1 /*
2 * Copyright 2024-2025 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9 #include <stddef.h>
10 #include <string.h>
11 #include "slh_params.h"
12 #include <openssl/obj_mac.h>
13
14 /* H(), T() use this to calculate the number of zeros for security cat 3 & 5 */
15 #define OSSL_SLH_DSA_SHA2_NUM_ZEROS_H_AND_T_BOUND2 128
16
17 /* See FIPS 205 Section 11 Table 2 (n h d h` a k m sc pk sig*/
18 #define OSSL_SLH_DSA_128S_N 16
19 #define OSSL_SLH_DSA_128S_D 7
20 #define OSSL_SLH_DSA_128S_H_DASH 9
21 #define OSSL_SLH_DSA_128S_H (OSSL_SLH_DSA_128S_D * OSSL_SLH_DSA_128S_H_DASH)
22 #define OSSL_SLH_DSA_128S_A 12
23 #define OSSL_SLH_DSA_128S_K 14
24 #define OSSL_SLH_DSA_128S_M 30
25 #define OSSL_SLH_DSA_128S_SECURITY_CATEGORY 1
26 #define OSSL_SLH_DSA_128S_PUB_BYTES 32
27 #define OSSL_SLH_DSA_128S_SIG_BYTES 7856
28
29 #define OSSL_SLH_DSA_128F_N 16
30 #define OSSL_SLH_DSA_128F_D 22
31 #define OSSL_SLH_DSA_128F_H_DASH 3
32 #define OSSL_SLH_DSA_128F_H (OSSL_SLH_DSA_128F_D * OSSL_SLH_DSA_128F_H_DASH)
33 #define OSSL_SLH_DSA_128F_A 6
34 #define OSSL_SLH_DSA_128F_K 33
35 #define OSSL_SLH_DSA_128F_M 34
36 #define OSSL_SLH_DSA_128F_SECURITY_CATEGORY 1
37 #define OSSL_SLH_DSA_128F_PUB_BYTES 32
38 #define OSSL_SLH_DSA_128F_SIG_BYTES 17088
39
40 #define OSSL_SLH_DSA_192S_N 24
41 #define OSSL_SLH_DSA_192S_D 7
42 #define OSSL_SLH_DSA_192S_H_DASH 9
43 #define OSSL_SLH_DSA_192S_H (OSSL_SLH_DSA_192S_D * OSSL_SLH_DSA_192S_H_DASH)
44 #define OSSL_SLH_DSA_192S_A 14
45 #define OSSL_SLH_DSA_192S_K 17
46 #define OSSL_SLH_DSA_192S_M 39
47 #define OSSL_SLH_DSA_192S_SECURITY_CATEGORY 3
48 #define OSSL_SLH_DSA_192S_PUB_BYTES 48
49 #define OSSL_SLH_DSA_192S_SIG_BYTES 16224
50
51 #define OSSL_SLH_DSA_192F_N 24
52 #define OSSL_SLH_DSA_192F_D 22
53 #define OSSL_SLH_DSA_192F_H_DASH 3
54 #define OSSL_SLH_DSA_192F_H (OSSL_SLH_DSA_192F_D * OSSL_SLH_DSA_192F_H_DASH)
55 #define OSSL_SLH_DSA_192F_A 8
56 #define OSSL_SLH_DSA_192F_K 33
57 #define OSSL_SLH_DSA_192F_M 42
58 #define OSSL_SLH_DSA_192F_SECURITY_CATEGORY 3
59 #define OSSL_SLH_DSA_192F_PUB_BYTES 48
60 #define OSSL_SLH_DSA_192F_SIG_BYTES 35664
61
62 #define OSSL_SLH_DSA_256S_N 32
63 #define OSSL_SLH_DSA_256S_D 8
64 #define OSSL_SLH_DSA_256S_H_DASH 8
65 #define OSSL_SLH_DSA_256S_H (OSSL_SLH_DSA_256S_D * OSSL_SLH_DSA_256S_H_DASH)
66 #define OSSL_SLH_DSA_256S_A 14
67 #define OSSL_SLH_DSA_256S_K 22
68 #define OSSL_SLH_DSA_256S_M 47
69 #define OSSL_SLH_DSA_256S_SECURITY_CATEGORY 5
70 #define OSSL_SLH_DSA_256S_PUB_BYTES 64
71 #define OSSL_SLH_DSA_256S_SIG_BYTES 29792
72
73 #define OSSL_SLH_DSA_256F_N 32
74 #define OSSL_SLH_DSA_256F_D 17
75 #define OSSL_SLH_DSA_256F_H_DASH 4
76 #define OSSL_SLH_DSA_256F_H (OSSL_SLH_DSA_256F_D * OSSL_SLH_DSA_256F_H_DASH)
77 #define OSSL_SLH_DSA_256F_A 9
78 #define OSSL_SLH_DSA_256F_K 35
79 #define OSSL_SLH_DSA_256F_M 49
80 #define OSSL_SLH_DSA_256F_SECURITY_CATEGORY 5
81 #define OSSL_SLH_DSA_256F_PUB_BYTES 64
82 #define OSSL_SLH_DSA_256F_SIG_BYTES 49856
83
84 #define OSSL_SLH_PARAMS(name) \
85 OSSL_SLH_DSA_##name##_N, \
86 OSSL_SLH_DSA_##name##_H, \
87 OSSL_SLH_DSA_##name##_D, \
88 OSSL_SLH_DSA_##name##_H_DASH, \
89 OSSL_SLH_DSA_##name##_A, \
90 OSSL_SLH_DSA_##name##_K, \
91 OSSL_SLH_DSA_##name##_M, \
92 OSSL_SLH_DSA_##name##_SECURITY_CATEGORY, \
93 OSSL_SLH_DSA_##name##_PUB_BYTES, \
94 OSSL_SLH_DSA_##name##_SIG_BYTES \
95
96
97 static const SLH_DSA_PARAMS slh_dsa_params[] = {
98 {"SLH-DSA-SHA2-128s", NID_SLH_DSA_SHA2_128s, 0, OSSL_SLH_PARAMS(128S), OSSL_SLH_DSA_SHA2_NUM_ZEROS_H_AND_T_BOUND1},
99 {"SLH-DSA-SHAKE-128s", NID_SLH_DSA_SHAKE_128s, 1, OSSL_SLH_PARAMS(128S)},
100 {"SLH-DSA-SHA2-128f", NID_SLH_DSA_SHA2_128f, 0, OSSL_SLH_PARAMS(128F), OSSL_SLH_DSA_SHA2_NUM_ZEROS_H_AND_T_BOUND1},
101 {"SLH-DSA-SHAKE-128f", NID_SLH_DSA_SHAKE_128f, 1, OSSL_SLH_PARAMS(128F)},
102 {"SLH-DSA-SHA2-192s", NID_SLH_DSA_SHA2_192s, 0, OSSL_SLH_PARAMS(192S), OSSL_SLH_DSA_SHA2_NUM_ZEROS_H_AND_T_BOUND2},
103 {"SLH-DSA-SHAKE-192s", NID_SLH_DSA_SHAKE_192s, 1, OSSL_SLH_PARAMS(192S)},
104 {"SLH-DSA-SHA2-192f", NID_SLH_DSA_SHA2_192f, 0, OSSL_SLH_PARAMS(192F), OSSL_SLH_DSA_SHA2_NUM_ZEROS_H_AND_T_BOUND2},
105 {"SLH-DSA-SHAKE-192f", NID_SLH_DSA_SHAKE_192f, 1, OSSL_SLH_PARAMS(192F)},
106 {"SLH-DSA-SHA2-256s", NID_SLH_DSA_SHA2_256s, 0, OSSL_SLH_PARAMS(256S), OSSL_SLH_DSA_SHA2_NUM_ZEROS_H_AND_T_BOUND2},
107 {"SLH-DSA-SHAKE-256s", NID_SLH_DSA_SHAKE_256s, 1, OSSL_SLH_PARAMS(256S)},
108 {"SLH-DSA-SHA2-256f", NID_SLH_DSA_SHA2_256f, 0, OSSL_SLH_PARAMS(256F), OSSL_SLH_DSA_SHA2_NUM_ZEROS_H_AND_T_BOUND2},
109 {"SLH-DSA-SHAKE-256f", NID_SLH_DSA_SHAKE_256f, 1, OSSL_SLH_PARAMS(256F)},
110 {NULL},
111 };
112
113 /**
114 * @brief A getter to convert an algorithm name into a SLH_DSA_PARAMS object
115 */
ossl_slh_dsa_params_get(const char * alg)116 const SLH_DSA_PARAMS *ossl_slh_dsa_params_get(const char *alg)
117 {
118 const SLH_DSA_PARAMS *p;
119
120 if (alg == NULL)
121 return NULL;
122 for (p = slh_dsa_params; p->alg != NULL; ++p) {
123 if (strcmp(p->alg, alg) == 0)
124 return p;
125 }
126 return NULL;
127 }
128