round.h 1.37 KB
Newer Older
Martin Schläffer committed
1 2 3 4 5 6
#ifndef ROUND_H_
#define ROUND_H_

#include "ascon.h"
#include "printstate.h"

Enrico Pozzobon committed
7
forceinline void KINIT(word_t* K0, word_t* K1, word_t* K2) {
Martin Schläffer committed
8 9 10 11 12
  *K0 = WORD_T(0);
  *K1 = WORD_T(0);
  *K2 = WORD_T(0);
}

Enrico Pozzobon committed
13
forceinline void PINIT(state_t* s) {
Martin Schläffer committed
14 15 16 17 18 19 20
  s->x0 = WORD_T(0);
  s->x1 = WORD_T(0);
  s->x2 = WORD_T(0);
  s->x3 = WORD_T(0);
  s->x4 = WORD_T(0);
}

Enrico Pozzobon committed
21 22
forceinline void ROUND(state_t* s, word_t C) {
  word_t xtemp;
Martin Schläffer committed
23
  /* round constant */
Martin Schläffer committed
24
  s->x2 = XOR(s->x2, C);
Martin Schläffer committed
25
  /* s-box layer */
Martin Schläffer committed
26 27 28
  s->x0 = XOR(s->x0, s->x4);
  s->x4 = XOR(s->x4, s->x3);
  s->x2 = XOR(s->x2, s->x1);
Enrico Pozzobon committed
29
  xtemp = AND(s->x0, NOT(s->x4));
Martin Schläffer committed
30 31 32 33
  s->x0 = XOR(s->x0, AND(s->x2, NOT(s->x1)));
  s->x2 = XOR(s->x2, AND(s->x4, NOT(s->x3)));
  s->x4 = XOR(s->x4, AND(s->x1, NOT(s->x0)));
  s->x1 = XOR(s->x1, AND(s->x3, NOT(s->x2)));
Enrico Pozzobon committed
34
  s->x3 = XOR(s->x3, xtemp);
Martin Schläffer committed
35 36 37
  s->x1 = XOR(s->x1, s->x0);
  s->x3 = XOR(s->x3, s->x2);
  s->x0 = XOR(s->x0, s->x4);
Martin Schläffer committed
38
  /* linear layer */
Enrico Pozzobon committed
39 40 41 42 43 44 45 46 47 48
  xtemp = XOR(s->x0, ROR(s->x0, 28 - 19));
  s->x0 = XOR(s->x0, ROR(xtemp, 19));
  xtemp = XOR(s->x1, ROR(s->x1, 61 - 39));
  s->x1 = XOR(s->x1, ROR(xtemp, 39));
  xtemp = XOR(s->x2, ROR(s->x2, 6 - 1));
  s->x2 = XOR(s->x2, ROR(xtemp, 1));
  xtemp = XOR(s->x3, ROR(s->x3, 17 - 10));
  s->x3 = XOR(s->x3, ROR(xtemp, 10));
  xtemp = XOR(s->x4, ROR(s->x4, 41 - 7));
  s->x4 = XOR(s->x4, ROR(xtemp, 7));
Martin Schläffer committed
49
  s->x2 = NOT(s->x2);
Martin Schläffer committed
50 51 52 53
  printstate(" round output", s);
}

#endif /* ROUND_H_ */