ascon.c
Go to the documentation of this file.
1 /**
2  * @file ascon.c
3  * @brief Ascon-Based lightweight cryptography
4  *
5  * @section License
6  *
7  * SPDX-License-Identifier: GPL-2.0-or-later
8  *
9  * Copyright (C) 2010-2025 Oryx Embedded SARL. All rights reserved.
10  *
11  * This file is part of CycloneCRYPTO Open.
12  *
13  * This program is free software; you can redistribute it and/or
14  * modify it under the terms of the GNU General Public License
15  * as published by the Free Software Foundation; either version 2
16  * of the License, or (at your option) any later version.
17  *
18  * This program is distributed in the hope that it will be useful,
19  * but WITHOUT ANY WARRANTY; without even the implied warranty of
20  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21  * GNU General Public License for more details.
22  *
23  * You should have received a copy of the GNU General Public License
24  * along with this program; if not, write to the Free Software Foundation,
25  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
26  *
27  * @section Description
28  *
29  * Ascon is a family of lightweight cryptographic algorithms: an AEAD
30  * algorithm (Ascon-AEAD128), a hash function (Ascon-Hash256), an XOF function
31  * (Ascon-XOF128) and a customized XOF function (Ascon-CXOF128). The Ascon
32  * family is designed to operate efficiently in constrained environments. Refer
33  * to NIST SP 800-232 for more details
34  *
35  * @author Oryx Embedded SARL (www.oryx-embedded.com)
36  * @version 2.5.0
37  **/
38 
39 //Switch to the appropriate trace level
40 #define TRACE_LEVEL CRYPTO_TRACE_LEVEL
41 
42 //Dependencies
43 #include "core/crypto.h"
44 #include "lwc/ascon.h"
45 
46 //Check crypto library configuration
47 #if (ASCON_AEAD128_SUPPORT == ENABLED || ASCON_HASH256_SUPPORT == ENABLED || \
48  ASCON_XOF128_SUPPORT == ENABLED || ASCON_CXOF128_SUPPORT == ENABLED)
49 
50 //Round constants
51 static const uint8_t rc[16] =
52 {
53  0x3C, 0x2D, 0x1E, 0x0F, 0xF0, 0xE1, 0xD2, 0xC3, 0xB4, 0xA5, 0x96, 0x87, 0x78, 0x69, 0x5A, 0x4B
54 };
55 
56 
57 /**
58  * @brief Ascon-p[rnd] permutation
59  * @param[in,out] s Ascon state
60  * @param[in] nr Number of rounds to be applied (1 to 16)
61  **/
62 
63 void asconP(AsconState *s, uint_t nr)
64 {
65  uint_t i;
66  uint32_t w1;
67  uint32_t w2;
68 
69  //The standard specifies additional Ascon permutations by providing round
70  //constants for up to 16 rounds to accommodate potential functionality
71  //extensions in the future
72  for(i = 16 - nr; i < 16; i++)
73  {
74  //Constant addition layer (PC)
75  s->x[4] ^= rc[i];
76 
77  //Substitution layer (PS)
78  s->x[0] ^= s->x[8];
79  s->x[1] ^= s->x[9];
80  s->x[8] ^= s->x[6];
81  s->x[9] ^= s->x[7];
82  s->x[4] ^= s->x[2];
83  s->x[5] ^= s->x[3];
84 
85  w1 = s->x[0] & ~s->x[8];
86  w2 = s->x[1] & ~s->x[9];
87  s->x[0] ^= s->x[4] & ~s->x[2];
88  s->x[1] ^= s->x[5] & ~s->x[3];
89  s->x[4] ^= s->x[8] & ~s->x[6];
90  s->x[5] ^= s->x[9] & ~s->x[7];
91  s->x[8] ^= s->x[2] & ~s->x[0];
92  s->x[9] ^= s->x[3] & ~s->x[1];
93  s->x[2] ^= s->x[6] & ~s->x[4];
94  s->x[3] ^= s->x[7] & ~s->x[5];
95  s->x[6] ^= w1;
96  s->x[7] ^= w2;
97 
98  s->x[2] ^= s->x[0];
99  s->x[3] ^= s->x[1];
100  s->x[0] ^= s->x[8];
101  s->x[1] ^= s->x[9];
102  s->x[6] ^= s->x[4];
103  s->x[7] ^= s->x[5];
104  s->x[4] = ~s->x[4];
105  s->x[5] = ~s->x[5];
106 
107  //Linear diffusion layer (PL)
108  w1 = s->x[0];
109  w2 = s->x[1];
110  s->x[0] = w1 ^ (w1 >> 19) ^ (w2 << 13) ^ (w1 >> 28) ^ (w2 << 4);
111  s->x[1] = w2 ^ (w2 >> 19) ^ (w1 << 13) ^ (w2 >> 28) ^ (w1 << 4);
112 
113  w1 = s->x[2];
114  w2 = s->x[3];
115  s->x[2] = w1 ^ (w2 >> 29) ^ (w1 << 3) ^ (w2 >> 7) ^ (w1 << 25);
116  s->x[3] = w2 ^ (w1 >> 29) ^ (w2 << 3) ^ (w1 >> 7) ^ (w2 << 25);
117 
118  w1 = s->x[4];
119  w2 = s->x[5];
120  s->x[4] = w1 ^ (w1 >> 1) ^ (w2 << 31) ^ (w1 >> 6) ^ (w2 << 26);
121  s->x[5] = w2 ^ (w2 >> 1) ^ (w1 << 31) ^ (w2 >> 6) ^ (w1 << 26);
122 
123  w1 = s->x[6];
124  w2 = s->x[7];
125  s->x[6] = w1 ^ (w1 >> 10) ^ (w2 << 22) ^ (w1 >> 17) ^ (w2 << 15);
126  s->x[7] = w2 ^ (w2 >> 10) ^ (w1 << 22) ^ (w2 >> 17) ^ (w1 << 15);
127 
128  w1 = s->x[8];
129  w2 = s->x[9];
130  s->x[8] = w1 ^ (w1 >> 7) ^ (w2 << 25) ^ (w2 >> 9) ^ (w1 << 23);
131  s->x[9] = w2 ^ (w2 >> 7) ^ (w1 << 25) ^ (w1 >> 9) ^ (w2 << 23);
132  }
133 }
134 
135 #endif
AsconState
Ascon state.
Definition: ascon.h:48
ascon.h
Ascon-Based lightweight cryptography.
crypto.h
General definitions for cryptographic algorithms.
s
uint8_t s
Definition: igmp_common.h:234
uint_t
unsigned int uint_t
Definition: compiler_port.h:57
asconP
void asconP(AsconState *s, uint_t nr)
Ascon-p[rnd] permutation.
Definition: ascon.c:63