From nobody Sun Feb 8 16:34:14 2026 Received: from bonobo.aspen.relay.mailchannels.net (bonobo.aspen.relay.mailchannels.net [23.83.221.22]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 72BA52AE99; Wed, 31 Dec 2025 09:41:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=pass smtp.client-ip=23.83.221.22 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767174070; cv=pass; b=CDBDdIcSKM2AJ0u/XWz5vIgkQyoN++JwXC6ESGpgrypr6kFwtXzosxTNdZodzT3qMtRKk9SpxfVjloZF2QSX2uBWebTf1Z5SCB0NWGUJBuKYOV7adaPh6RRvIubZ27Ge6i2+W99wpNp6ldTBJb6tdjJTDcrBM/afX5mfoLjY4WQ= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767174070; c=relaxed/simple; bh=KSaUIgL77CYjxLfEWsrB5KlYUd87jiUBImscuVSEPbo=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=r5uaied3Cgx/TCxsHH7CL0YQsSCTnMofchOLf6kmWT6ji4Z+eqtHe5fqfIIIcc2rKMkSsSuRowISbP04QpkFsHn8tlfa7tn0E90oT+hDH/Fw8k3FAGNCnmwGpGhkOCMMzfxmZitvhYCa8Jl8fuiBtPu/dqxm2lyLDPb3T7cnau0= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=kriptograf.id; spf=pass smtp.mailfrom=kriptograf.id; dkim=pass (2048-bit key) header.d=kriptograf.id header.i=@kriptograf.id header.b=IEsKqqSh; arc=pass smtp.client-ip=23.83.221.22 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=kriptograf.id Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=kriptograf.id Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kriptograf.id header.i=@kriptograf.id header.b="IEsKqqSh" X-Sender-Id: nlkw2k8yjw|x-authuser|rusydi.makarim@kriptograf.id Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 918A61614FD; Wed, 31 Dec 2025 09:25:18 +0000 (UTC) Received: from vittoria.id.domainesia.com (100-107-79-208.trex-nlb.outbound.svc.cluster.local [100.107.79.208]) (Authenticated sender: nlkw2k8yjw) by relay.mailchannels.net (Postfix) with ESMTPA id EFEDE16210C; Wed, 31 Dec 2025 09:25:15 +0000 (UTC) ARC-Seal: i=1; a=rsa-sha256; d=mailchannels.net; s=arc-2022; cv=none; t=1767173118; b=nVCff0sWOYdkYXTt3Av/kyB1tXtykMIjIy/nWk/bYRMRCr4ixM8h3pBiyfgIys9+luF+0g MO5/GSHvFctq56572rhKx0ArdwzyZzILSLTap6G7fDJp4AI7CXx6MTuH5R2R8uUIaOIdlQ pW1Vz0WRPjnpCiOVCWhxi0GbbC07AEZJnxHaFgPoFr5g3j784rg5J+daM6/rvKQmAz9Pbp sNl3EvLC1JtrWZD9uoYP/0RgK6CF0hqTKltnJoOjnPzx6QYlObwRCK/fXr6pEZb4hs4w14 mrxTErktru/hoxEc0v4dUCcRAvOz6Tj8sryiiwFxUmza1tqjb/dcVrEPT+NuLw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=mailchannels.net; s=arc-2022; t=1767173118; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=+36DFckqx+G1CdC60LCVJiNVSZDjLP/1mvomvNCogY4=; b=Ed6oXuYqhd8OohpV5qsy1jV9v7IMhyJ/2/0wL2FA/+iRRtWFpif3SoWWe7Tz2kEzCtVYVa Q7nxcooA3IKnFvVSYurDKLVEWqENh9Ljw062ZpCXJrU54Z628qhGSXAhamBni6xEDFYCVX M5IIJCp1zFpNGRefoMtA/k7yp8obJRHU/M3KYiDMWk8p3M8e+3EhO7memJWxp03+v49uEL pzpC6S8rmhtdMA8mCc7DaVclmOD8Y3dCooWihQC4COJrBQuqDNaJbf5HdHokY3z02jBbQb 1xDZiPhqJwJ207dNtMoaQakogc9z9CYgxorpE4tDpnHJt5u0EZpVtttFMLJmjA== ARC-Authentication-Results: i=1; rspamd-69599c6f48-klbvj; auth=pass smtp.auth=nlkw2k8yjw smtp.mailfrom=rusydi.makarim@kriptograf.id X-Sender-Id: nlkw2k8yjw|x-authuser|rusydi.makarim@kriptograf.id X-MC-Relay: Junk X-MailChannels-SenderId: nlkw2k8yjw|x-authuser|rusydi.makarim@kriptograf.id X-MailChannels-Auth-Id: nlkw2k8yjw X-Name-Sponge: 65cc109f2c9052c1_1767173118535_3237255704 X-MC-Loop-Signature: 1767173118535:1524764886 X-MC-Ingress-Time: 1767173118534 Received: from vittoria.id.domainesia.com (vittoria.id.domainesia.com [36.50.77.81]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384) by 100.107.79.208 (trex/7.1.3); Wed, 31 Dec 2025 09:25:18 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=kriptograf.id; s=default; h=Cc:To:In-Reply-To:References:Message-Id: Content-Transfer-Encoding:Content-Type:MIME-Version:Subject:Date:From:Sender: Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender :Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=+36DFckqx+G1CdC60LCVJiNVSZDjLP/1mvomvNCogY4=; b=IEsKqqShODBbdEluX1Uzk8eU0K nh+G1I4+Mzqz/8iZQ6Mqqq8ncqVJBjgG2GXZojPdvgPTCNyxWuRYQ/+qH5IQNGMljJRxiddH/3O96 4QQMYlGSfS7TB5Zj9EZERvsQAI3BH+pLQ70GTNoyG2kpkFuVJVV2oHQcYvAzlXhW6lht4F2caGmiP 0wxlmRovjwgPb0jfk1JVAEDbC8EYF+sGCx24X63Tz5wjkYQiys+QLevIHfr8OMh4bHZrTTVwATwes Sv6//3oMhItNpTiezIpjVHH2hoTaiWY+n8MsNpBM/0kAKkcMeobJHUoDSOYR+wDe7Hb0Abj5OAZYq CmCt0n7A==; Received: from [182.253.89.89] (port=29807 helo=Rusydis-MacBook-Air.local) by vittoria.id.domainesia.com with esmtpsa (TLS1.3) tls TLS_AES_256_GCM_SHA384 (Exim 4.99) (envelope-from ) id 1vasSA-0000000B53Y-0HH5; Wed, 31 Dec 2025 16:25:12 +0700 From: "Rusydi H. Makarim" Date: Wed, 31 Dec 2025 16:25:35 +0700 Subject: [PATCH v2 1/3] lib/crypto: Add KUnit test vectors for Ascon-Hash256 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20251231-ascon_hash256-v2-1-ffc88a0bab4d@kriptograf.id> References: <20251231-ascon_hash256-v2-0-ffc88a0bab4d@kriptograf.id> In-Reply-To: <20251231-ascon_hash256-v2-0-ffc88a0bab4d@kriptograf.id> To: Herbert Xu , "David S. Miller" , Eric Biggers , "Jason A. Donenfeld" , Ard Biesheuvel Cc: linux-kernel@vger.kernel.org, linux-crypto@vger.kernel.org, "Rusydi H. Makarim" X-Mailer: b4 0.14.3 X-AuthUser: rusydi.makarim@kriptograf.id Add test vectors to test the implementation correctness. The test vectors are generated using the Python reference implementation in https://github.com/meichlseder/pyascon. The messages are generated using the method rand_bytes() in scripts/crypto/gen-hash-testvecs.py. Signed-off-by: Rusydi H. Makarim --- include/crypto/ascon_hash.h | 84 ++++++++++++ lib/crypto/tests/Kconfig | 9 ++ lib/crypto/tests/Makefile | 1 + lib/crypto/tests/ascon_hash-testvecs.h | 235 +++++++++++++++++++++++++++++= ++++ lib/crypto/tests/ascon_hash_kunit.c | 33 +++++ 5 files changed, 362 insertions(+) diff --git a/include/crypto/ascon_hash.h b/include/crypto/ascon_hash.h new file mode 100644 index 000000000000..a99ea458a9cc --- /dev/null +++ b/include/crypto/ascon_hash.h @@ -0,0 +1,84 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * Common values for Ascon-Hash family of algorithms as defined in + * NIST SP 800-232 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/N= IST.SP.800-232.pdf + */ +#ifndef _CRYPTO_ASCON_HASH_H_ +#define _CRYPTO_ASCON_HASH_H_ + +#include + +#define ASCON_STATE_SIZE 40 +#define ASCON_STATE_WORDS 5 + +#define ASCON_HASH256_DIGEST_SIZE 32 +#define ASCON_HASH256_BLOCK_SIZE 8 +#define ASCON_HASH256_RATE 8 +#define ASCON_HASH256_IV 0x0000080100CC0002ULL + + +/* + * State for Ascon-p[320] permutation: 5 64-bit words + */ +struct ascon_state { + union { + __le64 words[ASCON_STATE_WORDS]; + u8 bytes[ASCON_STATE_SIZE]; + u64 native_words[ASCON_STATE_WORDS]; + }; +}; + +/* Internal context */ +struct __ascon_hash_ctx { + struct ascon_state state; + u8 absorb_offset; +}; + +/** + * struct ascon_hash256_ctx - Context for Ascon-Hash256 + * @ctx: private + */ +struct ascon_hash256_ctx { + struct __ascon_hash_ctx ctx; +}; + + +/** + * ascon_hash256_init() - Initialize a context for Ascon-Hash256 + * @ctx: The context to initialize + * + * This begins a new Ascon-Hash256 message digest computation. + */ +void ascon_hash256_init(struct ascon_hash256_ctx *ctx); + +/** + * ascon_hash256_update() - Update an Ascon-Hash256 digest context with in= put data + * @ctx: The context to update; must have been initialized + * @in: The input data + * @in_len: Length of the input data in bytes + */ +void ascon_hash256_update(struct ascon_hash256_ctx *ctx, const u8 *in, + size_t in_len); + +/** + * ascon_hash256_final() - Finish computing an Ascon-Hash256 message digest + * @ctx: The context to finalize; must have been initialized + * @out: (output) The resulting Ascon-Hash256 message digest, matching the= init + * function that was called. + */ +void ascon_hash256_final(struct ascon_hash256_ctx *ctx, + u8 out[ASCON_HASH256_DIGEST_SIZE]); + +/** + * ascon_hash256() - Compute Ascon-Hash256 digest in one shot + * @in: The input data to be digested + * @in_len: Length of the input data in bytes + * @out: The buffer into which the digest will be stored + * + * Convenience function that computes an Ascon-Hash256 digest. Use this in= stead of + * the incremental API if you are able to provide all the input at once. + */ +void ascon_hash256(const u8 *in, size_t in_len, + u8 out[ASCON_HASH256_DIGEST_SIZE]); + +#endif diff --git a/lib/crypto/tests/Kconfig b/lib/crypto/tests/Kconfig index 61d435c450bb..e9d10c580ffe 100644 --- a/lib/crypto/tests/Kconfig +++ b/lib/crypto/tests/Kconfig @@ -101,6 +101,15 @@ config CRYPTO_LIB_SHA3_KUNIT_TEST including SHA3-224, SHA3-256, SHA3-384, SHA3-512, SHAKE128 and SHAKE256. =20 +config CRYPTO_LIB_ASCON_HASH_KUNIT_TEST + tristate "KUnit tests for Ascon-Hash" if !KUNIT_ALL_TESTS + depends on KUNIT + default KUNIT_ALL_TESTS || CRYPTO_SELFTESTS + select CRYPTO_LIB_BENCHMARK_VISIBLE + select CRYPTO_LIB_ASCON_HASH + help + KUnit tests for the Ascon-Hash256 cryptographic has functions. + config CRYPTO_LIB_BENCHMARK_VISIBLE bool =20 diff --git a/lib/crypto/tests/Makefile b/lib/crypto/tests/Makefile index 5109a0651925..59c4f4ef5b22 100644 --- a/lib/crypto/tests/Makefile +++ b/lib/crypto/tests/Makefile @@ -10,3 +10,4 @@ obj-$(CONFIG_CRYPTO_LIB_SHA1_KUNIT_TEST) +=3D sha1_kunit.o obj-$(CONFIG_CRYPTO_LIB_SHA256_KUNIT_TEST) +=3D sha224_kunit.o sha256_kuni= t.o obj-$(CONFIG_CRYPTO_LIB_SHA512_KUNIT_TEST) +=3D sha384_kunit.o sha512_kuni= t.o obj-$(CONFIG_CRYPTO_LIB_SHA3_KUNIT_TEST) +=3D sha3_kunit.o +obj-$(CONFIG_CRYPTO_LIB_ASCON_HASH_KUNIT_TEST) +=3D ascon_hash_kunit.o diff --git a/lib/crypto/tests/ascon_hash-testvecs.h b/lib/crypto/tests/asco= n_hash-testvecs.h new file mode 100644 index 000000000000..b5c0edcf61e6 --- /dev/null +++ b/lib/crypto/tests/ascon_hash-testvecs.h @@ -0,0 +1,235 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later */ +/* + * The test vectors are generated using the Python reference implementation + * in https://github.com/meichlseder/pyascon/tree/master with messages from + * the method rand_bytes() in scripts/crypto/gen-hash-testvecs.py + */ + +static const struct { + size_t data_len; + u8 digest[ASCON_HASH256_DIGEST_SIZE]; +} hash_testvecs[] =3D { + { + .data_len =3D 0, + .digest =3D { + 0x0b, 0x3b, 0xe5, 0x85, 0x0f, 0x2f, 0x6b, 0x98, + 0xca, 0xf2, 0x9f, 0x8f, 0xde, 0xa8, 0x9b, 0x64, + 0xa1, 0xfa, 0x70, 0xaa, 0x24, 0x9b, 0x8f, 0x83, + 0x9b, 0xd5, 0x3b, 0xaa, 0x30, 0x4d, 0x92, 0xb2, + }, + }, + { + .data_len =3D 1, + .digest =3D { + 0xb9, 0xaa, 0x10, 0x34, 0x7a, 0x2e, 0x62, 0x01, + 0x01, 0xcf, 0xbd, 0x55, 0x8e, 0x8d, 0x85, 0xda, + 0x97, 0xe8, 0xd0, 0x5c, 0xbf, 0xf3, 0x19, 0xf7, + 0x54, 0xcd, 0x32, 0xc0, 0xd0, 0x06, 0x72, 0x62, + }, + }, + { + .data_len =3D 2, + .digest =3D { + 0xd9, 0x6b, 0x24, 0xe8, 0x0e, 0xaf, 0xd7, 0x43, + 0x02, 0x76, 0x7e, 0xc3, 0x66, 0xfa, 0x15, 0x69, + 0xe8, 0x86, 0x3b, 0xcd, 0x3b, 0xa4, 0xda, 0x77, + 0xf5, 0xc0, 0x9d, 0x01, 0x8e, 0x9c, 0xae, 0xcd, + }, + }, + { + .data_len =3D 3, + .digest =3D { + 0xaa, 0x09, 0xac, 0xf6, 0x0f, 0xa1, 0x54, 0xee, + 0x5c, 0xe6, 0xf9, 0x44, 0xa8, 0x9f, 0xdb, 0x35, + 0x68, 0x3b, 0x85, 0x15, 0x2f, 0x54, 0x51, 0x7d, + 0x05, 0x1e, 0xff, 0x4c, 0x23, 0xa3, 0x46, 0x59, + }, + }, + { + .data_len =3D 16, + .digest =3D { + 0xba, 0xc9, 0x62, 0x49, 0xba, 0x78, 0x92, 0x5f, + 0xa8, 0xa9, 0xd3, 0x47, 0x60, 0x09, 0x1e, 0xdb, + 0x23, 0x38, 0x2f, 0x43, 0x6a, 0x0f, 0x2f, 0xc8, + 0x33, 0x9c, 0xdb, 0x9e, 0x38, 0x8f, 0xb0, 0x8a + }, + }, + { + .data_len =3D 32, + .digest =3D { + 0x57, 0x6c, 0x66, 0xd5, 0xac, 0x36, 0xd2, 0xda, + 0x14, 0x4f, 0x6e, 0x84, 0xab, 0xc9, 0xd5, 0x9e, + 0xe4, 0xb2, 0x22, 0x4a, 0x8c, 0x3c, 0xf2, 0xf3, + 0x2d, 0xbc, 0x6c, 0x96, 0xa0, 0xd4, 0xaf, 0xd3 + }, + }, + { + .data_len =3D 48, + .digest =3D { + 0x7e, 0x2e, 0xa5, 0x76, 0x69, 0xc9, 0xf1, 0x49, + 0xb3, 0x89, 0x53, 0xca, 0x8f, 0x27, 0x6b, 0x89, + 0xdc, 0x92, 0x5b, 0x48, 0x90, 0x8f, 0x19, 0x7c, + 0xf2, 0x29, 0xa9, 0xde, 0x59, 0x9e, 0x81, 0x27 + }, + }, + { + .data_len =3D 49, + .digest =3D { + 0xb5, 0x75, 0xe9, 0xd8, 0x67, 0x75, 0xe2, 0x29, + 0x3b, 0xff, 0x82, 0x14, 0x06, 0xcf, 0x00, 0x4a, + 0xb2, 0x53, 0x01, 0x6e, 0x03, 0x86, 0xa6, 0x69, + 0xe3, 0x64, 0x97, 0x56, 0x25, 0x5b, 0xec, 0x4e + }, + }, + { + .data_len =3D 63, + .digest =3D { + 0xb3, 0x37, 0xbf, 0xff, 0xf8, 0x0b, 0x2b, 0xd7, + 0x81, 0x4c, 0xce, 0x9f, 0x4b, 0xa9, 0x71, 0x3c, + 0x93, 0x75, 0x04, 0x2d, 0x21, 0x66, 0x10, 0x58, + 0x38, 0x4e, 0xf5, 0xd7, 0xeb, 0xb4, 0xae, 0x62 + }, + }, + { + .data_len =3D 64, + .digest =3D { + 0x57, 0xfc, 0x23, 0x3d, 0xf3, 0x48, 0xcc, 0xd2, + 0x41, 0x39, 0xd8, 0x1c, 0x05, 0x5b, 0xa4, 0x63, + 0x51, 0x0a, 0x77, 0x8e, 0xb5, 0x11, 0x17, 0xd6, + 0xeb, 0x54, 0x15, 0xae, 0xb8, 0x2d, 0xd3, 0x5f + }, + }, + { + .data_len =3D 65, + .digest =3D { + 0xae, 0x4c, 0xaa, 0x95, 0x86, 0x9c, 0xf2, 0x79, + 0x57, 0x9a, 0xc9, 0x62, 0x8e, 0x60, 0xc4, 0xc8, + 0x09, 0x3c, 0xc3, 0xbb, 0xdf, 0x35, 0x96, 0x51, + 0x5d, 0x80, 0x9a, 0x00, 0x6a, 0xfb, 0xb6, 0xa2 + }, + }, + { + .data_len =3D 127, + .digest =3D { + 0x31, 0x4f, 0xfc, 0x1f, 0xb9, 0xc7, 0x30, 0x36, + 0xc5, 0x5c, 0x1d, 0x85, 0x50, 0x4d, 0x96, 0x57, + 0xeb, 0x75, 0xa4, 0xe0, 0x64, 0x89, 0x84, 0xa5, + 0x34, 0x34, 0x6d, 0x0e, 0xbb, 0x74, 0x3a, 0x48 + }, + }, + { + .data_len =3D 128, + .digest =3D { + 0x2d, 0x39, 0xbb, 0x6d, 0xef, 0x31, 0x8f, 0x5a, + 0xec, 0x5a, 0xf5, 0x86, 0xee, 0xec, 0x26, 0x1a, + 0xc8, 0x38, 0x40, 0xdd, 0xf0, 0xa6, 0xf0, 0x5f, + 0xf8, 0x92, 0x14, 0x23, 0x40, 0x48, 0x1b, 0x18 + }, + }, + { + .data_len =3D 129, + .digest =3D { + 0x97, 0xfc, 0xe5, 0xca, 0xa3, 0x62, 0xae, 0xa1, + 0x3e, 0x62, 0xd6, 0x46, 0x55, 0x50, 0x26, 0xa7, + 0x33, 0x36, 0x87, 0x68, 0xbc, 0x26, 0x70, 0x05, + 0x49, 0x83, 0x9c, 0x68, 0x24, 0x1c, 0x3c, 0x44 + }, + }, + { + .data_len =3D 256, + .digest =3D { + 0x7d, 0x0c, 0x6d, 0xfb, 0x6b, 0x19, 0xc1, 0xe1, + 0xa3, 0xd4, 0x2a, 0xae, 0x5a, 0xad, 0xaa, 0xc5, + 0xeb, 0xa6, 0xb2, 0x72, 0xc5, 0x75, 0x9f, 0x27, + 0x12, 0xd7, 0x7b, 0xb3, 0xc5, 0xb7, 0x2a, 0xe3 + }, + }, + { + .data_len =3D 511, + .digest =3D { + 0x32, 0x12, 0xb7, 0x28, 0xc2, 0xbc, 0xe7, 0x38, + 0x8d, 0x0e, 0x52, 0x34, 0x1a, 0xbc, 0xb0, 0xde, + 0x45, 0x2b, 0x08, 0x41, 0x23, 0xcf, 0x32, 0x7f, + 0xd5, 0xa7, 0x2f, 0x99, 0xc6, 0xf6, 0x54, 0x33 + }, + }, + { + .data_len =3D 513, + .digest =3D { + 0x6b, 0x15, 0x49, 0x95, 0x0d, 0xfc, 0x26, 0x1d, + 0xc5, 0x01, 0x55, 0x5e, 0x0c, 0x7c, 0x80, 0x57, + 0xbe, 0xce, 0x04, 0x8e, 0x8e, 0x2e, 0x8a, 0xe8, + 0xeb, 0x2e, 0x89, 0x4b, 0x6c, 0xea, 0x78, 0x71 + }, + }, + { + .data_len =3D 1000, + .digest =3D { + 0x13, 0x16, 0x77, 0xd5, 0x37, 0x7a, 0x8a, 0x02, + 0x68, 0xd9, 0xd5, 0x51, 0xf4, 0x08, 0x7c, 0xe0, + 0xad, 0xa1, 0x61, 0x17, 0x15, 0x57, 0xd8, 0xb6, + 0x55, 0xee, 0xbb, 0x96, 0xcd, 0xdd, 0xd2, 0x0d + }, + }, + { + .data_len =3D 3333, + .digest =3D { + 0x28, 0x15, 0xde, 0x05, 0x06, 0x68, 0xbc, 0xfe, + 0xb1, 0x07, 0x72, 0x26, 0xa2, 0x31, 0x8f, 0xe0, + 0xe9, 0x1a, 0x36, 0x00, 0x51, 0xd8, 0x85, 0xc9, + 0xb9, 0x67, 0x55, 0x93, 0xe3, 0x02, 0x02, 0x5c + }, + }, + { + .data_len =3D 4096, + .digest =3D { + 0x9b, 0x12, 0x0c, 0x12, 0xca, 0x22, 0x84, 0xd3, + 0xc1, 0x5b, 0x0f, 0x2d, 0xee, 0x58, 0xc4, 0x67, + 0x03, 0xf7, 0x6c, 0x28, 0xfa, 0xd1, 0x5d, 0x85, + 0xd9, 0x4b, 0x4f, 0xb2, 0x8c, 0x36, 0x35, 0x53 + }, + }, + { + .data_len =3D 4128, + .digest =3D { + 0xe4, 0x4d, 0x10, 0xb1, 0x02, 0x62, 0x86, 0xca, + 0x65, 0x0b, 0xcd, 0xe3, 0x62, 0x96, 0x67, 0xfc, + 0x59, 0x12, 0x1d, 0x44, 0xed, 0x7b, 0xfb, 0x87, + 0x82, 0xca, 0xdb, 0xcb, 0xe1, 0x93, 0xaa, 0xa6 + }, + }, + { + .data_len =3D 4160, + .digest =3D { + 0xe3, 0x03, 0x5e, 0x95, 0x5d, 0xf0, 0x6b, 0xe2, + 0x30, 0x01, 0x56, 0xf2, 0x6b, 0x18, 0x15, 0xf4, + 0xa0, 0x42, 0x33, 0xc4, 0x0b, 0xb9, 0xc2, 0xad, + 0x98, 0xe7, 0x53, 0x2c, 0x8e, 0x8a, 0x1c, 0x02 + }, + }, + { + .data_len =3D 4224, + .digest =3D { + 0x22, 0x2b, 0x62, 0x2c, 0x21, 0x61, 0xd1, 0x23, + 0x92, 0x9c, 0x8d, 0x07, 0x48, 0x4a, 0x25, 0x16, + 0x34, 0x6f, 0x74, 0x3f, 0xbe, 0xf4, 0x7c, 0x1b, + 0xea, 0xb9, 0x2a, 0x36, 0xc7, 0x3c, 0x1a, 0x32 + }, + }, + { + .data_len =3D 16384, + .digest =3D { + 0xe9, 0xe2, 0x04, 0xa1, 0x93, 0x8a, 0x7d, 0x6b, + 0x18, 0x64, 0x38, 0xc5, 0x88, 0x41, 0x98, 0x68, + 0xaf, 0xc3, 0xbb, 0xa5, 0x5f, 0x92, 0x12, 0xcb, + 0x0e, 0x31, 0xdf, 0xe9, 0xc1, 0xfb, 0x5a, 0x23 + }, + }, +}; + +static const u8 hash_testvec_consolidated[ASCON_HASH256_DIGEST_SIZE] =3D { + 0x48, 0xae, 0x81, 0x92, 0x91, 0xc4, 0x32, 0xba, + 0xe4, 0x96, 0x5d, 0xb7, 0xf1, 0xb6, 0xad, 0x10, + 0xae, 0x09, 0x4a, 0x0b, 0xe1, 0xa7, 0x59, 0xa4, + 0xfd, 0xcb, 0x47, 0x28, 0xfc, 0x0a, 0x34, 0x26, +}; diff --git a/lib/crypto/tests/ascon_hash_kunit.c b/lib/crypto/tests/ascon_h= ash_kunit.c new file mode 100644 index 000000000000..2ca15dbab2cb --- /dev/null +++ b/lib/crypto/tests/ascon_hash_kunit.c @@ -0,0 +1,33 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * Copyright 2025 Rusydi H. Makarim + */ + +#include +#include "ascon_hash-testvecs.h" + +#define HASH ascon_hash256 +#define HASH_CTX ascon_hash256_ctx +#define HASH_SIZE ASCON_HASH256_DIGEST_SIZE +#define HASH_INIT ascon_hash256_init +#define HASH_UPDATE ascon_hash256_update +#define HASH_FINAL ascon_hash256_final + +#include "hash-test-template.h" + +static struct kunit_case hash_test_cases[] =3D { + HASH_KUNIT_CASES, + KUNIT_CASE(benchmark_hash), + {}, +}; + +static struct kunit_suite hash_test_suite =3D { + .name =3D "ascon_hash256", + .test_cases =3D hash_test_cases, + .suite_init =3D hash_suite_init, + .suite_exit =3D hash_suite_exit, +}; +kunit_test_suite(hash_test_suite); + +MODULE_DESCRIPTION("KUnit tests and benchmark for Ascon-Hash256"); +MODULE_LICENSE("GPL"); --=20 2.52.0 From nobody Sun Feb 8 16:34:14 2026 Received: from bisque.cedar.relay.mailchannels.net (bisque.cedar.relay.mailchannels.net [23.83.210.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 475302E1C7C; Wed, 31 Dec 2025 09:25:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=pass smtp.client-ip=23.83.210.18 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767173121; cv=pass; b=gYTJ16tDjGr/D0hjPPTBYzx/BlwQ1e3dOOICJUCOoUsb1y5Vn/rQhiIBsE8OXEh6//jxKTxfagqm5FtLiJhmYIKrT3wuqrftsZLai9AtK+dum4VsuG2GaUzNdB+4MvA7XYOovFYlXgKJNNm2/1yx/jW5J9NJB8NmzEYpjhf6vAM= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767173121; c=relaxed/simple; bh=1/Rx+EK9X6i9KbLV0DE4Dr2vAlNvc08IJ594/pDcJ5I=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=hoaz9L/4e/dUGWd+hIOpLG0rKktc5NepNaglb2lIExmgODH05UqWijHpnIYOvYB06n73aiUG2/+eajpfFV/NYjBIf1xtpNks5pvxZ3UKxxc7xjkHlGk+YoskbPrWaZ19X9kdr+aiklChNQIAzJv+UrkfNgobnAOMA4jOgENr/Nc= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=kriptograf.id; spf=pass smtp.mailfrom=kriptograf.id; dkim=pass (2048-bit key) header.d=kriptograf.id header.i=@kriptograf.id header.b=HZDTgxk1; arc=pass smtp.client-ip=23.83.210.18 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=kriptograf.id Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=kriptograf.id Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kriptograf.id header.i=@kriptograf.id header.b="HZDTgxk1" X-Sender-Id: nlkw2k8yjw|x-authuser|rusydi.makarim@kriptograf.id Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 85D991609B3; Wed, 31 Dec 2025 09:25:18 +0000 (UTC) Received: from vittoria.id.domainesia.com (trex-green-0.trex.outbound.svc.cluster.local [100.106.231.39]) (Authenticated sender: nlkw2k8yjw) by relay.mailchannels.net (Postfix) with ESMTPA id E67DD160F17; Wed, 31 Dec 2025 09:25:15 +0000 (UTC) ARC-Seal: i=1; a=rsa-sha256; d=mailchannels.net; s=arc-2022; cv=none; t=1767173117; b=DV2lnkmv2hW2st/3i/B6KgS/sx106H4YIYcnJWOJPOjp4JFXbki5PaOeVsFakcar54I/yd wIhT/dHmQyNEhHwDm80b20WiiAYJZla9GTtA80CkH1mzQE4/O+t4YkmYo1mArGqEpOa4W6 JgdO/oA0ESgzmN8KIi2cgVazr0XxLsMETsXf0gqsZrtrnfTAqE1Fv4EZM9H2xa1nSdtTWE pAymEE7E/VmWQ3lI7GCoFzU1/+5Ss1ti0QQ7KudUgjZRcUIhoo0oYEh+Xqoiri+V5Vsa8m lT4+QfHj+KsoyAEgtViDhuD6G4rG34R60ssB9kX02YieiRL9m6911/hzMPBosg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=mailchannels.net; s=arc-2022; t=1767173117; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=TJbzvSqUCKfx22CKDG0lZkeCcWbDX9bs/BnTfz1BNVw=; b=c/rdnv2vE07z+LP8sYsJ19zqf9ZLqSZSaEtjd8IskPaTekcFgENIT8YfQtKVzq3p3oQDs2 Px9R3DncfIL7AXijxbzeAIFNBHcyL18cftS2/1Osq/TUi3QOGQqLC7z2icCWQ+1G1BxyNG Ie7PzTvrInOLnf8NUljkLhCrBxPTvB7ra0YHj98fHbaAPo4h+heys540F+NXFfsv7DKyzQ NPYD826/wgX8UH8x9s2rs4ZY3IKQITHWNNDlfN3utqZLH7P/5VkLSvzvno4y+sjlTNIbl5 DWUgWv4qcEmjRWvs02pMycoYWLUqCucQHxh9invRnYMHQaZuCg5acidJJS8iSg== ARC-Authentication-Results: i=1; rspamd-69599c6f48-klbvj; auth=pass smtp.auth=nlkw2k8yjw smtp.mailfrom=rusydi.makarim@kriptograf.id X-Sender-Id: nlkw2k8yjw|x-authuser|rusydi.makarim@kriptograf.id X-MC-Relay: Junk X-MailChannels-SenderId: nlkw2k8yjw|x-authuser|rusydi.makarim@kriptograf.id X-MailChannels-Auth-Id: nlkw2k8yjw X-Whispering-Language: 36252d4338baa83c_1767173118069_3930190636 X-MC-Loop-Signature: 1767173118069:630459088 X-MC-Ingress-Time: 1767173118069 Received: from vittoria.id.domainesia.com (vittoria.id.domainesia.com [36.50.77.81]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384) by 100.106.231.39 (trex/7.1.3); Wed, 31 Dec 2025 09:25:18 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=kriptograf.id; s=default; h=Cc:To:In-Reply-To:References:Message-Id: Content-Transfer-Encoding:Content-Type:MIME-Version:Subject:Date:From:Sender: Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender :Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=TJbzvSqUCKfx22CKDG0lZkeCcWbDX9bs/BnTfz1BNVw=; b=HZDTgxk1lrYyvjICZup0soXO/O kLmmpKayHWIwmirzPApCXqn3+KhPsahNvAomFdhI3lB1O7diRyNCLn32pk9SF8Hcp1Fwz8sjcE+qL 7QTMUBCr8JD3QESDhhuVNjRhyiNX4aQD1BAg1lTeOGV7asJZ8TAwAWyVjlZWnpyY+nXJIfdo1t0Gp H27EuakwmmF08dhtGiLQP+kA5BM+9aKZ4ZT+XzqC/qPRkWYmPYTrZzasiU4BecHWYS8pt1Z7WwimO VB5oEBRyIanP7F/0iJ2cE/498gtTwm6usRImMu7SF0lc62qpDUur6iWPTSHGPg78Lky2G8HEohZpS RZdiDxdQ==; Received: from [182.253.89.89] (port=29807 helo=Rusydis-MacBook-Air.local) by vittoria.id.domainesia.com with esmtpsa (TLS1.3) tls TLS_AES_256_GCM_SHA384 (Exim 4.99) (envelope-from ) id 1vasSA-0000000B53Y-1JGA; Wed, 31 Dec 2025 16:25:13 +0700 From: "Rusydi H. Makarim" Date: Wed, 31 Dec 2025 16:25:36 +0700 Subject: [PATCH v2 2/3] lib/crypto: Initial implementation of Ascon-Hash256 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20251231-ascon_hash256-v2-2-ffc88a0bab4d@kriptograf.id> References: <20251231-ascon_hash256-v2-0-ffc88a0bab4d@kriptograf.id> In-Reply-To: <20251231-ascon_hash256-v2-0-ffc88a0bab4d@kriptograf.id> To: Herbert Xu , "David S. Miller" , Eric Biggers , "Jason A. Donenfeld" , Ard Biesheuvel Cc: linux-kernel@vger.kernel.org, linux-crypto@vger.kernel.org, "Rusydi H. Makarim" X-Mailer: b4 0.14.3 X-AuthUser: rusydi.makarim@kriptograf.id initial implementation of Ascon-Hash256 Signed-off-by: Rusydi H. Makarim --- include/crypto/ascon_hash.h | 1 - include/crypto/hash_info.h | 1 + include/uapi/linux/hash_info.h | 1 + lib/crypto/Kconfig | 8 ++ lib/crypto/Makefile | 5 ++ lib/crypto/ascon_hash.c | 169 +++++++++++++++++++++++++++++++++++++= ++++ lib/crypto/hash_info.c | 2 + 7 files changed, 186 insertions(+), 1 deletion(-) diff --git a/include/crypto/ascon_hash.h b/include/crypto/ascon_hash.h index a99ea458a9cc..7fbe345b6ed1 100644 --- a/include/crypto/ascon_hash.h +++ b/include/crypto/ascon_hash.h @@ -16,7 +16,6 @@ #define ASCON_HASH256_RATE 8 #define ASCON_HASH256_IV 0x0000080100CC0002ULL =20 - /* * State for Ascon-p[320] permutation: 5 64-bit words */ diff --git a/include/crypto/hash_info.h b/include/crypto/hash_info.h index d6927739f8b2..ccbaabca3e7b 100644 --- a/include/crypto/hash_info.h +++ b/include/crypto/hash_info.h @@ -13,6 +13,7 @@ #include #include #include +#include =20 #include =20 diff --git a/include/uapi/linux/hash_info.h b/include/uapi/linux/hash_info.h index 0af23ec196d8..d39b5d48f14a 100644 --- a/include/uapi/linux/hash_info.h +++ b/include/uapi/linux/hash_info.h @@ -38,6 +38,7 @@ enum hash_algo { HASH_ALGO_SHA3_256, HASH_ALGO_SHA3_384, HASH_ALGO_SHA3_512, + HASH_ALGO_ASCON_HASH256, HASH_ALGO__LAST }; =20 diff --git a/lib/crypto/Kconfig b/lib/crypto/Kconfig index 6871a41e5069..5f39ed6746de 100644 --- a/lib/crypto/Kconfig +++ b/lib/crypto/Kconfig @@ -223,6 +223,14 @@ config CRYPTO_LIB_SHA3_ARCH default y if ARM64 && KERNEL_MODE_NEON default y if S390 =20 +config CRYPTO_LIB_ASCON_HASH + tristate + select CRYPTO_LIB_UTILS + help + The Ascon-Hash library functions. Select this if your module uses any of + the functions from + + config CRYPTO_LIB_SM3 tristate =20 diff --git a/lib/crypto/Makefile b/lib/crypto/Makefile index 330ab65b29c4..6657ea3d8771 100644 --- a/lib/crypto/Makefile +++ b/lib/crypto/Makefile @@ -297,6 +297,11 @@ endif # CONFIG_CRYPTO_LIB_SHA3_ARCH =20 ##########################################################################= ###### =20 +obj-$(CONFIG_CRYPTO_LIB_ASCON_HASH) +=3D libascon_hash.o +libascon_hash-y :=3D ascon_hash.o + +##########################################################################= ###### + obj-$(CONFIG_MPILIB) +=3D mpi/ =20 obj-$(CONFIG_CRYPTO_SELFTESTS_FULL) +=3D simd.o diff --git a/lib/crypto/ascon_hash.c b/lib/crypto/ascon_hash.c new file mode 100644 index 000000000000..6b88499b8f11 --- /dev/null +++ b/lib/crypto/ascon_hash.c @@ -0,0 +1,169 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * Ascon-Hash library functions + * + * Copyright (c) 2025 Rusydi H. Makarim + */ + +#include +#include +#include + + +/* + * The standard of Ascon permutation in NIST SP 800-232 specifies 16 round + * constants to accomodate potential functionality extensions in the future + * (see page 2). + */ +static const u64 ascon_p_rndc[] =3D { + 0x000000000000003cULL, 0x000000000000002dULL, 0x000000000000001eULL, + 0x000000000000000fULL, 0x00000000000000f0ULL, 0x00000000000000e1ULL, + 0x00000000000000d2ULL, 0x00000000000000c3ULL, 0x00000000000000b4ULL, + 0x00000000000000a5ULL, 0x0000000000000096ULL, 0x0000000000000087ULL, + 0x0000000000000078ULL, 0x0000000000000069ULL, 0x000000000000005aULL, + 0x000000000000004bULL, +}; + + +static inline void ascon_round(u64 s[ASCON_STATE_WORDS], u64 C) +{ + u64 t[ASCON_STATE_WORDS]; + + // pC + s[2] ^=3D C; + + // pS + s[0] ^=3D s[4]; + s[4] ^=3D s[3]; + s[2] ^=3D s[1]; + t[0] =3D s[0] ^ (~s[1] & s[2]); + t[1] =3D s[1] ^ (~s[2] & s[3]); + t[2] =3D s[2] ^ (~s[3] & s[4]); + t[3] =3D s[3] ^ (~s[4] & s[0]); + t[4] =3D s[4] ^ (~s[0] & s[1]); + t[1] ^=3D t[0]; + t[0] ^=3D t[4]; + t[3] ^=3D t[2]; + t[2] =3D ~t[2]; + + // pL + s[0] =3D t[0] ^ ror64(t[0], 19) ^ ror64(t[0], 28); + s[1] =3D t[1] ^ ror64(t[1], 61) ^ ror64(t[1], 39); + s[2] =3D t[2] ^ ror64(t[2], 1) ^ ror64(t[2], 6); + s[3] =3D t[3] ^ ror64(t[3], 10) ^ ror64(t[3], 17); + s[4] =3D t[4] ^ ror64(t[4], 7) ^ ror64(t[4], 41); +} + +static inline void ascon_p12_generic(struct ascon_state *state) +{ + int i; + + for (i =3D 0; i < ARRAY_SIZE(state->words); ++i) + state->native_words[i] =3D le64_to_cpu(state->words[i]); + + for (i =3D 0; i < 12; ++i) + ascon_round(state->native_words, ascon_p_rndc[16 - 12 + i]); + + for (i =3D 0; i < ARRAY_SIZE(state->words); ++i) + state->words[i] =3D cpu_to_le64(state->native_words[i]); +} + +static void __maybe_unused ascon_hash256_absorb_blocks_generic( + struct ascon_state *state, const u8 *in, size_t nblocks) +{ + do { + for (size_t i =3D 0; i < ASCON_HASH256_BLOCK_SIZE; i +=3D 8) + state->words[i / 8] ^=3D get_unaligned((__le64 *)&in[i]); + ascon_p12_generic(state); + in +=3D ASCON_HASH256_BLOCK_SIZE; + } while (--nblocks); +} + +#define ascon_p12 ascon_p12_generic +#define ascon_hash256_absorb_blocks ascon_hash256_absorb_blocks_generic + +void ascon_hash256_init(struct ascon_hash256_ctx *asc_hash256_ctx) +{ + struct __ascon_hash_ctx *ctx =3D &asc_hash256_ctx->ctx; + + ctx->state.words[0] =3D ASCON_HASH256_IV; + ctx->state.words[1] =3D 0; + ctx->state.words[2] =3D 0; + ctx->state.words[3] =3D 0; + ctx->state.words[4] =3D 0; + ctx->absorb_offset =3D 0; + ascon_p12(&ctx->state); +} +EXPORT_SYMBOL_GPL(ascon_hash256_init); + +void ascon_hash256_update(struct ascon_hash256_ctx *asc_hash256_ctx, const= u8 *in, + size_t in_len) +{ + struct __ascon_hash_ctx *ctx =3D &asc_hash256_ctx->ctx; + u8 absorb_offset =3D ctx->absorb_offset; + + WARN_ON_ONCE(absorb_offset >=3D ASCON_HASH256_BLOCK_SIZE); + + if (absorb_offset && absorb_offset + in_len >=3D ASCON_HASH256_BLOCK_SIZE= ) { + crypto_xor(&ctx->state.bytes[absorb_offset], in, + ASCON_HASH256_BLOCK_SIZE - absorb_offset); + in +=3D ASCON_HASH256_BLOCK_SIZE - absorb_offset; + in_len -=3D ASCON_HASH256_BLOCK_SIZE - absorb_offset; + ascon_p12(&ctx->state); + absorb_offset =3D 0; + } + + if (in_len >=3D ASCON_HASH256_BLOCK_SIZE) { + size_t nblocks =3D in_len / ASCON_HASH256_BLOCK_SIZE; + + ascon_hash256_absorb_blocks(&ctx->state, in, nblocks); + in +=3D nblocks * ASCON_HASH256_BLOCK_SIZE; + in_len -=3D nblocks * ASCON_HASH256_BLOCK_SIZE; + } + + if (in_len) { + crypto_xor(&ctx->state.bytes[absorb_offset], in, in_len); + absorb_offset +=3D in_len; + + } + ctx->absorb_offset =3D absorb_offset; +} +EXPORT_SYMBOL_GPL(ascon_hash256_update); + +void ascon_hash256_final(struct ascon_hash256_ctx *asc_hash256_ctx, + u8 out[ASCON_HASH256_DIGEST_SIZE]) +{ + struct __ascon_hash_ctx *ctx =3D &asc_hash256_ctx->ctx; + + // padding + ctx->state.bytes[ctx->absorb_offset] ^=3D 0x01; + ascon_p12(&ctx->state); + + // squeezing + size_t len =3D ASCON_HASH256_DIGEST_SIZE; + + while (len > ASCON_HASH256_RATE) { + memcpy(out, ctx->state.bytes, ASCON_HASH256_RATE); + ascon_p12(&ctx->state); + out +=3D ASCON_HASH256_RATE; + len -=3D ASCON_HASH256_RATE; + } + memcpy(out, ctx->state.bytes, ASCON_HASH256_RATE); + memzero_explicit(asc_hash256_ctx, sizeof(*asc_hash256_ctx)); +} +EXPORT_SYMBOL_GPL(ascon_hash256_final); + + +void ascon_hash256(const u8 *in, size_t in_len, + u8 out[ASCON_HASH256_DIGEST_SIZE]) +{ + struct ascon_hash256_ctx ctx; + + ascon_hash256_init(&ctx); + ascon_hash256_update(&ctx, in, in_len); + ascon_hash256_final(&ctx, out); +} +EXPORT_SYMBOL_GPL(ascon_hash256); + +MODULE_DESCRIPTION("Ascon-Hash256 library functions"); +MODULE_LICENSE("GPL"); diff --git a/lib/crypto/hash_info.c b/lib/crypto/hash_info.c index 9a467638c971..49ce182c6d08 100644 --- a/lib/crypto/hash_info.c +++ b/lib/crypto/hash_info.c @@ -32,6 +32,7 @@ const char *const hash_algo_name[HASH_ALGO__LAST] =3D { [HASH_ALGO_SHA3_256] =3D "sha3-256", [HASH_ALGO_SHA3_384] =3D "sha3-384", [HASH_ALGO_SHA3_512] =3D "sha3-512", + [HASH_ALGO_ASCON_HASH256] =3D "ascon-hash256", }; EXPORT_SYMBOL_GPL(hash_algo_name); =20 @@ -59,5 +60,6 @@ const int hash_digest_size[HASH_ALGO__LAST] =3D { [HASH_ALGO_SHA3_256] =3D SHA3_256_DIGEST_SIZE, [HASH_ALGO_SHA3_384] =3D SHA3_384_DIGEST_SIZE, [HASH_ALGO_SHA3_512] =3D SHA3_512_DIGEST_SIZE, + [HASH_ALGO_ASCON_HASH256] =3D ASCON_HASH256_DIGEST_SIZE, }; EXPORT_SYMBOL_GPL(hash_digest_size); --=20 2.52.0 From nobody Sun Feb 8 16:34:14 2026 Received: from mistyrose.cherry.relay.mailchannels.net (mistyrose.cherry.relay.mailchannels.net [23.83.223.121]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DCD5C16EB42; Wed, 31 Dec 2025 09:34:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=pass smtp.client-ip=23.83.223.121 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767173674; cv=pass; b=CZcP7XQ4wAKULH9T+FFLMPPbbTWfg0oTZgoRgbvycZgHto6IlDxeKIUV4ABsSqwbgrpdO2OXEStaylYqGkJf46/ZrBTp5pBEAm7gcDe5xddVmw63UQg9iaCIGHcuU+Y5uTFqfG/qyGY/Y4uYhv0NkZhR6lZt3K5FpJidIb9cLMM= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767173674; c=relaxed/simple; bh=kPPUJ+cqjClWMAxV0R7r5VQvviTHQeABLvERa3yuvhY=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=IVCSj/Gz/ZeSuyKT5kpvrQH83VvNMF9UKCBs9DMCsQwhD60p9cfeDWFltpJmnrAKQxIwQJJ98CoCK6VkTYp2YTfFZNZ5CWGQIpVNBBire5rXgx7FycXrUiG3XMhdopCNl/tumkY1X3JvFmXRuNk7JmzsBNxD660VhO2snnPXqis= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=kriptograf.id; spf=pass smtp.mailfrom=kriptograf.id; dkim=pass (2048-bit key) header.d=kriptograf.id header.i=@kriptograf.id header.b=TZvtkQFR; arc=pass smtp.client-ip=23.83.223.121 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=kriptograf.id Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=kriptograf.id Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kriptograf.id header.i=@kriptograf.id header.b="TZvtkQFR" X-Sender-Id: nlkw2k8yjw|x-authuser|rusydi.makarim@kriptograf.id Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 85E977412DA; Wed, 31 Dec 2025 09:25:18 +0000 (UTC) Received: from vittoria.id.domainesia.com (trex-green-8.trex.outbound.svc.cluster.local [100.105.72.72]) (Authenticated sender: nlkw2k8yjw) by relay.mailchannels.net (Postfix) with ESMTPA id B9B3974121B; Wed, 31 Dec 2025 09:25:15 +0000 (UTC) ARC-Seal: i=1; a=rsa-sha256; d=mailchannels.net; s=arc-2022; cv=none; t=1767173117; b=jvw68y2Kfc81KZdBrkZjqYrJS/B40ez7xMmvbBxAdn+XaMMCwdX3iOsg/VCN9k46+hBmfA JtMuGND1o2PttRMKYx+GSJNFx0mHLCrA0jklynsNWsk170pIm2BbgXqzuefS+/xfaNsk1D XsMVqFuFzLUnmb9zfyYNQlrEMxdF/c0D0PLUp8LWUlB1lfRGOYzyoJGLN3KbjPpHMUMnOT 9U77pxHMv3K1ltcRZTh4H6gM97cDpvAE0UHc9ZIYAgQ0p8AgKPR9lxGPa+JnAdD0751OYM RoRGDgzvdjjzjfkUgd/zi766saertfdBrDo7+GoaMuUkuGXYA+LCnEB+d9/WNg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=mailchannels.net; s=arc-2022; t=1767173117; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=QW97PjJBrkA2EKQOCRqnHZDdmpNJ/eB9tI5pbcNEAWA=; b=i3J6jGOkfGk5ZoqjwOBdwbIPbOzbU4J2lWnN6aLwXga9AQsR0tP3loEYjMI3DGPcLOkDU4 YsK5ZQOagjpoxdSkpDRLT540L9T/nSMtmwm5msJ/HMuCUOqEOvR3NvOevbd2+RtRjn41Rr KeNVcuDAYJwPxBUDKi+B0uS2/qSCSH9uvxjS6DL81EkjS9y2NKF2elQ9x+BMDrdrw2P9VC idbU0yLziH6Hl35iDtsHKuwvmdBSGJqKnGoYMOOG+LHGYwNRCvS5EqRUP/IyusWJoC26dg /D3d22TnQczCClqb5v1cdTI34NXNj47SC+afCnDrm+Dy83/J5XiV4FfMMayctA== ARC-Authentication-Results: i=1; rspamd-69599c6f48-klbvj; auth=pass smtp.auth=nlkw2k8yjw smtp.mailfrom=rusydi.makarim@kriptograf.id X-Sender-Id: nlkw2k8yjw|x-authuser|rusydi.makarim@kriptograf.id X-MC-Relay: Junk X-MailChannels-SenderId: nlkw2k8yjw|x-authuser|rusydi.makarim@kriptograf.id X-MailChannels-Auth-Id: nlkw2k8yjw X-Shoe-Trouble: 4ae519731d110a46_1767173117855_1544193225 X-MC-Loop-Signature: 1767173117855:619337112 X-MC-Ingress-Time: 1767173117855 Received: from vittoria.id.domainesia.com (vittoria.id.domainesia.com [36.50.77.81]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384) by 100.105.72.72 (trex/7.1.3); Wed, 31 Dec 2025 09:25:17 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=kriptograf.id; s=default; h=Cc:To:In-Reply-To:References:Message-Id: Content-Transfer-Encoding:Content-Type:MIME-Version:Subject:Date:From:Sender: Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender :Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=QW97PjJBrkA2EKQOCRqnHZDdmpNJ/eB9tI5pbcNEAWA=; b=TZvtkQFR0m/d0jaQppnIbBVB8c cHPoXmCGND7JojH4Yt8EkjcMXKqDCmeyA89tJVPn2B+KbNq0ji9hXwdIsxWQ2Gp1uj5FSP5Vw9fzw Iei3UoiFF1bWCl9PgG0YhrrEKglTVnJuG0/+Rf/l2YTAB/KHNQKG50gCvCkswhUT2ygoZi0COGpuz WDL3JCJfmKuBBI97p0svOUxzc9DU7dbMFDW0y7NSRTf4iRkLft0n5P+gWNkocnkY/6uuMkkvPFRIa HRleLxzhFAq2TTQ0mFke4uVWXrsgx1bE9SOBP0n2q/WjyeWQT70+gdnakzb3ukZJB5VggsvkPBTBV 71/RvYZA==; Received: from [182.253.89.89] (port=29807 helo=Rusydis-MacBook-Air.local) by vittoria.id.domainesia.com with esmtpsa (TLS1.3) tls TLS_AES_256_GCM_SHA384 (Exim 4.99) (envelope-from ) id 1vasSA-0000000B53Y-2GVX; Wed, 31 Dec 2025 16:25:13 +0700 From: "Rusydi H. Makarim" Date: Wed, 31 Dec 2025 16:25:37 +0700 Subject: [PATCH v2 3/3] crypto: Crypto API implementation of Ascon-Hash256 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20251231-ascon_hash256-v2-3-ffc88a0bab4d@kriptograf.id> References: <20251231-ascon_hash256-v2-0-ffc88a0bab4d@kriptograf.id> In-Reply-To: <20251231-ascon_hash256-v2-0-ffc88a0bab4d@kriptograf.id> To: Herbert Xu , "David S. Miller" , Eric Biggers , "Jason A. Donenfeld" , Ard Biesheuvel Cc: linux-kernel@vger.kernel.org, linux-crypto@vger.kernel.org, "Rusydi H. Makarim" X-Mailer: b4 0.14.3 X-AuthUser: rusydi.makarim@kriptograf.id This commit implements Ascon-Hash256 for Crypto API Signed-off-by: Rusydi H. Makarim --- crypto/Kconfig | 7 +++++ crypto/Makefile | 1 + crypto/ascon_hash.c | 86 +++++++++++++++++++++++++++++++++++++++++++++++++= ++++ 3 files changed, 94 insertions(+) diff --git a/crypto/Kconfig b/crypto/Kconfig index 2e5b195b1b06..e671b5575535 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -1000,6 +1000,13 @@ config CRYPTO_SHA3 help SHA-3 secure hash algorithms (FIPS 202, ISO/IEC 10118-3) =20 +config CRYPTO_ASCON_HASH + tristate "Ascon-Hash" + select CRYPTO_HASH + select CRYPTO_LIB_ASCON_HASH + help + Ascon-Hash secure hash algorithms (NIST SP 800-232) + config CRYPTO_SM3_GENERIC tristate "SM3 (ShangMi 3)" select CRYPTO_HASH diff --git a/crypto/Makefile b/crypto/Makefile index 16a35649dd91..a697a92d2092 100644 --- a/crypto/Makefile +++ b/crypto/Makefile @@ -82,6 +82,7 @@ obj-$(CONFIG_CRYPTO_SHA3) +=3D sha3.o obj-$(CONFIG_CRYPTO_SM3_GENERIC) +=3D sm3_generic.o obj-$(CONFIG_CRYPTO_STREEBOG) +=3D streebog_generic.o obj-$(CONFIG_CRYPTO_WP512) +=3D wp512.o +obj-$(CONFIG_CRYPTO_ASCON_HASH) +=3D ascon_hash.o CFLAGS_wp512.o :=3D $(call cc-option,-fno-schedule-insns) # https://gcc.g= nu.org/bugzilla/show_bug.cgi?id=3D79149 obj-$(CONFIG_CRYPTO_BLAKE2B) +=3D blake2b.o obj-$(CONFIG_CRYPTO_ECB) +=3D ecb.o diff --git a/crypto/ascon_hash.c b/crypto/ascon_hash.c new file mode 100644 index 000000000000..2fa5e762fbc1 --- /dev/null +++ b/crypto/ascon_hash.c @@ -0,0 +1,86 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * Crypto API support for Ascon-Hash256 + * (https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-232.= pdf) + * + * Copyright (C) Rusydi H. Makarim + */ + +#include +#include +#include +#include + +#define ASCON_HASH256_CTX(desc) ((struct ascon_hash256_ctx *)shash_desc_ct= x(desc)) + +static int crypto_ascon_hash256_init(struct shash_desc *desc) +{ + ascon_hash256_init(ASCON_HASH256_CTX(desc)); + return 0; +} + +static int crypto_ascon_hash256_update(struct shash_desc *desc, const u8 *= data, + unsigned int len) +{ + ascon_hash256_update(ASCON_HASH256_CTX(desc), data, len); + return 0; +} + +static int crypto_ascon_hash256_final(struct shash_desc *desc, u8 *out) +{ + ascon_hash256_final(ASCON_HASH256_CTX(desc), out); + return 0; +} + +static int crypto_ascon_hash256_digest(struct shash_desc *desc, const u8 *= data, + unsigned int len, u8 *out) +{ + ascon_hash256(data, len, out); + return 0; +} + +static int crypto_ascon_hash256_export_core(struct shash_desc *desc, void = *out) +{ + memcpy(out, ASCON_HASH256_CTX(desc), sizeof(struct ascon_hash256_ctx)); + return 0; +} + +static int crypto_ascon_hash256_import_core(struct shash_desc *desc, + const void *in) +{ + memcpy(ASCON_HASH256_CTX(desc), in, sizeof(struct ascon_hash256_ctx)); + return 0; +} + +static struct shash_alg algs[] =3D { { + .digestsize =3D ASCON_HASH256_DIGEST_SIZE, + .init =3D crypto_ascon_hash256_init, + .update =3D crypto_ascon_hash256_update, + .final =3D crypto_ascon_hash256_final, + .digest =3D crypto_ascon_hash256_digest, + .export_core =3D crypto_ascon_hash256_export_core, + .import_core =3D crypto_ascon_hash256_import_core, + .descsize =3D sizeof(struct ascon_hash256_ctx), + .base.cra_name =3D "ascon-hash256", + .base.cra_driver_name =3D "ascon-hash256-lib", + .base.cra_blocksize =3D ASCON_HASH256_BLOCK_SIZE, + .base.cra_module =3D THIS_MODULE, +} }; + +static int __init crypto_ascon_hash256_mod_init(void) +{ + return crypto_register_shashes(algs, ARRAY_SIZE(algs)); +} +module_init(crypto_ascon_hash256_mod_init); + +static void __exit crypto_ascon_hash256_mod_exit(void) +{ + crypto_unregister_shashes(algs, ARRAY_SIZE(algs)); +} +module_exit(crypto_ascon_hash256_mod_exit); + +MODULE_LICENSE("GPL"); +MODULE_DESCRIPTION("Crypto API support for Ascon-Hash256"); + +MODULE_ALIAS_CRYPTO("ascon-hash256"); +MODULE_ALIAS_CRYPTO("ascon-hash256-lib"); --=20 2.52.0