Do not refer to NIST draft standard anymore

Signed-off-by: Anjan Roy <hello@itzmeanjan.in>

Author: itzmeanjan

README.md

@@ -2,7 +2,7 @@
 Ascon Permutation-based Lightweight Cryptography Standards for Constrained Devices: Authenticated Encryption, Hash, and Extendable Output Functions.
 
 ## Overview
-This header-only C++ library implements the whole Ascon LwC cipher-suite i.e. Ascon-AEAD128, Ascon-Hash256, Ascon-XOF128, and Ascon-CXOF128. These algorithms, suitable for constrained environments, are part of the Ascon family designed for resource-limited devices, prioritizing security, performance, and efficiency. The library offers `constexpr` functions where possible for enhanced performance and simplifies integration. The implementation conforms to the Ascon draft standard defined in [NIST SP 800-232](https://doi.org/10.6028/NIST.SP.800-232.ipd).
+This header-only C++ library implements the whole Ascon LwC cipher-suite i.e. Ascon-AEAD128, Ascon-Hash256, Ascon-XOF128, and Ascon-CXOF128. These algorithms, suitable for constrained environments, are part of the Ascon family designed for resource-limited devices, prioritizing security, performance, and efficiency. The library offers `constexpr` functions where possible for enhanced performance and simplifies integration. The implementation conforms to the Ascon standard defined in [NIST SP 800-232](https://doi.org/10.6028/NIST.SP.800-232).
 
 The library includes the following core Ascon cryptographic primitives:
 

include/ascon/aead/duplex.hpp

@@ -8,7 +8,7 @@
 
 namespace ascon_duplex_mode {
 
-// See table 12 of Ascon draft standard @ https://doi.org/10.6028/NIST.SP.800-232.ipd.
+// See table 12 of Ascon standard @ https://doi.org/10.6028/NIST.SP.800-232.
 static constexpr uint8_t UNIQUE_ALGORITHM_ID = 1;
 
 static constexpr size_t ASCON_PERM_NUM_ROUNDS_A = 12;
@@ -24,7 +24,7 @@ static constexpr size_t TAG_BYTE_LEN = BIT_SECURITY_LEVEL / std::numeric_limits<
 
 /**
  * @brief Initializes the Ascon permutation state with the given key and nonce.
- * See point 1 of section 4.1.1 in Ascon draft standard @ https://doi.org/10.6028/NIST.SP.800-232.ipd.
+ * See point 1 of section 4.1.1 in Ascon standard @ https://doi.org/10.6028/NIST.SP.800-232.
  *
  * @param state Ascon permutation state.
  * @param key Encryption key.
@@ -51,7 +51,7 @@ initialize(ascon_perm::ascon_perm_t& state, std::span<const uint8_t, KEY_BYTE_LE
 /**
  * @brief Absorbs arbitrary-length associated data into the Ascon permutation state.
  * This function can be called multiple times with different spans of associated data before calling `finalize_associated_data`.
- * See point 2 of section 4.1.1 in Ascon draft standard @ https://doi.org/10.6028/NIST.SP.800-232.ipd.
+ * See point 2 of section 4.1.1 in Ascon standard @ https://doi.org/10.6028/NIST.SP.800-232.
  *
  * @param state Ascon permutation state.
  * @param block_offset Offset within the current block, must be <= `RATE_BYTES`.
@@ -90,7 +90,7 @@ absorb_associated_data(ascon_perm::ascon_perm_t& state, size_t& block_offset, st
 /**
  * @brief Finalizes the associated data absorption process by adding a 1-bit domain separator.
  * No more associated data can be absorbed after calling this function.
- * See point 2 of section 4.1.1 in Ascon draft standard @ https://doi.org/10.6028/NIST.SP.800-232.ipd.
+ * See point 2 of section 4.1.1 in Ascon standard @ https://doi.org/10.6028/NIST.SP.800-232.
  *
  * @param state Ascon permutation state.
  * @param block_offset Offset within the current block, must be <= `RATE_BYTES`.
@@ -119,7 +119,7 @@ finalize_associated_data(ascon_perm::ascon_perm_t& state, size_t& block_offset,
 /**
  * @brief Absorbs arbitrary-length plaintext into the Ascon permutation state and produces ciphertext.
  * This function can be called multiple times with different spans of plaintext before calling `finalize_ciphering`.
- * See point 3 of section 4.1.1 in Ascon draft standard @ https://doi.org/10.6028/NIST.SP.800-232.ipd.
+ * See point 3 of section 4.1.1 in Ascon standard @ https://doi.org/10.6028/NIST.SP.800-232.
  *
  * @param state Ascon permutation state.
  * @param block_offset Offset within the current block, must be <= `RATE_BYTES`.
@@ -164,7 +164,7 @@ encrypt_plaintext(ascon_perm::ascon_perm_t& state, size_t& block_offset, std::sp
 /**
  * @brief Absorbs arbitrary-length ciphertext into the Ascon permutation state and produces decrypted plaintext.
  * This function can be called multiple times with different spans of ciphertext before calling `finalize_ciphering`.
- * See point 3 of section 4.1.2 in Ascon draft standard @ https://doi.org/10.6028/NIST.SP.800-232.ipd.
+ * See point 3 of section 4.1.2 in Ascon standard @ https://doi.org/10.6028/NIST.SP.800-232.
  *
  * @param state Ascon permutation state.
  * @param block_offset Offset within the current block, must be <= `RATE_BYTES`.
@@ -211,7 +211,7 @@ decrypt_ciphertext(ascon_perm::ascon_perm_t& state, size_t& block_offset, std::s
 /**
  * @brief Finalizes the plaintext/ciphertext absorption process by adding a 1-bit domain separator to be permutation state.
  * No more plaintext/ciphertext can be encrypted/decrypted after calling this function.
- * See point 3 of section 4.1.1 in Ascon draft standard @ https://doi.org/10.6028/NIST.SP.800-232.ipd.
+ * See point 3 of section 4.1.1 in Ascon standard @ https://doi.org/10.6028/NIST.SP.800-232.
  *
  * @param state Ascon permutation state.
  * @param block_offset Offset within the current block, must be <= `RATE_BYTES`.
@@ -232,7 +232,7 @@ finalize_ciphering(ascon_perm::ascon_perm_t& state, size_t& block_offset)
 
 /**
  * @brief Finalizes the Ascon permutation state and produces a tag.
- * See point 4 of section 4.1.1 in Ascon draft standard @ https://doi.org/10.6028/NIST.SP.800-232.ipd.
+ * See point 4 of section 4.1.1 in Ascon standard @ https://doi.org/10.6028/NIST.SP.800-232.
  *
  * @param state Ascon permutation state.
  * @param key Key used for encryption/decryption.

include/ascon/hashes/ascon_cxof128.hpp

@@ -3,7 +3,7 @@
 
 namespace ascon_cxof128 {
 
-// See table 12 of Ascon draft standard @ https://doi.org/10.6028/NIST.SP.800-232.ipd.
+// See table 12 of Ascon standard @ https://doi.org/10.6028/NIST.SP.800-232.
 static constexpr uint8_t UNIQUE_ALGORITHM_ID = 4;
 static constexpr auto INITIAL_PERMUTATION_STATE = ascon_sponge_mode::compute_init_state(ascon_common_utils::compute_iv(UNIQUE_ALGORITHM_ID,
                                                                                                                        ascon_sponge_mode::ASCON_PERM_NUM_ROUNDS,

include/ascon/hashes/ascon_hash256.hpp

@@ -5,7 +5,7 @@ namespace ascon_hash256 {
 
 static constexpr size_t DIGEST_BYTE_LEN = (ascon_perm::PERMUTATION_STATE_BITWIDTH - ascon_sponge_mode::RATE_BITS) / std::numeric_limits<uint8_t>::digits;
 
-// See table 12 of Ascon draft standard @ https://doi.org/10.6028/NIST.SP.800-232.ipd.
+// See table 12 of Ascon standard @ https://doi.org/10.6028/NIST.SP.800-232.
 static constexpr uint8_t UNIQUE_ALGORITHM_ID = 2;
 static constexpr auto INITIAL_PERMUTATION_STATE = ascon_sponge_mode::compute_init_state(ascon_common_utils::compute_iv(UNIQUE_ALGORITHM_ID,
                                                                                                                        ascon_sponge_mode::ASCON_PERM_NUM_ROUNDS,

include/ascon/hashes/ascon_xof128.hpp

@@ -3,7 +3,7 @@
 
 namespace ascon_xof128 {
 
-// See table 12 of Ascon draft standard @ https://doi.org/10.6028/NIST.SP.800-232.ipd.
+// See table 12 of Ascon standard @ https://doi.org/10.6028/NIST.SP.800-232.
 static constexpr uint8_t UNIQUE_ALGORITHM_ID = 3;
 static constexpr auto INITIAL_PERMUTATION_STATE = ascon_sponge_mode::compute_init_state(ascon_common_utils::compute_iv(UNIQUE_ALGORITHM_ID,
                                                                                                                        ascon_sponge_mode::ASCON_PERM_NUM_ROUNDS,

include/ascon/permutation/ascon.hpp

@@ -14,7 +14,7 @@ static constexpr size_t PERMUTATION_STATE_BITWIDTH = 320;
 static constexpr size_t PERMUTATION_STATE_WORD_BITWIDTH = std::numeric_limits<uint64_t>::digits;
 static constexpr size_t PERMUTATION_STATE_WORD_COUNT = PERMUTATION_STATE_BITWIDTH / PERMUTATION_STATE_WORD_BITWIDTH;
 
-// Ascon permutation round constants; taken from table 5 in Ascon draft standard @ https://doi.org/10.6028/NIST.SP.800-232.ipd.
+// Ascon permutation round constants; taken from table 5 in Ascon standard @ https://doi.org/10.6028/NIST.SP.800-232.
 static constexpr std::array<uint8_t, ASCON_PERMUTATION_MAX_ROUNDS> ASCON_PERMUTATION_ROUND_CONSTANTS{ 0x3c, 0x2d, 0x1e, 0x0f, 0xf0, 0xe1, 0xd2, 0xc3,
                                                                                                       0xb4, 0xa5, 0x96, 0x87, 0x78, 0x69, 0x5a, 0x4b };
 
@@ -26,7 +26,7 @@ struct ascon_perm_t
   std::array<uint64_t, PERMUTATION_STATE_WORD_COUNT> state{};
   static_assert(sizeof(state) * std::numeric_limits<uint8_t>::digits == PERMUTATION_STATE_BITWIDTH);
 
-  // Addition of constants step; see section 3.2 of Ascon draft standard @ https://doi.org/10.6028/NIST.SP.800-232.ipd.
+  // Addition of constants step; see section 3.2 of Ascon standard @ https://doi.org/10.6028/NIST.SP.800-232.
   forceinline constexpr void p_c(const uint64_t rc) { state[2] ^= rc; }
 
   // Substitution layer i.e. 5 -bit S-box S(x) applied on Ascon state; taken from figure 5 in Ascon specification
@@ -50,7 +50,7 @@ struct ascon_perm_t
     state[2] = ~row2;
   }
 
-  // Linear diffusion layer; taken from section 3.4 of Ascon draft standard @ https://doi.org/10.6028/NIST.SP.800-232.ipd.
+  // Linear diffusion layer; taken from section 3.4 of Ascon standard @ https://doi.org/10.6028/NIST.SP.800-232.
   forceinline constexpr void p_l()
   {
     const uint64_t row0 = state[0] ^ std::rotr(state[0], 19);
@@ -66,7 +66,7 @@ struct ascon_perm_t
     state[4] = row4 ^ std::rotr(state[4], 41);
   }
 
-  // Single round of Ascon permutation; taken from section 3 of Ascon draft standard @ https://doi.org/10.6028/NIST.SP.800-232.ipd.
+  // Single round of Ascon permutation; taken from section 3 of Ascon standard @ https://doi.org/10.6028/NIST.SP.800-232.
   forceinline constexpr void round(const uint64_t rc)
   {
     p_c(rc);
@@ -103,7 +103,7 @@ struct ascon_perm_t
   }
   forceinline constexpr void reset() { state.fill(0); }
 
-  // Applies Ascon permutation round for R -many times | R <= 16; taken from section 3 of Ascon draft standard @ https://doi.org/10.6028/NIST.SP.800-232.ipd.
+  // Applies Ascon permutation round for R -many times | R <= 16; taken from section 3 of Ascon standard @ https://doi.org/10.6028/NIST.SP.800-232.
   template<const size_t R>
   forceinline constexpr void permute()
     requires(R <= ASCON_PERMUTATION_MAX_ROUNDS)

include/ascon/utils/common.hpp

@@ -8,7 +8,7 @@
 namespace ascon_common_utils {
 
 // Compile-time evaluated function for computing initial values for Ascon variants.
-// See appendix B of Ascon draft standard @ https://doi.org/10.6028/NIST.SP.800-232.ipd.
+// See appendix B of Ascon standard @ https://doi.org/10.6028/NIST.SP.800-232.
 [[nodiscard]]
 forceinline consteval uint64_t
 compute_iv(const uint8_t unique_algo_id,