feat: add blapi feature to bypass PKCS#11 in RecordProtection

Calls freebl AES-GCM and ChaCha20-Poly1305 primitives directly instead
of going through `PK11_AEADOp` → softoken, eliminating the
`sftk_SessionFromHandle` mutex and hash-table overhead (~7.6% CPU on
the hot path).

`RecordProtection::new` takes a `Mode` so callers that know their
direction (send vs. receive) create only the context they need.

NOTE: bypasses softoken's FIPS self-test gate.  Intentional for neqo
(non-FIPS).

Author: larseggert

.github/actions/check-android/action.yml

@@ -47,7 +47,7 @@ runs:
       with:
         version: stable
         targets: ${{ inputs.target }}
-        tools: cargo-ndk@^4
+        tools: cargo-ndk@^4, cargo-hack
         token: ${{ inputs.github-token }}
 
     - uses: mozilla/actions/nss@27cbe8fb5d338c2861b787e5de10410559065db1 # v1.1.3
@@ -62,7 +62,7 @@ runs:
         TARGET: ${{ startsWith(inputs.target, 'arm') && 'arm64-v8a' || inputs.target }}
         API_LEVEL: ${{ inputs.api-level }}
         WD: ${{ inputs.working-directory }}
-      run: cd "$WD" && cargo ndk --platform "$API_LEVEL" --target "$TARGET" test --no-run
+      run: cd "$WD" && cargo hack --feature-powerset --exclude-features gecko,blapi ndk --platform "$API_LEVEL" --target "$TARGET" test --no-run
 
     # FIXME: Enable emulator testing for aarch64 once Google ships Android
     # emulator binaries for ARM64 Linux hosts.

.github/actions/check-vm/action.yml

@@ -102,12 +102,15 @@ runs:
                         ;;
           esac
           cargo fmt --all -- --check
+          cargo install cargo-hack --locked
           case "$PLATFORM" in
             freebsd)    cargo install cargo-llvm-cov --locked
                         cargo llvm-cov test --locked --no-fail-fast --codecov --output-path codecov.json
+                        cargo hack test --locked --no-fail-fast --feature-powerset --exclude-features gecko,blapi
                         ;;
             *)          # FIXME: No profiler support on other platforms, error is: cannot find crate for profiler_builtins
                         cargo test --locked --no-fail-fast # We do this instead for now
+                        cargo hack test --locked --no-fail-fast --feature-powerset --exclude-features gecko,blapi
                         ;;
           esac
           cargo test --locked --no-fail-fast --release

.github/workflows/check.yml

@@ -83,7 +83,7 @@ jobs:
         with:
           version: ${{ matrix.rust-toolchain }}
           components: ${{ matrix.rust-toolchain == 'stable' && 'llvm-tools' || '' }} ${{ matrix.rust-toolchain == 'nightly' && startsWith(matrix.os, 'ubuntu') && !endsWith(matrix.os, 'arm') && 'rust-src ' || '' }}
-          tools: ${{ matrix.rust-toolchain == 'stable' && 'cargo-llvm-cov' || '' }} ${{ matrix.rust-toolchain == 'nightly' && startsWith(matrix.os, 'ubuntu') && !endsWith(matrix.os, 'arm') && 'cargo-careful ' || '' }}
+          tools: ${{ matrix.rust-toolchain == 'stable' && 'cargo-llvm-cov' || '' }} ${{ matrix.rust-toolchain == 'nightly' && startsWith(matrix.os, 'ubuntu') && !endsWith(matrix.os, 'arm') && 'cargo-careful ' || '' }} cargo-hack
           token: ${{ secrets.GITHUB_TOKEN }}
 
       - uses: mozilla/actions/nss@27cbe8fb5d338c2861b787e5de10410559065db1 # v1.1.3
@@ -96,6 +96,11 @@ jobs:
           # shellcheck disable=SC2086
           cargo check $BUILD_TYPE --locked --all-targets
 
+      - name: Check feature powerset
+        run: |
+          # shellcheck disable=SC2086
+          cargo hack check $BUILD_TYPE --locked --feature-powerset --no-dev-deps --exclude-features gecko --mutually-exclusive-features blapi,disable-encryption
+
       - name: Run tests and determine coverage
         env:
           RUST_LOG: trace
@@ -119,6 +124,11 @@ jobs:
             cargo $CAREFUL test $BUILD_TYPE --locked $TRIPLE
           fi
 
+      - name: Test feature powerset
+        run: |
+          # shellcheck disable=SC2086
+          cargo hack test $BUILD_TYPE --locked --feature-powerset --exclude-features gecko --mutually-exclusive-features blapi,disable-encryption
+
       - name: CodeCov Windows workaround
         if: ${{ startsWith(matrix.os, 'windows') && matrix.type == 'debug' && matrix.rust-toolchain == 'stable' }}
         run: |

.github/workflows/clippy.yml

@@ -59,7 +59,7 @@ jobs:
       # respective default features only. Can reveal warnings otherwise
       # hidden given that a plain cargo clippy combines all features of the
       # workspace. See e.g. https://github.com/mozilla/neqo/pull/1695.
-      - run: cargo hack clippy --feature-powerset --no-dev-deps --exclude-features gecko -- -D warnings
+      - run: cargo hack clippy --feature-powerset --no-dev-deps --exclude-features gecko --mutually-exclusive-features blapi,disable-encryption -- -D warnings
       - run: cargo clippy --locked --workspace --all-targets -- -D warnings
       - run: cargo doc --locked --workspace --no-deps --document-private-items
         env:

Cargo.lock

@@ -1,6 +1,6 @@
 [package]
 name = "nss-rs"
-version = "0.11.0"
+version = "0.12.0"
 authors = ["Martin Thomson <mt@lowentropy.net>", "Andy Leiserson <aleiserson@mozilla.com>", "John M. Schanck <jschanck@mozilla.com>", "Benjamin Beurdouche <beurdouche@mozilla.com>", "Anna Weine <anna.weine@mozilla.com>"]
 categories = ["network-programming", "web-programming"]
 keywords = ["nss", "crypto", "mozilla", "firefox"]
@@ -124,6 +124,9 @@ verbose_file_reads = "warn"
 
 [features]
 bench = ["log/release_max_level_info"]
+# Bypass PKCS#11 session layer for RecordProtection AEAD operations by calling
+# freebl directly. Improves performance but skips softoken's FIPS self-test gate.
+blapi = []
 disable-encryption = []
 disable-random = []
 gecko = ["mozbuild"]

Cargo.toml

@@ -229,6 +229,9 @@ fn dynamic_link() {
     for lib in dynamic_libs {
         println!("cargo:rustc-link-lib=dylib={lib}");
     }
+    if env::var("CARGO_FEATURE_BLAPI").is_ok() {
+        println!("cargo:rustc-link-lib=static=freebl");
+    }
 }
 
 fn static_link() {
@@ -396,19 +399,59 @@ fn pkg_config() -> Result<Vec<String>, Box<dyn Error>> {
     let cfg_str = String::from_utf8(cfg)?;
 
     let mut flags: Vec<String> = Vec::new();
+    let mut lib_dirs: Vec<PathBuf> = Vec::new();
 
     for f in cfg_str.split_whitespace() {
         if f.starts_with("-I") {
             flags.push(String::from(f));
         } else if let Some(path) = f.strip_prefix("-L") {
             println!("cargo:rustc-link-search=native={path}");
+            lib_dirs.push(PathBuf::from(path));
         } else if let Some(lib) = f.strip_prefix("-l") {
             println!("cargo:rustc-link-lib=dylib={lib}");
         } else {
             println!("cargo:warning=Unknown flag from pkg-config: {f}");
         }
     }
 
+    if env::var("CARGO_FEATURE_BLAPI").is_ok() {
+        // Probe for freebl in preference order.  All dynamic libraries export
+        // FREEBL_GetVector, which is the only stable ABI entry point used by
+        // the blapi Rust bindings.  The static libfreebl.a does NOT export
+        // FREEBL_GetVector, so it is a last resort (NSS_DIR source builds
+        // typically also produce the shared libraries and are found first).
+        //
+        // 1. libfreeblpriv3  — Ubuntu and some Linux distributions ship this as the "private API"
+        //    library that libsoftokn3 links against.
+        //
+        // 2. libfreebl3  — macOS (Homebrew), FreeBSD, NetBSD and most other systems; this is the
+        //    real implementation, exporting FREEBL_GetVector.
+        //
+        // 3. libfreebl.a  — static fallback for NSS_DIR source builds.
+        let has = |name: &str| lib_dirs.iter().any(|dir| dir.join(name).exists());
+        let dylib_ext = if env::var("CARGO_CFG_TARGET_OS").as_deref() == Ok("macos") {
+            "dylib"
+        } else {
+            "so"
+        };
+        let has_dylib = |stem: &str| has(&format!("{stem}.{dylib_ext}"));
+        let link = [
+            (has_dylib("libfreeblpriv3"), "dylib=freeblpriv3"),
+            (has_dylib("libfreebl3"), "dylib=freebl3"),
+            (has("libfreebl.a"), "static=freebl"),
+        ]
+        .into_iter()
+        .find_map(|(found, link)| found.then_some(link))
+        .unwrap_or_else(|| {
+            panic!(
+                "blapi feature requires freebl: libfreeblpriv3, libfreebl3, \
+             and libfreebl.a were all absent from the pkg-config library \
+             paths. Set NSS_DIR to a standalone NSS source build."
+            )
+        });
+        println!("cargo:rustc-link-lib={link}");
+    }
+
     Ok(flags)
 }