ascon-suite/ascon-aead-inc-80pq_8c_source.html

 /*

  * Copyright (C) 2022 Southern Storm Software, Pty Ltd.

  *

  * Permission is hereby granted, free of charge, to any person obtaining a

  * copy of this software and associated documentation files (the "Software"),

  * to deal in the Software without restriction, including without limitation

  * the rights to use, copy, modify, merge, publish, distribute, sublicense,

  * and/or sell copies of the Software, and to permit persons to whom the

  * Software is furnished to do so, subject to the following conditions:

  *

  * The above copyright notice and this permission notice shall be included

  * in all copies or substantial portions of the Software.

  *

  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS

  * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,

  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE

  * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER

  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING

  * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER

  * DEALINGS IN THE SOFTWARE.

  */


 #include "aead/ascon-aead-common.h"

 #include "core/ascon-util-snp.h"

 #include <string.h>


 /* Initialization vector for ASCON-80pq */

 static uint8_t const ASCON80PQ_IV[4] = {0xa0, 0x40, 0x0c, 0x06};


 void ascon80pq_aead_start

     (ascon80pq_state_t *state, const unsigned char *ad, size_t adlen,

      const unsigned char *npub, const unsigned char *k)

 {

     /* Initialize the ASCON state */

     memcpy(state->key, k, ASCON80PQ_KEY_SIZE);

     ascon_init(&(state->state));

     ascon_overwrite_bytes(&(state->state), ASCON80PQ_IV, 0, 4);

     ascon_overwrite_bytes(&(state->state), state->key, 4, ASCON80PQ_KEY_SIZE);

     ascon_overwrite_bytes(&(state->state), npub, 24, ASCON80PQ_NONCE_SIZE);

     ascon_permute(&(state->state), 0);

     ascon_absorb_partial(&(state->state), state->key, 20, ASCON80PQ_KEY_SIZE);


     /* Absorb the associated data into the state */

     if (adlen > 0)

         ascon_aead_absorb_8(&(state->state), ad, adlen, 6, 1);


     /* Separator between the associated data and the payload */

     ascon_separator(&(state->state));


     /* Prepare for encryption or decryption */

     ascon_release(&(state->state));

     state->posn = 0;

 }


 void ascon80pq_aead_abort(ascon80pq_state_t *state)

 {

     if (state) {

         ascon_acquire(&(state->state));

         ascon_free(&(state->state));

         ascon_clean(state, sizeof(ascon80pq_state_t));

     }

 }


 void ascon80pq_aead_encrypt_block

     (ascon80pq_state_t *state, const unsigned char *in,

      unsigned char *out, size_t len)

 {

     ascon_acquire(&(state->state));

     state->posn = ascon_aead_encrypt_8

         (&(state->state), out, in, len, 6, state->posn);

     ascon_release(&(state->state));

 }


 void ascon80pq_aead_encrypt_finalize

     (ascon80pq_state_t *state, unsigned char *tag)

 {

     /* Pad the final plaintext block */

     ascon_acquire(&(state->state));

     ascon_pad(&(state->state), state->posn);


     /* Finalize and compute the authentication tag */

     ascon_absorb_partial(&(state->state), state->key, 8, ASCON80PQ_KEY_SIZE);

     ascon_permute(&(state->state), 0);

     ascon_absorb_16(&(state->state), state->key + 4, 24);

     ascon_squeeze_16(&(state->state), tag, 24);


     /* Clean up */

     ascon_free(&(state->state));

     ascon_clean(state, sizeof(ascon80pq_state_t));

 }


 void ascon80pq_aead_decrypt_block

     (ascon80pq_state_t *state, const unsigned char *in,

      unsigned char *out, size_t len)

 {

     ascon_acquire(&(state->state));

     state->posn = ascon_aead_decrypt_8

         (&(state->state), out, in, len, 6, state->posn);

     ascon_release(&(state->state));

 }


 int ascon80pq_aead_decrypt_finalize

     (ascon80pq_state_t *state, const unsigned char *tag)

 {

     unsigned char tag2[ASCON80PQ_TAG_SIZE];

     int result;


     /* Pad the final ciphertext block */

     ascon_acquire(&(state->state));

     ascon_pad(&(state->state), state->posn);


     /* Finalize and check the authentication tag */

     ascon_absorb_partial(&(state->state), state->key, 8, ASCON80PQ_KEY_SIZE);

     ascon_permute(&(state->state), 0);

     ascon_absorb_16(&(state->state), state->key + 4, 24);

     ascon_squeeze_16(&(state->state), tag2, 24);

     result = ascon_aead_check_tag(0, 0, tag2, tag, ASCON80PQ_TAG_SIZE);


     /* Clean up */

     ascon_clean(tag2, sizeof(tag2));

     ascon_free(&(state->state));

     ascon_clean(state, sizeof(ascon80pq_state_t));

     return result;

 }

ASCON80PQ_NONCE_SIZE
#define ASCON80PQ_NONCE_SIZE
Size of the nonce for ASCON-80pq.
Definition: aead.h:75

ASCON80PQ_TAG_SIZE
#define ASCON80PQ_TAG_SIZE
Size of the authentication tag for ASCON-80pq.
Definition: aead.h:80

ASCON80PQ_KEY_SIZE
#define ASCON80PQ_KEY_SIZE
Size of the key for ASCON-80pq.
Definition: aead.h:70

ascon_aead_encrypt_8
unsigned char ascon_aead_encrypt_8(ascon_state_t *state, unsigned char *dest, const unsigned char *src, size_t len, uint8_t first_round, unsigned char partial)
Encrypts a block of data with an ASCON state and an 8-byte rate.
Definition: ascon-aead-common.c:83

ascon_aead_check_tag
int ascon_aead_check_tag(unsigned char *plaintext, size_t plaintext_len, const unsigned char *tag1, const unsigned char *tag2, size_t size)
Check an authentication tag in constant time.
Definition: ascon-aead-common.c:27

ascon_aead_decrypt_8
unsigned char ascon_aead_decrypt_8(ascon_state_t *state, unsigned char *dest, const unsigned char *src, size_t len, uint8_t first_round, unsigned char partial)
Decrypts a block of data with an ASCON state and an 8-byte rate.
Definition: ascon-aead-common.c:151

ascon_aead_absorb_8
void ascon_aead_absorb_8(ascon_state_t *state, const unsigned char *data, size_t len, uint8_t first_round, int last_permute)
Absorbs data into an ASCON state with an 8-byte rate.
Definition: ascon-aead-common.c:49

ascon-aead-common.h

ascon80pq_aead_start
void ascon80pq_aead_start(ascon80pq_state_t *state, const unsigned char *ad, size_t adlen, const unsigned char *npub, const unsigned char *k)
Starts encrypting or decrypting a packet with ASCON-80pq in incremental mode.
Definition: ascon-aead-inc-80pq.c:31

ascon80pq_aead_encrypt_block
void ascon80pq_aead_encrypt_block(ascon80pq_state_t *state, const unsigned char *in, unsigned char *out, size_t len)
Encrypts a block of data with ASCON-80pq in incremental mode.
Definition: ascon-aead-inc-80pq.c:65

ascon80pq_aead_abort
void ascon80pq_aead_abort(ascon80pq_state_t *state)
Aborts use of ASCON-80pq in incremental mode.
Definition: ascon-aead-inc-80pq.c:55

ascon80pq_aead_decrypt_block
void ascon80pq_aead_decrypt_block(ascon80pq_state_t *state, const unsigned char *in, unsigned char *out, size_t len)
Decrypts a block of data with ASCON-80pq in incremental mode.
Definition: ascon-aead-inc-80pq.c:93

ascon80pq_aead_encrypt_finalize
void ascon80pq_aead_encrypt_finalize(ascon80pq_state_t *state, unsigned char *tag)
Finalizes an incremental ASCON-80pq encryption operation and generates the authentication tag.
Definition: ascon-aead-inc-80pq.c:75

ascon80pq_aead_decrypt_finalize
int ascon80pq_aead_decrypt_finalize(ascon80pq_state_t *state, const unsigned char *tag)
Finalizes an incremental ASCON-80pq decryption operation and checks the authentication tag.
Definition: ascon-aead-inc-80pq.c:103

ascon-util-snp.h

ascon_pad
#define ascon_pad(state, offset)
Definition: ascon-util-snp.h:44

ascon_absorb_16
#define ascon_absorb_16(state, data, offset)
Definition: ascon-util-snp.h:50

ascon_absorb_partial
#define ascon_absorb_partial(state, data, offset, count)
Definition: ascon-util-snp.h:55

ascon_squeeze_16
#define ascon_squeeze_16(state, data, offset)
Definition: ascon-util-snp.h:60

ascon_separator
#define ascon_separator(state)
Definition: ascon-util-snp.h:43

ascon_free
void ascon_free(ascon_state_t *state)
Frees an ASCON permutation state and attempts to destroy any sensitive material.
Definition: ascon-sliced32.c:42

ascon_release
void ascon_release(ascon_state_t *state)
Temporarily releases access to any shared hardware resources that a permutation state was using.
Definition: ascon-sliced32.c:261

ascon_overwrite_bytes
void ascon_overwrite_bytes(ascon_state_t *state, const uint8_t *data, unsigned offset, unsigned size)
Overwrites existing bytes in the ASCON state.
Definition: ascon-sliced32.c:85

ascon_permute
void ascon_permute(ascon_state_t *state, uint8_t first_round)
Permutes the ASCON state with a specified number of rounds.
Definition: ascon-c32.c:36

ascon_acquire
void ascon_acquire(ascon_state_t *state)
Re-acquires access to any shared hardware resources that a permutation state was using.
Definition: ascon-sliced32.c:267

ascon_init
void ascon_init(ascon_state_t *state)
Initializes the words of the ASCON permutation state to zero.
Definition: ascon-sliced32.c:32

state
ascon_state_t state
[snippet_key]
Definition: snippets.c:2

ascon80pq_state_t
State information for the incremental version of ASCON-80pq.
Definition: aead.h:299

ascon_clean
void ascon_clean(void *buf, unsigned size)
Cleans a buffer that contains sensitive material.
Definition: ascon-clean.c:38