ASCON Suite
ascon-aead-inc-128.c
Go to the documentation of this file.
1 /*
2  * Copyright (C) 2022 Southern Storm Software, Pty Ltd.
3  *
4  * Permission is hereby granted, free of charge, to any person obtaining a
5  * copy of this software and associated documentation files (the "Software"),
6  * to deal in the Software without restriction, including without limitation
7  * the rights to use, copy, modify, merge, publish, distribute, sublicense,
8  * and/or sell copies of the Software, and to permit persons to whom the
9  * Software is furnished to do so, subject to the following conditions:
10  *
11  * The above copyright notice and this permission notice shall be included
12  * in all copies or substantial portions of the Software.
13  *
14  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
15  * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17  * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
19  * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
20  * DEALINGS IN THE SOFTWARE.
21  */
22 
23 #include "aead/ascon-aead-common.h"
24 #include "core/ascon-util-snp.h"
25 #include <string.h>
26 
27 /* Initialization vector for ASCON-128 */
28 static uint8_t const ASCON128_IV[8] =
29  {0x80, 0x40, 0x0c, 0x06, 0x00, 0x00, 0x00, 0x00};
30 
31 void ascon128_aead_start
32  (ascon128_state_t *state, const unsigned char *ad, size_t adlen,
33  const unsigned char *npub, const unsigned char *k)
34 {
35  /* Initialize the ASCON state */
36  memcpy(state->key, k, ASCON128_KEY_SIZE);
37  ascon_init(&(state->state));
38  ascon_overwrite_bytes(&(state->state), ASCON128_IV, 0, 8);
39  ascon_overwrite_bytes(&(state->state), state->key, 8, ASCON128_KEY_SIZE);
40  ascon_overwrite_bytes(&(state->state), npub, 24, ASCON128_NONCE_SIZE);
41  ascon_permute(&(state->state), 0);
42  ascon_absorb_16(&(state->state), state->key, 24);
43 
44  /* Absorb the associated data into the state */
45  if (adlen > 0)
46  ascon_aead_absorb_8(&(state->state), ad, adlen, 6, 1);
47 
48  /* Separator between the associated data and the payload */
49  ascon_separator(&(state->state));
50 
51  /* Prepare for encryption or decryption */
52  ascon_release(&(state->state));
53  state->posn = 0;
54 }
55 
56 void ascon128_aead_abort(ascon128_state_t *state)
57 {
58  if (state) {
59  ascon_acquire(&(state->state));
60  ascon_free(&(state->state));
61  ascon_clean(state, sizeof(ascon128_state_t));
62  }
63 }
64 
65 void ascon128_aead_encrypt_block
66  (ascon128_state_t *state, const unsigned char *in,
67  unsigned char *out, size_t len)
68 {
69  ascon_acquire(&(state->state));
70  state->posn = ascon_aead_encrypt_8
71  (&(state->state), out, in, len, 6, state->posn);
72  ascon_release(&(state->state));
73 }
74 
75 void ascon128_aead_encrypt_finalize
76  (ascon128_state_t *state, unsigned char *tag)
77 {
78  /* Pad the final plaintext block */
79  ascon_acquire(&(state->state));
80  ascon_pad(&(state->state), state->posn);
81 
82  /* Finalize and compute the authentication tag */
83  ascon_absorb_16(&(state->state), state->key, 8);
84  ascon_permute(&(state->state), 0);
85  ascon_absorb_16(&(state->state), state->key, 24);
86  ascon_squeeze_partial(&(state->state), tag, 24, ASCON128_TAG_SIZE);
87 
88  /* Clean up */
89  ascon_free(&(state->state));
90  ascon_clean(state, sizeof(ascon128_state_t));
91 }
92 
93 void ascon128_aead_decrypt_block
94  (ascon128_state_t *state, const unsigned char *in,
95  unsigned char *out, size_t len)
96 {
97  ascon_acquire(&(state->state));
98  state->posn = ascon_aead_decrypt_8
99  (&(state->state), out, in, len, 6, state->posn);
100  ascon_release(&(state->state));
101 }
102 
103 int ascon128_aead_decrypt_finalize
104  (ascon128_state_t *state, const unsigned char *tag)
105 {
106  unsigned char tag2[ASCON128_TAG_SIZE];
107  int result;
108 
109  /* Pad the final ciphertext block */
110  ascon_acquire(&(state->state));
111  ascon_pad(&(state->state), state->posn);
112 
113  /* Finalize and check the authentication tag */
114  ascon_absorb_16(&(state->state), state->key, 8);
115  ascon_permute(&(state->state), 0);
116  ascon_absorb_16(&(state->state), state->key, 24);
117  ascon_squeeze_16(&(state->state), tag2, 24);
118  result = ascon_aead_check_tag(0, 0, tag2, tag, ASCON128_TAG_SIZE);
119 
120  /* Clean up */
121  ascon_clean(tag2, sizeof(tag2));
122  ascon_free(&(state->state));
123  ascon_clean(state, sizeof(ascon128_state_t));
124  return result;
125 }
ASCON128_TAG_SIZE
#define ASCON128_TAG_SIZE
Size of the authentication tag for ASCON-128 and ASCON-128a.
Definition: aead.h:65
ASCON128_NONCE_SIZE
#define ASCON128_NONCE_SIZE
Size of the nonce for ASCON-128 and ASCON-128a.
Definition: aead.h:60
ASCON128_KEY_SIZE
#define ASCON128_KEY_SIZE
Size of the key for ASCON-128 and ASCON-128a.
Definition: aead.h:55
ascon_aead_encrypt_8
unsigned char ascon_aead_encrypt_8(ascon_state_t *state, unsigned char *dest, const unsigned char *src, size_t len, uint8_t first_round, unsigned char partial)
Encrypts a block of data with an ASCON state and an 8-byte rate.
Definition: ascon-aead-common.c:83
ascon_aead_check_tag
int ascon_aead_check_tag(unsigned char *plaintext, size_t plaintext_len, const unsigned char *tag1, const unsigned char *tag2, size_t size)
Check an authentication tag in constant time.
Definition: ascon-aead-common.c:27
ascon_aead_decrypt_8
unsigned char ascon_aead_decrypt_8(ascon_state_t *state, unsigned char *dest, const unsigned char *src, size_t len, uint8_t first_round, unsigned char partial)
Decrypts a block of data with an ASCON state and an 8-byte rate.
Definition: ascon-aead-common.c:151
ascon_aead_absorb_8
void ascon_aead_absorb_8(ascon_state_t *state, const unsigned char *data, size_t len, uint8_t first_round, int last_permute)
Absorbs data into an ASCON state with an 8-byte rate.
Definition: ascon-aead-common.c:49
ascon128_aead_abort
void ascon128_aead_abort(ascon128_state_t *state)
Aborts use of ASCON-128 in incremental mode.
Definition: ascon-aead-inc-128.c:56
ascon128_aead_decrypt_block
void ascon128_aead_decrypt_block(ascon128_state_t *state, const unsigned char *in, unsigned char *out, size_t len)
Decrypts a block of data with ASCON-128 in incremental mode.
Definition: ascon-aead-inc-128.c:94
ascon128_aead_encrypt_finalize
void ascon128_aead_encrypt_finalize(ascon128_state_t *state, unsigned char *tag)
Finalizes an incremental ASCON-128 encryption operation and generates the authentication tag.
Definition: ascon-aead-inc-128.c:76
ascon128_aead_start
void ascon128_aead_start(ascon128_state_t *state, const unsigned char *ad, size_t adlen, const unsigned char *npub, const unsigned char *k)
Starts encrypting or decrypting a packet with ASCON-128 in incremental mode.
Definition: ascon-aead-inc-128.c:32
ascon128_aead_decrypt_finalize
int ascon128_aead_decrypt_finalize(ascon128_state_t *state, const unsigned char *tag)
Finalizes an incremental ASCON-128 decryption operation and checks the authentication tag.
Definition: ascon-aead-inc-128.c:104
ascon128_aead_encrypt_block
void ascon128_aead_encrypt_block(ascon128_state_t *state, const unsigned char *in, unsigned char *out, size_t len)
Encrypts a block of data with ASCON-128 in incremental mode.
Definition: ascon-aead-inc-128.c:66
ascon_pad
#define ascon_pad(state, offset)
Definition: ascon-util-snp.h:44
ascon_absorb_16
#define ascon_absorb_16(state, data, offset)
Definition: ascon-util-snp.h:50
ascon_squeeze_partial
#define ascon_squeeze_partial(state, data, offset, count)
Definition: ascon-util-snp.h:65
ascon_squeeze_16
#define ascon_squeeze_16(state, data, offset)
Definition: ascon-util-snp.h:60
ascon_separator
#define ascon_separator(state)
Definition: ascon-util-snp.h:43
ascon_free
void ascon_free(ascon_state_t *state)
Frees an ASCON permutation state and attempts to destroy any sensitive material.
Definition: ascon-sliced32.c:42
ascon_release
void ascon_release(ascon_state_t *state)
Temporarily releases access to any shared hardware resources that a permutation state was using.
Definition: ascon-sliced32.c:261
ascon_overwrite_bytes
void ascon_overwrite_bytes(ascon_state_t *state, const uint8_t *data, unsigned offset, unsigned size)
Overwrites existing bytes in the ASCON state.
Definition: ascon-sliced32.c:85
ascon_permute
void ascon_permute(ascon_state_t *state, uint8_t first_round)
Permutes the ASCON state with a specified number of rounds.
Definition: ascon-c32.c:36
ascon_acquire
void ascon_acquire(ascon_state_t *state)
Re-acquires access to any shared hardware resources that a permutation state was using.
Definition: ascon-sliced32.c:267
ascon_init
void ascon_init(ascon_state_t *state)
Initializes the words of the ASCON permutation state to zero.
Definition: ascon-sliced32.c:32
state
ascon_state_t state
[snippet_key]
Definition: snippets.c:2
ascon128_state_t
State information for the incremental version of ASCON-128.
Definition: aead.h:263
ascon_clean
void ascon_clean(void *buf, unsigned size)
Cleans a buffer that contains sensitive material.
Definition: ascon-clean.c:38
Generated on Sun Mar 19 2023 13:56:57 for ASCON Suite by doxygen 1.9.1