Refactor name of algorithm identifiers.

armfazh · armfazh · commit 5e2385ccad8a · 2025-02-02T03:55:01.000-08:00
diff --git a/sign/schemes/schemes.go b/sign/schemes/schemes.go
@@ -39,18 +39,18 @@ var allSchemes = [...]sign.Scheme{
 	mldsa44.Scheme(),
 	mldsa65.Scheme(),
 	mldsa87.Scheme(),
-	slhdsa.SHA2Small128.Scheme(),
-	slhdsa.SHAKESmall128.Scheme(),
-	slhdsa.SHA2Fast128.Scheme(),
-	slhdsa.SHAKEFast128.Scheme(),
-	slhdsa.SHA2Small192.Scheme(),
-	slhdsa.SHAKESmall192.Scheme(),
-	slhdsa.SHA2Fast192.Scheme(),
-	slhdsa.SHAKEFast192.Scheme(),
-	slhdsa.SHA2Small256.Scheme(),
-	slhdsa.SHAKESmall256.Scheme(),
-	slhdsa.SHA2Fast256.Scheme(),
-	slhdsa.SHAKEFast256.Scheme(),
+	slhdsa.SHA2_128s.Scheme(),
+	slhdsa.SHAKE_128s.Scheme(),
+	slhdsa.SHA2_128f.Scheme(),
+	slhdsa.SHAKE_128f.Scheme(),
+	slhdsa.SHA2_192s.Scheme(),
+	slhdsa.SHAKE_192s.Scheme(),
+	slhdsa.SHA2_192f.Scheme(),
+	slhdsa.SHAKE_192f.Scheme(),
+	slhdsa.SHA2_256s.Scheme(),
+	slhdsa.SHAKE_256s.Scheme(),
+	slhdsa.SHA2_256f.Scheme(),
+	slhdsa.SHAKE_256f.Scheme(),
 }
 
 var allSchemeNames map[string]sign.Scheme
diff --git a/sign/slhdsa/hypertree.go b/sign/slhdsa/hypertree.go
@@ -1,6 +1,6 @@
 package slhdsa
 
-import "crypto/subtle"
+import "bytes"
 
 // See FIPS 205 -- Section 7
 // SLH-DSA uses a hypertree to sign the FORS keys.
@@ -64,5 +64,5 @@ func (s *state) htVerify(
 		s.xmssPkFromSig(node, node, sig[j], idxLeaf, addr)
 	}
 
-	return subtle.ConstantTimeCompare(node, root) == 1
+	return bytes.Equal(node, root)
 }
diff --git a/sign/slhdsa/params.go b/sign/slhdsa/params.go
@@ -17,19 +17,20 @@ import (
 // Note that the zero value is not a valid identifier.
 type ID byte
 
+//nolint:stylecheck
 const (
-	SHA2Small128  ID = iota + 1 // SLH-DSA-SHA2-128s
-	SHAKESmall128               // SLH-DSA-SHAKE-128s
-	SHA2Fast128                 // SLH-DSA-SHA2-128f
-	SHAKEFast128                // SLH-DSA-SHAKE-128f
-	SHA2Small192                // SLH-DSA-SHA2-192s
-	SHAKESmall192               // SLH-DSA-SHAKE-192s
-	SHA2Fast192                 // SLH-DSA-SHA2-192f
-	SHAKEFast192                // SLH-DSA-SHAKE-192f
-	SHA2Small256                // SLH-DSA-SHA2-256s
-	SHAKESmall256               // SLH-DSA-SHAKE-256s
-	SHA2Fast256                 // SLH-DSA-SHA2-256f
-	SHAKEFast256                // SLH-DSA-SHAKE-256f
+	SHA2_128s  ID = iota + 1 // SLH-DSA-SHA2-128s
+	SHAKE_128s               // SLH-DSA-SHAKE-128s
+	SHA2_128f                // SLH-DSA-SHA2-128f
+	SHAKE_128f               // SLH-DSA-SHAKE-128f
+	SHA2_192s                // SLH-DSA-SHA2-192s
+	SHAKE_192s               // SLH-DSA-SHAKE-192s
+	SHA2_192f                // SLH-DSA-SHA2-192f
+	SHAKE_192f               // SLH-DSA-SHAKE-192f
+	SHA2_256s                // SLH-DSA-SHA2-256s
+	SHAKE_256s               // SLH-DSA-SHAKE-256s
+	SHA2_256f                // SLH-DSA-SHA2-256f
+	SHAKE_256f               // SLH-DSA-SHAKE-256f
 	_MaxParams
 )
 
@@ -85,18 +86,18 @@ type params struct {
 
 // Stores all the supported (read-only) parameter sets.
 var supportedParams = [_MaxParams - 1]params{
-	{ID: SHA2Small128, n: 16, h: 63, d: 7, hPrime: 9, a: 12, k: 14, m: 30, isSHA2: true, name: "SLH-DSA-SHA2-128s"},
-	{ID: SHAKESmall128, n: 16, h: 63, d: 7, hPrime: 9, a: 12, k: 14, m: 30, isSHA2: false, name: "SLH-DSA-SHAKE-128s"},
-	{ID: SHA2Fast128, n: 16, h: 66, d: 22, hPrime: 3, a: 6, k: 33, m: 34, isSHA2: true, name: "SLH-DSA-SHA2-128f"},
-	{ID: SHAKEFast128, n: 16, h: 66, d: 22, hPrime: 3, a: 6, k: 33, m: 34, isSHA2: false, name: "SLH-DSA-SHAKE-128f"},
-	{ID: SHA2Small192, n: 24, h: 63, d: 7, hPrime: 9, a: 14, k: 17, m: 39, isSHA2: true, name: "SLH-DSA-SHA2-192s"},
-	{ID: SHAKESmall192, n: 24, h: 63, d: 7, hPrime: 9, a: 14, k: 17, m: 39, isSHA2: false, name: "SLH-DSA-SHAKE-192s"},
-	{ID: SHA2Fast192, n: 24, h: 66, d: 22, hPrime: 3, a: 8, k: 33, m: 42, isSHA2: true, name: "SLH-DSA-SHA2-192f"},
-	{ID: SHAKEFast192, n: 24, h: 66, d: 22, hPrime: 3, a: 8, k: 33, m: 42, isSHA2: false, name: "SLH-DSA-SHAKE-192f"},
-	{ID: SHA2Small256, n: 32, h: 64, d: 8, hPrime: 8, a: 14, k: 22, m: 47, isSHA2: true, name: "SLH-DSA-SHA2-256s"},
-	{ID: SHAKESmall256, n: 32, h: 64, d: 8, hPrime: 8, a: 14, k: 22, m: 47, isSHA2: false, name: "SLH-DSA-SHAKE-256s"},
-	{ID: SHA2Fast256, n: 32, h: 68, d: 17, hPrime: 4, a: 9, k: 35, m: 49, isSHA2: true, name: "SLH-DSA-SHA2-256f"},
-	{ID: SHAKEFast256, n: 32, h: 68, d: 17, hPrime: 4, a: 9, k: 35, m: 49, isSHA2: false, name: "SLH-DSA-SHAKE-256f"},
+	{ID: SHA2_128s, n: 16, h: 63, d: 7, hPrime: 9, a: 12, k: 14, m: 30, isSHA2: true, name: "SLH-DSA-SHA2-128s"},
+	{ID: SHAKE_128s, n: 16, h: 63, d: 7, hPrime: 9, a: 12, k: 14, m: 30, isSHA2: false, name: "SLH-DSA-SHAKE-128s"},
+	{ID: SHA2_128f, n: 16, h: 66, d: 22, hPrime: 3, a: 6, k: 33, m: 34, isSHA2: true, name: "SLH-DSA-SHA2-128f"},
+	{ID: SHAKE_128f, n: 16, h: 66, d: 22, hPrime: 3, a: 6, k: 33, m: 34, isSHA2: false, name: "SLH-DSA-SHAKE-128f"},
+	{ID: SHA2_192s, n: 24, h: 63, d: 7, hPrime: 9, a: 14, k: 17, m: 39, isSHA2: true, name: "SLH-DSA-SHA2-192s"},
+	{ID: SHAKE_192s, n: 24, h: 63, d: 7, hPrime: 9, a: 14, k: 17, m: 39, isSHA2: false, name: "SLH-DSA-SHAKE-192s"},
+	{ID: SHA2_192f, n: 24, h: 66, d: 22, hPrime: 3, a: 8, k: 33, m: 42, isSHA2: true, name: "SLH-DSA-SHA2-192f"},
+	{ID: SHAKE_192f, n: 24, h: 66, d: 22, hPrime: 3, a: 8, k: 33, m: 42, isSHA2: false, name: "SLH-DSA-SHAKE-192f"},
+	{ID: SHA2_256s, n: 32, h: 64, d: 8, hPrime: 8, a: 14, k: 22, m: 47, isSHA2: true, name: "SLH-DSA-SHA2-256s"},
+	{ID: SHAKE_256s, n: 32, h: 64, d: 8, hPrime: 8, a: 14, k: 22, m: 47, isSHA2: false, name: "SLH-DSA-SHAKE-256s"},
+	{ID: SHA2_256f, n: 32, h: 68, d: 17, hPrime: 4, a: 9, k: 35, m: 49, isSHA2: true, name: "SLH-DSA-SHA2-256f"},
+	{ID: SHAKE_256f, n: 32, h: 68, d: 17, hPrime: 4, a: 9, k: 35, m: 49, isSHA2: false, name: "SLH-DSA-SHAKE-256f"},
 }
 
 // See FIPS-205, Section 11.1 and Section 11.2.
diff --git a/sign/slhdsa/slhdsa.go b/sign/slhdsa/slhdsa.go
@@ -4,16 +4,16 @@
 // the following parameter sets:
 //
 // Category 1
-//   - Based on SHA2: [SHA2Small128] and [SHA2Fast128].
-//   - Based on SHAKE: [SHAKESmall128] and [SHAKEFast128].
+//   - Based on SHA2: [SHA2_128s] and [SHA2_128f].
+//   - Based on SHAKE: [SHAKE_128s] and [SHAKE_128f].
 //
 // Category 3
-//   - Based on SHA2: [SHA2Small192] and [SHA2Fast192]
-//   - Based on SHAKE: [SHAKESmall192] and [SHAKEFast192]
+//   - Based on SHA2: [SHA2_192s] and [SHA2_192f]
+//   - Based on SHAKE: [SHAKE_192s] and [SHAKE_192f]
 //
 // Category 5
-//   - Based on SHA2: [SHA2Small256] and [SHA2Fast256].
-//   - Based on SHAKE: [SHAKESmall256] and [SHAKEFast256].
+//   - Based on SHA2: [SHA2_256s] and [SHA2_256f].
+//   - Based on SHAKE: [SHAKE_256s] and [SHAKE_256f].
 //
 // [FIPS 205]: https://doi.org/10.6028/NIST.FIPS.205
 package slhdsa
diff --git a/sign/slhdsa/slhdsa_test.go b/sign/slhdsa/slhdsa_test.go
@@ -13,21 +13,15 @@ import (
 )
 
 var fastSign = [...]slhdsa.ID{
-	slhdsa.SHA2Fast128,
-	slhdsa.SHAKEFast128,
-	slhdsa.SHA2Fast192,
-	slhdsa.SHAKEFast192,
-	slhdsa.SHA2Fast256,
-	slhdsa.SHAKEFast256,
+	slhdsa.SHA2_128f, slhdsa.SHAKE_128f,
+	slhdsa.SHA2_192f, slhdsa.SHAKE_192f,
+	slhdsa.SHA2_256f, slhdsa.SHAKE_256f,
 }
 
 var smallSign = [...]slhdsa.ID{
-	slhdsa.SHA2Small128,
-	slhdsa.SHAKESmall128,
-	slhdsa.SHA2Small192,
-	slhdsa.SHAKESmall192,
-	slhdsa.SHA2Small256,
-	slhdsa.SHAKESmall256,
+	slhdsa.SHA2_128s, slhdsa.SHAKE_128s,
+	slhdsa.SHA2_192s, slhdsa.SHAKE_192s,
+	slhdsa.SHA2_256s, slhdsa.SHAKE_256s,
 }
 
 func TestInnerFast(t *testing.T)  { slhdsa.InnerTest(t, fastSign[:]) }

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`package slhdsa`
`2`	`2`
`3`		`-import "crypto/subtle"`
	`3`	`+import "bytes"`
`4`	`4`
`5`	`5`	`// See FIPS 205 -- Section 7`
`6`	`6`	`// SLH-DSA uses a hypertree to sign the FORS keys.`
`@@ -64,5 +64,5 @@ func (s *state) htVerify(`
`64`	`64`	`s.xmssPkFromSig(node, node, sig[j], idxLeaf, addr)`
`65`	`65`	`}`
`66`	`66`
`67`		`- return subtle.ConstantTimeCompare(node, root) == 1`
	`67`	`+ return bytes.Equal(node, root)`
`68`	`68`	`}`