Commit Graph

85 Commits

Author SHA1 Message Date
Tobias Frauenschläger 9393d62591 Replace liboqs SPHINCS+ with SLH-DSA in certificate layer
Replace the liboqs-based pre-standardization SPHINCS+ implementation
with the native FIPS 205 SLH-DSA implementation across the
certificate / ASN.1 / X.509 layers, and add SLH-DSA-rooted test
certificates plus TLS 1.3 .conf scenarios that exercise the new
verification path. All liboqs SPHINCS+ code is removed.

This enables SLH-DSA for certificate chain authentication: CA
certificates signed with SLH-DSA, certificate signature verification
against an SLH-DSA root. TLS 1.3 entity authentication via
CertificateVerify with SLH-DSA will be added in a follow-up PR.

Follows RFC 9909 (X.509 Algorithm Identifiers for SLH-DSA) and
NIST FIPS 205. Supports both SHAKE and SHA-2 parameter families
across all twelve standardized variants.

DER codec:
- New PrivateKeyDecode, PublicKeyDecode, KeyToDer, PrivateKeyToDer,
  PublicKeyToDer with RFC 9909 encoding (bare OCTET STRING containing
  4*n raw bytes = SK.seed || SK.prf || PK.seed || PK.root, no nested
  wrapper). OID auto-detection across all twelve SHAKE / SHA-2 variants.
- PublicKeyDecode raw-bytes fast path mirrors wc_Falcon_PublicKeyDecode
  and wc_Dilithium_PublicKeyDecode so callers (notably
  wolfssl_x509_make_der and ConfirmSignature, which pass the raw
  BIT STRING contents stashed by StoreKey) decode correctly. Honours
  the caller's *inOutIdx start offset.
- Error paths in Private/PublicKeyDecode preserve params/flags/
  inOutIdx and only ForceZero the buffer half each helper actually
  writes; skip the wipe entirely on BAD_LENGTH_E (no bytes touched).
- ImportPublic uses |= on flags so a Private-then-Public import
  sequence retains FLAG_PRIVATE.

OID dispatch:
- 12 standardized NIST OIDs (6 SHAKE + 6 SHA-2) per RFC 9909. The
  pre-standardization OID-collision mechanism is removed since NIST
  OIDs do not collide.
- wc_SlhDsaOidToParam / wc_SlhDsaOidToCertType return NOT_COMPILED_IN
  (rather than -1) for recognised SLH-DSA OIDs whose parameter set
  isn't built; wc_IsSlhDsaOid recognises both. The x509 dispatch
  surfaces this as a precise diagnostic instead of the generic
  "No public key found".
- wc_GetKeyOID picks a placeholder parameter from whatever variant is
  compiled in and #errors at compile time if none is.
- asn_orig.c EncodeCert / EncodeCertReq accept SHA-2 SLH-DSA keyTypes
  alongside SHAKE.

Tests and fixtures:
- Test cert chain in certs/slhdsa/: SLH-DSA-SHAKE-128s and
  SLH-DSA-SHA2-128s self-signed roots that sign reused ML-DSA-44
  entity keys (server + client), plus the gen script
  (gen-slhdsa-mldsa-certs.sh, OpenSSL >= 3.5).
- New TLS 1.3 .conf scenarios under tests/suites.c dispatch:
  test-tls13-slhdsa-shake.conf, test-tls13-slhdsa-sha2.conf, and a
  wrong-CA negative test test-tls13-slhdsa-fail.conf.
- DER round-trip and on-disk decode tests; bench_slhdsa_*_key.der
  fixtures regenerated with wolfSSL's own encoder so the codec is
  pinned to RFC 9909.
- New unit test test_wc_slhdsa_x509_i2d_roundtrip exercises the raw
  PublicKeyDecode entry point that wolfssl_x509_make_der relies on.
- test_wc_slhdsa_check_key now tests both Public-then-Private and
  Private-then-Public import orderings.

Build / ABI:
- DYNAMIC_TYPE_SPHINCS = 98 kept as RESERVED with a tombstone comment
  for ABI stability; new code should use DYNAMIC_TYPE_SLHDSA (107).
- All build system / IDE project files updated; SPHINCS+ sources,
  headers, and test data removed.
- Dead bench_slhdsa_*_key arrays removed from gencertbuf.pl and
  certs_test.h; the .der files on disk drive the decode tests.
2026-04-30 18:32:07 +02:00
S-P Chan 0dbb6d28ef Update RPM spec for changes in examples and cmake
- copy wolfssl/options to -devel package
2026-04-21 13:45:47 +08:00
JacobBarthelmeh 629c5b4cf6 updating license from GPLv2 to GPLv3 2025-07-10 16:11:36 -06:00
David Garske 86f9171050 Remove obsolete mkdir call. 2023-12-20 14:52:08 -08:00
David Garske 573093ddf3 Move the .so to devel files. The pure *.so file is considered a dev file. 2023-12-12 08:15:05 -08:00
Andras Fekete 07e2f90fbb Reorder and add async_* sources 2023-09-11 14:48:17 -04:00
Juliusz Sosinowicz 7a12202675 Init deb packaging
- rpm: Simplify script and list wolfSSL as packager
- add packaging github action
2023-08-23 22:01:12 +02:00
Andras Fekete 2b2509c56c Drop code support 2023-07-31 15:36:38 -04:00
Dimitri Papadopoulos 50752f5a2b Fix typos found by codespell 2023-07-04 07:21:27 +02:00
Tesfa Mael bfcc615e44 Fix rpm build 2023-02-21 15:02:10 -08:00
Chris Conlon 9a7ff8773b add --with-libsuffix support, append suffix to library artifact name 2022-12-21 13:31:07 -07:00
Juliusz Sosinowicz 3ddc766b38 rpmbuild: update with fixes
- Pass in the build configuration to the output rpm package
- Compiler test fails in %configure step in %prep due to missing linker script (injected by rpmbuild). Moving to %build section.
- .la files not wanted in rpm package and delete .la file after install step
- Compiler test fails due to missing linker script (injected by rpmbuild)
https://fedoraproject.org/wiki/Changes/RemoveLaFiles#Upgrade.2Fcompatibility_impact
- Conditional include sp_int.h
- FIPS header and hash update
2022-10-21 14:22:08 +02:00
Jacob Barthelmeh eb5076bb89 update changelog for release 5.5.1 2022-09-27 13:40:00 -06:00
Anthony Hu 10ce703d71 Add sphincs to wolfCrypt.
Note that we will not support sphincs in TLS so nothing above wolfcrypt changes.
2022-09-02 11:53:55 -04:00
JacobBarthelmeh 4ce1cf1d7c update RPM build 2022-08-30 08:50:41 -07:00
Anthony Hu 82a900b438 Initial commit to add Dilithium NIST PQC winner.
Also:

* added HAVE_FALCON guards as needed.
* corrected minor falcon bugs as I found them.
* handling OID sum collision between DILITHIUM_LEVEL5 and DILITHIUM_AES_LEVEL3

Tested with the following commands:

examples/server/server -v 4 -l TLS_AES_256_GCM_SHA384 \
    -c ~/tmp/dilithium_aes_level5_entity_cert.pem \
    -k ~/tmp/dilithium_aes_level5_entity_key.pem \
    -A ~/tmp/dilithium_aes_level5_root_cert.pem --pqc P521_KYBER_LEVEL5

examples/client/client -v 4 -l TLS_AES_256_GCM_SHA384 \
    -c ~/tmp/dilithium_aes_level5_entity_cert.pem \
    -k ~/tmp/dilithium_aes_level5_entity_key.pem \
    -A ~/tmp/dilithium_aes_level5_root_cert.pem --pqc P521_KYBER_LEVEL5

with permutations of SHAKE,AES variants and levels 2,3,5
2022-08-11 11:38:31 -04:00
Stefan Eissing 4431438fb2 add QUIC support. 2022-08-08 13:24:00 +02:00
JacobBarthelmeh 86662bca2f update library version to 5.4.0 2022-07-08 16:04:26 -07:00
JacobBarthelmeh 6f5be32d3a update rpm spec 2022-05-02 17:08:38 -06:00
John Safranek bb8af1cac5 Prepare for release 5.2.0
1. Update versions as appropriate.
2. Modify FreeAtomicUser() to only free the Aes data in the callback
   contexts if the contexts exist.
2022-02-18 13:55:22 -08:00
Anthony Hu 9ea40f3a9c Purge IDEA cipher 2022-01-31 15:29:25 -05:00
Anthony Hu b957a6e872 Purge Rabbit cipher 2022-01-28 13:13:53 -05:00
Anthony Hu c2860cb311 Get rid of HC-128 2022-01-17 18:11:54 -05:00
Jacob Barthelmeh 7dd50a1beb bump version for dev and update year in readme 2022-01-03 16:02:10 -07:00
JacobBarthelmeh 0f9550d80a increase version for rpm build 2021-12-28 15:35:14 -08:00
JacobBarthelmeh d1b03eb8b9 add missing header files for rpm build 2021-12-27 09:49:47 -08:00
Jacob Barthelmeh 816718ecd3 prepare for release 5.1.0 2021-12-27 10:34:09 -07:00
Jacob Barthelmeh 7c3d1c7fbc update rpm spec 2021-11-01 12:24:53 -06:00
John Safranek 2de6b3b2bd Move the KDF functions into their own source file. 2021-10-26 20:24:25 -05:00
JacobBarthelmeh 500a6c8b27 prepare for release 4.8.0 2021-07-08 12:02:40 -06:00
Jacob Barthelmeh 847938f4d6 prepare for release v4.7.0 2021-02-16 02:41:37 +07:00
Jacob Barthelmeh 47c186df34 prepare for release 4.6.0 2020-12-22 02:33:58 +07:00
John Safranek c1090cff3f update rpm-spec.in 2020-08-17 14:42:20 -07:00
John Safranek 087675e31e Update the RPM build spec. 2020-04-21 10:21:59 -07:00
Jacob Barthelmeh 5675a2b3c5 prepare for release v4.3.0 2019-12-20 08:43:34 -07:00
Jacob Barthelmeh 1cbc2536cc prepare for release version 4.2.0 2019-10-21 16:32:41 -06:00
Jacob Barthelmeh 77fda069a8 prepare for release version 4.1.0 2019-07-23 09:27:39 -06:00
John Safranek ba8b104d7b Updates for v4.0.0
Update the RPM spec.in file.
2019-03-15 14:03:45 -07:00
David Garske ee45cfdbcb Refactor and rename of cryptodev to cryptocb. Refactor API names from wc_CryptoDev to use wc_CryptoCb. Backwards compatibility is retained for anyone using old WOLF_CRYPTO_DEV name. Added comment about fall-through case when CryptoCb return NOT_COMPILED_IN. 2019-01-17 11:01:14 -08:00
Jacob Barthelmeh b6d61f2987 prepare for release 3.15.7 2018-12-23 22:18:48 -07:00
Jacob Barthelmeh cd37e3967c prepare for release 3.15.5 2018-11-07 16:08:29 -07:00
John Safranek d13dfa309e RPM Fixes
1. Fixed a few parsing checks in the dates in the RPM changelog.
2. Moved some file names between sections in the include.am and spec.in files.
3. Added the match-start-of-line to the regex for finding the -D items for the options file.
2018-06-22 11:55:09 -07:00
Jacob Barthelmeh 8fd18e06f7 prepare for release v3.15.3 2018-06-21 12:22:27 -06:00
John Safranek dfca1beff0 Touch the version number on the library filename in the rpm spec. 2018-05-31 10:20:18 -07:00
Jacob Barthelmeh 922d65d97c bump version to 3.14.0 2018-03-02 12:31:41 -07:00
Chris Conlon ad53037852 add CAVP selftest option for special build 2018-02-23 10:14:56 -07:00
Chris Conlon 9c74c4d69b update library version for 3.13.0 in rpm/spec.in 2017-12-21 10:09:29 -07:00
David Garske 911b6f95f8 Release v3.12.2 (lib 14.0.0). Updated copywright. 2017-10-22 15:58:35 -07:00
Jacob Barthelmeh 3763b88397 rename the file io.h to wolfio.h 2017-09-20 10:53:11 -06:00
Jacob Barthelmeh b55f981d5b prepare for release v3.12.0 2017-08-04 15:32:27 -06:00