Commit Graph

39 Commits

Author SHA1 Message Date
Chris Conlon fe4473fbea Add ML-DSA SPKI/PKCS#8 DER support to d2i_PUBKEY and d2i_PrivateKey. 2026-05-04 09:24:02 -06:00
Tobias Frauenschläger 9393d62591 Replace liboqs SPHINCS+ with SLH-DSA in certificate layer
Replace the liboqs-based pre-standardization SPHINCS+ implementation
with the native FIPS 205 SLH-DSA implementation across the
certificate / ASN.1 / X.509 layers, and add SLH-DSA-rooted test
certificates plus TLS 1.3 .conf scenarios that exercise the new
verification path. All liboqs SPHINCS+ code is removed.

This enables SLH-DSA for certificate chain authentication: CA
certificates signed with SLH-DSA, certificate signature verification
against an SLH-DSA root. TLS 1.3 entity authentication via
CertificateVerify with SLH-DSA will be added in a follow-up PR.

Follows RFC 9909 (X.509 Algorithm Identifiers for SLH-DSA) and
NIST FIPS 205. Supports both SHAKE and SHA-2 parameter families
across all twelve standardized variants.

DER codec:
- New PrivateKeyDecode, PublicKeyDecode, KeyToDer, PrivateKeyToDer,
  PublicKeyToDer with RFC 9909 encoding (bare OCTET STRING containing
  4*n raw bytes = SK.seed || SK.prf || PK.seed || PK.root, no nested
  wrapper). OID auto-detection across all twelve SHAKE / SHA-2 variants.
- PublicKeyDecode raw-bytes fast path mirrors wc_Falcon_PublicKeyDecode
  and wc_Dilithium_PublicKeyDecode so callers (notably
  wolfssl_x509_make_der and ConfirmSignature, which pass the raw
  BIT STRING contents stashed by StoreKey) decode correctly. Honours
  the caller's *inOutIdx start offset.
- Error paths in Private/PublicKeyDecode preserve params/flags/
  inOutIdx and only ForceZero the buffer half each helper actually
  writes; skip the wipe entirely on BAD_LENGTH_E (no bytes touched).
- ImportPublic uses |= on flags so a Private-then-Public import
  sequence retains FLAG_PRIVATE.

OID dispatch:
- 12 standardized NIST OIDs (6 SHAKE + 6 SHA-2) per RFC 9909. The
  pre-standardization OID-collision mechanism is removed since NIST
  OIDs do not collide.
- wc_SlhDsaOidToParam / wc_SlhDsaOidToCertType return NOT_COMPILED_IN
  (rather than -1) for recognised SLH-DSA OIDs whose parameter set
  isn't built; wc_IsSlhDsaOid recognises both. The x509 dispatch
  surfaces this as a precise diagnostic instead of the generic
  "No public key found".
- wc_GetKeyOID picks a placeholder parameter from whatever variant is
  compiled in and #errors at compile time if none is.
- asn_orig.c EncodeCert / EncodeCertReq accept SHA-2 SLH-DSA keyTypes
  alongside SHAKE.

Tests and fixtures:
- Test cert chain in certs/slhdsa/: SLH-DSA-SHAKE-128s and
  SLH-DSA-SHA2-128s self-signed roots that sign reused ML-DSA-44
  entity keys (server + client), plus the gen script
  (gen-slhdsa-mldsa-certs.sh, OpenSSL >= 3.5).
- New TLS 1.3 .conf scenarios under tests/suites.c dispatch:
  test-tls13-slhdsa-shake.conf, test-tls13-slhdsa-sha2.conf, and a
  wrong-CA negative test test-tls13-slhdsa-fail.conf.
- DER round-trip and on-disk decode tests; bench_slhdsa_*_key.der
  fixtures regenerated with wolfSSL's own encoder so the codec is
  pinned to RFC 9909.
- New unit test test_wc_slhdsa_x509_i2d_roundtrip exercises the raw
  PublicKeyDecode entry point that wolfssl_x509_make_der relies on.
- test_wc_slhdsa_check_key now tests both Public-then-Private and
  Private-then-Public import orderings.

Build / ABI:
- DYNAMIC_TYPE_SPHINCS = 98 kept as RESERVED with a tombstone comment
  for ABI stability; new code should use DYNAMIC_TYPE_SLHDSA (107).
- All build system / IDE project files updated; SPHINCS+ sources,
  headers, and test data removed.
- Dead bench_slhdsa_*_key arrays removed from gencertbuf.pl and
  certs_test.h; the .der files on disk drive the decode tests.
2026-04-30 18:32:07 +02:00
Tobias Frauenschläger 7a2cf5b655 Remove liboqs for ML-KEM and ML-DSA, update for Falcon 2026-04-30 11:03:06 +02:00
Eric Blankenhorn 4d79d1efd9 Improve tests 2026-04-09 16:24:12 -05:00
David Garske 4d3925d526 Add X25519 non-blocking support for key gen and shared secret
## Summary
- Add non-blocking (incremental) Curve25519 key generation and shared secret via `WC_X25519_NONBLOCK`, modeled after the existing ECC non-blocking pattern (`WC_ECC_NONBLOCK`)
- Implement `curve25519_nb()` and `fe_inv__distinct_nb()` in `fe_low_mem.c` as state-machine variants that return `FP_WOULDBLOCK` to yield after each field multiply
- Add `wc_curve25519_set_nonblock()` API to attach/detach non-blocking context to a key
- Integrate X25519 non-blocking with TLS 1.2/1.3 key share generation and shared secret in `tls.c` and `internal.c` (behind `WC_X25519_NONBLOCK && WOLFSSL_ASYNC_CRYPT_SW`)
- Add `--enable-curve25519=nonblock` configure option (auto-enables `--enable-asynccrypt` and `--enable-asynccrypt-sw`)
- Add X25519 async software dispatch cases in `async.c` and types in `async.h`
- Fix async guard in `curve25519.c` to require `WOLFSSL_ASYNC_CRYPT_SW` (matching other algorithms)
- Overhaul `examples/async/` client/server: non-blocking I/O via `WOLFSSL_USER_IO`, standalone `Makefile`, X25519/ECC mode selection, CI-friendly ready-file sync
- Add `examples/configs/user_settings_curve25519nonblock.h` and CI coverage in `os-check.yml` and new `async-examples.yml` workflow
- Add wolfcrypt test and API test coverage for X25519 non-blocking
2026-02-04 21:28:52 -08:00
gojimmypi a4d0a777bc Generate server-sm2-cert.der 2025-09-23 08:32:21 -07:00
gojimmypi f279f9cd71 Change certs_test sizeof const to define for Watcom 2025-08-13 11:58:59 -07:00
JacobBarthelmeh b273bff4e9 regenerate certs_test.h with raw dilithium keys 2024-12-20 11:50:11 -07:00
JacobBarthelmeh 8ca790218c certs_test.h is using raw dilithium keys 2024-12-19 15:23:37 -07:00
JacobBarthelmeh e66905aaf6 fix for gencertbuf script and add dilithium public key 2024-12-19 14:25:12 -07:00
Daniel Pouzzner 1c68da282c portability enhancement: use "#!/usr/bin/env <interpreter>" on all perl scripts and shell scripts that use bash extensions, and use "#!/bin/sh" on the rest. 2024-08-20 13:48:33 -05:00
dell5060 7926ceb120 Updated Key gen to convert the keys located in /certs/statickeys to be used in buffers 2023-06-15 15:33:11 -06:00
Sean Parkinson 69199a30f9 SP math: 2048-bit DH parameters
Add 2048-bit DH parameters for testing when SP math with SP.
2023-03-28 09:24:56 +10:00
Anthony Hu b3e99348cd Purge the AES variant of Dilithium 2022-12-27 14:37:47 -05:00
Anthony Hu 10ce703d71 Add sphincs to wolfCrypt.
Note that we will not support sphincs in TLS so nothing above wolfcrypt changes.
2022-09-02 11:53:55 -04:00
Anthony Hu 82a900b438 Initial commit to add Dilithium NIST PQC winner.
Also:

* added HAVE_FALCON guards as needed.
* corrected minor falcon bugs as I found them.
* handling OID sum collision between DILITHIUM_LEVEL5 and DILITHIUM_AES_LEVEL3

Tested with the following commands:

examples/server/server -v 4 -l TLS_AES_256_GCM_SHA384 \
    -c ~/tmp/dilithium_aes_level5_entity_cert.pem \
    -k ~/tmp/dilithium_aes_level5_entity_key.pem \
    -A ~/tmp/dilithium_aes_level5_root_cert.pem --pqc P521_KYBER_LEVEL5

examples/client/client -v 4 -l TLS_AES_256_GCM_SHA384 \
    -c ~/tmp/dilithium_aes_level5_entity_cert.pem \
    -k ~/tmp/dilithium_aes_level5_entity_key.pem \
    -A ~/tmp/dilithium_aes_level5_root_cert.pem --pqc P521_KYBER_LEVEL5

with permutations of SHAKE,AES variants and levels 2,3,5
2022-08-11 11:38:31 -04:00
Anthony Hu 7d4c13b9a4 --with-liboqs now defines HAVE_LIBOQS and HAVE_PQC
AKA: The Great Rename of December 2021
2021-12-20 11:48:03 -05:00
Anthony Hu 242847760a More appropriate file names. 2021-11-10 17:55:46 -05:00
Anthony Hu 453404a864 Get the falcon keys into wolfssl/certs_test.h 2021-11-10 17:33:24 -05:00
TakayukiMatsuo 491f3bc423 Add two public key files in certs folder and register them to gencertbuf.pl 2021-03-19 14:52:58 +09:00
David Garske b6d6b1db77 Added new DH 4096-bit key to gencertbuf.pl. 2020-04-14 07:11:07 -07:00
David Garske da882f3912 Added wolfCrypt RSA 4096-bit test support using USE_CERT_BUFFERS_4096 build option (./configure CFLAGS="-DUSE_CERT_BUFFERS_4096"). 2020-02-23 18:40:13 -08:00
David Garske 3f1c3392e5 Fixes for build with opensslextra and 3072-bit cert buffers. Adds 3072-bit RSA public key der. Eliminates duplicate 3072-bit client cert/key. 2020-01-29 06:37:06 -08:00
David Garske 4d9dbc9ec3 Adds 3072-bit RSA tests using USE_CERT_BUFFERS_3072. 2020-01-21 22:16:54 -08:00
Sean Parkinson feea036ec9 Fix generation of certs_test.h
Fix formatting of certs_test.h:
- remove trailing spaces
- change leading tab stops to spaces
2019-02-25 09:00:26 +10:00
David Garske f48e2067ae Added new API wolfSSL_CTX_load_verify_chain_buffer_format for loading CA cert chain as DER buffer list including API unit test. Support for device serial number OID. 2018-09-10 08:15:17 -07:00
David Garske ed1c56a4fc Benchmark support for 3072-bit RSA and DH when USE_CERT_BUFFERS_3072 is defined. 2018-06-22 09:30:33 -07:00
David Garske 024c8725ad Testing improvements for cert gen and TLS cert validation:
* Fixes to support certificate generation (`WOLFSSL_CERT_GEN`) without RSA enabled.
* Added new ECC CA for 384-bit tests.
* Created new server cert chain (ECC CA for 256-bit that signs server-ecc.pem)
* Created new `./certs/ecc/genecc.sh` script for generating all ECC CA's, generated server cert req (CSR), signing with CA and the required CRL.
* Moved the wolfCrypt ECC CA / ECC cert gen test into `ecc_test` as `ecc_test_cert_gen`.
* Refactor duplicate code that saves DER to disk, converts DER to PEM and saves PEM to disk into SaveDerAndPem function.
* Changed `ecc_test_make_pub` and `ecc_test_key_gen` to use XMALLOC for temp buffers (uses heap instead of stack).
* Cleanup to combine all certificate subject information into global `certDefaultName`.
* Updated cert request info to use wolfSSL instead of Yassl.
* Cleanup to combine keyUsage into `certKeyUsage` and `certKeyUsage2`.
* Re-number error codes in rsa_test.
* Moved the certext_test after the ecc_test, since it uses a file generated in `ecc_test_cert_gen`.
2017-10-19 16:17:51 -07:00
David Garske e98a0465ae tenAsys INtime RTOS port. Porting complete for mutex semaphores, threading, file, socket and RNG. Added projects for libwolfssl and wolfExamples. The wolfExamples project includes examples for wolfCrypt Test/Benchmark and wolfSSL TLS client/server. Provided reference user_settings.h with comments and enable/disable gates. Added README.md with overview and instructions. Fixed issue building master with NO_WOLFSSL_DIR defined. Added check if old TLS is enabled that SHA and MD5 are enabled. Cleanup of the wolfCrypt test use of USE_CERT_BUFFERS with file system enabled. 2017-03-13 09:48:55 -07:00
kaleb-himes 03295ec6d7 update certs, extend ntru to 1000 days, add der formatted ecc, new ecc buffer test
changes from first review

move to 256 bit defines
2016-08-12 13:00:52 -06:00
Chris Conlon 767da41b16 allow 1024 and 2048 example cert buffers to be enabled at same time, gencertbuf.pl 2015-11-30 14:18:17 -07:00
Chris Conlon aa3780f6b0 add example 1024-bit server/CA certs and keys for testing 2015-09-23 13:37:34 -06:00
Ludovic FLAMENT d2ea6f7ef0 Add support for :
- PEM public key loading
  - set/get KeyUsage in CSR and X.509
  - set/get SKID in CSR and X.509
  - set/get AKID in X.509
  - set/get two Certificate Policies OID in X.509
2015-09-07 09:51:21 +02:00
kaleb-himes 173b1147b5 updated certs 2015-05-07 12:21:50 -06:00
kaleb-himes 55d30ca277 new client-ecc-cert.pem/renewcerts updates/certs relavent name changes 2015-02-02 09:10:07 -07:00
kaleb-himes a389620a29 Copyright (C) updates 2015-01-08 09:39:04 -07:00
toddouska 1122f2a399 master merge resolve 2014-07-01 11:58:33 -07:00
Chris Conlon 3ff842168e add cert/key buffer flags in CTaoCrypt benchmark for RSA, DH 2013-01-30 10:13:56 -07:00
Chris Conlon 532f0aaee7 add ability to use cert/key buffers in CTaoCrypt test app 2013-01-28 17:15:28 -07:00