|
1 | 1 | // Package ascon provides a light-weight AEAD cipher. |
2 | 2 | // |
3 | 3 | // This package implements Ascon128 and Ascon128a two AEAD ciphers as specified |
4 | | -// in https://ascon.iaik.tugraz.at/index.html |
| 4 | +// in ASCON v1.2 by C. Dobraunig, M. Eichlseder, F. Mendel, M. Schläffer. |
| 5 | +// https://ascon.iaik.tugraz.at/index.html |
5 | 6 | package ascon |
6 | 7 |
|
7 | 8 | import ( |
@@ -171,23 +172,29 @@ func (a *Cipher) assocData(add []byte) { |
171 | 172 | func (a *Cipher) procText(in, out []byte, enc bool) { |
172 | 173 | bcs := blockSize * int(a.mode) |
173 | 174 | pB := permB + 2*(int(a.mode)-1) |
174 | | - cc := in |
| 175 | + mask := uint64(0) |
175 | 176 | if enc { |
176 | | - cc = out |
| 177 | + mask -= 1 |
177 | 178 | } |
178 | | - for ; len(in) >= bcs; in, out, cc = in[bcs:], out[bcs:], cc[bcs:] { |
| 179 | + |
| 180 | + for ; len(in) >= bcs; in, out = in[bcs:], out[bcs:] { |
179 | 181 | for i := 0; i < bcs; i += 8 { |
180 | | - binary.BigEndian.PutUint64(out[i:i+8], a.s[i/8]^binary.BigEndian.Uint64(in[i:i+8])) |
181 | | - a.s[i/8] = binary.BigEndian.Uint64(cc[i : i+8]) |
| 182 | + inW := binary.BigEndian.Uint64(in[i : i+8]) |
| 183 | + outW := a.s[i/8] ^ inW |
| 184 | + binary.BigEndian.PutUint64(out[i:i+8], outW) |
| 185 | + |
| 186 | + a.s[i/8] = (inW &^ mask) | (outW & mask) |
182 | 187 | } |
183 | 188 | a.perm(pB) |
184 | 189 | } |
185 | 190 | if len(in) >= 0 { |
| 191 | + mask8 := byte(mask & 0xFF) |
186 | 192 | for i := 0; i < len(in); i++ { |
187 | 193 | off := 56 - (8 * (i % 8)) |
188 | 194 | si := byte((a.s[i/8] >> off) & 0xFF) |
189 | 195 | out[i] = si ^ in[i] |
190 | | - a.s[i/8] = (a.s[i/8] &^ (0xFF << off)) | uint64(cc[i])<<off |
| 196 | + ss := (in[i] &^ mask8) | (out[i] & mask8) |
| 197 | + a.s[i/8] = (a.s[i/8] &^ (0xFF << off)) | uint64(ss)<<off |
191 | 198 | } |
192 | 199 | a.s[len(in)/8] ^= uint64(0x80) << (56 - 8*(len(in)%8)) |
193 | 200 | } |
|
0 commit comments