From nobody Wed Dec 17 04:03:00 2025 Received: from silver.cherry.relay.mailchannels.net (silver.cherry.relay.mailchannels.net [23.83.223.166]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 832893321BC; Mon, 15 Dec 2025 08:48:42 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=pass smtp.client-ip=23.83.223.166 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765788525; cv=pass; b=U791/w5rysGgtAJiUcFiyqsiVb+IMcW8ovB38jyI7whKSvJKEBV1J0MI5dljC+TECpA+D2/gQbMEhnKrMeTDtYxA6/V88VhrPYEPE5g3h+aIT2OsP8RNmjBAKScNy4izpzHd6nXFrskzKXEc6o7Rco1vbYQ+djY2/+tvuPoayqk= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765788525; c=relaxed/simple; bh=anr1O+hZHq3KrKsG4OAYVPKfqhhcxkUoAMI9sydRTRc=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=VYs36GxVPwvvFRGJEuiAvfu1K8EEPvn34xJ/17NgPVtn+Vk0FHLSNYjPn+7ZC21p3cf+MU90uMUPB6BNU0QWBCOe9wMQ+Ry7H4y5D2v2IDdJISp/f0fV5Cd6J14bqHBKofFp6iQoLpTXcCaOr+BVIy2qWyaiHxzuKZPooSGwhX4= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=kriptograf.id; spf=pass smtp.mailfrom=kriptograf.id; dkim=pass (2048-bit key) header.d=kriptograf.id header.i=@kriptograf.id header.b=wmctE1qO; arc=pass smtp.client-ip=23.83.223.166 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=kriptograf.id Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=kriptograf.id Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kriptograf.id header.i=@kriptograf.id header.b="wmctE1qO" X-Sender-Id: nlkw2k8yjw|x-authuser|rusydi.makarim@kriptograf.id Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id A781D801027; Mon, 15 Dec 2025 07:54:13 +0000 (UTC) Received: from vittoria.id.domainesia.com (trex-green-6.trex.outbound.svc.cluster.local [100.103.181.229]) (Authenticated sender: nlkw2k8yjw) by relay.mailchannels.net (Postfix) with ESMTPA id 3029880116B; Mon, 15 Dec 2025 07:54:10 +0000 (UTC) ARC-Seal: i=1; a=rsa-sha256; d=mailchannels.net; s=arc-2022; cv=none; t=1765785253; b=PkFrtdhhB2VFzk2pUAGhbplsQWn2QFrrgpHoq0cdnqnHqJzZTtNnqgegj5by/97mcCirLf rqsa8D/fPXgflzKrxHlU2Ipc6i6eFv7ZaSQGRGpVcUzxyn5eQKCLRwBNAieAZDQr1rsizk qnloPUgGBhbR32uj95H2nhOdJYcDF4e7UJD8WRUhoZs5DbgHxf82lalPJbkdjo3pJn9rHn rXpSn7ortrT0sh9g+p1oPlJ/DzvQ+AIddUPu5gYKgzXsDv/2eaiODV6kBEaxrYVgFfmHxR PggdudFDVthM2qvJRkODqRskaUPaYNE3NjxeQtKGLaCl6U0LpKHne8o48dz9BQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=mailchannels.net; s=arc-2022; t=1765785253; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=BJUuJ6NjKrz6/SHMPK1KiOxiFYTa7AV4Q2ma6AdBTqU=; b=3iwaJZX2AQEsZ290afILM1NniT0DeqG4kQI8eCIwUprI/dZOdTAP+4kt1QHa5UEhEuK2HQ urOnB66sDIysLNSzFSO7gHjeDVfWqDRubor5+1vesB2lx+Uzy/PAu+0hkfhki0YBLyJHAJ ysVfZlyIIM7HkYBzgVvHdwiZc671eF+BM+kRkTgvntJK90SbJ2jF5GQqh9V4ZNbDhdcGNg l8m9R0G3ITona8B+iGjSvE6q0nyn/uyogs6HU7VhDGk58i6cnk4fteQzIpilkjrl9C7F1O GlcswTfHYnleHTkOImC6AegDr5UXOLTLB86jtFGBwztXquY9i2ENtJtqw7JbrQ== ARC-Authentication-Results: i=1; rspamd-659888d77d-j78qb; auth=pass smtp.auth=nlkw2k8yjw smtp.mailfrom=rusydi.makarim@kriptograf.id X-Sender-Id: nlkw2k8yjw|x-authuser|rusydi.makarim@kriptograf.id X-MC-Relay: Neutral X-MailChannels-SenderId: nlkw2k8yjw|x-authuser|rusydi.makarim@kriptograf.id X-MailChannels-Auth-Id: nlkw2k8yjw X-Robust-White: 01828779337fc397_1765785253356_2224879328 X-MC-Loop-Signature: 1765785253356:1910460413 X-MC-Ingress-Time: 1765785253356 Received: from vittoria.id.domainesia.com (vittoria.id.domainesia.com [36.50.77.81]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384) by 100.103.181.229 (trex/7.1.3); Mon, 15 Dec 2025 07:54:13 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=kriptograf.id; s=default; h=Cc:To:In-Reply-To:References:Message-Id: Content-Transfer-Encoding:Content-Type:MIME-Version:Subject:Date:From:Sender: Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender :Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=BJUuJ6NjKrz6/SHMPK1KiOxiFYTa7AV4Q2ma6AdBTqU=; b=wmctE1qOjfwVNb09tH9zV8vMuh VGeRzgfX5SgmB4ZTpms2mLFVRAjnLOhapIrM19MqFr3C+mutFwvYbjsLpgoaqqbGvFJc0FNJK3V2o VuGiSI2EeS+6jRHUKnzp590ulRi6ldDRViOm8U7qBw7okP3KF0QPpzAOPAzT3upWrxfkHzmXqQG9D bJ2QiM+9qGKbUeyJX7x/XKZBzyBtCKQgZBr6ZnH4H4qhBmTNPEzoY9THl+Xz1XRg44Ru4gIJUcxxN W+4YPDnSFjTfpcl+Rd0fQLSfemGrfF7FATedqkdjROsJTB+etS9H8jMHj58CeiqxBL+iYCMDxXJV+ u636uf6g==; Received: from [182.253.89.89] (port=19977 helo=Rusydis-MacBook-Air.local) by vittoria.id.domainesia.com with esmtpsa (TLS1.3) tls TLS_AES_256_GCM_SHA384 (Exim 4.99) (envelope-from ) id 1vV3PF-0000000FQZW-0uCZ; Mon, 15 Dec 2025 14:54:08 +0700 From: "Rusydi H. Makarim" Date: Mon, 15 Dec 2025 14:54:34 +0700 Subject: [PATCH 1/3] lib/crypto: Add KUnit test vectors for Ascon-Hash256 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20251215-ascon_hash256-v1-1-24ae735e571e@kriptograf.id> References: <20251215-ascon_hash256-v1-0-24ae735e571e@kriptograf.id> In-Reply-To: <20251215-ascon_hash256-v1-0-24ae735e571e@kriptograf.id> To: Herbert Xu , "David S. Miller" , Eric Biggers , "Jason A. Donenfeld" , Ard Biesheuvel Cc: linux-kernel@vger.kernel.org, linux-crypto@vger.kernel.org, "Rusydi H. Makarim" X-Mailer: b4 0.14.3 X-AuthUser: rusydi.makarim@kriptograf.id Add test vectors to test the implementation correctness. The test vectors are generated using the Python reference implementation in https://github.com/meichlseder/pyascon. The messages are generated using the method rand_bytes() in scripts/crypto/gen-hash-testvecs.py. Signed-off-by: Rusydi H. Makarim --- include/crypto/ascon_hash.h | 97 ++++++++++++++ lib/crypto/tests/Kconfig | 9 ++ lib/crypto/tests/Makefile | 1 + lib/crypto/tests/ascon_hash-testvecs.h | 235 +++++++++++++++++++++++++++++= ++++ lib/crypto/tests/ascon_hash_kunit.c | 33 +++++ 5 files changed, 375 insertions(+) diff --git a/include/crypto/ascon_hash.h b/include/crypto/ascon_hash.h new file mode 100644 index 000000000000..bb3561a745a9 --- /dev/null +++ b/include/crypto/ascon_hash.h @@ -0,0 +1,97 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * Common values for Ascon-Hash family of algorithms as defined in + * NIST SP 800-232 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/N= IST.SP.800-232.pdf + */ +#ifndef _CRYPTO_ASCON_HASH_H_ +#define _CRYPTO_ASCON_HASH_H_ + +#include + +#define ASCON_STATE_SIZE 40 +#define ASCON_STATE_WORDS 5 + +#define ASCON_HASH256_DIGEST_SIZE 32 +#define ASCON_HASH256_BLOCK_SIZE 8 +#define ASCON_HASH256_RATE 8 +#define ASCON_HASH256_IV 0x0000080100CC0002ULL + +/* + * The standard of Ascon permutation in NIST SP 800-232 specifies 16 round + * constants to accomodate potential functionality extensions in the future + * (see page 2). + */ +static const u64 ascon_p_rndc[] =3D { + 0x000000000000003cULL, 0x000000000000002dULL, 0x000000000000001eULL, + 0x000000000000000fULL, 0x00000000000000f0ULL, 0x00000000000000e1ULL, + 0x00000000000000d2ULL, 0x00000000000000c3ULL, 0x00000000000000b4ULL, + 0x00000000000000a5ULL, 0x0000000000000096ULL, 0x0000000000000087ULL, + 0x0000000000000078ULL, 0x0000000000000069ULL, 0x000000000000005aULL, + 0x000000000000004bULL, +}; + +/* + * State for Ascon-p[320] permutation: 5 64-bit words + */ +struct ascon_state { + union { + __le64 words[ASCON_STATE_WORDS]; + u8 bytes[ASCON_STATE_SIZE]; + u64 native_words[ASCON_STATE_WORDS]; + }; +}; + +/* Internal context */ +struct __ascon_hash_ctx { + struct ascon_state state; + u8 absorb_offset; +}; + +/** + * struct ascon_hash256_ctx - Context for Ascon-Hash256 + * @ctx: private + */ +struct ascon_hash256_ctx { + struct __ascon_hash_ctx ctx; +}; + + +/** + * ascon_hash256_init() - Initialize a context for Ascon-Hash256 + * @ctx: The context to initialize + * + * This begins a new Ascon-Hash256 message digest computation. + */ +void ascon_hash256_init(struct ascon_hash256_ctx *ctx); + +/** + * ascon_hash256_update() - Update an Ascon-Hash256 digest context with in= put data + * @ctx: The context to update; must have been initialized + * @in: The input data + * @in_len: Length of the input data in bytes + */ +void ascon_hash256_update(struct ascon_hash256_ctx *ctx, const u8 *in, + size_t in_len); + +/** + * ascon_hash256_final() - Finish computing an Ascon-Hash256 message digest + * @ctx: The context to finalize; must have been initialized + * @out: (output) The resulting Ascon-Hash256 message digest, matching the= init + * function that was called. + */ +void ascon_hash256_final(struct ascon_hash256_ctx *ctx, + u8 out[ASCON_HASH256_DIGEST_SIZE]); + +/** + * ascon_hash256() - Compute Ascon-Hash256 digest in one shot + * @in: The input data to be digested + * @in_len: Length of the input data in bytes + * @out: The buffer into which the digest will be stored + * + * Convenience function that computes an Ascon-Hash256 digest. Use this in= stead of + * the incremental API if you are able to provide all the input at once. + */ +void ascon_hash256(const u8 *in, size_t in_len, + u8 out[ASCON_HASH256_DIGEST_SIZE]); + +#endif diff --git a/lib/crypto/tests/Kconfig b/lib/crypto/tests/Kconfig index 61d435c450bb..e9d10c580ffe 100644 --- a/lib/crypto/tests/Kconfig +++ b/lib/crypto/tests/Kconfig @@ -101,6 +101,15 @@ config CRYPTO_LIB_SHA3_KUNIT_TEST including SHA3-224, SHA3-256, SHA3-384, SHA3-512, SHAKE128 and SHAKE256. =20 +config CRYPTO_LIB_ASCON_HASH_KUNIT_TEST + tristate "KUnit tests for Ascon-Hash" if !KUNIT_ALL_TESTS + depends on KUNIT + default KUNIT_ALL_TESTS || CRYPTO_SELFTESTS + select CRYPTO_LIB_BENCHMARK_VISIBLE + select CRYPTO_LIB_ASCON_HASH + help + KUnit tests for the Ascon-Hash256 cryptographic has functions. + config CRYPTO_LIB_BENCHMARK_VISIBLE bool =20 diff --git a/lib/crypto/tests/Makefile b/lib/crypto/tests/Makefile index 5109a0651925..59c4f4ef5b22 100644 --- a/lib/crypto/tests/Makefile +++ b/lib/crypto/tests/Makefile @@ -10,3 +10,4 @@ obj-$(CONFIG_CRYPTO_LIB_SHA1_KUNIT_TEST) +=3D sha1_kunit.o obj-$(CONFIG_CRYPTO_LIB_SHA256_KUNIT_TEST) +=3D sha224_kunit.o sha256_kuni= t.o obj-$(CONFIG_CRYPTO_LIB_SHA512_KUNIT_TEST) +=3D sha384_kunit.o sha512_kuni= t.o obj-$(CONFIG_CRYPTO_LIB_SHA3_KUNIT_TEST) +=3D sha3_kunit.o +obj-$(CONFIG_CRYPTO_LIB_ASCON_HASH_KUNIT_TEST) +=3D ascon_hash_kunit.o diff --git a/lib/crypto/tests/ascon_hash-testvecs.h b/lib/crypto/tests/asco= n_hash-testvecs.h new file mode 100644 index 000000000000..b5c0edcf61e6 --- /dev/null +++ b/lib/crypto/tests/ascon_hash-testvecs.h @@ -0,0 +1,235 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later */ +/* + * The test vectors are generated using the Python reference implementation + * in https://github.com/meichlseder/pyascon/tree/master with messages from + * the method rand_bytes() in scripts/crypto/gen-hash-testvecs.py + */ + +static const struct { + size_t data_len; + u8 digest[ASCON_HASH256_DIGEST_SIZE]; +} hash_testvecs[] =3D { + { + .data_len =3D 0, + .digest =3D { + 0x0b, 0x3b, 0xe5, 0x85, 0x0f, 0x2f, 0x6b, 0x98, + 0xca, 0xf2, 0x9f, 0x8f, 0xde, 0xa8, 0x9b, 0x64, + 0xa1, 0xfa, 0x70, 0xaa, 0x24, 0x9b, 0x8f, 0x83, + 0x9b, 0xd5, 0x3b, 0xaa, 0x30, 0x4d, 0x92, 0xb2, + }, + }, + { + .data_len =3D 1, + .digest =3D { + 0xb9, 0xaa, 0x10, 0x34, 0x7a, 0x2e, 0x62, 0x01, + 0x01, 0xcf, 0xbd, 0x55, 0x8e, 0x8d, 0x85, 0xda, + 0x97, 0xe8, 0xd0, 0x5c, 0xbf, 0xf3, 0x19, 0xf7, + 0x54, 0xcd, 0x32, 0xc0, 0xd0, 0x06, 0x72, 0x62, + }, + }, + { + .data_len =3D 2, + .digest =3D { + 0xd9, 0x6b, 0x24, 0xe8, 0x0e, 0xaf, 0xd7, 0x43, + 0x02, 0x76, 0x7e, 0xc3, 0x66, 0xfa, 0x15, 0x69, + 0xe8, 0x86, 0x3b, 0xcd, 0x3b, 0xa4, 0xda, 0x77, + 0xf5, 0xc0, 0x9d, 0x01, 0x8e, 0x9c, 0xae, 0xcd, + }, + }, + { + .data_len =3D 3, + .digest =3D { + 0xaa, 0x09, 0xac, 0xf6, 0x0f, 0xa1, 0x54, 0xee, + 0x5c, 0xe6, 0xf9, 0x44, 0xa8, 0x9f, 0xdb, 0x35, + 0x68, 0x3b, 0x85, 0x15, 0x2f, 0x54, 0x51, 0x7d, + 0x05, 0x1e, 0xff, 0x4c, 0x23, 0xa3, 0x46, 0x59, + }, + }, + { + .data_len =3D 16, + .digest =3D { + 0xba, 0xc9, 0x62, 0x49, 0xba, 0x78, 0x92, 0x5f, + 0xa8, 0xa9, 0xd3, 0x47, 0x60, 0x09, 0x1e, 0xdb, + 0x23, 0x38, 0x2f, 0x43, 0x6a, 0x0f, 0x2f, 0xc8, + 0x33, 0x9c, 0xdb, 0x9e, 0x38, 0x8f, 0xb0, 0x8a + }, + }, + { + .data_len =3D 32, + .digest =3D { + 0x57, 0x6c, 0x66, 0xd5, 0xac, 0x36, 0xd2, 0xda, + 0x14, 0x4f, 0x6e, 0x84, 0xab, 0xc9, 0xd5, 0x9e, + 0xe4, 0xb2, 0x22, 0x4a, 0x8c, 0x3c, 0xf2, 0xf3, + 0x2d, 0xbc, 0x6c, 0x96, 0xa0, 0xd4, 0xaf, 0xd3 + }, + }, + { + .data_len =3D 48, + .digest =3D { + 0x7e, 0x2e, 0xa5, 0x76, 0x69, 0xc9, 0xf1, 0x49, + 0xb3, 0x89, 0x53, 0xca, 0x8f, 0x27, 0x6b, 0x89, + 0xdc, 0x92, 0x5b, 0x48, 0x90, 0x8f, 0x19, 0x7c, + 0xf2, 0x29, 0xa9, 0xde, 0x59, 0x9e, 0x81, 0x27 + }, + }, + { + .data_len =3D 49, + .digest =3D { + 0xb5, 0x75, 0xe9, 0xd8, 0x67, 0x75, 0xe2, 0x29, + 0x3b, 0xff, 0x82, 0x14, 0x06, 0xcf, 0x00, 0x4a, + 0xb2, 0x53, 0x01, 0x6e, 0x03, 0x86, 0xa6, 0x69, + 0xe3, 0x64, 0x97, 0x56, 0x25, 0x5b, 0xec, 0x4e + }, + }, + { + .data_len =3D 63, + .digest =3D { + 0xb3, 0x37, 0xbf, 0xff, 0xf8, 0x0b, 0x2b, 0xd7, + 0x81, 0x4c, 0xce, 0x9f, 0x4b, 0xa9, 0x71, 0x3c, + 0x93, 0x75, 0x04, 0x2d, 0x21, 0x66, 0x10, 0x58, + 0x38, 0x4e, 0xf5, 0xd7, 0xeb, 0xb4, 0xae, 0x62 + }, + }, + { + .data_len =3D 64, + .digest =3D { + 0x57, 0xfc, 0x23, 0x3d, 0xf3, 0x48, 0xcc, 0xd2, + 0x41, 0x39, 0xd8, 0x1c, 0x05, 0x5b, 0xa4, 0x63, + 0x51, 0x0a, 0x77, 0x8e, 0xb5, 0x11, 0x17, 0xd6, + 0xeb, 0x54, 0x15, 0xae, 0xb8, 0x2d, 0xd3, 0x5f + }, + }, + { + .data_len =3D 65, + .digest =3D { + 0xae, 0x4c, 0xaa, 0x95, 0x86, 0x9c, 0xf2, 0x79, + 0x57, 0x9a, 0xc9, 0x62, 0x8e, 0x60, 0xc4, 0xc8, + 0x09, 0x3c, 0xc3, 0xbb, 0xdf, 0x35, 0x96, 0x51, + 0x5d, 0x80, 0x9a, 0x00, 0x6a, 0xfb, 0xb6, 0xa2 + }, + }, + { + .data_len =3D 127, + .digest =3D { + 0x31, 0x4f, 0xfc, 0x1f, 0xb9, 0xc7, 0x30, 0x36, + 0xc5, 0x5c, 0x1d, 0x85, 0x50, 0x4d, 0x96, 0x57, + 0xeb, 0x75, 0xa4, 0xe0, 0x64, 0x89, 0x84, 0xa5, + 0x34, 0x34, 0x6d, 0x0e, 0xbb, 0x74, 0x3a, 0x48 + }, + }, + { + .data_len =3D 128, + .digest =3D { + 0x2d, 0x39, 0xbb, 0x6d, 0xef, 0x31, 0x8f, 0x5a, + 0xec, 0x5a, 0xf5, 0x86, 0xee, 0xec, 0x26, 0x1a, + 0xc8, 0x38, 0x40, 0xdd, 0xf0, 0xa6, 0xf0, 0x5f, + 0xf8, 0x92, 0x14, 0x23, 0x40, 0x48, 0x1b, 0x18 + }, + }, + { + .data_len =3D 129, + .digest =3D { + 0x97, 0xfc, 0xe5, 0xca, 0xa3, 0x62, 0xae, 0xa1, + 0x3e, 0x62, 0xd6, 0x46, 0x55, 0x50, 0x26, 0xa7, + 0x33, 0x36, 0x87, 0x68, 0xbc, 0x26, 0x70, 0x05, + 0x49, 0x83, 0x9c, 0x68, 0x24, 0x1c, 0x3c, 0x44 + }, + }, + { + .data_len =3D 256, + .digest =3D { + 0x7d, 0x0c, 0x6d, 0xfb, 0x6b, 0x19, 0xc1, 0xe1, + 0xa3, 0xd4, 0x2a, 0xae, 0x5a, 0xad, 0xaa, 0xc5, + 0xeb, 0xa6, 0xb2, 0x72, 0xc5, 0x75, 0x9f, 0x27, + 0x12, 0xd7, 0x7b, 0xb3, 0xc5, 0xb7, 0x2a, 0xe3 + }, + }, + { + .data_len =3D 511, + .digest =3D { + 0x32, 0x12, 0xb7, 0x28, 0xc2, 0xbc, 0xe7, 0x38, + 0x8d, 0x0e, 0x52, 0x34, 0x1a, 0xbc, 0xb0, 0xde, + 0x45, 0x2b, 0x08, 0x41, 0x23, 0xcf, 0x32, 0x7f, + 0xd5, 0xa7, 0x2f, 0x99, 0xc6, 0xf6, 0x54, 0x33 + }, + }, + { + .data_len =3D 513, + .digest =3D { + 0x6b, 0x15, 0x49, 0x95, 0x0d, 0xfc, 0x26, 0x1d, + 0xc5, 0x01, 0x55, 0x5e, 0x0c, 0x7c, 0x80, 0x57, + 0xbe, 0xce, 0x04, 0x8e, 0x8e, 0x2e, 0x8a, 0xe8, + 0xeb, 0x2e, 0x89, 0x4b, 0x6c, 0xea, 0x78, 0x71 + }, + }, + { + .data_len =3D 1000, + .digest =3D { + 0x13, 0x16, 0x77, 0xd5, 0x37, 0x7a, 0x8a, 0x02, + 0x68, 0xd9, 0xd5, 0x51, 0xf4, 0x08, 0x7c, 0xe0, + 0xad, 0xa1, 0x61, 0x17, 0x15, 0x57, 0xd8, 0xb6, + 0x55, 0xee, 0xbb, 0x96, 0xcd, 0xdd, 0xd2, 0x0d + }, + }, + { + .data_len =3D 3333, + .digest =3D { + 0x28, 0x15, 0xde, 0x05, 0x06, 0x68, 0xbc, 0xfe, + 0xb1, 0x07, 0x72, 0x26, 0xa2, 0x31, 0x8f, 0xe0, + 0xe9, 0x1a, 0x36, 0x00, 0x51, 0xd8, 0x85, 0xc9, + 0xb9, 0x67, 0x55, 0x93, 0xe3, 0x02, 0x02, 0x5c + }, + }, + { + .data_len =3D 4096, + .digest =3D { + 0x9b, 0x12, 0x0c, 0x12, 0xca, 0x22, 0x84, 0xd3, + 0xc1, 0x5b, 0x0f, 0x2d, 0xee, 0x58, 0xc4, 0x67, + 0x03, 0xf7, 0x6c, 0x28, 0xfa, 0xd1, 0x5d, 0x85, + 0xd9, 0x4b, 0x4f, 0xb2, 0x8c, 0x36, 0x35, 0x53 + }, + }, + { + .data_len =3D 4128, + .digest =3D { + 0xe4, 0x4d, 0x10, 0xb1, 0x02, 0x62, 0x86, 0xca, + 0x65, 0x0b, 0xcd, 0xe3, 0x62, 0x96, 0x67, 0xfc, + 0x59, 0x12, 0x1d, 0x44, 0xed, 0x7b, 0xfb, 0x87, + 0x82, 0xca, 0xdb, 0xcb, 0xe1, 0x93, 0xaa, 0xa6 + }, + }, + { + .data_len =3D 4160, + .digest =3D { + 0xe3, 0x03, 0x5e, 0x95, 0x5d, 0xf0, 0x6b, 0xe2, + 0x30, 0x01, 0x56, 0xf2, 0x6b, 0x18, 0x15, 0xf4, + 0xa0, 0x42, 0x33, 0xc4, 0x0b, 0xb9, 0xc2, 0xad, + 0x98, 0xe7, 0x53, 0x2c, 0x8e, 0x8a, 0x1c, 0x02 + }, + }, + { + .data_len =3D 4224, + .digest =3D { + 0x22, 0x2b, 0x62, 0x2c, 0x21, 0x61, 0xd1, 0x23, + 0x92, 0x9c, 0x8d, 0x07, 0x48, 0x4a, 0x25, 0x16, + 0x34, 0x6f, 0x74, 0x3f, 0xbe, 0xf4, 0x7c, 0x1b, + 0xea, 0xb9, 0x2a, 0x36, 0xc7, 0x3c, 0x1a, 0x32 + }, + }, + { + .data_len =3D 16384, + .digest =3D { + 0xe9, 0xe2, 0x04, 0xa1, 0x93, 0x8a, 0x7d, 0x6b, + 0x18, 0x64, 0x38, 0xc5, 0x88, 0x41, 0x98, 0x68, + 0xaf, 0xc3, 0xbb, 0xa5, 0x5f, 0x92, 0x12, 0xcb, + 0x0e, 0x31, 0xdf, 0xe9, 0xc1, 0xfb, 0x5a, 0x23 + }, + }, +}; + +static const u8 hash_testvec_consolidated[ASCON_HASH256_DIGEST_SIZE] =3D { + 0x48, 0xae, 0x81, 0x92, 0x91, 0xc4, 0x32, 0xba, + 0xe4, 0x96, 0x5d, 0xb7, 0xf1, 0xb6, 0xad, 0x10, + 0xae, 0x09, 0x4a, 0x0b, 0xe1, 0xa7, 0x59, 0xa4, + 0xfd, 0xcb, 0x47, 0x28, 0xfc, 0x0a, 0x34, 0x26, +}; diff --git a/lib/crypto/tests/ascon_hash_kunit.c b/lib/crypto/tests/ascon_h= ash_kunit.c new file mode 100644 index 000000000000..2ca15dbab2cb --- /dev/null +++ b/lib/crypto/tests/ascon_hash_kunit.c @@ -0,0 +1,33 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * Copyright 2025 Rusydi H. Makarim + */ + +#include +#include "ascon_hash-testvecs.h" + +#define HASH ascon_hash256 +#define HASH_CTX ascon_hash256_ctx +#define HASH_SIZE ASCON_HASH256_DIGEST_SIZE +#define HASH_INIT ascon_hash256_init +#define HASH_UPDATE ascon_hash256_update +#define HASH_FINAL ascon_hash256_final + +#include "hash-test-template.h" + +static struct kunit_case hash_test_cases[] =3D { + HASH_KUNIT_CASES, + KUNIT_CASE(benchmark_hash), + {}, +}; + +static struct kunit_suite hash_test_suite =3D { + .name =3D "ascon_hash256", + .test_cases =3D hash_test_cases, + .suite_init =3D hash_suite_init, + .suite_exit =3D hash_suite_exit, +}; +kunit_test_suite(hash_test_suite); + +MODULE_DESCRIPTION("KUnit tests and benchmark for Ascon-Hash256"); +MODULE_LICENSE("GPL"); --=20 2.52.0 From nobody Wed Dec 17 04:03:00 2025 Received: from shrimp.cherry.relay.mailchannels.net (shrimp.cherry.relay.mailchannels.net [23.83.223.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D9E682192FA; Mon, 15 Dec 2025 07:54:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=pass smtp.client-ip=23.83.223.164 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765785263; cv=pass; b=XdTkX1IQ4VG5WbVH6rcIqZ4aPSu3qtNOw25x2El1lAS0gQ0Vkl4vCySC9QM+M9yZrNBGm4x18b6m/7fMjP1OcQD6v1uib2R+KMqeYTpO/odVIRA2snpqV7P29Ms1JFmClGwD5rOO3Rbg2GgH0oOYAaf9sxdbbcPoNexbH2Xv2FU= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765785263; c=relaxed/simple; bh=cM0BsJnqjjsyjtg+ingidQDSEIkIM66/KPIrKRlR7WI=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=fZfiiv2cOw3pVodmBqN7jCclcbwAcyqNYzac+dCDNGG1UPr1YBYzz0sQ4hsLefe/oROEgQuTXrn0ZHGoJbuEjadeo23Rgn0ilfAuXa4BeHCmWVnw+nSsEKaWSAIGtrq0ABZIwgrhvIucVuMLs4cHhP9UMw/Eb9xoaWajji75tDQ= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=kriptograf.id; spf=pass smtp.mailfrom=kriptograf.id; dkim=pass (2048-bit key) header.d=kriptograf.id header.i=@kriptograf.id header.b=OLZPeoN9; arc=pass smtp.client-ip=23.83.223.164 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=kriptograf.id Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=kriptograf.id Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kriptograf.id header.i=@kriptograf.id header.b="OLZPeoN9" X-Sender-Id: nlkw2k8yjw|x-authuser|rusydi.makarim@kriptograf.id Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id C205958163F; Mon, 15 Dec 2025 07:54:13 +0000 (UTC) Received: from vittoria.id.domainesia.com (trex-green-7.trex.outbound.svc.cluster.local [100.103.182.69]) (Authenticated sender: nlkw2k8yjw) by relay.mailchannels.net (Postfix) with ESMTPA id 8A751581ADE; Mon, 15 Dec 2025 07:54:11 +0000 (UTC) ARC-Seal: i=1; a=rsa-sha256; d=mailchannels.net; s=arc-2022; cv=none; t=1765785253; b=p0YOedyr8E7NnMXmRIYopBaeRshuKScLvX2sdzALcgePtlCbznUA4CEy3mLHRpy+9lhV0J iZQvSqqu9HjhLCbmrdQs6kN14K6RYf1zgDMIwAYFYElRzLYJEZnyyouq6Ylwazeni1DL1L GiL0GqlQ4N5UOft7YruyEY6DQSGcS5XEeepyIkCYMRZFhS3mBIKmCvSsG4ltpG5AhVyGgq U2B0/WoyHs99R1PG7XoG5UYx//FieoiUEFK5hAQKyC6UPGX16+tOoaODKwWaB+a9FO6nIj yPOQdDm0Md+cf3msFfK9mE215SWICNt2Wt3/sVfIPI81iRvp/vuNRfR+98Xxcg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=mailchannels.net; s=arc-2022; t=1765785253; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=GyXXtIsElCQM2HeNKvn4EkzNkPWkma7bfMXtQs5tlUc=; b=QtCGi2jKDkevcQGBVW7jbOlib4RURNeXKX+mJwQDynBDWxZUvt7FMIeeFkf9NH3vBZlSsK 0GVZZnlzizvkP4VW1I89s6/Y3PjuiH0KvrS6ybkIfMFFIb8bgo835StxoMeO6O2rvxGyz4 0FGgdM+/ZMy1LGQhSWD8LGeWuqUrvOSAj7xBN09RjPNDRWmUJTMzmpqxNcB9l8ACQ2Lx54 TyfxEaOgd/gFJ0dBePXDuRbtZp11BaUtsMlNQvQBGrlYYKfc5bbG5OsITd843x/77Rz2QA jZgjQTPEMshxMLoMWF5A5Z87/qqcU20JdnANar0hb5XYAzssGWu6bukZmDhTsA== ARC-Authentication-Results: i=1; rspamd-659888d77d-xv5gs; auth=pass smtp.auth=nlkw2k8yjw smtp.mailfrom=rusydi.makarim@kriptograf.id X-Sender-Id: nlkw2k8yjw|x-authuser|rusydi.makarim@kriptograf.id X-MC-Relay: Neutral X-MailChannels-SenderId: nlkw2k8yjw|x-authuser|rusydi.makarim@kriptograf.id X-MailChannels-Auth-Id: nlkw2k8yjw X-Trail-Madly: 22e50ed52746eda7_1765785253697_1903247113 X-MC-Loop-Signature: 1765785253697:1628576377 X-MC-Ingress-Time: 1765785253696 Received: from vittoria.id.domainesia.com (vittoria.id.domainesia.com [36.50.77.81]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384) by 100.103.182.69 (trex/7.1.3); Mon, 15 Dec 2025 07:54:13 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=kriptograf.id; s=default; h=Cc:To:In-Reply-To:References:Message-Id: Content-Transfer-Encoding:Content-Type:MIME-Version:Subject:Date:From:Sender: Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender :Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=GyXXtIsElCQM2HeNKvn4EkzNkPWkma7bfMXtQs5tlUc=; b=OLZPeoN9vNk/MvQ+u8Psp/F/N9 qB5pFdLD9bGre3ys2UQ115fJoefODHvunjUIG2wvgGvgU8Yv7T7Y0apB4LuMjlhqNv1d6y01+wIs9 lVpMPcPrS/0Ni02n7GdBeoeWPq0LLQjOLa4xvBRQizfeyRT1bNIRpHKApSJH7kHRDcaRFfLA7ZjZ1 EdBaRjex4OQAsnbyE86TpHerprnXubE2xYpVfsG3kWBZ/hJdfeW5/9/lQKnUGQ6FyfDQ/7ReTe+Js vpC6Js8AvGmMa6AiE/C1wV/BQWchJwVxm0oxvvphDF5cVUO61NqLmO4nmNltu7MQ0WEoAP2ANxSvG 57GBwKOA==; Received: from [182.253.89.89] (port=19977 helo=Rusydis-MacBook-Air.local) by vittoria.id.domainesia.com with esmtpsa (TLS1.3) tls TLS_AES_256_GCM_SHA384 (Exim 4.99) (envelope-from ) id 1vV3PF-0000000FQZW-2GcM; Mon, 15 Dec 2025 14:54:08 +0700 From: "Rusydi H. Makarim" Date: Mon, 15 Dec 2025 14:54:35 +0700 Subject: [PATCH 2/3] lib/crypto: Initial implementation of Ascon-Hash256 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20251215-ascon_hash256-v1-2-24ae735e571e@kriptograf.id> References: <20251215-ascon_hash256-v1-0-24ae735e571e@kriptograf.id> In-Reply-To: <20251215-ascon_hash256-v1-0-24ae735e571e@kriptograf.id> To: Herbert Xu , "David S. Miller" , Eric Biggers , "Jason A. Donenfeld" , Ard Biesheuvel Cc: linux-kernel@vger.kernel.org, linux-crypto@vger.kernel.org, "Rusydi H. Makarim" X-Mailer: b4 0.14.3 X-AuthUser: rusydi.makarim@kriptograf.id initial implementation of Ascon-Hash256 Signed-off-by: Rusydi H. Makarim --- include/crypto/ascon_hash.h | 2 +- lib/crypto/Kconfig | 8 +++ lib/crypto/Makefile | 5 ++ lib/crypto/ascon_hash.c | 154 ++++++++++++++++++++++++++++++++++++++++= ++++ lib/crypto/hash_info.c | 2 + 5 files changed, 170 insertions(+), 1 deletion(-) diff --git a/include/crypto/ascon_hash.h b/include/crypto/ascon_hash.h index bb3561a745a9..c03a1414eec9 100644 --- a/include/crypto/ascon_hash.h +++ b/include/crypto/ascon_hash.h @@ -18,7 +18,7 @@ =20 /* * The standard of Ascon permutation in NIST SP 800-232 specifies 16 round - * constants to accomodate potential functionality extensions in the future + * constants to accommodate potential functionality extensions in the futu= re * (see page 2). */ static const u64 ascon_p_rndc[] =3D { diff --git a/lib/crypto/Kconfig b/lib/crypto/Kconfig index 6871a41e5069..5f39ed6746de 100644 --- a/lib/crypto/Kconfig +++ b/lib/crypto/Kconfig @@ -223,6 +223,14 @@ config CRYPTO_LIB_SHA3_ARCH default y if ARM64 && KERNEL_MODE_NEON default y if S390 =20 +config CRYPTO_LIB_ASCON_HASH + tristate + select CRYPTO_LIB_UTILS + help + The Ascon-Hash library functions. Select this if your module uses any of + the functions from + + config CRYPTO_LIB_SM3 tristate =20 diff --git a/lib/crypto/Makefile b/lib/crypto/Makefile index 330ab65b29c4..6657ea3d8771 100644 --- a/lib/crypto/Makefile +++ b/lib/crypto/Makefile @@ -297,6 +297,11 @@ endif # CONFIG_CRYPTO_LIB_SHA3_ARCH =20 ##########################################################################= ###### =20 +obj-$(CONFIG_CRYPTO_LIB_ASCON_HASH) +=3D libascon_hash.o +libascon_hash-y :=3D ascon_hash.o + +##########################################################################= ###### + obj-$(CONFIG_MPILIB) +=3D mpi/ =20 obj-$(CONFIG_CRYPTO_SELFTESTS_FULL) +=3D simd.o diff --git a/lib/crypto/ascon_hash.c b/lib/crypto/ascon_hash.c new file mode 100644 index 000000000000..e435a0e72195 --- /dev/null +++ b/lib/crypto/ascon_hash.c @@ -0,0 +1,154 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * Ascon-Hash library functions + * + * Copyright (c) 2025 Rusydi H. Makarim + */ + +#include +#include +#include + + +static inline void ascon_round(u64 s[ASCON_STATE_WORDS], u64 C) +{ + u64 t[ASCON_STATE_WORDS]; + + // pC + s[2] ^=3D C; + + // pS + s[0] ^=3D s[4]; + s[4] ^=3D s[3]; + s[2] ^=3D s[1]; + t[0] =3D s[0] ^ (~s[1] & s[2]); + t[1] =3D s[1] ^ (~s[2] & s[3]); + t[2] =3D s[2] ^ (~s[3] & s[4]); + t[3] =3D s[3] ^ (~s[4] & s[0]); + t[4] =3D s[4] ^ (~s[0] & s[1]); + t[1] ^=3D t[0]; + t[0] ^=3D t[4]; + t[3] ^=3D t[2]; + t[2] =3D ~t[2]; + + // pL + s[0] =3D t[0] ^ ror64(t[0], 19) ^ ror64(t[0], 28); + s[1] =3D t[1] ^ ror64(t[1], 61) ^ ror64(t[1], 39); + s[2] =3D t[2] ^ ror64(t[2], 1) ^ ror64(t[2], 6); + s[3] =3D t[3] ^ ror64(t[3], 10) ^ ror64(t[3], 17); + s[4] =3D t[4] ^ ror64(t[4], 7) ^ ror64(t[4], 41); +} + +static inline void ascon_p12_generic(struct ascon_state *state) +{ + int i; + + for (i =3D 0; i < ARRAY_SIZE(state->words); ++i) + state->native_words[i] =3D le64_to_cpu(state->words[i]); + + for (i =3D 0; i < 12; ++i) + ascon_round(state->native_words, ascon_p_rndc[16 - 12 + i]); + + for (i =3D 0; i < ARRAY_SIZE(state->words); ++i) + state->words[i] =3D cpu_to_le64(state->native_words[i]); +} + +static void __maybe_unused ascon_hash256_absorb_blocks_generic( + struct ascon_state *state, const u8 *in, size_t nblocks) +{ + do { + for (size_t i =3D 0; i < ASCON_HASH256_BLOCK_SIZE; i +=3D 8) + state->words[i / 8] ^=3D get_unaligned((__le64 *)&in[i]); + ascon_p12_generic(state); + in +=3D ASCON_HASH256_BLOCK_SIZE; + } while (--nblocks); +} + +#define ascon_p12 ascon_p12_generic +#define ascon_hash256_absorb_blocks ascon_hash256_absorb_blocks_generic + +void ascon_hash256_init(struct ascon_hash256_ctx *asc_hash256_ctx) +{ + struct __ascon_hash_ctx *ctx =3D &asc_hash256_ctx->ctx; + + ctx->state.words[0] =3D ASCON_HASH256_IV; + ctx->state.words[1] =3D 0; + ctx->state.words[2] =3D 0; + ctx->state.words[3] =3D 0; + ctx->state.words[4] =3D 0; + ctx->absorb_offset =3D 0; + ascon_p12(&ctx->state); +} +EXPORT_SYMBOL_GPL(ascon_hash256_init); + +void ascon_hash256_update(struct ascon_hash256_ctx *asc_hash256_ctx, const= u8 *in, + size_t in_len) +{ + struct __ascon_hash_ctx *ctx =3D &asc_hash256_ctx->ctx; + u8 absorb_offset =3D ctx->absorb_offset; + + WARN_ON_ONCE(absorb_offset >=3D ASCON_HASH256_BLOCK_SIZE); + + if (absorb_offset && absorb_offset + in_len >=3D ASCON_HASH256_BLOCK_SIZE= ) { + crypto_xor(&ctx->state.bytes[absorb_offset], in, + ASCON_HASH256_BLOCK_SIZE - absorb_offset); + in +=3D ASCON_HASH256_BLOCK_SIZE - absorb_offset; + in_len -=3D ASCON_HASH256_BLOCK_SIZE - absorb_offset; + ascon_p12(&ctx->state); + absorb_offset =3D 0; + } + + if (in_len >=3D ASCON_HASH256_BLOCK_SIZE) { + size_t nblocks =3D in_len / ASCON_HASH256_BLOCK_SIZE; + + ascon_hash256_absorb_blocks(&ctx->state, in, nblocks); + in +=3D nblocks * ASCON_HASH256_BLOCK_SIZE; + in_len -=3D nblocks * ASCON_HASH256_BLOCK_SIZE; + } + + if (in_len) { + crypto_xor(&ctx->state.bytes[absorb_offset], in, in_len); + absorb_offset +=3D in_len; + + } + ctx->absorb_offset =3D absorb_offset; +} +EXPORT_SYMBOL_GPL(ascon_hash256_update); + +void ascon_hash256_final(struct ascon_hash256_ctx *asc_hash256_ctx, + u8 out[ASCON_HASH256_DIGEST_SIZE]) +{ + struct __ascon_hash_ctx *ctx =3D &asc_hash256_ctx->ctx; + + // padding + ctx->state.bytes[ctx->absorb_offset] ^=3D 0x01; + ascon_p12(&ctx->state); + + // squeezing + size_t len =3D ASCON_HASH256_DIGEST_SIZE; + + while (len > ASCON_HASH256_RATE) { + memcpy(out, ctx->state.bytes, ASCON_HASH256_RATE); + ascon_p12(&ctx->state); + out +=3D ASCON_HASH256_RATE; + len -=3D ASCON_HASH256_RATE; + } + memcpy(out, ctx->state.bytes, ASCON_HASH256_RATE); + memzero_explicit(asc_hash256_ctx, sizeof(*asc_hash256_ctx)); +} +EXPORT_SYMBOL_GPL(ascon_hash256_final); + + +void ascon_hash256(const u8 *in, size_t in_len, + u8 out[ASCON_HASH256_DIGEST_SIZE]) +{ + struct ascon_hash256_ctx ctx; + + ascon_hash256_init(&ctx); + ascon_hash256_update(&ctx, in, in_len); + ascon_hash256_final(&ctx, out); +} +EXPORT_SYMBOL_GPL(ascon_hash256); + +MODULE_DESCRIPTION("Ascon-Hash256 library functions"); +MODULE_LICENSE("GPL"); diff --git a/lib/crypto/hash_info.c b/lib/crypto/hash_info.c index 9a467638c971..49ce182c6d08 100644 --- a/lib/crypto/hash_info.c +++ b/lib/crypto/hash_info.c @@ -32,6 +32,7 @@ const char *const hash_algo_name[HASH_ALGO__LAST] =3D { [HASH_ALGO_SHA3_256] =3D "sha3-256", [HASH_ALGO_SHA3_384] =3D "sha3-384", [HASH_ALGO_SHA3_512] =3D "sha3-512", + [HASH_ALGO_ASCON_HASH256] =3D "ascon-hash256", }; EXPORT_SYMBOL_GPL(hash_algo_name); =20 @@ -59,5 +60,6 @@ const int hash_digest_size[HASH_ALGO__LAST] =3D { [HASH_ALGO_SHA3_256] =3D SHA3_256_DIGEST_SIZE, [HASH_ALGO_SHA3_384] =3D SHA3_384_DIGEST_SIZE, [HASH_ALGO_SHA3_512] =3D SHA3_512_DIGEST_SIZE, + [HASH_ALGO_ASCON_HASH256] =3D ASCON_HASH256_DIGEST_SIZE, }; EXPORT_SYMBOL_GPL(hash_digest_size); --=20 2.52.0 From nobody Wed Dec 17 04:03:00 2025 Received: from purple.birch.relay.mailchannels.net (purple.birch.relay.mailchannels.net [23.83.209.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C14473321BC; Mon, 15 Dec 2025 08:48:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=pass smtp.client-ip=23.83.209.150 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765788508; cv=pass; b=fu0hxsa+IObdszHLi35fOnzGpXh0gGUjYSAPgwJ884XdjUK1uTg/PGlVWhgilzzi12JgUOmn1g4kKIyN4DKwjT/FB5HmZq5Jux562svHK33Lv3UQO5tWIcuSR18s21L7hn62uSnVw2Gj2h1AhQ26IUNQwKsQ068rqzyZlE8CVh8= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765788508; c=relaxed/simple; bh=5hRQ+6Xjj7Ub1HlBqBP+GF+RQzaO8L1L3sPQtWmATXc=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=hsJA3ZlQQyfB8HeuSkl8UvSIHiSlgFelK92cQHdpCoNECXPLGvHr2DrvPp4RL+oRVwZB3toxLYY58XGxVOic24F4SF3x/tHyAZp340pag9ZxvxjJjSfiWNVA1Hnb0jxjdK7VArgm0gEge3+07zT/aTLsfUrCCKzFQf2fWAw3wnA= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=kriptograf.id; spf=pass smtp.mailfrom=kriptograf.id; dkim=pass (2048-bit key) header.d=kriptograf.id header.i=@kriptograf.id header.b=sC8snx2b; arc=pass smtp.client-ip=23.83.209.150 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=kriptograf.id Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=kriptograf.id Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kriptograf.id header.i=@kriptograf.id header.b="sC8snx2b" X-Sender-Id: nlkw2k8yjw|x-authuser|rusydi.makarim@kriptograf.id Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 90141460E08; Mon, 15 Dec 2025 07:54:14 +0000 (UTC) Received: from vittoria.id.domainesia.com (trex-green-4.trex.outbound.svc.cluster.local [100.103.186.183]) (Authenticated sender: nlkw2k8yjw) by relay.mailchannels.net (Postfix) with ESMTPA id E31DC461597; Mon, 15 Dec 2025 07:54:11 +0000 (UTC) ARC-Seal: i=1; a=rsa-sha256; d=mailchannels.net; s=arc-2022; cv=none; t=1765785254; b=ckOAwivJ51q7ciMcRHULuptuv/zwNLCBn9erXEXem+e+cGFsKHBaQkf3u4sfeh0XWRqnej LNRhfwivJnJvAtzILYzEw2bXw7HK/cb5jJ0nHm3byaeCLPrYLAMNFGpIgrgeg1r+TxcykJ 4JfRJJ+2DbZIQlqS/WyUILI0wG7vMz7CkzJSKZsS92LoUW3VElyoyK2kTa2e0ipWDVvu2z 431m1Is9OQrwJ4p3Nj78l+3dxlPZpBC5gO0Io1QZHz6pnCHh9hKxyYseWt1rKzr7vc1Uw1 FCOfElFLzR+VBhzN4uJ5KK3vohNs22MOBuCDqwRjNYLOHMCYFGiTrG8XO4UZ2w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=mailchannels.net; s=arc-2022; t=1765785254; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=KUKfIFqcekPBdjqhL8GJz6t56c2cLGnaAFlYfu7gY0w=; b=wVTA57dLdDMe/YQntU9QmO6wa3nvud04M9Fq4lKfnZNMbXkZpGtj5ygDwa1DcrabKcWIzV brikrmLbUGEY1Y67hZVWmlKx8xCuLDCJjf4/O/1aWAzWw++crsa4MMc58v14fiDxPFsssv 1SoYecS47K8Oq5PiGrdWFHT0MBgvqI2VJk8b1Qmj7p15PAXgRYdo9Ve4yjm5H4VUxCLWZW GNE6EDAyvkDwPKRcVZm3JNK1owJKSlVPrCPruy5kF9KljZ3b2ZQzH7EJJhdPRQHM9MY/Iz a/vRFya4C03Az+ZHbdI/NuFVr9APx32V/qciEwXM9eq8FJSVAmT3ZETRGWFxvg== ARC-Authentication-Results: i=1; rspamd-659888d77d-l96jv; auth=pass smtp.auth=nlkw2k8yjw smtp.mailfrom=rusydi.makarim@kriptograf.id X-Sender-Id: nlkw2k8yjw|x-authuser|rusydi.makarim@kriptograf.id X-MC-Relay: Neutral X-MailChannels-SenderId: nlkw2k8yjw|x-authuser|rusydi.makarim@kriptograf.id X-MailChannels-Auth-Id: nlkw2k8yjw X-Company-Illegal: 63fb58e818c0df34_1765785254496_468568549 X-MC-Loop-Signature: 1765785254495:2230306666 X-MC-Ingress-Time: 1765785254495 Received: from vittoria.id.domainesia.com (vittoria.id.domainesia.com [36.50.77.81]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384) by 100.103.186.183 (trex/7.1.3); Mon, 15 Dec 2025 07:54:14 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=kriptograf.id; s=default; h=Cc:To:In-Reply-To:References:Message-Id: Content-Transfer-Encoding:Content-Type:MIME-Version:Subject:Date:From:Sender: Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender :Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=KUKfIFqcekPBdjqhL8GJz6t56c2cLGnaAFlYfu7gY0w=; b=sC8snx2blrGL6lzS0TTOUvsKgt /PFgYJyuGrdaqVQcBqL2LrcNUAub9zmabWKPGCYddTOXV+MosEtp1gQIvvS3H482M807e8kwc7DFJ 9UpfF4gy4JK7l6MIlzTzvCink8S4ZSdi+CcL9gktysj1vp4srwFrvHpCPB4HEF8igKKPXgt4y/fiJ sNFikSI1fDyIRZm0OZPkQaTPWYBsyeq2Bvfu9ngSUQ8VNb8e/AMUHXDFnVKqH4qHnMGButaoF36wm I5O7gP345TBuYho5u+1AYBhcFpO/xvKc2/CL4ge3ge4WRpOGWE3yeRcrKZ4s/nAONQXI5vZN5FeDT Cwa97WWw==; Received: from [182.253.89.89] (port=19977 helo=Rusydis-MacBook-Air.local) by vittoria.id.domainesia.com with esmtpsa (TLS1.3) tls TLS_AES_256_GCM_SHA384 (Exim 4.99) (envelope-from ) id 1vV3PF-0000000FQZW-3Tjg; Mon, 15 Dec 2025 14:54:09 +0700 From: "Rusydi H. Makarim" Date: Mon, 15 Dec 2025 14:54:36 +0700 Subject: [PATCH 3/3] crypto: Crypto API implementation of Ascon-Hash256 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20251215-ascon_hash256-v1-3-24ae735e571e@kriptograf.id> References: <20251215-ascon_hash256-v1-0-24ae735e571e@kriptograf.id> In-Reply-To: <20251215-ascon_hash256-v1-0-24ae735e571e@kriptograf.id> To: Herbert Xu , "David S. Miller" , Eric Biggers , "Jason A. Donenfeld" , Ard Biesheuvel Cc: linux-kernel@vger.kernel.org, linux-crypto@vger.kernel.org, "Rusydi H. Makarim" X-Mailer: b4 0.14.3 X-AuthUser: rusydi.makarim@kriptograf.id This commit implements Ascon-Hash256 for Crypto API Signed-off-by: Rusydi H. Makarim --- crypto/Kconfig | 7 +++++ crypto/Makefile | 1 + crypto/ascon_hash.c | 86 +++++++++++++++++++++++++++++++++++++++++++++++++= ++++ 3 files changed, 94 insertions(+) diff --git a/crypto/Kconfig b/crypto/Kconfig index 2e5b195b1b06..e671b5575535 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -1000,6 +1000,13 @@ config CRYPTO_SHA3 help SHA-3 secure hash algorithms (FIPS 202, ISO/IEC 10118-3) =20 +config CRYPTO_ASCON_HASH + tristate "Ascon-Hash" + select CRYPTO_HASH + select CRYPTO_LIB_ASCON_HASH + help + Ascon-Hash secure hash algorithms (NIST SP 800-232) + config CRYPTO_SM3_GENERIC tristate "SM3 (ShangMi 3)" select CRYPTO_HASH diff --git a/crypto/Makefile b/crypto/Makefile index 16a35649dd91..a697a92d2092 100644 --- a/crypto/Makefile +++ b/crypto/Makefile @@ -82,6 +82,7 @@ obj-$(CONFIG_CRYPTO_SHA3) +=3D sha3.o obj-$(CONFIG_CRYPTO_SM3_GENERIC) +=3D sm3_generic.o obj-$(CONFIG_CRYPTO_STREEBOG) +=3D streebog_generic.o obj-$(CONFIG_CRYPTO_WP512) +=3D wp512.o +obj-$(CONFIG_CRYPTO_ASCON_HASH) +=3D ascon_hash.o CFLAGS_wp512.o :=3D $(call cc-option,-fno-schedule-insns) # https://gcc.g= nu.org/bugzilla/show_bug.cgi?id=3D79149 obj-$(CONFIG_CRYPTO_BLAKE2B) +=3D blake2b.o obj-$(CONFIG_CRYPTO_ECB) +=3D ecb.o diff --git a/crypto/ascon_hash.c b/crypto/ascon_hash.c new file mode 100644 index 000000000000..2fa5e762fbc1 --- /dev/null +++ b/crypto/ascon_hash.c @@ -0,0 +1,86 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * Crypto API support for Ascon-Hash256 + * (https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-232.= pdf) + * + * Copyright (C) Rusydi H. Makarim + */ + +#include +#include +#include +#include + +#define ASCON_HASH256_CTX(desc) ((struct ascon_hash256_ctx *)shash_desc_ct= x(desc)) + +static int crypto_ascon_hash256_init(struct shash_desc *desc) +{ + ascon_hash256_init(ASCON_HASH256_CTX(desc)); + return 0; +} + +static int crypto_ascon_hash256_update(struct shash_desc *desc, const u8 *= data, + unsigned int len) +{ + ascon_hash256_update(ASCON_HASH256_CTX(desc), data, len); + return 0; +} + +static int crypto_ascon_hash256_final(struct shash_desc *desc, u8 *out) +{ + ascon_hash256_final(ASCON_HASH256_CTX(desc), out); + return 0; +} + +static int crypto_ascon_hash256_digest(struct shash_desc *desc, const u8 *= data, + unsigned int len, u8 *out) +{ + ascon_hash256(data, len, out); + return 0; +} + +static int crypto_ascon_hash256_export_core(struct shash_desc *desc, void = *out) +{ + memcpy(out, ASCON_HASH256_CTX(desc), sizeof(struct ascon_hash256_ctx)); + return 0; +} + +static int crypto_ascon_hash256_import_core(struct shash_desc *desc, + const void *in) +{ + memcpy(ASCON_HASH256_CTX(desc), in, sizeof(struct ascon_hash256_ctx)); + return 0; +} + +static struct shash_alg algs[] =3D { { + .digestsize =3D ASCON_HASH256_DIGEST_SIZE, + .init =3D crypto_ascon_hash256_init, + .update =3D crypto_ascon_hash256_update, + .final =3D crypto_ascon_hash256_final, + .digest =3D crypto_ascon_hash256_digest, + .export_core =3D crypto_ascon_hash256_export_core, + .import_core =3D crypto_ascon_hash256_import_core, + .descsize =3D sizeof(struct ascon_hash256_ctx), + .base.cra_name =3D "ascon-hash256", + .base.cra_driver_name =3D "ascon-hash256-lib", + .base.cra_blocksize =3D ASCON_HASH256_BLOCK_SIZE, + .base.cra_module =3D THIS_MODULE, +} }; + +static int __init crypto_ascon_hash256_mod_init(void) +{ + return crypto_register_shashes(algs, ARRAY_SIZE(algs)); +} +module_init(crypto_ascon_hash256_mod_init); + +static void __exit crypto_ascon_hash256_mod_exit(void) +{ + crypto_unregister_shashes(algs, ARRAY_SIZE(algs)); +} +module_exit(crypto_ascon_hash256_mod_exit); + +MODULE_LICENSE("GPL"); +MODULE_DESCRIPTION("Crypto API support for Ascon-Hash256"); + +MODULE_ALIAS_CRYPTO("ascon-hash256"); +MODULE_ALIAS_CRYPTO("ascon-hash256-lib"); --=20 2.52.0