ASCON Suite
ascon-aead-80pq.c
Go to the documentation of this file.
1 /*
2  * Copyright (C) 2021 Southern Storm Software, Pty Ltd.
3  *
4  * Permission is hereby granted, free of charge, to any person obtaining a
5  * copy of this software and associated documentation files (the "Software"),
6  * to deal in the Software without restriction, including without limitation
7  * the rights to use, copy, modify, merge, publish, distribute, sublicense,
8  * and/or sell copies of the Software, and to permit persons to whom the
9  * Software is furnished to do so, subject to the following conditions:
10  *
11  * The above copyright notice and this permission notice shall be included
12  * in all copies or substantial portions of the Software.
13  *
14  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
15  * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17  * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
19  * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
20  * DEALINGS IN THE SOFTWARE.
21  */
22 
23 #include "aead/ascon-aead-common.h"
24 #include "core/ascon-util-snp.h"
25 #include <string.h>
26 
30 static uint8_t const ASCON80PQ_IV[4] = {0xa0, 0x40, 0x0c, 0x06};
31 
32 void ascon80pq_aead_encrypt
33  (unsigned char *c, size_t *clen,
34  const unsigned char *m, size_t mlen,
35  const unsigned char *ad, size_t adlen,
36  const unsigned char *npub,
37  const unsigned char *k)
38 {
39  ascon_state_t state;
40  unsigned char partial;
41 
42  /* Set the length of the returned ciphertext */
43  *clen = mlen + ASCON80PQ_TAG_SIZE;
44 
45  /* Initialize the ASCON state */
46  ascon_init(&state);
47  ascon_overwrite_bytes(&state, ASCON80PQ_IV, 0, 4);
48  ascon_overwrite_bytes(&state, k, 4, ASCON80PQ_KEY_SIZE);
49  ascon_overwrite_bytes(&state, npub, 24, ASCON80PQ_NONCE_SIZE);
50  ascon_permute(&state, 0);
51  ascon_absorb_partial(&state, k, 20, ASCON80PQ_KEY_SIZE);
52 
53  /* Absorb the associated data into the state */
54  if (adlen > 0)
55  ascon_aead_absorb_8(&state, ad, adlen, 6, 1);
56 
57  /* Separator between the associated data and the payload */
58  ascon_separator(&state);
59 
60  /* Encrypt the plaintext to create the ciphertext */
61  partial = ascon_aead_encrypt_8(&state, c, m, mlen, 6, 0);
62  ascon_pad(&state, partial);
63 
64  /* Finalize and compute the authentication tag */
65  ascon_absorb_partial(&state, k, 8, ASCON80PQ_KEY_SIZE);
66  ascon_permute(&state, 0);
67  ascon_absorb_16(&state, k + 4, 24);
68  ascon_squeeze_16(&state, c + mlen, 24);
69  ascon_free(&state);
70 }
71 
72 int ascon80pq_aead_decrypt
73  (unsigned char *m, size_t *mlen,
74  const unsigned char *c, size_t clen,
75  const unsigned char *ad, size_t adlen,
76  const unsigned char *npub,
77  const unsigned char *k)
78 {
79  ascon_state_t state;
80  unsigned char tag[ASCON80PQ_TAG_SIZE];
81  unsigned char partial;
82  int result;
83 
84  /* Set the length of the returned plaintext */
85  if (clen < ASCON80PQ_TAG_SIZE)
86  return -1;
87  *mlen = clen - ASCON80PQ_TAG_SIZE;
88 
89  /* Initialize the ASCON state */
90  ascon_init(&state);
91  ascon_overwrite_bytes(&state, ASCON80PQ_IV, 0, 4);
92  ascon_overwrite_bytes(&state, k, 4, ASCON80PQ_KEY_SIZE);
93  ascon_overwrite_bytes(&state, npub, 24, ASCON80PQ_NONCE_SIZE);
94  ascon_permute(&state, 0);
95  ascon_absorb_partial(&state, k, 20, ASCON80PQ_KEY_SIZE);
96 
97  /* Absorb the associated data into the state */
98  if (adlen > 0)
99  ascon_aead_absorb_8(&state, ad, adlen, 6, 1);
100 
101  /* Separator between the associated data and the payload */
102  ascon_separator(&state);
103 
104  /* Decrypt the ciphertext to create the plaintext */
105  partial = ascon_aead_decrypt_8(&state, m, c, *mlen, 6, 0);
106  ascon_pad(&state, partial);
107 
108  /* Finalize and check the authentication tag */
109  ascon_absorb_partial(&state, k, 8, ASCON80PQ_KEY_SIZE);
110  ascon_permute(&state, 0);
111  ascon_absorb_16(&state, k + 4, 24);
112  ascon_squeeze_16(&state, tag, 24);
113  result = ascon_aead_check_tag(m, *mlen, tag, c + *mlen, ASCON80PQ_TAG_SIZE);
114  ascon_clean(tag, sizeof(tag));
115  ascon_free(&state);
116  return result;
117 }
ASCON80PQ_NONCE_SIZE
#define ASCON80PQ_NONCE_SIZE
Size of the nonce for ASCON-80pq.
Definition: aead.h:75
ASCON80PQ_TAG_SIZE
#define ASCON80PQ_TAG_SIZE
Size of the authentication tag for ASCON-80pq.
Definition: aead.h:80
ASCON80PQ_KEY_SIZE
#define ASCON80PQ_KEY_SIZE
Size of the key for ASCON-80pq.
Definition: aead.h:70
ascon80pq_aead_encrypt
void ascon80pq_aead_encrypt(unsigned char *c, size_t *clen, const unsigned char *m, size_t mlen, const unsigned char *ad, size_t adlen, const unsigned char *npub, const unsigned char *k)
Encrypts and authenticates a packet with ASCON-80pq.
Definition: ascon-aead-80pq.c:33
ascon80pq_aead_decrypt
int ascon80pq_aead_decrypt(unsigned char *m, size_t *mlen, const unsigned char *c, size_t clen, const unsigned char *ad, size_t adlen, const unsigned char *npub, const unsigned char *k)
Decrypts and authenticates a packet with ASCON-80pq.
Definition: ascon-aead-80pq.c:73
ascon_aead_encrypt_8
unsigned char ascon_aead_encrypt_8(ascon_state_t *state, unsigned char *dest, const unsigned char *src, size_t len, uint8_t first_round, unsigned char partial)
Encrypts a block of data with an ASCON state and an 8-byte rate.
Definition: ascon-aead-common.c:83
ascon_aead_check_tag
int ascon_aead_check_tag(unsigned char *plaintext, size_t plaintext_len, const unsigned char *tag1, const unsigned char *tag2, size_t size)
Check an authentication tag in constant time.
Definition: ascon-aead-common.c:27
ascon_aead_decrypt_8
unsigned char ascon_aead_decrypt_8(ascon_state_t *state, unsigned char *dest, const unsigned char *src, size_t len, uint8_t first_round, unsigned char partial)
Decrypts a block of data with an ASCON state and an 8-byte rate.
Definition: ascon-aead-common.c:151
ascon_aead_absorb_8
void ascon_aead_absorb_8(ascon_state_t *state, const unsigned char *data, size_t len, uint8_t first_round, int last_permute)
Absorbs data into an ASCON state with an 8-byte rate.
Definition: ascon-aead-common.c:49
ascon_pad
#define ascon_pad(state, offset)
Definition: ascon-util-snp.h:44
ascon_absorb_16
#define ascon_absorb_16(state, data, offset)
Definition: ascon-util-snp.h:50
ascon_absorb_partial
#define ascon_absorb_partial(state, data, offset, count)
Definition: ascon-util-snp.h:55
ascon_squeeze_16
#define ascon_squeeze_16(state, data, offset)
Definition: ascon-util-snp.h:60
ascon_separator
#define ascon_separator(state)
Definition: ascon-util-snp.h:43
ascon_free
void ascon_free(ascon_state_t *state)
Frees an ASCON permutation state and attempts to destroy any sensitive material.
Definition: ascon-sliced32.c:42
ascon_overwrite_bytes
void ascon_overwrite_bytes(ascon_state_t *state, const uint8_t *data, unsigned offset, unsigned size)
Overwrites existing bytes in the ASCON state.
Definition: ascon-sliced32.c:85
ascon_permute
void ascon_permute(ascon_state_t *state, uint8_t first_round)
Permutes the ASCON state with a specified number of rounds.
Definition: ascon-c32.c:36
ascon_init
void ascon_init(ascon_state_t *state)
Initializes the words of the ASCON permutation state to zero.
Definition: ascon-sliced32.c:32
state
ascon_state_t state
[snippet_key]
Definition: snippets.c:2
ascon_state_t
Structure of the internal state of the ASCON permutation.
Definition: permutation.h:63
ascon_clean
void ascon_clean(void *buf, unsigned size)
Cleans a buffer that contains sensitive material.
Definition: ascon-clean.c:38
Generated on Sun Mar 19 2023 13:56:57 for ASCON Suite by doxygen 1.9.1