Lightweight Cryptography Primitives
 All Data Structures Files Functions Variables Typedefs Macros Pages
internal-drysponge.h
Go to the documentation of this file.
1 /*
2  * Copyright (C) 2020 Southern Storm Software, Pty Ltd.
3  *
4  * Permission is hereby granted, free of charge, to any person obtaining a
5  * copy of this software and associated documentation files (the "Software"),
6  * to deal in the Software without restriction, including without limitation
7  * the rights to use, copy, modify, merge, publish, distribute, sublicense,
8  * and/or sell copies of the Software, and to permit persons to whom the
9  * Software is furnished to do so, subject to the following conditions:
10  *
11  * The above copyright notice and this permission notice shall be included
12  * in all copies or substantial portions of the Software.
13  *
14  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
15  * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17  * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
19  * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
20  * DEALINGS IN THE SOFTWARE.
21  */
22 
23 #ifndef LW_INTERNAL_DRYSPONGE_H
24 #define LW_INTERNAL_DRYSPONGE_H
25 
26 #include "drygascon.h"
27 #include "drygascon128_arm_selector.h"
28 
29 #include "internal-util.h"
30 
38 #ifdef __cplusplus
39 extern "C" {
40 #endif
41 
45 #define GASCON128_STATE_SIZE 40
46 
50 #define GASCON256_STATE_SIZE 72
51 
55 #define DRYSPONGE128_RATE 16
56 
60 #define DRYSPONGE256_RATE 16
61 
65 #define DRYSPONGE128_XSIZE 16
66 
70 #define DRYSPONGE256_XSIZE 16
71 
76 #define DRYSPONGE128_ROUNDS 7
77 
81 #define DRYSPONGE128_INIT_ROUNDS 11
82 
87 #define DRYSPONGE256_ROUNDS 8
88 
92 #define DRYSPONGE256_INIT_ROUNDS 12
93 
94 #ifdef DRYGASCON_F_OPT
95 
99  #define DRYDOMAIN128_PADDED (1 << 0)
100 
104  #define DRYDOMAIN128_FINAL (1 << 1)
105 
109  #define DRYDOMAIN128_NONCE (1 << 2)
110 
114  #define DRYDOMAIN128_ASSOC_DATA (2 << 2)
115 
119  #define DRYDOMAIN128_MESSAGE (3 << 2)
120 
121 #else
122 
126  #define DRYDOMAIN128_PADDED (1 << 8)
127 
131  #define DRYDOMAIN128_FINAL (1 << 9)
132 
136  #define DRYDOMAIN128_NONCE (1 << 10)
137 
141  #define DRYDOMAIN128_ASSOC_DATA (2 << 10)
142 
143 
147  #define DRYDOMAIN128_MESSAGE (3 << 10)
148 
149 #endif
150 
151 
155 #define DRYDOMAIN256_PADDED (1 << 2)
156 
160 #define DRYDOMAIN256_FINAL (1 << 3)
161 
165 #define DRYDOMAIN256_NONCE (1 << 4)
166 
170 #define DRYDOMAIN256_ASSOC_DATA (2 << 4)
171 
175 #define DRYDOMAIN256_MESSAGE (3 << 4)
176 
180 typedef union
181 {
182  uint64_t S[GASCON128_STATE_SIZE / 8];
183  uint32_t W[GASCON128_STATE_SIZE / 4];
184  uint8_t B[GASCON128_STATE_SIZE];
186 } gascon128_state_t;
187 
191 typedef union
192 {
193  uint64_t S[GASCON256_STATE_SIZE / 8];
194  uint32_t W[GASCON256_STATE_SIZE / 4];
195  uint8_t B[GASCON256_STATE_SIZE];
197 } gascon256_state_t;
198 
202 typedef union
203 {
204  uint64_t S[DRYSPONGE128_RATE / 8];
205  uint32_t W[DRYSPONGE128_RATE / 4];
206  uint8_t B[DRYSPONGE128_RATE];
208 } drysponge128_rate_t;
209 
213 typedef union
214 {
215  uint64_t S[DRYSPONGE256_RATE / 8];
216  uint32_t W[DRYSPONGE256_RATE / 4];
217  uint8_t B[DRYSPONGE256_RATE];
219 } drysponge256_rate_t;
220 
224 typedef union
225 {
226  uint64_t S[DRYSPONGE128_XSIZE / 8];
227  uint32_t W[DRYSPONGE128_XSIZE / 4];
228  uint8_t B[DRYSPONGE128_XSIZE];
230 } __attribute__((aligned(16))) drysponge128_x_t;
231 
235 typedef union
236 {
237  uint64_t S[DRYSPONGE256_XSIZE / 8];
238  uint32_t W[DRYSPONGE256_XSIZE / 4];
239  uint8_t B[DRYSPONGE256_XSIZE];
241 } drysponge256_x_t;
242 
246 typedef struct
247 {
248  gascon128_state_t c;
249  uint32_t domain;
250  uint32_t rounds;
251  drysponge128_rate_t r;
252  drysponge128_x_t x;
253 } __attribute__((aligned(16))) drysponge128_state_t;
254 
258 typedef struct
259 {
260  gascon256_state_t c;
261  drysponge256_rate_t r;
262  drysponge256_x_t x;
263  uint32_t domain;
264  uint32_t rounds;
266 } drysponge256_state_t;
267 
276 void gascon128_core_round(gascon128_state_t *state, uint8_t round);
277 
286 void gascon256_core_round(gascon256_state_t *state, uint8_t round);
287 
296 void drysponge128_g(drysponge128_state_t *state);
297 
306 void drysponge256_g(drysponge256_state_t *state);
307 
314 void drysponge128_g_core(drysponge128_state_t *state);
315 
322 void drysponge256_g_core(drysponge256_state_t *state);
323 
335 void drysponge256_f_absorb
336  (drysponge256_state_t *state, const unsigned char *input, unsigned len);
337 
346 void drygascon128_f_wrap
347  (drysponge128_state_t *state, const unsigned char *input, unsigned len);
348 
358 int drysponge128_safe_alignement(const drysponge128_state_t*state);
359 
369 void drysponge128_setup
370  (drysponge128_state_t *state, const unsigned char *key, unsigned int keysize,
371  const unsigned char *nonce, int final_block);
372 
381 void drysponge256_setup
382  (drysponge256_state_t *state, const unsigned char *key,
383  const unsigned char *nonce, int final_block);
384 
385 #ifdef __cplusplus
386 }
387 #endif
388 
389 #endif
drysponge256_state_t::rounds
uint32_t rounds
Definition: internal-drysponge.h:264
drysponge256_g_core
void drysponge256_g_core(drysponge256_state_t *state)
Performs the DrySPONGE256 G function which runs the core rounds but does not squeeze out any output...
Definition: internal-drysponge.c:333
drysponge128_setup
void drysponge128_setup(drysponge128_state_t *state, const unsigned char *key, unsigned int keysize, const unsigned char *nonce, int final_block)
Set up a DrySPONGE128 state to begin encryption or decryption.
Definition: internal-drysponge.c:600
drysponge256_state_t::x
drysponge256_x_t x
Definition: internal-drysponge.h:262
gascon128_core_round
void gascon128_core_round(gascon128_state_t *state, uint8_t round)
Permutes the GASCON-128 state using one iteration of CoreRound.
Definition: internal-drysponge.c:121
__attribute__::r
drysponge128_rate_t r
Definition: internal-drysponge.h:251
drysponge256_setup
void drysponge256_setup(drysponge256_state_t *state, const unsigned char *key, const unsigned char *nonce, int final_block)
Set up a DrySPONGE256 state to begin encryption or decryption.
Definition: internal-drysponge.c:652
GASCON128_STATE_SIZE
#define GASCON128_STATE_SIZE
Size of the GASCON-128 permutation state in bytes.
Definition: internal-drysponge.h:45
__attribute__::c
gascon128_state_t c
Definition: internal-drysponge.h:248
DRYSPONGE256_XSIZE
#define DRYSPONGE256_XSIZE
Size of the "x" value for DrySPONGE256.
Definition: internal-drysponge.h:70
drysponge256_state_t::c
gascon256_state_t c
Definition: internal-drysponge.h:260
__attribute__::x
drysponge128_x_t x
Definition: internal-drysponge.h:252
gascon256_state_t
Internal state of the GASCON-256 permutation.
Definition: internal-drysponge.h:191
DRYSPONGE128_XSIZE
#define DRYSPONGE128_XSIZE
Size of the "x" value for DrySPONGE128.
Definition: internal-drysponge.h:65
gascon256_core_round
void gascon256_core_round(gascon256_state_t *state, uint8_t round)
Permutes the GASCON-256 state using one iteration of CoreRound.
Definition: internal-drysponge.c:177
drysponge256_state_t
Structure of the rolling DrySPONGE256 state.
Definition: internal-drysponge.h:258
__attribute__
Structure of the "x" value for DrySPONGE128.
Definition: internal-drysponge.h:224
drysponge128_safe_alignement
int drysponge128_safe_alignement(const drysponge128_state_t *state)
Determine if state alignement is safe vs timing attacks.
Definition: internal-drysponge.c:595
drysponge128_g_core
void drysponge128_g_core(drysponge128_state_t *state)
Performs the DrySPONGE128 G function which runs the core rounds but does not squeeze out any output...
Definition: internal-drysponge.c:325
drysponge256_state_t::r
drysponge256_rate_t r
Definition: internal-drysponge.h:261
drysponge256_rate_t
Structure of a rate block for DrySPONGE256.
Definition: internal-drysponge.h:213
__attribute__::rounds
uint32_t rounds
Definition: internal-drysponge.h:250
drysponge256_state_t::domain
uint32_t domain
Definition: internal-drysponge.h:263
drysponge128_g
void drysponge128_g(drysponge128_state_t *state)
Performs the DrySPONGE128 G function which runs the core rounds and squeezes data out of the GASGON-1...
Definition: internal-drysponge.c:285
drysponge256_f_absorb
void drysponge256_f_absorb(drysponge256_state_t *state, const unsigned char *input, unsigned len)
Performs the absorption phase of the DrySPONGE256 F function.
Definition: internal-drysponge.c:557
gascon128_state_t
Internal state of the GASCON-128 permutation.
Definition: internal-drysponge.h:180
GASCON256_STATE_SIZE
#define GASCON256_STATE_SIZE
Size of the GASCON-256 permutation state in bytes.
Definition: internal-drysponge.h:50
__attribute__::domain
uint32_t domain
Definition: internal-drysponge.h:249
drygascon128_f_wrap
void drygascon128_f_wrap(drysponge128_state_t *state, const unsigned char *input, unsigned len)
Wrapper that combines the DrySPONGE128 F and G functions.
Definition: internal-drysponge.c:535
drysponge256_x_t
Structure of the "x" value for DrySPONGE256.
Definition: internal-drysponge.h:235
DRYSPONGE256_RATE
#define DRYSPONGE256_RATE
Rate of absorption and squeezing for DrySPONGE256.
Definition: internal-drysponge.h:60
drysponge128_rate_t
Structure of a rate block for DrySPONGE128.
Definition: internal-drysponge.h:202
drysponge256_g
void drysponge256_g(drysponge256_state_t *state)
Performs the DrySPONGE256 G function which runs the core rounds and squeezes data out of the GASGON-2...
Definition: internal-drysponge.c:290
DRYSPONGE128_RATE
#define DRYSPONGE128_RATE
Rate of absorption and squeezing for DrySPONGE128.
Definition: internal-drysponge.h:55
drygascon.h
DryGASCON authenticated encryption algorithm.
Generated on Wed Apr 7 2021 11:25:32 for Lightweight Cryptography Primitives by   doxygen 1.8.6