From b36c312ef374a73e310086fc92a9a194f419f86c Mon Sep 17 00:00:00 2001 From: jordan Date: Thu, 31 Aug 2023 21:46:00 -0500 Subject: [PATCH] LMS verify-only support: fix clang warning, rename define. --- configure.ac | 2 +- wolfcrypt/benchmark/benchmark.c | 22 +++++++++++----------- wolfcrypt/src/ext_lms.c | 24 +++++++++++++----------- wolfcrypt/test/test.c | 16 ++++++++-------- wolfssl/wolfcrypt/ext_lms.h | 4 ++-- wolfssl/wolfcrypt/lms.h | 4 ++-- 6 files changed, 37 insertions(+), 35 deletions(-) diff --git a/configure.ac b/configure.ac index a754b4506..c0d93663c 100644 --- a/configure.ac +++ b/configure.ac @@ -1158,7 +1158,7 @@ do ;; verify-only) LMS_VERIFY_ONLY=yes - AM_CFLAGS="$AM_CFLAGS -DLMS_VERIFY_ONLY" + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_LMS_VERIFY_ONLY" ;; wolfssl) ENABLED_WC_LMS=yes diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c index c6899ba53..b00c428a0 100644 --- a/wolfcrypt/benchmark/benchmark.c +++ b/wolfcrypt/benchmark/benchmark.c @@ -157,7 +157,7 @@ #include #endif #endif -#if defined(WOLFSSL_HAVE_LMS) && !defined(LMS_VERIFY_ONLY) +#if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY) #include #ifdef HAVE_LIBLMS #include @@ -870,7 +870,7 @@ static const bench_alg bench_other_opt[] = { #endif /* !WOLFSSL_BENCHMARK_ALL && !NO_MAIN_DRIVER */ -#if defined(WOLFSSL_HAVE_LMS) && !defined(LMS_VERIFY_ONLY) +#if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY) typedef struct bench_pq_hash_sig_alg { /* Command line option string. */ const char* str; @@ -883,7 +883,7 @@ static const bench_pq_hash_sig_alg bench_pq_hash_sig_opt[] = { { "-lms_hss", BENCH_LMS_HSS}, { NULL, 0} }; -#endif /* if defined(WOLFSSL_HAVE_LMS) && !defined(LMS_VERIFY_ONLY) */ +#endif /* if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY) */ #if defined(HAVE_PQC) && defined(HAVE_LIBOQS) /* The post-quantum-specific mapping of command line option to bit values and @@ -2832,11 +2832,11 @@ static void* benchmarks_do(void* args) } #endif -#if defined(WOLFSSL_HAVE_LMS) && !defined(LMS_VERIFY_ONLY) +#if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY) if (bench_all || (bench_pq_hash_sig_algs & BENCH_LMS_HSS)) { bench_lms(); } -#endif /* if defined(WOLFSSL_HAVE_LMS) && !defined(LMS_VERIFY_ONLY) */ +#endif /* if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY) */ #ifdef HAVE_ECC if (bench_all || (bench_asym_algs & BENCH_ECC_MAKEKEY) || @@ -7664,7 +7664,7 @@ void bench_kyber(int type) } #endif -#if defined(WOLFSSL_HAVE_LMS) && !defined(LMS_VERIFY_ONLY) +#if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY) /* WC_LMS_PARM_L2_H10_W2 * signature length: 9300 */ static const byte lms_priv_L2_H10_W2[64] = @@ -8031,7 +8031,7 @@ void bench_lms(void) return; } -#endif /* if defined(WOLFSSL_HAVE_LMS) && !defined(LMS_VERIFY_ONLY) */ +#endif /* if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY) */ #ifdef HAVE_ECC @@ -10368,10 +10368,10 @@ static void Usage(void) print_alg(bench_pq_asym_opt2[i].str, &line); #endif /* HAVE_LIBOQS && HAVE_SPHINCS */ #endif /* HAVE_PQC */ -#if defined(WOLFSSL_HAVE_LMS) && !defined(LMS_VERIFY_ONLY) +#if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY) for (i=0; bench_pq_hash_sig_opt[i].str != NULL; i++) print_alg(bench_pq_hash_sig_opt[i].str, &line); -#endif /* if defined(WOLFSSL_HAVE_LMS) && !defined(LMS_VERIFY_ONLY) */ +#endif /* if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY) */ printf("\n"); #endif /* !WOLFSSL_BENCHMARK_ALL */ e++; @@ -10634,7 +10634,7 @@ int wolfcrypt_benchmark_main(int argc, char** argv) } } - #if defined(WOLFSSL_HAVE_LMS) && !defined(LMS_VERIFY_ONLY) + #if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY) /* post-quantum stateful hash-based signatures */ for (i=0; !optMatched && bench_pq_hash_sig_opt[i].str != NULL; i++) { if (string_matches(argv[1], bench_pq_hash_sig_opt[i].str)) { @@ -10643,7 +10643,7 @@ int wolfcrypt_benchmark_main(int argc, char** argv) optMatched = 1; } } - #endif /* if defined(WOLFSSL_HAVE_LMS) && !defined(LMS_VERIFY_ONLY) */ + #endif #endif if (!optMatched) { printf("Option not recognized: %s\n", argv[1]); diff --git a/wolfcrypt/src/ext_lms.c b/wolfcrypt/src/ext_lms.c index 274a1c89d..ebd07e26c 100644 --- a/wolfcrypt/src/ext_lms.c +++ b/wolfcrypt/src/ext_lms.c @@ -37,7 +37,7 @@ #include #endif -#ifndef LMS_VERIFY_ONLY +#ifndef WOLFSSL_LMS_VERIFY_ONLY /* If built against hss_lib_thread.a, the hash-sigs lib will spawn * worker threads to parallelize cpu intensive tasks. This will mainly * speedup key generation and signing, and to a lesser extent @@ -102,7 +102,8 @@ static bool LmsWritePrivKey(unsigned char *private_key, } /* Use write callback that saves private key to non-volatile storage. */ - ret = key->write_private_key(private_key, len_private_key, key->context); + ret = key->write_private_key(private_key, (word32)len_private_key, + key->context); if (ret != WC_LMS_RC_SAVED_TO_NV_MEMORY) { WOLFSSL_MSG("error: LmsKey write_private_key failed"); @@ -141,7 +142,8 @@ static bool LmsReadPrivKey(unsigned char *private_key, } /* Use read callback that reads private key from non-volatile storage. */ - ret = key->read_private_key(private_key, len_private_key, key->context); + ret = key->read_private_key(private_key, (word32)len_private_key, + key->context); if (ret != WC_LMS_RC_READ_TO_MEMORY) { WOLFSSL_MSG("error: LmsKey read_private_key failed"); @@ -152,7 +154,7 @@ static bool LmsReadPrivKey(unsigned char *private_key, return true; } -#endif /* ifndef LMS_VERIFY_ONLY */ +#endif /* ifndef WOLFSSL_LMS_VERIFY_ONLY */ const char * wc_LmsKey_ParmToStr(enum wc_LmsParm lmsParm) { @@ -244,7 +246,7 @@ int wc_LmsKey_Init(LmsKey * key, void * heap, int devId) ForceZero(key, sizeof(LmsKey)); -#ifndef LMS_VERIFY_ONLY +#ifndef WOLFSSL_LMS_VERIFY_ONLY hss_init_extra_info(&key->info); /* Set the max number of worker threads that hash-sigs can spawn. */ hss_extra_info_set_threads(&key->info, EXT_LMS_MAX_THREADS); @@ -253,7 +255,7 @@ int wc_LmsKey_Init(LmsKey * key, void * heap, int devId) key->write_private_key = NULL; key->read_private_key = NULL; key->context = NULL; -#endif /* ifndef LMS_VERIFY_ONLY */ +#endif /* ifndef WOLFSSL_LMS_VERIFY_ONLY */ key->state = WC_LMS_STATE_INITED; return 0; @@ -483,12 +485,12 @@ void wc_LmsKey_Free(LmsKey* key) return; } -#ifndef LMS_VERIFY_ONLY +#ifndef WOLFSSL_LMS_VERIFY_ONLY if (key->working_key != NULL) { hss_free_working_key(key->working_key); key->working_key = NULL; } -#endif /* ifndef LMS_VERIFY_ONLY */ +#endif /* ifndef WOLFSSL_LMS_VERIFY_ONLY */ ForceZero(key, sizeof(LmsKey)); @@ -497,7 +499,7 @@ void wc_LmsKey_Free(LmsKey* key) return; } -#ifndef LMS_VERIFY_ONLY +#ifndef WOLFSSL_LMS_VERIFY_ONLY /* Set the write private key callback to the LMS key structure. * * The callback must be able to write/update the private key to @@ -807,7 +809,7 @@ int wc_LmsKey_SigsLeft(LmsKey * key) return 1; } -#endif /* ifndef LMS_VERIFY_ONLY*/ +#endif /* ifndef WOLFSSL_LMS_VERIFY_ONLY*/ /* Given a levels, height, winternitz parameter set, determine * the public key length */ @@ -950,7 +952,7 @@ int wc_LmsKey_Verify(LmsKey * key, const byte * sig, word32 sigSz, return BAD_FUNC_ARG; } -#ifdef LMS_VERIFY_ONLY +#ifdef WOLFSSL_LMS_VERIFY_ONLY result = hss_validate_signature(key->pub, (const void *) msg, msgSz, sig, sigSz, NULL); #else diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index b1057b550..9a8a40e63 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -575,10 +575,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t scrypt_test(void); WOLFSSL_TEST_SUBROUTINE wc_test_ret_t kyber_test(void); #endif #if defined(WOLFSSL_HAVE_LMS) - #if !defined(LMS_VERIFY_ONLY) + #if !defined(WOLFSSL_LMS_VERIFY_ONLY) WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test(void); #endif - #if defined(LMS_VERIFY_ONLY) && !defined(WOLFSSL_SMALL_STACK) + #if defined(WOLFSSL_LMS_VERIFY_ONLY) && !defined(WOLFSSL_SMALL_STACK) WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test_verify_only(void); #endif #endif @@ -1612,14 +1612,14 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\ #endif #if defined(WOLFSSL_HAVE_LMS) - #if !defined(LMS_VERIFY_ONLY) + #if !defined(WOLFSSL_LMS_VERIFY_ONLY) if ( (ret = lms_test()) != 0) TEST_FAIL("LMS test failed!\n", ret); else TEST_PASS("LMS test passed!\n"); #endif - #if defined(LMS_VERIFY_ONLY) && !defined(WOLFSSL_SMALL_STACK) + #if defined(WOLFSSL_LMS_VERIFY_ONLY) && !defined(WOLFSSL_SMALL_STACK) if ( (ret = lms_test_verify_only()) != 0) TEST_FAIL("LMS test failed!\n", ret); else @@ -34955,7 +34955,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t kyber_test(void) #endif /* WOLFSSL_HAVE_KYBER */ -#if defined(WOLFSSL_HAVE_LMS) && !defined(LMS_VERIFY_ONLY) +#if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY) static int lms_write_key_mem(const byte * priv, word32 privSz, void *context) { /* WARNING: THIS IS AN INSECURE WRITE CALLBACK THAT SHOULD ONLY @@ -35090,9 +35090,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test(void) return ret; } -#endif /* if defined(WOLFSSL_HAVE_LMS) && !defined(LMS_VERIFY_ONLY) */ +#endif /* if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY) */ -#if defined(WOLFSSL_HAVE_LMS) && defined(LMS_VERIFY_ONLY) && \ +#if defined(WOLFSSL_HAVE_LMS) && defined(WOLFSSL_LMS_VERIFY_ONLY) && \ !defined(WOLFSSL_SMALL_STACK) /* A simple LMS verify only test. @@ -35365,7 +35365,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test_verify_only(void) return ret; } -#endif /* if defined(WOLFSSL_HAVE_LMS) && defined(LMS_VERIFY_ONLY) && +#endif /* if defined(WOLFSSL_HAVE_LMS) && defined(WOLFSSL_LMS_VERIFY_ONLY) && * !defined(WOLFSSL_SMALL_STACK) */ static const int fiducial3 = WC_TEST_RET_LN; /* source code reference point -- diff --git a/wolfssl/wolfcrypt/ext_lms.h b/wolfssl/wolfcrypt/ext_lms.h index b76fe3b3c..8b8a8f728 100644 --- a/wolfssl/wolfcrypt/ext_lms.h +++ b/wolfssl/wolfcrypt/ext_lms.h @@ -51,13 +51,13 @@ struct LmsKey { param_set_t lm_type[MAX_HSS_LEVELS]; /* Height parm per level. */ param_set_t lm_ots_type[MAX_HSS_LEVELS]; /* Winternitz parm per level. */ unsigned char pub[HSS_MAX_PUBLIC_KEY_LEN]; -#ifndef LMS_VERIFY_ONLY +#ifndef WOLFSSL_LMS_VERIFY_ONLY hss_working_key * working_key; write_private_key_cb write_private_key; /* Callback to write/update key. */ read_private_key_cb read_private_key; /* Callback to read key. */ void * context; /* Context arg passed to callbacks. */ hss_extra_info info; -#endif /* ifndef LMS_VERIFY_ONLY */ +#endif /* ifndef WOLFSSL_LMS_VERIFY_ONLY */ enum wc_LmsState state; }; diff --git a/wolfssl/wolfcrypt/lms.h b/wolfssl/wolfcrypt/lms.h index 0fafc817c..d3ab07571 100644 --- a/wolfssl/wolfcrypt/lms.h +++ b/wolfssl/wolfcrypt/lms.h @@ -111,7 +111,7 @@ WOLFSSL_API int wc_LmsKey_SetParameters(LmsKey * key, int levels, int height, int winternitz); WOLFSSL_API int wc_LmsKey_GetParameters(const LmsKey * key, int * levels, int * height, int * winternitz); -#ifndef LMS_VERIFY_ONLY +#ifndef WOLFSSL_LMS_VERIFY_ONLY WOLFSSL_API int wc_LmsKey_SetWriteCb(LmsKey * key, write_private_key_cb write_cb); WOLFSSL_API int wc_LmsKey_SetReadCb(LmsKey * key, @@ -123,7 +123,7 @@ WOLFSSL_API int wc_LmsKey_GetPrivLen(const LmsKey * key, word32 * len); WOLFSSL_API int wc_LmsKey_Sign(LmsKey * key, byte * sig, word32 * sigSz, const byte * msg, int msgSz); WOLFSSL_API int wc_LmsKey_SigsLeft(LmsKey * key); -#endif /* ifndef LMS_VERIFY_ONLY */ +#endif /* ifndef WOLFSSL_LMS_VERIFY_ONLY */ WOLFSSL_API void wc_LmsKey_Free(LmsKey * key); WOLFSSL_API int wc_LmsKey_GetSigLen(const LmsKey * key, word32 * len); WOLFSSL_API int wc_LmsKey_GetPubLen(const LmsKey * key, word32 * len);