Migrate to universal-hash 0.5

This commit just switches to the new traits, and pretends that the
ideal number of parallel blocks is 1 (i.e. no faster than before).

Author: str4d

Cargo.lock

@@ -3,7 +3,7 @@
 extern crate test;
 
 use ghash::{
-    universal_hash::{NewUniversalHash, UniversalHash},
+    universal_hash::{KeyInit, UniversalHash},
     GHash,
 };
 use test::Bencher;

ghash/benches/ghash.rs

@@ -33,7 +33,11 @@
 pub use polyval::universal_hash;
 
 use polyval::Polyval;
-use universal_hash::{consts::U16, NewUniversalHash, UniversalHash};
+use universal_hash::{
+    consts::U16,
+    crypto_common::{BlockSizeUser, KeySizeUser, ParBlocksSizeUser},
+    KeyInit, UhfBackend, UhfClosure, UniversalHash,
+};
 
 #[cfg(feature = "zeroize")]
 use zeroize::Zeroize;
@@ -45,7 +49,7 @@ pub type Key = universal_hash::Key<GHash>;
 pub type Block = universal_hash::Block<GHash>;
 
 /// GHASH tags (16-bytes)
-pub type Tag = universal_hash::Output<GHash>;
+pub type Tag = universal_hash::Block<GHash>;
 
 /// **GHASH**: universal hash over GF(2^128) used by AES-GCM.
 ///
@@ -54,9 +58,11 @@ pub type Tag = universal_hash::Output<GHash>;
 #[derive(Clone)]
 pub struct GHash(Polyval);
 
-impl NewUniversalHash for GHash {
+impl KeySizeUser for GHash {
     type KeySize = U16;
+}
 
+impl KeyInit for GHash {
     /// Initialize GHASH with the given `H` field element
     #[inline]
     fn new(h: &Key) -> Self {
@@ -79,29 +85,51 @@ impl NewUniversalHash for GHash {
     }
 }
 
-impl UniversalHash for GHash {
-    type BlockSize = U16;
+struct GHashBackend<'b, B: UhfBackend>(&'b mut B);
 
-    /// Input a field element `X` to be authenticated
-    #[inline]
-    fn update(&mut self, x: &Block) {
-        let mut x = *x;
+impl<'b, B: UhfBackend> BlockSizeUser for GHashBackend<'b, B> {
+    type BlockSize = B::BlockSize;
+}
+
+impl<'b, B: UhfBackend> ParBlocksSizeUser for GHashBackend<'b, B> {
+    type ParBlocksSize = B::ParBlocksSize;
+}
+
+impl<'b, B: UhfBackend> UhfBackend for GHashBackend<'b, B> {
+    fn proc_block(&mut self, x: &universal_hash::Block<B>) {
+        let mut x = x.clone();
         x.reverse();
-        self.0.update(&x);
+        self.0.proc_block(&x);
     }
+}
 
-    /// Reset internal state
-    #[inline]
-    fn reset(&mut self) {
-        self.0.reset();
+impl BlockSizeUser for GHash {
+    type BlockSize = U16;
+}
+
+impl UniversalHash for GHash {
+    fn update_with_backend(&mut self, f: impl UhfClosure<BlockSize = Self::BlockSize>) {
+        struct GHashClosure<C: UhfClosure>(C);
+
+        impl<C: UhfClosure> BlockSizeUser for GHashClosure<C> {
+            type BlockSize = C::BlockSize;
+        }
+
+        impl<C: UhfClosure> UhfClosure for GHashClosure<C> {
+            fn call<B: UhfBackend<BlockSize = Self::BlockSize>>(self, backend: &mut B) {
+                self.0.call(&mut GHashBackend(backend));
+            }
+        }
+
+        self.0.update_with_backend(GHashClosure(f));
     }
 
     /// Get GHASH output
     #[inline]
     fn finalize(self) -> Tag {
-        let mut output = self.0.finalize().into_bytes();
+        let mut output = self.0.finalize();
         output.reverse();
-        Tag::new(output)
+        output
     }
 }
 

ghash/src/lib.rs

@@ -1,5 +1,5 @@
 use ghash::{
-    universal_hash::{NewUniversalHash, UniversalHash},
+    universal_hash::{KeyInit, UniversalHash},
     GHash,
 };
 use hex_literal::hex;
@@ -19,9 +19,8 @@ const GHASH_RESULT: [u8; 16] = hex!("bd9b3997046731fb96251b91f9c99d7a");
 #[test]
 fn ghash_test_vector() {
     let mut ghash = GHash::new(&H.into());
-    ghash.update(&X_1.into());
-    ghash.update(&X_2.into());
+    ghash.update(&[X_1.into(), X_2.into()]);
 
     let result = ghash.finalize();
-    assert_eq!(&GHASH_RESULT[..], result.into_bytes().as_slice());
+    assert_eq!(&GHASH_RESULT[..], result.as_slice());
 }

ghash/tests/lib.rs

@@ -14,12 +14,17 @@ edition = "2021"
 
 [dependencies]
 opaque-debug = "0.3"
-universal-hash = { version = "0.4", default-features = false }
+#universal-hash = { version = "0.5", default-features = false }
 zeroize = { version = "1", optional = true, default-features = false }
 
 [target.'cfg(any(target_arch = "x86_64", target_arch = "x86"))'.dependencies]
 cpufeatures = "0.2"
 
+[dependencies.universal-hash]
+git = "https://github.com/RustCrypto/traits"
+rev = "74ce6e7a9ab1243f574b6c37e747a6e54c01f376"
+default-features = false
+
 [dev-dependencies]
 hex-literal = "0.3"
 

poly1305/Cargo.toml

@@ -3,7 +3,7 @@
 extern crate test;
 
 use poly1305::{
-    universal_hash::{NewUniversalHash, UniversalHash},
+    universal_hash::{KeyInit, UniversalHash},
     Poly1305,
 };
 use test::Bencher;

poly1305/benches/poly1305.rs

@@ -1,6 +1,8 @@
 //! Autodetection support for AVX2 CPU intrinsics on x86 CPUs, with fallback
 //! to the "soft" backend when it's unavailable.
 
+use universal_hash::{consts::U16, crypto_common::BlockSizeUser, UniversalHash};
+
 use crate::{backend, Block, Key, Tag};
 use core::mem::ManuallyDrop;
 
@@ -16,6 +18,10 @@ union Inner {
     soft: ManuallyDrop<backend::soft::State>,
 }
 
+impl BlockSizeUser for State {
+    type BlockSize = U16;
+}
+
 impl State {
     /// Initialize Poly1305 [`State`] with the given key
     #[inline]
@@ -35,33 +41,36 @@ impl State {
         Self { inner, token }
     }
 
-    /// Reset internal state
+    /// Compute a Poly1305 block
     #[inline]
-    pub(crate) fn reset(&mut self) {
+    pub(crate) fn compute_block(&mut self, block: &Block, partial: bool) {
         if self.token.get() {
-            unsafe { (*self.inner.avx2).reset() }
+            unsafe { (*self.inner.avx2).compute_block(block, partial) }
         } else {
-            unsafe { (*self.inner.soft).reset() }
+            unsafe { (*self.inner.soft).compute_block(block, partial) }
         }
     }
+}
 
-    /// Compute a Poly1305 block
-    #[inline]
-    pub(crate) fn compute_block(&mut self, block: &Block, partial: bool) {
+impl UniversalHash for State {
+    fn update_with_backend(
+        &mut self,
+        f: impl universal_hash::UhfClosure<BlockSize = Self::BlockSize>,
+    ) {
         if self.token.get() {
-            unsafe { (*self.inner.avx2).compute_block(block, partial) }
+            unsafe { f.call(&mut *self.inner.avx2) }
         } else {
-            unsafe { (*self.inner.soft).compute_block(block, partial) }
+            unsafe { f.call(&mut *self.inner.soft) }
         }
     }
 
     /// Finalize output producing a [`Tag`]
     #[inline]
-    pub(crate) fn finalize(&mut self) -> Tag {
+    fn finalize(mut self) -> Tag {
         if self.token.get() {
             unsafe { (*self.inner.avx2).finalize() }
         } else {
-            unsafe { (*self.inner.soft).finalize() }
+            unsafe { (*self.inner.soft).finalize_mut() }
         }
     }
 }

poly1305/src/backend/autodetect.rs

@@ -15,7 +15,12 @@
 // optimisations provided by Bhattacharyya and Sarkar. The latter require the message
 // length to be known, which is incompatible with the streaming API of UniversalHash.
 
-use universal_hash::generic_array::GenericArray;
+use universal_hash::{
+    consts::{U1, U16},
+    crypto_common::{BlockSizeUser, ParBlocksSizeUser},
+    generic_array::GenericArray,
+    UhfBackend,
+};
 
 use crate::{Block, Key, Tag};
 
@@ -60,12 +65,6 @@ impl State {
         }
     }
 
-    /// Reset internal state
-    pub(crate) fn reset(&mut self) {
-        self.initialized = None;
-        self.num_cached_blocks = 0;
-    }
-
     /// Compute a Poly1305 block
     #[target_feature(enable = "avx2")]
     pub(crate) unsafe fn compute_block(&mut self, block: &Block, partial: bool) {
@@ -152,6 +151,20 @@ impl State {
         };
         tag_int.write(tag.as_mut_slice());
 
-        Tag::new(tag)
+        tag
+    }
+}
+
+impl BlockSizeUser for State {
+    type BlockSize = U16;
+}
+
+impl ParBlocksSizeUser for State {
+    type ParBlocksSize = U1;
+}
+
+impl UhfBackend for State {
+    fn proc_block(&mut self, block: &Block) {
+        unsafe { self.compute_block(block, false) };
     }
 }

poly1305/src/backend/avx2.rs

@@ -12,6 +12,12 @@
 // ...and was originally a port of Andrew Moons poly1305-donna
 // https://github.com/floodyberry/poly1305-donna
 
+use universal_hash::{
+    consts::{U1, U16},
+    crypto_common::{BlockSizeUser, ParBlocksSizeUser},
+    UhfBackend, UniversalHash,
+};
+
 use crate::{Block, Key, Tag};
 
 #[derive(Clone, Default)]
@@ -41,11 +47,6 @@ impl State {
         poly
     }
 
-    /// Reset internal state
-    pub(crate) fn reset(&mut self) {
-        self.h = Default::default();
-    }
-
     /// Compute a Poly1305 block
     pub(crate) fn compute_block(&mut self, block: &Block, partial: bool) {
         let hibit = if partial { 0 } else { 1 << 24 };
@@ -139,7 +140,7 @@ impl State {
     }
 
     /// Finalize output producing a [`Tag`]
-    pub(crate) fn finalize(&mut self) -> Tag {
+    pub(crate) fn finalize_mut(&mut self) -> Tag {
         // fully carry h
         let mut h0 = self.h[0];
         let mut h1 = self.h[1];
@@ -227,7 +228,7 @@ impl State {
         tag[8..12].copy_from_slice(&h2.to_le_bytes());
         tag[12..16].copy_from_slice(&h3.to_le_bytes());
 
-        Tag::new(tag)
+        tag
     }
 }
 
@@ -240,3 +241,31 @@ impl Drop for State {
         self.pad.zeroize();
     }
 }
+
+impl BlockSizeUser for State {
+    type BlockSize = U16;
+}
+
+impl ParBlocksSizeUser for State {
+    type ParBlocksSize = U1;
+}
+
+impl UhfBackend for State {
+    fn proc_block(&mut self, block: &Block) {
+        self.compute_block(block, false);
+    }
+}
+
+impl UniversalHash for State {
+    fn update_with_backend(
+        &mut self,
+        f: impl universal_hash::UhfClosure<BlockSize = Self::BlockSize>,
+    ) {
+        f.call(self);
+    }
+
+    /// Finalize output producing a [`Tag`]
+    fn finalize(mut self) -> Tag {
+        self.finalize_mut()
+    }
+}