mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-05 16:20:48 +02:00
Merge pull request #10292 from Frauschi/liblms_libxmss_removal
Remove deprecated liblms and libxmss
This commit is contained in:
@@ -700,10 +700,8 @@ add_option(WOLFSSL_LMSSHA256192
|
||||
|
||||
if (WOLFSSL_LMS)
|
||||
list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_HAVE_LMS")
|
||||
list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_WC_LMS")
|
||||
|
||||
set_wolfssl_definitions("WOLFSSL_HAVE_LMS" RESULT)
|
||||
set_wolfssl_definitions("WOLFSSL_WC_LMS" RESULT)
|
||||
|
||||
if (WOLFSSL_LMSSHA256192)
|
||||
list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_LMS_SHA256_192")
|
||||
|
||||
@@ -34,10 +34,6 @@ RUN git clone --single-branch https://github.com/open-quantum-safe/liboqs.git &&
|
||||
|
||||
RUN mkdir /opt/sources
|
||||
|
||||
# install liblms
|
||||
RUN cd /opt/sources && git clone --single-branch https://github.com/cisco/hash-sigs.git && cd hash-sigs && git checkout b0631b8891295bf2929e68761205337b7c031726 \
|
||||
&& sed -i 's/USE_OPENSSL 1/USE_OPENSSL 0/g' sha256.h && make -j4 hss_lib_thread.a
|
||||
|
||||
# Install pkixssh to /opt/pkixssh for X509 interop testing with wolfSSH
|
||||
RUN mkdir /var/empty
|
||||
RUN cd /opt/sources && wget -q -O- https://roumenpetrov.info/secsh/src/pkixssh-15.1.tar.gz | tar xzf - && cd pkixssh-15.1 && ./configure --prefix=/opt/pkixssh/ --exec-prefix=/opt/pkixssh/ && make install
|
||||
|
||||
@@ -287,7 +287,6 @@ INCL_TARGS := wolfssl/callbacks.h \
|
||||
wolfssl/wolfcrypt/integer.h \
|
||||
wolfssl/wolfcrypt/kdf.h \
|
||||
wolfssl/wolfcrypt/kyber.h \
|
||||
wolfssl/wolfcrypt/lms.h \
|
||||
wolfssl/wolfcrypt/logging.h \
|
||||
wolfssl/wolfcrypt/md2.h \
|
||||
wolfssl/wolfcrypt/md4.h \
|
||||
@@ -327,11 +326,12 @@ INCL_TARGS := wolfssl/callbacks.h \
|
||||
wolfssl/wolfcrypt/visibility.h \
|
||||
wolfssl/wolfcrypt/wc_encrypt.h \
|
||||
wolfssl/wolfcrypt/wc_kyber.h \
|
||||
wolfssl/wolfcrypt/wc_lms.h \
|
||||
wolfssl/wolfcrypt/wc_pkcs11.h \
|
||||
wolfssl/wolfcrypt/wc_port.h \
|
||||
wolfssl/wolfcrypt/wc_xmss.h \
|
||||
wolfssl/wolfcrypt/wolfevent.h \
|
||||
wolfssl/wolfcrypt/wolfmath.h \
|
||||
wolfssl/wolfcrypt/xmss.h \
|
||||
wolfssl/wolfcrypt/port/nrf51.h \
|
||||
wolfssl/wolfcrypt/port/af_alg/afalg_hash.h \
|
||||
wolfssl/wolfcrypt/port/af_alg/wc_afalg.h \
|
||||
|
||||
@@ -87,8 +87,6 @@
|
||||
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|INtime'">true</ExcludedFromBuild>
|
||||
</ClCompile>
|
||||
<ClCompile Include="..\..\wolfcrypt\src\ext_kyber.c" />
|
||||
<ClCompile Include="..\..\wolfcrypt\src\ext_lms.c" />
|
||||
<ClCompile Include="..\..\wolfcrypt\src\ext_xmss.c" />
|
||||
<ClCompile Include="..\..\wolfcrypt\src\falcon.c" />
|
||||
<ClCompile Include="..\..\wolfcrypt\src\fe_448.c" />
|
||||
<ClCompile Include="..\..\wolfcrypt\src\fips.c" />
|
||||
|
||||
@@ -296,11 +296,7 @@ The wolfssl port in vcpkg is kept up to date by wolfSSL.
|
||||
|
||||
We also have vcpkg ports for wolftpm, wolfmqtt and curl.
|
||||
|
||||
17. Building with hash-sigs lib for LMS/HSS support [EXPERIMENTAL]
|
||||
|
||||
Deprecated. wolfSSL now has its own LMS/HSS implementation in wolfCrypt.
|
||||
|
||||
18. Building for Debian, Ubuntu, Linux Mint, and derivatives
|
||||
17. Building for Debian, Ubuntu, Linux Mint, and derivatives
|
||||
|
||||
To generate a .deb package, configure wolfSSL with the desired
|
||||
configuration. Then run `make deb` to generate a Debian package
|
||||
@@ -309,7 +305,7 @@ We also have vcpkg ports for wolftpm, wolfmqtt and curl.
|
||||
resulting packages are placed in the root directory of the
|
||||
project.
|
||||
|
||||
19. Building for RHEL, Fedora, CentOS, SUSE, and openSUSE
|
||||
18. Building for RHEL, Fedora, CentOS, SUSE, and openSUSE
|
||||
|
||||
To generate a .rpm package, configure wolfSSL with the desired
|
||||
configuration. Then run `make rpm` to generate a .rpm package
|
||||
@@ -317,8 +313,3 @@ We also have vcpkg ports for wolftpm, wolfmqtt and curl.
|
||||
Docker container, use `make rpm-docker`. In both cases the
|
||||
resulting packages are placed in the root directory of the
|
||||
project.
|
||||
|
||||
20. Building with xmss-reference lib for XMSS/XMSS^MT support [EXPERIMENTAL]
|
||||
|
||||
Deprecated. wolfSSL now has its own XMMS/XMSS^MT implementation in
|
||||
wolfCrypt.
|
||||
|
||||
+2
-149
@@ -1864,7 +1864,6 @@ do
|
||||
done
|
||||
|
||||
# XMSS
|
||||
ENABLED_WC_XMSS=no
|
||||
AC_ARG_ENABLE([xmss],
|
||||
[AS_HELP_STRING([--enable-xmss],[Enable stateful XMSS/XMSS^MT signatures (default: disabled)])],
|
||||
[ ENABLED_XMSS=$enableval ],
|
||||
@@ -1890,60 +1889,7 @@ do
|
||||
esac
|
||||
done
|
||||
|
||||
# libxmss
|
||||
# Get the path to xmss-reference.
|
||||
ENABLED_LIBXMSS="no"
|
||||
trylibxmssdir=""
|
||||
AC_ARG_WITH([libxmss],
|
||||
[AS_HELP_STRING([--with-libxmss=PATH],[PATH to xmss-reference root dir. (requires --enable-experimental)!])],
|
||||
[
|
||||
AS_IF([ test "$ENABLED_EXPERIMENTAL" != "yes" ],[ AC_MSG_ERROR([libxmss requires --enable-experimental.]) ])
|
||||
AC_MSG_CHECKING([for libxmss])
|
||||
|
||||
trylibxmssdir=$withval
|
||||
|
||||
if test -e $trylibxmssdir; then
|
||||
libxmss_linked=yes
|
||||
else
|
||||
AC_MSG_ERROR([libxmss isn't found.
|
||||
If it's already installed, specify its path using --with-libxmss=/dir/])
|
||||
fi
|
||||
if test "$XMSS_VERIFY_ONLY" = "yes"; then
|
||||
if test -e $trylibxmssdir/xmss_verify_lib.a; then
|
||||
CPPFLAGS="$AM_CPPFLAGS -DHAVE_LIBXMSS -I$trylibxmssdir"
|
||||
LIB_STATIC_ADD="$LIB_STATIC_ADD $trylibxmssdir/xmss_verify_lib.a"
|
||||
enable_shared=no
|
||||
enable_static=yes
|
||||
libxmss_linked=yes
|
||||
else
|
||||
AC_MSG_ERROR([xmss_verify_lib.a isn't found.
|
||||
If it's already installed, specify its path using --with-libxmss=/dir/])
|
||||
fi
|
||||
elif test -e $trylibxmssdir/xmss_lib.a; then
|
||||
CPPFLAGS="$AM_CPPFLAGS -DHAVE_LIBXMSS -I$trylibxmssdir"
|
||||
LIB_STATIC_ADD="$LIB_STATIC_ADD $trylibxmssdir/xmss_lib.a"
|
||||
enable_shared=no
|
||||
enable_static=yes
|
||||
libxmss_linked=yes
|
||||
else
|
||||
AC_MSG_ERROR([libxmss isn't found.
|
||||
If it's already installed, specify its path using --with-libxmss=/dir/])
|
||||
fi
|
||||
|
||||
XMSS_ROOT=$trylibxmssdir
|
||||
|
||||
AC_MSG_RESULT([yes])
|
||||
AM_CPPFLAGS="$CPPFLAGS"
|
||||
|
||||
AM_CFLAGS="$AM_CFLAGS -DHAVE_LIBXMSS -I$trylibxmssdir"
|
||||
ENABLED_LIBXMSS="yes"
|
||||
AC_SUBST([XMSS_ROOT])
|
||||
],
|
||||
[XMSS_ROOT=""]
|
||||
)
|
||||
|
||||
# LMS
|
||||
ENABLED_WC_LMS=no
|
||||
AC_ARG_ENABLE([lms],
|
||||
[AS_HELP_STRING([--enable-lms],[Enable stateful LMS/HSS signatures (default: disabled)])],
|
||||
[ ENABLED_LMS=$enableval ],
|
||||
@@ -1978,74 +1924,6 @@ do
|
||||
esac
|
||||
done
|
||||
|
||||
# liblms
|
||||
# Get the path to the hash-sigs LMS HSS lib.
|
||||
ENABLED_LIBLMS="no"
|
||||
tryliblmsdir=""
|
||||
AC_ARG_WITH([liblms],
|
||||
[AS_HELP_STRING([--with-liblms=PATH],[PATH to hash-sigs LMS/HSS install (default /usr/local) (requires --enable-experimental)!])],
|
||||
[
|
||||
AS_IF([ test "$ENABLED_EXPERIMENTAL" != "yes" ],[ AC_MSG_ERROR([liblms requires --enable-experimental.]) ])
|
||||
AC_MSG_CHECKING([for liblms])
|
||||
|
||||
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <hss.h>]], [[ param_set_t lm_type; param_set_t lm_ots_type; hss_get_public_key_len(4, &lm_type, &lm_ots_type); ]])], [ liblms_linked=yes ],[ liblms_linked=no ])
|
||||
|
||||
if test "x$liblms_linked" = "xno" ; then
|
||||
if test "x$withval" != "xno" ; then
|
||||
tryliblmsdir=$withval
|
||||
fi
|
||||
if test "x$withval" = "xyes" ; then
|
||||
tryliblmsdir="/usr/local"
|
||||
fi
|
||||
|
||||
# 1. If verify only build, use hss_verify.a
|
||||
# 2. If normal build, by default use single-threaded hss_lib.a
|
||||
# 3. If 2 not found, then use the multi-threaded hss_lib_thread.a
|
||||
if test "$LMS_VERIFY_ONLY" = "yes"; then
|
||||
if test -e $tryliblmsdir/hss_verify.a; then
|
||||
CPPFLAGS="$AM_CPPFLAGS -DHAVE_LIBLMS -I$tryliblmsdir"
|
||||
LIB_STATIC_ADD="$LIB_STATIC_ADD $tryliblmsdir/hss_verify.a"
|
||||
enable_shared=no
|
||||
enable_static=yes
|
||||
liblms_linked=yes
|
||||
else
|
||||
AC_MSG_ERROR([hss_verify.a isn't found.
|
||||
If it's already installed, specify its path using --with-liblms=/dir/])
|
||||
fi
|
||||
elif test -e $tryliblmsdir/hss_lib.a; then
|
||||
CPPFLAGS="$AM_CPPFLAGS -DHAVE_LIBLMS -I$tryliblmsdir"
|
||||
LIB_STATIC_ADD="$LIB_STATIC_ADD $tryliblmsdir/hss_lib.a"
|
||||
enable_shared=no
|
||||
enable_static=yes
|
||||
liblms_linked=yes
|
||||
elif test -e $tryliblmsdir/hss_lib_thread.a; then
|
||||
CPPFLAGS="$AM_CPPFLAGS -DHAVE_LIBLMS -I$tryliblmsdir"
|
||||
LIB_STATIC_ADD="$LIB_STATIC_ADD $tryliblmsdir/hss_lib_thread.a"
|
||||
enable_shared=no
|
||||
enable_static=yes
|
||||
liblms_linked=yes
|
||||
else
|
||||
AC_MSG_ERROR([liblms isn't found.
|
||||
If it's already installed, specify its path using --with-liblms=/dir/])
|
||||
fi
|
||||
|
||||
if test "x$liblms_linked" = "xno" ; then
|
||||
AC_MSG_ERROR([liblms isn't found.
|
||||
If it's already installed, specify its path using --with-liblms=/dir/])
|
||||
fi
|
||||
|
||||
AC_MSG_RESULT([yes])
|
||||
AM_CPPFLAGS="$CPPFLAGS"
|
||||
AM_LDFLAGS="$LDFLAGS"
|
||||
else
|
||||
AC_MSG_RESULT([yes])
|
||||
fi
|
||||
|
||||
AM_CFLAGS="$AM_CFLAGS -DHAVE_LIBLMS"
|
||||
ENABLED_LIBLMS="yes"
|
||||
]
|
||||
)
|
||||
|
||||
# SLH-DSA
|
||||
ENABLED_SLHDSA=yes
|
||||
AC_ARG_ENABLE([slhdsa],
|
||||
@@ -7558,28 +7436,12 @@ fi
|
||||
if test "$ENABLED_XMSS" != "no"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_XMSS"
|
||||
|
||||
# Use hash-sigs XMSS lib if enabled.
|
||||
if test "$ENABLED_LIBXMSS" = "yes"; then
|
||||
ENABLED_WC_XMSS=no
|
||||
else
|
||||
ENABLED_WC_XMSS=yes
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WC_XMSS"
|
||||
fi
|
||||
fi
|
||||
|
||||
# LMS CFLAG processing (after FIPS section for sandwich pattern)
|
||||
if test "$ENABLED_LMS" != "no"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_LMS"
|
||||
|
||||
# Use hash-sigs LMS lib if enabled.
|
||||
if test "$ENABLED_LIBLMS" = "yes"; then
|
||||
ENABLED_WC_LMS=no
|
||||
else
|
||||
ENABLED_WC_LMS=yes
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WC_LMS"
|
||||
fi
|
||||
fi
|
||||
|
||||
# SLH-DSA CFLAG processing (after FIPS section for sandwich pattern)
|
||||
@@ -12205,8 +12067,8 @@ AM_CONDITIONAL([BUILD_FE448], [test "x$ENABLED_FE448" = "xyes" || test "x$ENABLE
|
||||
AM_CONDITIONAL([BUILD_GE448], [test "x$ENABLED_GE448" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
||||
AM_CONDITIONAL([BUILD_CURVE448],[test "x$ENABLED_CURVE448" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
||||
AM_CONDITIONAL([BUILD_CURVE448_SMALL],[test "x$ENABLED_CURVE448_SMALL" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
||||
AM_CONDITIONAL([BUILD_WC_LMS],[test "x$ENABLED_WC_LMS" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
||||
AM_CONDITIONAL([BUILD_WC_XMSS],[test "x$ENABLED_WC_XMSS" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
||||
AM_CONDITIONAL([BUILD_WC_LMS],[test "x$ENABLED_LMS" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
||||
AM_CONDITIONAL([BUILD_WC_XMSS],[test "x$ENABLED_XMSS" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
||||
AM_CONDITIONAL([BUILD_WC_SLHDSA],[test "x$ENABLED_SLHDSA" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
||||
AM_CONDITIONAL([BUILD_WC_MLKEM],[test "x$ENABLED_WC_MLKEM" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
||||
AM_CONDITIONAL([BUILD_DILITHIUM],[test "x$ENABLED_DILITHIUM" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
||||
@@ -12257,8 +12119,6 @@ AM_CONDITIONAL([BUILD_OCSP_STAPLING_MULTI],[test "x$ENABLED_CERTIFICATE_STATUS_R
|
||||
AM_CONDITIONAL([BUILD_OCSP_STAPLING_V2],[test "x$ENABLED_CERTIFICATE_STATUS_REQUEST_V2" = "xyes"])
|
||||
AM_CONDITIONAL([BUILD_CRL],[test "x$ENABLED_CRL" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
||||
AM_CONDITIONAL([BUILD_CRL_MONITOR],[test "x$ENABLED_CRL_MONITOR" = "xyes"])
|
||||
AM_CONDITIONAL([BUILD_LIBLMS],[test "x$ENABLED_LIBLMS" = "xyes"])
|
||||
AM_CONDITIONAL([BUILD_LIBXMSS],[test "x$ENABLED_LIBXMSS" = "xyes"])
|
||||
AM_CONDITIONAL([BUILD_LIBOQS],[test "x$ENABLED_LIBOQS" = "xyes"])
|
||||
AM_CONDITIONAL([BUILD_WNR],[test "x$ENABLED_WNR" = "xyes"])
|
||||
AM_CONDITIONAL([BUILD_SRP],[test "x$ENABLED_SRP" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
||||
@@ -12760,12 +12620,7 @@ echo " * CURVE448: $ENABLED_CURVE448"
|
||||
echo " * ED448: $ENABLED_ED448"
|
||||
echo " * ED448 streaming: $ENABLED_ED448_STREAM"
|
||||
echo " * LMS: $ENABLED_LMS"
|
||||
echo " * LMS wolfSSL impl: $ENABLED_WC_LMS"
|
||||
echo " * XMSS: $ENABLED_XMSS"
|
||||
echo " * XMSS wolfSSL impl: $ENABLED_WC_XMSS"
|
||||
if test "$ENABLED_LIBXMSS" = "yes"; then
|
||||
echo " * XMSS_ROOT: $XMSS_ROOT"
|
||||
fi
|
||||
echo " * SLH-DSA $ENABLED_SLHDSA"
|
||||
echo " * MLKEM: $ENABLED_MLKEM"
|
||||
echo " * MLKEM wolfSSL impl: $ENABLED_WC_MLKEM"
|
||||
@@ -12826,8 +12681,6 @@ echo " * Persistent session cache: $ENABLED_SAVESESSION"
|
||||
echo " * Persistent cert cache: $ENABLED_SAVECERT"
|
||||
echo " * Atomic User Record Layer: $ENABLED_ATOMICUSER"
|
||||
echo " * Public Key Callbacks: $ENABLED_PKCALLBACKS"
|
||||
echo " * libxmss: $ENABLED_LIBXMSS"
|
||||
echo " * liblms: $ENABLED_LIBLMS"
|
||||
echo " * liboqs: $ENABLED_LIBOQS"
|
||||
echo " * Whitewood netRandom: $ENABLED_WNR"
|
||||
echo " * Server Name Indication: $ENABLED_SNI"
|
||||
|
||||
@@ -105,7 +105,6 @@ extern "C" {
|
||||
/* ------------------------------------------------- */
|
||||
#if 0 /* LMS signatures */
|
||||
#define WOLFSSL_HAVE_LMS
|
||||
#define WOLFSSL_WC_LMS
|
||||
#ifndef LMS_LEVELS
|
||||
#define LMS_LEVELS 2
|
||||
#endif
|
||||
@@ -122,7 +121,6 @@ extern "C" {
|
||||
/* ------------------------------------------------- */
|
||||
#if 0 /* XMSS signatures */
|
||||
#define WOLFSSL_HAVE_XMSS
|
||||
#define WOLFSSL_WC_XMSS
|
||||
#ifndef WOLFSSL_XMSS_MAX_HEIGHT
|
||||
#define WOLFSSL_XMSS_MAX_HEIGHT 20
|
||||
#endif
|
||||
|
||||
@@ -131,7 +131,6 @@ extern "C" {
|
||||
|
||||
#if 1 /* LMS */
|
||||
#define WOLFSSL_HAVE_LMS
|
||||
#define WOLFSSL_WC_LMS
|
||||
#ifndef LMS_LEVELS
|
||||
#define LMS_LEVELS 1
|
||||
#endif
|
||||
@@ -145,7 +144,6 @@ extern "C" {
|
||||
|
||||
#if 1 /* XMSS */
|
||||
#define WOLFSSL_HAVE_XMSS
|
||||
#define WOLFSSL_WC_XMSS
|
||||
#ifndef WOLFSSL_XMSS_MAX_HEIGHT
|
||||
#define WOLFSSL_XMSS_MAX_HEIGHT 32
|
||||
#endif
|
||||
|
||||
@@ -158,21 +158,11 @@
|
||||
#endif
|
||||
#endif
|
||||
#if defined(WOLFSSL_HAVE_XMSS)
|
||||
#include <wolfssl/wolfcrypt/xmss.h>
|
||||
#ifdef HAVE_LIBXMSS
|
||||
#include <wolfssl/wolfcrypt/ext_xmss.h>
|
||||
#else
|
||||
#include <wolfssl/wolfcrypt/wc_xmss.h>
|
||||
#endif
|
||||
#endif
|
||||
#if defined(WOLFSSL_HAVE_LMS)
|
||||
#include <wolfssl/wolfcrypt/lms.h>
|
||||
#ifdef HAVE_LIBLMS
|
||||
#include <wolfssl/wolfcrypt/ext_lms.h>
|
||||
#else
|
||||
#include <wolfssl/wolfcrypt/wc_lms.h>
|
||||
#endif
|
||||
#endif
|
||||
#ifdef HAVE_DILITHIUM
|
||||
#include <wolfssl/wolfcrypt/dilithium.h>
|
||||
#endif
|
||||
|
||||
@@ -1984,14 +1984,6 @@ src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/ext_mlkem.c
|
||||
src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/liboqs/liboqs.c
|
||||
endif
|
||||
|
||||
if BUILD_LIBLMS
|
||||
src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/ext_lms.c
|
||||
endif
|
||||
|
||||
if BUILD_LIBXMSS
|
||||
src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/ext_xmss.c
|
||||
endif
|
||||
|
||||
if BUILD_LIBZ
|
||||
src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/compress.c
|
||||
endif
|
||||
|
||||
+4
-8
@@ -35623,11 +35623,9 @@ int stopOnFail = 0;
|
||||
int test_wc_LmsKey_sign_verify(void);
|
||||
int test_wc_LmsKey_reload_cache(void);
|
||||
|
||||
#if defined(WOLFSSL_HAVE_LMS) && defined(WOLFSSL_WC_LMS) && \
|
||||
!defined(WOLFSSL_LMS_VERIFY_ONLY)
|
||||
#if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY)
|
||||
|
||||
#include <wolfssl/wolfcrypt/wc_lms.h>
|
||||
#include <wolfssl/wolfcrypt/lms.h>
|
||||
|
||||
#define LMS_TEST_PRIV_KEY_FILE "/tmp/wolfssl_test_lms.key"
|
||||
|
||||
@@ -35680,7 +35678,7 @@ static int test_lms_init_key(LmsKey* key, WC_RNG* rng)
|
||||
return 0;
|
||||
}
|
||||
|
||||
#endif /* WOLFSSL_HAVE_LMS && WOLFSSL_WC_LMS && !WOLFSSL_LMS_VERIFY_ONLY */
|
||||
#endif /* WOLFSSL_HAVE_LMS && !WOLFSSL_LMS_VERIFY_ONLY */
|
||||
|
||||
/*
|
||||
* Test basic LMS sign/verify with multiple signings.
|
||||
@@ -35689,8 +35687,7 @@ static int test_lms_init_key(LmsKey* key, WC_RNG* rng)
|
||||
int test_wc_LmsKey_sign_verify(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
#if defined(WOLFSSL_HAVE_LMS) && defined(WOLFSSL_WC_LMS) && \
|
||||
!defined(WOLFSSL_LMS_VERIFY_ONLY)
|
||||
#if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY)
|
||||
LmsKey key;
|
||||
WC_RNG rng;
|
||||
byte msg[] = "test message for LMS signing";
|
||||
@@ -35739,8 +35736,7 @@ int test_wc_LmsKey_sign_verify(void)
|
||||
int test_wc_LmsKey_reload_cache(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
#if defined(WOLFSSL_HAVE_LMS) && defined(WOLFSSL_WC_LMS) && \
|
||||
!defined(WOLFSSL_LMS_VERIFY_ONLY)
|
||||
#if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY)
|
||||
LmsKey key;
|
||||
LmsKey vkey;
|
||||
WC_RNG rng;
|
||||
|
||||
@@ -178,20 +178,10 @@
|
||||
#endif
|
||||
#endif
|
||||
#if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY)
|
||||
#include <wolfssl/wolfcrypt/lms.h>
|
||||
#ifdef HAVE_LIBLMS
|
||||
#include <wolfssl/wolfcrypt/ext_lms.h>
|
||||
#else
|
||||
#include <wolfssl/wolfcrypt/wc_lms.h>
|
||||
#endif
|
||||
#include <wolfssl/wolfcrypt/wc_lms.h>
|
||||
#endif
|
||||
#if defined(WOLFSSL_HAVE_XMSS) && !defined(WOLFSSL_XMSS_VERIFY_ONLY)
|
||||
#include <wolfssl/wolfcrypt/xmss.h>
|
||||
#ifdef HAVE_LIBXMSS
|
||||
#include <wolfssl/wolfcrypt/ext_xmss.h>
|
||||
#else
|
||||
#include <wolfssl/wolfcrypt/wc_xmss.h>
|
||||
#endif
|
||||
#include <wolfssl/wolfcrypt/wc_xmss.h>
|
||||
#endif
|
||||
#if defined(WOLFSSL_HAVE_SLHDSA)
|
||||
#include <wolfssl/wolfcrypt/wc_slhdsa.h>
|
||||
@@ -11894,10 +11884,8 @@ static void bench_lms_sign_verify(enum wc_LmsParm parm, byte* pub)
|
||||
|
||||
#ifndef WOLFSSL_WC_LMS_SMALL
|
||||
do {
|
||||
#ifdef WOLFSSL_WC_LMS
|
||||
key.priv.inited = 0;
|
||||
key.state = WC_LMS_STATE_PARMSET;
|
||||
#endif
|
||||
ret = wc_LmsKey_Reload(&key);
|
||||
if (ret) {
|
||||
printf("wc_LmsKey_Reload failed: %d\n", ret);
|
||||
@@ -11918,9 +11906,6 @@ static void bench_lms_sign_verify(enum wc_LmsParm parm, byte* pub)
|
||||
printf("wc_LmsKey_GetPrivLen failed: %d\n", ret);
|
||||
goto exit_lms_sign_verify;
|
||||
}
|
||||
#ifdef HAVE_LIBLMS
|
||||
break;
|
||||
#endif
|
||||
} while (bench_stats_check(start)
|
||||
#ifdef MULTI_VALUE_STATISTICS
|
||||
|| runs < minimum_runs
|
||||
@@ -12039,7 +12024,7 @@ void bench_lms(void)
|
||||
|
||||
#ifndef WOLFSSL_NO_LMS_SHA256_256
|
||||
#ifdef BENCH_LMS_SLOW_KEYGEN
|
||||
#if !defined(WOLFSSL_WC_LMS) || (LMS_MAX_HEIGHT >= 15)
|
||||
#if (LMS_MAX_HEIGHT >= 15)
|
||||
bench_lms_keygen(WC_LMS_PARM_L1_H15_W2, pub);
|
||||
bench_lms_sign_verify(WC_LMS_PARM_L1_H15_W2, pub);
|
||||
bench_lms_keygen(WC_LMS_PARM_L1_H15_W4, pub);
|
||||
@@ -12048,8 +12033,7 @@ void bench_lms(void)
|
||||
#define LMS_PARAMS_BENCHED
|
||||
#endif
|
||||
#endif
|
||||
#if !defined(WOLFSSL_WC_LMS) || ((LMS_MAX_LEVELS >= 2) && \
|
||||
(LMS_MAX_HEIGHT >= 10))
|
||||
#if (LMS_MAX_LEVELS >= 2) && (LMS_MAX_HEIGHT >= 10)
|
||||
bench_lms_keygen(WC_LMS_PARM_L2_H10_W2, pub);
|
||||
bench_lms_sign_verify(WC_LMS_PARM_L2_H10_W2, pub);
|
||||
bench_lms_keygen(WC_LMS_PARM_L2_H10_W4, pub);
|
||||
@@ -12061,7 +12045,7 @@ void bench_lms(void)
|
||||
bench_lms_sign_verify(WC_LMS_PARM_L2_H10_W8, pub);
|
||||
#endif
|
||||
#endif
|
||||
#if !defined(WOLFSSL_WC_LMS) || (LMS_MAX_LEVELS >= 3)
|
||||
#if (LMS_MAX_LEVELS >= 3)
|
||||
bench_lms_keygen(WC_LMS_PARM_L3_H5_W4, pub);
|
||||
bench_lms_sign_verify(WC_LMS_PARM_L3_H5_W4, pub);
|
||||
bench_lms_keygen(WC_LMS_PARM_L3_H5_W8, pub);
|
||||
@@ -12069,17 +12053,16 @@ void bench_lms(void)
|
||||
#undef LMS_PARAMS_BENCHED
|
||||
#define LMS_PARAMS_BENCHED
|
||||
#endif
|
||||
#if !defined(WOLFSSL_WC_LMS) || ((LMS_MAX_LEVELS >= 3) && \
|
||||
(LMS_MAX_HEIGHT >= 10))
|
||||
#if (LMS_MAX_LEVELS >= 3) && (LMS_MAX_HEIGHT >= 10)
|
||||
bench_lms_keygen(WC_LMS_PARM_L3_H10_W4, pub);
|
||||
bench_lms_sign_verify(WC_LMS_PARM_L3_H10_W4, pub);
|
||||
#endif
|
||||
#if !defined(WOLFSSL_WC_LMS) || (LMS_MAX_LEVELS >= 4)
|
||||
#if (LMS_MAX_LEVELS >= 4)
|
||||
bench_lms_keygen(WC_LMS_PARM_L4_H5_W8, pub);
|
||||
bench_lms_sign_verify(WC_LMS_PARM_L4_H5_W8, pub);
|
||||
#endif
|
||||
|
||||
#if defined(WOLFSSL_WC_LMS) && !defined(LMS_PARAMS_BENCHED)
|
||||
#ifndef LMS_PARAMS_BENCHED
|
||||
bench_lms_keygen(WC_LMS_PARM_L1_H5_W1, pub);
|
||||
bench_lms_sign_verify(WC_LMS_PARM_L1_H5_W1, pub);
|
||||
#endif
|
||||
@@ -12087,7 +12070,7 @@ void bench_lms(void)
|
||||
|
||||
#ifdef WOLFSSL_LMS_SHA256_192
|
||||
#ifdef BENCH_LMS_SLOW_KEYGEN
|
||||
#if !defined(WOLFSSL_WC_LMS) || (LMS_MAX_HEIGHT >= 15)
|
||||
#if (LMS_MAX_HEIGHT >= 15)
|
||||
bench_lms_keygen(WC_LMS_PARM_SHA256_192_L1_H15_W2, pub);
|
||||
bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L1_H15_W2, pub);
|
||||
bench_lms_keygen(WC_LMS_PARM_SHA256_192_L1_H15_W4, pub);
|
||||
@@ -12096,8 +12079,7 @@ void bench_lms(void)
|
||||
#define LMS_PARAMS_BENCHED
|
||||
#endif
|
||||
#endif
|
||||
#if !defined(WOLFSSL_WC_LMS) || ((LMS_MAX_LEVELS >= 2) && \
|
||||
(LMS_MAX_HEIGHT >= 10))
|
||||
#if (LMS_MAX_LEVELS >= 2) && (LMS_MAX_HEIGHT >= 10)
|
||||
bench_lms_keygen(WC_LMS_PARM_SHA256_192_L2_H10_W2, pub);
|
||||
bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L2_H10_W2, pub);
|
||||
bench_lms_keygen(WC_LMS_PARM_SHA256_192_L2_H10_W4, pub);
|
||||
@@ -12109,7 +12091,7 @@ void bench_lms(void)
|
||||
bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L2_H10_W8, pub);
|
||||
#endif
|
||||
#endif
|
||||
#if !defined(WOLFSSL_WC_LMS) || (LMS_MAX_LEVELS >= 3)
|
||||
#if (LMS_MAX_LEVELS >= 3)
|
||||
bench_lms_keygen(WC_LMS_PARM_SHA256_192_L3_H5_W4, pub);
|
||||
bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L3_H5_W4, pub);
|
||||
bench_lms_keygen(WC_LMS_PARM_SHA256_192_L3_H5_W8, pub);
|
||||
@@ -12117,17 +12099,16 @@ void bench_lms(void)
|
||||
#undef LMS_PARAMS_BENCHED
|
||||
#define LMS_PARAMS_BENCHED
|
||||
#endif
|
||||
#if !defined(WOLFSSL_WC_LMS) || ((LMS_MAX_LEVELS >= 3) && \
|
||||
(LMS_MAX_HEIGHT >= 10))
|
||||
#if (LMS_MAX_LEVELS >= 3) && (LMS_MAX_HEIGHT >= 10)
|
||||
bench_lms_keygen(WC_LMS_PARM_SHA256_192_L3_H10_W4, pub);
|
||||
bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L3_H10_W4, pub);
|
||||
#endif
|
||||
#if !defined(WOLFSSL_WC_LMS) || (LMS_MAX_LEVELS >= 4)
|
||||
#if (LMS_MAX_LEVELS >= 4)
|
||||
bench_lms_keygen(WC_LMS_PARM_SHA256_192_L4_H5_W8, pub);
|
||||
bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L4_H5_W8, pub);
|
||||
#endif
|
||||
|
||||
#if defined(WOLFSSL_WC_LMS) && !defined(LMS_PARAMS_BENCHED)
|
||||
#ifndef LMS_PARAMS_BENCHED
|
||||
bench_lms_keygen(WC_LMS_PARM_SHA256_192_L1_H5_W1, pub);
|
||||
bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L1_H5_W1, pub);
|
||||
#endif
|
||||
@@ -12208,13 +12189,6 @@ static void bench_xmss_sign_verify(const char * params)
|
||||
printf("wc_XmssKey_GetPubLen failed: %d\n", ret);
|
||||
goto exit_xmss_sign_verify;
|
||||
}
|
||||
#ifndef WOLFSSL_WC_XMSS
|
||||
if (pkSz != XMSS_SHA256_PUBLEN) {
|
||||
printf("error: xmss pub len: got %u, expected %d\n", pkSz,
|
||||
XMSS_SHA256_PUBLEN);
|
||||
goto exit_xmss_sign_verify;
|
||||
}
|
||||
#endif
|
||||
|
||||
ret = wc_XmssKey_GetPrivLen(&key, &skSz);
|
||||
if (ret != 0 || skSz <= 0) {
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@@ -21,7 +21,7 @@
|
||||
|
||||
#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
|
||||
|
||||
#if defined(WOLFSSL_HAVE_LMS) && defined(WOLFSSL_WC_LMS)
|
||||
#if defined(WOLFSSL_HAVE_LMS)
|
||||
|
||||
#if FIPS_VERSION3_GE(2,0,0)
|
||||
/* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */
|
||||
@@ -721,7 +721,7 @@ int wc_LmsKey_SetLmsParm(LmsKey* key, enum wc_LmsParm lmsParm)
|
||||
/* Set the parameters of an LMS key.
|
||||
*
|
||||
* Use this if you wish to set specific parameters not found in the
|
||||
* wc_LmsParm predefined sets. See comments in lms.h for allowed
|
||||
* wc_LmsParm predefined sets. See comments in wc_lms.h for allowed
|
||||
* parameters.
|
||||
*
|
||||
* Key must be inited before calling this.
|
||||
@@ -1597,4 +1597,4 @@ const byte * wc_LmsKey_GetKidFromPrivRaw(const byte * priv, word32 privSz)
|
||||
|
||||
#endif
|
||||
|
||||
#endif /* WOLFSSL_HAVE_LMS && WOLFSSL_WC_LMS */
|
||||
#endif /* WOLFSSL_HAVE_LMS */
|
||||
|
||||
@@ -48,7 +48,7 @@
|
||||
#include <wolfcrypt/src/misc.c>
|
||||
#endif
|
||||
|
||||
#if defined(WOLFSSL_HAVE_LMS) && defined(WOLFSSL_WC_LMS)
|
||||
#ifdef WOLFSSL_HAVE_LMS
|
||||
|
||||
/* Length of R in bytes. */
|
||||
#define LMS_R_LEN 4
|
||||
@@ -4108,5 +4108,5 @@ int wc_hss_verify(LmsState* state, const byte* pub, const byte* msg,
|
||||
return ret;
|
||||
}
|
||||
|
||||
#endif /* WOLFSSL_HAVE_LMS && WOLFSSL_WC_LMS */
|
||||
#endif /* WOLFSSL_HAVE_LMS */
|
||||
|
||||
|
||||
@@ -839,7 +839,7 @@ int wc_XmssKey_Init(XmssKey* key, void* heap, int devId)
|
||||
/* Set the XMSS key parameter string.
|
||||
*
|
||||
* The input string must be one of the supported parm set names in
|
||||
* the "Name" section from the table in wolfssl/wolfcrypt/xmss.h,
|
||||
* the "Name" section from the table in wolfssl/wolfcrypt/wc_xmss.h,
|
||||
* e.g. "XMSS-SHA2_10_256" or "XMSSMT-SHA2_20/4_256".
|
||||
*
|
||||
* @param [in] key The XMSS key to set.
|
||||
|
||||
+6
-26
@@ -401,21 +401,11 @@ static const byte const_byte_array[] = "A+Gd\0\0\0";
|
||||
#include <wolfssl/wolfcrypt/dilithium.h>
|
||||
#endif
|
||||
#if defined(WOLFSSL_HAVE_XMSS)
|
||||
#include <wolfssl/wolfcrypt/xmss.h>
|
||||
#ifdef HAVE_LIBXMSS
|
||||
#include <wolfssl/wolfcrypt/ext_xmss.h>
|
||||
#else
|
||||
#include <wolfssl/wolfcrypt/wc_xmss.h>
|
||||
#endif
|
||||
#endif
|
||||
#if defined(WOLFSSL_HAVE_LMS)
|
||||
#include <wolfssl/wolfcrypt/lms.h>
|
||||
#ifdef HAVE_LIBLMS
|
||||
#include <wolfssl/wolfcrypt/ext_lms.h>
|
||||
#else
|
||||
#include <wolfssl/wolfcrypt/wc_lms.h>
|
||||
#endif
|
||||
#endif
|
||||
#if defined(WOLFSSL_HAVE_SLHDSA)
|
||||
#include <wolfssl/wolfcrypt/wc_slhdsa.h>
|
||||
#endif
|
||||
@@ -978,11 +968,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t scrypt_test(void);
|
||||
#endif
|
||||
#endif
|
||||
#if defined(WOLFSSL_HAVE_LMS)
|
||||
#if !defined(WOLFSSL_SMALL_STACK)
|
||||
#if (defined(WOLFSSL_WC_LMS) && (LMS_MAX_HEIGHT >= 10) && \
|
||||
!defined(WOLFSSL_NO_LMS_SHA256_256)) || defined(HAVE_LIBLMS)
|
||||
#if !defined(WOLFSSL_SMALL_STACK) && (LMS_MAX_HEIGHT >= 10) && \
|
||||
!defined(WOLFSSL_NO_LMS_SHA256_256)
|
||||
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test_verify_only(void);
|
||||
#endif
|
||||
#endif
|
||||
#if !defined(WOLFSSL_LMS_VERIFY_ONLY)
|
||||
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test(void);
|
||||
@@ -3178,14 +3166,12 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
|
||||
#endif /* if defined(WOLFSSL_HAVE_XMSS) */
|
||||
|
||||
#if defined(WOLFSSL_HAVE_LMS)
|
||||
#if !defined(WOLFSSL_SMALL_STACK)
|
||||
#if (defined(WOLFSSL_WC_LMS) && (LMS_MAX_HEIGHT >= 10) && \
|
||||
!defined(WOLFSSL_NO_LMS_SHA256_256)) || defined(HAVE_LIBLMS)
|
||||
#if !defined(WOLFSSL_SMALL_STACK) && (LMS_MAX_HEIGHT >= 10) && \
|
||||
!defined(WOLFSSL_NO_LMS_SHA256_256)
|
||||
if ( (ret = lms_test_verify_only()) != 0)
|
||||
TEST_FAIL("LMS Vfy test failed!\n", ret);
|
||||
else
|
||||
TEST_PASS("LMS Vfy test passed!\n");
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#if !defined(WOLFSSL_LMS_VERIFY_ONLY)
|
||||
@@ -53463,10 +53449,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test(void)
|
||||
#else
|
||||
byte sig[WC_TEST_LMS_SIG_LEN];
|
||||
#endif
|
||||
#if !defined(HAVE_LIBLMS)
|
||||
const byte * kid;
|
||||
word32 kidSz;
|
||||
#endif
|
||||
|
||||
WOLFSSL_ENTER("lms_test");
|
||||
|
||||
@@ -53525,7 +53509,6 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test(void)
|
||||
|
||||
XMEMCPY(old_priv, priv, sizeof(priv));
|
||||
|
||||
#if !defined(HAVE_LIBLMS)
|
||||
ret = wc_LmsKey_GetKid(NULL, NULL, NULL);
|
||||
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
|
||||
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
|
||||
@@ -53552,7 +53535,6 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test(void)
|
||||
if (kidSz != WC_LMS_I_LEN) {
|
||||
ERROR_OUT(WC_TEST_RET_ENC_I(kidSz), out);
|
||||
}
|
||||
#endif
|
||||
|
||||
ret = wc_LmsKey_ExportPub(&verifyKey, &signingKey);
|
||||
if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); }
|
||||
@@ -53663,9 +53645,8 @@ out:
|
||||
|
||||
#endif /* if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY) */
|
||||
|
||||
#if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_SMALL_STACK)
|
||||
#if (defined(WOLFSSL_WC_LMS) && (LMS_MAX_HEIGHT >= 10) && \
|
||||
!defined(WOLFSSL_NO_LMS_SHA256_256)) || defined(HAVE_LIBLMS)
|
||||
#if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_SMALL_STACK) && \
|
||||
(LMS_MAX_HEIGHT >= 10) && !defined(WOLFSSL_NO_LMS_SHA256_256)
|
||||
|
||||
/* A simple LMS verify only test.
|
||||
*
|
||||
@@ -54009,7 +53990,6 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test_verify_only(void)
|
||||
return ret;
|
||||
}
|
||||
|
||||
#endif
|
||||
#endif /* if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_SMALL_STACK) */
|
||||
|
||||
#if defined(WOLFSSL_HAVE_SLHDSA)
|
||||
|
||||
@@ -314,8 +314,7 @@ extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t scrypt_test(void);
|
||||
#endif
|
||||
#if defined(WOLFSSL_HAVE_LMS)
|
||||
#if !defined(WOLFSSL_SMALL_STACK)
|
||||
#if (defined(WOLFSSL_WC_LMS) && (LMS_MAX_HEIGHT >= 10) && \
|
||||
!defined(WOLFSSL_NO_LMS_SHA256_256)) || defined(HAVE_LIBLMS)
|
||||
#if (LMS_MAX_HEIGHT >= 10) && !defined(WOLFSSL_NO_LMS_SHA256_256)
|
||||
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test_verify_only(void);
|
||||
#endif
|
||||
#endif
|
||||
|
||||
@@ -1,62 +0,0 @@
|
||||
/* ext_lms.h
|
||||
*
|
||||
* Copyright (C) 2006-2026 wolfSSL Inc.
|
||||
*
|
||||
* This file is part of wolfSSL.
|
||||
*
|
||||
* wolfSSL is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* wolfSSL is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
||||
*/
|
||||
|
||||
#ifndef EXT_LMS_H
|
||||
#define EXT_LMS_H
|
||||
|
||||
#if defined(WOLFSSL_HAVE_LMS) && defined(HAVE_LIBLMS)
|
||||
|
||||
#include <wolfssl/wolfcrypt/lms.h>
|
||||
|
||||
/* hash-sigs LMS HSS includes */
|
||||
#include <hss.h>
|
||||
|
||||
#if defined(WOLFSSL_WC_LMS)
|
||||
#error "This code is incompatible with wolfCrypt's implementation of LMS."
|
||||
#endif
|
||||
|
||||
/*
|
||||
* The hash-sigs LMS lib supports from MIN_HSS_LEVELS to MAX_HSS_LEVELS
|
||||
* number of levels of Merkle trees. It allows for the tree height and
|
||||
* winternitz parameter to be unique per level.
|
||||
*/
|
||||
|
||||
/* hss structs */
|
||||
typedef struct hss_working_key hss_working_key;
|
||||
typedef struct hss_extra_info hss_extra_info;
|
||||
|
||||
struct LmsKey {
|
||||
unsigned levels; /* Number of tree levels. */
|
||||
param_set_t lm_type[MAX_HSS_LEVELS]; /* Height param per level. */
|
||||
param_set_t lm_ots_type[MAX_HSS_LEVELS]; /* Winternitz param per level. */
|
||||
unsigned char pub[HSS_MAX_PUBLIC_KEY_LEN];
|
||||
#ifndef WOLFSSL_LMS_VERIFY_ONLY
|
||||
hss_working_key * working_key;
|
||||
wc_lms_write_private_key_cb write_private_key; /* Callback to write/update key. */
|
||||
wc_lms_read_private_key_cb read_private_key; /* Callback to read key. */
|
||||
void * context; /* Context arg passed to callbacks. */
|
||||
hss_extra_info info;
|
||||
#endif /* ifndef WOLFSSL_LMS_VERIFY_ONLY */
|
||||
enum wc_LmsState state;
|
||||
};
|
||||
|
||||
#endif /* WOLFSSL_HAVE_LMS */
|
||||
#endif /* EXT_LMS_H */
|
||||
@@ -1,53 +0,0 @@
|
||||
/* ext_xmss.h
|
||||
*
|
||||
* Copyright (C) 2006-2026 wolfSSL Inc.
|
||||
*
|
||||
* This file is part of wolfSSL.
|
||||
*
|
||||
* wolfSSL is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* wolfSSL is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
||||
*/
|
||||
|
||||
#ifndef EXT_XMSS_H
|
||||
#define EXT_XMSS_H
|
||||
|
||||
#if defined(WOLFSSL_HAVE_XMSS) && defined(HAVE_LIBXMSS)
|
||||
|
||||
#include <wolfssl/wolfcrypt/xmss.h>
|
||||
|
||||
#include <xmss.h>
|
||||
#include <params.h>
|
||||
|
||||
#if defined(WOLFSSL_WC_XMSS)
|
||||
#error "This code is incompatible with wolfCrypt's implementation of XMSS."
|
||||
#endif
|
||||
|
||||
struct XmssKey {
|
||||
unsigned char pk[XMSS_SHA256_PUBLEN];
|
||||
word32 oid;
|
||||
int is_xmssmt;
|
||||
xmss_params params;
|
||||
#ifndef WOLFSSL_XMSS_VERIFY_ONLY
|
||||
/* The secret key length is a function of xmss_params. */
|
||||
unsigned char * sk;
|
||||
word32 sk_len;
|
||||
wc_xmss_write_private_key_cb write_private_key; /* Callback to write/update key. */
|
||||
wc_xmss_read_private_key_cb read_private_key; /* Callback to read key. */
|
||||
void * context; /* Context arg passed to callbacks. */
|
||||
#endif /* ifndef WOLFSSL_XMSS_VERIFY_ONLY */
|
||||
enum wc_XmssState state;
|
||||
};
|
||||
|
||||
#endif /* WOLFSSL_HAVE_XMSS */
|
||||
#endif /* EXT_XMSS_H */
|
||||
@@ -83,12 +83,8 @@ nobase_include_HEADERS+= \
|
||||
wolfssl/wolfcrypt/sm2.h \
|
||||
wolfssl/wolfcrypt/sm3.h \
|
||||
wolfssl/wolfcrypt/sm4.h \
|
||||
wolfssl/wolfcrypt/lms.h \
|
||||
wolfssl/wolfcrypt/wc_lms.h \
|
||||
wolfssl/wolfcrypt/ext_lms.h \
|
||||
wolfssl/wolfcrypt/xmss.h \
|
||||
wolfssl/wolfcrypt/wc_xmss.h \
|
||||
wolfssl/wolfcrypt/ext_xmss.h \
|
||||
wolfssl/wolfcrypt/wc_slhdsa.h \
|
||||
wolfssl/wolfcrypt/puf.h \
|
||||
wolfssl/wolfcrypt/oid_sum.h
|
||||
|
||||
@@ -1,266 +0,0 @@
|
||||
/* lms.h
|
||||
*
|
||||
* Copyright (C) 2006-2026 wolfSSL Inc.
|
||||
*
|
||||
* This file is part of wolfSSL.
|
||||
*
|
||||
* wolfSSL is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* wolfSSL is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
||||
*/
|
||||
|
||||
/*!
|
||||
\file wolfssl/wolfcrypt/lms.h
|
||||
*/
|
||||
|
||||
#ifndef WOLF_CRYPT_LMS_H
|
||||
#define WOLF_CRYPT_LMS_H
|
||||
|
||||
#include <wolfssl/wolfcrypt/types.h>
|
||||
#include <wolfssl/wolfcrypt/random.h>
|
||||
|
||||
#ifdef WOLFSSL_HAVE_LMS
|
||||
|
||||
/* Length of the Key ID. */
|
||||
#define WC_LMS_I_LEN 16
|
||||
|
||||
typedef struct LmsKey LmsKey;
|
||||
|
||||
/* Private key write and read callbacks. */
|
||||
typedef int (*wc_lms_write_private_key_cb)(const byte * priv, word32 privSz, void *context);
|
||||
typedef int (*wc_lms_read_private_key_cb)(byte * priv, word32 privSz, void *context);
|
||||
|
||||
/* Return codes returned by private key callbacks. */
|
||||
enum wc_LmsRc {
|
||||
WC_LMS_RC_NONE,
|
||||
WC_LMS_RC_BAD_ARG, /* Bad arg in read or write callback. */
|
||||
WC_LMS_RC_WRITE_FAIL, /* Write or update private key failed. */
|
||||
WC_LMS_RC_READ_FAIL, /* Read private key failed. */
|
||||
WC_LMS_RC_SAVED_TO_NV_MEMORY, /* Wrote private key to nonvolatile storage. */
|
||||
WC_LMS_RC_READ_TO_MEMORY /* Read private key from storage. */
|
||||
};
|
||||
|
||||
/* LMS/HSS signatures are defined by 3 parameters:
|
||||
* levels: number of levels of Merkle trees.
|
||||
* height: height of an individual Merkle tree.
|
||||
* winternitz: number of bits from hash used in a Winternitz chain.
|
||||
*
|
||||
* The acceptable parameter values are those in RFC8554:
|
||||
* levels = {1..8}
|
||||
* height = {5, 10, 15, 20, 25}
|
||||
* winternitz = {1, 2, 4, 8}
|
||||
*
|
||||
* The number of available signatures is:
|
||||
* N = 2 ** (levels * height)
|
||||
*
|
||||
* Signature sizes are determined by levels and winternitz
|
||||
* parameters primarily, and height to a lesser extent:
|
||||
* - Larger levels values increase signature size significantly.
|
||||
* - Larger height values increase signature size moderately.
|
||||
* - Larger winternitz values will reduce the signature size, at
|
||||
* the expense of longer key generation and sign/verify times.
|
||||
*
|
||||
* Key generation time is strongly determined by the height of
|
||||
* the first level tree. A 3 level, 5 height tree is much faster
|
||||
* than 1 level, 15 height at initial key gen, even if the number
|
||||
* of available signatures is the same.
|
||||
* */
|
||||
|
||||
/* Predefined LMS/HSS parameter sets for convenience.
|
||||
*
|
||||
* Not predefining many sets with Winternitz=1, because the signatures
|
||||
* will be large. */
|
||||
enum wc_LmsParm {
|
||||
#ifndef WOLFSSL_NO_LMS_SHA256_256
|
||||
WC_LMS_PARM_NONE = 0,
|
||||
WC_LMS_PARM_L1_H5_W1 = 1,
|
||||
WC_LMS_PARM_L1_H5_W2 = 2,
|
||||
WC_LMS_PARM_L1_H5_W4 = 3,
|
||||
WC_LMS_PARM_L1_H5_W8 = 4,
|
||||
WC_LMS_PARM_L1_H10_W2 = 5,
|
||||
WC_LMS_PARM_L1_H10_W4 = 6,
|
||||
WC_LMS_PARM_L1_H10_W8 = 7,
|
||||
WC_LMS_PARM_L1_H15_W2 = 8,
|
||||
WC_LMS_PARM_L1_H15_W4 = 9,
|
||||
WC_LMS_PARM_L1_H15_W8 = 10,
|
||||
WC_LMS_PARM_L1_H20_W2 = 11,
|
||||
WC_LMS_PARM_L1_H20_W4 = 12,
|
||||
WC_LMS_PARM_L1_H20_W8 = 13,
|
||||
WC_LMS_PARM_L2_H5_W2 = 14,
|
||||
WC_LMS_PARM_L2_H5_W4 = 15,
|
||||
WC_LMS_PARM_L2_H5_W8 = 16,
|
||||
WC_LMS_PARM_L2_H10_W2 = 17,
|
||||
WC_LMS_PARM_L2_H10_W4 = 18,
|
||||
WC_LMS_PARM_L2_H10_W8 = 19,
|
||||
WC_LMS_PARM_L2_H15_W2 = 20,
|
||||
WC_LMS_PARM_L2_H15_W4 = 21,
|
||||
WC_LMS_PARM_L2_H15_W8 = 22,
|
||||
WC_LMS_PARM_L2_H20_W2 = 23,
|
||||
WC_LMS_PARM_L2_H20_W4 = 24,
|
||||
WC_LMS_PARM_L2_H20_W8 = 25,
|
||||
WC_LMS_PARM_L3_H5_W2 = 26,
|
||||
WC_LMS_PARM_L3_H5_W4 = 27,
|
||||
WC_LMS_PARM_L3_H5_W8 = 28,
|
||||
WC_LMS_PARM_L3_H10_W4 = 29,
|
||||
WC_LMS_PARM_L3_H10_W8 = 30,
|
||||
WC_LMS_PARM_L4_H5_W2 = 31,
|
||||
WC_LMS_PARM_L4_H5_W4 = 32,
|
||||
WC_LMS_PARM_L4_H5_W8 = 33,
|
||||
WC_LMS_PARM_L4_H10_W4 = 34,
|
||||
WC_LMS_PARM_L4_H10_W8 = 35,
|
||||
/* H25 parameter sets for SHA-256/256 */
|
||||
WC_LMS_PARM_L1_H25_W1 = 56,
|
||||
WC_LMS_PARM_L1_H25_W2 = 57,
|
||||
WC_LMS_PARM_L1_H25_W4 = 58,
|
||||
WC_LMS_PARM_L1_H25_W8 = 59,
|
||||
/* W1 for non-H5 heights */
|
||||
WC_LMS_PARM_L1_H10_W1 = 60,
|
||||
WC_LMS_PARM_L1_H15_W1 = 61,
|
||||
WC_LMS_PARM_L1_H20_W1 = 62,
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_LMS_SHA256_192
|
||||
WC_LMS_PARM_SHA256_192_L1_H5_W1 = 36,
|
||||
WC_LMS_PARM_SHA256_192_L1_H5_W2 = 37,
|
||||
WC_LMS_PARM_SHA256_192_L1_H5_W4 = 38,
|
||||
WC_LMS_PARM_SHA256_192_L1_H5_W8 = 39,
|
||||
WC_LMS_PARM_SHA256_192_L1_H10_W2 = 40,
|
||||
WC_LMS_PARM_SHA256_192_L1_H10_W4 = 41,
|
||||
WC_LMS_PARM_SHA256_192_L1_H10_W8 = 42,
|
||||
WC_LMS_PARM_SHA256_192_L1_H15_W2 = 43,
|
||||
WC_LMS_PARM_SHA256_192_L1_H15_W4 = 44,
|
||||
WC_LMS_PARM_SHA256_192_L1_H20_W2 = 53,
|
||||
WC_LMS_PARM_SHA256_192_L1_H20_W4 = 54,
|
||||
WC_LMS_PARM_SHA256_192_L1_H20_W8 = 55,
|
||||
WC_LMS_PARM_SHA256_192_L2_H10_W2 = 45,
|
||||
WC_LMS_PARM_SHA256_192_L2_H10_W4 = 46,
|
||||
WC_LMS_PARM_SHA256_192_L2_H10_W8 = 47,
|
||||
WC_LMS_PARM_SHA256_192_L3_H5_W2 = 48,
|
||||
WC_LMS_PARM_SHA256_192_L3_H5_W4 = 49,
|
||||
WC_LMS_PARM_SHA256_192_L3_H5_W8 = 50,
|
||||
WC_LMS_PARM_SHA256_192_L3_H10_W4 = 51,
|
||||
WC_LMS_PARM_SHA256_192_L4_H5_W8 = 52,
|
||||
/* H25 for SHA-256/192 */
|
||||
WC_LMS_PARM_SHA256_192_L1_H25_W1 = 63,
|
||||
WC_LMS_PARM_SHA256_192_L1_H25_W2 = 64,
|
||||
WC_LMS_PARM_SHA256_192_L1_H25_W4 = 65,
|
||||
WC_LMS_PARM_SHA256_192_L1_H25_W8 = 66,
|
||||
/* W1 for non-H5 heights (SHA-256/192) */
|
||||
WC_LMS_PARM_SHA256_192_L1_H10_W1 = 67,
|
||||
WC_LMS_PARM_SHA256_192_L1_H15_W1 = 68,
|
||||
WC_LMS_PARM_SHA256_192_L1_H20_W1 = 69,
|
||||
WC_LMS_PARM_SHA256_192_L1_H15_W8 = 70,
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_LMS_SHAKE256
|
||||
/* SHAKE256/256, 32-byte output */
|
||||
WC_LMS_PARM_SHAKE_L1_H5_W1 = 100,
|
||||
WC_LMS_PARM_SHAKE_L1_H5_W2 = 101,
|
||||
WC_LMS_PARM_SHAKE_L1_H5_W4 = 102,
|
||||
WC_LMS_PARM_SHAKE_L1_H5_W8 = 103,
|
||||
WC_LMS_PARM_SHAKE_L1_H10_W1 = 104,
|
||||
WC_LMS_PARM_SHAKE_L1_H10_W2 = 105,
|
||||
WC_LMS_PARM_SHAKE_L1_H10_W4 = 106,
|
||||
WC_LMS_PARM_SHAKE_L1_H10_W8 = 107,
|
||||
WC_LMS_PARM_SHAKE_L1_H15_W1 = 108,
|
||||
WC_LMS_PARM_SHAKE_L1_H15_W2 = 109,
|
||||
WC_LMS_PARM_SHAKE_L1_H15_W4 = 110,
|
||||
WC_LMS_PARM_SHAKE_L1_H15_W8 = 111,
|
||||
WC_LMS_PARM_SHAKE_L1_H20_W1 = 112,
|
||||
WC_LMS_PARM_SHAKE_L1_H20_W2 = 113,
|
||||
WC_LMS_PARM_SHAKE_L1_H20_W4 = 114,
|
||||
WC_LMS_PARM_SHAKE_L1_H20_W8 = 115,
|
||||
WC_LMS_PARM_SHAKE_L1_H25_W1 = 116,
|
||||
WC_LMS_PARM_SHAKE_L1_H25_W2 = 117,
|
||||
WC_LMS_PARM_SHAKE_L1_H25_W4 = 118,
|
||||
WC_LMS_PARM_SHAKE_L1_H25_W8 = 119,
|
||||
/* SHAKE256/192, 24-byte output */
|
||||
WC_LMS_PARM_SHAKE192_L1_H5_W1 = 120,
|
||||
WC_LMS_PARM_SHAKE192_L1_H5_W2 = 121,
|
||||
WC_LMS_PARM_SHAKE192_L1_H5_W4 = 122,
|
||||
WC_LMS_PARM_SHAKE192_L1_H5_W8 = 123,
|
||||
WC_LMS_PARM_SHAKE192_L1_H10_W1 = 124,
|
||||
WC_LMS_PARM_SHAKE192_L1_H10_W2 = 125,
|
||||
WC_LMS_PARM_SHAKE192_L1_H10_W4 = 126,
|
||||
WC_LMS_PARM_SHAKE192_L1_H10_W8 = 127,
|
||||
WC_LMS_PARM_SHAKE192_L1_H15_W1 = 128,
|
||||
WC_LMS_PARM_SHAKE192_L1_H15_W2 = 129,
|
||||
WC_LMS_PARM_SHAKE192_L1_H15_W4 = 130,
|
||||
WC_LMS_PARM_SHAKE192_L1_H15_W8 = 131,
|
||||
WC_LMS_PARM_SHAKE192_L1_H20_W1 = 132,
|
||||
WC_LMS_PARM_SHAKE192_L1_H20_W2 = 133,
|
||||
WC_LMS_PARM_SHAKE192_L1_H20_W4 = 134,
|
||||
WC_LMS_PARM_SHAKE192_L1_H20_W8 = 135,
|
||||
WC_LMS_PARM_SHAKE192_L1_H25_W1 = 136,
|
||||
WC_LMS_PARM_SHAKE192_L1_H25_W2 = 137,
|
||||
WC_LMS_PARM_SHAKE192_L1_H25_W4 = 138,
|
||||
WC_LMS_PARM_SHAKE192_L1_H25_W8 = 139,
|
||||
#endif
|
||||
};
|
||||
|
||||
/* enum wc_LmsState is to help track the state of an LMS/HSS Key. */
|
||||
enum wc_LmsState {
|
||||
WC_LMS_STATE_FREED, /* Key has been freed from memory. */
|
||||
WC_LMS_STATE_INITED, /* Key has been inited, ready to set params.*/
|
||||
WC_LMS_STATE_PARMSET, /* Params are set, ready to MakeKey or Reload. */
|
||||
WC_LMS_STATE_OK, /* Able to sign signatures and verify. */
|
||||
WC_LMS_STATE_VERIFYONLY, /* A public only LmsKey. */
|
||||
WC_LMS_STATE_BAD, /* Can't guarantee key's state. */
|
||||
WC_LMS_STATE_NOSIGS /* Signatures exhausted. */
|
||||
};
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
WOLFSSL_API int wc_LmsKey_Init(LmsKey * key, void * heap, int devId);
|
||||
WOLFSSL_API int wc_LmsKey_SetLmsParm(LmsKey * key, enum wc_LmsParm lmsParm);
|
||||
WOLFSSL_API int wc_LmsKey_SetParameters(LmsKey * key, int levels,
|
||||
int height, int winternitz);
|
||||
WOLFSSL_API int wc_LmsKey_GetParameters(const LmsKey * key, int * levels,
|
||||
int * height, int * winternitz);
|
||||
#ifndef WOLFSSL_LMS_VERIFY_ONLY
|
||||
WOLFSSL_API int wc_LmsKey_SetWriteCb(LmsKey * key,
|
||||
wc_lms_write_private_key_cb write_cb);
|
||||
WOLFSSL_API int wc_LmsKey_SetReadCb(LmsKey * key,
|
||||
wc_lms_read_private_key_cb read_cb);
|
||||
WOLFSSL_API int wc_LmsKey_SetContext(LmsKey * key, void * context);
|
||||
WOLFSSL_API int wc_LmsKey_MakeKey(LmsKey * key, WC_RNG * rng);
|
||||
WOLFSSL_API int wc_LmsKey_Reload(LmsKey * key);
|
||||
WOLFSSL_API int wc_LmsKey_GetPrivLen(const LmsKey * key, word32 * len);
|
||||
WOLFSSL_API int wc_LmsKey_Sign(LmsKey * key, byte * sig, word32 * sigSz,
|
||||
const byte * msg, int msgSz);
|
||||
WOLFSSL_API int wc_LmsKey_SigsLeft(LmsKey * key);
|
||||
#endif /* ifndef WOLFSSL_LMS_VERIFY_ONLY */
|
||||
WOLFSSL_API void wc_LmsKey_Free(LmsKey * key);
|
||||
WOLFSSL_API int wc_LmsKey_GetSigLen(const LmsKey * key, word32 * len);
|
||||
WOLFSSL_API int wc_LmsKey_GetPubLen(const LmsKey * key, word32 * len);
|
||||
WOLFSSL_API int wc_LmsKey_ExportPub(LmsKey * keyDst, const LmsKey * keySrc);
|
||||
WOLFSSL_API int wc_LmsKey_ExportPubRaw(const LmsKey * key, byte * out,
|
||||
word32 * outLen);
|
||||
WOLFSSL_API int wc_LmsKey_ImportPubRaw(LmsKey * key, const byte * in,
|
||||
word32 inLen);
|
||||
WOLFSSL_API int wc_LmsKey_Verify(LmsKey * key, const byte * sig, word32 sigSz,
|
||||
const byte * msg, int msgSz);
|
||||
WOLFSSL_API const char * wc_LmsKey_ParmToStr(enum wc_LmsParm lmsParm);
|
||||
WOLFSSL_API const char * wc_LmsKey_RcToStr(enum wc_LmsRc lmsRc);
|
||||
|
||||
WOLFSSL_API int wc_LmsKey_GetKid(LmsKey * key, const byte ** kid,
|
||||
word32* kidSz);
|
||||
WOLFSSL_API const byte * wc_LmsKey_GetKidFromPrivRaw(const byte * priv,
|
||||
word32 privSz);
|
||||
#ifdef __cplusplus
|
||||
} /* extern "C" */
|
||||
#endif
|
||||
|
||||
#endif /* WOLFSSL_HAVE_LMS */
|
||||
#endif /* WOLF_CRYPT_LMS_H */
|
||||
@@ -4601,8 +4601,6 @@ extern void uITRON4_free(void *p) ;
|
||||
#endif
|
||||
|
||||
#if (defined(HAVE_LIBOQS) || \
|
||||
defined(HAVE_LIBXMSS) || \
|
||||
defined(HAVE_LIBLMS) || \
|
||||
defined(WOLFSSL_DUAL_ALG_CERTS) || \
|
||||
defined(HAVE_ASCON)) && \
|
||||
!defined(WOLFSSL_EXPERIMENTAL_SETTINGS)
|
||||
@@ -4663,15 +4661,15 @@ extern void uITRON4_free(void *p) ;
|
||||
|
||||
/* (D)TLS v1.3 requires 64-bit number wrappers as does XMSS and LMS. */
|
||||
#if defined(WOLFSSL_TLS13) || defined(WOLFSSL_DTLS_DROP_STATS) || \
|
||||
(defined(WOLFSSL_WC_XMSS) && (!defined(WOLFSSL_XMSS_MAX_HEIGHT) || \
|
||||
WOLFSSL_XMSS_MAX_HEIGHT > 32)) || (defined(WOLFSSL_WC_LMS) && \
|
||||
(defined(WOLFSSL_HAVE_XMSS) && (!defined(WOLFSSL_XMSS_MAX_HEIGHT) || \
|
||||
WOLFSSL_XMSS_MAX_HEIGHT > 32)) || (defined(WOLFSSL_HAVE_LMS) && \
|
||||
!defined(WOLFSSL_LMS_VERIFY_ONLY))
|
||||
#undef WOLFSSL_W64_WRAPPER
|
||||
#define WOLFSSL_W64_WRAPPER
|
||||
#endif
|
||||
|
||||
/* wc_xmss and wc_lms require these misc.c functions. */
|
||||
#if defined(WOLFSSL_WC_XMSS) || defined(WOLFSSL_WC_LMS)
|
||||
#if defined(WOLFSSL_HAVE_XMSS) || defined(WOLFSSL_HAVE_LMS)
|
||||
#undef WOLFSSL_NO_INT_ENCODE
|
||||
#undef WOLFSSL_NO_INT_DECODE
|
||||
#endif
|
||||
|
||||
+241
-6
@@ -19,6 +19,10 @@
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
||||
*/
|
||||
|
||||
/*!
|
||||
\file wolfssl/wolfcrypt/wc_lms.h
|
||||
*/
|
||||
|
||||
/* Implementation based on:
|
||||
* RFC 8554: Leighton-Micali Hash-Based Signatures
|
||||
* https://datatracker.ietf.org/doc/html/rfc8554
|
||||
@@ -58,7 +62,7 @@
|
||||
* C = Cache bits
|
||||
* To mimic the dynamic memory usage of XMSS, use 3/3.
|
||||
*
|
||||
* WOLFSSL_LMS_NO_SIGN SMOOTHING Default: OFF
|
||||
* WOLFSSL_LMS_NO_SIGN_SMOOTHING Default: OFF
|
||||
* Disable precalculation of next subtree.
|
||||
* Use less dynamic memory.
|
||||
* At certain indexes, signing will take a long time compared to the mean.
|
||||
@@ -90,9 +94,9 @@
|
||||
|
||||
#include <wolfssl/wolfcrypt/types.h>
|
||||
|
||||
#if defined(WOLFSSL_HAVE_LMS) && defined(WOLFSSL_WC_LMS)
|
||||
#ifdef WOLFSSL_HAVE_LMS
|
||||
|
||||
#include <wolfssl/wolfcrypt/lms.h>
|
||||
#include <wolfssl/wolfcrypt/random.h>
|
||||
#include <wolfssl/wolfcrypt/sha256.h>
|
||||
#ifdef WOLFSSL_LMS_SHAKE256
|
||||
#include <wolfssl/wolfcrypt/sha3.h>
|
||||
@@ -104,6 +108,192 @@
|
||||
#define WC_LMS_FULL_HASH
|
||||
#endif
|
||||
|
||||
/* Length of the Key ID. */
|
||||
#define WC_LMS_I_LEN 16
|
||||
|
||||
/* Private key write and read callbacks. */
|
||||
typedef int (*wc_lms_write_private_key_cb)(const byte * priv, word32 privSz, void *context);
|
||||
typedef int (*wc_lms_read_private_key_cb)(byte * priv, word32 privSz, void *context);
|
||||
|
||||
/* Return codes returned by private key callbacks. */
|
||||
enum wc_LmsRc {
|
||||
WC_LMS_RC_NONE,
|
||||
WC_LMS_RC_BAD_ARG, /* Bad arg in read or write callback. */
|
||||
WC_LMS_RC_WRITE_FAIL, /* Write or update private key failed. */
|
||||
WC_LMS_RC_READ_FAIL, /* Read private key failed. */
|
||||
WC_LMS_RC_SAVED_TO_NV_MEMORY, /* Wrote private key to nonvolatile storage. */
|
||||
WC_LMS_RC_READ_TO_MEMORY /* Read private key from storage. */
|
||||
};
|
||||
|
||||
/* LMS/HSS signatures are defined by 3 parameters:
|
||||
* levels: number of levels of Merkle trees.
|
||||
* height: height of an individual Merkle tree.
|
||||
* winternitz: number of bits from hash used in a Winternitz chain.
|
||||
*
|
||||
* The acceptable parameter values are those in RFC8554:
|
||||
* levels = {1..8}
|
||||
* height = {5, 10, 15, 20, 25}
|
||||
* winternitz = {1, 2, 4, 8}
|
||||
*
|
||||
* The number of available signatures is:
|
||||
* N = 2 ** (levels * height)
|
||||
*
|
||||
* Signature sizes are determined by levels and winternitz
|
||||
* parameters primarily, and height to a lesser extent:
|
||||
* - Larger levels values increase signature size significantly.
|
||||
* - Larger height values increase signature size moderately.
|
||||
* - Larger winternitz values will reduce the signature size, at
|
||||
* the expense of longer key generation and sign/verify times.
|
||||
*
|
||||
* Key generation time is strongly determined by the height of
|
||||
* the first level tree. A 3 level, 5 height tree is much faster
|
||||
* than 1 level, 15 height at initial key gen, even if the number
|
||||
* of available signatures is the same.
|
||||
* */
|
||||
|
||||
/* Predefined LMS/HSS parameter sets for convenience.
|
||||
*
|
||||
* Not predefining many sets with Winternitz=1, because the signatures
|
||||
* will be large. */
|
||||
enum wc_LmsParm {
|
||||
#ifndef WOLFSSL_NO_LMS_SHA256_256
|
||||
WC_LMS_PARM_NONE = 0,
|
||||
WC_LMS_PARM_L1_H5_W1 = 1,
|
||||
WC_LMS_PARM_L1_H5_W2 = 2,
|
||||
WC_LMS_PARM_L1_H5_W4 = 3,
|
||||
WC_LMS_PARM_L1_H5_W8 = 4,
|
||||
WC_LMS_PARM_L1_H10_W2 = 5,
|
||||
WC_LMS_PARM_L1_H10_W4 = 6,
|
||||
WC_LMS_PARM_L1_H10_W8 = 7,
|
||||
WC_LMS_PARM_L1_H15_W2 = 8,
|
||||
WC_LMS_PARM_L1_H15_W4 = 9,
|
||||
WC_LMS_PARM_L1_H15_W8 = 10,
|
||||
WC_LMS_PARM_L1_H20_W2 = 11,
|
||||
WC_LMS_PARM_L1_H20_W4 = 12,
|
||||
WC_LMS_PARM_L1_H20_W8 = 13,
|
||||
WC_LMS_PARM_L2_H5_W2 = 14,
|
||||
WC_LMS_PARM_L2_H5_W4 = 15,
|
||||
WC_LMS_PARM_L2_H5_W8 = 16,
|
||||
WC_LMS_PARM_L2_H10_W2 = 17,
|
||||
WC_LMS_PARM_L2_H10_W4 = 18,
|
||||
WC_LMS_PARM_L2_H10_W8 = 19,
|
||||
WC_LMS_PARM_L2_H15_W2 = 20,
|
||||
WC_LMS_PARM_L2_H15_W4 = 21,
|
||||
WC_LMS_PARM_L2_H15_W8 = 22,
|
||||
WC_LMS_PARM_L2_H20_W2 = 23,
|
||||
WC_LMS_PARM_L2_H20_W4 = 24,
|
||||
WC_LMS_PARM_L2_H20_W8 = 25,
|
||||
WC_LMS_PARM_L3_H5_W2 = 26,
|
||||
WC_LMS_PARM_L3_H5_W4 = 27,
|
||||
WC_LMS_PARM_L3_H5_W8 = 28,
|
||||
WC_LMS_PARM_L3_H10_W4 = 29,
|
||||
WC_LMS_PARM_L3_H10_W8 = 30,
|
||||
WC_LMS_PARM_L4_H5_W2 = 31,
|
||||
WC_LMS_PARM_L4_H5_W4 = 32,
|
||||
WC_LMS_PARM_L4_H5_W8 = 33,
|
||||
WC_LMS_PARM_L4_H10_W4 = 34,
|
||||
WC_LMS_PARM_L4_H10_W8 = 35,
|
||||
/* H25 parameter sets for SHA-256/256 */
|
||||
WC_LMS_PARM_L1_H25_W1 = 56,
|
||||
WC_LMS_PARM_L1_H25_W2 = 57,
|
||||
WC_LMS_PARM_L1_H25_W4 = 58,
|
||||
WC_LMS_PARM_L1_H25_W8 = 59,
|
||||
/* W1 for non-H5 heights */
|
||||
WC_LMS_PARM_L1_H10_W1 = 60,
|
||||
WC_LMS_PARM_L1_H15_W1 = 61,
|
||||
WC_LMS_PARM_L1_H20_W1 = 62,
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_LMS_SHA256_192
|
||||
WC_LMS_PARM_SHA256_192_L1_H5_W1 = 36,
|
||||
WC_LMS_PARM_SHA256_192_L1_H5_W2 = 37,
|
||||
WC_LMS_PARM_SHA256_192_L1_H5_W4 = 38,
|
||||
WC_LMS_PARM_SHA256_192_L1_H5_W8 = 39,
|
||||
WC_LMS_PARM_SHA256_192_L1_H10_W2 = 40,
|
||||
WC_LMS_PARM_SHA256_192_L1_H10_W4 = 41,
|
||||
WC_LMS_PARM_SHA256_192_L1_H10_W8 = 42,
|
||||
WC_LMS_PARM_SHA256_192_L1_H15_W2 = 43,
|
||||
WC_LMS_PARM_SHA256_192_L1_H15_W4 = 44,
|
||||
WC_LMS_PARM_SHA256_192_L1_H20_W2 = 53,
|
||||
WC_LMS_PARM_SHA256_192_L1_H20_W4 = 54,
|
||||
WC_LMS_PARM_SHA256_192_L1_H20_W8 = 55,
|
||||
WC_LMS_PARM_SHA256_192_L2_H10_W2 = 45,
|
||||
WC_LMS_PARM_SHA256_192_L2_H10_W4 = 46,
|
||||
WC_LMS_PARM_SHA256_192_L2_H10_W8 = 47,
|
||||
WC_LMS_PARM_SHA256_192_L3_H5_W2 = 48,
|
||||
WC_LMS_PARM_SHA256_192_L3_H5_W4 = 49,
|
||||
WC_LMS_PARM_SHA256_192_L3_H5_W8 = 50,
|
||||
WC_LMS_PARM_SHA256_192_L3_H10_W4 = 51,
|
||||
WC_LMS_PARM_SHA256_192_L4_H5_W8 = 52,
|
||||
/* H25 for SHA-256/192 */
|
||||
WC_LMS_PARM_SHA256_192_L1_H25_W1 = 63,
|
||||
WC_LMS_PARM_SHA256_192_L1_H25_W2 = 64,
|
||||
WC_LMS_PARM_SHA256_192_L1_H25_W4 = 65,
|
||||
WC_LMS_PARM_SHA256_192_L1_H25_W8 = 66,
|
||||
/* W1 for non-H5 heights (SHA-256/192) */
|
||||
WC_LMS_PARM_SHA256_192_L1_H10_W1 = 67,
|
||||
WC_LMS_PARM_SHA256_192_L1_H15_W1 = 68,
|
||||
WC_LMS_PARM_SHA256_192_L1_H20_W1 = 69,
|
||||
WC_LMS_PARM_SHA256_192_L1_H15_W8 = 70,
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_LMS_SHAKE256
|
||||
/* SHAKE256/256, 32-byte output */
|
||||
WC_LMS_PARM_SHAKE_L1_H5_W1 = 100,
|
||||
WC_LMS_PARM_SHAKE_L1_H5_W2 = 101,
|
||||
WC_LMS_PARM_SHAKE_L1_H5_W4 = 102,
|
||||
WC_LMS_PARM_SHAKE_L1_H5_W8 = 103,
|
||||
WC_LMS_PARM_SHAKE_L1_H10_W1 = 104,
|
||||
WC_LMS_PARM_SHAKE_L1_H10_W2 = 105,
|
||||
WC_LMS_PARM_SHAKE_L1_H10_W4 = 106,
|
||||
WC_LMS_PARM_SHAKE_L1_H10_W8 = 107,
|
||||
WC_LMS_PARM_SHAKE_L1_H15_W1 = 108,
|
||||
WC_LMS_PARM_SHAKE_L1_H15_W2 = 109,
|
||||
WC_LMS_PARM_SHAKE_L1_H15_W4 = 110,
|
||||
WC_LMS_PARM_SHAKE_L1_H15_W8 = 111,
|
||||
WC_LMS_PARM_SHAKE_L1_H20_W1 = 112,
|
||||
WC_LMS_PARM_SHAKE_L1_H20_W2 = 113,
|
||||
WC_LMS_PARM_SHAKE_L1_H20_W4 = 114,
|
||||
WC_LMS_PARM_SHAKE_L1_H20_W8 = 115,
|
||||
WC_LMS_PARM_SHAKE_L1_H25_W1 = 116,
|
||||
WC_LMS_PARM_SHAKE_L1_H25_W2 = 117,
|
||||
WC_LMS_PARM_SHAKE_L1_H25_W4 = 118,
|
||||
WC_LMS_PARM_SHAKE_L1_H25_W8 = 119,
|
||||
/* SHAKE256/192, 24-byte output */
|
||||
WC_LMS_PARM_SHAKE192_L1_H5_W1 = 120,
|
||||
WC_LMS_PARM_SHAKE192_L1_H5_W2 = 121,
|
||||
WC_LMS_PARM_SHAKE192_L1_H5_W4 = 122,
|
||||
WC_LMS_PARM_SHAKE192_L1_H5_W8 = 123,
|
||||
WC_LMS_PARM_SHAKE192_L1_H10_W1 = 124,
|
||||
WC_LMS_PARM_SHAKE192_L1_H10_W2 = 125,
|
||||
WC_LMS_PARM_SHAKE192_L1_H10_W4 = 126,
|
||||
WC_LMS_PARM_SHAKE192_L1_H10_W8 = 127,
|
||||
WC_LMS_PARM_SHAKE192_L1_H15_W1 = 128,
|
||||
WC_LMS_PARM_SHAKE192_L1_H15_W2 = 129,
|
||||
WC_LMS_PARM_SHAKE192_L1_H15_W4 = 130,
|
||||
WC_LMS_PARM_SHAKE192_L1_H15_W8 = 131,
|
||||
WC_LMS_PARM_SHAKE192_L1_H20_W1 = 132,
|
||||
WC_LMS_PARM_SHAKE192_L1_H20_W2 = 133,
|
||||
WC_LMS_PARM_SHAKE192_L1_H20_W4 = 134,
|
||||
WC_LMS_PARM_SHAKE192_L1_H20_W8 = 135,
|
||||
WC_LMS_PARM_SHAKE192_L1_H25_W1 = 136,
|
||||
WC_LMS_PARM_SHAKE192_L1_H25_W2 = 137,
|
||||
WC_LMS_PARM_SHAKE192_L1_H25_W4 = 138,
|
||||
WC_LMS_PARM_SHAKE192_L1_H25_W8 = 139,
|
||||
#endif
|
||||
};
|
||||
|
||||
/* enum wc_LmsState is to help track the state of an LMS/HSS Key. */
|
||||
enum wc_LmsState {
|
||||
WC_LMS_STATE_FREED, /* Key has been freed from memory. */
|
||||
WC_LMS_STATE_INITED, /* Key has been inited, ready to set params.*/
|
||||
WC_LMS_STATE_PARMSET, /* Params are set, ready to MakeKey or Reload. */
|
||||
WC_LMS_STATE_OK, /* Able to sign signatures and verify. */
|
||||
WC_LMS_STATE_VERIFYONLY, /* A public only LmsKey. */
|
||||
WC_LMS_STATE_BAD, /* Can't guarantee key's state. */
|
||||
WC_LMS_STATE_NOSIGS /* Signatures exhausted. */
|
||||
};
|
||||
|
||||
#ifdef WOLFSSL_LMS_MAX_LEVELS
|
||||
/* Maximum number of levels of trees supported by implementation. */
|
||||
#define LMS_MAX_LEVELS WOLFSSL_LMS_MAX_LEVELS
|
||||
@@ -546,7 +736,7 @@ typedef struct HssPrivKey {
|
||||
#endif
|
||||
} HssPrivKey;
|
||||
|
||||
struct LmsKey {
|
||||
typedef struct LmsKey {
|
||||
/* Public key. */
|
||||
ALIGN16 byte pub[HSS_PUBLIC_KEY_LEN(LMS_MAX_NODE_LEN)];
|
||||
#ifndef WOLFSSL_LMS_VERIFY_ONLY
|
||||
@@ -575,7 +765,48 @@ struct LmsKey {
|
||||
/* Device Identifier. */
|
||||
int devId;
|
||||
#endif
|
||||
};
|
||||
} LmsKey;
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
WOLFSSL_API int wc_LmsKey_Init(LmsKey * key, void * heap, int devId);
|
||||
WOLFSSL_API int wc_LmsKey_SetLmsParm(LmsKey * key, enum wc_LmsParm lmsParm);
|
||||
WOLFSSL_API int wc_LmsKey_SetParameters(LmsKey * key, int levels,
|
||||
int height, int winternitz);
|
||||
WOLFSSL_API int wc_LmsKey_GetParameters(const LmsKey * key, int * levels,
|
||||
int * height, int * winternitz);
|
||||
#ifndef WOLFSSL_LMS_VERIFY_ONLY
|
||||
WOLFSSL_API int wc_LmsKey_SetWriteCb(LmsKey * key,
|
||||
wc_lms_write_private_key_cb write_cb);
|
||||
WOLFSSL_API int wc_LmsKey_SetReadCb(LmsKey * key,
|
||||
wc_lms_read_private_key_cb read_cb);
|
||||
WOLFSSL_API int wc_LmsKey_SetContext(LmsKey * key, void * context);
|
||||
WOLFSSL_API int wc_LmsKey_MakeKey(LmsKey * key, WC_RNG * rng);
|
||||
WOLFSSL_API int wc_LmsKey_Reload(LmsKey * key);
|
||||
WOLFSSL_API int wc_LmsKey_GetPrivLen(const LmsKey * key, word32 * len);
|
||||
WOLFSSL_API int wc_LmsKey_Sign(LmsKey * key, byte * sig, word32 * sigSz,
|
||||
const byte * msg, int msgSz);
|
||||
WOLFSSL_API int wc_LmsKey_SigsLeft(LmsKey * key);
|
||||
#endif /* ifndef WOLFSSL_LMS_VERIFY_ONLY */
|
||||
WOLFSSL_API void wc_LmsKey_Free(LmsKey * key);
|
||||
WOLFSSL_API int wc_LmsKey_GetSigLen(const LmsKey * key, word32 * len);
|
||||
WOLFSSL_API int wc_LmsKey_GetPubLen(const LmsKey * key, word32 * len);
|
||||
WOLFSSL_API int wc_LmsKey_ExportPub(LmsKey * keyDst, const LmsKey * keySrc);
|
||||
WOLFSSL_API int wc_LmsKey_ExportPubRaw(const LmsKey * key, byte * out,
|
||||
word32 * outLen);
|
||||
WOLFSSL_API int wc_LmsKey_ImportPubRaw(LmsKey * key, const byte * in,
|
||||
word32 inLen);
|
||||
WOLFSSL_API int wc_LmsKey_Verify(LmsKey * key, const byte * sig, word32 sigSz,
|
||||
const byte * msg, int msgSz);
|
||||
WOLFSSL_API const char * wc_LmsKey_ParmToStr(enum wc_LmsParm lmsParm);
|
||||
WOLFSSL_API const char * wc_LmsKey_RcToStr(enum wc_LmsRc lmsRc);
|
||||
|
||||
WOLFSSL_API int wc_LmsKey_GetKid(LmsKey * key, const byte ** kid,
|
||||
word32* kidSz);
|
||||
WOLFSSL_API const byte * wc_LmsKey_GetKidFromPrivRaw(const byte * priv,
|
||||
word32 privSz);
|
||||
|
||||
int wc_hss_make_key(LmsState* state, WC_RNG* rng, byte* priv_raw,
|
||||
HssPrivKey* priv_key, byte* priv_data, byte* pub);
|
||||
@@ -588,6 +819,10 @@ WOLFSSL_API
|
||||
int wc_hss_verify(LmsState* state, const byte* pub, const byte* msg,
|
||||
word32 msgSz, const byte* sig, word32 sigSz);
|
||||
|
||||
#endif /* WOLFSSL_HAVE_LMS && WOLFSSL_WC_LMS */
|
||||
#ifdef __cplusplus
|
||||
} /* extern "C" */
|
||||
#endif
|
||||
|
||||
#endif /* WOLFSSL_HAVE_LMS */
|
||||
|
||||
#endif /* WC_LMS_H */
|
||||
|
||||
+164
-7
@@ -19,6 +19,10 @@
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
||||
*/
|
||||
|
||||
/*!
|
||||
\file wolfssl/wolfcrypt/wc_xmss.h
|
||||
*/
|
||||
|
||||
/* Based on:
|
||||
* o RFC 8391 - XMSS: eXtended Merkle Signature Scheme
|
||||
* o [HDSS] "Hash-based Digital Signature Schemes", Buchmann, Dahmen and Szydlo
|
||||
@@ -28,22 +32,150 @@
|
||||
#ifndef WC_XMSS_H
|
||||
#define WC_XMSS_H
|
||||
|
||||
#include <wolfssl/wolfcrypt/types.h>
|
||||
|
||||
#ifdef WOLFSSL_HAVE_XMSS
|
||||
#include <wolfssl/wolfcrypt/xmss.h>
|
||||
|
||||
#include <wolfssl/wolfcrypt/random.h>
|
||||
#include <wolfssl/wolfcrypt/sha256.h>
|
||||
#include <wolfssl/wolfcrypt/sha512.h>
|
||||
#include <wolfssl/wolfcrypt/sha3.h>
|
||||
|
||||
|
||||
/* When raw hash access APIs are disabled or unavailable (WOLFSSL_NO_HASH_RAW),
|
||||
* fall back to using the full hash API calls. */
|
||||
#if defined(WOLFSSL_NO_HASH_RAW) && !defined(WC_XMSS_FULL_HASH)
|
||||
#define WC_XMSS_FULL_HASH
|
||||
#endif
|
||||
|
||||
#if !defined(WOLFSSL_WC_XMSS)
|
||||
#error "This code is incompatible with external implementation of XMSS."
|
||||
/* Note on XMSS/XMSS^MT pub/priv key sizes:
|
||||
* - The XMSS/XMSS^MT pub key has a defined format and size.
|
||||
* - The XMSS/XMSS^MT private key is implementation and parameter
|
||||
* specific. It does not have a standardized format or size.
|
||||
*
|
||||
* The XMSS/XMSS^MT public and secret key format and length is:
|
||||
* PK = OID || root || SEED;
|
||||
* PK_len = 4 + 2 * n
|
||||
*
|
||||
* SK = OID || (implementation defined)
|
||||
* SK_len = 4 + (implementation defined)
|
||||
*
|
||||
* where n is the number of bytes in the hash function, which is 32
|
||||
* in this SHA256 implementation.
|
||||
*
|
||||
* However the private key is implementation specific. For example,
|
||||
* in xmss-reference the private key size varies from 137 bytes to
|
||||
* 1377 bytes between slow and fast implementations with param name
|
||||
* "XMSSMT-SHA2_20/2_256".
|
||||
*
|
||||
* References:
|
||||
* - RFC 8391
|
||||
* - Table 2 of Kampanakis, Fluhrer, IACR, 2017.
|
||||
* */
|
||||
|
||||
#define XMSS_SHA256_PUBLEN (68)
|
||||
|
||||
/* Supported XMSS/XMSS^MT parameter set names:
|
||||
* We are supporting all SHA256 parameter sets with n=32 and
|
||||
* Winternitz=16, from RFC 8391 and NIST SP 800-208.
|
||||
*
|
||||
* ----------------------------------------------------------
|
||||
* | Name OID n w len h d |
|
||||
* XMSS: | "XMSS-SHA2_10_256" 0x00000001 32 16 67 10 1 |
|
||||
* | "XMSS-SHA2_16_256" 0x00000002 32 16 67 16 1 |
|
||||
* | "XMSS-SHA2_20_256" 0x00000003 32 16 67 20 1 |
|
||||
* | |
|
||||
* XMSSMT: | "XMSSMT-SHA2_20/2_256" 0x00000001 32 16 67 20 2 |
|
||||
* | "XMSSMT-SHA2_20/4_256" 0x00000002 32 16 67 20 4 |
|
||||
* | "XMSSMT-SHA2_40/2_256" 0x00000003 32 16 67 40 2 |
|
||||
* | "XMSSMT-SHA2_40/4_256" 0x00000004 32 16 67 40 4 |
|
||||
* | "XMSSMT-SHA2_40/8_256" 0x00000005 32 16 67 40 8 |
|
||||
* | "XMSSMT-SHA2_60/3_256" 0x00000006 32 16 67 60 3 |
|
||||
* | "XMSSMT-SHA2_60/6_256" 0x00000007 32 16 67 60 6 |
|
||||
* | "XMSSMT-SHA2_60/12_256" 0x00000008 32 16 67 60 12 |
|
||||
* ----------------------------------------------------------
|
||||
*
|
||||
* Note that some XMSS and XMSSMT names do have overlapping OIDs.
|
||||
*
|
||||
* References:
|
||||
* 1. NIST SP 800-208
|
||||
* 2. RFC 8391
|
||||
* */
|
||||
|
||||
#define XMSS_NAME_LEN (16) /* strlen("XMSS-SHA2_10_256") */
|
||||
#define XMSSMT_NAME_MIN_LEN (20) /* strlen("XMSSMT-SHA2_20/2_256") */
|
||||
#define XMSSMT_NAME_MAX_LEN (21) /* strlen("XMSSMT-SHA2_60/12_256") */
|
||||
|
||||
#if defined(HAVE_FIPS)
|
||||
#undef WOLFSSL_WC_XMSS_NO_SHA512
|
||||
#define WOLFSSL_WC_XMSS_NO_SHA512
|
||||
#undef WOLFSSL_WC_XMSS_NO_SHAKE128
|
||||
#define WOLFSSL_WC_XMSS_NO_SHAKE128
|
||||
#undef WOLFSSL_WC_XMSS_MAX_HASH_SIZE
|
||||
#define WOLFSSL_WC_XMSS_MIN_HASH_SIZE 192
|
||||
#define WOLFSSL_WC_XMSS_MAX_HASH_SIZE 256
|
||||
#endif
|
||||
|
||||
#if !defined(NO_SHA256) && !defined(WOLFSSL_WC_XMSS_NO_SHA256)
|
||||
#define WC_XMSS_SHA256
|
||||
#endif
|
||||
#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_WC_XMSS_NO_SHA512)
|
||||
#define WC_XMSS_SHA512
|
||||
#endif
|
||||
#if defined(WOLFSSL_SHAKE128) && !defined(WOLFSSL_WC_XMSS_NO_SHAKE128)
|
||||
#define WC_XMSS_SHAKE128
|
||||
#endif
|
||||
#if defined(WOLFSSL_SHAKE256) && !defined(WOLFSSL_WC_XMSS_NO_SHAKE256)
|
||||
#define WC_XMSS_SHAKE256
|
||||
#endif
|
||||
|
||||
#ifndef WOLFSSL_WC_XMSS_MIN_HASH_SIZE
|
||||
#define WOLFSSL_WC_XMSS_MIN_HASH_SIZE 192
|
||||
#endif
|
||||
#ifndef WOLFSSL_WC_XMSS_MAX_HASH_SIZE
|
||||
#define WOLFSSL_WC_XMSS_MAX_HASH_SIZE 512
|
||||
#endif
|
||||
#if WOLFSSL_WC_XMSS_MIN_HASH_SIZE > WOLFSSL_WC_XMSS_MAX_HASH_SIZE
|
||||
#error "XMSS minimum hash size is greater than maximum hash size"
|
||||
#endif
|
||||
|
||||
#ifndef WOLFSSL_XMSS_MIN_HEIGHT
|
||||
#define WOLFSSL_XMSS_MIN_HEIGHT 10
|
||||
#endif
|
||||
#ifndef WOLFSSL_XMSS_MAX_HEIGHT
|
||||
#define WOLFSSL_XMSS_MAX_HEIGHT 60
|
||||
#endif
|
||||
#if WOLFSSL_XMSS_MIN_HEIGHT > WOLFSSL_XMSS_MAX_HEIGHT
|
||||
#error "XMSS minimum height is greater than maximum height"
|
||||
#endif
|
||||
|
||||
/* Return codes returned by private key callbacks. */
|
||||
enum wc_XmssRc {
|
||||
WC_XMSS_RC_NONE,
|
||||
WC_XMSS_RC_BAD_ARG, /* Bad arg in read or write callback. */
|
||||
WC_XMSS_RC_WRITE_FAIL, /* Write or update private key failed. */
|
||||
WC_XMSS_RC_READ_FAIL, /* Read private key failed. */
|
||||
WC_XMSS_RC_SAVED_TO_NV_MEMORY, /* Wrote private key to nonvolatile storage. */
|
||||
WC_XMSS_RC_READ_TO_MEMORY /* Read private key from storage. */
|
||||
};
|
||||
|
||||
/* enum wc_XmssState is to help track the state of an XMSS Key. */
|
||||
enum wc_XmssState {
|
||||
WC_XMSS_STATE_FREED, /* Key has been freed from memory. */
|
||||
WC_XMSS_STATE_INITED, /* Key has been inited, ready to set params.*/
|
||||
WC_XMSS_STATE_PARMSET, /* Params are set, ready to MakeKey or Reload. */
|
||||
WC_XMSS_STATE_OK, /* Able to sign signatures and verify. */
|
||||
WC_XMSS_STATE_VERIFYONLY, /* A public only XmssKey. */
|
||||
WC_XMSS_STATE_BAD, /* Can't guarantee key's state. */
|
||||
WC_XMSS_STATE_NOSIGS /* Signatures exhausted. */
|
||||
};
|
||||
|
||||
/* Private key write and read callbacks. */
|
||||
typedef enum wc_XmssRc (*wc_xmss_write_private_key_cb)(const byte* priv, word32 privSz,
|
||||
void* context);
|
||||
typedef enum wc_XmssRc (*wc_xmss_read_private_key_cb)(byte* priv, word32 privSz,
|
||||
void* context);
|
||||
|
||||
#if (defined(WC_XMSS_SHA512) || defined(WC_XMSS_SHAKE256)) && \
|
||||
(WOLFSSL_WC_XMSS_MAX_HASH_SIZE >= 512)
|
||||
#define WC_XMSS_MAX_N 64
|
||||
@@ -205,7 +337,7 @@ typedef struct XmssParams {
|
||||
word8 bds_k;
|
||||
} XmssParams;
|
||||
|
||||
struct XmssKey {
|
||||
typedef struct XmssKey {
|
||||
/* Public key. */
|
||||
unsigned char pk[2 * WC_XMSS_MAX_N];
|
||||
/* OID that identifies parameters. */
|
||||
@@ -228,7 +360,7 @@ struct XmssKey {
|
||||
#endif /* ifndef WOLFSSL_XMSS_VERIFY_ONLY */
|
||||
/* State of key. */
|
||||
enum wc_XmssState state;
|
||||
};
|
||||
} XmssKey;
|
||||
|
||||
typedef struct XmssState {
|
||||
const XmssParams* params;
|
||||
@@ -267,6 +399,32 @@ typedef struct XmssState {
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
WOLFSSL_API int wc_XmssKey_Init(XmssKey* key, void* heap, int devId);
|
||||
WOLFSSL_API int wc_XmssKey_SetParamStr(XmssKey* key, const char* str);
|
||||
#ifndef WOLFSSL_XMSS_VERIFY_ONLY
|
||||
WOLFSSL_API int wc_XmssKey_SetWriteCb(XmssKey* key,
|
||||
wc_xmss_write_private_key_cb write_cb);
|
||||
WOLFSSL_API int wc_XmssKey_SetReadCb(XmssKey* key,
|
||||
wc_xmss_read_private_key_cb read_cb);
|
||||
WOLFSSL_API int wc_XmssKey_SetContext(XmssKey* key, void* context);
|
||||
WOLFSSL_API int wc_XmssKey_MakeKey(XmssKey* key, WC_RNG* rng);
|
||||
WOLFSSL_API int wc_XmssKey_Reload(XmssKey* key);
|
||||
WOLFSSL_API int wc_XmssKey_GetPrivLen(const XmssKey* key, word32* len);
|
||||
WOLFSSL_API int wc_XmssKey_Sign(XmssKey* key, byte* sig, word32* sigSz,
|
||||
const byte* msg, int msgSz);
|
||||
WOLFSSL_API int wc_XmssKey_SigsLeft(XmssKey* key);
|
||||
#endif /* ifndef WOLFSSL_XMSS_VERIFY_ONLY */
|
||||
WOLFSSL_API void wc_XmssKey_Free(XmssKey* key);
|
||||
WOLFSSL_API int wc_XmssKey_GetSigLen(const XmssKey* key, word32* len);
|
||||
WOLFSSL_API int wc_XmssKey_GetPubLen(const XmssKey* key, word32* len);
|
||||
WOLFSSL_API int wc_XmssKey_ExportPub(XmssKey* keyDst, const XmssKey* keySrc);
|
||||
WOLFSSL_API int wc_XmssKey_ExportPubRaw(const XmssKey* key, byte* out,
|
||||
word32* outLen);
|
||||
WOLFSSL_API int wc_XmssKey_ImportPubRaw(XmssKey* key, const byte* in,
|
||||
word32 inLen);
|
||||
WOLFSSL_API int wc_XmssKey_Verify(XmssKey* key, const byte* sig, word32 sigSz,
|
||||
const byte* msg, int msgSz);
|
||||
|
||||
WOLFSSL_LOCAL int wc_xmssmt_keygen(XmssState *state, const unsigned char* seed,
|
||||
unsigned char *sk, unsigned char *pk);
|
||||
WOLFSSL_LOCAL int wc_xmss_keygen(XmssState *state, const unsigned char* seed,
|
||||
@@ -283,9 +441,8 @@ WOLFSSL_LOCAL int wc_xmssmt_verify(XmssState *state, const unsigned char *m,
|
||||
word32 mlen, const unsigned char *sm, const unsigned char *pk);
|
||||
|
||||
#ifdef __cplusplus
|
||||
} /* extern "C" */
|
||||
} /* extern "C" */
|
||||
#endif
|
||||
|
||||
#endif /* WOLFSSL_HAVE_XMSS */
|
||||
#endif /* WC_XMSS_H */
|
||||
|
||||
|
||||
@@ -1,203 +0,0 @@
|
||||
/* xmss.h
|
||||
*
|
||||
* Copyright (C) 2006-2026 wolfSSL Inc.
|
||||
*
|
||||
* This file is part of wolfSSL.
|
||||
*
|
||||
* wolfSSL is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* wolfSSL is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
||||
*/
|
||||
|
||||
/*!
|
||||
\file wolfssl/wolfcrypt/xmss.h
|
||||
*/
|
||||
|
||||
#ifndef WOLF_CRYPT_XMSS_H
|
||||
#define WOLF_CRYPT_XMSS_H
|
||||
|
||||
#include <wolfssl/wolfcrypt/types.h>
|
||||
#include <wolfssl/wolfcrypt/random.h>
|
||||
|
||||
#ifdef WOLFSSL_HAVE_XMSS
|
||||
|
||||
/* Note on XMSS/XMSS^MT pub/priv key sizes:
|
||||
* - The XMSS/XMSS^MT pub key has a defined format and size.
|
||||
* - The XMSS/XMSS^MT private key is implementation and parameter
|
||||
* specific. It does not have a standardized format or size.
|
||||
*
|
||||
* The XMSS/XMSS^MT public and secret key format and length is:
|
||||
* PK = OID || root || SEED;
|
||||
* PK_len = 4 + 2 * n
|
||||
*
|
||||
* SK = OID || (implementation defined)
|
||||
* SK_len = 4 + (implementation defined)
|
||||
*
|
||||
* where n is the number of bytes in the hash function, which is 32
|
||||
* in this SHA256 implementation.
|
||||
*
|
||||
* However the private key is implementation specific. For example,
|
||||
* in xmss-reference the private key size varies from 137 bytes to
|
||||
* 1377 bytes between slow and fast implementations with param name
|
||||
* "XMSSMT-SHA2_20/2_256".
|
||||
*
|
||||
* References:
|
||||
* - RFC 8391
|
||||
* - Table 2 of Kampanakis, Fluhrer, IACR, 2017.
|
||||
* */
|
||||
|
||||
#define XMSS_SHA256_PUBLEN (68)
|
||||
|
||||
/* Supported XMSS/XMSS^MT parameter set names:
|
||||
* We are supporting all SHA256 parameter sets with n=32 and
|
||||
* Winternitz=16, from RFC 8391 and NIST SP 800-208.
|
||||
*
|
||||
* ----------------------------------------------------------
|
||||
* | Name OID n w len h d |
|
||||
* XMSS: | "XMSS-SHA2_10_256" 0x00000001 32 16 67 10 1 |
|
||||
* | "XMSS-SHA2_16_256" 0x00000002 32 16 67 16 1 |
|
||||
* | "XMSS-SHA2_20_256" 0x00000003 32 16 67 20 1 |
|
||||
* | |
|
||||
* XMSSMT: | "XMSSMT-SHA2_20/2_256" 0x00000001 32 16 67 20 2 |
|
||||
* | "XMSSMT-SHA2_20/4_256" 0x00000002 32 16 67 20 4 |
|
||||
* | "XMSSMT-SHA2_40/2_256" 0x00000003 32 16 67 40 2 |
|
||||
* | "XMSSMT-SHA2_40/4_256" 0x00000004 32 16 67 40 4 |
|
||||
* | "XMSSMT-SHA2_40/8_256" 0x00000005 32 16 67 40 8 |
|
||||
* | "XMSSMT-SHA2_60/3_256" 0x00000006 32 16 67 60 3 |
|
||||
* | "XMSSMT-SHA2_60/6_256" 0x00000007 32 16 67 60 6 |
|
||||
* | "XMSSMT-SHA2_60/12_256" 0x00000008 32 16 67 60 12 |
|
||||
* ----------------------------------------------------------
|
||||
*
|
||||
* Note that some XMSS and XMSSMT names do have overlapping OIDs.
|
||||
*
|
||||
* References:
|
||||
* 1. NIST SP 800-208
|
||||
* 2. RFC 8391
|
||||
* */
|
||||
|
||||
#define XMSS_NAME_LEN (16) /* strlen("XMSS-SHA2_10_256") */
|
||||
#define XMSSMT_NAME_MIN_LEN (20) /* strlen("XMSSMT-SHA2_20/2_256") */
|
||||
#define XMSSMT_NAME_MAX_LEN (21) /* strlen("XMSSMT-SHA2_60/12_256") */
|
||||
|
||||
#if defined(HAVE_FIPS) || defined(HAVE_LIBXMSS)
|
||||
#undef WOLFSSL_WC_XMSS_NO_SHA512
|
||||
#define WOLFSSL_WC_XMSS_NO_SHA512
|
||||
#undef WOLFSSL_WC_XMSS_NO_SHAKE128
|
||||
#define WOLFSSL_WC_XMSS_NO_SHAKE128
|
||||
#undef WOLFSSL_WC_XMSS_MAX_HASH_SIZE
|
||||
#ifdef HAVE_LIBXMSS
|
||||
#define WOLFSSL_WC_XMSS_MIN_HASH_SIZE 256
|
||||
#else
|
||||
#define WOLFSSL_WC_XMSS_MIN_HASH_SIZE 192
|
||||
#endif
|
||||
#define WOLFSSL_WC_XMSS_MAX_HASH_SIZE 256
|
||||
#endif
|
||||
|
||||
#if !defined(NO_SHA256) && !defined(WOLFSSL_WC_XMSS_NO_SHA256)
|
||||
#define WC_XMSS_SHA256
|
||||
#endif
|
||||
#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_WC_XMSS_NO_SHA512)
|
||||
#define WC_XMSS_SHA512
|
||||
#endif
|
||||
#if defined(WOLFSSL_SHAKE128) && !defined(WOLFSSL_WC_XMSS_NO_SHAKE128)
|
||||
#define WC_XMSS_SHAKE128
|
||||
#endif
|
||||
#if defined(WOLFSSL_SHAKE256) && !defined(WOLFSSL_WC_XMSS_NO_SHAKE256)
|
||||
#define WC_XMSS_SHAKE256
|
||||
#endif
|
||||
|
||||
#ifndef WOLFSSL_WC_XMSS_MIN_HASH_SIZE
|
||||
#define WOLFSSL_WC_XMSS_MIN_HASH_SIZE 192
|
||||
#endif
|
||||
#ifndef WOLFSSL_WC_XMSS_MAX_HASH_SIZE
|
||||
#define WOLFSSL_WC_XMSS_MAX_HASH_SIZE 512
|
||||
#endif
|
||||
#if WOLFSSL_WC_XMSS_MIN_HASH_SIZE > WOLFSSL_WC_XMSS_MAX_HASH_SIZE
|
||||
#error "XMSS minimum hash size is greater than maximum hash size"
|
||||
#endif
|
||||
|
||||
#ifndef WOLFSSL_XMSS_MIN_HEIGHT
|
||||
#define WOLFSSL_XMSS_MIN_HEIGHT 10
|
||||
#endif
|
||||
#ifndef WOLFSSL_XMSS_MAX_HEIGHT
|
||||
#define WOLFSSL_XMSS_MAX_HEIGHT 60
|
||||
#endif
|
||||
#if WOLFSSL_XMSS_MIN_HEIGHT > WOLFSSL_XMSS_MAX_HEIGHT
|
||||
#error "XMSS minimum height is greater than maximum height"
|
||||
#endif
|
||||
|
||||
typedef struct XmssKey XmssKey;
|
||||
|
||||
/* Return codes returned by private key callbacks. */
|
||||
enum wc_XmssRc {
|
||||
WC_XMSS_RC_NONE,
|
||||
WC_XMSS_RC_BAD_ARG, /* Bad arg in read or write callback. */
|
||||
WC_XMSS_RC_WRITE_FAIL, /* Write or update private key failed. */
|
||||
WC_XMSS_RC_READ_FAIL, /* Read private key failed. */
|
||||
WC_XMSS_RC_SAVED_TO_NV_MEMORY, /* Wrote private key to nonvolatile storage. */
|
||||
WC_XMSS_RC_READ_TO_MEMORY /* Read private key from storage. */
|
||||
};
|
||||
|
||||
/* enum wc_XmssState is to help track the state of an XMSS Key. */
|
||||
enum wc_XmssState {
|
||||
WC_XMSS_STATE_FREED, /* Key has been freed from memory. */
|
||||
WC_XMSS_STATE_INITED, /* Key has been inited, ready to set params.*/
|
||||
WC_XMSS_STATE_PARMSET, /* Params are set, ready to MakeKey or Reload. */
|
||||
WC_XMSS_STATE_OK, /* Able to sign signatures and verify. */
|
||||
WC_XMSS_STATE_VERIFYONLY, /* A public only XmssKey. */
|
||||
WC_XMSS_STATE_BAD, /* Can't guarantee key's state. */
|
||||
WC_XMSS_STATE_NOSIGS /* Signatures exhausted. */
|
||||
};
|
||||
|
||||
/* Private key write and read callbacks. */
|
||||
typedef enum wc_XmssRc (*wc_xmss_write_private_key_cb)(const byte* priv, word32 privSz,
|
||||
void* context);
|
||||
typedef enum wc_XmssRc (*wc_xmss_read_private_key_cb)(byte* priv, word32 privSz,
|
||||
void* context);
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
WOLFSSL_API int wc_XmssKey_Init(XmssKey* key, void* heap, int devId);
|
||||
WOLFSSL_API int wc_XmssKey_SetParamStr(XmssKey* key, const char* str);
|
||||
#ifndef WOLFSSL_XMSS_VERIFY_ONLY
|
||||
WOLFSSL_API int wc_XmssKey_SetWriteCb(XmssKey* key,
|
||||
wc_xmss_write_private_key_cb write_cb);
|
||||
WOLFSSL_API int wc_XmssKey_SetReadCb(XmssKey* key,
|
||||
wc_xmss_read_private_key_cb read_cb);
|
||||
WOLFSSL_API int wc_XmssKey_SetContext(XmssKey* key, void* context);
|
||||
WOLFSSL_API int wc_XmssKey_MakeKey(XmssKey* key, WC_RNG* rng);
|
||||
WOLFSSL_API int wc_XmssKey_Reload(XmssKey* key);
|
||||
WOLFSSL_API int wc_XmssKey_GetPrivLen(const XmssKey* key, word32* len);
|
||||
WOLFSSL_API int wc_XmssKey_Sign(XmssKey* key, byte* sig, word32* sigSz,
|
||||
const byte* msg, int msgSz);
|
||||
WOLFSSL_API int wc_XmssKey_SigsLeft(XmssKey* key);
|
||||
#endif /* ifndef WOLFSSL_XMSS_VERIFY_ONLY */
|
||||
WOLFSSL_API void wc_XmssKey_Free(XmssKey* key);
|
||||
WOLFSSL_API int wc_XmssKey_GetSigLen(const XmssKey* key, word32* len);
|
||||
WOLFSSL_API int wc_XmssKey_GetPubLen(const XmssKey* key, word32* len);
|
||||
WOLFSSL_API int wc_XmssKey_ExportPub(XmssKey* keyDst, const XmssKey* keySrc);
|
||||
WOLFSSL_API int wc_XmssKey_ExportPubRaw(const XmssKey* key, byte* out,
|
||||
word32* outLen);
|
||||
WOLFSSL_API int wc_XmssKey_ImportPubRaw(XmssKey* key, const byte* in,
|
||||
word32 inLen);
|
||||
WOLFSSL_API int wc_XmssKey_Verify(XmssKey* key, const byte* sig, word32 sigSz,
|
||||
const byte* msg, int msgSz);
|
||||
|
||||
#ifdef __cplusplus
|
||||
} /* extern "C" */
|
||||
#endif
|
||||
|
||||
#endif /* WOLFSSL_HAVE_XMSS */
|
||||
#endif /* WOLF_CRYPT_XMSS_H */
|
||||
Reference in New Issue
Block a user