Migrate to universal-hash 0.5

ghash/benches/ghash.rs

@@ -3,7 +3,7 @@
 extern crate test;
 
 use ghash::{
-    universal_hash::{NewUniversalHash, UniversalHash},
+    universal_hash::{KeyInit, UniversalHash},
     GHash,
 };
 use test::Bencher;

ghash/src/lib.rs

@@ -33,7 +33,11 @@
 pub use polyval::universal_hash;
 
 use polyval::Polyval;
-use universal_hash::{consts::U16, NewUniversalHash, UniversalHash};
+use universal_hash::{
+    consts::U16,
+    crypto_common::{BlockSizeUser, KeySizeUser, ParBlocksSizeUser},
+    KeyInit, UhfBackend, UhfClosure, UniversalHash,
+};
 
 #[cfg(feature = "zeroize")]
 use zeroize::Zeroize;
@@ -45,7 +49,7 @@ pub type Key = universal_hash::Key<GHash>;
 pub type Block = universal_hash::Block<GHash>;
 
 /// GHASH tags (16-bytes)
-pub type Tag = universal_hash::Output<GHash>;
+pub type Tag = universal_hash::Block<GHash>;
 
 /// **GHASH**: universal hash over GF(2^128) used by AES-GCM.
 ///
@@ -54,9 +58,11 @@ pub type Tag = universal_hash::Output<GHash>;
 #[derive(Clone)]
 pub struct GHash(Polyval);
 
-impl NewUniversalHash for GHash {
+impl KeySizeUser for GHash {
     type KeySize = U16;
+}
 
+impl KeyInit for GHash {
     /// Initialize GHASH with the given `H` field element
     #[inline]
     fn new(h: &Key) -> Self {
@@ -79,29 +85,51 @@ impl NewUniversalHash for GHash {
     }
 }
 
-impl UniversalHash for GHash {
-    type BlockSize = U16;
+struct GHashBackend<'b, B: UhfBackend>(&'b mut B);
 
-    /// Input a field element `X` to be authenticated
-    #[inline]
-    fn update(&mut self, x: &Block) {
-        let mut x = *x;
+impl<'b, B: UhfBackend> BlockSizeUser for GHashBackend<'b, B> {
+    type BlockSize = B::BlockSize;
+}
+
+impl<'b, B: UhfBackend> ParBlocksSizeUser for GHashBackend<'b, B> {
+    type ParBlocksSize = B::ParBlocksSize;
+}
+
+impl<'b, B: UhfBackend> UhfBackend for GHashBackend<'b, B> {
+    fn proc_block(&mut self, x: &universal_hash::Block<B>) {
+        let mut x = x.clone();
         x.reverse();
-        self.0.update(&x);
+        self.0.proc_block(&x);
     }
+}
 
-    /// Reset internal state
-    #[inline]
-    fn reset(&mut self) {
-        self.0.reset();
+impl BlockSizeUser for GHash {
+    type BlockSize = U16;
+}
+
+impl UniversalHash for GHash {
+    fn update_with_backend(&mut self, f: impl UhfClosure<BlockSize = Self::BlockSize>) {
+        struct GHashClosure<C: UhfClosure>(C);
+
+        impl<C: UhfClosure> BlockSizeUser for GHashClosure<C> {
+            type BlockSize = C::BlockSize;
+        }
+
+        impl<C: UhfClosure> UhfClosure for GHashClosure<C> {
+            fn call<B: UhfBackend<BlockSize = Self::BlockSize>>(self, backend: &mut B) {
+                self.0.call(&mut GHashBackend(backend));
+            }
+        }
+
+        self.0.update_with_backend(GHashClosure(f));
     }
 
     /// Get GHASH output
     #[inline]
     fn finalize(self) -> Tag {
-        let mut output = self.0.finalize().into_bytes();
+        let mut output = self.0.finalize();
         output.reverse();
-        Tag::new(output)
+        output
     }
 }
 

ghash/tests/lib.rs

@@ -1,5 +1,5 @@
 use ghash::{
-    universal_hash::{NewUniversalHash, UniversalHash},
+    universal_hash::{KeyInit, UniversalHash},
     GHash,
 };
 use hex_literal::hex;
@@ -19,9 +19,8 @@ const GHASH_RESULT: [u8; 16] = hex!("bd9b3997046731fb96251b91f9c99d7a");
 #[test]
 fn ghash_test_vector() {
     let mut ghash = GHash::new(&H.into());
-    ghash.update(&X_1.into());
-    ghash.update(&X_2.into());
+    ghash.update(&[X_1.into(), X_2.into()]);
 
     let result = ghash.finalize();
-    assert_eq!(&GHASH_RESULT[..], result.into_bytes().as_slice());
+    assert_eq!(&GHASH_RESULT[..], result.as_slice());
 }

poly1305/Cargo.toml

@@ -14,12 +14,17 @@ edition = "2021"
 
 [dependencies]
 opaque-debug = "0.3"
-universal-hash = { version = "0.4", default-features = false }
+#universal-hash = { version = "0.5", default-features = false }
 zeroize = { version = "1", optional = true, default-features = false }
 
 [target.'cfg(any(target_arch = "x86_64", target_arch = "x86"))'.dependencies]
 cpufeatures = "0.2"
 
+[dependencies.universal-hash]
+git = "https://github.com/RustCrypto/traits"
+rev = "74ce6e7a9ab1243f574b6c37e747a6e54c01f376"
+default-features = false
+
 [dev-dependencies]
 hex-literal = "0.3"
 

poly1305/benches/poly1305.rs

@@ -3,7 +3,7 @@
 extern crate test;
 
 use poly1305::{
-    universal_hash::{NewUniversalHash, UniversalHash},
+    universal_hash::{KeyInit, UniversalHash},
     Poly1305,
 };
 use test::Bencher;

poly1305/src/backend/autodetect.rs

@@ -1,6 +1,8 @@
 //! Autodetection support for AVX2 CPU intrinsics on x86 CPUs, with fallback
 //! to the "soft" backend when it's unavailable.
 
+use universal_hash::{consts::U16, crypto_common::BlockSizeUser, UniversalHash};
+
 use crate::{backend, Block, Key, Tag};
 use core::mem::ManuallyDrop;
 
@@ -16,6 +18,10 @@ union Inner {
     soft: ManuallyDrop<backend::soft::State>,
 }
 
+impl BlockSizeUser for State {
+    type BlockSize = U16;
+}
+
 impl State {
     /// Initialize Poly1305 [`State`] with the given key
     #[inline]
@@ -35,33 +41,36 @@ impl State {
         Self { inner, token }
     }
 
-    /// Reset internal state
+    /// Compute a Poly1305 block
     #[inline]
-    pub(crate) fn reset(&mut self) {
+    pub(crate) fn compute_block(&mut self, block: &Block, partial: bool) {
         if self.token.get() {
-            unsafe { (*self.inner.avx2).reset() }
+            unsafe { (*self.inner.avx2).compute_block(block, partial) }
         } else {
-            unsafe { (*self.inner.soft).reset() }
+            unsafe { (*self.inner.soft).compute_block(block, partial) }
         }
     }
+}
 
-    /// Compute a Poly1305 block
-    #[inline]
-    pub(crate) fn compute_block(&mut self, block: &Block, partial: bool) {
+impl UniversalHash for State {
+    fn update_with_backend(
+        &mut self,
+        f: impl universal_hash::UhfClosure<BlockSize = Self::BlockSize>,
+    ) {
         if self.token.get() {
-            unsafe { (*self.inner.avx2).compute_block(block, partial) }
+            unsafe { f.call(&mut *self.inner.avx2) }
         } else {
-            unsafe { (*self.inner.soft).compute_block(block, partial) }
+            unsafe { f.call(&mut *self.inner.soft) }
         }
     }
 
     /// Finalize output producing a [`Tag`]
     #[inline]
-    pub(crate) fn finalize(&mut self) -> Tag {
+    fn finalize(mut self) -> Tag {
         if self.token.get() {
             unsafe { (*self.inner.avx2).finalize() }
         } else {
-            unsafe { (*self.inner.soft).finalize() }
+            unsafe { (*self.inner.soft).finalize_mut() }
         }
     }
 }

poly1305/src/backend/avx2.rs

@@ -15,13 +15,21 @@
 // optimisations provided by Bhattacharyya and Sarkar. The latter require the message
 // length to be known, which is incompatible with the streaming API of UniversalHash.
 
-use universal_hash::generic_array::GenericArray;
+use universal_hash::{
+    consts::{U16, U4},
+    crypto_common::{BlockSizeUser, ParBlocksSizeUser},
+    generic_array::GenericArray,
+    UhfBackend,
+};
 
 use crate::{Block, Key, Tag};
 
 mod helpers;
 use self::helpers::*;
 
+/// Four Poly1305 blocks (64-bytes)
+type ParBlocks = universal_hash::ParBlocks<State>;
+
 #[derive(Copy, Clone)]
 struct Initialized {
     p: Aligned4x130,
@@ -60,10 +68,13 @@ impl State {
         }
     }
 
-    /// Reset internal state
-    pub(crate) fn reset(&mut self) {
-        self.initialized = None;
-        self.num_cached_blocks = 0;
+    /// Process four Poly1305 blocks at once.
+    #[target_feature(enable = "avx2")]
+    pub(crate) unsafe fn compute_par_blocks(&mut self, blocks: &ParBlocks) {
+        assert!(self.partial_block.is_none());
+        assert_eq!(self.num_cached_blocks, 0);
+
+        self.process_blocks(Aligned4x130::from_par_blocks(blocks));
     }
 
     /// Compute a Poly1305 block
@@ -84,13 +95,18 @@ impl State {
             self.num_cached_blocks = 0;
         }
 
+        self.process_blocks(Aligned4x130::from_blocks(&self.cached_blocks));
+    }
+
+    /// Compute a Poly1305 block
+    #[target_feature(enable = "avx2")]
+    unsafe fn process_blocks(&mut self, blocks: Aligned4x130) {
         if let Some(inner) = &mut self.initialized {
             // P <-- R^4 * P + blocks
-            inner.p =
-                (&inner.p * inner.r4).reduce() + Aligned4x130::from_blocks(&self.cached_blocks);
+            inner.p = (&inner.p * inner.r4).reduce() + blocks;
         } else {
             // Initialize the polynomial.
-            let p = Aligned4x130::from_blocks(&self.cached_blocks);
+            let p = blocks;
 
             // Initialize the multiplier (used to merge down the polynomial during
             // finalization).
@@ -152,6 +168,32 @@ impl State {
         };
         tag_int.write(tag.as_mut_slice());
 
-        Tag::new(tag)
+        tag
+    }
+}
+
+impl BlockSizeUser for State {
+    type BlockSize = U16;
+}
+
+impl ParBlocksSizeUser for State {
+    type ParBlocksSize = U4;
+}
+
+impl UhfBackend for State {
+    fn proc_block(&mut self, block: &Block) {
+        unsafe { self.compute_block(block, false) };
+    }
+
+    fn proc_par_blocks(&mut self, blocks: &ParBlocks) {
+        if self.num_cached_blocks == 0 {
+            // Fast path.
+            unsafe { self.compute_par_blocks(blocks) };
+        } else {
+            // We are unaligned; use the slow fallback.
+            for block in blocks {
+                self.proc_block(block);
+            }
+        }
     }
 }