ASCON Suite
ascon-masked-key.c
Go to the documentation of this file.
1 /*
2  * Copyright (C) 2022 Southern Storm Software, Pty Ltd.
3  *
4  * Permission is hereby granted, free of charge, to any person obtaining a
5  * copy of this software and associated documentation files (the "Software"),
6  * to deal in the Software without restriction, including without limitation
7  * the rights to use, copy, modify, merge, publish, distribute, sublicense,
8  * and/or sell copies of the Software, and to permit persons to whom the
9  * Software is furnished to do so, subject to the following conditions:
10  *
11  * The above copyright notice and this permission notice shall be included
12  * in all copies or substantial portions of the Software.
13  *
14  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
15  * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17  * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
19  * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
20  * DEALINGS IN THE SOFTWARE.
21  */
22 
23 #include <ascon/masking.h>
24 #include <ascon/utility.h>
25 #include "ascon-masked-word.h"
26 #include <string.h>
27 
28 void ascon_masked_key_128_init
29  (ascon_masked_key_128_t *masked, const unsigned char *key)
30 {
31  ascon_trng_state_t trng;
32 #if ASCON_MASKED_MAX_SHARES < 4
33  memset(masked, 0, sizeof(ascon_masked_key_128_t));
34 #endif
35  ascon_trng_init(&trng);
36 #if ASCON_MASKED_KEY_SHARES == 2
37  ascon_masked_word_x2_load
38  ((ascon_masked_word_t *)&(masked->k[0]), key, &trng);
39  ascon_masked_word_x2_load
40  ((ascon_masked_word_t *)&(masked->k[1]), key + 8, &trng);
41 #elif ASCON_MASKED_KEY_SHARES == 3
42  ascon_masked_word_x3_load
43  ((ascon_masked_word_t *)&(masked->k[0]), key, &trng);
44  ascon_masked_word_x3_load
45  ((ascon_masked_word_t *)&(masked->k[1]), key + 8, &trng);
46 #else
47  ascon_masked_word_x4_load
48  ((ascon_masked_word_t *)&(masked->k[0]), key, &trng);
49  ascon_masked_word_x4_load
50  ((ascon_masked_word_t *)&(masked->k[1]), key + 8, &trng);
51 #endif
52  ascon_trng_free(&trng);
53 }
54 
55 void ascon_masked_key_128_free(ascon_masked_key_128_t *masked)
56 {
57  if (masked)
58  ascon_clean(masked, sizeof(ascon_masked_key_128_t));
59 }
60 
61 void ascon_masked_key_128_randomize_with_trng
62  (ascon_masked_key_128_t *masked, ascon_trng_state_t *trng)
63 {
64 #if ASCON_MASKED_KEY_SHARES == 2
65  ascon_masked_word_x2_randomize
66  ((ascon_masked_word_t *)&(masked->k[0]),
67  (ascon_masked_word_t *)&(masked->k[0]), trng);
68  ascon_masked_word_x2_randomize
69  ((ascon_masked_word_t *)&(masked->k[1]),
70  (ascon_masked_word_t *)&(masked->k[1]), trng);
71 #elif ASCON_MASKED_KEY_SHARES == 3
72  ascon_masked_word_x3_randomize
73  ((ascon_masked_word_t *)&(masked->k[0]),
74  (ascon_masked_word_t *)&(masked->k[0]), trng);
75  ascon_masked_word_x3_randomize
76  ((ascon_masked_word_t *)&(masked->k[1]),
77  (ascon_masked_word_t *)&(masked->k[1]), trng);
78 #else
79  ascon_masked_word_x4_randomize
80  ((ascon_masked_word_t *)&(masked->k[0]),
81  (ascon_masked_word_t *)&(masked->k[0]), trng);
82  ascon_masked_word_x4_randomize
83  ((ascon_masked_word_t *)&(masked->k[1]),
84  (ascon_masked_word_t *)&(masked->k[1]), trng);
85 #endif
86 }
87 
88 void ascon_masked_key_128_randomize(ascon_masked_key_128_t *masked)
89 {
90  ascon_trng_state_t trng;
91  ascon_trng_init(&trng);
92  ascon_masked_key_128_randomize_with_trng(masked, &trng);
93  ascon_trng_free(&trng);
94 }
95 
96 void ascon_masked_key_128_extract
97  (const ascon_masked_key_128_t *masked, unsigned char *key)
98 {
99 #if ASCON_MASKED_KEY_SHARES == 2
100  ascon_masked_word_x2_store
101  (key, (const ascon_masked_word_t *)&(masked->k[0]));
102  ascon_masked_word_x2_store
103  (key + 8, (const ascon_masked_word_t *)&(masked->k[1]));
104 #elif ASCON_MASKED_KEY_SHARES == 3
105  ascon_masked_word_x3_store
106  (key, (const ascon_masked_word_t *)&(masked->k[0]));
107  ascon_masked_word_x3_store
108  (key + 8, (const ascon_masked_word_t *)&(masked->k[1]));
109 #else
110  ascon_masked_word_x4_store
111  (key, (const ascon_masked_word_t *)&(masked->k[0]));
112  ascon_masked_word_x4_store
113  (key + 8, (const ascon_masked_word_t *)&(masked->k[1]));
114 #endif
115 }
116 
117 void ascon_masked_key_160_init
118  (ascon_masked_key_160_t *masked, const unsigned char *key)
119 {
120  static unsigned char const zeroes[4] = {0, 0, 0, 0};
121  ascon_trng_state_t trng;
122 #if ASCON_MASKED_MAX_SHARES < 4
123  memset(masked, 0, sizeof(ascon_masked_key_160_t));
124 #endif
125  ascon_trng_init(&trng);
126 #if ASCON_MASKED_KEY_SHARES == 2
127  /* ASCON-80pq absorbs keys in two places so we need to mask it twice */
128  ascon_masked_word_x2_load
129  ((ascon_masked_word_t *)&(masked->k[0]), key, &trng);
130  ascon_masked_word_x2_load
131  ((ascon_masked_word_t *)&(masked->k[1]), key + 8, &trng);
132  ascon_masked_word_x2_load_32
133  ((ascon_masked_word_t *)&(masked->k[2]), key + 16, zeroes, &trng);
134  ascon_masked_word_x2_load_32
135  ((ascon_masked_word_t *)&(masked->k[3]), zeroes, key, &trng);
136  ascon_masked_word_x2_load
137  ((ascon_masked_word_t *)&(masked->k[4]), key + 4, &trng);
138  ascon_masked_word_x2_load
139  ((ascon_masked_word_t *)&(masked->k[5]), key + 12, &trng);
140 #elif ASCON_MASKED_KEY_SHARES == 3
141  ascon_masked_word_x3_load
142  ((ascon_masked_word_t *)&(masked->k[0]), key, &trng);
143  ascon_masked_word_x3_load
144  ((ascon_masked_word_t *)&(masked->k[1]), key + 8, &trng);
145  ascon_masked_word_x3_load_32
146  ((ascon_masked_word_t *)&(masked->k[2]), key + 16, zeroes, &trng);
147  ascon_masked_word_x3_load_32
148  ((ascon_masked_word_t *)&(masked->k[3]), zeroes, key, &trng);
149  ascon_masked_word_x3_load
150  ((ascon_masked_word_t *)&(masked->k[4]), key + 4, &trng);
151  ascon_masked_word_x3_load
152  ((ascon_masked_word_t *)&(masked->k[5]), key + 12, &trng);
153 #else
154  ascon_masked_word_x4_load
155  ((ascon_masked_word_t *)&(masked->k[0]), key, &trng);
156  ascon_masked_word_x4_load
157  ((ascon_masked_word_t *)&(masked->k[1]), key + 8, &trng);
158  ascon_masked_word_x4_load_32
159  ((ascon_masked_word_t *)&(masked->k[2]), key + 16, zeroes, &trng);
160  ascon_masked_word_x4_load_32
161  ((ascon_masked_word_t *)&(masked->k[3]), zeroes, key, &trng);
162  ascon_masked_word_x4_load
163  ((ascon_masked_word_t *)&(masked->k[4]), key + 4, &trng);
164  ascon_masked_word_x4_load
165  ((ascon_masked_word_t *)&(masked->k[5]), key + 12, &trng);
166 #endif
167  ascon_trng_free(&trng);
168 }
169 
170 void ascon_masked_key_160_free(ascon_masked_key_160_t *masked)
171 {
172  if (masked)
173  ascon_clean(masked, sizeof(ascon_masked_key_160_t));
174 }
175 
176 void ascon_masked_key_160_randomize_with_trng
177  (ascon_masked_key_160_t *masked, ascon_trng_state_t *trng)
178 {
179  int index;
180 #if ASCON_MASKED_KEY_SHARES == 2
181  for (index = 0; index < 6; ++index) {
182  ascon_masked_word_x2_randomize
183  ((ascon_masked_word_t *)&(masked->k[index]),
184  (ascon_masked_word_t *)&(masked->k[index]), trng);
185  }
186 #elif ASCON_MASKED_KEY_SHARES == 3
187  for (index = 0; index < 6; ++index) {
188  ascon_masked_word_x2_randomize
189  ((ascon_masked_word_t *)&(masked->k[index]),
190  (ascon_masked_word_t *)&(masked->k[index]), trng);
191  }
192 #else
193  for (index = 0; index < 6; ++index) {
194  ascon_masked_word_x2_randomize
195  ((ascon_masked_word_t *)&(masked->k[index]),
196  (ascon_masked_word_t *)&(masked->k[index]), trng);
197  }
198 #endif
199 }
200 
201 void ascon_masked_key_160_randomize(ascon_masked_key_160_t *masked)
202 {
203  ascon_trng_state_t trng;
204  ascon_trng_init(&trng);
205  ascon_masked_key_160_randomize_with_trng(masked, &trng);
206  ascon_trng_free(&trng);
207 }
208 
209 void ascon_masked_key_160_extract
210  (const ascon_masked_key_160_t *masked, unsigned char *key)
211 {
212 #if ASCON_MASKED_KEY_SHARES == 2
213  ascon_masked_word_x2_store
214  (key, (const ascon_masked_word_t *)&(masked->k[0]));
215  ascon_masked_word_x2_store
216  (key + 8, (const ascon_masked_word_t *)&(masked->k[1]));
217  ascon_masked_word_x2_store_partial
218  (key + 16, 4, (const ascon_masked_word_t *)&(masked->k[2]));
219 #elif ASCON_MASKED_KEY_SHARES == 3
220  ascon_masked_word_x3_store
221  (key, (const ascon_masked_word_t *)&(masked->k[0]));
222  ascon_masked_word_x3_store
223  (key + 8, (const ascon_masked_word_t *)&(masked->k[1]));
224  ascon_masked_word_x3_store_partial
225  (key + 16, 4, (const ascon_masked_word_t *)&(masked->k[2]));
226 #else
227  ascon_masked_word_x4_store
228  (key, (const ascon_masked_word_t *)&(masked->k[0]));
229  ascon_masked_word_x4_store
230  (key + 8, (const ascon_masked_word_t *)&(masked->k[1]));
231  ascon_masked_word_x4_store_partial
232  (key + 16, 4, (const ascon_masked_word_t *)&(masked->k[2]));
233 #endif
234 }
ascon_masked_key_128_free
void ascon_masked_key_128_free(ascon_masked_key_128_t *masked)
Frees a masked 128-bit key and destroys all sensitive material.
Definition: ascon-masked-key.c:55
ascon_masked_key_160_free
void ascon_masked_key_160_free(ascon_masked_key_160_t *masked)
Frees a masked 160-bit key and destroys all sensitive material.
Definition: ascon-masked-key.c:170
ascon_masked_key_128_init
void ascon_masked_key_128_init(ascon_masked_key_128_t *masked, const unsigned char *key)
Initializes a masked 128-bit key for ASCON.
Definition: ascon-masked-key.c:29
ascon_masked_key_128_randomize_with_trng
void ascon_masked_key_128_randomize_with_trng(ascon_masked_key_128_t *masked, ascon_trng_state_t *trng)
Randomizes a masked 128-bit key by mixing in fresh random material from a caller-supplied TRNG.
Definition: ascon-masked-key.c:62
ascon_masked_key_160_randomize_with_trng
void ascon_masked_key_160_randomize_with_trng(ascon_masked_key_160_t *masked, ascon_trng_state_t *trng)
Randomizes a masked 160-bit key by mixing in fresh random material from a caller-supplied TRNG.
Definition: ascon-masked-key.c:177
ascon_masked_key_160_extract
void ascon_masked_key_160_extract(const ascon_masked_key_160_t *masked, unsigned char *key)
Extracts the plain version of a 160-bit key from its masked version.
Definition: ascon-masked-key.c:210
ascon_masked_key_128_extract
void ascon_masked_key_128_extract(const ascon_masked_key_128_t *masked, unsigned char *key)
Extracts the plain version of a 128-bit key from its masked version.
Definition: ascon-masked-key.c:97
ascon_masked_key_160_randomize
void ascon_masked_key_160_randomize(ascon_masked_key_160_t *masked)
Randomizes a masked 160-bit key by mixing in fresh random material.
Definition: ascon-masked-key.c:201
ascon_masked_key_128_randomize
void ascon_masked_key_128_randomize(ascon_masked_key_128_t *masked)
Randomizes a masked 128-bit key by mixing in fresh random material.
Definition: ascon-masked-key.c:88
ascon_masked_key_160_init
void ascon_masked_key_160_init(ascon_masked_key_160_t *masked, const unsigned char *key)
Initializes a masked 160-bit key for ASCON.
Definition: ascon-masked-key.c:118
ascon_masked_word_x4_load_32
void ascon_masked_word_x4_load_32(ascon_masked_word_t *word, const uint8_t *data1, const uint8_t *data2, ascon_trng_state_t *trng)
Loads two 32-bit big endian values from buffers, masks them, and writes the result to a x4 masked wor...
Definition: ascon-masked-word-c64.c:443
ascon_masked_word_x2_store_partial
void ascon_masked_word_x2_store_partial(uint8_t *data, unsigned size, const ascon_masked_word_t *word)
Unmasks and stores the contents of a x2 masked word structure to a partial buffer.
Definition: ascon-masked-word-c64.c:117
ascon_masked_word_x2_load
void ascon_masked_word_x2_load(ascon_masked_word_t *word, const uint8_t *data, ascon_trng_state_t *trng)
Loads a 64-bit big endian value from buffer, masks it, and writes it to a x2 masked word structure.
Definition: ascon-masked-word-c64.c:45
ascon_masked_word_x2_store
void ascon_masked_word_x2_store(uint8_t *data, const ascon_masked_word_t *word)
Unmasks and stores the contents of a x2 masked word structure.
Definition: ascon-masked-word-c64.c:110
ascon_masked_word_x3_store_partial
void ascon_masked_word_x3_store_partial(uint8_t *data, unsigned size, const ascon_masked_word_t *word)
Unmasks and stores the contents of a x3 masked word structure to a partial buffer.
Definition: ascon-masked-word-c64.c:290
ascon_masked_word_x4_load
void ascon_masked_word_x4_load(ascon_masked_word_t *word, const uint8_t *data, ascon_trng_state_t *trng)
Loads a 64-bit big endian value from buffer, masks it, and writes it to a x4 masked word structure.
Definition: ascon-masked-word-c64.c:398
ascon_masked_word_x3_load
void ascon_masked_word_x3_load(ascon_masked_word_t *word, const uint8_t *data, ascon_trng_state_t *trng)
Loads a 64-bit big endian value from buffer, masks it, and writes it to a x3 masked word structure.
Definition: ascon-masked-word-c64.c:220
ascon_masked_word_x3_load_32
void ascon_masked_word_x3_load_32(ascon_masked_word_t *word, const uint8_t *data1, const uint8_t *data2, ascon_trng_state_t *trng)
Loads two 32-bit big endian values from buffers, masks them, and writes the result to a x3 masked wor...
Definition: ascon-masked-word-c64.c:267
ascon_masked_word_x4_store_partial
void ascon_masked_word_x4_store_partial(uint8_t *data, unsigned size, const ascon_masked_word_t *word)
Unmasks and stores the contents of a x4 masked word structure to a partial buffer.
Definition: ascon-masked-word-c64.c:466
ascon_masked_word_x3_randomize
void ascon_masked_word_x3_randomize(ascon_masked_word_t *dest, const ascon_masked_word_t *src, ascon_trng_state_t *trng)
Randomizes a x3 masked word by incorporating fresh randomness.
Definition: ascon-masked-word-c64.c:320
ascon_masked_word_x2_load_32
void ascon_masked_word_x2_load_32(ascon_masked_word_t *word, const uint8_t *data1, const uint8_t *data2, ascon_trng_state_t *trng)
Loads two 32-bit big endian values from buffers, masks them, and writes the result to a x2 masked wor...
Definition: ascon-masked-word-c64.c:94
ascon_masked_word_x4_randomize
void ascon_masked_word_x4_randomize(ascon_masked_word_t *dest, const ascon_masked_word_t *src, ascon_trng_state_t *trng)
Randomizes a x4 masked word by incorporating fresh randomness.
Definition: ascon-masked-word-c64.c:500
ascon_masked_word_x4_store
void ascon_masked_word_x4_store(uint8_t *data, const ascon_masked_word_t *word)
Unmasks and stores the contents of a x4 masked word structure.
Definition: ascon-masked-word-c64.c:457
ascon_masked_word_x3_store
void ascon_masked_word_x3_store(uint8_t *data, const ascon_masked_word_t *word)
Unmasks and stores the contents of a x3 masked word structure.
Definition: ascon-masked-word-c64.c:282
ascon_masked_word_x2_randomize
void ascon_masked_word_x2_randomize(ascon_masked_word_t *dest, const ascon_masked_word_t *src, ascon_trng_state_t *trng)
Randomizes a x2 masked word by incorporating fresh randomness.
Definition: ascon-masked-word-c64.c:143
ascon-masked-word.h
Utility functions for operating on masked words.
ascon_trng_init
int ascon_trng_init(ascon_trng_state_t *state)
Initializes the random number source for generating a sequence of masking material at high speed.
Definition: ascon-trng-mixer.c:33
ascon_trng_free
void ascon_trng_free(ascon_trng_state_t *state)
Frees the random number source and destroys any sensitive material.
Definition: ascon-trng-mixer.c:47
masking.h
Definitions to support masked ASCON ciphers.
ascon_masked_key_128_t
128-bit key that has been masked to hide its value when the code is operating on it.
Definition: masking.h:63
ascon_masked_key_128_t::k
ascon_masked_key_word_t k[2]
Definition: masking.h:64
ascon_masked_key_160_t
160-bit key that has been masked to hide its value when the code is operating on it.
Definition: masking.h:85
ascon_masked_key_160_t::k
ascon_masked_key_word_t k[6]
Definition: masking.h:86
ascon_trng_state_t
State of the random number source.
Definition: ascon-trng.h:64
ascon_masked_word_t
Masked 64-bit word with up to ASCON_MASKED_MAX_SHARES shares.
Definition: ascon-masked-word.h:67
utility.h
System utilities of use to applications that use ASCON.
ascon_clean
void ascon_clean(void *buf, unsigned size)
Cleans a buffer that contains sensitive material.
Definition: ascon-clean.c:38
Generated on Sun Mar 19 2023 13:56:57 for ASCON Suite by doxygen 1.9.1