search

ascon / ascon-c

Ascon - Lightweight Authenticated Encryption & Hashing
https://ascon.iaik.tugraz.at/
Creative Commons Zero v1.0 Universal
189 stars 30 forks source link

Should associated data be padded to mod 8 length when target is opt64? #5

Closed mcraiha closed 1 year ago

mcraiha commented 1 year ago

Hi again,

When using the opt64 version, should the associated data be padded to mod 8 length?

e.g. my associated data is unsigned char ad[1]; (and adlen is 1) and the void ascon_adata(ascon_state_t* s, const uint8_t* ad, uint64_t adlen) method has part if (adlen) *px ^= LOAD(ad, adlen); and the LOAD is 

forceinline uint64_t LOAD(const uint8_t* bytes, int n) {
  uint64_t x = *(uint64_t*)bytes & MASK(n);
  return U64TOWORD(x);
}

which would mean that the casting will read past (1 vs. 8) the allocated ad if I understand that correctly. This behavior does not happen with genkat because it has MAX_ASSOCIATED_DATA_LENGTH 32

mschlaeffer commented 1 year ago

opt64 is an optimized implementation which may not work in all circumstances. The LOAD will mask out unallocated data and STORE will perform a read-modify-write. This should be fine on most platforms. If that's an issue, it's best to use the ref implementation. It has almost the same performance as opt64 and also supports unaligned data.