ASCON Suite
ascon-masked-word-c64.c
Go to the documentation of this file.
1 /*
2  * Copyright (C) 2022 Southern Storm Software, Pty Ltd.
3  *
4  * Permission is hereby granted, free of charge, to any person obtaining a
5  * copy of this software and associated documentation files (the "Software"),
6  * to deal in the Software without restriction, including without limitation
7  * the rights to use, copy, modify, merge, publish, distribute, sublicense,
8  * and/or sell copies of the Software, and to permit persons to whom the
9  * Software is furnished to do so, subject to the following conditions:
10  *
11  * The above copyright notice and this permission notice shall be included
12  * in all copies or substantial portions of the Software.
13  *
14  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
15  * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17  * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
19  * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
20  * DEALINGS IN THE SOFTWARE.
21  */
22 
23 #include "ascon-masked-word.h"
24 
25 #if defined(ASCON_MASKED_WORD_BACKEND_C64)
26 
27 /* Masked word load/store functions that should be written in assembly
28  * code so as to carefully mask the values with minimal leakage. */
29 
30 void ascon_masked_word_x2_zero
31  (ascon_masked_word_t *word, ascon_trng_state_t *trng)
32 {
33  uint64_t random = ascon_trng_generate_64(trng);
34  word->S[0] = random;
35  word->S[1] = ascon_mask64_rotate_share1_0(random);
36 #if ASCON_MASKED_MAX_SHARES >= 3
37  word->S[2] = 0;
38 #endif
39 #if ASCON_MASKED_MAX_SHARES >= 4
40  word->S[3] = 0;
41 #endif
42 }
43 
44 void ascon_masked_word_x2_load
45  (ascon_masked_word_t *word, const uint8_t *data,
46  ascon_trng_state_t *trng)
47 {
48  uint64_t random = ascon_trng_generate_64(trng);
49  word->S[0] = random ^ be_load_word64(data);
50  word->S[1] = ascon_mask64_rotate_share1_0(random);
51 #if ASCON_MASKED_MAX_SHARES >= 3
52  word->S[2] = 0;
53 #endif
54 #if ASCON_MASKED_MAX_SHARES >= 4
55  word->S[3] = 0;
56 #endif
57 }
58 
59 void ascon_masked_word_x2_load_partial
60  (ascon_masked_word_t *word, const uint8_t *data, unsigned size,
61  ascon_trng_state_t *trng)
62 {
63  uint64_t random = ascon_trng_generate_64(trng);
64  uint64_t masked = random;
65  random = ascon_mask64_rotate_share1_0(random);
66  if (size >= 4) {
67  masked ^= be_load_word32(data + size - 4);
68  masked = rightRotate32_64(masked);
69  random = rightRotate32_64(random);
70  size -= 4;
71  }
72  if (size >= 2) {
73  masked ^= be_load_word16(data + size - 2);
74  masked = rightRotate16_64(masked);
75  random = rightRotate16_64(random);
76  size -= 2;
77  }
78  if (size > 0) {
79  masked ^= data[0];
80  masked = rightRotate8_64(masked);
81  random = rightRotate8_64(random);
82  }
83  word->S[0] = masked;
84  word->S[1] = random;
85 #if ASCON_MASKED_MAX_SHARES >= 3
86  word->S[2] = 0;
87 #endif
88 #if ASCON_MASKED_MAX_SHARES >= 4
89  word->S[3] = 0;
90 #endif
91 }
92 
93 void ascon_masked_word_x2_load_32
94  (ascon_masked_word_t *word, const uint8_t *data1,
95  const uint8_t *data2, ascon_trng_state_t *trng)
96 {
97  uint64_t random = ascon_trng_generate_64(trng);
98  word->S[0] = random ^ ((uint64_t)be_load_word32(data1)) << 32;
99  word->S[0] ^= be_load_word32(data2);
100  word->S[1] = ascon_mask64_rotate_share1_0(random);
101 #if ASCON_MASKED_MAX_SHARES >= 3
102  word->S[2] = 0;
103 #endif
104 #if ASCON_MASKED_MAX_SHARES >= 4
105  word->S[3] = 0;
106 #endif
107 }
108 
109 void ascon_masked_word_x2_store
110  (uint8_t *data, const ascon_masked_word_t *word)
111 {
112  be_store_word64
113  (data, word->S[0] ^ ascon_mask64_unrotate_share1_0(word->S[1]));
114 }
115 
116 void ascon_masked_word_x2_store_partial
117  (uint8_t *data, unsigned size, const ascon_masked_word_t *word)
118 {
119  uint64_t masked1 = word->S[0];
120  uint64_t masked2 = ascon_mask64_unrotate_share1_0(word->S[1]);
121  if (size >= 4) {
122  masked1 = leftRotate32_64(masked1);
123  masked2 = leftRotate32_64(masked2);
124  be_store_word32(data, (uint32_t)(masked1 ^ masked2));
125  data += 4;
126  size -= 4;
127  }
128  if (size >= 2) {
129  masked1 = leftRotate16_64(masked1);
130  masked2 = leftRotate16_64(masked2);
131  be_store_word16(data, (uint16_t)(masked1 ^ masked2));
132  data += 2;
133  size -= 2;
134  }
135  if (size > 0) {
136  masked1 = leftRotate8_64(masked1);
137  masked2 = leftRotate8_64(masked2);
138  data[0] = (uint8_t)(masked1 ^ masked2);
139  }
140 }
141 
142 void ascon_masked_word_x2_randomize
143  (ascon_masked_word_t *dest, const ascon_masked_word_t *src,
144  ascon_trng_state_t *trng)
145 {
146  uint64_t random = ascon_trng_generate_64(trng);
147  dest->S[0] = src->S[0] ^ random;
148  dest->S[1] = src->S[1] ^ ascon_mask64_rotate_share1_0(random);
149 }
150 
151 void ascon_masked_word_x2_xor
152  (ascon_masked_word_t *dest, const ascon_masked_word_t *src)
153 {
154  dest->S[0] ^= src->S[0];
155  dest->S[1] ^= src->S[1];
156 }
157 
158 void ascon_masked_word_x2_replace
159  (ascon_masked_word_t *dest, const ascon_masked_word_t *src, unsigned size)
160 {
161  uint64_t mask1 = (~((uint64_t)0)) >> (size * 8U);
162  uint64_t mask2 = ~mask1;
163  dest->S[0] = (dest->S[0] & mask1) | (src->S[0] & mask2);
164  dest->S[1] = (dest->S[1] & ascon_mask64_rotate_share1_0(mask1)) |
165  ( src->S[1] & ascon_mask64_rotate_share1_0(mask2));
166 }
167 
168 #if ASCON_MASKED_MAX_SHARES >= 3
169 
170 void ascon_masked_word_x2_from_x3
171  (ascon_masked_word_t *dest, const ascon_masked_word_t *src,
172  ascon_trng_state_t *trng)
173 {
174  uint64_t random = ascon_trng_generate_64(trng);
175  dest->S[0] = random ^ src->S[0];
176  dest->S[1] = (ascon_mask64_rotate_share1_0(random) ^ src->S[1]) ^
177  ascon_mask64_unrotate_share2_1(src->S[2]);
178  dest->S[2] = 0;
179 #if ASCON_MASKED_MAX_SHARES >= 4
180  dest->S[3] = 0;
181 #endif
182 }
183 
184 #endif /* ASCON_MASKED_MAX_SHARES >= 3 */
185 
186 #if ASCON_MASKED_MAX_SHARES >= 4
187 
188 void ascon_masked_word_x2_from_x4
189  (ascon_masked_word_t *dest, const ascon_masked_word_t *src,
190  ascon_trng_state_t *trng)
191 {
192  uint64_t random = ascon_trng_generate_64(trng);
193  dest->S[0] = (random ^ src->S[0]) ^
194  ascon_mask64_unrotate_share2_0(src->S[2]);
195  dest->S[1] = (ascon_mask64_rotate_share1_0(random) ^ src->S[1]) ^
196  ascon_mask64_unrotate_share3_1(src->S[3]);
197  dest->S[2] = 0;
198  dest->S[3] = 0;
199 }
200 
201 #endif /* ASCON_MASKED_MAX_SHARES >= 4 */
202 
203 #if ASCON_MASKED_MAX_SHARES >= 3
204 
205 void ascon_masked_word_x3_zero
206  (ascon_masked_word_t *word, ascon_trng_state_t *trng)
207 {
208  uint64_t random1 = ascon_trng_generate_64(trng);
209  uint64_t random2 = ascon_trng_generate_64(trng);
210  word->S[0] = random1 ^ random2;
211  word->S[1] = ascon_mask64_rotate_share1_0(random1);
212  word->S[2] = ascon_mask64_rotate_share2_0(random2);
213  word->S[3] = 0;
214 #if ASCON_MASKED_MAX_SHARES >= 4
215  word->S[3] = 0;
216 #endif
217 }
218 
219 void ascon_masked_word_x3_load
220  (ascon_masked_word_t *word, const uint8_t *data,
221  ascon_trng_state_t *trng)
222 {
223  uint64_t random1 = ascon_trng_generate_64(trng);
224  uint64_t random2 = ascon_trng_generate_64(trng);
225  word->S[0] = random1 ^ random2 ^ be_load_word64(data);
226  word->S[1] = ascon_mask64_rotate_share1_0(random1);
227  word->S[2] = ascon_mask64_rotate_share2_0(random2);
228 #if ASCON_MASKED_MAX_SHARES >= 4
229  word->S[3] = 0;
230 #endif
231 }
232 
233 void ascon_masked_word_x3_load_partial
234  (ascon_masked_word_t *word, const uint8_t *data, unsigned size,
235  ascon_trng_state_t *trng)
236 {
237  uint64_t random1 = ascon_trng_generate_64(trng);
238  uint64_t random2 = ascon_trng_generate_64(trng);
239  uint64_t masked = random1;
240  random1 = ascon_mask64_rotate_share1_0(random1);
241  if (size >= 4) {
242  masked ^= be_load_word32(data + size - 4);
243  masked = rightRotate32_64(masked);
244  random1 = rightRotate32_64(random1);
245  size -= 4;
246  }
247  if (size >= 2) {
248  masked ^= be_load_word16(data + size - 2);
249  masked = rightRotate16_64(masked);
250  random1 = rightRotate16_64(random1);
251  size -= 2;
252  }
253  if (size > 0) {
254  masked ^= data[0];
255  masked = rightRotate8_64(masked);
256  random1 = rightRotate8_64(random1);
257  }
258  word->S[0] = masked ^ random2;
259  word->S[1] = random1;
260  word->S[2] = ascon_mask64_rotate_share2_0(random2);
261 #if ASCON_MASKED_MAX_SHARES >= 4
262  word->S[3] = 0;
263 #endif
264 }
265 
266 void ascon_masked_word_x3_load_32
267  (ascon_masked_word_t *word, const uint8_t *data1,
268  const uint8_t *data2, ascon_trng_state_t *trng)
269 {
270  uint64_t random1 = ascon_trng_generate_64(trng);
271  uint64_t random2 = ascon_trng_generate_64(trng);
272  word->S[0] = random1 ^ ((uint64_t)be_load_word32(data1)) << 32;
273  word->S[0] ^= random2 ^ be_load_word32(data2);
274  word->S[1] = ascon_mask64_rotate_share1_0(random1);
275  word->S[2] = ascon_mask64_rotate_share2_0(random2);
276 #if ASCON_MASKED_MAX_SHARES >= 4
277  word->S[3] = 0;
278 #endif
279 }
280 
281 void ascon_masked_word_x3_store
282  (uint8_t *data, const ascon_masked_word_t *word)
283 {
284  be_store_word64
285  (data, word->S[0] ^ ascon_mask64_unrotate_share1_0(word->S[1])
286  ^ ascon_mask64_unrotate_share2_0(word->S[2]));
287 }
288 
289 void ascon_masked_word_x3_store_partial
290  (uint8_t *data, unsigned size, const ascon_masked_word_t *word)
291 {
292  uint64_t masked1 = word->S[0];
293  uint64_t masked2 = ascon_mask64_unrotate_share1_0(word->S[1]);
294  uint64_t masked3 = ascon_mask64_unrotate_share2_0(word->S[2]);
295  if (size >= 4) {
296  masked1 = leftRotate32_64(masked1);
297  masked2 = leftRotate32_64(masked2);
298  masked3 = leftRotate32_64(masked3);
299  be_store_word32(data, (uint32_t)(masked1 ^ masked2 ^ masked3));
300  data += 4;
301  size -= 4;
302  }
303  if (size >= 2) {
304  masked1 = leftRotate16_64(masked1);
305  masked2 = leftRotate16_64(masked2);
306  masked3 = leftRotate16_64(masked3);
307  be_store_word16(data, (uint16_t)(masked1 ^ masked2 ^ masked3));
308  data += 2;
309  size -= 2;
310  }
311  if (size > 0) {
312  masked1 = leftRotate8_64(masked1);
313  masked2 = leftRotate8_64(masked2);
314  masked3 = leftRotate8_64(masked3);
315  data[0] = (uint8_t)(masked1 ^ masked2 ^ masked3);
316  }
317 }
318 
319 void ascon_masked_word_x3_randomize
320  (ascon_masked_word_t *dest, const ascon_masked_word_t *src,
321  ascon_trng_state_t *trng)
322 {
323  uint64_t random1 = ascon_trng_generate_64(trng);
324  uint64_t random2 = ascon_trng_generate_64(trng);
325  dest->S[0] = src->S[0] ^ random1 ^ random2;
326  dest->S[1] = src->S[1] ^ ascon_mask64_rotate_share1_0(random1);
327  dest->S[2] = src->S[2] ^ ascon_mask64_rotate_share2_0(random2);
328 }
329 
330 void ascon_masked_word_x3_xor
331  (ascon_masked_word_t *dest, const ascon_masked_word_t *src)
332 {
333  dest->S[0] ^= src->S[0];
334  dest->S[1] ^= src->S[1];
335  dest->S[2] ^= src->S[2];
336 }
337 
338 void ascon_masked_word_x3_replace
339  (ascon_masked_word_t *dest, const ascon_masked_word_t *src, unsigned size)
340 {
341  uint64_t mask1 = (~((uint64_t)0)) >> (size * 8U);
342  uint64_t mask2 = ~mask1;
343  dest->S[0] = (dest->S[0] & mask1) | (src->S[0] & mask2);
344  dest->S[1] = (dest->S[1] & ascon_mask64_rotate_share1_0(mask1)) |
345  ( src->S[1] & ascon_mask64_rotate_share1_0(mask2));
346  dest->S[2] = (dest->S[2] & ascon_mask64_rotate_share2_0(mask1)) |
347  ( src->S[2] & ascon_mask64_rotate_share2_0(mask2));
348 }
349 
350 void ascon_masked_word_x3_from_x2
351  (ascon_masked_word_t *dest, const ascon_masked_word_t *src,
352  ascon_trng_state_t *trng)
353 {
354  uint64_t random1 = ascon_trng_generate_64(trng);
355  uint64_t random2 = ascon_trng_generate_64(trng);
356  dest->S[0] = random1 ^ random2 ^ src->S[0];
357  dest->S[1] = ascon_mask64_rotate_share1_0(random1) ^ src->S[1];
358  dest->S[2] = ascon_mask64_rotate_share2_0(random2);
359 #if ASCON_MASKED_MAX_SHARES >= 4
360  dest->S[3] = 0;
361 #endif
362 }
363 
364 #if ASCON_MASKED_MAX_SHARES >= 4
365 
366 void ascon_masked_word_x3_from_x4
367  (ascon_masked_word_t *dest, const ascon_masked_word_t *src,
368  ascon_trng_state_t *trng)
369 {
370  uint64_t random1 = ascon_trng_generate_64(trng);
371  uint64_t random2 = ascon_trng_generate_64(trng);
372  dest->S[0] = (random1 ^ random2 ^ src->S[0]) ^
373  ascon_mask64_unrotate_share3_0(src->S[3]);
374  dest->S[1] = ascon_mask64_rotate_share1_0(random1) ^ src->S[1];
375  dest->S[2] = ascon_mask64_rotate_share2_0(random2) ^ src->S[2];
376  dest->S[3] = 0;
377 }
378 
379 #endif /* ASCON_MASKED_MAX_SHARES >= 4 */
380 
381 #endif /* ASCON_MASKED_MAX_SHARES >= 3 */
382 
383 #if ASCON_MASKED_MAX_SHARES >= 4
384 
385 void ascon_masked_word_x4_zero
386  (ascon_masked_word_t *word, ascon_trng_state_t *trng)
387 {
388  uint64_t random1 = ascon_trng_generate_64(trng);
389  uint64_t random2 = ascon_trng_generate_64(trng);
390  uint64_t random3 = ascon_trng_generate_64(trng);
391  word->S[0] = random1 ^ random2 ^ random3;
392  word->S[1] = ascon_mask64_rotate_share1_0(random1);
393  word->S[2] = ascon_mask64_rotate_share2_0(random2);
394  word->S[3] = ascon_mask64_rotate_share3_0(random3);
395 }
396 
397 void ascon_masked_word_x4_load
398  (ascon_masked_word_t *word, const uint8_t *data,
399  ascon_trng_state_t *trng)
400 {
401  uint64_t random1 = ascon_trng_generate_64(trng);
402  uint64_t random2 = ascon_trng_generate_64(trng);
403  uint64_t random3 = ascon_trng_generate_64(trng);
404  word->S[0] = random1 ^ random2 ^ random3 ^ be_load_word64(data);
405  word->S[1] = ascon_mask64_rotate_share1_0(random1);
406  word->S[2] = ascon_mask64_rotate_share2_0(random2);
407  word->S[3] = ascon_mask64_rotate_share3_0(random3);
408 }
409 
410 void ascon_masked_word_x4_load_partial
411  (ascon_masked_word_t *word, const uint8_t *data, unsigned size,
412  ascon_trng_state_t *trng)
413 {
414  uint64_t random1 = ascon_trng_generate_64(trng);
415  uint64_t random2 = ascon_trng_generate_64(trng);
416  uint64_t random3 = ascon_trng_generate_64(trng);
417  uint64_t masked = random1;
418  random1 = ascon_mask64_rotate_share1_0(random1);
419  if (size >= 4) {
420  masked ^= be_load_word32(data + size - 4);
421  masked = rightRotate32_64(masked);
422  random1 = rightRotate32_64(random1);
423  size -= 4;
424  }
425  if (size >= 2) {
426  masked ^= be_load_word16(data + size - 2);
427  masked = rightRotate16_64(masked);
428  random1 = rightRotate16_64(random1);
429  size -= 2;
430  }
431  if (size > 0) {
432  masked ^= data[0];
433  masked = rightRotate8_64(masked);
434  random1 = rightRotate8_64(random1);
435  }
436  word->S[0] = masked ^ random2 ^ random3;
437  word->S[1] = random1;
438  word->S[2] = ascon_mask64_rotate_share2_0(random2);
439  word->S[3] = ascon_mask64_rotate_share3_0(random3);
440 }
441 
442 void ascon_masked_word_x4_load_32
443  (ascon_masked_word_t *word, const uint8_t *data1,
444  const uint8_t *data2, ascon_trng_state_t *trng)
445 {
446  uint64_t random1 = ascon_trng_generate_64(trng);
447  uint64_t random2 = ascon_trng_generate_64(trng);
448  uint64_t random3 = ascon_trng_generate_64(trng);
449  word->S[0] = random1 ^ random2 ^ ((uint64_t)be_load_word32(data1)) << 32;
450  word->S[0] ^= random3 ^ be_load_word32(data2);
451  word->S[1] = ascon_mask64_rotate_share1_0(random1);
452  word->S[2] = ascon_mask64_rotate_share2_0(random2);
453  word->S[3] = ascon_mask64_rotate_share3_0(random3);
454 }
455 
456 void ascon_masked_word_x4_store
457  (uint8_t *data, const ascon_masked_word_t *word)
458 {
459  be_store_word64
460  (data, word->S[0] ^ ascon_mask64_unrotate_share1_0(word->S[1])
461  ^ ascon_mask64_unrotate_share2_0(word->S[2])
462  ^ ascon_mask64_unrotate_share3_0(word->S[3]));
463 }
464 
465 void ascon_masked_word_x4_store_partial
466  (uint8_t *data, unsigned size, const ascon_masked_word_t *word)
467 {
468  uint64_t masked1 = word->S[0];
469  uint64_t masked2 = ascon_mask64_unrotate_share1_0(word->S[1]);
470  uint64_t masked3 = ascon_mask64_unrotate_share2_0(word->S[2]);
471  uint64_t masked4 = ascon_mask64_unrotate_share3_0(word->S[3]);
472  if (size >= 4) {
473  masked1 = leftRotate32_64(masked1);
474  masked2 = leftRotate32_64(masked2);
475  masked3 = leftRotate32_64(masked3);
476  masked4 = leftRotate32_64(masked4);
477  be_store_word32(data, (uint32_t)(masked1 ^ masked2 ^ masked3 ^ masked4));
478  data += 4;
479  size -= 4;
480  }
481  if (size >= 2) {
482  masked1 = leftRotate16_64(masked1);
483  masked2 = leftRotate16_64(masked2);
484  masked3 = leftRotate16_64(masked3);
485  masked4 = leftRotate16_64(masked4);
486  be_store_word16(data, (uint16_t)(masked1 ^ masked2 ^ masked3 ^ masked4));
487  data += 2;
488  size -= 2;
489  }
490  if (size > 0) {
491  masked1 = leftRotate8_64(masked1);
492  masked2 = leftRotate8_64(masked2);
493  masked3 = leftRotate8_64(masked3);
494  masked4 = leftRotate8_64(masked4);
495  data[0] = (uint8_t)(masked1 ^ masked2 ^ masked3 ^ masked4);
496  }
497 }
498 
499 void ascon_masked_word_x4_randomize
500  (ascon_masked_word_t *dest, const ascon_masked_word_t *src,
501  ascon_trng_state_t *trng)
502 {
503  uint64_t random1 = ascon_trng_generate_64(trng);
504  uint64_t random2 = ascon_trng_generate_64(trng);
505  uint64_t random3 = ascon_trng_generate_64(trng);
506  dest->S[0] = src->S[0] ^ random1 ^ random2 ^ random3;
507  dest->S[1] = src->S[1] ^ ascon_mask64_rotate_share1_0(random1);
508  dest->S[2] = src->S[2] ^ ascon_mask64_rotate_share2_0(random2);
509  dest->S[3] = src->S[3] ^ ascon_mask64_rotate_share3_0(random3);
510 }
511 
512 void ascon_masked_word_x4_xor
513  (ascon_masked_word_t *dest, const ascon_masked_word_t *src)
514 {
515  dest->S[0] ^= src->S[0];
516  dest->S[1] ^= src->S[1];
517  dest->S[2] ^= src->S[2];
518  dest->S[3] ^= src->S[3];
519 }
520 
521 void ascon_masked_word_x4_replace
522  (ascon_masked_word_t *dest, const ascon_masked_word_t *src, unsigned size)
523 {
524  uint64_t mask1 = (~((uint64_t)0)) >> (size * 8U);
525  uint64_t mask2 = ~mask1;
526  dest->S[0] = (dest->S[0] & mask1) | (src->S[0] & mask2);
527  dest->S[1] = (dest->S[1] & ascon_mask64_rotate_share1_0(mask1)) |
528  ( src->S[1] & ascon_mask64_rotate_share1_0(mask2));
529  dest->S[2] = (dest->S[2] & ascon_mask64_rotate_share2_0(mask1)) |
530  ( src->S[2] & ascon_mask64_rotate_share2_0(mask2));
531  dest->S[3] = (dest->S[3] & ascon_mask64_rotate_share3_0(mask1)) |
532  ( src->S[3] & ascon_mask64_rotate_share3_0(mask2));
533 }
534 
535 void ascon_masked_word_x4_from_x2
536  (ascon_masked_word_t *dest, const ascon_masked_word_t *src,
537  ascon_trng_state_t *trng)
538 {
539  uint64_t random1 = ascon_trng_generate_64(trng);
540  uint64_t random2 = ascon_trng_generate_64(trng);
541  uint64_t random3 = ascon_trng_generate_64(trng);
542  dest->S[0] = random1 ^ random2 ^ random3 ^ src->S[0];
543  dest->S[1] = ascon_mask64_rotate_share1_0(random1) ^ src->S[1];
544  dest->S[2] = ascon_mask64_rotate_share2_0(random2);
545  dest->S[3] = ascon_mask64_rotate_share3_0(random3);
546 }
547 
548 void ascon_masked_word_x4_from_x3
549  (ascon_masked_word_t *dest, const ascon_masked_word_t *src,
550  ascon_trng_state_t *trng)
551 {
552  uint64_t random1 = ascon_trng_generate_64(trng);
553  uint64_t random2 = ascon_trng_generate_64(trng);
554  uint64_t random3 = ascon_trng_generate_64(trng);
555  dest->S[0] = random1 ^ random2 ^ random3 ^ src->S[0];
556  dest->S[1] = ascon_mask64_rotate_share1_0(random1) ^ src->S[1];
557  dest->S[2] = ascon_mask64_rotate_share2_0(random2) ^ src->S[2];
558  dest->S[3] = ascon_mask64_rotate_share3_0(random3);
559 }
560 
561 #endif /* ASCON_MASKED_MAX_SHARES >= 4 */
562 
563 void ascon_masked_word_pad(ascon_masked_word_t *word, unsigned offset)
564 {
565  word->S[0] ^= (0x8000000000000000ULL >> (offset * 8U));
566 }
567 
568 void ascon_masked_word_separator(ascon_masked_word_t *word)
569 {
570  word->S[0] ^= 1;
571 }
572 
573 #endif /* ASCON_MASKED_WORD_BACKEND_C64 */
ascon_masked_word_x4_load_32
void ascon_masked_word_x4_load_32(ascon_masked_word_t *word, const uint8_t *data1, const uint8_t *data2, ascon_trng_state_t *trng)
Loads two 32-bit big endian values from buffers, masks them, and writes the result to a x4 masked wor...
Definition: ascon-masked-word-c64.c:443
ascon_masked_word_pad
void ascon_masked_word_pad(ascon_masked_word_t *word, unsigned offset)
Adds a padding marker to a masked word.
Definition: ascon-masked-word-c64.c:563
ascon_masked_word_x3_replace
void ascon_masked_word_x3_replace(ascon_masked_word_t *dest, const ascon_masked_word_t *src, unsigned size)
Replace part of a destination x3 masked word with part of a source.
Definition: ascon-masked-word-c64.c:339
ascon_masked_word_x2_store_partial
void ascon_masked_word_x2_store_partial(uint8_t *data, unsigned size, const ascon_masked_word_t *word)
Unmasks and stores the contents of a x2 masked word structure to a partial buffer.
Definition: ascon-masked-word-c64.c:117
ascon_masked_word_x2_load
void ascon_masked_word_x2_load(ascon_masked_word_t *word, const uint8_t *data, ascon_trng_state_t *trng)
Loads a 64-bit big endian value from buffer, masks it, and writes it to a x2 masked word structure.
Definition: ascon-masked-word-c64.c:45
ascon_masked_word_x2_store
void ascon_masked_word_x2_store(uint8_t *data, const ascon_masked_word_t *word)
Unmasks and stores the contents of a x2 masked word structure.
Definition: ascon-masked-word-c64.c:110
ascon_masked_word_x4_from_x2
void ascon_masked_word_x4_from_x2(ascon_masked_word_t *dest, const ascon_masked_word_t *src, ascon_trng_state_t *trng)
Converts a x2 masked word into a x4 masked word.
Definition: ascon-masked-word-c64.c:536
ascon_masked_word_x3_store_partial
void ascon_masked_word_x3_store_partial(uint8_t *data, unsigned size, const ascon_masked_word_t *word)
Unmasks and stores the contents of a x3 masked word structure to a partial buffer.
Definition: ascon-masked-word-c64.c:290
ascon_masked_word_x3_from_x2
void ascon_masked_word_x3_from_x2(ascon_masked_word_t *dest, const ascon_masked_word_t *src, ascon_trng_state_t *trng)
Converts a x2 masked word into a x3 masked word.
Definition: ascon-masked-word-c64.c:351
ascon_masked_word_x2_from_x4
void ascon_masked_word_x2_from_x4(ascon_masked_word_t *dest, const ascon_masked_word_t *src, ascon_trng_state_t *trng)
Converts a x4 masked word into a x2 masked word.
Definition: ascon-masked-word-c64.c:189
ascon_masked_word_x4_load
void ascon_masked_word_x4_load(ascon_masked_word_t *word, const uint8_t *data, ascon_trng_state_t *trng)
Loads a 64-bit big endian value from buffer, masks it, and writes it to a x4 masked word structure.
Definition: ascon-masked-word-c64.c:398
ascon_masked_word_x2_zero
void ascon_masked_word_x2_zero(ascon_masked_word_t *word, ascon_trng_state_t *trng)
Sets a x2 masked word to zero.
Definition: ascon-masked-word-c64.c:31
ascon_masked_word_x4_load_partial
void ascon_masked_word_x4_load_partial(ascon_masked_word_t *word, const uint8_t *data, unsigned size, ascon_trng_state_t *trng)
Loads a 8-bit to 56-bit big endian value from buffer, masks it, and writes it to a x4 masked word str...
Definition: ascon-masked-word-c64.c:411
ascon_masked_word_separator
void ascon_masked_word_separator(ascon_masked_word_t *word)
Adds a separator marker to a masked word.
Definition: ascon-masked-word-c64.c:568
ascon_masked_word_x3_load
void ascon_masked_word_x3_load(ascon_masked_word_t *word, const uint8_t *data, ascon_trng_state_t *trng)
Loads a 64-bit big endian value from buffer, masks it, and writes it to a x3 masked word structure.
Definition: ascon-masked-word-c64.c:220
ascon_masked_word_x2_from_x3
void ascon_masked_word_x2_from_x3(ascon_masked_word_t *dest, const ascon_masked_word_t *src, ascon_trng_state_t *trng)
Converts a x3 masked word into a x2 masked word.
Definition: ascon-masked-word-c64.c:171
ascon_masked_word_x3_load_32
void ascon_masked_word_x3_load_32(ascon_masked_word_t *word, const uint8_t *data1, const uint8_t *data2, ascon_trng_state_t *trng)
Loads two 32-bit big endian values from buffers, masks them, and writes the result to a x3 masked wor...
Definition: ascon-masked-word-c64.c:267
ascon_masked_word_x3_from_x4
void ascon_masked_word_x3_from_x4(ascon_masked_word_t *dest, const ascon_masked_word_t *src, ascon_trng_state_t *trng)
Converts a x4 masked word into a x3 masked word.
Definition: ascon-masked-word-c64.c:367
ascon_masked_word_x4_replace
void ascon_masked_word_x4_replace(ascon_masked_word_t *dest, const ascon_masked_word_t *src, unsigned size)
Replace part of a destination x4 masked word with part of a source.
Definition: ascon-masked-word-c64.c:522
ascon_masked_word_x4_store_partial
void ascon_masked_word_x4_store_partial(uint8_t *data, unsigned size, const ascon_masked_word_t *word)
Unmasks and stores the contents of a x4 masked word structure to a partial buffer.
Definition: ascon-masked-word-c64.c:466
ascon_masked_word_x2_load_partial
void ascon_masked_word_x2_load_partial(ascon_masked_word_t *word, const uint8_t *data, unsigned size, ascon_trng_state_t *trng)
Loads a 8-bit to 56-bit big endian value from buffer, masks it, and writes it to a x2 masked word str...
Definition: ascon-masked-word-c64.c:60
ascon_masked_word_x3_randomize
void ascon_masked_word_x3_randomize(ascon_masked_word_t *dest, const ascon_masked_word_t *src, ascon_trng_state_t *trng)
Randomizes a x3 masked word by incorporating fresh randomness.
Definition: ascon-masked-word-c64.c:320
ascon_masked_word_x2_load_32
void ascon_masked_word_x2_load_32(ascon_masked_word_t *word, const uint8_t *data1, const uint8_t *data2, ascon_trng_state_t *trng)
Loads two 32-bit big endian values from buffers, masks them, and writes the result to a x2 masked wor...
Definition: ascon-masked-word-c64.c:94
ascon_masked_word_x4_from_x3
void ascon_masked_word_x4_from_x3(ascon_masked_word_t *dest, const ascon_masked_word_t *src, ascon_trng_state_t *trng)
Converts a x3 masked word into a x4 masked word.
Definition: ascon-masked-word-c64.c:549
ascon_masked_word_x4_xor
void ascon_masked_word_x4_xor(ascon_masked_word_t *dest, const ascon_masked_word_t *src)
XOR's a source x4 masked word against a destination x4 masked word.
Definition: ascon-masked-word-c64.c:513
ascon_masked_word_x2_replace
void ascon_masked_word_x2_replace(ascon_masked_word_t *dest, const ascon_masked_word_t *src, unsigned size)
Replace part of a destination x2 masked word with part of a source.
Definition: ascon-masked-word-c64.c:159
ascon_masked_word_x3_load_partial
void ascon_masked_word_x3_load_partial(ascon_masked_word_t *word, const uint8_t *data, unsigned size, ascon_trng_state_t *trng)
Loads a 8-bit to 56-bit big endian value from buffer, masks it, and writes it to a x3 masked word str...
Definition: ascon-masked-word-c64.c:234
ascon_masked_word_x3_xor
void ascon_masked_word_x3_xor(ascon_masked_word_t *dest, const ascon_masked_word_t *src)
XOR's a source x3 masked word against a destination x3 masked word.
Definition: ascon-masked-word-c64.c:331
ascon_masked_word_x4_randomize
void ascon_masked_word_x4_randomize(ascon_masked_word_t *dest, const ascon_masked_word_t *src, ascon_trng_state_t *trng)
Randomizes a x4 masked word by incorporating fresh randomness.
Definition: ascon-masked-word-c64.c:500
ascon_masked_word_x4_zero
void ascon_masked_word_x4_zero(ascon_masked_word_t *word, ascon_trng_state_t *trng)
Sets a x4 masked word to zero.
Definition: ascon-masked-word-c64.c:386
ascon_masked_word_x4_store
void ascon_masked_word_x4_store(uint8_t *data, const ascon_masked_word_t *word)
Unmasks and stores the contents of a x4 masked word structure.
Definition: ascon-masked-word-c64.c:457
ascon_masked_word_x3_zero
void ascon_masked_word_x3_zero(ascon_masked_word_t *word, ascon_trng_state_t *trng)
Sets a x3 masked word to zero.
Definition: ascon-masked-word-c64.c:206
ascon_masked_word_x3_store
void ascon_masked_word_x3_store(uint8_t *data, const ascon_masked_word_t *word)
Unmasks and stores the contents of a x3 masked word structure.
Definition: ascon-masked-word-c64.c:282
ascon_masked_word_x2_xor
void ascon_masked_word_x2_xor(ascon_masked_word_t *dest, const ascon_masked_word_t *src)
XOR's a source x2 masked word against a destination x2 masked word.
Definition: ascon-masked-word-c64.c:152
ascon_masked_word_x2_randomize
void ascon_masked_word_x2_randomize(ascon_masked_word_t *dest, const ascon_masked_word_t *src, ascon_trng_state_t *trng)
Randomizes a x2 masked word by incorporating fresh randomness.
Definition: ascon-masked-word-c64.c:143
ascon-masked-word.h
Utility functions for operating on masked words.
ascon_mask64_rotate_share2_0
#define ascon_mask64_rotate_share2_0(x)
Rotates 64-bit masked share 2 with respect to share 0.
Definition: ascon-masked-word.h:97
ascon_mask64_unrotate_share2_0
#define ascon_mask64_unrotate_share2_0(x)
Unrotates 64-bit masked share 2 with respect to share 0.
Definition: ascon-masked-word.h:151
ascon_mask64_unrotate_share3_1
#define ascon_mask64_unrotate_share3_1(x)
Unrotates 64-bit masked share 3 with respect to share 1.
Definition: ascon-masked-word.h:178
ascon_mask64_rotate_share3_0
#define ascon_mask64_rotate_share3_0(x)
Rotates 64-bit masked share 3 with respect to share 0.
Definition: ascon-masked-word.h:115
ascon_mask64_rotate_share1_0
#define ascon_mask64_rotate_share1_0(x)
Rotates 64-bit masked share 1 with respect to share 0.
Definition: ascon-masked-word.h:88
ascon_mask64_unrotate_share1_0
#define ascon_mask64_unrotate_share1_0(x)
Unrotates 64-bit masked share 1 with respect to share 0.
Definition: ascon-masked-word.h:142
ascon_mask64_unrotate_share3_0
#define ascon_mask64_unrotate_share3_0(x)
Unrotates 64-bit masked share 3 with respect to share 0.
Definition: ascon-masked-word.h:169
ascon_mask64_unrotate_share2_1
#define ascon_mask64_unrotate_share2_1(x)
Unrotates 64-bit masked share 2 with respect to share 1.
Definition: ascon-masked-word.h:160
ascon_trng_generate_64
uint64_t ascon_trng_generate_64(ascon_trng_state_t *state)
Generates a 64-bit random value for masking operations.
Definition: ascon-trng-mixer.c:75
be_load_word16
#define be_load_word16(ptr)
Definition: ascon-util.h:157
leftRotate16_64
#define leftRotate16_64(a)
Definition: ascon-util.h:517
be_store_word16
#define be_store_word16(ptr, x)
Definition: ascon-util.h:162
rightRotate8_64
#define rightRotate8_64(a)
Definition: ascon-util.h:575
be_load_word32
#define be_load_word32(ptr)
Definition: ascon-util.h:68
be_store_word64
#define be_store_word64(ptr, x)
Definition: ascon-util.h:118
rightRotate16_64
#define rightRotate16_64(a)
Definition: ascon-util.h:583
leftRotate32_64
#define leftRotate32_64(a)
Definition: ascon-util.h:533
rightRotate32_64
#define rightRotate32_64(a)
Definition: ascon-util.h:599
leftRotate8_64
#define leftRotate8_64(a)
Definition: ascon-util.h:509
be_store_word32
#define be_store_word32(ptr, x)
Definition: ascon-util.h:75
be_load_word64
#define be_load_word64(ptr)
Definition: ascon-util.h:107
data
unsigned char data[8]
[snippet_key]
Definition: snippets.c:14
ascon_trng_state_t
State of the random number source.
Definition: ascon-trng.h:64
ascon_masked_word_t
Masked 64-bit word with up to ASCON_MASKED_MAX_SHARES shares.
Definition: ascon-masked-word.h:67
ascon_masked_word_t::S
uint64_t S[ASCON_MASKED_MAX_SHARES]
Definition: ascon-masked-word.h:69
Generated on Sun Mar 19 2023 13:56:57 for ASCON Suite by doxygen 1.9.1