From ba6369b948bf6a91b33f0711be68e116377fd03b Mon Sep 17 00:00:00 2001 From: Alexandr Kitaev Date: Tue, 30 Jan 2024 09:40:48 +0300 Subject: [PATCH 1/8] add new_with_init_block --- ghash/src/lib.rs | 23 +++++++++++++++++++++++ polyval/src/backend/clmul.rs | 15 +++++++++++++++ polyval/src/backend/pmull.rs | 12 ++++++++++++ polyval/src/backend/soft32.rs | 22 ++++++++++++++++++++++ polyval/src/backend/soft64.rs | 18 +++++++++++++++++- 5 files changed, 89 insertions(+), 1 deletion(-) diff --git a/ghash/src/lib.rs b/ghash/src/lib.rs index a38328d..1688565 100644 --- a/ghash/src/lib.rs +++ b/ghash/src/lib.rs @@ -61,6 +61,29 @@ impl KeySizeUser for GHash { type KeySize = U16; } +impl GHash { + /// Initialize GHASH with the given `H` field element and initial block + #[inline] + pub fn new_with_init_block(h: &Key, init_block: u128) -> Self { + let mut h = *h; + h.reverse(); + + #[allow(unused_mut)] + let mut h_polyval = polyval::mulx(&h); + + #[cfg(feature = "zeroize")] + h.zeroize(); + + #[allow(clippy::let_and_return)] + let result = GHash(Polyval::new_with_init_block(&h_polyval, init_block)); + + #[cfg(feature = "zeroize")] + h_polyval.zeroize(); + + result + } +} + impl KeyInit for GHash { /// Initialize GHASH with the given `H` field element #[inline] diff --git a/polyval/src/backend/clmul.rs b/polyval/src/backend/clmul.rs index 1d6565f..83fc7a4 100644 --- a/polyval/src/backend/clmul.rs +++ b/polyval/src/backend/clmul.rs @@ -24,6 +24,21 @@ impl KeySizeUser for Polyval { type KeySize = U16; } +impl Polyval { + /// Initialize POLYVAL with the given `H` field element and initial block + pub fn new_with_init_block(h: &Key, init_block: u128) -> Self { + unsafe { + // `_mm_loadu_si128` performs an unaligned load + #[allow(clippy::cast_ptr_alignment)] + Self { + h: _mm_loadu_si128(h.as_ptr() as *const __m128i), + y: _mm_loadu_si128(&init_block.to_be_bytes()[..] as *const _ as *const __m128i), + } + } + } + +} + impl KeyInit for Polyval { /// Initialize POLYVAL with the given `H` field element fn new(h: &Key) -> Self { diff --git a/polyval/src/backend/pmull.rs b/polyval/src/backend/pmull.rs index 9d99316..b79ddd5 100644 --- a/polyval/src/backend/pmull.rs +++ b/polyval/src/backend/pmull.rs @@ -30,6 +30,18 @@ impl KeySizeUser for Polyval { type KeySize = U16; } +impl Polyval { + /// Initialize POLYVAL with the given `H` field element and initial block + pub fn new_with_init_block(h: &Key, init_block: u128) -> Self { + unsafe { + Self { + h: vld1q_u8(h.as_ptr()), + y: vld1q_u8(&init_block.to_be_bytes()[..]), + } + } + } +} + impl KeyInit for Polyval { /// Initialize POLYVAL with the given `H` field element fn new(h: &Key) -> Self { diff --git a/polyval/src/backend/soft32.rs b/polyval/src/backend/soft32.rs index a52231f..1f79a0c 100644 --- a/polyval/src/backend/soft32.rs +++ b/polyval/src/backend/soft32.rs @@ -53,6 +53,17 @@ impl KeySizeUser for Polyval { type KeySize = U16; } +impl Polyval { + /// Initialize POLYVAL with the given `H` field element and initial block + pub fn new_with_init_block(h: &Key, init_block: u128) -> Self { + Self { + h: h.into(), + s: init_block.into(), + } + } +} + + impl KeyInit for Polyval { /// Initialize POLYVAL with the given `H` field element fn new(h: &Key) -> Self { @@ -130,6 +141,17 @@ impl From<&Block> for U32x4 { } } +impl From for U32x4 { + fn from(x: u128) -> Self { + U32x4( + x as u32, + (x >> 32) as u32, + (x >> 64) as u32, + (x >> 96) as u32, + ) + } +} + #[allow(clippy::suspicious_arithmetic_impl)] impl Add for U32x4 { type Output = Self; diff --git a/polyval/src/backend/soft64.rs b/polyval/src/backend/soft64.rs index b4462d6..09020ab 100644 --- a/polyval/src/backend/soft64.rs +++ b/polyval/src/backend/soft64.rs @@ -29,6 +29,16 @@ pub struct Polyval { s: U64x2, } +impl Polyval { + /// Initialize POLYVAL with the given `H` field element and initial block + pub fn new_with_init_block(h: &Key, init_block: u128) -> Self { + Self { + h: h.into(), + s: U64x2(init_block as u64, (init_block >> 64) as u64), + } + } +} + impl KeySizeUser for Polyval { type KeySize = U16; } @@ -94,7 +104,7 @@ impl Drop for Polyval { /// 2 x `u64` values #[derive(Copy, Clone, Debug, Default, Eq, PartialEq)] -struct U64x2(u64, u64); +pub struct U64x2(u64, u64); impl From<&Block> for U64x2 { fn from(bytes: &Block) -> U64x2 { @@ -105,6 +115,12 @@ impl From<&Block> for U64x2 { } } +impl From for U64x2 { + fn from(x: u128) -> Self { + U64x2(x as u64, (x >> 64) as u64) + } +} + #[allow(clippy::suspicious_arithmetic_impl)] impl Add for U64x2 { type Output = Self; From 5a6d7abe718ca914a5401513af3c61b1e7a4fa5c Mon Sep 17 00:00:00 2001 From: Alexandr Kitaev Date: Wed, 31 Jan 2024 17:26:59 +0300 Subject: [PATCH 2/8] fix/visibility + init --- polyval/src/backend/soft64.rs | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/polyval/src/backend/soft64.rs b/polyval/src/backend/soft64.rs index 09020ab..b8e7b7d 100644 --- a/polyval/src/backend/soft64.rs +++ b/polyval/src/backend/soft64.rs @@ -32,9 +32,11 @@ pub struct Polyval { impl Polyval { /// Initialize POLYVAL with the given `H` field element and initial block pub fn new_with_init_block(h: &Key, init_block: u128) -> Self { + let mut init_block = init_block; + // init_block = init_block.swap_bytes(); Self { h: h.into(), - s: U64x2(init_block as u64, (init_block >> 64) as u64), + s: init_block.into(), } } } @@ -104,7 +106,7 @@ impl Drop for Polyval { /// 2 x `u64` values #[derive(Copy, Clone, Debug, Default, Eq, PartialEq)] -pub struct U64x2(u64, u64); +struct U64x2(u64, u64); impl From<&Block> for U64x2 { fn from(bytes: &Block) -> U64x2 { @@ -117,7 +119,7 @@ impl From<&Block> for U64x2 { impl From for U64x2 { fn from(x: u128) -> Self { - U64x2(x as u64, (x >> 64) as u64) + U64x2((x >> 64) as u64, (x) as u64) } } From f83de6458ea39203b3c2fb94389a44b03f379fb5 Mon Sep 17 00:00:00 2001 From: Alexandr Kitaev Date: Thu, 1 Feb 2024 08:58:13 +0300 Subject: [PATCH 3/8] fix/KeyInit in terms of new_with_init_block --- ghash/src/lib.rs | 17 +---------------- ghash/tests/lib.rs | 7 +++++++ polyval/src/backend/clmul.rs | 21 ++++++++++----------- polyval/src/backend/pmull.rs | 2 +- polyval/src/backend/soft32.rs | 5 +---- polyval/src/backend/soft64.rs | 7 +------ 6 files changed, 21 insertions(+), 38 deletions(-) diff --git a/ghash/src/lib.rs b/ghash/src/lib.rs index 1688565..d9b053e 100644 --- a/ghash/src/lib.rs +++ b/ghash/src/lib.rs @@ -88,22 +88,7 @@ impl KeyInit for GHash { /// Initialize GHASH with the given `H` field element #[inline] fn new(h: &Key) -> Self { - let mut h = *h; - h.reverse(); - - #[allow(unused_mut)] - let mut h_polyval = polyval::mulx(&h); - - #[cfg(feature = "zeroize")] - h.zeroize(); - - #[allow(clippy::let_and_return)] - let result = GHash(Polyval::new(&h_polyval)); - - #[cfg(feature = "zeroize")] - h_polyval.zeroize(); - - result + Self::new_with_init_block(h, 0) } } diff --git a/ghash/tests/lib.rs b/ghash/tests/lib.rs index 6490028..1e20e55 100644 --- a/ghash/tests/lib.rs +++ b/ghash/tests/lib.rs @@ -24,3 +24,10 @@ fn ghash_test_vector() { let result = ghash.finalize(); assert_eq!(&GHASH_RESULT[..], result.as_slice()); } + + +#[test] +fn test() { + + // let ghash = GHash::new() +} \ No newline at end of file diff --git a/polyval/src/backend/clmul.rs b/polyval/src/backend/clmul.rs index 83fc7a4..e9b1b79 100644 --- a/polyval/src/backend/clmul.rs +++ b/polyval/src/backend/clmul.rs @@ -1,17 +1,18 @@ //! Intel `CLMUL`-accelerated implementation for modern x86/x86_64 CPUs //! (i.e. Intel Sandy Bridge-compatible or newer) -use crate::{Block, Key, Tag}; +#[cfg(target_arch = "x86")] +use core::arch::x86::*; +#[cfg(target_arch = "x86_64")] +use core::arch::x86_64::*; + use universal_hash::{ consts::{U1, U16}, crypto_common::{BlockSizeUser, KeySizeUser, ParBlocksSizeUser}, KeyInit, Reset, UhfBackend, }; -#[cfg(target_arch = "x86")] -use core::arch::x86::*; -#[cfg(target_arch = "x86_64")] -use core::arch::x86_64::*; +use crate::{Block, Key, Tag}; /// **POLYVAL**: GHASH-like universal hash over GF(2^128). #[derive(Clone)] @@ -43,12 +44,10 @@ impl KeyInit for Polyval { /// Initialize POLYVAL with the given `H` field element fn new(h: &Key) -> Self { unsafe { - // `_mm_loadu_si128` performs an unaligned load - #[allow(clippy::cast_ptr_alignment)] - Self { - h: _mm_loadu_si128(h.as_ptr() as *const __m128i), - y: _mm_setzero_si128(), - } + Self::new_with_init_block( + _mm_loadu_si128(h.as_ptr() as *const __m128i), + _mm_setzero_si128() + ) } } } diff --git a/polyval/src/backend/pmull.rs b/polyval/src/backend/pmull.rs index b79ddd5..7b1b030 100644 --- a/polyval/src/backend/pmull.rs +++ b/polyval/src/backend/pmull.rs @@ -36,7 +36,7 @@ impl Polyval { unsafe { Self { h: vld1q_u8(h.as_ptr()), - y: vld1q_u8(&init_block.to_be_bytes()[..]), + y: vld1q_u8(init_block.to_be_bytes()[..].as_ptr()), } } } diff --git a/polyval/src/backend/soft32.rs b/polyval/src/backend/soft32.rs index 1f79a0c..2146ef5 100644 --- a/polyval/src/backend/soft32.rs +++ b/polyval/src/backend/soft32.rs @@ -67,10 +67,7 @@ impl Polyval { impl KeyInit for Polyval { /// Initialize POLYVAL with the given `H` field element fn new(h: &Key) -> Self { - Self { - h: h.into(), - s: U32x4::default(), - } + Self::new_with_init_block(h, 0) } } diff --git a/polyval/src/backend/soft64.rs b/polyval/src/backend/soft64.rs index b8e7b7d..1422238 100644 --- a/polyval/src/backend/soft64.rs +++ b/polyval/src/backend/soft64.rs @@ -32,8 +32,6 @@ pub struct Polyval { impl Polyval { /// Initialize POLYVAL with the given `H` field element and initial block pub fn new_with_init_block(h: &Key, init_block: u128) -> Self { - let mut init_block = init_block; - // init_block = init_block.swap_bytes(); Self { h: h.into(), s: init_block.into(), @@ -48,10 +46,7 @@ impl KeySizeUser for Polyval { impl KeyInit for Polyval { /// Initialize POLYVAL with the given `H` field element fn new(h: &Key) -> Self { - Self { - h: h.into(), - s: U64x2::default(), - } + Self::new_with_init_block(h, 0) } } From b2ece32893b9ac20db5f2bdb34f12b474fbf980e Mon Sep 17 00:00:00 2001 From: Alexandr Kitaev Date: Thu, 1 Feb 2024 09:00:54 +0300 Subject: [PATCH 4/8] fixes --- ghash/tests/lib.rs | 7 ------- polyval/src/backend/clmul.rs | 8 +------- polyval/src/backend/pmull.rs | 11 ++++------- polyval/src/backend/soft32.rs | 1 - 4 files changed, 5 insertions(+), 22 deletions(-) diff --git a/ghash/tests/lib.rs b/ghash/tests/lib.rs index 1e20e55..6490028 100644 --- a/ghash/tests/lib.rs +++ b/ghash/tests/lib.rs @@ -24,10 +24,3 @@ fn ghash_test_vector() { let result = ghash.finalize(); assert_eq!(&GHASH_RESULT[..], result.as_slice()); } - - -#[test] -fn test() { - - // let ghash = GHash::new() -} \ No newline at end of file diff --git a/polyval/src/backend/clmul.rs b/polyval/src/backend/clmul.rs index e9b1b79..02db291 100644 --- a/polyval/src/backend/clmul.rs +++ b/polyval/src/backend/clmul.rs @@ -37,18 +37,12 @@ impl Polyval { } } } - } impl KeyInit for Polyval { /// Initialize POLYVAL with the given `H` field element fn new(h: &Key) -> Self { - unsafe { - Self::new_with_init_block( - _mm_loadu_si128(h.as_ptr() as *const __m128i), - _mm_setzero_si128() - ) - } + unsafe { Self::new_with_init_block(h, 0) } } } diff --git a/polyval/src/backend/pmull.rs b/polyval/src/backend/pmull.rs index 7b1b030..b783b5a 100644 --- a/polyval/src/backend/pmull.rs +++ b/polyval/src/backend/pmull.rs @@ -11,14 +11,16 @@ //! - //! - -use crate::{Block, Key, Tag}; use core::{arch::aarch64::*, mem}; + use universal_hash::{ consts::{U1, U16}, crypto_common::{BlockSizeUser, KeySizeUser, ParBlocksSizeUser}, KeyInit, Reset, UhfBackend, }; +use crate::{Block, Key, Tag}; + /// **POLYVAL**: GHASH-like universal hash over GF(2^128). #[derive(Clone)] pub struct Polyval { @@ -45,12 +47,7 @@ impl Polyval { impl KeyInit for Polyval { /// Initialize POLYVAL with the given `H` field element fn new(h: &Key) -> Self { - unsafe { - Self { - h: vld1q_u8(h.as_ptr()), - y: vdupq_n_u8(0), // all zeroes - } - } + unsafe { Self::new_with_init_block(h, 0) } } } diff --git a/polyval/src/backend/soft32.rs b/polyval/src/backend/soft32.rs index 2146ef5..259c771 100644 --- a/polyval/src/backend/soft32.rs +++ b/polyval/src/backend/soft32.rs @@ -63,7 +63,6 @@ impl Polyval { } } - impl KeyInit for Polyval { /// Initialize POLYVAL with the given `H` field element fn new(h: &Key) -> Self { From 9d8433bcaa008fa8725899590c13d0db30ccaf54 Mon Sep 17 00:00:00 2001 From: Alexandr Kitaev Date: Thu, 1 Feb 2024 09:02:06 +0300 Subject: [PATCH 5/8] fix/remove unsafe --- polyval/src/backend/clmul.rs | 2 +- polyval/src/backend/pmull.rs | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/polyval/src/backend/clmul.rs b/polyval/src/backend/clmul.rs index 02db291..1e891c2 100644 --- a/polyval/src/backend/clmul.rs +++ b/polyval/src/backend/clmul.rs @@ -42,7 +42,7 @@ impl Polyval { impl KeyInit for Polyval { /// Initialize POLYVAL with the given `H` field element fn new(h: &Key) -> Self { - unsafe { Self::new_with_init_block(h, 0) } + Self::new_with_init_block(h, 0) } } diff --git a/polyval/src/backend/pmull.rs b/polyval/src/backend/pmull.rs index b783b5a..82ad6bc 100644 --- a/polyval/src/backend/pmull.rs +++ b/polyval/src/backend/pmull.rs @@ -47,7 +47,7 @@ impl Polyval { impl KeyInit for Polyval { /// Initialize POLYVAL with the given `H` field element fn new(h: &Key) -> Self { - unsafe { Self::new_with_init_block(h, 0) } + Self::new_with_init_block(h, 0) } } From d58c0a48cbe8eff6fc403103ef14ed14f6f98b7f Mon Sep 17 00:00:00 2001 From: Alexandr Kitaev Date: Thu, 1 Feb 2024 09:15:01 +0300 Subject: [PATCH 6/8] fix autodetect --- polyval/src/backend/autodetect.rs | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/polyval/src/backend/autodetect.rs b/polyval/src/backend/autodetect.rs index e6091b4..7adb289 100644 --- a/polyval/src/backend/autodetect.rs +++ b/polyval/src/backend/autodetect.rs @@ -36,18 +36,20 @@ impl KeySizeUser for Polyval { type KeySize = U16; } -impl KeyInit for Polyval { - /// Initialize POLYVAL with the given `H` field element - fn new(h: &Key) -> Self { +impl Polyval { + /// Initialize POLYVAL with the given `H` field element and initial block + pub fn new_with_init_block(h: &Key, init_block: u128) -> Self { let (token, has_intrinsics) = mul_intrinsics::init_get(); let inner = if has_intrinsics { Inner { - intrinsics: ManuallyDrop::new(intrinsics::Polyval::new(h)), + intrinsics: ManuallyDrop::new(intrinsics::Polyval::new_with_init_block( + h, init_block, + )), } } else { Inner { - soft: ManuallyDrop::new(soft::Polyval::new(h)), + soft: ManuallyDrop::new(soft::Polyval::new_with_init_block(h, init_block)), } }; @@ -55,6 +57,13 @@ impl KeyInit for Polyval { } } +impl KeyInit for Polyval { + /// Initialize POLYVAL with the given `H` field element + fn new(h: &Key) -> Self { + Self::new_with_init_block(h, 0) + } +} + impl BlockSizeUser for Polyval { type BlockSize = U16; } From 1936b0807c13d98ef221c247502cc00e90271245 Mon Sep 17 00:00:00 2001 From: Alexandr Kitaev Date: Thu, 1 Feb 2024 17:16:13 +0300 Subject: [PATCH 7/8] cargo fmt --- polyval/src/backend/soft64.rs | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/polyval/src/backend/soft64.rs b/polyval/src/backend/soft64.rs index 1422238..dcbf70c 100644 --- a/polyval/src/backend/soft64.rs +++ b/polyval/src/backend/soft64.rs @@ -5,11 +5,11 @@ //! //! Copyright (c) 2016 Thomas Pornin -use crate::{Block, Key, Tag}; use core::{ num::Wrapping, ops::{Add, Mul}, }; + use universal_hash::{ consts::{U1, U16}, crypto_common::{BlockSizeUser, KeySizeUser, ParBlocksSizeUser}, @@ -19,6 +19,8 @@ use universal_hash::{ #[cfg(feature = "zeroize")] use zeroize::Zeroize; +use crate::{Block, Key, Tag}; + /// **POLYVAL**: GHASH-like universal hash over GF(2^128). #[derive(Clone)] pub struct Polyval { @@ -32,9 +34,14 @@ pub struct Polyval { impl Polyval { /// Initialize POLYVAL with the given `H` field element and initial block pub fn new_with_init_block(h: &Key, init_block: u128) -> Self { + let mut init_block = init_block.to_be_bytes(); + init_block.iter_mut().zip(h).for_each(|(a, b)| *a ^= b); + + let block = Block::from_slice(&init_block); + Self { h: h.into(), - s: init_block.into(), + s: block.into(), } } } From 65574155c1d8861db30deae647c6fef228a98a08 Mon Sep 17 00:00:00 2001 From: Alexandr Kitaev Date: Thu, 1 Feb 2024 17:21:46 +0300 Subject: [PATCH 8/8] fix/revert tests --- polyval/src/backend/soft64.rs | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/polyval/src/backend/soft64.rs b/polyval/src/backend/soft64.rs index dcbf70c..9af1e97 100644 --- a/polyval/src/backend/soft64.rs +++ b/polyval/src/backend/soft64.rs @@ -34,14 +34,9 @@ pub struct Polyval { impl Polyval { /// Initialize POLYVAL with the given `H` field element and initial block pub fn new_with_init_block(h: &Key, init_block: u128) -> Self { - let mut init_block = init_block.to_be_bytes(); - init_block.iter_mut().zip(h).for_each(|(a, b)| *a ^= b); - - let block = Block::from_slice(&init_block); - Self { h: h.into(), - s: block.into(), + s: init_block.into(), } } }