diff --git a/package-lock.json b/package-lock.json
index b374df4b..5526a1ba 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -53,6 +53,7 @@
"jimp": "^0.22.12",
"jq-web": "^0.5.1",
"jquery": "3.7.1",
+ "js-ascon": "^1.3.0",
"js-sha3": "^0.9.3",
"jsesc": "^3.0.2",
"json5": "^2.2.3",
@@ -12349,6 +12350,14 @@
"integrity": "sha512-m4avr8yL8kmFN8psrbFFFmB/If14iN5o9nw/NgnnM+kybDJpRsAynV2BsfpTYrTRysYUdADVD7CkUUizgkpLfg==",
"license": "MIT"
},
+ "node_modules/js-ascon": {
+ "version": "1.3.0",
+ "resolved": "https://registry.npmjs.org/js-ascon/-/js-ascon-1.3.0.tgz",
+ "integrity": "sha512-7GdMP11Ut8klrwkx+G2qRqEHhkWxmIoyVH6w+MU/4pRwWO0Dh/n3xo8wKe5IkTAdCCpU22uoHiaoB6JwGpbxcA==",
+ "engines": {
+ "node": ">=14.21.3"
+ }
+ },
"node_modules/js-sha3": {
"version": "0.9.3",
"resolved": "https://registry.npmjs.org/js-sha3/-/js-sha3-0.9.3.tgz",
diff --git a/package.json b/package.json
index 9191ab6f..1f03de5d 100644
--- a/package.json
+++ b/package.json
@@ -139,6 +139,7 @@
"jimp": "^0.22.12",
"jq-web": "^0.5.1",
"jquery": "3.7.1",
+ "js-ascon": "^1.3.0",
"js-sha3": "^0.9.3",
"jsesc": "^3.0.2",
"json5": "^2.2.3",
diff --git a/src/core/config/Categories.json b/src/core/config/Categories.json
index 434c8bb6..77fb08d1 100644
--- a/src/core/config/Categories.json
+++ b/src/core/config/Categories.json
@@ -107,6 +107,8 @@
"Rabbit",
"SM4 Encrypt",
"SM4 Decrypt",
+ "Ascon Encrypt",
+ "Ascon Decrypt",
"GOST Encrypt",
"GOST Decrypt",
"GOST Sign",
@@ -427,6 +429,8 @@
"BLAKE2b",
"BLAKE2s",
"BLAKE3",
+ "Ascon Hash",
+ "Ascon MAC",
"GOST Hash",
"Streebog",
"SSDEEP",
diff --git a/src/core/operations/AsconDecrypt.mjs b/src/core/operations/AsconDecrypt.mjs
new file mode 100644
index 00000000..0da2ef24
--- /dev/null
+++ b/src/core/operations/AsconDecrypt.mjs
@@ -0,0 +1,112 @@
+/**
+ * @author Medjedtxm
+ * @copyright Crown Copyright 2025
+ * @license Apache-2.0
+ */
+
+import Operation from "../Operation.mjs";
+import OperationError from "../errors/OperationError.mjs";
+import Utils from "../Utils.mjs";
+import { toHexFast } from "../lib/Hex.mjs";
+
+/**
+ * Ascon Decrypt operation
+ */
+class AsconDecrypt extends Operation {
+
+ /**
+ * AsconDecrypt constructor
+ */
+ constructor() {
+ super();
+
+ this.name = "Ascon Decrypt";
+ this.module = "Ciphers";
+ this.description = "Ascon-AEAD128 authenticated decryption as standardised in NIST SP 800-232. Decrypts ciphertext and verifies the authentication tag. Decryption will fail if the ciphertext or associated data has been tampered with.
Key: Must be exactly 16 bytes (128 bits).
Nonce: Must be exactly 16 bytes (128 bits). Must match the nonce used during encryption.
Associated Data: Must match the associated data used during encryption. Any mismatch will cause authentication failure.";
+ this.infoURL = "https://wikipedia.org/wiki/Ascon_(cipher)";
+ this.inputType = "string";
+ this.outputType = "string";
+ this.args = [
+ {
+ "name": "Key",
+ "type": "toggleString",
+ "value": "",
+ "toggleValues": ["Hex", "UTF8", "Latin1", "Base64"]
+ },
+ {
+ "name": "Nonce",
+ "type": "toggleString",
+ "value": "",
+ "toggleValues": ["Hex", "UTF8", "Latin1", "Base64"]
+ },
+ {
+ "name": "Associated Data",
+ "type": "toggleString",
+ "value": "",
+ "toggleValues": ["Hex", "UTF8", "Latin1", "Base64"]
+ },
+ {
+ "name": "Input",
+ "type": "option",
+ "value": ["Hex", "Raw"]
+ },
+ {
+ "name": "Output",
+ "type": "option",
+ "value": ["Raw", "Hex"]
+ }
+ ];
+ }
+
+ /**
+ * @param {string} input
+ * @param {Object[]} args
+ * @returns {string}
+ */
+ async run(input, args) {
+ const JsAscon = (await import("js-ascon")).default;
+
+ const key = Utils.convertToByteArray(args[0].string, args[0].option),
+ nonce = Utils.convertToByteArray(args[1].string, args[1].option),
+ ad = Utils.convertToByteString(args[2].string, args[2].option),
+ inputType = args[3],
+ outputType = args[4];
+
+ if (key.length !== 16) {
+ throw new OperationError(`Invalid key length: ${key.length} bytes.
+
+Ascon-AEAD128 requires a key of exactly 16 bytes (128 bits).`);
+ }
+
+ if (nonce.length !== 16) {
+ throw new OperationError(`Invalid nonce length: ${nonce.length} bytes.
+
+Ascon-AEAD128 requires a nonce of exactly 16 bytes (128 bits).`);
+ }
+
+ // Convert input to byte array
+ const inputData = Utils.convertToByteArray(input, inputType);
+
+ // Convert to format expected by js-ascon
+ const keyUint8 = new Uint8Array(key);
+ const nonceUint8 = new Uint8Array(nonce);
+ const ciphertextUint8 = new Uint8Array(inputData);
+
+ try {
+ // Decrypt (returns Uint8Array containing plaintext)
+ const plaintext = JsAscon.decrypt(keyUint8, nonceUint8, ad, ciphertextUint8);
+
+ // Return in requested format
+ if (outputType === "Hex") {
+ return toHexFast(plaintext);
+ } else {
+ return Utils.arrayBufferToStr(Uint8Array.from(plaintext).buffer);
+ }
+ } catch (e) {
+ throw new OperationError("Unable to decrypt: authentication failed. The ciphertext, key, nonce, or associated data may be incorrect or tampered with.");
+ }
+ }
+
+}
+
+export default AsconDecrypt;
diff --git a/src/core/operations/AsconEncrypt.mjs b/src/core/operations/AsconEncrypt.mjs
new file mode 100644
index 00000000..bc2bf59d
--- /dev/null
+++ b/src/core/operations/AsconEncrypt.mjs
@@ -0,0 +1,108 @@
+/**
+ * @author Medjedtxm
+ * @copyright Crown Copyright 2025
+ * @license Apache-2.0
+ */
+
+import Operation from "../Operation.mjs";
+import OperationError from "../errors/OperationError.mjs";
+import Utils from "../Utils.mjs";
+import { toHexFast } from "../lib/Hex.mjs";
+
+/**
+ * Ascon Encrypt operation
+ */
+class AsconEncrypt extends Operation {
+
+ /**
+ * AsconEncrypt constructor
+ */
+ constructor() {
+ super();
+
+ this.name = "Ascon Encrypt";
+ this.module = "Ciphers";
+ this.description = "Ascon-AEAD128 authenticated encryption as standardised in NIST SP 800-232. Ascon is a family of lightweight authenticated encryption algorithms designed for constrained devices such as IoT sensors and embedded systems.
Key: Must be exactly 16 bytes (128 bits).
Nonce: Must be exactly 16 bytes (128 bits). Should be unique for each encryption with the same key. Never reuse a nonce with the same key.
Associated Data: Optional additional data that is authenticated but not encrypted. Useful for including metadata like headers or timestamps.
The output includes both the ciphertext and a 128-bit authentication tag.";
+ this.infoURL = "https://wikipedia.org/wiki/Ascon_(cipher)";
+ this.inputType = "string";
+ this.outputType = "string";
+ this.args = [
+ {
+ "name": "Key",
+ "type": "toggleString",
+ "value": "",
+ "toggleValues": ["Hex", "UTF8", "Latin1", "Base64"]
+ },
+ {
+ "name": "Nonce",
+ "type": "toggleString",
+ "value": "",
+ "toggleValues": ["Hex", "UTF8", "Latin1", "Base64"]
+ },
+ {
+ "name": "Associated Data",
+ "type": "toggleString",
+ "value": "",
+ "toggleValues": ["Hex", "UTF8", "Latin1", "Base64"]
+ },
+ {
+ "name": "Input",
+ "type": "option",
+ "value": ["Raw", "Hex"]
+ },
+ {
+ "name": "Output",
+ "type": "option",
+ "value": ["Hex", "Raw"]
+ }
+ ];
+ }
+
+ /**
+ * @param {string} input
+ * @param {Object[]} args
+ * @returns {string}
+ */
+ async run(input, args) {
+ const JsAscon = (await import("js-ascon")).default;
+
+ const key = Utils.convertToByteArray(args[0].string, args[0].option),
+ nonce = Utils.convertToByteArray(args[1].string, args[1].option),
+ ad = Utils.convertToByteString(args[2].string, args[2].option),
+ inputType = args[3],
+ outputType = args[4];
+
+ if (key.length !== 16) {
+ throw new OperationError(`Invalid key length: ${key.length} bytes.
+
+Ascon-AEAD128 requires a key of exactly 16 bytes (128 bits).`);
+ }
+
+ if (nonce.length !== 16) {
+ throw new OperationError(`Invalid nonce length: ${nonce.length} bytes.
+
+Ascon-AEAD128 requires a nonce of exactly 16 bytes (128 bits).`);
+ }
+
+ // Convert input to byte array
+ const inputData = Utils.convertToByteArray(input, inputType);
+
+ // Convert to format expected by js-ascon
+ const keyUint8 = new Uint8Array(key);
+ const nonceUint8 = new Uint8Array(nonce);
+ const inputStr = Utils.byteArrayToChars(inputData);
+
+ // Encrypt (returns Uint8Array containing ciphertext + tag)
+ const ciphertext = JsAscon.encrypt(keyUint8, nonceUint8, ad, inputStr);
+
+ // Return in requested format
+ if (outputType === "Hex") {
+ return toHexFast(ciphertext);
+ } else {
+ return Utils.arrayBufferToStr(Uint8Array.from(ciphertext).buffer);
+ }
+ }
+
+}
+
+export default AsconEncrypt;
diff --git a/src/core/operations/AsconHash.mjs b/src/core/operations/AsconHash.mjs
new file mode 100644
index 00000000..eb9a2e63
--- /dev/null
+++ b/src/core/operations/AsconHash.mjs
@@ -0,0 +1,50 @@
+/**
+ * @author Medjedtxm
+ * @copyright Crown Copyright 2025
+ * @license Apache-2.0
+ */
+
+import Operation from "../Operation.mjs";
+import { toHexFast } from "../lib/Hex.mjs";
+
+/**
+ * Ascon Hash operation
+ */
+class AsconHash extends Operation {
+
+ /**
+ * AsconHash constructor
+ */
+ constructor() {
+ super();
+
+ this.name = "Ascon Hash";
+ this.module = "Crypto";
+ this.description = "Ascon-Hash256 produces a fixed 256-bit (32-byte) cryptographic hash as standardised in NIST SP 800-232. Ascon is a family of lightweight authenticated encryption and hashing algorithms designed for constrained devices such as IoT sensors and embedded systems.
The algorithm was selected by NIST in 2023 as the new standard for lightweight cryptography after a multi-year competition.";
+ this.infoURL = "https://wikipedia.org/wiki/Ascon_(cipher)";
+ this.inputType = "ArrayBuffer";
+ this.outputType = "string";
+ this.args = [];
+ }
+
+ /**
+ * @param {ArrayBuffer} input
+ * @param {Object[]} args
+ * @returns {string}
+ */
+ async run(input, args) {
+ const JsAscon = (await import("js-ascon")).default;
+
+ // Convert ArrayBuffer to string for js-ascon
+ const inputStr = new TextDecoder().decode(input);
+
+ // Compute hash (returns Uint8Array)
+ const hashResult = JsAscon.hash(inputStr);
+
+ // Convert to hex string
+ return toHexFast(hashResult);
+ }
+
+}
+
+export default AsconHash;
diff --git a/src/core/operations/AsconMAC.mjs b/src/core/operations/AsconMAC.mjs
new file mode 100644
index 00000000..076993c8
--- /dev/null
+++ b/src/core/operations/AsconMAC.mjs
@@ -0,0 +1,60 @@
+/**
+ * @author txm20
+ * @copyright Crown Copyright 2025
+ * @license Apache-2.0
+ */
+
+import Operation from "../Operation.mjs";
+import Utils from "../Utils.mjs";
+import { toHexFast } from "../lib/Hex.mjs";
+
+/**
+ * Ascon MAC operation
+ */
+class AsconMAC extends Operation {
+
+ /**
+ * AsconMAC constructor
+ */
+ constructor() {
+ super();
+
+ this.name = "Ascon MAC";
+ this.module = "Crypto";
+ this.description = "Ascon-Mac produces a 128-bit (16-byte) message authentication code as part of the Ascon family standardised by NIST in SP 800-232. It provides authentication for messages using a secret key, ensuring both data integrity and authenticity.
Ascon is designed for lightweight cryptography on constrained devices such as IoT sensors and embedded systems.";
+ this.infoURL = "https://wikipedia.org/wiki/Ascon_(cipher)";
+ this.inputType = "ArrayBuffer";
+ this.outputType = "string";
+ this.args = [
+ {
+ "name": "Key",
+ "type": "toggleString",
+ "value": "",
+ "toggleValues": ["Hex", "UTF8", "Latin1", "Base64"]
+ }
+ ];
+ }
+
+ /**
+ * @param {ArrayBuffer} input
+ * @param {Object[]} args
+ * @returns {string}
+ */
+ async run(input, args) {
+ const JsAscon = (await import("js-ascon")).default;
+
+ const keyStr = Utils.convertToByteString(args[0].string, args[0].option);
+
+ // Convert ArrayBuffer to string for js-ascon
+ const inputStr = new TextDecoder().decode(input);
+
+ // Compute MAC (returns Uint8Array)
+ const macResult = JsAscon.mac(keyStr, inputStr);
+
+ // Convert to hex string
+ return toHexFast(macResult);
+ }
+
+}
+
+export default AsconMAC;
diff --git a/tests/operations/index.mjs b/tests/operations/index.mjs
index f147e9e7..87ade61d 100644
--- a/tests/operations/index.mjs
+++ b/tests/operations/index.mjs
@@ -16,6 +16,7 @@ import { setLongTestFailure, logTestReport } from "../lib/utils.mjs";
import TestRegister from "../lib/TestRegister.mjs";
import "./tests/AESKeyWrap.mjs";
import "./tests/AlternatingCaps.mjs";
+import "./tests/Ascon.mjs";
import "./tests/AvroToJSON.mjs";
import "./tests/BaconCipher.mjs";
import "./tests/Base32.mjs";
diff --git a/tests/operations/tests/Ascon.mjs b/tests/operations/tests/Ascon.mjs
new file mode 100644
index 00000000..13856449
--- /dev/null
+++ b/tests/operations/tests/Ascon.mjs
@@ -0,0 +1,421 @@
+/**
+ * Ascon tests.
+ *
+ * Test vectors include official NIST ACVP vectors from:
+ * https://github.com/usnistgov/ACVP-Server/tree/master/gen-val/json-files/Ascon-Hash256-SP800-232
+ * https://github.com/ascon/ascon-c (LWC_AEAD_KAT files)
+ *
+ * @author Claude
+ * @copyright Crown Copyright 2025
+ * @license Apache-2.0
+ */
+
+import TestRegister from "../../lib/TestRegister.mjs";
+
+TestRegister.addTests([
+ // ============= Ascon Hash Tests (NIST SP 800-232) =============
+ // Official NIST ACVP test vector
+ {
+ name: "Ascon Hash: NIST ACVP vector (msg=0x50)",
+ input: "P", // 0x50
+ expectedOutput: "b96da347d720272533a87f5a94a356155f49cdf7c0c10a3e6f346d8a2293e480",
+ recipeConfig: [
+ {
+ "op": "Ascon Hash",
+ "args": []
+ }
+ ],
+ },
+ {
+ name: "Ascon Hash: empty input",
+ input: "",
+ expectedOutput: "0b3be5850f2f6b98caf29f8fdea89b64a1fa70aa249b8f839bd53baa304d92b2",
+ recipeConfig: [
+ {
+ "op": "Ascon Hash",
+ "args": []
+ }
+ ],
+ },
+ {
+ name: "Ascon Hash: Hello",
+ input: "Hello",
+ expectedOutput: "c1beebe1251d562c4526d6b947cefb932998499424f6cd186e764aa0a36cddb7",
+ recipeConfig: [
+ {
+ "op": "Ascon Hash",
+ "args": []
+ }
+ ],
+ },
+ {
+ name: "Ascon Hash: Hello, World!",
+ input: "Hello, World!",
+ expectedOutput: "f40e1ce8d4272e628e9535193f196f4ff2a720b00f6380c5d6f16b975f3a7777",
+ recipeConfig: [
+ {
+ "op": "Ascon Hash",
+ "args": []
+ }
+ ],
+ },
+
+ // ============= Ascon MAC Tests =============
+ {
+ name: "Ascon MAC: basic MAC",
+ input: "Hello",
+ expectedOutput: "f58f344a2415ddf1a81defffe461db6c",
+ recipeConfig: [
+ {
+ "op": "Ascon MAC",
+ "args": [
+ {"option": "UTF8", "string": "secretkey1234567"}
+ ]
+ }
+ ],
+ },
+ {
+ name: "Ascon MAC: test message",
+ input: "test message",
+ expectedOutput: "2b9993206b3fd09d6a32392b13247856",
+ recipeConfig: [
+ {
+ "op": "Ascon MAC",
+ "args": [
+ {"option": "UTF8", "string": "secretkey1234567"}
+ ]
+ }
+ ],
+ },
+
+ // ============= Ascon Encrypt Tests (NIST SP 800-232) =============
+ // Official NIST ascon-c KAT test vector (Count=1)
+ {
+ name: "Ascon Encrypt: NIST KAT Count=1 (empty PT, empty AD)",
+ input: "",
+ expectedOutput: "4f9c278211bec9316bf68f46ee8b2ec6",
+ recipeConfig: [
+ {
+ "op": "Ascon Encrypt",
+ "args": [
+ {"option": "Hex", "string": "000102030405060708090a0b0c0d0e0f"},
+ {"option": "Hex", "string": "101112131415161718191a1b1c1d1e1f"},
+ {"option": "Hex", "string": ""},
+ "Raw", "Hex"
+ ]
+ }
+ ],
+ },
+ // Official NIST ascon-c KAT test vector (Count=2)
+ {
+ name: "Ascon Encrypt: NIST KAT Count=2 (empty PT, AD=0x30)",
+ input: "",
+ expectedOutput: "cccb674fe18a09a285d6ab11b35675c0",
+ recipeConfig: [
+ {
+ "op": "Ascon Encrypt",
+ "args": [
+ {"option": "Hex", "string": "000102030405060708090a0b0c0d0e0f"},
+ {"option": "Hex", "string": "101112131415161718191a1b1c1d1e1f"},
+ {"option": "Hex", "string": "30"},
+ "Raw", "Hex"
+ ]
+ }
+ ],
+ },
+ {
+ name: "Ascon Encrypt: no key",
+ input: "test message",
+ expectedOutput: `Invalid key length: 0 bytes.
+
+Ascon-AEAD128 requires a key of exactly 16 bytes (128 bits).`,
+ recipeConfig: [
+ {
+ "op": "Ascon Encrypt",
+ "args": [
+ {"option": "Hex", "string": ""},
+ {"option": "Hex", "string": "000102030405060708090a0b0c0d0e0f"},
+ {"option": "Hex", "string": ""},
+ "Raw", "Hex"
+ ]
+ }
+ ],
+ },
+ {
+ name: "Ascon Encrypt: invalid key length",
+ input: "test message",
+ expectedOutput: `Invalid key length: 8 bytes.
+
+Ascon-AEAD128 requires a key of exactly 16 bytes (128 bits).`,
+ recipeConfig: [
+ {
+ "op": "Ascon Encrypt",
+ "args": [
+ {"option": "Hex", "string": "0001020304050607"},
+ {"option": "Hex", "string": "000102030405060708090a0b0c0d0e0f"},
+ {"option": "Hex", "string": ""},
+ "Raw", "Hex"
+ ]
+ }
+ ],
+ },
+ {
+ name: "Ascon Encrypt: no nonce",
+ input: "test message",
+ expectedOutput: `Invalid nonce length: 0 bytes.
+
+Ascon-AEAD128 requires a nonce of exactly 16 bytes (128 bits).`,
+ recipeConfig: [
+ {
+ "op": "Ascon Encrypt",
+ "args": [
+ {"option": "Hex", "string": "000102030405060708090a0b0c0d0e0f"},
+ {"option": "Hex", "string": ""},
+ {"option": "Hex", "string": ""},
+ "Raw", "Hex"
+ ]
+ }
+ ],
+ },
+ {
+ name: "Ascon Encrypt: invalid nonce length",
+ input: "test message",
+ expectedOutput: `Invalid nonce length: 12 bytes.
+
+Ascon-AEAD128 requires a nonce of exactly 16 bytes (128 bits).`,
+ recipeConfig: [
+ {
+ "op": "Ascon Encrypt",
+ "args": [
+ {"option": "Hex", "string": "000102030405060708090a0b0c0d0e0f"},
+ {"option": "Hex", "string": "000102030405060708090a0b"},
+ {"option": "Hex", "string": ""},
+ "Raw", "Hex"
+ ]
+ }
+ ],
+ },
+ {
+ name: "Ascon Encrypt: basic encryption",
+ input: "Hello",
+ expectedOutput: "af14bce6b9b6588c3aa63f9ddc5a0cf5f565f358b0",
+ recipeConfig: [
+ {
+ "op": "Ascon Encrypt",
+ "args": [
+ {"option": "Hex", "string": "000102030405060708090a0b0c0d0e0f"},
+ {"option": "Hex", "string": "000102030405060708090a0b0c0d0e0f"},
+ {"option": "Hex", "string": ""},
+ "Raw", "Hex"
+ ]
+ }
+ ],
+ },
+ {
+ name: "Ascon Encrypt: with associated data",
+ input: "Hello",
+ expectedOutput: "351880c09f9dee12c20c4ba973066bc10dd26000b6",
+ recipeConfig: [
+ {
+ "op": "Ascon Encrypt",
+ "args": [
+ {"option": "Hex", "string": "000102030405060708090a0b0c0d0e0f"},
+ {"option": "Hex", "string": "000102030405060708090a0b0c0d0e0f"},
+ {"option": "UTF8", "string": "metadata"},
+ "Raw", "Hex"
+ ]
+ }
+ ],
+ },
+ {
+ name: "Ascon Encrypt: longer message",
+ input: "test message",
+ expectedOutput: "9314a3fef6cc299a07b8c9e0f9e479ca0d1187e87345cf590adc572b",
+ recipeConfig: [
+ {
+ "op": "Ascon Encrypt",
+ "args": [
+ {"option": "Hex", "string": "000102030405060708090a0b0c0d0e0f"},
+ {"option": "Hex", "string": "000102030405060708090a0b0c0d0e0f"},
+ {"option": "Hex", "string": ""},
+ "Raw", "Hex"
+ ]
+ }
+ ],
+ },
+ {
+ name: "Ascon Encrypt: empty plaintext",
+ input: "",
+ expectedOutput: "4427d64b8e1e1451fc445960f0839bb0",
+ recipeConfig: [
+ {
+ "op": "Ascon Encrypt",
+ "args": [
+ {"option": "Hex", "string": "000102030405060708090a0b0c0d0e0f"},
+ {"option": "Hex", "string": "000102030405060708090a0b0c0d0e0f"},
+ {"option": "Hex", "string": ""},
+ "Raw", "Hex"
+ ]
+ }
+ ],
+ },
+ {
+ name: "Ascon Encrypt: zero key and nonce",
+ input: "Hello",
+ expectedOutput: "403281e117ebb087e2d9196552b2d123bccb7b5500",
+ recipeConfig: [
+ {
+ "op": "Ascon Encrypt",
+ "args": [
+ {"option": "Hex", "string": "00000000000000000000000000000000"},
+ {"option": "Hex", "string": "00000000000000000000000000000000"},
+ {"option": "Hex", "string": ""},
+ "Raw", "Hex"
+ ]
+ }
+ ],
+ },
+
+ // ============= Ascon Decrypt Tests =============
+ {
+ name: "Ascon Decrypt: no key",
+ input: "af14bce6b9b6588c3aa63f9ddc5a0cf5f565f358b0",
+ expectedOutput: `Invalid key length: 0 bytes.
+
+Ascon-AEAD128 requires a key of exactly 16 bytes (128 bits).`,
+ recipeConfig: [
+ {
+ "op": "Ascon Decrypt",
+ "args": [
+ {"option": "Hex", "string": ""},
+ {"option": "Hex", "string": "000102030405060708090a0b0c0d0e0f"},
+ {"option": "Hex", "string": ""},
+ "Hex", "Raw"
+ ]
+ }
+ ],
+ },
+ {
+ name: "Ascon Decrypt: basic decryption",
+ input: "af14bce6b9b6588c3aa63f9ddc5a0cf5f565f358b0",
+ expectedOutput: "Hello",
+ recipeConfig: [
+ {
+ "op": "Ascon Decrypt",
+ "args": [
+ {"option": "Hex", "string": "000102030405060708090a0b0c0d0e0f"},
+ {"option": "Hex", "string": "000102030405060708090a0b0c0d0e0f"},
+ {"option": "Hex", "string": ""},
+ "Hex", "Raw"
+ ]
+ }
+ ],
+ },
+ {
+ name: "Ascon Decrypt: with associated data",
+ input: "351880c09f9dee12c20c4ba973066bc10dd26000b6",
+ expectedOutput: "Hello",
+ recipeConfig: [
+ {
+ "op": "Ascon Decrypt",
+ "args": [
+ {"option": "Hex", "string": "000102030405060708090a0b0c0d0e0f"},
+ {"option": "Hex", "string": "000102030405060708090a0b0c0d0e0f"},
+ {"option": "UTF8", "string": "metadata"},
+ "Hex", "Raw"
+ ]
+ }
+ ],
+ },
+ {
+ name: "Ascon Decrypt: longer message",
+ input: "9314a3fef6cc299a07b8c9e0f9e479ca0d1187e87345cf590adc572b",
+ expectedOutput: "test message",
+ recipeConfig: [
+ {
+ "op": "Ascon Decrypt",
+ "args": [
+ {"option": "Hex", "string": "000102030405060708090a0b0c0d0e0f"},
+ {"option": "Hex", "string": "000102030405060708090a0b0c0d0e0f"},
+ {"option": "Hex", "string": ""},
+ "Hex", "Raw"
+ ]
+ }
+ ],
+ },
+ {
+ name: "Ascon Decrypt: authentication failure (tampered ciphertext)",
+ input: "bf14bce6b9b6588c3aa63f9ddc5a0cf5f565f358b0",
+ expectedOutput: "Unable to decrypt: authentication failed. The ciphertext, key, nonce, or associated data may be incorrect or tampered with.",
+ recipeConfig: [
+ {
+ "op": "Ascon Decrypt",
+ "args": [
+ {"option": "Hex", "string": "000102030405060708090a0b0c0d0e0f"},
+ {"option": "Hex", "string": "000102030405060708090a0b0c0d0e0f"},
+ {"option": "Hex", "string": ""},
+ "Hex", "Raw"
+ ]
+ }
+ ],
+ },
+ {
+ name: "Ascon Decrypt: authentication failure (wrong key)",
+ input: "af14bce6b9b6588c3aa63f9ddc5a0cf5f565f358b0",
+ expectedOutput: "Unable to decrypt: authentication failed. The ciphertext, key, nonce, or associated data may be incorrect or tampered with.",
+ recipeConfig: [
+ {
+ "op": "Ascon Decrypt",
+ "args": [
+ {"option": "Hex", "string": "ff0102030405060708090a0b0c0d0e0f"},
+ {"option": "Hex", "string": "000102030405060708090a0b0c0d0e0f"},
+ {"option": "Hex", "string": ""},
+ "Hex", "Raw"
+ ]
+ }
+ ],
+ },
+ {
+ name: "Ascon Decrypt: authentication failure (wrong associated data)",
+ input: "351880c09f9dee12c20c4ba973066bc10dd26000b6",
+ expectedOutput: "Unable to decrypt: authentication failed. The ciphertext, key, nonce, or associated data may be incorrect or tampered with.",
+ recipeConfig: [
+ {
+ "op": "Ascon Decrypt",
+ "args": [
+ {"option": "Hex", "string": "000102030405060708090a0b0c0d0e0f"},
+ {"option": "Hex", "string": "000102030405060708090a0b0c0d0e0f"},
+ {"option": "UTF8", "string": "wrong data"},
+ "Hex", "Raw"
+ ]
+ }
+ ],
+ },
+
+ // ============= Round-trip Tests =============
+ {
+ name: "Ascon: encrypt then decrypt round-trip",
+ input: "This is a test message for Ascon AEAD encryption!",
+ expectedOutput: "This is a test message for Ascon AEAD encryption!",
+ recipeConfig: [
+ {
+ "op": "Ascon Encrypt",
+ "args": [
+ {"option": "Hex", "string": "000102030405060708090a0b0c0d0e0f"},
+ {"option": "Hex", "string": "101112131415161718191a1b1c1d1e1f"},
+ {"option": "UTF8", "string": "additional data"},
+ "Raw", "Hex"
+ ]
+ },
+ {
+ "op": "Ascon Decrypt",
+ "args": [
+ {"option": "Hex", "string": "000102030405060708090a0b0c0d0e0f"},
+ {"option": "Hex", "string": "101112131415161718191a1b1c1d1e1f"},
+ {"option": "UTF8", "string": "additional data"},
+ "Hex", "Raw"
+ ]
+ }
+ ],
+ },
+]);