...

Package ascon

import "github.com/cloudflare/circl/cipher/ascon"
Overview
Index

Overview ▾

Package ascon provides ASCON family of light-weight AEAD ciphers.

This package implements Ascon128 and Ascon128a two AEAD ciphers as specified in ASCON v1.2 by C. Dobraunig, M. Eichlseder, F. Mendel, M. Schläffer. https://ascon.iaik.tugraz.at/index.html

It also implements Ascon-80pq, which has an increased key-size to provide more resistance against a quantum adversary using Grover’s algorithm for key search. Since Ascon-128 and Ascon-80pq share the same building blocks and same parameters except the size of the key, it is claimed the same security for Ascon-80pq against classical attacks as for Ascon-128.

Constants

const (
    KeySize     = 16 // For Ascon128 and Ascon128a.
    KeySize80pq = 20 // Only for Ascon80pq.
    NonceSize   = 16
    TagSize     = 16
)

Variables

var (
    ErrKeySize    = errors.New("ascon: bad key size")
    ErrNonceSize  = errors.New("ascon: bad nonce size")
    ErrDecryption = errors.New("ascon: invalid ciphertext")
    ErrMode       = errors.New("ascon: invalid cipher mode")
)

type Cipher 

type Cipher struct {
    // contains filtered or unexported fields
}

func New 

func New(key []byte, m Mode) (*Cipher, error)

New returns a Cipher struct implementing the crypto/cipher.AEAD interface. The key must be Mode.KeySize() bytes long, and the mode is one of Ascon128, Ascon128a or Ascon80pq.

func (*Cipher) NonceSize 

func (a *Cipher) NonceSize() int

NonceSize returns the size of the nonce that must be passed to Seal and Open.

func (*Cipher) Open 

func (a *Cipher) Open(dst, nonce, ciphertext, additionalData []byte) ([]byte, error)

Open decrypts and authenticates ciphertext, authenticates the additional data and, if successful, appends the resulting plaintext to dst, returning the updated slice. The nonce must be NonceSize() bytes long and both it and the additional data must match the value passed to Seal.

To reuse ciphertext's storage for the decrypted output, use ciphertext[:0] as dst. Otherwise, the remaining capacity of dst must not overlap plaintext.

Even if the function fails, the contents of dst, up to its capacity, may be overwritten.

func (*Cipher) Overhead 

func (a *Cipher) Overhead() int

Overhead returns the maximum difference between the lengths of a plaintext and its ciphertext.

func (*Cipher) Seal 

func (a *Cipher) Seal(dst, nonce, plaintext, additionalData []byte) []byte

Seal encrypts and authenticates plaintext, authenticates the additional data and appends the result to dst, returning the updated slice. The nonce must be NonceSize() bytes long and unique for all time, for a given key.

To reuse plaintext's storage for the encrypted output, use plaintext[:0] as dst. Otherwise, the remaining capacity of dst must not overlap plaintext.

type Mode 

type Mode int
const (
    Ascon128  Mode = 1
    Ascon128a Mode = 2
    Ascon80pq Mode = -1
)

func (Mode) KeySize 

func (m Mode) KeySize() int

KeySize is 16 for Ascon128 and Ascon128a, or 20 for Ascon80pq.

func (Mode) String 

func (m Mode) String() string