tink-daead: add boringssl feature

Use the boring crate to pull in underlying BoringSSL implementation
of AES.  Continue to use the RustCrypto crates for the -SIV part.

Author: daviddrysdale

.github/workflows/ci.yml

@@ -28,6 +28,8 @@ jobs:
       - run: rustc --version
       - run: cargo build --release --workspace
       - run: (cd core && cargo build --features=json --release --all-targets)
+      - run: (cd daead && cargo build --features=boringssl --release --all-targets)
+      - run: (cd examples/daead && cargo build --features=boringssl --release)
 
   test:
     runs-on: ubuntu-latest
@@ -111,7 +113,9 @@ jobs:
           override: true
           components: rustfmt, clippy
       - run: rustc --version
-      - run: cargo clippy --all-features --all-targets -- -Dwarnings
+      - run: cargo clippy --all-targets -- -Dwarnings
+      - run: (cd core && cargo clippy --features=json -- -Dwarnings)
+      - run: (cd daead && cargo clippy --features=boringssl -- -Dwarnings)
 
   doc:
     runs-on: ubuntu-latest

Cargo.lock

@@ -9,9 +9,14 @@ repository = "https://github.com/project-oak/tink-rust"
 keywords = ["cryptography", "tink", "daead"]
 categories = ["cryptography"]
 
+[features]
+boringssl = ["boring"]
+
 [dependencies]
 aead = { version = "^0.4.2", features = ["std"] }
 aes-siv = "^0.6"
+boring = { version = "^1.1", optional = true }
+cipher = "^0.3"
 prost = "^0.8"
 tink-core = "^0.2"
 tink-proto = "^0.2"

daead/Cargo.toml

@@ -0,0 +1,75 @@
+// Copyright 2020 The Tink-Rust Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+////////////////////////////////////////////////////////////////////////////////
+
+//! Provides a Boring-SSL backed AES-256 cipher in a form suitable for
+//! use with RustCrypto traits.
+
+use aes_siv::aead::generic_array::{
+    typenum::{U16, U32, U8},
+    GenericArray,
+};
+use std::convert::TryInto;
+
+/// AES-256 block cipher
+#[derive(Clone)]
+pub struct Aes256 {
+    key: [u8; 32],
+}
+
+impl cipher::NewBlockCipher for Aes256 {
+    type KeySize = U32;
+
+    #[inline]
+    fn new(key: &GenericArray<u8, U32>) -> Self {
+        Self {
+            key: key.as_slice().try_into().unwrap(/* safe: array size checked */),
+        }
+    }
+}
+
+impl Aes256 {
+    fn process_block(&self, block: &mut GenericArray<u8, U16>, mode: boring::symm::Mode) {
+        // To process a single block, use electronic code book mode (ECB) with no padding.
+        let cipher = boring::symm::Cipher::aes_256_ecb();
+        let mut c = boring::symm::Crypter::new(cipher, mode, &self.key[..], None).unwrap();
+        c.pad(false);
+        let mut output = vec![0; block.len() + cipher.block_size()];
+        // TODO: investigate whether `boring` has an in-place operation.
+        let count = c.update(block, &mut output).unwrap();
+        let rest = c.finalize(&mut output[count..]).unwrap();
+        output.truncate(count + rest);
+        block[..16].copy_from_slice(&output)
+    }
+}
+
+impl cipher::BlockCipher for Aes256 {
+    type BlockSize = U16;
+    type ParBlocks = U8;
+}
+
+impl cipher::BlockEncrypt for Aes256 {
+    #[inline]
+    fn encrypt_block(&self, block: &mut GenericArray<u8, U16>) {
+        self.process_block(block, boring::symm::Mode::Encrypt);
+    }
+}
+
+impl cipher::BlockDecrypt for Aes256 {
+    #[inline]
+    fn decrypt_block(&self, block: &mut GenericArray<u8, U16>) {
+        self.process_block(block, boring::symm::Mode::Decrypt);
+    }
+}