[−][src]Crate polyval
POLYVAL is a GHASH-like universal hash over GF(2^128) useful for implementing AES-GCM-SIV or AES-GCM/GMAC.
From RFC 8452 Section 3 which defines POLYVAL for use in AES-GCM_SIV:
"POLYVAL, like GHASH (the authenticator in AES-GCM; ...), operates in a binary field of size 2^128. The field is defined by the irreducible polynomial x^128 + x^127 + x^126 + x^121 + 1."
By multiplying (in the finite field sense) a sequence of 128-bit blocks of
input data data by a field element H
, POLYVAL can be used to authenticate
the message sequence as powers (in the finite field sense) of H
.
Requirements
- Rust 1.41.0 or newer
- Recommended:
RUSTFLAGS
with-Ctarget-cpu
and-Ctarget-feature
:- x86(-64) CPU:
target-cpu=sandybridge
or newer - SSE2 + SSE4.1:
target-feature=+sse2,+sse4.1
- x86(-64) CPU:
Example:
$ RUSTFLAGS="-Ctarget-cpu=native -Ctarget-feature=+sse2,+sse4.1" cargo bench
If RUSTFLAGS
are not provided, this crate will fall back to a much slower
software-only implementation.
Relationship to GHASH
POLYVAL can be thought of as the little endian equivalent of GHASH, which affords it a small performance advantage over GHASH when used on little endian architectures.
It has also been designed so it can also be used to compute GHASH and with it GMAC, the Message Authentication Code (MAC) used by AES-GCM.
From RFC 8452 Appendix A:
"GHASH and POLYVAL both operate in GF(2^128), although with different irreducible polynomials: POLYVAL works modulo x^128 + x^127 + x^126 + x^121 + 1 and GHASH works modulo x^128 + x^7 + x^2 + x + 1. Note that these irreducible polynomials are the 'reverse' of each other."
Re-exports
pub use universal_hash; |
Structs
Polyval | POLYVAL: GHASH-like universal hash over GF(2^128). |
Constants
BLOCK_SIZE | Size of a POLYVAL block in bytes |
KEY_SIZE | Size of a POLYVAL key in bytes |
Type Definitions
Block | POLYVAL blocks (16-bytes) |
Key | POLYVAL keys (16-bytes) |
Tag | POLYVAL tags (16-bytes) |