Commit Graph

26 Commits

Author SHA1 Message Date
Tobias Frauenschläger 9393d62591 Replace liboqs SPHINCS+ with SLH-DSA in certificate layer
Replace the liboqs-based pre-standardization SPHINCS+ implementation
with the native FIPS 205 SLH-DSA implementation across the
certificate / ASN.1 / X.509 layers, and add SLH-DSA-rooted test
certificates plus TLS 1.3 .conf scenarios that exercise the new
verification path. All liboqs SPHINCS+ code is removed.

This enables SLH-DSA for certificate chain authentication: CA
certificates signed with SLH-DSA, certificate signature verification
against an SLH-DSA root. TLS 1.3 entity authentication via
CertificateVerify with SLH-DSA will be added in a follow-up PR.

Follows RFC 9909 (X.509 Algorithm Identifiers for SLH-DSA) and
NIST FIPS 205. Supports both SHAKE and SHA-2 parameter families
across all twelve standardized variants.

DER codec:
- New PrivateKeyDecode, PublicKeyDecode, KeyToDer, PrivateKeyToDer,
  PublicKeyToDer with RFC 9909 encoding (bare OCTET STRING containing
  4*n raw bytes = SK.seed || SK.prf || PK.seed || PK.root, no nested
  wrapper). OID auto-detection across all twelve SHAKE / SHA-2 variants.
- PublicKeyDecode raw-bytes fast path mirrors wc_Falcon_PublicKeyDecode
  and wc_Dilithium_PublicKeyDecode so callers (notably
  wolfssl_x509_make_der and ConfirmSignature, which pass the raw
  BIT STRING contents stashed by StoreKey) decode correctly. Honours
  the caller's *inOutIdx start offset.
- Error paths in Private/PublicKeyDecode preserve params/flags/
  inOutIdx and only ForceZero the buffer half each helper actually
  writes; skip the wipe entirely on BAD_LENGTH_E (no bytes touched).
- ImportPublic uses |= on flags so a Private-then-Public import
  sequence retains FLAG_PRIVATE.

OID dispatch:
- 12 standardized NIST OIDs (6 SHAKE + 6 SHA-2) per RFC 9909. The
  pre-standardization OID-collision mechanism is removed since NIST
  OIDs do not collide.
- wc_SlhDsaOidToParam / wc_SlhDsaOidToCertType return NOT_COMPILED_IN
  (rather than -1) for recognised SLH-DSA OIDs whose parameter set
  isn't built; wc_IsSlhDsaOid recognises both. The x509 dispatch
  surfaces this as a precise diagnostic instead of the generic
  "No public key found".
- wc_GetKeyOID picks a placeholder parameter from whatever variant is
  compiled in and #errors at compile time if none is.
- asn_orig.c EncodeCert / EncodeCertReq accept SHA-2 SLH-DSA keyTypes
  alongside SHAKE.

Tests and fixtures:
- Test cert chain in certs/slhdsa/: SLH-DSA-SHAKE-128s and
  SLH-DSA-SHA2-128s self-signed roots that sign reused ML-DSA-44
  entity keys (server + client), plus the gen script
  (gen-slhdsa-mldsa-certs.sh, OpenSSL >= 3.5).
- New TLS 1.3 .conf scenarios under tests/suites.c dispatch:
  test-tls13-slhdsa-shake.conf, test-tls13-slhdsa-sha2.conf, and a
  wrong-CA negative test test-tls13-slhdsa-fail.conf.
- DER round-trip and on-disk decode tests; bench_slhdsa_*_key.der
  fixtures regenerated with wolfSSL's own encoder so the codec is
  pinned to RFC 9909.
- New unit test test_wc_slhdsa_x509_i2d_roundtrip exercises the raw
  PublicKeyDecode entry point that wolfssl_x509_make_der relies on.
- test_wc_slhdsa_check_key now tests both Public-then-Private and
  Private-then-Public import orderings.

Build / ABI:
- DYNAMIC_TYPE_SPHINCS = 98 kept as RESERVED with a tombstone comment
  for ABI stability; new code should use DYNAMIC_TYPE_SLHDSA (107).
- All build system / IDE project files updated; SPHINCS+ sources,
  headers, and test data removed.
- Dead bench_slhdsa_*_key arrays removed from gencertbuf.pl and
  certs_test.h; the .der files on disk drive the decode tests.
2026-04-30 18:32:07 +02:00
Tobias Frauenschläger e1fefcca4f Remove deprecated liblms and libxmss 2026-04-29 19:52:09 +02:00
Sean Parkinson 093cc04076 Stack API: Pull out implementation into separate file
General stack APIs pulled out into ssl_sk.c.
Other simple APIs also pulled out into ssl_sk.c.
wolfSSL_lh_retrieve also pulled out into ssl_sk.c.

Added tests of public APIs that weren't already tested.
2025-10-27 17:08:41 +10:00
Eric Blankenhorn 2179dccb1d Fix VS proj 2025-09-09 15:36:55 -05:00
Eric Blankenhorn a3a21fac3c Fix Makefile 2025-09-09 11:56:10 -05:00
Eric Blankenhorn b6bb43e9bc Fix Makefile 2025-09-09 11:39:40 -05:00
Eric Blankenhorn 5fd5ff89c3 Changes from customer 2025-09-08 13:20:13 -05:00
Eric Blankenhorn b4a82877b8 Remove *.filters file 2025-09-05 16:23:26 -05:00
Eric Blankenhorn 53ee6d3a0b Fixes for INTIME RTOS 2025-09-05 16:23:26 -05:00
Daniel Pouzzner a3fb5029f8 clean up trailing whitespace and misplaced CRLFs, add missing final newlines, remove stray UTF8 nonprintables (BOMs) and ASCIIfy stray homoglyphs (spaces and apostrophes), guided by expanded coverage in wolfssl-multi-test check-source-text. 2024-09-05 14:52:18 -05:00
Anthony Hu 9ea40f3a9c Purge IDEA cipher 2022-01-31 15:29:25 -05:00
Anthony Hu b957a6e872 Purge Rabbit cipher 2022-01-28 13:13:53 -05:00
Anthony Hu c2860cb311 Get rid of HC-128 2022-01-17 18:11:54 -05:00
Daniel Pouzzner 8f121e7752 file modes: clear inappropriate executable bits. 2021-11-08 17:28:11 -06:00
Jacob Barthelmeh 9ec9ace7ea adding kdf.c to IDE builds 2021-10-28 16:19:18 -06:00
Elms c3e6195da5 INTIME: add support for directory file search
Directory support allows CRL use with undefining `NO_WOLFSSL_DIR`

Also increase stack size to avoid page fault and add
`_USE_64BIT_TIME_T` to example project to pass ASN test
2021-03-20 00:53:02 -07:00
Sean Parkinson 55ea2facdd Changes to clear issues raised by cppcheck 2020-01-30 14:24:32 +10:00
C-Treff 1d281ce515 replace memset by XMEMSET
replaced memset with XMEMSET as requested by @dgarske

INtime project files cleanup
2018-05-24 09:35:46 +02:00
C-Treff cd9f86d921 time 64bit, test update
64bit settings for time is mandatory for INtime. Changed the project file.

Test for ecc_test_buffers was unreliable, as the structs were not initialized befor usage.
2018-05-23 10:33:56 +02:00
David Garske 7f30397252 Remove execute bit on all code files. 2017-10-23 11:16:40 -07:00
Jacob Barthelmeh 3763b88397 rename the file io.h to wolfio.h 2017-09-20 10:53:11 -06:00
David Garske ddcf11011e Added return code checking for wolfCrypt_Init(). Added initRefCount check on wolfCrypt_Cleanup(). Fix link for tenAsys INtime RTOS readme. 2017-05-02 10:20:31 -07:00
David Garske a4efaf5eaa Fix mutex to use single count for semaphore so behavior is like mutex. Fix typo with “received”. Fix for mp_clear with fast math to do null check on arg (noticed null with ecc make key benchmark with wc_ecc_free). 2017-04-27 13:09:11 -07:00
David Garske 2fbce65975 Revert change in types.h for INTIME_RTOS. HAVE_THREAD_LS is not supported here, so don’t define out. Added note in INtime RTOS user_settings.h to indicate this. 2017-03-13 20:03:09 -07:00
David Garske 8a562c817c Fix build issues with DEBUG_WOLFSSL defined. Fix typo in user_settings.h for DEBUG_WOLFSSL. Fix issue with example client waiting on local server (shouldn’t be). Updated README.md with example output. 2017-03-13 12:22:44 -07:00
David Garske e98a0465ae tenAsys INtime RTOS port. Porting complete for mutex semaphores, threading, file, socket and RNG. Added projects for libwolfssl and wolfExamples. The wolfExamples project includes examples for wolfCrypt Test/Benchmark and wolfSSL TLS client/server. Provided reference user_settings.h with comments and enable/disable gates. Added README.md with overview and instructions. Fixed issue building master with NO_WOLFSSL_DIR defined. Added check if old TLS is enabled that SHA and MD5 are enabled. Cleanup of the wolfCrypt test use of USE_CERT_BUFFERS with file system enabled. 2017-03-13 09:48:55 -07:00