Commit Graph

62 Commits

Author SHA1 Message Date
Tobias Frauenschläger 9393d62591 Replace liboqs SPHINCS+ with SLH-DSA in certificate layer
Replace the liboqs-based pre-standardization SPHINCS+ implementation
with the native FIPS 205 SLH-DSA implementation across the
certificate / ASN.1 / X.509 layers, and add SLH-DSA-rooted test
certificates plus TLS 1.3 .conf scenarios that exercise the new
verification path. All liboqs SPHINCS+ code is removed.

This enables SLH-DSA for certificate chain authentication: CA
certificates signed with SLH-DSA, certificate signature verification
against an SLH-DSA root. TLS 1.3 entity authentication via
CertificateVerify with SLH-DSA will be added in a follow-up PR.

Follows RFC 9909 (X.509 Algorithm Identifiers for SLH-DSA) and
NIST FIPS 205. Supports both SHAKE and SHA-2 parameter families
across all twelve standardized variants.

DER codec:
- New PrivateKeyDecode, PublicKeyDecode, KeyToDer, PrivateKeyToDer,
  PublicKeyToDer with RFC 9909 encoding (bare OCTET STRING containing
  4*n raw bytes = SK.seed || SK.prf || PK.seed || PK.root, no nested
  wrapper). OID auto-detection across all twelve SHAKE / SHA-2 variants.
- PublicKeyDecode raw-bytes fast path mirrors wc_Falcon_PublicKeyDecode
  and wc_Dilithium_PublicKeyDecode so callers (notably
  wolfssl_x509_make_der and ConfirmSignature, which pass the raw
  BIT STRING contents stashed by StoreKey) decode correctly. Honours
  the caller's *inOutIdx start offset.
- Error paths in Private/PublicKeyDecode preserve params/flags/
  inOutIdx and only ForceZero the buffer half each helper actually
  writes; skip the wipe entirely on BAD_LENGTH_E (no bytes touched).
- ImportPublic uses |= on flags so a Private-then-Public import
  sequence retains FLAG_PRIVATE.

OID dispatch:
- 12 standardized NIST OIDs (6 SHAKE + 6 SHA-2) per RFC 9909. The
  pre-standardization OID-collision mechanism is removed since NIST
  OIDs do not collide.
- wc_SlhDsaOidToParam / wc_SlhDsaOidToCertType return NOT_COMPILED_IN
  (rather than -1) for recognised SLH-DSA OIDs whose parameter set
  isn't built; wc_IsSlhDsaOid recognises both. The x509 dispatch
  surfaces this as a precise diagnostic instead of the generic
  "No public key found".
- wc_GetKeyOID picks a placeholder parameter from whatever variant is
  compiled in and #errors at compile time if none is.
- asn_orig.c EncodeCert / EncodeCertReq accept SHA-2 SLH-DSA keyTypes
  alongside SHAKE.

Tests and fixtures:
- Test cert chain in certs/slhdsa/: SLH-DSA-SHAKE-128s and
  SLH-DSA-SHA2-128s self-signed roots that sign reused ML-DSA-44
  entity keys (server + client), plus the gen script
  (gen-slhdsa-mldsa-certs.sh, OpenSSL >= 3.5).
- New TLS 1.3 .conf scenarios under tests/suites.c dispatch:
  test-tls13-slhdsa-shake.conf, test-tls13-slhdsa-sha2.conf, and a
  wrong-CA negative test test-tls13-slhdsa-fail.conf.
- DER round-trip and on-disk decode tests; bench_slhdsa_*_key.der
  fixtures regenerated with wolfSSL's own encoder so the codec is
  pinned to RFC 9909.
- New unit test test_wc_slhdsa_x509_i2d_roundtrip exercises the raw
  PublicKeyDecode entry point that wolfssl_x509_make_der relies on.
- test_wc_slhdsa_check_key now tests both Public-then-Private and
  Private-then-Public import orderings.

Build / ABI:
- DYNAMIC_TYPE_SPHINCS = 98 kept as RESERVED with a tombstone comment
  for ABI stability; new code should use DYNAMIC_TYPE_SLHDSA (107).
- All build system / IDE project files updated; SPHINCS+ sources,
  headers, and test data removed.
- Dead bench_slhdsa_*_key arrays removed from gencertbuf.pl and
  certs_test.h; the .der files on disk drive the decode tests.
2026-04-30 18:32:07 +02:00
Tobias Frauenschläger 7a2cf5b655 Remove liboqs for ML-KEM and ML-DSA, update for Falcon 2026-04-30 11:03:06 +02:00
David Garske e05ce26fc9 wolfCrypt SRAM PUF Support
Add SRAM PUF (Physically Unclonable Function) support to wolfCrypt. Derives device-unique cryptographic keys from the power-on state of SRAM memory using a BCH(127,64,t=10) fuzzy extractor with HKDF key derivation.

- **wolfCrypt PUF API** (`wolfcrypt/src/puf.c`, `wolfssl/wolfcrypt/puf.h`)
  - `wc_PufInit`, `wc_PufReadSram`, `wc_PufEnroll`, `wc_PufReconstruct`
  - `wc_PufDeriveKey` (HKDF-SHA256), `wc_PufGetIdentity` (SHA-256 device fingerprint)
  - `wc_PufZeroize` (secure context cleanup)
  - `wc_PufSetTestData` (synthetic SRAM for testing without hardware)
- **BCH(127,64,t=10) error-correcting codec** - corrects up to 10 bit flips per 127-bit codeword across 16 codewords
- **`WC_PUF_SHA3` build option** - select SHA3-256 instead of SHA-256 for identity hash and HKDF (default: SHA-256)
- **Precomputed GF(2^7) tables** - `const` arrays in `.rodata` (no runtime init, thread-safe, flash-resident on embedded)
- `./configure --enable-puf` (auto-enables HKDF dependency)
- CMake: `WOLFSSL_PUF=yes`
- `WOLFSSL_USER_SETTINGS`: define `WOLFSSL_PUF` and `WOLFSSL_PUF_SRAM`
- See wolfssl-examples/puf for example implementation on STM32 NUCLEO-H563ZI (Cortex-M33, STM32H563ZI)
- Supports test mode (synthetic SRAM)
- Builds to ~13KB `.elf`
- Tested on NUCLEO-H563ZI: enrollment, noisy reconstruction, key derivation all pass
- `.github/workflows/puf.yml`: host build + test workflow for PUF feature
- Doxygen API docs for all 8 public functions
- PUF group added to `doxygen_groups.h`
2026-04-22 11:39:39 -07:00
night1rider 1413afb0db Fix CMake SHE build: add wc_she.c to sources, propagate CMAC/AES_DIRECT defines, 2026-04-15 11:28:03 -06:00
Daniel Pouzzner 60d1e222b2 globally fix all "BLAKE2" references (implicit BLAKE2B) to explicit "BLAKE2B":
* implement legacy compatibility in settings.h and configure.ac (adds --enable-blake2b while retaining --enable-blake2);
* fix incorrect Blake2 gates in wolfcrypt/src/hash.c wc_HashGetDigestSize() and wc_HashGetBlockSize();
* in wolfcrypt/test/test.c hash_test(), backfill missing Blake2 test coverage and separate blake2b from blake2s in typesHashBad[];
* in tests/api/test_hash.c, separate blake2b from blake2s in notCompiledHash[], sizeSupportedHash[], and sizeNotCompiledHash[].
2026-04-07 13:18:53 -05:00
Daniel Pouzzner 2ad5afaf4d wolfcrypt/src/wc_slhdsa.c: fixes for uninited data reads in slhdsakey_wots_sign_chain_x4_*() and slhdsakey_wots_pk_from_sig_x4;
CMakeLists.txt, cmake/functions.cmake, cmake/options.h.in: fixes for -DWOLFSSL_SLHDSA.
2026-03-10 17:51:18 -05:00
Tobias Frauenschläger 14ce7956f1 Increase test coverage
* More PQC configurations
* More CMake setups
* Fix various bugs uncovered by these tests

Added some missing feature additions to CMake to make the example
`user_settings_all.` config file work for the CI test.
2026-01-23 09:27:16 +01:00
Tobias Frauenschläger 99bde324aa Build systems improvements
* Add `WOLFSSL_USER_SETTINGS` to CMake `options.h.in`
* Add CMake support for Dilithium
* Add user_settings.h support for aes_asm.S
* Add PKCS#11 support to CMake
* Minor ARM assembly port fixes
2026-01-05 15:46:58 +01:00
Sean Parkinson 9c1462a9ec Aarch64 asm: convert to generated
Algorithms now generated:
  SHA-256
  SHA-512
  ChaCha20
  Poly1305
  AES-ECB
  AES-CBC
  AES-CTR
  AES-GCM + streaming
  AES-XTS
  AES SetKey

ARM32 asm algorithms generated now too:
  SHA-256
  SHA-512
  ChaCha20
  AES-ECB
  AES-CBC
  AES-CTR
  AES-GCM
  AES-XTS
  AES SetKey

Removed use of ARM specific implementations of algorithms. (armv8-aes.c)
2025-10-21 17:03:39 +10:00
Ruby Martin 0e6e040039 formatting remove whitespace
format whitespace so tabs are 4 spaces

format character count to be 80 characters or less per line

remove bracket
2025-08-19 17:08:53 -06:00
Ruby Martin 27d03fce7a additional check for ARM ASM Inline option
append thumb2 files, append inline c files with BUILD_ARMASM_INLINE

add all asm files. move curve25519 files under BUILD_CURVE25519

include remaining files
2025-08-18 15:41:43 -06:00
Anthony Hu 6cd1d7f3c9 Fix building ML-KEM and LMS with cmake 2025-04-07 10:43:10 -04:00
Sean Parkinson a7690ca24b ML-KEM/Kyber: finish name change 2025-03-10 08:37:14 +10:00
Tobias Frauenschläger af4017132d LMS fixes
* Add support for CMake
* Add support for Zephyr
* Make sure the internal key state is properly handled in case a public
  key is imported into a reloaded private key.

Signed-off-by: Tobias Frauenschläger <tobias.frauenschlaeger@oth-regensburg.de>
2025-02-26 15:33:59 +01:00
Tobias Frauenschläger aee446f3e5 Build SHA3 assembly with INTEL_SPEEDUP
Make sure the file `sha3_asm.S` is compiled when `WOLFSSL_INTEL_ASM` is
enabled using CMake.

Signed-off-by: Tobias Frauenschläger <tobias.frauenschlaeger@oth-regensburg.de>
2024-08-01 16:31:18 +02:00
Tobias Frauenschläger e2b642d4ab WolfSSL Kyber and CMake fixes
* Make sure wc_kyber implementation is compiled using CMake (also for
  Zephyr)
* Fix compilation issue when Liboqs is also enabled
* Fix WOLFSSL_INTEL_ASM and WOLFSSL_ARM_ASM CMake options

Signed-off-by: Tobias Frauenschläger
<tobias.frauenschlaeger@oth-regensburg.de>
2024-07-24 09:55:29 +02:00
David Garske fda8b4f64f Fix for CMake single threaded. https://github.com/wolfSSL/wolfssl/issues/7609#issuecomment-2154327463 2024-06-07 06:59:59 -07:00
oltolm f744043db1 change the way "wolfssl/options.h.in" is generated 2024-05-16 18:55:27 +02:00
David Garske 1d1800a3bd Merge pull request #7380 from oltolm/yesno
make "yes;no" cmake options boolean instead of string
2024-05-15 15:18:42 -07:00
gojimmypi 216925a946 Introduce cmake get/set_wolfssl_definitions; Add Kyber and OQS 2024-04-30 08:41:46 -07:00
oltolm 78b8ea3646 make "yes;no" cmake options boolean instead of string 2024-04-01 16:20:11 +02:00
Daniel Pouzzner 2b33079d50 Merge pull request #7188 from innolectric/innolectric
Innolectric CMake changes
2024-02-05 16:08:58 -05:00
David Garske 06a32d3437 Merge pull request #7097 from lealem47/removeUserCrypto
Remove user-crypto functionality and Intel IPP support
2024-01-09 17:33:28 -08:00
Lealem Amedie 837452b1ca Remove user-crypto functionality and Intel IPP support 2023-12-27 12:24:19 -07:00
Tobias Frauenschläger 755c385b1f Liboqs: use WolfSSL RNG
Improve the interface to liboqs by properly configuring and using the
RNG provided by WolfSSL from within liboqs.

Signed-off-by: Tobias Frauenschläger <t.frauenschlaeger@me.com>
2023-12-16 12:40:25 +01:00
Lealem Amedie de4bd42de0 Enable cURL and QUIC from CMake 2023-12-08 15:57:29 -07:00
Lealem Amedie 846b91ea1b Enable DTLS-SRTP in CMake 2023-11-20 15:58:59 -07:00
Mikhail Paulyshka 944c7e175b cmake: add WOLFSSL_X86_64_BUILD_ASM option 2023-11-08 09:18:07 +01:00
Mikhail Paulyshka 7adddc5fb8 cmake/functions: do not try to build x86_64 assembler on non-AMD64 platforms 2023-11-08 09:18:07 +01:00
gojimmypi 5830f921fa ARIA cipher cmake (#6600)
* ARIA Cipher CMake support
2023-09-19 10:57:02 -07:00
Andras Fekete 25f542adb4 Clean up compile errors 2023-08-01 15:46:18 -04:00
Iyán Méndez Veiga fd091a745c Include all post-quantum algorithm files in cmake
GH-5407 already included falcon.c, but now we also add sphincs.c,
dilithium.c and ext_kyber.c to avoid undefined reference errors.
2023-07-11 17:57:00 +02:00
Andras Fekete f58ae30b50 Add in CMake flags 'HPKE', 'HKDF', 'ECH' 2023-06-22 11:03:36 -04:00
Lealem Amedie 34c12789c9 CMake: add option to enable asio 2023-05-24 12:46:11 -06:00
JacobBarthelmeh b801a96f8c Port to RT1170 and expand CAAM driver 2023-02-22 08:26:25 -08:00
Marco Oliverio cfbd061625 add initial support for ConnectionID DTLS extension 2022-08-23 16:58:24 +02:00
David Garske dfb3616d50 Merge pull request #5465 from douzzer/20220812-fixes
20220812-fixes
2022-08-14 08:03:40 -07:00
Derzsi Dániel f515916f68 Add liboqs integration to CMake build system (#5407)
* Add liboqs integration to CMake build system

* Rephrase WOLFSSL_OQS option

* Add new FindOQS.cmake file to cmake/include.am

Co-authored-by: Disyer <denialmc1@gmail.com>
2022-08-12 16:23:24 -04:00
Daniel Pouzzner e382905311 CMakeLists.txt: synchronize CMAKE_C_FLAGS with diagnostic flags set in autotools-generated Makefile (-Wall -Wextra -Wno-unused -Werror), and fix WOLFSSL_RSA_PSS to add -DWOLFSSL_PSS_LONG_SALT as needed by changes to test_wolfSSL_CertRsaPss() in fb531dacc2 (gating of those changes is also added in this commit). 2022-08-12 15:18:41 -05:00
Stefan Eissing 4431438fb2 add QUIC support. 2022-08-08 13:24:00 +02:00
Hayden Roche d9bf39ffaa Make changes to CMake to support SP math default.
We recently made SP math the default big integer math library. Some changes to
the CMake code are needed for this to work.
2022-07-06 14:14:12 -07:00
Marco Oliverio d8ac35579c dtls13: add autotools, cmake build options and vstudio paths 2022-06-15 10:46:42 -07:00
elms ec38048711 cmake: Add CRL, OCSP, and OCSP stapling options 2022-04-26 16:23:46 -07:00
Elms fab8eca2fd cmake: Check for valid voerride values
Also remove trailing whitespace
2022-02-02 16:32:00 -08:00
Elms 9b4289c751 cmake: Add KEYGEN option. Cleanup help messages.
Add `WOLFSSL_KEYGEN` option and override enable when `WOLFTPM` is
enabled

Also major reduction of variables for help messages. Override only
updates `VALUE`
2022-02-02 16:15:47 -08:00
Anthony Hu 9ea40f3a9c Purge IDEA cipher 2022-01-31 15:29:25 -05:00
Anthony Hu b957a6e872 Purge Rabbit cipher 2022-01-28 13:13:53 -05:00
Lealem Amedie 1c12490c98 Adding some CMake options 2022-01-27 11:52:37 -08:00
Anthony Hu c2860cb311 Get rid of HC-128 2022-01-17 18:11:54 -05:00
elms dc073f9c1d cmake: add back de-duplication and fix formatting 2021-12-23 09:22:47 -08:00