hash.c 1.01 KB
Newer Older
Martin Schläffer committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51
#include "api.h"
#include "ascon.h"
#include "loadstore.h"
#include "permutations.h"
#include "printstate.h"

int crypto_hash(uint8_t* out, const uint8_t* in, uint64_t len) {
  state_t s;

  /* initialization */
#ifdef ASCON_HASH
  s.x0 = ASCON_HASH_IV0;
  s.x1 = ASCON_HASH_IV1;
  s.x2 = ASCON_HASH_IV2;
  s.x3 = ASCON_HASH_IV3;
  s.x4 = ASCON_HASH_IV4;
#endif
#ifdef ASCON_XOF
  s.x0 = ASCON_XOF_IV0;
  s.x1 = ASCON_XOF_IV1;
  s.x2 = ASCON_XOF_IV2;
  s.x3 = ASCON_XOF_IV3;
  s.x4 = ASCON_XOF_IV4;
#endif
  printstate("initialization", &s);

  /* absorb plaintext */
  while (len >= ASCON_RATE) {
    XOR(s.x0, LOAD64(in));
    P12(&s);
    in += ASCON_RATE;
    len -= ASCON_RATE;
  }
  if (len) XOR(s.x0, LOAD(in, len));
  XOR(s.x0, PAD(len));
  P12(&s);
  printstate("absorb plaintext", &s);

  /* squeeze output */
  len = CRYPTO_BYTES;
  while (len > ASCON_RATE) {
    STORE64(out, s.x0);
    P12(&s);
    out += ASCON_RATE;
    len -= ASCON_RATE;
  }
  STORE64(out, s.x0);
  printstate("squeeze output", &s);

  return 0;
}