1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
//! Autodetection for CPU intrinsics, with fallback to the "soft" backend when
//! they are unavailable.

use crate::{backend::soft, Block, Key};
use core::mem::ManuallyDrop;
use universal_hash::{consts::U16, NewUniversalHash, Output, UniversalHash};

#[cfg(all(target_arch = "aarch64", feature = "armv8"))]
use super::pmull as intrinsics;

#[cfg(any(target_arch = "x86_64", target_arch = "x86"))]
use super::clmul as intrinsics;

#[cfg(all(target_arch = "aarch64", feature = "armv8"))]
cpufeatures::new!(mul_intrinsics, "aes"); // `aes` implies PMULL

#[cfg(any(target_arch = "x86_64", target_arch = "x86"))]
cpufeatures::new!(mul_intrinsics, "pclmulqdq", "sse4.1");

/// **POLYVAL**: GHASH-like universal hash over GF(2^128).
pub struct Polyval {
    inner: Inner,
    token: mul_intrinsics::InitToken,
}

union Inner {
    intrinsics: ManuallyDrop<intrinsics::Polyval>,
    soft: ManuallyDrop<soft::Polyval>,
}

impl NewUniversalHash for Polyval {
    type KeySize = U16;

    /// Initialize POLYVAL with the given `H` field element
    fn new(h: &Key) -> Self {
        let (token, has_intrinsics) = mul_intrinsics::init_get();

        let inner = if has_intrinsics {
            Inner {
                intrinsics: ManuallyDrop::new(intrinsics::Polyval::new(h)),
            }
        } else {
            Inner {
                soft: ManuallyDrop::new(soft::Polyval::new(h)),
            }
        };

        Self { inner, token }
    }
}

impl UniversalHash for Polyval {
    type BlockSize = U16;

    /// Input a field element `X` to be authenticated
    #[inline]
    fn update(&mut self, x: &Block) {
        if self.token.get() {
            unsafe { (*self.inner.intrinsics).update(x) }
        } else {
            unsafe { (*self.inner.soft).update(x) }
        }
    }

    /// Reset internal state
    fn reset(&mut self) {
        if self.token.get() {
            unsafe { (*self.inner.intrinsics).reset() }
        } else {
            unsafe { (*self.inner.soft).reset() }
        }
    }

    /// Get POLYVAL result (i.e. computed `S` field element)
    fn finalize(self) -> Output<Self> {
        let output_bytes = if self.token.get() {
            unsafe {
                ManuallyDrop::into_inner(self.inner.intrinsics)
                    .finalize()
                    .into_bytes()
            }
        } else {
            unsafe {
                ManuallyDrop::into_inner(self.inner.soft)
                    .finalize()
                    .into_bytes()
            }
        };

        Output::new(output_bytes)
    }
}

impl Clone for Polyval {
    fn clone(&self) -> Self {
        let inner = if self.token.get() {
            Inner {
                intrinsics: ManuallyDrop::new(unsafe { (*self.inner.intrinsics).clone() }),
            }
        } else {
            Inner {
                soft: ManuallyDrop::new(unsafe { (*self.inner.soft).clone() }),
            }
        };

        Self {
            inner,
            token: self.token,
        }
    }
}