ascon.c

#include "ascon.h"

#include "api.h"
#include "loadstore.h"
#include "permutations.h"
#include "printstate.h"

void process_data(state_t* s, uint8_t* out, const uint8_t* in, uint64_t len,
                  uint8_t mode);

void ascon_core(state_t* s, uint8_t* out, const uint8_t* in, uint64_t tlen,
                const uint8_t* ad, uint64_t adlen, const uint8_t* npub,
                const uint8_t* k, uint8_t mode) {
  word_t N0, N1, K0, K1, K2;
  /* load nonce */
  N0 = LOAD64(npub);
  N1 = LOAD64(npub + 8);
  /* load key */
  if (CRYPTO_KEYBYTES == 20) {
    K0 = KEYROT(WORD_T(0), LOAD(k, 4));
    k += 4;
  }
  K1 = LOAD64(k);
  K2 = LOAD64(k + 8);
  /* initialization */
  s->x0 = IV;
  if (CRYPTO_KEYBYTES == 20) XOR(s->x0, K0);
  s->x1 = K1;
  s->x2 = K2;
  s->x3 = N0;
  s->x4 = N1;
  P12(s);
  if (CRYPTO_KEYBYTES == 20) XOR(s->x2, K0);
  XOR(s->x3, K1);
  XOR(s->x4, K2);
  printstate("initialization", s);
  /* process associated data */
  if (adlen) {
    process_data(s, (void*)0, ad, adlen, ASCON_AD);
    PB(s);
  }
  XOR(s->x4, WORD_T(1));
  printstate("process associated data", s);
  /* process plaintext/ciphertext */
  process_data(s, out, in, tlen, mode);
  if (mode == ASCON_ENC) printstate("process plaintext", s);
  if (mode == ASCON_DEC) printstate("process ciphertext", s);
  /* finalization */
  if (CRYPTO_KEYBYTES == 16 && ASCON_RATE == 8) {
    XOR(s->x1, K1);
    XOR(s->x2, K2);
  }
  if (CRYPTO_KEYBYTES == 16 && ASCON_RATE == 16) {
    XOR(s->x2, K1);
    XOR(s->x3, K2);
  }
  if (CRYPTO_KEYBYTES == 20) {
    XOR(s->x1, KEYROT(K0, K1));
    XOR(s->x2, KEYROT(K1, K2));
    XOR(s->x3, KEYROT(K2, WORD_T(0)));
  }
  P12(s);
  XOR(s->x3, K1);
  XOR(s->x4, K2);
  printstate("finalization", s);
}