Internal implementation of the ASCON permutation. More...

#include "internal-util.h"

Data Structures
union	ascon_state_t
	Structure of the internal state of the ASCON permutation. More...

Macros
#define	ASCON_SLICED 1
	Defined to 1 if the 32-bit sliced version of ASCON is preferred.

#define	ASCON128_IV 0x80400c0600000000ULL
	Initialization vector for ASCON-128.

#define	ASCON128a_IV 0x80800c0800000000ULL
	Initialization vector for ASCON-128a.

#define	ASCON80PQ_IV 0xa0400c06U
	Initialization vector for ASCON-80pq.

#define	ascon_set_sliced(state, data, offset)
	Sets data into the ASCON state in sliced form. More...

#define	ascon_absorb_sliced(state, data, offset)
	Absorbs data into the ASCON state in sliced form. More...

#define	ascon_absorb32_low_sliced(state, data, offset)
	Absorbs 32 bits of data into the ASCON state in sliced form. More...

#define	ascon_absorb32_high_sliced(state, data, offset)
	Absorbs 32 bits of data into the ASCON state in sliced form. More...

#define	ascon_squeeze_sliced(state, data, offset)
	Squeezes data from the ASCON state in sliced form. More...

#define	ascon_encrypt_sliced(state, c, m, offset)
	Encrypts data using the ASCON state in sliced form. More...

#define	ascon_decrypt_sliced(state, m, c, offset)
	Decrypts data using the ASCON state in sliced form. More...

#define	ascon_separator() (state.W[8] ^= 0x01)
	Absorbs the standard ASCON separator for switching between associated data and message payload.

Functions
void	ascon_permute (ascon_state_t *state, uint8_t first_round)
	Permutes the ASCON state. More...

void	ascon_to_sliced (ascon_state_t *state)
	Converts an ASCON state from byte form into sliced form. More...

void	ascon_from_sliced (ascon_state_t *state)
	Converts an ASCON state from sliced form into byte form. More...

void	ascon_permute_sliced (ascon_state_t *state, uint8_t first_round)
	Permutes the ASCON state in sliced form. More...

Detailed Description

Internal implementation of the ASCON permutation.

References: http://competitions.cr.yp.to/round3/asconv12.pdf, http://ascon.iaik.tugraz.at/

Macro Definition Documentation

#define ascon_absorb32_high_sliced	(	state,
		data,
		offset
	)

Value:

do { \
        ascon_state_t *s = (state); \
        uint32_t high = be_load_word32((data)); \
        ascon_separate(high); \
        s->W[(offset) * 2] ^= (high << 16); \
        s->W[(offset) * 2 + 1] ^= (high & 0xFFFF0000U); \
    } while (0)

Absorbs 32 bits of data into the ASCON state in sliced form.

Parameters

state	The ASCON state for the data to be absorbed into.
data	Points to 4 bytes of data in big-endian byte order to absorb.
offset	Offset of the 64-bit word within the state to absorb at, between 0 and 4.

The data is absorbed into the high bits of the 64-bit word at offset.

#define ascon_absorb32_low_sliced	(	state,
		data,
		offset
	)

Value:

do { \
        ascon_state_t *s = (state); \
        uint32_t low  = be_load_word32((data)); \
        ascon_separate(low); \
        s->W[(offset) * 2] ^= (low & 0x0000FFFFU); \
        s->W[(offset) * 2 + 1] ^= (low >> 16); \
    } while (0)

Absorbs 32 bits of data into the ASCON state in sliced form.

Parameters

state	The ASCON state for the data to be absorbed into.
data	Points to 4 bytes of data in big-endian byte order to absorb.
offset	Offset of the 64-bit word within the state to absorb at, between 0 and 4.

The data is absorbed into the low bits of the 64-bit word at offset.

#define ascon_absorb_sliced	(	state,
		data,
		offset
	)

Value:

do { \
        ascon_state_t *s = (state); \
        uint32_t high = be_load_word32((data)); \
        uint32_t low  = be_load_word32((data) + 4); \
        ascon_separate(high); \
        ascon_separate(low); \
        s->W[(offset) * 2] ^= (high << 16) | (low & 0x0000FFFFU); \
        s->W[(offset) * 2 + 1] ^= (high & 0xFFFF0000U) | (low >> 16); \
    } while (0)

Absorbs data into the ASCON state in sliced form.

Parameters

state	The ASCON state for the data to be absorbed into.
data	Points to 8 bytes of data in big-endian byte order to absorb.
offset	Offset of the 64-bit word within the state to absorb at, between 0 and 4.

#define ascon_decrypt_sliced	(	state,
		m,
		c,
		offset
	)

Value:

do { \
        ascon_state_t *s = (state); \
        uint32_t high, low, high2, low2; \
        high = be_load_word32((c)); \
        low  = be_load_word32((c) + 4); \
        ascon_separate(high); \
        ascon_separate(low); \
        high2 = high ^ ((s->W[(offset) * 2] >> 16) | \
                        (s->W[(offset) * 2 + 1] & 0xFFFF0000U)); \
        low2 = low ^ ((s->W[(offset) * 2] & 0x0000FFFFU) | \
                      (s->W[(offset) * 2 + 1] << 16)); \
        s->W[(offset) * 2] = (high << 16) | (low & 0x0000FFFFU); \
        s->W[(offset) * 2 + 1] = (high & 0xFFFF0000U) | (low >> 16); \
        ascon_combine(high2); \
        ascon_combine(low2); \
        be_store_word32((m), high2); \
        be_store_word32((m) + 4, low2); \
    } while (0)

Decrypts data using the ASCON state in sliced form.

Parameters

state	The ASCON state.
m	Points to 8 bytes of output plaintext in big-endian byte order.
c	Points to 8 bytes of input ciphertext in big-endian byte order.
offset	Offset of the 64-bit word within the state to absorb and squeeze at, between 0 and 4.

#define ascon_encrypt_sliced	(	state,
		c,
		m,
		offset
	)

Value:

do { \
        ascon_state_t *s = (state); \
        uint32_t high = be_load_word32((m)); \
        uint32_t low  = be_load_word32((m) + 4); \
        ascon_separate(high); \
        ascon_separate(low); \
        s->W[(offset) * 2] ^= (high << 16) | (low & 0x0000FFFFU); \
        s->W[(offset) * 2 + 1] ^= (high & 0xFFFF0000U) | (low >> 16); \
        high = (s->W[(offset) * 2] >> 16) | \
               (s->W[(offset) * 2 + 1] & 0xFFFF0000U); \
        low  = (s->W[(offset) * 2] & 0x0000FFFFU) | \
               (s->W[(offset) * 2 + 1] << 16); \
        ascon_combine(high); \
        ascon_combine(low); \
        be_store_word32((c), high); \
        be_store_word32((c) + 4, low); \
    } while (0)

Encrypts data using the ASCON state in sliced form.

Parameters

state	The ASCON state.
c	Points to 8 bytes of output ciphertext in big-endian byte order.
m	Points to 8 bytes of input plaintext in big-endian byte order.
offset	Offset of the 64-bit word within the state to absorb and squeeze at, between 0 and 4.

#define ascon_set_sliced	(	state,
		data,
		offset
	)

Value:

do { \
        ascon_state_t *s = (state); \
        uint32_t high = be_load_word32((data)); \
        uint32_t low  = be_load_word32((data) + 4); \
        ascon_separate(high); \
        ascon_separate(low); \
        s->W[(offset) * 2] = (high << 16) | (low & 0x0000FFFFU); \
        s->W[(offset) * 2 + 1] = (high & 0xFFFF0000U) | (low >> 16); \
    } while (0)

Sets data into the ASCON state in sliced form.

Parameters

state	The ASCON state for the data to be absorbed into.
data	Points to 8 bytes of data in big-endian byte order to set.
offset	Offset of the 64-bit word within the state to set at, between 0 and 4.

#define ascon_squeeze_sliced	(	state,
		data,
		offset
	)

Value:

do { \
        ascon_state_t *s = (state); \
        uint32_t high, low; \
        high = (s->W[(offset) * 2] >> 16) | \
               (s->W[(offset) * 2 + 1] & 0xFFFF0000U); \
        low  = (s->W[(offset) * 2] & 0x0000FFFFU) | \
               (s->W[(offset) * 2 + 1] << 16); \
        ascon_combine(high); \
        ascon_combine(low); \
        be_store_word32((data), high); \
        be_store_word32((data) + 4, low); \
    } while (0)

Squeezes data from the ASCON state in sliced form.

Parameters

state	The ASCON state to extract the data from.
data	Points to the 8 bytes to be extracted from the state.
offset	Offset of the 64-bit word within the state to extract, between 0 and 4.

Function Documentation

void ascon_from_sliced ( ascon_state_t * state )

Converts an ASCON state from sliced form into byte form.

Parameters

state The ASCON state to be converted, in host byte order on entry and in big-endian byte order on exit.

void ascon_permute	(	ascon_state_t *	state,
		uint8_t	first_round
	)

Permutes the ASCON state.

Parameters

state	The ASCON state to be permuted.
first_round	The first round (of 12) to be performed; 0, 4, or 6.

The input and output state will be in big-endian byte order.

void ascon_permute_sliced	(	ascon_state_t *	state,
		uint8_t	first_round
	)

Permutes the ASCON state in sliced form.

Parameters

state	The ASCON state to be permuted.
first_round	The first round (of 12) to be performed; 0, 4, or 6.

The input and output state will be in host byte order.

void ascon_to_sliced ( ascon_state_t * state )

Converts an ASCON state from byte form into sliced form.

Parameters

state The ASCON state to be converted, in big-endian byte order on entry and in host byte order on exit.

Data Structures

Macros

Functions

Detailed Description

Macro Definition Documentation

Function Documentation