perf(crypto): eliminate bounds checks in header protection mask computation (#3049)

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

Author: 2 people

src/hp.rs

@@ -138,14 +138,12 @@ impl Key {
     ///
     /// # Errors
     ///
-    /// An error is returned if the NSS functions fail; a sample of the
-    /// wrong size is the obvious cause.
+    /// An error is returned if the NSS functions fail.
     ///
     /// # Panics
     ///
     /// When the mechanism for our key is not supported.
-    /// Or when the sample provided is not at least `self.sample_size()` bytes.
-    pub fn mask(&self, sample: &[u8]) -> Res<[u8; Self::SAMPLE_SIZE]> {
+    pub fn mask(&self, sample: &[u8; Self::SAMPLE_SIZE]) -> Res<[u8; Self::SAMPLE_SIZE]> {
         let mut output = [0; Self::SAMPLE_SIZE];
 
         match self {
@@ -157,7 +155,7 @@ impl Key {
                         output.as_mut_ptr(),
                         &mut output_len,
                         c_int::try_from(output.len())?,
-                        sample[..Self::SAMPLE_SIZE].as_ptr().cast(),
+                        sample.as_ptr().cast(),
                         c_int::try_from(Self::SAMPLE_SIZE)?,
                     )
                 })?;
@@ -169,7 +167,7 @@ impl Key {
                 let params: CK_CHACHA20_PARAMS = CK_CHACHA20_PARAMS {
                     pBlockCounter: sample.as_ptr().cast_mut(),
                     blockCounterBits: 32,
-                    pNonce: sample[4..Self::SAMPLE_SIZE].as_ptr().cast_mut(),
+                    pNonce: sample[4..].as_ptr().cast_mut(),
                     ulNonceBits: 96,
                 };
                 let mut output_len: c_uint = 0;

tests/hp.rs

@@ -67,17 +67,3 @@ fn chacha20_ctr() {
 
     hp_test(TLS_CHACHA20_POLY1305_SHA256, EXPECTED);
 }
-
-#[test]
-#[should_panic(expected = "out of range")]
-fn aes_short() {
-    let hp = make_hp(TLS_AES_128_GCM_SHA256);
-    drop(hp.mask(&[0; 15]));
-}
-
-#[test]
-#[should_panic(expected = "out of range")]
-fn chacha20_short() {
-    let hp = make_hp(TLS_CHACHA20_POLY1305_SHA256);
-    drop(hp.mask(&[0; 15]));
-}