Skip to content

Commit 455e7ff

Browse files
FrauschiFrauschi
committed
Support RFC 9802 LMS and XMSS in X.509 verification
Wire the stateful hash-based signature schemes HSS/LMS (RFC 8554) and XMSS / XMSS^MT (RFC 8391) into the X.509 cert-verification path per RFC 9802. asn: - Register id-alg-hss-lms-hashsig (1.2.840.113549.1.9.16.3.17), id-alg-xmss-hashsig (1.3.6.1.5.5.7.6.34) and id-alg-xmssmt-hashsig (1.3.6.1.5.5.7.6.35) in oid_sum.h, asn.c and asn1_oid_sum.pl. - Plumb the new keyOIDs through GetCertKey, SigOidMatchesKeyOid, HashForSignature, FreeSignatureCtx and ConfirmSignature so leaf and CA certificates parse, load and verify end-to-end. - Rename IsSigAlgoECC -> IsSigAlgoNoParams; the function has tested "AlgorithmIdentifier omits NULL parameters" since PQC algos were added, and HSS/LMS + XMSS only made the original name more misleading. wc_lms / wc_xmss: - Add wc_XmssKey_ImportPubRaw_ex which derives parameters from the 4-byte OID prefix at the start of the raw public key, taking an is_xmssmt hint to disambiguate the overlapping XMSS / XMSS^MT OID spaces. - Extend wc_LmsKey_ImportPubRaw with the same auto-derive from u32str(L) || lmsType || lmOtsType when key->params is NULL; this also fixes a latent NULL-deref when the legacy precondition was violated. - Reject WC_*_STATE_OK in both ImportPubRaw paths so re-importing on a private-key-loaded handle can't desync priv/pub. - Tighten wc_XmssKey_Verify's length check to strict equality, matching wc_LmsKey_Verify and the documented contract of using wc_XmssKey_GetSigLen for the buffer size. tests / fixtures: - Bouncy Castle 1.81 fixtures in certs/lms and certs/xmss covering every supported parameter set, plus CA->leaf chains per family and one BC-native LMS fixture as a cross-impl interop gate. - New api tests verify each fixture end-to-end, tamper TBS and signature bytes, exercise the wolfCrypt-level negative paths (NOT_COMPILED_IN, BUFFER_E, BAD_FUNC_ARG, BAD_STATE_E, OID/family mismatch, partial-write invariants, lenient VERIFYONLY re-import, strict sigLen check) and confirm the outer signatureAlgorithm OID is rejected when it disagrees with the SPKI in both XMSS<->XMSS^MT directions.
1 parent 6a3eb6f commit 455e7ff

27 files changed

Lines changed: 1277 additions & 39 deletions

certs/include.am

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -161,6 +161,8 @@ include certs/falcon/include.am
161161
include certs/rsapss/include.am
162162
include certs/dilithium/include.am
163163
include certs/slhdsa/include.am
164+
include certs/lms/include.am
165+
include certs/xmss/include.am
164166
include certs/rpk/include.am
165167
include certs/acert/include.am
166168
include certs/mldsa/include.am

certs/lms/bc_hss_L2_H5_W8_root.der

2.85 KB
Binary file not shown.

certs/lms/bc_hss_L3_H5_W4_root.der

7.26 KB
Binary file not shown.

certs/lms/bc_lms_chain_ca.der

2.58 KB
Binary file not shown.

certs/lms/bc_lms_chain_leaf.der

2.58 KB
Binary file not shown.

certs/lms/bc_lms_native_bc_root.der

1.55 KB
Binary file not shown.

certs/lms/bc_lms_sha256_h10_w8_root.der

1.69 KB
Binary file not shown.

certs/lms/bc_lms_sha256_h5_w4_root.der

2.57 KB
Binary file not shown.

certs/lms/include.am

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,12 @@
1+
# vim:ft=automake
2+
# All paths should be given relative to the root
3+
#
4+
5+
EXTRA_DIST += \
6+
certs/lms/bc_lms_sha256_h5_w4_root.der \
7+
certs/lms/bc_lms_sha256_h10_w8_root.der \
8+
certs/lms/bc_hss_L2_H5_W8_root.der \
9+
certs/lms/bc_hss_L3_H5_W4_root.der \
10+
certs/lms/bc_lms_chain_ca.der \
11+
certs/lms/bc_lms_chain_leaf.der \
12+
certs/lms/bc_lms_native_bc_root.der

certs/xmss/bc_xmss_chain_ca.der

2.72 KB
Binary file not shown.

0 commit comments

Comments
 (0)