Files
wolfssl/IDE/INTIME-RTOS
Tobias Frauenschläger 9393d62591 Replace liboqs SPHINCS+ with SLH-DSA in certificate layer
Replace the liboqs-based pre-standardization SPHINCS+ implementation
with the native FIPS 205 SLH-DSA implementation across the
certificate / ASN.1 / X.509 layers, and add SLH-DSA-rooted test
certificates plus TLS 1.3 .conf scenarios that exercise the new
verification path. All liboqs SPHINCS+ code is removed.

This enables SLH-DSA for certificate chain authentication: CA
certificates signed with SLH-DSA, certificate signature verification
against an SLH-DSA root. TLS 1.3 entity authentication via
CertificateVerify with SLH-DSA will be added in a follow-up PR.

Follows RFC 9909 (X.509 Algorithm Identifiers for SLH-DSA) and
NIST FIPS 205. Supports both SHAKE and SHA-2 parameter families
across all twelve standardized variants.

DER codec:
- New PrivateKeyDecode, PublicKeyDecode, KeyToDer, PrivateKeyToDer,
  PublicKeyToDer with RFC 9909 encoding (bare OCTET STRING containing
  4*n raw bytes = SK.seed || SK.prf || PK.seed || PK.root, no nested
  wrapper). OID auto-detection across all twelve SHAKE / SHA-2 variants.
- PublicKeyDecode raw-bytes fast path mirrors wc_Falcon_PublicKeyDecode
  and wc_Dilithium_PublicKeyDecode so callers (notably
  wolfssl_x509_make_der and ConfirmSignature, which pass the raw
  BIT STRING contents stashed by StoreKey) decode correctly. Honours
  the caller's *inOutIdx start offset.
- Error paths in Private/PublicKeyDecode preserve params/flags/
  inOutIdx and only ForceZero the buffer half each helper actually
  writes; skip the wipe entirely on BAD_LENGTH_E (no bytes touched).
- ImportPublic uses |= on flags so a Private-then-Public import
  sequence retains FLAG_PRIVATE.

OID dispatch:
- 12 standardized NIST OIDs (6 SHAKE + 6 SHA-2) per RFC 9909. The
  pre-standardization OID-collision mechanism is removed since NIST
  OIDs do not collide.
- wc_SlhDsaOidToParam / wc_SlhDsaOidToCertType return NOT_COMPILED_IN
  (rather than -1) for recognised SLH-DSA OIDs whose parameter set
  isn't built; wc_IsSlhDsaOid recognises both. The x509 dispatch
  surfaces this as a precise diagnostic instead of the generic
  "No public key found".
- wc_GetKeyOID picks a placeholder parameter from whatever variant is
  compiled in and #errors at compile time if none is.
- asn_orig.c EncodeCert / EncodeCertReq accept SHA-2 SLH-DSA keyTypes
  alongside SHAKE.

Tests and fixtures:
- Test cert chain in certs/slhdsa/: SLH-DSA-SHAKE-128s and
  SLH-DSA-SHA2-128s self-signed roots that sign reused ML-DSA-44
  entity keys (server + client), plus the gen script
  (gen-slhdsa-mldsa-certs.sh, OpenSSL >= 3.5).
- New TLS 1.3 .conf scenarios under tests/suites.c dispatch:
  test-tls13-slhdsa-shake.conf, test-tls13-slhdsa-sha2.conf, and a
  wrong-CA negative test test-tls13-slhdsa-fail.conf.
- DER round-trip and on-disk decode tests; bench_slhdsa_*_key.der
  fixtures regenerated with wolfSSL's own encoder so the codec is
  pinned to RFC 9909.
- New unit test test_wc_slhdsa_x509_i2d_roundtrip exercises the raw
  PublicKeyDecode entry point that wolfssl_x509_make_der relies on.
- test_wc_slhdsa_check_key now tests both Public-then-Private and
  Private-then-Public import orderings.

Build / ABI:
- DYNAMIC_TYPE_SPHINCS = 98 kept as RESERVED with a tombstone comment
  for ABI stability; new code should use DYNAMIC_TYPE_SLHDSA (107).
- All build system / IDE project files updated; SPHINCS+ sources,
  headers, and test data removed.
- Dead bench_slhdsa_*_key arrays removed from gencertbuf.pl and
  certs_test.h; the .der files on disk drive the decode tests.
2026-04-30 18:32:07 +02:00
..
2025-09-09 11:56:10 -05:00
2025-09-08 13:20:13 -05:00
2025-09-08 13:20:13 -05:00
2025-09-05 16:23:26 -05:00

tenAsys INtime RTOS Port

Overview

This port is for the tenAsys INtime RTOS available here.

To enable use the define INTIME_RTOS.

Usage

The wolfExamples.sln is a Visual Studio 2015 project. You must have the INtime SDK installed and an INtime RTOS agent running.

The default configuration is set inside the IDE/INTIME-RTOS/user_settings.h file.

The example application provides a simple menu interface to select difference application functions to test.

wolfExamples started
wolfExamples finished initialization

                                MENU

        t. WolfCrypt Test
        b. WolfCrypt Benchmark
        c. WolfSSL Client Example
        s. WolfSSL Server Example
        l. WolfSSL Localhost Client/Server Example
Please select one of the above options:

twolfCrypt Test

Performs testing of all crypto algorithms.

Crypt Test
error    test passed!
base64   test passed!
base64   test passed!
MD5      test passed!
SHA      test passed!
SHA-256  test passed!
SHA-384  test passed!
SHA-512  test passed!
Hash     test passed!
HMAC-MD5 test passed!
HMAC-SHA test passed!
HMAC-SHA256 test passed!
HMAC-SHA384 test passed!
HMAC-SHA512 test passed!
HMAC-KDF    test passed!
X963-KDF    test passed!
GMAC     test passed!
Chacha   test passed!
POLY1305 test passed!
ChaCha20-Poly1305 AEAD test passed!
DES      test passed!
DES3     test passed!
AES      test passed!
AES-GCM  test passed!
AES-CCM  test passed!
AES Key Wrap test passed!
RANDOM   test passed!
RSA      test passed!
DH       test passed!
DSA      test passed!
SRP      test passed!
PWDBASED test passed!
openSSL extra test
OPENSSL  test passed!
ECC      test passed!
ECC Enc  test passed!
ECC buffer test passed!
CURVE25519 test passed!
ED25519  test passed!
CMAC     test passed!
PKCS7enveloped test passed!
PKCS7signed    test passed!
PKCS7encrypted test passed!
mutex    test passed!
memcb    test passed!
Crypt Test: Return code 0

b wolfCrypt Benchmark

Performs benchmark of crypto algorithms.

Benchmark Test
RNG      25 kB took 0.002 seconds,   11.017 MB/s
AES enc  25 kB took 0.002 seconds,   15.090 MB/s
AES dec  25 kB took 0.002 seconds,   15.119 MB/s
AES-GCM  25 kB took 0.003 seconds,    9.433 MB/s
AES-CTR  25 kB took 0.001 seconds,   22.378 MB/s
AES-CCM  25 kB took 0.002 seconds,   15.306 MB/s
CHACHA   25 kB took 0.002 seconds,   16.063 MB/s
CHA-POLY 25 kB took 0.001 seconds,   20.447 MB/s
3DES     25 kB took 0.002 seconds,   10.717 MB/s

MD5      25 kB took  0.00 seconds,   31.576 MB/s
POLY1305 25 kB took 0.000 seconds,  201.575 MB/s
SHA      25 kB took  0.00 seconds,   43.761 MB/s
SHA-256  25 kB took 0.001 seconds,   19.299 MB/s
SHA-384  25 kB took 0.002 seconds,   14.577 MB/s
SHA-512  25 kB took 0.001 seconds,   21.718 MB/s
AES-CMAC 25 kB took  0.00 seconds,   34.925 MB/s

RSA 2048 public           2.445 milliseconds, avg over 1 iterations
RSA 2048 private         64.711 milliseconds, avg over 1 iterations

RSA 1024 key generation  318.755 milliseconds, avg over 5 iterations
RSA 2048 key generation  22648.396 milliseconds, avg over 5 iterations
DH  2048 key generation  23.119 milliseconds, avg over 1 iterations
DH  2048 key agreement   26.756 milliseconds, avg over 1 iterations

ECC  256 key generation   2.984 milliseconds, avg over 5 iterations
EC-DHE   key agreement    2.967 milliseconds, avg over 5 iterations
EC-DSA   sign   time      1.448 milliseconds, avg over 5 iterations
EC-DSA   verify time      3.304 milliseconds, avg over 5 iterations
ECC      encrypt          5.860 milliseconds, avg over 1 iterations
ECC      decrypt          6.360 milliseconds, avg over 1 iterations

CURVE25519 256 key generation  1.416 milliseconds, avg over 5 iterations
CURVE25519 key agreement       1.332 milliseconds, avg over 5 iterations

ED25519  key generation   0.320 milliseconds, avg over 5 iterations
ED25519  sign   time      0.595 milliseconds, avg over 5 iterations
ED25519  verify time      1.310 milliseconds, avg over 5 iterations
Benchmark Test: Return code 0

c wolfSSL Client

To configure the host address and port modify the TLS_HOST_REMOTE and TLS_PORT macros at top of wolfExamples.c. This example uses TLS 1.2 to connect to a remote host.

s wolfSSL Server

To configure the port to listen on modify TLS_PORT at top of wolfExamples.c.

l wolfSSL Localhost Server/Client

Starts a TLS server thread listening on localhost. Starts the TLS client and performs connect, exchanges some data and disconnects.

Waiting for a connection...
Client connected successfully
Using Non-Blocking I/O: 0
Message for server:     Client:

Received:       I hear ya fa shizzle!

The client has closed the connection.

References

For more information please contact info@wolfssl.com.