ASCON-128 encryption algorithm and related family members. More...

#include <ascon/permutation.h>

Classes
struct	ascon128_state_t
	State information for the incremental version of ASCON-128. More...

struct	ascon128a_state_t
	State information for the incremental version of ASCON-128a. More...

struct	ascon80pq_state_t
	State information for the incremental version of ASCON-80pq. More...

Macros
#define	ASCON128_KEY_SIZE 16
	Size of the key for ASCON-128 and ASCON-128a. More...

#define	ASCON128_NONCE_SIZE 16
	Size of the nonce for ASCON-128 and ASCON-128a. More...

#define	ASCON128_TAG_SIZE 16
	Size of the authentication tag for ASCON-128 and ASCON-128a. More...

#define	ASCON80PQ_KEY_SIZE 20
	Size of the key for ASCON-80pq. More...

#define	ASCON80PQ_NONCE_SIZE 16
	Size of the nonce for ASCON-80pq. More...

#define	ASCON80PQ_TAG_SIZE 16
	Size of the authentication tag for ASCON-80pq. More...

#define	ASCON128_RATE 8
	Rate of absorbing and squeezing for ASCON-128. More...

#define	ASCON128A_RATE 16
	Rate of absorbing and squeezing for ASCON-128a. More...

#define	ASCON80PQ_RATE 8
	Rate of absorbing and squeezing for ASCON-80pq. More...

Functions
void	ascon128_aead_encrypt (unsigned char c, size_t clen, const unsigned char m, size_t mlen, const unsigned char ad, size_t adlen, const unsigned char npub, const unsigned char k)
	Encrypts and authenticates a packet with ASCON-128. More...

int	ascon128_aead_decrypt (unsigned char m, size_t mlen, const unsigned char c, size_t clen, const unsigned char ad, size_t adlen, const unsigned char npub, const unsigned char k)
	Decrypts and authenticates a packet with ASCON-128. More...

void	ascon128a_aead_encrypt (unsigned char c, size_t clen, const unsigned char m, size_t mlen, const unsigned char ad, size_t adlen, const unsigned char npub, const unsigned char k)
	Encrypts and authenticates a packet with ASCON-128a. More...

int	ascon128a_aead_decrypt (unsigned char m, size_t mlen, const unsigned char c, size_t clen, const unsigned char ad, size_t adlen, const unsigned char npub, const unsigned char k)
	Decrypts and authenticates a packet with ASCON-128a. More...

void	ascon80pq_aead_encrypt (unsigned char c, size_t clen, const unsigned char m, size_t mlen, const unsigned char ad, size_t adlen, const unsigned char npub, const unsigned char k)
	Encrypts and authenticates a packet with ASCON-80pq. More...

int	ascon80pq_aead_decrypt (unsigned char m, size_t mlen, const unsigned char c, size_t clen, const unsigned char ad, size_t adlen, const unsigned char npub, const unsigned char k)
	Decrypts and authenticates a packet with ASCON-80pq. More...

void	ascon128_aead_start (ascon128_state_t state, const unsigned char ad, size_t adlen, const unsigned char npub, const unsigned char k)
	Starts encrypting or decrypting a packet with ASCON-128 in incremental mode. More...

void	ascon128_aead_abort (ascon128_state_t *state)
	Aborts use of ASCON-128 in incremental mode. More...

void	ascon128_aead_encrypt_block (ascon128_state_t state, const unsigned char in, unsigned char *out, size_t len)
	Encrypts a block of data with ASCON-128 in incremental mode. More...

void	ascon128_aead_encrypt_finalize (ascon128_state_t state, unsigned char tag)
	Finalizes an incremental ASCON-128 encryption operation and generates the authentication tag. More...

void	ascon128_aead_decrypt_block (ascon128_state_t state, const unsigned char in, unsigned char *out, size_t len)
	Decrypts a block of data with ASCON-128 in incremental mode. More...

int	ascon128_aead_decrypt_finalize (ascon128_state_t state, const unsigned char tag)
	Finalizes an incremental ASCON-128 decryption operation and checks the authentication tag. More...

void	ascon128a_aead_start (ascon128a_state_t state, const unsigned char ad, size_t adlen, const unsigned char npub, const unsigned char k)
	Starts encrypting or decrypting a packet with ASCON-128a in incremental mode. More...

void	ascon128a_aead_abort (ascon128a_state_t *state)
	Aborts use of ASCON-128a in incremental mode. More...

void	ascon128a_aead_encrypt_block (ascon128a_state_t state, const unsigned char in, unsigned char *out, size_t len)
	Encrypts a block of data with ASCON-128a in incremental mode. More...

void	ascon128a_aead_encrypt_finalize (ascon128a_state_t state, unsigned char tag)
	Finalizes an incremental ASCON-128a encryption operation and generates the authentication tag. More...

void	ascon128a_aead_decrypt_block (ascon128a_state_t state, const unsigned char in, unsigned char *out, size_t len)
	Decrypts a block of data with ASCON-128a in incremental mode. More...

int	ascon128a_aead_decrypt_finalize (ascon128a_state_t state, const unsigned char tag)
	Finalizes an incremental ASCON-128a decryption operation and checks the authentication tag. More...

void	ascon80pq_aead_start (ascon80pq_state_t state, const unsigned char ad, size_t adlen, const unsigned char npub, const unsigned char k)
	Starts encrypting or decrypting a packet with ASCON-80pq in incremental mode. More...

void	ascon80pq_aead_abort (ascon80pq_state_t *state)
	Aborts use of ASCON-80pq in incremental mode. More...

void	ascon80pq_aead_encrypt_block (ascon80pq_state_t state, const unsigned char in, unsigned char *out, size_t len)
	Encrypts a block of data with ASCON-80pq in incremental mode. More...

void	ascon80pq_aead_encrypt_finalize (ascon80pq_state_t state, unsigned char tag)
	Finalizes an incremental ASCON-80pq encryption operation and generates the authentication tag. More...

void	ascon80pq_aead_decrypt_block (ascon80pq_state_t state, const unsigned char in, unsigned char *out, size_t len)
	Decrypts a block of data with ASCON-80pq in incremental mode. More...

int	ascon80pq_aead_decrypt_finalize (ascon80pq_state_t state, const unsigned char tag)
	Finalizes an incremental ASCON-80pq decryption operation and checks the authentication tag. More...

Detailed Description

ASCON-128 encryption algorithm and related family members.

The ASCON family consists of several related algorithms:

ASCON-128 with a 128-bit key, a 128-bit nonce, a 128-bit authentication tag, and a block rate of 64 bits.
ASCON-128a with a 128-bit key, a 128-bit nonce, a 128-bit authentication tag, and a block rate of 128 bits. This is faster than ASCON-128 but may not be as secure.
ASCON-80pq with a 160-bit key, a 128-bit nonce, a 128-bit authentication tag, and a block rate of 64 bits. This is similar to ASCON-128 but has a 160-bit key instead which may be more resistant against quantum computers.
ASCON-HASH and ASCON-HASHA with a 256-bit hash output.
ASCON-XOF and ASCON-XOFA with extensible hash output (XOF mode).

References: https://ascon.iaik.tugraz.at/

Definition in file aead.h.

Macro Definition Documentation

◆ ASCON128_KEY_SIZE

#define ASCON128_KEY_SIZE 16

Size of the key for ASCON-128 and ASCON-128a.

Definition at line 55 of file aead.h.

◆ ASCON128_NONCE_SIZE

#define ASCON128_NONCE_SIZE 16

Size of the nonce for ASCON-128 and ASCON-128a.

Definition at line 60 of file aead.h.

◆ ASCON128_RATE

#define ASCON128_RATE 8

Rate of absorbing and squeezing for ASCON-128.

Definition at line 85 of file aead.h.

◆ ASCON128_TAG_SIZE

#define ASCON128_TAG_SIZE 16

Size of the authentication tag for ASCON-128 and ASCON-128a.

Definition at line 65 of file aead.h.

◆ ASCON128A_RATE

#define ASCON128A_RATE 16

Rate of absorbing and squeezing for ASCON-128a.

Definition at line 90 of file aead.h.

◆ ASCON80PQ_KEY_SIZE

#define ASCON80PQ_KEY_SIZE 20

Size of the key for ASCON-80pq.

Definition at line 70 of file aead.h.

◆ ASCON80PQ_NONCE_SIZE

#define ASCON80PQ_NONCE_SIZE 16

Size of the nonce for ASCON-80pq.

Definition at line 75 of file aead.h.

◆ ASCON80PQ_RATE

#define ASCON80PQ_RATE 8

Rate of absorbing and squeezing for ASCON-80pq.

Definition at line 95 of file aead.h.

◆ ASCON80PQ_TAG_SIZE

#define ASCON80PQ_TAG_SIZE 16

Size of the authentication tag for ASCON-80pq.

Examples: asconcrypt/asconcrypt.c.

Definition at line 80 of file aead.h.

Function Documentation

◆ ascon128_aead_abort()

void ascon128_aead_abort ( ascon128_state_t * state )

Aborts use of ASCON-128 in incremental mode.

Parameters

state State to abort.

This function may be used any time after ascon128_aead_start() and before the encryption or decryption process is finalized to abort the process entirely and free the state.

Definition at line 56 of file ascon-aead-inc-128.c.

◆ ascon128_aead_decrypt()

int ascon128_aead_decrypt	(	unsigned char *	m,
		size_t *	mlen,
		const unsigned char *	c,
		size_t	clen,
		const unsigned char *	ad,
		size_t	adlen,
		const unsigned char *	npub,
		const unsigned char *	k
	)

Decrypts and authenticates a packet with ASCON-128.

Parameters

m	Buffer to receive the plaintext message on output.
mlen	Receives the length of the plaintext message on output.
c	Buffer that contains the ciphertext and authentication tag to decrypt.
clen	Length of the input data in bytes, which includes the ciphertext and the 16 byte authentication tag.
ad	Buffer that contains associated data to authenticate along with the packet but which does not need to be encrypted.
adlen	Length of the associated data in bytes.
npub	Points to the public nonce for the packet which must be 16 bytes in length.
k	Points to the 16 bytes of the key to use to decrypt the packet.

Returns: 0 on success, -1 if the authentication tag was incorrect, or some other negative number if there was an error in the parameters.

See also: ascon128_aead_encrypt()

Definition at line 71 of file ascon-aead-128.c.

◆ ascon128_aead_decrypt_block()

void ascon128_aead_decrypt_block	(	ascon128_state_t *	state,
		const unsigned char *	in,
		unsigned char *	out,
		size_t	len
	)

Decrypts a block of data with ASCON-128 in incremental mode.

Parameters

state	State to use for ASCON-128 encryption operations.
in	Buffer that contains the ciphertext to decrypt.
out	Buffer to receive the plaintext output. Can be the same buffer as in.
len	Length of the plaintext and ciphertext in bytes.

See also: ascon128_aead_encrypt_block(), ascon128_aead_start(), ascon128_aead_decrypt_finalize()

Definition at line 93 of file ascon-aead-inc-128.c.

◆ ascon128_aead_decrypt_finalize()

int ascon128_aead_decrypt_finalize	(	ascon128_state_t *	state,
		const unsigned char *	tag
	)

Finalizes an incremental ASCON-128 decryption operation and checks the authentication tag.

Parameters

state	State to use for ASCON-128 encryption operations.
tag	Points to the buffer containing the ciphertext's authentication tag. Must be at least ASCON128_TAG_SIZE bytes in length.

Returns: 0 on success, -1 if the authentication tag was incorrect, or some other negative number if there was an error in the parameters.

The contents of state will be freed by this function, destroying any sensitive material that may be present.

See also: ascon128_aead_decrypt_block(), ascon128_aead_start()

Definition at line 103 of file ascon-aead-inc-128.c.

◆ ascon128_aead_encrypt()

void ascon128_aead_encrypt	(	unsigned char *	c,
		size_t *	clen,
		const unsigned char *	m,
		size_t	mlen,
		const unsigned char *	ad,
		size_t	adlen,
		const unsigned char *	npub,
		const unsigned char *	k
	)

Encrypts and authenticates a packet with ASCON-128.

Parameters

c	Buffer to receive the output.
clen	On exit, set to the length of the output which includes the ciphertext and the 16 byte authentication tag.
m	Buffer that contains the plaintext message to encrypt.
mlen	Length of the plaintext message in bytes.
ad	Buffer that contains associated data to authenticate along with the packet but which does not need to be encrypted.
adlen	Length of the associated data in bytes.
npub	Points to the public nonce for the packet which must be 16 bytes in length.
k	Points to the 16 bytes of the key to use to encrypt the packet.

See also: ascon128_aead_decrypt()

Definition at line 31 of file ascon-aead-128.c.

◆ ascon128_aead_encrypt_block()

void ascon128_aead_encrypt_block	(	ascon128_state_t *	state,
		const unsigned char *	in,
		unsigned char *	out,
		size_t	len
	)

Encrypts a block of data with ASCON-128 in incremental mode.

Parameters

state	State to use for ASCON-128 encryption operations.
in	Buffer that contains the plaintext to encrypt.
out	Buffer to receive the ciphertext output. Can be the same buffer as in.
len	Length of the plaintext and ciphertext in bytes.

See also: ascon128_aead_decrypt_block(), ascon128_aead_start(), ascon128_aead_encrypt_finalize()

Definition at line 65 of file ascon-aead-inc-128.c.

◆ ascon128_aead_encrypt_finalize()

void ascon128_aead_encrypt_finalize	(	ascon128_state_t *	state,
		unsigned char *	tag
	)

Finalizes an incremental ASCON-128 encryption operation and generates the authentication tag.

Parameters

state	State to use for ASCON-128 encryption operations.
tag	Points to the buffer to receive the authentication tag. Must be at least ASCON128_TAG_SIZE bytes in length.

The contents of state will be freed by this function, destroying any sensitive material that may be present.

See also: ascon128_aead_encrypt_block(), ascon128_aead_start()

Definition at line 75 of file ascon-aead-inc-128.c.

◆ ascon128_aead_start()

void ascon128_aead_start	(	ascon128_state_t *	state,
		const unsigned char *	ad,
		size_t	adlen,
		const unsigned char *	npub,
		const unsigned char *	k
	)

Starts encrypting or decrypting a packet with ASCON-128 in incremental mode.

Parameters

state	State to initialize for ASCON-128 operations.
ad	Buffer that contains associated data to authenticate along with the packet but which does not need to be encrypted.
adlen	Length of the associated data in bytes.
npub	Points to the public nonce for the packet which must be 16 bytes in length.
k	Points to the 16 bytes of the key to use to encrypt the packet.

The following sequence can be used to encrypt a list of i plaintext message blocks (m) to produce i ciphertext message blocks (c) and an authentication tag (t).

ascon128_state_t state;
ascon128_aead_start(&state, ad, adlen, npub, k);
ascon128_aead_encrypt_block(&state, m1, c1, m1_len);
ascon128_aead_encrypt_block(&state, m2, c2, m2_len);
...;
ascon128_aead_encrypt_block(&state, mi, ci, mi_len);
ascon128_aead_encrypt_finalize(&state, t);

Decryption uses a similar sequence:

ascon128_state_t state;
ascon128_aead_start(&state, ad, adlen, npub, k);
ascon128_aead_decrypt_block(&state, c1, m1, c1_len);
ascon128_aead_decrypt_block(&state, c2, m2, c2_len);
...;
ascon128_aead_decrypt_block(&state, ci, mi, ci_len);
if (ascon128_aead_decrypt_finalize(&state, t) < 0)
    ...; // decryption has failed!

It is very important that the plaintext output from decryption be discarded if the authentication tag fails to verify. Applications should not use any of the data before verifying the tag.

See also: ascon128_aead_encrypt_block(), ascon128_aead_decrypt_block(), ascon128_aead_encrypt_finalize(), ascon128_aead_decrypt_finalize()

Definition at line 31 of file ascon-aead-inc-128.c.

◆ ascon128a_aead_abort()

void ascon128a_aead_abort ( ascon128a_state_t * state )

Aborts use of ASCON-128a in incremental mode.

Parameters

state State to abort.

This function may be used any time after ascon128a_aead_start() and before the encryption or decryption process is finalized to abort the process entirely and free the state.

Definition at line 56 of file ascon-aead-inc-128a.c.

◆ ascon128a_aead_decrypt()

int ascon128a_aead_decrypt	(	unsigned char *	m,
		size_t *	mlen,
		const unsigned char *	c,
		size_t	clen,
		const unsigned char *	ad,
		size_t	adlen,
		const unsigned char *	npub,
		const unsigned char *	k
	)

Decrypts and authenticates a packet with ASCON-128a.

Parameters

m	Buffer to receive the plaintext message on output.
mlen	Receives the length of the plaintext message on output.
c	Buffer that contains the ciphertext and authentication tag to decrypt.
clen	Length of the input data in bytes, which includes the ciphertext and the 16 byte authentication tag.
ad	Buffer that contains associated data to authenticate along with the packet but which does not need to be encrypted.
adlen	Length of the associated data in bytes.
npub	Points to the public nonce for the packet which must be 16 bytes in length.
k	Points to the 16 bytes of the key to use to decrypt the packet.

Returns: 0 on success, -1 if the authentication tag was incorrect, or some other negative number if there was an error in the parameters.

See also: ascon128a_aead_encrypt()

Definition at line 73 of file ascon-aead-128a.c.

◆ ascon128a_aead_decrypt_block()

void ascon128a_aead_decrypt_block	(	ascon128a_state_t *	state,
		const unsigned char *	in,
		unsigned char *	out,
		size_t	len
	)

Decrypts a block of data with ASCON-128a in incremental mode.

Parameters

state	State to use for ASCON-128a encryption operations.
in	Buffer that contains the ciphertext to decrypt.
out	Buffer to receive the plaintext output. Can be the same buffer as in.
len	Length of the plaintext and ciphertext in bytes.

See also: ascon128a_aead_encrypt_block(), ascon128a_aead_start(), ascon128a_aead_decrypt_finalize()

Definition at line 93 of file ascon-aead-inc-128a.c.

◆ ascon128a_aead_decrypt_finalize()

int ascon128a_aead_decrypt_finalize	(	ascon128a_state_t *	state,
		const unsigned char *	tag
	)

Finalizes an incremental ASCON-128a decryption operation and checks the authentication tag.

Parameters

state	State to use for ASCON-128a encryption operations.
tag	Points to the buffer containing the ciphertext's authentication tag. Must be at least ASCON128_TAG_SIZE bytes in length.

Returns: 0 on success, -1 if the authentication tag was incorrect, or some other negative number if there was an error in the parameters.

The contents of state will be freed by this function, destroying any sensitive material that may be present.

See also: ascon128a_aead_decrypt_block(), ascon128a_aead_start()

Definition at line 103 of file ascon-aead-inc-128a.c.

◆ ascon128a_aead_encrypt()

void ascon128a_aead_encrypt	(	unsigned char *	c,
		size_t *	clen,
		const unsigned char *	m,
		size_t	mlen,
		const unsigned char *	ad,
		size_t	adlen,
		const unsigned char *	npub,
		const unsigned char *	k
	)

Encrypts and authenticates a packet with ASCON-128a.

Parameters

c	Buffer to receive the output.
clen	On exit, set to the length of the output which includes the ciphertext and the 16 byte authentication tag.
m	Buffer that contains the plaintext message to encrypt.
mlen	Length of the plaintext message in bytes.
ad	Buffer that contains associated data to authenticate along with the packet but which does not need to be encrypted.
adlen	Length of the associated data in bytes.
npub	Points to the public nonce for the packet which must be 16 bytes in length.
k	Points to the 16 bytes of the key to use to encrypt the packet.

See also: ascon128a_aead_decrypt()

Definition at line 33 of file ascon-aead-128a.c.

◆ ascon128a_aead_encrypt_block()

void ascon128a_aead_encrypt_block	(	ascon128a_state_t *	state,
		const unsigned char *	in,
		unsigned char *	out,
		size_t	len
	)

Encrypts a block of data with ASCON-128a in incremental mode.

Parameters

state	State to use for ASCON-128a encryption operations.
in	Buffer that contains the plaintext to encrypt.
out	Buffer to receive the ciphertext output. Can be the same buffer as in.
len	Length of the plaintext and ciphertext in bytes.

See also: ascon128a_aead_decrypt_block(), ascon128a_aead_start(), ascon128a_aead_encrypt_finalize()

Definition at line 65 of file ascon-aead-inc-128a.c.

◆ ascon128a_aead_encrypt_finalize()

void ascon128a_aead_encrypt_finalize	(	ascon128a_state_t *	state,
		unsigned char *	tag
	)

Finalizes an incremental ASCON-128a encryption operation and generates the authentication tag.

Parameters

state	State to use for ASCON-128a encryption operations.
tag	Points to the buffer to receive the authentication tag. Must be at least ASCON128_TAG_SIZE bytes in length.

The contents of state will be freed by this function, destroying any sensitive material that may be present.

See also: ascon128a_aead_encrypt_block(), ascon128a_aead_start()

Definition at line 75 of file ascon-aead-inc-128a.c.

◆ ascon128a_aead_start()

void ascon128a_aead_start	(	ascon128a_state_t *	state,
		const unsigned char *	ad,
		size_t	adlen,
		const unsigned char *	npub,
		const unsigned char *	k
	)

Starts encrypting or decrypting a packet with ASCON-128a in incremental mode.

Parameters

state	State to initialize for ASCON-128a operations.
ad	Buffer that contains associated data to authenticate along with the packet but which does not need to be encrypted.
adlen	Length of the associated data in bytes.
npub	Points to the public nonce for the packet which must be 16 bytes in length.
k	Points to the 16 bytes of the key to use to encrypt the packet.

The following sequence can be used to encrypt a list of i plaintext message blocks (m) to produce i ciphertext message blocks (c) and an authentication tag (t).

ascon128a_state_t state;
ascon128a_aead_start(&state, ad, adlen, npub, k);
ascon128a_aead_encrypt_block(&state, m1, c1, m1_len);
ascon128a_aead_encrypt_block(&state, m2, c2, m2_len);
...;
ascon128a_aead_encrypt_block(&state, mi, ci, mi_len);
ascon128a_aead_encrypt_finalize(&state, t);

Decryption uses a similar sequence:

ascon128a_state_t state;
ascon128a_aead_start(&state, ad, adlen, npub, k);
ascon128a_aead_decrypt_block(&state, c1, m1, c1_len);
ascon128a_aead_decrypt_block(&state, c2, m2, c2_len);
...;
ascon128a_aead_decrypt_block(&state, ci, mi, ci_len);
if (ascon128a_aead_decrypt_finalize(&state, t) < 0)
    ...; // decryption has failed!

It is very important that the plaintext output from decryption be discarded if the authentication tag fails to verify. Applications should not use any of the data before verifying the tag.

See also: ascon128a_aead_encrypt_block(), ascon128a_aead_decrypt_block(), ascon128a_aead_encrypt_finalize(), ascon128a_aead_decrypt_finalize()

Definition at line 31 of file ascon-aead-inc-128a.c.

◆ ascon80pq_aead_abort()

void ascon80pq_aead_abort ( ascon80pq_state_t * state )

Aborts use of ASCON-80pq in incremental mode.

Parameters

state State to abort.

This function may be used any time after ascon80pq_aead_start() and before the encryption or decryption process is finalized to abort the process entirely and free the state.

Definition at line 55 of file ascon-aead-inc-80pq.c.

◆ ascon80pq_aead_decrypt()

int ascon80pq_aead_decrypt	(	unsigned char *	m,
		size_t *	mlen,
		const unsigned char *	c,
		size_t	clen,
		const unsigned char *	ad,
		size_t	adlen,
		const unsigned char *	npub,
		const unsigned char *	k
	)

Decrypts and authenticates a packet with ASCON-80pq.

Parameters

m	Buffer to receive the plaintext message on output.
mlen	Receives the length of the plaintext message on output.
c	Buffer that contains the ciphertext and authentication tag to decrypt.
clen	Length of the input data in bytes, which includes the ciphertext and the 16 byte authentication tag.
ad	Buffer that contains associated data to authenticate along with the packet but which does not need to be encrypted.
adlen	Length of the associated data in bytes.
npub	Points to the public nonce for the packet which must be 16 bytes in length.
k	Points to the 20 bytes of the key to use to decrypt the packet.

Returns: 0 on success, -1 if the authentication tag was incorrect, or some other negative number if there was an error in the parameters.

See also: ascon80pq_aead_encrypt()

Definition at line 72 of file ascon-aead-80pq.c.

◆ ascon80pq_aead_decrypt_block()

void ascon80pq_aead_decrypt_block	(	ascon80pq_state_t *	state,
		const unsigned char *	in,
		unsigned char *	out,
		size_t	len
	)

Decrypts a block of data with ASCON-80pq in incremental mode.

Parameters

state	State to use for ASCON-80pq encryption operations.
in	Buffer that contains the ciphertext to decrypt.
out	Buffer to receive the plaintext output. Can be the same buffer as in.
len	Length of the plaintext and ciphertext in bytes.

See also: ascon80pq_aead_encrypt_block(), ascon80pq_aead_start(), ascon80pq_aead_decrypt_finalize()

Definition at line 92 of file ascon-aead-inc-80pq.c.

◆ ascon80pq_aead_decrypt_finalize()

int ascon80pq_aead_decrypt_finalize	(	ascon80pq_state_t *	state,
		const unsigned char *	tag
	)

Finalizes an incremental ASCON-80pq decryption operation and checks the authentication tag.

Parameters

state	State to use for ASCON-80pq encryption operations.
tag	Points to the buffer containing the ciphertext's authentication tag. Must be at least ASCON80PQ_TAG_SIZE bytes in length.

Returns: 0 on success, -1 if the authentication tag was incorrect, or some other negative number if there was an error in the parameters.

The contents of state will be freed by this function, destroying any sensitive material that may be present.

See also: ascon80pq_aead_decrypt_block(), ascon80pq_aead_start()

Definition at line 102 of file ascon-aead-inc-80pq.c.

◆ ascon80pq_aead_encrypt()

void ascon80pq_aead_encrypt	(	unsigned char *	c,
		size_t *	clen,
		const unsigned char *	m,
		size_t	mlen,
		const unsigned char *	ad,
		size_t	adlen,
		const unsigned char *	npub,
		const unsigned char *	k
	)

Encrypts and authenticates a packet with ASCON-80pq.

Parameters

c	Buffer to receive the output.
clen	On exit, set to the length of the output which includes the ciphertext and the 16 byte authentication tag.
m	Buffer that contains the plaintext message to encrypt.
mlen	Length of the plaintext message in bytes.
ad	Buffer that contains associated data to authenticate along with the packet but which does not need to be encrypted.
adlen	Length of the associated data in bytes.
npub	Points to the public nonce for the packet which must be 16 bytes in length.
k	Points to the 20 bytes of the key to use to encrypt the packet.

See also: ascon80pq_aead_decrypt()

Definition at line 32 of file ascon-aead-80pq.c.

◆ ascon80pq_aead_encrypt_block()

void ascon80pq_aead_encrypt_block	(	ascon80pq_state_t *	state,
		const unsigned char *	in,
		unsigned char *	out,
		size_t	len
	)

Encrypts a block of data with ASCON-80pq in incremental mode.

Parameters

state	State to use for ASCON-80pq encryption operations.
in	Buffer that contains the plaintext to encrypt.
out	Buffer to receive the ciphertext output. Can be the same buffer as in.
len	Length of the plaintext and ciphertext in bytes.

See also: ascon80pq_aead_decrypt_block(), ascon80pq_aead_start(), ascon80pq_aead_encrypt_finalize()

Definition at line 64 of file ascon-aead-inc-80pq.c.

◆ ascon80pq_aead_encrypt_finalize()

void ascon80pq_aead_encrypt_finalize	(	ascon80pq_state_t *	state,
		unsigned char *	tag
	)

Finalizes an incremental ASCON-80pq encryption operation and generates the authentication tag.

Parameters

state	State to use for ASCON-80pq encryption operations.
tag	Points to the buffer to receive the authentication tag. Must be at least ASCON80PQ_TAG_SIZE bytes in length.

The contents of state will be freed by this function, destroying any sensitive material that may be present.

See also: ascon80pq_aead_encrypt_block(), ascon80pq_aead_start()

Definition at line 74 of file ascon-aead-inc-80pq.c.

◆ ascon80pq_aead_start()

void ascon80pq_aead_start	(	ascon80pq_state_t *	state,
		const unsigned char *	ad,
		size_t	adlen,
		const unsigned char *	npub,
		const unsigned char *	k
	)

Starts encrypting or decrypting a packet with ASCON-80pq in incremental mode.

Parameters

state	State to initialize for ASCON-80pq operations.
ad	Buffer that contains associated data to authenticate along with the packet but which does not need to be encrypted.
adlen	Length of the associated data in bytes.
npub	Points to the public nonce for the packet which must be 16 bytes in length.
k	Points to the 20 bytes of the key to use to encrypt the packet.

The following sequence can be used to encrypt a list of i plaintext message blocks (m) to produce i ciphertext message blocks (c) and an authentication tag (t).

ascon80pq_state_t state;
ascon80pq_aead_start(&state, ad, adlen, npub, k);
ascon80pq_aead_encrypt_block(&state, m1, c1, m1_len);
ascon80pq_aead_encrypt_block(&state, m2, c2, m2_len);
...;
ascon80pq_aead_encrypt_block(&state, mi, ci, mi_len);
ascon80pq_aead_encrypt_finalize(&state, t);

Decryption uses a similar sequence:

ascon80pq_state_t state;
ascon80pq_aead_start(&state, ad, adlen, npub, k);
ascon80pq_aead_decrypt_block(&state, c1, m1, c1_len);
ascon80pq_aead_decrypt_block(&state, c2, m2, c2_len);
...;
ascon80pq_aead_decrypt_block(&state, ci, mi, ci_len);
if (ascon80pq_aead_decrypt_finalize(&state, t) < 0)
    ...; // decryption has failed!

It is very important that the plaintext output from decryption be discarded if the authentication tag fails to verify. Applications should not use any of the data before verifying the tag.

See also: ascon80pq_aead_encrypt_block(), ascon80pq_aead_decrypt_block(), ascon80pq_aead_encrypt_finalize(), ascon80pq_aead_decrypt_finalize()

Definition at line 30 of file ascon-aead-inc-80pq.c.

Classes

Macros

Functions

Detailed Description

Macro Definition Documentation

◆ ASCON128_KEY_SIZE

◆ ASCON128_NONCE_SIZE

◆ ASCON128_RATE

◆ ASCON128_TAG_SIZE

◆ ASCON128A_RATE

◆ ASCON80PQ_KEY_SIZE

◆ ASCON80PQ_NONCE_SIZE

◆ ASCON80PQ_RATE

◆ ASCON80PQ_TAG_SIZE

Function Documentation

◆ ascon128_aead_abort()

◆ ascon128_aead_decrypt()

◆ ascon128_aead_decrypt_block()

◆ ascon128_aead_decrypt_finalize()

◆ ascon128_aead_encrypt()

◆ ascon128_aead_encrypt_block()

◆ ascon128_aead_encrypt_finalize()

◆ ascon128_aead_start()

◆ ascon128a_aead_abort()

◆ ascon128a_aead_decrypt()

◆ ascon128a_aead_decrypt_block()

◆ ascon128a_aead_decrypt_finalize()

◆ ascon128a_aead_encrypt()

◆ ascon128a_aead_encrypt_block()

◆ ascon128a_aead_encrypt_finalize()

◆ ascon128a_aead_start()

◆ ascon80pq_aead_abort()

◆ ascon80pq_aead_decrypt()

◆ ascon80pq_aead_decrypt_block()

◆ ascon80pq_aead_decrypt_finalize()

◆ ascon80pq_aead_encrypt()

◆ ascon80pq_aead_encrypt_block()

◆ ascon80pq_aead_encrypt_finalize()

◆ ascon80pq_aead_start()