Use workaround for broken generic array 0.14.9 by using the new version in compat-mode

2026-04-14 08:47:57 -07:00 · 2025-10-23 15:40:26 +02:00
parent 847c7bde52
commit b5beeeea45
2 changed files with 19 additions and 5 deletions
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -83,6 +83,8 @@ assert_matches = "1.2"
 rpassword = "5.0"
 flate3 = "1"
 aes-gcm = "0.10"
+# Workaround for 'broken' generic-array 0.14.9, see ctap2_discoverable_creds.rs for details
+generic-array = { version = "1.3", features = ["compat-0_14"] }

 [lints.rust]
 unexpected_cfgs = { level = "warn", check-cfg = ['cfg(fuzzing)'] }
--- a/examples/ctap2_discoverable_creds.rs
+++ b/examples/ctap2_discoverable_creds.rs
@@ -4,7 +4,7 @@

 use aes_gcm::{
    aead::{Aead, AeadCore, KeyInit, OsRng, Payload},
-    Aes256Gcm, Key,
+    Aes256Gcm,
 };
 use authenticator::{
    authenticatorservice::{AuthenticatorService, RegisterArgs, SignArgs},
@@ -21,6 +21,7 @@ use authenticator::{
    statecallback::StateCallback,
    Pin, StatusPinUv, StatusUpdate,
 };
+use generic_array::GenericArray;
 use getopts::{Matches, Options};
 use sha2::{Digest, Sha256};
 use std::sync::mpsc::{channel, RecvError};
@@ -157,8 +158,14 @@ fn register_user(
                    // Let nonce be a fresh, random, 12-byte value.
                    let nonce = Aes256Gcm::generate_nonce(&mut OsRng);
                    // Let ciphertext be the AEAD_AES_256_GCM authenticated encryption of plaintext using key, nonce, and the associated data as specified above.
-                    let gcm_key = Key::<Aes256Gcm>::from_slice(&key);
-                    let cipher = Aes256Gcm::new(gcm_key);
+                    //
+                    // Note: Because of bug https://github.com/RustCrypto/traits/issues/2036 and/or https://github.com/fizyk20/generic-array/issues/158 we can't use the
+                    // simple version below, but have to request the new generic-array 1.x in
+                    // our Cargo.toml and use it directly here, as aes_gcm uses the old version
+                    // that got 'broken' by a dot-release
+                    // let gcm_key = Key::<Aes256Gcm>::from_slice(&key);
+                    // let cipher = Aes256Gcm::new(gcm_key);
+                    let cipher = Aes256Gcm::new(GenericArray::from_slice(&key).as_ref());
                    let mut payload = Payload::from(plaintext.as_ref());
                    // Associated data: The value 0x626c6f62 ("blob") || uint64LittleEndian(origSize).
                    let mut aad = b"blob".to_vec();
@@ -259,8 +266,13 @@ fn extract_associated_large_blobs(key: Vec<u8>, array: Vec<LargeBlobArrayElement
    let valid_elements = array
        .iter()
        .filter_map(|e| {
-            let gcm_key = Key::<Aes256Gcm>::from_slice(&key);
-            let cipher = Aes256Gcm::new(gcm_key);
+            // Note: Because of bug https://github.com/RustCrypto/traits/issues/2036 and/or https://github.com/fizyk20/generic-array/issues/158 we can't use the
+            // simple version below, but have to request the new generic-array 1.x in
+            // our Cargo.toml and use it directly here, as aes_gcm uses the old version
+            // that got 'broken' by a dot-release
+            // let gcm_key = Key::<Aes256Gcm>::from_slice(&key);
+            // let cipher = Aes256Gcm::new(gcm_key);
+            let cipher = Aes256Gcm::new(GenericArray::from_slice(&key).as_ref());
            let mut payload = Payload::from(e.ciphertext.as_slice());
            // Associated data: The value 0x626c6f62 ("blob") || uint64LittleEndian(origSize).
            let mut aad = b"blob".to_vec();