ASCON Suite
ascon-masked-word-c32.c
Go to the documentation of this file.
1 /*
2  * Copyright (C) 2022 Southern Storm Software, Pty Ltd.
3  *
4  * Permission is hereby granted, free of charge, to any person obtaining a
5  * copy of this software and associated documentation files (the "Software"),
6  * to deal in the Software without restriction, including without limitation
7  * the rights to use, copy, modify, merge, publish, distribute, sublicense,
8  * and/or sell copies of the Software, and to permit persons to whom the
9  * Software is furnished to do so, subject to the following conditions:
10  *
11  * The above copyright notice and this permission notice shall be included
12  * in all copies or substantial portions of the Software.
13  *
14  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
15  * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17  * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
19  * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
20  * DEALINGS IN THE SOFTWARE.
21  */
22 
23 #include "ascon-masked-word.h"
24 
25 #if defined(ASCON_MASKED_WORD_BACKEND_C32)
26 
27 /* Masked word load/store functions that should be written in assembly
28  * code so as to carefully mask the values with minimal leakage. */
29 
32 /* http://programming.sirrida.de/perm_fn.html#bit_permute_step */
33 #define ascon_bit_permute_step(_y, mask, shift) \
34  do { \
35  uint32_t y = (_y); \
36  uint32_t t = ((y >> (shift)) ^ y) & (mask); \
37  (_y) = (y ^ t) ^ (t << (shift)); \
38  } while (0)
39 
40 /* Separates a 32-bit word into two 16-bit halves with all the even
41  * bits in the bottom half and all the odd bits in the top half.
42  *
43  * Permutation generated with "http://programming.sirrida.de/calcperm.php"
44  *
45  * P = [0 16 1 17 2 18 3 19 4 20 5 21 6 22 7 23 8 24
46  * 9 25 10 26 11 27 12 28 13 29 14 30 15 31]
47  */
48 #define ascon_separate(x) \
49  do { \
50  ascon_bit_permute_step((x), 0x22222222, 1); \
51  ascon_bit_permute_step((x), 0x0c0c0c0c, 2); \
52  ascon_bit_permute_step((x), 0x00f000f0, 4); \
53  ascon_bit_permute_step((x), 0x0000ff00, 8); \
54  } while (0)
55 #define ascon_combine(x) \
56  do { \
57  ascon_bit_permute_step((x), 0x0000aaaa, 15); \
58  ascon_bit_permute_step((x), 0x0000cccc, 14); \
59  ascon_bit_permute_step((x), 0x0000f0f0, 12); \
60  ascon_bit_permute_step((x), 0x0000ff00, 8); \
61  } while (0)
62 
65 void ascon_masked_word_x2_zero
66  (ascon_masked_word_t *word, ascon_trng_state_t *trng)
67 {
68  uint32_t random1a = ascon_trng_generate_32(trng);
69  uint32_t random1b = ascon_trng_generate_32(trng);
70  word->W[0] = random1a;
71  word->W[1] = random1b;
72  word->W[2] = ascon_mask32_rotate_share1_0(random1a);
73  word->W[3] = ascon_mask32_rotate_share1_0(random1b);
74 #if ASCON_MASKED_MAX_SHARES >= 3
75  word->W[4] = 0;
76  word->W[5] = 0;
77 #endif
78 #if ASCON_MASKED_MAX_SHARES >= 4
79  word->W[6] = 0;
80  word->W[7] = 0;
81 #endif
82 }
83 
84 void ascon_masked_word_x2_load
85  (ascon_masked_word_t *word, const uint8_t *data,
86  ascon_trng_state_t *trng)
87 {
88  uint32_t random1a = ascon_trng_generate_32(trng);
89  uint32_t random1b = ascon_trng_generate_32(trng);
90  uint32_t high = random1a ^ be_load_word32(data);
91  uint32_t low = random1b ^ be_load_word32(data + 4);
92  ascon_separate(random1a);
93  ascon_separate(random1b);
94  ascon_separate(high);
95  ascon_separate(low);
96  word->W[0] = (high << 16) | (low & 0x0000FFFFU);
97  word->W[1] = (high & 0xFFFF0000U) | (low >> 16);
98  high = (random1a << 16) | (random1b & 0x0000FFFFU);
99  low = (random1a & 0xFFFF0000U) | (random1b >> 16);
100  word->W[2] = ascon_mask32_rotate_share1_0(high);
101  word->W[3] = ascon_mask32_rotate_share1_0(low);
102 #if ASCON_MASKED_MAX_SHARES >= 3
103  word->W[4] = 0;
104  word->W[5] = 0;
105 #endif
106 #if ASCON_MASKED_MAX_SHARES >= 4
107  word->W[6] = 0;
108  word->W[7] = 0;
109 #endif
110 }
111 
112 void ascon_masked_word_x2_load_partial
113  (ascon_masked_word_t *word, const uint8_t *data, unsigned size,
114  ascon_trng_state_t *trng)
115 {
116  uint32_t high, low;
117  uint32_t random1a, random1b;
118 
119  /* Load as a 64-bit word and mask with the first share */
120  uint64_t random = ascon_trng_generate_64(trng);
121  uint64_t masked = random;
122  if (size >= 4) {
123  masked ^= be_load_word32(data + size - 4);
124  masked = rightRotate32_64(masked);
125  random = rightRotate32_64(random);
126  size -= 4;
127  }
128  if (size >= 2) {
129  masked ^= be_load_word16(data + size - 2);
130  masked = rightRotate16_64(masked);
131  random = rightRotate16_64(random);
132  size -= 2;
133  }
134  if (size > 0) {
135  masked ^= data[0];
136  masked = rightRotate8_64(masked);
137  random = rightRotate8_64(random);
138  }
139 
140  /* Slice the shares and store to the masked word */
141  high = (uint32_t)(masked >> 32);
142  low = (uint32_t)masked;
143  random1a = (uint32_t)(random >> 32);
144  random1b = (uint32_t)random;
145  ascon_separate(random1a);
146  ascon_separate(random1b);
147  ascon_separate(high);
148  ascon_separate(low);
149  word->W[0] = (high << 16) | (low & 0x0000FFFFU);
150  word->W[1] = (high & 0xFFFF0000U) | (low >> 16);
151  high = (random1a << 16) | (random1b & 0x0000FFFFU);
152  low = (random1a & 0xFFFF0000U) | (random1b >> 16);
153  word->W[2] = ascon_mask32_rotate_share1_0(high);
154  word->W[3] = ascon_mask32_rotate_share1_0(low);
155 #if ASCON_MASKED_MAX_SHARES >= 3
156  word->W[4] = 0;
157  word->W[5] = 0;
158 #endif
159 #if ASCON_MASKED_MAX_SHARES >= 4
160  word->W[6] = 0;
161  word->W[7] = 0;
162 #endif
163 }
164 
165 void ascon_masked_word_x2_load_32
166  (ascon_masked_word_t *word, const uint8_t *data1,
167  const uint8_t *data2, ascon_trng_state_t *trng)
168 {
169  uint32_t random1a = ascon_trng_generate_32(trng);
170  uint32_t random1b = ascon_trng_generate_32(trng);
171  uint32_t high = random1a ^ be_load_word32(data1);
172  uint32_t low = random1b ^ be_load_word32(data2);
173  ascon_separate(random1a);
174  ascon_separate(random1b);
175  ascon_separate(high);
176  ascon_separate(low);
177  word->W[0] = (high << 16) | (low & 0x0000FFFFU);
178  word->W[1] = (high & 0xFFFF0000U) | (low >> 16);
179  high = (random1a << 16) | (random1b & 0x0000FFFFU);
180  low = (random1a & 0xFFFF0000U) | (random1b >> 16);
181  word->W[2] = ascon_mask32_rotate_share1_0(high);
182  word->W[3] = ascon_mask32_rotate_share1_0(low);
183 #if ASCON_MASKED_MAX_SHARES >= 3
184  word->W[4] = 0;
185  word->W[5] = 0;
186 #endif
187 #if ASCON_MASKED_MAX_SHARES >= 4
188  word->W[6] = 0;
189  word->W[7] = 0;
190 #endif
191 }
192 
193 void ascon_masked_word_x2_store
194  (uint8_t *data, const ascon_masked_word_t *word)
195 {
196  uint32_t high1 = (word->W[0] >> 16) | (word->W[1] & 0xFFFF0000U);
197  uint32_t low1 = (word->W[0] & 0x0000FFFFU) | (word->W[1] << 16);
198  uint32_t high2 = ascon_mask32_unrotate_share1_0(word->W[2]);
199  uint32_t low2 = ascon_mask32_unrotate_share1_0(word->W[3]);
200  uint32_t high3 = (high2 >> 16) | (low2 & 0xFFFF0000U);
201  uint32_t low3 = (high2 & 0x0000FFFFU) | (low2 << 16);
202  ascon_combine(high1);
203  ascon_combine(low1);
204  ascon_combine(high3);
205  ascon_combine(low3);
206  be_store_word32(data, high1 ^ high3);
207  be_store_word32(data + 4, low1 ^ low3);
208 }
209 
210 void ascon_masked_word_x2_store_partial
211  (uint8_t *data, unsigned size, const ascon_masked_word_t *word)
212 {
213  uint64_t masked1, masked2;
214  uint32_t high1, low1;
215  uint32_t high2, low2;
216  uint32_t high3, low3;
217 
218  /* Rearrange the bits while still in masked form */
219  high1 = (word->W[0] >> 16) | (word->W[1] & 0xFFFF0000U);
220  low1 = (word->W[0] & 0x0000FFFFU) | (word->W[1] << 16);
221  high2 = ascon_mask32_unrotate_share1_0(word->W[2]);
222  low2 = ascon_mask32_unrotate_share1_0(word->W[3]);
223  high3 = (high2 >> 16) | (low2 & 0xFFFF0000U);
224  low3 = (high2 & 0x0000FFFFU) | (low2 << 16);
225  ascon_combine(high1);
226  ascon_combine(low1);
227  ascon_combine(high3);
228  ascon_combine(low3);
229 
230  /* Convert to 64-bit, unmask, and store the bytes */
231  masked1 = (((uint64_t)high1) << 32) | low1;
232  masked2 = (((uint64_t)high3) << 32) | low3;
233  if (size >= 4) {
234  masked1 = leftRotate32_64(masked1);
235  masked2 = leftRotate32_64(masked2);
236  be_store_word32(data, (uint32_t)(masked1 ^ masked2));
237  data += 4;
238  size -= 4;
239  }
240  if (size >= 2) {
241  masked1 = leftRotate16_64(masked1);
242  masked2 = leftRotate16_64(masked2);
243  be_store_word16(data, (uint16_t)(masked1 ^ masked2));
244  data += 2;
245  size -= 2;
246  }
247  if (size > 0) {
248  masked1 = leftRotate8_64(masked1);
249  masked2 = leftRotate8_64(masked2);
250  data[0] = (uint8_t)(masked1 ^ masked2);
251  }
252 }
253 
254 void ascon_masked_word_x2_randomize
255  (ascon_masked_word_t *dest, const ascon_masked_word_t *src,
256  ascon_trng_state_t *trng)
257 {
258  uint32_t random1a = ascon_trng_generate_32(trng);
259  uint32_t random1b = ascon_trng_generate_32(trng);
260  dest->W[0] = src->W[0] ^ random1a;
261  dest->W[1] = src->W[1] ^ random1b;
262  dest->W[2] = src->W[2] ^ ascon_mask32_rotate_share1_0(random1a);
263  dest->W[3] = src->W[3] ^ ascon_mask32_rotate_share1_0(random1b);
264 }
265 
266 void ascon_masked_word_x2_xor
267  (ascon_masked_word_t *dest, const ascon_masked_word_t *src)
268 {
269  dest->S[0] ^= src->S[0];
270  dest->S[1] ^= src->S[1];
271 }
272 
273 void ascon_masked_word_x2_replace
274  (ascon_masked_word_t *dest, const ascon_masked_word_t *src, unsigned size)
275 {
276  uint32_t mask1 = (~((uint32_t)0)) >> (size * 4U);
277  uint32_t mask2 = ~mask1;
278  dest->W[0] = (dest->W[0] & mask1) | (src->W[0] & mask2);
279  dest->W[1] = (dest->W[1] & mask1) | (src->W[1] & mask2);
280  mask1 = ascon_mask32_rotate_share1_0(mask1);
281  mask2 = ascon_mask32_rotate_share1_0(mask2);
282  dest->W[2] = (dest->W[2] & mask1) | (src->W[2] & mask2);
283  dest->W[3] = (dest->W[3] & mask1) | (src->W[3] & mask2);
284 }
285 
286 #if ASCON_MASKED_MAX_SHARES >= 3
287 
288 void ascon_masked_word_x2_from_x3
289  (ascon_masked_word_t *dest, const ascon_masked_word_t *src,
290  ascon_trng_state_t *trng)
291 {
292  uint32_t random1a = ascon_trng_generate_32(trng);
293  uint32_t random1b = ascon_trng_generate_32(trng);
294  dest->W[0] = random1a ^ src->W[0];
295  dest->W[1] = random1b ^ src->W[1];
296  dest->W[2] = (ascon_mask32_rotate_share1_0(random1a) ^ src->W[2]) ^
297  ascon_mask32_unrotate_share2_1(src->W[4]);
298  dest->W[3] = (ascon_mask32_rotate_share1_0(random1b) ^ src->W[3]) ^
299  ascon_mask32_unrotate_share2_1(src->W[5]);
300  dest->W[4] = 0;
301  dest->W[5] = 0;
302 #if ASCON_MASKED_MAX_SHARES >= 4
303  dest->W[6] = 0;
304  dest->W[7] = 0;
305 #endif
306 }
307 
308 #endif /* ASCON_MASKED_MAX_SHARES >= 3 */
309 
310 #if ASCON_MASKED_MAX_SHARES >= 4
311 
312 void ascon_masked_word_x2_from_x4
313  (ascon_masked_word_t *dest, const ascon_masked_word_t *src,
314  ascon_trng_state_t *trng)
315 {
316  uint32_t random1a = ascon_trng_generate_32(trng);
317  uint32_t random1b = ascon_trng_generate_32(trng);
318  dest->W[0] = random1a ^ src->W[0] ^
319  ascon_mask32_unrotate_share2_0(src->W[4]);
320  dest->W[1] = random1b ^ src->W[1] ^
321  ascon_mask32_unrotate_share2_0(src->W[5]);
322  dest->W[2] = (ascon_mask32_rotate_share1_0(random1a) ^ src->W[2]) ^
323  ascon_mask32_unrotate_share3_1(src->W[6]);
324  dest->W[3] = (ascon_mask32_rotate_share1_0(random1b) ^ src->W[3]) ^
325  ascon_mask32_unrotate_share3_1(src->W[7]);
326  dest->W[4] = 0;
327  dest->W[5] = 0;
328  dest->W[6] = 0;
329  dest->W[7] = 0;
330 }
331 
332 #endif /* ASCON_MASKED_MAX_SHARES >= 4 */
333 
334 #if ASCON_MASKED_MAX_SHARES >= 3
335 
336 void ascon_masked_word_x3_zero
337  (ascon_masked_word_t *word, ascon_trng_state_t *trng)
338 {
339  uint32_t random1a = ascon_trng_generate_32(trng);
340  uint32_t random1b = ascon_trng_generate_32(trng);
341  uint32_t random2a = ascon_trng_generate_32(trng);
342  uint32_t random2b = ascon_trng_generate_32(trng);
343  word->W[0] = random1a ^ random2a;
344  word->W[1] = random1b ^ random2b;
345  word->W[2] = ascon_mask32_rotate_share1_0(random1a);
346  word->W[3] = ascon_mask32_rotate_share1_0(random1b);
347  word->W[4] = ascon_mask32_rotate_share2_0(random2a);
348  word->W[5] = ascon_mask32_rotate_share2_0(random2b);
349 #if ASCON_MASKED_MAX_SHARES >= 4
350  word->W[6] = 0;
351  word->W[7] = 0;
352 #endif
353 }
354 
355 void ascon_masked_word_x3_load
356  (ascon_masked_word_t *word, const uint8_t *data,
357  ascon_trng_state_t *trng)
358 {
359  uint32_t random1a = ascon_trng_generate_32(trng);
360  uint32_t random1b = ascon_trng_generate_32(trng);
361  uint32_t high = random1a ^ be_load_word32(data);
362  uint32_t low = random1b ^ be_load_word32(data + 4);
363  word->W[4] = ascon_trng_generate_32(trng); /* random2a */
364  word->W[5] = ascon_trng_generate_32(trng); /* random2b */
365  ascon_separate(random1a);
366  ascon_separate(random1b);
367  ascon_separate(high);
368  ascon_separate(low);
369  word->W[0] = ((high << 16) | (low & 0x0000FFFFU)) ^
370  ascon_mask32_unrotate_share2_0(word->W[4]);
371  word->W[1] = ((high & 0xFFFF0000U) | (low >> 16)) ^
372  ascon_mask32_unrotate_share2_0(word->W[5]);
373  high = (random1a << 16) | (random1b & 0x0000FFFFU);
374  low = (random1a & 0xFFFF0000U) | (random1b >> 16);
375  word->W[2] = ascon_mask32_rotate_share1_0(high);
376  word->W[3] = ascon_mask32_rotate_share1_0(low);
377 #if ASCON_MASKED_MAX_SHARES >= 4
378  word->W[6] = 0;
379  word->W[7] = 0;
380 #endif
381 }
382 
383 void ascon_masked_word_x3_load_partial
384  (ascon_masked_word_t *word, const uint8_t *data, unsigned size,
385  ascon_trng_state_t *trng)
386 {
387  uint32_t high, low;
388  uint32_t random1a, random1b;
389  uint32_t random2a, random2b;
390 
391  /* Load as a 64-bit word and mask with the first share */
392  uint64_t random = ascon_trng_generate_64(trng);
393  uint64_t masked = random;
394  if (size >= 4) {
395  masked ^= be_load_word32(data + size - 4);
396  masked = rightRotate32_64(masked);
397  random = rightRotate32_64(random);
398  size -= 4;
399  }
400  if (size >= 2) {
401  masked ^= be_load_word16(data + size - 2);
402  masked = rightRotate16_64(masked);
403  random = rightRotate16_64(random);
404  size -= 2;
405  }
406  if (size > 0) {
407  masked ^= data[0];
408  masked = rightRotate8_64(masked);
409  random = rightRotate8_64(random);
410  }
411 
412  /* Slice the shares and store to the masked word */
413  random2a = ascon_trng_generate_32(trng);
414  random2b = ascon_trng_generate_32(trng);
415  high = (uint32_t)(masked >> 32);
416  low = (uint32_t)masked;
417  random1a = (uint32_t)(random >> 32);
418  random1b = (uint32_t)random;
419  ascon_separate(random1a);
420  ascon_separate(random1b);
421  ascon_separate(high);
422  ascon_separate(low);
423  word->W[0] = ((high << 16) | (low & 0x0000FFFFU)) ^ random2a;
424  word->W[1] = ((high & 0xFFFF0000U) | (low >> 16)) ^ random2b;
425  high = (random1a << 16) | (random1b & 0x0000FFFFU);
426  low = (random1a & 0xFFFF0000U) | (random1b >> 16);
427  word->W[2] = ascon_mask32_rotate_share1_0(high);
428  word->W[3] = ascon_mask32_rotate_share1_0(low);
429  word->W[4] = ascon_mask32_rotate_share2_0(random2a);
430  word->W[5] = ascon_mask32_rotate_share2_0(random2b);
431 #if ASCON_MASKED_MAX_SHARES >= 4
432  word->W[6] = 0;
433  word->W[7] = 0;
434 #endif
435 }
436 
437 void ascon_masked_word_x3_load_32
438  (ascon_masked_word_t *word, const uint8_t *data1,
439  const uint8_t *data2, ascon_trng_state_t *trng)
440 {
441  uint32_t random1a = ascon_trng_generate_32(trng);
442  uint32_t random1b = ascon_trng_generate_32(trng);
443  uint32_t high = random1a ^ be_load_word32(data1);
444  uint32_t low = random1b ^ be_load_word32(data2);
445  word->W[4] = ascon_trng_generate_32(trng); /* random2a */
446  word->W[5] = ascon_trng_generate_32(trng); /* random2b */
447  ascon_separate(random1a);
448  ascon_separate(random1b);
449  ascon_separate(high);
450  ascon_separate(low);
451  word->W[0] = ((high << 16) | (low & 0x0000FFFFU)) ^
452  ascon_mask32_unrotate_share2_0(word->W[4]);
453  word->W[1] = ((high & 0xFFFF0000U) | (low >> 16)) ^
454  ascon_mask32_unrotate_share2_0(word->W[5]);
455  high = (random1a << 16) | (random1b & 0x0000FFFFU);
456  low = (random1a & 0xFFFF0000U) | (random1b >> 16);
457  word->W[2] = ascon_mask32_rotate_share1_0(high);
458  word->W[3] = ascon_mask32_rotate_share1_0(low);
459 #if ASCON_MASKED_MAX_SHARES >= 4
460  word->W[6] = 0;
461  word->W[7] = 0;
462 #endif
463 }
464 
465 void ascon_masked_word_x3_store
466  (uint8_t *data, const ascon_masked_word_t *word)
467 {
468  uint32_t high1 = (word->W[0] >> 16) | (word->W[1] & 0xFFFF0000U);
469  uint32_t low1 = (word->W[0] & 0x0000FFFFU) | (word->W[1] << 16);
470  uint32_t high2 = ascon_mask32_unrotate_share1_0(word->W[2]) ^
471  ascon_mask32_unrotate_share2_0(word->W[4]);
472  uint32_t low2 = ascon_mask32_unrotate_share1_0(word->W[3]) ^
473  ascon_mask32_unrotate_share2_0(word->W[5]);
474  uint32_t high3 = (high2 >> 16) | (low2 & 0xFFFF0000U);
475  uint32_t low3 = (high2 & 0x0000FFFFU) | (low2 << 16);
476  ascon_combine(high1);
477  ascon_combine(low1);
478  ascon_combine(high3);
479  ascon_combine(low3);
480  be_store_word32(data, high1 ^ high3);
481  be_store_word32(data + 4, low1 ^ low3);
482 }
483 
484 void ascon_masked_word_x3_store_partial
485  (uint8_t *data, unsigned size, const ascon_masked_word_t *word)
486 {
487  uint64_t masked1, masked2;
488  uint32_t high1, low1;
489  uint32_t high2, low2;
490  uint32_t high3, low3;
491 
492  /* Rearrange the bits while still in masked form */
493  high1 = (word->W[0] >> 16) | (word->W[1] & 0xFFFF0000U);
494  low1 = (word->W[0] & 0x0000FFFFU) | (word->W[1] << 16);
495  high2 = ascon_mask32_unrotate_share1_0(word->W[2]) ^
496  ascon_mask32_unrotate_share2_0(word->W[4]);
497  low2 = ascon_mask32_unrotate_share1_0(word->W[3]) ^
498  ascon_mask32_unrotate_share2_0(word->W[5]);
499  high3 = (high2 >> 16) | (low2 & 0xFFFF0000U);
500  low3 = (high2 & 0x0000FFFFU) | (low2 << 16);
501  ascon_combine(high1);
502  ascon_combine(low1);
503  ascon_combine(high3);
504  ascon_combine(low3);
505 
506  /* Convert to 64-bit, unmask, and store the bytes */
507  masked1 = (((uint64_t)high1) << 32) | low1;
508  masked2 = (((uint64_t)high3) << 32) | low3;
509  if (size >= 4) {
510  masked1 = leftRotate32_64(masked1);
511  masked2 = leftRotate32_64(masked2);
512  be_store_word32(data, (uint32_t)(masked1 ^ masked2));
513  data += 4;
514  size -= 4;
515  }
516  if (size >= 2) {
517  masked1 = leftRotate16_64(masked1);
518  masked2 = leftRotate16_64(masked2);
519  be_store_word16(data, (uint16_t)(masked1 ^ masked2));
520  data += 2;
521  size -= 2;
522  }
523  if (size > 0) {
524  masked1 = leftRotate8_64(masked1);
525  masked2 = leftRotate8_64(masked2);
526  data[0] = (uint8_t)(masked1 ^ masked2);
527  }
528 }
529 
530 void ascon_masked_word_x3_randomize
531  (ascon_masked_word_t *dest, const ascon_masked_word_t *src,
532  ascon_trng_state_t *trng)
533 {
534  uint32_t random1a = ascon_trng_generate_32(trng);
535  uint32_t random1b = ascon_trng_generate_32(trng);
536  uint32_t random2a = ascon_trng_generate_32(trng);
537  uint32_t random2b = ascon_trng_generate_32(trng);
538  dest->W[0] = src->W[0] ^ random1a ^ random2a;
539  dest->W[1] = src->W[1] ^ random1b ^ random2b;
540  dest->W[2] = src->W[2] ^ ascon_mask32_rotate_share1_0(random1a);
541  dest->W[3] = src->W[3] ^ ascon_mask32_rotate_share1_0(random1b);
542  dest->W[4] = src->W[4] ^ ascon_mask32_rotate_share2_0(random2a);
543  dest->W[5] = src->W[5] ^ ascon_mask32_rotate_share2_0(random2b);
544 }
545 
546 void ascon_masked_word_x3_xor
547  (ascon_masked_word_t *dest, const ascon_masked_word_t *src)
548 {
549  dest->S[0] ^= src->S[0];
550  dest->S[1] ^= src->S[1];
551  dest->S[2] ^= src->S[2];
552 }
553 
554 void ascon_masked_word_x3_replace
555  (ascon_masked_word_t *dest, const ascon_masked_word_t *src, unsigned size)
556 {
557  uint32_t mask1 = (~((uint32_t)0)) >> (size * 4U);
558  uint32_t mask2 = ~mask1;
559  dest->W[0] = (dest->W[0] & mask1) | (src->W[0] & mask2);
560  dest->W[1] = (dest->W[1] & mask1) | (src->W[1] & mask2);
561  mask1 = ascon_mask32_rotate_share1_0(mask1);
562  mask2 = ascon_mask32_rotate_share1_0(mask2);
563  dest->W[2] = (dest->W[2] & mask1) | (src->W[2] & mask2);
564  dest->W[3] = (dest->W[3] & mask1) | (src->W[3] & mask2);
565  mask1 = ascon_mask32_rotate_share1_0(mask1);
566  mask2 = ascon_mask32_rotate_share1_0(mask2);
567  dest->W[4] = (dest->W[4] & mask1) | (src->W[4] & mask2);
568  dest->W[5] = (dest->W[5] & mask1) | (src->W[5] & mask2);
569 }
570 
571 void ascon_masked_word_x3_from_x2
572  (ascon_masked_word_t *dest, const ascon_masked_word_t *src,
573  ascon_trng_state_t *trng)
574 {
575  uint32_t random1a = ascon_trng_generate_32(trng);
576  uint32_t random1b = ascon_trng_generate_32(trng);
577  uint32_t random2a = ascon_trng_generate_32(trng);
578  uint32_t random2b = ascon_trng_generate_32(trng);
579  dest->W[0] = random1a ^ random2a ^ src->W[0];
580  dest->W[1] = random1b ^ random2b ^ src->W[1];
581  dest->W[2] = ascon_mask32_rotate_share1_0(random1a) ^ src->W[2];
582  dest->W[3] = ascon_mask32_rotate_share1_0(random1b) ^ src->W[3];
583  dest->W[4] = ascon_mask32_rotate_share2_0(random2a);
584  dest->W[5] = ascon_mask32_rotate_share2_0(random2b);
585 #if ASCON_MASKED_MAX_SHARES >= 4
586  dest->W[6] = 0;
587  dest->W[7] = 0;
588 #endif
589 }
590 
591 #if ASCON_MASKED_MAX_SHARES >= 4
592 
593 void ascon_masked_word_x3_from_x4
594  (ascon_masked_word_t *dest, const ascon_masked_word_t *src,
595  ascon_trng_state_t *trng)
596 {
597  uint32_t random1a = ascon_trng_generate_32(trng);
598  uint32_t random1b = ascon_trng_generate_32(trng);
599  uint32_t random2a = ascon_trng_generate_32(trng);
600  uint32_t random2b = ascon_trng_generate_32(trng);
601  dest->W[0] = random1a ^ random2a ^ src->W[0] ^
602  ascon_mask32_unrotate_share3_0(src->W[6]);
603  dest->W[1] = random1b ^ random2b ^ src->W[1] ^
604  ascon_mask32_unrotate_share3_0(src->W[7]);
605  dest->W[2] = ascon_mask32_rotate_share1_0(random1a) ^ src->W[2];
606  dest->W[3] = ascon_mask32_rotate_share1_0(random1b) ^ src->W[3];
607  dest->W[4] = ascon_mask32_rotate_share2_0(random2a) ^ src->W[4];
608  dest->W[5] = ascon_mask32_rotate_share2_0(random2b) ^ src->W[5];
609  dest->W[6] = 0;
610  dest->W[7] = 0;
611 }
612 
613 #endif /* ASCON_MASKED_MAX_SHARES >= 4 */
614 
615 #endif /* ASCON_MASKED_MAX_SHARES >= 3 */
616 
617 #if ASCON_MASKED_MAX_SHARES >= 4
618 
619 void ascon_masked_word_x4_zero
620  (ascon_masked_word_t *word, ascon_trng_state_t *trng)
621 {
622  uint32_t random1a = ascon_trng_generate_32(trng);
623  uint32_t random1b = ascon_trng_generate_32(trng);
624  uint32_t random2a = ascon_trng_generate_32(trng);
625  uint32_t random2b = ascon_trng_generate_32(trng);
626  uint32_t random3a = ascon_trng_generate_32(trng);
627  uint32_t random3b = ascon_trng_generate_32(trng);
628  word->W[0] = random1a ^ random2a ^ random3a;
629  word->W[1] = random1b ^ random2b ^ random3b;
630  word->W[2] = ascon_mask32_rotate_share1_0(random1a);
631  word->W[3] = ascon_mask32_rotate_share1_0(random1b);
632  word->W[4] = ascon_mask32_rotate_share2_0(random2a);
633  word->W[5] = ascon_mask32_rotate_share2_0(random2b);
634  word->W[6] = ascon_mask32_rotate_share3_0(random3a);
635  word->W[7] = ascon_mask32_rotate_share3_0(random3b);
636 }
637 
638 void ascon_masked_word_x4_load
639  (ascon_masked_word_t *word, const uint8_t *data,
640  ascon_trng_state_t *trng)
641 {
642  uint32_t random1a = ascon_trng_generate_32(trng);
643  uint32_t random1b = ascon_trng_generate_32(trng);
644  uint32_t high = random1a ^ be_load_word32(data);
645  uint32_t low = random1b ^ be_load_word32(data + 4);
646  word->W[4] = ascon_trng_generate_32(trng); /* random2a */
647  word->W[5] = ascon_trng_generate_32(trng); /* random2b */
648  word->W[6] = ascon_trng_generate_32(trng); /* random3a */
649  word->W[7] = ascon_trng_generate_32(trng); /* random3b */
650  ascon_separate(random1a);
651  ascon_separate(random1b);
652  ascon_separate(high);
653  ascon_separate(low);
654  word->W[0] = ((high << 16) | (low & 0x0000FFFFU)) ^
655  ascon_mask32_unrotate_share2_0(word->W[4]) ^
656  ascon_mask32_unrotate_share3_0(word->W[6]);
657  word->W[1] = ((high & 0xFFFF0000U) | (low >> 16)) ^
658  ascon_mask32_unrotate_share2_0(word->W[5]) ^
659  ascon_mask32_unrotate_share3_0(word->W[7]);
660  high = (random1a << 16) | (random1b & 0x0000FFFFU);
661  low = (random1a & 0xFFFF0000U) | (random1b >> 16);
662  word->W[2] = ascon_mask32_rotate_share1_0(high);
663  word->W[3] = ascon_mask32_rotate_share1_0(low);
664 }
665 
666 void ascon_masked_word_x4_load_partial
667  (ascon_masked_word_t *word, const uint8_t *data, unsigned size,
668  ascon_trng_state_t *trng)
669 {
670  uint32_t high, low;
671  uint32_t random1a, random1b;
672  uint32_t random2a, random2b;
673  uint32_t random3a, random3b;
674 
675  /* Load as a 64-bit word and mask with the first share */
676  uint64_t random = ascon_trng_generate_64(trng);
677  uint64_t masked = random;
678  if (size >= 4) {
679  masked ^= be_load_word32(data + size - 4);
680  masked = rightRotate32_64(masked);
681  random = rightRotate32_64(random);
682  size -= 4;
683  }
684  if (size >= 2) {
685  masked ^= be_load_word16(data + size - 2);
686  masked = rightRotate16_64(masked);
687  random = rightRotate16_64(random);
688  size -= 2;
689  }
690  if (size > 0) {
691  masked ^= data[0];
692  masked = rightRotate8_64(masked);
693  random = rightRotate8_64(random);
694  }
695 
696  /* Slice the shares and store to the masked word */
697  random2a = ascon_trng_generate_32(trng);
698  random2b = ascon_trng_generate_32(trng);
699  random3a = ascon_trng_generate_32(trng);
700  random3b = ascon_trng_generate_32(trng);
701  high = (uint32_t)(masked >> 32);
702  low = (uint32_t)masked;
703  random1a = (uint32_t)(random >> 32);
704  random1b = (uint32_t)random;
705  ascon_separate(random1a);
706  ascon_separate(random1b);
707  ascon_separate(high);
708  ascon_separate(low);
709  word->W[0] = ((high << 16) | (low & 0x0000FFFFU)) ^ random2a ^ random3a;
710  word->W[1] = ((high & 0xFFFF0000U) | (low >> 16)) ^ random2b ^ random3b;
711  high = (random1a << 16) | (random1b & 0x0000FFFFU);
712  low = (random1a & 0xFFFF0000U) | (random1b >> 16);
713  word->W[2] = ascon_mask32_rotate_share1_0(high);
714  word->W[3] = ascon_mask32_rotate_share1_0(low);
715  word->W[4] = ascon_mask32_rotate_share2_0(random2a);
716  word->W[5] = ascon_mask32_rotate_share2_0(random2b);
717  word->W[6] = ascon_mask32_rotate_share3_0(random3a);
718  word->W[7] = ascon_mask32_rotate_share3_0(random3b);
719 }
720 
721 void ascon_masked_word_x4_load_32
722  (ascon_masked_word_t *word, const uint8_t *data1,
723  const uint8_t *data2, ascon_trng_state_t *trng)
724 {
725  uint32_t random1a = ascon_trng_generate_32(trng);
726  uint32_t random1b = ascon_trng_generate_32(trng);
727  uint32_t high = random1a ^ be_load_word32(data1);
728  uint32_t low = random1b ^ be_load_word32(data2);
729  word->W[4] = ascon_trng_generate_32(trng); /* random2a */
730  word->W[5] = ascon_trng_generate_32(trng); /* random2b */
731  word->W[6] = ascon_trng_generate_32(trng); /* random3a */
732  word->W[7] = ascon_trng_generate_32(trng); /* random3b */
733  ascon_separate(random1a);
734  ascon_separate(random1b);
735  ascon_separate(high);
736  ascon_separate(low);
737  word->W[0] = ((high << 16) | (low & 0x0000FFFFU)) ^
738  ascon_mask32_unrotate_share2_0(word->W[4]) ^
739  ascon_mask32_unrotate_share3_0(word->W[6]);
740  word->W[1] = ((high & 0xFFFF0000U) | (low >> 16)) ^
741  ascon_mask32_unrotate_share2_0(word->W[5]) ^
742  ascon_mask32_unrotate_share3_0(word->W[7]);
743  high = (random1a << 16) | (random1b & 0x0000FFFFU);
744  low = (random1a & 0xFFFF0000U) | (random1b >> 16);
745  word->W[2] = ascon_mask32_rotate_share1_0(high);
746  word->W[3] = ascon_mask32_rotate_share1_0(low);
747 }
748 
749 void ascon_masked_word_x4_store
750  (uint8_t *data, const ascon_masked_word_t *word)
751 {
752  uint32_t high1 = (word->W[0] >> 16) | (word->W[1] & 0xFFFF0000U);
753  uint32_t low1 = (word->W[0] & 0x0000FFFFU) | (word->W[1] << 16);
754  uint32_t high2 = ascon_mask32_unrotate_share1_0(word->W[2]) ^
755  ascon_mask32_unrotate_share2_0(word->W[4]) ^
756  ascon_mask32_unrotate_share3_0(word->W[6]);
757  uint32_t low2 = ascon_mask32_unrotate_share1_0(word->W[3]) ^
758  ascon_mask32_unrotate_share2_0(word->W[5]) ^
759  ascon_mask32_unrotate_share3_0(word->W[7]);
760  uint32_t high3 = (high2 >> 16) | (low2 & 0xFFFF0000U);
761  uint32_t low3 = (high2 & 0x0000FFFFU) | (low2 << 16);
762  ascon_combine(high1);
763  ascon_combine(low1);
764  ascon_combine(high3);
765  ascon_combine(low3);
766  be_store_word32(data, high1 ^ high3);
767  be_store_word32(data + 4, low1 ^ low3);
768 }
769 
770 void ascon_masked_word_x4_store_partial
771  (uint8_t *data, unsigned size, const ascon_masked_word_t *word)
772 {
773  uint64_t masked1, masked2;
774  uint32_t high1, low1;
775  uint32_t high2, low2;
776  uint32_t high3, low3;
777 
778  /* Rearrange the bits while still in masked form */
779  high1 = (word->W[0] >> 16) | (word->W[1] & 0xFFFF0000U);
780  low1 = (word->W[0] & 0x0000FFFFU) | (word->W[1] << 16);
781  high2 = ascon_mask32_unrotate_share1_0(word->W[2]) ^
782  ascon_mask32_unrotate_share2_0(word->W[4]) ^
783  ascon_mask32_unrotate_share3_0(word->W[6]);
784  low2 = ascon_mask32_unrotate_share1_0(word->W[3]) ^
785  ascon_mask32_unrotate_share2_0(word->W[5]) ^
786  ascon_mask32_unrotate_share3_0(word->W[7]);
787  high3 = (high2 >> 16) | (low2 & 0xFFFF0000U);
788  low3 = (high2 & 0x0000FFFFU) | (low2 << 16);
789  ascon_combine(high1);
790  ascon_combine(low1);
791  ascon_combine(high3);
792  ascon_combine(low3);
793 
794  /* Convert to 64-bit, unmask, and store the bytes */
795  masked1 = (((uint64_t)high1) << 32) | low1;
796  masked2 = (((uint64_t)high3) << 32) | low3;
797  if (size >= 4) {
798  masked1 = leftRotate32_64(masked1);
799  masked2 = leftRotate32_64(masked2);
800  be_store_word32(data, (uint32_t)(masked1 ^ masked2));
801  data += 4;
802  size -= 4;
803  }
804  if (size >= 2) {
805  masked1 = leftRotate16_64(masked1);
806  masked2 = leftRotate16_64(masked2);
807  be_store_word16(data, (uint16_t)(masked1 ^ masked2));
808  data += 2;
809  size -= 2;
810  }
811  if (size > 0) {
812  masked1 = leftRotate8_64(masked1);
813  masked2 = leftRotate8_64(masked2);
814  data[0] = (uint8_t)(masked1 ^ masked2);
815  }
816 }
817 
818 void ascon_masked_word_x4_randomize
819  (ascon_masked_word_t *dest, const ascon_masked_word_t *src,
820  ascon_trng_state_t *trng)
821 {
822  uint32_t random1a = ascon_trng_generate_32(trng);
823  uint32_t random1b = ascon_trng_generate_32(trng);
824  uint32_t random2a = ascon_trng_generate_32(trng);
825  uint32_t random2b = ascon_trng_generate_32(trng);
826  uint32_t random3a = ascon_trng_generate_32(trng);
827  uint32_t random3b = ascon_trng_generate_32(trng);
828  dest->W[0] = src->W[0] ^ random1a ^ random2a ^ random3a;
829  dest->W[1] = src->W[1] ^ random1b ^ random2b ^ random3b;
830  dest->W[2] = src->W[2] ^ ascon_mask32_rotate_share1_0(random1a);
831  dest->W[3] = src->W[3] ^ ascon_mask32_rotate_share1_0(random1b);
832  dest->W[4] = src->W[4] ^ ascon_mask32_rotate_share2_0(random2a);
833  dest->W[5] = src->W[5] ^ ascon_mask32_rotate_share2_0(random2b);
834  dest->W[6] = src->W[6] ^ ascon_mask32_rotate_share3_0(random3a);
835  dest->W[7] = src->W[7] ^ ascon_mask32_rotate_share3_0(random3b);
836 }
837 
838 void ascon_masked_word_x4_xor
839  (ascon_masked_word_t *dest, const ascon_masked_word_t *src)
840 {
841  dest->S[0] ^= src->S[0];
842  dest->S[1] ^= src->S[1];
843  dest->S[2] ^= src->S[2];
844  dest->S[3] ^= src->S[3];
845 }
846 
847 void ascon_masked_word_x4_replace
848  (ascon_masked_word_t *dest, const ascon_masked_word_t *src, unsigned size)
849 {
850  uint32_t mask1 = (~((uint32_t)0)) >> (size * 4U);
851  uint32_t mask2 = ~mask1;
852  dest->W[0] = (dest->W[0] & mask1) | (src->W[0] & mask2);
853  dest->W[1] = (dest->W[1] & mask1) | (src->W[1] & mask2);
854  mask1 = ascon_mask32_rotate_share1_0(mask1);
855  mask2 = ascon_mask32_rotate_share1_0(mask2);
856  dest->W[2] = (dest->W[2] & mask1) | (src->W[2] & mask2);
857  dest->W[3] = (dest->W[3] & mask1) | (src->W[3] & mask2);
858  mask1 = ascon_mask32_rotate_share1_0(mask1);
859  mask2 = ascon_mask32_rotate_share1_0(mask2);
860  dest->W[4] = (dest->W[4] & mask1) | (src->W[4] & mask2);
861  dest->W[5] = (dest->W[5] & mask1) | (src->W[5] & mask2);
862  mask1 = ascon_mask32_rotate_share1_0(mask1);
863  mask2 = ascon_mask32_rotate_share1_0(mask2);
864  dest->W[6] = (dest->W[6] & mask1) | (src->W[6] & mask2);
865  dest->W[7] = (dest->W[7] & mask1) | (src->W[7] & mask2);
866 }
867 
868 void ascon_masked_word_x4_from_x2
869  (ascon_masked_word_t *dest, const ascon_masked_word_t *src,
870  ascon_trng_state_t *trng)
871 {
872  uint32_t random1a = ascon_trng_generate_32(trng);
873  uint32_t random1b = ascon_trng_generate_32(trng);
874  uint32_t random2a = ascon_trng_generate_32(trng);
875  uint32_t random2b = ascon_trng_generate_32(trng);
876  uint32_t random3a = ascon_trng_generate_32(trng);
877  uint32_t random3b = ascon_trng_generate_32(trng);
878  dest->W[0] = random1a ^ random2a ^ random3a ^ src->W[0];
879  dest->W[1] = random1b ^ random2b ^ random3b ^ src->W[1];
880  dest->W[2] = ascon_mask32_rotate_share1_0(random1a) ^ src->W[2];
881  dest->W[3] = ascon_mask32_rotate_share1_0(random1b) ^ src->W[3];
882  dest->W[4] = ascon_mask32_rotate_share2_0(random2a);
883  dest->W[5] = ascon_mask32_rotate_share2_0(random2b);
884  dest->W[6] = ascon_mask32_rotate_share3_0(random3a);
885  dest->W[7] = ascon_mask32_rotate_share3_0(random3b);
886 }
887 
888 void ascon_masked_word_x4_from_x3
889  (ascon_masked_word_t *dest, const ascon_masked_word_t *src,
890  ascon_trng_state_t *trng)
891 {
892  uint32_t random1a = ascon_trng_generate_32(trng);
893  uint32_t random1b = ascon_trng_generate_32(trng);
894  uint32_t random2a = ascon_trng_generate_32(trng);
895  uint32_t random2b = ascon_trng_generate_32(trng);
896  uint32_t random3a = ascon_trng_generate_32(trng);
897  uint32_t random3b = ascon_trng_generate_32(trng);
898  dest->W[0] = random1a ^ random2a ^ random3a ^ src->W[0];
899  dest->W[1] = random1b ^ random2b ^ random3b ^ src->W[1];
900  dest->W[2] = ascon_mask32_rotate_share1_0(random1a) ^ src->W[2];
901  dest->W[3] = ascon_mask32_rotate_share1_0(random1b) ^ src->W[3];
902  dest->W[4] = ascon_mask32_rotate_share2_0(random2a) ^ src->W[4];
903  dest->W[5] = ascon_mask32_rotate_share2_0(random2b) ^ src->W[5];
904  dest->W[6] = ascon_mask32_rotate_share3_0(random3a);
905  dest->W[7] = ascon_mask32_rotate_share3_0(random3b);
906 }
907 
908 #endif /* ASCON_MASKED_MAX_SHARES >= 4 */
909 
910 void ascon_masked_word_pad(ascon_masked_word_t *word, unsigned offset)
911 {
912  word->W[1] ^= (((uint32_t)0x80000000U) >> (offset * 4U));
913 }
914 
915 void ascon_masked_word_separator(ascon_masked_word_t *word)
916 {
917  word->W[0] ^= 1;
918 }
919 
920 #endif /* ASCON_MASKED_WORD_BACKEND_C32 */
ascon_masked_word_x4_load_32
void ascon_masked_word_x4_load_32(ascon_masked_word_t *word, const uint8_t *data1, const uint8_t *data2, ascon_trng_state_t *trng)
Loads two 32-bit big endian values from buffers, masks them, and writes the result to a x4 masked wor...
Definition: ascon-masked-word-c64.c:443
ascon_masked_word_pad
void ascon_masked_word_pad(ascon_masked_word_t *word, unsigned offset)
Adds a padding marker to a masked word.
Definition: ascon-masked-word-c64.c:563
ascon_masked_word_x3_replace
void ascon_masked_word_x3_replace(ascon_masked_word_t *dest, const ascon_masked_word_t *src, unsigned size)
Replace part of a destination x3 masked word with part of a source.
Definition: ascon-masked-word-c64.c:339
ascon_masked_word_x2_store_partial
void ascon_masked_word_x2_store_partial(uint8_t *data, unsigned size, const ascon_masked_word_t *word)
Unmasks and stores the contents of a x2 masked word structure to a partial buffer.
Definition: ascon-masked-word-c64.c:117
ascon_masked_word_x2_load
void ascon_masked_word_x2_load(ascon_masked_word_t *word, const uint8_t *data, ascon_trng_state_t *trng)
Loads a 64-bit big endian value from buffer, masks it, and writes it to a x2 masked word structure.
Definition: ascon-masked-word-c64.c:45
ascon_masked_word_x2_store
void ascon_masked_word_x2_store(uint8_t *data, const ascon_masked_word_t *word)
Unmasks and stores the contents of a x2 masked word structure.
Definition: ascon-masked-word-c64.c:110
ascon_masked_word_x4_from_x2
void ascon_masked_word_x4_from_x2(ascon_masked_word_t *dest, const ascon_masked_word_t *src, ascon_trng_state_t *trng)
Converts a x2 masked word into a x4 masked word.
Definition: ascon-masked-word-c64.c:536
ascon_masked_word_x3_store_partial
void ascon_masked_word_x3_store_partial(uint8_t *data, unsigned size, const ascon_masked_word_t *word)
Unmasks and stores the contents of a x3 masked word structure to a partial buffer.
Definition: ascon-masked-word-c64.c:290
ascon_masked_word_x3_from_x2
void ascon_masked_word_x3_from_x2(ascon_masked_word_t *dest, const ascon_masked_word_t *src, ascon_trng_state_t *trng)
Converts a x2 masked word into a x3 masked word.
Definition: ascon-masked-word-c64.c:351
ascon_masked_word_x2_from_x4
void ascon_masked_word_x2_from_x4(ascon_masked_word_t *dest, const ascon_masked_word_t *src, ascon_trng_state_t *trng)
Converts a x4 masked word into a x2 masked word.
Definition: ascon-masked-word-c64.c:189
ascon_masked_word_x4_load
void ascon_masked_word_x4_load(ascon_masked_word_t *word, const uint8_t *data, ascon_trng_state_t *trng)
Loads a 64-bit big endian value from buffer, masks it, and writes it to a x4 masked word structure.
Definition: ascon-masked-word-c64.c:398
ascon_masked_word_x2_zero
void ascon_masked_word_x2_zero(ascon_masked_word_t *word, ascon_trng_state_t *trng)
Sets a x2 masked word to zero.
Definition: ascon-masked-word-c64.c:31
ascon_masked_word_x4_load_partial
void ascon_masked_word_x4_load_partial(ascon_masked_word_t *word, const uint8_t *data, unsigned size, ascon_trng_state_t *trng)
Loads a 8-bit to 56-bit big endian value from buffer, masks it, and writes it to a x4 masked word str...
Definition: ascon-masked-word-c64.c:411
ascon_masked_word_separator
void ascon_masked_word_separator(ascon_masked_word_t *word)
Adds a separator marker to a masked word.
Definition: ascon-masked-word-c64.c:568
ascon_masked_word_x3_load
void ascon_masked_word_x3_load(ascon_masked_word_t *word, const uint8_t *data, ascon_trng_state_t *trng)
Loads a 64-bit big endian value from buffer, masks it, and writes it to a x3 masked word structure.
Definition: ascon-masked-word-c64.c:220
ascon_masked_word_x2_from_x3
void ascon_masked_word_x2_from_x3(ascon_masked_word_t *dest, const ascon_masked_word_t *src, ascon_trng_state_t *trng)
Converts a x3 masked word into a x2 masked word.
Definition: ascon-masked-word-c64.c:171
ascon_masked_word_x3_load_32
void ascon_masked_word_x3_load_32(ascon_masked_word_t *word, const uint8_t *data1, const uint8_t *data2, ascon_trng_state_t *trng)
Loads two 32-bit big endian values from buffers, masks them, and writes the result to a x3 masked wor...
Definition: ascon-masked-word-c64.c:267
ascon_masked_word_x3_from_x4
void ascon_masked_word_x3_from_x4(ascon_masked_word_t *dest, const ascon_masked_word_t *src, ascon_trng_state_t *trng)
Converts a x4 masked word into a x3 masked word.
Definition: ascon-masked-word-c64.c:367
ascon_masked_word_x4_replace
void ascon_masked_word_x4_replace(ascon_masked_word_t *dest, const ascon_masked_word_t *src, unsigned size)
Replace part of a destination x4 masked word with part of a source.
Definition: ascon-masked-word-c64.c:522
ascon_masked_word_x4_store_partial
void ascon_masked_word_x4_store_partial(uint8_t *data, unsigned size, const ascon_masked_word_t *word)
Unmasks and stores the contents of a x4 masked word structure to a partial buffer.
Definition: ascon-masked-word-c64.c:466
ascon_masked_word_x2_load_partial
void ascon_masked_word_x2_load_partial(ascon_masked_word_t *word, const uint8_t *data, unsigned size, ascon_trng_state_t *trng)
Loads a 8-bit to 56-bit big endian value from buffer, masks it, and writes it to a x2 masked word str...
Definition: ascon-masked-word-c64.c:60
ascon_masked_word_x3_randomize
void ascon_masked_word_x3_randomize(ascon_masked_word_t *dest, const ascon_masked_word_t *src, ascon_trng_state_t *trng)
Randomizes a x3 masked word by incorporating fresh randomness.
Definition: ascon-masked-word-c64.c:320
ascon_masked_word_x2_load_32
void ascon_masked_word_x2_load_32(ascon_masked_word_t *word, const uint8_t *data1, const uint8_t *data2, ascon_trng_state_t *trng)
Loads two 32-bit big endian values from buffers, masks them, and writes the result to a x2 masked wor...
Definition: ascon-masked-word-c64.c:94
ascon_masked_word_x4_from_x3
void ascon_masked_word_x4_from_x3(ascon_masked_word_t *dest, const ascon_masked_word_t *src, ascon_trng_state_t *trng)
Converts a x3 masked word into a x4 masked word.
Definition: ascon-masked-word-c64.c:549
ascon_masked_word_x4_xor
void ascon_masked_word_x4_xor(ascon_masked_word_t *dest, const ascon_masked_word_t *src)
XOR's a source x4 masked word against a destination x4 masked word.
Definition: ascon-masked-word-c64.c:513
ascon_masked_word_x2_replace
void ascon_masked_word_x2_replace(ascon_masked_word_t *dest, const ascon_masked_word_t *src, unsigned size)
Replace part of a destination x2 masked word with part of a source.
Definition: ascon-masked-word-c64.c:159
ascon_masked_word_x3_load_partial
void ascon_masked_word_x3_load_partial(ascon_masked_word_t *word, const uint8_t *data, unsigned size, ascon_trng_state_t *trng)
Loads a 8-bit to 56-bit big endian value from buffer, masks it, and writes it to a x3 masked word str...
Definition: ascon-masked-word-c64.c:234
ascon_masked_word_x3_xor
void ascon_masked_word_x3_xor(ascon_masked_word_t *dest, const ascon_masked_word_t *src)
XOR's a source x3 masked word against a destination x3 masked word.
Definition: ascon-masked-word-c64.c:331
ascon_masked_word_x4_randomize
void ascon_masked_word_x4_randomize(ascon_masked_word_t *dest, const ascon_masked_word_t *src, ascon_trng_state_t *trng)
Randomizes a x4 masked word by incorporating fresh randomness.
Definition: ascon-masked-word-c64.c:500
ascon_masked_word_x4_zero
void ascon_masked_word_x4_zero(ascon_masked_word_t *word, ascon_trng_state_t *trng)
Sets a x4 masked word to zero.
Definition: ascon-masked-word-c64.c:386
ascon_masked_word_x4_store
void ascon_masked_word_x4_store(uint8_t *data, const ascon_masked_word_t *word)
Unmasks and stores the contents of a x4 masked word structure.
Definition: ascon-masked-word-c64.c:457
ascon_masked_word_x3_zero
void ascon_masked_word_x3_zero(ascon_masked_word_t *word, ascon_trng_state_t *trng)
Sets a x3 masked word to zero.
Definition: ascon-masked-word-c64.c:206
ascon_masked_word_x3_store
void ascon_masked_word_x3_store(uint8_t *data, const ascon_masked_word_t *word)
Unmasks and stores the contents of a x3 masked word structure.
Definition: ascon-masked-word-c64.c:282
ascon_masked_word_x2_xor
void ascon_masked_word_x2_xor(ascon_masked_word_t *dest, const ascon_masked_word_t *src)
XOR's a source x2 masked word against a destination x2 masked word.
Definition: ascon-masked-word-c64.c:152
ascon_masked_word_x2_randomize
void ascon_masked_word_x2_randomize(ascon_masked_word_t *dest, const ascon_masked_word_t *src, ascon_trng_state_t *trng)
Randomizes a x2 masked word by incorporating fresh randomness.
Definition: ascon-masked-word-c64.c:143
ascon-masked-word.h
Utility functions for operating on masked words.
ascon_mask32_unrotate_share3_1
#define ascon_mask32_unrotate_share3_1(x)
Unrotates 32-bit masked share 3 with respect to share 1.
Definition: ascon-masked-word.h:286
ascon_mask32_unrotate_share2_1
#define ascon_mask32_unrotate_share2_1(x)
Unrotates 32-bit masked share 2 with respect to share 1.
Definition: ascon-masked-word.h:268
ascon_mask32_unrotate_share2_0
#define ascon_mask32_unrotate_share2_0(x)
Unrotates 32-bit masked share 2 with respect to share 0.
Definition: ascon-masked-word.h:259
ascon_mask32_rotate_share3_0
#define ascon_mask32_rotate_share3_0(x)
Rotates 32-bit masked share 3 with respect to share 0.
Definition: ascon-masked-word.h:223
ascon_mask32_rotate_share2_0
#define ascon_mask32_rotate_share2_0(x)
Rotates 32-bit masked share 2 with respect to share 0.
Definition: ascon-masked-word.h:205
ascon_mask32_unrotate_share1_0
#define ascon_mask32_unrotate_share1_0(x)
Unrotates 32-bit masked share 1 with respect to share 0.
Definition: ascon-masked-word.h:250
ascon_mask32_rotate_share1_0
#define ascon_mask32_rotate_share1_0(x)
Rotates 32-bit masked share 1 with respect to share 0.
Definition: ascon-masked-word.h:196
ascon_mask32_unrotate_share3_0
#define ascon_mask32_unrotate_share3_0(x)
Unrotates 32-bit masked share 3 with respect to share 0.
Definition: ascon-masked-word.h:277
ascon_trng_generate_32
uint32_t ascon_trng_generate_32(ascon_trng_state_t *state)
Generates a 32-bit random value for masking operations.
Definition: ascon-trng-mixer.c:53
ascon_trng_generate_64
uint64_t ascon_trng_generate_64(ascon_trng_state_t *state)
Generates a 64-bit random value for masking operations.
Definition: ascon-trng-mixer.c:75
be_load_word16
#define be_load_word16(ptr)
Definition: ascon-util.h:157
leftRotate16_64
#define leftRotate16_64(a)
Definition: ascon-util.h:517
be_store_word16
#define be_store_word16(ptr, x)
Definition: ascon-util.h:162
rightRotate8_64
#define rightRotate8_64(a)
Definition: ascon-util.h:575
be_load_word32
#define be_load_word32(ptr)
Definition: ascon-util.h:68
rightRotate16_64
#define rightRotate16_64(a)
Definition: ascon-util.h:583
leftRotate32_64
#define leftRotate32_64(a)
Definition: ascon-util.h:533
rightRotate32_64
#define rightRotate32_64(a)
Definition: ascon-util.h:599
leftRotate8_64
#define leftRotate8_64(a)
Definition: ascon-util.h:509
be_store_word32
#define be_store_word32(ptr, x)
Definition: ascon-util.h:75
data
unsigned char data[8]
[snippet_key]
Definition: snippets.c:14
ascon_trng_state_t
State of the random number source.
Definition: ascon-trng.h:64
ascon_masked_word_t
Masked 64-bit word with up to ASCON_MASKED_MAX_SHARES shares.
Definition: ascon-masked-word.h:67
ascon_masked_word_t::W
uint32_t W[ASCON_MASKED_MAX_SHARES *2]
Definition: ascon-masked-word.h:72
ascon_masked_word_t::S
uint64_t S[ASCON_MASKED_MAX_SHARES]
Definition: ascon-masked-word.h:69
Generated on Sun Mar 19 2023 13:56:57 for ASCON Suite by doxygen 1.9.1