ASCON Suite
ascon-trng-mixer.c
Go to the documentation of this file.
1 /*
2  * Copyright (C) 2023 Southern Storm Software, Pty Ltd.
3  *
4  * Permission is hereby granted, free of charge, to any person obtaining a
5  * copy of this software and associated documentation files (the "Software"),
6  * to deal in the Software without restriction, including without limitation
7  * the rights to use, copy, modify, merge, publish, distribute, sublicense,
8  * and/or sell copies of the Software, and to permit persons to whom the
9  * Software is furnished to do so, subject to the following conditions:
10  *
11  * The above copyright notice and this permission notice shall be included
12  * in all copies or substantial portions of the Software.
13  *
14  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
15  * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17  * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
19  * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
20  * DEALINGS IN THE SOFTWARE.
21  */
22 
23 #include "ascon-trng.h"
24 #include "core/ascon-select-backend.h"
25 #include <ascon/utility.h>
26 
27 /* Used on platforms that don't have a simple "get random word" primitive.
28  * The TRNG calls ascon_trng_generate() to get a seed and then expands it
29  * to arbitrary amounts of random data using a PRNG as a "mixer". */
30 
31 #if defined(ASCON_TRNG_MIXER)
32 
33 int ascon_trng_init(ascon_trng_state_t *state)
34 {
35  unsigned char seed[ASCON_SYSTEM_SEED_SIZE];
36  int ok = ascon_trng_generate(seed, sizeof(seed));
37  ascon_init(&(state->prng));
38  ascon_overwrite_bytes
39  (&(state->prng), seed, 40 - sizeof(seed), sizeof(seed));
40  ascon_permute12(&(state->prng));
41  ascon_release(&(state->prng));
42  ascon_clean(seed, sizeof(seed));
43  state->posn = 0;
44  return ok;
45 }
46 
47 void ascon_trng_free(ascon_trng_state_t *state)
48 {
49  ascon_acquire(&(state->prng));
50  ascon_free(&(state->prng));
51 }
52 
53 uint32_t ascon_trng_generate_32(ascon_trng_state_t *state)
54 {
55  uint32_t x;
56  ascon_acquire(&(state->prng));
57  if ((state->posn + sizeof(uint32_t)) > ASCON_TRNG_MIXER_RATE) {
58  ascon_permute6(&(state->prng));
59  state->posn = 0;
60  }
61 #if defined(ASCON_BACKEND_SLICED32) || defined(ASCON_BACKEND_SLICED64) || \
62  defined(ASCON_BACKEND_DIRECT_XOR)
63  /* Pull a word directly out of the state. It doesn't matter if the
64  * word is bit-sliced or not because any bit is as good as any other. */
65  x = state->prng.W[state->posn / sizeof(uint32_t)];
66 #else
67  ascon_extract_bytes
68  (&(state->prng), (unsigned char *)&x, state->posn, sizeof(x));
69 #endif
70  ascon_release(&(state->prng));
71  state->posn += sizeof(uint32_t);
72  return x;
73 }
74 
75 uint64_t ascon_trng_generate_64(ascon_trng_state_t *state)
76 {
77  uint64_t x;
78  ascon_acquire(&(state->prng));
79  if ((state->posn + sizeof(uint64_t)) > ASCON_TRNG_MIXER_RATE ||
80  (state->posn % 8U) != 0) {
81  ascon_permute6(&(state->prng));
82  state->posn = 0;
83  }
84 #if defined(ASCON_BACKEND_SLICED32) || defined(ASCON_BACKEND_SLICED64) || \
85  defined(ASCON_BACKEND_DIRECT_XOR)
86  /* Pull a word directly out of the state. It doesn't matter if the
87  * word is bit-sliced or not because any bit is as good as any other. */
88  x = state->prng.S[state->posn / sizeof(uint64_t)];
89 #else
90  ascon_extract_bytes
91  (&(state->prng), (unsigned char *)&x, state->posn, sizeof(x));
92 #endif
93  ascon_release(&(state->prng));
94  state->posn += sizeof(uint64_t);
95  return x;
96 }
97 
98 int ascon_trng_reseed(ascon_trng_state_t *state)
99 {
100  unsigned char seed[ASCON_SYSTEM_SEED_SIZE];
101  int ok = ascon_trng_generate(seed, sizeof(seed));
102  ascon_acquire(&(state->prng));
103  ascon_add_bytes(&(state->prng), seed, 40 - sizeof(seed), sizeof(seed));
104  ascon_overwrite_with_zeroes(&(state->prng), 0, 8); /* Forward security */
105  ascon_permute12(&(state->prng));
106  ascon_release(&(state->prng));
107  ascon_clean(seed, sizeof(seed));
108  state->posn = 0;
109  return ok;
110 }
111 
112 #endif /* ASCON_TRNG_MIXER */
ascon_trng_generate_32
uint32_t ascon_trng_generate_32(ascon_trng_state_t *state)
Generates a 32-bit random value for masking operations.
Definition: ascon-trng-mixer.c:53
ascon_trng_generate_64
uint64_t ascon_trng_generate_64(ascon_trng_state_t *state)
Generates a 64-bit random value for masking operations.
Definition: ascon-trng-mixer.c:75
ascon_trng_init
int ascon_trng_init(ascon_trng_state_t *state)
Initializes the random number source for generating a sequence of masking material at high speed.
Definition: ascon-trng-mixer.c:33
ascon_trng_reseed
int ascon_trng_reseed(ascon_trng_state_t *state)
Reseeds the random number source.
Definition: ascon-trng-mixer.c:98
ascon_trng_free
void ascon_trng_free(ascon_trng_state_t *state)
Frees the random number source and destroys any sensitive material.
Definition: ascon-trng-mixer.c:47
ascon_trng_generate
int ascon_trng_generate(unsigned char *out, size_t outlen)
Generates a buffer of bytes from the system TRNG source.
Definition: ascon-trng-none.c:192
ascon-trng.h
Access to the system's random number source.
ASCON_TRNG_MIXER_RATE
#define ASCON_TRNG_MIXER_RATE
Definition: ascon-trng.h:74
ASCON_SYSTEM_SEED_SIZE
#define ASCON_SYSTEM_SEED_SIZE
Number of bytes to request from the system TRNG to seed a PRNG.
Definition: ascon-trng.h:58
ascon_permute12
#define ascon_permute12(state)
Permutes the ASCON state with 12 rounds of the permutation.
Definition: permutation.h:199
ascon_overwrite_with_zeroes
void ascon_overwrite_with_zeroes(ascon_state_t *state, unsigned offset, unsigned size)
Overwrites a part of the ASCON state with zeroes.
Definition: ascon-sliced32.c:122
ascon_free
void ascon_free(ascon_state_t *state)
Frees an ASCON permutation state and attempts to destroy any sensitive material.
Definition: ascon-sliced32.c:42
ascon_release
void ascon_release(ascon_state_t *state)
Temporarily releases access to any shared hardware resources that a permutation state was using.
Definition: ascon-sliced32.c:261
ascon_overwrite_bytes
void ascon_overwrite_bytes(ascon_state_t *state, const uint8_t *data, unsigned offset, unsigned size)
Overwrites existing bytes in the ASCON state.
Definition: ascon-sliced32.c:85
ascon_extract_bytes
void ascon_extract_bytes(const ascon_state_t *state, uint8_t *data, unsigned offset, unsigned size)
Extracts bytes from the ASCON state.
Definition: ascon-sliced32.c:151
ascon_add_bytes
void ascon_add_bytes(ascon_state_t *state, const uint8_t *data, unsigned offset, unsigned size)
Adds bytes to the ASCON state by XOR'ing them with existing bytes.
Definition: ascon-sliced32.c:51
ascon_acquire
void ascon_acquire(ascon_state_t *state)
Re-acquires access to any shared hardware resources that a permutation state was using.
Definition: ascon-sliced32.c:267
ascon_init
void ascon_init(ascon_state_t *state)
Initializes the words of the ASCON permutation state to zero.
Definition: ascon-sliced32.c:32
ascon_permute6
#define ascon_permute6(state)
Permutes the ASCON state with 6 rounds of the permutation.
Definition: permutation.h:213
state
ascon_state_t state
[snippet_key]
Definition: snippets.c:2
ascon_trng_state_t
State of the random number source.
Definition: ascon-trng.h:64
ascon_state_t::W
uint32_t W[10]
Definition: permutation.h:65
ascon_state_t::S
uint64_t S[5]
Definition: permutation.h:64
utility.h
System utilities of use to applications that use ASCON.
ascon_clean
void ascon_clean(void *buf, unsigned size)
Cleans a buffer that contains sensitive material.
Definition: ascon-clean.c:38
Generated on Sun Mar 19 2023 13:56:57 for ASCON Suite by doxygen 1.9.1