Add Key Templates and registration function for Sphincs Digital Signature Schemes .

PiperOrigin-RevId: 396579424
author: Tink Team <tink-dev@google.com> 2021-09-14 06:10:40 -0700
committer: Copybara-Service <copybara-worker@google.com> 2021-09-14 06:11:33 -0700
commit: 5f4d0c33e7ac1c1f2d66ee72964b284adc1ebd1f (patch)
tree: c0ba055fdfdb6c90a67467db3c67a037ff035e70 /cc/experimental
parent: f302e1e6244e611052ba2afb0686310a8236693d (diff)
download: tink-5f4d0c33e7ac1c1f2d66ee72964b284adc1ebd1f.tar.gz
6 files changed, 1230 insertions, 74 deletions
diff --git a/cc/experimental/pqcrypto/signature/signature_config.cc b/cc/experimental/pqcrypto/signature/signature_config.cc
index 44dd0a1fc..80b9f2c96 100644
--- a/cc/experimental/pqcrypto/signature/signature_config.cc
+++ b/cc/experimental/pqcrypto/signature/signature_config.cc
@@ -21,6 +21,8 @@
 #include "tink/config/tink_fips.h"
 #include "tink/experimental/pqcrypto/signature/dilithium_sign_key_manager.h"
 #include "tink/experimental/pqcrypto/signature/dilithium_verify_key_manager.h"
+#include "tink/experimental/pqcrypto/signature/sphincs_sign_key_manager.h"
+#include "tink/experimental/pqcrypto/signature/sphincs_verify_key_manager.h"
 #include "tink/registry.h"
 #include "tink/signature/public_key_sign_wrapper.h"
 #include "tink/signature/public_key_verify_wrapper.h"
@@ -47,6 +49,11 @@ util::Status PqSignatureConfigRegister() {
   status = Registry::RegisterAsymmetricKeyManagers(
       absl::make_unique<DilithiumSignKeyManager>(),
       absl::make_unique<DilithiumVerifyKeyManager>(), true);
+
+  // Sphincs
+  status = Registry::RegisterAsymmetricKeyManagers(
+      absl::make_unique<SphincsSignKeyManager>(),
+      absl::make_unique<SphincsVerifyKeyManager>(), true);
   return status;
 }
 
diff --git a/cc/experimental/pqcrypto/signature/signature_config_test.cc b/cc/experimental/pqcrypto/signature/signature_config_test.cc
index 0d1df5885..9fe8edb37 100644
--- a/cc/experimental/pqcrypto/signature/signature_config_test.cc
+++ b/cc/experimental/pqcrypto/signature/signature_config_test.cc
@@ -21,19 +21,18 @@
 #include "tink/config/tink_fips.h"
 #include "tink/experimental/pqcrypto/signature/dilithium_sign_key_manager.h"
 #include "tink/experimental/pqcrypto/signature/dilithium_verify_key_manager.h"
+#include "tink/experimental/pqcrypto/signature/sphincs_sign_key_manager.h"
+#include "tink/experimental/pqcrypto/signature/sphincs_verify_key_manager.h"
 #include "tink/public_key_sign.h"
 #include "tink/public_key_verify.h"
 #include "tink/registry.h"
 #include "tink/util/status.h"
 #include "tink/util/test_matchers.h"
-#include "tink/util/test_util.h"
 
 namespace crypto {
 namespace tink {
 namespace {
 
-using ::crypto::tink::test::DummyPublicKeySign;
-using ::crypto::tink::test::DummyPublicKeyVerify;
 using ::crypto::tink::test::IsOk;
 using ::crypto::tink::test::StatusIs;
 
@@ -42,14 +41,6 @@ class PcqSignatureConfigTest : public ::testing::Test {
   void SetUp() override { Registry::Reset(); }
 };
 
-TEST_F(PcqSignatureConfigTest, CheckStatus) {
-  if (IsFipsModeEnabled() && !FIPS_mode()) {
-    GTEST_SKIP() << "Not supported if FIPS-mode is used";
-  }
-
-  EXPECT_THAT(PqSignatureConfigRegister(), IsOk());
-}
-
 TEST_F(PcqSignatureConfigTest, CheckDilithium) {
   if (IsFipsModeEnabled() && !FIPS_mode()) {
     GTEST_SKIP() << "Not supported if FIPS-mode is used";
@@ -74,73 +65,27 @@ TEST_F(PcqSignatureConfigTest, CheckDilithium) {
               IsOk());
 }
 
-// Tests that the PublicKeySignWrapper has been properly registered and we
-// can wrap primitives.
-TEST_F(PcqSignatureConfigTest, PublicKeySignWrapperRegistered) {
-  if (IsFipsModeEnabled() && !FIPS_mode()) {
-    GTEST_SKIP() << "Not supported if FIPS-mode is used";
-  }
-
-  ASSERT_THAT(PqSignatureConfigRegister(), IsOk());
-
-  google::crypto::tink::KeysetInfo::KeyInfo key_info;
-  key_info.set_status(google::crypto::tink::KeyStatusType::ENABLED);
-  key_info.set_key_id(1234);
-  key_info.set_output_prefix_type(google::crypto::tink::OutputPrefixType::TINK);
-
-  auto primitive_set = absl::make_unique<PrimitiveSet<PublicKeySign>>();
-  auto add_primitive = primitive_set->AddPrimitive(
-      absl::make_unique<DummyPublicKeySign>("dummy"), key_info);
-  ASSERT_THAT(add_primitive.status(), IsOk());
-  ASSERT_THAT(primitive_set->set_primary(*add_primitive), IsOk());
-
-  util::StatusOr<std::unique_ptr<crypto::tink::PublicKeySign>> wrapped =
-      Registry::Wrap(std::move(primitive_set));
-  ASSERT_THAT(wrapped.status(), IsOk());
-
-  util::StatusOr<std::string> signature_result = (*wrapped)->Sign("message");
-  ASSERT_THAT(signature_result.status(), IsOk());
-
-  util::StatusOr<std::string> prefix = CryptoFormat::GetOutputPrefix(key_info);
-  ASSERT_THAT(prefix.status(), IsOk());
-  util::StatusOr<std::string> signature =
-      DummyPublicKeySign("dummy").Sign("message");
-  ASSERT_THAT(signature.status(), IsOk());
-
-  EXPECT_EQ(*signature_result, absl::StrCat(*prefix, *signature));
-}
-
-// Tests that the PublicKeyVerifyWrapper has been properly registered and we
-// can wrap primitives.
-TEST_F(PcqSignatureConfigTest, PublicKeyVerifyWrapperRegistered) {
+TEST_F(PcqSignatureConfigTest, CheckSphincs) {
   if (IsFipsModeEnabled() && !FIPS_mode()) {
     GTEST_SKIP() << "Not supported if FIPS-mode is used";
   }
 
-  ASSERT_THAT(PqSignatureConfigRegister(), IsOk());
-
-  google::crypto::tink::KeysetInfo::KeyInfo key_info;
-  key_info.set_status(google::crypto::tink::KeyStatusType::ENABLED);
-  key_info.set_key_id(1234);
-  key_info.set_output_prefix_type(google::crypto::tink::OutputPrefixType::TINK);
-
-  auto primitive_set = absl::make_unique<PrimitiveSet<PublicKeyVerify>>();
-  auto add_primitive = primitive_set->AddPrimitive(
-      absl::make_unique<DummyPublicKeyVerify>("dummy"), key_info);
-  ASSERT_THAT(add_primitive.status(), IsOk());
-  ASSERT_THAT(primitive_set->set_primary(*add_primitive), IsOk());
-
-  util::StatusOr<std::unique_ptr<crypto::tink::PublicKeyVerify>> wrapped =
-      Registry::Wrap(std::move(primitive_set));
-  ASSERT_THAT(wrapped.status(), IsOk());
-
-  util::StatusOr<std::string> prefix = CryptoFormat::GetOutputPrefix(key_info);
-  ASSERT_THAT(prefix.status(), IsOk());
-  util::StatusOr<std::string> signature =
-      DummyPublicKeySign("dummy").Sign("message");
-  ASSERT_THAT(signature.status(), IsOk());
-
-  ASSERT_THAT((*wrapped)->Verify(absl::StrCat(*prefix, *signature), "message"),
+  EXPECT_THAT(Registry::get_key_manager<PublicKeySign>(
+                  SphincsSignKeyManager().get_key_type())
+                  .status(),
+              StatusIs(util::error::NOT_FOUND));
+  EXPECT_THAT(Registry::get_key_manager<PublicKeyVerify>(
+                  SphincsVerifyKeyManager().get_key_type())
+                  .status(),
+              StatusIs(util::error::NOT_FOUND));
+  EXPECT_THAT(PqSignatureConfigRegister(), IsOk());
+  EXPECT_THAT(Registry::get_key_manager<PublicKeySign>(
+                  SphincsSignKeyManager().get_key_type())
+                  .status(),
+              IsOk());
+  EXPECT_THAT(Registry::get_key_manager<PublicKeyVerify>(
+                  SphincsVerifyKeyManager().get_key_type())
+                  .status(),
               IsOk());
 }
 
diff --git a/cc/experimental/pqcrypto/signature/signature_config_util_test.cc b/cc/experimental/pqcrypto/signature/signature_config_util_test.cc
new file mode 100644
index 000000000..24a6013aa
--- /dev/null
+++ b/cc/experimental/pqcrypto/signature/signature_config_util_test.cc
@@ -0,0 +1,125 @@
+// Copyright 2021 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+///////////////////////////////////////////////////////////////////////////////
+
+#include "tink/experimental/pqcrypto/signature/signature_config.h"
+
+#include "gmock/gmock.h"
+#include "gtest/gtest.h"
+#include "tink/config/tink_fips.h"
+#include "tink/experimental/pqcrypto/signature/dilithium_sign_key_manager.h"
+#include "tink/experimental/pqcrypto/signature/dilithium_verify_key_manager.h"
+#include "tink/public_key_sign.h"
+#include "tink/public_key_verify.h"
+#include "tink/registry.h"
+#include "tink/util/status.h"
+#include "tink/util/test_matchers.h"
+#include "tink/util/test_util.h"
+
+namespace crypto {
+namespace tink {
+namespace {
+
+using ::crypto::tink::test::DummyPublicKeySign;
+using ::crypto::tink::test::DummyPublicKeyVerify;
+using ::crypto::tink::test::IsOk;
+
+class PcqSignatureConfigTest : public ::testing::Test {
+ protected:
+  void SetUp() override { Registry::Reset(); }
+};
+
+TEST_F(PcqSignatureConfigTest, CheckStatus) {
+  if (IsFipsModeEnabled() && !FIPS_mode()) {
+    GTEST_SKIP() << "Not supported if FIPS-mode is used";
+  }
+
+  EXPECT_THAT(PqSignatureConfigRegister(), IsOk());
+}
+
+// Tests that the PublicKeySignWrapper has been properly registered and we
+// can wrap primitives.
+TEST_F(PcqSignatureConfigTest, PublicKeySignWrapperRegistered) {
+  if (IsFipsModeEnabled() && !FIPS_mode()) {
+    GTEST_SKIP() << "Not supported if FIPS-mode is used";
+  }
+
+  ASSERT_THAT(PqSignatureConfigRegister(), IsOk());
+
+  google::crypto::tink::KeysetInfo::KeyInfo key_info;
+  key_info.set_status(google::crypto::tink::KeyStatusType::ENABLED);
+  key_info.set_key_id(1234);
+  key_info.set_output_prefix_type(google::crypto::tink::OutputPrefixType::TINK);
+
+  auto primitive_set = absl::make_unique<PrimitiveSet<PublicKeySign>>();
+  auto add_primitive = primitive_set->AddPrimitive(
+      absl::make_unique<DummyPublicKeySign>("dummy"), key_info);
+  ASSERT_THAT(add_primitive.status(), IsOk());
+  ASSERT_THAT(primitive_set->set_primary(*add_primitive), IsOk());
+
+  util::StatusOr<std::unique_ptr<crypto::tink::PublicKeySign>> wrapped =
+      Registry::Wrap(std::move(primitive_set));
+  ASSERT_THAT(wrapped.status(), IsOk());
+
+  util::StatusOr<std::string> signature_result = (*wrapped)->Sign("message");
+  ASSERT_THAT(signature_result.status(), IsOk());
+
+  util::StatusOr<std::string> prefix = CryptoFormat::GetOutputPrefix(key_info);
+  ASSERT_THAT(prefix.status(), IsOk());
+  util::StatusOr<std::string> signature =
+      DummyPublicKeySign("dummy").Sign("message");
+  ASSERT_THAT(signature.status(), IsOk());
+
+  EXPECT_EQ(*signature_result, absl::StrCat(*prefix, *signature));
+}
+
+// Tests that the PublicKeyVerifyWrapper has been properly registered and we
+// can wrap primitives.
+TEST_F(PcqSignatureConfigTest, PublicKeyVerifyWrapperRegistered) {
+  if (IsFipsModeEnabled() && !FIPS_mode()) {
+    GTEST_SKIP() << "Not supported if FIPS-mode is used";
+  }
+
+  ASSERT_THAT(PqSignatureConfigRegister(), IsOk());
+
+  google::crypto::tink::KeysetInfo::KeyInfo key_info;
+  key_info.set_status(google::crypto::tink::KeyStatusType::ENABLED);
+  key_info.set_key_id(1234);
+  key_info.set_output_prefix_type(google::crypto::tink::OutputPrefixType::TINK);
+
+  auto primitive_set = absl::make_unique<PrimitiveSet<PublicKeyVerify>>();
+  auto add_primitive = primitive_set->AddPrimitive(
+      absl::make_unique<DummyPublicKeyVerify>("dummy"), key_info);
+  ASSERT_THAT(add_primitive.status(), IsOk());
+  ASSERT_THAT(primitive_set->set_primary(*add_primitive), IsOk());
+
+  util::StatusOr<std::unique_ptr<crypto::tink::PublicKeyVerify>> wrapped =
+      Registry::Wrap(std::move(primitive_set));
+  ASSERT_THAT(wrapped.status(), IsOk());
+
+  util::StatusOr<std::string> prefix = CryptoFormat::GetOutputPrefix(key_info);
+  ASSERT_THAT(prefix.status(), IsOk());
+  util::StatusOr<std::string> signature =
+      DummyPublicKeySign("dummy").Sign("message");
+  ASSERT_THAT(signature.status(), IsOk());
+
+  ASSERT_THAT((*wrapped)->Verify(absl::StrCat(*prefix, *signature), "message"),
+              IsOk());
+}
+
+
+}  // namespace
+}  // namespace tink
+}  // namespace crypto
diff --git a/cc/experimental/pqcrypto/signature/sphincs_key_template.cc b/cc/experimental/pqcrypto/signature/sphincs_key_template.cc
new file mode 100644
index 000000000..450b92ab3
--- /dev/null
+++ b/cc/experimental/pqcrypto/signature/sphincs_key_template.cc
@@ -0,0 +1,427 @@
+// Copyright 2021 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+///////////////////////////////////////////////////////////////////////////////
+
+#include "tink/experimental/pqcrypto/signature/sphincs_key_template.h"
+
+#include "tink/util/constants.h"
+#include "proto/experimental/pqcrypto/sphincs.pb.h"
+#include "proto/experimental/pqcrypto/sphincs.proto.h"
+#include "proto/tink.pb.h"
+#include "proto/tink.proto.h"
+
+extern "C" {
+#include "third_party/pqclean/crypto_sign/sphincs-haraka-128f-robust/aesni/api.h"
+#include "third_party/pqclean/crypto_sign/sphincs-haraka-128f-simple/aesni/api.h"
+#include "third_party/pqclean/crypto_sign/sphincs-haraka-128s-robust/aesni/api.h"
+#include "third_party/pqclean/crypto_sign/sphincs-haraka-128s-simple/aesni/api.h"
+#include "third_party/pqclean/crypto_sign/sphincs-haraka-192f-robust/aesni/api.h"
+#include "third_party/pqclean/crypto_sign/sphincs-haraka-192f-simple/aesni/api.h"
+#include "third_party/pqclean/crypto_sign/sphincs-haraka-192s-robust/aesni/api.h"
+#include "third_party/pqclean/crypto_sign/sphincs-haraka-192s-simple/aesni/api.h"
+#include "third_party/pqclean/crypto_sign/sphincs-haraka-256f-robust/aesni/api.h"
+#include "third_party/pqclean/crypto_sign/sphincs-haraka-256f-simple/aesni/api.h"
+#include "third_party/pqclean/crypto_sign/sphincs-haraka-256s-robust/aesni/api.h"
+#include "third_party/pqclean/crypto_sign/sphincs-haraka-256s-simple/aesni/api.h"
+#include "third_party/pqclean/crypto_sign/sphincs-sha256-128f-robust/avx2/api.h"
+#include "third_party/pqclean/crypto_sign/sphincs-sha256-128f-simple/avx2/api.h"
+#include "third_party/pqclean/crypto_sign/sphincs-sha256-128s-robust/avx2/api.h"
+#include "third_party/pqclean/crypto_sign/sphincs-sha256-128s-simple/avx2/api.h"
+#include "third_party/pqclean/crypto_sign/sphincs-sha256-192f-robust/avx2/api.h"
+#include "third_party/pqclean/crypto_sign/sphincs-sha256-192f-simple/avx2/api.h"
+#include "third_party/pqclean/crypto_sign/sphincs-sha256-192s-robust/avx2/api.h"
+#include "third_party/pqclean/crypto_sign/sphincs-sha256-192s-simple/avx2/api.h"
+#include "third_party/pqclean/crypto_sign/sphincs-sha256-256f-robust/avx2/api.h"
+#include "third_party/pqclean/crypto_sign/sphincs-sha256-256f-simple/avx2/api.h"
+#include "third_party/pqclean/crypto_sign/sphincs-sha256-256s-robust/avx2/api.h"
+#include "third_party/pqclean/crypto_sign/sphincs-sha256-256s-simple/avx2/api.h"
+#include "third_party/pqclean/crypto_sign/sphincs-shake256-128f-robust/avx2/api.h"
+#include "third_party/pqclean/crypto_sign/sphincs-shake256-128f-simple/avx2/api.h"
+#include "third_party/pqclean/crypto_sign/sphincs-shake256-128s-robust/avx2/api.h"
+#include "third_party/pqclean/crypto_sign/sphincs-shake256-128s-simple/avx2/api.h"
+#include "third_party/pqclean/crypto_sign/sphincs-shake256-192f-robust/avx2/api.h"
+#include "third_party/pqclean/crypto_sign/sphincs-shake256-192f-simple/avx2/api.h"
+#include "third_party/pqclean/crypto_sign/sphincs-shake256-192s-robust/avx2/api.h"
+#include "third_party/pqclean/crypto_sign/sphincs-shake256-192s-simple/avx2/api.h"
+#include "third_party/pqclean/crypto_sign/sphincs-shake256-256f-robust/avx2/api.h"
+#include "third_party/pqclean/crypto_sign/sphincs-shake256-256f-simple/avx2/api.h"
+#include "third_party/pqclean/crypto_sign/sphincs-shake256-256s-robust/avx2/api.h"
+#include "third_party/pqclean/crypto_sign/sphincs-shake256-256s-simple/avx2/api.h"
+}
+
+namespace crypto {
+namespace tink {
+namespace {
+
+using google::crypto::tink::KeyTemplate;
+using google::crypto::tink::OutputPrefixType;
+using ::google::crypto::tink::SphincsHashType;
+using ::google::crypto::tink::SphincsKeyFormat;
+using ::google::crypto::tink::SphincsParams;
+using ::google::crypto::tink::SphincsPrivateKey;
+using ::google::crypto::tink::SphincsSignatureType;
+using ::google::crypto::tink::SphincsVariant;
+
+KeyTemplate* NewSphincsKeyTemplate(int32 private_key_size,
+                                   SphincsHashType hash_type,
+                                   SphincsVariant variant,
+                                   SphincsSignatureType type) {
+  KeyTemplate* key_template = new KeyTemplate;
+  key_template->set_type_url(
+      absl::StrCat(kTypeGoogleapisCom, SphincsPrivateKey().GetTypeName()));
+  key_template->set_output_prefix_type(OutputPrefixType::TINK);
+
+  SphincsKeyFormat key_format;
+  SphincsParams* params = key_format.mutable_params();
+  params->set_key_size(private_key_size);
+  params->set_hash_type(hash_type);
+  params->set_variant(variant);
+  params->set_sig_length_type(type);
+  key_format.SerializeToString(key_template->mutable_value());
+
+  return key_template;
+}
+
+}  // anonymous namespace
+
+// HARAKA
+const google::crypto::tink::KeyTemplate&
+Sphincs_Haraka_128_F_Robust_KeyTemplate() {
+  static const KeyTemplate* key_template = NewSphincsKeyTemplate(
+      PQCLEAN_SPHINCSHARAKA128FROBUST_AESNI_CRYPTO_SECRETKEYBYTES,
+      SphincsHashType::HARAKA, SphincsVariant::ROBUST,
+      SphincsSignatureType::FAST_SIGNING);
+  return *key_template;
+}
+
+const google::crypto::tink::KeyTemplate&
+Sphincs_Haraka_128_F_Simple_KeyTemplate() {
+  static const KeyTemplate* key_template = NewSphincsKeyTemplate(
+      PQCLEAN_SPHINCSHARAKA128FSIMPLE_AESNI_CRYPTO_SECRETKEYBYTES,
+      SphincsHashType::HARAKA, SphincsVariant::SIMPLE,
+      SphincsSignatureType::FAST_SIGNING);
+  return *key_template;
+}
+
+const google::crypto::tink::KeyTemplate&
+Sphincs_Haraka_128_S_Robust_KeyTemplate() {
+  static const KeyTemplate* key_template = NewSphincsKeyTemplate(
+      PQCLEAN_SPHINCSHARAKA128SROBUST_AESNI_CRYPTO_SECRETKEYBYTES,
+      SphincsHashType::HARAKA, SphincsVariant::ROBUST,
+      SphincsSignatureType::SMALL_SIGNATURE);
+  return *key_template;
+}
+
+const google::crypto::tink::KeyTemplate&
+Sphincs_Haraka_128_S_Simple_KeyTemplate() {
+  static const KeyTemplate* key_template = NewSphincsKeyTemplate(
+      PQCLEAN_SPHINCSHARAKA128SSIMPLE_AESNI_CRYPTO_SECRETKEYBYTES,
+      SphincsHashType::HARAKA, SphincsVariant::SIMPLE,
+      SphincsSignatureType::SMALL_SIGNATURE);
+  return *key_template;
+}
+
+const google::crypto::tink::KeyTemplate&
+Sphincs_Haraka_192_F_Robust_KeyTemplate() {
+  static const KeyTemplate* key_template = NewSphincsKeyTemplate(
+      PQCLEAN_SPHINCSHARAKA192FROBUST_AESNI_CRYPTO_SECRETKEYBYTES,
+      SphincsHashType::HARAKA, SphincsVariant::ROBUST,
+      SphincsSignatureType::FAST_SIGNING);
+  return *key_template;
+}
+
+const google::crypto::tink::KeyTemplate&
+Sphincs_Haraka_192_F_Simple_KeyTemplate() {
+  static const KeyTemplate* key_template = NewSphincsKeyTemplate(
+      PQCLEAN_SPHINCSHARAKA192FSIMPLE_AESNI_CRYPTO_SECRETKEYBYTES,
+      SphincsHashType::HARAKA, SphincsVariant::SIMPLE,
+      SphincsSignatureType::FAST_SIGNING);
+  return *key_template;
+}
+
+const google::crypto::tink::KeyTemplate&
+Sphincs_Haraka_192_S_Robust_KeyTemplate() {
+  static const KeyTemplate* key_template = NewSphincsKeyTemplate(
+      PQCLEAN_SPHINCSHARAKA192SROBUST_AESNI_CRYPTO_SECRETKEYBYTES,
+      SphincsHashType::HARAKA, SphincsVariant::ROBUST,
+      SphincsSignatureType::SMALL_SIGNATURE);
+  return *key_template;
+}
+
+const google::crypto::tink::KeyTemplate&
+Sphincs_Haraka_192_S_Simple_KeyTemplate() {
+  static const KeyTemplate* key_template = NewSphincsKeyTemplate(
+      PQCLEAN_SPHINCSHARAKA192SSIMPLE_AESNI_CRYPTO_SECRETKEYBYTES,
+      SphincsHashType::HARAKA, SphincsVariant::SIMPLE,
+      SphincsSignatureType::SMALL_SIGNATURE);
+  return *key_template;
+}
+
+const google::crypto::tink::KeyTemplate&
+Sphincs_Haraka_256_F_Robust_KeyTemplate() {
+  static const KeyTemplate* key_template = NewSphincsKeyTemplate(
+      PQCLEAN_SPHINCSHARAKA256FROBUST_AESNI_CRYPTO_SECRETKEYBYTES,
+      SphincsHashType::HARAKA, SphincsVariant::ROBUST,
+      SphincsSignatureType::FAST_SIGNING);
+  return *key_template;
+}
+
+const google::crypto::tink::KeyTemplate&
+Sphincs_Haraka_256_F_Simple_KeyTemplate() {
+  static const KeyTemplate* key_template = NewSphincsKeyTemplate(
+      PQCLEAN_SPHINCSHARAKA256FSIMPLE_AESNI_CRYPTO_SECRETKEYBYTES,
+      SphincsHashType::HARAKA, SphincsVariant::SIMPLE,
+      SphincsSignatureType::FAST_SIGNING);
+  return *key_template;
+}
+
+const google::crypto::tink::KeyTemplate&
+Sphincs_Haraka_256_S_Robust_KeyTemplate() {
+  static const KeyTemplate* key_template = NewSphincsKeyTemplate(
+      PQCLEAN_SPHINCSHARAKA256SROBUST_AESNI_CRYPTO_SECRETKEYBYTES,
+      SphincsHashType::HARAKA, SphincsVariant::ROBUST,
+      SphincsSignatureType::SMALL_SIGNATURE);
+  return *key_template;
+}
+
+const google::crypto::tink::KeyTemplate&
+Sphincs_Haraka_256_S_Simple_KeyTemplate() {
+  static const KeyTemplate* key_template = NewSphincsKeyTemplate(
+      PQCLEAN_SPHINCSHARAKA256SSIMPLE_AESNI_CRYPTO_SECRETKEYBYTES,
+      SphincsHashType::HARAKA, SphincsVariant::SIMPLE,
+      SphincsSignatureType::SMALL_SIGNATURE);
+  return *key_template;
+}
+
+// SHA256
+const google::crypto::tink::KeyTemplate&
+Sphincs_Sha256_128_F_Robust_KeyTemplate() {
+  static const KeyTemplate* key_template = NewSphincsKeyTemplate(
+      PQCLEAN_SPHINCSSHA256128FROBUST_AVX2_CRYPTO_SECRETKEYBYTES,
+      SphincsHashType::SHA256, SphincsVariant::ROBUST,
+      SphincsSignatureType::FAST_SIGNING);
+  return *key_template;
+}
+
+const google::crypto::tink::KeyTemplate&
+Sphincs_Sha256_128_F_Simple_KeyTemplate() {
+  static const KeyTemplate* key_template = NewSphincsKeyTemplate(
+      PQCLEAN_SPHINCSSHA256128FSIMPLE_AVX2_CRYPTO_SECRETKEYBYTES,
+      SphincsHashType::SHA256, SphincsVariant::SIMPLE,
+      SphincsSignatureType::FAST_SIGNING);
+  return *key_template;
+}
+
+const google::crypto::tink::KeyTemplate&
+Sphincs_Sha256_128_S_Robust_KeyTemplate() {
+  static const KeyTemplate* key_template = NewSphincsKeyTemplate(
+      PQCLEAN_SPHINCSSHA256128SROBUST_AVX2_CRYPTO_SECRETKEYBYTES,
+      SphincsHashType::SHA256, SphincsVariant::ROBUST,
+      SphincsSignatureType::SMALL_SIGNATURE);
+  return *key_template;
+}
+
+const google::crypto::tink::KeyTemplate&
+Sphincs_Sha256_128_S_Simple_KeyTemplate() {
+  static const KeyTemplate* key_template = NewSphincsKeyTemplate(
+      PQCLEAN_SPHINCSSHA256128SSIMPLE_AVX2_CRYPTO_SECRETKEYBYTES,
+      SphincsHashType::SHA256, SphincsVariant::SIMPLE,
+      SphincsSignatureType::SMALL_SIGNATURE);
+  return *key_template;
+}
+
+const google::crypto::tink::KeyTemplate&
+Sphincs_Sha256_192_F_Robust_KeyTemplate() {
+  static const KeyTemplate* key_template = NewSphincsKeyTemplate(
+      PQCLEAN_SPHINCSSHA256192FROBUST_AVX2_CRYPTO_SECRETKEYBYTES,
+      SphincsHashType::SHA256, SphincsVariant::ROBUST,
+      SphincsSignatureType::FAST_SIGNING);
+  return *key_template;
+}
+
+const google::crypto::tink::KeyTemplate&
+Sphincs_Sha256_192_F_Simple_KeyTemplate() {
+  static const KeyTemplate* key_template = NewSphincsKeyTemplate(
+      PQCLEAN_SPHINCSSHA256192FSIMPLE_AVX2_CRYPTO_SECRETKEYBYTES,
+      SphincsHashType::SHA256, SphincsVariant::SIMPLE,
+      SphincsSignatureType::FAST_SIGNING);
+  return *key_template;
+}
+
+const google::crypto::tink::KeyTemplate&
+Sphincs_Sha256_192_S_Robust_KeyTemplate() {
+  static const KeyTemplate* key_template = NewSphincsKeyTemplate(
+      PQCLEAN_SPHINCSSHA256192SROBUST_AVX2_CRYPTO_SECRETKEYBYTES,
+      SphincsHashType::SHA256, SphincsVariant::ROBUST,
+      SphincsSignatureType::SMALL_SIGNATURE);
+  return *key_template;
+}
+
+const google::crypto::tink::KeyTemplate&
+Sphincs_Sha256_192_S_Simple_KeyTemplate() {
+  static const KeyTemplate* key_template = NewSphincsKeyTemplate(
+      PQCLEAN_SPHINCSSHA256192SSIMPLE_AVX2_CRYPTO_SECRETKEYBYTES,
+      SphincsHashType::SHA256, SphincsVariant::SIMPLE,
+      SphincsSignatureType::SMALL_SIGNATURE);
+  return *key_template;
+}
+
+const google::crypto::tink::KeyTemplate&
+Sphincs_Sha256_256_F_Robust_KeyTemplate() {
+  static const KeyTemplate* key_template = NewSphincsKeyTemplate(
+      PQCLEAN_SPHINCSSHA256256FROBUST_AVX2_CRYPTO_SECRETKEYBYTES,
+      SphincsHashType::SHA256, SphincsVariant::ROBUST,
+      SphincsSignatureType::FAST_SIGNING);
+  return *key_template;
+}
+
+const google::crypto::tink::KeyTemplate&
+Sphincs_Sha256_256_F_Simple_KeyTemplate() {
+  static const KeyTemplate* key_template = NewSphincsKeyTemplate(
+      PQCLEAN_SPHINCSSHA256256FSIMPLE_AVX2_CRYPTO_SECRETKEYBYTES,
+      SphincsHashType::SHA256, SphincsVariant::SIMPLE,
+      SphincsSignatureType::FAST_SIGNING);
+  return *key_template;
+}
+
+const google::crypto::tink::KeyTemplate&
+Sphincs_Sha256_256_S_Robust_KeyTemplate() {
+  static const KeyTemplate* key_template = NewSphincsKeyTemplate(
+      PQCLEAN_SPHINCSSHA256256SROBUST_AVX2_CRYPTO_SECRETKEYBYTES,
+      SphincsHashType::SHA256, SphincsVariant::ROBUST,
+      SphincsSignatureType::SMALL_SIGNATURE);
+  return *key_template;
+}
+
+const google::crypto::tink::KeyTemplate&
+Sphincs_Sha256_256_S_Simple_KeyTemplate() {
+  static const KeyTemplate* key_template = NewSphincsKeyTemplate(
+      PQCLEAN_SPHINCSSHA256256SSIMPLE_AVX2_CRYPTO_SECRETKEYBYTES,
+      SphincsHashType::SHA256, SphincsVariant::SIMPLE,
+      SphincsSignatureType::SMALL_SIGNATURE);
+  return *key_template;
+}
+
+// SHAKE256
+const google::crypto::tink::KeyTemplate&
+Sphincs_Shake256_128_F_Robust_KeyTemplate() {
+  static const KeyTemplate* key_template = NewSphincsKeyTemplate(
+      PQCLEAN_SPHINCSSHAKE256128FROBUST_AVX2_CRYPTO_SECRETKEYBYTES,
+      SphincsHashType::SHAKE256, SphincsVariant::ROBUST,
+      SphincsSignatureType::FAST_SIGNING);
+  return *key_template;
+}
+
+const google::crypto::tink::KeyTemplate&
+Sphincs_Shake256_128_F_Simple_KeyTemplate() {
+  static const KeyTemplate* key_template = NewSphincsKeyTemplate(
+      PQCLEAN_SPHINCSSHAKE256128FSIMPLE_AVX2_CRYPTO_SECRETKEYBYTES,
+      SphincsHashType::SHAKE256, SphincsVariant::SIMPLE,
+      SphincsSignatureType::FAST_SIGNING);
+  return *key_template;
+}
+
+const google::crypto::tink::KeyTemplate&
+Sphincs_Shake256_128_S_Robust_KeyTemplate() {
+  static const KeyTemplate* key_template = NewSphincsKeyTemplate(
+      PQCLEAN_SPHINCSSHAKE256128SROBUST_AVX2_CRYPTO_SECRETKEYBYTES,
+      SphincsHashType::SHAKE256, SphincsVariant::ROBUST,
+      SphincsSignatureType::SMALL_SIGNATURE);
+  return *key_template;
+}
+
+const google::crypto::tink::KeyTemplate&
+Sphincs_Shake256_128_S_Simple_KeyTemplate() {
+  static const KeyTemplate* key_template = NewSphincsKeyTemplate(
+      PQCLEAN_SPHINCSSHAKE256128SSIMPLE_AVX2_CRYPTO_SECRETKEYBYTES,
+      SphincsHashType::SHAKE256, SphincsVariant::SIMPLE,
+      SphincsSignatureType::SMALL_SIGNATURE);
+  return *key_template;
+}
+
+const google::crypto::tink::KeyTemplate&
+Sphincs_Shake256_192_F_Robust_KeyTemplate() {
+  static const KeyTemplate* key_template = NewSphincsKeyTemplate(
+      PQCLEAN_SPHINCSSHAKE256192FROBUST_AVX2_CRYPTO_SECRETKEYBYTES,
+      SphincsHashType::SHAKE256, SphincsVariant::ROBUST,
+      SphincsSignatureType::FAST_SIGNING);
+  return *key_template;
+}
+
+const google::crypto::tink::KeyTemplate&
+Sphincs_Shake256_192_F_Simple_KeyTemplate() {
+  static const KeyTemplate* key_template = NewSphincsKeyTemplate(
+      PQCLEAN_SPHINCSSHAKE256192FSIMPLE_AVX2_CRYPTO_SECRETKEYBYTES,
+      SphincsHashType::SHAKE256, SphincsVariant::SIMPLE,
+      SphincsSignatureType::FAST_SIGNING);
+  return *key_template;
+}
+
+const google::crypto::tink::KeyTemplate&
+Sphincs_Shake256_192_S_Robust_KeyTemplate() {
+  static const KeyTemplate* key_template = NewSphincsKeyTemplate(
+      PQCLEAN_SPHINCSSHAKE256192SROBUST_AVX2_CRYPTO_SECRETKEYBYTES,
+      SphincsHashType::SHAKE256, SphincsVariant::ROBUST,
+      SphincsSignatureType::SMALL_SIGNATURE);
+  return *key_template;
+}
+
+const google::crypto::tink::KeyTemplate&
+Sphincs_Shake256_192_S_Simple_KeyTemplate() {
+  static const KeyTemplate* key_template = NewSphincsKeyTemplate(
+      PQCLEAN_SPHINCSSHAKE256192SSIMPLE_AVX2_CRYPTO_SECRETKEYBYTES,
+      SphincsHashType::SHAKE256, SphincsVariant::SIMPLE,
+      SphincsSignatureType::SMALL_SIGNATURE);
+  return *key_template;
+}
+
+const google::crypto::tink::KeyTemplate&
+Sphincs_Shake256_256_F_Robust_KeyTemplate() {
+  static const KeyTemplate* key_template = NewSphincsKeyTemplate(
+      PQCLEAN_SPHINCSSHAKE256256FROBUST_AVX2_CRYPTO_SECRETKEYBYTES,
+      SphincsHashType::SHAKE256, SphincsVariant::ROBUST,
+      SphincsSignatureType::FAST_SIGNING);
+  return *key_template;
+}
+
+const google::crypto::tink::KeyTemplate&
+Sphincs_Shake256_256_F_Simple_KeyTemplate() {
+  static const KeyTemplate* key_template = NewSphincsKeyTemplate(
+      PQCLEAN_SPHINCSSHAKE256256FSIMPLE_AVX2_CRYPTO_SECRETKEYBYTES,
+      SphincsHashType::SHAKE256, SphincsVariant::SIMPLE,
+      SphincsSignatureType::FAST_SIGNING);
+  return *key_template;
+}
+
+const google::crypto::tink::KeyTemplate&
+Sphincs_Shake256_256_S_Robust_KeyTemplate() {
+  static const KeyTemplate* key_template = NewSphincsKeyTemplate(
+      PQCLEAN_SPHINCSSHAKE256256SROBUST_AVX2_CRYPTO_SECRETKEYBYTES,
+      SphincsHashType::SHAKE256, SphincsVariant::ROBUST,
+      SphincsSignatureType::SMALL_SIGNATURE);
+  return *key_template;
+}
+
+const google::crypto::tink::KeyTemplate&
+Sphincs_Shake256_256_S_Simple_KeyTemplate() {
+  static const KeyTemplate* key_template = NewSphincsKeyTemplate(
+      PQCLEAN_SPHINCSSHAKE256256SSIMPLE_AVX2_CRYPTO_SECRETKEYBYTES,
+      SphincsHashType::SHAKE256, SphincsVariant::SIMPLE,
+      SphincsSignatureType::SMALL_SIGNATURE);
+  return *key_template;
+}
+
+}  // namespace tink
+}  // namespace crypto
diff --git a/cc/experimental/pqcrypto/signature/sphincs_key_template.h b/cc/experimental/pqcrypto/signature/sphincs_key_template.h
new file mode 100644
index 000000000..ac65e8bce
--- /dev/null
+++ b/cc/experimental/pqcrypto/signature/sphincs_key_template.h
@@ -0,0 +1,354 @@
+// Copyright 2021 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+///////////////////////////////////////////////////////////////////////////////
+
+#ifndef TINK_EXPERIMENTAL_PQCRYPTO_SIGNATURE_SPHINCS_KEY_TEMPLATE_H_
+#define TINK_EXPERIMENTAL_PQCRYPTO_SIGNATURE_SPHINCS_KEY_TEMPLATE_H_
+
+#include "proto/tink.pb.h"
+
+namespace crypto {
+namespace tink {
+
+// Pre-generated KeyTemplates for Sphincs key type.
+
+// Returns a KeyTemplate that generates new instances of
+// SphincsPrivateKey with the following parameters:
+//   - HASH: HARAKA
+//   - VARIANT: ROBUST
+//   - SIGNING TYPE: FAST SIGNING
+//   - PRIVATE KEY SIZE: 64
+const google::crypto::tink::KeyTemplate&
+Sphincs_Haraka_128_F_Robust_KeyTemplate();
+
+// Returns a KeyTemplate that generates new instances of
+// SphincsPrivateKey with the following parameters:
+//   - HASH: HARAKA
+//   - VARIANT: SIMPLE
+//   - SIGNING TYPE: FAST SIGNING
+//   - PRIVATE KEY SIZE: 64
+const google::crypto::tink::KeyTemplate&
+Sphincs_Haraka_128_F_Simple_KeyTemplate();
+
+// Returns a KeyTemplate that generates new instances of
+// SphincsPrivateKey with the following parameters:
+//   - HASH: HARAKA
+//   - VARIANT: ROBUST
+//   - SIGNING TYPE: SMALL SIGNATURE
+//   - PRIVATE KEY SIZE: 64
+const google::crypto::tink::KeyTemplate&
+Sphincs_Haraka_128_S_Robust_KeyTemplate();
+
+// Returns a KeyTemplate that generates new instances of
+// SphincsPrivateKey with the following parameters:
+//   - HASH: HARAKA
+//   - VARIANT: SIMPLE
+//   - SIGNING TYPE: SMALL SIGNATURE
+//   - PRIVATE KEY SIZE: 64
+const google::crypto::tink::KeyTemplate&
+Sphincs_Haraka_128_S_Simple_KeyTemplate();
+
+// Returns a KeyTemplate that generates new instances of
+// SphincsPrivateKey with the following parameters:
+//   - HASH: HARAKA
+//   - VARIANT: ROBUST
+//   - SIGNING TYPE: FAST SIGNING
+//   - PRIVATE KEY SIZE: 96
+const google::crypto::tink::KeyTemplate&
+Sphincs_Haraka_192_F_Robust_KeyTemplate();
+
+// Returns a KeyTemplate that generates new instances of
+// SphincsPrivateKey with the following parameters:
+//   - HASH: HARAKA
+//   - VARIANT: SIMPLE
+//   - SIGNING TYPE: FAST SIGNING
+//   - PRIVATE KEY SIZE: 96
+const google::crypto::tink::KeyTemplate&
+Sphincs_Haraka_192_F_Simple_KeyTemplate();
+
+// Returns a KeyTemplate that generates new instances of
+// SphincsPrivateKey with the following parameters:
+//   - HASH: HARAKA
+//   - VARIANT: ROBUST
+//   - SIGNING TYPE: SMALL SIGNATURE
+//   - PRIVATE KEY SIZE: 96
+const google::crypto::tink::KeyTemplate&
+Sphincs_Haraka_192_S_Robust_KeyTemplate();
+
+// Returns a KeyTemplate that generates new instances of
+// SphincsPrivateKey with the following parameters:
+//   - HASH: HARAKA
+//   - VARIANT: SIMPLE
+//   - SIGNING TYPE: SMALL SIGNATURE
+//   - PRIVATE KEY SIZE: 96
+const google::crypto::tink::KeyTemplate&
+Sphincs_Haraka_192_S_Simple_KeyTemplate();
+
+// Returns a KeyTemplate that generates new instances of
+// SphincsPrivateKey with the following parameters:
+//   - HASH: HARAKA
+//   - VARIANT: ROBUST
+//   - SIGNING TYPE: FAST SIGNING
+//   - PRIVATE KEY SIZE: 128
+const google::crypto::tink::KeyTemplate&
+Sphincs_Haraka_256_F_Robust_KeyTemplate();
+
+// Returns a KeyTemplate that generates new instances of
+// SphincsPrivateKey with the following parameters:
+//   - HASH: HARAKA
+//   - VARIANT: SIMPLE
+//   - SIGNING TYPE: FAST SIGNING
+//   - PRIVATE KEY SIZE: 128
+const google::crypto::tink::KeyTemplate&
+Sphincs_Haraka_256_F_Simple_KeyTemplate();
+
+// Returns a KeyTemplate that generates new instances of
+// SphincsPrivateKey with the following parameters:
+//   - HASH: HARAKA
+//   - VARIANT: ROBUST
+//   - SIGNING TYPE: SMALL SIGNATURE
+//   - PRIVATE KEY SIZE: 128
+const google::crypto::tink::KeyTemplate&
+Sphincs_Haraka_256_S_Robust_KeyTemplate();
+
+// Returns a KeyTemplate that generates new instances of
+// SphincsPrivateKey with the following parameters:
+//   - HASH: HARAKA
+//   - VARIANT: SIMPLE
+//   - SIGNING TYPE: SMALL SIGNATURE
+//   - PRIVATE KEY SIZE: 128
+const google::crypto::tink::KeyTemplate&
+Sphincs_Haraka_256_S_Simple_KeyTemplate();
+
+// Returns a KeyTemplate that generates new instances of
+// SphincsPrivateKey with the following parameters:
+//   - HASH: SHA256
+//   - VARIANT: ROBUST
+//   - SIGNING TYPE: FAST SIGNING
+//   - PRIVATE KEY SIZE: 64
+const google::crypto::tink::KeyTemplate&
+Sphincs_Sha256_128_F_Robust_KeyTemplate();
+
+// Returns a KeyTemplate that generates new instances of
+// SphincsPrivateKey with the following parameters:
+//   - HASH: SHA256
+//   - VARIANT: SIMPLE
+//   - SIGNING TYPE: FAST SIGNING
+//   - PRIVATE KEY SIZE: 64
+const google::crypto::tink::KeyTemplate&
+Sphincs_Sha256_128_F_Simple_KeyTemplate();
+
+// Returns a KeyTemplate that generates new instances of
+// SphincsPrivateKey with the following parameters:
+//   - HASH: SHA256
+//   - VARIANT: ROBUST
+//   - SIGNING TYPE: SMALL SIGNATURE
+//   - PRIVATE KEY SIZE: 64
+const google::crypto::tink::KeyTemplate&
+Sphincs_Sha256_128_S_Robust_KeyTemplate();
+
+// Returns a KeyTemplate that generates new instances of
+// SphincsPrivateKey with the following parameters:
+//   - HASH: SHA256
+//   - VARIANT: SIMPLE
+//   - SIGNING TYPE: SMALL SIGNATURE
+//   - PRIVATE KEY SIZE: 64
+const google::crypto::tink::KeyTemplate&
+Sphincs_Sha256_128_S_Simple_KeyTemplate();
+
+// Returns a KeyTemplate that generates new instances of
+// SphincsPrivateKey with the following parameters:
+//   - HASH: SHA256
+//   - VARIANT: ROBUST
+//   - SIGNING TYPE: FAST SIGNING
+//   - PRIVATE KEY SIZE: 96
+const google::crypto::tink::KeyTemplate&
+Sphincs_Sha256_192_F_Robust_KeyTemplate();
+
+// Returns a KeyTemplate that generates new instances of
+// SphincsPrivateKey with the following parameters:
+//   - HASH: SHA256
+//   - VARIANT: SIMPLE
+//   - SIGNING TYPE: FAST SIGNING
+//   - PRIVATE KEY SIZE: 96
+const google::crypto::tink::KeyTemplate&
+Sphincs_Sha256_192_F_Simple_KeyTemplate();
+
+// Returns a KeyTemplate that generates new instances of
+// SphincsPrivateKey with the following parameters:
+//   - HASH: SHA256
+//   - VARIANT: ROBUST
+//   - SIGNING TYPE: SMALL SIGNATURE
+//   - PRIVATE KEY SIZE: 96
+const google::crypto::tink::KeyTemplate&
+Sphincs_Sha256_192_S_Robust_KeyTemplate();
+
+// Returns a KeyTemplate that generates new instances of
+// SphincsPrivateKey with the following parameters:
+//   - HASH: SHA256
+//   - VARIANT: SIMPLE
+//   - SIGNING TYPE: SMALL SIGNATURE
+//   - PRIVATE KEY SIZE: 96
+const google::crypto::tink::KeyTemplate&
+Sphincs_Sha256_192_S_Simple_KeyTemplate();
+
+// Returns a KeyTemplate that generates new instances of
+// SphincsPrivateKey with the following parameters:
+//   - HASH: SHA256
+//   - VARIANT: ROBUST
+//   - SIGNING TYPE: FAST SIGNING
+//   - PRIVATE KEY SIZE: 128
+const google::crypto::tink::KeyTemplate&
+Sphincs_Sha256_256_F_Robust_KeyTemplate();
+
+// Returns a KeyTemplate that generates new instances of
+// SphincsPrivateKey with the following parameters:
+//   - HASH: SHA256
+//   - VARIANT: SIMPLE
+//   - SIGNING TYPE: FAST SIGNING
+//   - PRIVATE KEY SIZE: 128
+const google::crypto::tink::KeyTemplate&
+Sphincs_Sha256_256_F_Simple_KeyTemplate();
+
+// Returns a KeyTemplate that generates new instances of
+// SphincsPrivateKey with the following parameters:
+//   - HASH: SHA256
+//   - VARIANT: ROBUST
+//   - SIGNING TYPE: SMALL SIGNATURE
+//   - PRIVATE KEY SIZE: 128
+const google::crypto::tink::KeyTemplate&
+Sphincs_Sha256_256_S_Robust_KeyTemplate();
+
+// Returns a KeyTemplate that generates new instances of
+// SphincsPrivateKey with the following parameters:
+//   - HASH: SHA256
+//   - VARIANT: SIMPLE
+//   - SIGNING TYPE: SMALL SIGNATURE
+//   - PRIVATE KEY SIZE: 128
+const google::crypto::tink::KeyTemplate&
+Sphincs_Sha256_256_S_Simple_KeyTemplate();
+
+// Returns a KeyTemplate that generates new instances of
+// SphincsPrivateKey with the following parameters:
+//   - HASH: SHAKE256
+//   - VARIANT: ROBUST
+//   - SIGNING TYPE: FAST SIGNING
+//   - PRIVATE KEY SIZE: 64
+const google::crypto::tink::KeyTemplate&
+Sphincs_Shake256_128_F_Robust_KeyTemplate();
+
+// Returns a KeyTemplate that generates new instances of
+// SphincsPrivateKey with the following parameters:
+//   - HASH: SHAKE256
+//   - VARIANT: SIMPLE
+//   - SIGNING TYPE: FAST SIGNING
+//   - PRIVATE KEY SIZE: 64
+const google::crypto::tink::KeyTemplate&
+Sphincs_Shake256_128_F_Simple_KeyTemplate();
+
+// Returns a KeyTemplate that generates new instances of
+// SphincsPrivateKey with the following parameters:
+//   - HASH: SHAKE256
+//   - VARIANT: ROBUST
+//   - SIGNING TYPE: SMALL SIGNATURE
+//   - PRIVATE KEY SIZE: 64
+const google::crypto::tink::KeyTemplate&
+Sphincs_Shake256_128_S_Robust_KeyTemplate();
+
+// Returns a KeyTemplate that generates new instances of
+// SphincsPrivateKey with the following parameters:
+//   - HASH: SHAKE256
+//   - VARIANT: SIMPLE
+//   - SIGNING TYPE: SMALL SIGNATURE
+//   - PRIVATE KEY SIZE: 64
+const google::crypto::tink::KeyTemplate&
+Sphincs_Shake256_128_S_Simple_KeyTemplate();
+
+// Returns a KeyTemplate that generates new instances of
+// SphincsPrivateKey with the following parameters:
+//   - HASH: SHAKE256
+//   - VARIANT: ROBUST
+//   - SIGNING TYPE: FAST SIGNING
+//   - PRIVATE KEY SIZE: 96
+const google::crypto::tink::KeyTemplate&
+Sphincs_Shake256_192_F_Robust_KeyTemplate();
+
+// Returns a KeyTemplate that generates new instances of
+// SphincsPrivateKey with the following parameters:
+//   - HASH: SHAKE256
+//   - VARIANT: SIMPLE
+//   - SIGNING TYPE: FAST SIGNING
+//   - PRIVATE KEY SIZE: 96
+const google::crypto::tink::KeyTemplate&
+Sphincs_Shake256_192_F_Simple_KeyTemplate();
+
+// Returns a KeyTemplate that generates new instances of
+// SphincsPrivateKey with the following parameters:
+//   - HASH: SHAKE256
+//   - VARIANT: ROBUST
+//   - SIGNING TYPE: SMALL SIGNATURE
+//   - PRIVATE KEY SIZE: 96
+const google::crypto::tink::KeyTemplate&
+Sphincs_Shake256_192_S_Robust_KeyTemplate();
+
+// Returns a KeyTemplate that generates new instances of
+// SphincsPrivateKey with the following parameters:
+//   - HASH: SHAKE256
+//   - VARIANT: SIMPLE
+//   - SIGNING TYPE: SMALL SIGNATURE
+//   - PRIVATE KEY SIZE: 96
+const google::crypto::tink::KeyTemplate&
+Sphincs_Shake256_192_S_Simple_KeyTemplate();
+
+// Returns a KeyTemplate that generates new instances of
+// SphincsPrivateKey with the following parameters:
+//   - HASH: SHAKE256
+//   - VARIANT: ROBUST
+//   - SIGNING TYPE: FAST SIGNING
+//   - PRIVATE KEY SIZE: 128
+const google::crypto::tink::KeyTemplate&
+Sphincs_Shake256_256_F_Robust_KeyTemplate();
+
+// Returns a KeyTemplate that generates new instances of
+// SphincsPrivateKey with the following parameters:
+//   - HASH: SHAKE256
+//   - VARIANT: SIMPLE
+//   - SIGNING TYPE: FAST SIGNING
+//   - PRIVATE KEY SIZE: 128
+const google::crypto::tink::KeyTemplate&
+Sphincs_Shake256_256_F_Simple_KeyTemplate();
+
+// Returns a KeyTemplate that generates new instances of
+// SphincsPrivateKey with the following parameters:
+//   - HASH: SHAKE256
+//   - VARIANT: ROBUST
+//   - SIGNING TYPE: SMALL SIGNATURE
+//   - PRIVATE KEY SIZE: 128
+const google::crypto::tink::KeyTemplate&
+Sphincs_Shake256_256_S_Robust_KeyTemplate();
+
+// Returns a KeyTemplate that generates new instances of
+// SphincsPrivateKey with the following parameters:
+//   - HASH: SHAKE256
+//   - VARIANT: SIMPLE
+//   - SIGNING TYPE: SMALL SIGNATURE
+//   - PRIVATE KEY SIZE: 128
+const google::crypto::tink::KeyTemplate&
+Sphincs_Shake256_256_S_Simple_KeyTemplate();
+
+}  // namespace tink
+}  // namespace crypto
+
+#endif  // TINK_EXPERIMENTAL_PQCRYPTO_SIGNATURE_SPHINCS_KEY_TEMPLATE_H_
diff --git a/cc/experimental/pqcrypto/signature/sphincs_key_template_test.cc b/cc/experimental/pqcrypto/signature/sphincs_key_template_test.cc
new file mode 100644
index 000000000..7d5686a59
--- /dev/null
+++ b/cc/experimental/pqcrypto/signature/sphincs_key_template_test.cc
@@ -0,0 +1,298 @@
+// Copyright 2021 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+///////////////////////////////////////////////////////////////////////////////
+
+#include "tink/experimental/pqcrypto/signature/sphincs_key_template.h"
+
+#include "gmock/gmock.h"
+#include "gtest/gtest.h"
+#include "tink/core/key_manager_impl.h"
+#include "tink/core/private_key_manager_impl.h"
+#include "tink/experimental/pqcrypto/signature/sphincs_sign_key_manager.h"
+#include "tink/experimental/pqcrypto/signature/sphincs_verify_key_manager.h"
+#include "tink/util/test_matchers.h"
+#include "proto/tink.pb.h"
+#include "proto/tink.proto.h"
+
+extern "C" {
+#include "third_party/pqclean/crypto_sign/sphincs-haraka-128f-robust/aesni/api.h"
+#include "third_party/pqclean/crypto_sign/sphincs-haraka-128f-simple/aesni/api.h"
+#include "third_party/pqclean/crypto_sign/sphincs-haraka-128s-robust/aesni/api.h"
+#include "third_party/pqclean/crypto_sign/sphincs-haraka-128s-simple/aesni/api.h"
+#include "third_party/pqclean/crypto_sign/sphincs-haraka-192f-robust/aesni/api.h"
+#include "third_party/pqclean/crypto_sign/sphincs-haraka-192f-simple/aesni/api.h"
+#include "third_party/pqclean/crypto_sign/sphincs-haraka-192s-robust/aesni/api.h"
+#include "third_party/pqclean/crypto_sign/sphincs-haraka-192s-simple/aesni/api.h"
+#include "third_party/pqclean/crypto_sign/sphincs-haraka-256f-robust/aesni/api.h"
+#include "third_party/pqclean/crypto_sign/sphincs-haraka-256f-simple/aesni/api.h"
+#include "third_party/pqclean/crypto_sign/sphincs-haraka-256s-robust/aesni/api.h"
+#include "third_party/pqclean/crypto_sign/sphincs-haraka-256s-simple/aesni/api.h"
+#include "third_party/pqclean/crypto_sign/sphincs-sha256-128f-robust/avx2/api.h"
+#include "third_party/pqclean/crypto_sign/sphincs-sha256-128f-simple/avx2/api.h"
+#include "third_party/pqclean/crypto_sign/sphincs-sha256-128s-robust/avx2/api.h"
+#include "third_party/pqclean/crypto_sign/sphincs-sha256-128s-simple/avx2/api.h"
+#include "third_party/pqclean/crypto_sign/sphincs-sha256-192f-robust/avx2/api.h"
+#include "third_party/pqclean/crypto_sign/sphincs-sha256-192f-simple/avx2/api.h"
+#include "third_party/pqclean/crypto_sign/sphincs-sha256-192s-robust/avx2/api.h"
+#include "third_party/pqclean/crypto_sign/sphincs-sha256-192s-simple/avx2/api.h"
+#include "third_party/pqclean/crypto_sign/sphincs-sha256-256f-robust/avx2/api.h"
+#include "third_party/pqclean/crypto_sign/sphincs-sha256-256f-simple/avx2/api.h"
+#include "third_party/pqclean/crypto_sign/sphincs-sha256-256s-robust/avx2/api.h"
+#include "third_party/pqclean/crypto_sign/sphincs-sha256-256s-simple/avx2/api.h"
+#include "third_party/pqclean/crypto_sign/sphincs-shake256-128f-robust/avx2/api.h"
+#include "third_party/pqclean/crypto_sign/sphincs-shake256-128f-simple/avx2/api.h"
+#include "third_party/pqclean/crypto_sign/sphincs-shake256-128s-robust/avx2/api.h"
+#include "third_party/pqclean/crypto_sign/sphincs-shake256-128s-simple/avx2/api.h"
+#include "third_party/pqclean/crypto_sign/sphincs-shake256-192f-robust/avx2/api.h"
+#include "third_party/pqclean/crypto_sign/sphincs-shake256-192f-simple/avx2/api.h"
+#include "third_party/pqclean/crypto_sign/sphincs-shake256-192s-robust/avx2/api.h"
+#include "third_party/pqclean/crypto_sign/sphincs-shake256-192s-simple/avx2/api.h"
+#include "third_party/pqclean/crypto_sign/sphincs-shake256-256f-robust/avx2/api.h"
+#include "third_party/pqclean/crypto_sign/sphincs-shake256-256f-simple/avx2/api.h"
+#include "third_party/pqclean/crypto_sign/sphincs-shake256-256s-robust/avx2/api.h"
+#include "third_party/pqclean/crypto_sign/sphincs-shake256-256s-simple/avx2/api.h"
+}
+
+namespace crypto {
+namespace tink {
+namespace {
+
+using ::crypto::tink::test::IsOk;
+using google::crypto::tink::KeyTemplate;
+using google::crypto::tink::OutputPrefixType;
+using ::google::crypto::tink::SphincsHashType;
+using ::google::crypto::tink::SphincsKeyFormat;
+using ::google::crypto::tink::SphincsParams;
+using ::google::crypto::tink::SphincsPrivateKey;
+using ::google::crypto::tink::SphincsSignatureType;
+using ::google::crypto::tink::SphincsVariant;
+
+struct SphincsTestCase {
+  std::string test_name;
+  SphincsHashType hash_type;
+  SphincsVariant variant;
+  SphincsSignatureType sig_length_type;
+  int32_t private_key_size;
+  KeyTemplate key_template;
+};
+
+using SphincsKeyTemplateTest = testing::TestWithParam<SphincsTestCase>;
+
+TEST_P(SphincsKeyTemplateTest, CheckKeyTemplateValid) {
+  std::string type_url =
+      "type.googleapis.com/google.crypto.tink.SphincsPrivateKey";
+
+  const SphincsTestCase& test_case = GetParam();
+  EXPECT_EQ(type_url, test_case.key_template.type_url());
+  EXPECT_EQ(OutputPrefixType::TINK,
+            test_case.key_template.output_prefix_type());
+
+  SphincsKeyFormat key_format;
+  EXPECT_TRUE(key_format.ParseFromString(test_case.key_template.value()));
+  EXPECT_EQ(test_case.hash_type, key_format.params().hash_type());
+  EXPECT_EQ(test_case.variant, key_format.params().variant());
+  EXPECT_EQ(test_case.sig_length_type, key_format.params().sig_length_type());
+  EXPECT_EQ(test_case.private_key_size, key_format.params().key_size());
+}
+
+TEST_P(SphincsKeyTemplateTest, SameReference) {
+  const KeyTemplate& key_template = GetParam().key_template;
+  const KeyTemplate& key_template_2 = GetParam().key_template;
+
+  EXPECT_EQ(&key_template, &key_template_2);
+}
+
+TEST_P(SphincsKeyTemplateTest, KeyManagerCompatibility) {
+  SphincsSignKeyManager sign_key_manager;
+  SphincsVerifyKeyManager verify_key_manager;
+  std::unique_ptr<KeyManager<PublicKeySign>> key_manager =
+      internal::MakePrivateKeyManager<PublicKeySign>(&sign_key_manager,
+                                                     &verify_key_manager);
+  SphincsKeyFormat key_format;
+  const SphincsTestCase& test_case = GetParam();
+
+  SphincsParams* params = key_format.mutable_params();
+  params->set_key_size(test_case.private_key_size);
+  params->set_hash_type(test_case.hash_type);
+  params->set_variant(test_case.variant);
+  params->set_sig_length_type(test_case.sig_length_type);
+
+  util::StatusOr<std::unique_ptr<portable_proto::MessageLite>> new_key_result =
+      key_manager->get_key_factory().NewKey(key_format);
+  EXPECT_THAT(new_key_result.status(), IsOk());
+}
+
+INSTANTIATE_TEST_SUITE_P(
+    SphincsKeyTemplateTests, SphincsKeyTemplateTest,
+    testing::ValuesIn<SphincsTestCase>(
+        {{"SPHINCSHARAKA128FROBUST", SphincsHashType::HARAKA,
+          SphincsVariant::ROBUST, SphincsSignatureType::FAST_SIGNING,
+          PQCLEAN_SPHINCSHARAKA128FROBUST_AESNI_CRYPTO_SECRETKEYBYTES,
+          Sphincs_Haraka_128_F_Robust_KeyTemplate()},
+         {"SPHINCSHARAKA128SROBUST", SphincsHashType::HARAKA,
+          SphincsVariant::ROBUST, SphincsSignatureType::SMALL_SIGNATURE,
+          PQCLEAN_SPHINCSHARAKA128SROBUST_AESNI_CRYPTO_SECRETKEYBYTES,
+          Sphincs_Haraka_128_S_Robust_KeyTemplate()},
+         {"SPHINCSHARAKA128FSIMPLE", SphincsHashType::HARAKA,
+          SphincsVariant::SIMPLE, SphincsSignatureType::FAST_SIGNING,
+          PQCLEAN_SPHINCSHARAKA128FSIMPLE_AESNI_CRYPTO_SECRETKEYBYTES,
+          Sphincs_Haraka_128_F_Simple_KeyTemplate()},
+         {"SPHINCSHARAKA128SSIMPLE", SphincsHashType::HARAKA,
+          SphincsVariant::SIMPLE, SphincsSignatureType::SMALL_SIGNATURE,
+          PQCLEAN_SPHINCSHARAKA128SSIMPLE_AESNI_CRYPTO_SECRETKEYBYTES,
+          Sphincs_Haraka_128_S_Simple_KeyTemplate()},
+
+         {"SPHINCSHARAKA192FROBUST", SphincsHashType::HARAKA,
+          SphincsVariant::ROBUST, SphincsSignatureType::FAST_SIGNING,
+          PQCLEAN_SPHINCSHARAKA192FROBUST_AESNI_CRYPTO_SECRETKEYBYTES,
+          Sphincs_Haraka_192_F_Robust_KeyTemplate()},
+         {"SPHINCSHARAKA192SROBUST", SphincsHashType::HARAKA,
+          SphincsVariant::ROBUST, SphincsSignatureType::SMALL_SIGNATURE,
+          PQCLEAN_SPHINCSHARAKA192SROBUST_AESNI_CRYPTO_SECRETKEYBYTES,
+          Sphincs_Haraka_192_S_Robust_KeyTemplate()},
+         {"SPHINCSHARAKA192FSIMPLE", SphincsHashType::HARAKA,
+          SphincsVariant::SIMPLE, SphincsSignatureType::FAST_SIGNING,
+          PQCLEAN_SPHINCSHARAKA192FSIMPLE_AESNI_CRYPTO_SECRETKEYBYTES,
+          Sphincs_Haraka_192_F_Simple_KeyTemplate()},
+         {"SPHINCSHARAKA192SSIMPLE", SphincsHashType::HARAKA,
+          SphincsVariant::SIMPLE, SphincsSignatureType::SMALL_SIGNATURE,
+          PQCLEAN_SPHINCSHARAKA192SSIMPLE_AESNI_CRYPTO_SECRETKEYBYTES,
+          Sphincs_Haraka_192_S_Simple_KeyTemplate()},
+
+         {"SPHINCSHARAKA256FROBUST", SphincsHashType::HARAKA,
+          SphincsVariant::ROBUST, SphincsSignatureType::FAST_SIGNING,
+          PQCLEAN_SPHINCSHARAKA256FROBUST_AESNI_CRYPTO_SECRETKEYBYTES,
+          Sphincs_Haraka_256_F_Robust_KeyTemplate()},
+         {"SPHINCSHARAKA256SROBUST", SphincsHashType::HARAKA,
+          SphincsVariant::ROBUST, SphincsSignatureType::SMALL_SIGNATURE,
+          PQCLEAN_SPHINCSHARAKA256SROBUST_AESNI_CRYPTO_SECRETKEYBYTES,
+          Sphincs_Haraka_256_S_Robust_KeyTemplate()},
+         {"SPHINCSHARAKA256FSIMPLE", SphincsHashType::HARAKA,
+          SphincsVariant::SIMPLE, SphincsSignatureType::FAST_SIGNING,
+          PQCLEAN_SPHINCSHARAKA256FSIMPLE_AESNI_CRYPTO_SECRETKEYBYTES,
+          Sphincs_Haraka_256_F_Simple_KeyTemplate()},
+         {"SPHINCSHARAKA256SSIMPLE", SphincsHashType::HARAKA,
+          SphincsVariant::SIMPLE, SphincsSignatureType::SMALL_SIGNATURE,
+          PQCLEAN_SPHINCSHARAKA256SSIMPLE_AESNI_CRYPTO_SECRETKEYBYTES,
+          Sphincs_Haraka_256_S_Simple_KeyTemplate()},
+
+         {"SPHINCSSHA256128FROBUST", SphincsHashType::SHA256,
+          SphincsVariant::ROBUST, SphincsSignatureType::FAST_SIGNING,
+          PQCLEAN_SPHINCSSHA256128FROBUST_AVX2_CRYPTO_SECRETKEYBYTES,
+          Sphincs_Sha256_128_F_Robust_KeyTemplate()},
+         {"SPHINCSSHA256128SROBUST", SphincsHashType::SHA256,
+          SphincsVariant::ROBUST, SphincsSignatureType::SMALL_SIGNATURE,
+          PQCLEAN_SPHINCSSHA256128SROBUST_AVX2_CRYPTO_SECRETKEYBYTES,
+          Sphincs_Sha256_128_S_Robust_KeyTemplate()},
+         {"SPHINCSSHA256128FSIMPLE", SphincsHashType::SHA256,
+          SphincsVariant::SIMPLE, SphincsSignatureType::FAST_SIGNING,
+          PQCLEAN_SPHINCSSHA256128FSIMPLE_AVX2_CRYPTO_SECRETKEYBYTES,
+          Sphincs_Sha256_128_F_Simple_KeyTemplate()},
+         {"SPHINCSSHA256128SSIMPLE", SphincsHashType::SHA256,
+          SphincsVariant::SIMPLE, SphincsSignatureType::SMALL_SIGNATURE,
+          PQCLEAN_SPHINCSSHA256128SSIMPLE_AVX2_CRYPTO_SECRETKEYBYTES,
+          Sphincs_Sha256_128_S_Simple_KeyTemplate()},
+
+         {"SPHINCSSHA256192FROBUST", SphincsHashType::SHA256,
+          SphincsVariant::ROBUST, SphincsSignatureType::FAST_SIGNING,
+          PQCLEAN_SPHINCSSHA256192FROBUST_AVX2_CRYPTO_SECRETKEYBYTES,
+          Sphincs_Sha256_192_F_Robust_KeyTemplate()},
+         {"SPHINCSSHA256192SROBUST", SphincsHashType::SHA256,
+          SphincsVariant::ROBUST, SphincsSignatureType::SMALL_SIGNATURE,
+          PQCLEAN_SPHINCSSHA256192SROBUST_AVX2_CRYPTO_SECRETKEYBYTES,
+          Sphincs_Sha256_192_S_Robust_KeyTemplate()},
+         {"SPHINCSSHA256192FSIMPLE", SphincsHashType::SHA256,
+          SphincsVariant::SIMPLE, SphincsSignatureType::FAST_SIGNING,
+          PQCLEAN_SPHINCSSHA256192FSIMPLE_AVX2_CRYPTO_SECRETKEYBYTES,
+          Sphincs_Sha256_192_F_Simple_KeyTemplate()},
+         {"SPHINCSSHA256192SSIMPLE", SphincsHashType::SHA256,
+          SphincsVariant::SIMPLE, SphincsSignatureType::SMALL_SIGNATURE,
+          PQCLEAN_SPHINCSSHA256192SSIMPLE_AVX2_CRYPTO_SECRETKEYBYTES,
+          Sphincs_Sha256_192_S_Simple_KeyTemplate()},
+
+         {"SPHINCSSHA256256FROBUST", SphincsHashType::SHA256,
+          SphincsVariant::ROBUST, SphincsSignatureType::FAST_SIGNING,
+          PQCLEAN_SPHINCSSHA256256FROBUST_AVX2_CRYPTO_SECRETKEYBYTES,
+          Sphincs_Sha256_256_F_Robust_KeyTemplate()},
+         {"SPHINCSSHA256256SROBUST", SphincsHashType::SHA256,
+          SphincsVariant::ROBUST, SphincsSignatureType::SMALL_SIGNATURE,
+          PQCLEAN_SPHINCSSHA256256SROBUST_AVX2_CRYPTO_SECRETKEYBYTES,
+          Sphincs_Sha256_256_S_Robust_KeyTemplate()},
+         {"SPHINCSSHA256256FSIMPLE", SphincsHashType::SHA256,
+          SphincsVariant::SIMPLE, SphincsSignatureType::FAST_SIGNING,
+          PQCLEAN_SPHINCSSHA256256FSIMPLE_AVX2_CRYPTO_SECRETKEYBYTES,
+          Sphincs_Sha256_256_F_Simple_KeyTemplate()},
+         {"SPHINCSSHA256256SSIMPLE", SphincsHashType::SHA256,
+          SphincsVariant::SIMPLE, SphincsSignatureType::SMALL_SIGNATURE,
+          PQCLEAN_SPHINCSSHA256256SSIMPLE_AVX2_CRYPTO_SECRETKEYBYTES,
+          Sphincs_Sha256_256_S_Simple_KeyTemplate()},
+
+         {"SPHINCSSHAKE256128FROBUST", SphincsHashType::SHAKE256,
+          SphincsVariant::ROBUST, SphincsSignatureType::FAST_SIGNING,
+          PQCLEAN_SPHINCSSHAKE256128FROBUST_AVX2_CRYPTO_SECRETKEYBYTES,
+          Sphincs_Shake256_128_F_Robust_KeyTemplate()},
+         {"SPHINCSSHAKE256128SROBUST", SphincsHashType::SHAKE256,
+          SphincsVariant::ROBUST, SphincsSignatureType::SMALL_SIGNATURE,
+          PQCLEAN_SPHINCSSHAKE256128SROBUST_AVX2_CRYPTO_SECRETKEYBYTES,
+          Sphincs_Shake256_128_S_Robust_KeyTemplate()},
+         {"SPHINCSSHAKE256128FSIMPLE", SphincsHashType::SHAKE256,
+          SphincsVariant::SIMPLE, SphincsSignatureType::FAST_SIGNING,
+          PQCLEAN_SPHINCSSHAKE256128FSIMPLE_AVX2_CRYPTO_SECRETKEYBYTES,
+          Sphincs_Shake256_128_F_Simple_KeyTemplate()},
+         {"SPHINCSSHAKE256128SSIMPLE", SphincsHashType::SHAKE256,
+          SphincsVariant::SIMPLE, SphincsSignatureType::SMALL_SIGNATURE,
+          PQCLEAN_SPHINCSSHAKE256128SSIMPLE_AVX2_CRYPTO_SECRETKEYBYTES,
+          Sphincs_Shake256_128_S_Simple_KeyTemplate()},
+
+         {"SPHINCSSHAKE256192FROBUST", SphincsHashType::SHAKE256,
+          SphincsVariant::ROBUST, SphincsSignatureType::FAST_SIGNING,
+          PQCLEAN_SPHINCSSHAKE256192FROBUST_AVX2_CRYPTO_SECRETKEYBYTES,
+          Sphincs_Shake256_192_F_Robust_KeyTemplate()},
+         {"SPHINCSSHAKE256192SROBUST", SphincsHashType::SHAKE256,
+          SphincsVariant::ROBUST, SphincsSignatureType::SMALL_SIGNATURE,
+          PQCLEAN_SPHINCSSHAKE256192SROBUST_AVX2_CRYPTO_SECRETKEYBYTES,
+          Sphincs_Shake256_192_S_Robust_KeyTemplate()},
+         {"SPHINCSSHAKE256192FSIMPLE", SphincsHashType::SHAKE256,
+          SphincsVariant::SIMPLE, SphincsSignatureType::FAST_SIGNING,
+          PQCLEAN_SPHINCSSHAKE256192FSIMPLE_AVX2_CRYPTO_SECRETKEYBYTES,
+          Sphincs_Shake256_192_F_Simple_KeyTemplate()},
+         {"SPHINCSSHAKE256192SSIMPLE", SphincsHashType::SHAKE256,
+          SphincsVariant::SIMPLE, SphincsSignatureType::SMALL_SIGNATURE,
+          PQCLEAN_SPHINCSSHAKE256192SSIMPLE_AVX2_CRYPTO_SECRETKEYBYTES,
+          Sphincs_Shake256_192_S_Simple_KeyTemplate()},
+
+         {"SPHINCSSHAKE256256FROBUST", SphincsHashType::SHAKE256,
+          SphincsVariant::ROBUST, SphincsSignatureType::FAST_SIGNING,
+          PQCLEAN_SPHINCSSHAKE256256FROBUST_AVX2_CRYPTO_SECRETKEYBYTES,
+          Sphincs_Shake256_256_F_Robust_KeyTemplate()},
+         {"SPHINCSSHAKE256256SROBUST", SphincsHashType::SHAKE256,
+          SphincsVariant::ROBUST, SphincsSignatureType::SMALL_SIGNATURE,
+          PQCLEAN_SPHINCSSHAKE256256SROBUST_AVX2_CRYPTO_SECRETKEYBYTES,
+          Sphincs_Shake256_256_S_Robust_KeyTemplate()},
+         {"SPHINCSSHAKE256256FSIMPLE", SphincsHashType::SHAKE256,
+          SphincsVariant::SIMPLE, SphincsSignatureType::FAST_SIGNING,
+          PQCLEAN_SPHINCSSHAKE256256FSIMPLE_AVX2_CRYPTO_SECRETKEYBYTES,
+          Sphincs_Shake256_256_F_Simple_KeyTemplate()},
+         {"SPHINCSSHAKE256256SSIMPLE", SphincsHashType::SHAKE256,
+          SphincsVariant::SIMPLE, SphincsSignatureType::SMALL_SIGNATURE,
+          PQCLEAN_SPHINCSSHAKE256256SSIMPLE_AVX2_CRYPTO_SECRETKEYBYTES,
+          Sphincs_Shake256_256_S_Simple_KeyTemplate()}}),
+    [](const testing::TestParamInfo<SphincsKeyTemplateTest::ParamType>& info) {
+      return info.param.test_name;
+    });
+
+}  // namespace
+}  // namespace tink
+}  // namespace crypto
author	Tink Team <tink-dev@google.com>	2021-09-14 06:10:40 -0700
committer	Copybara-Service <copybara-worker@google.com>	2021-09-14 06:11:33 -0700
commit	5f4d0c33e7ac1c1f2d66ee72964b284adc1ebd1f (patch)
tree	c0ba055fdfdb6c90a67467db3c67a037ff035e70 /cc/experimental
parent	f302e1e6244e611052ba2afb0686310a8236693d (diff)
download	tink-5f4d0c33e7ac1c1f2d66ee72964b284adc1ebd1f.tar.gz