ascon_prng/
lib.rs

1//! # Ascon-PRNG
2//!
3//! A Psuedo Random Function and [`CryptoRng`] based on [Ascon](ascon).
4//!
5//! Based on these papers:
6//!
7//! Ascon MAC, PRF, and Short-Input PRF
8//! Lightweight, Fast, and Efficient Pseudorandom Functions
9//! <https://eprint.iacr.org/2021/1574>
10//!
11//! Sponge-based pseudo-random number generators
12//! <https://keccak.team/files/SpongePRNG.pdf>
13//!
14//! This crate has not been audited. Use at your own risk.
15#![no_std]
16
17mod prf;
18use ascon::State;
19use generic_array::{sequence::Split, GenericArray};
20pub use prf::{ascon_prf_short, ascon_prf_short_128, AsconPrf};
21
22mod mac;
23pub use mac::{AsconMac, AsconMacCore};
24
25mod prng;
26pub use prng::AsconPrng;
27use typenum::consts::{U16, U32, U8};
28
29type B<N> = GenericArray<u8, N>;
30
31fn init(iv: u64, key: &B<U16>) -> State {
32    let (k0, k1): (&B<U8>, &B<U8>) = key.split();
33    let k0 = u64::from_le_bytes((*k0).into());
34    let k1 = u64::from_le_bytes((*k1).into());
35    let mut state = State::new(iv, k0, k1, 0, 0);
36    state.permute_12();
37    state
38}
39
40fn compress(s: &mut State, x: &B<U32>, last: u64) {
41    let (x01, x23): (&B<U16>, &B<U16>) = x.split();
42    let (x0, x1): (&B<U8>, &B<U8>) = x01.split();
43    let (x2, x3): (&B<U8>, &B<U8>) = x23.split();
44    let x0 = u64::from_le_bytes((*x0).into());
45    let x1 = u64::from_le_bytes((*x1).into());
46    let x2 = u64::from_le_bytes((*x2).into());
47    let x3 = u64::from_le_bytes((*x3).into());
48
49    s[0] ^= x0;
50    s[1] ^= x1;
51    s[2] ^= x2;
52    s[3] ^= x3;
53    s[4] ^= last;
54    s.permute_12();
55}
56
57fn extract(s: &State, b: &mut B<U16>) {
58    let (o0, o1): (&mut B<U8>, &mut B<U8>) = b.split();
59    *o0 = s[0].to_le_bytes().into();
60    *o1 = s[1].to_le_bytes().into();
61}
ascon_prng/lib.rs

ascon_prng/
lib.rs
