## Expand description

**GHASH**: universal hash over GF(2^128) used by AES-GCM for message
authentication (i.e. GMAC).

### Implementation Notes

The implementation of GHASH found in this crate internally uses the
`polyval`

crate, which provides a similar universal hash function used by
AES-GCM-SIV (RFC 8452).

By implementing GHASH in terms of POLYVAL, the two universal hash functions
can share a common core, meaning any optimization work (e.g. CPU-specific
SIMD implementations) which happens upstream in the `polyval`

crate
benefits GHASH as well.

From RFC 8452 Appendix A: https://tools.ietf.org/html/rfc8452#appendix-A

GHASH and POLYVAL both operate in GF(2^128), although with different irreducible polynomials: POLYVAL works modulo x^128 + x^127 + x^126 + x^121 + 1 and GHASH works modulo x^128 + x^7 + x^2 + x + 1. Note that these irreducible polynomials are the “reverse” of each other.

## Re-exports

`pub use polyval::universal_hash;`

## Structs

**GHASH**: universal hash over GF(2^128) used by AES-GCM.

## Type Aliases

- GHASH blocks (16-bytes)
- GHASH keys (16-bytes)
- GHASH tags (16-bytes)