diff options
Diffstat (limited to 'lib/liboqs/include')
-rw-r--r-- | lib/liboqs/include/Makefile | 49 | ||||
-rw-r--r-- | lib/liboqs/include/config.mk | 13 | ||||
-rw-r--r-- | lib/liboqs/include/exports.gyp | 40 | ||||
-rw-r--r-- | lib/liboqs/include/manifest.mn | 31 | ||||
-rw-r--r-- | lib/liboqs/include/oqs/aes.h | 151 | ||||
-rw-r--r-- | lib/liboqs/include/oqs/common.h | 217 | ||||
-rw-r--r-- | lib/liboqs/include/oqs/kem.h | 291 | ||||
-rw-r--r-- | lib/liboqs/include/oqs/kem_kyber.h | 75 | ||||
-rw-r--r-- | lib/liboqs/include/oqs/oqs.h | 25 | ||||
-rw-r--r-- | lib/liboqs/include/oqs/oqsconfig.h | 215 | ||||
-rw-r--r-- | lib/liboqs/include/oqs/rand.h | 73 | ||||
-rw-r--r-- | lib/liboqs/include/oqs/sha2.h | 257 | ||||
-rw-r--r-- | lib/liboqs/include/oqs/sha3.h | 429 | ||||
-rw-r--r-- | lib/liboqs/include/oqs/sha3x4.h | 263 | ||||
-rw-r--r-- | lib/liboqs/include/oqs/sig.h | 310 | ||||
-rw-r--r-- | lib/liboqs/include/oqs/sig_dilithium.h | 74 | ||||
-rw-r--r-- | lib/liboqs/include/oqs/sig_falcon.h | 30 | ||||
-rw-r--r-- | lib/liboqs/include/oqs/sig_sphincs.h | 404 |
18 files changed, 2947 insertions, 0 deletions
diff --git a/lib/liboqs/include/Makefile b/lib/liboqs/include/Makefile new file mode 100644 index 000000000..fe090f3ff --- /dev/null +++ b/lib/liboqs/include/Makefile @@ -0,0 +1,49 @@ +#! gmake +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +####################################################################### +# (1) Include initial platform-independent assignments (MANDATORY). # +####################################################################### + +include manifest.mn + +####################################################################### +# (2) Include "global" configuration information. (OPTIONAL) # +####################################################################### + +USE_GCOV = +include $(CORE_DEPTH)/coreconf/config.mk + +####################################################################### +# (3) Include "component" configuration information. (OPTIONAL) # +####################################################################### + + + +####################################################################### +# (4) Include "local" platform-dependent assignments (OPTIONAL). # +####################################################################### + +include config.mk + +####################################################################### +# (5) Execute "global" rules. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/rules.mk + +####################################################################### +# (6) Execute "component" rules. (OPTIONAL) # +####################################################################### + + + +####################################################################### +# (7) Execute "local" rules. (OPTIONAL). # +####################################################################### + +WARNING_CFLAGS = $(NULL) + diff --git a/lib/liboqs/include/config.mk b/lib/liboqs/include/config.mk new file mode 100644 index 000000000..7f401d2a9 --- /dev/null +++ b/lib/liboqs/include/config.mk @@ -0,0 +1,13 @@ +# DO NOT EDIT: generated from config.mk.include.template +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +# +# this controls where the headers are written to, liboqs +# reuses names like crazy and some of the internal headers +# match the liboqs external header names. liboqs distinguishes +# this by and explicit oqs/ in the name, so copy the headers +# to our module/oqs +SOURCE_XPPRIVATE_DIR = $(SOURCE_XP_DIR)/private/$(MODULE)/oqs + diff --git a/lib/liboqs/include/exports.gyp b/lib/liboqs/include/exports.gyp new file mode 100644 index 000000000..ca84ea756 --- /dev/null +++ b/lib/liboqs/include/exports.gyp @@ -0,0 +1,40 @@ +# DO NOT EDIT: generated from exports.gyp.template +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +{ + 'includes': [ + '../../../coreconf/config.gypi' + ], + 'targets': [ + { + 'target_name': 'lib_oqs_include_exports', + 'type': 'none', + 'copies': [ + { + 'files': [ + './oqs/oqsconfig.h', + './oqs/oqs.h', + './oqs/common.h', + './oqs/rand.h', + './oqs/aes.h', + './oqs/sha2.h', + './oqs/sha3.h', + './oqs/sha3x4.h', + './oqs/kem.h', + './oqs/sig.h', + './oqs/kem_kyber.h', + './oqs/sig_dilithium.h', + './oqs/sig_falcon.h', + './oqs/sig_sphincs.h', + ], + 'destination': '<(nss_private_dist_dir)/<(module)/oqs' + } + ] + } + ], + 'variables': { + 'module': 'oqs' + } +} + diff --git a/lib/liboqs/include/manifest.mn b/lib/liboqs/include/manifest.mn new file mode 100644 index 000000000..b6d5f4d6c --- /dev/null +++ b/lib/liboqs/include/manifest.mn @@ -0,0 +1,31 @@ +# DO NOT EDIT: generated from manifest.mn.include.template +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +CORE_DEPTH = ../../.. + +MODULE = oqs + +#LIBRARY_NAME = oqs_include +#SHARED_LIBRARY = $(NULL) + +PRIVATE_EXPORTS= \ + ./oqs/oqsconfig.h \ + ./oqs/oqs.h \ + ./oqs/common.h \ + ./oqs/rand.h \ + ./oqs/aes.h \ + ./oqs/sha2.h \ + ./oqs/sha3.h \ + ./oqs/sha3x4.h \ + ./oqs/kem.h \ + ./oqs/sig.h \ + ./oqs/kem_kyber.h \ + ./oqs/sig_dilithium.h \ + ./oqs/sig_falcon.h \ + ./oqs/sig_sphincs.h \ + $(NULL) + +# This part of the code, including all sub-dirs, can be optimized for size +export ALLOW_OPT_CODE_SIZE = 1 diff --git a/lib/liboqs/include/oqs/aes.h b/lib/liboqs/include/oqs/aes.h new file mode 100644 index 000000000..ce0cb3616 --- /dev/null +++ b/lib/liboqs/include/oqs/aes.h @@ -0,0 +1,151 @@ +/** + * \file aes.h + * \brief Header defining the API for OQS AES + * + * SPDX-License-Identifier: MIT + */ + +#ifndef OQS_AES_H +#define OQS_AES_H + +#include <stdint.h> +#include <stdlib.h> + +#if defined(__cplusplus) +extern "C" { +#endif + +/** + * Function to fill a key schedule given an initial key for use in ECB mode. + * + * @param key Initial Key. + * @param ctx Abstract data structure for a key schedule. + */ +void OQS_AES128_ECB_load_schedule(const uint8_t *key, void **ctx); + +/** + * Function to free a key schedule. + * + * @param ctx Context generated with OQS_AES128_ECB_load_schedule(). + */ +void OQS_AES128_free_schedule(void *ctx); + +/** + * Function to encrypt blocks of plaintext using ECB mode. + * A schedule based on the key is generated and used internally. + * + * @param plaintext Plaintext to be encrypted. + * @param plaintext_len Length on the plaintext in bytes. Must be a multiple of 16. + * @param key Key to be used for encryption. + * @param ciphertext Pointer to a block of memory which >= in size to the plaintext block. The result will be written here. + * @warning plaintext_len must be a multiple of 16. + */ +void OQS_AES128_ECB_enc(const uint8_t *plaintext, const size_t plaintext_len, const uint8_t *key, uint8_t *ciphertext); + +/** + * Same as OQS_AES128_ECB_enc() except a schedule generated by + * OQS_AES128_ECB_load_schedule() is passed rather then a key. This is faster + * if the same schedule is used for multiple encryptions since it does + * not have to be regenerated from the key. + */ +void OQS_AES128_ECB_enc_sch(const uint8_t *plaintext, const size_t plaintext_len, const void *schedule, uint8_t *ciphertext); + +/** + * Function to fill a key schedule given an initial key for use in ECB mode encryption. + * + * @param key Initial Key. + * @param ctx Abstract data structure for a key schedule. + */ +void OQS_AES256_ECB_load_schedule(const uint8_t *key, void **ctx); + +/** + * Function to initialize a context and fill a key schedule given an initial key for + * use in CTR mode. + * + * @param key Initial Key. + * @param ctx Abstract data structure for a key schedule. + */ +void OQS_AES256_CTR_inc_init(const uint8_t *key, void **ctx); + +/** + * Function to fill a context given an IV for use in CTR mode. + * + * Handles a 12- or 16-byte IV. If a 12-byte IV is given, then 4 counter + * bytes are initialized to all zeros. + * + * @param iv Initialization Vector. + * @param iv_len Length of the initialization vector. + * @param ctx Abstract data structure for IV. + */ +void OQS_AES256_CTR_inc_iv(const uint8_t *iv, size_t iv_len, void *ctx); + +/** + * Function to fill a context given an IV for use in CTR mode. + * Handles an 8-byte IV passed as a 64-bit unsigned integer, + * counter bytes are initialized to zero. + * + * @param iv Initialization Vector as 64-bit integer. + * @param ctx Abstract data structure for IV. + */ +void OQS_AES256_CTR_inc_ivu64(uint64_t iv, void *ctx); + +/** + * Function to free a key schedule. + * + * @param ctx Schedule generated with OQS_AES256_ECB_load_schedule + * or OQS_AES256_CTR_inc_init. + */ +void OQS_AES256_free_schedule(void *ctx); + +/** + * Function to encrypt blocks of plaintext using ECB mode. + * A schedule based on the key is generated and used internally. + * + * @param plaintext Plaintext to be encrypted. + * @param plaintext_len Length on the plaintext in bytes. Must be a multiple of 16. + * @param key Key to be used for encryption. + * @param ciphertext Pointer to a block of memory which >= in size to the plaintext block. The result will be written here. + * @warning plaintext_len must be a multiple of 16. + */ +void OQS_AES256_ECB_enc(const uint8_t *plaintext, const size_t plaintext_len, const uint8_t *key, uint8_t *ciphertext); + +/** + * Same as OQS_AES256_ECB_enc() except a schedule generated by + * OQS_AES256_ECB_load_schedule() is passed rather then a key. This is faster + * if the same schedule is used for multiple encryptions since it does + * not have to be regenerated from the key. + */ +void OQS_AES256_ECB_enc_sch(const uint8_t *plaintext, const size_t plaintext_len, const void *schedule, uint8_t *ciphertext); + +/** + * AES counter mode keystream generator. A context generated by + * OQS_AES256_CTR_inc_init() is passed rather then a key. + * + * Handles a 12- or 16-byte IV. If a 12-byte IV is given, then 4 counter + * bytes are initialized to all zeros. + * + * @param iv 12- or 16-byte initialization vector. + * @param iv_len Lengh of IV in bytes. + * @param ctx Abstract data structure for a key schedule. + * @param out Pointer to a block of memory which is big enough to contain out_len bytes; the result will be written here. + * @param out_len Length of output bytes to generate. + */ +void OQS_AES256_CTR_inc_stream_iv(const uint8_t *iv, size_t iv_len, const void *ctx, uint8_t *out, size_t out_len); + +/** + * AES counter mode keystream generator. A context generated by + * OQS_AES256_CTR_inc_init() and OQS_AES256_CTR_inc_iv() is passed + * rather than a key and an IV. The counter is internally updated, which allows + * the function to be called multiple times. + * + * @param ctx Abstract data structure for key schedule and IV. + * @param out Pointer to a block of memory which is big enough to contain out_blks*16 bytes; the result will be written here. + * @param out_blks Length of output blocks to generate, where one block is 16 bytes. + */ +void OQS_AES256_CTR_inc_stream_blks(void *ctx, uint8_t *out, size_t out_blks); + +#if defined(__cplusplus) +} // extern "C" +#endif + +#endif // OQS_AES_H diff --git a/lib/liboqs/include/oqs/common.h b/lib/liboqs/include/oqs/common.h new file mode 100644 index 000000000..a06064fea --- /dev/null +++ b/lib/liboqs/include/oqs/common.h @@ -0,0 +1,217 @@ +/** + * \file common.h + * \brief Utility functions for use in liboqs. + * + * SPDX-License-Identifier: MIT + */ + + +#ifndef OQS_COMMON_H +#define OQS_COMMON_H + +#include <limits.h> +#include <stdint.h> +#include <stdlib.h> + +#include <oqs/oqsconfig.h> + +#if defined(__cplusplus) +extern "C" { +#endif + +/** + * Macro for terminating the program if x is + * a null pointer. + */ +#define OQS_EXIT_IF_NULLPTR(x) \ + do { \ + if ( (x) == (void*)0 ) \ + exit(EXIT_FAILURE); \ + } while (0) + +/** + * This macro is intended to replace those assert()s + * involving side-effecting statements in aes/aes_ossl.c. + * + * assert() becomes a no-op when -DNDEBUG is defined, + * which causes compilation failures when the statement + * being checked also results in side-effects. + * + * This is a temporary workaround until a better error + * handling strategy is developed. + */ +#define OQS_OPENSSL_GUARD(x) \ + do { \ + if( 1 != (x) ) { \ + exit(EXIT_FAILURE); \ + } \ + } while (0) + +/** + * Certain functions (such as OQS_randombytes_openssl in + * src/rand/rand.c) take in a size_t parameter, but can + * only handle values up to INT_MAX for those parameters. + * This macro is a temporary workaround for such functions. + */ +#define SIZE_T_TO_INT_OR_EXIT(size_t_var_name, int_var_name) \ + int int_var_name = 0; \ + if (size_t_var_name <= INT_MAX) { \ + int_var_name = (int)size_t_var_name; \ + } else { \ + exit(EXIT_FAILURE); \ + } + +/** + * Defines which functions should be exposed outside the LibOQS library + * + * By default the visibility of all the symbols is defined to "hidden" + * Only the library API should be marked as default + * + * Example: OQS_API return_value function_name(void); + */ +#if defined(_WIN32) +#define OQS_API __declspec(dllexport) +#else +#define OQS_API __attribute__((visibility("default"))) +#endif + +#if defined(OQS_SYS_UEFI) +#undef OQS_API +#define OQS_API +#endif + +/** + * Represents return values from functions. + * + * Callers should compare with the symbol rather than the individual value. + * For example, + * + * ret = OQS_KEM_encaps(...); + * if (ret == OQS_SUCCESS) { ... } + * + * rather than + * + * if (!OQS_KEM_encaps(...) { ... } + * + */ +typedef enum { + /** Used to indicate that some undefined error occurred. */ + OQS_ERROR = -1, + /** Used to indicate successful return from function. */ + OQS_SUCCESS = 0, + /** Used to indicate failures in external libraries (e.g., OpenSSL). */ + OQS_EXTERNAL_LIB_ERROR_OPENSSL = 50, +} OQS_STATUS; + +/** + * CPU runtime detection flags + */ +typedef enum { + OQS_CPU_EXT_INIT, /* Must be first */ + /* Start extension list */ + OQS_CPU_EXT_ADX, + OQS_CPU_EXT_AES, + OQS_CPU_EXT_AVX, + OQS_CPU_EXT_AVX2, + OQS_CPU_EXT_AVX512, + OQS_CPU_EXT_BMI1, + OQS_CPU_EXT_BMI2, + OQS_CPU_EXT_PCLMULQDQ, + OQS_CPU_EXT_VPCLMULQDQ, + OQS_CPU_EXT_POPCNT, + OQS_CPU_EXT_SSE, + OQS_CPU_EXT_SSE2, + OQS_CPU_EXT_SSE3, + OQS_CPU_EXT_ARM_AES, + OQS_CPU_EXT_ARM_SHA2, + OQS_CPU_EXT_ARM_SHA3, + OQS_CPU_EXT_ARM_NEON, + /* End extension list */ + OQS_CPU_EXT_COUNT, /* Must be last */ +} OQS_CPU_EXT; + +/** + * Checks if the CPU supports a given extension + * + * \return 1 if the given CPU extension is available, 0 otherwise. + */ +OQS_API int OQS_CPU_has_extension(OQS_CPU_EXT ext); + +/** + * This currently only sets the values in the OQS_CPU_EXTENSIONS, + * and so has effect only when OQS_DIST_BUILD is set. + */ +OQS_API void OQS_init(void); + +/** + * Return library version string. + */ +OQS_API const char *OQS_version(void); + +/** + * Constant time comparison of byte sequences `a` and `b` of length `len`. + * Returns 0 if the byte sequences are equal or if `len`=0. + * Returns 1 otherwise. + * + * @param[in] a A byte sequence of length at least `len`. + * @param[in] b A byte sequence of length at least `len`. + * @param[in] len The number of bytes to compare. + */ +OQS_API int OQS_MEM_secure_bcmp(const void *a, const void *b, size_t len); + +/** + * Zeros out `len` bytes of memory starting at `ptr`. + * + * Designed to be protected against optimizing compilers which try to remove + * "unnecessary" operations. Should be used for all buffers containing secret + * data. + * + * @param[in] ptr The start of the memory to zero out. + * @param[in] len The number of bytes to zero out. + */ +OQS_API void OQS_MEM_cleanse(void *ptr, size_t len); + +/** + * Zeros out `len` bytes of memory starting at `ptr`, then frees `ptr`. + * + * Can be called with `ptr = NULL`, in which case no operation is performed. + * + * Designed to be protected against optimizing compilers which try to remove + * "unnecessary" operations. Should be used for all buffers containing secret + * data. + * + * @param[in] ptr The start of the memory to zero out and free. + * @param[in] len The number of bytes to zero out. + */ +OQS_API void OQS_MEM_secure_free(void *ptr, size_t len); + +/** + * Frees `ptr`. + * + * Can be called with `ptr = NULL`, in which case no operation is performed. + * + * Should only be used on non-secret data. + * + * @param[in] ptr The start of the memory to free. + */ +OQS_API void OQS_MEM_insecure_free(void *ptr); + +/** + * Internal implementation of C11 aligned_alloc to work around compiler quirks. + * + * Allocates size bytes of uninitialized memory with a base pointer that is + * a multiple of alignment. Alignment must be a power of two and a multiple + * of sizeof(void *). Size must be a multiple of alignment. + */ +void *OQS_MEM_aligned_alloc(size_t alignment, size_t size); + +/** + * Free memory allocated with OQS_MEM_aligned_alloc. + */ +void OQS_MEM_aligned_free(void *ptr); + +#if defined(__cplusplus) +} // extern "C" +#endif + +#endif // OQS_COMMON_H diff --git a/lib/liboqs/include/oqs/kem.h b/lib/liboqs/include/oqs/kem.h new file mode 100644 index 000000000..2b28851f9 --- /dev/null +++ b/lib/liboqs/include/oqs/kem.h @@ -0,0 +1,291 @@ +/** + * \file kem.h + * \brief Key encapsulation mechanisms + * + * The file `tests/example_kem.c` contains two examples on using the OQS_KEM API. + * + * The first example uses the individual scheme's algorithms directly and uses + * no dynamic memory allocation -- all buffers are allocated on the stack, with + * sizes indicated using preprocessor macros. Since algorithms can be disabled at + * compile-time, the programmer should wrap the code in \#ifdefs. + * + * The second example uses an OQS_KEM object to use an algorithm specified at + * runtime. Therefore it uses dynamic memory allocation -- all buffers must be + * malloc'ed by the programmer, with sizes indicated using the corresponding length + * member of the OQS_KEM object in question. Since algorithms can be disabled at + * compile-time, the programmer should check that the OQS_KEM object is not `NULL`. + * + * SPDX-License-Identifier: MIT + */ + +#ifndef OQS_KEM_H +#define OQS_KEM_H + +#include <stdbool.h> +#include <stddef.h> +#include <stdint.h> + +#include <oqs/oqs.h> + +#if defined(__cplusplus) +extern "C" { +#endif + +/** Algorithm identifier for BIKE-L1 KEM (Round-4). */ +#define OQS_KEM_alg_bike_l1 "BIKE-L1" +/** Algorithm identifier for BIKE-L3 KEM (Round-4). */ +#define OQS_KEM_alg_bike_l3 "BIKE-L3" +/** Algorithm identifier for BIKE-L5 KEM (Round-4). */ +#define OQS_KEM_alg_bike_l5 "BIKE-L5" +///// OQS_COPY_FROM_UPSTREAM_FRAGMENT_ALG_IDENTIFIER_START +/** Algorithm identifier for Classic-McEliece-348864 KEM. */ +#define OQS_KEM_alg_classic_mceliece_348864 "Classic-McEliece-348864" +/** Algorithm identifier for Classic-McEliece-348864f KEM. */ +#define OQS_KEM_alg_classic_mceliece_348864f "Classic-McEliece-348864f" +/** Algorithm identifier for Classic-McEliece-460896 KEM. */ +#define OQS_KEM_alg_classic_mceliece_460896 "Classic-McEliece-460896" +/** Algorithm identifier for Classic-McEliece-460896f KEM. */ +#define OQS_KEM_alg_classic_mceliece_460896f "Classic-McEliece-460896f" +/** Algorithm identifier for Classic-McEliece-6688128 KEM. */ +#define OQS_KEM_alg_classic_mceliece_6688128 "Classic-McEliece-6688128" +/** Algorithm identifier for Classic-McEliece-6688128f KEM. */ +#define OQS_KEM_alg_classic_mceliece_6688128f "Classic-McEliece-6688128f" +/** Algorithm identifier for Classic-McEliece-6960119 KEM. */ +#define OQS_KEM_alg_classic_mceliece_6960119 "Classic-McEliece-6960119" +/** Algorithm identifier for Classic-McEliece-6960119f KEM. */ +#define OQS_KEM_alg_classic_mceliece_6960119f "Classic-McEliece-6960119f" +/** Algorithm identifier for Classic-McEliece-8192128 KEM. */ +#define OQS_KEM_alg_classic_mceliece_8192128 "Classic-McEliece-8192128" +/** Algorithm identifier for Classic-McEliece-8192128f KEM. */ +#define OQS_KEM_alg_classic_mceliece_8192128f "Classic-McEliece-8192128f" +/** Algorithm identifier for HQC-128 KEM. */ +#define OQS_KEM_alg_hqc_128 "HQC-128" +/** Algorithm identifier for HQC-192 KEM. */ +#define OQS_KEM_alg_hqc_192 "HQC-192" +/** Algorithm identifier for HQC-256 KEM. */ +#define OQS_KEM_alg_hqc_256 "HQC-256" +/** Algorithm identifier for Kyber512 KEM. */ +#define OQS_KEM_alg_kyber_512 "Kyber512" +/** Algorithm identifier for Kyber768 KEM. */ +#define OQS_KEM_alg_kyber_768 "Kyber768" +/** Algorithm identifier for Kyber1024 KEM. */ +#define OQS_KEM_alg_kyber_1024 "Kyber1024" +/** Algorithm identifier for Kyber512-90s KEM. */ +#define OQS_KEM_alg_kyber_512_90s "Kyber512-90s" +/** Algorithm identifier for Kyber768-90s KEM. */ +#define OQS_KEM_alg_kyber_768_90s "Kyber768-90s" +/** Algorithm identifier for Kyber1024-90s KEM. */ +#define OQS_KEM_alg_kyber_1024_90s "Kyber1024-90s" +///// OQS_COPY_FROM_UPSTREAM_FRAGMENT_ALG_IDENTIFIER_END +/** Algorithm identifier for sntrup761 KEM. */ +#define OQS_KEM_alg_ntruprime_sntrup761 "sntrup761" +/** Algorithm identifier for FrodoKEM-640-AES KEM. */ +#define OQS_KEM_alg_frodokem_640_aes "FrodoKEM-640-AES" +/** Algorithm identifier for FrodoKEM-640-SHAKE KEM. */ +#define OQS_KEM_alg_frodokem_640_shake "FrodoKEM-640-SHAKE" +/** Algorithm identifier for FrodoKEM-976-AES KEM. */ +#define OQS_KEM_alg_frodokem_976_aes "FrodoKEM-976-AES" +/** Algorithm identifier for FrodoKEM-976-SHAKE KEM. */ +#define OQS_KEM_alg_frodokem_976_shake "FrodoKEM-976-SHAKE" +/** Algorithm identifier for FrodoKEM-1344-AES KEM. */ +#define OQS_KEM_alg_frodokem_1344_aes "FrodoKEM-1344-AES" +/** Algorithm identifier for FrodoKEM-1344-SHAKE KEM. */ +#define OQS_KEM_alg_frodokem_1344_shake "FrodoKEM-1344-SHAKE" +// EDIT-WHEN-ADDING-KEM +///// OQS_COPY_FROM_UPSTREAM_FRAGMENT_ALGS_LENGTH_START +/** Number of algorithm identifiers above. */ +#define OQS_KEM_algs_length 29 +///// OQS_COPY_FROM_UPSTREAM_FRAGMENT_ALGS_LENGTH_END + +/** + * Returns identifiers for available key encapsulation mechanisms in liboqs. Used with OQS_KEM_new. + * + * Note that algorithm identifiers are present in this list even when the algorithm is disabled + * at compile time. + * + * @param[in] i Index of the algorithm identifier to return, 0 <= i < OQS_KEM_algs_length + * @return Algorithm identifier as a string, or NULL. + */ +OQS_API const char *OQS_KEM_alg_identifier(size_t i); + +/** + * Returns the number of key encapsulation mechanisms in liboqs. They can be enumerated with + * OQS_KEM_alg_identifier. + * + * Note that some mechanisms may be disabled at compile time. + * + * @return The number of key encapsulation mechanisms. + */ +OQS_API int OQS_KEM_alg_count(void); + +/** + * Indicates whether the specified algorithm was enabled at compile-time or not. + * + * @param[in] method_name Name of the desired algorithm; one of the names in `OQS_KEM_algs`. + * @return 1 if enabled, 0 if disabled or not found + */ +OQS_API int OQS_KEM_alg_is_enabled(const char *method_name); + +/** + * Key encapsulation mechanism object + */ +typedef struct OQS_KEM { + + /** Printable string representing the name of the key encapsulation mechanism. */ + const char *method_name; + + /** + * Printable string representing the version of the cryptographic algorithm. + * + * Implementations with the same method_name and same alg_version will be interoperable. + * See README.md for information about algorithm compatibility. + */ + const char *alg_version; + + /** The NIST security level (1, 2, 3, 4, 5) claimed in this algorithm's original NIST submission. */ + uint8_t claimed_nist_level; + + /** Whether the KEM offers IND-CCA security (TRUE) or IND-CPA security (FALSE). */ + bool ind_cca; + + /** The (maximum) length, in bytes, of public keys for this KEM. */ + size_t length_public_key; + /** The (maximum) length, in bytes, of secret keys for this KEM. */ + size_t length_secret_key; + /** The (maximum) length, in bytes, of ciphertexts for this KEM. */ + size_t length_ciphertext; + /** The (maximum) length, in bytes, of shared secrets for this KEM. */ + size_t length_shared_secret; + + /** + * Keypair generation algorithm. + * + * Caller is responsible for allocating sufficient memory for `public_key` and + * `secret_key`, based on the `length_*` members in this object or the per-scheme + * compile-time macros `OQS_KEM_*_length_*`. + * + * @param[out] public_key The public key represented as a byte string. + * @param[out] secret_key The secret key represented as a byte string. + * @return OQS_SUCCESS or OQS_ERROR + */ + OQS_STATUS (*keypair)(uint8_t *public_key, uint8_t *secret_key); + + /** + * Encapsulation algorithm. + * + * Caller is responsible for allocating sufficient memory for `ciphertext` and + * `shared_secret`, based on the `length_*` members in this object or the per-scheme + * compile-time macros `OQS_KEM_*_length_*`. + * + * @param[out] ciphertext The ciphertext (encapsulation) represented as a byte string. + * @param[out] shared_secret The shared secret represented as a byte string. + * @param[in] public_key The public key represented as a byte string. + * @return OQS_SUCCESS or OQS_ERROR + */ + OQS_STATUS (*encaps)(uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key); + + /** + * Decapsulation algorithm. + * + * Caller is responsible for allocating sufficient memory for `shared_secret`, based + * on the `length_*` members in this object or the per-scheme compile-time macros + * `OQS_KEM_*_length_*`. + * + * @param[out] shared_secret The shared secret represented as a byte string. + * @param[in] ciphertext The ciphertext (encapsulation) represented as a byte string. + * @param[in] secret_key The secret key represented as a byte string. + * @return OQS_SUCCESS or OQS_ERROR + */ + OQS_STATUS (*decaps)(uint8_t *shared_secret, const uint8_t *ciphertext, const uint8_t *secret_key); + +} OQS_KEM; + +/** + * Constructs an OQS_KEM object for a particular algorithm. + * + * Callers should always check whether the return value is `NULL`, which indicates either than an + * invalid algorithm name was provided, or that the requested algorithm was disabled at compile-time. + * + * @param[in] method_name Name of the desired algorithm; one of the names in `OQS_KEM_algs`. + * @return An OQS_KEM for the particular algorithm, or `NULL` if the algorithm has been disabled at compile-time. + */ +OQS_API OQS_KEM *OQS_KEM_new(const char *method_name); + +/** + * Keypair generation algorithm. + * + * Caller is responsible for allocating sufficient memory for `public_key` and + * `secret_key`, based on the `length_*` members in this object or the per-scheme + * compile-time macros `OQS_KEM_*_length_*`. + * + * @param[in] kem The OQS_KEM object representing the KEM. + * @param[out] public_key The public key represented as a byte string. + * @param[out] secret_key The secret key represented as a byte string. + * @return OQS_SUCCESS or OQS_ERROR + */ +OQS_API OQS_STATUS OQS_KEM_keypair(const OQS_KEM *kem, uint8_t *public_key, uint8_t *secret_key); + +/** + * Encapsulation algorithm. + * + * Caller is responsible for allocating sufficient memory for `ciphertext` and + * `shared_secret`, based on the `length_*` members in this object or the per-scheme + * compile-time macros `OQS_KEM_*_length_*`. + * + * @param[in] kem The OQS_KEM object representing the KEM. + * @param[out] ciphertext The ciphertext (encapsulation) represented as a byte string. + * @param[out] shared_secret The shared secret represented as a byte string. + * @param[in] public_key The public key represented as a byte string. + * @return OQS_SUCCESS or OQS_ERROR + */ +OQS_API OQS_STATUS OQS_KEM_encaps(const OQS_KEM *kem, uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key); + +/** + * Decapsulation algorithm. + * + * Caller is responsible for allocating sufficient memory for `shared_secret`, based + * on the `length_*` members in this object or the per-scheme compile-time macros + * `OQS_KEM_*_length_*`. + * + * @param[in] kem The OQS_KEM object representing the KEM. + * @param[out] shared_secret The shared secret represented as a byte string. + * @param[in] ciphertext The ciphertext (encapsulation) represented as a byte string. + * @param[in] secret_key The secret key represented as a byte string. + * @return OQS_SUCCESS or OQS_ERROR + */ +OQS_API OQS_STATUS OQS_KEM_decaps(const OQS_KEM *kem, uint8_t *shared_secret, const uint8_t *ciphertext, const uint8_t *secret_key); + +/** + * Frees an OQS_KEM object that was constructed by OQS_KEM_new. + * + * @param[in] kem The OQS_KEM object to free. + */ +OQS_API void OQS_KEM_free(OQS_KEM *kem); + +#ifdef OQS_ENABLE_KEM_BIKE +#include <oqs/kem_bike.h> +#endif /* OQS_ENABLE_KEM_BIKE */ +///// OQS_COPY_FROM_UPSTREAM_FRAGMENT_INCLUDE_START +#ifdef OQS_ENABLE_KEM_CLASSIC_MCELIECE +#include <oqs/kem_classic_mceliece.h> +#endif /* OQS_ENABLE_KEM_CLASSIC_MCELIECE */ +#ifdef OQS_ENABLE_KEM_HQC +#include <oqs/kem_hqc.h> +#endif /* OQS_ENABLE_KEM_HQC */ +#ifdef OQS_ENABLE_KEM_KYBER +#include <oqs/kem_kyber.h> +#endif /* OQS_ENABLE_KEM_KYBER */ +///// OQS_COPY_FROM_UPSTREAM_FRAGMENT_INCLUDE_END +#ifdef OQS_ENABLE_KEM_NTRUPRIME +#include <oqs/kem_ntruprime.h> +#endif /* OQS_ENABLE_KEM_NTRUPRIME */ +#ifdef OQS_ENABLE_KEM_FRODOKEM +#include <oqs/kem_frodokem.h> +#endif /* OQS_ENABLE_KEM_FRODOKEM */ +// EDIT-WHEN-ADDING-KEM + +#if defined(__cplusplus) +} // extern "C" +#endif + +#endif // OQS_KEM_H diff --git a/lib/liboqs/include/oqs/kem_kyber.h b/lib/liboqs/include/oqs/kem_kyber.h new file mode 100644 index 000000000..1fdbf95cc --- /dev/null +++ b/lib/liboqs/include/oqs/kem_kyber.h @@ -0,0 +1,75 @@ +// SPDX-License-Identifier: MIT + +#ifndef OQS_KEM_KYBER_H +#define OQS_KEM_KYBER_H + +#include <oqs/oqs.h> + +#ifdef OQS_ENABLE_KEM_kyber_512 +#define OQS_KEM_kyber_512_length_public_key 800 +#define OQS_KEM_kyber_512_length_secret_key 1632 +#define OQS_KEM_kyber_512_length_ciphertext 768 +#define OQS_KEM_kyber_512_length_shared_secret 32 +OQS_KEM *OQS_KEM_kyber_512_new(void); +OQS_API OQS_STATUS OQS_KEM_kyber_512_keypair(uint8_t *public_key, uint8_t *secret_key); +OQS_API OQS_STATUS OQS_KEM_kyber_512_encaps(uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key); +OQS_API OQS_STATUS OQS_KEM_kyber_512_decaps(uint8_t *shared_secret, const uint8_t *ciphertext, const uint8_t *secret_key); +#endif + +#ifdef OQS_ENABLE_KEM_kyber_768 +#define OQS_KEM_kyber_768_length_public_key 1184 +#define OQS_KEM_kyber_768_length_secret_key 2400 +#define OQS_KEM_kyber_768_length_ciphertext 1088 +#define OQS_KEM_kyber_768_length_shared_secret 32 +OQS_KEM *OQS_KEM_kyber_768_new(void); +OQS_API OQS_STATUS OQS_KEM_kyber_768_keypair(uint8_t *public_key, uint8_t *secret_key); +OQS_API OQS_STATUS OQS_KEM_kyber_768_encaps(uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key); +OQS_API OQS_STATUS OQS_KEM_kyber_768_decaps(uint8_t *shared_secret, const uint8_t *ciphertext, const uint8_t *secret_key); +#endif + +#ifdef OQS_ENABLE_KEM_kyber_1024 +#define OQS_KEM_kyber_1024_length_public_key 1568 +#define OQS_KEM_kyber_1024_length_secret_key 3168 +#define OQS_KEM_kyber_1024_length_ciphertext 1568 +#define OQS_KEM_kyber_1024_length_shared_secret 32 +OQS_KEM *OQS_KEM_kyber_1024_new(void); +OQS_API OQS_STATUS OQS_KEM_kyber_1024_keypair(uint8_t *public_key, uint8_t *secret_key); +OQS_API OQS_STATUS OQS_KEM_kyber_1024_encaps(uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key); +OQS_API OQS_STATUS OQS_KEM_kyber_1024_decaps(uint8_t *shared_secret, const uint8_t *ciphertext, const uint8_t *secret_key); +#endif + +#ifdef OQS_ENABLE_KEM_kyber_512_90s +#define OQS_KEM_kyber_512_90s_length_public_key 800 +#define OQS_KEM_kyber_512_90s_length_secret_key 1632 +#define OQS_KEM_kyber_512_90s_length_ciphertext 768 +#define OQS_KEM_kyber_512_90s_length_shared_secret 32 +OQS_KEM *OQS_KEM_kyber_512_90s_new(void); +OQS_API OQS_STATUS OQS_KEM_kyber_512_90s_keypair(uint8_t *public_key, uint8_t *secret_key); +OQS_API OQS_STATUS OQS_KEM_kyber_512_90s_encaps(uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key); +OQS_API OQS_STATUS OQS_KEM_kyber_512_90s_decaps(uint8_t *shared_secret, const uint8_t *ciphertext, const uint8_t *secret_key); +#endif + +#ifdef OQS_ENABLE_KEM_kyber_768_90s +#define OQS_KEM_kyber_768_90s_length_public_key 1184 +#define OQS_KEM_kyber_768_90s_length_secret_key 2400 +#define OQS_KEM_kyber_768_90s_length_ciphertext 1088 +#define OQS_KEM_kyber_768_90s_length_shared_secret 32 +OQS_KEM *OQS_KEM_kyber_768_90s_new(void); +OQS_API OQS_STATUS OQS_KEM_kyber_768_90s_keypair(uint8_t *public_key, uint8_t *secret_key); +OQS_API OQS_STATUS OQS_KEM_kyber_768_90s_encaps(uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key); +OQS_API OQS_STATUS OQS_KEM_kyber_768_90s_decaps(uint8_t *shared_secret, const uint8_t *ciphertext, const uint8_t *secret_key); +#endif + +#ifdef OQS_ENABLE_KEM_kyber_1024_90s +#define OQS_KEM_kyber_1024_90s_length_public_key 1568 +#define OQS_KEM_kyber_1024_90s_length_secret_key 3168 +#define OQS_KEM_kyber_1024_90s_length_ciphertext 1568 +#define OQS_KEM_kyber_1024_90s_length_shared_secret 32 +OQS_KEM *OQS_KEM_kyber_1024_90s_new(void); +OQS_API OQS_STATUS OQS_KEM_kyber_1024_90s_keypair(uint8_t *public_key, uint8_t *secret_key); +OQS_API OQS_STATUS OQS_KEM_kyber_1024_90s_encaps(uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key); +OQS_API OQS_STATUS OQS_KEM_kyber_1024_90s_decaps(uint8_t *shared_secret, const uint8_t *ciphertext, const uint8_t *secret_key); +#endif + +#endif + diff --git a/lib/liboqs/include/oqs/oqs.h b/lib/liboqs/include/oqs/oqs.h new file mode 100644 index 000000000..60b332142 --- /dev/null +++ b/lib/liboqs/include/oqs/oqs.h @@ -0,0 +1,25 @@ +/** + * \file oqs.h + * \brief Overall header file for liboqs. + * + * C programs using liboqs can include just this one file, and it will include all + * other necessary headers from liboqs. + * + * SPDX-License-Identifier: MIT + */ + +#ifndef OQS_H +#define OQS_H + +#include <oqs/oqsconfig.h> + +#include <oqs/common.h> +#include <oqs/aes.h> +#include <oqs/sha2.h> +#include <oqs/sha3.h> +#include <oqs/sha3x4.h> +#include <oqs/rand.h> +#include <oqs/kem.h> +#include <oqs/sig.h> + +#endif // OQS_H diff --git a/lib/liboqs/include/oqs/oqsconfig.h b/lib/liboqs/include/oqs/oqsconfig.h new file mode 100644 index 000000000..ef1d062cb --- /dev/null +++ b/lib/liboqs/include/oqs/oqsconfig.h @@ -0,0 +1,215 @@ +// SPDX-License-Identifier: MIT + +#define OQS_VERSION_TEXT "0.8.0-dev" +#define OQS_COMPILE_BUILD_TARGET "x86_64-Linux-5.14.0-252.el9.x86_64" +/* #undef OQS_DIST_BUILD */ +/* #undef OQS_DIST_X86_64_BUILD */ +/* #undef OQS_DIST_X86_BUILD */ +/* #undef OQS_DIST_ARM64_V8_BUILD */ +/* #undef OQS_DIST_ARM32_V7_BUILD */ +/* #undef OQS_DIST_PPC64LE_BUILD */ +/* #undef OQS_DEBUG_BUILD */ +#define ARCH_X86_64 1 +/* #undef ARCH_ARM64v8 */ +/* #undef ARCH_ARM32v7 */ +#define BUILD_SHARED_LIBS 1 +#define OQS_BUILD_ONLY_LIB 1 +#define OQS_OPT_TARGET "generic" +/* #undef USE_SANITIZER */ +/* #undef CMAKE_BUILD_TYPE */ + +/* #undef OQS_USE_OPENSSL */ +/* #undef OQS_USE_AES_OPENSSL */ +/* #undef OQS_USE_SHA2_OPENSSL */ +/* #undef OQS_USE_SHA3_OPENSSL */ + +/* #undef OQS_USE_PTHREADS_IN_TESTS */ + +/* #undef OQS_USE_ADX_INSTRUCTIONS */ +/* #undef OQS_USE_AES_INSTRUCTIONS */ +/* #undef OQS_USE_AVX_INSTRUCTIONS */ +/* #undef OQS_USE_AVX2_INSTRUCTIONS */ +/* #undef OQS_USE_AVX512_INSTRUCTIONS */ +/* #undef OQS_USE_BMI1_INSTRUCTIONS */ +/* #undef OQS_USE_BMI2_INSTRUCTIONS */ +/* #undef OQS_USE_PCLMULQDQ_INSTRUCTIONS */ +/* #undef OQS_USE_VPCLMULQDQ_INSTRUCTIONS */ +#define OQS_USE_POPCNT_INSTRUCTIONS 1 +#define OQS_USE_SSE_INSTRUCTIONS 1 +#define OQS_USE_SSE2_INSTRUCTIONS 1 +#define OQS_USE_SSE3_INSTRUCTIONS 1 + +/* #undef OQS_USE_ARM_AES_INSTRUCTIONS */ +/* #undef OQS_USE_ARM_SHA2_INSTRUCTIONS */ +/* #undef OQS_USE_ARM_SHA3_INSTRUCTIONS */ +/* #undef OQS_USE_ARM_NEON_INSTRUCTIONS */ + +/* #undef OQS_SPEED_USE_ARM_PMU */ + +/* #undef OQS_ENABLE_TEST_CONSTANT_TIME */ + +/* #undef OQS_ENABLE_SHA3_xkcp_low_avx2 */ + +/* #undef OQS_ENABLE_KEM_BIKE */ +/* #undef OQS_ENABLE_KEM_bike_l1 */ +/* #undef OQS_ENABLE_KEM_bike_l3 */ +/* #undef OQS_ENABLE_KEM_bike_l5 */ + +/* #undef OQS_ENABLE_KEM_FRODOKEM */ +/* #undef OQS_ENABLE_KEM_frodokem_640_aes */ +/* #undef OQS_ENABLE_KEM_frodokem_640_shake */ +/* #undef OQS_ENABLE_KEM_frodokem_976_aes */ +/* #undef OQS_ENABLE_KEM_frodokem_976_shake */ +/* #undef OQS_ENABLE_KEM_frodokem_1344_aes */ +/* #undef OQS_ENABLE_KEM_frodokem_1344_shake */ + +/* #undef OQS_ENABLE_KEM_NTRUPRIME */ +/* #undef OQS_ENABLE_KEM_ntruprime_sntrup761 */ +/* #undef OQS_ENABLE_KEM_ntruprime_sntrup761_avx2 */ + +///// OQS_COPY_FROM_UPSTREAM_FRAGMENT_ADD_ALG_ENABLE_DEFINES_START + +/* #undef OQS_ENABLE_KEM_CLASSIC_MCELIECE */ +/* #undef OQS_ENABLE_KEM_classic_mceliece_348864 */ +/* #undef OQS_ENABLE_KEM_classic_mceliece_348864_avx */ +/* #undef OQS_ENABLE_KEM_classic_mceliece_348864f */ +/* #undef OQS_ENABLE_KEM_classic_mceliece_348864f_avx */ +/* #undef OQS_ENABLE_KEM_classic_mceliece_460896 */ +/* #undef OQS_ENABLE_KEM_classic_mceliece_460896_avx */ +/* #undef OQS_ENABLE_KEM_classic_mceliece_460896f */ +/* #undef OQS_ENABLE_KEM_classic_mceliece_460896f_avx */ +/* #undef OQS_ENABLE_KEM_classic_mceliece_6688128 */ +/* #undef OQS_ENABLE_KEM_classic_mceliece_6688128_avx */ +/* #undef OQS_ENABLE_KEM_classic_mceliece_6688128f */ +/* #undef OQS_ENABLE_KEM_classic_mceliece_6688128f_avx */ +/* #undef OQS_ENABLE_KEM_classic_mceliece_6960119 */ +/* #undef OQS_ENABLE_KEM_classic_mceliece_6960119_avx */ +/* #undef OQS_ENABLE_KEM_classic_mceliece_6960119f */ +/* #undef OQS_ENABLE_KEM_classic_mceliece_6960119f_avx */ +/* #undef OQS_ENABLE_KEM_classic_mceliece_8192128 */ +/* #undef OQS_ENABLE_KEM_classic_mceliece_8192128_avx */ +/* #undef OQS_ENABLE_KEM_classic_mceliece_8192128f */ +/* #undef OQS_ENABLE_KEM_classic_mceliece_8192128f_avx */ + +/* #undef OQS_ENABLE_KEM_HQC */ +/* #undef OQS_ENABLE_KEM_hqc_128 */ +/* #undef OQS_ENABLE_KEM_hqc_128_avx2 */ +/* #undef OQS_ENABLE_KEM_hqc_192 */ +/* #undef OQS_ENABLE_KEM_hqc_192_avx2 */ +/* #undef OQS_ENABLE_KEM_hqc_256 */ +/* #undef OQS_ENABLE_KEM_hqc_256_avx2 */ + +#define OQS_ENABLE_KEM_KYBER 1 +#define OQS_ENABLE_KEM_kyber_512 1 +/* #undef OQS_ENABLE_KEM_kyber_512_avx2 */ +/* #undef OQS_ENABLE_KEM_kyber_512_aarch64 */ +#define OQS_ENABLE_KEM_kyber_768 1 +/* #undef OQS_ENABLE_KEM_kyber_768_avx2 */ +/* #undef OQS_ENABLE_KEM_kyber_768_aarch64 */ +#define OQS_ENABLE_KEM_kyber_1024 1 +/* #undef OQS_ENABLE_KEM_kyber_1024_avx2 */ +/* #undef OQS_ENABLE_KEM_kyber_1024_aarch64 */ +/* #undef OQS_ENABLE_KEM_kyber_512_90s */ +/* #undef OQS_ENABLE_KEM_kyber_512_90s_avx2 */ +/* #undef OQS_ENABLE_KEM_kyber_768_90s */ +/* #undef OQS_ENABLE_KEM_kyber_768_90s_avx2 */ +/* #undef OQS_ENABLE_KEM_kyber_1024_90s */ +/* #undef OQS_ENABLE_KEM_kyber_1024_90s_avx2 */ + +#define OQS_ENABLE_SIG_DILITHIUM 1 +#define OQS_ENABLE_SIG_dilithium_2 1 +/* #undef OQS_ENABLE_SIG_dilithium_2_avx2 */ +/* #undef OQS_ENABLE_SIG_dilithium_2_aarch64 */ +#define OQS_ENABLE_SIG_dilithium_3 1 +/* #undef OQS_ENABLE_SIG_dilithium_3_avx2 */ +/* #undef OQS_ENABLE_SIG_dilithium_3_aarch64 */ +#define OQS_ENABLE_SIG_dilithium_5 1 +/* #undef OQS_ENABLE_SIG_dilithium_5_avx2 */ +/* #undef OQS_ENABLE_SIG_dilithium_5_aarch64 */ +/* #undef OQS_ENABLE_SIG_dilithium_2_aes */ +/* #undef OQS_ENABLE_SIG_dilithium_2_aes_avx2 */ +/* #undef OQS_ENABLE_SIG_dilithium_3_aes */ +/* #undef OQS_ENABLE_SIG_dilithium_3_aes_avx2 */ +/* #undef OQS_ENABLE_SIG_dilithium_5_aes */ +/* #undef OQS_ENABLE_SIG_dilithium_5_aes_avx2 */ + +#define OQS_ENABLE_SIG_FALCON 1 +#define OQS_ENABLE_SIG_falcon_512 1 +/* #undef OQS_ENABLE_SIG_falcon_512_avx2 */ +#define OQS_ENABLE_SIG_falcon_1024 1 +/* #undef OQS_ENABLE_SIG_falcon_1024_avx2 */ + +#define OQS_ENABLE_SIG_SPHINCS 1 +/* #undef OQS_ENABLE_SIG_sphincs_haraka_128f_robust */ +/* #undef OQS_ENABLE_SIG_sphincs_haraka_128f_robust_aesni */ +/* #undef OQS_ENABLE_SIG_sphincs_haraka_128f_simple */ +/* #undef OQS_ENABLE_SIG_sphincs_haraka_128f_simple_aesni */ +/* #undef OQS_ENABLE_SIG_sphincs_haraka_128s_robust */ +/* #undef OQS_ENABLE_SIG_sphincs_haraka_128s_robust_aesni */ +/* #undef OQS_ENABLE_SIG_sphincs_haraka_128s_simple */ +/* #undef OQS_ENABLE_SIG_sphincs_haraka_128s_simple_aesni */ +/* #undef OQS_ENABLE_SIG_sphincs_haraka_192f_robust */ +/* #undef OQS_ENABLE_SIG_sphincs_haraka_192f_robust_aesni */ +/* #undef OQS_ENABLE_SIG_sphincs_haraka_192f_simple */ +/* #undef OQS_ENABLE_SIG_sphincs_haraka_192f_simple_aesni */ +/* #undef OQS_ENABLE_SIG_sphincs_haraka_192s_robust */ +/* #undef OQS_ENABLE_SIG_sphincs_haraka_192s_robust_aesni */ +/* #undef OQS_ENABLE_SIG_sphincs_haraka_192s_simple */ +/* #undef OQS_ENABLE_SIG_sphincs_haraka_192s_simple_aesni */ +/* #undef OQS_ENABLE_SIG_sphincs_haraka_256f_robust */ +/* #undef OQS_ENABLE_SIG_sphincs_haraka_256f_robust_aesni */ +/* #undef OQS_ENABLE_SIG_sphincs_haraka_256f_simple */ +/* #undef OQS_ENABLE_SIG_sphincs_haraka_256f_simple_aesni */ +/* #undef OQS_ENABLE_SIG_sphincs_haraka_256s_robust */ +/* #undef OQS_ENABLE_SIG_sphincs_haraka_256s_robust_aesni */ +/* #undef OQS_ENABLE_SIG_sphincs_haraka_256s_simple */ +/* #undef OQS_ENABLE_SIG_sphincs_haraka_256s_simple_aesni */ +/* #undef OQS_ENABLE_SIG_sphincs_sha256_128f_robust */ +/* #undef OQS_ENABLE_SIG_sphincs_sha256_128f_robust_avx2 */ +#define OQS_ENABLE_SIG_sphincs_sha256_128f_simple 1 +/* #undef OQS_ENABLE_SIG_sphincs_sha256_128f_simple_avx2 */ +/* #undef OQS_ENABLE_SIG_sphincs_sha256_128s_robust */ +/* #undef OQS_ENABLE_SIG_sphincs_sha256_128s_robust_avx2 */ +#define OQS_ENABLE_SIG_sphincs_sha256_128s_simple 1 +/* #undef OQS_ENABLE_SIG_sphincs_sha256_128s_simple_avx2 */ +/* #undef OQS_ENABLE_SIG_sphincs_sha256_192f_robust */ +/* #undef OQS_ENABLE_SIG_sphincs_sha256_192f_robust_avx2 */ +#define OQS_ENABLE_SIG_sphincs_sha256_192f_simple 1 +/* #undef OQS_ENABLE_SIG_sphincs_sha256_192f_simple_avx2 */ +/* #undef OQS_ENABLE_SIG_sphincs_sha256_192s_robust */ +/* #undef OQS_ENABLE_SIG_sphincs_sha256_192s_robust_avx2 */ +#define OQS_ENABLE_SIG_sphincs_sha256_192s_simple 1 +/* #undef OQS_ENABLE_SIG_sphincs_sha256_192s_simple_avx2 */ +/* #undef OQS_ENABLE_SIG_sphincs_sha256_256f_robust */ +/* #undef OQS_ENABLE_SIG_sphincs_sha256_256f_robust_avx2 */ +#define OQS_ENABLE_SIG_sphincs_sha256_256f_simple 1 +/* #undef OQS_ENABLE_SIG_sphincs_sha256_256f_simple_avx2 */ +/* #undef OQS_ENABLE_SIG_sphincs_sha256_256s_robust */ +/* #undef OQS_ENABLE_SIG_sphincs_sha256_256s_robust_avx2 */ +#define OQS_ENABLE_SIG_sphincs_sha256_256s_simple 1 +/* #undef OQS_ENABLE_SIG_sphincs_sha256_256s_simple_avx2 */ +/* #undef OQS_ENABLE_SIG_sphincs_shake256_128f_robust */ +/* #undef OQS_ENABLE_SIG_sphincs_shake256_128f_robust_avx2 */ +#define OQS_ENABLE_SIG_sphincs_shake256_128f_simple 1 +/* #undef OQS_ENABLE_SIG_sphincs_shake256_128f_simple_avx2 */ +/* #undef OQS_ENABLE_SIG_sphincs_shake256_128s_robust */ +/* #undef OQS_ENABLE_SIG_sphincs_shake256_128s_robust_avx2 */ +#define OQS_ENABLE_SIG_sphincs_shake256_128s_simple 1 +/* #undef OQS_ENABLE_SIG_sphincs_shake256_128s_simple_avx2 */ +/* #undef OQS_ENABLE_SIG_sphincs_shake256_192f_robust */ +/* #undef OQS_ENABLE_SIG_sphincs_shake256_192f_robust_avx2 */ +#define OQS_ENABLE_SIG_sphincs_shake256_192f_simple 1 +/* #undef OQS_ENABLE_SIG_sphincs_shake256_192f_simple_avx2 */ +/* #undef OQS_ENABLE_SIG_sphincs_shake256_192s_robust */ +/* #undef OQS_ENABLE_SIG_sphincs_shake256_192s_robust_avx2 */ +#define OQS_ENABLE_SIG_sphincs_shake256_192s_simple 1 +/* #undef OQS_ENABLE_SIG_sphincs_shake256_192s_simple_avx2 */ +/* #undef OQS_ENABLE_SIG_sphincs_shake256_256f_robust */ +/* #undef OQS_ENABLE_SIG_sphincs_shake256_256f_robust_avx2 */ +#define OQS_ENABLE_SIG_sphincs_shake256_256f_simple 1 +/* #undef OQS_ENABLE_SIG_sphincs_shake256_256f_simple_avx2 */ +/* #undef OQS_ENABLE_SIG_sphincs_shake256_256s_robust */ +/* #undef OQS_ENABLE_SIG_sphincs_shake256_256s_robust_avx2 */ +#define OQS_ENABLE_SIG_sphincs_shake256_256s_simple 1 +/* #undef OQS_ENABLE_SIG_sphincs_shake256_256s_simple_avx2 */ +///// OQS_COPY_FROM_UPSTREAM_FRAGMENT_ADD_ALG_ENABLE_DEFINES_END diff --git a/lib/liboqs/include/oqs/rand.h b/lib/liboqs/include/oqs/rand.h new file mode 100644 index 000000000..3499c2593 --- /dev/null +++ b/lib/liboqs/include/oqs/rand.h @@ -0,0 +1,73 @@ +/** + * \file rand.h + * \brief Random number generator. + * + * SPDX-License-Identifier: MIT + */ + +#ifndef OQS_RANDOM_H +#define OQS_RANDOM_H + +#include <stdbool.h> +#include <stddef.h> +#include <stdint.h> + +#include <oqs/common.h> + +#if defined(__cplusplus) +extern "C" { +#endif + +/** Algorithm identifier for system PRNG. */ +#define OQS_RAND_alg_system "system" +/** Algorithm identifier for NIST deterministic RNG for KATs. */ +#define OQS_RAND_alg_nist_kat "NIST-KAT" +/** Algorithm identifier for using OpenSSL's PRNG. */ +#define OQS_RAND_alg_openssl "OpenSSL" + +/** + * Switches OQS_randombytes to use the specified algorithm. + * + * @param[in] algorithm The name of the algorithm to use. + * @return OQS_SUCCESS if `algorithm` is a supported algorithm name, OQS_ERROR otherwise. + */ +OQS_API OQS_STATUS OQS_randombytes_switch_algorithm(const char *algorithm); + +/** + * Switches OQS_randombytes to use the given function. + * + * This allows additional custom RNGs besides the provided ones. The provided RNG + * function must have the same signature as `OQS_randombytes`. + * + * @param[in] algorithm_ptr Pointer to the RNG function to use. + */ +OQS_API void OQS_randombytes_custom_algorithm(void (*algorithm_ptr)(uint8_t *, size_t)); + +/** + * Fills the given memory with the requested number of (pseudo)random bytes. + * + * This implementation uses whichever algorithm has been selected by + * OQS_randombytes_switch_algorithm. The default is OQS_randombytes_system, which + * reads bytes directly from `/dev/urandom`. + * + * The caller is responsible for providing a buffer allocated with sufficient room. + * + * @param[out] random_array Pointer to the memory to fill with (pseudo)random bytes + * @param[in] bytes_to_read The number of random bytes to read into memory + */ +OQS_API void OQS_randombytes(uint8_t *random_array, size_t bytes_to_read); + +/** + * Initializes the NIST DRBG with a given seed and with 256-bit security. + * + * @param[in] entropy_input The seed; must be exactly 48 bytes + * @param[in] personalization_string An optional personalization string; + * may be NULL; if not NULL, must be at least 48 bytes long + */ +OQS_API void OQS_randombytes_nist_kat_init_256bit(const uint8_t *entropy_input, const uint8_t *personalization_string); + +#if defined(__cplusplus) +} // extern "C" +#endif + +#endif // OQS_RANDOM_H diff --git a/lib/liboqs/include/oqs/sha2.h b/lib/liboqs/include/oqs/sha2.h new file mode 100644 index 000000000..8d8973e4c --- /dev/null +++ b/lib/liboqs/include/oqs/sha2.h @@ -0,0 +1,257 @@ +/** + * \file sha2.h + * \brief SHA2 functions; not part of the OQS public API + * + * Contains the API and documentation for SHA2 digest implementation + * + * <b>Note this is not part of the OQS public API: implementations within liboqs can use these + * functions, but external consumers of liboqs should not use these functions.</b> + * + * \author Douglas Stebila + * + * SPDX-License-Identifier: MIT + */ + +#ifndef OQS_SHA2_H +#define OQS_SHA2_H + +#include <stddef.h> +#include <stdint.h> + +#if defined(__cplusplus) +extern "C" { +#endif + +/** Data structure for the state of the SHA-224 incremental hashing API. */ +typedef struct { + /** Internal state */ + void *ctx; +} OQS_SHA2_sha224_ctx; + +/** + * \brief Process a message with SHA-256 and return the hash code in the output byte array. + * + * \warning The output array must be at least 32 bytes in length. + * + * \param output The output byte array + * \param input The message input byte array + * \param inplen The number of message bytes to process + */ +void OQS_SHA2_sha256(uint8_t *output, const uint8_t *input, size_t inplen); + +/** Data structure for the state of the SHA-256 incremental hashing API. */ +typedef struct { + /** Internal state */ + void *ctx; +} OQS_SHA2_sha256_ctx; + +/** + * \brief Allocate and initialize the state for the SHA-256 incremental hashing API. + * + * \warning The state must be released by OQS_SHA2_sha256_inc_finalize + * or OQS_SHA2_sha256_inc_ctx_release. + * + * \param state Pointer to the state + */ +void OQS_SHA2_sha256_inc_init(OQS_SHA2_sha256_ctx *state); + +/** + * \brief Duplicate state for the SHA-256 incremental hashing API. + * + * \warning dest must be allocated by the caller. Caller is responsible + * for releasing dest by calling either OQS_SHA3_sha3_256_inc_finalize or + * OQS_SHA3_sha3_256_inc_ctx_release. + * + * \param dest The function state to copy into; must be initialized + * \param src The function state to copy; must be initialized + */ +void OQS_SHA2_sha256_inc_ctx_clone(OQS_SHA2_sha256_ctx *dest, const OQS_SHA2_sha256_ctx *src); + +/** + * \brief Process blocks with SHA-256 and update the state. + * + * \warning The state must be initialized by OQS_SHA2_sha256_inc_init or OQS_SHA2_sha256_inc_ctx_clone. + * + * \param state The state to update + * \param in Message input byte array + * \param inblocks The number of blocks of message bytes to process + */ +void OQS_SHA2_sha256_inc_blocks(OQS_SHA2_sha256_ctx *state, const uint8_t *in, size_t inblocks); + +/** + * \brief Process more message bytes with SHA-256 and return the hash code in the output byte array. + * + * \warning The output array must be at least 32 bytes in length. The state is + * deallocated by this function and can not be used again after calling + * this function without calling OQS_SHA2_sha256_inc_init again. + * + * \param out The output byte array + * \param state The state + * \param in Additional message input byte array + * \param inlen The number of additional message bytes to process + */ +void OQS_SHA2_sha256_inc_finalize(uint8_t *out, OQS_SHA2_sha256_ctx *state, const uint8_t *in, size_t inlen); + +/** + * \brief Destroy state. + * + * \warning The state is deallocated by this function and can not be used again after calling + * this function without calling OQS_SHA2_sha256_inc_init again. + * + * \param state The state + */ +void OQS_SHA2_sha256_inc_ctx_release(OQS_SHA2_sha256_ctx *state); + +/** + * \brief Process a message with SHA-384 and return the hash code in the output byte array. + * + * \warning The output array must be at least 48 bytes in length. + * + * \param output The output byte array + * \param input The message input byte array + * \param inplen The number of message bytes to process + */ +void OQS_SHA2_sha384(uint8_t *output, const uint8_t *input, size_t inplen); + +/** Data structure for the state of the SHA-384 incremental hashing API. */ +typedef struct { + /** Internal state. */ + void *ctx; +} OQS_SHA2_sha384_ctx; + +/** + * \brief Allocate and initialize the state for the SHA-384 incremental hashing API. + * + * \warning The state must be released by OQS_SHA2_sha384_inc_finalize + * or OQS_SHA2_sha384_inc_ctx_release. + * + * \param state Pointer to the state + */ +void OQS_SHA2_sha384_inc_init(OQS_SHA2_sha384_ctx *state); + +/** + * \brief Duplicate state for the SHA-384 incremental hashing API. + * + * \warning dest must be allocated by the caller. Caller is responsible + * for releasing dest by calling either OQS_SHA3_sha3_384_inc_finalize or + * OQS_SHA3_sha3_384_inc_ctx_release. + * + * \param dest The function state to copy into; must be initialized + * \param src The function state to copy; must be initialized + */ +void OQS_SHA2_sha384_inc_ctx_clone(OQS_SHA2_sha384_ctx *dest, const OQS_SHA2_sha384_ctx *src); + +/** + * \brief Process blocks with SHA-384 and update the state. + * + * \warning The state must be initialized by OQS_SHA2_sha384_inc_init or OQS_SHA2_sha384_inc_ctx_clone. + * + * \param state The state to update + * \param in Message input byte array + * \param inblocks The number of blocks of message bytes to process + */ +void OQS_SHA2_sha384_inc_blocks(OQS_SHA2_sha384_ctx *state, const uint8_t *in, size_t inblocks); + +/** + * \brief Process more message bytes with SHA-384 and return the hash code in the output byte array. + * + * \warning The output array must be at least 48 bytes in length. The state is + * deallocated by this function and can not be used again after calling + * this function without calling OQS_SHA2_sha384_inc_init again. + * + * \param out The output byte array + * \param state The state + * \param in Additional message input byte array + * \param inlen The number of additional message bytes to process + */ +void OQS_SHA2_sha384_inc_finalize(uint8_t *out, OQS_SHA2_sha384_ctx *state, const uint8_t *in, size_t inlen); + +/** + * \brief Destroy state. + * + * \warning The state is deallocated by this function and can not be used again after calling + * this function without calling OQS_SHA2_sha384_inc_init again. + * + * \param state The state + */ +void OQS_SHA2_sha384_inc_ctx_release(OQS_SHA2_sha384_ctx *state); + +/** + * \brief Process a message with SHA-512 and return the hash code in the output byte array. + * + * \warning The output array must be at least 64 bytes in length. + * + * \param output The output byte array + * \param input The message input byte array + * \param inplen The number of message bytes to process + */ +void OQS_SHA2_sha512(uint8_t *output, const uint8_t *input, size_t inplen); + +/** Data structure for the state of the SHA-512 incremental hashing API. */ +typedef struct { + /** Internal state. */ + void *ctx; +} OQS_SHA2_sha512_ctx; + +/** + * \brief Allocate and initialize the state for the SHA-512 incremental hashing API. + * + * \warning The state must be released by OQS_SHA2_sha512_inc_finalize + * or OQS_SHA2_sha512_inc_ctx_release. + * + * \param state Pointer to the state + */ +void OQS_SHA2_sha512_inc_init(OQS_SHA2_sha512_ctx *state); + +/** + * \brief Duplicate state for the SHA-512 incremental hashing API. + * + * \warning dest must be allocated by the caller. Caller is responsible + * for releasing dest by calling either OQS_SHA3_sha3_512_inc_finalize or + * OQS_SHA3_sha3_512_inc_ctx_release. + * + * \param dest The function state to copy into; must be initialized + * \param src The function state to copy; must be initialized + */ +void OQS_SHA2_sha512_inc_ctx_clone(OQS_SHA2_sha512_ctx *dest, const OQS_SHA2_sha512_ctx *src); + +/** + * \brief Process blocks with SHA-512 and update the state. + * + * \warning The state must be initialized by OQS_SHA2_sha512_inc_init or OQS_SHA2_sha512_inc_ctx_clone. + * + * \param state The state to update + * \param in Message input byte array + * \param inblocks The number of blocks of message bytes to process + */ +void OQS_SHA2_sha512_inc_blocks(OQS_SHA2_sha512_ctx *state, const uint8_t *in, size_t inblocks); + +/** + * \brief Process more message bytes with SHA-512 and return the hash code in the output byte array. + * + * \warning The output array must be at least 64 bytes in length. The state is + * deallocated by this function and can not be used again after calling + * this function without calling OQS_SHA2_sha512_inc_init again. + * + * \param out The output byte array + * \param state The state + * \param in Additional message input byte array + * \param inlen The number of additional message bytes to process + */ +void OQS_SHA2_sha512_inc_finalize(uint8_t *out, OQS_SHA2_sha512_ctx *state, const uint8_t *in, size_t inlen); + +/** + * \brief Destroy state. + * + * \warning The state is deallocated by this function and can not be used again after calling + * this function without calling OQS_SHA2_sha512_inc_init again. + * + * \param state The state + */ +void OQS_SHA2_sha512_inc_ctx_release(OQS_SHA2_sha512_ctx *state); + +#if defined(__cplusplus) +} // extern "C" +#endif + +#endif // OQS_SHA2_H diff --git a/lib/liboqs/include/oqs/sha3.h b/lib/liboqs/include/oqs/sha3.h new file mode 100644 index 000000000..d66c7289e --- /dev/null +++ b/lib/liboqs/include/oqs/sha3.h @@ -0,0 +1,429 @@ +/** + * \file sha3.h + * \brief SHA3 and SHAKE functions; not part of the OQS public API + * + * Contains the API and documentation for SHA3 digest and SHAKE implementations. + * + * <b>Note this is not part of the OQS public API: implementations within liboqs can use these + * functions, but external consumers of liboqs should not use these functions.</b> + * + * \author John Underhill, Douglas Stebila + * + * SPDX-License-Identifier: MIT + */ + +#ifndef OQS_SHA3_H +#define OQS_SHA3_H + +#include <stddef.h> +#include <stdint.h> + +#if defined(__cplusplus) +extern "C" { +#endif + +/* SHA3 */ + +/** The SHA-256 byte absorption rate */ +#define OQS_SHA3_SHA3_256_RATE 136 + +/** + * \brief Process a message with SHA3-256 and return the digest in the output byte array. + * + * \warning The output array must be at least 32 bytes in length. + * + * \param output The output byte array + * \param input The message input byte array + * \param inplen The number of message bytes to process + */ +void OQS_SHA3_sha3_256(uint8_t *output, const uint8_t *input, size_t inplen); + +/** Data structure for the state of the incremental SHA3-256 API. */ +typedef struct { + /** Internal state. */ + void *ctx; +} OQS_SHA3_sha3_256_inc_ctx; + +/** + * \brief Initialize the state for the incremental SHA3-256 API. + * + * \warning Caller is responsible for releasing state by calling + * OQS_SHA3_sha3_256_inc_ctx_release. + * + * \param state The function state to be allocated and initialized. + */ +void OQS_SHA3_sha3_256_inc_init(OQS_SHA3_sha3_256_inc_ctx *state); + +/** + * \brief The SHA3-256 absorb function. + * Absorb an input into the state. + * + * \param state The function state; must be initialized + * \param input The input array + * \param inlen The length of the input + */ +void OQS_SHA3_sha3_256_inc_absorb(OQS_SHA3_sha3_256_inc_ctx *state, const uint8_t *input, size_t inlen); + +/** + * \brief The SHA3-256 finalize-and-squeeze function. + * Finalizes the state and squeezes a 32 byte digest. + * + * \warning Output array must be at least 32 bytes. + * State cannot be used after this without calling OQS_SHA3_sha3_256_inc_reset. + * + * \param output The output byte array + * \param state The function state; must be initialized + */ +void OQS_SHA3_sha3_256_inc_finalize(uint8_t *output, OQS_SHA3_sha3_256_inc_ctx *state); + +/** + * \brief Release the state for the SHA3-256 incremental API. + * + * \param state The function state; must be initialized + */ +void OQS_SHA3_sha3_256_inc_ctx_release(OQS_SHA3_sha3_256_inc_ctx *state); + +/** + * \brief Resets the state for the SHA3-256 incremental API. + * Alternative to freeing and reinitializing the state. + * + * \param state The function state; must be initialized + */ +void OQS_SHA3_sha3_256_inc_ctx_reset(OQS_SHA3_sha3_256_inc_ctx *state); + +/** + * \brief Clone the state for the SHA3-256 incremental API. + * + * \param dest The function state to copy into; must be initialized + * \param src The function state to copy; must be initialized + */ +void OQS_SHA3_sha3_256_inc_ctx_clone(OQS_SHA3_sha3_256_inc_ctx *dest, const OQS_SHA3_sha3_256_inc_ctx *src); + +/** The SHA-384 byte absorption rate */ +#define OQS_SHA3_SHA3_384_RATE 104 + +/** + * \brief Process a message with SHA3-384 and return the digest in the output byte array. + * + * \warning The output array must be at least 48 bytes in length. + * + * \param output The output byte array + * \param input The message input byte array + * \param inplen The number of message bytes to process + */ +void OQS_SHA3_sha3_384(uint8_t *output, const uint8_t *input, size_t inplen); + +/** Data structure for the state of the incremental SHA3-384 API. */ +typedef struct { + /** Internal state. */ + void *ctx; +} OQS_SHA3_sha3_384_inc_ctx; + +/** + * \brief Initialize the state for the incremental SHA3-384 API. + * + * \warning Caller is responsible for releasing state by calling + * OQS_SHA3_sha3_384_inc_ctx_release. + * + * \param state The function state to be allocated and initialized. + */ +void OQS_SHA3_sha3_384_inc_init(OQS_SHA3_sha3_384_inc_ctx *state); + +/** + * \brief The SHA3-384 absorb function. + * Absorb an input into the state. + * + * \param state The function state; must be initialized + * \param input The input array + * \param inlen The length of the input + */ +void OQS_SHA3_sha3_384_inc_absorb(OQS_SHA3_sha3_384_inc_ctx *state, const uint8_t *input, size_t inlen); + +/** + * \brief The SHA3-384 finalize-and-squeeze function. + * Finalizes the state and squeezes a 48 byte digest. + * + * \warning Output array must be at least 48 bytes. + * State cannot be used after this without calling OQS_SHA3_sha3_384_inc_reset. + * + * \param output The output byte array + * \param state The function state; must be initialized + */ +void OQS_SHA3_sha3_384_inc_finalize(uint8_t *output, OQS_SHA3_sha3_384_inc_ctx *state); + +/** + * \brief Release the state for the SHA3-384 incremental API. + * + * \param state The function state; must be initialized + */ +void OQS_SHA3_sha3_384_inc_ctx_release(OQS_SHA3_sha3_384_inc_ctx *state); + +/** + * \brief Resets the state for the SHA3-384 incremental API. + * Alternative to freeing and reinitializing the state. + * + * \param state The function state; must be initialized + */ +void OQS_SHA3_sha3_384_inc_ctx_reset(OQS_SHA3_sha3_384_inc_ctx *state); + +/** + * \brief Clone the state for the SHA3-384 incremental API. + * + * \param dest The function state to copy into; must be initialized + * \param src The function state to copy; must be initialized + */ +void OQS_SHA3_sha3_384_inc_ctx_clone(OQS_SHA3_sha3_384_inc_ctx *dest, const OQS_SHA3_sha3_384_inc_ctx *src); + +/** The SHA-512 byte absorption rate */ +#define OQS_SHA3_SHA3_512_RATE 72 + +/** + * \brief Process a message with SHA3-512 and return the digest in the output byte array. + * + * \warning The output array must be at least 64 bytes in length. + * + * \param output The output byte array + * \param input The message input byte array + * \param inplen The number of message bytes to process + */ +void OQS_SHA3_sha3_512(uint8_t *output, const uint8_t *input, size_t inplen); + +/** Data structure for the state of the incremental SHA3-512 API. */ +typedef struct { + /** Internal state. */ + void *ctx; +} OQS_SHA3_sha3_512_inc_ctx; + +/** + * \brief Initialize the state for the incremental SHA3-512 API. + * + * \warning Caller is responsible for releasing state by calling + * OQS_SHA3_sha3_512_inc_ctx_release. + * + * \param state The function state to be allocated and initialized. + */ +void OQS_SHA3_sha3_512_inc_init(OQS_SHA3_sha3_512_inc_ctx *state); + +/** + * \brief The SHA3-512 absorb function. + * Absorb an input into the state. + * + * \param state The function state; must be initialized + * \param input The input array + * \param inlen The length of the input + */ +void OQS_SHA3_sha3_512_inc_absorb(OQS_SHA3_sha3_512_inc_ctx *state, const uint8_t *input, size_t inlen); + +/** + * \brief The SHA3-512 finalize-and-squeeze function. + * Finalizes the state and squeezes a 64 byte digest. + * + * \warning Output array must be at least 64 bytes. + * State cannot be used after this without calling OQS_SHA3_sha3_512_inc_reset. + * + * \param output The output byte array + * \param state The function state; must be initialized + */ +void OQS_SHA3_sha3_512_inc_finalize(uint8_t *output, OQS_SHA3_sha3_512_inc_ctx *state); + +/** + * \brief Release the state for the SHA3-512 incremental API. + * + * \param state The function state; must be initialized + */ +void OQS_SHA3_sha3_512_inc_ctx_release(OQS_SHA3_sha3_512_inc_ctx *state); + +/** + * \brief Resets the state for the SHA3-512 incremental API. + * Alternative to freeing and reinitializing the state. + * + * \param state The function state; must be initialized + */ +void OQS_SHA3_sha3_512_inc_ctx_reset(OQS_SHA3_sha3_512_inc_ctx *state); + +/** + * \brief Clone the state for the SHA3-512 incremental API. + * + * \param dest The function state to copy into; must be initialized + * \param src The function state to copy; must be initialized + */ +void OQS_SHA3_sha3_512_inc_ctx_clone(OQS_SHA3_sha3_512_inc_ctx *dest, const OQS_SHA3_sha3_512_inc_ctx *src); + +/* SHAKE */ + +/** The SHAKE-128 byte absorption rate */ +#define OQS_SHA3_SHAKE128_RATE 168 + +/** + * \brief Seed a SHAKE-128 instance, and generate an array of pseudo-random bytes. + * + * \warning The output array length must not be zero. + * + * \param output The output byte array + * \param outlen The number of output bytes to generate + * \param input The input seed byte array + * \param inplen The number of seed bytes to process + */ +void OQS_SHA3_shake128(uint8_t *output, size_t outlen, const uint8_t *input, size_t inplen); + +/** Data structure for the state of the incremental SHAKE-128 API. */ +typedef struct { + /** Internal state. */ + void *ctx; +} OQS_SHA3_shake128_inc_ctx; + +/** + * \brief Initialize the state for the incremental SHAKE-128 API. + * + * \warning Caller is responsible for releasing state by calling + * OQS_SHA3_shake128_inc_ctx_release. + * + * \param state The function state to be initialized; must be allocated + */ +void OQS_SHA3_shake128_inc_init(OQS_SHA3_shake128_inc_ctx *state); + +/** + * \brief The SHAKE-128 absorb function. + * Absorb an input into the state. + * + * \warning State must be initialized. + * + * \param state The function state; must be initialized + * \param input input buffer + * \param inlen length of input buffer + */ +void OQS_SHA3_shake128_inc_absorb(OQS_SHA3_shake128_inc_ctx *state, const uint8_t *input, size_t inlen); + +/** + * \brief The SHAKE-128 finalize function. + * Prepares the state for squeezing. + * + * \param state The function state; must be initialized + */ +void OQS_SHA3_shake128_inc_finalize(OQS_SHA3_shake128_inc_ctx *state); + +/** + * \brief The SHAKE-128 squeeze function. + * Extracts to an output byte array. + * + * \param output output buffer + * \param outlen bytes of outbut buffer + * \param state The function state; must be initialized and finalized + */ +void OQS_SHA3_shake128_inc_squeeze(uint8_t *output, size_t outlen, OQS_SHA3_shake128_inc_ctx *state); + +/** + * \brief Frees the state for the incremental SHAKE-128 API. + * + * \param state The state to free + */ +void OQS_SHA3_shake128_inc_ctx_release(OQS_SHA3_shake128_inc_ctx *state); + +/** + * \brief Copies the state for the SHAKE-128 incremental API. + * + * \warning Caller is responsible for releasing dest by calling + * OQS_SHA3_shake128_inc_ctx_release. + * + * \param dest The function state to copy into; must be initialized + * \param src The function state to copy; must be initialized + */ +void OQS_SHA3_shake128_inc_ctx_clone(OQS_SHA3_shake128_inc_ctx *dest, const OQS_SHA3_shake128_inc_ctx *src); + +/** + * \brief Resets the state for the SHAKE-128 incremental API. Allows a context + * to be re-used without free and init calls. + * + * \param state The function state; must be initialized + */ +void OQS_SHA3_shake128_inc_ctx_reset(OQS_SHA3_shake128_inc_ctx *state); + +/** The SHAKE-256 byte absorption rate */ +#define OQS_SHA3_SHAKE256_RATE 136 + +/** + * \brief Seed a SHAKE-256 instance, and generate an array of pseudo-random bytes. + * + * \warning The output array length must not be zero. + * + * \param output The output byte array + * \param outlen The number of output bytes to generate + * \param input The input seed byte array + * \param inplen The number of seed bytes to process + */ +void OQS_SHA3_shake256(uint8_t *output, size_t outlen, const uint8_t *input, size_t inplen); + +/** Data structure for the state of the incremental SHAKE-256 API. */ +typedef struct { + /** Internal state. */ + void *ctx; +} OQS_SHA3_shake256_inc_ctx; + +/** + * \brief Initialize the state for the incremental SHAKE-256 API. + * + * \param state The function state to be initialized; must be allocated + */ +void OQS_SHA3_shake256_inc_init(OQS_SHA3_shake256_inc_ctx *state); + +/** + * \brief The SHAKE-256 absorb function. + * Absorb an input message array directly into the state. + * + * \warning State must be initialized by the caller. + * + * \param state The function state; must be initialized + * \param input input buffer + * \param inlen length of input buffer + */ +void OQS_SHA3_shake256_inc_absorb(OQS_SHA3_shake256_inc_ctx *state, const uint8_t *input, size_t inlen); + +/** + * \brief The SHAKE-256 finalize function. + * + * \param state The function state; must be initialized + */ +void OQS_SHA3_shake256_inc_finalize(OQS_SHA3_shake256_inc_ctx *state); + +/** + * \brief The SHAKE-256 squeeze function. + * Extracts to an output byte array. + * + * \param output output buffer + * \param outlen bytes of outbut buffer + * \param state The function state; must be initialized + */ +void OQS_SHA3_shake256_inc_squeeze(uint8_t *output, size_t outlen, OQS_SHA3_shake256_inc_ctx *state); + +/** + * \brief Frees the state for the incremental SHAKE-256 API. + * + * \param state The state to free + */ +void OQS_SHA3_shake256_inc_ctx_release(OQS_SHA3_shake256_inc_ctx *state); + +/** + * \brief Copies the state for the incremental SHAKE-256 API. + * + * \warning dest must be allocated. dest must be freed by calling + * OQS_SHA3_shake256_inc_ctx_release. + * + * \param dest The state to copy into; must be initialized + * \param src The state to copy from; must be initialized + */ +void OQS_SHA3_shake256_inc_ctx_clone(OQS_SHA3_shake256_inc_ctx *dest, const OQS_SHA3_shake256_inc_ctx *src); + +/** + * \brief Resets the state for the SHAKE-256 incremental API. Allows a context + * to be re-used without free and init calls. + * + * \param state The function state; must be initialized + */ +void OQS_SHA3_shake256_inc_ctx_reset(OQS_SHA3_shake256_inc_ctx *state); + + +#if defined(__cplusplus) +} // extern "C" +#endif + +#endif // OQS_SHA3_H diff --git a/lib/liboqs/include/oqs/sha3x4.h b/lib/liboqs/include/oqs/sha3x4.h new file mode 100644 index 000000000..cef4e6750 --- /dev/null +++ b/lib/liboqs/include/oqs/sha3x4.h @@ -0,0 +1,263 @@ +/** + * \file shakex4.h + * \brief SHA3, SHAKE, and cSHAKE functions; not part of the OQS public API + * + * Contains the API and documentation for SHA3 digest and SHAKE implementations. + * + * <b>Note this is not part of the OQS public API: implementations within liboqs can use these + * functions, but external consumers of liboqs should not use these functions.</b> + * + * \author John Underhill, Douglas Stebila + * + * SPDX-License-Identifier: MIT + */ + +#ifndef OQS_SHA3X4_H +#define OQS_SHA3X4_H + +#include <stddef.h> +#include <stdint.h> + +#if defined(__cplusplus) +extern "C" { +#endif + +/** + * \brief Seed 4 parallel SHAKE-128 instances, and generate 4 arrays of pseudo-random bytes. + * + * \warning The output array length must not be zero. + * + * \param out0 The first output byte array + * \param out1 The second output byte array + * \param out2 The third output byte array + * \param out3 The fourth output byte array + * \param outlen The number of output bytes to generate in every output array + * \param in0 The first input seed byte array + * \param in1 The second input seed byte array + * \param in2 The third input seed byte array + * \param in3 The fourth input seed byte array + * \param inlen The number of seed bytes to process from every input array + */ +void OQS_SHA3_shake128_x4( + uint8_t *out0, + uint8_t *out1, + uint8_t *out2, + uint8_t *out3, + size_t outlen, + const uint8_t *in0, + const uint8_t *in1, + const uint8_t *in2, + const uint8_t *in3, + size_t inlen); + +/** Data structure for the state of the four-way parallel incremental SHAKE-128 API. */ +typedef struct { + /** Internal state. */ + void *ctx; +} OQS_SHA3_shake128_x4_inc_ctx; + +/** + * \brief Initialize the state for four-way parallel incremental SHAKE-128 API. + * + * \param state The function state to be initialized; must be allocated + */ +void OQS_SHA3_shake128_x4_inc_init(OQS_SHA3_shake128_x4_inc_ctx *state); + +/** + * \brief Four-way parallel SHAKE-128 absorb function. + * Absorb four input messages of the same length into four parallel states. + * + * \warning State must be initialized by the caller. + * + * \param state The function state; must be initialized + * \param in0 The input to be absorbed into first instance + * \param in1 The input to be absorbed into first instance + * \param in2 The input to be absorbed into first instance + * \param in3 The input to be absorbed into first instance + * \param inlen The number of bytes to process from each input array + */ +void OQS_SHA3_shake128_x4_inc_absorb( + OQS_SHA3_shake128_x4_inc_ctx *state, + const uint8_t *in0, + const uint8_t *in1, + const uint8_t *in2, + const uint8_t *in3, + size_t inlen); + +/** + * \brief Four-way parallel SHAKE-128 finalize function. + * Prepares the states for squeezing. + * + * \param state The function state; must be initialized + */ +void OQS_SHA3_shake128_x4_inc_finalize(OQS_SHA3_shake128_x4_inc_ctx *state); + +/** + * \brief Four-way parallel SHAKE-128 squeeze function. + * Extracts from four parallel states into four output buffers + * + * \param out0 output buffer for the first instance + * \param out1 output buffer for the second instance + * \param out2 output buffer for the third instance + * \param out3 output buffer for the fourth instance + * \param outlen bytes of outbut buffer + * \param state The function state; must be initialized and finalized. + */ +void OQS_SHA3_shake128_x4_inc_squeeze( + uint8_t *out0, + uint8_t *out1, + uint8_t *out2, + uint8_t *out3, + size_t outlen, + OQS_SHA3_shake128_x4_inc_ctx *state); + +/** + * \brief Frees the state for the four-way parallel incremental SHAKE-128 API. + * + * \param state The state to free + */ +void OQS_SHA3_shake128_x4_inc_ctx_release(OQS_SHA3_shake128_x4_inc_ctx *state); + +/** + * \brief Copies the state for the four-way parallel incremental SHAKE-128 API. + * + * \param dest The state to copy into; must be initialized + * \param src The state to copy from; must be initialized + */ +void OQS_SHA3_shake128_x4_inc_ctx_clone( + OQS_SHA3_shake128_x4_inc_ctx *dest, + const OQS_SHA3_shake128_x4_inc_ctx *src); + +/** + * \brief Resets the state for the four-way parallel incremental SHAKE-128 API. + * + * \param state The function state; must be initialized + */ +void OQS_SHA3_shake128_x4_inc_ctx_reset(OQS_SHA3_shake128_x4_inc_ctx *state); + +/* SHAKE256 */ + +/** + * \brief Seed 4 parallel SHAKE-256 instances, and generate 4 arrays of pseudo-random bytes. + * + * Uses a vectorized (AVX2) implementation of SHAKE-256 if available. + * + * \warning The output array length must not be zero. + * + * \param out0 The first output byte array + * \param out1 The second output byte array + * \param out2 The third output byte array + * \param out3 The fourth output byte array + * \param outlen The number of output bytes to generate in every output array + * \param in0 The first input seed byte array + * \param in1 The second input seed byte array + * \param in2 The third input seed byte array + * \param in3 The fourth input seed byte array + * \param inlen The number of seed bytes to process from every input array + */ +void OQS_SHA3_shake256_x4( + uint8_t *out0, + uint8_t *out1, + uint8_t *out2, + uint8_t *out3, + size_t outlen, + const uint8_t *in0, + const uint8_t *in1, + const uint8_t *in2, + const uint8_t *in3, + size_t inlen); + +/** Data structure for the state of the four-way parallel incremental SHAKE-256 API. */ +typedef struct { + /** Internal state. */ + void *ctx; +} OQS_SHA3_shake256_x4_inc_ctx; + +/** + * \brief Initialize the state for four-way parallel incremental SHAKE-256 API. + * + * \param state The function state to be initialized; must be allocated + */ +void OQS_SHA3_shake256_x4_inc_init(OQS_SHA3_shake256_x4_inc_ctx *state); + +/** + * \brief Four-way parallel SHAKE-256 absorb function. + * Absorb four input messages of the same length into four parallel states. + * + * \warning State must be initialized by the caller. + * + * \param state The function state; must be initialized + * \param in0 The input to be absorbed into first instance + * \param in1 The input to be absorbed into first instance + * \param in2 The input to be absorbed into first instance + * \param in3 The input to be absorbed into first instance + * \param inlen The number of bytes to process from each input array + */ +void OQS_SHA3_shake256_x4_inc_absorb( + OQS_SHA3_shake256_x4_inc_ctx *state, + const uint8_t *in0, + const uint8_t *in1, + const uint8_t *in2, + const uint8_t *in3, + size_t inlen); + +/** + * \brief Four-way parallel SHAKE-256 finalize function. + * + * \param state The function state; must be initialized + */ +void OQS_SHA3_shake256_x4_inc_finalize(OQS_SHA3_shake256_x4_inc_ctx *state); + +/** + * \brief Four-way parallel SHAKE-256 squeeze function. + * Extracts from four parallel states into four output buffers + * + * \param out0 output buffer for the first instance + * \param out1 output buffer for the second instance + * \param out2 output buffer for the third instance + * \param out3 output buffer for the fourth instance + * \param outlen bytes of outbut buffer + * \param state The function state; must be initialized and finalized + */ +void OQS_SHA3_shake256_x4_inc_squeeze( + uint8_t *out0, + uint8_t *out1, + uint8_t *out2, + uint8_t *out3, + size_t outlen, + OQS_SHA3_shake256_x4_inc_ctx *state); + +/** + * \brief Frees the state for the four-way parallel incremental SHAKE-256 API. + * + * \param state The state to free + */ +void OQS_SHA3_shake256_x4_inc_ctx_release(OQS_SHA3_shake256_x4_inc_ctx *state); + +/** + * \brief Copies the state for the four-way parallel incremental SHAKE-256 API. + * + * \warning dest must be allocated. dest must be freed by calling + * OQS_SHA3_shake256_inc_ctx_release. + * + * \param dest The state to copy into; must be initialized + * \param src The state to copy from; must be initialized + */ +void OQS_SHA3_shake256_x4_inc_ctx_clone( + OQS_SHA3_shake256_x4_inc_ctx *dest, + const OQS_SHA3_shake256_x4_inc_ctx *src); + +/** + * \brief Resets the state for the four-way parallel incremental SHAKE-256 API. + * Allows a context to be re-used without free and init calls. + * + * \param state The function state; must be initialized + */ +void OQS_SHA3_shake256_x4_inc_ctx_reset(OQS_SHA3_shake256_x4_inc_ctx *state); + + +#if defined(__cplusplus) +} // extern "C" +#endif + +#endif // OQS_SHA3_H diff --git a/lib/liboqs/include/oqs/sig.h b/lib/liboqs/include/oqs/sig.h new file mode 100644 index 000000000..e9ddb3f94 --- /dev/null +++ b/lib/liboqs/include/oqs/sig.h @@ -0,0 +1,310 @@ +/** + * \file sig.h + * \brief Signature schemes + * + * The file `tests/example_sig.c` contains two examples on using the OQS_SIG API. + * + * The first example uses the individual scheme's algorithms directly and uses + * no dynamic memory allocation -- all buffers are allocated on the stack, with + * sizes indicated using preprocessor macros. Since algorithms can be disabled at + * compile-time, the programmer should wrap the code in \#ifdefs. + * + * The second example uses an OQS_SIG object to use an algorithm specified at + * runtime. Therefore it uses dynamic memory allocation -- all buffers must be + * malloc'ed by the programmer, with sizes indicated using the corresponding length + * member of the OQS_SIG object in question. Since algorithms can be disabled at + * compile-time, the programmer should check that the OQS_SIG object is not `NULL`. + * + * SPDX-License-Identifier: MIT + */ + +#ifndef OQS_SIG_H +#define OQS_SIG_H + +#include <stdbool.h> +#include <stddef.h> +#include <stdint.h> + +#include <oqs/oqs.h> + +#if defined(__cplusplus) +extern "C" { +#endif + +///// OQS_COPY_FROM_UPSTREAM_FRAGMENT_ALG_IDENTIFIER_START +/** Algorithm identifier for Dilithium2 */ +#define OQS_SIG_alg_dilithium_2 "Dilithium2" +/** Algorithm identifier for Dilithium3 */ +#define OQS_SIG_alg_dilithium_3 "Dilithium3" +/** Algorithm identifier for Dilithium5 */ +#define OQS_SIG_alg_dilithium_5 "Dilithium5" +/** Algorithm identifier for Dilithium2-AES */ +#define OQS_SIG_alg_dilithium_2_aes "Dilithium2-AES" +/** Algorithm identifier for Dilithium3-AES */ +#define OQS_SIG_alg_dilithium_3_aes "Dilithium3-AES" +/** Algorithm identifier for Dilithium5-AES */ +#define OQS_SIG_alg_dilithium_5_aes "Dilithium5-AES" +/** Algorithm identifier for Falcon-512 */ +#define OQS_SIG_alg_falcon_512 "Falcon-512" +/** Algorithm identifier for Falcon-1024 */ +#define OQS_SIG_alg_falcon_1024 "Falcon-1024" +/** Algorithm identifier for SPHINCS+-Haraka-128f-robust */ +#define OQS_SIG_alg_sphincs_haraka_128f_robust "SPHINCS+-Haraka-128f-robust" +/** Algorithm identifier for SPHINCS+-Haraka-128f-simple */ +#define OQS_SIG_alg_sphincs_haraka_128f_simple "SPHINCS+-Haraka-128f-simple" +/** Algorithm identifier for SPHINCS+-Haraka-128s-robust */ +#define OQS_SIG_alg_sphincs_haraka_128s_robust "SPHINCS+-Haraka-128s-robust" +/** Algorithm identifier for SPHINCS+-Haraka-128s-simple */ +#define OQS_SIG_alg_sphincs_haraka_128s_simple "SPHINCS+-Haraka-128s-simple" +/** Algorithm identifier for SPHINCS+-Haraka-192f-robust */ +#define OQS_SIG_alg_sphincs_haraka_192f_robust "SPHINCS+-Haraka-192f-robust" +/** Algorithm identifier for SPHINCS+-Haraka-192f-simple */ +#define OQS_SIG_alg_sphincs_haraka_192f_simple "SPHINCS+-Haraka-192f-simple" +/** Algorithm identifier for SPHINCS+-Haraka-192s-robust */ +#define OQS_SIG_alg_sphincs_haraka_192s_robust "SPHINCS+-Haraka-192s-robust" +/** Algorithm identifier for SPHINCS+-Haraka-192s-simple */ +#define OQS_SIG_alg_sphincs_haraka_192s_simple "SPHINCS+-Haraka-192s-simple" +/** Algorithm identifier for SPHINCS+-Haraka-256f-robust */ +#define OQS_SIG_alg_sphincs_haraka_256f_robust "SPHINCS+-Haraka-256f-robust" +/** Algorithm identifier for SPHINCS+-Haraka-256f-simple */ +#define OQS_SIG_alg_sphincs_haraka_256f_simple "SPHINCS+-Haraka-256f-simple" +/** Algorithm identifier for SPHINCS+-Haraka-256s-robust */ +#define OQS_SIG_alg_sphincs_haraka_256s_robust "SPHINCS+-Haraka-256s-robust" +/** Algorithm identifier for SPHINCS+-Haraka-256s-simple */ +#define OQS_SIG_alg_sphincs_haraka_256s_simple "SPHINCS+-Haraka-256s-simple" +/** Algorithm identifier for SPHINCS+-SHA256-128f-robust */ +#define OQS_SIG_alg_sphincs_sha256_128f_robust "SPHINCS+-SHA256-128f-robust" +/** Algorithm identifier for SPHINCS+-SHA256-128f-simple */ +#define OQS_SIG_alg_sphincs_sha256_128f_simple "SPHINCS+-SHA256-128f-simple" +/** Algorithm identifier for SPHINCS+-SHA256-128s-robust */ +#define OQS_SIG_alg_sphincs_sha256_128s_robust "SPHINCS+-SHA256-128s-robust" +/** Algorithm identifier for SPHINCS+-SHA256-128s-simple */ +#define OQS_SIG_alg_sphincs_sha256_128s_simple "SPHINCS+-SHA256-128s-simple" +/** Algorithm identifier for SPHINCS+-SHA256-192f-robust */ +#define OQS_SIG_alg_sphincs_sha256_192f_robust "SPHINCS+-SHA256-192f-robust" +/** Algorithm identifier for SPHINCS+-SHA256-192f-simple */ +#define OQS_SIG_alg_sphincs_sha256_192f_simple "SPHINCS+-SHA256-192f-simple" +/** Algorithm identifier for SPHINCS+-SHA256-192s-robust */ +#define OQS_SIG_alg_sphincs_sha256_192s_robust "SPHINCS+-SHA256-192s-robust" +/** Algorithm identifier for SPHINCS+-SHA256-192s-simple */ +#define OQS_SIG_alg_sphincs_sha256_192s_simple "SPHINCS+-SHA256-192s-simple" +/** Algorithm identifier for SPHINCS+-SHA256-256f-robust */ +#define OQS_SIG_alg_sphincs_sha256_256f_robust "SPHINCS+-SHA256-256f-robust" +/** Algorithm identifier for SPHINCS+-SHA256-256f-simple */ +#define OQS_SIG_alg_sphincs_sha256_256f_simple "SPHINCS+-SHA256-256f-simple" +/** Algorithm identifier for SPHINCS+-SHA256-256s-robust */ +#define OQS_SIG_alg_sphincs_sha256_256s_robust "SPHINCS+-SHA256-256s-robust" +/** Algorithm identifier for SPHINCS+-SHA256-256s-simple */ +#define OQS_SIG_alg_sphincs_sha256_256s_simple "SPHINCS+-SHA256-256s-simple" +/** Algorithm identifier for SPHINCS+-SHAKE256-128f-robust */ +#define OQS_SIG_alg_sphincs_shake256_128f_robust "SPHINCS+-SHAKE256-128f-robust" +/** Algorithm identifier for SPHINCS+-SHAKE256-128f-simple */ +#define OQS_SIG_alg_sphincs_shake256_128f_simple "SPHINCS+-SHAKE256-128f-simple" +/** Algorithm identifier for SPHINCS+-SHAKE256-128s-robust */ +#define OQS_SIG_alg_sphincs_shake256_128s_robust "SPHINCS+-SHAKE256-128s-robust" +/** Algorithm identifier for SPHINCS+-SHAKE256-128s-simple */ +#define OQS_SIG_alg_sphincs_shake256_128s_simple "SPHINCS+-SHAKE256-128s-simple" +/** Algorithm identifier for SPHINCS+-SHAKE256-192f-robust */ +#define OQS_SIG_alg_sphincs_shake256_192f_robust "SPHINCS+-SHAKE256-192f-robust" +/** Algorithm identifier for SPHINCS+-SHAKE256-192f-simple */ +#define OQS_SIG_alg_sphincs_shake256_192f_simple "SPHINCS+-SHAKE256-192f-simple" +/** Algorithm identifier for SPHINCS+-SHAKE256-192s-robust */ +#define OQS_SIG_alg_sphincs_shake256_192s_robust "SPHINCS+-SHAKE256-192s-robust" +/** Algorithm identifier for SPHINCS+-SHAKE256-192s-simple */ +#define OQS_SIG_alg_sphincs_shake256_192s_simple "SPHINCS+-SHAKE256-192s-simple" +/** Algorithm identifier for SPHINCS+-SHAKE256-256f-robust */ +#define OQS_SIG_alg_sphincs_shake256_256f_robust "SPHINCS+-SHAKE256-256f-robust" +/** Algorithm identifier for SPHINCS+-SHAKE256-256f-simple */ +#define OQS_SIG_alg_sphincs_shake256_256f_simple "SPHINCS+-SHAKE256-256f-simple" +/** Algorithm identifier for SPHINCS+-SHAKE256-256s-robust */ +#define OQS_SIG_alg_sphincs_shake256_256s_robust "SPHINCS+-SHAKE256-256s-robust" +/** Algorithm identifier for SPHINCS+-SHAKE256-256s-simple */ +#define OQS_SIG_alg_sphincs_shake256_256s_simple "SPHINCS+-SHAKE256-256s-simple" +///// OQS_COPY_FROM_UPSTREAM_FRAGMENT_ALG_IDENTIFIER_END +// EDIT-WHEN-ADDING-SIG +///// OQS_COPY_FROM_UPSTREAM_FRAGMENT_ALGS_LENGTH_START +/** Number of algorithm identifiers above. */ +#define OQS_SIG_algs_length 44 +///// OQS_COPY_FROM_UPSTREAM_FRAGMENT_ALGS_LENGTH_END + +/** + * Returns identifiers for available signature schemes in liboqs. Used with OQS_SIG_new. + * + * Note that algorithm identifiers are present in this list even when the algorithm is disabled + * at compile time. + * + * @param[in] i Index of the algorithm identifier to return, 0 <= i < OQS_SIG_algs_length + * @return Algorithm identifier as a string, or NULL. + */ +OQS_API const char *OQS_SIG_alg_identifier(size_t i); + +/** + * Returns the number of signature mechanisms in liboqs. They can be enumerated with + * OQS_SIG_alg_identifier. + * + * Note that some mechanisms may be disabled at compile time. + * + * @return The number of signature mechanisms. + */ +OQS_API int OQS_SIG_alg_count(void); + +/** + * Indicates whether the specified algorithm was enabled at compile-time or not. + * + * @param[in] method_name Name of the desired algorithm; one of the names in `OQS_SIG_algs`. + * @return 1 if enabled, 0 if disabled or not found + */ +OQS_API int OQS_SIG_alg_is_enabled(const char *method_name); + +/** + * Signature schemes object + */ +typedef struct OQS_SIG { + + /** Printable string representing the name of the signature scheme. */ + const char *method_name; + + /** + * Printable string representing the version of the cryptographic algorithm. + * + * Implementations with the same method_name and same alg_version will be interoperable. + * See README.md for information about algorithm compatibility. + */ + const char *alg_version; + + /** The NIST security level (1, 2, 3, 4, 5) claimed in this algorithm's original NIST submission. */ + uint8_t claimed_nist_level; + + /** Whether the signature offers EUF-CMA security (TRUE) or not (FALSE). */ + bool euf_cma; + + /** The (maximum) length, in bytes, of public keys for this signature scheme. */ + size_t length_public_key; + /** The (maximum) length, in bytes, of secret keys for this signature scheme. */ + size_t length_secret_key; + /** The (maximum) length, in bytes, of signatures for this signature scheme. */ + size_t length_signature; + + /** + * Keypair generation algorithm. + * + * Caller is responsible for allocating sufficient memory for `public_key` and + * `secret_key`, based on the `length_*` members in this object or the per-scheme + * compile-time macros `OQS_SIG_*_length_*`. + * + * @param[out] public_key The public key represented as a byte string. + * @param[out] secret_key The secret key represented as a byte string. + * @return OQS_SUCCESS or OQS_ERROR + */ + OQS_STATUS (*keypair)(uint8_t *public_key, uint8_t *secret_key); + + /** + * Signature generation algorithm. + * + * Caller is responsible for allocating sufficient memory for `signature`, + * based on the `length_*` members in this object or the per-scheme + * compile-time macros `OQS_SIG_*_length_*`. + * + * @param[out] signature The signature on the message represented as a byte string. + * @param[out] signature_len The actual length of the signature. May be smaller than `length_signature` for some algorithms since some algorithms have variable length signatures. + * @param[in] message The message to sign represented as a byte string. + * @param[in] message_len The length of the message to sign. + * @param[in] secret_key The secret key represented as a byte string. + * @return OQS_SUCCESS or OQS_ERROR + */ + OQS_STATUS (*sign)(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); + + /** + * Signature verification algorithm. + * + * @param[in] message The message represented as a byte string. + * @param[in] message_len The length of the message. + * @param[in] signature The signature on the message represented as a byte string. + * @param[in] signature_len The length of the signature. + * @param[in] public_key The public key represented as a byte string. + * @return OQS_SUCCESS or OQS_ERROR + */ + OQS_STATUS (*verify)(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); + +} OQS_SIG; + +/** + * Constructs an OQS_SIG object for a particular algorithm. + * + * Callers should always check whether the return value is `NULL`, which indicates either than an + * invalid algorithm name was provided, or that the requested algorithm was disabled at compile-time. + * + * @param[in] method_name Name of the desired algorithm; one of the names in `OQS_SIG_algs`. + * @return An OQS_SIG for the particular algorithm, or `NULL` if the algorithm has been disabled at compile-time. + */ +OQS_API OQS_SIG *OQS_SIG_new(const char *method_name); + +/** + * Keypair generation algorithm. + * + * Caller is responsible for allocating sufficient memory for `public_key` and + * `secret_key`, based on the `length_*` members in this object or the per-scheme + * compile-time macros `OQS_SIG_*_length_*`. + * + * @param[in] sig The OQS_SIG object representing the signature scheme. + * @param[out] public_key The public key represented as a byte string. + * @param[out] secret_key The secret key represented as a byte string. + * @return OQS_SUCCESS or OQS_ERROR + */ +OQS_API OQS_STATUS OQS_SIG_keypair(const OQS_SIG *sig, uint8_t *public_key, uint8_t *secret_key); + +/** + * Signature generation algorithm. + * + * Caller is responsible for allocating sufficient memory for `signnature`, + * based on the `length_*` members in this object or the per-scheme + * compile-time macros `OQS_SIG_*_length_*`. + * + * @param[in] sig The OQS_SIG object representing the signature scheme. + * @param[out] signature The signature on the message represented as a byte string. + * @param[out] signature_len The length of the signature. + * @param[in] message The message to sign represented as a byte string. + * @param[in] message_len The length of the message to sign. + * @param[in] secret_key The secret key represented as a byte string. + * @return OQS_SUCCESS or OQS_ERROR + */ +OQS_API OQS_STATUS OQS_SIG_sign(const OQS_SIG *sig, uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); + +/** + * Signature verification algorithm. + * + * @param[in] sig The OQS_SIG object representing the signature scheme. + * @param[in] message The message represented as a byte string. + * @param[in] message_len The length of the message. + * @param[in] signature The signature on the message represented as a byte string. + * @param[in] signature_len The length of the signature. + * @param[in] public_key The public key represented as a byte string. + * @return OQS_SUCCESS or OQS_ERROR + */ +OQS_API OQS_STATUS OQS_SIG_verify(const OQS_SIG *sig, const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); + +/** + * Frees an OQS_SIG object that was constructed by OQS_SIG_new. + * + * @param[in] sig The OQS_SIG object to free. + */ +OQS_API void OQS_SIG_free(OQS_SIG *sig); + +///// OQS_COPY_FROM_UPSTREAM_FRAGMENT_INCLUDE_START +#ifdef OQS_ENABLE_SIG_DILITHIUM +#include <oqs/sig_dilithium.h> +#endif /* OQS_ENABLE_SIG_DILITHIUM */ +#ifdef OQS_ENABLE_SIG_FALCON +#include <oqs/sig_falcon.h> +#endif /* OQS_ENABLE_SIG_FALCON */ +#ifdef OQS_ENABLE_SIG_SPHINCS +#include <oqs/sig_sphincs.h> +#endif /* OQS_ENABLE_SIG_SPHINCS */ +///// OQS_COPY_FROM_UPSTREAM_FRAGMENT_INCLUDE_END +// EDIT-WHEN-ADDING-SIG + +#if defined(__cplusplus) +} // extern "C" +#endif + +#endif // OQS_SIG_H diff --git a/lib/liboqs/include/oqs/sig_dilithium.h b/lib/liboqs/include/oqs/sig_dilithium.h new file mode 100644 index 000000000..04b6b8841 --- /dev/null +++ b/lib/liboqs/include/oqs/sig_dilithium.h @@ -0,0 +1,74 @@ +// SPDX-License-Identifier: MIT + +#ifndef OQS_SIG_DILITHIUM_H +#define OQS_SIG_DILITHIUM_H + +#include <oqs/oqs.h> + +#ifdef OQS_ENABLE_SIG_dilithium_2 +#define OQS_SIG_dilithium_2_length_public_key 1312 +#define OQS_SIG_dilithium_2_length_secret_key 2528 +#define OQS_SIG_dilithium_2_length_signature 2420 + +OQS_SIG *OQS_SIG_dilithium_2_new(void); +OQS_API OQS_STATUS OQS_SIG_dilithium_2_keypair(uint8_t *public_key, uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_dilithium_2_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_dilithium_2_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +#endif + +#ifdef OQS_ENABLE_SIG_dilithium_3 +#define OQS_SIG_dilithium_3_length_public_key 1952 +#define OQS_SIG_dilithium_3_length_secret_key 4000 +#define OQS_SIG_dilithium_3_length_signature 3293 + +OQS_SIG *OQS_SIG_dilithium_3_new(void); +OQS_API OQS_STATUS OQS_SIG_dilithium_3_keypair(uint8_t *public_key, uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_dilithium_3_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_dilithium_3_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +#endif + +#ifdef OQS_ENABLE_SIG_dilithium_5 +#define OQS_SIG_dilithium_5_length_public_key 2592 +#define OQS_SIG_dilithium_5_length_secret_key 4864 +#define OQS_SIG_dilithium_5_length_signature 4595 + +OQS_SIG *OQS_SIG_dilithium_5_new(void); +OQS_API OQS_STATUS OQS_SIG_dilithium_5_keypair(uint8_t *public_key, uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_dilithium_5_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_dilithium_5_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +#endif + +#ifdef OQS_ENABLE_SIG_dilithium_2_aes +#define OQS_SIG_dilithium_2_aes_length_public_key 1312 +#define OQS_SIG_dilithium_2_aes_length_secret_key 2528 +#define OQS_SIG_dilithium_2_aes_length_signature 2420 + +OQS_SIG *OQS_SIG_dilithium_2_aes_new(void); +OQS_API OQS_STATUS OQS_SIG_dilithium_2_aes_keypair(uint8_t *public_key, uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_dilithium_2_aes_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_dilithium_2_aes_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +#endif + +#ifdef OQS_ENABLE_SIG_dilithium_3_aes +#define OQS_SIG_dilithium_3_aes_length_public_key 1952 +#define OQS_SIG_dilithium_3_aes_length_secret_key 4000 +#define OQS_SIG_dilithium_3_aes_length_signature 3293 + +OQS_SIG *OQS_SIG_dilithium_3_aes_new(void); +OQS_API OQS_STATUS OQS_SIG_dilithium_3_aes_keypair(uint8_t *public_key, uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_dilithium_3_aes_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_dilithium_3_aes_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +#endif + +#ifdef OQS_ENABLE_SIG_dilithium_5_aes +#define OQS_SIG_dilithium_5_aes_length_public_key 2592 +#define OQS_SIG_dilithium_5_aes_length_secret_key 4864 +#define OQS_SIG_dilithium_5_aes_length_signature 4595 + +OQS_SIG *OQS_SIG_dilithium_5_aes_new(void); +OQS_API OQS_STATUS OQS_SIG_dilithium_5_aes_keypair(uint8_t *public_key, uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_dilithium_5_aes_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_dilithium_5_aes_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +#endif + +#endif diff --git a/lib/liboqs/include/oqs/sig_falcon.h b/lib/liboqs/include/oqs/sig_falcon.h new file mode 100644 index 000000000..2cd661617 --- /dev/null +++ b/lib/liboqs/include/oqs/sig_falcon.h @@ -0,0 +1,30 @@ +// SPDX-License-Identifier: MIT + +#ifndef OQS_SIG_FALCON_H +#define OQS_SIG_FALCON_H + +#include <oqs/oqs.h> + +#ifdef OQS_ENABLE_SIG_falcon_512 +#define OQS_SIG_falcon_512_length_public_key 897 +#define OQS_SIG_falcon_512_length_secret_key 1281 +#define OQS_SIG_falcon_512_length_signature 690 + +OQS_SIG *OQS_SIG_falcon_512_new(void); +OQS_API OQS_STATUS OQS_SIG_falcon_512_keypair(uint8_t *public_key, uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_falcon_512_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_falcon_512_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +#endif + +#ifdef OQS_ENABLE_SIG_falcon_1024 +#define OQS_SIG_falcon_1024_length_public_key 1793 +#define OQS_SIG_falcon_1024_length_secret_key 2305 +#define OQS_SIG_falcon_1024_length_signature 1330 + +OQS_SIG *OQS_SIG_falcon_1024_new(void); +OQS_API OQS_STATUS OQS_SIG_falcon_1024_keypair(uint8_t *public_key, uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_falcon_1024_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_falcon_1024_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +#endif + +#endif diff --git a/lib/liboqs/include/oqs/sig_sphincs.h b/lib/liboqs/include/oqs/sig_sphincs.h new file mode 100644 index 000000000..15c079030 --- /dev/null +++ b/lib/liboqs/include/oqs/sig_sphincs.h @@ -0,0 +1,404 @@ +// SPDX-License-Identifier: MIT + +#ifndef OQS_SIG_SPHINCS_H +#define OQS_SIG_SPHINCS_H + +#include <oqs/oqs.h> + +#ifdef OQS_ENABLE_SIG_sphincs_haraka_128f_robust +#define OQS_SIG_sphincs_haraka_128f_robust_length_public_key 32 +#define OQS_SIG_sphincs_haraka_128f_robust_length_secret_key 64 +#define OQS_SIG_sphincs_haraka_128f_robust_length_signature 17088 + +OQS_SIG *OQS_SIG_sphincs_haraka_128f_robust_new(void); +OQS_API OQS_STATUS OQS_SIG_sphincs_haraka_128f_robust_keypair(uint8_t *public_key, uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_haraka_128f_robust_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_haraka_128f_robust_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +#endif + +#ifdef OQS_ENABLE_SIG_sphincs_haraka_128f_simple +#define OQS_SIG_sphincs_haraka_128f_simple_length_public_key 32 +#define OQS_SIG_sphincs_haraka_128f_simple_length_secret_key 64 +#define OQS_SIG_sphincs_haraka_128f_simple_length_signature 17088 + +OQS_SIG *OQS_SIG_sphincs_haraka_128f_simple_new(void); +OQS_API OQS_STATUS OQS_SIG_sphincs_haraka_128f_simple_keypair(uint8_t *public_key, uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_haraka_128f_simple_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_haraka_128f_simple_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +#endif + +#ifdef OQS_ENABLE_SIG_sphincs_haraka_128s_robust +#define OQS_SIG_sphincs_haraka_128s_robust_length_public_key 32 +#define OQS_SIG_sphincs_haraka_128s_robust_length_secret_key 64 +#define OQS_SIG_sphincs_haraka_128s_robust_length_signature 7856 + +OQS_SIG *OQS_SIG_sphincs_haraka_128s_robust_new(void); +OQS_API OQS_STATUS OQS_SIG_sphincs_haraka_128s_robust_keypair(uint8_t *public_key, uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_haraka_128s_robust_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_haraka_128s_robust_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +#endif + +#ifdef OQS_ENABLE_SIG_sphincs_haraka_128s_simple +#define OQS_SIG_sphincs_haraka_128s_simple_length_public_key 32 +#define OQS_SIG_sphincs_haraka_128s_simple_length_secret_key 64 +#define OQS_SIG_sphincs_haraka_128s_simple_length_signature 7856 + +OQS_SIG *OQS_SIG_sphincs_haraka_128s_simple_new(void); +OQS_API OQS_STATUS OQS_SIG_sphincs_haraka_128s_simple_keypair(uint8_t *public_key, uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_haraka_128s_simple_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_haraka_128s_simple_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +#endif + +#ifdef OQS_ENABLE_SIG_sphincs_haraka_192f_robust +#define OQS_SIG_sphincs_haraka_192f_robust_length_public_key 48 +#define OQS_SIG_sphincs_haraka_192f_robust_length_secret_key 96 +#define OQS_SIG_sphincs_haraka_192f_robust_length_signature 35664 + +OQS_SIG *OQS_SIG_sphincs_haraka_192f_robust_new(void); +OQS_API OQS_STATUS OQS_SIG_sphincs_haraka_192f_robust_keypair(uint8_t *public_key, uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_haraka_192f_robust_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_haraka_192f_robust_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +#endif + +#ifdef OQS_ENABLE_SIG_sphincs_haraka_192f_simple +#define OQS_SIG_sphincs_haraka_192f_simple_length_public_key 48 +#define OQS_SIG_sphincs_haraka_192f_simple_length_secret_key 96 +#define OQS_SIG_sphincs_haraka_192f_simple_length_signature 35664 + +OQS_SIG *OQS_SIG_sphincs_haraka_192f_simple_new(void); +OQS_API OQS_STATUS OQS_SIG_sphincs_haraka_192f_simple_keypair(uint8_t *public_key, uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_haraka_192f_simple_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_haraka_192f_simple_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +#endif + +#ifdef OQS_ENABLE_SIG_sphincs_haraka_192s_robust +#define OQS_SIG_sphincs_haraka_192s_robust_length_public_key 48 +#define OQS_SIG_sphincs_haraka_192s_robust_length_secret_key 96 +#define OQS_SIG_sphincs_haraka_192s_robust_length_signature 16224 + +OQS_SIG *OQS_SIG_sphincs_haraka_192s_robust_new(void); +OQS_API OQS_STATUS OQS_SIG_sphincs_haraka_192s_robust_keypair(uint8_t *public_key, uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_haraka_192s_robust_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_haraka_192s_robust_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +#endif + +#ifdef OQS_ENABLE_SIG_sphincs_haraka_192s_simple +#define OQS_SIG_sphincs_haraka_192s_simple_length_public_key 48 +#define OQS_SIG_sphincs_haraka_192s_simple_length_secret_key 96 +#define OQS_SIG_sphincs_haraka_192s_simple_length_signature 16224 + +OQS_SIG *OQS_SIG_sphincs_haraka_192s_simple_new(void); +OQS_API OQS_STATUS OQS_SIG_sphincs_haraka_192s_simple_keypair(uint8_t *public_key, uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_haraka_192s_simple_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_haraka_192s_simple_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +#endif + +#ifdef OQS_ENABLE_SIG_sphincs_haraka_256f_robust +#define OQS_SIG_sphincs_haraka_256f_robust_length_public_key 64 +#define OQS_SIG_sphincs_haraka_256f_robust_length_secret_key 128 +#define OQS_SIG_sphincs_haraka_256f_robust_length_signature 49856 + +OQS_SIG *OQS_SIG_sphincs_haraka_256f_robust_new(void); +OQS_API OQS_STATUS OQS_SIG_sphincs_haraka_256f_robust_keypair(uint8_t *public_key, uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_haraka_256f_robust_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_haraka_256f_robust_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +#endif + +#ifdef OQS_ENABLE_SIG_sphincs_haraka_256f_simple +#define OQS_SIG_sphincs_haraka_256f_simple_length_public_key 64 +#define OQS_SIG_sphincs_haraka_256f_simple_length_secret_key 128 +#define OQS_SIG_sphincs_haraka_256f_simple_length_signature 49856 + +OQS_SIG *OQS_SIG_sphincs_haraka_256f_simple_new(void); +OQS_API OQS_STATUS OQS_SIG_sphincs_haraka_256f_simple_keypair(uint8_t *public_key, uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_haraka_256f_simple_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_haraka_256f_simple_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +#endif + +#ifdef OQS_ENABLE_SIG_sphincs_haraka_256s_robust +#define OQS_SIG_sphincs_haraka_256s_robust_length_public_key 64 +#define OQS_SIG_sphincs_haraka_256s_robust_length_secret_key 128 +#define OQS_SIG_sphincs_haraka_256s_robust_length_signature 29792 + +OQS_SIG *OQS_SIG_sphincs_haraka_256s_robust_new(void); +OQS_API OQS_STATUS OQS_SIG_sphincs_haraka_256s_robust_keypair(uint8_t *public_key, uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_haraka_256s_robust_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_haraka_256s_robust_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +#endif + +#ifdef OQS_ENABLE_SIG_sphincs_haraka_256s_simple +#define OQS_SIG_sphincs_haraka_256s_simple_length_public_key 64 +#define OQS_SIG_sphincs_haraka_256s_simple_length_secret_key 128 +#define OQS_SIG_sphincs_haraka_256s_simple_length_signature 29792 + +OQS_SIG *OQS_SIG_sphincs_haraka_256s_simple_new(void); +OQS_API OQS_STATUS OQS_SIG_sphincs_haraka_256s_simple_keypair(uint8_t *public_key, uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_haraka_256s_simple_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_haraka_256s_simple_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +#endif + +#ifdef OQS_ENABLE_SIG_sphincs_sha256_128f_robust +#define OQS_SIG_sphincs_sha256_128f_robust_length_public_key 32 +#define OQS_SIG_sphincs_sha256_128f_robust_length_secret_key 64 +#define OQS_SIG_sphincs_sha256_128f_robust_length_signature 17088 + +OQS_SIG *OQS_SIG_sphincs_sha256_128f_robust_new(void); +OQS_API OQS_STATUS OQS_SIG_sphincs_sha256_128f_robust_keypair(uint8_t *public_key, uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_sha256_128f_robust_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_sha256_128f_robust_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +#endif + +#ifdef OQS_ENABLE_SIG_sphincs_sha256_128f_simple +#define OQS_SIG_sphincs_sha256_128f_simple_length_public_key 32 +#define OQS_SIG_sphincs_sha256_128f_simple_length_secret_key 64 +#define OQS_SIG_sphincs_sha256_128f_simple_length_signature 17088 + +OQS_SIG *OQS_SIG_sphincs_sha256_128f_simple_new(void); +OQS_API OQS_STATUS OQS_SIG_sphincs_sha256_128f_simple_keypair(uint8_t *public_key, uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_sha256_128f_simple_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_sha256_128f_simple_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +#endif + +#ifdef OQS_ENABLE_SIG_sphincs_sha256_128s_robust +#define OQS_SIG_sphincs_sha256_128s_robust_length_public_key 32 +#define OQS_SIG_sphincs_sha256_128s_robust_length_secret_key 64 +#define OQS_SIG_sphincs_sha256_128s_robust_length_signature 7856 + +OQS_SIG *OQS_SIG_sphincs_sha256_128s_robust_new(void); +OQS_API OQS_STATUS OQS_SIG_sphincs_sha256_128s_robust_keypair(uint8_t *public_key, uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_sha256_128s_robust_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_sha256_128s_robust_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +#endif + +#ifdef OQS_ENABLE_SIG_sphincs_sha256_128s_simple +#define OQS_SIG_sphincs_sha256_128s_simple_length_public_key 32 +#define OQS_SIG_sphincs_sha256_128s_simple_length_secret_key 64 +#define OQS_SIG_sphincs_sha256_128s_simple_length_signature 7856 + +OQS_SIG *OQS_SIG_sphincs_sha256_128s_simple_new(void); +OQS_API OQS_STATUS OQS_SIG_sphincs_sha256_128s_simple_keypair(uint8_t *public_key, uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_sha256_128s_simple_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_sha256_128s_simple_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +#endif + +#ifdef OQS_ENABLE_SIG_sphincs_sha256_192f_robust +#define OQS_SIG_sphincs_sha256_192f_robust_length_public_key 48 +#define OQS_SIG_sphincs_sha256_192f_robust_length_secret_key 96 +#define OQS_SIG_sphincs_sha256_192f_robust_length_signature 35664 + +OQS_SIG *OQS_SIG_sphincs_sha256_192f_robust_new(void); +OQS_API OQS_STATUS OQS_SIG_sphincs_sha256_192f_robust_keypair(uint8_t *public_key, uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_sha256_192f_robust_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_sha256_192f_robust_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +#endif + +#ifdef OQS_ENABLE_SIG_sphincs_sha256_192f_simple +#define OQS_SIG_sphincs_sha256_192f_simple_length_public_key 48 +#define OQS_SIG_sphincs_sha256_192f_simple_length_secret_key 96 +#define OQS_SIG_sphincs_sha256_192f_simple_length_signature 35664 + +OQS_SIG *OQS_SIG_sphincs_sha256_192f_simple_new(void); +OQS_API OQS_STATUS OQS_SIG_sphincs_sha256_192f_simple_keypair(uint8_t *public_key, uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_sha256_192f_simple_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_sha256_192f_simple_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +#endif + +#ifdef OQS_ENABLE_SIG_sphincs_sha256_192s_robust +#define OQS_SIG_sphincs_sha256_192s_robust_length_public_key 48 +#define OQS_SIG_sphincs_sha256_192s_robust_length_secret_key 96 +#define OQS_SIG_sphincs_sha256_192s_robust_length_signature 16224 + +OQS_SIG *OQS_SIG_sphincs_sha256_192s_robust_new(void); +OQS_API OQS_STATUS OQS_SIG_sphincs_sha256_192s_robust_keypair(uint8_t *public_key, uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_sha256_192s_robust_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_sha256_192s_robust_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +#endif + +#ifdef OQS_ENABLE_SIG_sphincs_sha256_192s_simple +#define OQS_SIG_sphincs_sha256_192s_simple_length_public_key 48 +#define OQS_SIG_sphincs_sha256_192s_simple_length_secret_key 96 +#define OQS_SIG_sphincs_sha256_192s_simple_length_signature 16224 + +OQS_SIG *OQS_SIG_sphincs_sha256_192s_simple_new(void); +OQS_API OQS_STATUS OQS_SIG_sphincs_sha256_192s_simple_keypair(uint8_t *public_key, uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_sha256_192s_simple_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_sha256_192s_simple_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +#endif + +#ifdef OQS_ENABLE_SIG_sphincs_sha256_256f_robust +#define OQS_SIG_sphincs_sha256_256f_robust_length_public_key 64 +#define OQS_SIG_sphincs_sha256_256f_robust_length_secret_key 128 +#define OQS_SIG_sphincs_sha256_256f_robust_length_signature 49856 + +OQS_SIG *OQS_SIG_sphincs_sha256_256f_robust_new(void); +OQS_API OQS_STATUS OQS_SIG_sphincs_sha256_256f_robust_keypair(uint8_t *public_key, uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_sha256_256f_robust_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_sha256_256f_robust_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +#endif + +#ifdef OQS_ENABLE_SIG_sphincs_sha256_256f_simple +#define OQS_SIG_sphincs_sha256_256f_simple_length_public_key 64 +#define OQS_SIG_sphincs_sha256_256f_simple_length_secret_key 128 +#define OQS_SIG_sphincs_sha256_256f_simple_length_signature 49856 + +OQS_SIG *OQS_SIG_sphincs_sha256_256f_simple_new(void); +OQS_API OQS_STATUS OQS_SIG_sphincs_sha256_256f_simple_keypair(uint8_t *public_key, uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_sha256_256f_simple_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_sha256_256f_simple_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +#endif + +#ifdef OQS_ENABLE_SIG_sphincs_sha256_256s_robust +#define OQS_SIG_sphincs_sha256_256s_robust_length_public_key 64 +#define OQS_SIG_sphincs_sha256_256s_robust_length_secret_key 128 +#define OQS_SIG_sphincs_sha256_256s_robust_length_signature 29792 + +OQS_SIG *OQS_SIG_sphincs_sha256_256s_robust_new(void); +OQS_API OQS_STATUS OQS_SIG_sphincs_sha256_256s_robust_keypair(uint8_t *public_key, uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_sha256_256s_robust_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_sha256_256s_robust_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +#endif + +#ifdef OQS_ENABLE_SIG_sphincs_sha256_256s_simple +#define OQS_SIG_sphincs_sha256_256s_simple_length_public_key 64 +#define OQS_SIG_sphincs_sha256_256s_simple_length_secret_key 128 +#define OQS_SIG_sphincs_sha256_256s_simple_length_signature 29792 + +OQS_SIG *OQS_SIG_sphincs_sha256_256s_simple_new(void); +OQS_API OQS_STATUS OQS_SIG_sphincs_sha256_256s_simple_keypair(uint8_t *public_key, uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_sha256_256s_simple_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_sha256_256s_simple_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +#endif + +#ifdef OQS_ENABLE_SIG_sphincs_shake256_128f_robust +#define OQS_SIG_sphincs_shake256_128f_robust_length_public_key 32 +#define OQS_SIG_sphincs_shake256_128f_robust_length_secret_key 64 +#define OQS_SIG_sphincs_shake256_128f_robust_length_signature 17088 + +OQS_SIG *OQS_SIG_sphincs_shake256_128f_robust_new(void); +OQS_API OQS_STATUS OQS_SIG_sphincs_shake256_128f_robust_keypair(uint8_t *public_key, uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_shake256_128f_robust_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_shake256_128f_robust_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +#endif + +#ifdef OQS_ENABLE_SIG_sphincs_shake256_128f_simple +#define OQS_SIG_sphincs_shake256_128f_simple_length_public_key 32 +#define OQS_SIG_sphincs_shake256_128f_simple_length_secret_key 64 +#define OQS_SIG_sphincs_shake256_128f_simple_length_signature 17088 + +OQS_SIG *OQS_SIG_sphincs_shake256_128f_simple_new(void); +OQS_API OQS_STATUS OQS_SIG_sphincs_shake256_128f_simple_keypair(uint8_t *public_key, uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_shake256_128f_simple_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_shake256_128f_simple_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +#endif + +#ifdef OQS_ENABLE_SIG_sphincs_shake256_128s_robust +#define OQS_SIG_sphincs_shake256_128s_robust_length_public_key 32 +#define OQS_SIG_sphincs_shake256_128s_robust_length_secret_key 64 +#define OQS_SIG_sphincs_shake256_128s_robust_length_signature 7856 + +OQS_SIG *OQS_SIG_sphincs_shake256_128s_robust_new(void); +OQS_API OQS_STATUS OQS_SIG_sphincs_shake256_128s_robust_keypair(uint8_t *public_key, uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_shake256_128s_robust_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_shake256_128s_robust_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +#endif + +#ifdef OQS_ENABLE_SIG_sphincs_shake256_128s_simple +#define OQS_SIG_sphincs_shake256_128s_simple_length_public_key 32 +#define OQS_SIG_sphincs_shake256_128s_simple_length_secret_key 64 +#define OQS_SIG_sphincs_shake256_128s_simple_length_signature 7856 + +OQS_SIG *OQS_SIG_sphincs_shake256_128s_simple_new(void); +OQS_API OQS_STATUS OQS_SIG_sphincs_shake256_128s_simple_keypair(uint8_t *public_key, uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_shake256_128s_simple_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_shake256_128s_simple_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +#endif + +#ifdef OQS_ENABLE_SIG_sphincs_shake256_192f_robust +#define OQS_SIG_sphincs_shake256_192f_robust_length_public_key 48 +#define OQS_SIG_sphincs_shake256_192f_robust_length_secret_key 96 +#define OQS_SIG_sphincs_shake256_192f_robust_length_signature 35664 + +OQS_SIG *OQS_SIG_sphincs_shake256_192f_robust_new(void); +OQS_API OQS_STATUS OQS_SIG_sphincs_shake256_192f_robust_keypair(uint8_t *public_key, uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_shake256_192f_robust_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_shake256_192f_robust_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +#endif + +#ifdef OQS_ENABLE_SIG_sphincs_shake256_192f_simple +#define OQS_SIG_sphincs_shake256_192f_simple_length_public_key 48 +#define OQS_SIG_sphincs_shake256_192f_simple_length_secret_key 96 +#define OQS_SIG_sphincs_shake256_192f_simple_length_signature 35664 + +OQS_SIG *OQS_SIG_sphincs_shake256_192f_simple_new(void); +OQS_API OQS_STATUS OQS_SIG_sphincs_shake256_192f_simple_keypair(uint8_t *public_key, uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_shake256_192f_simple_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_shake256_192f_simple_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +#endif + +#ifdef OQS_ENABLE_SIG_sphincs_shake256_192s_robust +#define OQS_SIG_sphincs_shake256_192s_robust_length_public_key 48 +#define OQS_SIG_sphincs_shake256_192s_robust_length_secret_key 96 +#define OQS_SIG_sphincs_shake256_192s_robust_length_signature 16224 + +OQS_SIG *OQS_SIG_sphincs_shake256_192s_robust_new(void); +OQS_API OQS_STATUS OQS_SIG_sphincs_shake256_192s_robust_keypair(uint8_t *public_key, uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_shake256_192s_robust_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_shake256_192s_robust_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +#endif + +#ifdef OQS_ENABLE_SIG_sphincs_shake256_192s_simple +#define OQS_SIG_sphincs_shake256_192s_simple_length_public_key 48 +#define OQS_SIG_sphincs_shake256_192s_simple_length_secret_key 96 +#define OQS_SIG_sphincs_shake256_192s_simple_length_signature 16224 + +OQS_SIG *OQS_SIG_sphincs_shake256_192s_simple_new(void); +OQS_API OQS_STATUS OQS_SIG_sphincs_shake256_192s_simple_keypair(uint8_t *public_key, uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_shake256_192s_simple_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_shake256_192s_simple_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +#endif + +#ifdef OQS_ENABLE_SIG_sphincs_shake256_256f_robust +#define OQS_SIG_sphincs_shake256_256f_robust_length_public_key 64 +#define OQS_SIG_sphincs_shake256_256f_robust_length_secret_key 128 +#define OQS_SIG_sphincs_shake256_256f_robust_length_signature 49856 + +OQS_SIG *OQS_SIG_sphincs_shake256_256f_robust_new(void); +OQS_API OQS_STATUS OQS_SIG_sphincs_shake256_256f_robust_keypair(uint8_t *public_key, uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_shake256_256f_robust_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_shake256_256f_robust_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +#endif + +#ifdef OQS_ENABLE_SIG_sphincs_shake256_256f_simple +#define OQS_SIG_sphincs_shake256_256f_simple_length_public_key 64 +#define OQS_SIG_sphincs_shake256_256f_simple_length_secret_key 128 +#define OQS_SIG_sphincs_shake256_256f_simple_length_signature 49856 + +OQS_SIG *OQS_SIG_sphincs_shake256_256f_simple_new(void); +OQS_API OQS_STATUS OQS_SIG_sphincs_shake256_256f_simple_keypair(uint8_t *public_key, uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_shake256_256f_simple_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_shake256_256f_simple_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +#endif + +#ifdef OQS_ENABLE_SIG_sphincs_shake256_256s_robust +#define OQS_SIG_sphincs_shake256_256s_robust_length_public_key 64 +#define OQS_SIG_sphincs_shake256_256s_robust_length_secret_key 128 +#define OQS_SIG_sphincs_shake256_256s_robust_length_signature 29792 + +OQS_SIG *OQS_SIG_sphincs_shake256_256s_robust_new(void); +OQS_API OQS_STATUS OQS_SIG_sphincs_shake256_256s_robust_keypair(uint8_t *public_key, uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_shake256_256s_robust_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_shake256_256s_robust_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +#endif + +#ifdef OQS_ENABLE_SIG_sphincs_shake256_256s_simple +#define OQS_SIG_sphincs_shake256_256s_simple_length_public_key 64 +#define OQS_SIG_sphincs_shake256_256s_simple_length_secret_key 128 +#define OQS_SIG_sphincs_shake256_256s_simple_length_signature 29792 + +OQS_SIG *OQS_SIG_sphincs_shake256_256s_simple_new(void); +OQS_API OQS_STATUS OQS_SIG_sphincs_shake256_256s_simple_keypair(uint8_t *public_key, uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_shake256_256s_simple_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key); +OQS_API OQS_STATUS OQS_SIG_sphincs_shake256_256s_simple_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); +#endif + +#endif |