Replace the liboqs-based pre-standardization SPHINCS+ implementation with the native FIPS 205 SLH-DSA implementation across the certificate / ASN.1 / X.509 layers, and add SLH-DSA-rooted test certificates plus TLS 1.3 .conf scenarios that exercise the new verification path. All liboqs SPHINCS+ code is removed. This enables SLH-DSA for certificate chain authentication: CA certificates signed with SLH-DSA, certificate signature verification against an SLH-DSA root. TLS 1.3 entity authentication via CertificateVerify with SLH-DSA will be added in a follow-up PR. Follows RFC 9909 (X.509 Algorithm Identifiers for SLH-DSA) and NIST FIPS 205. Supports both SHAKE and SHA-2 parameter families across all twelve standardized variants. DER codec: - New PrivateKeyDecode, PublicKeyDecode, KeyToDer, PrivateKeyToDer, PublicKeyToDer with RFC 9909 encoding (bare OCTET STRING containing 4*n raw bytes = SK.seed || SK.prf || PK.seed || PK.root, no nested wrapper). OID auto-detection across all twelve SHAKE / SHA-2 variants. - PublicKeyDecode raw-bytes fast path mirrors wc_Falcon_PublicKeyDecode and wc_Dilithium_PublicKeyDecode so callers (notably wolfssl_x509_make_der and ConfirmSignature, which pass the raw BIT STRING contents stashed by StoreKey) decode correctly. Honours the caller's *inOutIdx start offset. - Error paths in Private/PublicKeyDecode preserve params/flags/ inOutIdx and only ForceZero the buffer half each helper actually writes; skip the wipe entirely on BAD_LENGTH_E (no bytes touched). - ImportPublic uses |= on flags so a Private-then-Public import sequence retains FLAG_PRIVATE. OID dispatch: - 12 standardized NIST OIDs (6 SHAKE + 6 SHA-2) per RFC 9909. The pre-standardization OID-collision mechanism is removed since NIST OIDs do not collide. - wc_SlhDsaOidToParam / wc_SlhDsaOidToCertType return NOT_COMPILED_IN (rather than -1) for recognised SLH-DSA OIDs whose parameter set isn't built; wc_IsSlhDsaOid recognises both. The x509 dispatch surfaces this as a precise diagnostic instead of the generic "No public key found". - wc_GetKeyOID picks a placeholder parameter from whatever variant is compiled in and #errors at compile time if none is. - asn_orig.c EncodeCert / EncodeCertReq accept SHA-2 SLH-DSA keyTypes alongside SHAKE. Tests and fixtures: - Test cert chain in certs/slhdsa/: SLH-DSA-SHAKE-128s and SLH-DSA-SHA2-128s self-signed roots that sign reused ML-DSA-44 entity keys (server + client), plus the gen script (gen-slhdsa-mldsa-certs.sh, OpenSSL >= 3.5). - New TLS 1.3 .conf scenarios under tests/suites.c dispatch: test-tls13-slhdsa-shake.conf, test-tls13-slhdsa-sha2.conf, and a wrong-CA negative test test-tls13-slhdsa-fail.conf. - DER round-trip and on-disk decode tests; bench_slhdsa_*_key.der fixtures regenerated with wolfSSL's own encoder so the codec is pinned to RFC 9909. - New unit test test_wc_slhdsa_x509_i2d_roundtrip exercises the raw PublicKeyDecode entry point that wolfssl_x509_make_der relies on. - test_wc_slhdsa_check_key now tests both Public-then-Private and Private-then-Public import orderings. Build / ABI: - DYNAMIC_TYPE_SPHINCS = 98 kept as RESERVED with a tombstone comment for ABI stability; new code should use DYNAMIC_TYPE_SLHDSA (107). - All build system / IDE project files updated; SPHINCS+ sources, headers, and test data removed. - Dead bench_slhdsa_*_key arrays removed from gencertbuf.pl and certs_test.h; the .der files on disk drive the decode tests.
wolfSSL TLS Server Example
This is the wolfSSL TLS Server demo, typically used with the Espressif TLS Client or the CLI Client.
When using the CLI, see the example parameters.
For general information on wolfSSL examples for Espressif, see the README file.
VisualGDB
Open the VisualGDB Visual Studio Project file in the VisualGDB directory and click the "Start" button.
No wolfSSL setup is needed. You may need to adjust your specific COM port. The default is COM20.
ESP-IDF Commandline
The Example contains a wolfSSL simple server.
-
idf.py menuconfigto configure the project1-1. Example Connection Configuration ->
WIFI SSID : your own WIFI, which is connected to the Internet.(default is "myssid") WIFI Password : WIFI password, and default is "mypassword"
When you want to test the wolfSSL simple server demo
-
idf.py -p <PORT> flashto compile the code and load the firmware -
idf.py monitorto see the context. The assigned IP address can be found in output message. -
Once the server connects to the wifi, it is waiting for client request. ("Waiting for a connection..." message will be displayed.)
-
You can use /examples/client to test the server e.g ./example/client/client -h xx.xx.xx
See the README.md file in the upper level 'examples' directory for more information about examples.
# . /mnt/c/SysGCC/esp32/esp-idf/master/export.sh
. /mnt/c/SysGCC/esp32/esp-idf/v5.2/export.sh
cd /mnt/c/workspace/wolfssl-$USER/IDE/Espressif/ESP-IDF/examples/wolfssl_server
# optionally erase
idf.py erase-flash -p /dev/ttyS19 -b 115200
# Program flash
idf.py flash -p /dev/ttyS19 -b 115200 monitor
Linux Client to x108 SM server
cd /mnt/c/workspace/wolfssl-$USER
# show the ciphers
./examples/client/client -e
./examples/client/client -h 192.168.1.108 -v 4 -l TLS_SM4_GCM_SM3 -c ./certs/sm2/client-sm2.pem -k ./certs/sm2/client-sm2-priv.pem -A ./certs/sm2/root-sm2.pem -C
Linux Server
./examples/server/server -v 4 -l TLS13-SM4-CCM-SM3 -c ./certs/sm2/server-sm2.pem -k ./certs/sm2/server-sm2-priv.pem -A ./certs/sm2/client-sm2.pem -V
ESP32 Client to WSL Linux Server
In Windows Powershell, (elevated permissions) forward the port after starting the listening server:
netsh interface portproxy add v4tov4 listenport=11111 listenaddress=0.0.0.0 connectport=11111 connectaddress=127.0.0.1
After the server exits, remove the port proxy forward:
netsh interface portproxy delete v4tov4 listenport=11111 listenaddress=0.0.0.0
Ciphers to consider
TLS13-AES128-GCM-SHA256:
TLS13-AES256-GCM-SHA384:
TLS13-CHACHA20-POLY1305-SHA256:
TLS13-SM4-GCM-SM3:
TLS13-SM4-CCM-SM3:
ECDHE-ECDSA-SM4-CBC-SM3:
ECDHE-ECDSA-SM4-GCM-SM3:
ECDHE-ECDSA-SM4-CCM-SM3
DHE-RSA-AES128-SHA:
DHE-RSA-AES256-SHA:
ECDHE-RSA-AES128-SHA:
ECDHE-RSA-AES256-SHA:
ECDHE-ECDSA-AES128-SHA:
ECDHE-ECDSA-AES256-SHA:
DHE-RSA-AES128-SHA256:
DHE-RSA-AES256-SHA256:
DHE-RSA-AES128-GCM-SHA256:
DHE-RSA-AES256-GCM-SHA384:
ECDHE-RSA-AES128-GCM-SHA256:
ECDHE-RSA-AES256-GCM-SHA384:
ECDHE-ECDSA-AES128-GCM-SHA256:
ECDHE-ECDSA-AES256-GCM-SHA384:
ECDHE-RSA-AES128-SHA256:
ECDHE-ECDSA-AES128-SHA256:
ECDHE-RSA-AES256-SHA384:
ECDHE-ECDSA-AES256-SHA384:
ECDHE-RSA-CHACHA20-POLY1305:
ECDHE-ECDSA-CHACHA20-POLY1305:
DHE-RSA-CHACHA20-POLY1305:
ECDHE-RSA-CHACHA20-POLY1305-OLD:
ECDHE-ECDSA-CHACHA20-POLY1305-OLD:
DHE-RSA-CHACHA20-POLY1305-OLD:
See the README.md file in the upper level 'examples' directory for more information about examples.