wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-02 20:24:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #8836 from SparkiDev/lms_serialize_state

Browse Source 
LMS: Allow state to be saved with private key
This commit is contained in:
Daniel Pouzzner
2025-06-25 21:34:42 -05:00
committed by GitHub
parent 38892fdd07 d05790ed89
commit 29f534f3b0
5 changed files with 130 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.wolfssl_known_macro_extras
View File

@@ -864,6 +864,8 @@ WOLFSSL_USE_FLASHMEM
WOLFSSL_USE_OPTIONS_H WOLFSSL_USE_OPTIONS_H
WOLFSSL_USE_POPEN_HOST WOLFSSL_USE_POPEN_HOST
WOLFSSL_VALIDATE_DH_KEYGEN WOLFSSL_VALIDATE_DH_KEYGEN
WOLFSSL_WC_LMS_SERIALIZE_STATE
WOLFSSL_WC_MLKEM
WOLFSSL_WC_XMSS_NO_SHA256 WOLFSSL_WC_XMSS_NO_SHA256
WOLFSSL_WC_XMSS_NO_SHAKE256 WOLFSSL_WC_XMSS_NO_SHAKE256
WOLFSSL_WICED_PSEUDO_UNIX_EPOCH_TIME WOLFSSL_WICED_PSEUDO_UNIX_EPOCH_TIME

10
wolfcrypt/benchmark/benchmark.c
View File

@@ -9876,6 +9876,7 @@ void bench_mlkem(int type)
#endif #endif
#if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY) #if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY)
#ifndef WOLFSSL_WC_LMS_SERIALIZE_STATE
#ifndef WOLFSSL_NO_LMS_SHA256_256 #ifndef WOLFSSL_NO_LMS_SHA256_256
/* WC_LMS_PARM_L2_H10_W2 /* WC_LMS_PARM_L2_H10_W2
* signature length: 9300 */ * signature length: 9300 */
@@ -10033,6 +10034,7 @@ static const byte lms_pub_L4_H5_W8[60] =
0x74,0x24,0x12,0xC8 0x74,0x24,0x12,0xC8
}; };
#endif #endif
#endif /* WOLFSSL_WC_LMS_SERIALIZE_STATE */
static int lms_write_key_mem(const byte* priv, word32 privSz, void* context) static int lms_write_key_mem(const byte* priv, word32 privSz, void* context)
{ {
@@ -10050,7 +10052,11 @@ static int lms_read_key_mem(byte* priv, word32 privSz, void* context)
XMEMCPY(priv, context, privSz); XMEMCPY(priv, context, privSz);
return WC_LMS_RC_READ_TO_MEMORY; return WC_LMS_RC_READ_TO_MEMORY;
} }
#ifdef WOLFSSL_WC_LMS_SERIALIZE_STATE
static byte lms_priv[64*1024 + HSS_MAX_PRIVATE_KEY_LEN];
#else
static byte lms_priv[HSS_MAX_PRIVATE_KEY_LEN]; static byte lms_priv[HSS_MAX_PRIVATE_KEY_LEN];
#endif
static void bench_lms_keygen(enum wc_LmsParm parm, byte* pub) static void bench_lms_keygen(enum wc_LmsParm parm, byte* pub)
{ {
@@ -10192,6 +10198,7 @@ static void bench_lms_sign_verify(enum wc_LmsParm parm, byte* pub)
goto exit_lms_sign_verify; goto exit_lms_sign_verify;
} }
#ifndef WOLFSSL_WC_LMS_SERIALIZE_STATE
switch (parm) { switch (parm) {
#ifndef WOLFSSL_NO_LMS_SHA256_256 #ifndef WOLFSSL_NO_LMS_SHA256_256
case WC_LMS_PARM_L2_H10_W2: case WC_LMS_PARM_L2_H10_W2:
@@ -10283,6 +10290,9 @@ static void bench_lms_sign_verify(enum wc_LmsParm parm, byte* pub)
XMEMCPY(key.pub, pub, HSS_MAX_PUBLIC_KEY_LEN); XMEMCPY(key.pub, pub, HSS_MAX_PUBLIC_KEY_LEN);
break; break;
} }
#else
XMEMCPY(key.pub, pub, HSS_MAX_PUBLIC_KEY_LEN);
#endif
ret = wc_LmsKey_SetWriteCb(&key, lms_write_key_mem); ret = wc_LmsKey_SetWriteCb(&key, lms_write_key_mem);
if (ret) { if (ret) {

99
wolfcrypt/src/wc_lms.c
View File

@@ -586,11 +586,14 @@ void wc_LmsKey_Free(LmsKey* key)
#ifndef WOLFSSL_LMS_VERIFY_ONLY #ifndef WOLFSSL_LMS_VERIFY_ONLY
if (key->priv_data != NULL) { if (key->priv_data != NULL) {
const LmsParams* params = key->params; const LmsParams* params = key->params;
int priv_data_len = LMS_PRIV_DATA_LEN(params->levels,
ForceZero(key->priv_data, LMS_PRIV_DATA_LEN(params->levels,
params->height, params->p, params->rootLevels, params->height, params->p, params->rootLevels,
params->cacheBits, params->hash_len)); params->cacheBits, params->hash_len);
#ifdef WOLFSSL_WC_LMS_SERIALIZE_STATE
priv_data_len += HSS_PRIVATE_KEY_LEN(key->params->hash_len);
#endif
ForceZero(key->priv_data, priv_data_len);
XFREE(key->priv_data, key->heap, DYNAMIC_TYPE_LMS); XFREE(key->priv_data, key->heap, DYNAMIC_TYPE_LMS);
} }
#endif #endif
@@ -717,6 +720,7 @@ int wc_LmsKey_SetContext(LmsKey* key, void* context)
int wc_LmsKey_MakeKey(LmsKey* key, WC_RNG* rng) int wc_LmsKey_MakeKey(LmsKey* key, WC_RNG* rng)
{ {
int ret = 0; int ret = 0;
int priv_data_len = 0;
/* Validate parameters. */ /* Validate parameters. */
if ((key == NULL) || (rng == NULL)) { if ((key == NULL) || (rng == NULL)) {
@@ -738,17 +742,26 @@ int wc_LmsKey_MakeKey(LmsKey* key, WC_RNG* rng)
ret = BAD_FUNC_ARG; ret = BAD_FUNC_ARG;
} }
if ((ret == 0) && (key->priv_data == NULL)) { if (ret == 0) {
const LmsParams* params = key->params; const LmsParams* params = key->params;
priv_data_len = LMS_PRIV_DATA_LEN(params->levels, params->height,
params->p, params->rootLevels, params->cacheBits, params->hash_len);
#ifdef WOLFSSL_WC_LMS_SERIALIZE_STATE
priv_data_len += HSS_PRIVATE_KEY_LEN(key->params->hash_len);
#endif
}
if ((ret == 0) && (key->priv_data == NULL)) {
/* Allocate memory for the private key data. */ /* Allocate memory for the private key data. */
key->priv_data = (byte *)XMALLOC(LMS_PRIV_DATA_LEN(params->levels, key->priv_data = (byte *)XMALLOC(priv_data_len, key->heap,
params->height, params->p, params->rootLevels, params->cacheBits, DYNAMIC_TYPE_LMS);
params->hash_len), key->heap, DYNAMIC_TYPE_LMS);
/* Check pointer is valid. */ /* Check pointer is valid. */
if (key->priv_data == NULL) { if (key->priv_data == NULL) {
ret = MEMORY_E; ret = MEMORY_E;
} }
#ifdef WOLFSSL_WC_LMS_SERIALIZE_STATE
XMEMSET(key->priv_data, 0, priv_data_len);
#endif
} }
if (ret == 0) { if (ret == 0) {
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
@@ -759,7 +772,8 @@ int wc_LmsKey_MakeKey(LmsKey* key, WC_RNG* rng)
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
/* Allocate memory for working state. */ /* Allocate memory for working state. */
state = (LmsState*)XMALLOC(sizeof(LmsState), NULL, DYNAMIC_TYPE_TMP_BUFFER); state = (LmsState*)XMALLOC(sizeof(LmsState), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
if (state == NULL) { if (state == NULL) {
ret = MEMORY_E; ret = MEMORY_E;
} }
@@ -781,9 +795,18 @@ int wc_LmsKey_MakeKey(LmsKey* key, WC_RNG* rng)
} }
} }
if (ret == 0) { if (ret == 0) {
int rv;
/* Write private key to storage. */ /* Write private key to storage. */
int rv = key->write_private_key(key->priv_raw, #ifdef WOLFSSL_WC_LMS_SERIALIZE_STATE
XMEMCPY(key->priv_data + priv_data_len -
HSS_PRIVATE_KEY_LEN(key->params->hash_len), key->priv_raw,
HSS_PRIVATE_KEY_LEN(key->params->hash_len));
rv = key->write_private_key(key->priv_data, priv_data_len,
key->context);
#else
rv = key->write_private_key(key->priv_raw,
HSS_PRIVATE_KEY_LEN(key->params->hash_len), key->context); HSS_PRIVATE_KEY_LEN(key->params->hash_len), key->context);
#endif
if (rv != WC_LMS_RC_SAVED_TO_NV_MEMORY) { if (rv != WC_LMS_RC_SAVED_TO_NV_MEMORY) {
ret = IO_FAILED_E; ret = IO_FAILED_E;
} }
@@ -816,6 +839,7 @@ int wc_LmsKey_MakeKey(LmsKey* key, WC_RNG* rng)
int wc_LmsKey_Reload(LmsKey* key) int wc_LmsKey_Reload(LmsKey* key)
{ {
int ret = 0; int ret = 0;
int priv_data_len = 0;
/* Validate parameter. */ /* Validate parameter. */
if (key == NULL) { if (key == NULL) {
@@ -837,25 +861,46 @@ int wc_LmsKey_Reload(LmsKey* key)
ret = BAD_FUNC_ARG; ret = BAD_FUNC_ARG;
} }
if ((ret == 0) && (key->priv_data == NULL)) { if (ret == 0) {
const LmsParams* params = key->params; const LmsParams* params = key->params;
priv_data_len = LMS_PRIV_DATA_LEN(params->levels, params->height,
params->p, params->rootLevels, params->cacheBits, params->hash_len);
#ifdef WOLFSSL_WC_LMS_SERIALIZE_STATE
priv_data_len += HSS_PRIVATE_KEY_LEN(params->hash_len);
#endif
}
if ((ret == 0) && (key->priv_data == NULL)) {
/* Allocate memory for the private key data. */ /* Allocate memory for the private key data. */
key->priv_data = (byte *)XMALLOC(LMS_PRIV_DATA_LEN(params->levels, key->priv_data = (byte *)XMALLOC(priv_data_len, key->heap,
params->height, params->p, params->rootLevels, params->cacheBits, DYNAMIC_TYPE_LMS);
params->hash_len), key->heap, DYNAMIC_TYPE_LMS);
/* Check pointer is valid. */ /* Check pointer is valid. */
if (key->priv_data == NULL) { if (key->priv_data == NULL) {
ret = MEMORY_E; ret = MEMORY_E;
} }
} }
if (ret == 0) { if (ret == 0) {
int rv;
/* Load private key. */ /* Load private key. */
int rv = key->read_private_key(key->priv_raw, #ifdef WOLFSSL_WC_LMS_SERIALIZE_STATE
const LmsParams* params = key->params;
rv = key->read_private_key(key->priv_data, priv_data_len, key->context);
#else
rv = key->read_private_key(key->priv_raw,
HSS_PRIVATE_KEY_LEN(key->params->hash_len), key->context); HSS_PRIVATE_KEY_LEN(key->params->hash_len), key->context);
#endif
if (rv != WC_LMS_RC_READ_TO_MEMORY) { if (rv != WC_LMS_RC_READ_TO_MEMORY) {
ret = IO_FAILED_E; ret = IO_FAILED_E;
} }
#ifdef WOLFSSL_WC_LMS_SERIALIZE_STATE
if (ret == 0) {
XMEMCPY(key->priv_raw, key->priv_data + priv_data_len -
HSS_PRIVATE_KEY_LEN(params->hash_len),
HSS_PRIVATE_KEY_LEN(params->hash_len));
}
#endif
} }
/* Double check the key actually has signatures left. */ /* Double check the key actually has signatures left. */
@@ -874,7 +919,8 @@ int wc_LmsKey_Reload(LmsKey* key)
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
/* Allocate memory for working state. */ /* Allocate memory for working state. */
state = (LmsState*)XMALLOC(sizeof(LmsState), NULL, DYNAMIC_TYPE_TMP_BUFFER); state = (LmsState*)XMALLOC(sizeof(LmsState), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
if (state == NULL) { if (state == NULL) {
ret = MEMORY_E; ret = MEMORY_E;
} }
@@ -972,7 +1018,8 @@ int wc_LmsKey_Sign(LmsKey* key, byte* sig, word32* sigSz, const byte* msg,
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
/* Allocate memory for working state. */ /* Allocate memory for working state. */
state = (LmsState*)XMALLOC(sizeof(LmsState), NULL, DYNAMIC_TYPE_TMP_BUFFER); state = (LmsState*)XMALLOC(sizeof(LmsState), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
if (state == NULL) { if (state == NULL) {
ret = MEMORY_E; ret = MEMORY_E;
} }
@@ -997,9 +1044,24 @@ int wc_LmsKey_Sign(LmsKey* key, byte* sig, word32* sigSz, const byte* msg,
*sigSz = (word32)key->params->sig_len; *sigSz = (word32)key->params->sig_len;
} }
if (ret == 0) { if (ret == 0) {
int rv;
/* Write private key to storage. */ /* Write private key to storage. */
int rv = key->write_private_key(key->priv_raw, #ifdef WOLFSSL_WC_LMS_SERIALIZE_STATE
const LmsParams* params = key->params;
int priv_data_len = LMS_PRIV_DATA_LEN(params->levels, params->height,
params->p, params->rootLevels, params->cacheBits,
params->hash_len) + HSS_PRIVATE_KEY_LEN(key->params->hash_len);
XMEMCPY(key->priv_data + priv_data_len -
HSS_PRIVATE_KEY_LEN(params->hash_len), key->priv_raw,
HSS_PRIVATE_KEY_LEN(params->hash_len));
rv = key->write_private_key(key->priv_data, priv_data_len,
key->context);
#else
rv = key->write_private_key(key->priv_raw,
HSS_PRIVATE_KEY_LEN(key->params->hash_len), key->context); HSS_PRIVATE_KEY_LEN(key->params->hash_len), key->context);
#endif
if (rv != WC_LMS_RC_SAVED_TO_NV_MEMORY) { if (rv != WC_LMS_RC_SAVED_TO_NV_MEMORY) {
ret = IO_FAILED_E; ret = IO_FAILED_E;
} }
@@ -1234,7 +1296,8 @@ int wc_LmsKey_Verify(LmsKey* key, const byte* sig, word32 sigSz,
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
/* Allocate memory for working state. */ /* Allocate memory for working state. */
state = (LmsState*)XMALLOC(sizeof(LmsState), NULL, DYNAMIC_TYPE_TMP_BUFFER); state = (LmsState*)XMALLOC(sizeof(LmsState), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
if (state == NULL) { if (state == NULL) {
ret = MEMORY_E; ret = MEMORY_E;
} }

19
wolfcrypt/src/wc_lms_impl.c
View File

@@ -3208,7 +3208,7 @@ static void wc_hss_priv_data_store(const LmsParams* params, HssPrivKey* key,
int wc_hss_reload_key(LmsState* state, const byte* priv_raw, int wc_hss_reload_key(LmsState* state, const byte* priv_raw,
HssPrivKey* priv_key, byte* priv_data, byte* pub_root) HssPrivKey* priv_key, byte* priv_data, byte* pub_root)
{ {
int ret; int ret = 0;
(void)pub_root; (void)pub_root;
@@ -3217,6 +3217,10 @@ int wc_hss_reload_key(LmsState* state, const byte* priv_raw,
priv_key->inited = 0; priv_key->inited = 0;
#endif #endif
#ifdef WOLFSSL_WC_LMS_SERIALIZE_STATE
if (pub_root != NULL)
#endif
{
/* Expand the raw private key into the private key data. */ /* Expand the raw private key into the private key data. */
ret = wc_hss_expand_private_key(state, priv_key->priv, priv_raw, 0); ret = wc_hss_expand_private_key(state, priv_key->priv, priv_raw, 0);
#ifndef WOLFSSL_WC_LMS_SMALL #ifndef WOLFSSL_WC_LMS_SMALL
@@ -3234,10 +3238,13 @@ int wc_hss_reload_key(LmsState* state, const byte* priv_raw,
ret = wc_hss_presign(state, priv_key); ret = wc_hss_presign(state, priv_key);
} }
#endif /* !WOLFSSL_LMS_NO_SIG_CACHE */ #endif /* !WOLFSSL_LMS_NO_SIG_CACHE */
/* Set initialized flag. */
priv_key->inited = (ret == 0);
} }
#endif /* WOLFSSL_WC_LMS_SMALL */ #endif /* WOLFSSL_WC_LMS_SMALL */
}
#ifndef WOLFSSL_WC_LMS_SMALL
/* Set initialized flag. */
priv_key->inited = (ret == 0);
#endif
return ret; return ret;
} }
@@ -3301,6 +3308,10 @@ int wc_hss_make_key(LmsState* state, WC_RNG* rng, byte* priv_raw,
wc_lmots_public_key_encode(params, priv_key->priv, pub); wc_lmots_public_key_encode(params, priv_key->priv, pub);
} }
#ifdef WOLFSSL_WC_LMS_SERIALIZE_STATE
wc_hss_priv_data_store(state->params, priv_key, priv_data);
#endif
return ret; return ret;
} }
@@ -3581,7 +3592,7 @@ static int wc_hss_sign_build_sig(LmsState* state, byte* priv_raw,
* *
* @param [in, out] state LMS state. * @param [in, out] state LMS state.
* @param [in, out] priv_raw Raw private key bytes. * @param [in, out] priv_raw Raw private key bytes.
* @param [in, out] priv_key Private key data. * @param [in, out] priv_key Private key.
* @param [in, out] priv_data Private key data. * @param [in, out] priv_data Private key data.
* @param [in] msg Message to sign. * @param [in] msg Message to sign.
* @param [in] msgSz Length of message in bytes. * @param [in] msgSz Length of message in bytes.

5
wolfcrypt/test/test.c
View File

@@ -47911,8 +47911,13 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test(void)
word32 sigSz = 0; word32 sigSz = 0;
const char * msg = "LMS HSS post quantum signature test"; const char * msg = "LMS HSS post quantum signature test";
word32 msgSz = (word32) XSTRLEN(msg); word32 msgSz = (word32) XSTRLEN(msg);
#ifndef WOLFSSL_WC_LMS_SERIALIZE_STATE
unsigned char priv[HSS_MAX_PRIVATE_KEY_LEN]; unsigned char priv[HSS_MAX_PRIVATE_KEY_LEN];
unsigned char old_priv[HSS_MAX_PRIVATE_KEY_LEN]; unsigned char old_priv[HSS_MAX_PRIVATE_KEY_LEN];
#else
static unsigned char priv[64 * 1024 + HSS_MAX_PRIVATE_KEY_LEN];
static unsigned char old_priv[64 * 1024 + HSS_MAX_PRIVATE_KEY_LEN];
#endif
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
byte * sig = (byte*)XMALLOC(WC_TEST_LMS_SIG_LEN, HEAP_HINT, byte * sig = (byte*)XMALLOC(WC_TEST_LMS_SIG_LEN, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER); DYNAMIC_TYPE_TMP_BUFFER);