Add keccak_256 hashing

README.md

@@ -14,7 +14,7 @@ The Ballerina `crypto` library facilitates APIs to do operations like hashing, H
 
 ### Hashes
 
-The `crypto` library supports generating hashes with 5 different hash algorithms MD5, SHA1, SHA256, SHA384, and SHA512. Also, it supports generating the CRC32B checksum.
+The `crypto` library supports generating hashes with 6 different hash algorithms MD5, SHA1, SHA256, SHA384, SHA512, and Keccak256. Also, it supports generating the CRC32B checksum.
 
 ### HMAC
 

ballerina/README.md

@@ -6,7 +6,7 @@ The Ballerina `crypto` module facilitates APIs to do operations like hashing, HM
 
 ### Hashes
 
-The `crypto` module supports generating hashes with 5 different hash algorithms MD5, SHA1, SHA256, SHA384, and SHA512. Also, it supports generating the CRC32B checksum.
+The `crypto` module supports generating hashes with 6 different hash algorithms MD5, SHA1, SHA256, SHA384, SHA512, and Keccak256. Also, it supports generating the CRC32B checksum.
 
 ### HMAC
 

ballerina/hash.bal

@@ -105,6 +105,21 @@ public isolated function crc32b(byte[] input) returns string = @java:Method {
     'class: "io.ballerina.stdlib.crypto.nativeimpl.Hash"
 } external;
 
+# Returns the Keccak-256 hash of the given data.
+# ```ballerina
+# string dataString = "Hello Ballerina";
+# byte[] data = dataString.toBytes();
+# byte[] hash = crypto:hashKeccak256(data);
+# ```
+#
+# + input - Value to be hashed
+# + salt - Salt to be added
+# + return - Hashed output
+public isolated function hashKeccak256(byte[] input, byte[]? salt = ()) returns byte[] = @java:Method {
+    name: "hashKeccak256",
+    'class: "io.ballerina.stdlib.crypto.nativeimpl.Hash"
+} external;
+
 # Returns a BCrypt hash of the given password with optional work factor.
 # ```ballerina
 # string password = "mySecurePassword123";
@@ -164,4 +179,3 @@ public isolated function verifyArgon2(string password, string hashedPassword) re
     name: "verifyPasswordArgon2",
     'class: "io.ballerina.stdlib.crypto.nativeimpl.PasswordArgon2"
 } external;
-

ballerina/tests/hash_test.bal

@@ -134,6 +134,15 @@ isolated function testHashSha512WithSalt() {
     test:assertEquals(hashSha512(input, salt).toBase16(), expectedSha512Hash);
 }
 
+
+@test:Config {}
+isolated function testHashKeccak256() {
+    byte[] input = "Ballerina test".toBytes();
+    string expectedKeccak256Hash =
+        "73b6cc25ab0656625ee654a6cdc8f1d1803a6330fba4f4bf5bd6b9018f7d3131";
+    test:assertEquals(hashKeccak256(input).toBase16(), expectedKeccak256Hash);
+}
+
 // tests for Argon2
 @test:Config {}
 isolated function testHashPasswordArgon2Default() returns error? {

changelog.md

@@ -7,6 +7,11 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 
 ## [Unreleased]
 
+### Added
+- [Introduce Keccak-256 hashing algorithm](https://github.com/ballerina-platform/ballerina-library/issues/7509)
+
+## [2.7.3] - 2025-01-20
+
 ### Added
 - [Introduce new APIs to support PGP encryption and decryption with streams](https://github.com/ballerina-platform/ballerina-library/issues/7064)
 - [Introduce new APIs to support Bcrypt and Argon2 hashing and verification](https://github.com/ballerina-platform/ballerina-library/issues/2744)

docs/proposals/keccak-256-hashing-support.md

@@ -0,0 +1,37 @@
+# Proposal: Introduce support for keccak-256 hashing in the Ballerina Crypto Module
+
+_Authors_: @thil4n  
+_Reviewers_:   
+_Created_: 2024/05/29  
+_Updated_: 2022/05/29  
+_Issue_: [#7509](https://github.com/ballerina-platform/ballerina-library/issues/7509)  
+
+## Summary
+
+This proposal introduces support for the keccak-256 hashing algorithm in the Ballerina Crypto Module. The keccak-256 algorithm is a cryptographic hash function and a critical component of many blockchain systems, including Ethereum. Adding keccak-256 will expand the cryptographic capabilities of the Ballerina Crypto Module.
+
+## Goals
+
+- Provide support for the keccak-256 hashing algorithm in the Ballerina Crypto Module.
+
+## Motivation
+
+The Ballerina Crypto Module currently supports several hashing algorithms, such as SHA-256, SHA-512, and others. However, keccak-256, a widely-used cryptographic hash function, is not yet supported. This function is essential for blockchain applications, as it is the primary hashing algorithm in Ethereum.
+
+The lack of native support for keccak-256 requires developers to rely on external libraries or workarounds, which adds complexity and reduces the seamless integration of blockchain-related functionality in Ballerina. Adding native support for keccak-256 will address this gap and enhance Ballerina's suitability for blockchain-related projects.
+
+## Description
+
+This proposal adds keccak-256 hashing to the Ballerina Crypto Module.
+
+The key functionalities expected from this change are as follows,
+
+- API to retrieve the hash of the input with `crypto:hashKeccak256`.
+
+### API additions
+
+A new API will be added to retrieve the hash of the input with `crypto:hashKeccak256`
+
+```ballerina
+public isolated function hashKeccak256(byte[] input, byte[]? salt = ()) returns byte[];
+```

docs/spec/spec.md

@@ -3,7 +3,7 @@
 _Owners_: @shafreenAnfar @bhashinee  
 _Reviewers_: @shafreenAnfar  
 _Created_: 2022/08/23  
-_Updated_: 2024/03/26  
+_Updated_: 2025/01/20  
 _Edition_: Swan Lake  
 
 ## Introduction
@@ -25,6 +25,7 @@ The conforming implementation of the specification is released and included in t
    * 2.4. [SHA384](#24-sha384)
    * 2.5. [SHA512](#25-sha512)
    * 2.6. [CRC32B](#26-crc32b)
+   * 2.7. [KECCAK256](#27-keccak256)
 3. [HMAC](#3-hmac)
    * 3.1. [MD5](#31-md5)
    * 3.2. [SHA1](#32-sha1)
@@ -168,6 +169,15 @@ byte[] data = stringData.toBytes();
 string checksum = crypto:crc32b(data);
 ```
 
+### 2.7. [KECCAK256](#27-keccak256)
+
+This API can be used to create the Hex-encoded KECCAK-256 value of the given data.
+```ballerina
+string stringData = "Hello Ballerina";
+byte[] data = stringData.toBytes();
+string checksum = crypto:hashKeccak256(data);
+```
+
 ## 3. [HMAC](#3-hmac)
 
 The `crypto` library supports generating HMAC with 5 different hash algorithms: MD5, SHA1, SHA256, SHA384, and SHA512.

native/bin/main/META-INF/native-image/io.ballerina.stdlib/crypto-native/native-image.properties

@@ -0,0 +1,19 @@
+# Copyright (c) 2022, WSO2 LLC. (https://www.wso2.com) All Rights Reserved.
+#
+# WSO2 LLC. licenses this file to you under the Apache License,
+# Version 2.0 (the "License"); you may not use this file except
+# in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+Args = --initialize-at-run-time=org.bouncycastle.jcajce.provider.drbg.DRBG\$Default \
+       --initialize-at-run-time=org.bouncycastle.jcajce.provider.drbg.DRBG\$NonceAndIV \
+       --features=io.ballerina.stdlib.crypto.svm.BouncyCastleFeature