add Ascon-CXOF128

Author: newpavlov

ascon-hash256/src/block_api.rs

@@ -9,14 +9,14 @@ use digest::{
     consts::{U8, U32, U40},
 };
 
+const IV: u64 = 0x0000_0801_00CC_0002;
+
 /// Initial state of Ascon-Hash256
-const IV: State = [
-    0x9B1E_5494_E934_D681,
-    0x4BC3_A01E_3337_51D2,
-    0xAE65_396C_6B34_B81A,
-    0x3C7F_D4A4_D56A_4DB3,
-    0x1A5C_4649_06C5_976D,
-];
+const INIT_STATE: State = {
+    let mut state = [IV, 0, 0, 0, 0];
+    ascon::permute12(&mut state);
+    state
+};
 
 /// Ascon-Hash256 block-level hasher
 #[derive(Clone, Debug)]
@@ -27,7 +27,7 @@ pub struct AsconHash256Core {
 impl Default for AsconHash256Core {
     #[inline]
     fn default() -> Self {
-        Self { state: IV }
+        Self { state: INIT_STATE }
     }
 }
 
@@ -77,7 +77,7 @@ impl FixedOutputCore for AsconHash256Core {
 impl Reset for AsconHash256Core {
     #[inline]
     fn reset(&mut self) {
-        self.state = IV;
+        self.state = INIT_STATE;
     }
 }
 

ascon-xof128/src/block_api.rs

@@ -1,140 +1,13 @@
-use ascon::State;
-use digest::{
-    HashMarker, OutputSizeUser, Reset,
-    block_api::{
-        AlgorithmName, Block, BlockSizeUser, Buffer, BufferKindUser, Eager, ExtendableOutputCore,
-        UpdateCore, XofReaderCore,
-    },
-    common::hazmat::{DeserializeStateError, SerializableState, SerializedState},
-    consts::{U8, U32, U40},
-};
-
-const IV: State = [
-    0xDA82_CE76_8D94_47EB,
-    0xCC7C_E6C7_5F1E_F969,
-    0xE750_8FD7_8008_5631,
-    0x0EE0_EA53_416B_58CC,
-    0xE054_7524_DB6F_0BDE,
-];
-
-/// Ascon-XOF128 block-level hasher
-#[derive(Clone, Debug)]
-pub struct AsconXof128Core {
-    state: State,
-}
-
-impl Default for AsconXof128Core {
-    #[inline]
-    fn default() -> Self {
-        Self { state: IV }
-    }
-}
-
-impl HashMarker for AsconXof128Core {}
-
-impl BlockSizeUser for AsconXof128Core {
-    type BlockSize = U8;
-}
-
-impl BufferKindUser for AsconXof128Core {
-    type BufferKind = Eager;
-}
-
-impl OutputSizeUser for AsconXof128Core {
-    type OutputSize = U32;
-}
-
-impl UpdateCore for AsconXof128Core {
-    #[inline]
-    fn update_blocks(&mut self, blocks: &[Block<Self>]) {
-        for block in blocks {
-            self.state[0] ^= u64::from_le_bytes(block.0);
-            ascon::permute12(&mut self.state);
-        }
-    }
-}
-
-impl ExtendableOutputCore for AsconXof128Core {
-    type ReaderCore = AsconXofReaderCore;
-
-    fn finalize_xof_core(&mut self, buffer: &mut Buffer<Self>) -> Self::ReaderCore {
-        let len = buffer.get_pos();
-        let last_block = buffer.pad_with_zeros();
-        let pad = 1u64 << (8 * len);
-        self.state[0] ^= u64::from_le_bytes(last_block.0) ^ pad;
-
-        AsconXofReaderCore { state: self.state }
-    }
-}
-
-impl Reset for AsconXof128Core {
-    #[inline]
-    fn reset(&mut self) {
-        self.state = IV;
-    }
-}
-
-impl AlgorithmName for AsconXof128Core {
-    #[inline]
-    fn write_alg_name(f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result {
-        f.write_str("Ascon-XOF128")
-    }
-}
-
-impl SerializableState for AsconXof128Core {
-    type SerializedStateSize = U40;
-
-    #[inline]
-    fn serialize(&self) -> SerializedState<Self> {
-        let mut res = SerializedState::<Self>::default();
-        let mut chunks = res.chunks_exact_mut(size_of::<u64>());
-        for (src, dst) in self.state.iter().zip(&mut chunks) {
-            dst.copy_from_slice(&src.to_le_bytes());
-        }
-        assert!(chunks.into_remainder().is_empty());
-        res
-    }
-
-    #[inline]
-    fn deserialize(
-        serialized_state: &SerializedState<Self>,
-    ) -> Result<Self, DeserializeStateError> {
-        let state = core::array::from_fn(|i| {
-            let n = size_of::<u64>();
-            let chunk = &serialized_state[n * i..][..n];
-            u64::from_le_bytes(chunk.try_into().expect("chunk has correct length"))
-        });
-        Ok(Self { state })
-    }
-}
-
-impl Drop for AsconXof128Core {
-    #[inline]
-    fn drop(&mut self) {
-        #[cfg(feature = "zeroize")]
-        {
-            use digest::zeroize::Zeroize;
-            self.state.zeroize()
-        }
-    }
-}
-
-#[cfg(feature = "zeroize")]
-impl digest::zeroize::ZeroizeOnDrop for AsconXof128Core {}
-
-/// Ascon-XOF128 block-level reader
-#[derive(Clone, Debug)]
-pub struct AsconXofReaderCore {
-    state: State,
-}
-
-impl BlockSizeUser for AsconXofReaderCore {
-    type BlockSize = U8;
-}
-
-impl XofReaderCore for AsconXofReaderCore {
-    fn read_block(&mut self) -> Block<Self> {
-        ascon::permute12(&mut self.state);
-        self.state[0].to_le_bytes().into()
-    }
+mod cxof;
+mod reader;
+mod xof;
+
+pub use cxof::AsconCxof128Core;
+pub use reader::AsconXofReaderCore;
+pub use xof::AsconXof128Core;
+
+const fn init_state(iv: u64) -> ascon::State {
+    let mut state = [iv, 0, 0, 0, 0];
+    ascon::permute12(&mut state);
+    state
 }

ascon-xof128/src/block_api/cxof.rs

@@ -0,0 +1,149 @@
+use ascon::State;
+use digest::{
+    CustomizedInit, HashMarker, OutputSizeUser,
+    block_api::{
+        AlgorithmName, Block, BlockSizeUser, Buffer, BufferKindUser, Eager, ExtendableOutputCore,
+        UpdateCore,
+    },
+    common::hazmat::{DeserializeStateError, SerializableState, SerializedState},
+    consts::{U8, U32, U40},
+};
+
+use super::{AsconXofReaderCore, init_state};
+
+/// Maximum allowed length of customization strings in bits.
+const MAX_CUSTOM_LEN: usize = 2048;
+
+const IV: u64 = 0x0000_0800_00CC_0004;
+const INIT_STATE: State = init_state(IV);
+
+/// Ascon-CXOF128 block-level hasher
+#[derive(Clone, Debug)]
+pub struct AsconCxof128Core {
+    state: State,
+}
+
+impl Default for AsconCxof128Core {
+    #[inline]
+    fn default() -> Self {
+        Self::new_customized(&[])
+    }
+}
+
+impl CustomizedInit for AsconCxof128Core {
+    #[inline]
+    fn new_customized(customization: &[u8]) -> Self {
+        let bit_len = 8 * customization.len();
+        assert!(bit_len < MAX_CUSTOM_LEN);
+        let mut state = INIT_STATE;
+
+        state[0] ^= u64::try_from(bit_len).expect("bit_len is smaller than MAX_CUSTOM_LEN");
+
+        ascon::permute12(&mut state);
+
+        let mut blocks = customization.chunks_exact(size_of::<u64>());
+        for block in &mut blocks {
+            let block = block.try_into().expect("block has correct length");
+            state[0] ^= u64::from_le_bytes(block);
+            ascon::permute12(&mut state);
+        }
+
+        let last_block = blocks.remainder();
+        let len = last_block.len();
+
+        let mut buf = [0u8; 8];
+        buf[..len].copy_from_slice(last_block);
+
+        let pad = 1u64 << (8 * len);
+        state[0] ^= u64::from_le_bytes(buf) ^ pad;
+
+        ascon::permute12(&mut state);
+
+        Self { state }
+    }
+}
+
+impl HashMarker for AsconCxof128Core {}
+
+impl BlockSizeUser for AsconCxof128Core {
+    type BlockSize = U8;
+}
+
+impl BufferKindUser for AsconCxof128Core {
+    type BufferKind = Eager;
+}
+
+impl OutputSizeUser for AsconCxof128Core {
+    type OutputSize = U32;
+}
+
+impl UpdateCore for AsconCxof128Core {
+    #[inline]
+    fn update_blocks(&mut self, blocks: &[Block<Self>]) {
+        for block in blocks {
+            self.state[0] ^= u64::from_le_bytes(block.0);
+            ascon::permute12(&mut self.state);
+        }
+    }
+}
+
+impl ExtendableOutputCore for AsconCxof128Core {
+    type ReaderCore = AsconXofReaderCore;
+
+    fn finalize_xof_core(&mut self, buffer: &mut Buffer<Self>) -> Self::ReaderCore {
+        let len = buffer.get_pos();
+        let last_block = buffer.pad_with_zeros();
+        let pad = 1u64 << (8 * len);
+        self.state[0] ^= u64::from_le_bytes(last_block.0) ^ pad;
+
+        AsconXofReaderCore { state: self.state }
+    }
+}
+
+impl AlgorithmName for AsconCxof128Core {
+    #[inline]
+    fn write_alg_name(f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result {
+        f.write_str("Ascon-CXOF128")
+    }
+}
+
+impl SerializableState for AsconCxof128Core {
+    type SerializedStateSize = U40;
+
+    #[inline]
+    fn serialize(&self) -> SerializedState<Self> {
+        let mut res = SerializedState::<Self>::default();
+        let mut chunks = res.chunks_exact_mut(size_of::<u64>());
+        for (src, dst) in self.state.iter().zip(&mut chunks) {
+            dst.copy_from_slice(&src.to_le_bytes());
+        }
+        assert!(chunks.into_remainder().is_empty());
+        res
+    }
+
+    #[inline]
+    fn deserialize(
+        serialized_state: &SerializedState<Self>,
+    ) -> Result<Self, DeserializeStateError> {
+        let state = core::array::from_fn(|i| {
+            let n = size_of::<u64>();
+            let chunk = &serialized_state[n * i..][..n];
+            u64::from_le_bytes(chunk.try_into().expect("chunk has correct length"))
+        });
+        Ok(Self { state })
+    }
+}
+
+impl Drop for AsconCxof128Core {
+    #[inline]
+    fn drop(&mut self) {
+        #[cfg(feature = "zeroize")]
+        {
+            use digest::zeroize::Zeroize;
+            self.state.zeroize()
+        }
+    }
+}
+
+#[cfg(feature = "zeroize")]
+impl digest::zeroize::ZeroizeOnDrop for AsconCxof128Core {}

ascon-xof128/src/block_api/reader.rs

@@ -0,0 +1,22 @@
+use ascon::State;
+use digest::{
+    block_api::{Block, BlockSizeUser, XofReaderCore},
+    consts::U8,
+};
+
+/// Ascon-XOF128 block-level reader
+#[derive(Clone, Debug)]
+pub struct AsconXofReaderCore {
+    pub(super) state: State,
+}
+
+impl BlockSizeUser for AsconXofReaderCore {
+    type BlockSize = U8;
+}
+
+impl XofReaderCore for AsconXofReaderCore {
+    fn read_block(&mut self) -> Block<Self> {
+        ascon::permute12(&mut self.state);
+        self.state[0].to_le_bytes().into()
+    }
+}