Commit c1af5db0 by Enrico Pozzobon

Finalists

parent 9c6d9e4a

Too many changes to show.

To preserve performance only 1000 of 1000+ files are displayed.

...@@ -22,15 +22,19 @@ ...@@ -22,15 +22,19 @@
forceinline void ascon_loadkey(word_t* K0, word_t* K1, word_t* K2, forceinline void ascon_loadkey(word_t* K0, word_t* K1, word_t* K2,
const uint8_t* k) { const uint8_t* k) {
KINIT(K0, K1, K2); KINIT(K0, K1, K2);
if (CRYPTO_KEYBYTES == 16) {
*K1 = XOR(*K1, LOAD(k, 8));
*K2 = XOR(*K2, LOAD(k + 8, 8));
}
if (CRYPTO_KEYBYTES == 20) { if (CRYPTO_KEYBYTES == 20) {
*K0 = XOR(*K0, KEYROT(WORD_T(0), LOAD(k, 4))); *K0 = XOR(*K0, KEYROT(WORD_T(0), LOADBYTES(k, 4)));
k += 4; *K1 = XOR(*K1, LOADBYTES(k + 4, 8));
*K2 = XOR(*K2, LOADBYTES(k + 12, 8));
} }
*K1 = XOR(*K1, LOAD(k, 8));
*K2 = XOR(*K2, LOAD(k + 8, 8));
} }
forceinline void ascon_init(state_t* s, const uint8_t* npub, const uint8_t* k) { forceinline void ascon_aeadinit(state_t* s, const uint8_t* npub,
const uint8_t* k) {
/* load nonce */ /* load nonce */
word_t N0 = LOAD(npub, 8); word_t N0 = LOAD(npub, 8);
word_t N1 = LOAD(npub + 8, 8); word_t N1 = LOAD(npub + 8, 8);
...@@ -39,9 +43,9 @@ forceinline void ascon_init(state_t* s, const uint8_t* npub, const uint8_t* k) { ...@@ -39,9 +43,9 @@ forceinline void ascon_init(state_t* s, const uint8_t* npub, const uint8_t* k) {
ascon_loadkey(&K0, &K1, &K2, k); ascon_loadkey(&K0, &K1, &K2, k);
/* initialize */ /* initialize */
PINIT(s); PINIT(s);
if (CRYPTO_KEYBYTES == 16 && ASCON_RATE == 8) if (CRYPTO_KEYBYTES == 16 && ASCON_AEAD_RATE == 8)
s->x0 = XOR(s->x0, ASCON_128_IV); s->x0 = XOR(s->x0, ASCON_128_IV);
if (CRYPTO_KEYBYTES == 16 && ASCON_RATE == 16) if (CRYPTO_KEYBYTES == 16 && ASCON_AEAD_RATE == 16)
s->x0 = XOR(s->x0, ASCON_128A_IV); s->x0 = XOR(s->x0, ASCON_128A_IV);
if (CRYPTO_KEYBYTES == 20) s->x0 = XOR(s->x0, ASCON_80PQ_IV); if (CRYPTO_KEYBYTES == 20) s->x0 = XOR(s->x0, ASCON_80PQ_IV);
if (CRYPTO_KEYBYTES == 20) s->x0 = XOR(s->x0, K0); if (CRYPTO_KEYBYTES == 20) s->x0 = XOR(s->x0, K0);
...@@ -58,23 +62,23 @@ forceinline void ascon_init(state_t* s, const uint8_t* npub, const uint8_t* k) { ...@@ -58,23 +62,23 @@ forceinline void ascon_init(state_t* s, const uint8_t* npub, const uint8_t* k) {
forceinline void ascon_adata(state_t* s, const uint8_t* ad, uint64_t adlen) { forceinline void ascon_adata(state_t* s, const uint8_t* ad, uint64_t adlen) {
const __m512i u64big = AVX512_SHUFFLE_U64BIG; const __m512i u64big = AVX512_SHUFFLE_U64BIG;
const int mask = (ASCON_RATE == 8) ? 0xff : 0xffff; const int mask = (ASCON_AEAD_RATE == 8) ? 0xff : 0xffff;
const int nr = (ASCON_RATE == 8) ? 6 : 8; const int nr = (ASCON_AEAD_RATE == 8) ? 6 : 8;
state_t r = *s, t; state_t r = *s, t;
if (adlen) { if (adlen) {
/* full associated data blocks */ /* full associated data blocks */
while (adlen >= ASCON_RATE) { while (adlen >= ASCON_AEAD_RATE) {
t.z = _mm512_maskz_loadu_epi8(mask, ad); t.z = _mm512_maskz_loadu_epi8(mask, ad);
t.z = _mm512_maskz_shuffle_epi8(mask, t.z, u64big); t.z = _mm512_maskz_shuffle_epi8(mask, t.z, u64big);
r.z = _mm512_xor_epi64(r.z, t.z); r.z = _mm512_xor_epi64(r.z, t.z);
P(&r, nr); P(&r, nr);
ad += ASCON_RATE; ad += ASCON_AEAD_RATE;
adlen -= ASCON_RATE; adlen -= ASCON_AEAD_RATE;
} }
*s = r; *s = r;
/* final associated data block */ /* final associated data block */
word_t* px = &s->x0; word_t* px = &s->x0;
if (ASCON_RATE == 16 && adlen >= 8) { if (ASCON_AEAD_RATE == 16 && adlen >= 8) {
s->x0 = XOR(s->x0, LOAD(ad, 8)); s->x0 = XOR(s->x0, LOAD(ad, 8));
px = &s->x1; px = &s->x1;
ad += 8; ad += 8;
...@@ -92,25 +96,25 @@ forceinline void ascon_adata(state_t* s, const uint8_t* ad, uint64_t adlen) { ...@@ -92,25 +96,25 @@ forceinline void ascon_adata(state_t* s, const uint8_t* ad, uint64_t adlen) {
forceinline void ascon_encrypt(state_t* s, uint8_t* c, const uint8_t* m, forceinline void ascon_encrypt(state_t* s, uint8_t* c, const uint8_t* m,
uint64_t mlen) { uint64_t mlen) {
const __m512i u64big = AVX512_SHUFFLE_U64BIG; const __m512i u64big = AVX512_SHUFFLE_U64BIG;
const int mask = (ASCON_RATE == 8) ? 0xff : 0xffff; const int mask = (ASCON_AEAD_RATE == 8) ? 0xff : 0xffff;
const int nr = (ASCON_RATE == 8) ? 6 : 8; const int nr = (ASCON_AEAD_RATE == 8) ? 6 : 8;
state_t r = *s, t; state_t r = *s, t;
/* full plaintext blocks */ /* full plaintext blocks */
while (mlen >= ASCON_RATE) { while (mlen >= ASCON_AEAD_RATE) {
t.z = _mm512_maskz_loadu_epi8(mask, m); t.z = _mm512_maskz_loadu_epi8(mask, m);
t.z = _mm512_maskz_shuffle_epi8(mask, t.z, u64big); t.z = _mm512_maskz_shuffle_epi8(mask, t.z, u64big);
r.z = _mm512_xor_epi64(r.z, t.z); r.z = _mm512_xor_epi64(r.z, t.z);
t.z = _mm512_maskz_shuffle_epi8(mask, r.z, u64big); t.z = _mm512_maskz_shuffle_epi8(mask, r.z, u64big);
_mm512_mask_storeu_epi8(c, mask, t.z); _mm512_mask_storeu_epi8(c, mask, t.z);
P(&r, nr); P(&r, nr);
m += ASCON_RATE; m += ASCON_AEAD_RATE;
c += ASCON_RATE; c += ASCON_AEAD_RATE;
mlen -= ASCON_RATE; mlen -= ASCON_AEAD_RATE;
} }
*s = r; *s = r;
/* final plaintext block */ /* final plaintext block */
word_t* px = &s->x0; word_t* px = &s->x0;
if (ASCON_RATE == 16 && mlen >= 8) { if (ASCON_AEAD_RATE == 16 && mlen >= 8) {
s->x0 = XOR(s->x0, LOAD(m, 8)); s->x0 = XOR(s->x0, LOAD(m, 8));
STORE(c, s->x0, 8); STORE(c, s->x0, 8);
px = &s->x1; px = &s->x1;
...@@ -129,11 +133,11 @@ forceinline void ascon_encrypt(state_t* s, uint8_t* c, const uint8_t* m, ...@@ -129,11 +133,11 @@ forceinline void ascon_encrypt(state_t* s, uint8_t* c, const uint8_t* m,
forceinline void ascon_decrypt(state_t* s, uint8_t* m, const uint8_t* c, forceinline void ascon_decrypt(state_t* s, uint8_t* m, const uint8_t* c,
uint64_t clen) { uint64_t clen) {
const __m512i u64big = AVX512_SHUFFLE_U64BIG; const __m512i u64big = AVX512_SHUFFLE_U64BIG;
const int mask = (ASCON_RATE == 8) ? 0xff : 0xffff; const int mask = (ASCON_AEAD_RATE == 8) ? 0xff : 0xffff;
const int nr = (ASCON_RATE == 8) ? 6 : 8; const int nr = (ASCON_AEAD_RATE == 8) ? 6 : 8;
state_t r = *s, t, u; state_t r = *s, t, u;
/* full ciphertext blocks */ /* full ciphertext blocks */
while (clen >= ASCON_RATE) { while (clen >= ASCON_AEAD_RATE) {
t.z = _mm512_maskz_loadu_epi8(mask, c); t.z = _mm512_maskz_loadu_epi8(mask, c);
t.z = _mm512_maskz_shuffle_epi8(mask, t.z, u64big); t.z = _mm512_maskz_shuffle_epi8(mask, t.z, u64big);
r.z = _mm512_xor_epi64(r.z, t.z); r.z = _mm512_xor_epi64(r.z, t.z);
...@@ -141,14 +145,14 @@ forceinline void ascon_decrypt(state_t* s, uint8_t* m, const uint8_t* c, ...@@ -141,14 +145,14 @@ forceinline void ascon_decrypt(state_t* s, uint8_t* m, const uint8_t* c,
r.z = _mm512_mask_blend_epi8(mask, r.z, t.z); r.z = _mm512_mask_blend_epi8(mask, r.z, t.z);
_mm512_mask_storeu_epi8(m, mask, u.z); _mm512_mask_storeu_epi8(m, mask, u.z);
P(&r, nr); P(&r, nr);
m += ASCON_RATE; m += ASCON_AEAD_RATE;
c += ASCON_RATE; c += ASCON_AEAD_RATE;
clen -= ASCON_RATE; clen -= ASCON_AEAD_RATE;
} }
*s = r; *s = r;
/* final ciphertext block */ /* final ciphertext block */
word_t* px = &s->x0; word_t* px = &s->x0;
if (ASCON_RATE == 16 && clen >= 8) { if (ASCON_AEAD_RATE == 16 && clen >= 8) {
word_t cx = LOAD(c, 8); word_t cx = LOAD(c, 8);
s->x0 = XOR(s->x0, cx); s->x0 = XOR(s->x0, cx);
STORE(m, s->x0, 8); STORE(m, s->x0, 8);
...@@ -174,11 +178,11 @@ forceinline void ascon_final(state_t* s, const uint8_t* k) { ...@@ -174,11 +178,11 @@ forceinline void ascon_final(state_t* s, const uint8_t* k) {
word_t K0, K1, K2; word_t K0, K1, K2;
ascon_loadkey(&K0, &K1, &K2, k); ascon_loadkey(&K0, &K1, &K2, k);
/* finalize */ /* finalize */
if (CRYPTO_KEYBYTES == 16 && ASCON_RATE == 8) { if (CRYPTO_KEYBYTES == 16 && ASCON_AEAD_RATE == 8) {
s->x1 = XOR(s->x1, K1); s->x1 = XOR(s->x1, K1);
s->x2 = XOR(s->x2, K2); s->x2 = XOR(s->x2, K2);
} }
if (CRYPTO_KEYBYTES == 16 && ASCON_RATE == 16) { if (CRYPTO_KEYBYTES == 16 && ASCON_AEAD_RATE == 16) {
s->x2 = XOR(s->x2, K1); s->x2 = XOR(s->x2, K1);
s->x3 = XOR(s->x3, K2); s->x3 = XOR(s->x3, K2);
} }
...@@ -202,7 +206,7 @@ int crypto_aead_encrypt(unsigned char* c, unsigned long long* clen, ...@@ -202,7 +206,7 @@ int crypto_aead_encrypt(unsigned char* c, unsigned long long* clen,
(void)nsec; (void)nsec;
*clen = mlen + CRYPTO_ABYTES; *clen = mlen + CRYPTO_ABYTES;
/* perform ascon computation */ /* perform ascon computation */
ascon_init(&s, npub, k); ascon_aeadinit(&s, npub, k);
ascon_adata(&s, ad, adlen); ascon_adata(&s, ad, adlen);
ascon_encrypt(&s, c, m, mlen); ascon_encrypt(&s, c, m, mlen);
ascon_final(&s, k); ascon_final(&s, k);
...@@ -222,7 +226,7 @@ int crypto_aead_decrypt(unsigned char* m, unsigned long long* mlen, ...@@ -222,7 +226,7 @@ int crypto_aead_decrypt(unsigned char* m, unsigned long long* mlen,
if (clen < CRYPTO_ABYTES) return -1; if (clen < CRYPTO_ABYTES) return -1;
*mlen = clen = clen - CRYPTO_ABYTES; *mlen = clen = clen - CRYPTO_ABYTES;
/* perform ascon computation */ /* perform ascon computation */
ascon_init(&s, npub, k); ascon_aeadinit(&s, npub, k);
ascon_adata(&s, ad, adlen); ascon_adata(&s, ad, adlen);
ascon_decrypt(&s, m, c, clen); ascon_decrypt(&s, m, c, clen);
ascon_final(&s, k); ascon_final(&s, k);
......
#define CRYPTO_VERSION "1.2.4" #define CRYPTO_VERSION "1.2.5"
#define CRYPTO_KEYBYTES 16 #define CRYPTO_KEYBYTES 16
#define CRYPTO_NSECBYTES 0 #define CRYPTO_NSECBYTES 0
#define CRYPTO_NPUBBYTES 16 #define CRYPTO_NPUBBYTES 16
#define CRYPTO_ABYTES 16 #define CRYPTO_ABYTES 16
#define CRYPTO_NOOVERLAP 1 #define CRYPTO_NOOVERLAP 1
#define ASCON_RATE 16 #define ASCON_AEAD_RATE 16
...@@ -13,7 +13,7 @@ typedef union { ...@@ -13,7 +13,7 @@ typedef union {
}; };
} state_t; } state_t;
void ascon_init(state_t* s, const uint8_t* npub, const uint8_t* k); void ascon_aeadinit(state_t* s, const uint8_t* npub, const uint8_t* k);
void ascon_adata(state_t* s, const uint8_t* ad, uint64_t adlen); void ascon_adata(state_t* s, const uint8_t* ad, uint64_t adlen);
void ascon_encrypt(state_t* s, uint8_t* c, const uint8_t* m, uint64_t mlen); void ascon_encrypt(state_t* s, uint8_t* c, const uint8_t* m, uint64_t mlen);
void ascon_decrypt(state_t* s, uint8_t* m, const uint8_t* c, uint64_t clen); void ascon_decrypt(state_t* s, uint8_t* m, const uint8_t* c, uint64_t clen);
......
...@@ -15,18 +15,29 @@ ...@@ -15,18 +15,29 @@
#define ASCON_128_RATE 8 #define ASCON_128_RATE 8
#define ASCON_128A_RATE 16 #define ASCON_128A_RATE 16
#define ASCON_HASH_RATE 8
#define ASCON_128_PA_ROUNDS 12 #define ASCON_128_PA_ROUNDS 12
#define ASCON_128_PB_ROUNDS 6 #define ASCON_128_PB_ROUNDS 6
#define ASCON_128A_PA_ROUNDS 12
#define ASCON_128A_PB_ROUNDS 8 #define ASCON_128A_PB_ROUNDS 8
#define ASCON_HASH_PA_ROUNDS 12
#define ASCON_HASH_PB_ROUNDS 12
#define ASCON_HASHA_PA_ROUNDS 12
#define ASCON_HASHA_PB_ROUNDS 8
#define ASCON_HASH_BYTES 32 #define ASCON_HASH_BYTES 32
#define ASCON_128_IV WORD_T(0x80400c0600000000) #define ASCON_128_IV WORD_T(0x80400c0600000000ull)
#define ASCON_128A_IV WORD_T(0x80800c0800000000) #define ASCON_128A_IV WORD_T(0x80800c0800000000ull)
#define ASCON_80PQ_IV WORD_T(0xa0400c0600000000) #define ASCON_80PQ_IV WORD_T(0xa0400c0600000000ull)
#define ASCON_HASH_IV WORD_T(0x00400c0000000100) #define ASCON_HASH_IV WORD_T(0x00400c0000000100ull)
#define ASCON_XOF_IV WORD_T(0x00400c0000000000) #define ASCON_HASHA_IV WORD_T(0x00400c0400000100ull)
#define ASCON_XOF_IV WORD_T(0x00400c0000000000ull)
#define ASCON_XOFA_IV WORD_T(0x00400c0400000000ull)
#define ASCON_HASH_IV0 WORD_T(0xee9398aadb67f03dull) #define ASCON_HASH_IV0 WORD_T(0xee9398aadb67f03dull)
#define ASCON_HASH_IV1 WORD_T(0x8bb21831c60f1002ull) #define ASCON_HASH_IV1 WORD_T(0x8bb21831c60f1002ull)
...@@ -34,12 +45,24 @@ ...@@ -34,12 +45,24 @@
#define ASCON_HASH_IV3 WORD_T(0x43189921b8f8e3e8ull) #define ASCON_HASH_IV3 WORD_T(0x43189921b8f8e3e8ull)
#define ASCON_HASH_IV4 WORD_T(0x348fa5c9d525e140ull) #define ASCON_HASH_IV4 WORD_T(0x348fa5c9d525e140ull)
#define ASCON_HASHA_IV0 WORD_T(0x01470194fc6528a6ull)
#define ASCON_HASHA_IV1 WORD_T(0x738ec38ac0adffa7ull)
#define ASCON_HASHA_IV2 WORD_T(0x2ec8e3296c76384cull)
#define ASCON_HASHA_IV3 WORD_T(0xd6f6a54d7f52377dull)
#define ASCON_HASHA_IV4 WORD_T(0xa13c42a223be8d87ull)
#define ASCON_XOF_IV0 WORD_T(0xb57e273b814cd416ull) #define ASCON_XOF_IV0 WORD_T(0xb57e273b814cd416ull)
#define ASCON_XOF_IV1 WORD_T(0x2b51042562ae2420ull) #define ASCON_XOF_IV1 WORD_T(0x2b51042562ae2420ull)
#define ASCON_XOF_IV2 WORD_T(0x66a3a7768ddf2218ull) #define ASCON_XOF_IV2 WORD_T(0x66a3a7768ddf2218ull)
#define ASCON_XOF_IV3 WORD_T(0x5aad0a7a8153650cull) #define ASCON_XOF_IV3 WORD_T(0x5aad0a7a8153650cull)
#define ASCON_XOF_IV4 WORD_T(0x4f3e0e32539493b6ull) #define ASCON_XOF_IV4 WORD_T(0x4f3e0e32539493b6ull)
#define ASCON_XOFA_IV0 WORD_T(0x44906568b77b9832ull)
#define ASCON_XOFA_IV1 WORD_T(0xcd8d6cae53455532ull)
#define ASCON_XOFA_IV2 WORD_T(0xf7b5212756422129ull)
#define ASCON_XOFA_IV3 WORD_T(0x246885e1de0d225bull)
#define ASCON_XOFA_IV4 WORD_T(0xa8cb5ce33449973full)
#define START(n) ((3 + (n)) << 4 | (12 - (n))) #define START(n) ((3 + (n)) << 4 | (12 - (n)))
#define RC(c) WORD_T(c) #define RC(c) WORD_T(c)
......
#define CRYPTO_VERSION "1.2.5"
#define CRYPTO_KEYBYTES 16 #define CRYPTO_KEYBYTES 16
#define CRYPTO_NSECBYTES 0 #define CRYPTO_NSECBYTES 0
#define CRYPTO_NPUBBYTES 16 #define CRYPTO_NPUBBYTES 16
#define CRYPTO_ABYTES 16 #define CRYPTO_ABYTES 16
#define CRYPTO_NOOVERLAP 1 #define CRYPTO_NOOVERLAP 1
#define ASCON_RATE 16 #define ASCON_AEAD_RATE 16
...@@ -3,15 +3,14 @@ ...@@ -3,15 +3,14 @@
#include <stdint.h> #include <stdint.h>
#include "config.h"
#include "word.h" #include "word.h"
typedef struct { typedef struct {
word_t x0, x1, x2, x3, x4; word_t x0, x1, x2, x3, x4;
} state_t; } state_t;
void ascon_init(state_t* s, const uint8_t* npub, const uint8_t* k); void ascon_aeadinit(state_t* s, const uint8_t* npub, const uint8_t* k);
void ascon_absorb(state_t* s, const uint8_t* ad, uint64_t adlen); void ascon_adata(state_t* s, const uint8_t* ad, uint64_t adlen);
void ascon_encrypt(state_t* s, uint8_t* c, const uint8_t* m, uint64_t mlen); void ascon_encrypt(state_t* s, uint8_t* c, const uint8_t* m, uint64_t mlen);
void ascon_decrypt(state_t* s, uint8_t* m, const uint8_t* c, uint64_t clen); void ascon_decrypt(state_t* s, uint8_t* m, const uint8_t* c, uint64_t clen);
void ascon_final(state_t* s, const uint8_t* k); void ascon_final(state_t* s, const uint8_t* k);
......
#ifndef CONFIG_H_ #ifndef CONFIG_H_
#define CONFIG_H_ #define CONFIG_H_
/* inline the Ascon mode */ /* inline the ascon mode */
#ifndef ASCON_INLINE_MODE #ifndef ASCON_INLINE_MODE
#define ASCON_INLINE_MODE 1 #define ASCON_INLINE_MODE 1
#endif #endif
/* inline the Ascon permutations */ /* inline all permutations */
#ifndef ASCON_INLINE_PERM #ifndef ASCON_INLINE_PERM
#define ASCON_INLINE_PERM 0 #define ASCON_INLINE_PERM 0
#endif #endif