ISARA Radiate™ Quantum-safe Library Version 3.1
Quantum-safe cryptographic primitives and algorithms.
ISARA Radiate Quantum-Safe Library's SPHINCS+ signature scheme. More...
Typedefs | |
| typedef struct iqr_SPHINCSParams_struct | iqr_SPHINCSParams |
| typedef struct iqr_SPHINCSPublicKey_struct | iqr_SPHINCSPublicKey |
| typedef struct iqr_SPHINCSPrivateKey_struct | iqr_SPHINCSPrivateKey |
| typedef struct iqr_SPHINCSVariant_struct | iqr_SPHINCSVariant |
Functions | |
| IQR_API iqr_retval | iqr_SPHINCSCreateParams (const iqr_Context *ctx, const iqr_SPHINCSVariant *variant, iqr_SPHINCSParams **params) |
| IQR_API_UNENFORCED_RETURN iqr_retval | iqr_SPHINCSDestroyParams (iqr_SPHINCSParams **params) |
| IQR_API iqr_retval | iqr_SPHINCSCreateKeyPair (const iqr_SPHINCSParams *params, const iqr_RNG *rng, iqr_SPHINCSPublicKey **public_key, iqr_SPHINCSPrivateKey **private_key) |
| IQR_API iqr_retval | iqr_SPHINCSImportPrivateKey (const iqr_SPHINCSParams *params, const uint8_t *buf, size_t buf_size, iqr_SPHINCSPrivateKey **private_key) |
| IQR_API iqr_retval | iqr_SPHINCSExportPrivateKey (const iqr_SPHINCSPrivateKey *private_key, uint8_t *buf, size_t buf_size) |
| IQR_API iqr_retval | iqr_SPHINCSImportPublicKey (const iqr_SPHINCSParams *params, const uint8_t *buf, size_t buf_size, iqr_SPHINCSPublicKey **public_key) |
| IQR_API iqr_retval | iqr_SPHINCSExportPublicKey (const iqr_SPHINCSPublicKey *public_key, uint8_t *buf, size_t buf_size) |
| IQR_API_UNENFORCED_RETURN iqr_retval | iqr_SPHINCSDestroyPrivateKey (iqr_SPHINCSPrivateKey **private_key) |
| IQR_API_UNENFORCED_RETURN iqr_retval | iqr_SPHINCSDestroyPublicKey (iqr_SPHINCSPublicKey **public_key) |
| IQR_API iqr_retval | iqr_SPHINCSGetPrivateKeySize (const iqr_SPHINCSParams *params, size_t *private_key_size) |
| IQR_API iqr_retval | iqr_SPHINCSGetPublicKeySize (const iqr_SPHINCSParams *params, size_t *public_key_size) |
| IQR_API iqr_retval | iqr_SPHINCSGetSignatureSize (const iqr_SPHINCSParams *params, size_t *sig_size) |
| IQR_API iqr_retval | iqr_SPHINCSSign (const iqr_SPHINCSPrivateKey *private_key, const iqr_RNG *rng, const uint8_t *message, size_t message_size, uint8_t *sig, size_t sig_size) |
| IQR_API iqr_retval | iqr_SPHINCSVerify (const iqr_SPHINCSPublicKey *public_key, const uint8_t *message, size_t message_size, const uint8_t *sig, size_t sig_size) |
Variables | |
| const IQR_EXTERN iqr_SPHINCSVariant | IQR_SPHINCS_SHA2_256_128F |
| SPHINCS+ using SHA-256, fast variant with 128-bit security. More... | |
| const IQR_EXTERN iqr_SPHINCSVariant | IQR_SPHINCS_SHA2_256_128S |
| SPHINCS+ using SHA-256, small variant with 128-bit security. More... | |
| const IQR_EXTERN iqr_SPHINCSVariant | IQR_SPHINCS_SHAKE_256_128F |
| SPHINCS+ using SHAKE-256, fast variant with 128-bit security. More... | |
| const IQR_EXTERN iqr_SPHINCSVariant | IQR_SPHINCS_SHAKE_256_128S |
| SPHINCS+ using SHAKE-256, small variant with 128-bit security. More... | |
| const IQR_EXTERN iqr_SPHINCSVariant | IQR_SPHINCS_SHA2_256_192F |
| SPHINCS+ using SHA-256, fast variant with 192-bit security. More... | |
| const IQR_EXTERN iqr_SPHINCSVariant | IQR_SPHINCS_SHA2_256_192S |
| SPHINCS+ using SHA-256, small variant with 192-bit security. More... | |
| const IQR_EXTERN iqr_SPHINCSVariant | IQR_SPHINCS_SHAKE_256_192F |
| SPHINCS+ using SHAKE-256, fast variant with 192-bit security. More... | |
| const IQR_EXTERN iqr_SPHINCSVariant | IQR_SPHINCS_SHAKE_256_192S |
| SPHINCS+ using SHAKE-256, small variant with 192-bit security. More... | |
| const IQR_EXTERN iqr_SPHINCSVariant | IQR_SPHINCS_SHA2_256_256F |
| SPHINCS+ using SHA-256, fast variant with 256-bit security. More... | |
| const IQR_EXTERN iqr_SPHINCSVariant | IQR_SPHINCS_SHA2_256_256S |
| SPHINCS+ using SHA-256, small variant with 256-bit security. More... | |
| const IQR_EXTERN iqr_SPHINCSVariant | IQR_SPHINCS_SHAKE_256_256F |
| SPHINCS+ using SHAKE-256, fast variant with 256-bit security. More... | |
| const IQR_EXTERN iqr_SPHINCSVariant | IQR_SPHINCS_SHAKE_256_256S |
| SPHINCS+ using SHAKE-256, small variant with 256-bit security. More... | |
Typedef Documentation
◆ iqr_SPHINCSParams
| typedef struct iqr_SPHINCSParams_struct iqr_SPHINCSParams |
The SPHINCS+ algorithm's domain parameters.
◆ iqr_SPHINCSPrivateKey
| typedef struct iqr_SPHINCSPrivateKey_struct iqr_SPHINCSPrivateKey |
The SPHINCS+ private key.
◆ iqr_SPHINCSPublicKey
| typedef struct iqr_SPHINCSPublicKey_struct iqr_SPHINCSPublicKey |
The SPHINCS+ public key.
◆ iqr_SPHINCSVariant
| typedef struct iqr_SPHINCSVariant_struct iqr_SPHINCSVariant |
The SPHINCS+ variant.
Function Documentation
◆ iqr_SPHINCSCreateKeyPair()
| IQR_API iqr_retval iqr_SPHINCSCreateKeyPair | ( | const iqr_SPHINCSParams * | params, |
| const iqr_RNG * | rng, | ||
| iqr_SPHINCSPublicKey ** | public_key, | ||
| iqr_SPHINCSPrivateKey ** | private_key | ||
| ) |
Generate a SPHINCS+ private/public key pair.
The rng must be initialized before being passed to iqr_SPHINCSCreateKeyPair().
*public_key and *private_key must be set to NULL before calling iqr_SPHINCSCreateKeyPair().
- Parameters
-
[in] params The key domain parameters to use. [in] rng A seeded random number generator. [out] public_key The resulting iqr_SPHINCSPublicKeyobject.[out] private_key The resulting iqr_SPHINCSPrivateKeyobject.
- Returns
IQR_OKon success, or another value from iqr_retval.h if an error occurs.
◆ iqr_SPHINCSCreateParams()
| IQR_API iqr_retval iqr_SPHINCSCreateParams | ( | const iqr_Context * | ctx, |
| const iqr_SPHINCSVariant * | variant, | ||
| iqr_SPHINCSParams ** | params | ||
| ) |
Create a SPHINCS+ Parameters object.
It's up to the user to manage domain parameters; the parameter data is not exposed in stored keys or signatures.
- Note
- You must register a SHA2-256 implementation by calling
iqr_HashRegisterCallbacks()before using the SPHINCS API with the SHA2-256 variants.
*params must be set to NULL before calling iqr_SPHINCSCreateParams().
- Parameters
-
[in] ctx A Context object. [in] variant The iqr_SPHINCSVariant.[out] params The iqr_SPHINCSParamsoutput.
- Returns
IQR_OKon success, or another value from iqr_retval.h if an error occurs.
◆ iqr_SPHINCSDestroyParams()
| IQR_API_UNENFORCED_RETURN iqr_retval iqr_SPHINCSDestroyParams | ( | iqr_SPHINCSParams ** | params | ) |
Clear and deallocate a SPHINCS+ parameters object.
params is set to NULL before returning.
All internal iqr_SPHINCSParams buffers are cleared and deallocated during the call to iqr_SPHINCSDestroyParams(). The iqr_SPHINCSParams object does not store any cryptographic material.
- Parameters
-
[in,out] params The iqr_SPHINCSParamsinstance to destroy.
- Returns
IQR_OKon success, or another value from iqr_retval.h if an error occurs.
◆ iqr_SPHINCSDestroyPrivateKey()
| IQR_API_UNENFORCED_RETURN iqr_retval iqr_SPHINCSDestroyPrivateKey | ( | iqr_SPHINCSPrivateKey ** | private_key | ) |
Clear and deallocate a SPHINCS+ private key.
*private_key is set to NULL prior to returning.
The private key's data is cleared before its internal buffers are deallocated.
- Parameters
-
[in,out] private_key The iqr_SPHINCSPrivateKeyobject to destroy.
- Returns
IQR_OKon success, or another value from iqr_retval.h if an error occurs.
◆ iqr_SPHINCSDestroyPublicKey()
| IQR_API_UNENFORCED_RETURN iqr_retval iqr_SPHINCSDestroyPublicKey | ( | iqr_SPHINCSPublicKey ** | public_key | ) |
Clear and deallocate a SPHINCS+ public key.
*public_key is set to NULL prior to returning.
- Parameters
-
[in,out] public_key The iqr_SPHINCSPublicKeyobject to destroy.
- Returns
IQR_OKon success, or another value from iqr_retval.h if an error occurs.
◆ iqr_SPHINCSExportPrivateKey()
| IQR_API iqr_retval iqr_SPHINCSExportPrivateKey | ( | const iqr_SPHINCSPrivateKey * | private_key, |
| uint8_t * | buf, | ||
| size_t | buf_size | ||
| ) |
Export the SPHINCS+ private key's data into a buffer.
Be sure to safely wipe and discard buf when you're done using it.
- Parameters
-
[in] private_key The private key object. [out] buf The destination buffer. [in] buf_size The size of buf in bytes. Must be exactly the size returned by iqr_SPHINCSGetPrivateKeySize().
- Returns
IQR_OKon success, or another value from iqr_retval.h if an error occurs.
◆ iqr_SPHINCSExportPublicKey()
| IQR_API iqr_retval iqr_SPHINCSExportPublicKey | ( | const iqr_SPHINCSPublicKey * | public_key, |
| uint8_t * | buf, | ||
| size_t | buf_size | ||
| ) |
Export the SPHINCS+ public key's data into a buffer.
- Parameters
-
[in] public_key The public key object. [out] buf The destination buffer. [in] buf_size The size of buf in bytes. Must be exactly the size returned by iqr_SPHINCSGetPublicKeySize().
- Returns
IQR_OKon success, or another value from iqr_retval.h if an error occurs.
◆ iqr_SPHINCSGetPrivateKeySize()
| IQR_API iqr_retval iqr_SPHINCSGetPrivateKeySize | ( | const iqr_SPHINCSParams * | params, |
| size_t * | private_key_size | ||
| ) |
Retrieve the size of the SPHINCS+ private key in bytes.
- Parameters
-
[in] params SPHINCS+ domain parameters. [out] private_key_size The size of the private key in bytes.
- Returns
IQR_OKon success, or another value from iqr_retval.h if an error occurs.
◆ iqr_SPHINCSGetPublicKeySize()
| IQR_API iqr_retval iqr_SPHINCSGetPublicKeySize | ( | const iqr_SPHINCSParams * | params, |
| size_t * | public_key_size | ||
| ) |
Retrieve the size of the SPHINCS+ public key in bytes.
- Parameters
-
[in] params SPHINCS+ domain parameters. [out] public_key_size The size of the public key in bytes.
- Returns
IQR_OKon success, or another value from iqr_retval.h if an error occurs.
◆ iqr_SPHINCSGetSignatureSize()
| IQR_API iqr_retval iqr_SPHINCSGetSignatureSize | ( | const iqr_SPHINCSParams * | params, |
| size_t * | sig_size | ||
| ) |
Get the size of the signature.
- Parameters
-
[in] params SPHINCS+ domain parameters. [out] sig_size The size of the SPHINCS+ signature for the given private key in bytes.
- Returns
IQR_OKon success, or another value from iqr_retval.h if an error occurs.
◆ iqr_SPHINCSImportPrivateKey()
| IQR_API iqr_retval iqr_SPHINCSImportPrivateKey | ( | const iqr_SPHINCSParams * | params, |
| const uint8_t * | buf, | ||
| size_t | buf_size, | ||
| iqr_SPHINCSPrivateKey ** | private_key | ||
| ) |
Import a SPHINCS+ private key object from a buffer.
The value of buf_size must be exactly the size given by iqr_SPHINCSGetPrivateKeySize().
*private_key must be set to NULL before calling iqr_SPHINCSImportPrivateKey(). Be sure to safely wipe and discard buf after calling this function.
- Parameters
-
[in] params SPHINCS+ key domain parameters. Must be the same as when the keys were created. [in] buf A buffer that contains a private key. [in] buf_size The size of buf in bytes. Must be exactly the size returned by iqr_SPHINCSGetPrivateKeySize().[out] private_key The resulting iqr_SPHINCSPrivateKeyobject.
- Returns
IQR_OKon success, or another value from iqr_retval.h if an error occurs.
◆ iqr_SPHINCSImportPublicKey()
| IQR_API iqr_retval iqr_SPHINCSImportPublicKey | ( | const iqr_SPHINCSParams * | params, |
| const uint8_t * | buf, | ||
| size_t | buf_size, | ||
| iqr_SPHINCSPublicKey ** | public_key | ||
| ) |
Import a SPHINCS+ public key object from a buffer.
*public_key must be set to NULL before calling iqr_SPHINCSImportPublicKey().
- Parameters
-
[in] params SPHINCS+ key domain parameters. Must be the same as when the keys were created. [in] buf A buffer containing the public key. [in] buf_size The size of buf in bytes. Must be exactly the size returned by iqr_SPHINCSGetPublicKeySize().[out] public_key The resulting iqr_SPHINCSPublicKeyobject.
- Returns
IQR_OKon success, or another value from iqr_retval.h if an error occurs.
◆ iqr_SPHINCSSign()
| IQR_API iqr_retval iqr_SPHINCSSign | ( | const iqr_SPHINCSPrivateKey * | private_key, |
| const iqr_RNG * | rng, | ||
| const uint8_t * | message, | ||
| size_t | message_size, | ||
| uint8_t * | sig, | ||
| size_t | sig_size | ||
| ) |
Sign a message using a SPHINCS+ private key.
- Note
- If the message is a digest of a hash function it should be 32 bytes or longer to be quantum-safe.
All internal buffers are cleared and deallocated before the call to iqr_SPHINCSSign() returns.
- Parameters
-
[in] private_key The private key. [in] rng A seeded random number generator. [in] message The message to be signed. [in] message_size The size of message in bytes. [out] sig The buffer receiving the resulting signature. [in] sig_size The size of sig in bytes. Must be exactly the size returned by iqr_SPHINCSGetSignatureSize().
- Returns
IQR_OKon success, or another value from iqr_retval.h if an error occurs.
◆ iqr_SPHINCSVerify()
| IQR_API iqr_retval iqr_SPHINCSVerify | ( | const iqr_SPHINCSPublicKey * | public_key, |
| const uint8_t * | message, | ||
| size_t | message_size, | ||
| const uint8_t * | sig, | ||
| size_t | sig_size | ||
| ) |
Verify the signature of a message using a SPHINCS+ public key.
All internal buffers are cleared and deallocated before the call to iqr_SPHINCSVerify() returns.
- Parameters
-
[in] public_key The public key. [in] message The message to verify. [in] message_size The size of message in bytes. [in] sig The signature to verify. [in] sig_size The size of sig in bytes. Must be exactly the size returned by iqr_SPHINCSGetSignatureSize().
- Returns
IQR_OKon success, or another value from iqr_retval.h if an error occurs.
Variable Documentation
◆ IQR_SPHINCS_SHA2_256_128F
| const IQR_EXTERN iqr_SPHINCSVariant IQR_SPHINCS_SHA2_256_128F |
SPHINCS+ using SHA-256, fast variant with 128-bit security.
◆ IQR_SPHINCS_SHA2_256_128S
| const IQR_EXTERN iqr_SPHINCSVariant IQR_SPHINCS_SHA2_256_128S |
SPHINCS+ using SHA-256, small variant with 128-bit security.
◆ IQR_SPHINCS_SHA2_256_192F
| const IQR_EXTERN iqr_SPHINCSVariant IQR_SPHINCS_SHA2_256_192F |
SPHINCS+ using SHA-256, fast variant with 192-bit security.
◆ IQR_SPHINCS_SHA2_256_192S
| const IQR_EXTERN iqr_SPHINCSVariant IQR_SPHINCS_SHA2_256_192S |
SPHINCS+ using SHA-256, small variant with 192-bit security.
◆ IQR_SPHINCS_SHA2_256_256F
| const IQR_EXTERN iqr_SPHINCSVariant IQR_SPHINCS_SHA2_256_256F |
SPHINCS+ using SHA-256, fast variant with 256-bit security.
◆ IQR_SPHINCS_SHA2_256_256S
| const IQR_EXTERN iqr_SPHINCSVariant IQR_SPHINCS_SHA2_256_256S |
SPHINCS+ using SHA-256, small variant with 256-bit security.
◆ IQR_SPHINCS_SHAKE_256_128F
| const IQR_EXTERN iqr_SPHINCSVariant IQR_SPHINCS_SHAKE_256_128F |
SPHINCS+ using SHAKE-256, fast variant with 128-bit security.
◆ IQR_SPHINCS_SHAKE_256_128S
| const IQR_EXTERN iqr_SPHINCSVariant IQR_SPHINCS_SHAKE_256_128S |
SPHINCS+ using SHAKE-256, small variant with 128-bit security.
◆ IQR_SPHINCS_SHAKE_256_192F
| const IQR_EXTERN iqr_SPHINCSVariant IQR_SPHINCS_SHAKE_256_192F |
SPHINCS+ using SHAKE-256, fast variant with 192-bit security.
◆ IQR_SPHINCS_SHAKE_256_192S
| const IQR_EXTERN iqr_SPHINCSVariant IQR_SPHINCS_SHAKE_256_192S |
SPHINCS+ using SHAKE-256, small variant with 192-bit security.
◆ IQR_SPHINCS_SHAKE_256_256F
| const IQR_EXTERN iqr_SPHINCSVariant IQR_SPHINCS_SHAKE_256_256F |
SPHINCS+ using SHAKE-256, fast variant with 256-bit security.
◆ IQR_SPHINCS_SHAKE_256_256S
| const IQR_EXTERN iqr_SPHINCSVariant IQR_SPHINCS_SHAKE_256_256S |
SPHINCS+ using SHAKE-256, small variant with 256-bit security.
Detailed Description
ISARA Radiate Quantum-Safe Library's SPHINCS+ signature scheme.
An implementation as defined in SPHINCS+.
- Copyright
- Copyright (C) 2019-2023, ISARA Corporation, All Rights Reserved.
- License
- The code and other content set out herein is not in the public domain, is considered a trade secret and is confidential to ISARA Corporation. Use, reproduction or distribution, in whole or in part, of such code or other content is strictly prohibited except by express written permission of ISARA Corporation. Please contact ISARA Corporation at info@isara.com for more information.
