mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-05 13:10:52 +02:00
9393d62591
Replace the liboqs-based pre-standardization SPHINCS+ implementation with the native FIPS 205 SLH-DSA implementation across the certificate / ASN.1 / X.509 layers, and add SLH-DSA-rooted test certificates plus TLS 1.3 .conf scenarios that exercise the new verification path. All liboqs SPHINCS+ code is removed. This enables SLH-DSA for certificate chain authentication: CA certificates signed with SLH-DSA, certificate signature verification against an SLH-DSA root. TLS 1.3 entity authentication via CertificateVerify with SLH-DSA will be added in a follow-up PR. Follows RFC 9909 (X.509 Algorithm Identifiers for SLH-DSA) and NIST FIPS 205. Supports both SHAKE and SHA-2 parameter families across all twelve standardized variants. DER codec: - New PrivateKeyDecode, PublicKeyDecode, KeyToDer, PrivateKeyToDer, PublicKeyToDer with RFC 9909 encoding (bare OCTET STRING containing 4*n raw bytes = SK.seed || SK.prf || PK.seed || PK.root, no nested wrapper). OID auto-detection across all twelve SHAKE / SHA-2 variants. - PublicKeyDecode raw-bytes fast path mirrors wc_Falcon_PublicKeyDecode and wc_Dilithium_PublicKeyDecode so callers (notably wolfssl_x509_make_der and ConfirmSignature, which pass the raw BIT STRING contents stashed by StoreKey) decode correctly. Honours the caller's *inOutIdx start offset. - Error paths in Private/PublicKeyDecode preserve params/flags/ inOutIdx and only ForceZero the buffer half each helper actually writes; skip the wipe entirely on BAD_LENGTH_E (no bytes touched). - ImportPublic uses |= on flags so a Private-then-Public import sequence retains FLAG_PRIVATE. OID dispatch: - 12 standardized NIST OIDs (6 SHAKE + 6 SHA-2) per RFC 9909. The pre-standardization OID-collision mechanism is removed since NIST OIDs do not collide. - wc_SlhDsaOidToParam / wc_SlhDsaOidToCertType return NOT_COMPILED_IN (rather than -1) for recognised SLH-DSA OIDs whose parameter set isn't built; wc_IsSlhDsaOid recognises both. The x509 dispatch surfaces this as a precise diagnostic instead of the generic "No public key found". - wc_GetKeyOID picks a placeholder parameter from whatever variant is compiled in and #errors at compile time if none is. - asn_orig.c EncodeCert / EncodeCertReq accept SHA-2 SLH-DSA keyTypes alongside SHAKE. Tests and fixtures: - Test cert chain in certs/slhdsa/: SLH-DSA-SHAKE-128s and SLH-DSA-SHA2-128s self-signed roots that sign reused ML-DSA-44 entity keys (server + client), plus the gen script (gen-slhdsa-mldsa-certs.sh, OpenSSL >= 3.5). - New TLS 1.3 .conf scenarios under tests/suites.c dispatch: test-tls13-slhdsa-shake.conf, test-tls13-slhdsa-sha2.conf, and a wrong-CA negative test test-tls13-slhdsa-fail.conf. - DER round-trip and on-disk decode tests; bench_slhdsa_*_key.der fixtures regenerated with wolfSSL's own encoder so the codec is pinned to RFC 9909. - New unit test test_wc_slhdsa_x509_i2d_roundtrip exercises the raw PublicKeyDecode entry point that wolfssl_x509_make_der relies on. - test_wc_slhdsa_check_key now tests both Public-then-Private and Private-then-Public import orderings. Build / ABI: - DYNAMIC_TYPE_SPHINCS = 98 kept as RESERVED with a tombstone comment for ABI stability; new code should use DYNAMIC_TYPE_SLHDSA (107). - All build system / IDE project files updated; SPHINCS+ sources, headers, and test data removed. - Dead bench_slhdsa_*_key arrays removed from gencertbuf.pl and certs_test.h; the .der files on disk drive the decode tests.
451 lines
8.5 KiB
XML
451 lines
8.5 KiB
XML
<?xml version="1.0" encoding="Windows-1252"?>
|
|
<VisualStudioProject
|
|
ProjectType="Visual C++"
|
|
Version="9.00"
|
|
Name="wolfssl"
|
|
ProjectGUID="{73973223-5EE8-41CA-8E88-1D60E89A237B}"
|
|
RootNamespace="wolfssl"
|
|
Keyword="Win32Proj"
|
|
TargetFrameworkVersion="196613"
|
|
>
|
|
<Platforms>
|
|
<Platform
|
|
Name="Win32"
|
|
/>
|
|
</Platforms>
|
|
<ToolFiles>
|
|
</ToolFiles>
|
|
<Configurations>
|
|
<Configuration
|
|
Name="Debug|Win32"
|
|
OutputDirectory="$(SolutionDir)$(ConfigurationName)"
|
|
IntermediateDirectory="$(ConfigurationName)"
|
|
ConfigurationType="4"
|
|
CharacterSet="1"
|
|
>
|
|
<Tool
|
|
Name="VCPreBuildEventTool"
|
|
/>
|
|
<Tool
|
|
Name="VCCustomBuildTool"
|
|
/>
|
|
<Tool
|
|
Name="VCXMLDataGeneratorTool"
|
|
/>
|
|
<Tool
|
|
Name="VCWebServiceProxyGeneratorTool"
|
|
/>
|
|
<Tool
|
|
Name="VCMIDLTool"
|
|
/>
|
|
<Tool
|
|
Name="VCCLCompilerTool"
|
|
Optimization="0"
|
|
AdditionalIncludeDirectories="./;./IDE/WIN"
|
|
PreprocessorDefinitions="WOLFSSL_LIB;WOLFSSL_USER_SETTINGS"
|
|
MinimalRebuild="true"
|
|
BasicRuntimeChecks="3"
|
|
RuntimeLibrary="3"
|
|
UsePrecompiledHeader="0"
|
|
WarningLevel="4"
|
|
DebugInformationFormat="4"
|
|
DisableSpecificWarnings="4206,4214,4706"
|
|
/>
|
|
<Tool
|
|
Name="VCManagedResourceCompilerTool"
|
|
/>
|
|
<Tool
|
|
Name="VCResourceCompilerTool"
|
|
/>
|
|
<Tool
|
|
Name="VCPreLinkEventTool"
|
|
/>
|
|
<Tool
|
|
Name="VCLibrarianTool"
|
|
/>
|
|
<Tool
|
|
Name="VCALinkTool"
|
|
/>
|
|
<Tool
|
|
Name="VCXDCMakeTool"
|
|
/>
|
|
<Tool
|
|
Name="VCBscMakeTool"
|
|
/>
|
|
<Tool
|
|
Name="VCFxCopTool"
|
|
/>
|
|
<Tool
|
|
Name="VCPostBuildEventTool"
|
|
/>
|
|
</Configuration>
|
|
<Configuration
|
|
Name="Release|Win32"
|
|
OutputDirectory="$(SolutionDir)$(ConfigurationName)"
|
|
IntermediateDirectory="$(ConfigurationName)"
|
|
ConfigurationType="4"
|
|
CharacterSet="1"
|
|
WholeProgramOptimization="1"
|
|
>
|
|
<Tool
|
|
Name="VCPreBuildEventTool"
|
|
/>
|
|
<Tool
|
|
Name="VCCustomBuildTool"
|
|
/>
|
|
<Tool
|
|
Name="VCXMLDataGeneratorTool"
|
|
/>
|
|
<Tool
|
|
Name="VCWebServiceProxyGeneratorTool"
|
|
/>
|
|
<Tool
|
|
Name="VCMIDLTool"
|
|
/>
|
|
<Tool
|
|
Name="VCCLCompilerTool"
|
|
Optimization="2"
|
|
EnableIntrinsicFunctions="true"
|
|
AdditionalIncludeDirectories="./;./IDE/WIN"
|
|
PreprocessorDefinitions="WOLFSSL_LIB;WOLFSSL_USER_SETTINGS"
|
|
RuntimeLibrary="2"
|
|
EnableFunctionLevelLinking="true"
|
|
UsePrecompiledHeader="0"
|
|
WarningLevel="3"
|
|
DebugInformationFormat="3"
|
|
/>
|
|
<Tool
|
|
Name="VCManagedResourceCompilerTool"
|
|
/>
|
|
<Tool
|
|
Name="VCResourceCompilerTool"
|
|
/>
|
|
<Tool
|
|
Name="VCPreLinkEventTool"
|
|
/>
|
|
<Tool
|
|
Name="VCLibrarianTool"
|
|
/>
|
|
<Tool
|
|
Name="VCALinkTool"
|
|
/>
|
|
<Tool
|
|
Name="VCXDCMakeTool"
|
|
/>
|
|
<Tool
|
|
Name="VCBscMakeTool"
|
|
/>
|
|
<Tool
|
|
Name="VCFxCopTool"
|
|
/>
|
|
<Tool
|
|
Name="VCPostBuildEventTool"
|
|
/>
|
|
</Configuration>
|
|
</Configurations>
|
|
<References>
|
|
</References>
|
|
<Files>
|
|
<Filter
|
|
Name="Source Files"
|
|
Filter="cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx"
|
|
UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}"
|
|
>
|
|
<File
|
|
RelativePath=".\src\crl.c"
|
|
>
|
|
</File>
|
|
<File
|
|
RelativePath=".\src\dtls13.c"
|
|
>
|
|
</File>
|
|
<File
|
|
RelativePath=".\src\dtls.c"
|
|
>
|
|
</File>
|
|
<File
|
|
RelativePath=".\src\internal.c"
|
|
>
|
|
</File>
|
|
<File
|
|
RelativePath=".\src\keys.c"
|
|
>
|
|
</File>
|
|
<File
|
|
RelativePath=".\src\ocsp.c"
|
|
>
|
|
</File>
|
|
<File
|
|
RelativePath=".\src\ssl.c"
|
|
>
|
|
</File>
|
|
<File
|
|
RelativePath=".\src\tls.c"
|
|
>
|
|
</File>
|
|
<File
|
|
RelativePath=".\src\tls13.c"
|
|
>
|
|
</File>
|
|
<File
|
|
RelativePath=".\src\wolfio.c"
|
|
>
|
|
</File>
|
|
<File
|
|
RelativePath=".\wolfcrypt\src\aes.c"
|
|
>
|
|
</File>
|
|
<File
|
|
RelativePath=".\wolfcrypt\src\aes_asm.asm"
|
|
>
|
|
</File>
|
|
<File
|
|
RelativePath=".\wolfcrypt\src\aes_gcm_asm.asm"
|
|
>
|
|
</File>
|
|
<File
|
|
RelativePath=".\wolfcrypt\src\arc4.c"
|
|
>
|
|
</File>
|
|
<File
|
|
RelativePath=".\wolfcrypt\src\asn.c"
|
|
>
|
|
</File>
|
|
<File
|
|
RelativePath=".\wolfcrypt\src\blake2b.c"
|
|
>
|
|
</File>
|
|
<File
|
|
RelativePath=".\wolfcrypt\src\blake2s.c"
|
|
>
|
|
</File>
|
|
<File
|
|
RelativePath=".\wolfcrypt\src\camellia.c"
|
|
>
|
|
</File>
|
|
<File
|
|
RelativePath=".\wolfcrypt\src\coding.c"
|
|
>
|
|
</File>
|
|
<File
|
|
RelativePath=".\wolfcrypt\src\chacha.c"
|
|
>
|
|
</File>
|
|
<File
|
|
RelativePath=".\wolfcrypt\src\chacha_asm.asm"
|
|
>
|
|
</File>
|
|
<File
|
|
RelativePath=".\wolfcrypt\src\chacha20_poly1305.c"
|
|
>
|
|
</File>
|
|
<File
|
|
RelativePath=".\wolfcrypt\src\des3.c"
|
|
>
|
|
</File>
|
|
<File
|
|
RelativePath=".\wolfcrypt\src\dilithium.c"
|
|
>
|
|
</File>
|
|
<File
|
|
RelativePath=".\wolfcrypt\src\dh.c"
|
|
>
|
|
</File>
|
|
<File
|
|
RelativePath=".\wolfcrypt\src\dsa.c"
|
|
>
|
|
</File>
|
|
<File
|
|
RelativePath=".\wolfcrypt\src\ecc.c"
|
|
>
|
|
</File>
|
|
<File
|
|
RelativePath=".\wolfcrypt\src\error.c"
|
|
>
|
|
</File>
|
|
<File
|
|
RelativePath=".\wolfcrypt\src\falcon.c"
|
|
>
|
|
</File>
|
|
<File
|
|
RelativePath=".\wolfcrypt\src\fe_low_mem.c"
|
|
>
|
|
</File>
|
|
<File
|
|
RelativePath=".\wolfcrypt\src\fe_operations.c"
|
|
>
|
|
</File>
|
|
<File
|
|
RelativePath=".\wolfcrypt\src\ge_low_mem.c"
|
|
>
|
|
</File>
|
|
<File
|
|
RelativePath=".\wolfcrypt\src\ge_operations.c"
|
|
>
|
|
</File>
|
|
<File
|
|
RelativePath=".\wolfcrypt\src\hash.c"
|
|
>
|
|
</File>
|
|
<File
|
|
RelativePath=".\wolfcrypt\src\hmac.c"
|
|
>
|
|
</File>
|
|
<File
|
|
RelativePath=".\wolfcrypt\src\integer.c"
|
|
>
|
|
</File>
|
|
<File
|
|
RelativePath=".\wolfcrypt\src\wc_mlkem.c"
|
|
>
|
|
</File>
|
|
<File
|
|
RelativePath=".\wolfcrypt\src\wc_mlkem_poly.c"
|
|
>
|
|
</File>
|
|
<File
|
|
RelativePath=".\wolfcrypt\src\logging.c"
|
|
>
|
|
</File>
|
|
<File
|
|
RelativePath=".\wolfcrypt\src\md2.c"
|
|
>
|
|
</File>
|
|
<File
|
|
RelativePath=".\wolfcrypt\src\md4.c"
|
|
>
|
|
</File>
|
|
<File
|
|
RelativePath=".\wolfcrypt\src\md5.c"
|
|
>
|
|
</File>
|
|
<File
|
|
RelativePath=".\wolfcrypt\src\memory.c"
|
|
>
|
|
</File>
|
|
<File
|
|
RelativePath=".\wolfcrypt\src\pkcs7.c"
|
|
>
|
|
</File>
|
|
<File
|
|
RelativePath=".\wolfcrypt\src\pkcs12.c"
|
|
>
|
|
</File>
|
|
<File
|
|
RelativePath=".\wolfcrypt\src\poly1305.c"
|
|
>
|
|
</File>
|
|
<File
|
|
RelativePath=".\wolfcrypt\src\poly1305_asm.asm"
|
|
>
|
|
</File>
|
|
<File
|
|
RelativePath=".\wolfcrypt\src\pwdbased.c"
|
|
>
|
|
</File>
|
|
<File
|
|
RelativePath=".\wolfcrypt\src\random.c"
|
|
>
|
|
</File>
|
|
<File
|
|
RelativePath=".\wolfcrypt\src\rc2.c"
|
|
>
|
|
</File>
|
|
<File
|
|
RelativePath=".\wolfcrypt\src\ripemd.c"
|
|
>
|
|
</File>
|
|
<File
|
|
RelativePath=".\wolfcrypt\src\rsa.c"
|
|
>
|
|
</File>
|
|
<File
|
|
RelativePath=".\wolfcrypt\src\sha.c"
|
|
>
|
|
</File>
|
|
<File
|
|
RelativePath=".\wolfcrypt\src\sha256.c"
|
|
>
|
|
</File>
|
|
<File
|
|
RelativePath=".\wolfcrypt\src\sha512.c"
|
|
>
|
|
</File>
|
|
<File
|
|
RelativePath=".\wolfcrypt\src\sp_c32.c"
|
|
>
|
|
</File>
|
|
<File
|
|
RelativePath=".\wolfcrypt\src\sp_c64.c"
|
|
>
|
|
</File>
|
|
<File
|
|
RelativePath=".\wolfcrypt\src\sp_int.c"
|
|
>
|
|
</File>
|
|
<File
|
|
RelativePath=".\wolfcrypt\src\sp_x86_64.c"
|
|
>
|
|
</File>
|
|
<File
|
|
RelativePath=".\wolfcrypt\src\sp_x86_64_asm.asm"
|
|
>
|
|
</File>
|
|
<File
|
|
RelativePath=".\wolfcrypt\src\signature.c"
|
|
>
|
|
</File>
|
|
<File
|
|
RelativePath=".\wolfcrypt\src\tfm.c"
|
|
>
|
|
</File>
|
|
<File
|
|
RelativePath=".\wolfcrypt\src\wc_encrypt.c"
|
|
>
|
|
</File>
|
|
<File
|
|
RelativePath=".\wolfcrypt\src\wc_pkcs11.c"
|
|
>
|
|
</File>
|
|
<File
|
|
RelativePath=".\wolfcrypt\src\wc_port.c"
|
|
>
|
|
</File>
|
|
<File
|
|
RelativePath=".\wolfcrypt\src\wc_slhdsa.c"
|
|
>
|
|
</File>
|
|
<File
|
|
RelativePath=".\wolfcrypt\src\wolfmath.c"
|
|
>
|
|
</File>
|
|
<File
|
|
RelativePath=".\wolfcrypt\src\wolfevent.c"
|
|
>
|
|
</File>
|
|
<File
|
|
RelativePath=".\wolfcrypt\src\port\liboqs\liboqs.c"
|
|
>
|
|
</File>
|
|
</Filter>
|
|
<Filter
|
|
Name="Header Files"
|
|
Filter="h;hpp;hxx;hm;inl;inc;xsd"
|
|
UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}"
|
|
>
|
|
<File
|
|
RelativePath="IDE\WIN\user_settings.h"
|
|
>
|
|
</File>
|
|
</Filter>
|
|
<Filter
|
|
Name="Resource Files"
|
|
Filter="rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav"
|
|
UniqueIdentifier="{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}"
|
|
>
|
|
</Filter>
|
|
</Files>
|
|
<Globals>
|
|
</Globals>
|
|
</VisualStudioProject>
|