Add proto parser and serializer for SLH-DSA parameters.

PiperOrigin-RevId: 625366253

Author: ioannanedelcu

cc/experimental/pqcrypto/signature/slh_dsa_proto_serialization.cc

@@ -0,0 +1,252 @@
+// Copyright 2024 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+////////////////////////////////////////////////////////////////////////////////
+
+#include "tink/experimental/pqcrypto/signature/slh_dsa_proto_serialization.h"
+
+#include "absl/status/status.h"
+#include "absl/strings/string_view.h"
+#include "tink/experimental/pqcrypto/signature/slh_dsa_parameters.h"
+#include "tink/internal/mutable_serialization_registry.h"
+#include "tink/internal/parameters_parser.h"
+#include "tink/internal/parameters_serializer.h"
+#include "tink/internal/proto_parameters_serialization.h"
+#include "tink/util/status.h"
+#include "tink/util/statusor.h"
+#include "proto/experimental/pqcrypto/slh_dsa.pb.h"
+#include "proto/tink.pb.h"
+
+namespace crypto {
+namespace tink {
+namespace {
+
+using ::google::crypto::tink::OutputPrefixType;
+using ::google::crypto::tink::SlhDsaHashType;
+using ::google::crypto::tink::SlhDsaKeyFormat;
+using ::google::crypto::tink::SlhDsaParams;
+using ::google::crypto::tink::SlhDsaSignatureType;
+
+using SlhDsaProtoParametersParserImpl =
+    internal::ParametersParserImpl<internal::ProtoParametersSerialization,
+                                   SlhDsaParameters>;
+using SlhDsaProtoParametersSerializerImpl =
+    internal::ParametersSerializerImpl<SlhDsaParameters,
+                                       internal::ProtoParametersSerialization>;
+
+const absl::string_view kPrivateTypeUrl =
+    "type.googleapis.com/google.crypto.tink.SlhDsaPrivateKey";
+
+util::StatusOr<SlhDsaParameters::Variant> ToVariant(
+    OutputPrefixType output_prefix_type) {
+  switch (output_prefix_type) {
+    case OutputPrefixType::RAW:
+      return SlhDsaParameters::Variant::kNoPrefix;
+    case OutputPrefixType::TINK:
+      return SlhDsaParameters::Variant::kTink;
+    default:
+      return util::Status(absl::StatusCode::kInvalidArgument,
+                          "Could not determine SlhDsaParameters::Variant");
+  }
+}
+
+util::StatusOr<OutputPrefixType> ToOutputPrefixType(
+    SlhDsaParameters::Variant variant) {
+  switch (variant) {
+    case SlhDsaParameters::Variant::kNoPrefix:
+      return OutputPrefixType::RAW;
+    case SlhDsaParameters::Variant::kTink:
+      return OutputPrefixType::TINK;
+    default:
+      return util::Status(absl::StatusCode::kInvalidArgument,
+                          "Could not determine output prefix type");
+  }
+}
+
+util::StatusOr<SlhDsaParameters::HashType> ToHashType(
+    SlhDsaHashType proto_hash_type) {
+  switch (proto_hash_type) {
+    case SlhDsaHashType::SHA2:
+      return SlhDsaParameters::HashType::kSha2;
+    case SlhDsaHashType::SHAKE:
+      return SlhDsaParameters::HashType::kShake;
+    default:
+      return util::Status(absl::StatusCode::kInvalidArgument,
+                          "Could not determine SlhDsaParameters::HashType");
+  }
+}
+
+util::StatusOr<SlhDsaHashType> ToProtoHashType(
+    SlhDsaParameters::HashType hash_type) {
+  switch (hash_type) {
+    case SlhDsaParameters::HashType::kSha2:
+      return SlhDsaHashType::SHA2;
+    case SlhDsaParameters::HashType::kShake:
+      return SlhDsaHashType::SHAKE;
+    default:
+      return util::Status(absl::StatusCode::kInvalidArgument,
+                          "Could not determine SlhDsaHashType");
+  }
+}
+
+util::StatusOr<SlhDsaParameters::SignatureType> ToSignatureType(
+    SlhDsaSignatureType proto_signature_type) {
+  switch (proto_signature_type) {
+    case SlhDsaSignatureType::FAST_SIGNING:
+      return SlhDsaParameters::SignatureType::kFastSigning;
+    case SlhDsaSignatureType::SMALL_SIGNATURE:
+      return SlhDsaParameters::SignatureType::kSmallSignature;
+    default:
+      return util::Status(
+          absl::StatusCode::kInvalidArgument,
+          "Could not determine SlhDsaParameters::SignatureType");
+  }
+}
+
+util::StatusOr<SlhDsaSignatureType> ToProtoSignatureType(
+    SlhDsaParameters::SignatureType signature_type) {
+  switch (signature_type) {
+    case SlhDsaParameters::SignatureType::kFastSigning:
+      return SlhDsaSignatureType::FAST_SIGNING;
+    case SlhDsaParameters::SignatureType::kSmallSignature:
+      return SlhDsaSignatureType::SMALL_SIGNATURE;
+    default:
+      return util::Status(absl::StatusCode::kInvalidArgument,
+                          "Could not determine SlhDsaSignatureType");
+  }
+}
+
+util::StatusOr<SlhDsaParameters> ToParameters(
+    OutputPrefixType output_prefix_type, const SlhDsaParams& params) {
+  util::StatusOr<SlhDsaParameters::Variant> variant =
+      ToVariant(output_prefix_type);
+  if (!variant.ok()) {
+    return variant.status();
+  }
+
+  util::StatusOr<SlhDsaParameters::HashType> hash_type =
+      ToHashType(params.hash_type());
+  if (!hash_type.ok()) {
+    return hash_type.status();
+  }
+
+  util::StatusOr<SlhDsaParameters::SignatureType> signature_type =
+      ToSignatureType(params.sig_type());
+  if (!signature_type.ok()) {
+    return signature_type.status();
+  }
+
+  return SlhDsaParameters::Create(*hash_type, params.key_size(),
+                                  *signature_type, *variant);
+}
+
+util::StatusOr<SlhDsaParams> FromParameters(
+    const SlhDsaParameters& parameters) {
+  /* Only SLH-DSA-SHA2-128s  is currently supported*/
+  util::StatusOr<SlhDsaHashType> hash_type =
+      ToProtoHashType(parameters.GetHashType());
+  if (!hash_type.ok()) {
+    return hash_type.status();
+  }
+
+  util::StatusOr<SlhDsaSignatureType> signature_type =
+      ToProtoSignatureType(parameters.GetSignatureType());
+  if (!signature_type.ok()) {
+    return signature_type.status();
+  }
+
+  SlhDsaParams params;
+  params.set_key_size(parameters.GetPrivateKeySizeInBytes());
+  params.set_hash_type(*hash_type);
+  params.set_sig_type(*signature_type);
+
+  return params;
+}
+
+util::StatusOr<SlhDsaParameters> ParseParameters(
+    const internal::ProtoParametersSerialization& serialization) {
+  if (serialization.GetKeyTemplate().type_url() != kPrivateTypeUrl) {
+    return util::Status(absl::StatusCode::kInvalidArgument,
+                        "Wrong type URL when parsing SlhDsaParameters.");
+  }
+
+  SlhDsaKeyFormat proto_key_format;
+  if (!proto_key_format.ParseFromString(
+          serialization.GetKeyTemplate().value())) {
+    return util::Status(absl::StatusCode::kInvalidArgument,
+                        "Failed to parse SlhDsaKeyFormat proto");
+  }
+  if (proto_key_format.version() != 0) {
+    return util::Status(absl::StatusCode::kInvalidArgument,
+                        "Only version 0 keys are accepted.");
+  }
+
+  if (!proto_key_format.has_params()) {
+    return util::Status(absl::StatusCode::kInvalidArgument,
+                        "SlhDsaKeyFormat proto is missing params field.");
+  }
+
+  return ToParameters(serialization.GetKeyTemplate().output_prefix_type(),
+                      proto_key_format.params());
+}
+
+util::StatusOr<internal::ProtoParametersSerialization> SerializeParameters(
+    const SlhDsaParameters& parameters) {
+  util::StatusOr<OutputPrefixType> output_prefix_type =
+      ToOutputPrefixType(parameters.GetVariant());
+  if (!output_prefix_type.ok()) {
+    return output_prefix_type.status();
+  }
+
+  util::StatusOr<SlhDsaParams> params = FromParameters(parameters);
+  if (!params.ok()) {
+    return params.status();
+  }
+  SlhDsaKeyFormat proto_key_format;
+  *proto_key_format.mutable_params() = *params;
+  proto_key_format.set_version(0);
+
+  return internal::ProtoParametersSerialization::Create(
+      kPrivateTypeUrl, *output_prefix_type,
+      proto_key_format.SerializeAsString());
+}
+
+SlhDsaProtoParametersParserImpl* SlhDsaProtoParametersParser() {
+  static auto* parser =
+      new SlhDsaProtoParametersParserImpl(kPrivateTypeUrl, ParseParameters);
+  return parser;
+}
+
+SlhDsaProtoParametersSerializerImpl* SlhDsaProtoParametersSerializer() {
+  static auto* serializer = new SlhDsaProtoParametersSerializerImpl(
+      kPrivateTypeUrl, SerializeParameters);
+  return serializer;
+}
+
+}  // namespace
+
+util::Status RegisterSlhDsaProtoSerialization() {
+  util::Status status =
+      internal::MutableSerializationRegistry::GlobalInstance()
+          .RegisterParametersParser(SlhDsaProtoParametersParser());
+  if (!status.ok()) {
+    return status;
+  }
+
+  return internal::MutableSerializationRegistry::GlobalInstance()
+      .RegisterParametersSerializer(SlhDsaProtoParametersSerializer());
+}
+
+}  // namespace tink
+}  // namespace crypto

cc/experimental/pqcrypto/signature/slh_dsa_proto_serialization.h

@@ -0,0 +1,31 @@
+// Copyright 2024 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+////////////////////////////////////////////////////////////////////////////////
+
+#ifndef TINK_EXPERIMENTAL_PQCRYPTO_SIGNATURE_SLH_DSA_PROTO_SERIALIZATION_H_
+#define TINK_EXPERIMENTAL_PQCRYPTO_SIGNATURE_SLH_DSA_PROTO_SERIALIZATION_H_
+
+#include "tink/util/status.h"
+
+namespace crypto {
+namespace tink {
+
+// Registers proto parsers and serializers for SLH-DSA parameters and keys.
+crypto::tink::util::Status RegisterSlhDsaProtoSerialization();
+
+}  // namespace tink
+}  // namespace crypto
+
+#endif  // TINK_EXPERIMENTAL_PQCRYPTO_SIGNATURE_SLH_DSA_PROTO_SERIALIZATION_H_