aad,
-                &mut ciphertext,
-                tag.as_slice().into(),
+                ciphertext.as_mut_slice().into(),
+                tag.as_slice()
+                    .try_into()
+                    .map_err(|_| MpcTlsError::record_layer("tag is not 16 bytes"))?,
             )
             .map_err(|_| MpcTlsError::record_layer("tag verification failed"))?;
 
@@ -222,7 +224,7 @@ impl AesGcm {
 #[cfg(test)]
 mod tests {
     use super::*;
-    use aes_gcm::{aead::AeadMutInPlace, Aes128Gcm, NewAead};
+    use aes_gcm::Aes128Gcm;
 
     #[test]
     fn test_aes_gcm_local() {
@@ -241,13 +243,13 @@ mod tests {
             iv: Some(iv),
         };
 
-        let mut aes_gcm = Aes128Gcm::new(&key.into());
+        let aes_gcm = Aes128Gcm::new(&key.into());
 
         let msg = b"hello world";
 
         let mut ciphertext = msg.to_vec();
         let tag = aes_gcm
-            .encrypt_in_place_detached(&nonce.into(), &aad, &mut ciphertext)
+            .encrypt_inout_detached(&nonce.into(), &aad, ciphertext.as_mut_slice().into())
             .unwrap();
 
         let decrypted = aes_gcm_local

crates/tls/client/Cargo.toml

@@ -30,7 +30,7 @@ p256 = { workspace = true, features = ["ecdh"] }
 rand = { workspace = true }
 rand06-compat = { workspace = true }
 hmac = { workspace = true }
-sha2 = { workspace = true, features = ["compress"] }
+sha2 = { workspace = true }
 digest = { workspace = true }
 futures = { workspace = true }
 web-time = { workspace = true }

crates/tls/client/src/backend/standard.rs

@@ -1,8 +1,8 @@
 use super::{Backend, BackendError};
 use crate::{DecryptMode, EncryptMode, Error};
 use aes_gcm::{
-    aead::{generic_array::GenericArray, Aead, NewAead, Payload},
-    Aes128Gcm,
+    aead::{Aead, Payload},
+    Aes128Gcm, KeyInit, Nonce,
 };
 use async_trait::async_trait;
 use p256::{ecdh::EphemeralSecret, EncodedPoint, PublicKey as ECDHPublicKey};
@@ -507,11 +507,11 @@ impl Encrypter {
         let mut nonce = [0u8; 12];
         nonce[..4].copy_from_slice(&self.write_iv);
         nonce[4..].copy_from_slice(explicit_nonce);
-        let nonce = GenericArray::from_slice(&nonce);
+        let nonce = Nonce::from(nonce);
         let cipher = Aes128Gcm::new_from_slice(&self.write_key).unwrap();
         // ciphertext will have the MAC appended
         let ciphertext = cipher
-            .encrypt(nonce, payload)
+            .encrypt(&nonce, payload)
             .map_err(|e| BackendError::EncryptionError(e.to_string()))?;
 
         // prepend the explicit nonce
@@ -568,9 +568,9 @@ impl Decrypter {
         let mut nonce = [0u8; 12];
         nonce[..4].copy_from_slice(&self.write_iv);
         nonce[4..].copy_from_slice(&m.payload.0[0..8]);
-        let nonce = GenericArray::from_slice(&nonce);
+        let nonce = Nonce::from(nonce);
         let plaintext = cipher
-            .decrypt(nonce, aes_payload)
+            .decrypt(&nonce, aes_payload)
             .map_err(|e| BackendError::DecryptionError(e.to_string()))?;
 
         Ok(PlainMessage {

crates/tls/core/src/prf.rs

@@ -1,6 +1,7 @@
-//! Implementation of the TLS Pseudo-Random Function (PRF) as defined in RFC 5246.
+//! Implementation of the TLS Pseudo-Random Function (PRF) as defined in RFC
+//! 5246.
 
-use hmac::Mac;
+use hmac::{KeyInit, Mac};
 
 type Hmac = hmac::Hmac<sha2::Sha256>;
 

crates/tlsn/src/tag.rs

@@ -2,7 +2,6 @@
 
 use crate::ghash::ghash;
 
-use cipher::{Cipher, aes::Aes128};
 use mpz_core::bitvec::BitVec;
 use mpz_memory_core::{
     DecodeFutureTyped,
@@ -11,6 +10,7 @@ use mpz_memory_core::{
 use mpz_vm_core::{Vm, prelude::*};
 use tls_client::ProtocolVersion;
 use tls_core::cipher::make_tls12_aad;
+use tlsn_cipher::{Cipher, aes::Aes128};
 use tlsn_core::{connection::TlsVersion, transcript::Record};
 
 /// Proves the verification of tags of the given `records`,