From 9d05683d7be50dc73c704d1c0b7d9d617fd8fad0 Mon Sep 17 00:00:00 2001 From: Jakub Jelen Date: Tue, 9 Sep 2025 11:24:36 +0200 Subject: [PATCH 1/2] Move shared params from mldsa specific module Signed-off-by: Jakub Jelen --- cryptoki/src/mechanism/{mldsa.rs => dsa.rs} | 12 +++++----- cryptoki/src/mechanism/mod.rs | 26 ++++++++++----------- cryptoki/tests/ml_dsa.rs | 2 +- 3 files changed, 20 insertions(+), 20 deletions(-) rename cryptoki/src/mechanism/{mldsa.rs => dsa.rs} (92%) diff --git a/cryptoki/src/mechanism/mldsa.rs b/cryptoki/src/mechanism/dsa.rs similarity index 92% rename from cryptoki/src/mechanism/mldsa.rs rename to cryptoki/src/mechanism/dsa.rs index a2130e90..afb63cae 100644 --- a/cryptoki/src/mechanism/mldsa.rs +++ b/cryptoki/src/mechanism/dsa.rs @@ -1,11 +1,11 @@ -//! ML-DSA mechanism types +//! ML-DSA and SLH-DSA mechanism parameters use crate::mechanism::{Mechanism, MechanismType}; use cryptoki_sys::*; use std::{convert::TryInto, marker::PhantomData, ptr::null_mut}; -/// The hedge type for ML-DSA signature +/// The hedge type for ML-DSA and SLH-DSA signature #[derive(Debug, Clone, Copy, PartialEq, Default)] pub enum HedgeType { /// Token may create either a hedged signature or a deterministic signature @@ -33,7 +33,7 @@ impl From for CK_ULONG { } } -/// The ML-DSA additional context for signatures +/// The ML-DSA and SLH-DSA additional context for signatures /// /// This structure wraps `CK_SIGN_ADDITIONAL_CONTEXT` structure. #[derive(Debug, Clone, Copy)] @@ -44,7 +44,7 @@ pub struct SignAdditionalContext<'a> { } impl SignAdditionalContext<'_> { - /// Construct ML-DSA signature parameters. + /// Construct ML-DSA and SLH-DSA signature parameters. /// /// # Arguments /// @@ -94,7 +94,7 @@ impl SignAdditionalContext<'_> { } } -/// The ML-DSA additional context for signatures with hashing information +/// The ML-DSA and SLH-DSA additional context for signatures with hashing information /// /// This structure wraps `CK_HASH_SIGN_ADDITIONAL_CONTEXT` structure. #[derive(Debug, Clone, Copy)] @@ -105,7 +105,7 @@ pub struct HashSignAdditionalContext<'a> { } impl HashSignAdditionalContext<'_> { - /// Construct HashML-DSA Signature parameters. + /// Construct HashML-DSA or HashSLH-DSA Signature parameters. /// /// # Arguments /// diff --git a/cryptoki/src/mechanism/mod.rs b/cryptoki/src/mechanism/mod.rs index 3171a7dc..74f9f73e 100644 --- a/cryptoki/src/mechanism/mod.rs +++ b/cryptoki/src/mechanism/mod.rs @@ -3,13 +3,13 @@ //! Data types for mechanisms pub mod aead; +pub mod dsa; pub mod eddsa; pub mod ekdf; pub mod elliptic_curve; pub mod hkdf; pub mod kbkdf; mod mechanism_info; -pub mod mldsa; pub mod rsa; pub mod vendor_defined; @@ -1152,29 +1152,29 @@ pub enum Mechanism<'a> { /// ML-DSA key pair generation mechanism MlDsaKeyPairGen, /// ML-DSA signature mechanism - MlDsa(mldsa::SignAdditionalContext<'a>), + MlDsa(dsa::SignAdditionalContext<'a>), /// HashML-DSA signature mechanism - HashMlDsa(mldsa::HashSignAdditionalContext<'a>), + HashMlDsa(dsa::HashSignAdditionalContext<'a>), /// HashML-DSA signature mechanism with SHA224 - HashMlDsaSha224(mldsa::SignAdditionalContext<'a>), + HashMlDsaSha224(dsa::SignAdditionalContext<'a>), /// HashML-DSA signature mechanism with SHA256 - HashMlDsaSha256(mldsa::SignAdditionalContext<'a>), + HashMlDsaSha256(dsa::SignAdditionalContext<'a>), /// HashML-DSA signature mechanism with SHA384 - HashMlDsaSha384(mldsa::SignAdditionalContext<'a>), + HashMlDsaSha384(dsa::SignAdditionalContext<'a>), /// HashML-DSA signature mechanism with SHA512 - HashMlDsaSha512(mldsa::SignAdditionalContext<'a>), + HashMlDsaSha512(dsa::SignAdditionalContext<'a>), /// HashML-DSA signature mechanism with SHA3-224 - HashMlDsaSha3_224(mldsa::SignAdditionalContext<'a>), + HashMlDsaSha3_224(dsa::SignAdditionalContext<'a>), /// HashML-DSA signature mechanism with SHA3-256 - HashMlDsaSha3_256(mldsa::SignAdditionalContext<'a>), + HashMlDsaSha3_256(dsa::SignAdditionalContext<'a>), /// HashML-DSA signature mechanism with SHA3-384 - HashMlDsaSha3_384(mldsa::SignAdditionalContext<'a>), + HashMlDsaSha3_384(dsa::SignAdditionalContext<'a>), /// HashML-DSA signature mechanism with SHA3-512 - HashMlDsaSha3_512(mldsa::SignAdditionalContext<'a>), + HashMlDsaSha3_512(dsa::SignAdditionalContext<'a>), /// HashML-DSA signature mechanism with SHAKE128 - HashMlDsaShake128(mldsa::SignAdditionalContext<'a>), + HashMlDsaShake128(dsa::SignAdditionalContext<'a>), /// HashML-DSA signature mechanism with SHAKE256 - HashMlDsaShake256(mldsa::SignAdditionalContext<'a>), + HashMlDsaShake256(dsa::SignAdditionalContext<'a>), /// Vendor defined mechanism VendorDefined(VendorDefinedMechanism<'a>), diff --git a/cryptoki/tests/ml_dsa.rs b/cryptoki/tests/ml_dsa.rs index dbc04286..1fcea1ca 100644 --- a/cryptoki/tests/ml_dsa.rs +++ b/cryptoki/tests/ml_dsa.rs @@ -5,7 +5,7 @@ mod common; use crate::common::{init_pins, USER_PIN}; use cryptoki::context::Function; use cryptoki::error::{Error, RvError}; -use cryptoki::mechanism::mldsa::{HashSignAdditionalContext, HedgeType, SignAdditionalContext}; +use cryptoki::mechanism::dsa::{HashSignAdditionalContext, HedgeType, SignAdditionalContext}; use cryptoki::mechanism::{Mechanism, MechanismType}; use cryptoki::object::{Attribute, AttributeType, MlDsaParameterSetType}; use cryptoki::session::UserType; From b092ebd31a6af43aa616986b96c254e245e7be82 Mon Sep 17 00:00:00 2001 From: Jakub Jelen Date: Tue, 9 Sep 2025 11:25:04 +0200 Subject: [PATCH 2/2] Add SLH-DSA mechanisms also removes the use of Deref trait in existing ML-DSA and ML-KEM mechanisms Signed-off-by: Jakub Jelen --- cryptoki/src/mechanism/mod.rs | 141 +++++++++++++++++++++++++++++- cryptoki/src/object.rs | 160 +++++++++++++++++++++++++++++++--- 2 files changed, 288 insertions(+), 13 deletions(-) diff --git a/cryptoki/src/mechanism/mod.rs b/cryptoki/src/mechanism/mod.rs index 74f9f73e..143b6652 100644 --- a/cryptoki/src/mechanism/mod.rs +++ b/cryptoki/src/mechanism/mod.rs @@ -402,6 +402,58 @@ impl MechanismType { val: CKM_HASH_ML_DSA_SHAKE256, }; + // SLH-DSA + /// SLH-DSA key pair generation mechanism + pub const SLH_DSA_KEY_PAIR_GEN: MechanismType = MechanismType { + val: CKM_SLH_DSA_KEY_PAIR_GEN, + }; + /// SLH-DSA signature mechanism + pub const SLH_DSA: MechanismType = MechanismType { val: CKM_SLH_DSA }; + /// HashSLH-DSA signature mechanism + pub const HASH_SLH_DSA: MechanismType = MechanismType { + val: CKM_HASH_SLH_DSA, + }; + /// HashSLH-DSA signature mechanism with SHA224 + pub const HASH_SLH_DSA_SHA224: MechanismType = MechanismType { + val: CKM_HASH_SLH_DSA_SHA224, + }; + /// HashSLH-DSA signature mechanism with SHA256 + pub const HASH_SLH_DSA_SHA256: MechanismType = MechanismType { + val: CKM_HASH_SLH_DSA_SHA256, + }; + /// HashSLH-DSA signature mechanism with SHA384 + pub const HASH_SLH_DSA_SHA384: MechanismType = MechanismType { + val: CKM_HASH_SLH_DSA_SHA384, + }; + /// HashSLH-DSA signature mechanism with SHA512 + pub const HASH_SLH_DSA_SHA512: MechanismType = MechanismType { + val: CKM_HASH_SLH_DSA_SHA512, + }; + /// HashSLH-DSA signature mechanism with SHA3-224 + pub const HASH_SLH_DSA_SHA3_224: MechanismType = MechanismType { + val: CKM_HASH_SLH_DSA_SHA3_224, + }; + /// HashML-DSA signature mechanism with SHA3-256 + pub const HASH_SLH_DSA_SHA3_256: MechanismType = MechanismType { + val: CKM_HASH_SLH_DSA_SHA3_256, + }; + /// HashML-DSA signature mechanism with SHA3-384 + pub const HASH_SLH_DSA_SHA3_384: MechanismType = MechanismType { + val: CKM_HASH_SLH_DSA_SHA3_384, + }; + /// HashML-DSA signature mechanism with SHA3-512 + pub const HASH_SLH_DSA_SHA3_512: MechanismType = MechanismType { + val: CKM_HASH_SLH_DSA_SHA3_512, + }; + /// HashSLH-DSA signature mechanism with SHAKE128 + pub const HASH_SLH_DSA_SHAKE128: MechanismType = MechanismType { + val: CKM_HASH_SLH_DSA_SHAKE128, + }; + /// HashML-DSA signature mechanism with SHAKE256 + pub const HASH_SLH_DSA_SHAKE256: MechanismType = MechanismType { + val: CKM_HASH_SLH_DSA_SHAKE256, + }; + /// Create vendor defined mechanism /// /// # Arguments @@ -811,6 +863,19 @@ impl MechanismType { CKM_HASH_ML_DSA_SHA3_512 => String::from(stringify!(CKM_HASH_ML_DSA_SHA3_512)), CKM_HASH_ML_DSA_SHAKE128 => String::from(stringify!(CKM_HASH_ML_DSA_SHAKE128)), CKM_HASH_ML_DSA_SHAKE256 => String::from(stringify!(CKM_HASH_ML_DSA_SHAKE256)), + CKM_SLH_DSA_KEY_PAIR_GEN => String::from(stringify!(CKM_SLH_DSA_KEY_PAIR_GEN)), + CKM_SLH_DSA => String::from(stringify!(CKM_SLH_DSA)), + CKM_HASH_SLH_DSA => String::from(stringify!(CKM_HASH_SLH_DSA)), + CKM_HASH_SLH_DSA_SHA224 => String::from(stringify!(CKM_HASH_SLH_DSA_SHA224)), + CKM_HASH_SLH_DSA_SHA256 => String::from(stringify!(CKM_HASH_SLH_DSA_SHA256)), + CKM_HASH_SLH_DSA_SHA384 => String::from(stringify!(CKM_HASH_SLH_DSA_SHA384)), + CKM_HASH_SLH_DSA_SHA512 => String::from(stringify!(CKM_HASH_SLH_DSA_SHA512)), + CKM_HASH_SLH_DSA_SHA3_224 => String::from(stringify!(CKM_HASH_SLH_DSA_SHA3_224)), + CKM_HASH_SLH_DSA_SHA3_256 => String::from(stringify!(CKM_HASH_SLH_DSA_SHA3_256)), + CKM_HASH_SLH_DSA_SHA3_384 => String::from(stringify!(CKM_HASH_SLH_DSA_SHA3_384)), + CKM_HASH_SLH_DSA_SHA3_512 => String::from(stringify!(CKM_HASH_SLH_DSA_SHA3_512)), + CKM_HASH_SLH_DSA_SHAKE128 => String::from(stringify!(CKM_HASH_SLH_DSA_SHAKE128)), + CKM_HASH_SLH_DSA_SHAKE256 => String::from(stringify!(CKM_HASH_SLH_DSA_SHAKE256)), _ => format!("unknown {mech:08x}"), } } @@ -912,6 +977,18 @@ impl TryFrom for MechanismType { CKM_HASH_ML_DSA_SHA3_384 => Ok(MechanismType::HASH_ML_DSA_SHA3_384), CKM_HASH_ML_DSA_SHA3_512 => Ok(MechanismType::HASH_ML_DSA_SHA3_512), CKM_HASH_ML_DSA_SHAKE128 => Ok(MechanismType::HASH_ML_DSA_SHAKE128), + CKM_SLH_DSA_KEY_PAIR_GEN => Ok(MechanismType::SLH_DSA_KEY_PAIR_GEN), + CKM_SLH_DSA => Ok(MechanismType::SLH_DSA), + CKM_HASH_SLH_DSA => Ok(MechanismType::HASH_SLH_DSA), + CKM_HASH_SLH_DSA_SHA224 => Ok(MechanismType::HASH_SLH_DSA_SHA224), + CKM_HASH_SLH_DSA_SHA256 => Ok(MechanismType::HASH_SLH_DSA_SHA256), + CKM_HASH_SLH_DSA_SHA384 => Ok(MechanismType::HASH_SLH_DSA_SHA384), + CKM_HASH_SLH_DSA_SHA512 => Ok(MechanismType::HASH_SLH_DSA_SHA512), + CKM_HASH_SLH_DSA_SHA3_224 => Ok(MechanismType::HASH_SLH_DSA_SHA3_224), + CKM_HASH_SLH_DSA_SHA3_256 => Ok(MechanismType::HASH_SLH_DSA_SHA3_256), + CKM_HASH_SLH_DSA_SHA3_384 => Ok(MechanismType::HASH_SLH_DSA_SHA3_384), + CKM_HASH_SLH_DSA_SHA3_512 => Ok(MechanismType::HASH_SLH_DSA_SHA3_512), + CKM_HASH_SLH_DSA_SHAKE128 => Ok(MechanismType::HASH_SLH_DSA_SHAKE128), other => { error!("Mechanism type {} is not supported.", other); Err(Error::NotSupported) @@ -1176,6 +1253,34 @@ pub enum Mechanism<'a> { /// HashML-DSA signature mechanism with SHAKE256 HashMlDsaShake256(dsa::SignAdditionalContext<'a>), + // SLH-DSA + /// SLH-DSA key pair generation mechanism + SlhDsaKeyPairGen, + /// SLH-DSA signature mechanism + SlhDsa(dsa::SignAdditionalContext<'a>), + /// HashSLH-DSA signature mechanism + HashSlhDsa(dsa::HashSignAdditionalContext<'a>), + /// HashSLH-DSA signature mechanism with SHA224 + HashSlhDsaSha224(dsa::SignAdditionalContext<'a>), + /// HashSLH-DSA signature mechanism with SHA256 + HashSlhDsaSha256(dsa::SignAdditionalContext<'a>), + /// HashSLH-DSA signature mechanism with SHA384 + HashSlhDsaSha384(dsa::SignAdditionalContext<'a>), + /// HashSLH-DSA signature mechanism with SHA512 + HashSlhDsaSha512(dsa::SignAdditionalContext<'a>), + /// HashSLH-DSA signature mechanism with SHA3-224 + HashSlhDsaSha3_224(dsa::SignAdditionalContext<'a>), + /// HashSLH-DSA signature mechanism with SHA3-256 + HashSlhDsaSha3_256(dsa::SignAdditionalContext<'a>), + /// HashSLH-DSA signature mechanism with SHA3-384 + HashSlhDsaSha3_384(dsa::SignAdditionalContext<'a>), + /// HashSLH-DSA signature mechanism with SHA3-512 + HashSlhDsaSha3_512(dsa::SignAdditionalContext<'a>), + /// HashSLH-DSA signature mechanism with SHAKE128 + HashSlhDsaShake128(dsa::SignAdditionalContext<'a>), + /// HashSLH-DSA signature mechanism with SHAKE256 + HashSlhDsaShake256(dsa::SignAdditionalContext<'a>), + /// Vendor defined mechanism VendorDefined(VendorDefinedMechanism<'a>), } @@ -1278,6 +1383,20 @@ impl Mechanism<'_> { Mechanism::HashMlDsaShake128(_) => MechanismType::HASH_ML_DSA_SHAKE128, Mechanism::HashMlDsaShake256(_) => MechanismType::HASH_ML_DSA_SHAKE256, + Mechanism::SlhDsaKeyPairGen => MechanismType::SLH_DSA_KEY_PAIR_GEN, + Mechanism::SlhDsa(_) => MechanismType::SLH_DSA, + Mechanism::HashSlhDsa(_) => MechanismType::HASH_SLH_DSA, + Mechanism::HashSlhDsaSha224(_) => MechanismType::HASH_SLH_DSA_SHA224, + Mechanism::HashSlhDsaSha256(_) => MechanismType::HASH_SLH_DSA_SHA256, + Mechanism::HashSlhDsaSha384(_) => MechanismType::HASH_SLH_DSA_SHA384, + Mechanism::HashSlhDsaSha512(_) => MechanismType::HASH_SLH_DSA_SHA512, + Mechanism::HashSlhDsaSha3_224(_) => MechanismType::HASH_SLH_DSA_SHA3_224, + Mechanism::HashSlhDsaSha3_256(_) => MechanismType::HASH_SLH_DSA_SHA3_256, + Mechanism::HashSlhDsaSha3_384(_) => MechanismType::HASH_SLH_DSA_SHA3_384, + Mechanism::HashSlhDsaSha3_512(_) => MechanismType::HASH_SLH_DSA_SHA3_512, + Mechanism::HashSlhDsaShake128(_) => MechanismType::HASH_SLH_DSA_SHAKE128, + Mechanism::HashSlhDsaShake256(_) => MechanismType::HASH_SLH_DSA_SHAKE256, + Mechanism::VendorDefined(vm) => MechanismType { val: vm.inner.mechanism, }, @@ -1353,6 +1472,25 @@ impl From<&Mechanism<'_>> for CK_MECHANISM { }, Some(params) => make_mechanism(mechanism, params), }, + Mechanism::HashSlhDsa(params) => make_mechanism(mechanism, params), + Mechanism::SlhDsa(params) + | Mechanism::HashSlhDsaSha224(params) + | Mechanism::HashSlhDsaSha256(params) + | Mechanism::HashSlhDsaSha384(params) + | Mechanism::HashSlhDsaSha512(params) + | Mechanism::HashSlhDsaSha3_224(params) + | Mechanism::HashSlhDsaSha3_256(params) + | Mechanism::HashSlhDsaSha3_384(params) + | Mechanism::HashSlhDsaSha3_512(params) + | Mechanism::HashSlhDsaShake128(params) + | Mechanism::HashSlhDsaShake256(params) => match params.inner() { + None => CK_MECHANISM { + mechanism, + pParameter: null_mut(), + ulParameterLen: 0, + }, + Some(params) => make_mechanism(mechanism, params), + }, // Mechanisms without parameters Mechanism::AesKeyGen | Mechanism::AesEcb @@ -1400,7 +1538,8 @@ impl From<&Mechanism<'_>> for CK_MECHANISM { | Mechanism::HkdfKeyGen | Mechanism::MlKemKeyPairGen | Mechanism::MlKem - | Mechanism::MlDsaKeyPairGen => CK_MECHANISM { + | Mechanism::MlDsaKeyPairGen + | Mechanism::SlhDsaKeyPairGen => CK_MECHANISM { mechanism, pParameter: null_mut(), ulParameterLen: 0, diff --git a/cryptoki/src/object.rs b/cryptoki/src/object.rs index 4fbdd858..69072e95 100644 --- a/cryptoki/src/object.rs +++ b/cryptoki/src/object.rs @@ -1096,7 +1096,7 @@ impl TryFrom for ParameterSetType { impl From for ParameterSetType { fn from(val: MlKemParameterSetType) -> Self { ParameterSetType { - val: Ulong::new(*val), + val: Ulong::new(*val.as_ref()), } } } @@ -1104,7 +1104,15 @@ impl From for ParameterSetType { impl From for ParameterSetType { fn from(val: MlDsaParameterSetType) -> Self { ParameterSetType { - val: Ulong::new(*val), + val: Ulong::new(*val.as_ref()), + } + } +} + +impl From for ParameterSetType { + fn from(val: SlhDsaParameterSetType) -> Self { + ParameterSetType { + val: Ulong::new(*val.as_ref()), } } } @@ -1146,17 +1154,15 @@ impl std::fmt::Display for MlKemParameterSetType { } } -impl Deref for MlKemParameterSetType { - type Target = CK_ML_KEM_PARAMETER_SET_TYPE; - - fn deref(&self) -> &Self::Target { +impl AsRef for MlKemParameterSetType { + fn as_ref(&self) -> &CK_ML_KEM_PARAMETER_SET_TYPE { &self.val } } impl From for CK_ML_KEM_PARAMETER_SET_TYPE { fn from(val: MlKemParameterSetType) -> Self { - *val + *val.as_ref() } } @@ -1215,17 +1221,15 @@ impl std::fmt::Display for MlDsaParameterSetType { } } -impl Deref for MlDsaParameterSetType { - type Target = CK_ML_DSA_PARAMETER_SET_TYPE; - - fn deref(&self) -> &Self::Target { +impl AsRef for MlDsaParameterSetType { + fn as_ref(&self) -> &CK_ML_DSA_PARAMETER_SET_TYPE { &self.val } } impl From for CK_ML_DSA_PARAMETER_SET_TYPE { fn from(val: MlDsaParameterSetType) -> Self { - *val + *val.as_ref() } } @@ -1253,6 +1257,133 @@ impl From for MlDsaParameterSetType { } } +#[derive(Copy, Debug, Clone, PartialEq, Eq)] +#[repr(transparent)] +/// Identifier of the SLH-DSA parameter set +pub struct SlhDsaParameterSetType { + val: CK_SLH_DSA_PARAMETER_SET_TYPE, +} + +impl SlhDsaParameterSetType { + /// SLH-DSA-SHA2-128s + pub const SHA2_128S: SlhDsaParameterSetType = SlhDsaParameterSetType { + val: CKP_SLH_DSA_SHA2_128S, + }; + /// SLH-DSA-SHAKE-128s + pub const SHAKE_128S: SlhDsaParameterSetType = SlhDsaParameterSetType { + val: CKP_SLH_DSA_SHAKE_128S, + }; + /// SLH-DSA-SHA2-128f + pub const SHA2_128F: SlhDsaParameterSetType = SlhDsaParameterSetType { + val: CKP_SLH_DSA_SHA2_128F, + }; + /// SLH-DSA-SHAKE-128f + pub const SHAKE_128F: SlhDsaParameterSetType = SlhDsaParameterSetType { + val: CKP_SLH_DSA_SHAKE_128F, + }; + /// SLH-DSA-SHA2-192s + pub const SHA2_192S: SlhDsaParameterSetType = SlhDsaParameterSetType { + val: CKP_SLH_DSA_SHA2_192S, + }; + /// SLH-DSA-SHAKE-192s + pub const SHAKE_192S: SlhDsaParameterSetType = SlhDsaParameterSetType { + val: CKP_SLH_DSA_SHAKE_192S, + }; + /// SLH-DSA-SHA2-192f + pub const SHA2_192F: SlhDsaParameterSetType = SlhDsaParameterSetType { + val: CKP_SLH_DSA_SHA2_192F, + }; + /// SLH-DSA-SHAKE-192f + pub const SHAKE_192F: SlhDsaParameterSetType = SlhDsaParameterSetType { + val: CKP_SLH_DSA_SHAKE_192F, + }; + /// SLH-DSA-SHA2-256s + pub const SHA2_256S: SlhDsaParameterSetType = SlhDsaParameterSetType { + val: CKP_SLH_DSA_SHA2_256S, + }; + /// SLH-DSA-SHAKE-256s + pub const SHAKE_256S: SlhDsaParameterSetType = SlhDsaParameterSetType { + val: CKP_SLH_DSA_SHAKE_256S, + }; + /// SLH-DSA-SHA2-256f + pub const SHA2_256F: SlhDsaParameterSetType = SlhDsaParameterSetType { + val: CKP_SLH_DSA_SHA2_256F, + }; + /// SLH-DSA-SHAKE-256f + pub const SHAKE_256F: SlhDsaParameterSetType = SlhDsaParameterSetType { + val: CKP_SLH_DSA_SHAKE_256F, + }; +} + +impl std::fmt::Display for SlhDsaParameterSetType { + fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result { + write!( + f, + "{}", + match self.val { + CKP_SLH_DSA_SHA2_128S => stringify!(CKP_SLH_DSA_SHA2_128S), + CKP_SLH_DSA_SHAKE_128S => stringify!(CKP_SLH_DSA_SHAKE_128S), + CKP_SLH_DSA_SHA2_128F => stringify!(CKP_SLH_DSA_SHA2_128F), + CKP_SLH_DSA_SHAKE_128F => stringify!(CKP_SLH_DSA_SHAKE_128F), + CKP_SLH_DSA_SHA2_192S => stringify!(CKP_SLH_DSA_SHA2_192S), + CKP_SLH_DSA_SHAKE_192S => stringify!(CKP_SLH_DSA_SHAKE_192S), + CKP_SLH_DSA_SHA2_192F => stringify!(CKP_SLH_DSA_SHA2_192F), + CKP_SLH_DSA_SHAKE_192F => stringify!(CKP_SLH_DSA_SHAKE_192F), + CKP_SLH_DSA_SHA2_256S => stringify!(CKP_SLH_DSA_SHA2_256S), + CKP_SLH_DSA_SHAKE_256S => stringify!(CKP_SLH_DSA_SHAKE_256S), + CKP_SLH_DSA_SHA2_256F => stringify!(CKP_SLH_DSA_SHA2_256F), + CKP_SLH_DSA_SHAKE_256F => stringify!(CKP_SLH_DSA_SHAKE_256F), + v => return write!(f, "unknown ({v:08x})"), + } + ) + } +} + +impl AsRef for SlhDsaParameterSetType { + fn as_ref(&self) -> &CK_SLH_DSA_PARAMETER_SET_TYPE { + &self.val + } +} + +impl From for CK_SLH_DSA_PARAMETER_SET_TYPE { + fn from(val: SlhDsaParameterSetType) -> Self { + *val.as_ref() + } +} + +impl TryFrom for SlhDsaParameterSetType { + type Error = Error; + + fn try_from(val: CK_ML_DSA_PARAMETER_SET_TYPE) -> Result { + match val { + CKP_SLH_DSA_SHA2_128S => Ok(SlhDsaParameterSetType::SHA2_128S), + CKP_SLH_DSA_SHAKE_128S => Ok(SlhDsaParameterSetType::SHAKE_128S), + CKP_SLH_DSA_SHA2_128F => Ok(SlhDsaParameterSetType::SHA2_128F), + CKP_SLH_DSA_SHAKE_128F => Ok(SlhDsaParameterSetType::SHAKE_128F), + CKP_SLH_DSA_SHA2_192S => Ok(SlhDsaParameterSetType::SHA2_192S), + CKP_SLH_DSA_SHAKE_192S => Ok(SlhDsaParameterSetType::SHAKE_192S), + CKP_SLH_DSA_SHA2_192F => Ok(SlhDsaParameterSetType::SHA2_192F), + CKP_SLH_DSA_SHAKE_192F => Ok(SlhDsaParameterSetType::SHAKE_192F), + CKP_SLH_DSA_SHA2_256S => Ok(SlhDsaParameterSetType::SHA2_256S), + CKP_SLH_DSA_SHAKE_256S => Ok(SlhDsaParameterSetType::SHAKE_256S), + CKP_SLH_DSA_SHA2_256F => Ok(SlhDsaParameterSetType::SHA2_256F), + CKP_SLH_DSA_SHAKE_256F => Ok(SlhDsaParameterSetType::SHAKE_256F), + _ => { + error!("SLH-DSA parameter set {} is not supported.", val); + Err(Error::NotSupported) + } + } + } +} + +impl From for SlhDsaParameterSetType { + fn from(val: ParameterSetType) -> Self { + SlhDsaParameterSetType { + val: CK_ULONG::from(*val), + } + } +} + #[derive(Copy, Debug, Clone, PartialEq, Eq)] #[repr(transparent)] /// Identifier of the class of an object @@ -1496,6 +1627,9 @@ impl KeyType { /// ML-DSA key pub const ML_DSA: KeyType = KeyType { val: CKK_ML_DSA }; + /// SLH-DSA key + pub const SLH_DSA: KeyType = KeyType { val: CKK_SLH_DSA }; + /// Create vendor defined key type /// /// # Arguments @@ -1570,6 +1704,7 @@ impl KeyType { CKK_HKDF => String::from(stringify!(CKK_HKDF)), CKK_ML_KEM => String::from(stringify!(CKK_ML_KEM)), CKK_ML_DSA => String::from(stringify!(CKK_ML_DSA)), + CKK_SLH_DSA => String::from(stringify!(CKK_SLH_DSA)), CKK_VENDOR_DEFINED..=CK_ULONG::MAX => String::from(stringify!(key_type)), _ => format!("unknown ({key_type:08x})"), } @@ -1647,6 +1782,7 @@ impl TryFrom for KeyType { CKK_HKDF => Ok(KeyType::HKDF), CKK_ML_KEM => Ok(KeyType::ML_KEM), CKK_ML_DSA => Ok(KeyType::ML_DSA), + CKK_SLH_DSA => Ok(KeyType::SLH_DSA), CKK_VENDOR_DEFINED..=CK_ULONG::MAX => KeyType::new_vendor_defined(key_type), _ => { error!("Key type {} is not supported.", key_type);