-
Notifications
You must be signed in to change notification settings - Fork 22
/
ascon_generic.go
115 lines (102 loc) · 2.78 KB
/
ascon_generic.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
package ascon
import "encoding/binary"
func additionalData128aGeneric(s *state, ad []byte) {
for len(ad) >= BlockSize128a {
s.x0 ^= binary.BigEndian.Uint64(ad[0:8])
s.x1 ^= binary.BigEndian.Uint64(ad[8:16])
p8(s)
ad = ad[BlockSize128a:]
}
}
func encryptBlocks128aGeneric(s *state, dst, src []byte) {
for len(src) >= BlockSize128a {
s.x0 ^= binary.BigEndian.Uint64(src[0:8])
s.x1 ^= binary.BigEndian.Uint64(src[8:16])
binary.BigEndian.PutUint64(dst[0:8], s.x0)
binary.BigEndian.PutUint64(dst[8:16], s.x1)
p8(s)
src = src[BlockSize128a:]
dst = dst[BlockSize128a:]
}
}
func decryptBlocks128aGeneric(s *state, dst, src []byte) {
for len(src) >= BlockSize128a {
c0 := binary.BigEndian.Uint64(src[0:8])
c1 := binary.BigEndian.Uint64(src[8:16])
binary.BigEndian.PutUint64(dst[0:8], s.x0^c0)
binary.BigEndian.PutUint64(dst[8:16], s.x1^c1)
s.x0 = c0
s.x1 = c1
p8(s)
src = src[BlockSize128a:]
dst = dst[BlockSize128a:]
}
}
func roundGeneric(s *state, C uint64) {
s0 := s.x0
s1 := s.x1
s2 := s.x2
s3 := s.x3
s4 := s.x4
// Round constant
s2 ^= C
// Substitution
s0 ^= s4
s4 ^= s3
s2 ^= s1
// Keccak S-box
t0 := s0 ^ (^s1 & s2)
t1 := s1 ^ (^s2 & s3)
t2 := s2 ^ (^s3 & s4)
t3 := s3 ^ (^s4 & s0)
t4 := s4 ^ (^s0 & s1)
// Substitution
t1 ^= t0
t0 ^= t4
t3 ^= t2
t2 = ^t2
// Linear diffusion
//
// x0 ← Σ0(x0) = x0 ⊕ (x0 ≫ 19) ⊕ (x0 ≫ 28)
s.x0 = t0 ^ rotr(t0, 19) ^ rotr(t0, 28)
// x1 ← Σ1(x1) = x1 ⊕ (x1 ≫ 61) ⊕ (x1 ≫ 39)
s.x1 = t1 ^ rotr(t1, 61) ^ rotr(t1, 39)
// x2 ← Σ2(x2) = x2 ⊕ (x2 ≫ 1) ⊕ (x2 ≫ 6)
s.x2 = t2 ^ rotr(t2, 1) ^ rotr(t2, 6)
// x3 ← Σ3(x3) = x3 ⊕ (x3 ≫ 10) ⊕ (x3 ≫ 17)
s.x3 = t3 ^ rotr(t3, 10) ^ rotr(t3, 17)
// x4 ← Σ4(x4) = x4 ⊕ (x4 ≫ 7) ⊕ (x4 ≫ 41)
s.x4 = t4 ^ rotr(t4, 7) ^ rotr(t4, 41)
}
func p12Generic(s *state) {
roundGeneric(s, 0xf0)
roundGeneric(s, 0xe1)
roundGeneric(s, 0xd2)
roundGeneric(s, 0xc3)
roundGeneric(s, 0xb4)
roundGeneric(s, 0xa5)
roundGeneric(s, 0x96)
roundGeneric(s, 0x87)
roundGeneric(s, 0x78)
roundGeneric(s, 0x69)
roundGeneric(s, 0x5a)
roundGeneric(s, 0x4b)
}
func p8Generic(s *state) {
roundGeneric(s, 0xb4)
roundGeneric(s, 0xa5)
roundGeneric(s, 0x96)
roundGeneric(s, 0x87)
roundGeneric(s, 0x78)
roundGeneric(s, 0x69)
roundGeneric(s, 0x5a)
roundGeneric(s, 0x4b)
}
func p6Generic(s *state) {
roundGeneric(s, 0x96)
roundGeneric(s, 0x87)
roundGeneric(s, 0x78)
roundGeneric(s, 0x69)
roundGeneric(s, 0x5a)
roundGeneric(s, 0x4b)
}