9#include <botan/sp_parameters.h>
11#include <botan/concepts.h>
12#include <botan/exceptn.h>
13#include <botan/internal/bit_ops.h>
14#include <botan/internal/fmt.h>
22std::pair<Sphincs_Parameter_Set, Sphincs_Hash_Type> set_and_hash_from_name(std::string_view name) {
24 if(name ==
"SphincsPlus-sha2-128s-r3.1") {
27 if(name ==
"SphincsPlus-sha2-128f-r3.1") {
30 if(name ==
"SphincsPlus-sha2-192s-r3.1") {
33 if(name ==
"SphincsPlus-sha2-192f-r3.1") {
36 if(name ==
"SphincsPlus-sha2-256s-r3.1") {
39 if(name ==
"SphincsPlus-sha2-256f-r3.1") {
43 if(name ==
"SphincsPlus-shake-128s-r3.1") {
46 if(name ==
"SphincsPlus-shake-128f-r3.1") {
49 if(name ==
"SphincsPlus-shake-192s-r3.1") {
52 if(name ==
"SphincsPlus-shake-192f-r3.1") {
55 if(name ==
"SphincsPlus-shake-256s-r3.1") {
58 if(name ==
"SphincsPlus-shake-256f-r3.1") {
62 if(name ==
"SphincsPlus-haraka-128s-r3.1") {
65 if(name ==
"SphincsPlus-haraka-128f-r3.1") {
68 if(name ==
"SphincsPlus-haraka-192s-r3.1") {
71 if(name ==
"SphincsPlus-haraka-192f-r3.1") {
74 if(name ==
"SphincsPlus-haraka-256s-r3.1") {
77 if(name ==
"SphincsPlus-haraka-256f-r3.1") {
82 if(name ==
"SLH-DSA-SHA2-128s") {
85 if(name ==
"SLH-DSA-SHA2-128f") {
88 if(name ==
"SLH-DSA-SHA2-192s") {
91 if(name ==
"SLH-DSA-SHA2-192f") {
94 if(name ==
"SLH-DSA-SHA2-256s") {
97 if(name ==
"SLH-DSA-SHA2-256f") {
101 if(name ==
"SLH-DSA-SHAKE-128s") {
104 if(name ==
"SLH-DSA-SHAKE-128f") {
107 if(name ==
"SLH-DSA-SHAKE-192s") {
110 if(name ==
"SLH-DSA-SHAKE-192f") {
113 if(name ==
"SLH-DSA-SHAKE-256s") {
116 if(name ==
"SLH-DSA-SHAKE-256f") {
121 if(name ==
"Hash-SLH-DSA-SHA2-128s-with-SHA256") {
124 if(name ==
"Hash-SLH-DSA-SHA2-128f-with-SHA256") {
127 if(name ==
"Hash-SLH-DSA-SHA2-192s-with-SHA512") {
130 if(name ==
"Hash-SLH-DSA-SHA2-192f-with-SHA512") {
133 if(name ==
"Hash-SLH-DSA-SHA2-256s-with-SHA512") {
136 if(name ==
"Hash-SLH-DSA-SHA2-256f-with-SHA512") {
140 if(name ==
"Hash-SLH-DSA-SHAKE-128s-with-SHAKE128") {
143 if(name ==
"Hash-SLH-DSA-SHAKE-128f-with-SHAKE128") {
146 if(name ==
"Hash-SLH-DSA-SHAKE-192s-with-SHAKE256") {
149 if(name ==
"Hash-SLH-DSA-SHAKE-192f-with-SHAKE256") {
152 if(name ==
"Hash-SLH-DSA-SHAKE-256s-with-SHAKE256") {
155 if(name ==
"Hash-SLH-DSA-SHAKE-256f-with-SHAKE256") {
159 throw Lookup_Error(
fmt(
"No SLH-DSA (or SPHINCS+) parameter supported for: {}", name));
166 return "SphincsPlus-sha2-128s-r3.1";
168 return "SphincsPlus-sha2-128f-r3.1";
170 return "SphincsPlus-sha2-192s-r3.1";
172 return "SphincsPlus-sha2-192f-r3.1";
174 return "SphincsPlus-sha2-256s-r3.1";
176 return "SphincsPlus-sha2-256f-r3.1";
179 return "SLH-DSA-SHA2-128s";
181 return "SLH-DSA-SHA2-128f";
183 return "SLH-DSA-SHA2-192s";
185 return "SLH-DSA-SHA2-192f";
187 return "SLH-DSA-SHA2-256s";
189 return "SLH-DSA-SHA2-256f";
196 return "SphincsPlus-shake-128s-r3.1";
198 return "SphincsPlus-shake-128f-r3.1";
200 return "SphincsPlus-shake-192s-r3.1";
202 return "SphincsPlus-shake-192f-r3.1";
204 return "SphincsPlus-shake-256s-r3.1";
206 return "SphincsPlus-shake-256f-r3.1";
209 return "SLH-DSA-SHAKE-128s";
211 return "SLH-DSA-SHAKE-128f";
213 return "SLH-DSA-SHAKE-192s";
215 return "SLH-DSA-SHAKE-192f";
217 return "SLH-DSA-SHAKE-256s";
219 return "SLH-DSA-SHAKE-256f";
226 return "SphincsPlus-haraka-128s-r3.1";
228 return "SphincsPlus-haraka-128f-r3.1";
230 return "SphincsPlus-haraka-192s-r3.1";
232 return "SphincsPlus-haraka-192f-r3.1";
234 return "SphincsPlus-haraka-256s-r3.1";
236 return "SphincsPlus-haraka-256f-r3.1";
281 m_set(set), m_hash_type(hash_type), m_n(n), m_h(h), m_d(d), m_a(a), m_k(k), m_w(w), m_bitsec(bitsec) {
282 BOTAN_ARG_CHECK(!(hash_type == Sphincs_Hash_Type::Haraka && is_slh_dsa_set(set)),
283 "Haraka is not available for SLH-DSA");
284 BOTAN_ARG_CHECK(w == 4 || w == 16 || w == 256,
"Winternitz parameter must be one of 4, 16, 256");
285 BOTAN_ARG_CHECK(n == 16 || n == 24 || n == 32,
"n must be one of 16, 24, 32");
288 m_xmss_tree_height = m_h / m_d;
296 m_wots_len1 = (m_n * 8) / m_lg_w;
299 m_wots_len2 =
ceil_log2(m_wots_len1 * (m_w - 1)) / m_lg_w + 1;
302 m_wots_len = m_wots_len1 + m_wots_len2;
305 m_wots_bytes = m_wots_len * m_n;
308 m_wots_checksum_bytes =
ceil_tobytes(m_wots_len2 * m_lg_w);
310 m_fors_sig_bytes = (m_a + 1) * m_k * m_n;
315 m_xmss_sig_bytes = m_wots_bytes + m_xmss_tree_height * m_n;
316 m_ht_sig_bytes = m_d * m_xmss_sig_bytes;
317 m_sp_sig_bytes = m_n + m_fors_sig_bytes + m_ht_sig_bytes;
319 m_tree_digest_bytes =
ceil_tobytes(m_h - m_xmss_tree_height);
321 m_h_msg_digest_bytes = m_fors_message_bytes + m_tree_digest_bytes + m_leaf_digest_bytes;
325 [[maybe_unused]]
const bool is_slh_dsa = is_slh_dsa_set(m_set);
326#ifdef BOTAN_HAS_SLH_DSA_WITH_SHA2
331#ifdef BOTAN_HAS_SLH_DSA_WITH_SHAKE
336#ifdef BOTAN_HAS_SPHINCS_PLUS_WITH_SHA2
341#ifdef BOTAN_HAS_SPHINCS_PLUS_WITH_SHAKE
355 return Sphincs_Parameters(set, hash, 16, 63, 7, 12, 14, 16, 133);
358 return Sphincs_Parameters(set, hash, 16, 66, 22, 6, 33, 16, 128);
362 return Sphincs_Parameters(set, hash, 24, 63, 7, 14, 17, 16, 193);
365 return Sphincs_Parameters(set, hash, 24, 66, 22, 8, 33, 16, 194);
369 return Sphincs_Parameters(set, hash, 32, 64, 8, 14, 22, 16, 255);
372 return Sphincs_Parameters(set, hash, 32, 68, 17, 9, 35, 16, 255);
378 auto [param_set,
hash_type] = set_and_hash_from_name(name);
383 return is_slh_dsa_set(m_set);
387 switch(m_hash_type) {
391 return fmt(
"SHAKE-256({})", 8 *
n());
#define BOTAN_ASSERT_NOMSG(expr)
#define BOTAN_ARG_CHECK(expr, msg)
#define BOTAN_ASSERT_UNREACHABLE()
std::string to_formatted_string() const
static OID from_string(std::string_view str)
Sphincs_Parameter_Set parameter_set() const
std::string to_string() const
AlgorithmIdentifier algorithm_identifier() const
std::string hash_name() const
bool is_available() const
OID object_identifier() const
Sphincs_Hash_Type hash_type() const
static Sphincs_Parameters create(Sphincs_Parameter_Set set, Sphincs_Hash_Type hash)
std::string fmt(std::string_view format, const T &... args)
@ Haraka
Haraka is currently not supported.
constexpr T ceil_tobytes(T bits)
constexpr uint8_t ceil_log2(T x)