From 4c125ece77e0caaec4d17d846aebc92cdd165dc2 Mon Sep 17 00:00:00 2001 From: jordan Date: Tue, 11 Jul 2023 15:04:51 -0500 Subject: [PATCH] LMS: cleanup INSTALL, and cap threads to 4. --- INSTALL | 7 +++++-- wolfcrypt/src/ext_lms.c | 12 ++++++++++++ 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/INSTALL b/INSTALL index e18d0861f..93467ea58 100644 --- a/INSTALL +++ b/INSTALL @@ -258,8 +258,10 @@ We also have vcpkg ports for wolftpm, wolfmqtt and curl. 17. Building with hash-sigs lib for LMS/HSS support [EXPERIMENTAL] Using LMS/HSS requires that the hash-sigs lib has been built on - your system. At present we support the current master branch of - the hash-sigs project. + your system. We support hash-sigs lib at this git commit: + b0631b8891295bf2929e68761205337b7c031726 + At the time of writing this, this is the HEAD of the master + branch of the hash-sigs project. Currently the hash-sigs project only builds static libraries: - hss_lib.a: a single-threaded static lib. @@ -282,6 +284,7 @@ We also have vcpkg ports for wolftpm, wolfmqtt and curl. $ cd ~/hash_sigs $ git clone https://github.com/cisco/hash-sigs.git src $ cd src + $ git checkout b0631b8891295bf2929e68761205337b7c031726 In sha256.h, set USE_OPENSSL to 0: #define USE_OPENSSL 0 diff --git a/wolfcrypt/src/ext_lms.c b/wolfcrypt/src/ext_lms.c index 5f8cca6f9..0c0274016 100644 --- a/wolfcrypt/src/ext_lms.c +++ b/wolfcrypt/src/ext_lms.c @@ -37,6 +37,16 @@ #include #endif +/* If built against hss_lib_thread.a, the hash-sigs lib will spawn + * worker threads to parallelize cpu intensive tasks. This will mainly + * speedup key generation and signing, and to a lesser extent + * verifying for larger levels values. + * + * Their default max is 16 worker threads, but can be capped with + * hss_extra_info_set_threads(). To be safe we are capping at 4 here. + * */ +#define EXT_LMS_MAX_THREADS (4) + /* The hash-sigs hss_generate_private_key API requires a generate_random * callback that only has output and length args. The RNG struct must be global * to the function. Maybe there should be a wc_LmsKey_SetRngCb. */ @@ -347,7 +357,9 @@ int wc_LmsKey_Init_ex(LmsKey * key, int levels, int height, key->lm_ots_type[i] = ots; } + /* Set the max number of worker threads that hash-sigs can spawn. */ hss_init_extra_info(&key->info); + hss_extra_info_set_threads(&key->info, EXT_LMS_MAX_THREADS); key->working_key = NULL; key->write_private_key = NULL;