/src/botan/build/include/public/botan/sp_parameters.h

Source (jump to first uncovered line)
/*
 * SLH-DSA Parameters
 * (C) 2023 Jack Lloyd
 *     2023 Fabian Albert, René Meusel, Amos Treiber - Rohde & Schwarz Cybersecurity
 *
 * Botan is released under the Simplified BSD License (see license.txt)
 */

#ifndef BOTAN_SP_PARAMS_H_
#define BOTAN_SP_PARAMS_H_

#include <botan/asn1_obj.h>

#include <string_view>

namespace Botan {

enum class Sphincs_Hash_Type : uint8_t {
   Shake256,
   Sha256,
   Haraka BOTAN_DEPRECATED("Haraka is not and will not be supported"),  ///< Haraka is currently not supported
};

enum class Sphincs_Parameter_Set : uint8_t {
   Sphincs128Small,
   Sphincs128Fast,
   Sphincs192Small,
   Sphincs192Fast,
   Sphincs256Small,
   Sphincs256Fast,

   SLHDSA128Small,
   SLHDSA128Fast,
   SLHDSA192Small,
   SLHDSA192Fast,
   SLHDSA256Small,
   SLHDSA256Fast,
};

/**
 * Container for all SLH-DSA parameters defined by a specific instance (see
 * FIPS 205, Table 2). Also contains getters for various
 * parameters that are derived from the given parameters.
 */
class BOTAN_PUBLIC_API(3, 1) Sphincs_Parameters final {
   public:
      static Sphincs_Parameters create(Sphincs_Parameter_Set set, Sphincs_Hash_Type hash);
      static Sphincs_Parameters create(std::string_view name);
      static Sphincs_Parameters create(const OID& oid);

      /**
       * @returns true iff the given parameter set and hash combination is available
       * in this build. Note that parameter sets can only be used if this function
       * evaluates to true.
       */
      bool is_available() const;

      /**
       * @returns the OID of the algorithm specified by those parameters
       */
      OID object_identifier() const;

      /**
       * @returns the algorithm specifier for the selected parameter set
       */
      AlgorithmIdentifier algorithm_identifier() const;

      /**
       * @returns the hash type used by those parameters
       */
      Sphincs_Hash_Type hash_type() const { return m_hash_type; }

      /**
       * @returns the generic algorithm parameterization set to be used by those parameters
       */
      Sphincs_Parameter_Set parameter_set() const { return m_set; }

      /**
       * @returns true for SLH-DSA parameter sets. False for SPHINCS+ Round 3.1 parameter sets.
       */
      bool is_slh_dsa() const;

      /**
       * @returns a string representation of this parameter set
       */
      std::string to_string() const;

      /**
       * @returns the algorithm specifier of the hash function to be used
       */
      std::string hash_name() const;

      /**
       * @returns SLH-DSA security parameter in bytes
       */
      size_t n() const { return m_n; }

      /**
       * @returns Height of the SLH-DSA hypertree
       */
      uint32_t h() const { return m_h; }

      /**
       * @returns Number of XMSS layers in the SLH-DSA hypertree
       */
      uint32_t d() const { return m_d; }

      /**
       * This is the desired height of the FORS trees, aka `log(t)` with t being
       * the number of leaves in each FORS tree.
       *
       * @returns Height of the FORS trees
       */
      uint32_t a() const { return m_a; }

      /**
       * @returns Number of FORS trees to use
       */
      uint32_t k() const { return m_k; }

      /**
       * @returns the Winternitz parameter for WOTS+ signatures
       */
      uint32_t w() const { return m_w; }

      /**
       * @returns the bit security given by Table 3 (NIST R3.1 submission, page 39) for the
       *          selected parameter set
       */
      uint32_t bitsec() const { return m_bitsec; }

      /**
       * @returns the tree height of an XMSS tree
       */
      uint32_t xmss_tree_height() const { return m_xmss_tree_height; }

      /**
       * @returns the byte length of a single xmss signature
       */
      uint32_t xmss_signature_bytes() const { return m_xmss_sig_bytes; }

      /**
       * @returns the byte length of a the xmss hypertree signature
       */
      uint32_t ht_signature_bytes() const { return m_ht_sig_bytes; }

      /**
       * @returns the base 2 logarithm of the Winternitz parameter for WOTS+ signatures
       */
      uint32_t log_w() const { return m_lg_w; }

      /**
       * @returns the len1 parameter for WOTS+ signatures
       */
      uint32_t wots_len_1() const { return m_wots_len1; }

      /**
       * @returns the len2 parameter for WOTS+ signatures
       */
      uint32_t wots_len_2() const { return m_wots_len2; }

      /**
       * @returns the len parameter for WOTS+ signatures
       */
      uint32_t wots_len() const { return m_wots_len; }

      /**
       * @returns the byte length of a WOTS+ signature
       */
      uint32_t wots_bytes() const { return m_wots_bytes; }

      /**
       * @returns the number of bytes a WOTS+ signature consists of
       */
      uint32_t wots_checksum_bytes() const { return m_wots_checksum_bytes; }

      /**
       * @returns the byte length of a FORS signature
       */
      uint32_t fors_signature_bytes() const { return m_fors_sig_bytes; }

      /**
       * @returns the byte length of the FORS input message
       */
      uint32_t fors_message_bytes() const { return m_fors_message_bytes; }

      /**
       * @returns the byte length of a SLH-DSA signature
       */
      uint32_t sphincs_signature_bytes() const { return m_sp_sig_bytes; }

      /**
       * @returns the byte length of an encoded public key for this parameter set
       */
      uint32_t public_key_bytes() const { return m_n * 2; }

      /**
       * @returns the byte length of an encoded private key for this parameter set
       */
      uint32_t private_key_bytes() const { return m_n * 2 + public_key_bytes(); }

      /**
       * @returns the byte length of the tree index output of H_msg
       */
      uint32_t tree_digest_bytes() const { return m_tree_digest_bytes; }

      /**
       * @returns the byte length of the leaf index output of H_msg
       */
      uint32_t leaf_digest_bytes() const { return m_leaf_digest_bytes; }

      /**
       * @returns the byte length of the output of H_msg. Corresponds to
       *          'm' of FIPS 205, Table 2.
       */
      uint32_t h_msg_digest_bytes() const { return m_h_msg_digest_bytes; }

   private:
      Sphincs_Parameters(Sphincs_Parameter_Set set,
                         Sphincs_Hash_Type hash_type,
                         uint32_t n,
                         uint32_t h,
                         uint32_t d,
                         uint32_t a,
                         uint32_t k,
                         uint32_t w,
                         uint32_t bitsec);

   private:
      Sphincs_Parameter_Set m_set;
      Sphincs_Hash_Type m_hash_type;
      uint32_t m_n;
      uint32_t m_h;
      uint32_t m_d;
      uint32_t m_a;
      uint32_t m_k;
      uint32_t m_w;
      uint32_t m_bitsec;
      uint32_t m_lg_w;
      uint32_t m_wots_len1;
      uint32_t m_wots_len2;
      uint32_t m_wots_len;
      uint32_t m_wots_bytes;
      uint32_t m_wots_checksum_bytes;
      uint32_t m_fors_message_bytes;
      uint32_t m_fors_sig_bytes;
      uint32_t m_sp_sig_bytes;
      uint32_t m_xmss_tree_height;
      uint32_t m_xmss_sig_bytes;
      uint32_t m_ht_sig_bytes;

      uint32_t m_tree_digest_bytes;
      uint32_t m_leaf_digest_bytes;
      uint32_t m_h_msg_digest_bytes;
};

}  // namespace Botan

#endif

Coverage Report

Created: 2025-07-31 06:10

Line	Count	Source (jump to first uncovered line)
1		/*
2		* SLH-DSA Parameters
3		* (C) 2023 Jack Lloyd
4		* 2023 Fabian Albert, René Meusel, Amos Treiber - Rohde & Schwarz Cybersecurity
5		*
6		* Botan is released under the Simplified BSD License (see license.txt)
7		*/
8
9		#ifndef BOTAN_SP_PARAMS_H_
10		#define BOTAN_SP_PARAMS_H_
11
12		#include <botan/asn1_obj.h>
13
14		#include <string_view>
15
16		namespace Botan {
17
18		enum class Sphincs_Hash_Type : uint8_t {
19		Shake256,
20		Sha256,
21		Haraka BOTAN_DEPRECATED("Haraka is not and will not be supported"), ///< Haraka is currently not supported
22		};
23
24		enum class Sphincs_Parameter_Set : uint8_t {
25		Sphincs128Small,
26		Sphincs128Fast,
27		Sphincs192Small,
28		Sphincs192Fast,
29		Sphincs256Small,
30		Sphincs256Fast,
31
32		SLHDSA128Small,
33		SLHDSA128Fast,
34		SLHDSA192Small,
35		SLHDSA192Fast,
36		SLHDSA256Small,
37		SLHDSA256Fast,
38		};
39
40		/**
41		* Container for all SLH-DSA parameters defined by a specific instance (see
42		* FIPS 205, Table 2). Also contains getters for various
43		* parameters that are derived from the given parameters.
44		*/
45		class BOTAN_PUBLIC_API(3, 1) Sphincs_Parameters final {
46		public:
47		static Sphincs_Parameters create(Sphincs_Parameter_Set set, Sphincs_Hash_Type hash);
48		static Sphincs_Parameters create(std::string_view name);
49		static Sphincs_Parameters create(const OID& oid);
50
51		/**
52		* @returns true iff the given parameter set and hash combination is available
53		* in this build. Note that parameter sets can only be used if this function
54		* evaluates to true.
55		*/
56		bool is_available() const;
57
58		/**
59		* @returns the OID of the algorithm specified by those parameters
60		*/
61		OID object_identifier() const;
62
63		/**
64		* @returns the algorithm specifier for the selected parameter set
65		*/
66		AlgorithmIdentifier algorithm_identifier() const;
67
68		/**
69		* @returns the hash type used by those parameters
70		*/
71	15	Sphincs_Hash_Type hash_type() const { return m_hash_type; }
72
73		/**
74		* @returns the generic algorithm parameterization set to be used by those parameters
75		*/
76	15	Sphincs_Parameter_Set parameter_set() const { return m_set; }
77
78		/**
79		* @returns true for SLH-DSA parameter sets. False for SPHINCS+ Round 3.1 parameter sets.
80		*/
81		bool is_slh_dsa() const;
82
83		/**
84		* @returns a string representation of this parameter set
85		*/
86		std::string to_string() const;
87
88		/**
89		* @returns the algorithm specifier of the hash function to be used
90		*/
91		std::string hash_name() const;
92
93		/**
94		* @returns SLH-DSA security parameter in bytes
95		*/
96	12	size_t n() const { return m_n; }
97
98		/**
99		* @returns Height of the SLH-DSA hypertree
100		*/
101	0	uint32_t h() const { return m_h; }
102
103		/**
104		* @returns Number of XMSS layers in the SLH-DSA hypertree
105		*/
106	0	uint32_t d() const { return m_d; }
107
108		/**
109		* This is the desired height of the FORS trees, aka `log(t)` with t being
110		* the number of leaves in each FORS tree.
111		*
112		* @returns Height of the FORS trees
113		*/
114	0	uint32_t a() const { return m_a; }
115
116		/**
117		* @returns Number of FORS trees to use
118		*/
119	0	uint32_t k() const { return m_k; }
120
121		/**
122		* @returns the Winternitz parameter for WOTS+ signatures
123		*/
124	0	uint32_t w() const { return m_w; }
125
126		/**
127		* @returns the bit security given by Table 3 (NIST R3.1 submission, page 39) for the
128		* selected parameter set
129		*/
130	0	uint32_t bitsec() const { return m_bitsec; }
131
132		/**
133		* @returns the tree height of an XMSS tree
134		*/
135	0	uint32_t xmss_tree_height() const { return m_xmss_tree_height; }
136
137		/**
138		* @returns the byte length of a single xmss signature
139		*/
140	0	uint32_t xmss_signature_bytes() const { return m_xmss_sig_bytes; }
141
142		/**
143		* @returns the byte length of a the xmss hypertree signature
144		*/
145	0	uint32_t ht_signature_bytes() const { return m_ht_sig_bytes; }
146
147		/**
148		* @returns the base 2 logarithm of the Winternitz parameter for WOTS+ signatures
149		*/
150	0	uint32_t log_w() const { return m_lg_w; }
151
152		/**
153		* @returns the len1 parameter for WOTS+ signatures
154		*/
155	0	uint32_t wots_len_1() const { return m_wots_len1; }
156
157		/**
158		* @returns the len2 parameter for WOTS+ signatures
159		*/
160	0	uint32_t wots_len_2() const { return m_wots_len2; }
161
162		/**
163		* @returns the len parameter for WOTS+ signatures
164		*/
165	0	uint32_t wots_len() const { return m_wots_len; }
166
167		/**
168		* @returns the byte length of a WOTS+ signature
169		*/
170	0	uint32_t wots_bytes() const { return m_wots_bytes; }
171
172		/**
173		* @returns the number of bytes a WOTS+ signature consists of
174		*/
175	0	uint32_t wots_checksum_bytes() const { return m_wots_checksum_bytes; }
176
177		/**
178		* @returns the byte length of a FORS signature
179		*/
180	0	uint32_t fors_signature_bytes() const { return m_fors_sig_bytes; }
181
182		/**
183		* @returns the byte length of the FORS input message
184		*/
185	0	uint32_t fors_message_bytes() const { return m_fors_message_bytes; }
186
187		/**
188		* @returns the byte length of a SLH-DSA signature
189		*/
190	0	uint32_t sphincs_signature_bytes() const { return m_sp_sig_bytes; }
191
192		/**
193		* @returns the byte length of an encoded public key for this parameter set
194		*/
195	120	uint32_t public_key_bytes() const { return m_n * 2; }
196
197		/**
198		* @returns the byte length of an encoded private key for this parameter set
199		*/
200	24	uint32_t private_key_bytes() const { return m_n * 2 + public_key_bytes(); }
201
202		/**
203		* @returns the byte length of the tree index output of H_msg
204		*/
205	0	uint32_t tree_digest_bytes() const { return m_tree_digest_bytes; }
206
207		/**
208		* @returns the byte length of the leaf index output of H_msg
209		*/
210	0	uint32_t leaf_digest_bytes() const { return m_leaf_digest_bytes; }
211
212		/**
213		* @returns the byte length of the output of H_msg. Corresponds to
214		* 'm' of FIPS 205, Table 2.
215		*/
216	0	uint32_t h_msg_digest_bytes() const { return m_h_msg_digest_bytes; }
217
218		private:
219		Sphincs_Parameters(Sphincs_Parameter_Set set,
220		Sphincs_Hash_Type hash_type,
221		uint32_t n,
222		uint32_t h,
223		uint32_t d,
224		uint32_t a,
225		uint32_t k,
226		uint32_t w,
227		uint32_t bitsec);
228
229		private:
230		Sphincs_Parameter_Set m_set;
231		Sphincs_Hash_Type m_hash_type;
232		uint32_t m_n;
233		uint32_t m_h;
234		uint32_t m_d;
235		uint32_t m_a;
236		uint32_t m_k;
237		uint32_t m_w;
238		uint32_t m_bitsec;
239		uint32_t m_lg_w;
240		uint32_t m_wots_len1;
241		uint32_t m_wots_len2;
242		uint32_t m_wots_len;
243		uint32_t m_wots_bytes;
244		uint32_t m_wots_checksum_bytes;
245		uint32_t m_fors_message_bytes;
246		uint32_t m_fors_sig_bytes;
247		uint32_t m_sp_sig_bytes;
248		uint32_t m_xmss_tree_height;
249		uint32_t m_xmss_sig_bytes;
250		uint32_t m_ht_sig_bytes;
251
252		uint32_t m_tree_digest_bytes;
253		uint32_t m_leaf_digest_bytes;
254		uint32_t m_h_msg_digest_bytes;
255		};
256
257		} // namespace Botan
258
259		#endif