mirror of
https://github.com/vlang/v.git
synced 2025-09-13 22:42:26 +03:00
x.crypto.ascon: ascon_pnr revert to previous one and change to use an enum
This commit is contained in:
blackshirt
parent
f487cb77c1
commit
afdf137ffb
5 changed files with 38 additions and 37 deletions
|
|
@ -181,7 +181,7 @@ pub fn (mut c Aead128) encrypt(msg []u8, nonce []u8, ad []u8) ![]u8 {
|
||||||
c.State.e4 = n1
|
c.State.e4 = n1
|
||||||
|
|
||||||
// Update state by permutation
|
// Update state by permutation
|
||||||
ascon_pnr(mut c.State, ascon_prnd_12)
|
ascon_pnr(mut c.State, .ascon_prnd_12)
|
||||||
// XOR-ing with the cipher's key
|
// XOR-ing with the cipher's key
|
||||||
c.State.e3 ^= c.key[0]
|
c.State.e3 ^= c.key[0]
|
||||||
c.State.e4 ^= c.key[1]
|
c.State.e4 ^= c.key[1]
|
||||||
|
|
@ -229,7 +229,7 @@ pub fn (mut c Aead128) decrypt(ciphertext []u8, nonce []u8, ad []u8) ![]u8 {
|
||||||
c.State.e4 = n1
|
c.State.e4 = n1
|
||||||
|
|
||||||
// scrambled with permutation routine
|
// scrambled with permutation routine
|
||||||
ascon_pnr(mut c.State, ascon_prnd_12)
|
ascon_pnr(mut c.State, .ascon_prnd_12)
|
||||||
// xor-ing with the cipher's key
|
// xor-ing with the cipher's key
|
||||||
c.State.e3 ^= c.key[0]
|
c.State.e3 ^= c.key[0]
|
||||||
c.State.e4 ^= c.key[1]
|
c.State.e4 ^= c.key[1]
|
||||||
|
|
@ -288,7 +288,7 @@ fn aead128_init(mut s State, key []u8, nonce []u8) (u64, u64) {
|
||||||
s.e4 = n1
|
s.e4 = n1
|
||||||
|
|
||||||
// updates State using the permutation 𝐴𝑠𝑐𝑜𝑛-𝑝[12], S ← 𝐴𝑠𝑐𝑜𝑛-𝑝[12](S)
|
// updates State using the permutation 𝐴𝑠𝑐𝑜𝑛-𝑝[12], S ← 𝐴𝑠𝑐𝑜𝑛-𝑝[12](S)
|
||||||
ascon_pnr(mut s, ascon_prnd_12)
|
ascon_pnr(mut s, .ascon_prnd_12)
|
||||||
|
|
||||||
// Then XORing the secret key 𝐾 into the last 128 bits of internal state:
|
// Then XORing the secret key 𝐾 into the last 128 bits of internal state:
|
||||||
// S ← S ⊕ (0¹⁹² ∥ 𝐾).
|
// S ← S ⊕ (0¹⁹² ∥ 𝐾).
|
||||||
|
|
@ -312,7 +312,7 @@ fn aead128_process_ad(mut s State, ad []u8) {
|
||||||
s.e1 ^= binary.little_endian_u64(block[8..16])
|
s.e1 ^= binary.little_endian_u64(block[8..16])
|
||||||
|
|
||||||
// Apply permutation 𝐴𝑠𝑐𝑜𝑛-𝑝[8] to the state
|
// Apply permutation 𝐴𝑠𝑐𝑜𝑛-𝑝[8] to the state
|
||||||
ascon_pnr(mut s, ascon_prnd_8)
|
ascon_pnr(mut s, .ascon_prnd_8)
|
||||||
// Updates index
|
// Updates index
|
||||||
ad_length -= aead128_block_size
|
ad_length -= aead128_block_size
|
||||||
ad_idx += aead128_block_size
|
ad_idx += aead128_block_size
|
||||||
|
|
@ -339,7 +339,7 @@ fn aead128_process_ad(mut s State, ad []u8) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
// Apply permutation 𝐴𝑠𝑐𝑜𝑛-𝑝[8] to the state
|
// Apply permutation 𝐴𝑠𝑐𝑜𝑛-𝑝[8] to the state
|
||||||
ascon_pnr(mut s, ascon_prnd_8)
|
ascon_pnr(mut s, .ascon_prnd_8)
|
||||||
}
|
}
|
||||||
// The final step of processing associated data is to update the state
|
// The final step of processing associated data is to update the state
|
||||||
// with a constant that provides domain separation.
|
// with a constant that provides domain separation.
|
||||||
|
|
@ -361,7 +361,7 @@ fn aead128_process_msg(mut out []u8, mut s State, msg []u8) int {
|
||||||
binary.little_endian_put_u64(mut out[pos..pos + 8], s.e0)
|
binary.little_endian_put_u64(mut out[pos..pos + 8], s.e0)
|
||||||
binary.little_endian_put_u64(mut out[pos + 8..], s.e1)
|
binary.little_endian_put_u64(mut out[pos + 8..], s.e1)
|
||||||
// apply permutation
|
// apply permutation
|
||||||
ascon_pnr(mut s, ascon_prnd_8)
|
ascon_pnr(mut s, .ascon_prnd_8)
|
||||||
|
|
||||||
// updates index
|
// updates index
|
||||||
mlen -= aead128_block_size
|
mlen -= aead128_block_size
|
||||||
|
|
@ -413,7 +413,7 @@ fn aead128_partial_dec(mut out []u8, mut s State, cmsg []u8) {
|
||||||
s.e0 = c0
|
s.e0 = c0
|
||||||
s.e1 = c1
|
s.e1 = c1
|
||||||
|
|
||||||
ascon_pnr(mut s, ascon_prnd_8)
|
ascon_pnr(mut s, .ascon_prnd_8)
|
||||||
// updates index
|
// updates index
|
||||||
pos += aead128_block_size
|
pos += aead128_block_size
|
||||||
cmsg_len -= aead128_block_size
|
cmsg_len -= aead128_block_size
|
||||||
|
|
@ -448,7 +448,7 @@ fn aead128_finalize(mut s State, k0 u64, k1 u64) {
|
||||||
s.e2 ^= k0
|
s.e2 ^= k0
|
||||||
s.e3 ^= k1
|
s.e3 ^= k1
|
||||||
// then updated using the permutation 𝐴𝑠𝑐𝑜𝑛-𝑝[12]
|
// then updated using the permutation 𝐴𝑠𝑐𝑜𝑛-𝑝[12]
|
||||||
ascon_pnr(mut s, ascon_prnd_12)
|
ascon_pnr(mut s, .ascon_prnd_12)
|
||||||
|
|
||||||
// Finally, the tag 𝑇 is generated by XORing the key with the last 128 bits of the state:
|
// Finally, the tag 𝑇 is generated by XORing the key with the last 128 bits of the state:
|
||||||
// 𝑇 ← 𝑆[192∶319] ⊕ 𝐾.
|
// 𝑇 ← 𝑆[192∶319] ⊕ 𝐾.
|
||||||
|
|
|
||||||
|
|
@ -11,8 +11,11 @@ module ascon
|
||||||
const max_nr_perm = 16
|
const max_nr_perm = 16
|
||||||
|
|
||||||
// The number how many round(s) for the Ascon permutation routine called.
|
// The number how many round(s) for the Ascon permutation routine called.
|
||||||
const ascon_prnd_8 = 8
|
enum PrndEnum {
|
||||||
const ascon_prnd_12 = 12
|
ascon_prnd_6 = 6
|
||||||
|
ascon_prnd_8 = 8
|
||||||
|
ascon_prnd_12 = 12
|
||||||
|
}
|
||||||
|
|
||||||
// The constants to derive round constants of the Ascon permutations
|
// The constants to derive round constants of the Ascon permutations
|
||||||
// See Table 5. of NIST SP 800-232 docs
|
// See Table 5. of NIST SP 800-232 docs
|
||||||
|
|
@ -36,15 +39,12 @@ const rnc = [u8(0x3c), 0x2d, 0x1e, 0x0f, 0xf0, 0xe1, 0xd2, 0xc3, 0xb4, 0xa5, 0x9
|
||||||
// 2. the substitution layer (see Sec.3.3), and,
|
// 2. the substitution layer (see Sec.3.3), and,
|
||||||
// 3. the linear diffusion layer (Sec 3.4)
|
// 3. the linear diffusion layer (Sec 3.4)
|
||||||
@[direct_array_access]
|
@[direct_array_access]
|
||||||
fn ascon_pnr(mut s State, nr int) {
|
fn ascon_pnr(mut s State, nr PrndEnum) {
|
||||||
// We dont allow nr == 0
|
|
||||||
if nr < 1 || nr > 16 {
|
|
||||||
panic('Invalid round number')
|
|
||||||
}
|
|
||||||
// Allocate temporary vars to reduce allocation within loop
|
// Allocate temporary vars to reduce allocation within loop
|
||||||
mut x0 := u64(0)
|
mut x0 := u64(0)
|
||||||
|
mut y0 := u64(0)
|
||||||
// Ascon permutation routine
|
// Ascon permutation routine
|
||||||
for i := max_nr_perm - nr; i < max_nr_perm; i++ {
|
for i := max_nr_perm - int(nr); i < max_nr_perm; i++ {
|
||||||
// 3.2 Constant-Addition Layer step
|
// 3.2 Constant-Addition Layer step
|
||||||
//
|
//
|
||||||
// The constant-addition layer adds a 64-bit round constant 𝑐𝑖
|
// The constant-addition layer adds a 64-bit round constant 𝑐𝑖
|
||||||
|
|
@ -59,14 +59,15 @@ fn ascon_pnr(mut s State, nr int) {
|
||||||
s.e4 ^= s.e3
|
s.e4 ^= s.e3
|
||||||
s.e2 ^= s.e1
|
s.e2 ^= s.e1
|
||||||
|
|
||||||
// Set temp var to value
|
// Set temp vars to values
|
||||||
x0 = s.e0 & ~s.e4
|
x0 = s.e0
|
||||||
|
y0 = s.e4 ^ (~s.e0 & s.e1)
|
||||||
|
|
||||||
s.e0 ^= s.e2 & ~s.e1
|
s.e0 = s.e0 ^ (~s.e1 & s.e2) // t1
|
||||||
s.e2 ^= s.e4 & ~s.e3
|
s.e1 = s.e1 ^ (~s.e2 & s.e3) // t2
|
||||||
s.e4 ^= s.e1 & ~s.e0
|
s.e2 = s.e2 ^ (~s.e3 & s.e4) // t3
|
||||||
s.e1 ^= s.e3 & ~s.e2
|
s.e3 = s.e3 ^ (~s.e4 & x0) // t4, change s.e0 to x0
|
||||||
s.e3 ^= x0
|
s.e4 = y0
|
||||||
|
|
||||||
s.e1 ^= s.e0
|
s.e1 ^= s.e0
|
||||||
s.e0 ^= s.e4
|
s.e0 ^= s.e4
|
||||||
|
|
|
||||||
|
|
@ -13,7 +13,7 @@ fn test_ascon_round_p6() {
|
||||||
e3: 0xabcdef0123456789
|
e3: 0xabcdef0123456789
|
||||||
e4: 0x89abcdef01234567
|
e4: 0x89abcdef01234567
|
||||||
}
|
}
|
||||||
ascon_pnr(mut s, 6)
|
ascon_pnr(mut s, .ascon_prnd_6)
|
||||||
assert s.e0 == u64(0xc27b505c635eb07f)
|
assert s.e0 == u64(0xc27b505c635eb07f)
|
||||||
assert s.e1 == u64(0xd388f5d2a72046fa)
|
assert s.e1 == u64(0xd388f5d2a72046fa)
|
||||||
assert s.e2 == u64(0x9e415c204d7b15e7)
|
assert s.e2 == u64(0x9e415c204d7b15e7)
|
||||||
|
|
@ -29,7 +29,7 @@ fn test_ascon_round_p8() {
|
||||||
e3: 0xabcdef0123456789
|
e3: 0xabcdef0123456789
|
||||||
e4: 0x89abcdef01234567
|
e4: 0x89abcdef01234567
|
||||||
}
|
}
|
||||||
ascon_pnr(mut s, 8)
|
ascon_pnr(mut s, .ascon_prnd_8)
|
||||||
assert s.e0 == u64(0x67ed228272f46eee)
|
assert s.e0 == u64(0x67ed228272f46eee)
|
||||||
assert s.e1 == u64(0x80bc0b097aad7944)
|
assert s.e1 == u64(0x80bc0b097aad7944)
|
||||||
assert s.e2 == u64(0x2fa599382c6db215)
|
assert s.e2 == u64(0x2fa599382c6db215)
|
||||||
|
|
@ -45,7 +45,7 @@ fn test_ascon_round_p12() {
|
||||||
e3: 0xabcdef0123456789
|
e3: 0xabcdef0123456789
|
||||||
e4: 0x89abcdef01234567
|
e4: 0x89abcdef01234567
|
||||||
}
|
}
|
||||||
ascon_pnr(mut s, 12)
|
ascon_pnr(mut s, .ascon_prnd_12)
|
||||||
assert s.e0 == u64(0x206416dfc624bb14)
|
assert s.e0 == u64(0x206416dfc624bb14)
|
||||||
assert s.e1 == u64(0x1b0c47a601058aab)
|
assert s.e1 == u64(0x1b0c47a601058aab)
|
||||||
assert s.e2 == u64(0x8934cfc93814cddd)
|
assert s.e2 == u64(0x8934cfc93814cddd)
|
||||||
|
|
|
||||||
|
|
@ -33,7 +33,7 @@ fn (mut d Digest) finish() {
|
||||||
d.State.e0 ^= load_bytes(d.buf[..d.length], d.length)
|
d.State.e0 ^= load_bytes(d.buf[..d.length], d.length)
|
||||||
|
|
||||||
// Permutation step was done in squeezing-phase
|
// Permutation step was done in squeezing-phase
|
||||||
// ascon_pnr(mut d.State, ascon_prnd_12)
|
// ascon_pnr(mut d.State, .ascon_prnd_12)
|
||||||
|
|
||||||
// zeroing Digest buffer
|
// zeroing Digest buffer
|
||||||
d.length = 0
|
d.length = 0
|
||||||
|
|
@ -70,7 +70,7 @@ fn (mut d Digest) absorb(msg_ []u8) int {
|
||||||
// If this d.buf length has reached block_size bytes, absorb it.
|
// If this d.buf length has reached block_size bytes, absorb it.
|
||||||
if d.length == block_size {
|
if d.length == block_size {
|
||||||
d.State.e0 ^= binary.little_endian_u64(d.buf)
|
d.State.e0 ^= binary.little_endian_u64(d.buf)
|
||||||
ascon_pnr(mut d.State, ascon_prnd_12)
|
ascon_pnr(mut d.State, .ascon_prnd_12)
|
||||||
// reset the internal buffer
|
// reset the internal buffer
|
||||||
d.length = 0
|
d.length = 0
|
||||||
d.buf.reset()
|
d.buf.reset()
|
||||||
|
|
@ -87,7 +87,7 @@ fn (mut d Digest) absorb(msg_ []u8) int {
|
||||||
for msg.len >= block_size {
|
for msg.len >= block_size {
|
||||||
d.State.e0 ^= binary.little_endian_u64(msg[0..block_size])
|
d.State.e0 ^= binary.little_endian_u64(msg[0..block_size])
|
||||||
msg = msg[block_size..]
|
msg = msg[block_size..]
|
||||||
ascon_pnr(mut d.State, ascon_prnd_12)
|
ascon_pnr(mut d.State, .ascon_prnd_12)
|
||||||
}
|
}
|
||||||
// If there are partial block, just stored into buffer.
|
// If there are partial block, just stored into buffer.
|
||||||
if msg.len > 0 {
|
if msg.len > 0 {
|
||||||
|
|
@ -113,14 +113,14 @@ fn (mut d Digest) squeeze(mut dst []u8) int {
|
||||||
}
|
}
|
||||||
// The squeezing phase begins after msg is absorbed with an
|
// The squeezing phase begins after msg is absorbed with an
|
||||||
// permutation 𝐴𝑠𝑐𝑜𝑛-𝑝[12] to the state:
|
// permutation 𝐴𝑠𝑐𝑜𝑛-𝑝[12] to the state:
|
||||||
ascon_pnr(mut d.State, ascon_prnd_12)
|
ascon_pnr(mut d.State, .ascon_prnd_12)
|
||||||
|
|
||||||
mut pos := 0
|
mut pos := 0
|
||||||
mut clen := dst.len
|
mut clen := dst.len
|
||||||
// process for full block size
|
// process for full block size
|
||||||
for clen >= block_size {
|
for clen >= block_size {
|
||||||
binary.little_endian_put_u64(mut dst[pos..pos + 8], d.State.e0)
|
binary.little_endian_put_u64(mut dst[pos..pos + 8], d.State.e0)
|
||||||
ascon_pnr(mut d.State, ascon_prnd_12)
|
ascon_pnr(mut d.State, .ascon_prnd_12)
|
||||||
pos += block_size
|
pos += block_size
|
||||||
clen -= block_size
|
clen -= block_size
|
||||||
}
|
}
|
||||||
|
|
@ -148,7 +148,7 @@ fn ascon_generic_hash(mut s State, msg []u8, size int) []u8 {
|
||||||
s.e0 ^= binary.little_endian_u64(block)
|
s.e0 ^= binary.little_endian_u64(block)
|
||||||
pos += block_size
|
pos += block_size
|
||||||
msg_len -= block_size
|
msg_len -= block_size
|
||||||
ascon_pnr(mut s, ascon_prnd_12)
|
ascon_pnr(mut s, .ascon_prnd_12)
|
||||||
}
|
}
|
||||||
// Absorb the last partial message block
|
// Absorb the last partial message block
|
||||||
last_block := unsafe { msg[pos..] }
|
last_block := unsafe { msg[pos..] }
|
||||||
|
|
@ -167,12 +167,12 @@ fn ascon_generic_hash(mut s State, msg []u8, size int) []u8 {
|
||||||
//
|
//
|
||||||
// The squeezing phase begins after msg is absorbed with an
|
// The squeezing phase begins after msg is absorbed with an
|
||||||
// permutation 𝐴𝑠𝑐𝑜𝑛-𝑝[12] to the state:
|
// permutation 𝐴𝑠𝑐𝑜𝑛-𝑝[12] to the state:
|
||||||
ascon_pnr(mut s, ascon_prnd_12)
|
ascon_pnr(mut s, .ascon_prnd_12)
|
||||||
mut out := []u8{len: size}
|
mut out := []u8{len: size}
|
||||||
mut clen := out.len
|
mut clen := out.len
|
||||||
for clen >= block_size {
|
for clen >= block_size {
|
||||||
binary.little_endian_put_u64(mut out[pos..pos + 8], s.e0)
|
binary.little_endian_put_u64(mut out[pos..pos + 8], s.e0)
|
||||||
ascon_pnr(mut s, ascon_prnd_12)
|
ascon_pnr(mut s, .ascon_prnd_12)
|
||||||
pos += block_size
|
pos += block_size
|
||||||
clen -= block_size
|
clen -= block_size
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -300,7 +300,7 @@ pub fn (mut x CXof128) free() {
|
||||||
fn cxof128_absorb_custom_string(mut s State, cs []u8) {
|
fn cxof128_absorb_custom_string(mut s State, cs []u8) {
|
||||||
// absorb Z0, the length of the customization string (in bits) encoded as a u64
|
// absorb Z0, the length of the customization string (in bits) encoded as a u64
|
||||||
s.e0 ^= u64(cs.len) << 3
|
s.e0 ^= u64(cs.len) << 3
|
||||||
ascon_pnr(mut s, ascon_prnd_12)
|
ascon_pnr(mut s, .ascon_prnd_12)
|
||||||
|
|
||||||
// absorb the customization string
|
// absorb the customization string
|
||||||
mut zlen := cs.len
|
mut zlen := cs.len
|
||||||
|
|
@ -308,7 +308,7 @@ fn cxof128_absorb_custom_string(mut s State, cs []u8) {
|
||||||
for zlen >= block_size {
|
for zlen >= block_size {
|
||||||
block := unsafe { cs[zidx..zidx + block_size] }
|
block := unsafe { cs[zidx..zidx + block_size] }
|
||||||
s.e0 ^= binary.little_endian_u64(block)
|
s.e0 ^= binary.little_endian_u64(block)
|
||||||
ascon_pnr(mut s, ascon_prnd_12)
|
ascon_pnr(mut s, .ascon_prnd_12)
|
||||||
|
|
||||||
// updates a index
|
// updates a index
|
||||||
zlen -= block_size
|
zlen -= block_size
|
||||||
|
|
@ -318,5 +318,5 @@ fn cxof128_absorb_custom_string(mut s State, cs []u8) {
|
||||||
last_block := unsafe { cs[zidx..] }
|
last_block := unsafe { cs[zidx..] }
|
||||||
s.e0 ^= load_bytes(last_block, last_block.len)
|
s.e0 ^= load_bytes(last_block, last_block.len)
|
||||||
s.e0 ^= pad(last_block.len)
|
s.e0 ^= pad(last_block.len)
|
||||||
ascon_pnr(mut s, ascon_prnd_12)
|
ascon_pnr(mut s, .ascon_prnd_12)
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue