feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

XMSS/XMSSMT hooks support: fix build.

Browse Source
This commit is contained in:
jordan
2023-10-09 10:13:32 -05:00
parent 33d4b331fb
commit f32c6a0d25
5 changed files with 110 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
INSTALL
View File

@ -401,10 +401,16 @@ We also have vcpkg ports for wolftpm, wolfmqtt and curl.
The patch may be found in the wolfssl-examples repo here: The patch may be found in the wolfssl-examples repo here:
pq/stateful_hash_sig/0001-Patch-to-support-xmss-reference-integration.patch pq/stateful_hash_sig/0001-Patch-to-support-xmss-reference-integration.patch
To build patched xmss-reference:
$ make xmss_lib.a
To build verify-only patched xmss-reference:
$ make xmss_verify_lib.a
Note that this patch adds wolfCrypt SHA256 hashing to xmss-reference, and Note that this patch adds wolfCrypt SHA256 hashing to xmss-reference, and
thus benefits from all the same asm speedups as wolfCrypt SHA hashing. thus benefits from all the same asm speedups as wolfCrypt SHA hashing.
Depending on architecture you may build with --enable-intelasm, or Depending on architecture you may build with --enable-intelasm, or
and --enable-armasm, and see 30-50% speedups in XMSS/XMSS^MT. and --enable-armasm, and see 30-40% speedups in XMSS/XMSS^MT.
For full keygen, signing, verifying, and benchmarking support, build For full keygen, signing, verifying, and benchmarking support, build
wolfSSL with: wolfSSL with:

24
configure.ac
View File

@ -1201,10 +1201,32 @@ AC_ARG_WITH([libxmss],
AC_MSG_ERROR([libxmss isn't found. AC_MSG_ERROR([libxmss isn't found.
If it's already installed, specify its path using --with-libxmss=/dir/]) If it's already installed, specify its path using --with-libxmss=/dir/])
fi fi
if test "$XMSS_VERIFY_ONLY" = "yes"; then
if test -e $trylibxmssdir/xmss_verify_lib.a; then
CPPFLAGS="$AM_CPPFLAGS -DHAVE_LIBXMSS -I$trylibxmssdir"
LIB_STATIC_ADD="$LIB_STATIC_ADD $trylibxmssdir/xmss_verify_lib.a"
enable_shared=no
enable_static=yes
libxmss_linked=yes
else
AC_MSG_ERROR([xmss_verify_lib.a isn't found.
If it's already installed, specify its path using --with-libxmss=/dir/])
fi
elif test -e $trylibxmssdir/xmss_lib.a; then
CPPFLAGS="$AM_CPPFLAGS -DHAVE_LIBXMSS -I$trylibxmssdir"
LIB_STATIC_ADD="$LIB_STATIC_ADD $trylibxmssdir/xmss_lib.a"
enable_shared=no
enable_static=yes
libxmss_linked=yes
else
AC_MSG_ERROR([libxmss isn't found.
If it's already installed, specify its path using --with-libxmss=/dir/])
fi
XMSS_ROOT=$trylibxmssdir XMSS_ROOT=$trylibxmssdir
AC_MSG_RESULT([yes]) AC_MSG_RESULT([yes])
AM_CPPFLAGS="$CPPFLAGS"
AM_CFLAGS="$AM_CFLAGS -DHAVE_LIBXMSS -I$trylibxmssdir" AM_CFLAGS="$AM_CFLAGS -DHAVE_LIBXMSS -I$trylibxmssdir"
ENABLED_LIBXMSS="yes" ENABLED_LIBXMSS="yes"
@ -1213,7 +1235,6 @@ AC_ARG_WITH([libxmss],
[XMSS_ROOT=""] [XMSS_ROOT=""]
) )
# LMS # LMS
AC_ARG_ENABLE([lms], AC_ARG_ENABLE([lms],
[AS_HELP_STRING([--enable-lms],[Enable stateful LMS/HSS signatures (default: disabled)])], [AS_HELP_STRING([--enable-lms],[Enable stateful LMS/HSS signatures (default: disabled)])],
@ -9032,6 +9053,7 @@ AM_CONDITIONAL([BUILD_GE448], [test "x$ENABLED_GE448" = "xyes" || test "x$ENABLE
AM_CONDITIONAL([BUILD_CURVE448],[test "x$ENABLED_CURVE448" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) AM_CONDITIONAL([BUILD_CURVE448],[test "x$ENABLED_CURVE448" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
AM_CONDITIONAL([BUILD_CURVE448_SMALL],[test "x$ENABLED_CURVE448_SMALL" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) AM_CONDITIONAL([BUILD_CURVE448_SMALL],[test "x$ENABLED_CURVE448_SMALL" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
AM_CONDITIONAL([BUILD_WC_LMS],[test "x$ENABLED_WC_LMS" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"]) AM_CONDITIONAL([BUILD_WC_LMS],[test "x$ENABLED_WC_LMS" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"])
AM_CONDITIONAL([BUILD_WC_XMSS],[test "x$ENABLED_WC_XMSS" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"])
AM_CONDITIONAL([BUILD_WC_KYBER],[test "x$ENABLED_WC_KYBER" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"]) AM_CONDITIONAL([BUILD_WC_KYBER],[test "x$ENABLED_WC_KYBER" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"])
AM_CONDITIONAL([BUILD_ECCSI],[test "x$ENABLED_ECCSI" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) AM_CONDITIONAL([BUILD_ECCSI],[test "x$ENABLED_ECCSI" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
AM_CONDITIONAL([BUILD_SAKKE],[test "x$ENABLED_SAKKE" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) AM_CONDITIONAL([BUILD_SAKKE],[test "x$ENABLED_SAKKE" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])

12
src/include.am
View File

@ -702,6 +702,10 @@ if BUILD_WC_LMS
src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/wc_lms.c src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/wc_lms.c
endif endif
if BUILD_WC_XMSS
src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/wc_xmss.c
endif
if BUILD_CURVE25519 if BUILD_CURVE25519
src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/curve25519.c src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/curve25519.c
endif endif
@ -809,14 +813,6 @@ endif
if BUILD_LIBXMSS if BUILD_LIBXMSS
src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/ext_xmss.c src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/ext_xmss.c
src_libwolfssl@LIBSUFFIX@_la_SOURCES += $(XMSS_ROOT)/params.c
src_libwolfssl@LIBSUFFIX@_la_SOURCES += $(XMSS_ROOT)/thash.c
src_libwolfssl@LIBSUFFIX@_la_SOURCES += $(XMSS_ROOT)/hash_address.c
src_libwolfssl@LIBSUFFIX@_la_SOURCES += $(XMSS_ROOT)/wots.c
src_libwolfssl@LIBSUFFIX@_la_SOURCES += $(XMSS_ROOT)/xmss.c
src_libwolfssl@LIBSUFFIX@_la_SOURCES += $(XMSS_ROOT)/xmss_core_fast.c
src_libwolfssl@LIBSUFFIX@_la_SOURCES += $(XMSS_ROOT)/xmss_commons.c
src_libwolfssl@LIBSUFFIX@_la_SOURCES += $(XMSS_ROOT)/utils.c
endif endif
if BUILD_LIBZ if BUILD_LIBZ

78
wolfcrypt/src/ext_xmss.c
View File

@ -26,6 +26,7 @@
#include <wolfssl/wolfcrypt/settings.h> #include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/wolfcrypt/error-crypt.h> #include <wolfssl/wolfcrypt/error-crypt.h>
#include <wolfssl/wolfcrypt/logging.h> #include <wolfssl/wolfcrypt/logging.h>
#include <wolfssl/wolfcrypt/sha256.h>
#ifdef WOLFSSL_HAVE_XMSS #ifdef WOLFSSL_HAVE_XMSS
#include <wolfssl/wolfcrypt/ext_xmss.h> #include <wolfssl/wolfcrypt/ext_xmss.h>
@ -37,6 +38,63 @@
#include <wolfcrypt/src/misc.c> #include <wolfcrypt/src/misc.c>
#endif #endif
#include <xmss_callbacks.h>
#ifndef WOLFSSL_XMSS_VERIFY_ONLY
static THREAD_LS_T WC_RNG * xmssRng = NULL;
/* RNG callback used by xmss.
* */
static int rng_cb(void * output, size_t length)
{
int ret = 0;
if (output == NULL || xmssRng == NULL) {
return -1;
}
if (length == 0) {
return 0;
}
ret = wc_RNG_GenerateBlock(xmssRng, output, (word32) length);
if (ret) {
WOLFSSL_MSG("error: xmss rng_cb failed");
return -1;
}
return 0;
}
#endif /* ifndef WOLFSSL_XMSS_VERIFY_ONLY */
/* SHA256 callback used by xmss.
* */
static int sha256_cb(const unsigned char *in, unsigned long long inlen,
unsigned char *out)
{
wc_Sha256 sha;
if (wc_InitSha256_ex(&sha, NULL, INVALID_DEVID) != 0) {
WOLFSSL_MSG("SHA256 Init failed");
return -1;
}
if (wc_Sha256Update(&sha, in, (word32) inlen) != 0) {
WOLFSSL_MSG("SHA256 Update failed");
return -1;
}
if (wc_Sha256Final(&sha, out) != 0) {
WOLFSSL_MSG("SHA256 Final failed");
wc_Sha256Free(&sha);
return -1;
}
wc_Sha256Free(&sha);
return 0;
}
/* Init an Xmss key. /* Init an Xmss key.
* *
* Call this before setting the parms of an Xmss key. * Call this before setting the parms of an Xmss key.
@ -119,6 +177,20 @@ static int wc_XmssKey_SetOid(XmssKey * key, uint32_t oid, int is_xmssmt)
return -1; return -1;
} }
ret = xmss_set_sha_cb(sha256_cb);
if (ret != 0) {
WOLFSSL_MSG("error: xmss_set_sha_cb failed");
return -1;
}
#ifndef WOLFSSL_XMSS_VERIFY_ONLY
ret = xmss_set_rng_cb(rng_cb);
if (ret != 0) {
WOLFSSL_MSG("error: xmss_set_rng_cb failed");
return -1;
}
#endif
key->oid = oid; key->oid = oid;
key->is_xmssmt = is_xmssmt; key->is_xmssmt = is_xmssmt;
key->state = WC_XMSS_STATE_PARMSET; key->state = WC_XMSS_STATE_PARMSET;
@ -401,13 +473,15 @@ int wc_XmssKey_MakeKey(XmssKey* key, WC_RNG * rng)
return ret; return ret;
} }
xmssRng = rng;
/* Finally make the secret public key pair. Immediately write it to NV /* Finally make the secret public key pair. Immediately write it to NV
* storage and then clear from memory. */ * storage and then clear from memory. */
if (key->is_xmssmt) { if (key->is_xmssmt) {
ret = xmssmt_keypair(key->pk, key->sk, key->oid, rng); ret = xmssmt_keypair(key->pk, key->sk, key->oid);
} }
else { else {
ret = xmss_keypair(key->pk, key->sk, key->oid, rng); ret = xmss_keypair(key->pk, key->sk, key->oid);
} }
if (ret == 0) { if (ret == 0) {

1
wolfssl/wolfcrypt/xmss.h
View File

@ -144,7 +144,6 @@ WOLFSSL_API int wc_XmssKey_ImportPubRaw(XmssKey * key, const byte * in,
word32 inLen); word32 inLen);
WOLFSSL_API int wc_XmssKey_Verify(XmssKey * key, const byte * sig, word32 sigSz, WOLFSSL_API int wc_XmssKey_Verify(XmssKey * key, const byte * sig, word32 sigSz,
const byte * msg, int msgSz); const byte * msg, int msgSz);
WOLFSSL_API const char * wc_XmssKey_RcToStr(enum wc_XmssRc lmsRc);
#ifdef __cplusplus #ifdef __cplusplus
} /* extern "C" */ } /* extern "C" */
#endif #endif