Adds LessSafeKey::open_in_place_separate_tag

[wpt-oai]

Issues:

Resolves #1115

Description of changes:

• impl open_in_place_separate_tag to allow for in-place + separate tags, limited to just LessSafeKey for now.

Call-outs:

Testing:

• passed cargo check and cargo test -p aws-lc-rs --test aead_test + cargo clippy
• benchmark details:

Sample results using a M4 Mac + a thrown together benchmark harness. But I am happy to incorperate this change into a larger bench suite if needed for the PR.

open_separate_gather + copy back   17.488ms     3659.6 MiB/s
open_in_place_separate_tag        10.870ms     5887.8 MiB/s

const PLAINTEXT_LEN: usize = 128 * 1024;

// <snip>

fn benchmark_separate_output(key: &LessSafeKey, samples: &[Sample]) -> Duration {
    let mut in_out = vec![0u8; PLAINTEXT_LEN];
    let mut temporary_plaintext = vec![0u8; PLAINTEXT_LEN];
    let start = Instant::now();

    for sample in samples {
        in_out.copy_from_slice(&sample.ciphertext);
        key.open_separate_gather(
            Nonce::try_assume_unique_for_key(&sample.nonce).unwrap(),
            Aad::from(AAD),
            &in_out,
            &sample.tag,
            &mut temporary_plaintext,
        )
        .unwrap();
        in_out.copy_from_slice(&temporary_plaintext);
        black_box(in_out[0]);
    }

    start.elapsed()
}

fn benchmark_in_place(key: &LessSafeKey, samples: &[Sample]) -> Duration {
    let mut in_out = vec![0u8; PLAINTEXT_LEN];
    let start = Instant::now();

    for sample in samples {
        in_out.copy_from_slice(&sample.ciphertext);
        key.open_in_place_separate_tag(
            Nonce::try_assume_unique_for_key(&sample.nonce).unwrap(),
            Aad::from(AAD),
            &sample.tag,
            &mut in_out,
        )
        .unwrap();
        black_box(in_out[0]);
    }

    start.elapsed()
}

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.

[justsmth]

Thanks for the contribution!

The implementation looks correct. AWS-LC's EVP_AEAD_CTX_open_gather explicitly documents that in and out may alias when out == in, which is exactly the pointer relationship this creates. The refactoring to extract open_separate_gather_impl is a clean way to share the FFI call between the two paths.

I pushed a small follow-up commit to your branch to expanded test coverage. Tests now cover AES-256-GCM and ChaCha20-Poly1305 in addition to AES-128-GCM, plus empty plaintext and wrong-tag rejection cases.

[codecov-commenter]

Codecov Report

❌ Patch coverage is 95.91837% with 2 lines in your changes missing coverage. Please review.
✅ Project coverage is 92.71%. Comparing base (c358484) to head (75eb661).
⚠️ Report is 376 commits behind head on main.

Files with missing lines	Patch %	Lines
aws-lc-rs/src/aead/unbound_key.rs	94.44%	1 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1116      +/-   ##
==========================================
- Coverage   95.80%   92.71%   -3.09%     
==========================================
  Files          61       71      +10     
  Lines        8143    10248    +2105     
  Branches        0    10248   +10248     
==========================================
+ Hits         7801     9501    +1700     
- Misses        342      451     +109     
- Partials        0      296     +296     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.