Skip to content

lwc / candidates

Go to a project
Switch branch/tag
Find file
Normal viewHistoryPermalink
Ascon-reference.c 2.85 KB
Newer Older
Round 1 Candidates
06f56ee8
 
lwc-tester committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 
#include <stdio.h>
#include <assert.h>
#include <string.h>

typedef unsigned char u8;
typedef unsigned long long u64;
typedef long long i64;

/* ---------------------------------------------------------------- */

#define ROTR(x,n) (((x)>>(n))|((x)<<(64-(n))))

/* ---------------------------------------------------------------- */

void load64(u64* x, u8* S) {
  int i;
  *x = 0;
  for (i = 0; i < 8; ++i)
    *x |= ((u64) S[i]) << (56 - i * 8);
}

/* ---------------------------------------------------------------- */

void store64(u8* S, u64 x) {
  int i;
  for (i = 0; i < 8; ++i)
    S[i] = (u8) (x >> (56 - i * 8));
}

/* ---------------------------------------------------------------- */

void Ascon_Initialize(void *S){
  memset(S,0,40);
}

/* ---------------------------------------------------------------- */

void Ascon_AddBytes(void *state, const unsigned char *data, unsigned int offset, unsigned int length){
  unsigned int i;
  assert(offset < 40);
  assert(offset+length <= 40);
  for(i=0; i<length; i++){
    ((unsigned char *)state)[offset+i] ^= data[i];
  }
}

/* ---------------------------------------------------------------- */

void Ascon_OverwriteBytes(void *state, const unsigned char *data, unsigned int offset, unsigned int length){
  unsigned int i;
  assert(offset < 40);
  assert(offset+length <= 40);
  for(i=0; i<length; i++){
    ((unsigned char *)state)[offset+i] = data[i];
  }
}

/* ---------------------------------------------------------------- */

void Ascon_Permute_Nrounds(u8 *S, unsigned int rounds){
  assert(rounds <= 12);
  int start = 12 - rounds;
  unsigned int i;
  u64 x0, x1, x2, x3, x4;
  u64 t0, t1, t2, t3, t4;
  load64(&x0, S + 0);
  load64(&x1, S + 8);
  load64(&x2, S + 16);
  load64(&x3, S + 24);
  load64(&x4, S + 32);
  for (i = start; i < rounds + start; ++i) {
    // addition of round constant
    x2 ^= ((0xfull - i) << 4) | i;
    // substitution layer
    x0 ^= x4;    x4 ^= x3;    x2 ^= x1;
    t0  = x0;    t1  = x1;    t2  = x2;    t3  = x3;    t4  = x4;
    t0 =~ t0;    t1 =~ t1;    t2 =~ t2;    t3 =~ t3;    t4 =~ t4;
    t0 &= x1;    t1 &= x2;    t2 &= x3;    t3 &= x4;    t4 &= x0;
    x0 ^= t1;    x1 ^= t2;    x2 ^= t3;    x3 ^= t4;    x4 ^= t0;
    x1 ^= x0;    x0 ^= x4;    x3 ^= x2;    x2 =~ x2;
    // linear diffusion layer
    x0 ^= ROTR(x0, 19) ^ ROTR(x0, 28);
    x1 ^= ROTR(x1, 61) ^ ROTR(x1, 39);
    x2 ^= ROTR(x2,  1) ^ ROTR(x2,  6);
    x3 ^= ROTR(x3, 10) ^ ROTR(x3, 17);
    x4 ^= ROTR(x4,  7) ^ ROTR(x4, 41);
  }
  store64(S + 0, x0);
  store64(S + 8, x1);
  store64(S + 16, x2);
  store64(S + 24, x3);
  store64(S + 32, x4);
}

/* ---------------------------------------------------------------- */

void Ascon_ExtractBytes(const void *state, unsigned char *data, unsigned int offset, unsigned int length){
  assert(offset < 40);
  assert(offset+length <= 40);
  memcpy(data, (unsigned char*)state+offset, length);
}