add new_with_init_block

ghash/src/lib.rs

@@ -61,6 +61,29 @@ impl KeySizeUser for GHash {
     type KeySize = U16;
 }
 
+impl GHash {
+    /// Initialize GHASH with the given `H` field element and initial block
+    #[inline]
+    pub fn new_with_init_block(h: &Key, init_block: u128) -> Self {
+        let mut h = *h;
+        h.reverse();
+
+        #[allow(unused_mut)]
+        let mut h_polyval = polyval::mulx(&h);
+
+        #[cfg(feature = "zeroize")]
+        h.zeroize();
+
+        #[allow(clippy::let_and_return)]
+        let result = GHash(Polyval::new_with_init_block(&h_polyval, init_block));
+
+        #[cfg(feature = "zeroize")]
+        h_polyval.zeroize();
+
+        result
+    }
+}
+
 impl KeyInit for GHash {
     /// Initialize GHASH with the given `H` field element
     #[inline]

polyval/src/backend/clmul.rs

@@ -24,6 +24,21 @@ impl KeySizeUser for Polyval {
     type KeySize = U16;
 }
 
+impl Polyval {
+    /// Initialize POLYVAL with the given `H` field element and initial block
+    pub fn new_with_init_block(h: &Key, init_block: u128) -> Self {
+        unsafe {
+            // `_mm_loadu_si128` performs an unaligned load
+            #[allow(clippy::cast_ptr_alignment)]
+            Self {
+                h: _mm_loadu_si128(h.as_ptr() as *const __m128i),
+                y: _mm_loadu_si128(&init_block.to_be_bytes()[..] as *const _ as *const __m128i),
+            }
+        }
+    }
+
+}
+
 impl KeyInit for Polyval {
     /// Initialize POLYVAL with the given `H` field element
     fn new(h: &Key) -> Self {

polyval/src/backend/pmull.rs

@@ -30,6 +30,18 @@ impl KeySizeUser for Polyval {
     type KeySize = U16;
 }
 
+impl Polyval {
+    /// Initialize POLYVAL with the given `H` field element and initial block
+    pub fn new_with_init_block(h: &Key, init_block: u128) -> Self {
+        unsafe {
+            Self {
+                h: vld1q_u8(h.as_ptr()),
+                y: vld1q_u8(&init_block.to_be_bytes()[..]),
+            }
+        }
+    }
+}
+
 impl KeyInit for Polyval {
     /// Initialize POLYVAL with the given `H` field element
     fn new(h: &Key) -> Self {

polyval/src/backend/soft32.rs

@@ -53,6 +53,17 @@ impl KeySizeUser for Polyval {
     type KeySize = U16;
 }
 
+impl Polyval {
+    /// Initialize POLYVAL with the given `H` field element and initial block
+    pub fn new_with_init_block(h: &Key, init_block: u128) -> Self {
+        Self {
+            h: h.into(),
+            s: init_block.into(),
+        }
+    }
+}
+
+
 impl KeyInit for Polyval {
     /// Initialize POLYVAL with the given `H` field element
     fn new(h: &Key) -> Self {
@@ -130,6 +141,17 @@ impl From<&Block> for U32x4 {
     }
 }
 
+impl From<u128> for U32x4 {
+    fn from(x: u128) -> Self {
+        U32x4(
+            x as u32,
+            (x >> 32) as u32,
+            (x >> 64) as u32,
+            (x >> 96) as u32,
+        )
+    }
+}
+
 #[allow(clippy::suspicious_arithmetic_impl)]
 impl Add for U32x4 {
     type Output = Self;

polyval/src/backend/soft64.rs

@@ -29,6 +29,16 @@ pub struct Polyval {
     s: U64x2,
 }
 
+impl Polyval {
+    /// Initialize POLYVAL with the given `H` field element and initial block
+    pub fn new_with_init_block(h: &Key, init_block: u128) -> Self {
+        Self {
+            h: h.into(),
+            s: U64x2(init_block as u64, (init_block >> 64) as u64),
+        }
+    }
+}
+
 impl KeySizeUser for Polyval {
     type KeySize = U16;
 }
@@ -94,7 +104,7 @@ impl Drop for Polyval {
 
 /// 2 x `u64` values
 #[derive(Copy, Clone, Debug, Default, Eq, PartialEq)]
-struct U64x2(u64, u64);
+pub struct U64x2(u64, u64);
 
 impl From<&Block> for U64x2 {
     fn from(bytes: &Block) -> U64x2 {
@@ -105,6 +115,12 @@ impl From<&Block> for U64x2 {
     }
 }
 
+impl From<u128> for U64x2 {
+    fn from(x: u128) -> Self {
+        U64x2(x as u64, (x >> 64) as u64)
+    }
+}
+
 #[allow(clippy::suspicious_arithmetic_impl)]
 impl Add for U64x2 {
     type Output = Self;