echo "gost3410-512C gost3410-256A
ed25519-blake2b ed25519-blake2b
-sphincs+-shake-256f sphincs+-shake-256f" | while read caAlgo eeAlgo ; do
+sphincs+-shake-256s sphincs+-shake-256s" | while read caAlgo eeAlgo ; do
sub="-sub CN=CA -sub C=RU"
test_expect_success "$caAlgo: CA load generation" "cmkeytool \
gost.GOST3410512C,
sntrup4591761x25519.SNTRUP4591761X25519,
mceliece6960119x25519.ClassicMcEliece6960119X25519,
- spx.SPHINCSPlusSHAKE256f,
+ spx.SPHINCSPlusSHAKE256s,
}
sort.Strings(algos)
for _, s := range algos {
prvRaw, pub, err = sntrup4591761x25519.NewKeypair()
case mceliece6960119x25519.ClassicMcEliece6960119X25519:
prvRaw, pub, err = mceliece6960119x25519.NewKeypair()
- case spx.SPHINCSPlusSHAKE256f:
+ case spx.SPHINCSPlusSHAKE256s:
prvRaw, pub, err = spx.NewKeypair(*algo)
default:
err = errors.New("unknown -algo specified")
hasher = cmhash.ByName(cmhash.BLAKE2b256)
case gost.GOST3410256A, gost.GOST3410512C:
hasher = cmhash.ByName(cmhash.Streebog256)
- case mceliece6960119x25519.ClassicMcEliece6960119X25519, spx.SPHINCSPlusSHAKE256f:
+ case mceliece6960119x25519.ClassicMcEliece6960119X25519, spx.SPHINCSPlusSHAKE256s:
hasher = cmhash.ByName(cmhash.SHAKE128)
default:
log.Fatal("unsupported algorithm")
echo "gost3410-512C
gost3410-256A
ed25519-blake2b
-sphincs+-shake-256f" | while read keyalgo ; do
+sphincs+-shake-256s" | while read keyalgo ; do
sub="-sub what=ever"
typ="some-different-type"
return h
case SHAKE128:
return NewSHAKE128()
- case SHAKE256, SPHINCSPlusSHAKE256f, SPHINCSPlusSHAKE256fPh:
+ case SHAKE256, SPHINCSPlusSHAKE256s, SPHINCSPlusSHAKE256sPh:
return NewSHAKE256()
case SHAKE128Merkle:
return NewSHAKE128MerkleHasher(
merkle.DefaultChunkLen, DefaultNumCPU)
- case SHAKE256Merkle, SPHINCSPlusSHAKE256fMerkle:
+ case SHAKE256Merkle, SPHINCSPlusSHAKE256sMerkle:
return NewSHAKE256MerkleHasher(
merkle.DefaultChunkLen, DefaultNumCPU)
}
SHAKE128Merkle = "shake128-merkle"
SHAKE256Merkle = "shake256-merkle"
- SPHINCSPlusSHAKE256f = "sphincs+-shake-256f"
- SPHINCSPlusSHAKE256fPh = "sphincs+-shake-256f-ph"
- SPHINCSPlusSHAKE256fMerkle = "sphincs+-shake-256f-merkle"
+ SPHINCSPlusSHAKE256s = "sphincs+-shake-256s"
+ SPHINCSPlusSHAKE256sPh = "sphincs+-shake-256s-ph"
+ SPHINCSPlusSHAKE256sMerkle = "sphincs+-shake-256s-merkle"
)
type SHAKE struct {
prv, pub, err = ed25519blake2b.NewSigner(av.V)
case gost.GOST3410256A, gost.GOST3410512C:
prv, pub, err = gost.NewSigner(av.V)
- case spx.SPHINCSPlusSHAKE256f:
+ case spx.SPHINCSPlusSHAKE256s:
prv, pub, err = spx.NewSigner(av.V)
default:
err = fmt.Errorf("unknown private key algo: %s", av.A)
if !valid {
err = ErrSigInvalid
}
- case spx.SPHINCSPlusSHAKE256f:
- if algo != spx.SPHINCSPlusSHAKE256f {
+ case spx.SPHINCSPlusSHAKE256s:
+ if algo != spx.SPHINCSPlusSHAKE256s {
return ErrBadSigAlgo
}
valid, err = spx.Verify(key.A, key.V, signed, signature)
if !valid {
err = ErrSigInvalid
}
- case spx.SPHINCSPlusSHAKE256f:
+ case spx.SPHINCSPlusSHAKE256s:
switch algo {
- case spx.SPHINCSPlusSHAKE256fPh:
- case spx.SPHINCSPlusSHAKE256fMerkle:
+ case spx.SPHINCSPlusSHAKE256sPh:
+ case spx.SPHINCSPlusSHAKE256sMerkle:
default:
return ErrBadSigAlgo
}
)
const (
- SPHINCSPlusSHAKE256f = "sphincs+-shake-256f"
- SPHINCSPlusSHAKE256fPh = "sphincs+-shake-256f-ph"
- SPHINCSPlusSHAKE256fMerkle = "sphincs+-shake-256f-merkle"
+ SPHINCSPlusSHAKE256s = "sphincs+-shake-256s"
+ SPHINCSPlusSHAKE256sPh = "sphincs+-shake-256s-ph"
+ SPHINCSPlusSHAKE256sMerkle = "sphincs+-shake-256s-merkle"
)
-var Params = spxParams.MakeSphincsPlusSHAKE256256fSimple(true)
+var Params = spxParams.MakeSphincsPlusSHAKE256256sSimple(true)
func NewKeypair(algo string) (prv, pub []byte, err error) {
sk, pk := spx.Spx_keygen(Params)
func (s *Signer) Algo() string {
switch s.mode {
case mode.Pure:
- return SPHINCSPlusSHAKE256f
+ return SPHINCSPlusSHAKE256s
case mode.Prehash:
- return SPHINCSPlusSHAKE256fPh
+ return SPHINCSPlusSHAKE256sPh
case mode.Merkle:
- return SPHINCSPlusSHAKE256fMerkle
+ return SPHINCSPlusSHAKE256sMerkle
}
return ""
}
-[cm/prv/] with SPHINCS+-SHAKE256-256f.
+[cm/prv/] with SPHINCS+-SHAKE256-256s.
255-bit security level, fast variant and simple parameters.
=> https://sphincs.org/ SPHINCS+\r
=> https://keccak.team/ SHAKE256\r
Value is concatenation of private and public keys (128+64 bytes).
-Algorithm identifier for the public key: "sphincs+-shake-256f".
+Algorithm identifier for the public key: "sphincs+-shake-256s".
-[cm/pub/] with SPHINCS+-SHAKE256-256f.
+[cm/pub/] with SPHINCS+-SHAKE256-256s.
255-bit security level, fast variant and simple parameters.
=> https://sphincs.org/ SPHINCS+\r
=> https://keccak.team/ SHAKE256\r
-"sphincs+-shake-256f" algorithm identifier is used.
+"sphincs+-shake-256s" algorithm identifier is used.
Public key's fingerprint should be calculated using SHAKE128.
+++ /dev/null
-[cm/signed/] with SPHINCS+-SHAKE256-256f with Merkle-tree hashing.
-[cm/hashed/shake-merkle] SHAKE256 Merkle-tree hashing is used.
-"sphincs+-shake-256f-merkle" algorithm identifier must be used for the signature.
-[cm/signed/] with SPHINCS+-SHAKE256-256f.
+[cm/signed/] with SPHINCS+-SHAKE256-256s.
255-bit security level, fast variant,
simple parameters and deterministic signatures.
=> https://sphincs.org/ SPHINCS+\r
=> https://keccak.team/ SHAKE256\r
-"sphincs+-shake-256f" algorithm identifier
+"sphincs+-shake-256s" algorithm identifier
must be used for the signature in pure signing mode.
-"sphincs+-shake-256f-ph" is used in prehash mode.
+"sphincs+-shake-256s-ph" is used in prehash mode.
--- /dev/null
+[cm/signed/] with SPHINCS+-SHAKE256-256s with Merkle-tree hashing.
+[cm/hashed/shake-merkle] SHAKE256 Merkle-tree hashing is used.
+"sphincs+-shake-256s-merkle" algorithm identifier must be used for the signature.