ascon-suite/ascon-aead-inc-128a_8c_source.html

 /*

  * Copyright (C) 2022 Southern Storm Software, Pty Ltd.

  *

  * Permission is hereby granted, free of charge, to any person obtaining a

  * copy of this software and associated documentation files (the "Software"),

  * to deal in the Software without restriction, including without limitation

  * the rights to use, copy, modify, merge, publish, distribute, sublicense,

  * and/or sell copies of the Software, and to permit persons to whom the

  * Software is furnished to do so, subject to the following conditions:

  *

  * The above copyright notice and this permission notice shall be included

  * in all copies or substantial portions of the Software.

  *

  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS

  * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,

  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE

  * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER

  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING

  * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER

  * DEALINGS IN THE SOFTWARE.

  */


 #include "aead/ascon-aead-common.h"

 #include "core/ascon-util-snp.h"

 #include <string.h>


 /* Initialization vector for ASCON-128a */

 static uint8_t const ASCON128a_IV[8] =

     {0x80, 0x80, 0x0c, 0x08, 0x00, 0x00, 0x00, 0x00};


 void ascon128a_aead_start

     (ascon128a_state_t *state, const unsigned char *ad, size_t adlen,

      const unsigned char *npub, const unsigned char *k)

 {

     /* Initialize the ASCON state */

     memcpy(state->key, k, ASCON128_KEY_SIZE);

     ascon_init(&(state->state));

     ascon_overwrite_bytes(&(state->state), ASCON128a_IV, 0, 8);

     ascon_overwrite_bytes(&(state->state), state->key, 8, ASCON128_KEY_SIZE);

     ascon_overwrite_bytes(&(state->state), npub, 24, ASCON128_NONCE_SIZE);

     ascon_permute(&(state->state), 0);

     ascon_absorb_16(&(state->state), state->key, 24);


     /* Absorb the associated data into the state */

     if (adlen > 0)

         ascon_aead_absorb_16(&(state->state), ad, adlen, 4, 1);


     /* Separator between the associated data and the payload */

     ascon_separator(&(state->state));


     /* Prepare for encryption or decryption */

     ascon_release(&(state->state));

     state->posn = 0;

 }


 void ascon128a_aead_abort(ascon128a_state_t *state)

 {

     if (state) {

         ascon_acquire(&(state->state));

         ascon_free(&(state->state));

         ascon_clean(state, sizeof(ascon128a_state_t));

     }

 }


 void ascon128a_aead_encrypt_block

     (ascon128a_state_t *state, const unsigned char *in,

      unsigned char *out, size_t len)

 {

     ascon_acquire(&(state->state));

     state->posn = ascon_aead_encrypt_16

         (&(state->state), out, in, len, 4, state->posn);

     ascon_release(&(state->state));

 }


 void ascon128a_aead_encrypt_finalize

     (ascon128a_state_t *state, unsigned char *tag)

 {

     /* Pad the final plaintext block */

     ascon_acquire(&(state->state));

     ascon_pad(&(state->state), state->posn);


     /* Finalize and compute the authentication tag */

     ascon_absorb_16(&(state->state), state->key, 16);

     ascon_permute(&(state->state), 0);

     ascon_absorb_16(&(state->state), state->key, 24);

     ascon_squeeze_partial(&(state->state), tag, 24, ASCON128_TAG_SIZE);


     /* Clean up */

     ascon_free(&(state->state));

     ascon_clean(state, sizeof(ascon128a_state_t));

 }


 void ascon128a_aead_decrypt_block

     (ascon128a_state_t *state, const unsigned char *in,

      unsigned char *out, size_t len)

 {

     ascon_acquire(&(state->state));

     state->posn = ascon_aead_decrypt_16

         (&(state->state), out, in, len, 4, state->posn);

     ascon_release(&(state->state));

 }


 int ascon128a_aead_decrypt_finalize

     (ascon128a_state_t *state, const unsigned char *tag)

 {

     unsigned char tag2[ASCON128_TAG_SIZE];

     int result;


     /* Pad the final ciphertext block */

     ascon_acquire(&(state->state));

     ascon_pad(&(state->state), state->posn);


     /* Finalize and check the authentication tag */

     ascon_absorb_16(&(state->state), state->key, 16);

     ascon_permute(&(state->state), 0);

     ascon_absorb_16(&(state->state), state->key, 24);

     ascon_squeeze_16(&(state->state), tag2, 24);

     result = ascon_aead_check_tag(0, 0, tag2, tag, ASCON128_TAG_SIZE);


     /* Clean up */

     ascon_clean(tag2, sizeof(tag2));

     ascon_free(&(state->state));

     ascon_clean(state, sizeof(ascon128a_state_t));

     return result;

 }

ASCON128_TAG_SIZE
#define ASCON128_TAG_SIZE
Size of the authentication tag for ASCON-128 and ASCON-128a.
Definition: aead.h:65

ASCON128_NONCE_SIZE
#define ASCON128_NONCE_SIZE
Size of the nonce for ASCON-128 and ASCON-128a.
Definition: aead.h:60

ASCON128_KEY_SIZE
#define ASCON128_KEY_SIZE
Size of the key for ASCON-128 and ASCON-128a.
Definition: aead.h:55

ascon_aead_absorb_16
void ascon_aead_absorb_16(ascon_state_t *state, const unsigned char *data, size_t len, uint8_t first_round, int last_permute)
Absorbs data into an ASCON state with a 16-byte rate.
Definition: ascon-aead-common.c:66

ascon_aead_encrypt_16
unsigned char ascon_aead_encrypt_16(ascon_state_t *state, unsigned char *dest, const unsigned char *src, size_t len, uint8_t first_round, unsigned char partial)
Encrypts a block of data with an ASCON state and a 16-byte rate.
Definition: ascon-aead-common.c:117

ascon_aead_check_tag
int ascon_aead_check_tag(unsigned char *plaintext, size_t plaintext_len, const unsigned char *tag1, const unsigned char *tag2, size_t size)
Check an authentication tag in constant time.
Definition: ascon-aead-common.c:27

ascon_aead_decrypt_16
unsigned char ascon_aead_decrypt_16(ascon_state_t *state, unsigned char *dest, const unsigned char *src, size_t len, uint8_t first_round, unsigned char partial)
Decrypts a block of data with an ASCON state and a 16-byte rate.
Definition: ascon-aead-common.c:185

ascon-aead-common.h

ascon128a_aead_decrypt_finalize
int ascon128a_aead_decrypt_finalize(ascon128a_state_t *state, const unsigned char *tag)
Finalizes an incremental ASCON-128a decryption operation and checks the authentication tag.
Definition: ascon-aead-inc-128a.c:104

ascon128a_aead_encrypt_finalize
void ascon128a_aead_encrypt_finalize(ascon128a_state_t *state, unsigned char *tag)
Finalizes an incremental ASCON-128a encryption operation and generates the authentication tag.
Definition: ascon-aead-inc-128a.c:76

ascon128a_aead_decrypt_block
void ascon128a_aead_decrypt_block(ascon128a_state_t *state, const unsigned char *in, unsigned char *out, size_t len)
Decrypts a block of data with ASCON-128a in incremental mode.
Definition: ascon-aead-inc-128a.c:94

ascon128a_aead_start
void ascon128a_aead_start(ascon128a_state_t *state, const unsigned char *ad, size_t adlen, const unsigned char *npub, const unsigned char *k)
Starts encrypting or decrypting a packet with ASCON-128a in incremental mode.
Definition: ascon-aead-inc-128a.c:32

ascon128a_aead_encrypt_block
void ascon128a_aead_encrypt_block(ascon128a_state_t *state, const unsigned char *in, unsigned char *out, size_t len)
Encrypts a block of data with ASCON-128a in incremental mode.
Definition: ascon-aead-inc-128a.c:66

ascon128a_aead_abort
void ascon128a_aead_abort(ascon128a_state_t *state)
Aborts use of ASCON-128a in incremental mode.
Definition: ascon-aead-inc-128a.c:56

ascon-util-snp.h

ascon_pad
#define ascon_pad(state, offset)
Definition: ascon-util-snp.h:44

ascon_absorb_16
#define ascon_absorb_16(state, data, offset)
Definition: ascon-util-snp.h:50

ascon_squeeze_partial
#define ascon_squeeze_partial(state, data, offset, count)
Definition: ascon-util-snp.h:65

ascon_squeeze_16
#define ascon_squeeze_16(state, data, offset)
Definition: ascon-util-snp.h:60

ascon_separator
#define ascon_separator(state)
Definition: ascon-util-snp.h:43

ascon_free
void ascon_free(ascon_state_t *state)
Frees an ASCON permutation state and attempts to destroy any sensitive material.
Definition: ascon-sliced32.c:42

ascon_release
void ascon_release(ascon_state_t *state)
Temporarily releases access to any shared hardware resources that a permutation state was using.
Definition: ascon-sliced32.c:261

ascon_overwrite_bytes
void ascon_overwrite_bytes(ascon_state_t *state, const uint8_t *data, unsigned offset, unsigned size)
Overwrites existing bytes in the ASCON state.
Definition: ascon-sliced32.c:85

ascon_permute
void ascon_permute(ascon_state_t *state, uint8_t first_round)
Permutes the ASCON state with a specified number of rounds.
Definition: ascon-c32.c:36

ascon_acquire
void ascon_acquire(ascon_state_t *state)
Re-acquires access to any shared hardware resources that a permutation state was using.
Definition: ascon-sliced32.c:267

ascon_init
void ascon_init(ascon_state_t *state)
Initializes the words of the ASCON permutation state to zero.
Definition: ascon-sliced32.c:32

state
ascon_state_t state
[snippet_key]
Definition: snippets.c:2

ascon128a_state_t
State information for the incremental version of ASCON-128a.
Definition: aead.h:281

ascon_clean
void ascon_clean(void *buf, unsigned size)
Cleans a buffer that contains sensitive material.
Definition: ascon-clean.c:38