Expand description
GHASH: universal hash over GF(2^128) used by AES-GCM for message authentication (i.e. GMAC).
§Implementation Notes
The implementation of GHASH found in this crate internally uses the
polyval crate, which provides a similar universal hash function used by
AES-GCM-SIV (RFC 8452).
By implementing GHASH in terms of POLYVAL, the two universal hash functions
can share a common core, meaning any optimization work (e.g. CPU-specific
SIMD implementations) which happens upstream in the polyval crate
benefits GHASH as well.
From RFC 8452 Appendix A: https://tools.ietf.org/html/rfc8452#appendix-A
GHASH and POLYVAL both operate in GF(2^128), although with different irreducible polynomials: POLYVAL works modulo x^128 + x^127 + x^126 + x^121 + 1 and GHASH works modulo x^128 + x^7 + x^2 + x + 1. Note that these irreducible polynomials are the “reverse” of each other.
Re-exports§
pub use polyval::universal_hash;
Structs§
- GHASH: universal hash over GF(2^128) used by AES-GCM.
Type Aliases§
- GHASH blocks (16-bytes)
- GHASH keys (16-bytes)
- GHASH tags (16-bytes)