Ascon docs

README.md

@@ -120,6 +120,7 @@ The prod server (acvts.nist.gov) also supports ACVP version 1.0, with the same e
 * [AES-XTS 2.0](https://pages.nist.gov/ACVP/draft-celi-acvp-symmetric.txt) - [HTML](https://pages.nist.gov/ACVP/draft-celi-acvp-symmetric.html)
 * [AES-FF1](https://pages.nist.gov/ACVP/draft-celi-acvp-symmetric.txt) - [HTML](https://pages.nist.gov/ACVP/draft-celi-acvp-symmetric.html)
 * [AES-FF3-1](https://pages.nist.gov/ACVP/draft-celi-acvp-symmetric.txt) - [HTML](https://pages.nist.gov/ACVP/draft-celi-acvp-symmetric.html) - DEMO only
+* [Ascon-AEAD128](https://pages.nist.gov/ACVP/draft-ross-acvp-ascon.txt) - [HTML](https://pages.nist.gov/ACVP/draft-ross-acvp-ascon.html)
 * [TDES-CBC](https://pages.nist.gov/ACVP/draft-celi-acvp-symmetric.txt) - [HTML](https://pages.nist.gov/ACVP/draft-celi-acvp-symmetric.html)
 * [TDES-CBCI](https://pages.nist.gov/ACVP/draft-celi-acvp-symmetric.txt) - [HTML](https://pages.nist.gov/ACVP/draft-celi-acvp-symmetric.html)
 * [TDES-CFB1](https://pages.nist.gov/ACVP/draft-celi-acvp-symmetric.txt) - [HTML](https://pages.nist.gov/ACVP/draft-celi-acvp-symmetric.html)
@@ -135,6 +136,7 @@ The prod server (acvts.nist.gov) also supports ACVP version 1.0, with the same e
 * [TDES-OFBI](https://pages.nist.gov/ACVP/draft-celi-acvp-symmetric.txt) - [HTML](https://pages.nist.gov/ACVP/draft-celi-acvp-symmetric.html)
 
 ### Secure Hash
+* [Ascon-Hash256](https://pages.nist.gov/ACVP/draft-ross-acvp-ascon.txt) - [HTML](https://pages.nist.gov/ACVP/draft-ross-acvp-ascon.html)
 * [SHA-1](https://pages.nist.gov/ACVP/draft-celi-acvp-sha.txt) - [HTML](https://pages.nist.gov/ACVP/draft-celi-acvp-sha.html)
 * [SHA-224](https://pages.nist.gov/ACVP/draft-celi-acvp-sha.txt) - [HTML](https://pages.nist.gov/ACVP/draft-celi-acvp-sha.html)
 * [SHA-256](https://pages.nist.gov/ACVP/draft-celi-acvp-sha.txt) - [HTML](https://pages.nist.gov/ACVP/draft-celi-acvp-sha.html)
@@ -152,6 +154,8 @@ The prod server (acvts.nist.gov) also supports ACVP version 1.0, with the same e
 * [SHA3-512 2.0](https://pages.nist.gov/ACVP/draft-celi-acvp-sha3.txt) - [HTML](https://pages.nist.gov/ACVP/draft-celi-acvp-sha3.html)
 
 ### XOFs
+* [Ascon-XOF128](https://pages.nist.gov/ACVP/draft-ross-acvp-ascon.txt) - [HTML](https://pages.nist.gov/ACVP/draft-ross-acvp-ascon.html)
+* [Ascon-CXOF128](https://pages.nist.gov/ACVP/draft-ross-acvp-ascon.txt) - [HTML](https://pages.nist.gov/ACVP/draft-ross-acvp-ascon.html)
 * [SHAKE-128](https://pages.nist.gov/ACVP/draft-celi-acvp-sha3.txt) - [HTML](https://pages.nist.gov/ACVP/draft-celi-acvp-sha3.html)
 * [SHAKE-256](https://pages.nist.gov/ACVP/draft-celi-acvp-sha3.txt) - [HTML](https://pages.nist.gov/ACVP/draft-celi-acvp-sha3.html)
 * [cSHAKE-128](https://pages.nist.gov/ACVP/draft-celi-acvp-xof.txt) - [HTML](https://pages.nist.gov/ACVP/draft-celi-acvp-xof.html)

index.html

@@ -176,6 +176,7 @@ <h2 id="ciphers">Block Cipher Modes</h2>
 					<li><a href="https://pages.nist.gov/ACVP/draft-celi-acvp-symmetric.txt">AES-XTS 2.0</a> - <a href="https://pages.nist.gov/ACVP/draft-celi-acvp-symmetric.html">HTML</a></li>
 					<li><a href="https://pages.nist.gov/ACVP/draft-celi-acvp-symmetric.txt">AES-FF1</a> - <a href="https://pages.nist.gov/ACVP/draft-celi-acvp-symmetric.html">HTML</a></li>
 					<li><a href="https://pages.nist.gov/ACVP/draft-celi-acvp-symmetric.txt">AES-FF3-1</a> - <a href="https://pages.nist.gov/ACVP/draft-celi-acvp-symmetric.html">HTML</a> - DEMO only</li>
+					<li><a href="https://pages.nist.gov/ACVP/draft-ross-acvp-ascon.txt">Ascon-AEAD128</a> - <a href="https://pages.nist.gov/ACVP/draft-ross-acvp-ascon.html">HTML</a></li>
 					<li><a href="https://pages.nist.gov/ACVP/draft-celi-acvp-symmetric.txt">TDES-CBC</a> - <a href="https://pages.nist.gov/ACVP/draft-celi-acvp-symmetric.html">HTML</a></li>
 					<li><a href="https://pages.nist.gov/ACVP/draft-celi-acvp-symmetric.txt">TDES-CBCI</a> - <a href="https://pages.nist.gov/ACVP/draft-celi-acvp-symmetric.html">HTML</a></li>
 					<li><a href="https://pages.nist.gov/ACVP/draft-celi-acvp-symmetric.txt">TDES-CFB1</a> - <a href="https://pages.nist.gov/ACVP/draft-celi-acvp-symmetric.html">HTML</a></li>
@@ -193,6 +194,7 @@ <h2 id="ciphers">Block Cipher Modes</h2>
 
 				<h2 id="hashes">Secure Hash</h2>
 				<ul>
+					<li><a href="https://pages.nist.gov/ACVP/draft-ross-acvp-ascon.txt">Ascon-Hash256</a> - <a href="https://pages.nist.gov/ACVP/draft-ross-acvp-ascon.html">HTML</a></li>
 					<li><a href="https://pages.nist.gov/ACVP/draft-celi-acvp-sha.txt">SHA-1</a> - <a href="https://pages.nist.gov/ACVP/draft-celi-acvp-sha.html">HTML</a></li>
 					<li><a href="https://pages.nist.gov/ACVP/draft-celi-acvp-sha.txt">SHA-224</a> - <a href="https://pages.nist.gov/ACVP/draft-celi-acvp-sha.html">HTML</a></li>
 					<li><a href="https://pages.nist.gov/ACVP/draft-celi-acvp-sha.txt">SHA-256</a> - <a href="https://pages.nist.gov/ACVP/draft-celi-acvp-sha.html">HTML</a></li>
@@ -212,6 +214,8 @@ <h2 id="hashes">Secure Hash</h2>
 
 				<h2 id="xofs">XOFs</h2>
 				<ul>
+					<li><a href="https://pages.nist.gov/ACVP/draft-ross-acvp-ascon.txt">Ascon-XOF128</a> - <a href="https://pages.nist.gov/ACVP/draft-ross-acvp-ascon.html">HTML</a></li>
+					<li><a href="https://pages.nist.gov/ACVP/draft-ross-acvp-ascon.txt">Ascon-CXOF128</a> - <a href="https://pages.nist.gov/ACVP/draft-ross-acvp-ascon.html">HTML</a></li>
 					<li><a href="https://pages.nist.gov/ACVP/draft-celi-acvp-sha3.txt">SHAKE-128</a> - <a href="https://pages.nist.gov/ACVP/draft-celi-acvp-sha3.html">HTML</a></li>
 					<li><a href="https://pages.nist.gov/ACVP/draft-celi-acvp-sha3.txt">SHAKE-256</a> - <a href="https://pages.nist.gov/ACVP/draft-celi-acvp-sha3.html">HTML</a></li>
 					<li><a href="https://pages.nist.gov/ACVP/draft-celi-acvp-xof.txt">cSHAKE-128</a> - <a href="https://pages.nist.gov/ACVP/draft-celi-acvp-xof.html">HTML</a></li>

src/ascon/sections/03-supported.adoc

@@ -0,0 +1,10 @@
+
+[#supported]
+== Supported Ascon Algorithms
+
+The following Ascon algorithms *MAY* be advertised by the ACVP compliant cryptographic module. The list is in the form "algorithm / mode / revision".
+
+* Ascon / AEAD128 / SP800-232
+* Ascon / Hash256 / SP800-232
+* Ascon / XOF128 / SP800-232
+* Ascon / CXOF128 / SP800-232

src/ascon/sections/04-testtypes.adoc

@@ -0,0 +1,47 @@
+
+[#testtypes]
+== Test Types and Test Coverage
+
+[#ttypes]
+=== Test Types
+
+The ACVP server performs a set of tests on the specified Ascon algorithm in order to assess the correctness and robustness of the implementation. A typical ACVP validation session *SHALL* require multiple tests to be performed for every supported permutation of Ascon capabilities. This section describes the design of the tests used to validate implementations of the Ascon algorithms. The number of tests *MAY* vary but the minimum number required by each test type *SHALL* be included by the server. The test type describes the format of the test rather than the intention of the test. Multiple tests of the same test type *MAY* cover different assurances regarding the implementation. 
+
+==== Ascon AEAD Test Types
+
+* Ascon / AEAD128 / * "AFT" - Algorithm Functional Test. 
+
+For each test case provided the IUT *SHALL* perform either encryption or decryption. In the case of encryption, the IUT *SHALL* use the provided key, nonce, associated data, payload, payload bit length, associated data bit length, tag length, and second key values. The IUT-computed ciphertext and tag are communicated to the ACVP server and compared to the expected ciphertext and tag. This tests the implementation of Algorithm 3 `Ascon-AEAD128.enc()` from <<SP800-232>> Section 4.1.1. The server *SHALL* provide at least 60 tests for each combination of capabilities. In the case of decryption, the IUT *SHALL* use the provided key, nonce, associated data, ciphertext, tag, ciphertext bit length, associated data bit length, tag length, and second key values. The IUT-computed payload is communicated to the ACVP server and compared to the expected payload. This tests the implementation of Algorithm 4 `Ascon-AEAD128.dec()` from <<SP800-232>> Section 4.1.2. The server *SHALL* provide at least 60 tests for each combination of capabilities.
+
+==== Ascon Hash Test Types
+
+* Ascon / Hash256 / * "AFT" - Algorithm Functional Test. 
+
+For each test case provided the IUT *SHALL* generate a valid digest given the ACVP-provided message and message bit length. The digest is then compared to the known result by the ACVP server. This tests the implementation of Algorithm 5 `Ascon-Hash256()` from <<SP800-232>> Section 5.1. The server *SHALL* provide at least 60 tests generated for each combination of capabilities.
+
+==== Ascon XOF Test Types
+
+* Ascon / XOF128 / * "AFT" - Algorithm Functional Test. 
+
+For each test case provided the IUT *SHALL* generate a valid digest given the ACVP-provided message, message bit length, and digest bit length. The digest is then compared to the known result by the ACVP server. This tests the implementation of Algorithm 6 `Ascon-XOF128()` from <<SP800-232>> Section 5.2. The server *SHALL* provide at least 60 tests generated for each combination of capabilities.
+
+==== Ascon CXOF Test Types
+
+* Ascon / CXOF128 / * "AFT" - Algorithm Functional Test. 
+
+For each test case provided the IUT *SHALL* generate a valid digest given the ACVP-provided message, message bit length, customization string, customization string bit length, and digest bit length. The digest is then compared to the known result by the ACVP server. This tests the implementation of Algorithm 7 `Ascon-CXOF128()` from <<SP800-232>> Section 5.3. The server *SHALL* provide at least 60 tests generated for each combination of capabilities.
+
+[[test_coverage]]
+=== Test Coverage
+
+The tests described in this document have the intention of ensuring an implementation is conformant to <<SP800-232>>.
+
+[[requirements_covered]]
+==== Requirements Covered
+
+* The tests will support ensuring the conformity and correctness of an implementation of the algorithms supported. 
+
+[[requirements_not_covered]]
+==== Requirements Not Covered
+
+* SP800-232 Section 4.3. Additional Requirements. Requirements outlined in this section are not testable by an ACVP server.

src/ascon/sections/05-ascon-aead128-capabilities.adoc

@@ -0,0 +1,63 @@
+
+[[Ascon_AEAD128_registration]]
+=== Ascon AEAD128 Registration Properties
+
+Each Ascon AEAD128 algorithm capability advertised is a self-contained JSON object using the following values.
+
+[[Ascon_AEAD128_caps_table]]
+.Ascon AEAD128 Algorithm Capabilities JSON Values
+|===
+| JSON Value | Description | JSON Type | Valid Values
+
+| algorithm | The algorithm to be validated | string | "Ascon"
+| mode | The Ascon mode to be validated | string | "AEAD128"
+| revision | The algorithm testing revision to use | string | "SP800-232"
+| directions | The directions for AEAD to be tested | array of strings | "encrypt", "decrypt"
+| payloadLength | The supported plaintext lengths in bits | Domain | {"Min": 0, "Max": 65536, "Inc": any}
+| adLength | The supported associated data lengths in bits | Domain | {"Min": 0, "Max": 65536, "Inc": any}
+| tagLength | The supported tag lengths in bits | Domain | {"Min": 64, "Max": 128, "Inc": any}
+| supportsNonceMasking | The support for nonce masking (second key) mode | array of booleans | true, false
+|===
+
+[[Ascon_AEAD128_capabilities]]
+==== Ascon AEAD128 Mode Capabilities Example
+
+Below is an example of the registration for Ascon / AEAD128 / SP800-232
+
+[source, json]
+----
+{
+  "algorithm": "Ascon",
+  "mode": "AEAD128",
+  "revision": "SP800-232",
+  "directions": [
+    "encrypt",
+    "decrypt"
+  ],
+  "payloadLength": [
+    {
+      "min": 0,
+      "max": 65536,
+      "increment": 1
+    }
+  ],
+  "adLength": [
+    {
+      "min": 0,
+      "max": 65536,
+      "increment": 1
+    }
+  ],
+  "tagLength": [
+    {
+      "min": 64,
+      "max": 128,
+      "increment": 1
+    }
+  ],
+  "supportsNonceMasking": [
+    true,
+    false
+  ]
+}
+----

src/ascon/sections/05-ascon-cxof128-capabilities.adoc

@@ -0,0 +1,53 @@
+
+[[Ascon_CXOF128_registration]]
+=== Ascon CXOF128 Registration Properties
+
+Each Ascon CXOF128 algorithm capability advertised is a self-contained JSON object using the following values.
+
+[[Ascon_CXOF128_caps_table]]
+.Ascon CXOF128 Algorithm Capabilities JSON Values
+|===
+| JSON Value | Description | JSON Type | Valid Values
+
+| algorithm | The algorithm to be validated | string | "Ascon"
+| mode | The Ascon mode to be validated | string | "CXOF128"
+| revision | The algorithm testing revision to use | string | "SP800-232"
+| messageLength | The supported message lengths in bits | Domain | {"Min": 0, "Max": 65536, "Inc": any}
+| digestLength | The supported digest lengths in bits | Domain | {"Min": 1, "Max": 65536, "Inc": any}
+| customizationStringLengthLength | The supported customization string lengths in bits | Domain | {"Min": 0, "Max": 2048, "Inc": any}
+|===
+
+[[Ascon_CXOF128_capabilities]]
+==== Ascon CXOF128 Mode Capabilities Example
+
+Below is an example of the registration for Ascon / CXOF128 / SP800-232
+
+[source, json]
+----
+{
+  "algorithm": "Ascon",
+  "mode": "CXOF128",
+  "revision": "SP800-232",
+  "messageLength": [
+    {
+      "min": 0,
+      "max": 65536,
+      "increment": 1
+    }
+  ],
+  "digestLength": [
+    {
+      "min": 1,
+      "max": 65536,
+      "increment": 1
+    }
+  ],
+  "customizationStringLength": [
+    {
+      "min": 0,
+      "max": 2048,
+      "increment": 1
+    }
+  ]
+}
+----

src/ascon/sections/05-ascon-hash256-capabilities.adoc

@@ -0,0 +1,37 @@
+
+[[Ascon_Hash256_registration]]
+=== Ascon Hash256 Registration Properties
+
+Each Ascon Hash256 algorithm capability advertised is a self-contained JSON object using the following values.
+
+[[Ascon_Hash256_caps_table]]
+.Ascon Hash256 Algorithm Capabilities JSON Values
+|===
+| JSON Value | Description | JSON Type | Valid Values
+
+| algorithm | The algorithm to be validated | string | "Ascon"
+| mode | The Ascon mode to be validated | string | "Hash256"
+| revision | The algorithm testing revision to use | string | "SP800-232"
+| messageLength | The supported message lengths in bits | Domain | {"Min": 0, "Max": 65536, "Inc": any}
+|===
+
+[[Ascon_Hash256_capabilities]]
+==== Ascon Hash256 Mode Capabilities Example
+
+Below is an example of the registration for Ascon / Hash256 / SP800-232
+
+[source, json]
+----
+{
+  "algorithm": "Ascon",
+  "mode": "Hash256",
+  "revision": "SP800-232",
+  "messageLength": [
+    {
+      "min": 0,
+      "max": 65536,
+      "increment": 1
+    }
+  ]
+}
+----

src/ascon/sections/05-ascon-xof128-capabilities.adoc

@@ -0,0 +1,45 @@
+
+[[Ascon_XOF128_registration]]
+=== Ascon XOF128 Registration Properties
+
+Each Ascon XOF128 algorithm capability advertised is a self-contained JSON object using the following values.
+
+[[Ascon_XOF128_caps_table]]
+.Ascon XOF128 Algorithm Capabilities JSON Values
+|===
+| JSON Value | Description | JSON Type | Valid Values
+
+| algorithm | The algorithm to be validated | string | "Ascon"
+| mode | The Ascon mode to be validated | string | "XOF128"
+| revision | The algorithm testing revision to use | string | "SP800-232"
+| messageLength | The supported message lengths in bits | Domain | {"Min": 0, "Max": 65536, "Inc": any}
+| digestLength | The supported digest lengths in bits | Domain | {"Min": 1, "Max": 65536, "Inc": any}
+|===
+
+[[Ascon_XOF128_capabilities]]
+==== Ascon XOF128 Mode Capabilities Example
+
+Below is an example of the registration for Ascon / XOF128 / SP800-232
+
+[source, json]
+----
+{
+  "algorithm": "Ascon",
+  "mode": "XOF128",
+  "revision": "SP800-232",
+  "messageLength": [
+    {
+      "min": 0,
+      "max": 65536,
+      "increment": 1
+    }
+  ],
+  "digestLength": [
+    {
+      "min": 1,
+      "max": 65536,
+      "increment": 1
+    }
+  ]
+}
+----

src/ascon/sections/05-capabilities.adoc

@@ -0,0 +1,6 @@
+
+[[prereq_algs]]
+=== Required Prerequisite Algorithms for Ascon Validations
+
+Ascon implementations do not rely on other cryptographic primitives. 
+