sign: Adding SLH-DSA signature

README.md

@@ -38,6 +38,8 @@ Alternatively, look at the [Cloudflare Go](https://github.com/cloudflare/go/tree
 [RFC-9496]: https://doi.org/10.17487/RFC9496
 [RFC-9497]: https://doi.org/10.17487/RFC9497
 [FIPS 202]: https://doi.org/10.6028/NIST.FIPS.202
+[FIPS 204]: https://doi.org/10.6028/NIST.FIPS.204
+[FIPS 205]: https://doi.org/10.6028/NIST.FIPS.205
 [FIPS 186-5]: https://doi.org/10.6028/NIST.FIPS.186-5
 [BLS12-381]: https://electriccoin.co/blog/new-snark-curve/
 [ia.cr/2015/267]: https://ia.cr/2015/267
@@ -91,7 +93,8 @@ Alternatively, look at the [Cloudflare Go](https://github.com/cloudflare/go/tree
 |:---:|
 
  - [Dilithium](./sign/dilithium): modes 2, 3, 5 ([Dilithium](https://pq-crystals.org/dilithium/)).
- - [ML-DSA](./sign/mldsa): modes 44, 65, 87 ([FIPS 204](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.204.pdf)).
+ - [ML-DSA](./sign/mldsa): modes 44, 65, 87 ([FIPS 204]).
+ - [SLH-DSA](./sign/slhdsa): twelve parameter sets, pure and pre-hash signing ([FIPS 205]).
 
 ### Zero-knowledge Proofs
 

internal/conv/conv.go

@@ -5,6 +5,8 @@ import (
 	"fmt"
 	"math/big"
 	"strings"
+
+	"golang.org/x/crypto/cryptobyte"
 )
 
 // BytesLe2Hex returns an hexadecimal string of a number stored in a
@@ -138,3 +140,26 @@ func BigInt2Uint64Le(z []uint64, x *big.Int) {
 		z[i] = 0
 	}
 }
+
+// MarshalBinary encodes a value into a byte array in a format readable by UnmarshalBinary.
+func MarshalBinary(v cryptobyte.MarshalingValue) ([]byte, error) {
+	var b cryptobyte.Builder
+	b.AddValue(v)
+	return b.Bytes()
+}
+
+// A UnmarshalingValue decodes itself from a cryptobyte.String and advances the pointer.
+// It reports whether the read was successful.
+type UnmarshalingValue interface {
+	Unmarshal(*cryptobyte.String) bool
+}
+
+// UnmarshalBinary recovers a value from a byte array.
+// It returns an error if the read was unsuccessful.
+func UnmarshalBinary(v UnmarshalingValue, data []byte) (err error) {
+	s := cryptobyte.String(data)
+	if !v.Unmarshal(&s) || !s.Empty() {
+		err = fmt.Errorf("cannot read %T from input string", v)
+	}
+	return
+}

internal/test/test.go

@@ -1,6 +1,8 @@
 package test
 
 import (
+	"bytes"
+	"encoding"
 	"errors"
 	"fmt"
 	"strings"
@@ -58,3 +60,26 @@ func CheckPanic(f func()) error {
 	f()
 	return hasPanicked
 }
+
+func CheckMarshal(
+	t *testing.T,
+	x, y interface {
+		encoding.BinaryMarshaler
+		encoding.BinaryUnmarshaler
+	},
+) {
+	t.Helper()
+
+	want, err := x.MarshalBinary()
+	CheckNoErr(t, err, fmt.Sprintf("cannot marshal %T = %v", x, x))
+
+	err = y.UnmarshalBinary(want)
+	CheckNoErr(t, err, fmt.Sprintf("cannot unmarshal %T from %x", y, want))
+
+	got, err := y.MarshalBinary()
+	CheckNoErr(t, err, fmt.Sprintf("cannot marshal %T = %v", y, y))
+
+	if !bytes.Equal(got, want) {
+		ReportError(t, got, want, x, y)
+	}
+}

sign/schemes/schemes.go

@@ -6,23 +6,26 @@
 //	Ed448
 //	Ed25519-Dilithium2
 //	Ed448-Dilithium3
+//	Dilithium
+//	ML-DSA
+//	SLH-DSA
 package schemes
 
 import (
 	"strings"
 
 	"github.com/cloudflare/circl/sign"
+	dilithium2 "github.com/cloudflare/circl/sign/dilithium/mode2"
+	dilithium3 "github.com/cloudflare/circl/sign/dilithium/mode3"
+	dilithium5 "github.com/cloudflare/circl/sign/dilithium/mode5"
 	"github.com/cloudflare/circl/sign/ed25519"
 	"github.com/cloudflare/circl/sign/ed448"
 	"github.com/cloudflare/circl/sign/eddilithium2"
 	"github.com/cloudflare/circl/sign/eddilithium3"
-
-	dilithium2 "github.com/cloudflare/circl/sign/dilithium/mode2"
-	dilithium3 "github.com/cloudflare/circl/sign/dilithium/mode3"
-	dilithium5 "github.com/cloudflare/circl/sign/dilithium/mode5"
 	"github.com/cloudflare/circl/sign/mldsa/mldsa44"
 	"github.com/cloudflare/circl/sign/mldsa/mldsa65"
 	"github.com/cloudflare/circl/sign/mldsa/mldsa87"
+	"github.com/cloudflare/circl/sign/slhdsa"
 )
 
 var allSchemes = [...]sign.Scheme{
@@ -36,6 +39,18 @@ var allSchemes = [...]sign.Scheme{
 	mldsa44.Scheme(),
 	mldsa65.Scheme(),
 	mldsa87.Scheme(),
+	slhdsa.ParamIDSHA2Small128,
+	slhdsa.ParamIDSHAKESmall128,
+	slhdsa.ParamIDSHA2Fast128,
+	slhdsa.ParamIDSHAKEFast128,
+	slhdsa.ParamIDSHA2Small192,
+	slhdsa.ParamIDSHAKESmall192,
+	slhdsa.ParamIDSHA2Fast192,
+	slhdsa.ParamIDSHAKEFast192,
+	slhdsa.ParamIDSHA2Small256,
+	slhdsa.ParamIDSHAKESmall256,
+	slhdsa.ParamIDSHA2Fast256,
+	slhdsa.ParamIDSHAKEFast256,
 }
 
 var allSchemeNames map[string]sign.Scheme

sign/schemes/schemes_test.go

@@ -122,6 +122,18 @@ func Example() {
 	// ML-DSA-44
 	// ML-DSA-65
 	// ML-DSA-87
+	// SLH-DSA-SHA2-128s
+	// SLH-DSA-SHAKE-128s
+	// SLH-DSA-SHA2-128f
+	// SLH-DSA-SHAKE-128f
+	// SLH-DSA-SHA2-192s
+	// SLH-DSA-SHAKE-192s
+	// SLH-DSA-SHA2-192f
+	// SLH-DSA-SHAKE-192f
+	// SLH-DSA-SHA2-256s
+	// SLH-DSA-SHAKE-256s
+	// SLH-DSA-SHA2-256f
+	// SLH-DSA-SHAKE-256f
 }
 
 func BenchmarkGenerateKeyPair(b *testing.B) {