Commit Graph

29 Commits

Author SHA1 Message Date
Tobias Frauenschläger 9393d62591 Replace liboqs SPHINCS+ with SLH-DSA in certificate layer
Replace the liboqs-based pre-standardization SPHINCS+ implementation
with the native FIPS 205 SLH-DSA implementation across the
certificate / ASN.1 / X.509 layers, and add SLH-DSA-rooted test
certificates plus TLS 1.3 .conf scenarios that exercise the new
verification path. All liboqs SPHINCS+ code is removed.

This enables SLH-DSA for certificate chain authentication: CA
certificates signed with SLH-DSA, certificate signature verification
against an SLH-DSA root. TLS 1.3 entity authentication via
CertificateVerify with SLH-DSA will be added in a follow-up PR.

Follows RFC 9909 (X.509 Algorithm Identifiers for SLH-DSA) and
NIST FIPS 205. Supports both SHAKE and SHA-2 parameter families
across all twelve standardized variants.

DER codec:
- New PrivateKeyDecode, PublicKeyDecode, KeyToDer, PrivateKeyToDer,
  PublicKeyToDer with RFC 9909 encoding (bare OCTET STRING containing
  4*n raw bytes = SK.seed || SK.prf || PK.seed || PK.root, no nested
  wrapper). OID auto-detection across all twelve SHAKE / SHA-2 variants.
- PublicKeyDecode raw-bytes fast path mirrors wc_Falcon_PublicKeyDecode
  and wc_Dilithium_PublicKeyDecode so callers (notably
  wolfssl_x509_make_der and ConfirmSignature, which pass the raw
  BIT STRING contents stashed by StoreKey) decode correctly. Honours
  the caller's *inOutIdx start offset.
- Error paths in Private/PublicKeyDecode preserve params/flags/
  inOutIdx and only ForceZero the buffer half each helper actually
  writes; skip the wipe entirely on BAD_LENGTH_E (no bytes touched).
- ImportPublic uses |= on flags so a Private-then-Public import
  sequence retains FLAG_PRIVATE.

OID dispatch:
- 12 standardized NIST OIDs (6 SHAKE + 6 SHA-2) per RFC 9909. The
  pre-standardization OID-collision mechanism is removed since NIST
  OIDs do not collide.
- wc_SlhDsaOidToParam / wc_SlhDsaOidToCertType return NOT_COMPILED_IN
  (rather than -1) for recognised SLH-DSA OIDs whose parameter set
  isn't built; wc_IsSlhDsaOid recognises both. The x509 dispatch
  surfaces this as a precise diagnostic instead of the generic
  "No public key found".
- wc_GetKeyOID picks a placeholder parameter from whatever variant is
  compiled in and #errors at compile time if none is.
- asn_orig.c EncodeCert / EncodeCertReq accept SHA-2 SLH-DSA keyTypes
  alongside SHAKE.

Tests and fixtures:
- Test cert chain in certs/slhdsa/: SLH-DSA-SHAKE-128s and
  SLH-DSA-SHA2-128s self-signed roots that sign reused ML-DSA-44
  entity keys (server + client), plus the gen script
  (gen-slhdsa-mldsa-certs.sh, OpenSSL >= 3.5).
- New TLS 1.3 .conf scenarios under tests/suites.c dispatch:
  test-tls13-slhdsa-shake.conf, test-tls13-slhdsa-sha2.conf, and a
  wrong-CA negative test test-tls13-slhdsa-fail.conf.
- DER round-trip and on-disk decode tests; bench_slhdsa_*_key.der
  fixtures regenerated with wolfSSL's own encoder so the codec is
  pinned to RFC 9909.
- New unit test test_wc_slhdsa_x509_i2d_roundtrip exercises the raw
  PublicKeyDecode entry point that wolfssl_x509_make_der relies on.
- test_wc_slhdsa_check_key now tests both Public-then-Private and
  Private-then-Public import orderings.

Build / ABI:
- DYNAMIC_TYPE_SPHINCS = 98 kept as RESERVED with a tombstone comment
  for ABI stability; new code should use DYNAMIC_TYPE_SLHDSA (107).
- All build system / IDE project files updated; SPHINCS+ sources,
  headers, and test data removed.
- Dead bench_slhdsa_*_key arrays removed from gencertbuf.pl and
  certs_test.h; the .der files on disk drive the decode tests.
2026-04-30 18:32:07 +02:00
Tobias Frauenschläger 7a2cf5b655 Remove liboqs for ML-KEM and ML-DSA, update for Falcon 2026-04-30 11:03:06 +02:00
JacobBarthelmeh a156ed7bc7 update Copyright year 2026-02-18 09:52:21 -07:00
Sean Parkinson 093cc04076 Stack API: Pull out implementation into separate file
General stack APIs pulled out into ssl_sk.c.
Other simple APIs also pulled out into ssl_sk.c.
wolfSSL_lh_retrieve also pulled out into ssl_sk.c.

Added tests of public APIs that weren't already tested.
2025-10-27 17:08:41 +10:00
gojimmypi c22354e2f5 Exclude wolfssl certs_test.h from Espressif user_settings.h 2025-09-05 17:08:04 -07:00
JacobBarthelmeh 629c5b4cf6 updating license from GPLv2 to GPLv3 2025-07-10 16:11:36 -06:00
gojimmypi 3254f56d32 Improve PlatformIO Certificate Bundle Support 2025-06-06 15:48:07 -07:00
gojimmypi a9db6d08f7 Adjust Espressif Examples for Post Quantum ML-KEM 2025-06-02 15:11:53 -07:00
gojimmypi ed2c20a3b2 Espressif HAVE_HKDF for wolfssl_test, explicit ESP32P4 2025-05-07 16:38:05 +02:00
gojimmypi 8cf6195426 Revert Espressif manual WOLFSSL_VIS_FOR_TESTS settings 2025-04-10 17:13:56 +02:00
gojimmypi 40c52bd844 Espressif updates. Kconfig, WOLFSSL_VIS_FOR_TESTS, ESP32P4 2025-04-06 16:01:35 +02:00
Sean Parkinson a7690ca24b ML-KEM/Kyber: finish name change 2025-03-10 08:37:14 +10:00
gojimmypi 71a982e6b7 sync with upstream 2025-02-03 16:13:05 -08:00
JacobBarthelmeh 2c24291ed5 update copyright date 2025-01-21 09:55:03 -07:00
gojimmypi 06c0c09940 Espressif Managed Component wolfSSL 5.7.4 post-release update 2024-12-05 21:46:33 -08:00
gojimmypi a13f48aea0 Update Espressif Examples 2024-10-15 18:36:28 -07:00
JacobBarthelmeh 31a6a2bf59 update copyright to 2024 2024-07-19 13:15:05 -06:00
David Garske 4eab0f1231 Fix hard coded values in TSIP ECC verify. Fix issues with tab indentation and spelling. 2024-07-18 16:45:27 -07:00
JacobBarthelmeh 081731be8b Merge pull request #7392 from gojimmypi/PR-Espressif-wolfcrypt-test
Update Espressif Examples and Libraries
2024-05-03 15:31:23 -06:00
Sean Parkinson 8e9810e87e ssl.c: Move functions out to separate files
Moved E[CD][25519||448] APIs to pk.c
Move public key PEM APIs to pk.c.
Move wolfSSL loading and using of private keys and certificates to
ssl_load.c
Move PKCS#7 and PKCS#12 APIs to ssl_p7p12.c.
Move session and session cache APIs to ssl_sess.c.
Other minor fixes.
2024-04-16 10:30:59 +10:00
gojimmypi 5cab707d8e Update Espressif Examples and Libraries 2024-04-04 20:40:52 -07:00
gojimmypi 92ab2eaca3 Fix Espressif component cmake for environment variable source 2024-01-19 11:54:10 -08:00
gojimmypi fb77319758 Espressif examples: polish & misc updates 2023-12-05 10:36:05 -08:00
gojimmypi 5b01270205 Update all Expressif examples, ready for PR #6990 2023-11-22 12:37:15 -08:00
Eric Blankenhorn 7223b5a708 Fix spelling warnings 2023-11-22 12:34:56 -06:00
Sean Parkinson 54f2d56300 ssl.c: Move out crypto compat APIs
ssl_crypto.c contains OpenSSL compatibility APIS for:
 - MD4, MD5, SHA/SHA-1, SHA2, SHA3
 - HMAC, CMAC
 - DES, DES3, AES, RC4
API implementations reworked.
Tests added for coverage.
TODOs for future enhancements.
2023-11-08 19:43:18 +10:00
gojimmypi 1a113c5429 Espressif add TLS Client/Server local user_settings.h 2023-10-22 16:59:54 +02:00
gojimmypi 8eaf09d7a0 Update Espressif TLS Client/Server CMakeLists.txt 2023-10-22 16:53:56 +02:00
gojimmypi ed79545a27 Espressif examples run with local wolfSSL (no setup!) (#6018)
* Espressif examples run with local wolfSSL (no setup!)
* include.am Espressif local no-setup component files
* cleanup Espressif Example CMakeLists.txt, use function
* multiple wolfSSL installs is now a fatal Espressif build error
* Examples no longer need setup
* CompileAll builds local examples, not IDF_PATH ones
* Espressif compileAllExamples both local & ESP-IDF components
* add wolfssl_test_idf test project
* move VisualGDB projects to subdirectories
* move VisualGDB wolfssl_server to subdirectory
* update include.am for moved VisualGDB project files
2023-02-13 14:37:56 -08:00