[cryptography] use aws-lc-rs for optimized secp256r1 verification

Cargo.toml

@@ -66,6 +66,7 @@ anyhow = { version = "1.0.99", default-features = false }
 arbitrary = "1.4.1"
 async-lock = "3.4.0"
 aws-config = "1.8.10"
+aws-lc-rs = "1.15.2"
 aws-sdk-ec2 = "1.187.0"
 axum = "0.8.1"
 blake3 = { version = "1.8.2", default-features = false }

cryptography/Cargo.toml

@@ -36,6 +36,10 @@ thiserror.workspace = true
 x25519-dalek = { workspace = true, features = ["zeroize"] }
 zeroize = { workspace = true, features = ["zeroize_derive"] }
 
+[target.'cfg(any(target_arch = "x86_64", target_arch = "aarch64"))'.dependencies]
+# aws-lc-rs provides optimized P-256 verification on x86_64 and aarch64.
+aws-lc-rs.workspace = true
+
 [target.'cfg(target_arch = "wasm32")'.dependencies.getrandom]
 # Enable "js" feature when WASM is target
 version = "0.2.15"

cryptography/src/secp256r1/common.rs

@@ -159,6 +159,14 @@ impl PublicKeyInner {
     pub fn from_private_key(private_key: &PrivateKeyInner) -> Self {
         Self::new(private_key.key.verifying_key().to_owned())
     }
+
+    /// aws-lc-rs can decompress keys, but since we already have the key parsed
+    /// in memory, extracting the uncompressed form directly is faster.
+    #[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))]
+    pub fn to_uncompressed(&self) -> [u8; 65] {
+        let encoded = self.key.to_encoded_point(false);
+        encoded.as_bytes().try_into().unwrap()
+    }
 }
 
 impl Write for PublicKeyInner {

cryptography/src/secp256r1/standard.rs

@@ -9,6 +9,8 @@ use super::common::{
     impl_private_key_wrapper, impl_public_key_wrapper, PrivateKeyInner, PublicKeyInner, CURVE_NAME,
     PRIVATE_KEY_LENGTH, PUBLIC_KEY_LENGTH,
 };
+#[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))]
+use aws_lc_rs::signature::{UnparsedPublicKey, ECDSA_P256_SHA256_FIXED};
 use bytes::{Buf, BufMut};
 use commonware_codec::{Error as CodecError, FixedSize, Read, ReadExt, Write};
 use commonware_utils::{hex, union_unique, Array, Span};
@@ -17,10 +19,9 @@ use core::{
     hash::{Hash, Hasher},
     ops::Deref,
 };
-use p256::{
-    ecdsa::signature::{Signer, Verifier},
-    elliptic_curve::scalar::IsHigh,
-};
+#[cfg(not(any(target_arch = "x86_64", target_arch = "aarch64")))]
+use p256::ecdsa::signature::Verifier;
+use p256::{ecdsa::signature::Signer, elliptic_curve::scalar::IsHigh};
 
 const SIGNATURE_LENGTH: usize = 64; // R || S
 
@@ -77,13 +78,25 @@ impl crate::Verifier for PublicKey {
 }
 
 impl PublicKey {
+    #[cfg(not(any(target_arch = "x86_64", target_arch = "aarch64")))]
     #[inline(always)]
     fn verify_inner(&self, namespace: Option<&[u8]>, msg: &[u8], sig: &Signature) -> bool {
         let payload = namespace.map_or(Cow::Borrowed(msg), |namespace| {
             Cow::Owned(union_unique(namespace, msg))
         });
         self.0.key.verify(&payload, &sig.signature).is_ok()
     }
+
+    #[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))]
+    #[inline(always)]
+    fn verify_inner(&self, namespace: Option<&[u8]>, msg: &[u8], sig: &Signature) -> bool {
+        let payload = namespace.map_or(Cow::Borrowed(msg), |namespace| {
+            Cow::Owned(union_unique(namespace, msg))
+        });
+        let uncompressed = self.0.to_uncompressed();
+        let public_key = UnparsedPublicKey::new(&ECDSA_P256_SHA256_FIXED, &uncompressed);
+        public_key.verify(&payload, &sig.raw).is_ok()
+    }
 }
 
 /// Secp256r1 Signature.