aead.c

#include "api.h"
#include "ascon.h"
#include "permutations.h"
#include "printstate.h"

void process_data(state_t* s, uint8_t* out, const uint8_t* in, uint64_t len,
                  uint8_t mode);

void ascon_core(state_t* s, uint8_t* out, const uint8_t* in, uint64_t tlen,
                const uint8_t* ad, uint64_t adlen, const uint8_t* npub,
                const uint8_t* k, uint8_t mode) {
  word_t K0, K1, K2;
  /* load key */
  if (CRYPTO_KEYBYTES == 20) {
    K0 = KEYROT(WORD_T(0), LOAD(k, 4));
    k += 4;
  }
  K1 = LOAD64(k);
  K2 = LOAD64(k + 8);
  /* initialization */
  s->x0 = IV;
  if (CRYPTO_KEYBYTES == 20) s->x0 = XOR(s->x0, K0);
  s->x1 = K1;
  s->x2 = K2;
  s->x3 = LOAD64(npub);
  s->x4 = LOAD64(npub + 8);
  P12(s);
  if (CRYPTO_KEYBYTES == 20) s->x2 = XOR(s->x2, K0);
  s->x3 = XOR(s->x3, K1);
  s->x4 = XOR(s->x4, K2);
  printstate("initialization", s);
  /* process associated data */
  if (adlen) {
    process_data(s, (void*)0, ad, adlen, ASCON_ABSORB);
    PB(s);
  }
  s->x4 = XOR(s->x4, WORD_T(1));
  printstate("process associated data", s);
  /* process plaintext/ciphertext */
  process_data(s, out, in, tlen, mode);
  if (mode == ASCON_ENCRYPT) printstate("process plaintext", s);
  if (mode == ASCON_DECRYPT) printstate("process ciphertext", s);
  /* finalization */
  if (CRYPTO_KEYBYTES == 16 && ASCON_RATE == 8) {
    s->x1 = XOR(s->x1, K1);
    s->x2 = XOR(s->x2, K2);
  }
  if (CRYPTO_KEYBYTES == 16 && ASCON_RATE == 16) {
    s->x2 = XOR(s->x2, K1);
    s->x3 = XOR(s->x3, K2);
  }
  if (CRYPTO_KEYBYTES == 20) {
    s->x1 = XOR(s->x1, KEYROT(K0, K1));
    s->x2 = XOR(s->x2, KEYROT(K1, K2));
    s->x3 = XOR(s->x3, KEYROT(K2, WORD_T(0)));
  }
  P12(s);
  s->x3 = XOR(s->x3, K1);
  s->x4 = XOR(s->x4, K2);
  printstate("finalization", s);
}