Merge pull request #7026 from Frauschi/liboqs

Improve liboqs integration
2025-07-29 18:27:29 +02:00 · 2024-01-03 16:20:26 -05:00
parent 52db533d9b 7e60b029c2
commit bcfaf0372c
19 changed files with 242 additions and 18 deletions
--- a/cmake/functions.cmake
+++ b/cmake/functions.cmake
@ -198,6 +198,7 @@ function(generate_build_flags)
        set(BUILD_SPHINCS "yes" PARENT_SCOPE)
        set(BUILD_DILITHIUM "yes" PARENT_SCOPE)
        set(BUILD_EXT_KYBER "yes" PARENT_SCOPE)
+        set(BUILD_OQS_HELPER "yes" PARENT_SCOPE)
    endif()
    if(WOLFSSL_ARIA OR WOLFSSL_USER_SETTINGS)
        message(STATUS "ARIA functions.cmake found WOLFSSL_ARIA")
@ -587,6 +588,11 @@ function(generate_lib_src_list LIB_SOURCES)
         wolfcrypt/src/wc_port.c
         wolfcrypt/src/error.c)

+    if(BUILD_OQS_HELPER)
+        list(APPEND LIB_SOURCES
+            wolfcrypt/src/port/liboqs/liboqs.c)
+    endif()
+
    if(BUILD_ARIA)
        list(APPEND LIB_SOURCES
            wolfcrypt/src/port/aria/aria-crypt.c
--- a/src/include.am
+++ b/src/include.am
@ -835,6 +835,7 @@ src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/falcon.c
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/dilithium.c
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sphincs.c
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/ext_kyber.c
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/liboqs/liboqs.c
 endif

 if BUILD_LIBLMS
--- a/src/tls13.c
+++ b/src/tls13.c
@ -8911,7 +8911,7 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
                ret = wc_falcon_sign_msg(args->sigData, args->sigDataSz,
                                         args->verify + HASH_SIG_SIZE +
                                         VERIFY_HEADER, (word32*)&sig->length,
-                                         (falcon_key*)ssl->hsKey);
+                                         (falcon_key*)ssl->hsKey, ssl->rng);
                args->length = (word16)sig->length;
            }
            #endif
@ -8920,7 +8920,7 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
                ret = wc_dilithium_sign_msg(args->sigData, args->sigDataSz,
                                         args->verify + HASH_SIG_SIZE +
                                         VERIFY_HEADER, (word32*)&sig->length,
-                                         (dilithium_key*)ssl->hsKey);
+                                         (dilithium_key*)ssl->hsKey, ssl->rng);
                args->length = (word16)sig->length;
            }
            #endif
--- a/wolfcrypt/benchmark/benchmark.c
+++ b/wolfcrypt/benchmark/benchmark.c
@ -11791,7 +11791,7 @@ void bench_falconKeySign(byte level)
                    x = FALCON_LEVEL5_SIG_SIZE;
                }

-                ret = wc_falcon_sign_msg(msg, sizeof(msg), sig, &x, &key);
+                ret = wc_falcon_sign_msg(msg, sizeof(msg), sig, &x, &key, GLOBAL_RNG);
                if (ret != 0) {
                    printf("wc_falcon_sign_msg failed\n");
                }
@ -11912,7 +11912,7 @@ void bench_dilithiumKeySign(byte level)
                    x = DILITHIUM_LEVEL5_SIG_SIZE;
                }

-                ret = wc_dilithium_sign_msg(msg, sizeof(msg), sig, &x, &key);
+                ret = wc_dilithium_sign_msg(msg, sizeof(msg), sig, &x, &key, GLOBAL_RNG);
                if (ret != 0) {
                    printf("wc_dilithium_sign_msg failed\n");
                }
@ -12058,7 +12058,7 @@ void bench_sphincsKeySign(byte level, byte optim)
                    x = SPHINCS_SMALL_LEVEL5_SIG_SIZE;
                }

-                ret = wc_sphincs_sign_msg(msg, sizeof(msg), sig, &x, &key);
+                ret = wc_sphincs_sign_msg(msg, sizeof(msg), sig, &x, &key, GLOBAL_RNG);
                if (ret != 0) {
                    printf("wc_sphincs_sign_msg failed\n");
                }
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@ -28901,7 +28901,7 @@ static int MakeSignature(CertSignCtx* certSignCtx, const byte* buf, word32 sz,
    #if defined(HAVE_FALCON)
        if (!rsaKey && !eccKey && !ed25519Key && !ed448Key && falconKey) {
            word32 outSz = sigSz;
-            ret = wc_falcon_sign_msg(buf, sz, sig, &outSz, falconKey);
+            ret = wc_falcon_sign_msg(buf, sz, sig, &outSz, falconKey, rng);
            if (ret == 0)
                ret = outSz;
        }
@ -28910,7 +28910,7 @@ static int MakeSignature(CertSignCtx* certSignCtx, const byte* buf, word32 sz,
        if (!rsaKey && !eccKey && !ed25519Key && !ed448Key && !falconKey &&
            dilithiumKey) {
            word32 outSz = sigSz;
-            ret = wc_dilithium_sign_msg(buf, sz, sig, &outSz, dilithiumKey);
+            ret = wc_dilithium_sign_msg(buf, sz, sig, &outSz, dilithiumKey, rng);
            if (ret == 0)
                ret = outSz;
        }
@ -28919,7 +28919,7 @@ static int MakeSignature(CertSignCtx* certSignCtx, const byte* buf, word32 sz,
        if (!rsaKey && !eccKey && !ed25519Key && !ed448Key && !falconKey &&
            !dilithiumKey && sphincsKey) {
            word32 outSz = sigSz;
-            ret = wc_sphincs_sign_msg(buf, sz, sig, &outSz, sphincsKey);
+            ret = wc_sphincs_sign_msg(buf, sz, sig, &outSz, sphincsKey, rng);
            if (ret == 0)
                ret = outSz;
        }
--- a/wolfcrypt/src/dilithium.c
+++ b/wolfcrypt/src/dilithium.c
@ -59,7 +59,7 @@
 */
 int wc_dilithium_sign_msg(const byte* in, word32 inLen,
                          byte* out, word32 *outLen,
-                          dilithium_key* key)
+                          dilithium_key* key, WC_RNG* rng)
 {
    int ret = 0;
 #ifdef HAVE_LIBOQS
@ -107,6 +107,10 @@ int wc_dilithium_sign_msg(const byte* in, word32 inLen,
        localOutLen = *outLen;
    }

+    if (ret == 0) {
+        ret = wolfSSL_liboqsRngMutexLock(rng);
+    }
+
    if ((ret == 0) &&
        (OQS_SIG_sign(oqssig, out, &localOutLen, in, inLen, key->k)
         == OQS_ERROR)) {
@ -117,6 +121,8 @@ int wc_dilithium_sign_msg(const byte* in, word32 inLen,
        *outLen = (word32)localOutLen;
    }

+    wolfSSL_liboqsRngMutexUnlock();
+
    if (oqssig != NULL) {
        OQS_SIG_free(oqssig);
    }
--- a/wolfcrypt/src/ext_kyber.c
+++ b/wolfcrypt/src/ext_kyber.c
@ -39,6 +39,8 @@

 #if defined (HAVE_LIBOQS)

+#include <wolfssl/wolfcrypt/port/liboqs/liboqs.h>
+
 static const char* OQS_ID2name(int id) {
    switch (id) {
        case KYBER_LEVEL1: return OQS_KEM_alg_kyber_512;
@ -337,12 +339,16 @@ int wc_KyberKey_MakeKey(KyberKey* key, WC_RNG* rng)
            ret = BAD_FUNC_ARG;
        }
    }
+    if (ret == 0) {
+        ret = wolfSSL_liboqsRngMutexLock(rng);
+    }
    if (ret == 0) {
        if (OQS_KEM_keypair(kem, key->pub, key->priv) !=
            OQS_SUCCESS) {
            ret = BAD_FUNC_ARG;
        }
    }
+    wolfSSL_liboqsRngMutexUnlock();
    OQS_KEM_free(kem);
 #endif /* HAVE_LIBOQS */
 #ifdef HAVE_PQM4
@ -422,12 +428,15 @@ int wc_KyberKey_Encapsulate(KyberKey* key, unsigned char* ct, unsigned char* ss,
            ret = BAD_FUNC_ARG;
        }
    }
+    if (ret == 0) {
+        ret = wolfSSL_liboqsRngMutexLock(rng);
+    }
    if (ret == 0) {
        if (OQS_KEM_encaps(kem, ct, ss, key->pub) != OQS_SUCCESS) {
            ret = BAD_FUNC_ARG;
        }
    }
-
+    wolfSSL_liboqsRngMutexUnlock();
    OQS_KEM_free(kem);
 #endif /* HAVE_LIBOQS */
 #ifdef HAVE_PQM4
--- a/wolfcrypt/src/falcon.c
+++ b/wolfcrypt/src/falcon.c
@ -59,7 +59,7 @@
 */
 int wc_falcon_sign_msg(const byte* in, word32 inLen,
                              byte* out, word32 *outLen,
-                              falcon_key* key)
+                              falcon_key* key, WC_RNG* rng)
 {
    int ret = 0;
 #ifdef HAVE_LIBOQS
@ -101,6 +101,10 @@ int wc_falcon_sign_msg(const byte* in, word32 inLen,
        localOutLen = *outLen;
    }

+    if (ret == 0) {
+        ret = wolfSSL_liboqsRngMutexLock(rng);
+    }
+
    if ((ret == 0) &&
        (OQS_SIG_sign(oqssig, out, &localOutLen, in, inLen, key->k)
         == OQS_ERROR)) {
@ -111,6 +115,8 @@ int wc_falcon_sign_msg(const byte* in, word32 inLen,
        *outLen = (word32)localOutLen;
    }

+    wolfSSL_liboqsRngMutexUnlock();
+
    if (oqssig != NULL) {
        OQS_SIG_free(oqssig);
    }
--- a/wolfcrypt/src/include.am
+++ b/wolfcrypt/src/include.am
@ -132,7 +132,8 @@ EXTRA_DIST += wolfcrypt/src/port/ti/ti-aes.c \
              wolfcrypt/src/port/Renesas/renesas_rx64_hw_sha.c \
              wolfcrypt/src/port/Renesas/renesas_rx64_hw_util.c \
              wolfcrypt/src/port/Renesas/README.md \
-              wolfcrypt/src/port/cypress/psoc6_crypto.c
+              wolfcrypt/src/port/cypress/psoc6_crypto.c \
+              wolfcrypt/src/port/liboqs/liboqs.c

 $(ASYNC_FILES):
 	$(AM_V_at)touch $(srcdir)/$@
--- a/wolfcrypt/src/port/liboqs/liboqs.c
+++ b/wolfcrypt/src/port/liboqs/liboqs.c
@ -0,0 +1,111 @@
+/* liboqs.c
+ *
+ * Copyright (C) 2006-2023 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/*
+
+DESCRIPTION
+This library provides the support interfaces to the liboqs library providing
+implementations for Post-Quantum cryptography algorithms.
+
+*/
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+
+#include <wolfssl/wolfcrypt/port/liboqs/liboqs.h>
+
+#if defined(HAVE_LIBOQS)
+
+/* RNG for liboqs */
+static WC_RNG liboqsDefaultRNG;
+static WC_RNG* liboqsCurrentRNG;
+
+static wolfSSL_Mutex liboqsRNGMutex;
+
+static int liboqs_init = 0;
+
+
+static void wolfSSL_liboqsGetRandomData(uint8_t* buffer, size_t numOfBytes)
+{
+    int ret = wc_RNG_GenerateBlock(liboqsCurrentRNG, buffer, numOfBytes);
+    if (ret != 0) {
+        // ToDo: liboqs exits programm if RNG fails, not sure what to do here
+    }
+}
+
+int wolfSSL_liboqsInit(void)
+{
+    int ret = 0;
+
+    if (liboqs_init == 0) {
+        ret = wc_InitMutex(&liboqsRNGMutex);
+        if (ret != 0) {
+            return ret;
+        }
+        ret = wc_LockMutex(&liboqsRNGMutex);
+        if (ret != 0) {
+            return ret;
+        }
+        ret = wc_InitRng(&liboqsDefaultRNG);
+        if (ret == 0) {
+            OQS_init();
+            liboqs_init = 1;
+        }
+        liboqsCurrentRNG = &liboqsDefaultRNG;
+        wc_UnLockMutex(&liboqsRNGMutex);
+
+        OQS_randombytes_custom_algorithm(wolfSSL_liboqsGetRandomData);
+    }
+
+    return ret;
+}
+
+int wolfSSL_liboqsRngMutexLock(WC_RNG* rng)
+{
+    int ret = wolfSSL_liboqsInit();
+    if (ret == 0) {
+        ret = wc_LockMutex(&liboqsRNGMutex);
+    }
+    if (ret == 0 && rng != NULL) {
+        /* Update the pointer with the RNG to use. This is safe as we locked the mutex */
+        liboqsCurrentRNG = rng;
+    }
+    return ret;
+}
+
+int wolfSSL_liboqsRngMutexUnlock(void)
+{
+    int ret = BAD_MUTEX_E;
+
+    liboqsCurrentRNG = &liboqsDefaultRNG;
+
+    if (liboqs_init) {
+        ret = wc_UnLockMutex(&liboqsRNGMutex);
+    }
+    return ret;
+}
+
+#endif /* HAVE_LIBOQS */
--- a/wolfcrypt/src/sphincs.c
+++ b/wolfcrypt/src/sphincs.c
@ -58,7 +58,7 @@
 *          0 otherwise.
 */
 int wc_sphincs_sign_msg(const byte* in, word32 inLen, byte* out, word32 *outLen,
-                        sphincs_key* key)
+                        sphincs_key* key, WC_RNG* rng)
 {
    int ret = 0;
 #ifdef HAVE_LIBOQS
@ -135,6 +135,10 @@ int wc_sphincs_sign_msg(const byte* in, word32 inLen, byte* out, word32 *outLen,
        localOutLen = *outLen;
    }

+    if (ret == 0) {
+        ret = wolfSSL_liboqsRngMutexLock(rng);
+    }
+
    if ((ret == 0) &&
        (OQS_SIG_sign(oqssig, out, &localOutLen, in, inLen, key->k)
         == OQS_ERROR)) {
@ -145,6 +149,8 @@ int wc_sphincs_sign_msg(const byte* in, word32 inLen, byte* out, word32 *outLen,
        *outLen = (word32)localOutLen;
    }

+    wolfSSL_liboqsRngMutexUnlock();
+
    if (oqssig != NULL) {
        OQS_SIG_free(oqssig);
    }
--- a/wolfcrypt/src/wc_port.c
+++ b/wolfcrypt/src/wc_port.c
@ -127,6 +127,10 @@
    #include <wolfssl/wolfcrypt/port/psa/psa.h>
 #endif

+#if defined(HAVE_LIBOQS)
+    #include <wolfssl/wolfcrypt/port/liboqs/liboqs.h>
+#endif
+
 #if defined(FREERTOS) && defined(WOLFSSL_ESPIDF)
    #include <freertos/FreeRTOS.h>
    #include <freertos/task.h>
@ -392,6 +396,12 @@ int wolfCrypt_Init(void)
        }
        rpcmem_init();
 #endif
+
+#if defined(HAVE_LIBOQS)
+        if ((ret = wolfSSL_liboqsInit()) != 0) {
+            return ret;
+        }
+#endif
    }
    initRefCount++;

--- a/wolfssl/wolfcrypt/dilithium.h
+++ b/wolfssl/wolfcrypt/dilithium.h
@ -35,6 +35,7 @@

 #ifdef HAVE_LIBOQS
 #include <oqs/oqs.h>
+#include <wolfssl/wolfcrypt/port/liboqs/liboqs.h>
 #endif

 #ifdef __cplusplus
@ -84,7 +85,7 @@ struct dilithium_key {

 WOLFSSL_API
 int wc_dilithium_sign_msg(const byte* in, word32 inLen, byte* out, word32 *outLen,
-                       dilithium_key* key);
+                       dilithium_key* key, WC_RNG* rng);
 WOLFSSL_API
 int wc_dilithium_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
                         word32 msgLen, int* res, dilithium_key* key);
--- a/wolfssl/wolfcrypt/falcon.h
+++ b/wolfssl/wolfcrypt/falcon.h
@ -35,6 +35,7 @@

 #ifdef HAVE_LIBOQS
 #include <oqs/oqs.h>
+#include <wolfssl/wolfcrypt/port/liboqs/liboqs.h>
 #endif

 #ifdef __cplusplus
@ -79,7 +80,7 @@ struct falcon_key {

 WOLFSSL_API
 int wc_falcon_sign_msg(const byte* in, word32 inLen, byte* out, word32 *outLen,
-                       falcon_key* key);
+                       falcon_key* key, WC_RNG* rng);
 WOLFSSL_API
 int wc_falcon_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
                         word32 msgLen, int* res, falcon_key* key);
--- a/wolfssl/wolfcrypt/include.am
+++ b/wolfssl/wolfcrypt/include.am
@ -115,7 +115,8 @@ noinst_HEADERS+= \
                         wolfssl/wolfcrypt/port/Renesas/renesas_sync.h \
                         wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h \
                         wolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h \
-                         wolfssl/wolfcrypt/port/cypress/psoc6_crypto.h
+                         wolfssl/wolfcrypt/port/cypress/psoc6_crypto.h \
+                         wolfssl/wolfcrypt/port/liboqs/liboqs.h

 if BUILD_CRYPTOAUTHLIB
 nobase_include_HEADERS+= wolfssl/wolfcrypt/port/atmel/atmel.h
--- a/wolfssl/wolfcrypt/port/liboqs/liboqs.h
+++ b/wolfssl/wolfcrypt/port/liboqs/liboqs.h
@ -0,0 +1,60 @@
+/* liboqs.h
+ *
+ * Copyright (C) 2006-2023 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/*!
+    \file wolfssl/wolfcrypt/port/liboqs/liboqs.h
+*/
+/*
+
+DESCRIPTION
+This library provides the support interfaces to the liboqs library providing
+implementations for Post-Quantum cryptography algorithms.
+*/
+
+#ifndef WOLF_CRYPT_LIBOQS_H
+#define WOLF_CRYPT_LIBOQS_H
+
+#include <wolfssl/wolfcrypt/types.h>
+#include <wolfssl/wolfcrypt/random.h>
+
+
+#ifdef __cplusplus
+    extern "C" {
+#endif
+
+#if defined(HAVE_LIBOQS)
+
+#include "oqs/oqs.h"
+    
+
+int wolfSSL_liboqsInit(void);
+
+int wolfSSL_liboqsRngMutexLock(WC_RNG* rng);
+
+int wolfSSL_liboqsRngMutexUnlock(void);
+
+#endif /* HAVE_LIBOQS */
+
+#ifdef __cplusplus
+    } /* extern "C" */
+#endif
+
+#endif /* WOLF_CRYPT_LIBOQS_H */
--- a/wolfssl/wolfcrypt/settings.h
+++ b/wolfssl/wolfcrypt/settings.h
@ -1933,7 +1933,7 @@ extern void uITRON4_free(void *p) ;
    void *z_realloc(void *ptr, size_t size);
    #define realloc   z_realloc

-    #ifndef CONFIG_NET_SOCKETS_POSIX_NAMES
+    #if !defined(CONFIG_NET_SOCKETS_POSIX_NAMES) && !defined(CONFIG_POSIX_API)
    #define CONFIG_NET_SOCKETS_POSIX_NAMES
    #endif
 #endif
--- a/wolfssl/wolfcrypt/sphincs.h
+++ b/wolfssl/wolfcrypt/sphincs.h
@ -41,6 +41,7 @@

 #ifdef HAVE_LIBOQS
 #include <oqs/oqs.h>
+#include <wolfssl/wolfcrypt/port/liboqs/liboqs.h>
 #endif

 #ifdef __cplusplus
@ -99,7 +100,7 @@ struct sphincs_key {

 WOLFSSL_API
 int wc_sphincs_sign_msg(const byte* in, word32 inLen, byte* out, word32 *outLen,
-                        sphincs_key* key);
+                        sphincs_key* key, WC_RNG* rng);
 WOLFSSL_API
 int wc_sphincs_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
                          word32 msgLen, int* res, sphincs_key* key);
--- a/zephyr/CMakeLists.txt
+++ b/zephyr/CMakeLists.txt
@ -45,6 +45,7 @@ if(CONFIG_WOLFSSL)
    zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/curve448.c)
    zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/des3.c)
    zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/dh.c)
+    zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/dilithium.c)
    zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/dsa.c)
    zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/ecc.c)
    zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/ecc_fp.c)
@ -52,6 +53,7 @@ if(CONFIG_WOLFSSL)
    zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/ed25519.c)
    zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/ed448.c)
    zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/error.c)
+    zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/ext_kyber.c)
    zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/falcon.c)
    zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/fe_448.c)
    zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/fe_low_mem.c)
@ -95,6 +97,7 @@ if(CONFIG_WOLFSSL)
    zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/sp_dsp32.c)
    zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/sp_int.c)
    zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/sp_x86_64.c)
+    zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/sphincs.c)
    zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/srp.c)
    zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/tfm.c)
    zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wc_dsp.c)
@ -106,6 +109,7 @@ if(CONFIG_WOLFSSL)
    zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wolfevent.c)
    zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/wolfmath.c)

+    zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/port/liboqs/liboqs.c)
    zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/port/psa/psa.c)
    zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/port/psa/psa_aes.c)
    zephyr_library_sources(${ZEPHYR_CURRENT_MODULE_DIR}/wolfcrypt/src/port/psa/psa_hash.c)