/src/botan/build/include/public/botan/sphincsplus.h

Source (jump to first uncovered line)
/*
 * SLH-DSA - Stateless Hash-Based Digital Signature Standard - FIPS 205
 * Based on the creative commons (CC0 1.0) SPHINCS+ reference implementation by the
 * designers (https://github.com/sphincs/sphincsplus/)
 *
 * (C) 2023 Jack Lloyd
 *     2023 Fabian Albert, René Meusel, Rohde & Schwarz Cybersecurity
 *
 * Botan is released under the Simplified BSD License (see license.txt)
 **/

#ifndef BOTAN_SPHINCS_PLUS_H_
#define BOTAN_SPHINCS_PLUS_H_

#include <botan/pk_keys.h>
#include <botan/sp_parameters.h>

#include <memory>
#include <vector>

namespace Botan {

class SphincsPlus_PublicKeyInternal;
class SphincsPlus_PrivateKeyInternal;

/**
 * @brief An SLH-DSA (or SPHINCS+ Round 3.1) public key.
 *
 * For more information see the documentation of SphincsPlus_PrivateKey.
 */
class BOTAN_PUBLIC_API(3, 1) SphincsPlus_PublicKey : public virtual Public_Key {
   public:
      SphincsPlus_PublicKey(std::span<const uint8_t> pub_key, Sphincs_Parameter_Set type, Sphincs_Hash_Type hash);
      SphincsPlus_PublicKey(std::span<const uint8_t> pub_key, Sphincs_Parameters params);
      SphincsPlus_PublicKey(const AlgorithmIdentifier& alg_id, std::span<const uint8_t> key_bits);

      ~SphincsPlus_PublicKey() override;

      size_t key_length() const override;

      std::string algo_name() const override;

      size_t estimated_strength() const override;
      AlgorithmIdentifier algorithm_identifier() const override;
      OID object_identifier() const override;
      bool check_key(RandomNumberGenerator& rng, bool strong) const override;
      std::vector<uint8_t> raw_public_key_bits() const override;
      std::vector<uint8_t> public_key_bits() const override;

      std::unique_ptr<Private_Key> generate_another(RandomNumberGenerator& rng) const final;

      std::unique_ptr<PK_Ops::Verification> create_verification_op(std::string_view params,
                                                                   std::string_view provider) const override;

      std::unique_ptr<PK_Ops::Verification> create_x509_verification_op(const AlgorithmIdentifier& signature_algorithm,
                                                                        std::string_view provider) const override;

      bool supports_operation(PublicKeyOperation op) const override;

   protected:
      SphincsPlus_PublicKey() = default;

      std::shared_ptr<SphincsPlus_PublicKeyInternal> m_public;
};

BOTAN_DIAGNOSTIC_PUSH
BOTAN_DIAGNOSTIC_IGNORE_INHERITED_VIA_DOMINANCE

/**
 * @brief An SLH-DSA private key.
 *
 * This class represents an SLH-DSA private key (or a SPHINCS+ Round 3.1 private key).
 * Supported are all parameter sets defined in FIPS 205, Section 11. Parameter
 * sets are specified using the Sphincs_Parameter_Set and
 * Sphincs_Hash_Type enums, for example SLH-DSA-SHA2-128s is defined as
 * Sphincs_Parameter_Set::SLHDSA128Small and Sphincs_Hash_Type::Sha256.
 *
 * For legacy usage of SPHINCS+ Round 3 (not recommended), the parameter sets
 * Sphincs128Small, ..., Sphincs256Fast are used.
 *
 * Note that the parameter sets denoted as 'small' optimize for signature size
 * at the expense of signing speed, whereas 'fast' trades larger signatures for
 * faster signing speeds.
 *
 * This implementation is based on the SPHINCS+
 * https://github.com/sphincs/sphincsplus/commit/06f42f47491085ac879a72b486ca8edb10891963
 * which implements SPHINCS+ Specification Round 3.1 (https://sphincs.org/data/sphincs+-r3.1-specification.pdf).
 * The used tweaked hashes are implemented according to the variant 'simple' ('robust' is not supported).
 */
class BOTAN_PUBLIC_API(3, 1) SphincsPlus_PrivateKey final : public virtual SphincsPlus_PublicKey,
                                                            public virtual Private_Key {
   public:
      SphincsPlus_PrivateKey(std::span<const uint8_t> private_key, Sphincs_Parameter_Set type, Sphincs_Hash_Type hash);
      SphincsPlus_PrivateKey(std::span<const uint8_t> private_key, Sphincs_Parameters params);
      SphincsPlus_PrivateKey(const AlgorithmIdentifier& alg_id, std::span<const uint8_t> key_bits);
      SphincsPlus_PrivateKey(RandomNumberGenerator& rng, Sphincs_Parameter_Set type, Sphincs_Hash_Type hash);
      SphincsPlus_PrivateKey(RandomNumberGenerator& rng, Sphincs_Parameters params);

      ~SphincsPlus_PrivateKey() override;

      secure_vector<uint8_t> private_key_bits() const override;
      secure_vector<uint8_t> raw_private_key_bits() const override;
      std::unique_ptr<Public_Key> public_key() const override;

      std::unique_ptr<PK_Ops::Signature> create_signature_op(RandomNumberGenerator& rng,
                                                             std::string_view params,
                                                             std::string_view provider) const override;

   private:
      std::shared_ptr<SphincsPlus_PrivateKeyInternal> m_private;
};

BOTAN_DIAGNOSTIC_POP

}  // namespace Botan

#endif

Coverage Report

Created: 2025-04-11 06:34

Line	Count	Source (jump to first uncovered line)
1		/*
2		* SLH-DSA - Stateless Hash-Based Digital Signature Standard - FIPS 205
3		* Based on the creative commons (CC0 1.0) SPHINCS+ reference implementation by the
4		* designers (https://github.com/sphincs/sphincsplus/)
5		*
6		* (C) 2023 Jack Lloyd
7		* 2023 Fabian Albert, René Meusel, Rohde & Schwarz Cybersecurity
8		*
9		* Botan is released under the Simplified BSD License (see license.txt)
10		**/
11
12		#ifndef BOTAN_SPHINCS_PLUS_H_
13		#define BOTAN_SPHINCS_PLUS_H_
14
15		#include <botan/pk_keys.h>
16		#include <botan/sp_parameters.h>
17
18		#include <memory>
19		#include <vector>
20
21		namespace Botan {
22
23		class SphincsPlus_PublicKeyInternal;
24		class SphincsPlus_PrivateKeyInternal;
25
26		/**
27		* @brief An SLH-DSA (or SPHINCS+ Round 3.1) public key.
28		*
29		* For more information see the documentation of SphincsPlus_PrivateKey.
30		*/
31		class BOTAN_PUBLIC_API(3, 1) SphincsPlus_PublicKey : public virtual Public_Key {
32		public:
33		SphincsPlus_PublicKey(std::span<const uint8_t> pub_key, Sphincs_Parameter_Set type, Sphincs_Hash_Type hash);
34		SphincsPlus_PublicKey(std::span<const uint8_t> pub_key, Sphincs_Parameters params);
35		SphincsPlus_PublicKey(const AlgorithmIdentifier& alg_id, std::span<const uint8_t> key_bits);
36
37		~SphincsPlus_PublicKey() override;
38
39		size_t key_length() const override;
40
41		std::string algo_name() const override;
42
43		size_t estimated_strength() const override;
44		AlgorithmIdentifier algorithm_identifier() const override;
45		OID object_identifier() const override;
46		bool check_key(RandomNumberGenerator& rng, bool strong) const override;
47		std::vector<uint8_t> raw_public_key_bits() const override;
48		std::vector<uint8_t> public_key_bits() const override;
49
50		std::unique_ptr<Private_Key> generate_another(RandomNumberGenerator& rng) const final;
51
52		std::unique_ptr<PK_Ops::Verification> create_verification_op(std::string_view params,
53		std::string_view provider) const override;
54
55		std::unique_ptr<PK_Ops::Verification> create_x509_verification_op(const AlgorithmIdentifier& signature_algorithm,
56		std::string_view provider) const override;
57
58		bool supports_operation(PublicKeyOperation op) const override;
59
60		protected:
61	0	SphincsPlus_PublicKey() = default;
62
63		std::shared_ptr<SphincsPlus_PublicKeyInternal> m_public;
64		};
65
66		BOTAN_DIAGNOSTIC_PUSH
67		BOTAN_DIAGNOSTIC_IGNORE_INHERITED_VIA_DOMINANCE
68
69		/**
70		* @brief An SLH-DSA private key.
71		*
72		* This class represents an SLH-DSA private key (or a SPHINCS+ Round 3.1 private key).
73		* Supported are all parameter sets defined in FIPS 205, Section 11. Parameter
74		* sets are specified using the Sphincs_Parameter_Set and
75		* Sphincs_Hash_Type enums, for example SLH-DSA-SHA2-128s is defined as
76		* Sphincs_Parameter_Set::SLHDSA128Small and Sphincs_Hash_Type::Sha256.
77		*
78		* For legacy usage of SPHINCS+ Round 3 (not recommended), the parameter sets
79		* Sphincs128Small, ..., Sphincs256Fast are used.
80		*
81		* Note that the parameter sets denoted as 'small' optimize for signature size
82		* at the expense of signing speed, whereas 'fast' trades larger signatures for
83		* faster signing speeds.
84		*
85		* This implementation is based on the SPHINCS+
86		* https://github.com/sphincs/sphincsplus/commit/06f42f47491085ac879a72b486ca8edb10891963
87		* which implements SPHINCS+ Specification Round 3.1 (https://sphincs.org/data/sphincs+-r3.1-specification.pdf).
88		* The used tweaked hashes are implemented according to the variant 'simple' ('robust' is not supported).
89		*/
90		class BOTAN_PUBLIC_API(3, 1) SphincsPlus_PrivateKey final : public virtual SphincsPlus_PublicKey,
91		public virtual Private_Key {
92		public:
93		SphincsPlus_PrivateKey(std::span<const uint8_t> private_key, Sphincs_Parameter_Set type, Sphincs_Hash_Type hash);
94		SphincsPlus_PrivateKey(std::span<const uint8_t> private_key, Sphincs_Parameters params);
95		SphincsPlus_PrivateKey(const AlgorithmIdentifier& alg_id, std::span<const uint8_t> key_bits);
96		SphincsPlus_PrivateKey(RandomNumberGenerator& rng, Sphincs_Parameter_Set type, Sphincs_Hash_Type hash);
97		SphincsPlus_PrivateKey(RandomNumberGenerator& rng, Sphincs_Parameters params);
98
99		~SphincsPlus_PrivateKey() override;
100
101		secure_vector<uint8_t> private_key_bits() const override;
102		secure_vector<uint8_t> raw_private_key_bits() const override;
103		std::unique_ptr<Public_Key> public_key() const override;
104
105		std::unique_ptr<PK_Ops::Signature> create_signature_op(RandomNumberGenerator& rng,
106		std::string_view params,
107		std::string_view provider) const override;
108
109		private:
110		std::shared_ptr<SphincsPlus_PrivateKeyInternal> m_private;
111		};
112
113		BOTAN_DIAGNOSTIC_POP
114
115		} // namespace Botan
116
117		#endif