Add java doc for Ascon

Author: gefeili

core/src/main/java/org/bouncycastle/crypto/digests/AsconBaseDigest.java

@@ -5,7 +5,7 @@
 import org.bouncycastle.crypto.DataLengthException;
 import org.bouncycastle.crypto.ExtendedDigest;
 import org.bouncycastle.crypto.OutputLengthException;
-import org.bouncycastle.util.Pack;
+import org.bouncycastle.util.Longs;
 
 abstract class AsconBaseDigest
     implements ExtendedDigest
@@ -20,24 +20,18 @@ abstract class AsconBaseDigest
     protected int ASCON_PB_ROUNDS = 12;
 
     protected final ByteArrayOutputStream buffer = new ByteArrayOutputStream();
-
-    protected long ror(long x, int n)
-    {
-        return x >>> n | x << (64 - n);
-    }
-
-    protected void round(long C)
+    private void round(long C)
     {
         long t0 = x0 ^ x1 ^ x2 ^ x3 ^ C ^ (x1 & (x0 ^ x2 ^ x4 ^ C));
         long t1 = x0 ^ x2 ^ x3 ^ x4 ^ C ^ ((x1 ^ x2 ^ C) & (x1 ^ x3));
         long t2 = x1 ^ x2 ^ x4 ^ C ^ (x3 & x4);
         long t3 = x0 ^ x1 ^ x2 ^ C ^ ((~x0) & (x3 ^ x4));
         long t4 = x1 ^ x3 ^ x4 ^ ((x0 ^ x4) & x1);
-        x0 = t0 ^ ror(t0, 19) ^ ror(t0, 28);
-        x1 = t1 ^ ror(t1, 39) ^ ror(t1, 61);
-        x2 = ~(t2 ^ ror(t2, 1) ^ ror(t2, 6));
-        x3 = t3 ^ ror(t3, 10) ^ ror(t3, 17);
-        x4 = t4 ^ ror(t4, 7) ^ ror(t4, 41);
+        x0 = t0 ^ Longs.rotateRight(t0, 19) ^ Longs.rotateRight(t0, 28);
+        x1 = t1 ^ Longs.rotateRight(t1, 39) ^ Longs.rotateRight(t1, 61);
+        x2 = ~(t2 ^ Longs.rotateRight(t2, 1) ^ Longs.rotateRight(t2, 6));
+        x3 = t3 ^ Longs.rotateRight(t3, 10) ^ Longs.rotateRight(t3, 17);
+        x4 = t4 ^ Longs.rotateRight(t4, 7) ^ Longs.rotateRight(t4, 41);
     }
 
     protected void p(int nr)
@@ -62,20 +56,11 @@ protected void p(int nr)
         round(0x4bL);
     }
 
-    protected long pad(int i)
-    {
-        return 0x01L << (i << 3);
-    }
+    protected abstract long pad(int i);
 
-    protected long loadBytes(final byte[] bytes, int inOff, int n)
-    {
-        return Pack.littleEndianToLong(bytes, inOff, n);
-    }
+    protected abstract long loadBytes(final byte[] bytes, int inOff, int n);
 
-    protected void setBytes(long w, byte[] bytes, int inOff, int n)
-    {
-        Pack.longToLittleEndian(w, bytes, inOff, n);
-    }
+    protected abstract void setBytes(long w, byte[] bytes, int inOff, int n);
 
     @Override
     public int getDigestSize()

core/src/main/java/org/bouncycastle/crypto/digests/AsconCxof128.java

@@ -4,13 +4,18 @@
 import org.bouncycastle.crypto.OutputLengthException;
 import org.bouncycastle.crypto.Xof;
 import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.Pack;
 
 /**
- * ASCON v1.2 XOF, https://ascon.iaik.tugraz.at/ .
+ * Ascon-CXOF128 was introduced in NIST Special Publication (SP) 800-232
+ * (Initial Public Draft).
  * <p>
- * https://csrc.nist.gov/CSRC/media/Projects/lightweight-cryptography/documents/finalist-round/updated-spec-doc/ascon-spec-final.pdf
- * <p>
- * ASCON v1.2 XOF with reference to C Reference Impl from: https://github.com/ascon/ascon-c .
+ * Additional details and the specification can be found in:
+ * <a href="https://csrc.nist.gov/pubs/sp/800/232/ipd">NIST SP 800-232 (Initial Public Draft)</a>.
+ * For reference source code and implementation details, please see:
+ * <a href="https://github.com/ascon/ascon-c">Reference, highly optimized, masked C and
+ *  ASM implementations of Ascon (NIST SP 800-232)</a>.
+ * </p>
  */
 public class AsconCxof128
     extends AsconBaseDigest
@@ -47,10 +52,25 @@ public AsconCxof128()
         reset();
     }
 
+    protected long pad(int i)
+    {
+        return 0x01L << (i << 3);
+    }
+
+    protected long loadBytes(final byte[] bytes, int inOff, int n)
+    {
+        return Pack.littleEndianToLong(bytes, inOff, n);
+    }
+
+    protected void setBytes(long w, byte[] bytes, int inOff, int n)
+    {
+        Pack.longToLittleEndian(w, bytes, inOff, n);
+    }
+
     @Override
     public String getAlgorithmName()
     {
-        return "Ascon-XOF-128";
+        return "Ascon-CXOF128";
     }
 
     @Override

core/src/main/java/org/bouncycastle/crypto/digests/AsconHash256Digest.java

@@ -1,11 +1,17 @@
 package org.bouncycastle.crypto.digests;
 
+import org.bouncycastle.util.Pack;
+
 /**
- * ASCON v1.2 Digest, https://ascon.iaik.tugraz.at/ .
- * <p>
- * https://csrc.nist.gov/CSRC/media/Projects/lightweight-cryptography/documents/finalist-round/updated-spec-doc/ascon-spec-final.pdf
+ * Ascon-Hash256 was introduced in NIST Special Publication (SP) 800-232
+ * (Initial Public Draft).
  * <p>
- * ASCON v1.2 Digest with reference to C Reference Impl from: https://github.com/ascon/ascon-c .
+ * Additional details and the specification can be found in:
+ * <a href="https://csrc.nist.gov/pubs/sp/800/232/ipd">NIST SP 800-232 (Initial Public Draft)</a>.
+ * For reference source code and implementation details, please see:
+ * <a href="https://github.com/ascon/ascon-c">Reference, highly optimized, masked C and
+ *  ASM implementations of Ascon (NIST SP 800-232)</a>.
+ * </p>
  */
 public class AsconHash256Digest
     extends AsconBaseDigest
@@ -15,10 +21,25 @@ public AsconHash256Digest()
         reset();
     }
 
+    protected long pad(int i)
+    {
+        return 0x01L << (i << 3);
+    }
+
+    protected long loadBytes(final byte[] bytes, int inOff, int n)
+    {
+        return Pack.littleEndianToLong(bytes, inOff, n);
+    }
+
+    protected void setBytes(long w, byte[] bytes, int inOff, int n)
+    {
+        Pack.longToLittleEndian(w, bytes, inOff, n);
+    }
+
     @Override
     public String getAlgorithmName()
     {
-        return "Ascon Hash 256";
+        return "Ascon-Hash256";
     }
 
     @Override

core/src/main/java/org/bouncycastle/crypto/digests/AsconXof128.java

@@ -1,14 +1,18 @@
 package org.bouncycastle.crypto.digests;
 
 import org.bouncycastle.crypto.Xof;
+import org.bouncycastle.util.Pack;
 
 /**
- * ASCON v1.2 XOF, https://ascon.iaik.tugraz.at/ .
+ * Ascon-XOF128 was introduced in NIST Special Publication (SP) 800-232
+ * (Initial Public Draft).
  * <p>
- * https://csrc.nist.gov/CSRC/media/Projects/lightweight-cryptography/documents/finalist-round/updated-spec-doc/ascon-spec-final.pdf
- * <p>
- * ASCON v1.2 XOF with reference to C Reference Impl from: https://github.com/ascon/ascon-c .
- *
+ * Additional details and the specification can be found in:
+ * <a href="https://csrc.nist.gov/pubs/sp/800/232/ipd">NIST SP 800-232 (Initial Public Draft)</a>.
+ * For reference source code and implementation details, please see:
+ * <a href="https://github.com/ascon/ascon-c">Reference, highly optimized, masked C and
+ *  ASM implementations of Ascon (NIST SP 800-232)</a>.
+ * </p>
  */
 public class AsconXof128
     extends AsconBaseDigest
@@ -19,6 +23,21 @@ public AsconXof128()
         reset();
     }
 
+    protected long pad(int i)
+    {
+        return 0x01L << (i << 3);
+    }
+
+    protected long loadBytes(final byte[] bytes, int inOff, int n)
+    {
+        return Pack.littleEndianToLong(bytes, inOff, n);
+    }
+
+    protected void setBytes(long w, byte[] bytes, int inOff, int n)
+    {
+        Pack.longToLittleEndian(w, bytes, inOff, n);
+    }
+
     @Override
     public String getAlgorithmName()
     {

core/src/main/java/org/bouncycastle/crypto/engines/AsconAEAD128Engine.java

@@ -8,6 +8,19 @@
 import org.bouncycastle.crypto.params.ParametersWithIV;
 import org.bouncycastle.util.Pack;
 
+/**
+ * Ascon-AEAD128 was introduced as part of the NIST Lightweight Cryptography
+ * competition and described in the NIST Special Publication SP 800-232 (Initial
+ * Public Draft).
+ * For additional details, see:
+ * <ul>
+ *     <li><a href="https://csrc.nist.gov/pubs/sp/800/232/ipd">NIST SP 800-232 (Initial Public Draft)</a></li>
+ *     <li><a href="https://github.com/ascon/ascon-c">Reference, highly optimized, masked C and
+ *     ASM implementations of Ascon (NIST SP 800-232)</a></li>
+ * </ul>
+ *
+ * @version 1.3
+ */
 public class AsconAEAD128Engine
     extends AsconBaseEngine
 {
@@ -17,7 +30,7 @@ public AsconAEAD128Engine()
         CRYPTO_ABYTES = 16;
         ASCON_AEAD_RATE = 16;
         ASCON_IV = 0x00001000808c0001L;
-        algorithmName = "Ascon-AEAD-128";
+        algorithmName = "Ascon-AEAD128";
         nr = 8;
         m_bufferSizeDecrypt = ASCON_AEAD_RATE + CRYPTO_ABYTES;
         m_buf = new byte[m_bufferSizeDecrypt];

core/src/main/java/org/bouncycastle/crypto/engines/AsconBaseEngine.java

@@ -53,7 +53,7 @@ protected enum State
 
     protected abstract void setBytes(long n, byte[] bs, int off);
 
-    protected void round(long C)
+    private void round(long C)
     {
         long t0 = x0 ^ x1 ^ x2 ^ x3 ^ C ^ (x1 & (x0 ^ x2 ^ x4 ^ C));
         long t1 = x0 ^ x2 ^ x3 ^ x4 ^ C ^ ((x1 ^ x2 ^ C) & (x1 ^ x3));

core/src/main/java/org/bouncycastle/crypto/engines/AsconEngine.java

@@ -9,14 +9,22 @@
 import org.bouncycastle.util.Pack;
 
 /**
- * ASCON AEAD v1.2, https://ascon.iaik.tugraz.at/
- * https://csrc.nist.gov/CSRC/media/Projects/lightweight-cryptography/documents/finalist-round/updated-spec-doc/ascon-spec-final.pdf
+ * The {@code AsconEngine} class provides an implementation of ASCON AEAD version 1.2,
+ * based on the official specification available at:
+ * <a href="https://ascon.iaik.tugraz.at/">https://ascon.iaik.tugraz.at/</a> and the
+ * updated specification document from the NIST competition:
+ * <a href="https://csrc.nist.gov/CSRC/media/Projects/lightweight-cryptography/documents/finalist-round/updated-spec-doc/ascon-spec-final.pdf">
+ * ASCON Specification (Finalist Round)
+ * </a>.
  * <p>
- * ASCON AEAD v1.2 with reference to C Reference Impl from: https://github.com/ascon/ascon-c
- *
- * @deprecated Now superseded - please use AsconAead128Engine
+ * This version references the C reference implementation provided by NIST, available at:
+ * <a href="https://csrc.nist.gov/CSRC/media/Projects/lightweight-cryptography/documents/finalist-round/updated-submissions/ascon.zip">
+ * ASCON C Reference Implementation (NIST Round 2)
+ * </a>.
  * </p>
+ * @deprecated Now superseded. Please refer to {@code AsconAEAD128Engine} for future implementations.
  */
+
 public class AsconEngine
     extends AsconBaseEngine
 {
@@ -29,8 +37,6 @@ public enum AsconParameters
 
     private final AsconParameters asconParameters;
 
-    private final String algorithmName;
-
     private long K2;
 
     public AsconEngine(AsconParameters asconParameters)