ascon_hash256.c
Go to the documentation of this file.
1 /**
2  * @file ascon_hash256.c
3  * @brief Ascon-Hash256 hash function
4  *
5  * @section License
6  *
7  * SPDX-License-Identifier: GPL-2.0-or-later
8  *
9  * Copyright (C) 2010-2025 Oryx Embedded SARL. All rights reserved.
10  *
11  * This file is part of CycloneCRYPTO Open.
12  *
13  * This program is free software; you can redistribute it and/or
14  * modify it under the terms of the GNU General Public License
15  * as published by the Free Software Foundation; either version 2
16  * of the License, or (at your option) any later version.
17  *
18  * This program is distributed in the hope that it will be useful,
19  * but WITHOUT ANY WARRANTY; without even the implied warranty of
20  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21  * GNU General Public License for more details.
22  *
23  * You should have received a copy of the GNU General Public License
24  * along with this program; if not, write to the Free Software Foundation,
25  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
26  *
27  * @section Description
28  *
29  * Ascon-Hash256 is a cryptographic hash function that produces a 256-bit hash
30  * of the input messages, offering a security strength of 128 bits
31  *
32  * @author Oryx Embedded SARL (www.oryx-embedded.com)
33  * @version 2.5.0
34  **/
35 
36 //Switch to the appropriate trace level
37 #define TRACE_LEVEL CRYPTO_TRACE_LEVEL
38 
39 //Dependencies
40 #include "core/crypto.h"
41 #include "lwc/ascon_hash256.h"
42 
43 //Check crypto library configuration
44 #if (ASCON_HASH256_SUPPORT == ENABLED)
45 
46 //Ascon-Hash256 object identifier (0.0)
47 const uint8_t ASCON_HASH256_OID[1] = {0x00};
48 
49 //Common interface for hash algorithms
50 const HashAlgo asconHash256HashAlgo =
51 {
52  "Ascon-Hash256",
53  ASCON_HASH256_OID,
54  sizeof(ASCON_HASH256_OID),
55  sizeof(AsconHash256Context),
56  ASCON_HASH256_BLOCK_SIZE,
57  ASCON_HASH256_DIGEST_SIZE,
58  ASCON_HASH256_MIN_PAD_SIZE,
59  FALSE,
60  (HashAlgoCompute) asconHash256Compute,
61  (HashAlgoInit) asconHash256Init,
62  (HashAlgoUpdate) asconHash256Update,
63  (HashAlgoFinal) asconHash256Final,
64  NULL
65 };
66 
67 
68 /**
69  * @brief Digest a message using Ascon-Hash256
70  * @param[in] data Pointer to the message being hashed
71  * @param[in] length Length of the message
72  * @param[out] digest Pointer to the calculated digest
73  * @return Error code
74  **/
75 
76 __weak_func error_t asconHash256Compute(const void *data, size_t length, uint8_t *digest)
77 {
78 #if (CRYPTO_STATIC_MEM_SUPPORT == DISABLED)
79  AsconHash256Context *context;
80 #else
81  AsconHash256Context context[1];
82 #endif
83 
84  //Check parameters
85  if(data == NULL && length != 0)
86  return ERROR_INVALID_PARAMETER;
87 
88  if(digest == NULL)
89  return ERROR_INVALID_PARAMETER;
90 
91 #if (CRYPTO_STATIC_MEM_SUPPORT == DISABLED)
92  //Allocate a memory buffer to hold the Ascon-Hash256 context
93  context = cryptoAllocMem(sizeof(AsconHash256Context));
94  //Failed to allocate memory?
95  if(context == NULL)
96  return ERROR_OUT_OF_MEMORY;
97 #endif
98 
99  //Initialize the Ascon-Hash256 context
100  asconHash256Init(context);
101  //Digest the message
102  asconHash256Update(context, data, length);
103  //Finalize the Ascon-Hash256 message digest
104  asconHash256Final(context, digest);
105 
106 #if (CRYPTO_STATIC_MEM_SUPPORT == DISABLED)
107  //Free previously allocated memory
108  cryptoFreeMem(context);
109 #endif
110 
111  //Successful operation
112  return NO_ERROR;
113 }
114 
115 
116 /**
117  * @brief Initialize Ascon-Hash256 message digest context
118  * @param[in] context Pointer to the Ascon-Hash256 context to initialize
119  **/
120 
121 void asconHash256Init(AsconHash256Context *context)
122 {
123  //The 320-bit internal state of Ascon-Hash256 is initialized with the
124  //concatenation of the 64-bit IV and 256 zeroes
125  context->state.x[0] = 0x00CC0002;
126  context->state.x[1] = 0x00000801;
127  context->state.x[2] = 0;
128  context->state.x[3] = 0;
129  context->state.x[4] = 0;
130  context->state.x[5] = 0;
131  context->state.x[6] = 0;
132  context->state.x[7] = 0;
133  context->state.x[8] = 0;
134  context->state.x[9] = 0;
135 
136  //Apply Ascon-p[12] permutation
137  asconP(&context->state, 12);
138 
139  //Number of bytes in the buffer
140  context->length = 0;
141 }
142 
143 
144 /**
145  * @brief Update the Ascon-Hash256 context with a portion of the message being hashed
146  * @param[in] context Pointer to the Ascon-Hash256 context
147  * @param[in] data Pointer to the buffer being hashed
148  * @param[in] length Length of the buffer
149  **/
150 
151 void asconHash256Update(AsconHash256Context *context, const void *data, size_t length)
152 {
153  size_t n;
154 
155  //Process the incoming data
156  while(length > 0)
157  {
158  //The buffer can hold at most 8 bytes
159  n = MIN(length, 8 - context->length);
160 
161  //Copy the data to the buffer
162  osMemcpy(context->buffer + context->length, data, n);
163  //Adjust the length of the buffer
164  context->length += n;
165 
166  //Advance the data pointer
167  data = (uint8_t *) data + n;
168  //Remaining bytes to process
169  length -= n;
170 
171  //The message is partitioned into 64-bit blocks
172  if(context->length == 8)
173  {
174  //Each message block Mi is XORed with the state
175  context->state.x[0] ^= LOAD32LE(context->buffer);
176  context->state.x[1] ^= LOAD32LE(context->buffer + 4);
177 
178  //For all message blocks except the final block Mn,the XOR operation
179  //is immediately followed by applying Ascon-p[12] to the state
180  asconP(&context->state, 12);
181 
182  //The input buffer is empty
183  context->length = 0;
184  }
185  }
186 }
187 
188 
189 /**
190  * @brief Finish the Ascon-Hash256 message digest
191  * @param[in] context Pointer to the Ascon-Hash256 context
192  * @param[out] digest Calculated digest
193  **/
194 
195 void asconHash256Final(AsconHash256Context *context, uint8_t *digest)
196 {
197  size_t i;
198 
199  //Get the length of the partial block Mn~
200  i = context->length;
201 
202  //Appends a one followed by one or more zeroes to data
203  context->buffer[i++] = 0x01;
204 
205  //Partial block Mn~ is padded to a full block Mn
206  while(i < 8)
207  {
208  context->buffer[i++] = 0;
209  }
210 
211  //The final block Mn is XORed with the state
212  context->state.x[0] ^= LOAD32LE(context->buffer);
213  context->state.x[1] ^= LOAD32LE(context->buffer + 4);
214 
215  //The resulting 256-bit digest is the concatenation of hash blocks
216  for(i = 0; i < 4; i++)
217  {
218  //The state is updated by Ascon-p[12]
219  asconP(&context->state, 12);
220 
221  //The value of S[0:63] is then taken as hash block Hi
222  STORE32LE(context->state.x[0], digest + i * 8);
223  STORE32LE(context->state.x[1], digest + i * 8 + 4);
224  }
225 }
226 
227 #endif
HashAlgoInit
void(* HashAlgoInit)(void *context)
Definition: crypto.h:1027
asconHash256Init
void asconHash256Init(AsconHash256Context *context)
Initialize Ascon-Hash256 message digest context.
Definition: ascon_hash256.c:121
asconHash256Update
void asconHash256Update(AsconHash256Context *context, const void *data, size_t length)
Update the Ascon-Hash256 context with a portion of the message being hashed.
Definition: ascon_hash256.c:151
ASCON_HASH256_OID
const uint8_t ASCON_HASH256_OID[1]
Definition: ascon_hash256.c:47
asconHash256Compute
__weak_func error_t asconHash256Compute(const void *data, size_t length, uint8_t *digest)
Digest a message using Ascon-Hash256.
Definition: ascon_hash256.c:76
asconHash256Final
void asconHash256Final(AsconHash256Context *context, uint8_t *digest)
Finish the Ascon-Hash256 message digest.
Definition: ascon_hash256.c:195
data
uint8_t data[]
Definition: ethernet.h:222
STORE32LE
#define STORE32LE(a, p)
Definition: cpu_endian.h:279
ERROR_OUT_OF_MEMORY
@ ERROR_OUT_OF_MEMORY
Definition: error.h:63
ASCON_HASH256_DIGEST_SIZE
#define ASCON_HASH256_DIGEST_SIZE
Definition: ascon_hash256.h:46
HashAlgoUpdate
void(* HashAlgoUpdate)(void *context, const void *data, size_t length)
Definition: crypto.h:1029
ASCON_HASH256_BLOCK_SIZE
#define ASCON_HASH256_BLOCK_SIZE
Definition: ascon_hash256.h:44
FALSE
#define FALSE
Definition: os_port.h:46
ERROR_INVALID_PARAMETER
@ ERROR_INVALID_PARAMETER
Invalid parameter.
Definition: error.h:47
osMemcpy
#define osMemcpy(dest, src, length)
Definition: os_port.h:144
error_t
error_t
Error codes.
Definition: error.h:43
AsconState::x
uint32_t x[10]
Definition: ascon.h:49
AsconHash256Context
Ascon-Hash256 algorithm context.
Definition: ascon_hash256.h:63
crypto.h
General definitions for cryptographic algorithms.
length
uint8_t length
Definition: tcp.h:375
MIN
#define MIN(a, b)
Definition: os_port.h:63
HashAlgoFinal
void(* HashAlgoFinal)(void *context, uint8_t *digest)
Definition: crypto.h:1031
n
uint8_t n
Definition: dhcpv6_common.h:416
cryptoFreeMem
#define cryptoFreeMem(p)
Definition: crypto.h:826
asconHash256HashAlgo
const HashAlgo asconHash256HashAlgo
Definition: ascon_hash256.c:50
cryptoAllocMem
#define cryptoAllocMem(size)
Definition: crypto.h:821
ascon_hash256.h
Ascon-Hash256 hash function.
HashAlgo
Common interface for hash algorithms.
Definition: crypto.h:1082
LOAD32LE
#define LOAD32LE(p)
Definition: cpu_endian.h:203
ASCON_HASH256_MIN_PAD_SIZE
#define ASCON_HASH256_MIN_PAD_SIZE
Definition: ascon_hash256.h:48
HashAlgoCompute
error_t(* HashAlgoCompute)(const void *data, size_t length, uint8_t *digest)
Definition: crypto.h:1024
NO_ERROR
@ NO_ERROR
Success.
Definition: error.h:44
asconP
void asconP(AsconState *s, uint_t nr)
Ascon-p[rnd] permutation.
Definition: ascon.c:63