From 740d459b87daccca2a80bb9d7ad10dcb77bdcdbe Mon Sep 17 00:00:00 2001
From: DanGould <d@ngould.dev>
Date: Wed, 14 Aug 2024 14:30:06 -0400
Subject: [PATCH] Remove AES aead since it's not bitcoin native

ChaCha20Poly1305 on the other hand, is
---
 Cargo.toml          |  1 -
 README.md           |  4 +---
 benches/benches.rs  |  2 +-
 src/aead.rs         | 23 +++++------------------
 src/aead/aes_gcm.rs | 21 ---------------------
 src/kat_tests.rs    |  4 ++--
 6 files changed, 9 insertions(+), 46 deletions(-)
 delete mode 100644 src/aead/aes_gcm.rs

diff --git a/Cargo.toml b/Cargo.toml
index a1ed84c..e9d58cf 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -21,7 +21,6 @@ std = []
 
 [dependencies]
 aead = "0.5"
-aes-gcm = "0.10"
 secp256k1 = { version = "0.29", optional = true }
 chacha20poly1305 = "0.10"
 generic-array = { version = "0.14", default-features = false }
diff --git a/README.md b/README.md
index f10b285..93d1077 100644
--- a/README.md
+++ b/README.md
@@ -32,8 +32,6 @@ Here are all the primitives listed in the spec. The primitives with checked boxe
     - [X] HKDF-SHA384
     - [X] HKDF-SHA512
 * AEADs
-    - [X] AES-GCM-128
-    - [X] AES-GCM-256
     - [X] ChaCha20Poly1305
 
 Crate Features
@@ -90,7 +88,7 @@ To run all benchmarks, execute `cargo bench --all-features`. If you set your own
 
 Ciphersuites benchmarked:
 
-* NIST Ciphersuite with 128-bit security: AES-GCM-128, HKDF-SHA256, secp256k1
+* NIST Ciphersuite with 256-bit security: ChaCha20Poly1305, HKDF-SHA256, secp256k1
 
 Functions benchmarked in each ciphersuite:
 
diff --git a/benches/benches.rs b/benches/benches.rs
index 3d82ce8..462de68 100644
--- a/benches/benches.rs
+++ b/benches/benches.rs
@@ -212,7 +212,7 @@ pub fn benches() {
 
     #[cfg(feature = "secp")]
     bench_ciphersuite::<
-        bitcoin_hpke::aead::AesGcm128,
+        bitcoin_hpke::aead::ChaCha20Poly1305,
         bitcoin_hpke::kdf::HkdfSha256,
         bitcoin_hpke::kem::SecpK256HkdfSha256,
     >("secp", &mut c);
diff --git a/src/aead.rs b/src/aead.rs
index 99a762b..2534734 100644
--- a/src/aead.rs
+++ b/src/aead.rs
@@ -456,15 +456,14 @@ impl<A: Aead, Kdf: KdfTrait, Kem: KemTrait> AeadCtxS<A, Kdf, Kem> {
 }
 
 // Export all the AEAD implementations
-mod aes_gcm;
 mod chacha20_poly1305;
 mod export_only;
 #[doc(inline)]
-pub use crate::aead::{aes_gcm::*, chacha20_poly1305::*, export_only::*};
+pub use crate::aead::{chacha20_poly1305::*, export_only::*};
 
 #[cfg(test)]
 mod test {
-    use super::{AeadTag, AesGcm128, AesGcm256, ChaCha20Poly1305, ExportOnlyAead, Seq};
+    use super::{AeadTag, ChaCha20Poly1305, ExportOnlyAead, Seq};
 
     use crate::{
         kdf::HkdfSha256, test_util::gen_ctx_simple_pair, Deserializable, HpkeError, Serializable,
@@ -673,8 +672,6 @@ mod test {
         };
     }
 
-    test_invalid_nonce!(test_invalid_nonce_aes128, AesGcm128);
-    test_invalid_nonce!(test_invalid_nonce_aes256, AesGcm128);
     test_invalid_nonce!(test_invalid_nonce_chacha, ChaCha20Poly1305);
 
     #[cfg(all(feature = "secp", any(feature = "alloc", feature = "std")))]
@@ -689,16 +686,6 @@ mod test {
         );
         test_overflow!(test_overflow_k256, crate::kem::SecpK256HkdfSha256);
 
-        test_ctx_correctness!(
-            test_ctx_correctness_aes128_k256,
-            AesGcm128,
-            crate::kem::SecpK256HkdfSha256
-        );
-        test_ctx_correctness!(
-            test_ctx_correctness_aes256_k256,
-            AesGcm256,
-            crate::kem::SecpK256HkdfSha256
-        );
         test_ctx_correctness!(
             test_ctx_correctness_chacha_k256,
             ChaCha20Poly1305,
@@ -710,11 +697,11 @@ mod test {
     #[should_panic]
     #[test]
     fn test_write_exact() {
-        // Make an AES-GCM-128 tag (16 bytes) and try to serialize it to a buffer of 17 bytes. It
+        // Make an ChaChaPoly1305 tag (32 bytes) and try to serialize it to a buffer of 33 bytes. It
         // shouldn't matter that this is sufficient room, since write_exact needs exactly the write
         // size buffer
-        let tag = AeadTag::<AesGcm128>::default();
-        let mut buf = [0u8; 17];
+        let tag = AeadTag::<ChaCha20Poly1305>::default();
+        let mut buf = [0u8; 33];
         tag.write_exact(&mut buf);
     }
 }
diff --git a/src/aead/aes_gcm.rs b/src/aead/aes_gcm.rs
deleted file mode 100644
index 9daa95a..0000000
--- a/src/aead/aes_gcm.rs
+++ /dev/null
@@ -1,21 +0,0 @@
-use crate::aead::Aead;
-
-/// The implementation of AES-128-GCM
-pub struct AesGcm128;
-
-impl Aead for AesGcm128 {
-    type AeadImpl = aes_gcm::Aes128Gcm;
-
-    // RFC 9180 §7.3: AES-128-GCM
-    const AEAD_ID: u16 = 0x0001;
-}
-
-/// The implementation of AES-256-GCM
-pub struct AesGcm256 {}
-
-impl Aead for AesGcm256 {
-    type AeadImpl = aes_gcm::Aes256Gcm;
-
-    // RFC 9180 §7.3: AES-256-GCM
-    const AEAD_ID: u16 = 0x0002;
-}
diff --git a/src/kat_tests.rs b/src/kat_tests.rs
index 2b81f0f..32bb29f 100644
--- a/src/kat_tests.rs
+++ b/src/kat_tests.rs
@@ -1,5 +1,5 @@
 use crate::{
-    aead::{Aead, AesGcm128, AesGcm256, ChaCha20Poly1305, ExportOnlyAead},
+    aead::{Aead, ChaCha20Poly1305, ExportOnlyAead},
     kdf::{HkdfSha256, HkdfSha384, HkdfSha512, Kdf as KdfTrait},
     kem::{self, Kem as KemTrait, SecpK256HkdfSha256, SharedSecret},
     op_mode::{OpModeR, PskBundle},
@@ -345,7 +345,7 @@ fn kat_test() {
         // This unrolls into 36 `if let` statements
         dispatch_testcase!(
             tv,
-            (AesGcm128, AesGcm256, ChaCha20Poly1305, ExportOnlyAead),
+            (ChaCha20Poly1305, ExportOnlyAead),
             (HkdfSha256, HkdfSha384, HkdfSha512),
             (SecpK256HkdfSha256)
         );