mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-05 23:30:50 +02:00
28468b44f5
Wire the stateful hash-based signature schemes HSS/LMS (RFC 8554) and XMSS / XMSS^MT (RFC 8391) into the X.509 cert-verification path per RFC 9802. asn: - Register id-alg-hss-lms-hashsig (1.2.840.113549.1.9.16.3.17), id-alg-xmss-hashsig (1.3.6.1.5.5.7.6.34) and id-alg-xmssmt-hashsig (1.3.6.1.5.5.7.6.35) in oid_sum.h, asn.c and asn1_oid_sum.pl. - Plumb the new keyOIDs through GetCertKey, SigOidMatchesKeyOid, HashForSignature, FreeSignatureCtx and ConfirmSignature so leaf and CA certificates parse, load and verify end-to-end. - Rename IsSigAlgoECC -> IsSigAlgoNoParams; the function has tested "AlgorithmIdentifier omits NULL parameters" since PQC algos were added, and HSS/LMS + XMSS only made the original name more misleading. wc_lms / wc_xmss: - Add wc_XmssKey_ImportPubRaw_ex which derives parameters from the 4-byte OID prefix at the start of the raw public key, taking an is_xmssmt hint to disambiguate the overlapping XMSS / XMSS^MT OID spaces. - Extend wc_LmsKey_ImportPubRaw with the same auto-derive from u32str(L) || lmsType || lmOtsType when key->params is NULL; this also fixes a latent NULL-deref when the legacy precondition was violated. - Reject WC_*_STATE_OK in both ImportPubRaw paths so re-importing on a private-key-loaded handle can't desync priv/pub. - Tighten wc_XmssKey_Verify's length check to strict equality, matching wc_LmsKey_Verify and the documented contract of using wc_XmssKey_GetSigLen for the buffer size. tests / fixtures: - Bouncy Castle 1.81 fixtures in certs/lms and certs/xmss covering every supported parameter set, plus CA->leaf chains per family and one BC-native LMS fixture as a cross-impl interop gate. - New api tests verify each fixture end-to-end, tamper TBS and signature bytes, exercise the wolfCrypt-level negative paths (NOT_COMPILED_IN, BUFFER_E, BAD_FUNC_ARG, BAD_STATE_E, OID/family mismatch, partial-write invariants, lenient VERIFYONLY re-import, strict sigLen check) and confirm the outer signatureAlgorithm OID is rejected when it disagrees with the SPKI in both XMSS<->XMSS^MT directions.