Remove deprecated liblms and libxmss

This commit is contained in:
Tobias Frauenschläger
2026-04-23 12:35:23 +02:00
parent 71a8a55654
commit e1fefcca4f
27 changed files with 445 additions and 3032 deletions
-2
View File
@@ -700,10 +700,8 @@ add_option(WOLFSSL_LMSSHA256192
if (WOLFSSL_LMS)
list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_HAVE_LMS")
list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_WC_LMS")
set_wolfssl_definitions("WOLFSSL_HAVE_LMS" RESULT)
set_wolfssl_definitions("WOLFSSL_WC_LMS" RESULT)
if (WOLFSSL_LMSSHA256192)
list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_LMS_SHA256_192")
-4
View File
@@ -34,10 +34,6 @@ RUN git clone --single-branch https://github.com/open-quantum-safe/liboqs.git &&
RUN mkdir /opt/sources
# install liblms
RUN cd /opt/sources && git clone --single-branch https://github.com/cisco/hash-sigs.git && cd hash-sigs && git checkout b0631b8891295bf2929e68761205337b7c031726 \
&& sed -i 's/USE_OPENSSL 1/USE_OPENSSL 0/g' sha256.h && make -j4 hss_lib_thread.a
# Install pkixssh to /opt/pkixssh for X509 interop testing with wolfSSH
RUN mkdir /var/empty
RUN cd /opt/sources && wget -q -O- https://roumenpetrov.info/secsh/src/pkixssh-15.1.tar.gz | tar xzf - && cd pkixssh-15.1 && ./configure --prefix=/opt/pkixssh/ --exec-prefix=/opt/pkixssh/ && make install
+2 -2
View File
@@ -287,7 +287,6 @@ INCL_TARGS := wolfssl/callbacks.h \
wolfssl/wolfcrypt/integer.h \
wolfssl/wolfcrypt/kdf.h \
wolfssl/wolfcrypt/kyber.h \
wolfssl/wolfcrypt/lms.h \
wolfssl/wolfcrypt/logging.h \
wolfssl/wolfcrypt/md2.h \
wolfssl/wolfcrypt/md4.h \
@@ -327,11 +326,12 @@ INCL_TARGS := wolfssl/callbacks.h \
wolfssl/wolfcrypt/visibility.h \
wolfssl/wolfcrypt/wc_encrypt.h \
wolfssl/wolfcrypt/wc_kyber.h \
wolfssl/wolfcrypt/wc_lms.h \
wolfssl/wolfcrypt/wc_pkcs11.h \
wolfssl/wolfcrypt/wc_port.h \
wolfssl/wolfcrypt/wc_xmss.h \
wolfssl/wolfcrypt/wolfevent.h \
wolfssl/wolfcrypt/wolfmath.h \
wolfssl/wolfcrypt/xmss.h \
wolfssl/wolfcrypt/port/nrf51.h \
wolfssl/wolfcrypt/port/af_alg/afalg_hash.h \
wolfssl/wolfcrypt/port/af_alg/wc_afalg.h \
-2
View File
@@ -87,8 +87,6 @@
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|INtime'">true</ExcludedFromBuild>
</ClCompile>
<ClCompile Include="..\..\wolfcrypt\src\ext_kyber.c" />
<ClCompile Include="..\..\wolfcrypt\src\ext_lms.c" />
<ClCompile Include="..\..\wolfcrypt\src\ext_xmss.c" />
<ClCompile Include="..\..\wolfcrypt\src\falcon.c" />
<ClCompile Include="..\..\wolfcrypt\src\fe_448.c" />
<ClCompile Include="..\..\wolfcrypt\src\fips.c" />
+2 -11
View File
@@ -296,11 +296,7 @@ The wolfssl port in vcpkg is kept up to date by wolfSSL.
We also have vcpkg ports for wolftpm, wolfmqtt and curl.
17. Building with hash-sigs lib for LMS/HSS support [EXPERIMENTAL]
Deprecated. wolfSSL now has its own LMS/HSS implementation in wolfCrypt.
18. Building for Debian, Ubuntu, Linux Mint, and derivatives
17. Building for Debian, Ubuntu, Linux Mint, and derivatives
To generate a .deb package, configure wolfSSL with the desired
configuration. Then run `make deb` to generate a Debian package
@@ -309,7 +305,7 @@ We also have vcpkg ports for wolftpm, wolfmqtt and curl.
resulting packages are placed in the root directory of the
project.
19. Building for RHEL, Fedora, CentOS, SUSE, and openSUSE
18. Building for RHEL, Fedora, CentOS, SUSE, and openSUSE
To generate a .rpm package, configure wolfSSL with the desired
configuration. Then run `make rpm` to generate a .rpm package
@@ -317,8 +313,3 @@ We also have vcpkg ports for wolftpm, wolfmqtt and curl.
Docker container, use `make rpm-docker`. In both cases the
resulting packages are placed in the root directory of the
project.
20. Building with xmss-reference lib for XMSS/XMSS^MT support [EXPERIMENTAL]
Deprecated. wolfSSL now has its own XMMS/XMSS^MT implementation in
wolfCrypt.
+2 -149
View File
@@ -1839,7 +1839,6 @@ do
done
# XMSS
ENABLED_WC_XMSS=no
AC_ARG_ENABLE([xmss],
[AS_HELP_STRING([--enable-xmss],[Enable stateful XMSS/XMSS^MT signatures (default: disabled)])],
[ ENABLED_XMSS=$enableval ],
@@ -1865,60 +1864,7 @@ do
esac
done
# libxmss
# Get the path to xmss-reference.
ENABLED_LIBXMSS="no"
trylibxmssdir=""
AC_ARG_WITH([libxmss],
[AS_HELP_STRING([--with-libxmss=PATH],[PATH to xmss-reference root dir. (requires --enable-experimental)!])],
[
AS_IF([ test "$ENABLED_EXPERIMENTAL" != "yes" ],[ AC_MSG_ERROR([libxmss requires --enable-experimental.]) ])
AC_MSG_CHECKING([for libxmss])
trylibxmssdir=$withval
if test -e $trylibxmssdir; then
libxmss_linked=yes
else
AC_MSG_ERROR([libxmss isn't found.
If it's already installed, specify its path using --with-libxmss=/dir/])
fi
if test "$XMSS_VERIFY_ONLY" = "yes"; then
if test -e $trylibxmssdir/xmss_verify_lib.a; then
CPPFLAGS="$AM_CPPFLAGS -DHAVE_LIBXMSS -I$trylibxmssdir"
LIB_STATIC_ADD="$LIB_STATIC_ADD $trylibxmssdir/xmss_verify_lib.a"
enable_shared=no
enable_static=yes
libxmss_linked=yes
else
AC_MSG_ERROR([xmss_verify_lib.a isn't found.
If it's already installed, specify its path using --with-libxmss=/dir/])
fi
elif test -e $trylibxmssdir/xmss_lib.a; then
CPPFLAGS="$AM_CPPFLAGS -DHAVE_LIBXMSS -I$trylibxmssdir"
LIB_STATIC_ADD="$LIB_STATIC_ADD $trylibxmssdir/xmss_lib.a"
enable_shared=no
enable_static=yes
libxmss_linked=yes
else
AC_MSG_ERROR([libxmss isn't found.
If it's already installed, specify its path using --with-libxmss=/dir/])
fi
XMSS_ROOT=$trylibxmssdir
AC_MSG_RESULT([yes])
AM_CPPFLAGS="$CPPFLAGS"
AM_CFLAGS="$AM_CFLAGS -DHAVE_LIBXMSS -I$trylibxmssdir"
ENABLED_LIBXMSS="yes"
AC_SUBST([XMSS_ROOT])
],
[XMSS_ROOT=""]
)
# LMS
ENABLED_WC_LMS=no
AC_ARG_ENABLE([lms],
[AS_HELP_STRING([--enable-lms],[Enable stateful LMS/HSS signatures (default: disabled)])],
[ ENABLED_LMS=$enableval ],
@@ -1953,74 +1899,6 @@ do
esac
done
# liblms
# Get the path to the hash-sigs LMS HSS lib.
ENABLED_LIBLMS="no"
tryliblmsdir=""
AC_ARG_WITH([liblms],
[AS_HELP_STRING([--with-liblms=PATH],[PATH to hash-sigs LMS/HSS install (default /usr/local) (requires --enable-experimental)!])],
[
AS_IF([ test "$ENABLED_EXPERIMENTAL" != "yes" ],[ AC_MSG_ERROR([liblms requires --enable-experimental.]) ])
AC_MSG_CHECKING([for liblms])
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <hss.h>]], [[ param_set_t lm_type; param_set_t lm_ots_type; hss_get_public_key_len(4, &lm_type, &lm_ots_type); ]])], [ liblms_linked=yes ],[ liblms_linked=no ])
if test "x$liblms_linked" = "xno" ; then
if test "x$withval" != "xno" ; then
tryliblmsdir=$withval
fi
if test "x$withval" = "xyes" ; then
tryliblmsdir="/usr/local"
fi
# 1. If verify only build, use hss_verify.a
# 2. If normal build, by default use single-threaded hss_lib.a
# 3. If 2 not found, then use the multi-threaded hss_lib_thread.a
if test "$LMS_VERIFY_ONLY" = "yes"; then
if test -e $tryliblmsdir/hss_verify.a; then
CPPFLAGS="$AM_CPPFLAGS -DHAVE_LIBLMS -I$tryliblmsdir"
LIB_STATIC_ADD="$LIB_STATIC_ADD $tryliblmsdir/hss_verify.a"
enable_shared=no
enable_static=yes
liblms_linked=yes
else
AC_MSG_ERROR([hss_verify.a isn't found.
If it's already installed, specify its path using --with-liblms=/dir/])
fi
elif test -e $tryliblmsdir/hss_lib.a; then
CPPFLAGS="$AM_CPPFLAGS -DHAVE_LIBLMS -I$tryliblmsdir"
LIB_STATIC_ADD="$LIB_STATIC_ADD $tryliblmsdir/hss_lib.a"
enable_shared=no
enable_static=yes
liblms_linked=yes
elif test -e $tryliblmsdir/hss_lib_thread.a; then
CPPFLAGS="$AM_CPPFLAGS -DHAVE_LIBLMS -I$tryliblmsdir"
LIB_STATIC_ADD="$LIB_STATIC_ADD $tryliblmsdir/hss_lib_thread.a"
enable_shared=no
enable_static=yes
liblms_linked=yes
else
AC_MSG_ERROR([liblms isn't found.
If it's already installed, specify its path using --with-liblms=/dir/])
fi
if test "x$liblms_linked" = "xno" ; then
AC_MSG_ERROR([liblms isn't found.
If it's already installed, specify its path using --with-liblms=/dir/])
fi
AC_MSG_RESULT([yes])
AM_CPPFLAGS="$CPPFLAGS"
AM_LDFLAGS="$LDFLAGS"
else
AC_MSG_RESULT([yes])
fi
AM_CFLAGS="$AM_CFLAGS -DHAVE_LIBLMS"
ENABLED_LIBLMS="yes"
]
)
# SLH-DSA
ENABLED_SLHDSA=yes
AC_ARG_ENABLE([slhdsa],
@@ -7539,28 +7417,12 @@ fi
if test "$ENABLED_XMSS" != "no"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_XMSS"
# Use hash-sigs XMSS lib if enabled.
if test "$ENABLED_LIBXMSS" = "yes"; then
ENABLED_WC_XMSS=no
else
ENABLED_WC_XMSS=yes
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WC_XMSS"
fi
fi
# LMS CFLAG processing (after FIPS section for sandwich pattern)
if test "$ENABLED_LMS" != "no"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_LMS"
# Use hash-sigs LMS lib if enabled.
if test "$ENABLED_LIBLMS" = "yes"; then
ENABLED_WC_LMS=no
else
ENABLED_WC_LMS=yes
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WC_LMS"
fi
fi
# SLH-DSA CFLAG processing (after FIPS section for sandwich pattern)
@@ -12186,8 +12048,8 @@ AM_CONDITIONAL([BUILD_FE448], [test "x$ENABLED_FE448" = "xyes" || test "x$ENABLE
AM_CONDITIONAL([BUILD_GE448], [test "x$ENABLED_GE448" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
AM_CONDITIONAL([BUILD_CURVE448],[test "x$ENABLED_CURVE448" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
AM_CONDITIONAL([BUILD_CURVE448_SMALL],[test "x$ENABLED_CURVE448_SMALL" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
AM_CONDITIONAL([BUILD_WC_LMS],[test "x$ENABLED_WC_LMS" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"])
AM_CONDITIONAL([BUILD_WC_XMSS],[test "x$ENABLED_WC_XMSS" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"])
AM_CONDITIONAL([BUILD_WC_LMS],[test "x$ENABLED_LMS" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"])
AM_CONDITIONAL([BUILD_WC_XMSS],[test "x$ENABLED_XMSS" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"])
AM_CONDITIONAL([BUILD_WC_SLHDSA],[test "x$ENABLED_SLHDSA" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"])
AM_CONDITIONAL([BUILD_WC_MLKEM],[test "x$ENABLED_WC_MLKEM" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"])
AM_CONDITIONAL([BUILD_DILITHIUM],[test "x$ENABLED_DILITHIUM" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"])
@@ -12238,8 +12100,6 @@ AM_CONDITIONAL([BUILD_OCSP_STAPLING_MULTI],[test "x$ENABLED_CERTIFICATE_STATUS_R
AM_CONDITIONAL([BUILD_OCSP_STAPLING_V2],[test "x$ENABLED_CERTIFICATE_STATUS_REQUEST_V2" = "xyes"])
AM_CONDITIONAL([BUILD_CRL],[test "x$ENABLED_CRL" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"])
AM_CONDITIONAL([BUILD_CRL_MONITOR],[test "x$ENABLED_CRL_MONITOR" = "xyes"])
AM_CONDITIONAL([BUILD_LIBLMS],[test "x$ENABLED_LIBLMS" = "xyes"])
AM_CONDITIONAL([BUILD_LIBXMSS],[test "x$ENABLED_LIBXMSS" = "xyes"])
AM_CONDITIONAL([BUILD_LIBOQS],[test "x$ENABLED_LIBOQS" = "xyes"])
AM_CONDITIONAL([BUILD_WNR],[test "x$ENABLED_WNR" = "xyes"])
AM_CONDITIONAL([BUILD_SRP],[test "x$ENABLED_SRP" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
@@ -12741,12 +12601,7 @@ echo " * CURVE448: $ENABLED_CURVE448"
echo " * ED448: $ENABLED_ED448"
echo " * ED448 streaming: $ENABLED_ED448_STREAM"
echo " * LMS: $ENABLED_LMS"
echo " * LMS wolfSSL impl: $ENABLED_WC_LMS"
echo " * XMSS: $ENABLED_XMSS"
echo " * XMSS wolfSSL impl: $ENABLED_WC_XMSS"
if test "$ENABLED_LIBXMSS" = "yes"; then
echo " * XMSS_ROOT: $XMSS_ROOT"
fi
echo " * SLH-DSA $ENABLED_SLHDSA"
echo " * MLKEM: $ENABLED_MLKEM"
echo " * MLKEM wolfSSL impl: $ENABLED_WC_MLKEM"
@@ -12807,8 +12662,6 @@ echo " * Persistent session cache: $ENABLED_SAVESESSION"
echo " * Persistent cert cache: $ENABLED_SAVECERT"
echo " * Atomic User Record Layer: $ENABLED_ATOMICUSER"
echo " * Public Key Callbacks: $ENABLED_PKCALLBACKS"
echo " * libxmss: $ENABLED_LIBXMSS"
echo " * liblms: $ENABLED_LIBLMS"
echo " * liboqs: $ENABLED_LIBOQS"
echo " * Whitewood netRandom: $ENABLED_WNR"
echo " * Server Name Indication: $ENABLED_SNI"
-2
View File
@@ -105,7 +105,6 @@ extern "C" {
/* ------------------------------------------------- */
#if 0 /* LMS signatures */
#define WOLFSSL_HAVE_LMS
#define WOLFSSL_WC_LMS
#ifndef LMS_LEVELS
#define LMS_LEVELS 2
#endif
@@ -122,7 +121,6 @@ extern "C" {
/* ------------------------------------------------- */
#if 0 /* XMSS signatures */
#define WOLFSSL_HAVE_XMSS
#define WOLFSSL_WC_XMSS
#ifndef WOLFSSL_XMSS_MAX_HEIGHT
#define WOLFSSL_XMSS_MAX_HEIGHT 20
#endif
@@ -131,7 +131,6 @@ extern "C" {
#if 1 /* LMS */
#define WOLFSSL_HAVE_LMS
#define WOLFSSL_WC_LMS
#ifndef LMS_LEVELS
#define LMS_LEVELS 1
#endif
@@ -145,7 +144,6 @@ extern "C" {
#if 1 /* XMSS */
#define WOLFSSL_HAVE_XMSS
#define WOLFSSL_WC_XMSS
#ifndef WOLFSSL_XMSS_MAX_HEIGHT
#define WOLFSSL_XMSS_MAX_HEIGHT 32
#endif
-10
View File
@@ -158,21 +158,11 @@
#endif
#endif
#if defined(WOLFSSL_HAVE_XMSS)
#include <wolfssl/wolfcrypt/xmss.h>
#ifdef HAVE_LIBXMSS
#include <wolfssl/wolfcrypt/ext_xmss.h>
#else
#include <wolfssl/wolfcrypt/wc_xmss.h>
#endif
#endif
#if defined(WOLFSSL_HAVE_LMS)
#include <wolfssl/wolfcrypt/lms.h>
#ifdef HAVE_LIBLMS
#include <wolfssl/wolfcrypt/ext_lms.h>
#else
#include <wolfssl/wolfcrypt/wc_lms.h>
#endif
#endif
#ifdef HAVE_DILITHIUM
#include <wolfssl/wolfcrypt/dilithium.h>
#endif
-8
View File
@@ -1984,14 +1984,6 @@ src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/ext_mlkem.c
src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/liboqs/liboqs.c
endif
if BUILD_LIBLMS
src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/ext_lms.c
endif
if BUILD_LIBXMSS
src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/ext_xmss.c
endif
if BUILD_LIBZ
src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/compress.c
endif
+4 -8
View File
@@ -35539,11 +35539,9 @@ int stopOnFail = 0;
int test_wc_LmsKey_sign_verify(void);
int test_wc_LmsKey_reload_cache(void);
#if defined(WOLFSSL_HAVE_LMS) && defined(WOLFSSL_WC_LMS) && \
!defined(WOLFSSL_LMS_VERIFY_ONLY)
#if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY)
#include <wolfssl/wolfcrypt/wc_lms.h>
#include <wolfssl/wolfcrypt/lms.h>
#define LMS_TEST_PRIV_KEY_FILE "/tmp/wolfssl_test_lms.key"
@@ -35596,7 +35594,7 @@ static int test_lms_init_key(LmsKey* key, WC_RNG* rng)
return 0;
}
#endif /* WOLFSSL_HAVE_LMS && WOLFSSL_WC_LMS && !WOLFSSL_LMS_VERIFY_ONLY */
#endif /* WOLFSSL_HAVE_LMS && !WOLFSSL_LMS_VERIFY_ONLY */
/*
* Test basic LMS sign/verify with multiple signings.
@@ -35605,8 +35603,7 @@ static int test_lms_init_key(LmsKey* key, WC_RNG* rng)
int test_wc_LmsKey_sign_verify(void)
{
EXPECT_DECLS;
#if defined(WOLFSSL_HAVE_LMS) && defined(WOLFSSL_WC_LMS) && \
!defined(WOLFSSL_LMS_VERIFY_ONLY)
#if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY)
LmsKey key;
WC_RNG rng;
byte msg[] = "test message for LMS signing";
@@ -35655,8 +35652,7 @@ int test_wc_LmsKey_sign_verify(void)
int test_wc_LmsKey_reload_cache(void)
{
EXPECT_DECLS;
#if defined(WOLFSSL_HAVE_LMS) && defined(WOLFSSL_WC_LMS) && \
!defined(WOLFSSL_LMS_VERIFY_ONLY)
#if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY)
LmsKey key;
LmsKey vkey;
WC_RNG rng;
+14 -40
View File
@@ -178,20 +178,10 @@
#endif
#endif
#if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY)
#include <wolfssl/wolfcrypt/lms.h>
#ifdef HAVE_LIBLMS
#include <wolfssl/wolfcrypt/ext_lms.h>
#else
#include <wolfssl/wolfcrypt/wc_lms.h>
#endif
#include <wolfssl/wolfcrypt/wc_lms.h>
#endif
#if defined(WOLFSSL_HAVE_XMSS) && !defined(WOLFSSL_XMSS_VERIFY_ONLY)
#include <wolfssl/wolfcrypt/xmss.h>
#ifdef HAVE_LIBXMSS
#include <wolfssl/wolfcrypt/ext_xmss.h>
#else
#include <wolfssl/wolfcrypt/wc_xmss.h>
#endif
#include <wolfssl/wolfcrypt/wc_xmss.h>
#endif
#if defined(WOLFSSL_HAVE_SLHDSA)
#include <wolfssl/wolfcrypt/wc_slhdsa.h>
@@ -11894,10 +11884,8 @@ static void bench_lms_sign_verify(enum wc_LmsParm parm, byte* pub)
#ifndef WOLFSSL_WC_LMS_SMALL
do {
#ifdef WOLFSSL_WC_LMS
key.priv.inited = 0;
key.state = WC_LMS_STATE_PARMSET;
#endif
ret = wc_LmsKey_Reload(&key);
if (ret) {
printf("wc_LmsKey_Reload failed: %d\n", ret);
@@ -11918,9 +11906,6 @@ static void bench_lms_sign_verify(enum wc_LmsParm parm, byte* pub)
printf("wc_LmsKey_GetPrivLen failed: %d\n", ret);
goto exit_lms_sign_verify;
}
#ifdef HAVE_LIBLMS
break;
#endif
} while (bench_stats_check(start)
#ifdef MULTI_VALUE_STATISTICS
|| runs < minimum_runs
@@ -12039,7 +12024,7 @@ void bench_lms(void)
#ifndef WOLFSSL_NO_LMS_SHA256_256
#ifdef BENCH_LMS_SLOW_KEYGEN
#if !defined(WOLFSSL_WC_LMS) || (LMS_MAX_HEIGHT >= 15)
#if (LMS_MAX_HEIGHT >= 15)
bench_lms_keygen(WC_LMS_PARM_L1_H15_W2, pub);
bench_lms_sign_verify(WC_LMS_PARM_L1_H15_W2, pub);
bench_lms_keygen(WC_LMS_PARM_L1_H15_W4, pub);
@@ -12048,8 +12033,7 @@ void bench_lms(void)
#define LMS_PARAMS_BENCHED
#endif
#endif
#if !defined(WOLFSSL_WC_LMS) || ((LMS_MAX_LEVELS >= 2) && \
(LMS_MAX_HEIGHT >= 10))
#if (LMS_MAX_LEVELS >= 2) && (LMS_MAX_HEIGHT >= 10)
bench_lms_keygen(WC_LMS_PARM_L2_H10_W2, pub);
bench_lms_sign_verify(WC_LMS_PARM_L2_H10_W2, pub);
bench_lms_keygen(WC_LMS_PARM_L2_H10_W4, pub);
@@ -12061,7 +12045,7 @@ void bench_lms(void)
bench_lms_sign_verify(WC_LMS_PARM_L2_H10_W8, pub);
#endif
#endif
#if !defined(WOLFSSL_WC_LMS) || (LMS_MAX_LEVELS >= 3)
#if (LMS_MAX_LEVELS >= 3)
bench_lms_keygen(WC_LMS_PARM_L3_H5_W4, pub);
bench_lms_sign_verify(WC_LMS_PARM_L3_H5_W4, pub);
bench_lms_keygen(WC_LMS_PARM_L3_H5_W8, pub);
@@ -12069,17 +12053,16 @@ void bench_lms(void)
#undef LMS_PARAMS_BENCHED
#define LMS_PARAMS_BENCHED
#endif
#if !defined(WOLFSSL_WC_LMS) || ((LMS_MAX_LEVELS >= 3) && \
(LMS_MAX_HEIGHT >= 10))
#if (LMS_MAX_LEVELS >= 3) && (LMS_MAX_HEIGHT >= 10)
bench_lms_keygen(WC_LMS_PARM_L3_H10_W4, pub);
bench_lms_sign_verify(WC_LMS_PARM_L3_H10_W4, pub);
#endif
#if !defined(WOLFSSL_WC_LMS) || (LMS_MAX_LEVELS >= 4)
#if (LMS_MAX_LEVELS >= 4)
bench_lms_keygen(WC_LMS_PARM_L4_H5_W8, pub);
bench_lms_sign_verify(WC_LMS_PARM_L4_H5_W8, pub);
#endif
#if defined(WOLFSSL_WC_LMS) && !defined(LMS_PARAMS_BENCHED)
#ifndef LMS_PARAMS_BENCHED
bench_lms_keygen(WC_LMS_PARM_L1_H5_W1, pub);
bench_lms_sign_verify(WC_LMS_PARM_L1_H5_W1, pub);
#endif
@@ -12087,7 +12070,7 @@ void bench_lms(void)
#ifdef WOLFSSL_LMS_SHA256_192
#ifdef BENCH_LMS_SLOW_KEYGEN
#if !defined(WOLFSSL_WC_LMS) || (LMS_MAX_HEIGHT >= 15)
#if (LMS_MAX_HEIGHT >= 15)
bench_lms_keygen(WC_LMS_PARM_SHA256_192_L1_H15_W2, pub);
bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L1_H15_W2, pub);
bench_lms_keygen(WC_LMS_PARM_SHA256_192_L1_H15_W4, pub);
@@ -12096,8 +12079,7 @@ void bench_lms(void)
#define LMS_PARAMS_BENCHED
#endif
#endif
#if !defined(WOLFSSL_WC_LMS) || ((LMS_MAX_LEVELS >= 2) && \
(LMS_MAX_HEIGHT >= 10))
#if (LMS_MAX_LEVELS >= 2) && (LMS_MAX_HEIGHT >= 10)
bench_lms_keygen(WC_LMS_PARM_SHA256_192_L2_H10_W2, pub);
bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L2_H10_W2, pub);
bench_lms_keygen(WC_LMS_PARM_SHA256_192_L2_H10_W4, pub);
@@ -12109,7 +12091,7 @@ void bench_lms(void)
bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L2_H10_W8, pub);
#endif
#endif
#if !defined(WOLFSSL_WC_LMS) || (LMS_MAX_LEVELS >= 3)
#if (LMS_MAX_LEVELS >= 3)
bench_lms_keygen(WC_LMS_PARM_SHA256_192_L3_H5_W4, pub);
bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L3_H5_W4, pub);
bench_lms_keygen(WC_LMS_PARM_SHA256_192_L3_H5_W8, pub);
@@ -12117,17 +12099,16 @@ void bench_lms(void)
#undef LMS_PARAMS_BENCHED
#define LMS_PARAMS_BENCHED
#endif
#if !defined(WOLFSSL_WC_LMS) || ((LMS_MAX_LEVELS >= 3) && \
(LMS_MAX_HEIGHT >= 10))
#if (LMS_MAX_LEVELS >= 3) && (LMS_MAX_HEIGHT >= 10)
bench_lms_keygen(WC_LMS_PARM_SHA256_192_L3_H10_W4, pub);
bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L3_H10_W4, pub);
#endif
#if !defined(WOLFSSL_WC_LMS) || (LMS_MAX_LEVELS >= 4)
#if (LMS_MAX_LEVELS >= 4)
bench_lms_keygen(WC_LMS_PARM_SHA256_192_L4_H5_W8, pub);
bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L4_H5_W8, pub);
#endif
#if defined(WOLFSSL_WC_LMS) && !defined(LMS_PARAMS_BENCHED)
#ifndef LMS_PARAMS_BENCHED
bench_lms_keygen(WC_LMS_PARM_SHA256_192_L1_H5_W1, pub);
bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L1_H5_W1, pub);
#endif
@@ -12208,13 +12189,6 @@ static void bench_xmss_sign_verify(const char * params)
printf("wc_XmssKey_GetPubLen failed: %d\n", ret);
goto exit_xmss_sign_verify;
}
#ifndef WOLFSSL_WC_XMSS
if (pkSz != XMSS_SHA256_PUBLEN) {
printf("error: xmss pub len: got %u, expected %d\n", pkSz,
XMSS_SHA256_PUBLEN);
goto exit_xmss_sign_verify;
}
#endif
ret = wc_XmssKey_GetPrivLen(&key, &skSz);
if (ret != 0 || skSz <= 0) {
File diff suppressed because it is too large Load Diff
File diff suppressed because it is too large Load Diff
+3 -3
View File
@@ -21,7 +21,7 @@
#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
#if defined(WOLFSSL_HAVE_LMS) && defined(WOLFSSL_WC_LMS)
#if defined(WOLFSSL_HAVE_LMS)
#if FIPS_VERSION3_GE(2,0,0)
/* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */
@@ -721,7 +721,7 @@ int wc_LmsKey_SetLmsParm(LmsKey* key, enum wc_LmsParm lmsParm)
/* Set the parameters of an LMS key.
*
* Use this if you wish to set specific parameters not found in the
* wc_LmsParm predefined sets. See comments in lms.h for allowed
* wc_LmsParm predefined sets. See comments in wc_lms.h for allowed
* parameters.
*
* Key must be inited before calling this.
@@ -1597,4 +1597,4 @@ const byte * wc_LmsKey_GetKidFromPrivRaw(const byte * priv, word32 privSz)
#endif
#endif /* WOLFSSL_HAVE_LMS && WOLFSSL_WC_LMS */
#endif /* WOLFSSL_HAVE_LMS */
+2 -2
View File
@@ -48,7 +48,7 @@
#include <wolfcrypt/src/misc.c>
#endif
#if defined(WOLFSSL_HAVE_LMS) && defined(WOLFSSL_WC_LMS)
#ifdef WOLFSSL_HAVE_LMS
/* Length of R in bytes. */
#define LMS_R_LEN 4
@@ -4108,5 +4108,5 @@ int wc_hss_verify(LmsState* state, const byte* pub, const byte* msg,
return ret;
}
#endif /* WOLFSSL_HAVE_LMS && WOLFSSL_WC_LMS */
#endif /* WOLFSSL_HAVE_LMS */
+1 -1
View File
@@ -839,7 +839,7 @@ int wc_XmssKey_Init(XmssKey* key, void* heap, int devId)
/* Set the XMSS key parameter string.
*
* The input string must be one of the supported parm set names in
* the "Name" section from the table in wolfssl/wolfcrypt/xmss.h,
* the "Name" section from the table in wolfssl/wolfcrypt/wc_xmss.h,
* e.g. "XMSS-SHA2_10_256" or "XMSSMT-SHA2_20/4_256".
*
* @param [in] key The XMSS key to set.
+6 -26
View File
@@ -401,21 +401,11 @@ static const byte const_byte_array[] = "A+Gd\0\0\0";
#include <wolfssl/wolfcrypt/dilithium.h>
#endif
#if defined(WOLFSSL_HAVE_XMSS)
#include <wolfssl/wolfcrypt/xmss.h>
#ifdef HAVE_LIBXMSS
#include <wolfssl/wolfcrypt/ext_xmss.h>
#else
#include <wolfssl/wolfcrypt/wc_xmss.h>
#endif
#endif
#if defined(WOLFSSL_HAVE_LMS)
#include <wolfssl/wolfcrypt/lms.h>
#ifdef HAVE_LIBLMS
#include <wolfssl/wolfcrypt/ext_lms.h>
#else
#include <wolfssl/wolfcrypt/wc_lms.h>
#endif
#endif
#if defined(WOLFSSL_HAVE_SLHDSA)
#include <wolfssl/wolfcrypt/wc_slhdsa.h>
#endif
@@ -978,11 +968,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t scrypt_test(void);
#endif
#endif
#if defined(WOLFSSL_HAVE_LMS)
#if !defined(WOLFSSL_SMALL_STACK)
#if (defined(WOLFSSL_WC_LMS) && (LMS_MAX_HEIGHT >= 10) && \
!defined(WOLFSSL_NO_LMS_SHA256_256)) || defined(HAVE_LIBLMS)
#if !defined(WOLFSSL_SMALL_STACK) && (LMS_MAX_HEIGHT >= 10) && \
!defined(WOLFSSL_NO_LMS_SHA256_256)
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test_verify_only(void);
#endif
#endif
#if !defined(WOLFSSL_LMS_VERIFY_ONLY)
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test(void);
@@ -3178,14 +3166,12 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
#endif /* if defined(WOLFSSL_HAVE_XMSS) */
#if defined(WOLFSSL_HAVE_LMS)
#if !defined(WOLFSSL_SMALL_STACK)
#if (defined(WOLFSSL_WC_LMS) && (LMS_MAX_HEIGHT >= 10) && \
!defined(WOLFSSL_NO_LMS_SHA256_256)) || defined(HAVE_LIBLMS)
#if !defined(WOLFSSL_SMALL_STACK) && (LMS_MAX_HEIGHT >= 10) && \
!defined(WOLFSSL_NO_LMS_SHA256_256)
if ( (ret = lms_test_verify_only()) != 0)
TEST_FAIL("LMS Vfy test failed!\n", ret);
else
TEST_PASS("LMS Vfy test passed!\n");
#endif
#endif
#if !defined(WOLFSSL_LMS_VERIFY_ONLY)
@@ -53463,10 +53449,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test(void)
#else
byte sig[WC_TEST_LMS_SIG_LEN];
#endif
#if !defined(HAVE_LIBLMS)
const byte * kid;
word32 kidSz;
#endif
WOLFSSL_ENTER("lms_test");
@@ -53525,7 +53509,6 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test(void)
XMEMCPY(old_priv, priv, sizeof(priv));
#if !defined(HAVE_LIBLMS)
ret = wc_LmsKey_GetKid(NULL, NULL, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
@@ -53552,7 +53535,6 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test(void)
if (kidSz != WC_LMS_I_LEN) {
ERROR_OUT(WC_TEST_RET_ENC_I(kidSz), out);
}
#endif
ret = wc_LmsKey_ExportPub(&verifyKey, &signingKey);
if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); }
@@ -53663,9 +53645,8 @@ out:
#endif /* if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY) */
#if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_SMALL_STACK)
#if (defined(WOLFSSL_WC_LMS) && (LMS_MAX_HEIGHT >= 10) && \
!defined(WOLFSSL_NO_LMS_SHA256_256)) || defined(HAVE_LIBLMS)
#if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_SMALL_STACK) && \
(LMS_MAX_HEIGHT >= 10) && !defined(WOLFSSL_NO_LMS_SHA256_256)
/* A simple LMS verify only test.
*
@@ -54009,7 +53990,6 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test_verify_only(void)
return ret;
}
#endif
#endif /* if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_SMALL_STACK) */
#if defined(WOLFSSL_HAVE_SLHDSA)
+1 -2
View File
@@ -314,8 +314,7 @@ extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t scrypt_test(void);
#endif
#if defined(WOLFSSL_HAVE_LMS)
#if !defined(WOLFSSL_SMALL_STACK)
#if (defined(WOLFSSL_WC_LMS) && (LMS_MAX_HEIGHT >= 10) && \
!defined(WOLFSSL_NO_LMS_SHA256_256)) || defined(HAVE_LIBLMS)
#if (LMS_MAX_HEIGHT >= 10) && !defined(WOLFSSL_NO_LMS_SHA256_256)
extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test_verify_only(void);
#endif
#endif
-62
View File
@@ -1,62 +0,0 @@
/* ext_lms.h
*
* Copyright (C) 2006-2026 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#ifndef EXT_LMS_H
#define EXT_LMS_H
#if defined(WOLFSSL_HAVE_LMS) && defined(HAVE_LIBLMS)
#include <wolfssl/wolfcrypt/lms.h>
/* hash-sigs LMS HSS includes */
#include <hss.h>
#if defined(WOLFSSL_WC_LMS)
#error "This code is incompatible with wolfCrypt's implementation of LMS."
#endif
/*
* The hash-sigs LMS lib supports from MIN_HSS_LEVELS to MAX_HSS_LEVELS
* number of levels of Merkle trees. It allows for the tree height and
* winternitz parameter to be unique per level.
*/
/* hss structs */
typedef struct hss_working_key hss_working_key;
typedef struct hss_extra_info hss_extra_info;
struct LmsKey {
unsigned levels; /* Number of tree levels. */
param_set_t lm_type[MAX_HSS_LEVELS]; /* Height param per level. */
param_set_t lm_ots_type[MAX_HSS_LEVELS]; /* Winternitz param per level. */
unsigned char pub[HSS_MAX_PUBLIC_KEY_LEN];
#ifndef WOLFSSL_LMS_VERIFY_ONLY
hss_working_key * working_key;
wc_lms_write_private_key_cb write_private_key; /* Callback to write/update key. */
wc_lms_read_private_key_cb read_private_key; /* Callback to read key. */
void * context; /* Context arg passed to callbacks. */
hss_extra_info info;
#endif /* ifndef WOLFSSL_LMS_VERIFY_ONLY */
enum wc_LmsState state;
};
#endif /* WOLFSSL_HAVE_LMS */
#endif /* EXT_LMS_H */
-53
View File
@@ -1,53 +0,0 @@
/* ext_xmss.h
*
* Copyright (C) 2006-2026 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#ifndef EXT_XMSS_H
#define EXT_XMSS_H
#if defined(WOLFSSL_HAVE_XMSS) && defined(HAVE_LIBXMSS)
#include <wolfssl/wolfcrypt/xmss.h>
#include <xmss.h>
#include <params.h>
#if defined(WOLFSSL_WC_XMSS)
#error "This code is incompatible with wolfCrypt's implementation of XMSS."
#endif
struct XmssKey {
unsigned char pk[XMSS_SHA256_PUBLEN];
word32 oid;
int is_xmssmt;
xmss_params params;
#ifndef WOLFSSL_XMSS_VERIFY_ONLY
/* The secret key length is a function of xmss_params. */
unsigned char * sk;
word32 sk_len;
wc_xmss_write_private_key_cb write_private_key; /* Callback to write/update key. */
wc_xmss_read_private_key_cb read_private_key; /* Callback to read key. */
void * context; /* Context arg passed to callbacks. */
#endif /* ifndef WOLFSSL_XMSS_VERIFY_ONLY */
enum wc_XmssState state;
};
#endif /* WOLFSSL_HAVE_XMSS */
#endif /* EXT_XMSS_H */
-4
View File
@@ -83,12 +83,8 @@ nobase_include_HEADERS+= \
wolfssl/wolfcrypt/sm2.h \
wolfssl/wolfcrypt/sm3.h \
wolfssl/wolfcrypt/sm4.h \
wolfssl/wolfcrypt/lms.h \
wolfssl/wolfcrypt/wc_lms.h \
wolfssl/wolfcrypt/ext_lms.h \
wolfssl/wolfcrypt/xmss.h \
wolfssl/wolfcrypt/wc_xmss.h \
wolfssl/wolfcrypt/ext_xmss.h \
wolfssl/wolfcrypt/wc_slhdsa.h \
wolfssl/wolfcrypt/puf.h \
wolfssl/wolfcrypt/oid_sum.h
-266
View File
@@ -1,266 +0,0 @@
/* lms.h
*
* Copyright (C) 2006-2026 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/*!
\file wolfssl/wolfcrypt/lms.h
*/
#ifndef WOLF_CRYPT_LMS_H
#define WOLF_CRYPT_LMS_H
#include <wolfssl/wolfcrypt/types.h>
#include <wolfssl/wolfcrypt/random.h>
#ifdef WOLFSSL_HAVE_LMS
/* Length of the Key ID. */
#define WC_LMS_I_LEN 16
typedef struct LmsKey LmsKey;
/* Private key write and read callbacks. */
typedef int (*wc_lms_write_private_key_cb)(const byte * priv, word32 privSz, void *context);
typedef int (*wc_lms_read_private_key_cb)(byte * priv, word32 privSz, void *context);
/* Return codes returned by private key callbacks. */
enum wc_LmsRc {
WC_LMS_RC_NONE,
WC_LMS_RC_BAD_ARG, /* Bad arg in read or write callback. */
WC_LMS_RC_WRITE_FAIL, /* Write or update private key failed. */
WC_LMS_RC_READ_FAIL, /* Read private key failed. */
WC_LMS_RC_SAVED_TO_NV_MEMORY, /* Wrote private key to nonvolatile storage. */
WC_LMS_RC_READ_TO_MEMORY /* Read private key from storage. */
};
/* LMS/HSS signatures are defined by 3 parameters:
* levels: number of levels of Merkle trees.
* height: height of an individual Merkle tree.
* winternitz: number of bits from hash used in a Winternitz chain.
*
* The acceptable parameter values are those in RFC8554:
* levels = {1..8}
* height = {5, 10, 15, 20, 25}
* winternitz = {1, 2, 4, 8}
*
* The number of available signatures is:
* N = 2 ** (levels * height)
*
* Signature sizes are determined by levels and winternitz
* parameters primarily, and height to a lesser extent:
* - Larger levels values increase signature size significantly.
* - Larger height values increase signature size moderately.
* - Larger winternitz values will reduce the signature size, at
* the expense of longer key generation and sign/verify times.
*
* Key generation time is strongly determined by the height of
* the first level tree. A 3 level, 5 height tree is much faster
* than 1 level, 15 height at initial key gen, even if the number
* of available signatures is the same.
* */
/* Predefined LMS/HSS parameter sets for convenience.
*
* Not predefining many sets with Winternitz=1, because the signatures
* will be large. */
enum wc_LmsParm {
#ifndef WOLFSSL_NO_LMS_SHA256_256
WC_LMS_PARM_NONE = 0,
WC_LMS_PARM_L1_H5_W1 = 1,
WC_LMS_PARM_L1_H5_W2 = 2,
WC_LMS_PARM_L1_H5_W4 = 3,
WC_LMS_PARM_L1_H5_W8 = 4,
WC_LMS_PARM_L1_H10_W2 = 5,
WC_LMS_PARM_L1_H10_W4 = 6,
WC_LMS_PARM_L1_H10_W8 = 7,
WC_LMS_PARM_L1_H15_W2 = 8,
WC_LMS_PARM_L1_H15_W4 = 9,
WC_LMS_PARM_L1_H15_W8 = 10,
WC_LMS_PARM_L1_H20_W2 = 11,
WC_LMS_PARM_L1_H20_W4 = 12,
WC_LMS_PARM_L1_H20_W8 = 13,
WC_LMS_PARM_L2_H5_W2 = 14,
WC_LMS_PARM_L2_H5_W4 = 15,
WC_LMS_PARM_L2_H5_W8 = 16,
WC_LMS_PARM_L2_H10_W2 = 17,
WC_LMS_PARM_L2_H10_W4 = 18,
WC_LMS_PARM_L2_H10_W8 = 19,
WC_LMS_PARM_L2_H15_W2 = 20,
WC_LMS_PARM_L2_H15_W4 = 21,
WC_LMS_PARM_L2_H15_W8 = 22,
WC_LMS_PARM_L2_H20_W2 = 23,
WC_LMS_PARM_L2_H20_W4 = 24,
WC_LMS_PARM_L2_H20_W8 = 25,
WC_LMS_PARM_L3_H5_W2 = 26,
WC_LMS_PARM_L3_H5_W4 = 27,
WC_LMS_PARM_L3_H5_W8 = 28,
WC_LMS_PARM_L3_H10_W4 = 29,
WC_LMS_PARM_L3_H10_W8 = 30,
WC_LMS_PARM_L4_H5_W2 = 31,
WC_LMS_PARM_L4_H5_W4 = 32,
WC_LMS_PARM_L4_H5_W8 = 33,
WC_LMS_PARM_L4_H10_W4 = 34,
WC_LMS_PARM_L4_H10_W8 = 35,
/* H25 parameter sets for SHA-256/256 */
WC_LMS_PARM_L1_H25_W1 = 56,
WC_LMS_PARM_L1_H25_W2 = 57,
WC_LMS_PARM_L1_H25_W4 = 58,
WC_LMS_PARM_L1_H25_W8 = 59,
/* W1 for non-H5 heights */
WC_LMS_PARM_L1_H10_W1 = 60,
WC_LMS_PARM_L1_H15_W1 = 61,
WC_LMS_PARM_L1_H20_W1 = 62,
#endif
#ifdef WOLFSSL_LMS_SHA256_192
WC_LMS_PARM_SHA256_192_L1_H5_W1 = 36,
WC_LMS_PARM_SHA256_192_L1_H5_W2 = 37,
WC_LMS_PARM_SHA256_192_L1_H5_W4 = 38,
WC_LMS_PARM_SHA256_192_L1_H5_W8 = 39,
WC_LMS_PARM_SHA256_192_L1_H10_W2 = 40,
WC_LMS_PARM_SHA256_192_L1_H10_W4 = 41,
WC_LMS_PARM_SHA256_192_L1_H10_W8 = 42,
WC_LMS_PARM_SHA256_192_L1_H15_W2 = 43,
WC_LMS_PARM_SHA256_192_L1_H15_W4 = 44,
WC_LMS_PARM_SHA256_192_L1_H20_W2 = 53,
WC_LMS_PARM_SHA256_192_L1_H20_W4 = 54,
WC_LMS_PARM_SHA256_192_L1_H20_W8 = 55,
WC_LMS_PARM_SHA256_192_L2_H10_W2 = 45,
WC_LMS_PARM_SHA256_192_L2_H10_W4 = 46,
WC_LMS_PARM_SHA256_192_L2_H10_W8 = 47,
WC_LMS_PARM_SHA256_192_L3_H5_W2 = 48,
WC_LMS_PARM_SHA256_192_L3_H5_W4 = 49,
WC_LMS_PARM_SHA256_192_L3_H5_W8 = 50,
WC_LMS_PARM_SHA256_192_L3_H10_W4 = 51,
WC_LMS_PARM_SHA256_192_L4_H5_W8 = 52,
/* H25 for SHA-256/192 */
WC_LMS_PARM_SHA256_192_L1_H25_W1 = 63,
WC_LMS_PARM_SHA256_192_L1_H25_W2 = 64,
WC_LMS_PARM_SHA256_192_L1_H25_W4 = 65,
WC_LMS_PARM_SHA256_192_L1_H25_W8 = 66,
/* W1 for non-H5 heights (SHA-256/192) */
WC_LMS_PARM_SHA256_192_L1_H10_W1 = 67,
WC_LMS_PARM_SHA256_192_L1_H15_W1 = 68,
WC_LMS_PARM_SHA256_192_L1_H20_W1 = 69,
WC_LMS_PARM_SHA256_192_L1_H15_W8 = 70,
#endif
#ifdef WOLFSSL_LMS_SHAKE256
/* SHAKE256/256, 32-byte output */
WC_LMS_PARM_SHAKE_L1_H5_W1 = 100,
WC_LMS_PARM_SHAKE_L1_H5_W2 = 101,
WC_LMS_PARM_SHAKE_L1_H5_W4 = 102,
WC_LMS_PARM_SHAKE_L1_H5_W8 = 103,
WC_LMS_PARM_SHAKE_L1_H10_W1 = 104,
WC_LMS_PARM_SHAKE_L1_H10_W2 = 105,
WC_LMS_PARM_SHAKE_L1_H10_W4 = 106,
WC_LMS_PARM_SHAKE_L1_H10_W8 = 107,
WC_LMS_PARM_SHAKE_L1_H15_W1 = 108,
WC_LMS_PARM_SHAKE_L1_H15_W2 = 109,
WC_LMS_PARM_SHAKE_L1_H15_W4 = 110,
WC_LMS_PARM_SHAKE_L1_H15_W8 = 111,
WC_LMS_PARM_SHAKE_L1_H20_W1 = 112,
WC_LMS_PARM_SHAKE_L1_H20_W2 = 113,
WC_LMS_PARM_SHAKE_L1_H20_W4 = 114,
WC_LMS_PARM_SHAKE_L1_H20_W8 = 115,
WC_LMS_PARM_SHAKE_L1_H25_W1 = 116,
WC_LMS_PARM_SHAKE_L1_H25_W2 = 117,
WC_LMS_PARM_SHAKE_L1_H25_W4 = 118,
WC_LMS_PARM_SHAKE_L1_H25_W8 = 119,
/* SHAKE256/192, 24-byte output */
WC_LMS_PARM_SHAKE192_L1_H5_W1 = 120,
WC_LMS_PARM_SHAKE192_L1_H5_W2 = 121,
WC_LMS_PARM_SHAKE192_L1_H5_W4 = 122,
WC_LMS_PARM_SHAKE192_L1_H5_W8 = 123,
WC_LMS_PARM_SHAKE192_L1_H10_W1 = 124,
WC_LMS_PARM_SHAKE192_L1_H10_W2 = 125,
WC_LMS_PARM_SHAKE192_L1_H10_W4 = 126,
WC_LMS_PARM_SHAKE192_L1_H10_W8 = 127,
WC_LMS_PARM_SHAKE192_L1_H15_W1 = 128,
WC_LMS_PARM_SHAKE192_L1_H15_W2 = 129,
WC_LMS_PARM_SHAKE192_L1_H15_W4 = 130,
WC_LMS_PARM_SHAKE192_L1_H15_W8 = 131,
WC_LMS_PARM_SHAKE192_L1_H20_W1 = 132,
WC_LMS_PARM_SHAKE192_L1_H20_W2 = 133,
WC_LMS_PARM_SHAKE192_L1_H20_W4 = 134,
WC_LMS_PARM_SHAKE192_L1_H20_W8 = 135,
WC_LMS_PARM_SHAKE192_L1_H25_W1 = 136,
WC_LMS_PARM_SHAKE192_L1_H25_W2 = 137,
WC_LMS_PARM_SHAKE192_L1_H25_W4 = 138,
WC_LMS_PARM_SHAKE192_L1_H25_W8 = 139,
#endif
};
/* enum wc_LmsState is to help track the state of an LMS/HSS Key. */
enum wc_LmsState {
WC_LMS_STATE_FREED, /* Key has been freed from memory. */
WC_LMS_STATE_INITED, /* Key has been inited, ready to set params.*/
WC_LMS_STATE_PARMSET, /* Params are set, ready to MakeKey or Reload. */
WC_LMS_STATE_OK, /* Able to sign signatures and verify. */
WC_LMS_STATE_VERIFYONLY, /* A public only LmsKey. */
WC_LMS_STATE_BAD, /* Can't guarantee key's state. */
WC_LMS_STATE_NOSIGS /* Signatures exhausted. */
};
#ifdef __cplusplus
extern "C" {
#endif
WOLFSSL_API int wc_LmsKey_Init(LmsKey * key, void * heap, int devId);
WOLFSSL_API int wc_LmsKey_SetLmsParm(LmsKey * key, enum wc_LmsParm lmsParm);
WOLFSSL_API int wc_LmsKey_SetParameters(LmsKey * key, int levels,
int height, int winternitz);
WOLFSSL_API int wc_LmsKey_GetParameters(const LmsKey * key, int * levels,
int * height, int * winternitz);
#ifndef WOLFSSL_LMS_VERIFY_ONLY
WOLFSSL_API int wc_LmsKey_SetWriteCb(LmsKey * key,
wc_lms_write_private_key_cb write_cb);
WOLFSSL_API int wc_LmsKey_SetReadCb(LmsKey * key,
wc_lms_read_private_key_cb read_cb);
WOLFSSL_API int wc_LmsKey_SetContext(LmsKey * key, void * context);
WOLFSSL_API int wc_LmsKey_MakeKey(LmsKey * key, WC_RNG * rng);
WOLFSSL_API int wc_LmsKey_Reload(LmsKey * key);
WOLFSSL_API int wc_LmsKey_GetPrivLen(const LmsKey * key, word32 * len);
WOLFSSL_API int wc_LmsKey_Sign(LmsKey * key, byte * sig, word32 * sigSz,
const byte * msg, int msgSz);
WOLFSSL_API int wc_LmsKey_SigsLeft(LmsKey * key);
#endif /* ifndef WOLFSSL_LMS_VERIFY_ONLY */
WOLFSSL_API void wc_LmsKey_Free(LmsKey * key);
WOLFSSL_API int wc_LmsKey_GetSigLen(const LmsKey * key, word32 * len);
WOLFSSL_API int wc_LmsKey_GetPubLen(const LmsKey * key, word32 * len);
WOLFSSL_API int wc_LmsKey_ExportPub(LmsKey * keyDst, const LmsKey * keySrc);
WOLFSSL_API int wc_LmsKey_ExportPubRaw(const LmsKey * key, byte * out,
word32 * outLen);
WOLFSSL_API int wc_LmsKey_ImportPubRaw(LmsKey * key, const byte * in,
word32 inLen);
WOLFSSL_API int wc_LmsKey_Verify(LmsKey * key, const byte * sig, word32 sigSz,
const byte * msg, int msgSz);
WOLFSSL_API const char * wc_LmsKey_ParmToStr(enum wc_LmsParm lmsParm);
WOLFSSL_API const char * wc_LmsKey_RcToStr(enum wc_LmsRc lmsRc);
WOLFSSL_API int wc_LmsKey_GetKid(LmsKey * key, const byte ** kid,
word32* kidSz);
WOLFSSL_API const byte * wc_LmsKey_GetKidFromPrivRaw(const byte * priv,
word32 privSz);
#ifdef __cplusplus
} /* extern "C" */
#endif
#endif /* WOLFSSL_HAVE_LMS */
#endif /* WOLF_CRYPT_LMS_H */
+3 -5
View File
@@ -4596,8 +4596,6 @@ extern void uITRON4_free(void *p) ;
#endif
#if (defined(HAVE_LIBOQS) || \
defined(HAVE_LIBXMSS) || \
defined(HAVE_LIBLMS) || \
defined(WOLFSSL_DUAL_ALG_CERTS) || \
defined(HAVE_ASCON)) && \
!defined(WOLFSSL_EXPERIMENTAL_SETTINGS)
@@ -4658,15 +4656,15 @@ extern void uITRON4_free(void *p) ;
/* (D)TLS v1.3 requires 64-bit number wrappers as does XMSS and LMS. */
#if defined(WOLFSSL_TLS13) || defined(WOLFSSL_DTLS_DROP_STATS) || \
(defined(WOLFSSL_WC_XMSS) && (!defined(WOLFSSL_XMSS_MAX_HEIGHT) || \
WOLFSSL_XMSS_MAX_HEIGHT > 32)) || (defined(WOLFSSL_WC_LMS) && \
(defined(WOLFSSL_HAVE_XMSS) && (!defined(WOLFSSL_XMSS_MAX_HEIGHT) || \
WOLFSSL_XMSS_MAX_HEIGHT > 32)) || (defined(WOLFSSL_HAVE_LMS) && \
!defined(WOLFSSL_LMS_VERIFY_ONLY))
#undef WOLFSSL_W64_WRAPPER
#define WOLFSSL_W64_WRAPPER
#endif
/* wc_xmss and wc_lms require these misc.c functions. */
#if defined(WOLFSSL_WC_XMSS) || defined(WOLFSSL_WC_LMS)
#if defined(WOLFSSL_HAVE_XMSS) || defined(WOLFSSL_HAVE_LMS)
#undef WOLFSSL_NO_INT_ENCODE
#undef WOLFSSL_NO_INT_DECODE
#endif
+241 -6
View File
@@ -19,6 +19,10 @@
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/*!
\file wolfssl/wolfcrypt/wc_lms.h
*/
/* Implementation based on:
* RFC 8554: Leighton-Micali Hash-Based Signatures
* https://datatracker.ietf.org/doc/html/rfc8554
@@ -58,7 +62,7 @@
* C = Cache bits
* To mimic the dynamic memory usage of XMSS, use 3/3.
*
* WOLFSSL_LMS_NO_SIGN SMOOTHING Default: OFF
* WOLFSSL_LMS_NO_SIGN_SMOOTHING Default: OFF
* Disable precalculation of next subtree.
* Use less dynamic memory.
* At certain indexes, signing will take a long time compared to the mean.
@@ -90,9 +94,9 @@
#include <wolfssl/wolfcrypt/types.h>
#if defined(WOLFSSL_HAVE_LMS) && defined(WOLFSSL_WC_LMS)
#ifdef WOLFSSL_HAVE_LMS
#include <wolfssl/wolfcrypt/lms.h>
#include <wolfssl/wolfcrypt/random.h>
#include <wolfssl/wolfcrypt/sha256.h>
#ifdef WOLFSSL_LMS_SHAKE256
#include <wolfssl/wolfcrypt/sha3.h>
@@ -104,6 +108,192 @@
#define WC_LMS_FULL_HASH
#endif
/* Length of the Key ID. */
#define WC_LMS_I_LEN 16
/* Private key write and read callbacks. */
typedef int (*wc_lms_write_private_key_cb)(const byte * priv, word32 privSz, void *context);
typedef int (*wc_lms_read_private_key_cb)(byte * priv, word32 privSz, void *context);
/* Return codes returned by private key callbacks. */
enum wc_LmsRc {
WC_LMS_RC_NONE,
WC_LMS_RC_BAD_ARG, /* Bad arg in read or write callback. */
WC_LMS_RC_WRITE_FAIL, /* Write or update private key failed. */
WC_LMS_RC_READ_FAIL, /* Read private key failed. */
WC_LMS_RC_SAVED_TO_NV_MEMORY, /* Wrote private key to nonvolatile storage. */
WC_LMS_RC_READ_TO_MEMORY /* Read private key from storage. */
};
/* LMS/HSS signatures are defined by 3 parameters:
* levels: number of levels of Merkle trees.
* height: height of an individual Merkle tree.
* winternitz: number of bits from hash used in a Winternitz chain.
*
* The acceptable parameter values are those in RFC8554:
* levels = {1..8}
* height = {5, 10, 15, 20, 25}
* winternitz = {1, 2, 4, 8}
*
* The number of available signatures is:
* N = 2 ** (levels * height)
*
* Signature sizes are determined by levels and winternitz
* parameters primarily, and height to a lesser extent:
* - Larger levels values increase signature size significantly.
* - Larger height values increase signature size moderately.
* - Larger winternitz values will reduce the signature size, at
* the expense of longer key generation and sign/verify times.
*
* Key generation time is strongly determined by the height of
* the first level tree. A 3 level, 5 height tree is much faster
* than 1 level, 15 height at initial key gen, even if the number
* of available signatures is the same.
* */
/* Predefined LMS/HSS parameter sets for convenience.
*
* Not predefining many sets with Winternitz=1, because the signatures
* will be large. */
enum wc_LmsParm {
#ifndef WOLFSSL_NO_LMS_SHA256_256
WC_LMS_PARM_NONE = 0,
WC_LMS_PARM_L1_H5_W1 = 1,
WC_LMS_PARM_L1_H5_W2 = 2,
WC_LMS_PARM_L1_H5_W4 = 3,
WC_LMS_PARM_L1_H5_W8 = 4,
WC_LMS_PARM_L1_H10_W2 = 5,
WC_LMS_PARM_L1_H10_W4 = 6,
WC_LMS_PARM_L1_H10_W8 = 7,
WC_LMS_PARM_L1_H15_W2 = 8,
WC_LMS_PARM_L1_H15_W4 = 9,
WC_LMS_PARM_L1_H15_W8 = 10,
WC_LMS_PARM_L1_H20_W2 = 11,
WC_LMS_PARM_L1_H20_W4 = 12,
WC_LMS_PARM_L1_H20_W8 = 13,
WC_LMS_PARM_L2_H5_W2 = 14,
WC_LMS_PARM_L2_H5_W4 = 15,
WC_LMS_PARM_L2_H5_W8 = 16,
WC_LMS_PARM_L2_H10_W2 = 17,
WC_LMS_PARM_L2_H10_W4 = 18,
WC_LMS_PARM_L2_H10_W8 = 19,
WC_LMS_PARM_L2_H15_W2 = 20,
WC_LMS_PARM_L2_H15_W4 = 21,
WC_LMS_PARM_L2_H15_W8 = 22,
WC_LMS_PARM_L2_H20_W2 = 23,
WC_LMS_PARM_L2_H20_W4 = 24,
WC_LMS_PARM_L2_H20_W8 = 25,
WC_LMS_PARM_L3_H5_W2 = 26,
WC_LMS_PARM_L3_H5_W4 = 27,
WC_LMS_PARM_L3_H5_W8 = 28,
WC_LMS_PARM_L3_H10_W4 = 29,
WC_LMS_PARM_L3_H10_W8 = 30,
WC_LMS_PARM_L4_H5_W2 = 31,
WC_LMS_PARM_L4_H5_W4 = 32,
WC_LMS_PARM_L4_H5_W8 = 33,
WC_LMS_PARM_L4_H10_W4 = 34,
WC_LMS_PARM_L4_H10_W8 = 35,
/* H25 parameter sets for SHA-256/256 */
WC_LMS_PARM_L1_H25_W1 = 56,
WC_LMS_PARM_L1_H25_W2 = 57,
WC_LMS_PARM_L1_H25_W4 = 58,
WC_LMS_PARM_L1_H25_W8 = 59,
/* W1 for non-H5 heights */
WC_LMS_PARM_L1_H10_W1 = 60,
WC_LMS_PARM_L1_H15_W1 = 61,
WC_LMS_PARM_L1_H20_W1 = 62,
#endif
#ifdef WOLFSSL_LMS_SHA256_192
WC_LMS_PARM_SHA256_192_L1_H5_W1 = 36,
WC_LMS_PARM_SHA256_192_L1_H5_W2 = 37,
WC_LMS_PARM_SHA256_192_L1_H5_W4 = 38,
WC_LMS_PARM_SHA256_192_L1_H5_W8 = 39,
WC_LMS_PARM_SHA256_192_L1_H10_W2 = 40,
WC_LMS_PARM_SHA256_192_L1_H10_W4 = 41,
WC_LMS_PARM_SHA256_192_L1_H10_W8 = 42,
WC_LMS_PARM_SHA256_192_L1_H15_W2 = 43,
WC_LMS_PARM_SHA256_192_L1_H15_W4 = 44,
WC_LMS_PARM_SHA256_192_L1_H20_W2 = 53,
WC_LMS_PARM_SHA256_192_L1_H20_W4 = 54,
WC_LMS_PARM_SHA256_192_L1_H20_W8 = 55,
WC_LMS_PARM_SHA256_192_L2_H10_W2 = 45,
WC_LMS_PARM_SHA256_192_L2_H10_W4 = 46,
WC_LMS_PARM_SHA256_192_L2_H10_W8 = 47,
WC_LMS_PARM_SHA256_192_L3_H5_W2 = 48,
WC_LMS_PARM_SHA256_192_L3_H5_W4 = 49,
WC_LMS_PARM_SHA256_192_L3_H5_W8 = 50,
WC_LMS_PARM_SHA256_192_L3_H10_W4 = 51,
WC_LMS_PARM_SHA256_192_L4_H5_W8 = 52,
/* H25 for SHA-256/192 */
WC_LMS_PARM_SHA256_192_L1_H25_W1 = 63,
WC_LMS_PARM_SHA256_192_L1_H25_W2 = 64,
WC_LMS_PARM_SHA256_192_L1_H25_W4 = 65,
WC_LMS_PARM_SHA256_192_L1_H25_W8 = 66,
/* W1 for non-H5 heights (SHA-256/192) */
WC_LMS_PARM_SHA256_192_L1_H10_W1 = 67,
WC_LMS_PARM_SHA256_192_L1_H15_W1 = 68,
WC_LMS_PARM_SHA256_192_L1_H20_W1 = 69,
WC_LMS_PARM_SHA256_192_L1_H15_W8 = 70,
#endif
#ifdef WOLFSSL_LMS_SHAKE256
/* SHAKE256/256, 32-byte output */
WC_LMS_PARM_SHAKE_L1_H5_W1 = 100,
WC_LMS_PARM_SHAKE_L1_H5_W2 = 101,
WC_LMS_PARM_SHAKE_L1_H5_W4 = 102,
WC_LMS_PARM_SHAKE_L1_H5_W8 = 103,
WC_LMS_PARM_SHAKE_L1_H10_W1 = 104,
WC_LMS_PARM_SHAKE_L1_H10_W2 = 105,
WC_LMS_PARM_SHAKE_L1_H10_W4 = 106,
WC_LMS_PARM_SHAKE_L1_H10_W8 = 107,
WC_LMS_PARM_SHAKE_L1_H15_W1 = 108,
WC_LMS_PARM_SHAKE_L1_H15_W2 = 109,
WC_LMS_PARM_SHAKE_L1_H15_W4 = 110,
WC_LMS_PARM_SHAKE_L1_H15_W8 = 111,
WC_LMS_PARM_SHAKE_L1_H20_W1 = 112,
WC_LMS_PARM_SHAKE_L1_H20_W2 = 113,
WC_LMS_PARM_SHAKE_L1_H20_W4 = 114,
WC_LMS_PARM_SHAKE_L1_H20_W8 = 115,
WC_LMS_PARM_SHAKE_L1_H25_W1 = 116,
WC_LMS_PARM_SHAKE_L1_H25_W2 = 117,
WC_LMS_PARM_SHAKE_L1_H25_W4 = 118,
WC_LMS_PARM_SHAKE_L1_H25_W8 = 119,
/* SHAKE256/192, 24-byte output */
WC_LMS_PARM_SHAKE192_L1_H5_W1 = 120,
WC_LMS_PARM_SHAKE192_L1_H5_W2 = 121,
WC_LMS_PARM_SHAKE192_L1_H5_W4 = 122,
WC_LMS_PARM_SHAKE192_L1_H5_W8 = 123,
WC_LMS_PARM_SHAKE192_L1_H10_W1 = 124,
WC_LMS_PARM_SHAKE192_L1_H10_W2 = 125,
WC_LMS_PARM_SHAKE192_L1_H10_W4 = 126,
WC_LMS_PARM_SHAKE192_L1_H10_W8 = 127,
WC_LMS_PARM_SHAKE192_L1_H15_W1 = 128,
WC_LMS_PARM_SHAKE192_L1_H15_W2 = 129,
WC_LMS_PARM_SHAKE192_L1_H15_W4 = 130,
WC_LMS_PARM_SHAKE192_L1_H15_W8 = 131,
WC_LMS_PARM_SHAKE192_L1_H20_W1 = 132,
WC_LMS_PARM_SHAKE192_L1_H20_W2 = 133,
WC_LMS_PARM_SHAKE192_L1_H20_W4 = 134,
WC_LMS_PARM_SHAKE192_L1_H20_W8 = 135,
WC_LMS_PARM_SHAKE192_L1_H25_W1 = 136,
WC_LMS_PARM_SHAKE192_L1_H25_W2 = 137,
WC_LMS_PARM_SHAKE192_L1_H25_W4 = 138,
WC_LMS_PARM_SHAKE192_L1_H25_W8 = 139,
#endif
};
/* enum wc_LmsState is to help track the state of an LMS/HSS Key. */
enum wc_LmsState {
WC_LMS_STATE_FREED, /* Key has been freed from memory. */
WC_LMS_STATE_INITED, /* Key has been inited, ready to set params.*/
WC_LMS_STATE_PARMSET, /* Params are set, ready to MakeKey or Reload. */
WC_LMS_STATE_OK, /* Able to sign signatures and verify. */
WC_LMS_STATE_VERIFYONLY, /* A public only LmsKey. */
WC_LMS_STATE_BAD, /* Can't guarantee key's state. */
WC_LMS_STATE_NOSIGS /* Signatures exhausted. */
};
#ifdef WOLFSSL_LMS_MAX_LEVELS
/* Maximum number of levels of trees supported by implementation. */
#define LMS_MAX_LEVELS WOLFSSL_LMS_MAX_LEVELS
@@ -546,7 +736,7 @@ typedef struct HssPrivKey {
#endif
} HssPrivKey;
struct LmsKey {
typedef struct LmsKey {
/* Public key. */
ALIGN16 byte pub[HSS_PUBLIC_KEY_LEN(LMS_MAX_NODE_LEN)];
#ifndef WOLFSSL_LMS_VERIFY_ONLY
@@ -575,7 +765,48 @@ struct LmsKey {
/* Device Identifier. */
int devId;
#endif
};
} LmsKey;
#ifdef __cplusplus
extern "C" {
#endif
WOLFSSL_API int wc_LmsKey_Init(LmsKey * key, void * heap, int devId);
WOLFSSL_API int wc_LmsKey_SetLmsParm(LmsKey * key, enum wc_LmsParm lmsParm);
WOLFSSL_API int wc_LmsKey_SetParameters(LmsKey * key, int levels,
int height, int winternitz);
WOLFSSL_API int wc_LmsKey_GetParameters(const LmsKey * key, int * levels,
int * height, int * winternitz);
#ifndef WOLFSSL_LMS_VERIFY_ONLY
WOLFSSL_API int wc_LmsKey_SetWriteCb(LmsKey * key,
wc_lms_write_private_key_cb write_cb);
WOLFSSL_API int wc_LmsKey_SetReadCb(LmsKey * key,
wc_lms_read_private_key_cb read_cb);
WOLFSSL_API int wc_LmsKey_SetContext(LmsKey * key, void * context);
WOLFSSL_API int wc_LmsKey_MakeKey(LmsKey * key, WC_RNG * rng);
WOLFSSL_API int wc_LmsKey_Reload(LmsKey * key);
WOLFSSL_API int wc_LmsKey_GetPrivLen(const LmsKey * key, word32 * len);
WOLFSSL_API int wc_LmsKey_Sign(LmsKey * key, byte * sig, word32 * sigSz,
const byte * msg, int msgSz);
WOLFSSL_API int wc_LmsKey_SigsLeft(LmsKey * key);
#endif /* ifndef WOLFSSL_LMS_VERIFY_ONLY */
WOLFSSL_API void wc_LmsKey_Free(LmsKey * key);
WOLFSSL_API int wc_LmsKey_GetSigLen(const LmsKey * key, word32 * len);
WOLFSSL_API int wc_LmsKey_GetPubLen(const LmsKey * key, word32 * len);
WOLFSSL_API int wc_LmsKey_ExportPub(LmsKey * keyDst, const LmsKey * keySrc);
WOLFSSL_API int wc_LmsKey_ExportPubRaw(const LmsKey * key, byte * out,
word32 * outLen);
WOLFSSL_API int wc_LmsKey_ImportPubRaw(LmsKey * key, const byte * in,
word32 inLen);
WOLFSSL_API int wc_LmsKey_Verify(LmsKey * key, const byte * sig, word32 sigSz,
const byte * msg, int msgSz);
WOLFSSL_API const char * wc_LmsKey_ParmToStr(enum wc_LmsParm lmsParm);
WOLFSSL_API const char * wc_LmsKey_RcToStr(enum wc_LmsRc lmsRc);
WOLFSSL_API int wc_LmsKey_GetKid(LmsKey * key, const byte ** kid,
word32* kidSz);
WOLFSSL_API const byte * wc_LmsKey_GetKidFromPrivRaw(const byte * priv,
word32 privSz);
int wc_hss_make_key(LmsState* state, WC_RNG* rng, byte* priv_raw,
HssPrivKey* priv_key, byte* priv_data, byte* pub);
@@ -588,6 +819,10 @@ WOLFSSL_API
int wc_hss_verify(LmsState* state, const byte* pub, const byte* msg,
word32 msgSz, const byte* sig, word32 sigSz);
#endif /* WOLFSSL_HAVE_LMS && WOLFSSL_WC_LMS */
#ifdef __cplusplus
} /* extern "C" */
#endif
#endif /* WOLFSSL_HAVE_LMS */
#endif /* WC_LMS_H */
+164 -7
View File
@@ -19,6 +19,10 @@
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/*!
\file wolfssl/wolfcrypt/wc_xmss.h
*/
/* Based on:
* o RFC 8391 - XMSS: eXtended Merkle Signature Scheme
* o [HDSS] "Hash-based Digital Signature Schemes", Buchmann, Dahmen and Szydlo
@@ -28,22 +32,150 @@
#ifndef WC_XMSS_H
#define WC_XMSS_H
#include <wolfssl/wolfcrypt/types.h>
#ifdef WOLFSSL_HAVE_XMSS
#include <wolfssl/wolfcrypt/xmss.h>
#include <wolfssl/wolfcrypt/random.h>
#include <wolfssl/wolfcrypt/sha256.h>
#include <wolfssl/wolfcrypt/sha512.h>
#include <wolfssl/wolfcrypt/sha3.h>
/* When raw hash access APIs are disabled or unavailable (WOLFSSL_NO_HASH_RAW),
* fall back to using the full hash API calls. */
#if defined(WOLFSSL_NO_HASH_RAW) && !defined(WC_XMSS_FULL_HASH)
#define WC_XMSS_FULL_HASH
#endif
#if !defined(WOLFSSL_WC_XMSS)
#error "This code is incompatible with external implementation of XMSS."
/* Note on XMSS/XMSS^MT pub/priv key sizes:
* - The XMSS/XMSS^MT pub key has a defined format and size.
* - The XMSS/XMSS^MT private key is implementation and parameter
* specific. It does not have a standardized format or size.
*
* The XMSS/XMSS^MT public and secret key format and length is:
* PK = OID || root || SEED;
* PK_len = 4 + 2 * n
*
* SK = OID || (implementation defined)
* SK_len = 4 + (implementation defined)
*
* where n is the number of bytes in the hash function, which is 32
* in this SHA256 implementation.
*
* However the private key is implementation specific. For example,
* in xmss-reference the private key size varies from 137 bytes to
* 1377 bytes between slow and fast implementations with param name
* "XMSSMT-SHA2_20/2_256".
*
* References:
* - RFC 8391
* - Table 2 of Kampanakis, Fluhrer, IACR, 2017.
* */
#define XMSS_SHA256_PUBLEN (68)
/* Supported XMSS/XMSS^MT parameter set names:
* We are supporting all SHA256 parameter sets with n=32 and
* Winternitz=16, from RFC 8391 and NIST SP 800-208.
*
* ----------------------------------------------------------
* | Name OID n w len h d |
* XMSS: | "XMSS-SHA2_10_256" 0x00000001 32 16 67 10 1 |
* | "XMSS-SHA2_16_256" 0x00000002 32 16 67 16 1 |
* | "XMSS-SHA2_20_256" 0x00000003 32 16 67 20 1 |
* | |
* XMSSMT: | "XMSSMT-SHA2_20/2_256" 0x00000001 32 16 67 20 2 |
* | "XMSSMT-SHA2_20/4_256" 0x00000002 32 16 67 20 4 |
* | "XMSSMT-SHA2_40/2_256" 0x00000003 32 16 67 40 2 |
* | "XMSSMT-SHA2_40/4_256" 0x00000004 32 16 67 40 4 |
* | "XMSSMT-SHA2_40/8_256" 0x00000005 32 16 67 40 8 |
* | "XMSSMT-SHA2_60/3_256" 0x00000006 32 16 67 60 3 |
* | "XMSSMT-SHA2_60/6_256" 0x00000007 32 16 67 60 6 |
* | "XMSSMT-SHA2_60/12_256" 0x00000008 32 16 67 60 12 |
* ----------------------------------------------------------
*
* Note that some XMSS and XMSSMT names do have overlapping OIDs.
*
* References:
* 1. NIST SP 800-208
* 2. RFC 8391
* */
#define XMSS_NAME_LEN (16) /* strlen("XMSS-SHA2_10_256") */
#define XMSSMT_NAME_MIN_LEN (20) /* strlen("XMSSMT-SHA2_20/2_256") */
#define XMSSMT_NAME_MAX_LEN (21) /* strlen("XMSSMT-SHA2_60/12_256") */
#if defined(HAVE_FIPS)
#undef WOLFSSL_WC_XMSS_NO_SHA512
#define WOLFSSL_WC_XMSS_NO_SHA512
#undef WOLFSSL_WC_XMSS_NO_SHAKE128
#define WOLFSSL_WC_XMSS_NO_SHAKE128
#undef WOLFSSL_WC_XMSS_MAX_HASH_SIZE
#define WOLFSSL_WC_XMSS_MIN_HASH_SIZE 192
#define WOLFSSL_WC_XMSS_MAX_HASH_SIZE 256
#endif
#if !defined(NO_SHA256) && !defined(WOLFSSL_WC_XMSS_NO_SHA256)
#define WC_XMSS_SHA256
#endif
#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_WC_XMSS_NO_SHA512)
#define WC_XMSS_SHA512
#endif
#if defined(WOLFSSL_SHAKE128) && !defined(WOLFSSL_WC_XMSS_NO_SHAKE128)
#define WC_XMSS_SHAKE128
#endif
#if defined(WOLFSSL_SHAKE256) && !defined(WOLFSSL_WC_XMSS_NO_SHAKE256)
#define WC_XMSS_SHAKE256
#endif
#ifndef WOLFSSL_WC_XMSS_MIN_HASH_SIZE
#define WOLFSSL_WC_XMSS_MIN_HASH_SIZE 192
#endif
#ifndef WOLFSSL_WC_XMSS_MAX_HASH_SIZE
#define WOLFSSL_WC_XMSS_MAX_HASH_SIZE 512
#endif
#if WOLFSSL_WC_XMSS_MIN_HASH_SIZE > WOLFSSL_WC_XMSS_MAX_HASH_SIZE
#error "XMSS minimum hash size is greater than maximum hash size"
#endif
#ifndef WOLFSSL_XMSS_MIN_HEIGHT
#define WOLFSSL_XMSS_MIN_HEIGHT 10
#endif
#ifndef WOLFSSL_XMSS_MAX_HEIGHT
#define WOLFSSL_XMSS_MAX_HEIGHT 60
#endif
#if WOLFSSL_XMSS_MIN_HEIGHT > WOLFSSL_XMSS_MAX_HEIGHT
#error "XMSS minimum height is greater than maximum height"
#endif
/* Return codes returned by private key callbacks. */
enum wc_XmssRc {
WC_XMSS_RC_NONE,
WC_XMSS_RC_BAD_ARG, /* Bad arg in read or write callback. */
WC_XMSS_RC_WRITE_FAIL, /* Write or update private key failed. */
WC_XMSS_RC_READ_FAIL, /* Read private key failed. */
WC_XMSS_RC_SAVED_TO_NV_MEMORY, /* Wrote private key to nonvolatile storage. */
WC_XMSS_RC_READ_TO_MEMORY /* Read private key from storage. */
};
/* enum wc_XmssState is to help track the state of an XMSS Key. */
enum wc_XmssState {
WC_XMSS_STATE_FREED, /* Key has been freed from memory. */
WC_XMSS_STATE_INITED, /* Key has been inited, ready to set params.*/
WC_XMSS_STATE_PARMSET, /* Params are set, ready to MakeKey or Reload. */
WC_XMSS_STATE_OK, /* Able to sign signatures and verify. */
WC_XMSS_STATE_VERIFYONLY, /* A public only XmssKey. */
WC_XMSS_STATE_BAD, /* Can't guarantee key's state. */
WC_XMSS_STATE_NOSIGS /* Signatures exhausted. */
};
/* Private key write and read callbacks. */
typedef enum wc_XmssRc (*wc_xmss_write_private_key_cb)(const byte* priv, word32 privSz,
void* context);
typedef enum wc_XmssRc (*wc_xmss_read_private_key_cb)(byte* priv, word32 privSz,
void* context);
#if (defined(WC_XMSS_SHA512) || defined(WC_XMSS_SHAKE256)) && \
(WOLFSSL_WC_XMSS_MAX_HASH_SIZE >= 512)
#define WC_XMSS_MAX_N 64
@@ -205,7 +337,7 @@ typedef struct XmssParams {
word8 bds_k;
} XmssParams;
struct XmssKey {
typedef struct XmssKey {
/* Public key. */
unsigned char pk[2 * WC_XMSS_MAX_N];
/* OID that identifies parameters. */
@@ -228,7 +360,7 @@ struct XmssKey {
#endif /* ifndef WOLFSSL_XMSS_VERIFY_ONLY */
/* State of key. */
enum wc_XmssState state;
};
} XmssKey;
typedef struct XmssState {
const XmssParams* params;
@@ -267,6 +399,32 @@ typedef struct XmssState {
extern "C" {
#endif
WOLFSSL_API int wc_XmssKey_Init(XmssKey* key, void* heap, int devId);
WOLFSSL_API int wc_XmssKey_SetParamStr(XmssKey* key, const char* str);
#ifndef WOLFSSL_XMSS_VERIFY_ONLY
WOLFSSL_API int wc_XmssKey_SetWriteCb(XmssKey* key,
wc_xmss_write_private_key_cb write_cb);
WOLFSSL_API int wc_XmssKey_SetReadCb(XmssKey* key,
wc_xmss_read_private_key_cb read_cb);
WOLFSSL_API int wc_XmssKey_SetContext(XmssKey* key, void* context);
WOLFSSL_API int wc_XmssKey_MakeKey(XmssKey* key, WC_RNG* rng);
WOLFSSL_API int wc_XmssKey_Reload(XmssKey* key);
WOLFSSL_API int wc_XmssKey_GetPrivLen(const XmssKey* key, word32* len);
WOLFSSL_API int wc_XmssKey_Sign(XmssKey* key, byte* sig, word32* sigSz,
const byte* msg, int msgSz);
WOLFSSL_API int wc_XmssKey_SigsLeft(XmssKey* key);
#endif /* ifndef WOLFSSL_XMSS_VERIFY_ONLY */
WOLFSSL_API void wc_XmssKey_Free(XmssKey* key);
WOLFSSL_API int wc_XmssKey_GetSigLen(const XmssKey* key, word32* len);
WOLFSSL_API int wc_XmssKey_GetPubLen(const XmssKey* key, word32* len);
WOLFSSL_API int wc_XmssKey_ExportPub(XmssKey* keyDst, const XmssKey* keySrc);
WOLFSSL_API int wc_XmssKey_ExportPubRaw(const XmssKey* key, byte* out,
word32* outLen);
WOLFSSL_API int wc_XmssKey_ImportPubRaw(XmssKey* key, const byte* in,
word32 inLen);
WOLFSSL_API int wc_XmssKey_Verify(XmssKey* key, const byte* sig, word32 sigSz,
const byte* msg, int msgSz);
WOLFSSL_LOCAL int wc_xmssmt_keygen(XmssState *state, const unsigned char* seed,
unsigned char *sk, unsigned char *pk);
WOLFSSL_LOCAL int wc_xmss_keygen(XmssState *state, const unsigned char* seed,
@@ -283,9 +441,8 @@ WOLFSSL_LOCAL int wc_xmssmt_verify(XmssState *state, const unsigned char *m,
word32 mlen, const unsigned char *sm, const unsigned char *pk);
#ifdef __cplusplus
} /* extern "C" */
} /* extern "C" */
#endif
#endif /* WOLFSSL_HAVE_XMSS */
#endif /* WC_XMSS_H */
-203
View File
@@ -1,203 +0,0 @@
/* xmss.h
*
* Copyright (C) 2006-2026 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/*!
\file wolfssl/wolfcrypt/xmss.h
*/
#ifndef WOLF_CRYPT_XMSS_H
#define WOLF_CRYPT_XMSS_H
#include <wolfssl/wolfcrypt/types.h>
#include <wolfssl/wolfcrypt/random.h>
#ifdef WOLFSSL_HAVE_XMSS
/* Note on XMSS/XMSS^MT pub/priv key sizes:
* - The XMSS/XMSS^MT pub key has a defined format and size.
* - The XMSS/XMSS^MT private key is implementation and parameter
* specific. It does not have a standardized format or size.
*
* The XMSS/XMSS^MT public and secret key format and length is:
* PK = OID || root || SEED;
* PK_len = 4 + 2 * n
*
* SK = OID || (implementation defined)
* SK_len = 4 + (implementation defined)
*
* where n is the number of bytes in the hash function, which is 32
* in this SHA256 implementation.
*
* However the private key is implementation specific. For example,
* in xmss-reference the private key size varies from 137 bytes to
* 1377 bytes between slow and fast implementations with param name
* "XMSSMT-SHA2_20/2_256".
*
* References:
* - RFC 8391
* - Table 2 of Kampanakis, Fluhrer, IACR, 2017.
* */
#define XMSS_SHA256_PUBLEN (68)
/* Supported XMSS/XMSS^MT parameter set names:
* We are supporting all SHA256 parameter sets with n=32 and
* Winternitz=16, from RFC 8391 and NIST SP 800-208.
*
* ----------------------------------------------------------
* | Name OID n w len h d |
* XMSS: | "XMSS-SHA2_10_256" 0x00000001 32 16 67 10 1 |
* | "XMSS-SHA2_16_256" 0x00000002 32 16 67 16 1 |
* | "XMSS-SHA2_20_256" 0x00000003 32 16 67 20 1 |
* | |
* XMSSMT: | "XMSSMT-SHA2_20/2_256" 0x00000001 32 16 67 20 2 |
* | "XMSSMT-SHA2_20/4_256" 0x00000002 32 16 67 20 4 |
* | "XMSSMT-SHA2_40/2_256" 0x00000003 32 16 67 40 2 |
* | "XMSSMT-SHA2_40/4_256" 0x00000004 32 16 67 40 4 |
* | "XMSSMT-SHA2_40/8_256" 0x00000005 32 16 67 40 8 |
* | "XMSSMT-SHA2_60/3_256" 0x00000006 32 16 67 60 3 |
* | "XMSSMT-SHA2_60/6_256" 0x00000007 32 16 67 60 6 |
* | "XMSSMT-SHA2_60/12_256" 0x00000008 32 16 67 60 12 |
* ----------------------------------------------------------
*
* Note that some XMSS and XMSSMT names do have overlapping OIDs.
*
* References:
* 1. NIST SP 800-208
* 2. RFC 8391
* */
#define XMSS_NAME_LEN (16) /* strlen("XMSS-SHA2_10_256") */
#define XMSSMT_NAME_MIN_LEN (20) /* strlen("XMSSMT-SHA2_20/2_256") */
#define XMSSMT_NAME_MAX_LEN (21) /* strlen("XMSSMT-SHA2_60/12_256") */
#if defined(HAVE_FIPS) || defined(HAVE_LIBXMSS)
#undef WOLFSSL_WC_XMSS_NO_SHA512
#define WOLFSSL_WC_XMSS_NO_SHA512
#undef WOLFSSL_WC_XMSS_NO_SHAKE128
#define WOLFSSL_WC_XMSS_NO_SHAKE128
#undef WOLFSSL_WC_XMSS_MAX_HASH_SIZE
#ifdef HAVE_LIBXMSS
#define WOLFSSL_WC_XMSS_MIN_HASH_SIZE 256
#else
#define WOLFSSL_WC_XMSS_MIN_HASH_SIZE 192
#endif
#define WOLFSSL_WC_XMSS_MAX_HASH_SIZE 256
#endif
#if !defined(NO_SHA256) && !defined(WOLFSSL_WC_XMSS_NO_SHA256)
#define WC_XMSS_SHA256
#endif
#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_WC_XMSS_NO_SHA512)
#define WC_XMSS_SHA512
#endif
#if defined(WOLFSSL_SHAKE128) && !defined(WOLFSSL_WC_XMSS_NO_SHAKE128)
#define WC_XMSS_SHAKE128
#endif
#if defined(WOLFSSL_SHAKE256) && !defined(WOLFSSL_WC_XMSS_NO_SHAKE256)
#define WC_XMSS_SHAKE256
#endif
#ifndef WOLFSSL_WC_XMSS_MIN_HASH_SIZE
#define WOLFSSL_WC_XMSS_MIN_HASH_SIZE 192
#endif
#ifndef WOLFSSL_WC_XMSS_MAX_HASH_SIZE
#define WOLFSSL_WC_XMSS_MAX_HASH_SIZE 512
#endif
#if WOLFSSL_WC_XMSS_MIN_HASH_SIZE > WOLFSSL_WC_XMSS_MAX_HASH_SIZE
#error "XMSS minimum hash size is greater than maximum hash size"
#endif
#ifndef WOLFSSL_XMSS_MIN_HEIGHT
#define WOLFSSL_XMSS_MIN_HEIGHT 10
#endif
#ifndef WOLFSSL_XMSS_MAX_HEIGHT
#define WOLFSSL_XMSS_MAX_HEIGHT 60
#endif
#if WOLFSSL_XMSS_MIN_HEIGHT > WOLFSSL_XMSS_MAX_HEIGHT
#error "XMSS minimum height is greater than maximum height"
#endif
typedef struct XmssKey XmssKey;
/* Return codes returned by private key callbacks. */
enum wc_XmssRc {
WC_XMSS_RC_NONE,
WC_XMSS_RC_BAD_ARG, /* Bad arg in read or write callback. */
WC_XMSS_RC_WRITE_FAIL, /* Write or update private key failed. */
WC_XMSS_RC_READ_FAIL, /* Read private key failed. */
WC_XMSS_RC_SAVED_TO_NV_MEMORY, /* Wrote private key to nonvolatile storage. */
WC_XMSS_RC_READ_TO_MEMORY /* Read private key from storage. */
};
/* enum wc_XmssState is to help track the state of an XMSS Key. */
enum wc_XmssState {
WC_XMSS_STATE_FREED, /* Key has been freed from memory. */
WC_XMSS_STATE_INITED, /* Key has been inited, ready to set params.*/
WC_XMSS_STATE_PARMSET, /* Params are set, ready to MakeKey or Reload. */
WC_XMSS_STATE_OK, /* Able to sign signatures and verify. */
WC_XMSS_STATE_VERIFYONLY, /* A public only XmssKey. */
WC_XMSS_STATE_BAD, /* Can't guarantee key's state. */
WC_XMSS_STATE_NOSIGS /* Signatures exhausted. */
};
/* Private key write and read callbacks. */
typedef enum wc_XmssRc (*wc_xmss_write_private_key_cb)(const byte* priv, word32 privSz,
void* context);
typedef enum wc_XmssRc (*wc_xmss_read_private_key_cb)(byte* priv, word32 privSz,
void* context);
#ifdef __cplusplus
extern "C" {
#endif
WOLFSSL_API int wc_XmssKey_Init(XmssKey* key, void* heap, int devId);
WOLFSSL_API int wc_XmssKey_SetParamStr(XmssKey* key, const char* str);
#ifndef WOLFSSL_XMSS_VERIFY_ONLY
WOLFSSL_API int wc_XmssKey_SetWriteCb(XmssKey* key,
wc_xmss_write_private_key_cb write_cb);
WOLFSSL_API int wc_XmssKey_SetReadCb(XmssKey* key,
wc_xmss_read_private_key_cb read_cb);
WOLFSSL_API int wc_XmssKey_SetContext(XmssKey* key, void* context);
WOLFSSL_API int wc_XmssKey_MakeKey(XmssKey* key, WC_RNG* rng);
WOLFSSL_API int wc_XmssKey_Reload(XmssKey* key);
WOLFSSL_API int wc_XmssKey_GetPrivLen(const XmssKey* key, word32* len);
WOLFSSL_API int wc_XmssKey_Sign(XmssKey* key, byte* sig, word32* sigSz,
const byte* msg, int msgSz);
WOLFSSL_API int wc_XmssKey_SigsLeft(XmssKey* key);
#endif /* ifndef WOLFSSL_XMSS_VERIFY_ONLY */
WOLFSSL_API void wc_XmssKey_Free(XmssKey* key);
WOLFSSL_API int wc_XmssKey_GetSigLen(const XmssKey* key, word32* len);
WOLFSSL_API int wc_XmssKey_GetPubLen(const XmssKey* key, word32* len);
WOLFSSL_API int wc_XmssKey_ExportPub(XmssKey* keyDst, const XmssKey* keySrc);
WOLFSSL_API int wc_XmssKey_ExportPubRaw(const XmssKey* key, byte* out,
word32* outLen);
WOLFSSL_API int wc_XmssKey_ImportPubRaw(XmssKey* key, const byte* in,
word32 inLen);
WOLFSSL_API int wc_XmssKey_Verify(XmssKey* key, const byte* sig, word32 sigSz,
const byte* msg, int msgSz);
#ifdef __cplusplus
} /* extern "C" */
#endif
#endif /* WOLFSSL_HAVE_XMSS */
#endif /* WOLF_CRYPT_XMSS_H */