diff --git a/CMakeLists.txt b/CMakeLists.txt index 317aa9c8e8..dd0b7d4c0a 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -700,10 +700,8 @@ add_option(WOLFSSL_LMSSHA256192 if (WOLFSSL_LMS) list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_HAVE_LMS") - list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_WC_LMS") set_wolfssl_definitions("WOLFSSL_HAVE_LMS" RESULT) - set_wolfssl_definitions("WOLFSSL_WC_LMS" RESULT) if (WOLFSSL_LMSSHA256192) list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_LMS_SHA256_192") diff --git a/Docker/Dockerfile b/Docker/Dockerfile index 9ae6f1ec52..d5b4832110 100644 --- a/Docker/Dockerfile +++ b/Docker/Dockerfile @@ -34,10 +34,6 @@ RUN git clone --single-branch https://github.com/open-quantum-safe/liboqs.git && RUN mkdir /opt/sources -# install liblms -RUN cd /opt/sources && git clone --single-branch https://github.com/cisco/hash-sigs.git && cd hash-sigs && git checkout b0631b8891295bf2929e68761205337b7c031726 \ - && sed -i 's/USE_OPENSSL 1/USE_OPENSSL 0/g' sha256.h && make -j4 hss_lib_thread.a - # Install pkixssh to /opt/pkixssh for X509 interop testing with wolfSSH RUN mkdir /var/empty RUN cd /opt/sources && wget -q -O- https://roumenpetrov.info/secsh/src/pkixssh-15.1.tar.gz | tar xzf - && cd pkixssh-15.1 && ./configure --prefix=/opt/pkixssh/ --exec-prefix=/opt/pkixssh/ && make install diff --git a/IDE/INTIME-RTOS/Makefile b/IDE/INTIME-RTOS/Makefile index 3755c29205..3ec9ae7199 100644 --- a/IDE/INTIME-RTOS/Makefile +++ b/IDE/INTIME-RTOS/Makefile @@ -287,7 +287,6 @@ INCL_TARGS := wolfssl/callbacks.h \ wolfssl/wolfcrypt/integer.h \ wolfssl/wolfcrypt/kdf.h \ wolfssl/wolfcrypt/kyber.h \ - wolfssl/wolfcrypt/lms.h \ wolfssl/wolfcrypt/logging.h \ wolfssl/wolfcrypt/md2.h \ wolfssl/wolfcrypt/md4.h \ @@ -327,11 +326,12 @@ INCL_TARGS := wolfssl/callbacks.h \ wolfssl/wolfcrypt/visibility.h \ wolfssl/wolfcrypt/wc_encrypt.h \ wolfssl/wolfcrypt/wc_kyber.h \ + wolfssl/wolfcrypt/wc_lms.h \ wolfssl/wolfcrypt/wc_pkcs11.h \ wolfssl/wolfcrypt/wc_port.h \ + wolfssl/wolfcrypt/wc_xmss.h \ wolfssl/wolfcrypt/wolfevent.h \ wolfssl/wolfcrypt/wolfmath.h \ - wolfssl/wolfcrypt/xmss.h \ wolfssl/wolfcrypt/port/nrf51.h \ wolfssl/wolfcrypt/port/af_alg/afalg_hash.h \ wolfssl/wolfcrypt/port/af_alg/wc_afalg.h \ diff --git a/IDE/INTIME-RTOS/wolfssl-lib.vcxproj b/IDE/INTIME-RTOS/wolfssl-lib.vcxproj index 3c5bd1d8d5..5b4226af94 100644 --- a/IDE/INTIME-RTOS/wolfssl-lib.vcxproj +++ b/IDE/INTIME-RTOS/wolfssl-lib.vcxproj @@ -87,8 +87,6 @@ true - - diff --git a/INSTALL b/INSTALL index dc6e2908c1..3e362908b9 100644 --- a/INSTALL +++ b/INSTALL @@ -296,11 +296,7 @@ The wolfssl port in vcpkg is kept up to date by wolfSSL. We also have vcpkg ports for wolftpm, wolfmqtt and curl. -17. Building with hash-sigs lib for LMS/HSS support [EXPERIMENTAL] - - Deprecated. wolfSSL now has its own LMS/HSS implementation in wolfCrypt. - -18. Building for Debian, Ubuntu, Linux Mint, and derivatives +17. Building for Debian, Ubuntu, Linux Mint, and derivatives To generate a .deb package, configure wolfSSL with the desired configuration. Then run `make deb` to generate a Debian package @@ -309,7 +305,7 @@ We also have vcpkg ports for wolftpm, wolfmqtt and curl. resulting packages are placed in the root directory of the project. -19. Building for RHEL, Fedora, CentOS, SUSE, and openSUSE +18. Building for RHEL, Fedora, CentOS, SUSE, and openSUSE To generate a .rpm package, configure wolfSSL with the desired configuration. Then run `make rpm` to generate a .rpm package @@ -317,8 +313,3 @@ We also have vcpkg ports for wolftpm, wolfmqtt and curl. Docker container, use `make rpm-docker`. In both cases the resulting packages are placed in the root directory of the project. - -20. Building with xmss-reference lib for XMSS/XMSS^MT support [EXPERIMENTAL] - - Deprecated. wolfSSL now has its own XMMS/XMSS^MT implementation in - wolfCrypt. diff --git a/configure.ac b/configure.ac index 21ba1304a7..f8e9cc8129 100644 --- a/configure.ac +++ b/configure.ac @@ -1839,7 +1839,6 @@ do done # XMSS -ENABLED_WC_XMSS=no AC_ARG_ENABLE([xmss], [AS_HELP_STRING([--enable-xmss],[Enable stateful XMSS/XMSS^MT signatures (default: disabled)])], [ ENABLED_XMSS=$enableval ], @@ -1865,60 +1864,7 @@ do esac done -# libxmss -# Get the path to xmss-reference. -ENABLED_LIBXMSS="no" -trylibxmssdir="" -AC_ARG_WITH([libxmss], - [AS_HELP_STRING([--with-libxmss=PATH],[PATH to xmss-reference root dir. (requires --enable-experimental)!])], - [ - AS_IF([ test "$ENABLED_EXPERIMENTAL" != "yes" ],[ AC_MSG_ERROR([libxmss requires --enable-experimental.]) ]) - AC_MSG_CHECKING([for libxmss]) - - trylibxmssdir=$withval - - if test -e $trylibxmssdir; then - libxmss_linked=yes - else - AC_MSG_ERROR([libxmss isn't found. - If it's already installed, specify its path using --with-libxmss=/dir/]) - fi - if test "$XMSS_VERIFY_ONLY" = "yes"; then - if test -e $trylibxmssdir/xmss_verify_lib.a; then - CPPFLAGS="$AM_CPPFLAGS -DHAVE_LIBXMSS -I$trylibxmssdir" - LIB_STATIC_ADD="$LIB_STATIC_ADD $trylibxmssdir/xmss_verify_lib.a" - enable_shared=no - enable_static=yes - libxmss_linked=yes - else - AC_MSG_ERROR([xmss_verify_lib.a isn't found. - If it's already installed, specify its path using --with-libxmss=/dir/]) - fi - elif test -e $trylibxmssdir/xmss_lib.a; then - CPPFLAGS="$AM_CPPFLAGS -DHAVE_LIBXMSS -I$trylibxmssdir" - LIB_STATIC_ADD="$LIB_STATIC_ADD $trylibxmssdir/xmss_lib.a" - enable_shared=no - enable_static=yes - libxmss_linked=yes - else - AC_MSG_ERROR([libxmss isn't found. - If it's already installed, specify its path using --with-libxmss=/dir/]) - fi - - XMSS_ROOT=$trylibxmssdir - - AC_MSG_RESULT([yes]) - AM_CPPFLAGS="$CPPFLAGS" - - AM_CFLAGS="$AM_CFLAGS -DHAVE_LIBXMSS -I$trylibxmssdir" - ENABLED_LIBXMSS="yes" - AC_SUBST([XMSS_ROOT]) - ], - [XMSS_ROOT=""] -) - # LMS -ENABLED_WC_LMS=no AC_ARG_ENABLE([lms], [AS_HELP_STRING([--enable-lms],[Enable stateful LMS/HSS signatures (default: disabled)])], [ ENABLED_LMS=$enableval ], @@ -1953,74 +1899,6 @@ do esac done -# liblms -# Get the path to the hash-sigs LMS HSS lib. -ENABLED_LIBLMS="no" -tryliblmsdir="" -AC_ARG_WITH([liblms], - [AS_HELP_STRING([--with-liblms=PATH],[PATH to hash-sigs LMS/HSS install (default /usr/local) (requires --enable-experimental)!])], - [ - AS_IF([ test "$ENABLED_EXPERIMENTAL" != "yes" ],[ AC_MSG_ERROR([liblms requires --enable-experimental.]) ]) - AC_MSG_CHECKING([for liblms]) - - AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include ]], [[ param_set_t lm_type; param_set_t lm_ots_type; hss_get_public_key_len(4, &lm_type, &lm_ots_type); ]])], [ liblms_linked=yes ],[ liblms_linked=no ]) - - if test "x$liblms_linked" = "xno" ; then - if test "x$withval" != "xno" ; then - tryliblmsdir=$withval - fi - if test "x$withval" = "xyes" ; then - tryliblmsdir="/usr/local" - fi - - # 1. If verify only build, use hss_verify.a - # 2. If normal build, by default use single-threaded hss_lib.a - # 3. If 2 not found, then use the multi-threaded hss_lib_thread.a - if test "$LMS_VERIFY_ONLY" = "yes"; then - if test -e $tryliblmsdir/hss_verify.a; then - CPPFLAGS="$AM_CPPFLAGS -DHAVE_LIBLMS -I$tryliblmsdir" - LIB_STATIC_ADD="$LIB_STATIC_ADD $tryliblmsdir/hss_verify.a" - enable_shared=no - enable_static=yes - liblms_linked=yes - else - AC_MSG_ERROR([hss_verify.a isn't found. - If it's already installed, specify its path using --with-liblms=/dir/]) - fi - elif test -e $tryliblmsdir/hss_lib.a; then - CPPFLAGS="$AM_CPPFLAGS -DHAVE_LIBLMS -I$tryliblmsdir" - LIB_STATIC_ADD="$LIB_STATIC_ADD $tryliblmsdir/hss_lib.a" - enable_shared=no - enable_static=yes - liblms_linked=yes - elif test -e $tryliblmsdir/hss_lib_thread.a; then - CPPFLAGS="$AM_CPPFLAGS -DHAVE_LIBLMS -I$tryliblmsdir" - LIB_STATIC_ADD="$LIB_STATIC_ADD $tryliblmsdir/hss_lib_thread.a" - enable_shared=no - enable_static=yes - liblms_linked=yes - else - AC_MSG_ERROR([liblms isn't found. - If it's already installed, specify its path using --with-liblms=/dir/]) - fi - - if test "x$liblms_linked" = "xno" ; then - AC_MSG_ERROR([liblms isn't found. - If it's already installed, specify its path using --with-liblms=/dir/]) - fi - - AC_MSG_RESULT([yes]) - AM_CPPFLAGS="$CPPFLAGS" - AM_LDFLAGS="$LDFLAGS" - else - AC_MSG_RESULT([yes]) - fi - - AM_CFLAGS="$AM_CFLAGS -DHAVE_LIBLMS" - ENABLED_LIBLMS="yes" - ] -) - # SLH-DSA ENABLED_SLHDSA=yes AC_ARG_ENABLE([slhdsa], @@ -7539,28 +7417,12 @@ fi if test "$ENABLED_XMSS" != "no" then AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_XMSS" - - # Use hash-sigs XMSS lib if enabled. - if test "$ENABLED_LIBXMSS" = "yes"; then - ENABLED_WC_XMSS=no - else - ENABLED_WC_XMSS=yes - AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WC_XMSS" - fi fi # LMS CFLAG processing (after FIPS section for sandwich pattern) if test "$ENABLED_LMS" != "no" then AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_LMS" - - # Use hash-sigs LMS lib if enabled. - if test "$ENABLED_LIBLMS" = "yes"; then - ENABLED_WC_LMS=no - else - ENABLED_WC_LMS=yes - AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WC_LMS" - fi fi # SLH-DSA CFLAG processing (after FIPS section for sandwich pattern) @@ -12186,8 +12048,8 @@ AM_CONDITIONAL([BUILD_FE448], [test "x$ENABLED_FE448" = "xyes" || test "x$ENABLE AM_CONDITIONAL([BUILD_GE448], [test "x$ENABLED_GE448" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) AM_CONDITIONAL([BUILD_CURVE448],[test "x$ENABLED_CURVE448" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) AM_CONDITIONAL([BUILD_CURVE448_SMALL],[test "x$ENABLED_CURVE448_SMALL" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) -AM_CONDITIONAL([BUILD_WC_LMS],[test "x$ENABLED_WC_LMS" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"]) -AM_CONDITIONAL([BUILD_WC_XMSS],[test "x$ENABLED_WC_XMSS" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"]) +AM_CONDITIONAL([BUILD_WC_LMS],[test "x$ENABLED_LMS" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"]) +AM_CONDITIONAL([BUILD_WC_XMSS],[test "x$ENABLED_XMSS" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"]) AM_CONDITIONAL([BUILD_WC_SLHDSA],[test "x$ENABLED_SLHDSA" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"]) AM_CONDITIONAL([BUILD_WC_MLKEM],[test "x$ENABLED_WC_MLKEM" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"]) AM_CONDITIONAL([BUILD_DILITHIUM],[test "x$ENABLED_DILITHIUM" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"]) @@ -12238,8 +12100,6 @@ AM_CONDITIONAL([BUILD_OCSP_STAPLING_MULTI],[test "x$ENABLED_CERTIFICATE_STATUS_R AM_CONDITIONAL([BUILD_OCSP_STAPLING_V2],[test "x$ENABLED_CERTIFICATE_STATUS_REQUEST_V2" = "xyes"]) AM_CONDITIONAL([BUILD_CRL],[test "x$ENABLED_CRL" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"]) AM_CONDITIONAL([BUILD_CRL_MONITOR],[test "x$ENABLED_CRL_MONITOR" = "xyes"]) -AM_CONDITIONAL([BUILD_LIBLMS],[test "x$ENABLED_LIBLMS" = "xyes"]) -AM_CONDITIONAL([BUILD_LIBXMSS],[test "x$ENABLED_LIBXMSS" = "xyes"]) AM_CONDITIONAL([BUILD_LIBOQS],[test "x$ENABLED_LIBOQS" = "xyes"]) AM_CONDITIONAL([BUILD_WNR],[test "x$ENABLED_WNR" = "xyes"]) AM_CONDITIONAL([BUILD_SRP],[test "x$ENABLED_SRP" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) @@ -12741,12 +12601,7 @@ echo " * CURVE448: $ENABLED_CURVE448" echo " * ED448: $ENABLED_ED448" echo " * ED448 streaming: $ENABLED_ED448_STREAM" echo " * LMS: $ENABLED_LMS" -echo " * LMS wolfSSL impl: $ENABLED_WC_LMS" echo " * XMSS: $ENABLED_XMSS" -echo " * XMSS wolfSSL impl: $ENABLED_WC_XMSS" -if test "$ENABLED_LIBXMSS" = "yes"; then -echo " * XMSS_ROOT: $XMSS_ROOT" -fi echo " * SLH-DSA $ENABLED_SLHDSA" echo " * MLKEM: $ENABLED_MLKEM" echo " * MLKEM wolfSSL impl: $ENABLED_WC_MLKEM" @@ -12807,8 +12662,6 @@ echo " * Persistent session cache: $ENABLED_SAVESESSION" echo " * Persistent cert cache: $ENABLED_SAVECERT" echo " * Atomic User Record Layer: $ENABLED_ATOMICUSER" echo " * Public Key Callbacks: $ENABLED_PKCALLBACKS" -echo " * libxmss: $ENABLED_LIBXMSS" -echo " * liblms: $ENABLED_LIBLMS" echo " * liboqs: $ENABLED_LIBOQS" echo " * Whitewood netRandom: $ENABLED_WNR" echo " * Server Name Indication: $ENABLED_SNI" diff --git a/examples/configs/user_settings_pq.h b/examples/configs/user_settings_pq.h index b207cbd95b..752f34e861 100644 --- a/examples/configs/user_settings_pq.h +++ b/examples/configs/user_settings_pq.h @@ -105,7 +105,6 @@ extern "C" { /* ------------------------------------------------- */ #if 0 /* LMS signatures */ #define WOLFSSL_HAVE_LMS - #define WOLFSSL_WC_LMS #ifndef LMS_LEVELS #define LMS_LEVELS 2 #endif @@ -122,7 +121,6 @@ extern "C" { /* ------------------------------------------------- */ #if 0 /* XMSS signatures */ #define WOLFSSL_HAVE_XMSS - #define WOLFSSL_WC_XMSS #ifndef WOLFSSL_XMSS_MAX_HEIGHT #define WOLFSSL_XMSS_MAX_HEIGHT 20 #endif diff --git a/examples/configs/user_settings_wolfboot_keytools.h b/examples/configs/user_settings_wolfboot_keytools.h index 8c44d3f0f7..be97f5d3c5 100644 --- a/examples/configs/user_settings_wolfboot_keytools.h +++ b/examples/configs/user_settings_wolfboot_keytools.h @@ -131,7 +131,6 @@ extern "C" { #if 1 /* LMS */ #define WOLFSSL_HAVE_LMS - #define WOLFSSL_WC_LMS #ifndef LMS_LEVELS #define LMS_LEVELS 1 #endif @@ -145,7 +144,6 @@ extern "C" { #if 1 /* XMSS */ #define WOLFSSL_HAVE_XMSS - #define WOLFSSL_WC_XMSS #ifndef WOLFSSL_XMSS_MAX_HEIGHT #define WOLFSSL_XMSS_MAX_HEIGHT 32 #endif diff --git a/linuxkm/module_exports.c.template b/linuxkm/module_exports.c.template index ad2f07cac9..3b9fa73cb7 100644 --- a/linuxkm/module_exports.c.template +++ b/linuxkm/module_exports.c.template @@ -158,21 +158,11 @@ #endif #endif #if defined(WOLFSSL_HAVE_XMSS) - #include -#ifdef HAVE_LIBXMSS - #include -#else #include #endif -#endif #if defined(WOLFSSL_HAVE_LMS) - #include -#ifdef HAVE_LIBLMS - #include -#else #include #endif -#endif #ifdef HAVE_DILITHIUM #include #endif diff --git a/src/include.am b/src/include.am index 0ac8d62602..118aa7e54a 100644 --- a/src/include.am +++ b/src/include.am @@ -1984,14 +1984,6 @@ src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/ext_mlkem.c src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/liboqs/liboqs.c endif -if BUILD_LIBLMS -src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/ext_lms.c -endif - -if BUILD_LIBXMSS -src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/ext_xmss.c -endif - if BUILD_LIBZ src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/compress.c endif diff --git a/tests/api.c b/tests/api.c index 05a7688d7f..ee56e80f78 100644 --- a/tests/api.c +++ b/tests/api.c @@ -35539,11 +35539,9 @@ int stopOnFail = 0; int test_wc_LmsKey_sign_verify(void); int test_wc_LmsKey_reload_cache(void); -#if defined(WOLFSSL_HAVE_LMS) && defined(WOLFSSL_WC_LMS) && \ - !defined(WOLFSSL_LMS_VERIFY_ONLY) +#if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY) #include -#include #define LMS_TEST_PRIV_KEY_FILE "/tmp/wolfssl_test_lms.key" @@ -35596,7 +35594,7 @@ static int test_lms_init_key(LmsKey* key, WC_RNG* rng) return 0; } -#endif /* WOLFSSL_HAVE_LMS && WOLFSSL_WC_LMS && !WOLFSSL_LMS_VERIFY_ONLY */ +#endif /* WOLFSSL_HAVE_LMS && !WOLFSSL_LMS_VERIFY_ONLY */ /* * Test basic LMS sign/verify with multiple signings. @@ -35605,8 +35603,7 @@ static int test_lms_init_key(LmsKey* key, WC_RNG* rng) int test_wc_LmsKey_sign_verify(void) { EXPECT_DECLS; -#if defined(WOLFSSL_HAVE_LMS) && defined(WOLFSSL_WC_LMS) && \ - !defined(WOLFSSL_LMS_VERIFY_ONLY) +#if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY) LmsKey key; WC_RNG rng; byte msg[] = "test message for LMS signing"; @@ -35655,8 +35652,7 @@ int test_wc_LmsKey_sign_verify(void) int test_wc_LmsKey_reload_cache(void) { EXPECT_DECLS; -#if defined(WOLFSSL_HAVE_LMS) && defined(WOLFSSL_WC_LMS) && \ - !defined(WOLFSSL_LMS_VERIFY_ONLY) +#if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY) LmsKey key; LmsKey vkey; WC_RNG rng; diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c index 6b77af42e5..9cd4a73c77 100644 --- a/wolfcrypt/benchmark/benchmark.c +++ b/wolfcrypt/benchmark/benchmark.c @@ -178,20 +178,10 @@ #endif #endif #if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY) - #include - #ifdef HAVE_LIBLMS - #include - #else - #include - #endif + #include #endif #if defined(WOLFSSL_HAVE_XMSS) && !defined(WOLFSSL_XMSS_VERIFY_ONLY) - #include - #ifdef HAVE_LIBXMSS - #include - #else - #include - #endif + #include #endif #if defined(WOLFSSL_HAVE_SLHDSA) #include @@ -11894,10 +11884,8 @@ static void bench_lms_sign_verify(enum wc_LmsParm parm, byte* pub) #ifndef WOLFSSL_WC_LMS_SMALL do { - #ifdef WOLFSSL_WC_LMS key.priv.inited = 0; key.state = WC_LMS_STATE_PARMSET; - #endif ret = wc_LmsKey_Reload(&key); if (ret) { printf("wc_LmsKey_Reload failed: %d\n", ret); @@ -11918,9 +11906,6 @@ static void bench_lms_sign_verify(enum wc_LmsParm parm, byte* pub) printf("wc_LmsKey_GetPrivLen failed: %d\n", ret); goto exit_lms_sign_verify; } - #ifdef HAVE_LIBLMS - break; - #endif } while (bench_stats_check(start) #ifdef MULTI_VALUE_STATISTICS || runs < minimum_runs @@ -12039,7 +12024,7 @@ void bench_lms(void) #ifndef WOLFSSL_NO_LMS_SHA256_256 #ifdef BENCH_LMS_SLOW_KEYGEN -#if !defined(WOLFSSL_WC_LMS) || (LMS_MAX_HEIGHT >= 15) +#if (LMS_MAX_HEIGHT >= 15) bench_lms_keygen(WC_LMS_PARM_L1_H15_W2, pub); bench_lms_sign_verify(WC_LMS_PARM_L1_H15_W2, pub); bench_lms_keygen(WC_LMS_PARM_L1_H15_W4, pub); @@ -12048,8 +12033,7 @@ void bench_lms(void) #define LMS_PARAMS_BENCHED #endif #endif -#if !defined(WOLFSSL_WC_LMS) || ((LMS_MAX_LEVELS >= 2) && \ - (LMS_MAX_HEIGHT >= 10)) +#if (LMS_MAX_LEVELS >= 2) && (LMS_MAX_HEIGHT >= 10) bench_lms_keygen(WC_LMS_PARM_L2_H10_W2, pub); bench_lms_sign_verify(WC_LMS_PARM_L2_H10_W2, pub); bench_lms_keygen(WC_LMS_PARM_L2_H10_W4, pub); @@ -12061,7 +12045,7 @@ void bench_lms(void) bench_lms_sign_verify(WC_LMS_PARM_L2_H10_W8, pub); #endif #endif -#if !defined(WOLFSSL_WC_LMS) || (LMS_MAX_LEVELS >= 3) +#if (LMS_MAX_LEVELS >= 3) bench_lms_keygen(WC_LMS_PARM_L3_H5_W4, pub); bench_lms_sign_verify(WC_LMS_PARM_L3_H5_W4, pub); bench_lms_keygen(WC_LMS_PARM_L3_H5_W8, pub); @@ -12069,17 +12053,16 @@ void bench_lms(void) #undef LMS_PARAMS_BENCHED #define LMS_PARAMS_BENCHED #endif -#if !defined(WOLFSSL_WC_LMS) || ((LMS_MAX_LEVELS >= 3) && \ - (LMS_MAX_HEIGHT >= 10)) +#if (LMS_MAX_LEVELS >= 3) && (LMS_MAX_HEIGHT >= 10) bench_lms_keygen(WC_LMS_PARM_L3_H10_W4, pub); bench_lms_sign_verify(WC_LMS_PARM_L3_H10_W4, pub); #endif -#if !defined(WOLFSSL_WC_LMS) || (LMS_MAX_LEVELS >= 4) +#if (LMS_MAX_LEVELS >= 4) bench_lms_keygen(WC_LMS_PARM_L4_H5_W8, pub); bench_lms_sign_verify(WC_LMS_PARM_L4_H5_W8, pub); #endif -#if defined(WOLFSSL_WC_LMS) && !defined(LMS_PARAMS_BENCHED) +#ifndef LMS_PARAMS_BENCHED bench_lms_keygen(WC_LMS_PARM_L1_H5_W1, pub); bench_lms_sign_verify(WC_LMS_PARM_L1_H5_W1, pub); #endif @@ -12087,7 +12070,7 @@ void bench_lms(void) #ifdef WOLFSSL_LMS_SHA256_192 #ifdef BENCH_LMS_SLOW_KEYGEN -#if !defined(WOLFSSL_WC_LMS) || (LMS_MAX_HEIGHT >= 15) +#if (LMS_MAX_HEIGHT >= 15) bench_lms_keygen(WC_LMS_PARM_SHA256_192_L1_H15_W2, pub); bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L1_H15_W2, pub); bench_lms_keygen(WC_LMS_PARM_SHA256_192_L1_H15_W4, pub); @@ -12096,8 +12079,7 @@ void bench_lms(void) #define LMS_PARAMS_BENCHED #endif #endif -#if !defined(WOLFSSL_WC_LMS) || ((LMS_MAX_LEVELS >= 2) && \ - (LMS_MAX_HEIGHT >= 10)) +#if (LMS_MAX_LEVELS >= 2) && (LMS_MAX_HEIGHT >= 10) bench_lms_keygen(WC_LMS_PARM_SHA256_192_L2_H10_W2, pub); bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L2_H10_W2, pub); bench_lms_keygen(WC_LMS_PARM_SHA256_192_L2_H10_W4, pub); @@ -12109,7 +12091,7 @@ void bench_lms(void) bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L2_H10_W8, pub); #endif #endif -#if !defined(WOLFSSL_WC_LMS) || (LMS_MAX_LEVELS >= 3) +#if (LMS_MAX_LEVELS >= 3) bench_lms_keygen(WC_LMS_PARM_SHA256_192_L3_H5_W4, pub); bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L3_H5_W4, pub); bench_lms_keygen(WC_LMS_PARM_SHA256_192_L3_H5_W8, pub); @@ -12117,17 +12099,16 @@ void bench_lms(void) #undef LMS_PARAMS_BENCHED #define LMS_PARAMS_BENCHED #endif -#if !defined(WOLFSSL_WC_LMS) || ((LMS_MAX_LEVELS >= 3) && \ - (LMS_MAX_HEIGHT >= 10)) +#if (LMS_MAX_LEVELS >= 3) && (LMS_MAX_HEIGHT >= 10) bench_lms_keygen(WC_LMS_PARM_SHA256_192_L3_H10_W4, pub); bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L3_H10_W4, pub); #endif -#if !defined(WOLFSSL_WC_LMS) || (LMS_MAX_LEVELS >= 4) +#if (LMS_MAX_LEVELS >= 4) bench_lms_keygen(WC_LMS_PARM_SHA256_192_L4_H5_W8, pub); bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L4_H5_W8, pub); #endif -#if defined(WOLFSSL_WC_LMS) && !defined(LMS_PARAMS_BENCHED) +#ifndef LMS_PARAMS_BENCHED bench_lms_keygen(WC_LMS_PARM_SHA256_192_L1_H5_W1, pub); bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L1_H5_W1, pub); #endif @@ -12208,13 +12189,6 @@ static void bench_xmss_sign_verify(const char * params) printf("wc_XmssKey_GetPubLen failed: %d\n", ret); goto exit_xmss_sign_verify; } -#ifndef WOLFSSL_WC_XMSS - if (pkSz != XMSS_SHA256_PUBLEN) { - printf("error: xmss pub len: got %u, expected %d\n", pkSz, - XMSS_SHA256_PUBLEN); - goto exit_xmss_sign_verify; - } -#endif ret = wc_XmssKey_GetPrivLen(&key, &skSz); if (ret != 0 || skSz <= 0) { diff --git a/wolfcrypt/src/ext_lms.c b/wolfcrypt/src/ext_lms.c deleted file mode 100644 index a36fc6579f..0000000000 --- a/wolfcrypt/src/ext_lms.c +++ /dev/null @@ -1,1111 +0,0 @@ -/* ext_lms.c - * - * Copyright (C) 2006-2026 wolfSSL Inc. - * - * This file is part of wolfSSL. - * - * wolfSSL is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * wolfSSL is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA - */ - -#include - -#if defined(WOLFSSL_HAVE_LMS) && defined(HAVE_LIBLMS) - -#include - -#ifdef NO_INLINE - #include -#else - #define WOLFSSL_MISC_INCLUDED - #include -#endif - -#ifndef WOLFSSL_LMS_VERIFY_ONLY -/* If built against hss_lib_thread.a, the hash-sigs lib will spawn - * worker threads to parallelize cpu intensive tasks. This will mainly - * speedup key generation and signing, and to a lesser extent - * verifying for larger levels values. - * - * Their default max is 16 worker threads, but can be capped with - * hss_extra_info_set_threads(). To be safe we are capping at 4 here. - * */ -#define EXT_LMS_MAX_THREADS (4) - -/* The hash-sigs hss_generate_private_key API requires a generate_random - * callback that only has output and length args. The RNG struct must be global - * to the function. Maybe there should be a wc_LmsKey_SetRngCb. */ -static THREAD_LS_T WC_RNG * LmsRng = NULL; - -static bool LmsGenerateRand(void * output, size_t length) -{ - int ret = 0; - - if (output == NULL || LmsRng == NULL) { - return false; - } - - if (length == 0) { - return true; - } - - ret = wc_RNG_GenerateBlock(LmsRng, output, (word32) length); - - if (ret) { - WOLFSSL_MSG("error: LmsGenerateRand failed"); - return false; - } - - return true; -} - -/* Write callback passed into hash-sigs hss lib. - * - * Returns true on success. */ -static bool LmsWritePrivKey(unsigned char *private_key, - size_t len_private_key, void *lmsKey) -{ - LmsKey * key = (LmsKey *) lmsKey; - enum wc_LmsRc ret = WC_LMS_RC_NONE; - - if (private_key == NULL || key == NULL || len_private_key <= 0) { - WOLFSSL_MSG("error: LmsWritePrivKey: invalid args"); - return false; - } - - if (key->state != WC_LMS_STATE_PARMSET && key->state != WC_LMS_STATE_OK) { - /* The LmsKey is not ready for writing. */ - WOLFSSL_MSG("error: LmsWritePrivKey: LMS key not in writeable state"); - return false; - } - - if (key->write_private_key == NULL) { - WOLFSSL_MSG("error: LmsWritePrivKey: LMS key write callback not set"); - key->state = WC_LMS_STATE_BAD; - return false; - } - - /* Use write callback that saves private key to non-volatile storage. */ - ret = key->write_private_key(private_key, (word32)len_private_key, - key->context); - - if (ret != WC_LMS_RC_SAVED_TO_NV_MEMORY) { - WOLFSSL_MSG("error: LmsKey write_private_key failed"); - WOLFSSL_MSG(wc_LmsKey_RcToStr(ret)); - key->state = WC_LMS_STATE_BAD; - return false; - } - - return true; -} - -/* Read callback passed into hash-sigs hss lib. - * - * Returns true on success. */ -static bool LmsReadPrivKey(unsigned char *private_key, - size_t len_private_key, void *lmsKey) -{ - LmsKey * key = (LmsKey *) lmsKey; - enum wc_LmsRc ret = WC_LMS_RC_NONE; - - if (private_key == NULL || key == NULL || len_private_key <= 0) { - WOLFSSL_MSG("error: LmsReadPrivKey: invalid args"); - return false; - } - - if (key->state != WC_LMS_STATE_PARMSET && key->state != WC_LMS_STATE_OK) { - /* The LmsKey is not ready for reading. */ - WOLFSSL_MSG("error: LmsReadPrivKey: LMS key not in readable state"); - return false; - } - - if (key->read_private_key == NULL) { - WOLFSSL_MSG("error: LmsReadPrivKey: LMS key read callback not set"); - key->state = WC_LMS_STATE_BAD; - return false; - } - - /* Use read callback that reads private key from non-volatile storage. */ - ret = key->read_private_key(private_key, (word32)len_private_key, - key->context); - - if (ret != WC_LMS_RC_READ_TO_MEMORY) { - WOLFSSL_MSG("error: LmsKey read_private_key failed"); - WOLFSSL_MSG(wc_LmsKey_RcToStr(ret)); - key->state = WC_LMS_STATE_BAD; - return false; - } - - return true; -} -#endif /* ifndef WOLFSSL_LMS_VERIFY_ONLY */ - -const char * wc_LmsKey_ParmToStr(enum wc_LmsParm lmsParm) -{ - switch (lmsParm) { - case WC_LMS_PARM_NONE: - return "LMS/HSS NONE"; - case WC_LMS_PARM_L1_H5_W1: - return "LMS/HSS L1_H5_W1"; - case WC_LMS_PARM_L1_H5_W2: - return "LMS/HSS L1_H5_W2"; - case WC_LMS_PARM_L1_H5_W4: - return "LMS/HSS L1_H5_W4"; - case WC_LMS_PARM_L1_H5_W8: - return "LMS/HSS L1_H5_W8"; - case WC_LMS_PARM_L1_H10_W2: - return "LMS/HSS L1_H10_W2"; - case WC_LMS_PARM_L1_H10_W4: - return "LMS/HSS L1_H10_W4"; - case WC_LMS_PARM_L1_H10_W8: - return "LMS/HSS L1_H10_W8"; - case WC_LMS_PARM_L1_H15_W2: - return "LMS/HSS L1_H15_W2"; - case WC_LMS_PARM_L1_H15_W4: - return "LMS/HSS L1_H15_W4"; - case WC_LMS_PARM_L1_H15_W8: - return "LMS/HSS L1_H15_W8"; - case WC_LMS_PARM_L1_H20_W2: - return "LMS/HSS L1_H20_W2"; - case WC_LMS_PARM_L1_H20_W4: - return "LMS/HSS L1_H20_W4"; - case WC_LMS_PARM_L1_H20_W8: - return "LMS/HSS L1_H20_W8"; - case WC_LMS_PARM_L2_H5_W2: - return "LMS/HSS L2_H5_W2"; - case WC_LMS_PARM_L2_H5_W4: - return "LMS/HSS L2_H5_W4"; - case WC_LMS_PARM_L2_H5_W8: - return "LMS/HSS L2_H5_W8"; - case WC_LMS_PARM_L2_H10_W2: - return "LMS/HSS L2_H10_W2"; - case WC_LMS_PARM_L2_H10_W4: - return "LMS/HSS L2_H10_W4"; - case WC_LMS_PARM_L2_H10_W8: - return "LMS/HSS L2_H10_W8"; - case WC_LMS_PARM_L2_H15_W2: - return "LMS/HSS L2_H15_W2"; - case WC_LMS_PARM_L2_H15_W4: - return "LMS/HSS L2_H15_W4"; - case WC_LMS_PARM_L2_H15_W8: - return "LMS/HSS L2_H15_W8"; - case WC_LMS_PARM_L2_H20_W2: - return "LMS/HSS L2_H20_W2"; - case WC_LMS_PARM_L2_H20_W4: - return "LMS/HSS L2_H20_W4"; - case WC_LMS_PARM_L2_H20_W8: - return "LMS/HSS L2_H20_W8"; - case WC_LMS_PARM_L3_H5_W2: - return "LMS/HSS L3_H5_W2"; - case WC_LMS_PARM_L3_H5_W4: - return "LMS/HSS L3_H5_W4"; - case WC_LMS_PARM_L3_H5_W8: - return "LMS/HSS L3_H5_W8"; - case WC_LMS_PARM_L3_H10_W4: - return "LMS/HSS L3_H10_W4"; - case WC_LMS_PARM_L3_H10_W8: - return "LMS/HSS L3_H10_W8"; - case WC_LMS_PARM_L4_H5_W2: - return "LMS/HSS L4_H5_W2"; - case WC_LMS_PARM_L4_H5_W4: - return "LMS/HSS L4_H5_W4"; - case WC_LMS_PARM_L4_H5_W8: - return "LMS/HSS L4_H5_W8"; - case WC_LMS_PARM_L4_H10_W4: - return "LMS/HSS L4_H10_W4"; - case WC_LMS_PARM_L4_H10_W8: - return "LMS/HSS L4_H10_W8"; - case WC_LMS_PARM_L1_H25_W1: - return "LMS/HSS L1_H25_W1"; - case WC_LMS_PARM_L1_H25_W2: - return "LMS/HSS L1_H25_W2"; - case WC_LMS_PARM_L1_H25_W4: - return "LMS/HSS L1_H25_W4"; - case WC_LMS_PARM_L1_H25_W8: - return "LMS/HSS L1_H25_W8"; - case WC_LMS_PARM_L1_H10_W1: - return "LMS/HSS L1_H10_W1"; - case WC_LMS_PARM_L1_H15_W1: - return "LMS/HSS L1_H15_W1"; - case WC_LMS_PARM_L1_H20_W1: - return "LMS/HSS L1_H20_W1"; - default: - WOLFSSL_MSG("error: invalid LMS parameter"); - break; - } - - return "LMS_INVALID"; -} - -const char * wc_LmsKey_RcToStr(enum wc_LmsRc lmsEc) -{ - switch (lmsEc) { - case WC_LMS_RC_NONE: - return "LMS_RC_NONE"; - - case WC_LMS_RC_BAD_ARG: - return "LMS_RC_BAD_ARG"; - - case WC_LMS_RC_WRITE_FAIL: - return "LMS_RC_WRITE_FAIL"; - - case WC_LMS_RC_READ_FAIL: - return "LMS_RC_READ_FAIL"; - - case WC_LMS_RC_SAVED_TO_NV_MEMORY: - return "LMS_RC_SAVED_TO_NV_MEMORY"; - - case WC_LMS_RC_READ_TO_MEMORY: - return "LMS_RC_READ_TO_MEMORY"; - - default: - WOLFSSL_MSG("error: invalid LMS error code"); - break; - } - - return "LMS_RC_INVALID"; -} - -/* Init an LMS key. - * - * Call this before setting the params of an LMS key. - * - * Returns 0 on success. - * */ -int wc_LmsKey_Init(LmsKey * key, void * heap, int devId) -{ - if (key == NULL) { - return BAD_FUNC_ARG; - } - - (void) heap; - (void) devId; - - ForceZero(key, sizeof(LmsKey)); - -#ifndef WOLFSSL_LMS_VERIFY_ONLY - hss_init_extra_info(&key->info); - /* Set the max number of worker threads that hash-sigs can spawn. */ - hss_extra_info_set_threads(&key->info, EXT_LMS_MAX_THREADS); - - key->working_key = NULL; - key->write_private_key = NULL; - key->read_private_key = NULL; - key->context = NULL; -#endif /* ifndef WOLFSSL_LMS_VERIFY_ONLY */ - key->state = WC_LMS_STATE_INITED; - - return 0; -} - -/* Set the wc_LmsParm of an LMS key. - * - * Use this if you wish to set a key with a predefined parameter set, - * such as WC_LMS_PARM_L2_H10_W8. - * - * Key must be inited before calling this. - * - * Returns 0 on success. - * */ -int wc_LmsKey_SetLmsParm(LmsKey * key, enum wc_LmsParm lmsParm) -{ - if (key == NULL) { - return BAD_FUNC_ARG; - } - - /* If NONE is passed, default to the lowest predefined set. */ - switch (lmsParm) { - case WC_LMS_PARM_NONE: - case WC_LMS_PARM_L1_H5_W1: - return wc_LmsKey_SetParameters(key, 1, 5, 1); - case WC_LMS_PARM_L1_H5_W2: - return wc_LmsKey_SetParameters(key, 1, 5, 2); - case WC_LMS_PARM_L1_H5_W4: - return wc_LmsKey_SetParameters(key, 1, 5, 4); - case WC_LMS_PARM_L1_H5_W8: - return wc_LmsKey_SetParameters(key, 1, 5, 8); - case WC_LMS_PARM_L1_H10_W2: - return wc_LmsKey_SetParameters(key, 1, 10, 2); - case WC_LMS_PARM_L1_H10_W4: - return wc_LmsKey_SetParameters(key, 1, 10, 4); - case WC_LMS_PARM_L1_H10_W8: - return wc_LmsKey_SetParameters(key, 1, 10, 8); - case WC_LMS_PARM_L1_H15_W2: - return wc_LmsKey_SetParameters(key, 1, 15, 2); - case WC_LMS_PARM_L1_H15_W4: - return wc_LmsKey_SetParameters(key, 1, 15, 4); - case WC_LMS_PARM_L1_H15_W8: - return wc_LmsKey_SetParameters(key, 1, 15, 8); - case WC_LMS_PARM_L1_H20_W2: - return wc_LmsKey_SetParameters(key, 1, 20, 2); - case WC_LMS_PARM_L1_H20_W4: - return wc_LmsKey_SetParameters(key, 1, 20, 4); - case WC_LMS_PARM_L1_H20_W8: - return wc_LmsKey_SetParameters(key, 1, 20, 8); - case WC_LMS_PARM_L2_H5_W2: - return wc_LmsKey_SetParameters(key, 2, 5, 2); - case WC_LMS_PARM_L2_H5_W4: - return wc_LmsKey_SetParameters(key, 2, 5, 4); - case WC_LMS_PARM_L2_H5_W8: - return wc_LmsKey_SetParameters(key, 2, 5, 8); - case WC_LMS_PARM_L2_H10_W2: - return wc_LmsKey_SetParameters(key, 2, 10, 2); - case WC_LMS_PARM_L2_H10_W4: - return wc_LmsKey_SetParameters(key, 2, 10, 4); - case WC_LMS_PARM_L2_H10_W8: - return wc_LmsKey_SetParameters(key, 2, 10, 8); - case WC_LMS_PARM_L2_H15_W2: - return wc_LmsKey_SetParameters(key, 2, 15, 2); - case WC_LMS_PARM_L2_H15_W4: - return wc_LmsKey_SetParameters(key, 2, 15, 4); - case WC_LMS_PARM_L2_H15_W8: - return wc_LmsKey_SetParameters(key, 2, 15, 8); - case WC_LMS_PARM_L2_H20_W2: - return wc_LmsKey_SetParameters(key, 2, 20, 2); - case WC_LMS_PARM_L2_H20_W4: - return wc_LmsKey_SetParameters(key, 2, 20, 4); - case WC_LMS_PARM_L2_H20_W8: - return wc_LmsKey_SetParameters(key, 2, 20, 8); - case WC_LMS_PARM_L3_H5_W2: - return wc_LmsKey_SetParameters(key, 3, 5, 2); - case WC_LMS_PARM_L3_H5_W4: - return wc_LmsKey_SetParameters(key, 3, 5, 4); - case WC_LMS_PARM_L3_H5_W8: - return wc_LmsKey_SetParameters(key, 3, 5, 8); - case WC_LMS_PARM_L3_H10_W4: - return wc_LmsKey_SetParameters(key, 3, 10, 4); - case WC_LMS_PARM_L3_H10_W8: - return wc_LmsKey_SetParameters(key, 3, 10, 8); - case WC_LMS_PARM_L4_H5_W2: - return wc_LmsKey_SetParameters(key, 4, 5, 2); - case WC_LMS_PARM_L4_H5_W4: - return wc_LmsKey_SetParameters(key, 4, 5, 4); - case WC_LMS_PARM_L4_H5_W8: - return wc_LmsKey_SetParameters(key, 4, 5, 8); - case WC_LMS_PARM_L4_H10_W4: - return wc_LmsKey_SetParameters(key, 4, 10, 4); - case WC_LMS_PARM_L4_H10_W8: - return wc_LmsKey_SetParameters(key, 4, 10, 8); - case WC_LMS_PARM_L1_H25_W1: - return wc_LmsKey_SetParameters(key, 1, 25, 1); - case WC_LMS_PARM_L1_H25_W2: - return wc_LmsKey_SetParameters(key, 1, 25, 2); - case WC_LMS_PARM_L1_H25_W4: - return wc_LmsKey_SetParameters(key, 1, 25, 4); - case WC_LMS_PARM_L1_H25_W8: - return wc_LmsKey_SetParameters(key, 1, 25, 8); - case WC_LMS_PARM_L1_H10_W1: - return wc_LmsKey_SetParameters(key, 1, 10, 1); - case WC_LMS_PARM_L1_H15_W1: - return wc_LmsKey_SetParameters(key, 1, 15, 1); - case WC_LMS_PARM_L1_H20_W1: - return wc_LmsKey_SetParameters(key, 1, 20, 1); - default: - WOLFSSL_MSG("error: invalid LMS parameter set"); - break; - } - - return BAD_FUNC_ARG; -} - -/* Set the parameters of an LMS key. - * - * Use this if you wish to set specific parameters not found in the - * wc_LmsParm predefined sets. See comments in lms.h for allowed - * parameters. - * - * Key must be inited before calling this. - * - * Returns 0 on success. - * */ -int wc_LmsKey_SetParameters(LmsKey * key, int levels, int height, - int winternitz) -{ - int i = 0; - param_set_t lm = LMS_SHA256_N32_H5; - param_set_t ots = LMOTS_SHA256_N32_W1; - - if (key == NULL) { - return BAD_FUNC_ARG; - } - - if (key->state != WC_LMS_STATE_INITED) { - WOLFSSL_MSG("error: LmsKey needs init"); - return -1; - } - - /* Verify inputs make sense. - * - * Note: there does not seem to be a define for min or - * max Winternitz integer in hash-sigs lib or RFC8554. */ - - if (levels < MIN_HSS_LEVELS || levels > MAX_HSS_LEVELS) { - WOLFSSL_MSG("error: invalid level parameter"); - return BAD_FUNC_ARG; - } - - if (height < MIN_MERKLE_HEIGHT || height > MAX_MERKLE_HEIGHT) { - WOLFSSL_MSG("error: invalid height parameter"); - return BAD_FUNC_ARG; - } - - switch (height) { - case 5: - lm = LMS_SHA256_N32_H5; - break; - case 10: - lm = LMS_SHA256_N32_H10; - break; - case 15: - lm = LMS_SHA256_N32_H15; - break; - case 20: - lm = LMS_SHA256_N32_H20; - break; - case 25: - lm = LMS_SHA256_N32_H25; - break; - default: - WOLFSSL_MSG("error: invalid height parameter"); - return BAD_FUNC_ARG; - } - - switch (winternitz) { - case 1: - ots = LMOTS_SHA256_N32_W1; - break; - case 2: - ots = LMOTS_SHA256_N32_W2; - break; - case 4: - ots = LMOTS_SHA256_N32_W4; - break; - case 8: - ots = LMOTS_SHA256_N32_W8; - break; - default: - WOLFSSL_MSG("error: invalid winternitz parameter"); - return BAD_FUNC_ARG; - } - - key->levels = levels; - - for (i = 0; i < levels; ++i) { - key->lm_type[i] = lm; - key->lm_ots_type[i] = ots; - } - - /* Move the state to params set. - * Key is ready for MakeKey or Reload. */ - key->state = WC_LMS_STATE_PARMSET; - - return 0; -} - -/* Get the parameters of an LMS key. - * - * Key must be inited and parameters set before calling this. - * - * Returns 0 on success. - * */ -int wc_LmsKey_GetParameters(const LmsKey * key, int * levels, int * height, - int * winternitz) -{ - if (key == NULL || levels == NULL || height == NULL || winternitz == NULL) { - return BAD_FUNC_ARG; - } - - /* This shouldn't happen, but check the LmsKey parameters aren't invalid. */ - - if (key->levels < MIN_HSS_LEVELS || key->levels > MAX_HSS_LEVELS) { - WOLFSSL_MSG("error: LmsKey invalid level parameter"); - return -1; - } - - *levels = key->levels; - - switch (key->lm_type[0]) { - case LMS_SHA256_N32_H5: - *height = 5; - break; - case LMS_SHA256_N32_H10: - *height = 10; - break; - case LMS_SHA256_N32_H15: - *height = 15; - break; - case LMS_SHA256_N32_H20: - *height = 20; - break; - case LMS_SHA256_N32_H25: - *height = 25; - break; - default: - WOLFSSL_MSG("error: LmsKey invalid height parameter"); - return -1; - } - - switch (key->lm_ots_type[0]) { - case LMOTS_SHA256_N32_W1: - *winternitz = 1; - break; - case LMOTS_SHA256_N32_W2: - *winternitz = 2; - break; - case LMOTS_SHA256_N32_W4: - *winternitz = 4; - break; - case LMOTS_SHA256_N32_W8: - *winternitz = 8; - break; - default: - WOLFSSL_MSG("error: LmsKey invalid winternitz parameter"); - return -1; - } - - return 0; -} - -/* Frees the LMS key from memory. - * - * This does not affect the private key saved to non-volatile storage. - * */ -void wc_LmsKey_Free(LmsKey* key) -{ - if (key == NULL) { - return; - } - -#ifndef WOLFSSL_LMS_VERIFY_ONLY - if (key->working_key != NULL) { - hss_free_working_key(key->working_key); - key->working_key = NULL; - } -#endif /* ifndef WOLFSSL_LMS_VERIFY_ONLY */ - - ForceZero(key, sizeof(LmsKey)); - - key->state = WC_LMS_STATE_FREED; - - return; -} - -#ifndef WOLFSSL_LMS_VERIFY_ONLY -/* Set the write private key callback to the LMS key structure. - * - * The callback must be able to write/update the private key to - * non-volatile storage. - * - * Returns 0 on success. - * */ -int wc_LmsKey_SetWriteCb(LmsKey * key, wc_lms_write_private_key_cb write_cb) -{ - if (key == NULL || write_cb == NULL) { - return BAD_FUNC_ARG; - } - - /* Changing the write callback of an already working key is forbidden. */ - if (key->state == WC_LMS_STATE_OK) { - WOLFSSL_MSG("error: wc_LmsKey_SetWriteCb: key in use"); - return -1; - } - - key->write_private_key = write_cb; - - return 0; -} - -/* Set the read private key callback to the LMS key structure. - * - * The callback must be able to read the private key from - * non-volatile storage. - * - * Returns 0 on success. - * */ -int wc_LmsKey_SetReadCb(LmsKey * key, wc_lms_read_private_key_cb read_cb) -{ - if (key == NULL || read_cb == NULL) { - return BAD_FUNC_ARG; - } - - /* Changing the read callback of an already working key is forbidden. */ - if (key->state == WC_LMS_STATE_OK) { - WOLFSSL_MSG("error: wc_LmsKey_SetReadCb: key in use"); - return -1; - } - - key->read_private_key = read_cb; - - return 0; -} - -/* Sets the context to be used by write and read callbacks. - * - * E.g. this could be a filename if the callbacks write/read to file. - * - * Returns 0 on success. - * */ -int wc_LmsKey_SetContext(LmsKey * key, void * context) -{ - if (key == NULL || context == NULL) { - return BAD_FUNC_ARG; - } - - /* Setting context of an already working key is forbidden. */ - if (key->state == WC_LMS_STATE_OK) { - WOLFSSL_MSG("error: wc_LmsKey_SetContext: key in use"); - return -1; - } - - key->context = context; - - return 0; -} - -/* Make the LMS private/public key pair. The key must have its parameters - * set before calling this. - * - * Write/read callbacks, and context data, must be set prior. - * Key must have parameters set. - * - * Returns 0 on success. - * */ -int wc_LmsKey_MakeKey(LmsKey* key, WC_RNG * rng) -{ - bool result = true; - - if (key == NULL || rng == NULL) { - return BAD_FUNC_ARG; - } - - if (key->state != WC_LMS_STATE_PARMSET) { - WOLFSSL_MSG("error: LmsKey not ready for generation"); - return -1; - } - - if (key->write_private_key == NULL || key->read_private_key == NULL) { - WOLFSSL_MSG("error: LmsKey write/read callbacks are not set"); - return -1; - } - - if (key->context == NULL) { - WOLFSSL_MSG("error: LmsKey context is not set"); - return -1; - } - - LmsRng = rng; - - /* TODO: The hash-sigs lib allows you to save variable length auxiliary - * data, which can be used to speed up key reloading when signing. The - * aux data can be 300B - 1KB in size. - * - * Not implemented at the moment. - * - * key->aux_data_len = hss_get_aux_data_len(AUX_DATA_MAX_LEN, key->levels, - * key->lm_type, - * key->lm_ots_type); - * - * key->aux_data = XMALLOC(key->aux_data_len, NULL, - * DYNAMIC_TYPE_TMP_BUFFER); - */ - - /* First generate the private key using the parameters and callbacks. - * If successful, private key will be saved to non-volatile storage, - * and the public key will be in memory. */ - result = hss_generate_private_key(LmsGenerateRand, key->levels, - key->lm_type, key->lm_ots_type, - LmsWritePrivKey, key, - key->pub, sizeof(key->pub), - NULL, 0, &key->info); - - if (!result) { - WOLFSSL_MSG("error: hss_generate_private_key failed"); - key->state = WC_LMS_STATE_BAD; - return -1; - } - - /* Once generated, now we must load the private key so we have - * an hss working key for signing operations. */ - key->working_key = hss_load_private_key(LmsReadPrivKey, key, - 0, NULL, 0, &key->info); - - if (key->working_key == NULL) { - WOLFSSL_MSG("error: hss_load_private_key failed"); - key->state = WC_LMS_STATE_BAD; - return -1; - } - - /* This should not happen, but check just in case. */ - if (wc_LmsKey_SigsLeft(key) == 0) { - WOLFSSL_MSG("error: generated LMS key signatures exhausted"); - key->state = WC_LMS_STATE_NOSIGS; - return -1; - } - - key->state = WC_LMS_STATE_OK; - - return 0; -} - -/* Reload a key that has been prepared with the appropriate params and - * data. Use this if you wish to resume signing with an existing key. - * - * Write/read callbacks, and context data, must be set prior. - * Key must have parameters set. - * - * Returns 0 on success. */ -int wc_LmsKey_Reload(LmsKey * key) -{ - bool result = true; - - if (key == NULL) { - return BAD_FUNC_ARG; - } - - if (key->state != WC_LMS_STATE_PARMSET) { - WOLFSSL_MSG("error: LmsKey not ready for reload"); - return -1; - } - - if (key->write_private_key == NULL || key->read_private_key == NULL) { - WOLFSSL_MSG("error: LmsKey write/read callbacks are not set"); - return -1; - } - - if (key->context == NULL) { - WOLFSSL_MSG("error: LmsKey context is not set"); - return -1; - } - - key->working_key = hss_load_private_key(LmsReadPrivKey, key, - 0, NULL, 0, &key->info); - - if (key->working_key == NULL) { - WOLFSSL_MSG("error: hss_load_private_key failed"); - key->state = WC_LMS_STATE_BAD; - return -1; - } - - result = hss_get_parameter_set(&key->levels, key->lm_type, - key->lm_ots_type, LmsReadPrivKey, key); - - if (!result) { - WOLFSSL_MSG("error: hss_get_parameter_set failed"); - key->state = WC_LMS_STATE_BAD; - hss_free_working_key(key->working_key); - key->working_key = NULL; - return -1; - } - - /* Double check the key actually has signatures left. */ - if (wc_LmsKey_SigsLeft(key) == 0) { - WOLFSSL_MSG("error: reloaded LMS key signatures exhausted"); - key->state = WC_LMS_STATE_NOSIGS; - return -1; - } - - key->state = WC_LMS_STATE_OK; - - return 0; -} - -/* Given a levels, height, winternitz parameter set, determine - * the private key length */ -int wc_LmsKey_GetPrivLen(const LmsKey * key, word32 * len) -{ - if (key == NULL || len == NULL) { - return BAD_FUNC_ARG; - } - - *len = (word32) hss_get_private_key_len(key->levels, key->lm_type, - key->lm_ots_type); - - return 0; -} - -int wc_LmsKey_Sign(LmsKey* key, byte * sig, word32 * sigSz, const byte * msg, - int msgSz) -{ - bool result = true; - size_t len = 0; - - if (key == NULL || sig == NULL || sigSz == NULL || msg == NULL) { - return BAD_FUNC_ARG; - } - - if (msgSz <= 0) { - return BAD_FUNC_ARG; - } - - if (key->state == WC_LMS_STATE_NOSIGS) { - WOLFSSL_MSG("error: LMS signatures exhausted"); - return -1; - } - else if (key->state != WC_LMS_STATE_OK) { - /* The key had an error the last time it was used, and we - * can't guarantee its state. */ - WOLFSSL_MSG("error: can't sign, LMS key not in good state"); - return -1; - } - - len = hss_get_signature_len(key->levels, key->lm_type, key->lm_ots_type); - - if (len == 0) { - /* Key parameters are invalid. */ - WOLFSSL_MSG("error: hss_get_signature_len failed"); - key->state = WC_LMS_STATE_BAD; - return -1; - } - - if ((size_t)*sigSz < len) { - /* Signature buffer too small. */ - WOLFSSL_MSG("error: LMS sig buffer too small"); - return BUFFER_E; - } - - if (key->write_private_key == NULL) { - WOLFSSL_MSG("error: LmsKey write/read callbacks are not set"); - return BAD_FUNC_ARG; - } - - if (key->context == NULL) { - WOLFSSL_MSG("error: LmsKey context is not set"); - return BAD_FUNC_ARG; - } - - result = hss_generate_signature(key->working_key, LmsWritePrivKey, - key, (const void *) msg, msgSz, - sig, len, &key->info); - - if (!result) { - /* Erase any partial signature to prevent OTS key reuse if state - * is rolled back. */ - ForceZero(sig, len); - - if (wc_LmsKey_SigsLeft(key) == 0) { - WOLFSSL_MSG("error: LMS signatures exhausted"); - key->state = WC_LMS_STATE_NOSIGS; - return -1; - } - - WOLFSSL_MSG("error: hss_generate_signature failed"); - key->state = WC_LMS_STATE_BAD; - return -1; - } - - *sigSz = (word32) len; - - return 0; -} - -/* Returns 1 if there are signatures remaining. - * Returns 0 if available signatures are exhausted. - * - * Note: the number of remaining signatures is hidden behind an opaque - * pointer in the hash-sigs lib. We could add a counter here that is - * decremented on every signature. The number of available signatures - * grows as - * N = 2 ** (levels * height) - * so it would need to be a big integer. */ -int wc_LmsKey_SigsLeft(LmsKey * key) -{ - if (key == NULL) { - return BAD_FUNC_ARG; - } - - if (hss_extra_info_test_last_signature(&key->info)) { - return 0; - } - - return 1; -} - -#endif /* ifndef WOLFSSL_LMS_VERIFY_ONLY*/ - -/* Given a levels, height, winternitz parameter set, determine - * the public key length */ -int wc_LmsKey_GetPubLen(const LmsKey * key, word32 * len) -{ - if (key == NULL || len == NULL) { - return BAD_FUNC_ARG; - } - - *len = (word32) hss_get_public_key_len(key->levels, key->lm_type, - key->lm_ots_type); - - return 0; -} - -/* Export a generated public key and parameter set from one LmsKey - * to another. Use this to prepare a signature verification LmsKey - * that is pub only. - * - * Though the public key is all that is used to verify signatures, - * the parameter set is needed to calculate the signature length - * before hand. */ -int wc_LmsKey_ExportPub(LmsKey * keyDst, const LmsKey * keySrc) -{ - if (keyDst == NULL || keySrc == NULL) { - return BAD_FUNC_ARG; - } - - ForceZero(keyDst, sizeof(LmsKey)); - - XMEMCPY(keyDst->pub, keySrc->pub, sizeof(keySrc->pub)); - XMEMCPY(keyDst->lm_type, keySrc->lm_type, sizeof(keySrc->lm_type)); - XMEMCPY(keyDst->lm_ots_type, keySrc->lm_ots_type, - sizeof(keySrc->lm_ots_type)); - - keyDst->levels = keySrc->levels; - - /* Mark this key as verify only, to prevent misuse. */ - keyDst->state = WC_LMS_STATE_VERIFYONLY; - - return 0; -} - -/* Exports the raw LMS public key buffer from key to out buffer. - * The out buffer should be large enough to hold the public key, and - * outLen should indicate the size of the buffer. - * - * - Returns 0 on success, and sets outLen to LMS pubLen. - * - Returns BUFFER_E if outLen < LMS pubLen. - * - * Call wc_LmsKey_GetPubLen beforehand to determine pubLen. - * */ -int wc_LmsKey_ExportPubRaw(const LmsKey * key, byte * out, word32 * outLen) -{ - int ret = 0; - word32 pubLen = 0; - - if (key == NULL || out == NULL || outLen == NULL) { - return BAD_FUNC_ARG; - } - - ret = wc_LmsKey_GetPubLen(key, &pubLen); - - if (ret != 0) { - WOLFSSL_MSG("error: wc_LmsKey_GetPubLen failed"); - return -1; - } - - if (*outLen < pubLen) { - return BUFFER_E; - } - - XMEMCPY(out, key->pub, pubLen); - *outLen = pubLen; - - return 0; -} - -/* Imports a raw public key buffer from in array to LmsKey key. - * - * The LMS parameters must be set first with wc_LmsKey_SetLmsParm or - * wc_LmsKey_SetParameters, and inLen must match the length returned - * by wc_LmsKey_GetPubLen. - * - * - Returns 0 on success. - * - Returns BUFFER_E if inlen != LMS pubLen. - * - * Call wc_LmsKey_GetPubLen beforehand to determine pubLen. - * */ -int wc_LmsKey_ImportPubRaw(LmsKey * key, const byte * in, word32 inLen) -{ - int ret = 0; - word32 pubLen = 0; - - if (key == NULL || in == NULL) { - return BAD_FUNC_ARG; - } - - ret = wc_LmsKey_GetPubLen(key, &pubLen); - - if (ret != 0) { - WOLFSSL_MSG("error: wc_LmsKey_GetPubLen failed"); - return -1; - } - - if (inLen != pubLen) { - /* Something inconsistent. Parameters weren't set, or input - * pub key is wrong.*/ - return BUFFER_E; - } - - XMEMCPY(key->pub, in, pubLen); - - return 0; -} - -/* Given a levels, height, winternitz parameter set, determine - * the signature length. - * - * Call this before wc_LmsKey_Sign so you know the length of - * the required signature buffer. */ -int wc_LmsKey_GetSigLen(const LmsKey * key, word32 * len) -{ - if (key == NULL || len == NULL) { - return BAD_FUNC_ARG; - } - - *len = (word32) hss_get_signature_len(key->levels, key->lm_type, - key->lm_ots_type); - - return 0; -} - -int wc_LmsKey_Verify(LmsKey * key, const byte * sig, word32 sigSz, - const byte * msg, int msgSz) -{ - bool result = true; - - if (key == NULL || sig == NULL || msg == NULL) { - return BAD_FUNC_ARG; - } - -#ifdef WOLFSSL_LMS_VERIFY_ONLY - result = hss_validate_signature(key->pub, (const void *) msg, msgSz, sig, - sigSz, NULL); -#else - result = hss_validate_signature(key->pub, (const void *) msg, msgSz, sig, - sigSz, &key->info); -#endif - - - if (!result) { - WOLFSSL_MSG("error: hss_validate_signature failed"); - return -1; - } - - return 0; -} - -int wc_LmsKey_GetKid(LmsKey * key, const byte ** kid, word32* kidSz) -{ - if ((key == NULL) || (kid == NULL) || (kidSz == NULL)) { - return BAD_FUNC_ARG; - } - - return NOT_COMPILED_IN; -} - -const byte * wc_LmsKey_GetKidFromPrivRaw(const byte * priv, word32 privSz) -{ - if ((priv == NULL) || (privSz < 16)) { - return NULL; - } - return priv - 16; -} - -#endif /* WOLFSSL_HAVE_LMS && HAVE_LIBLMS */ diff --git a/wolfcrypt/src/ext_xmss.c b/wolfcrypt/src/ext_xmss.c deleted file mode 100644 index a3ddb6f454..0000000000 --- a/wolfcrypt/src/ext_xmss.c +++ /dev/null @@ -1,1041 +0,0 @@ -/* ext_xmss.c - * - * Copyright (C) 2006-2026 wolfSSL Inc. - * - * This file is part of wolfSSL. - * - * wolfSSL is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * wolfSSL is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA - */ - -#include - -#include - -#if defined(WOLFSSL_HAVE_XMSS) && defined(HAVE_LIBXMSS) - -#include - -#ifdef NO_INLINE - #include -#else - #define WOLFSSL_MISC_INCLUDED - #include -#endif - -#include -#include - -#ifndef WOLFSSL_XMSS_VERIFY_ONLY -static THREAD_LS_T WC_RNG * xmssRng = NULL; - -/* RNG callback used by xmss. - * */ -static int rng_cb(void * output, size_t length) -{ - int ret = 0; - - if (output == NULL || xmssRng == NULL) { - return -1; - } - - if (length == 0) { - return 0; - } - - ret = wc_RNG_GenerateBlock(xmssRng, (byte *)output, (word32)length); - - if (ret) { - WOLFSSL_MSG("error: XMSS rng_cb failed"); - return -1; - } - - return 0; -} -#endif /* ifndef WOLFSSL_XMSS_VERIFY_ONLY */ - -/* SHA256 callback used by XMSS. - * */ -static int sha256_cb(const unsigned char *in, unsigned long long inlen, - unsigned char *out) -{ - wc_Sha256 sha; - - if (wc_InitSha256_ex(&sha, NULL, INVALID_DEVID) != 0) { - WOLFSSL_MSG("SHA256 Init failed"); - return -1; - } - - if (wc_Sha256Update(&sha, in, (word32) inlen) != 0) { - WOLFSSL_MSG("SHA256 Update failed"); - return -1; - } - - if (wc_Sha256Final(&sha, out) != 0) { - WOLFSSL_MSG("SHA256 Final failed"); - wc_Sha256Free(&sha); - return -1; - } - wc_Sha256Free(&sha); - - return 0; -} - -/* Init an XMSS key. - * - * Call this before setting the params of an XMSS key. - * - * key [in] The XMSS key to init. - * heap [in] Unused. - * devId [in] Unused. - * - * returns 0 on success. - * returns BAD_FUNC_ARG when a parameter is NULL. - * */ -int wc_XmssKey_Init(XmssKey * key, void * heap, int devId) -{ - if (key == NULL) { - return BAD_FUNC_ARG; - } - - (void) heap; - (void) devId; - - ForceZero(key, sizeof(XmssKey)); - -#ifndef WOLFSSL_XMSS_VERIFY_ONLY - key->sk = NULL; - key->sk_len = 0; - key->write_private_key = NULL; - key->read_private_key = NULL; - key->context = NULL; -#endif /* ifndef WOLFSSL_XMSS_VERIFY_ONLY */ - key->state = WC_XMSS_STATE_INITED; - - return 0; -} - -/* Sets the XMSS key parameters, given an OID. - * - * Note: XMSS and XMSS^MT parameter sets do have overlapping - * OIDs, therefore is_xmssmt is necessary to toggle. - * - * key [in] The XMSS key to set. - * OID [in] The XMSS parameter set OID. - * is_xmssmt [in] 1 The OID is assumed to be XMSS^MT. - * 0 The OID is assumed to be XMSS. - * - * returns 0 on success. - * returns BAD_FUNC_ARG when a parameter is NULL. - * returns -1 on parse failure. - * */ -static int wc_XmssKey_SetOid(XmssKey * key, uint32_t oid, int is_xmssmt) -{ - int ret = 0; - - if (key == NULL || oid == 0) { - return BAD_FUNC_ARG; - } - - /* Parse the OID and load the XMSS params structure. */ - if (is_xmssmt) { - ret = xmssmt_parse_oid(&key->params, oid); - } - else { - ret = xmss_parse_oid(&key->params, oid); - } - - if (ret != 0) { - WOLFSSL_MSG("error: XMSS parse oid failed"); - return -1; - } - - /* Finally, sanity check that this is a supported parameter set. - * - * We are only supporting XMSS/XMSS^MT with SHA256 parameter sets - * that NIST SP 800-208 has standardized. See patched xmss-reference - * params.h for the defines. */ - if (key->params.func != XMSS_SHA2 || - key->params.n != XMSS_SHA256_N || - key->params.padding_len != XMSS_SHA256_PADDING_LEN || - key->params.wots_w != 16 || - key->params.wots_len != XMSS_SHA256_WOTS_LEN) { - WOLFSSL_MSG("error: unsupported XMSS/XMSS^MT parameter set"); - return -1; - } - if ((key->params.full_height < WOLFSSL_XMSS_MIN_HEIGHT) || - (key->params.full_height > WOLFSSL_XMSS_MAX_HEIGHT)) { - WOLFSSL_MSG("error: unsupported XMSS/XMSS^MT parameter set - height"); - return -1; - } - - ret = xmss_set_sha_cb(sha256_cb); - if (ret != 0) { - WOLFSSL_MSG("error: xmss_set_sha_cb failed"); - return -1; - } - -#ifndef WOLFSSL_XMSS_VERIFY_ONLY - ret = xmss_set_rng_cb(rng_cb); - if (ret != 0) { - WOLFSSL_MSG("error: xmss_set_rng_cb failed"); - return -1; - } -#endif - - key->oid = oid; - key->is_xmssmt = is_xmssmt; - key->state = WC_XMSS_STATE_PARMSET; - - return 0; -} - -/* Set the XMSS key parameter string. - * - * The input string must be one of the supported param set names in - * the "Name" section from the table in wolfssl/wolfcrypt/xmss.h, - * e.g. "XMSS-SHA2_10_256" or "XMSSMT-SHA2_20/4_256". - * - * key [in] The XMSS key to set. - * str [in] The XMSS/XMSS^MT parameter string. - * - * returns 0 on success. - * returns BAD_FUNC_ARG when a parameter is NULL. - * returns -1 on failure. - * */ -int wc_XmssKey_SetParamStr(XmssKey * key, const char * str) -{ - int ret = 0; - uint32_t oid = 0; - int is_xmssmt = 0; - - if (key == NULL || str == NULL) { - return BAD_FUNC_ARG; - } - - if (key->state != WC_XMSS_STATE_INITED) { - WOLFSSL_MSG("error: XMSS key needs init"); - return BAD_FUNC_ARG; - } - - switch(XSTRLEN(str)) { - case XMSS_NAME_LEN: - is_xmssmt = 0; - break; - case XMSSMT_NAME_MIN_LEN: - case XMSSMT_NAME_MAX_LEN: - is_xmssmt = 1; - break; - default: - WOLFSSL_MSG("error: XMSS param str invalid length"); - return BAD_FUNC_ARG; - } - - /* Convert XMSS param string to OID. */ - if (is_xmssmt) { - ret = xmssmt_str_to_oid(&oid, str); - } - else { - ret = xmss_str_to_oid(&oid, str); - } - - if (ret != 0) { - WOLFSSL_MSG("error: xmssmt_str_to_oid failed"); - return -1; - } - - return wc_XmssKey_SetOid(key, oid, is_xmssmt); -} - -/* Force zeros and frees the XMSS key from memory. - * - * This does not touch the private key saved to non-volatile storage. - * - * This is the only function that frees the key->sk array. - * - * key [in] The XMSS key. - * - * returns void - * */ -void wc_XmssKey_Free(XmssKey* key) -{ - if (key == NULL) { - return; - } - -#ifndef WOLFSSL_XMSS_VERIFY_ONLY - if (key->sk != NULL) { - ForceZero(key->sk, key->sk_len); - XFREE(key->sk, NULL, DYNAMIC_TYPE_TMP_BUFFER); - key->sk = NULL; - key->sk_len = 0; - } -#endif /* ifndef WOLFSSL_XMSS_VERIFY_ONLY */ - - ForceZero(key, sizeof(XmssKey)); - - key->state = WC_XMSS_STATE_FREED; - - return; -} - -#ifndef WOLFSSL_XMSS_VERIFY_ONLY -/* Sets the XMSS write private key callback. - * - * The callback must be able to write/update the private key to - * non-volatile storage. - * - * key [in] The XMSS key. - * write_cb [in] The write private key callback. - * - * returns 0 on success. - * returns BAD_FUNC_ARG when a parameter is NULL. - * returns -1 on failure. - * */ -int wc_XmssKey_SetWriteCb(XmssKey * key, wc_xmss_write_private_key_cb write_cb) -{ - if (key == NULL || write_cb == NULL) { - return BAD_FUNC_ARG; - } - - /* Changing the write callback of an already working key is forbidden. */ - if (key->state == WC_XMSS_STATE_OK) { - WOLFSSL_MSG("error: wc_XmssKey_SetWriteCb: key in use"); - return -1; - } - - key->write_private_key = write_cb; - - return 0; -} - -/* Sets the XMSS read private key callback. - * - * The callback must be able to read the private key from - * non-volatile storage. - * - * key [in] The XMSS key. - * read_cb [in] The read private key callback. - * - * returns 0 on success. - * returns BAD_FUNC_ARG when a parameter is NULL. - * returns -1 on failure. - * */ -int wc_XmssKey_SetReadCb(XmssKey * key, wc_xmss_read_private_key_cb read_cb) -{ - if (key == NULL || read_cb == NULL) { - return BAD_FUNC_ARG; - } - - /* Changing the read callback of an already working key is forbidden. */ - if (key->state == WC_XMSS_STATE_OK) { - WOLFSSL_MSG("error: wc_XmssKey_SetReadCb: key in use"); - return -1; - } - - key->read_private_key = read_cb; - - return 0; -} - -/* Sets the XMSS context to be used by write and read callbacks. - * - * E.g. this could be a filename if the callbacks write/read to file. - * - * key [in] The XMSS key. - * context [in] The context pointer. - * - * returns 0 on success. - * returns BAD_FUNC_ARG when a parameter is NULL. - * returns -1 on failure. - * */ -int wc_XmssKey_SetContext(XmssKey * key, void * context) -{ - if (key == NULL || context == NULL) { - return BAD_FUNC_ARG; - } - - /* Setting context of an already working key is forbidden. */ - if (key->state == WC_XMSS_STATE_OK) { - WOLFSSL_MSG("error: wc_XmssKey_SetContext: key in use"); - return -1; - } - - key->context = context; - - return 0; -} - - -/* Allocates the XMSS secret key (sk) array. - * - * The XMSS/XMSS^MT secret key length is a function of the - * parameters, and can't be allocated until the param string - * has been set with SetParamStr. - * - * This is only called by MakeKey() and Reload(). - * - * Note: the XMSS sk array is force zeroed after every use. - * - * key [in] The XMSS key. - * - * returns 0 on success. - * returns BAD_FUNC_ARG when a parameter is NULL. - * returns -1 on failure. - * */ -static int wc_XmssKey_AllocSk(XmssKey* key) -{ - int ret = 0; - - if (key == NULL) { - return BAD_FUNC_ARG; - } - - if (key->sk != NULL) { - WOLFSSL_MSG("error: XMSS secret key already exists"); - return -1; - } - - /* The XMSS/XMSS^MT secret key length is a function of the - * parameters. Therefore can't allocate this until param - * string has been set. */ - ret = wc_XmssKey_GetPrivLen(key, &key->sk_len); - - if (ret != 0 || key->sk_len <= 0) { - WOLFSSL_MSG("error: wc_XmssKey_GetPrivLen failed"); - return -1; - } - - key->sk = (unsigned char *)XMALLOC(key->sk_len, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - - if (key->sk == NULL) { - WOLFSSL_MSG("error: malloc XMSS key->sk failed"); - return -1; - } - - ForceZero(key->sk, key->sk_len); - - return 0; -} - -/* Make the XMSS/XMSS^MT private/public key pair. The key must have its parameters - * set before calling this. - * - * Write/read callbacks, and context data, must be set prior. - * Key must have parameters set. - * - * This function and Reload() are the only functions that allocate - * key->sk array. wc_XmssKey_FreeKey is the only function that - * deallocates key->sk. - * - * key [in] The XMSS key to make. - * rng [in] Initialized WC_RNG pointer. - * - * returns 0 on success. - * returns BAD_FUNC_ARG when a parameter is NULL. - * returns -1 on verify fail. - * */ -int wc_XmssKey_MakeKey(XmssKey* key, WC_RNG * rng) -{ - int ret = 0; - enum wc_XmssRc cb_rc = WC_XMSS_RC_NONE; - - if (key == NULL || rng == NULL) { - return BAD_FUNC_ARG; - } - - if (key->state != WC_XMSS_STATE_PARMSET) { - WOLFSSL_MSG("error: XmssKey not ready for generation"); - return -1; - } - - if (key->write_private_key == NULL || key->read_private_key == NULL) { - WOLFSSL_MSG("error: XmssKey write/read callbacks are not set"); - return -1; - } - - if (key->context == NULL) { - WOLFSSL_MSG("error: XmssKey context is not set"); - return -1; - } - - /* Allocate sk array. */ - ret = wc_XmssKey_AllocSk(key); - - if (ret != 0) { - return ret; - } - - xmssRng = rng; - - /* Finally make the secret public key pair. Immediately write it to NV - * storage and then clear from memory. */ - if (key->is_xmssmt) { - ret = xmssmt_keypair(key->pk, key->sk, key->oid); - } - else { - ret = xmss_keypair(key->pk, key->sk, key->oid); - } - - if (ret == 0) { - cb_rc = key->write_private_key(key->sk, key->sk_len, key->context); - } - - ForceZero(key->sk, key->sk_len); - - if (ret != 0) { - WOLFSSL_MSG("error: XMSS keypair failed"); - key->state = WC_XMSS_STATE_BAD; - return -1; - } - - if (cb_rc != WC_XMSS_RC_SAVED_TO_NV_MEMORY) { - WOLFSSL_MSG("error: XMSS write to NV storage failed"); - key->state = WC_XMSS_STATE_BAD; - return -1; - } - - key->state = WC_XMSS_STATE_OK; - - return 0; -} - -/* This function allocates the secret key buffer, and does a - * quick sanity check to verify the secret key is readable - * from NV storage, and then force zeros the key from memory. - * - * On success it sets the key state to OK. - * - * Use this function to resume signing with an already existing - * XMSS key pair. - * - * Write/read callbacks, and context data, must be set prior. - * Key must have parameters set. - * - * Returns 0 on success. - * - * This function and MakeKey are the only functions that allocate - * key->sk array. wc_XmssKey_FreeKey is the only function that - * deallocates key->sk. - * - * key [in] XMSS key to load. - * - * returns 0 on success. - * returns BAD_FUNC_ARG when a parameter is NULL. - * returns -1 on load fail. - * */ -int wc_XmssKey_Reload(XmssKey * key) -{ - int ret = 0; - enum wc_XmssRc cb_rc = WC_XMSS_RC_NONE; - - if (key == NULL) { - return BAD_FUNC_ARG; - } - - if (key->state != WC_XMSS_STATE_PARMSET) { - WOLFSSL_MSG("error: XmssKey not ready for reload"); - return -1; - } - - if (key->write_private_key == NULL || key->read_private_key == NULL) { - WOLFSSL_MSG("error: XmssKey write/read callbacks are not set"); - return -1; - } - - if (key->context == NULL) { - WOLFSSL_MSG("error: XmssKey context is not set"); - return -1; - } - - /* Allocate sk array. */ - ret = wc_XmssKey_AllocSk(key); - - if (ret != 0) { - return ret; - } - - /* Read the current secret key from NV storage. Force clear it - * immediately. This is just to sanity check the secret key - * is readable from permanent storage. */ - cb_rc = key->read_private_key(key->sk, key->sk_len, key->context); - ForceZero(key->sk, key->sk_len); - - if (cb_rc != WC_XMSS_RC_READ_TO_MEMORY) { - WOLFSSL_MSG("error: XMSS read from NV storage failed"); - key->state = WC_XMSS_STATE_BAD; - return -1; - } - - key->state = WC_XMSS_STATE_OK; - - return 0; -} - -/* Gets the XMSS/XMSS^MT private key length. - * - * Parameters must be set before calling this, as the key size (sk_bytes) - * is a function of the parameters. - * - * Note: the XMSS/XMSS^MT private key format is implementation specific, - * and not standardized. Interoperability of XMSS private keys should - * not be expected. - * - * key [in] The XMSS key. - * len [out] The length of the private key in bytes. - * - * returns 0 on success. - * returns BAD_FUNC_ARG when a parameter is NULL. - * returns -1 on sign fail. - * */ -int wc_XmssKey_GetPrivLen(const XmssKey * key, word32 * len) -{ - if (key == NULL || len == NULL) { - return BAD_FUNC_ARG; - } - - if (key->state != WC_XMSS_STATE_OK && key->state != WC_XMSS_STATE_PARMSET) { - /* params.sk_bytes not set yet. */ - return -1; - } - - *len = XMSS_OID_LEN + (word32) key->params.sk_bytes; - - return 0; -} - -/* Signs the message using the XMSS secret key, and - * updates the secret key on NV storage. - * - * Both operations must succeed to be considered - * successful. - * - * On success: sets key state to WC_XMSS_STATE_OK. - * On failure: sets key state to WC_XMSS_STATE_BAD - * - * If no signatures are left, sets state to WC_XMSS_STATE_NOSIGS. - */ -static void wc_XmssKey_SignUpdate(XmssKey* key, byte * sig, word32 * sigLen, - const byte * msg, int msgLen) -{ - int ret = -1; - unsigned long long len = *sigLen; - enum wc_XmssRc cb_rc = WC_XMSS_RC_NONE; - - /* Set the key state to bad by default. State is presumed bad - * unless a correct sign and update operation happen together. */ - key->state = WC_XMSS_STATE_BAD; - *sigLen = 0; - - /* Read the current secret key from NV storage.*/ - cb_rc = key->read_private_key(key->sk, key->sk_len, key->context); - - if (cb_rc == WC_XMSS_RC_READ_TO_MEMORY) { - /* Read was good. Now sign and update the secret key in memory. */ - if (key->is_xmssmt) { - ret = xmssmt_sign(key->sk, sig, &len, msg, msgLen); - } - else { - ret = xmss_sign(key->sk, sig, &len, msg, msgLen); - } - - if (ret == 0 && len == key->params.sig_bytes) { - /* The signature succeeded. key->sk is now updated and must be - * committed to NV storage. */ - cb_rc = key->write_private_key(key->sk, key->sk_len, key->context); - - if (cb_rc == WC_XMSS_RC_SAVED_TO_NV_MEMORY) { - /* key->sk was successfully committed to NV storage. Set the - * key state to OK, and set the sigLen. */ - key->state = WC_XMSS_STATE_OK; - *sigLen = (word32) len; - } - else { - /* Write to NV storage failed. Erase the signature from - * memory. */ - ForceZero(sig, key->params.sig_bytes); - WOLFSSL_MSG("error: XMSS write_private_key failed"); - } - } - else if (ret == -2) { - /* Signature space exhausted. */ - key->state = WC_XMSS_STATE_NOSIGS; - WOLFSSL_MSG("error: no XMSS signatures remaining"); - } - else { - /* Something failed or inconsistent in signature. Erase the - * signature just to be safe. */ - ForceZero(sig, key->params.sig_bytes); - WOLFSSL_MSG("error: XMSS sign failed"); - } - } - else { - /* Read from NV storage failed. */ - WOLFSSL_MSG("error: XMSS read_private_key failed"); - } - - /* Force zero the secret key from memory always. */ - ForceZero(key->sk, key->sk_len); - - return; -} - -/* Sign the message using the XMSS secret key. - * - * key [in] XMSS key to use to sign. - * sig [in] Buffer to write signature into. - * sigLen [in/out] On in, size of buffer. - * On out, the length of the signature in bytes. - * msg [in] Message to sign. - * msgLen [in] Length of the message in bytes. - * - * returns 0 on success. - * returns -1 on sign fail. - * returns BAD_FUNC_ARG when a parameter is NULL. - * returns BUFFER_E when sigLen is too small. - */ -int wc_XmssKey_Sign(XmssKey* key, byte * sig, word32 * sigLen, const byte * msg, - int msgLen) -{ - if (key == NULL || sig == NULL || sigLen == NULL || msg == NULL) { - return BAD_FUNC_ARG; - } - - if (msgLen <= 0) { - return BAD_FUNC_ARG; - } - - if (*sigLen < key->params.sig_bytes) { - /* Signature buffer too small. */ - WOLFSSL_MSG("error: XMSS sig buffer too small"); - return BUFFER_E; - } - - if (key->state == WC_XMSS_STATE_NOSIGS) { - WOLFSSL_MSG("error: XMSS signatures exhausted"); - return -1; - } - else if (key->state != WC_XMSS_STATE_OK) { - /* The key had an error the last time it was used, and we - * can't guarantee its state. */ - WOLFSSL_MSG("error: can't sign, XMSS key not in good state"); - return -1; - } - - if (key->write_private_key == NULL || key->read_private_key == NULL) { - WOLFSSL_MSG("error: XmssKey write/read callbacks are not set"); - return -1; - } - - if (key->context == NULL) { - WOLFSSL_MSG("error: XmssKey context is not set"); - return -1; - } - - /* Finally, sign and update the secret key. */ - wc_XmssKey_SignUpdate(key, sig, sigLen, msg, msgLen); - - return (key->state == WC_XMSS_STATE_OK) ? 0 : -1; -} - - -/* Check if more signatures are possible with key. - * - * @param [in] key XMSS key to check. - * @return 1 when signatures possible. - * @return 0 when key exhausted. - */ -int wc_XmssKey_SigsLeft(XmssKey* key) -{ - int ret = 0; - - /* Validate parameter. */ - if (key == NULL) { - ret = 0; - } - /* Validate state. */ - else if (key->state == WC_XMSS_STATE_NOSIGS) { - WOLFSSL_MSG("error: XMSS signatures exhausted"); - ret = 0; - } - else if (key->state != WC_XMSS_STATE_OK) { - WOLFSSL_MSG("error: can't sign, XMSS key not in good state"); - ret = 0; - } - /* Read the current secret key from NV storage.*/ - else if (key->read_private_key(key->sk, key->sk_len, key->context) != - WC_XMSS_RC_READ_TO_MEMORY) { - WOLFSSL_MSG("error: XMSS read_private_key failed"); - ret = 0; - } - else { - /* The following assumes core_fast implementation is used - * from patched xmss-reference. */ - const unsigned char* sk = (key->sk + XMSS_OID_LEN); - const xmss_params* params = &key->params; - unsigned long long idx = 0; - - if (key->is_xmssmt) { - for (uint64_t i = 0; i < params->index_bytes; i++) { - idx |= ((unsigned long long)sk[i]) - << 8 * (params->index_bytes - 1 - i); - } - } - else { - idx = ((unsigned long)sk[0] << 24) | - ((unsigned long)sk[1] << 16) | - ((unsigned long)sk[2] << 8) | sk[3]; - } - - ret = idx < ((1ULL << params->full_height) - 1); - - /* Force zero the secret key from memory always. */ - ForceZero(key->sk, key->sk_len); - } - - return ret; -} -#endif /* ifndef WOLFSSL_XMSS_VERIFY_ONLY*/ - -/* Get the XMSS/XMSS^MT public key length. The public key - * is static in size and does not depend on parameters, - * other than the choice of SHA256 as hashing function. - * - * key [in] The XMSS key. - * len [out] The length of the public key. - * - * returns 0 on success. - * returns BAD_FUNC_ARG when a parameter is NULL. - */ -int wc_XmssKey_GetPubLen(const XmssKey * key, word32 * len) -{ - if (key == NULL || len == NULL) { - return BAD_FUNC_ARG; - } - - *len = XMSS_SHA256_PUBLEN; - - return 0; -} - -/* Export a generated public key and parameter set from one XmssKey - * to another. Use this to prepare a signature verification XmssKey - * that is pub only. - * - * keyDst [out] Destination key for copy. - * keySrc [in] Source key for copy. - * - * returns 0 on success. - * returns BAD_FUNC_ARG when a parameter is NULL. - * */ -int wc_XmssKey_ExportPub(XmssKey * keyDst, const XmssKey * keySrc) -{ - if (keyDst == NULL || keySrc == NULL) { - return BAD_FUNC_ARG; - } - - ForceZero(keyDst, sizeof(XmssKey)); - - XMEMCPY(keyDst->pk, keySrc->pk, sizeof(keySrc->pk)); - - keyDst->oid = keySrc->oid; - keyDst->is_xmssmt = keySrc->is_xmssmt; - - /* Mark keyDst as verify only, to prevent misuse. */ - keyDst->state = WC_XMSS_STATE_VERIFYONLY; - - return 0; -} - -/* Exports the raw XMSS public key buffer from key to out buffer. - * The out buffer should be large enough to hold the public key, and - * outLen should indicate the size of the buffer. - * - * key [in] XMSS key. - * out [out] Array holding public key. - * outLen [in/out] On in, size of buffer. - * On out, the length of the public key. - * - * returns 0 on success. - * returns -1 on failure. - * returns BAD_FUNC_ARG when a parameter is NULL. - * returns BUFFER_E if array is too small. - * */ -int wc_XmssKey_ExportPubRaw(const XmssKey * key, byte * out, word32 * outLen) -{ - int ret = 0; - word32 pubLen = 0; - - if (key == NULL || out == NULL || outLen == NULL) { - return BAD_FUNC_ARG; - } - - ret = wc_XmssKey_GetPubLen(key, &pubLen); - - if (ret != 0) { - WOLFSSL_MSG("error: wc_XmssKey_GetPubLen failed"); - return -1; - } - - if (*outLen < pubLen) { - return BUFFER_E; - } - - XMEMCPY(out, key->pk, pubLen); - *outLen = pubLen; - - return 0; -} - -/* Imports a raw public key buffer from in array to XmssKey key. - * - * The XMSS parameters must be set first with wc_XmssKey_SetParamStr, - * and inLen must match the length returned by wc_XmssKey_GetPubLen. - * - * key [in] XMSS key. - * in [in] Array holding public key. - * inLen [in] Length of array in bytes. - * - * returns 0 on success. - * returns BAD_FUNC_ARG when a parameter is NULL. - * returns BUFFER_E if array is incorrect size. - * returns -1 on failure. - * */ -int wc_XmssKey_ImportPubRaw(XmssKey * key, const byte * in, word32 inLen) -{ - int ret = 0; - word32 pubLen = 0; - - if (key == NULL || in == NULL) { - return BAD_FUNC_ARG; - } - - if (key->state != WC_XMSS_STATE_PARMSET) { - /* XMSS key not ready for import. Param str must be set first. */ - WOLFSSL_MSG("error: XMSS key not ready for import"); - return -1; - } - - ret = wc_XmssKey_GetPubLen(key, &pubLen); - - if (ret != 0) { - WOLFSSL_MSG("error: wc_XmssKey_GetPubLen failed"); - return -1; - } - - if (inLen != pubLen) { - /* Something inconsistent. Parameters weren't set, or input - * pub key is wrong.*/ - return BUFFER_E; - } - - XMEMCPY(key->pk, in, pubLen); - - key->state = WC_XMSS_STATE_VERIFYONLY; - - return 0; -} - -/* Gets the XMSS/XMSS^MT signature length. - * - * Parameters must be set before calling this, as the signature size - * is a function of the parameters. - * - * Note: call this before wc_XmssKey_Sign or Verify so you know the - * length of the required signature buffer. - * - * key [in] XMSS key to use to sign. - * len [out] The length of the signature in bytes. - * - * returns 0 on success. - * returns BAD_FUNC_ARG when a parameter is NULL. - * returns -1 on sign fail. - * */ -int wc_XmssKey_GetSigLen(const XmssKey * key, word32 * len) -{ - if (key == NULL || len == NULL) { - return BAD_FUNC_ARG; - } - - if (key->state != WC_XMSS_STATE_OK && key->state != WC_XMSS_STATE_PARMSET) { - return -1; - } - - *len = key->params.sig_bytes; - - return 0; -} - -/* Verify the signature using the XMSS public key. - * - * Requires that XMSS parameters have been set with - * wc_XmssKey_SetParamStr, and that a public key is available - * from importing or MakeKey(). - * - * Call wc_XmssKey_GetSigLen() before this function to determine - * length of the signature buffer. - * - * key [in] XMSS key to use to verify. - * sig [in] Signature to verify. - * sigLen [in] Size of signature in bytes. - * msg [in] Message to verify. - * msgLen [in] Length of the message in bytes. - * - * returns 0 on success. - * returns -1 on verify fail. - * returns BAD_FUNC_ARG when a parameter is NULL. - * returns BUFFER_E when sigLen is too small. - */ -int wc_XmssKey_Verify(XmssKey * key, const byte * sig, word32 sigLen, - const byte * msg, int msgLen) -{ - int ret = 0; - unsigned long long msg_len = 0; - - msg_len = msgLen; - - if (key == NULL || sig == NULL || msg == NULL) { - return BAD_FUNC_ARG; - } - - if (sigLen < key->params.sig_bytes) { - /* Signature buffer too small. */ - return BUFFER_E; - } - - if (key->state != WC_XMSS_STATE_OK && - key->state != WC_XMSS_STATE_VERIFYONLY) { - /* XMSS key not ready for verification. Param str must be - * set first, and Reload() called. */ - WOLFSSL_MSG("error: XMSS key not ready for verification"); - return -1; - } - - if (key->is_xmssmt) { - ret = xmssmt_sign_open(msg, &msg_len, sig, sigLen, key->pk); - } - else { - ret = xmss_sign_open(msg, &msg_len, sig, sigLen, key->pk); - } - - if (ret != 0 || (int) msg_len != msgLen) { - WOLFSSL_MSG("error: XMSS verify failed"); - return -1; - } - - return ret; -} - -#endif /* WOLFSSL_HAVE_XMSS && HAVE_LIBXMSS */ diff --git a/wolfcrypt/src/wc_lms.c b/wolfcrypt/src/wc_lms.c index 01286cdc2b..99a3e19e81 100644 --- a/wolfcrypt/src/wc_lms.c +++ b/wolfcrypt/src/wc_lms.c @@ -21,7 +21,7 @@ #include -#if defined(WOLFSSL_HAVE_LMS) && defined(WOLFSSL_WC_LMS) +#if defined(WOLFSSL_HAVE_LMS) #if FIPS_VERSION3_GE(2,0,0) /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */ @@ -721,7 +721,7 @@ int wc_LmsKey_SetLmsParm(LmsKey* key, enum wc_LmsParm lmsParm) /* Set the parameters of an LMS key. * * Use this if you wish to set specific parameters not found in the - * wc_LmsParm predefined sets. See comments in lms.h for allowed + * wc_LmsParm predefined sets. See comments in wc_lms.h for allowed * parameters. * * Key must be inited before calling this. @@ -1597,4 +1597,4 @@ const byte * wc_LmsKey_GetKidFromPrivRaw(const byte * priv, word32 privSz) #endif -#endif /* WOLFSSL_HAVE_LMS && WOLFSSL_WC_LMS */ +#endif /* WOLFSSL_HAVE_LMS */ diff --git a/wolfcrypt/src/wc_lms_impl.c b/wolfcrypt/src/wc_lms_impl.c index a6fc89da7f..3d20bc0e0d 100644 --- a/wolfcrypt/src/wc_lms_impl.c +++ b/wolfcrypt/src/wc_lms_impl.c @@ -48,7 +48,7 @@ #include #endif -#if defined(WOLFSSL_HAVE_LMS) && defined(WOLFSSL_WC_LMS) +#ifdef WOLFSSL_HAVE_LMS /* Length of R in bytes. */ #define LMS_R_LEN 4 @@ -4108,5 +4108,5 @@ int wc_hss_verify(LmsState* state, const byte* pub, const byte* msg, return ret; } -#endif /* WOLFSSL_HAVE_LMS && WOLFSSL_WC_LMS */ +#endif /* WOLFSSL_HAVE_LMS */ diff --git a/wolfcrypt/src/wc_xmss.c b/wolfcrypt/src/wc_xmss.c index dfc6375e4e..2a80deb217 100644 --- a/wolfcrypt/src/wc_xmss.c +++ b/wolfcrypt/src/wc_xmss.c @@ -839,7 +839,7 @@ int wc_XmssKey_Init(XmssKey* key, void* heap, int devId) /* Set the XMSS key parameter string. * * The input string must be one of the supported parm set names in - * the "Name" section from the table in wolfssl/wolfcrypt/xmss.h, + * the "Name" section from the table in wolfssl/wolfcrypt/wc_xmss.h, * e.g. "XMSS-SHA2_10_256" or "XMSSMT-SHA2_20/4_256". * * @param [in] key The XMSS key to set. diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index afcf8b4f3c..0062efe6df 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -401,21 +401,11 @@ static const byte const_byte_array[] = "A+Gd\0\0\0"; #include #endif #if defined(WOLFSSL_HAVE_XMSS) - #include -#ifdef HAVE_LIBXMSS - #include -#else #include #endif -#endif #if defined(WOLFSSL_HAVE_LMS) - #include -#ifdef HAVE_LIBLMS - #include -#else #include #endif -#endif #if defined(WOLFSSL_HAVE_SLHDSA) #include #endif @@ -978,11 +968,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t scrypt_test(void); #endif #endif #if defined(WOLFSSL_HAVE_LMS) - #if !defined(WOLFSSL_SMALL_STACK) - #if (defined(WOLFSSL_WC_LMS) && (LMS_MAX_HEIGHT >= 10) && \ - !defined(WOLFSSL_NO_LMS_SHA256_256)) || defined(HAVE_LIBLMS) + #if !defined(WOLFSSL_SMALL_STACK) && (LMS_MAX_HEIGHT >= 10) && \ + !defined(WOLFSSL_NO_LMS_SHA256_256) WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test_verify_only(void); - #endif #endif #if !defined(WOLFSSL_LMS_VERIFY_ONLY) WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test(void); @@ -3178,14 +3166,12 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\ #endif /* if defined(WOLFSSL_HAVE_XMSS) */ #if defined(WOLFSSL_HAVE_LMS) - #if !defined(WOLFSSL_SMALL_STACK) - #if (defined(WOLFSSL_WC_LMS) && (LMS_MAX_HEIGHT >= 10) && \ - !defined(WOLFSSL_NO_LMS_SHA256_256)) || defined(HAVE_LIBLMS) + #if !defined(WOLFSSL_SMALL_STACK) && (LMS_MAX_HEIGHT >= 10) && \ + !defined(WOLFSSL_NO_LMS_SHA256_256) if ( (ret = lms_test_verify_only()) != 0) TEST_FAIL("LMS Vfy test failed!\n", ret); else TEST_PASS("LMS Vfy test passed!\n"); - #endif #endif #if !defined(WOLFSSL_LMS_VERIFY_ONLY) @@ -53463,10 +53449,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test(void) #else byte sig[WC_TEST_LMS_SIG_LEN]; #endif -#if !defined(HAVE_LIBLMS) const byte * kid; word32 kidSz; -#endif WOLFSSL_ENTER("lms_test"); @@ -53525,7 +53509,6 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test(void) XMEMCPY(old_priv, priv, sizeof(priv)); -#if !defined(HAVE_LIBLMS) ret = wc_LmsKey_GetKid(NULL, NULL, NULL); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); @@ -53552,7 +53535,6 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test(void) if (kidSz != WC_LMS_I_LEN) { ERROR_OUT(WC_TEST_RET_ENC_I(kidSz), out); } -#endif ret = wc_LmsKey_ExportPub(&verifyKey, &signingKey); if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); } @@ -53663,9 +53645,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test(void) #endif /* if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY) */ -#if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_SMALL_STACK) -#if (defined(WOLFSSL_WC_LMS) && (LMS_MAX_HEIGHT >= 10) && \ - !defined(WOLFSSL_NO_LMS_SHA256_256)) || defined(HAVE_LIBLMS) +#if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_SMALL_STACK) && \ + (LMS_MAX_HEIGHT >= 10) && !defined(WOLFSSL_NO_LMS_SHA256_256) /* A simple LMS verify only test. * @@ -54009,7 +53990,6 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test_verify_only(void) return ret; } -#endif #endif /* if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_SMALL_STACK) */ #if defined(WOLFSSL_HAVE_SLHDSA) diff --git a/wolfcrypt/test/test.h b/wolfcrypt/test/test.h index 75ea16234a..016ca6553a 100644 --- a/wolfcrypt/test/test.h +++ b/wolfcrypt/test/test.h @@ -314,8 +314,7 @@ extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t scrypt_test(void); #endif #if defined(WOLFSSL_HAVE_LMS) #if !defined(WOLFSSL_SMALL_STACK) - #if (defined(WOLFSSL_WC_LMS) && (LMS_MAX_HEIGHT >= 10) && \ - !defined(WOLFSSL_NO_LMS_SHA256_256)) || defined(HAVE_LIBLMS) + #if (LMS_MAX_HEIGHT >= 10) && !defined(WOLFSSL_NO_LMS_SHA256_256) extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test_verify_only(void); #endif #endif diff --git a/wolfssl/wolfcrypt/ext_lms.h b/wolfssl/wolfcrypt/ext_lms.h deleted file mode 100644 index b1bc4fccd2..0000000000 --- a/wolfssl/wolfcrypt/ext_lms.h +++ /dev/null @@ -1,62 +0,0 @@ -/* ext_lms.h - * - * Copyright (C) 2006-2026 wolfSSL Inc. - * - * This file is part of wolfSSL. - * - * wolfSSL is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * wolfSSL is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA - */ - -#ifndef EXT_LMS_H -#define EXT_LMS_H - -#if defined(WOLFSSL_HAVE_LMS) && defined(HAVE_LIBLMS) - -#include - -/* hash-sigs LMS HSS includes */ -#include - -#if defined(WOLFSSL_WC_LMS) -#error "This code is incompatible with wolfCrypt's implementation of LMS." -#endif - -/* - * The hash-sigs LMS lib supports from MIN_HSS_LEVELS to MAX_HSS_LEVELS - * number of levels of Merkle trees. It allows for the tree height and - * winternitz parameter to be unique per level. - */ - -/* hss structs */ -typedef struct hss_working_key hss_working_key; -typedef struct hss_extra_info hss_extra_info; - -struct LmsKey { - unsigned levels; /* Number of tree levels. */ - param_set_t lm_type[MAX_HSS_LEVELS]; /* Height param per level. */ - param_set_t lm_ots_type[MAX_HSS_LEVELS]; /* Winternitz param per level. */ - unsigned char pub[HSS_MAX_PUBLIC_KEY_LEN]; -#ifndef WOLFSSL_LMS_VERIFY_ONLY - hss_working_key * working_key; - wc_lms_write_private_key_cb write_private_key; /* Callback to write/update key. */ - wc_lms_read_private_key_cb read_private_key; /* Callback to read key. */ - void * context; /* Context arg passed to callbacks. */ - hss_extra_info info; -#endif /* ifndef WOLFSSL_LMS_VERIFY_ONLY */ - enum wc_LmsState state; -}; - -#endif /* WOLFSSL_HAVE_LMS */ -#endif /* EXT_LMS_H */ diff --git a/wolfssl/wolfcrypt/ext_xmss.h b/wolfssl/wolfcrypt/ext_xmss.h deleted file mode 100644 index d21d03ffbf..0000000000 --- a/wolfssl/wolfcrypt/ext_xmss.h +++ /dev/null @@ -1,53 +0,0 @@ -/* ext_xmss.h - * - * Copyright (C) 2006-2026 wolfSSL Inc. - * - * This file is part of wolfSSL. - * - * wolfSSL is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * wolfSSL is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA - */ - -#ifndef EXT_XMSS_H -#define EXT_XMSS_H - -#if defined(WOLFSSL_HAVE_XMSS) && defined(HAVE_LIBXMSS) - -#include - -#include -#include - -#if defined(WOLFSSL_WC_XMSS) - #error "This code is incompatible with wolfCrypt's implementation of XMSS." -#endif - -struct XmssKey { - unsigned char pk[XMSS_SHA256_PUBLEN]; - word32 oid; - int is_xmssmt; - xmss_params params; -#ifndef WOLFSSL_XMSS_VERIFY_ONLY - /* The secret key length is a function of xmss_params. */ - unsigned char * sk; - word32 sk_len; - wc_xmss_write_private_key_cb write_private_key; /* Callback to write/update key. */ - wc_xmss_read_private_key_cb read_private_key; /* Callback to read key. */ - void * context; /* Context arg passed to callbacks. */ -#endif /* ifndef WOLFSSL_XMSS_VERIFY_ONLY */ - enum wc_XmssState state; -}; - -#endif /* WOLFSSL_HAVE_XMSS */ -#endif /* EXT_XMSS_H */ diff --git a/wolfssl/wolfcrypt/include.am b/wolfssl/wolfcrypt/include.am index 7f07389a07..cbbc1442a6 100644 --- a/wolfssl/wolfcrypt/include.am +++ b/wolfssl/wolfcrypt/include.am @@ -83,12 +83,8 @@ nobase_include_HEADERS+= \ wolfssl/wolfcrypt/sm2.h \ wolfssl/wolfcrypt/sm3.h \ wolfssl/wolfcrypt/sm4.h \ - wolfssl/wolfcrypt/lms.h \ wolfssl/wolfcrypt/wc_lms.h \ - wolfssl/wolfcrypt/ext_lms.h \ - wolfssl/wolfcrypt/xmss.h \ wolfssl/wolfcrypt/wc_xmss.h \ - wolfssl/wolfcrypt/ext_xmss.h \ wolfssl/wolfcrypt/wc_slhdsa.h \ wolfssl/wolfcrypt/puf.h \ wolfssl/wolfcrypt/oid_sum.h diff --git a/wolfssl/wolfcrypt/lms.h b/wolfssl/wolfcrypt/lms.h deleted file mode 100644 index 19a7a0543c..0000000000 --- a/wolfssl/wolfcrypt/lms.h +++ /dev/null @@ -1,266 +0,0 @@ -/* lms.h - * - * Copyright (C) 2006-2026 wolfSSL Inc. - * - * This file is part of wolfSSL. - * - * wolfSSL is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * wolfSSL is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA - */ - -/*! - \file wolfssl/wolfcrypt/lms.h - */ - -#ifndef WOLF_CRYPT_LMS_H -#define WOLF_CRYPT_LMS_H - -#include -#include - -#ifdef WOLFSSL_HAVE_LMS - -/* Length of the Key ID. */ -#define WC_LMS_I_LEN 16 - -typedef struct LmsKey LmsKey; - -/* Private key write and read callbacks. */ -typedef int (*wc_lms_write_private_key_cb)(const byte * priv, word32 privSz, void *context); -typedef int (*wc_lms_read_private_key_cb)(byte * priv, word32 privSz, void *context); - -/* Return codes returned by private key callbacks. */ -enum wc_LmsRc { - WC_LMS_RC_NONE, - WC_LMS_RC_BAD_ARG, /* Bad arg in read or write callback. */ - WC_LMS_RC_WRITE_FAIL, /* Write or update private key failed. */ - WC_LMS_RC_READ_FAIL, /* Read private key failed. */ - WC_LMS_RC_SAVED_TO_NV_MEMORY, /* Wrote private key to nonvolatile storage. */ - WC_LMS_RC_READ_TO_MEMORY /* Read private key from storage. */ -}; - -/* LMS/HSS signatures are defined by 3 parameters: - * levels: number of levels of Merkle trees. - * height: height of an individual Merkle tree. - * winternitz: number of bits from hash used in a Winternitz chain. - * - * The acceptable parameter values are those in RFC8554: - * levels = {1..8} - * height = {5, 10, 15, 20, 25} - * winternitz = {1, 2, 4, 8} - * - * The number of available signatures is: - * N = 2 ** (levels * height) - * - * Signature sizes are determined by levels and winternitz - * parameters primarily, and height to a lesser extent: - * - Larger levels values increase signature size significantly. - * - Larger height values increase signature size moderately. - * - Larger winternitz values will reduce the signature size, at - * the expense of longer key generation and sign/verify times. - * - * Key generation time is strongly determined by the height of - * the first level tree. A 3 level, 5 height tree is much faster - * than 1 level, 15 height at initial key gen, even if the number - * of available signatures is the same. - * */ - -/* Predefined LMS/HSS parameter sets for convenience. - * - * Not predefining many sets with Winternitz=1, because the signatures - * will be large. */ -enum wc_LmsParm { -#ifndef WOLFSSL_NO_LMS_SHA256_256 - WC_LMS_PARM_NONE = 0, - WC_LMS_PARM_L1_H5_W1 = 1, - WC_LMS_PARM_L1_H5_W2 = 2, - WC_LMS_PARM_L1_H5_W4 = 3, - WC_LMS_PARM_L1_H5_W8 = 4, - WC_LMS_PARM_L1_H10_W2 = 5, - WC_LMS_PARM_L1_H10_W4 = 6, - WC_LMS_PARM_L1_H10_W8 = 7, - WC_LMS_PARM_L1_H15_W2 = 8, - WC_LMS_PARM_L1_H15_W4 = 9, - WC_LMS_PARM_L1_H15_W8 = 10, - WC_LMS_PARM_L1_H20_W2 = 11, - WC_LMS_PARM_L1_H20_W4 = 12, - WC_LMS_PARM_L1_H20_W8 = 13, - WC_LMS_PARM_L2_H5_W2 = 14, - WC_LMS_PARM_L2_H5_W4 = 15, - WC_LMS_PARM_L2_H5_W8 = 16, - WC_LMS_PARM_L2_H10_W2 = 17, - WC_LMS_PARM_L2_H10_W4 = 18, - WC_LMS_PARM_L2_H10_W8 = 19, - WC_LMS_PARM_L2_H15_W2 = 20, - WC_LMS_PARM_L2_H15_W4 = 21, - WC_LMS_PARM_L2_H15_W8 = 22, - WC_LMS_PARM_L2_H20_W2 = 23, - WC_LMS_PARM_L2_H20_W4 = 24, - WC_LMS_PARM_L2_H20_W8 = 25, - WC_LMS_PARM_L3_H5_W2 = 26, - WC_LMS_PARM_L3_H5_W4 = 27, - WC_LMS_PARM_L3_H5_W8 = 28, - WC_LMS_PARM_L3_H10_W4 = 29, - WC_LMS_PARM_L3_H10_W8 = 30, - WC_LMS_PARM_L4_H5_W2 = 31, - WC_LMS_PARM_L4_H5_W4 = 32, - WC_LMS_PARM_L4_H5_W8 = 33, - WC_LMS_PARM_L4_H10_W4 = 34, - WC_LMS_PARM_L4_H10_W8 = 35, - /* H25 parameter sets for SHA-256/256 */ - WC_LMS_PARM_L1_H25_W1 = 56, - WC_LMS_PARM_L1_H25_W2 = 57, - WC_LMS_PARM_L1_H25_W4 = 58, - WC_LMS_PARM_L1_H25_W8 = 59, - /* W1 for non-H5 heights */ - WC_LMS_PARM_L1_H10_W1 = 60, - WC_LMS_PARM_L1_H15_W1 = 61, - WC_LMS_PARM_L1_H20_W1 = 62, -#endif - -#ifdef WOLFSSL_LMS_SHA256_192 - WC_LMS_PARM_SHA256_192_L1_H5_W1 = 36, - WC_LMS_PARM_SHA256_192_L1_H5_W2 = 37, - WC_LMS_PARM_SHA256_192_L1_H5_W4 = 38, - WC_LMS_PARM_SHA256_192_L1_H5_W8 = 39, - WC_LMS_PARM_SHA256_192_L1_H10_W2 = 40, - WC_LMS_PARM_SHA256_192_L1_H10_W4 = 41, - WC_LMS_PARM_SHA256_192_L1_H10_W8 = 42, - WC_LMS_PARM_SHA256_192_L1_H15_W2 = 43, - WC_LMS_PARM_SHA256_192_L1_H15_W4 = 44, - WC_LMS_PARM_SHA256_192_L1_H20_W2 = 53, - WC_LMS_PARM_SHA256_192_L1_H20_W4 = 54, - WC_LMS_PARM_SHA256_192_L1_H20_W8 = 55, - WC_LMS_PARM_SHA256_192_L2_H10_W2 = 45, - WC_LMS_PARM_SHA256_192_L2_H10_W4 = 46, - WC_LMS_PARM_SHA256_192_L2_H10_W8 = 47, - WC_LMS_PARM_SHA256_192_L3_H5_W2 = 48, - WC_LMS_PARM_SHA256_192_L3_H5_W4 = 49, - WC_LMS_PARM_SHA256_192_L3_H5_W8 = 50, - WC_LMS_PARM_SHA256_192_L3_H10_W4 = 51, - WC_LMS_PARM_SHA256_192_L4_H5_W8 = 52, - /* H25 for SHA-256/192 */ - WC_LMS_PARM_SHA256_192_L1_H25_W1 = 63, - WC_LMS_PARM_SHA256_192_L1_H25_W2 = 64, - WC_LMS_PARM_SHA256_192_L1_H25_W4 = 65, - WC_LMS_PARM_SHA256_192_L1_H25_W8 = 66, - /* W1 for non-H5 heights (SHA-256/192) */ - WC_LMS_PARM_SHA256_192_L1_H10_W1 = 67, - WC_LMS_PARM_SHA256_192_L1_H15_W1 = 68, - WC_LMS_PARM_SHA256_192_L1_H20_W1 = 69, - WC_LMS_PARM_SHA256_192_L1_H15_W8 = 70, -#endif - -#ifdef WOLFSSL_LMS_SHAKE256 - /* SHAKE256/256, 32-byte output */ - WC_LMS_PARM_SHAKE_L1_H5_W1 = 100, - WC_LMS_PARM_SHAKE_L1_H5_W2 = 101, - WC_LMS_PARM_SHAKE_L1_H5_W4 = 102, - WC_LMS_PARM_SHAKE_L1_H5_W8 = 103, - WC_LMS_PARM_SHAKE_L1_H10_W1 = 104, - WC_LMS_PARM_SHAKE_L1_H10_W2 = 105, - WC_LMS_PARM_SHAKE_L1_H10_W4 = 106, - WC_LMS_PARM_SHAKE_L1_H10_W8 = 107, - WC_LMS_PARM_SHAKE_L1_H15_W1 = 108, - WC_LMS_PARM_SHAKE_L1_H15_W2 = 109, - WC_LMS_PARM_SHAKE_L1_H15_W4 = 110, - WC_LMS_PARM_SHAKE_L1_H15_W8 = 111, - WC_LMS_PARM_SHAKE_L1_H20_W1 = 112, - WC_LMS_PARM_SHAKE_L1_H20_W2 = 113, - WC_LMS_PARM_SHAKE_L1_H20_W4 = 114, - WC_LMS_PARM_SHAKE_L1_H20_W8 = 115, - WC_LMS_PARM_SHAKE_L1_H25_W1 = 116, - WC_LMS_PARM_SHAKE_L1_H25_W2 = 117, - WC_LMS_PARM_SHAKE_L1_H25_W4 = 118, - WC_LMS_PARM_SHAKE_L1_H25_W8 = 119, - /* SHAKE256/192, 24-byte output */ - WC_LMS_PARM_SHAKE192_L1_H5_W1 = 120, - WC_LMS_PARM_SHAKE192_L1_H5_W2 = 121, - WC_LMS_PARM_SHAKE192_L1_H5_W4 = 122, - WC_LMS_PARM_SHAKE192_L1_H5_W8 = 123, - WC_LMS_PARM_SHAKE192_L1_H10_W1 = 124, - WC_LMS_PARM_SHAKE192_L1_H10_W2 = 125, - WC_LMS_PARM_SHAKE192_L1_H10_W4 = 126, - WC_LMS_PARM_SHAKE192_L1_H10_W8 = 127, - WC_LMS_PARM_SHAKE192_L1_H15_W1 = 128, - WC_LMS_PARM_SHAKE192_L1_H15_W2 = 129, - WC_LMS_PARM_SHAKE192_L1_H15_W4 = 130, - WC_LMS_PARM_SHAKE192_L1_H15_W8 = 131, - WC_LMS_PARM_SHAKE192_L1_H20_W1 = 132, - WC_LMS_PARM_SHAKE192_L1_H20_W2 = 133, - WC_LMS_PARM_SHAKE192_L1_H20_W4 = 134, - WC_LMS_PARM_SHAKE192_L1_H20_W8 = 135, - WC_LMS_PARM_SHAKE192_L1_H25_W1 = 136, - WC_LMS_PARM_SHAKE192_L1_H25_W2 = 137, - WC_LMS_PARM_SHAKE192_L1_H25_W4 = 138, - WC_LMS_PARM_SHAKE192_L1_H25_W8 = 139, -#endif -}; - -/* enum wc_LmsState is to help track the state of an LMS/HSS Key. */ -enum wc_LmsState { - WC_LMS_STATE_FREED, /* Key has been freed from memory. */ - WC_LMS_STATE_INITED, /* Key has been inited, ready to set params.*/ - WC_LMS_STATE_PARMSET, /* Params are set, ready to MakeKey or Reload. */ - WC_LMS_STATE_OK, /* Able to sign signatures and verify. */ - WC_LMS_STATE_VERIFYONLY, /* A public only LmsKey. */ - WC_LMS_STATE_BAD, /* Can't guarantee key's state. */ - WC_LMS_STATE_NOSIGS /* Signatures exhausted. */ -}; - -#ifdef __cplusplus - extern "C" { -#endif -WOLFSSL_API int wc_LmsKey_Init(LmsKey * key, void * heap, int devId); -WOLFSSL_API int wc_LmsKey_SetLmsParm(LmsKey * key, enum wc_LmsParm lmsParm); -WOLFSSL_API int wc_LmsKey_SetParameters(LmsKey * key, int levels, - int height, int winternitz); -WOLFSSL_API int wc_LmsKey_GetParameters(const LmsKey * key, int * levels, - int * height, int * winternitz); -#ifndef WOLFSSL_LMS_VERIFY_ONLY -WOLFSSL_API int wc_LmsKey_SetWriteCb(LmsKey * key, - wc_lms_write_private_key_cb write_cb); -WOLFSSL_API int wc_LmsKey_SetReadCb(LmsKey * key, - wc_lms_read_private_key_cb read_cb); -WOLFSSL_API int wc_LmsKey_SetContext(LmsKey * key, void * context); -WOLFSSL_API int wc_LmsKey_MakeKey(LmsKey * key, WC_RNG * rng); -WOLFSSL_API int wc_LmsKey_Reload(LmsKey * key); -WOLFSSL_API int wc_LmsKey_GetPrivLen(const LmsKey * key, word32 * len); -WOLFSSL_API int wc_LmsKey_Sign(LmsKey * key, byte * sig, word32 * sigSz, - const byte * msg, int msgSz); -WOLFSSL_API int wc_LmsKey_SigsLeft(LmsKey * key); -#endif /* ifndef WOLFSSL_LMS_VERIFY_ONLY */ -WOLFSSL_API void wc_LmsKey_Free(LmsKey * key); -WOLFSSL_API int wc_LmsKey_GetSigLen(const LmsKey * key, word32 * len); -WOLFSSL_API int wc_LmsKey_GetPubLen(const LmsKey * key, word32 * len); -WOLFSSL_API int wc_LmsKey_ExportPub(LmsKey * keyDst, const LmsKey * keySrc); -WOLFSSL_API int wc_LmsKey_ExportPubRaw(const LmsKey * key, byte * out, - word32 * outLen); -WOLFSSL_API int wc_LmsKey_ImportPubRaw(LmsKey * key, const byte * in, - word32 inLen); -WOLFSSL_API int wc_LmsKey_Verify(LmsKey * key, const byte * sig, word32 sigSz, - const byte * msg, int msgSz); -WOLFSSL_API const char * wc_LmsKey_ParmToStr(enum wc_LmsParm lmsParm); -WOLFSSL_API const char * wc_LmsKey_RcToStr(enum wc_LmsRc lmsRc); - -WOLFSSL_API int wc_LmsKey_GetKid(LmsKey * key, const byte ** kid, - word32* kidSz); -WOLFSSL_API const byte * wc_LmsKey_GetKidFromPrivRaw(const byte * priv, - word32 privSz); -#ifdef __cplusplus - } /* extern "C" */ -#endif - -#endif /* WOLFSSL_HAVE_LMS */ -#endif /* WOLF_CRYPT_LMS_H */ diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index b56fc5e190..c1746c5fd1 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -4596,8 +4596,6 @@ extern void uITRON4_free(void *p) ; #endif #if (defined(HAVE_LIBOQS) || \ - defined(HAVE_LIBXMSS) || \ - defined(HAVE_LIBLMS) || \ defined(WOLFSSL_DUAL_ALG_CERTS) || \ defined(HAVE_ASCON)) && \ !defined(WOLFSSL_EXPERIMENTAL_SETTINGS) @@ -4658,15 +4656,15 @@ extern void uITRON4_free(void *p) ; /* (D)TLS v1.3 requires 64-bit number wrappers as does XMSS and LMS. */ #if defined(WOLFSSL_TLS13) || defined(WOLFSSL_DTLS_DROP_STATS) || \ - (defined(WOLFSSL_WC_XMSS) && (!defined(WOLFSSL_XMSS_MAX_HEIGHT) || \ - WOLFSSL_XMSS_MAX_HEIGHT > 32)) || (defined(WOLFSSL_WC_LMS) && \ + (defined(WOLFSSL_HAVE_XMSS) && (!defined(WOLFSSL_XMSS_MAX_HEIGHT) || \ + WOLFSSL_XMSS_MAX_HEIGHT > 32)) || (defined(WOLFSSL_HAVE_LMS) && \ !defined(WOLFSSL_LMS_VERIFY_ONLY)) #undef WOLFSSL_W64_WRAPPER #define WOLFSSL_W64_WRAPPER #endif /* wc_xmss and wc_lms require these misc.c functions. */ -#if defined(WOLFSSL_WC_XMSS) || defined(WOLFSSL_WC_LMS) +#if defined(WOLFSSL_HAVE_XMSS) || defined(WOLFSSL_HAVE_LMS) #undef WOLFSSL_NO_INT_ENCODE #undef WOLFSSL_NO_INT_DECODE #endif diff --git a/wolfssl/wolfcrypt/wc_lms.h b/wolfssl/wolfcrypt/wc_lms.h index 34f77279a0..e12d99431e 100644 --- a/wolfssl/wolfcrypt/wc_lms.h +++ b/wolfssl/wolfcrypt/wc_lms.h @@ -19,6 +19,10 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +/*! + \file wolfssl/wolfcrypt/wc_lms.h + */ + /* Implementation based on: * RFC 8554: Leighton-Micali Hash-Based Signatures * https://datatracker.ietf.org/doc/html/rfc8554 @@ -58,7 +62,7 @@ * C = Cache bits * To mimic the dynamic memory usage of XMSS, use 3/3. * - * WOLFSSL_LMS_NO_SIGN SMOOTHING Default: OFF + * WOLFSSL_LMS_NO_SIGN_SMOOTHING Default: OFF * Disable precalculation of next subtree. * Use less dynamic memory. * At certain indexes, signing will take a long time compared to the mean. @@ -90,9 +94,9 @@ #include -#if defined(WOLFSSL_HAVE_LMS) && defined(WOLFSSL_WC_LMS) +#ifdef WOLFSSL_HAVE_LMS -#include +#include #include #ifdef WOLFSSL_LMS_SHAKE256 #include @@ -104,6 +108,192 @@ #define WC_LMS_FULL_HASH #endif +/* Length of the Key ID. */ +#define WC_LMS_I_LEN 16 + +/* Private key write and read callbacks. */ +typedef int (*wc_lms_write_private_key_cb)(const byte * priv, word32 privSz, void *context); +typedef int (*wc_lms_read_private_key_cb)(byte * priv, word32 privSz, void *context); + +/* Return codes returned by private key callbacks. */ +enum wc_LmsRc { + WC_LMS_RC_NONE, + WC_LMS_RC_BAD_ARG, /* Bad arg in read or write callback. */ + WC_LMS_RC_WRITE_FAIL, /* Write or update private key failed. */ + WC_LMS_RC_READ_FAIL, /* Read private key failed. */ + WC_LMS_RC_SAVED_TO_NV_MEMORY, /* Wrote private key to nonvolatile storage. */ + WC_LMS_RC_READ_TO_MEMORY /* Read private key from storage. */ +}; + +/* LMS/HSS signatures are defined by 3 parameters: + * levels: number of levels of Merkle trees. + * height: height of an individual Merkle tree. + * winternitz: number of bits from hash used in a Winternitz chain. + * + * The acceptable parameter values are those in RFC8554: + * levels = {1..8} + * height = {5, 10, 15, 20, 25} + * winternitz = {1, 2, 4, 8} + * + * The number of available signatures is: + * N = 2 ** (levels * height) + * + * Signature sizes are determined by levels and winternitz + * parameters primarily, and height to a lesser extent: + * - Larger levels values increase signature size significantly. + * - Larger height values increase signature size moderately. + * - Larger winternitz values will reduce the signature size, at + * the expense of longer key generation and sign/verify times. + * + * Key generation time is strongly determined by the height of + * the first level tree. A 3 level, 5 height tree is much faster + * than 1 level, 15 height at initial key gen, even if the number + * of available signatures is the same. + * */ + +/* Predefined LMS/HSS parameter sets for convenience. + * + * Not predefining many sets with Winternitz=1, because the signatures + * will be large. */ +enum wc_LmsParm { +#ifndef WOLFSSL_NO_LMS_SHA256_256 + WC_LMS_PARM_NONE = 0, + WC_LMS_PARM_L1_H5_W1 = 1, + WC_LMS_PARM_L1_H5_W2 = 2, + WC_LMS_PARM_L1_H5_W4 = 3, + WC_LMS_PARM_L1_H5_W8 = 4, + WC_LMS_PARM_L1_H10_W2 = 5, + WC_LMS_PARM_L1_H10_W4 = 6, + WC_LMS_PARM_L1_H10_W8 = 7, + WC_LMS_PARM_L1_H15_W2 = 8, + WC_LMS_PARM_L1_H15_W4 = 9, + WC_LMS_PARM_L1_H15_W8 = 10, + WC_LMS_PARM_L1_H20_W2 = 11, + WC_LMS_PARM_L1_H20_W4 = 12, + WC_LMS_PARM_L1_H20_W8 = 13, + WC_LMS_PARM_L2_H5_W2 = 14, + WC_LMS_PARM_L2_H5_W4 = 15, + WC_LMS_PARM_L2_H5_W8 = 16, + WC_LMS_PARM_L2_H10_W2 = 17, + WC_LMS_PARM_L2_H10_W4 = 18, + WC_LMS_PARM_L2_H10_W8 = 19, + WC_LMS_PARM_L2_H15_W2 = 20, + WC_LMS_PARM_L2_H15_W4 = 21, + WC_LMS_PARM_L2_H15_W8 = 22, + WC_LMS_PARM_L2_H20_W2 = 23, + WC_LMS_PARM_L2_H20_W4 = 24, + WC_LMS_PARM_L2_H20_W8 = 25, + WC_LMS_PARM_L3_H5_W2 = 26, + WC_LMS_PARM_L3_H5_W4 = 27, + WC_LMS_PARM_L3_H5_W8 = 28, + WC_LMS_PARM_L3_H10_W4 = 29, + WC_LMS_PARM_L3_H10_W8 = 30, + WC_LMS_PARM_L4_H5_W2 = 31, + WC_LMS_PARM_L4_H5_W4 = 32, + WC_LMS_PARM_L4_H5_W8 = 33, + WC_LMS_PARM_L4_H10_W4 = 34, + WC_LMS_PARM_L4_H10_W8 = 35, + /* H25 parameter sets for SHA-256/256 */ + WC_LMS_PARM_L1_H25_W1 = 56, + WC_LMS_PARM_L1_H25_W2 = 57, + WC_LMS_PARM_L1_H25_W4 = 58, + WC_LMS_PARM_L1_H25_W8 = 59, + /* W1 for non-H5 heights */ + WC_LMS_PARM_L1_H10_W1 = 60, + WC_LMS_PARM_L1_H15_W1 = 61, + WC_LMS_PARM_L1_H20_W1 = 62, +#endif + +#ifdef WOLFSSL_LMS_SHA256_192 + WC_LMS_PARM_SHA256_192_L1_H5_W1 = 36, + WC_LMS_PARM_SHA256_192_L1_H5_W2 = 37, + WC_LMS_PARM_SHA256_192_L1_H5_W4 = 38, + WC_LMS_PARM_SHA256_192_L1_H5_W8 = 39, + WC_LMS_PARM_SHA256_192_L1_H10_W2 = 40, + WC_LMS_PARM_SHA256_192_L1_H10_W4 = 41, + WC_LMS_PARM_SHA256_192_L1_H10_W8 = 42, + WC_LMS_PARM_SHA256_192_L1_H15_W2 = 43, + WC_LMS_PARM_SHA256_192_L1_H15_W4 = 44, + WC_LMS_PARM_SHA256_192_L1_H20_W2 = 53, + WC_LMS_PARM_SHA256_192_L1_H20_W4 = 54, + WC_LMS_PARM_SHA256_192_L1_H20_W8 = 55, + WC_LMS_PARM_SHA256_192_L2_H10_W2 = 45, + WC_LMS_PARM_SHA256_192_L2_H10_W4 = 46, + WC_LMS_PARM_SHA256_192_L2_H10_W8 = 47, + WC_LMS_PARM_SHA256_192_L3_H5_W2 = 48, + WC_LMS_PARM_SHA256_192_L3_H5_W4 = 49, + WC_LMS_PARM_SHA256_192_L3_H5_W8 = 50, + WC_LMS_PARM_SHA256_192_L3_H10_W4 = 51, + WC_LMS_PARM_SHA256_192_L4_H5_W8 = 52, + /* H25 for SHA-256/192 */ + WC_LMS_PARM_SHA256_192_L1_H25_W1 = 63, + WC_LMS_PARM_SHA256_192_L1_H25_W2 = 64, + WC_LMS_PARM_SHA256_192_L1_H25_W4 = 65, + WC_LMS_PARM_SHA256_192_L1_H25_W8 = 66, + /* W1 for non-H5 heights (SHA-256/192) */ + WC_LMS_PARM_SHA256_192_L1_H10_W1 = 67, + WC_LMS_PARM_SHA256_192_L1_H15_W1 = 68, + WC_LMS_PARM_SHA256_192_L1_H20_W1 = 69, + WC_LMS_PARM_SHA256_192_L1_H15_W8 = 70, +#endif + +#ifdef WOLFSSL_LMS_SHAKE256 + /* SHAKE256/256, 32-byte output */ + WC_LMS_PARM_SHAKE_L1_H5_W1 = 100, + WC_LMS_PARM_SHAKE_L1_H5_W2 = 101, + WC_LMS_PARM_SHAKE_L1_H5_W4 = 102, + WC_LMS_PARM_SHAKE_L1_H5_W8 = 103, + WC_LMS_PARM_SHAKE_L1_H10_W1 = 104, + WC_LMS_PARM_SHAKE_L1_H10_W2 = 105, + WC_LMS_PARM_SHAKE_L1_H10_W4 = 106, + WC_LMS_PARM_SHAKE_L1_H10_W8 = 107, + WC_LMS_PARM_SHAKE_L1_H15_W1 = 108, + WC_LMS_PARM_SHAKE_L1_H15_W2 = 109, + WC_LMS_PARM_SHAKE_L1_H15_W4 = 110, + WC_LMS_PARM_SHAKE_L1_H15_W8 = 111, + WC_LMS_PARM_SHAKE_L1_H20_W1 = 112, + WC_LMS_PARM_SHAKE_L1_H20_W2 = 113, + WC_LMS_PARM_SHAKE_L1_H20_W4 = 114, + WC_LMS_PARM_SHAKE_L1_H20_W8 = 115, + WC_LMS_PARM_SHAKE_L1_H25_W1 = 116, + WC_LMS_PARM_SHAKE_L1_H25_W2 = 117, + WC_LMS_PARM_SHAKE_L1_H25_W4 = 118, + WC_LMS_PARM_SHAKE_L1_H25_W8 = 119, + /* SHAKE256/192, 24-byte output */ + WC_LMS_PARM_SHAKE192_L1_H5_W1 = 120, + WC_LMS_PARM_SHAKE192_L1_H5_W2 = 121, + WC_LMS_PARM_SHAKE192_L1_H5_W4 = 122, + WC_LMS_PARM_SHAKE192_L1_H5_W8 = 123, + WC_LMS_PARM_SHAKE192_L1_H10_W1 = 124, + WC_LMS_PARM_SHAKE192_L1_H10_W2 = 125, + WC_LMS_PARM_SHAKE192_L1_H10_W4 = 126, + WC_LMS_PARM_SHAKE192_L1_H10_W8 = 127, + WC_LMS_PARM_SHAKE192_L1_H15_W1 = 128, + WC_LMS_PARM_SHAKE192_L1_H15_W2 = 129, + WC_LMS_PARM_SHAKE192_L1_H15_W4 = 130, + WC_LMS_PARM_SHAKE192_L1_H15_W8 = 131, + WC_LMS_PARM_SHAKE192_L1_H20_W1 = 132, + WC_LMS_PARM_SHAKE192_L1_H20_W2 = 133, + WC_LMS_PARM_SHAKE192_L1_H20_W4 = 134, + WC_LMS_PARM_SHAKE192_L1_H20_W8 = 135, + WC_LMS_PARM_SHAKE192_L1_H25_W1 = 136, + WC_LMS_PARM_SHAKE192_L1_H25_W2 = 137, + WC_LMS_PARM_SHAKE192_L1_H25_W4 = 138, + WC_LMS_PARM_SHAKE192_L1_H25_W8 = 139, +#endif +}; + +/* enum wc_LmsState is to help track the state of an LMS/HSS Key. */ +enum wc_LmsState { + WC_LMS_STATE_FREED, /* Key has been freed from memory. */ + WC_LMS_STATE_INITED, /* Key has been inited, ready to set params.*/ + WC_LMS_STATE_PARMSET, /* Params are set, ready to MakeKey or Reload. */ + WC_LMS_STATE_OK, /* Able to sign signatures and verify. */ + WC_LMS_STATE_VERIFYONLY, /* A public only LmsKey. */ + WC_LMS_STATE_BAD, /* Can't guarantee key's state. */ + WC_LMS_STATE_NOSIGS /* Signatures exhausted. */ +}; + #ifdef WOLFSSL_LMS_MAX_LEVELS /* Maximum number of levels of trees supported by implementation. */ #define LMS_MAX_LEVELS WOLFSSL_LMS_MAX_LEVELS @@ -546,7 +736,7 @@ typedef struct HssPrivKey { #endif } HssPrivKey; -struct LmsKey { +typedef struct LmsKey { /* Public key. */ ALIGN16 byte pub[HSS_PUBLIC_KEY_LEN(LMS_MAX_NODE_LEN)]; #ifndef WOLFSSL_LMS_VERIFY_ONLY @@ -575,7 +765,48 @@ struct LmsKey { /* Device Identifier. */ int devId; #endif -}; +} LmsKey; + +#ifdef __cplusplus + extern "C" { +#endif + +WOLFSSL_API int wc_LmsKey_Init(LmsKey * key, void * heap, int devId); +WOLFSSL_API int wc_LmsKey_SetLmsParm(LmsKey * key, enum wc_LmsParm lmsParm); +WOLFSSL_API int wc_LmsKey_SetParameters(LmsKey * key, int levels, + int height, int winternitz); +WOLFSSL_API int wc_LmsKey_GetParameters(const LmsKey * key, int * levels, + int * height, int * winternitz); +#ifndef WOLFSSL_LMS_VERIFY_ONLY +WOLFSSL_API int wc_LmsKey_SetWriteCb(LmsKey * key, + wc_lms_write_private_key_cb write_cb); +WOLFSSL_API int wc_LmsKey_SetReadCb(LmsKey * key, + wc_lms_read_private_key_cb read_cb); +WOLFSSL_API int wc_LmsKey_SetContext(LmsKey * key, void * context); +WOLFSSL_API int wc_LmsKey_MakeKey(LmsKey * key, WC_RNG * rng); +WOLFSSL_API int wc_LmsKey_Reload(LmsKey * key); +WOLFSSL_API int wc_LmsKey_GetPrivLen(const LmsKey * key, word32 * len); +WOLFSSL_API int wc_LmsKey_Sign(LmsKey * key, byte * sig, word32 * sigSz, + const byte * msg, int msgSz); +WOLFSSL_API int wc_LmsKey_SigsLeft(LmsKey * key); +#endif /* ifndef WOLFSSL_LMS_VERIFY_ONLY */ +WOLFSSL_API void wc_LmsKey_Free(LmsKey * key); +WOLFSSL_API int wc_LmsKey_GetSigLen(const LmsKey * key, word32 * len); +WOLFSSL_API int wc_LmsKey_GetPubLen(const LmsKey * key, word32 * len); +WOLFSSL_API int wc_LmsKey_ExportPub(LmsKey * keyDst, const LmsKey * keySrc); +WOLFSSL_API int wc_LmsKey_ExportPubRaw(const LmsKey * key, byte * out, + word32 * outLen); +WOLFSSL_API int wc_LmsKey_ImportPubRaw(LmsKey * key, const byte * in, + word32 inLen); +WOLFSSL_API int wc_LmsKey_Verify(LmsKey * key, const byte * sig, word32 sigSz, + const byte * msg, int msgSz); +WOLFSSL_API const char * wc_LmsKey_ParmToStr(enum wc_LmsParm lmsParm); +WOLFSSL_API const char * wc_LmsKey_RcToStr(enum wc_LmsRc lmsRc); + +WOLFSSL_API int wc_LmsKey_GetKid(LmsKey * key, const byte ** kid, + word32* kidSz); +WOLFSSL_API const byte * wc_LmsKey_GetKidFromPrivRaw(const byte * priv, + word32 privSz); int wc_hss_make_key(LmsState* state, WC_RNG* rng, byte* priv_raw, HssPrivKey* priv_key, byte* priv_data, byte* pub); @@ -588,6 +819,10 @@ WOLFSSL_API int wc_hss_verify(LmsState* state, const byte* pub, const byte* msg, word32 msgSz, const byte* sig, word32 sigSz); -#endif /* WOLFSSL_HAVE_LMS && WOLFSSL_WC_LMS */ +#ifdef __cplusplus +} /* extern "C" */ +#endif + +#endif /* WOLFSSL_HAVE_LMS */ #endif /* WC_LMS_H */ diff --git a/wolfssl/wolfcrypt/wc_xmss.h b/wolfssl/wolfcrypt/wc_xmss.h index 200cd4322e..5ed8823b65 100644 --- a/wolfssl/wolfcrypt/wc_xmss.h +++ b/wolfssl/wolfcrypt/wc_xmss.h @@ -19,6 +19,10 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +/*! + \file wolfssl/wolfcrypt/wc_xmss.h + */ + /* Based on: * o RFC 8391 - XMSS: eXtended Merkle Signature Scheme * o [HDSS] "Hash-based Digital Signature Schemes", Buchmann, Dahmen and Szydlo @@ -28,22 +32,150 @@ #ifndef WC_XMSS_H #define WC_XMSS_H +#include + #ifdef WOLFSSL_HAVE_XMSS -#include + +#include #include #include #include + /* When raw hash access APIs are disabled or unavailable (WOLFSSL_NO_HASH_RAW), * fall back to using the full hash API calls. */ #if defined(WOLFSSL_NO_HASH_RAW) && !defined(WC_XMSS_FULL_HASH) #define WC_XMSS_FULL_HASH #endif -#if !defined(WOLFSSL_WC_XMSS) - #error "This code is incompatible with external implementation of XMSS." +/* Note on XMSS/XMSS^MT pub/priv key sizes: + * - The XMSS/XMSS^MT pub key has a defined format and size. + * - The XMSS/XMSS^MT private key is implementation and parameter + * specific. It does not have a standardized format or size. + * + * The XMSS/XMSS^MT public and secret key format and length is: + * PK = OID || root || SEED; + * PK_len = 4 + 2 * n + * + * SK = OID || (implementation defined) + * SK_len = 4 + (implementation defined) + * + * where n is the number of bytes in the hash function, which is 32 + * in this SHA256 implementation. + * + * However the private key is implementation specific. For example, + * in xmss-reference the private key size varies from 137 bytes to + * 1377 bytes between slow and fast implementations with param name + * "XMSSMT-SHA2_20/2_256". + * + * References: + * - RFC 8391 + * - Table 2 of Kampanakis, Fluhrer, IACR, 2017. + * */ + +#define XMSS_SHA256_PUBLEN (68) + +/* Supported XMSS/XMSS^MT parameter set names: + * We are supporting all SHA256 parameter sets with n=32 and + * Winternitz=16, from RFC 8391 and NIST SP 800-208. + * + * ---------------------------------------------------------- + * | Name OID n w len h d | + * XMSS: | "XMSS-SHA2_10_256" 0x00000001 32 16 67 10 1 | + * | "XMSS-SHA2_16_256" 0x00000002 32 16 67 16 1 | + * | "XMSS-SHA2_20_256" 0x00000003 32 16 67 20 1 | + * | | + * XMSSMT: | "XMSSMT-SHA2_20/2_256" 0x00000001 32 16 67 20 2 | + * | "XMSSMT-SHA2_20/4_256" 0x00000002 32 16 67 20 4 | + * | "XMSSMT-SHA2_40/2_256" 0x00000003 32 16 67 40 2 | + * | "XMSSMT-SHA2_40/4_256" 0x00000004 32 16 67 40 4 | + * | "XMSSMT-SHA2_40/8_256" 0x00000005 32 16 67 40 8 | + * | "XMSSMT-SHA2_60/3_256" 0x00000006 32 16 67 60 3 | + * | "XMSSMT-SHA2_60/6_256" 0x00000007 32 16 67 60 6 | + * | "XMSSMT-SHA2_60/12_256" 0x00000008 32 16 67 60 12 | + * ---------------------------------------------------------- + * + * Note that some XMSS and XMSSMT names do have overlapping OIDs. + * + * References: + * 1. NIST SP 800-208 + * 2. RFC 8391 + * */ + +#define XMSS_NAME_LEN (16) /* strlen("XMSS-SHA2_10_256") */ +#define XMSSMT_NAME_MIN_LEN (20) /* strlen("XMSSMT-SHA2_20/2_256") */ +#define XMSSMT_NAME_MAX_LEN (21) /* strlen("XMSSMT-SHA2_60/12_256") */ + +#if defined(HAVE_FIPS) + #undef WOLFSSL_WC_XMSS_NO_SHA512 + #define WOLFSSL_WC_XMSS_NO_SHA512 + #undef WOLFSSL_WC_XMSS_NO_SHAKE128 + #define WOLFSSL_WC_XMSS_NO_SHAKE128 + #undef WOLFSSL_WC_XMSS_MAX_HASH_SIZE + #define WOLFSSL_WC_XMSS_MIN_HASH_SIZE 192 + #define WOLFSSL_WC_XMSS_MAX_HASH_SIZE 256 +#endif + +#if !defined(NO_SHA256) && !defined(WOLFSSL_WC_XMSS_NO_SHA256) + #define WC_XMSS_SHA256 +#endif +#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_WC_XMSS_NO_SHA512) + #define WC_XMSS_SHA512 +#endif +#if defined(WOLFSSL_SHAKE128) && !defined(WOLFSSL_WC_XMSS_NO_SHAKE128) + #define WC_XMSS_SHAKE128 +#endif +#if defined(WOLFSSL_SHAKE256) && !defined(WOLFSSL_WC_XMSS_NO_SHAKE256) + #define WC_XMSS_SHAKE256 +#endif + +#ifndef WOLFSSL_WC_XMSS_MIN_HASH_SIZE + #define WOLFSSL_WC_XMSS_MIN_HASH_SIZE 192 +#endif +#ifndef WOLFSSL_WC_XMSS_MAX_HASH_SIZE + #define WOLFSSL_WC_XMSS_MAX_HASH_SIZE 512 +#endif +#if WOLFSSL_WC_XMSS_MIN_HASH_SIZE > WOLFSSL_WC_XMSS_MAX_HASH_SIZE + #error "XMSS minimum hash size is greater than maximum hash size" +#endif + +#ifndef WOLFSSL_XMSS_MIN_HEIGHT + #define WOLFSSL_XMSS_MIN_HEIGHT 10 +#endif +#ifndef WOLFSSL_XMSS_MAX_HEIGHT + #define WOLFSSL_XMSS_MAX_HEIGHT 60 +#endif +#if WOLFSSL_XMSS_MIN_HEIGHT > WOLFSSL_XMSS_MAX_HEIGHT + #error "XMSS minimum height is greater than maximum height" #endif +/* Return codes returned by private key callbacks. */ +enum wc_XmssRc { + WC_XMSS_RC_NONE, + WC_XMSS_RC_BAD_ARG, /* Bad arg in read or write callback. */ + WC_XMSS_RC_WRITE_FAIL, /* Write or update private key failed. */ + WC_XMSS_RC_READ_FAIL, /* Read private key failed. */ + WC_XMSS_RC_SAVED_TO_NV_MEMORY, /* Wrote private key to nonvolatile storage. */ + WC_XMSS_RC_READ_TO_MEMORY /* Read private key from storage. */ +}; + +/* enum wc_XmssState is to help track the state of an XMSS Key. */ +enum wc_XmssState { + WC_XMSS_STATE_FREED, /* Key has been freed from memory. */ + WC_XMSS_STATE_INITED, /* Key has been inited, ready to set params.*/ + WC_XMSS_STATE_PARMSET, /* Params are set, ready to MakeKey or Reload. */ + WC_XMSS_STATE_OK, /* Able to sign signatures and verify. */ + WC_XMSS_STATE_VERIFYONLY, /* A public only XmssKey. */ + WC_XMSS_STATE_BAD, /* Can't guarantee key's state. */ + WC_XMSS_STATE_NOSIGS /* Signatures exhausted. */ +}; + +/* Private key write and read callbacks. */ +typedef enum wc_XmssRc (*wc_xmss_write_private_key_cb)(const byte* priv, word32 privSz, + void* context); +typedef enum wc_XmssRc (*wc_xmss_read_private_key_cb)(byte* priv, word32 privSz, + void* context); + #if (defined(WC_XMSS_SHA512) || defined(WC_XMSS_SHAKE256)) && \ (WOLFSSL_WC_XMSS_MAX_HASH_SIZE >= 512) #define WC_XMSS_MAX_N 64 @@ -205,7 +337,7 @@ typedef struct XmssParams { word8 bds_k; } XmssParams; -struct XmssKey { +typedef struct XmssKey { /* Public key. */ unsigned char pk[2 * WC_XMSS_MAX_N]; /* OID that identifies parameters. */ @@ -228,7 +360,7 @@ struct XmssKey { #endif /* ifndef WOLFSSL_XMSS_VERIFY_ONLY */ /* State of key. */ enum wc_XmssState state; -}; +} XmssKey; typedef struct XmssState { const XmssParams* params; @@ -267,6 +399,32 @@ typedef struct XmssState { extern "C" { #endif +WOLFSSL_API int wc_XmssKey_Init(XmssKey* key, void* heap, int devId); +WOLFSSL_API int wc_XmssKey_SetParamStr(XmssKey* key, const char* str); +#ifndef WOLFSSL_XMSS_VERIFY_ONLY +WOLFSSL_API int wc_XmssKey_SetWriteCb(XmssKey* key, + wc_xmss_write_private_key_cb write_cb); +WOLFSSL_API int wc_XmssKey_SetReadCb(XmssKey* key, + wc_xmss_read_private_key_cb read_cb); +WOLFSSL_API int wc_XmssKey_SetContext(XmssKey* key, void* context); +WOLFSSL_API int wc_XmssKey_MakeKey(XmssKey* key, WC_RNG* rng); +WOLFSSL_API int wc_XmssKey_Reload(XmssKey* key); +WOLFSSL_API int wc_XmssKey_GetPrivLen(const XmssKey* key, word32* len); +WOLFSSL_API int wc_XmssKey_Sign(XmssKey* key, byte* sig, word32* sigSz, + const byte* msg, int msgSz); +WOLFSSL_API int wc_XmssKey_SigsLeft(XmssKey* key); +#endif /* ifndef WOLFSSL_XMSS_VERIFY_ONLY */ +WOLFSSL_API void wc_XmssKey_Free(XmssKey* key); +WOLFSSL_API int wc_XmssKey_GetSigLen(const XmssKey* key, word32* len); +WOLFSSL_API int wc_XmssKey_GetPubLen(const XmssKey* key, word32* len); +WOLFSSL_API int wc_XmssKey_ExportPub(XmssKey* keyDst, const XmssKey* keySrc); +WOLFSSL_API int wc_XmssKey_ExportPubRaw(const XmssKey* key, byte* out, + word32* outLen); +WOLFSSL_API int wc_XmssKey_ImportPubRaw(XmssKey* key, const byte* in, + word32 inLen); +WOLFSSL_API int wc_XmssKey_Verify(XmssKey* key, const byte* sig, word32 sigSz, + const byte* msg, int msgSz); + WOLFSSL_LOCAL int wc_xmssmt_keygen(XmssState *state, const unsigned char* seed, unsigned char *sk, unsigned char *pk); WOLFSSL_LOCAL int wc_xmss_keygen(XmssState *state, const unsigned char* seed, @@ -283,9 +441,8 @@ WOLFSSL_LOCAL int wc_xmssmt_verify(XmssState *state, const unsigned char *m, word32 mlen, const unsigned char *sm, const unsigned char *pk); #ifdef __cplusplus - } /* extern "C" */ +} /* extern "C" */ #endif #endif /* WOLFSSL_HAVE_XMSS */ #endif /* WC_XMSS_H */ - diff --git a/wolfssl/wolfcrypt/xmss.h b/wolfssl/wolfcrypt/xmss.h deleted file mode 100644 index 4fd4da1cca..0000000000 --- a/wolfssl/wolfcrypt/xmss.h +++ /dev/null @@ -1,203 +0,0 @@ -/* xmss.h - * - * Copyright (C) 2006-2026 wolfSSL Inc. - * - * This file is part of wolfSSL. - * - * wolfSSL is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * wolfSSL is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA - */ - -/*! - \file wolfssl/wolfcrypt/xmss.h - */ - -#ifndef WOLF_CRYPT_XMSS_H -#define WOLF_CRYPT_XMSS_H - -#include -#include - -#ifdef WOLFSSL_HAVE_XMSS - -/* Note on XMSS/XMSS^MT pub/priv key sizes: - * - The XMSS/XMSS^MT pub key has a defined format and size. - * - The XMSS/XMSS^MT private key is implementation and parameter - * specific. It does not have a standardized format or size. - * - * The XMSS/XMSS^MT public and secret key format and length is: - * PK = OID || root || SEED; - * PK_len = 4 + 2 * n - * - * SK = OID || (implementation defined) - * SK_len = 4 + (implementation defined) - * - * where n is the number of bytes in the hash function, which is 32 - * in this SHA256 implementation. - * - * However the private key is implementation specific. For example, - * in xmss-reference the private key size varies from 137 bytes to - * 1377 bytes between slow and fast implementations with param name - * "XMSSMT-SHA2_20/2_256". - * - * References: - * - RFC 8391 - * - Table 2 of Kampanakis, Fluhrer, IACR, 2017. - * */ - -#define XMSS_SHA256_PUBLEN (68) - -/* Supported XMSS/XMSS^MT parameter set names: - * We are supporting all SHA256 parameter sets with n=32 and - * Winternitz=16, from RFC 8391 and NIST SP 800-208. - * - * ---------------------------------------------------------- - * | Name OID n w len h d | - * XMSS: | "XMSS-SHA2_10_256" 0x00000001 32 16 67 10 1 | - * | "XMSS-SHA2_16_256" 0x00000002 32 16 67 16 1 | - * | "XMSS-SHA2_20_256" 0x00000003 32 16 67 20 1 | - * | | - * XMSSMT: | "XMSSMT-SHA2_20/2_256" 0x00000001 32 16 67 20 2 | - * | "XMSSMT-SHA2_20/4_256" 0x00000002 32 16 67 20 4 | - * | "XMSSMT-SHA2_40/2_256" 0x00000003 32 16 67 40 2 | - * | "XMSSMT-SHA2_40/4_256" 0x00000004 32 16 67 40 4 | - * | "XMSSMT-SHA2_40/8_256" 0x00000005 32 16 67 40 8 | - * | "XMSSMT-SHA2_60/3_256" 0x00000006 32 16 67 60 3 | - * | "XMSSMT-SHA2_60/6_256" 0x00000007 32 16 67 60 6 | - * | "XMSSMT-SHA2_60/12_256" 0x00000008 32 16 67 60 12 | - * ---------------------------------------------------------- - * - * Note that some XMSS and XMSSMT names do have overlapping OIDs. - * - * References: - * 1. NIST SP 800-208 - * 2. RFC 8391 - * */ - -#define XMSS_NAME_LEN (16) /* strlen("XMSS-SHA2_10_256") */ -#define XMSSMT_NAME_MIN_LEN (20) /* strlen("XMSSMT-SHA2_20/2_256") */ -#define XMSSMT_NAME_MAX_LEN (21) /* strlen("XMSSMT-SHA2_60/12_256") */ - -#if defined(HAVE_FIPS) || defined(HAVE_LIBXMSS) - #undef WOLFSSL_WC_XMSS_NO_SHA512 - #define WOLFSSL_WC_XMSS_NO_SHA512 - #undef WOLFSSL_WC_XMSS_NO_SHAKE128 - #define WOLFSSL_WC_XMSS_NO_SHAKE128 - #undef WOLFSSL_WC_XMSS_MAX_HASH_SIZE - #ifdef HAVE_LIBXMSS - #define WOLFSSL_WC_XMSS_MIN_HASH_SIZE 256 - #else - #define WOLFSSL_WC_XMSS_MIN_HASH_SIZE 192 - #endif - #define WOLFSSL_WC_XMSS_MAX_HASH_SIZE 256 -#endif - -#if !defined(NO_SHA256) && !defined(WOLFSSL_WC_XMSS_NO_SHA256) - #define WC_XMSS_SHA256 -#endif -#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_WC_XMSS_NO_SHA512) - #define WC_XMSS_SHA512 -#endif -#if defined(WOLFSSL_SHAKE128) && !defined(WOLFSSL_WC_XMSS_NO_SHAKE128) - #define WC_XMSS_SHAKE128 -#endif -#if defined(WOLFSSL_SHAKE256) && !defined(WOLFSSL_WC_XMSS_NO_SHAKE256) - #define WC_XMSS_SHAKE256 -#endif - -#ifndef WOLFSSL_WC_XMSS_MIN_HASH_SIZE - #define WOLFSSL_WC_XMSS_MIN_HASH_SIZE 192 -#endif -#ifndef WOLFSSL_WC_XMSS_MAX_HASH_SIZE - #define WOLFSSL_WC_XMSS_MAX_HASH_SIZE 512 -#endif -#if WOLFSSL_WC_XMSS_MIN_HASH_SIZE > WOLFSSL_WC_XMSS_MAX_HASH_SIZE - #error "XMSS minimum hash size is greater than maximum hash size" -#endif - -#ifndef WOLFSSL_XMSS_MIN_HEIGHT - #define WOLFSSL_XMSS_MIN_HEIGHT 10 -#endif -#ifndef WOLFSSL_XMSS_MAX_HEIGHT - #define WOLFSSL_XMSS_MAX_HEIGHT 60 -#endif -#if WOLFSSL_XMSS_MIN_HEIGHT > WOLFSSL_XMSS_MAX_HEIGHT - #error "XMSS minimum height is greater than maximum height" -#endif - -typedef struct XmssKey XmssKey; - -/* Return codes returned by private key callbacks. */ -enum wc_XmssRc { - WC_XMSS_RC_NONE, - WC_XMSS_RC_BAD_ARG, /* Bad arg in read or write callback. */ - WC_XMSS_RC_WRITE_FAIL, /* Write or update private key failed. */ - WC_XMSS_RC_READ_FAIL, /* Read private key failed. */ - WC_XMSS_RC_SAVED_TO_NV_MEMORY, /* Wrote private key to nonvolatile storage. */ - WC_XMSS_RC_READ_TO_MEMORY /* Read private key from storage. */ -}; - -/* enum wc_XmssState is to help track the state of an XMSS Key. */ -enum wc_XmssState { - WC_XMSS_STATE_FREED, /* Key has been freed from memory. */ - WC_XMSS_STATE_INITED, /* Key has been inited, ready to set params.*/ - WC_XMSS_STATE_PARMSET, /* Params are set, ready to MakeKey or Reload. */ - WC_XMSS_STATE_OK, /* Able to sign signatures and verify. */ - WC_XMSS_STATE_VERIFYONLY, /* A public only XmssKey. */ - WC_XMSS_STATE_BAD, /* Can't guarantee key's state. */ - WC_XMSS_STATE_NOSIGS /* Signatures exhausted. */ -}; - -/* Private key write and read callbacks. */ -typedef enum wc_XmssRc (*wc_xmss_write_private_key_cb)(const byte* priv, word32 privSz, - void* context); -typedef enum wc_XmssRc (*wc_xmss_read_private_key_cb)(byte* priv, word32 privSz, - void* context); - -#ifdef __cplusplus - extern "C" { -#endif - -WOLFSSL_API int wc_XmssKey_Init(XmssKey* key, void* heap, int devId); -WOLFSSL_API int wc_XmssKey_SetParamStr(XmssKey* key, const char* str); -#ifndef WOLFSSL_XMSS_VERIFY_ONLY -WOLFSSL_API int wc_XmssKey_SetWriteCb(XmssKey* key, - wc_xmss_write_private_key_cb write_cb); -WOLFSSL_API int wc_XmssKey_SetReadCb(XmssKey* key, - wc_xmss_read_private_key_cb read_cb); -WOLFSSL_API int wc_XmssKey_SetContext(XmssKey* key, void* context); -WOLFSSL_API int wc_XmssKey_MakeKey(XmssKey* key, WC_RNG* rng); -WOLFSSL_API int wc_XmssKey_Reload(XmssKey* key); -WOLFSSL_API int wc_XmssKey_GetPrivLen(const XmssKey* key, word32* len); -WOLFSSL_API int wc_XmssKey_Sign(XmssKey* key, byte* sig, word32* sigSz, - const byte* msg, int msgSz); -WOLFSSL_API int wc_XmssKey_SigsLeft(XmssKey* key); -#endif /* ifndef WOLFSSL_XMSS_VERIFY_ONLY */ -WOLFSSL_API void wc_XmssKey_Free(XmssKey* key); -WOLFSSL_API int wc_XmssKey_GetSigLen(const XmssKey* key, word32* len); -WOLFSSL_API int wc_XmssKey_GetPubLen(const XmssKey* key, word32* len); -WOLFSSL_API int wc_XmssKey_ExportPub(XmssKey* keyDst, const XmssKey* keySrc); -WOLFSSL_API int wc_XmssKey_ExportPubRaw(const XmssKey* key, byte* out, - word32* outLen); -WOLFSSL_API int wc_XmssKey_ImportPubRaw(XmssKey* key, const byte* in, - word32 inLen); -WOLFSSL_API int wc_XmssKey_Verify(XmssKey* key, const byte* sig, word32 sigSz, - const byte* msg, int msgSz); - -#ifdef __cplusplus - } /* extern "C" */ -#endif - -#endif /* WOLFSSL_HAVE_XMSS */ -#endif /* WOLF_CRYPT_XMSS_H */