AES-GCm: Use ArraySplitMap.

This is a step towards eliminating the `unsafe` code in `chunks_fixed()`.
briansmith · Oct 12, 2023 · 8f56770 · 8f56770
1 parent 5b81ff2
commit 8f56770
Show file tree

Hide file tree

Showing 4 changed files with 19 additions and 13 deletions.
diff --git a/src/aead/gcm.rs b/src/aead/gcm.rs
@@ -16,7 +16,7 @@ use super::{
     block::{Block, BLOCK_LEN},
     Aad,
 };
-use crate::{cpu, polyfill::ChunksFixed};
+use crate::{cpu, polyfill::ArraySplitMap};
 use core::ops::BitXorAssign;
 
 #[cfg(not(target_arch = "aarch64"))]
@@ -30,8 +30,7 @@ pub struct Key {
 
 impl Key {
     pub(super) fn new(h_be: Block, cpu_features: cpu::Features) -> Self {
-        let h_be: &[[u8; 8]; 2] = h_be.as_ref().chunks_fixed();
-        let h: [u64; 2] = h_be.map(u64::from_be_bytes);
+        let h: [u64; 2] = h_be.as_ref().array_split_map(u64::from_be_bytes);
 
         let mut key = Self {
             h_table: HTable {

diff --git a/src/aead/gcm/gcm_nohw.rs b/src/aead/gcm/gcm_nohw.rs
@@ -23,7 +23,7 @@
 // Unlike the BearSSL notes, we use u128 in the 64-bit implementation.
 
 use super::{Block, Xi, BLOCK_LEN};
-use crate::polyfill::ChunksFixed;
+use crate::polyfill::ArraySplitMap;
 
 #[cfg(target_pointer_width = "64")]
 fn gcm_mul64_nohw(a: u64, b: u64) -> (u64, u64) {
@@ -224,21 +224,18 @@ pub(super) fn gmult(xi: &mut Xi, h: super::u128) {
 
 pub(super) fn ghash(xi: &mut Xi, h: super::u128, input: &[[u8; BLOCK_LEN]]) {
     with_swapped_xi(xi, |swapped| {
-        input.iter().for_each(|input| {
-            let input: &[[u8; 8]; 2] = input.chunks_fixed();
-            swapped[0] ^= u64::from_be_bytes(input[1]);
-            swapped[1] ^= u64::from_be_bytes(input[0]);
+        input.iter().for_each(|&input| {
+            let input = input.array_split_map(u64::from_be_bytes);
+            swapped[0] ^= input[1];
+            swapped[1] ^= input[0];
             gcm_polyval_nohw(swapped, h);
         });
     });
 }
 
 #[inline]
 fn with_swapped_xi(Xi(xi): &mut Xi, f: impl FnOnce(&mut [u64; 2])) {
-    let unswapped: [u64; 2] = {
-        let xi: &[[u8; 8]; 2] = xi.as_ref().chunks_fixed();
-        xi.map(u64::from_be_bytes)
-    };
+    let unswapped: [u64; 2] = xi.as_ref().array_split_map(u64::from_be_bytes);
     let mut swapped: [u64; 2] = [unswapped[1], unswapped[0]];
     f(&mut swapped);
     let reswapped = [swapped[1], swapped[0]];

diff --git a/src/polyfill/array_split_map.rs b/src/polyfill/array_split_map.rs
@@ -26,3 +26,14 @@ impl<I, O> ArraySplitMap<I, O, 4, 4> for [I; 16] {
         ]
     }
 }
+
+impl<I, O> ArraySplitMap<I, O, 8, 2> for [I; 16] {
+    #[inline]
+    fn array_split_map(self, f: impl Fn([I; 8]) -> O) -> [O; 2] {
+        let [a0, a1, a2, a3, a4, a5, a6, a7, b0, b1, b2, b3, b4, b5, b6, b7] = self;
+        [
+            f([a0, a1, a2, a3, a4, a5, a6, a7]),
+            f([b0, b1, b2, b3, b4, b5, b6, b7]),
+        ]
+    }
+}
diff --git a/src/polyfill/chunks_fixed.rs b/src/polyfill/chunks_fixed.rs
@@ -59,7 +59,6 @@ macro_rules! define_chunks_fixed {
 }
 
 // Sorted by the first value, then the second value.
-define_chunks_fixed!(16, 8);
 define_chunks_fixed!(32, 4);
 define_chunks_fixed!(64, 4);
 define_chunks_fixed!(64, 32);