Add more tests of Ascon. Refactor function names in Ascon.

gefeili · gefeili · commit 9c8c34e68887 · 2024-11-13T17:22:43.000+10:30
diff --git a/core/src/main/java/org/bouncycastle/crypto/digests/AsconBaseDigest.java b/core/src/main/java/org/bouncycastle/crypto/digests/AsconBaseDigest.java
@@ -21,58 +21,58 @@ abstract class AsconBaseDigest
 
     protected final ByteArrayOutputStream buffer = new ByteArrayOutputStream();
 
-    protected long ROR(long x, int n)
+    protected long ror(long x, int n)
     {
         return x >>> n | x << (64 - n);
     }
 
-    protected void ROUND(long C)
+    protected void round(long C)
     {
         long t0 = x0 ^ x1 ^ x2 ^ x3 ^ C ^ (x1 & (x0 ^ x2 ^ x4 ^ C));
         long t1 = x0 ^ x2 ^ x3 ^ x4 ^ C ^ ((x1 ^ x2 ^ C) & (x1 ^ x3));
         long t2 = x1 ^ x2 ^ x4 ^ C ^ (x3 & x4);
         long t3 = x0 ^ x1 ^ x2 ^ C ^ ((~x0) & (x3 ^ x4));
         long t4 = x1 ^ x3 ^ x4 ^ ((x0 ^ x4) & x1);
-        x0 = t0 ^ ROR(t0, 19) ^ ROR(t0, 28);
-        x1 = t1 ^ ROR(t1, 39) ^ ROR(t1, 61);
-        x2 = ~(t2 ^ ROR(t2, 1) ^ ROR(t2, 6));
-        x3 = t3 ^ ROR(t3, 10) ^ ROR(t3, 17);
-        x4 = t4 ^ ROR(t4, 7) ^ ROR(t4, 41);
+        x0 = t0 ^ ror(t0, 19) ^ ror(t0, 28);
+        x1 = t1 ^ ror(t1, 39) ^ ror(t1, 61);
+        x2 = ~(t2 ^ ror(t2, 1) ^ ror(t2, 6));
+        x3 = t3 ^ ror(t3, 10) ^ ror(t3, 17);
+        x4 = t4 ^ ror(t4, 7) ^ ror(t4, 41);
     }
 
-    protected void P(int nr)
+    protected void p(int nr)
     {
         if (nr == 12)
         {
-            ROUND(0xf0L);
-            ROUND(0xe1L);
-            ROUND(0xd2L);
-            ROUND(0xc3L);
+            round(0xf0L);
+            round(0xe1L);
+            round(0xd2L);
+            round(0xc3L);
         }
         if (nr >= 8)
         {
-            ROUND(0xb4L);
-            ROUND(0xa5L);
+            round(0xb4L);
+            round(0xa5L);
         }
-        ROUND(0x96L);
-        ROUND(0x87L);
-        ROUND(0x78L);
-        ROUND(0x69L);
-        ROUND(0x5aL);
-        ROUND(0x4bL);
+        round(0x96L);
+        round(0x87L);
+        round(0x78L);
+        round(0x69L);
+        round(0x5aL);
+        round(0x4bL);
     }
 
-    protected long PAD(int i)
+    protected long pad(int i)
     {
         return 0x01L << (i << 3);
     }
 
-    protected long LOADBYTES(final byte[] bytes, int inOff, int n)
+    protected long loadBytes(final byte[] bytes, int inOff, int n)
     {
         return Pack.littleEndianToLong(bytes, inOff, n);
     }
 
-    protected void STOREBYTES(long w, byte[] bytes, int inOff, int n)
+    protected void setBytes(long w, byte[] bytes, int inOff, int n)
     {
         Pack.longToLittleEndian(w, bytes, inOff, n);
     }
@@ -111,29 +111,29 @@ protected void absorb(byte[] input, int len)
         /* absorb full plaintext blocks */
         while (len >= ASCON_HASH_RATE)
         {
-            x0 ^= LOADBYTES(input, inOff, 8);
-            P(ASCON_PB_ROUNDS);
+            x0 ^= loadBytes(input, inOff, 8);
+            p(ASCON_PB_ROUNDS);
             inOff += ASCON_HASH_RATE;
             len -= ASCON_HASH_RATE;
         }
         /* absorb final plaintext block */
-        x0 ^= LOADBYTES(input, inOff, len);
-        x0 ^= PAD(len);
-        P(12);
+        x0 ^= loadBytes(input, inOff, len);
+        x0 ^= pad(len);
+        p(12);
     }
 
     protected void squeeze(byte[] output, int outOff, int len)
     {
         /* squeeze full output blocks */
         while (len > ASCON_HASH_RATE)
         {
-            STOREBYTES(x0, output, outOff, 8);
-            P(ASCON_PB_ROUNDS);
+            setBytes(x0, output, outOff, 8);
+            p(ASCON_PB_ROUNDS);
             outOff += ASCON_HASH_RATE;
             len -= ASCON_HASH_RATE;
         }
         /* squeeze final output block */
-        STOREBYTES(x0, output, outOff, len);
+        setBytes(x0, output, outOff, len);
         reset();
     }
 
diff --git a/core/src/main/java/org/bouncycastle/crypto/digests/AsconCxof128.java b/core/src/main/java/org/bouncycastle/crypto/digests/AsconCxof128.java
@@ -41,6 +41,12 @@ public AsconCxof128(byte[] s, int off, int len)
         this.s = Arrays.copyOfRange(s, off, off + len);
         reset();
     }
+
+    public AsconCxof128()
+    {
+        reset();
+    }
+
     @Override
     public String getAlgorithmName()
     {
@@ -55,7 +61,10 @@ public int doOutput(byte[] output, int outOff, int outLen)
         {
             throw new OutputLengthException("output buffer is too short");
         }
-        absorb(s, s.length);
+        if (s != null)
+        {
+            absorb(s, s.length);
+        }
         absorb(buffer.toByteArray(), buffer.size());
         /* squeeze full output blocks */
         squeeze(output, outOff, outLen);
diff --git a/core/src/main/java/org/bouncycastle/crypto/digests/AsconDigest.java b/core/src/main/java/org/bouncycastle/crypto/digests/AsconDigest.java
@@ -41,17 +41,17 @@ public AsconDigest(AsconParameters parameters)
 
     private final String algorithmName;
 
-    protected long PAD(int i)
+    protected long pad(int i)
     {
         return 0x80L << (56 - (i << 3));
     }
 
-    protected long LOADBYTES(final byte[] bytes, int inOff, int n)
+    protected long loadBytes(final byte[] bytes, int inOff, int n)
     {
         return Pack.bigEndianToLong(bytes, inOff, n);
     }
 
-    protected void STOREBYTES( long w, byte[] bytes, int inOff,int n)
+    protected void setBytes(long w, byte[] bytes, int inOff, int n)
     {
         Pack.longToBigEndian(w, bytes, inOff, n);
     }
diff --git a/core/src/main/java/org/bouncycastle/crypto/digests/AsconXof.java b/core/src/main/java/org/bouncycastle/crypto/digests/AsconXof.java
@@ -44,17 +44,17 @@ public AsconXof(AsconXof.AsconParameters parameters)
     private final String algorithmName;
 
 
-    protected long PAD(int i)
+    protected long pad(int i)
     {
         return 0x80L << (56 - (i << 3));
     }
 
-    protected long LOADBYTES(final byte[] bytes, int inOff, int n)
+    protected long loadBytes(final byte[] bytes, int inOff, int n)
     {
         return Pack.bigEndianToLong(bytes, inOff, n);
     }
 
-    protected void STOREBYTES( long w, byte[] bytes, int inOff,int n)
+    protected void setBytes(long w, byte[] bytes, int inOff, int n)
     {
         Pack.longToBigEndian(w, bytes, inOff, n);
     }
diff --git a/core/src/main/java/org/bouncycastle/crypto/engines/AsconAEAD128Engine.java b/core/src/main/java/org/bouncycastle/crypto/engines/AsconAEAD128Engine.java
@@ -24,7 +24,7 @@ public AsconAEAD128Engine()
         dsep = -9223372036854775808L; //0x80L << 56
     }
 
-    protected long PAD(int i)
+    protected long pad(int i)
     {
         return 0x01L << (i << 3);
     }
@@ -50,21 +50,21 @@ protected void ascon_aeadinit()
         x2 = K1;
         x3 = N0;
         x4 = N1;
-        P(12);
+        p(12);
         x3 ^= K0;
         x4 ^= K1;
     }
 
-    protected void processFianlAADBlock()
+    protected void processFinalADBBlock()
     {
         if (m_bufPos >= 8) // ASCON_AEAD_RATE == 16 is implied
         {
             x0 ^= Pack.littleEndianToLong(m_buf, 0);
-            x1 ^= Pack.littleEndianToLong(m_buf, 8) ^ PAD(m_bufPos);
+            x1 ^= Pack.littleEndianToLong(m_buf, 8) ^ pad(m_bufPos);
         }
         else
         {
-            x0 ^= Pack.littleEndianToLong(m_buf, 0) ^ PAD(m_bufPos);
+            x0 ^= Pack.littleEndianToLong(m_buf, 0) ^ pad(m_bufPos);
         }
     }
 
@@ -73,7 +73,7 @@ protected void processFinalDecrypt(byte[] input, int inLen, byte[] output, int o
         if (inLen >= 8) // ASCON_AEAD_RATE == 16 is implied
         {
             long c0 = Pack.littleEndianToLong(input, 0);
-            long c1 = Pack.littleEndianToLong(input, 0 + 8, inLen - 8);
+            long c1 = Pack.littleEndianToLong(input, 8, inLen - 8);
 
             Pack.longToLittleEndian(x0 ^ c0, output, outOff);
             Pack.longToLittleEndian(x1 ^ c1, output, outOff + 8, inLen - 8);
@@ -82,7 +82,7 @@ protected void processFinalDecrypt(byte[] input, int inLen, byte[] output, int o
             inLen -= 8;
             x1 &= -(1L << (inLen << 3));
             x1 |= c1;
-            x1 ^= PAD(inLen);
+            x1 ^= pad(inLen);
         }
         else
         {
@@ -93,9 +93,8 @@ protected void processFinalDecrypt(byte[] input, int inLen, byte[] output, int o
                 x0 &= -(1L << (inLen << 3));
                 x0 |= c0;
             }
-            x0 ^= PAD(inLen);
+            x0 ^= pad(inLen);
         }
-
         finishData(State.DecFinal);
     }
 
@@ -108,7 +107,7 @@ protected void processFinalEncrypt(byte[] input, int inLen, byte[] output, int o
             Pack.longToLittleEndian(x0, output, outOff);
             Pack.longToLittleEndian(x1, output, outOff + 8);
             inLen -= 8;
-            x1 ^= PAD(inLen);
+            x1 ^= pad(inLen);
         }
         else
         {
@@ -117,18 +116,16 @@ protected void processFinalEncrypt(byte[] input, int inLen, byte[] output, int o
                 x0 ^= Pack.littleEndianToLong(input, 0, inLen);
                 Pack.longToLittleEndian(x0, output, outOff, inLen);
             }
-            x0 ^= PAD(inLen);
+            x0 ^= pad(inLen);
         }
-
-
         finishData(State.EncFinal);
     }
 
     private void finishData(State nextState)
     {
         x2 ^= K0;
         x3 ^= K1;
-        P(12);
+        p(12);
         x3 ^= K0;
         x4 ^= K1;
         m_state = nextState;
diff --git a/core/src/main/java/org/bouncycastle/crypto/engines/AsconBaseEngine.java b/core/src/main/java/org/bouncycastle/crypto/engines/AsconBaseEngine.java
@@ -6,7 +6,6 @@
 import org.bouncycastle.crypto.modes.AEADCipher;
 import org.bouncycastle.util.Arrays;
 import org.bouncycastle.util.Longs;
-import org.bouncycastle.util.Pack;
 
 abstract class AsconBaseEngine
     implements AEADCipher
@@ -48,13 +47,13 @@ protected enum State
     protected int m_bufPos = 0;
     protected long dsep; //domain separation
 
-    protected abstract long PAD(int i);
+    protected abstract long pad(int i);
 
     protected abstract long loadBytes(byte[] in, int inOff);
 
     protected abstract void setBytes(long n, byte[] bs, int off);
 
-    protected void ROUND(long C)
+    protected void round(long C)
     {
         long t0 = x0 ^ x1 ^ x2 ^ x3 ^ C ^ (x1 & (x0 ^ x2 ^ x4 ^ C));
         long t1 = x0 ^ x2 ^ x3 ^ x4 ^ C ^ ((x1 ^ x2 ^ C) & (x1 ^ x3));
@@ -68,26 +67,26 @@ protected void ROUND(long C)
         x4 = t4 ^ Longs.rotateRight(t4, 7) ^ Longs.rotateRight(t4, 41);
     }
 
-    protected void P(int nr)
+    protected void p(int nr)
     {
         if (nr == 12)
         {
-            ROUND(0xf0L);
-            ROUND(0xe1L);
-            ROUND(0xd2L);
-            ROUND(0xc3L);
+            round(0xf0L);
+            round(0xe1L);
+            round(0xd2L);
+            round(0xc3L);
         }
         if (nr >= 8)
         {
-            ROUND(0xb4L);
-            ROUND(0xa5L);
+            round(0xb4L);
+            round(0xa5L);
         }
-        ROUND(0x96L);
-        ROUND(0x87L);
-        ROUND(0x78L);
-        ROUND(0x69L);
-        ROUND(0x5aL);
-        ROUND(0x4bL);
+        round(0x96L);
+        round(0x87L);
+        round(0x78L);
+        round(0x69L);
+        round(0x5aL);
+        round(0x4bL);
     }
 
     protected abstract void ascon_aeadinit();
@@ -142,8 +141,8 @@ private void finishAAD(State nextState)
         {
         case DecAad:
         case EncAad:
-            processFianlAADBlock();
-            P(nr);
+            processFinalADBBlock();
+            p(nr);
             break;
         default:
             break;
@@ -154,7 +153,7 @@ private void finishAAD(State nextState)
         m_state = nextState;
     }
 
-    protected abstract void processFianlAADBlock();
+    protected abstract void processFinalADBBlock();
 
     protected abstract void processFinalDecrypt(byte[] input, int inLen, byte[] output, int outOff);
 
@@ -167,7 +166,7 @@ protected void processBufferAAD(byte[] buffer, int inOff)
         {
             x1 ^= loadBytes(buffer, 8 + inOff);
         }
-        P(nr);
+        p(nr);
     }
 
 
@@ -187,8 +186,9 @@ protected void processBufferDecrypt(byte[] buffer, int bufOff, byte[] output, in
             setBytes(x1 ^ t1, output, outOff + 8);
             x1 = t1;
         }
-        P(nr);
+        p(nr);
     }
+
     protected void processBufferEncrypt(byte[] buffer, int bufOff, byte[] output, int outOff)
     {
         if (outOff + ASCON_AEAD_RATE > output.length)
@@ -203,8 +203,7 @@ protected void processBufferEncrypt(byte[] buffer, int bufOff, byte[] output, in
             x1 ^= loadBytes(buffer, bufOff + 8);
             setBytes(x1, output, outOff + 8);
         }
-
-        P(nr);
+        p(nr);
     }
 
     public void processAADByte(byte in)
diff --git a/core/src/main/java/org/bouncycastle/crypto/engines/AsconEngine.java b/core/src/main/java/org/bouncycastle/crypto/engines/AsconEngine.java
diff --git a/core/src/test/java/org/bouncycastle/crypto/test/AsconTest.java b/core/src/test/java/org/bouncycastle/crypto/test/AsconTest.java

Original file line number	Diff line number	Diff line change
`@@ -21,58 +21,58 @@ abstract class AsconBaseDigest`
`21`	`21`
`22`	`22`	`protected final ByteArrayOutputStream buffer = new ByteArrayOutputStream();`
`23`	`23`
`24`		`- protected long ROR(long x, int n)`
	`24`	`+ protected long ror(long x, int n)`
`25`	`25`	`{`
`26`	`26`	`return x >>> n \| x << (64 - n);`
`27`	`27`	`}`
`28`	`28`
`29`		`- protected void ROUND(long C)`
	`29`	`+ protected void round(long C)`
`30`	`30`	`{`
`31`	`31`	`long t0 = x0 ^ x1 ^ x2 ^ x3 ^ C ^ (x1 & (x0 ^ x2 ^ x4 ^ C));`
`32`	`32`	`long t1 = x0 ^ x2 ^ x3 ^ x4 ^ C ^ ((x1 ^ x2 ^ C) & (x1 ^ x3));`
`33`	`33`	`long t2 = x1 ^ x2 ^ x4 ^ C ^ (x3 & x4);`
`34`	`34`	`long t3 = x0 ^ x1 ^ x2 ^ C ^ ((~x0) & (x3 ^ x4));`
`35`	`35`	`long t4 = x1 ^ x3 ^ x4 ^ ((x0 ^ x4) & x1);`
`36`		`- x0 = t0 ^ ROR(t0, 19) ^ ROR(t0, 28);`
`37`		`- x1 = t1 ^ ROR(t1, 39) ^ ROR(t1, 61);`
`38`		`- x2 = ~(t2 ^ ROR(t2, 1) ^ ROR(t2, 6));`
`39`		`- x3 = t3 ^ ROR(t3, 10) ^ ROR(t3, 17);`
`40`		`- x4 = t4 ^ ROR(t4, 7) ^ ROR(t4, 41);`
	`36`	`+ x0 = t0 ^ ror(t0, 19) ^ ror(t0, 28);`
	`37`	`+ x1 = t1 ^ ror(t1, 39) ^ ror(t1, 61);`
	`38`	`+ x2 = ~(t2 ^ ror(t2, 1) ^ ror(t2, 6));`
	`39`	`+ x3 = t3 ^ ror(t3, 10) ^ ror(t3, 17);`
	`40`	`+ x4 = t4 ^ ror(t4, 7) ^ ror(t4, 41);`
`41`	`41`	`}`
`42`	`42`
`43`		`- protected void P(int nr)`
	`43`	`+ protected void p(int nr)`
`44`	`44`	`{`
`45`	`45`	`if (nr == 12)`
`46`	`46`	`{`
`47`		`- ROUND(0xf0L);`
`48`		`- ROUND(0xe1L);`
`49`		`- ROUND(0xd2L);`
`50`		`- ROUND(0xc3L);`
	`47`	`+ round(0xf0L);`
	`48`	`+ round(0xe1L);`
	`49`	`+ round(0xd2L);`
	`50`	`+ round(0xc3L);`
`51`	`51`	`}`
`52`	`52`	`if (nr >= 8)`
`53`	`53`	`{`
`54`		`- ROUND(0xb4L);`
`55`		`- ROUND(0xa5L);`
	`54`	`+ round(0xb4L);`
	`55`	`+ round(0xa5L);`
`56`	`56`	`}`
`57`		`- ROUND(0x96L);`
`58`		`- ROUND(0x87L);`
`59`		`- ROUND(0x78L);`
`60`		`- ROUND(0x69L);`
`61`		`- ROUND(0x5aL);`
`62`		`- ROUND(0x4bL);`
	`57`	`+ round(0x96L);`
	`58`	`+ round(0x87L);`
	`59`	`+ round(0x78L);`
	`60`	`+ round(0x69L);`
	`61`	`+ round(0x5aL);`
	`62`	`+ round(0x4bL);`
`63`	`63`	`}`
`64`	`64`
`65`		`- protected long PAD(int i)`
	`65`	`+ protected long pad(int i)`
`66`	`66`	`{`
`67`	`67`	`return 0x01L << (i << 3);`
`68`	`68`	`}`
`69`	`69`
`70`		`- protected long LOADBYTES(final byte[] bytes, int inOff, int n)`
	`70`	`+ protected long loadBytes(final byte[] bytes, int inOff, int n)`
`71`	`71`	`{`
`72`	`72`	`return Pack.littleEndianToLong(bytes, inOff, n);`
`73`	`73`	`}`
`74`	`74`
`75`		`- protected void STOREBYTES(long w, byte[] bytes, int inOff, int n)`
	`75`	`+ protected void setBytes(long w, byte[] bytes, int inOff, int n)`
`76`	`76`	`{`
`77`	`77`	`Pack.longToLittleEndian(w, bytes, inOff, n);`
`78`	`78`	`}`
`@@ -111,29 +111,29 @@ protected void absorb(byte[] input, int len)`
`111`	`111`	`/* absorb full plaintext blocks */`
`112`	`112`	`while (len >= ASCON_HASH_RATE)`
`113`	`113`	`{`
`114`		`- x0 ^= LOADBYTES(input, inOff, 8);`
`115`		`- P(ASCON_PB_ROUNDS);`
	`114`	`+ x0 ^= loadBytes(input, inOff, 8);`
	`115`	`+ p(ASCON_PB_ROUNDS);`
`116`	`116`	`inOff += ASCON_HASH_RATE;`
`117`	`117`	`len -= ASCON_HASH_RATE;`
`118`	`118`	`}`
`119`	`119`	`/* absorb final plaintext block */`
`120`		`- x0 ^= LOADBYTES(input, inOff, len);`
`121`		`- x0 ^= PAD(len);`
`122`		`- P(12);`
	`120`	`+ x0 ^= loadBytes(input, inOff, len);`
	`121`	`+ x0 ^= pad(len);`
	`122`	`+ p(12);`
`123`	`123`	`}`
`124`	`124`
`125`	`125`	`protected void squeeze(byte[] output, int outOff, int len)`
`126`	`126`	`{`
`127`	`127`	`/* squeeze full output blocks */`
`128`	`128`	`while (len > ASCON_HASH_RATE)`
`129`	`129`	`{`
`130`		`- STOREBYTES(x0, output, outOff, 8);`
`131`		`- P(ASCON_PB_ROUNDS);`
	`130`	`+ setBytes(x0, output, outOff, 8);`
	`131`	`+ p(ASCON_PB_ROUNDS);`
`132`	`132`	`outOff += ASCON_HASH_RATE;`
`133`	`133`	`len -= ASCON_HASH_RATE;`
`134`	`134`	`}`
`135`	`135`	`/* squeeze final output block */`
`136`		`- STOREBYTES(x0, output, outOff, len);`
	`136`	`+ setBytes(x0, output, outOff, len);`
`137`	`137`	`reset();`
`138`	`138`	`}`
`139`	`139`
Original file line number	Diff line number	Diff line change
`@@ -41,6 +41,12 @@ public AsconCxof128(byte[] s, int off, int len)`
`41`	`41`	`this.s = Arrays.copyOfRange(s, off, off + len);`
`42`	`42`	`reset();`
`43`	`43`	`}`
	`44`	`+`
	`45`	`+ public AsconCxof128()`
	`46`	`+ {`
	`47`	`+ reset();`
	`48`	`+ }`
	`49`	`+`
`44`	`50`	`@Override`
`45`	`51`	`public String getAlgorithmName()`
`46`	`52`	`{`
`@@ -55,7 +61,10 @@ public int doOutput(byte[] output, int outOff, int outLen)`
`55`	`61`	`{`
`56`	`62`	`throw new OutputLengthException("output buffer is too short");`
`57`	`63`	`}`
`58`		`- absorb(s, s.length);`
	`64`	`+ if (s != null)`
	`65`	`+ {`
	`66`	`+ absorb(s, s.length);`
	`67`	`+ }`
`59`	`68`	`absorb(buffer.toByteArray(), buffer.size());`
`60`	`69`	`/* squeeze full output blocks */`
`61`	`70`	`squeeze(output, outOff, outLen);`
Original file line number	Diff line number	Diff line change
`@@ -41,17 +41,17 @@ public AsconDigest(AsconParameters parameters)`
`41`	`41`
`42`	`42`	`private final String algorithmName;`
`43`	`43`
`44`		`- protected long PAD(int i)`
	`44`	`+ protected long pad(int i)`
`45`	`45`	`{`
`46`	`46`	`return 0x80L << (56 - (i << 3));`
`47`	`47`	`}`
`48`	`48`
`49`		`- protected long LOADBYTES(final byte[] bytes, int inOff, int n)`
	`49`	`+ protected long loadBytes(final byte[] bytes, int inOff, int n)`
`50`	`50`	`{`
`51`	`51`	`return Pack.bigEndianToLong(bytes, inOff, n);`
`52`	`52`	`}`
`53`	`53`
`54`		`- protected void STOREBYTES( long w, byte[] bytes, int inOff,int n)`
	`54`	`+ protected void setBytes(long w, byte[] bytes, int inOff, int n)`
`55`	`55`	`{`
`56`	`56`	`Pack.longToBigEndian(w, bytes, inOff, n);`
`57`	`57`	`}`
Original file line number	Diff line number	Diff line change
`@@ -44,17 +44,17 @@ public AsconXof(AsconXof.AsconParameters parameters)`
`44`	`44`	`private final String algorithmName;`
`45`	`45`
`46`	`46`
`47`		`- protected long PAD(int i)`
	`47`	`+ protected long pad(int i)`
`48`	`48`	`{`
`49`	`49`	`return 0x80L << (56 - (i << 3));`
`50`	`50`	`}`
`51`	`51`
`52`		`- protected long LOADBYTES(final byte[] bytes, int inOff, int n)`
	`52`	`+ protected long loadBytes(final byte[] bytes, int inOff, int n)`
`53`	`53`	`{`
`54`	`54`	`return Pack.bigEndianToLong(bytes, inOff, n);`
`55`	`55`	`}`
`56`	`56`
`57`		`- protected void STOREBYTES( long w, byte[] bytes, int inOff,int n)`
	`57`	`+ protected void setBytes(long w, byte[] bytes, int inOff, int n)`
`58`	`58`	`{`
`59`	`59`	`Pack.longToBigEndian(w, bytes, inOff, n);`
`60`	`60`	`}`
Original file line number	Diff line number	Diff line change
`@@ -24,7 +24,7 @@ public AsconAEAD128Engine()`
`24`	`24`	`dsep = -9223372036854775808L; //0x80L << 56`
`25`	`25`	`}`
`26`	`26`
`27`		`- protected long PAD(int i)`
	`27`	`+ protected long pad(int i)`
`28`	`28`	`{`
`29`	`29`	`return 0x01L << (i << 3);`
`30`	`30`	`}`
`@@ -50,21 +50,21 @@ protected void ascon_aeadinit()`
`50`	`50`	`x2 = K1;`
`51`	`51`	`x3 = N0;`
`52`	`52`	`x4 = N1;`
`53`		`- P(12);`
	`53`	`+ p(12);`
`54`	`54`	`x3 ^= K0;`
`55`	`55`	`x4 ^= K1;`
`56`	`56`	`}`
`57`	`57`
`58`		`- protected void processFianlAADBlock()`
	`58`	`+ protected void processFinalADBBlock()`
`59`	`59`	`{`
`60`	`60`	`if (m_bufPos >= 8) // ASCON_AEAD_RATE == 16 is implied`
`61`	`61`	`{`
`62`	`62`	`x0 ^= Pack.littleEndianToLong(m_buf, 0);`
`63`		`- x1 ^= Pack.littleEndianToLong(m_buf, 8) ^ PAD(m_bufPos);`
	`63`	`+ x1 ^= Pack.littleEndianToLong(m_buf, 8) ^ pad(m_bufPos);`
`64`	`64`	`}`
`65`	`65`	`else`
`66`	`66`	`{`
`67`		`- x0 ^= Pack.littleEndianToLong(m_buf, 0) ^ PAD(m_bufPos);`
	`67`	`+ x0 ^= Pack.littleEndianToLong(m_buf, 0) ^ pad(m_bufPos);`
`68`	`68`	`}`
`69`	`69`	`}`
`70`	`70`
`@@ -73,7 +73,7 @@ protected void processFinalDecrypt(byte[] input, int inLen, byte[] output, int o`
`73`	`73`	`if (inLen >= 8) // ASCON_AEAD_RATE == 16 is implied`
`74`	`74`	`{`
`75`	`75`	`long c0 = Pack.littleEndianToLong(input, 0);`
`76`		`- long c1 = Pack.littleEndianToLong(input, 0 + 8, inLen - 8);`
	`76`	`+ long c1 = Pack.littleEndianToLong(input, 8, inLen - 8);`
`77`	`77`
`78`	`78`	`Pack.longToLittleEndian(x0 ^ c0, output, outOff);`
`79`	`79`	`Pack.longToLittleEndian(x1 ^ c1, output, outOff + 8, inLen - 8);`
`@@ -82,7 +82,7 @@ protected void processFinalDecrypt(byte[] input, int inLen, byte[] output, int o`
`82`	`82`	`inLen -= 8;`
`83`	`83`	`x1 &= -(1L << (inLen << 3));`
`84`	`84`	`x1 \|= c1;`
`85`		`- x1 ^= PAD(inLen);`
	`85`	`+ x1 ^= pad(inLen);`
`86`	`86`	`}`
`87`	`87`	`else`
`88`	`88`	`{`
`@@ -93,9 +93,8 @@ protected void processFinalDecrypt(byte[] input, int inLen, byte[] output, int o`
`93`	`93`	`x0 &= -(1L << (inLen << 3));`
`94`	`94`	`x0 \|= c0;`
`95`	`95`	`}`
`96`		`- x0 ^= PAD(inLen);`
	`96`	`+ x0 ^= pad(inLen);`
`97`	`97`	`}`
`98`		`-`
`99`	`98`	`finishData(State.DecFinal);`
`100`	`99`	`}`
`101`	`100`
`@@ -108,7 +107,7 @@ protected void processFinalEncrypt(byte[] input, int inLen, byte[] output, int o`
`108`	`107`	`Pack.longToLittleEndian(x0, output, outOff);`
`109`	`108`	`Pack.longToLittleEndian(x1, output, outOff + 8);`
`110`	`109`	`inLen -= 8;`
`111`		`- x1 ^= PAD(inLen);`
	`110`	`+ x1 ^= pad(inLen);`
`112`	`111`	`}`
`113`	`112`	`else`
`114`	`113`	`{`
`@@ -117,18 +116,16 @@ protected void processFinalEncrypt(byte[] input, int inLen, byte[] output, int o`
`117`	`116`	`x0 ^= Pack.littleEndianToLong(input, 0, inLen);`
`118`	`117`	`Pack.longToLittleEndian(x0, output, outOff, inLen);`
`119`	`118`	`}`
`120`		`- x0 ^= PAD(inLen);`
	`119`	`+ x0 ^= pad(inLen);`
`121`	`120`	`}`
`122`		`-`
`123`		`-`
`124`	`121`	`finishData(State.EncFinal);`
`125`	`122`	`}`
`126`	`123`
`127`	`124`	`private void finishData(State nextState)`
`128`	`125`	`{`
`129`	`126`	`x2 ^= K0;`
`130`	`127`	`x3 ^= K1;`
`131`		`- P(12);`
	`128`	`+ p(12);`
`132`	`129`	`x3 ^= K0;`
`133`	`130`	`x4 ^= K1;`
`134`	`131`	`m_state = nextState;`
Original file line number	Diff line number	Diff line change
`@@ -6,7 +6,6 @@`
`6`	`6`	`import org.bouncycastle.crypto.modes.AEADCipher;`
`7`	`7`	`import org.bouncycastle.util.Arrays;`
`8`	`8`	`import org.bouncycastle.util.Longs;`
`9`		`-import org.bouncycastle.util.Pack;`
`10`	`9`
`11`	`10`	`abstract class AsconBaseEngine`
`12`	`11`	`implements AEADCipher`
`@@ -48,13 +47,13 @@ protected enum State`
`48`	`47`	`protected int m_bufPos = 0;`
`49`	`48`	`protected long dsep; //domain separation`
`50`	`49`
`51`		`- protected abstract long PAD(int i);`
	`50`	`+ protected abstract long pad(int i);`
`52`	`51`
`53`	`52`	`protected abstract long loadBytes(byte[] in, int inOff);`
`54`	`53`
`55`	`54`	`protected abstract void setBytes(long n, byte[] bs, int off);`
`56`	`55`
`57`		`- protected void ROUND(long C)`
	`56`	`+ protected void round(long C)`
`58`	`57`	`{`
`59`	`58`	`long t0 = x0 ^ x1 ^ x2 ^ x3 ^ C ^ (x1 & (x0 ^ x2 ^ x4 ^ C));`
`60`	`59`	`long t1 = x0 ^ x2 ^ x3 ^ x4 ^ C ^ ((x1 ^ x2 ^ C) & (x1 ^ x3));`
`@@ -68,26 +67,26 @@ protected void ROUND(long C)`
`68`	`67`	`x4 = t4 ^ Longs.rotateRight(t4, 7) ^ Longs.rotateRight(t4, 41);`
`69`	`68`	`}`
`70`	`69`
`71`		`- protected void P(int nr)`
	`70`	`+ protected void p(int nr)`
`72`	`71`	`{`
`73`	`72`	`if (nr == 12)`
`74`	`73`	`{`
`75`		`- ROUND(0xf0L);`
`76`		`- ROUND(0xe1L);`
`77`		`- ROUND(0xd2L);`
`78`		`- ROUND(0xc3L);`
	`74`	`+ round(0xf0L);`
	`75`	`+ round(0xe1L);`
	`76`	`+ round(0xd2L);`
	`77`	`+ round(0xc3L);`
`79`	`78`	`}`
`80`	`79`	`if (nr >= 8)`
`81`	`80`	`{`
`82`		`- ROUND(0xb4L);`
`83`		`- ROUND(0xa5L);`
	`81`	`+ round(0xb4L);`
	`82`	`+ round(0xa5L);`
`84`	`83`	`}`
`85`		`- ROUND(0x96L);`
`86`		`- ROUND(0x87L);`
`87`		`- ROUND(0x78L);`
`88`		`- ROUND(0x69L);`
`89`		`- ROUND(0x5aL);`
`90`		`- ROUND(0x4bL);`
	`84`	`+ round(0x96L);`
	`85`	`+ round(0x87L);`
	`86`	`+ round(0x78L);`
	`87`	`+ round(0x69L);`
	`88`	`+ round(0x5aL);`
	`89`	`+ round(0x4bL);`
`91`	`90`	`}`
`92`	`91`
`93`	`92`	`protected abstract void ascon_aeadinit();`
`@@ -142,8 +141,8 @@ private void finishAAD(State nextState)`
`142`	`141`	`{`
`143`	`142`	`case DecAad:`
`144`	`143`	`case EncAad:`
`145`		`- processFianlAADBlock();`
`146`		`- P(nr);`
	`144`	`+ processFinalADBBlock();`
	`145`	`+ p(nr);`
`147`	`146`	`break;`
`148`	`147`	`default:`
`149`	`148`	`break;`
`@@ -154,7 +153,7 @@ private void finishAAD(State nextState)`
`154`	`153`	`m_state = nextState;`
`155`	`154`	`}`
`156`	`155`
`157`		`- protected abstract void processFianlAADBlock();`
	`156`	`+ protected abstract void processFinalADBBlock();`
`158`	`157`
`159`	`158`	`protected abstract void processFinalDecrypt(byte[] input, int inLen, byte[] output, int outOff);`
`160`	`159`
`@@ -167,7 +166,7 @@ protected void processBufferAAD(byte[] buffer, int inOff)`
`167`	`166`	`{`
`168`	`167`	`x1 ^= loadBytes(buffer, 8 + inOff);`
`169`	`168`	`}`
`170`		`- P(nr);`
	`169`	`+ p(nr);`
`171`	`170`	`}`
`172`	`171`
`173`	`172`
`@@ -187,8 +186,9 @@ protected void processBufferDecrypt(byte[] buffer, int bufOff, byte[] output, in`
`187`	`186`	`setBytes(x1 ^ t1, output, outOff + 8);`
`188`	`187`	`x1 = t1;`
`189`	`188`	`}`
`190`		`- P(nr);`
	`189`	`+ p(nr);`
`191`	`190`	`}`
	`191`	`+`
`192`	`192`	`protected void processBufferEncrypt(byte[] buffer, int bufOff, byte[] output, int outOff)`
`193`	`193`	`{`
`194`	`194`	`if (outOff + ASCON_AEAD_RATE > output.length)`
`@@ -203,8 +203,7 @@ protected void processBufferEncrypt(byte[] buffer, int bufOff, byte[] output, in`
`203`	`203`	`x1 ^= loadBytes(buffer, bufOff + 8);`
`204`	`204`	`setBytes(x1, output, outOff + 8);`
`205`	`205`	`}`
`206`		`-`
`207`		`- P(nr);`
	`206`	`+ p(nr);`
`208`	`207`	`}`
`209`	`208`
`210`	`209`	`public void processAADByte(byte in)`