liboqs: add RNG support for sphincs

Added a RNG argument to the wc_sphincs_sign_msg method to properly generate necessary random data using the desired WolfSSL RNG object. Signed-off-by: Tobias Frauenschläger <t.frauenschlaeger@me.com>
2025-07-30 02:37:28 +02:00 · 2023-11-22 18:47:11 +01:00
parent 85c40b1728
commit 0780fd9719
4 changed files with 11 additions and 4 deletions
--- a/wolfcrypt/benchmark/benchmark.c
+++ b/wolfcrypt/benchmark/benchmark.c
@ -12055,7 +12055,7 @@ void bench_sphincsKeySign(byte level, byte optim)
                    x = SPHINCS_SMALL_LEVEL5_SIG_SIZE;
                }

-                ret = wc_sphincs_sign_msg(msg, sizeof(msg), sig, &x, &key);
+                ret = wc_sphincs_sign_msg(msg, sizeof(msg), sig, &x, &key, GLOBAL_RNG);
                if (ret != 0) {
                    printf("wc_sphincs_sign_msg failed\n");
                }
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@ -28915,7 +28915,7 @@ static int MakeSignature(CertSignCtx* certSignCtx, const byte* buf, word32 sz,
        if (!rsaKey && !eccKey && !ed25519Key && !ed448Key && !falconKey &&
            !dilithiumKey && sphincsKey) {
            word32 outSz = sigSz;
-            ret = wc_sphincs_sign_msg(buf, sz, sig, &outSz, sphincsKey);
+            ret = wc_sphincs_sign_msg(buf, sz, sig, &outSz, sphincsKey, rng);
            if (ret == 0)
                ret = outSz;
        }
--- a/wolfcrypt/src/sphincs.c
+++ b/wolfcrypt/src/sphincs.c
@ -58,7 +58,7 @@
 *          0 otherwise.
 */
 int wc_sphincs_sign_msg(const byte* in, word32 inLen, byte* out, word32 *outLen,
-                        sphincs_key* key)
+                        sphincs_key* key, WC_RNG* rng)
 {
    int ret = 0;
 #ifdef HAVE_LIBOQS
@ -135,6 +135,10 @@ int wc_sphincs_sign_msg(const byte* in, word32 inLen, byte* out, word32 *outLen,
        localOutLen = *outLen;
    }

+    if (ret == 0) {
+        ret = wolfSSL_liboqsRngMutexLock(rng);
+    }
+
    if ((ret == 0) &&
        (OQS_SIG_sign(oqssig, out, &localOutLen, in, inLen, key->k)
         == OQS_ERROR)) {
@ -145,6 +149,8 @@ int wc_sphincs_sign_msg(const byte* in, word32 inLen, byte* out, word32 *outLen,
        *outLen = (word32)localOutLen;
    }

+    wolfSSL_liboqsRngMutexUnlock();
+
    if (oqssig != NULL) {
        OQS_SIG_free(oqssig);
    }
--- a/wolfssl/wolfcrypt/sphincs.h
+++ b/wolfssl/wolfcrypt/sphincs.h
@ -41,6 +41,7 @@

 #ifdef HAVE_LIBOQS
 #include <oqs/oqs.h>
+#include <wolfssl/wolfcrypt/port/liboqs/liboqs.h>
 #endif

 #ifdef __cplusplus
@ -99,7 +100,7 @@ struct sphincs_key {

 WOLFSSL_API
 int wc_sphincs_sign_msg(const byte* in, word32 inLen, byte* out, word32 *outLen,
-                        sphincs_key* key);
+                        sphincs_key* key, WC_RNG* rng);
 WOLFSSL_API
 int wc_sphincs_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
                          word32 msgLen, int* res, sphincs_key* key);