diff --git a/CMakeLists.txt b/CMakeLists.txt index 317aa9c8e8d..dd0b7d4c0ad 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -700,10 +700,8 @@ add_option(WOLFSSL_LMSSHA256192 if (WOLFSSL_LMS) list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_HAVE_LMS") - list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_WC_LMS") set_wolfssl_definitions("WOLFSSL_HAVE_LMS" RESULT) - set_wolfssl_definitions("WOLFSSL_WC_LMS" RESULT) if (WOLFSSL_LMSSHA256192) list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_LMS_SHA256_192") diff --git a/Docker/Dockerfile b/Docker/Dockerfile index 9ae6f1ec525..d5b48321104 100644 --- a/Docker/Dockerfile +++ b/Docker/Dockerfile @@ -34,10 +34,6 @@ RUN git clone --single-branch https://github.com/open-quantum-safe/liboqs.git && RUN mkdir /opt/sources -# install liblms -RUN cd /opt/sources && git clone --single-branch https://github.com/cisco/hash-sigs.git && cd hash-sigs && git checkout b0631b8891295bf2929e68761205337b7c031726 \ - && sed -i 's/USE_OPENSSL 1/USE_OPENSSL 0/g' sha256.h && make -j4 hss_lib_thread.a - # Install pkixssh to /opt/pkixssh for X509 interop testing with wolfSSH RUN mkdir /var/empty RUN cd /opt/sources && wget -q -O- https://roumenpetrov.info/secsh/src/pkixssh-15.1.tar.gz | tar xzf - && cd pkixssh-15.1 && ./configure --prefix=/opt/pkixssh/ --exec-prefix=/opt/pkixssh/ && make install diff --git a/IDE/INTIME-RTOS/wolfssl-lib.vcxproj b/IDE/INTIME-RTOS/wolfssl-lib.vcxproj index 3c5bd1d8d5c..5b4226af94a 100644 --- a/IDE/INTIME-RTOS/wolfssl-lib.vcxproj +++ b/IDE/INTIME-RTOS/wolfssl-lib.vcxproj @@ -87,8 +87,6 @@ true - - diff --git a/INSTALL b/INSTALL index dc6e2908c1a..3e362908b9e 100644 --- a/INSTALL +++ b/INSTALL @@ -296,11 +296,7 @@ The wolfssl port in vcpkg is kept up to date by wolfSSL. We also have vcpkg ports for wolftpm, wolfmqtt and curl. -17. Building with hash-sigs lib for LMS/HSS support [EXPERIMENTAL] - - Deprecated. wolfSSL now has its own LMS/HSS implementation in wolfCrypt. - -18. Building for Debian, Ubuntu, Linux Mint, and derivatives +17. Building for Debian, Ubuntu, Linux Mint, and derivatives To generate a .deb package, configure wolfSSL with the desired configuration. Then run `make deb` to generate a Debian package @@ -309,7 +305,7 @@ We also have vcpkg ports for wolftpm, wolfmqtt and curl. resulting packages are placed in the root directory of the project. -19. Building for RHEL, Fedora, CentOS, SUSE, and openSUSE +18. Building for RHEL, Fedora, CentOS, SUSE, and openSUSE To generate a .rpm package, configure wolfSSL with the desired configuration. Then run `make rpm` to generate a .rpm package @@ -317,8 +313,3 @@ We also have vcpkg ports for wolftpm, wolfmqtt and curl. Docker container, use `make rpm-docker`. In both cases the resulting packages are placed in the root directory of the project. - -20. Building with xmss-reference lib for XMSS/XMSS^MT support [EXPERIMENTAL] - - Deprecated. wolfSSL now has its own XMMS/XMSS^MT implementation in - wolfCrypt. diff --git a/configure.ac b/configure.ac index 09a763d542a..7966dcb9f98 100644 --- a/configure.ac +++ b/configure.ac @@ -1862,7 +1862,6 @@ then fi # XMSS -ENABLED_WC_XMSS=no AC_ARG_ENABLE([xmss], [AS_HELP_STRING([--enable-xmss],[Enable stateful XMSS/XMSS^MT signatures (default: disabled)])], [ ENABLED_XMSS=$enableval ], @@ -1888,73 +1887,12 @@ do esac done -# libxmss -# Get the path to xmss-reference. -ENABLED_LIBXMSS="no" -trylibxmssdir="" -AC_ARG_WITH([libxmss], - [AS_HELP_STRING([--with-libxmss=PATH],[PATH to xmss-reference root dir. (requires --enable-experimental)!])], - [ - AS_IF([ test "$ENABLED_EXPERIMENTAL" != "yes" ],[ AC_MSG_ERROR([libxmss requires --enable-experimental.]) ]) - AC_MSG_CHECKING([for libxmss]) - - trylibxmssdir=$withval - - if test -e $trylibxmssdir; then - libxmss_linked=yes - else - AC_MSG_ERROR([libxmss isn't found. - If it's already installed, specify its path using --with-libxmss=/dir/]) - fi - if test "$XMSS_VERIFY_ONLY" = "yes"; then - if test -e $trylibxmssdir/xmss_verify_lib.a; then - CPPFLAGS="$AM_CPPFLAGS -DHAVE_LIBXMSS -I$trylibxmssdir" - LIB_STATIC_ADD="$LIB_STATIC_ADD $trylibxmssdir/xmss_verify_lib.a" - enable_shared=no - enable_static=yes - libxmss_linked=yes - else - AC_MSG_ERROR([xmss_verify_lib.a isn't found. - If it's already installed, specify its path using --with-libxmss=/dir/]) - fi - elif test -e $trylibxmssdir/xmss_lib.a; then - CPPFLAGS="$AM_CPPFLAGS -DHAVE_LIBXMSS -I$trylibxmssdir" - LIB_STATIC_ADD="$LIB_STATIC_ADD $trylibxmssdir/xmss_lib.a" - enable_shared=no - enable_static=yes - libxmss_linked=yes - else - AC_MSG_ERROR([libxmss isn't found. - If it's already installed, specify its path using --with-libxmss=/dir/]) - fi - - XMSS_ROOT=$trylibxmssdir - - AC_MSG_RESULT([yes]) - AM_CPPFLAGS="$CPPFLAGS" - - AM_CFLAGS="$AM_CFLAGS -DHAVE_LIBXMSS -I$trylibxmssdir" - ENABLED_LIBXMSS="yes" - AC_SUBST([XMSS_ROOT]) - ], - [XMSS_ROOT=""] -) - if test "$ENABLED_XMSS" != "no" then AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_XMSS" - - # Use hash-sigs XMSS lib if enabled. - if test "$ENABLED_LIBXMSS" = "yes"; then - ENABLED_WC_XMSS=no - else - ENABLED_WC_XMSS=yes - AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WC_XMSS" - fi fi # LMS -ENABLED_WC_LMS=no AC_ARG_ENABLE([lms], [AS_HELP_STRING([--enable-lms],[Enable stateful LMS/HSS signatures (default: disabled)])], [ ENABLED_LMS=$enableval ], @@ -1986,85 +1924,9 @@ do esac done -# liblms -# Get the path to the hash-sigs LMS HSS lib. -ENABLED_LIBLMS="no" -tryliblmsdir="" -AC_ARG_WITH([liblms], - [AS_HELP_STRING([--with-liblms=PATH],[PATH to hash-sigs LMS/HSS install (default /usr/local) (requires --enable-experimental)!])], - [ - AS_IF([ test "$ENABLED_EXPERIMENTAL" != "yes" ],[ AC_MSG_ERROR([liblms requires --enable-experimental.]) ]) - AC_MSG_CHECKING([for liblms]) - - AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include ]], [[ param_set_t lm_type; param_set_t lm_ots_type; hss_get_public_key_len(4, &lm_type, &lm_ots_type); ]])], [ liblms_linked=yes ],[ liblms_linked=no ]) - - if test "x$liblms_linked" = "xno" ; then - if test "x$withval" != "xno" ; then - tryliblmsdir=$withval - fi - if test "x$withval" = "xyes" ; then - tryliblmsdir="/usr/local" - fi - - # 1. If verify only build, use hss_verify.a - # 2. If normal build, by default use single-threaded hss_lib.a - # 3. If 2 not found, then use the multi-threaded hss_lib_thread.a - if test "$LMS_VERIFY_ONLY" = "yes"; then - if test -e $tryliblmsdir/hss_verify.a; then - CPPFLAGS="$AM_CPPFLAGS -DHAVE_LIBLMS -I$tryliblmsdir" - LIB_STATIC_ADD="$LIB_STATIC_ADD $tryliblmsdir/hss_verify.a" - enable_shared=no - enable_static=yes - liblms_linked=yes - else - AC_MSG_ERROR([hss_verify.a isn't found. - If it's already installed, specify its path using --with-liblms=/dir/]) - fi - elif test -e $tryliblmsdir/hss_lib.a; then - CPPFLAGS="$AM_CPPFLAGS -DHAVE_LIBLMS -I$tryliblmsdir" - LIB_STATIC_ADD="$LIB_STATIC_ADD $tryliblmsdir/hss_lib.a" - enable_shared=no - enable_static=yes - liblms_linked=yes - elif test -e $tryliblmsdir/hss_lib_thread.a; then - CPPFLAGS="$AM_CPPFLAGS -DHAVE_LIBLMS -I$tryliblmsdir" - LIB_STATIC_ADD="$LIB_STATIC_ADD $tryliblmsdir/hss_lib_thread.a" - enable_shared=no - enable_static=yes - liblms_linked=yes - else - AC_MSG_ERROR([liblms isn't found. - If it's already installed, specify its path using --with-liblms=/dir/]) - fi - - if test "x$liblms_linked" = "xno" ; then - AC_MSG_ERROR([liblms isn't found. - If it's already installed, specify its path using --with-liblms=/dir/]) - fi - - AC_MSG_RESULT([yes]) - AM_CPPFLAGS="$CPPFLAGS" - AM_LDFLAGS="$LDFLAGS" - else - AC_MSG_RESULT([yes]) - fi - - AM_CFLAGS="$AM_CFLAGS -DHAVE_LIBLMS" - ENABLED_LIBLMS="yes" - ] -) - if test "$ENABLED_LMS" != "no" then AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_LMS" - - # Use hash-sigs LMS lib if enabled. - if test "$ENABLED_LIBLMS" = "yes"; then - ENABLED_WC_LMS=no - else - ENABLED_WC_LMS=yes - AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WC_LMS" - fi fi # SLH-DSA @@ -11597,8 +11459,8 @@ AM_CONDITIONAL([BUILD_FE448], [test "x$ENABLED_FE448" = "xyes" || test "x$ENABLE AM_CONDITIONAL([BUILD_GE448], [test "x$ENABLED_GE448" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) AM_CONDITIONAL([BUILD_CURVE448],[test "x$ENABLED_CURVE448" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) AM_CONDITIONAL([BUILD_CURVE448_SMALL],[test "x$ENABLED_CURVE448_SMALL" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) -AM_CONDITIONAL([BUILD_WC_LMS],[test "x$ENABLED_WC_LMS" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"]) -AM_CONDITIONAL([BUILD_WC_XMSS],[test "x$ENABLED_WC_XMSS" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"]) +AM_CONDITIONAL([BUILD_LMS],[test "x$ENABLED_LMS" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"]) +AM_CONDITIONAL([BUILD_XMSS],[test "x$ENABLED_XMSS" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"]) AM_CONDITIONAL([BUILD_WC_SLHDSA],[test "x$ENABLED_SLHDSA" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"]) AM_CONDITIONAL([BUILD_WC_MLKEM],[test "x$ENABLED_WC_MLKEM" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"]) AM_CONDITIONAL([BUILD_DILITHIUM],[test "x$ENABLED_DILITHIUM" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"]) @@ -11647,8 +11509,6 @@ AM_CONDITIONAL([BUILD_OCSP_STAPLING_MULTI],[test "x$ENABLED_CERTIFICATE_STATUS_R AM_CONDITIONAL([BUILD_OCSP_STAPLING_V2],[test "x$ENABLED_CERTIFICATE_STATUS_REQUEST_V2" = "xyes"]) AM_CONDITIONAL([BUILD_CRL],[test "x$ENABLED_CRL" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"]) AM_CONDITIONAL([BUILD_CRL_MONITOR],[test "x$ENABLED_CRL_MONITOR" = "xyes"]) -AM_CONDITIONAL([BUILD_LIBLMS],[test "x$ENABLED_LIBLMS" = "xyes"]) -AM_CONDITIONAL([BUILD_LIBXMSS],[test "x$ENABLED_LIBXMSS" = "xyes"]) AM_CONDITIONAL([BUILD_LIBOQS],[test "x$ENABLED_LIBOQS" = "xyes"]) AM_CONDITIONAL([BUILD_WNR],[test "x$ENABLED_WNR" = "xyes"]) AM_CONDITIONAL([BUILD_SRP],[test "x$ENABLED_SRP" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) @@ -12148,12 +12008,7 @@ echo " * CURVE448: $ENABLED_CURVE448" echo " * ED448: $ENABLED_ED448" echo " * ED448 streaming: $ENABLED_ED448_STREAM" echo " * LMS: $ENABLED_LMS" -echo " * LMS wolfSSL impl: $ENABLED_WC_LMS" echo " * XMSS: $ENABLED_XMSS" -echo " * XMSS wolfSSL impl: $ENABLED_WC_XMSS" -if test "$ENABLED_LIBXMSS" = "yes"; then -echo " * XMSS_ROOT: $XMSS_ROOT" -fi echo " * SLH-DSA $ENABLED_SLHDSA" echo " * MLKEM: $ENABLED_MLKEM" echo " * MLKEM wolfSSL impl: $ENABLED_WC_MLKEM" @@ -12214,8 +12069,6 @@ echo " * Persistent session cache: $ENABLED_SAVESESSION" echo " * Persistent cert cache: $ENABLED_SAVECERT" echo " * Atomic User Record Layer: $ENABLED_ATOMICUSER" echo " * Public Key Callbacks: $ENABLED_PKCALLBACKS" -echo " * libxmss: $ENABLED_LIBXMSS" -echo " * liblms: $ENABLED_LIBLMS" echo " * liboqs: $ENABLED_LIBOQS" echo " * Whitewood netRandom: $ENABLED_WNR" echo " * Server Name Indication: $ENABLED_SNI" diff --git a/examples/configs/user_settings_pq.h b/examples/configs/user_settings_pq.h index b207cbd95bb..752f34e8611 100644 --- a/examples/configs/user_settings_pq.h +++ b/examples/configs/user_settings_pq.h @@ -105,7 +105,6 @@ extern "C" { /* ------------------------------------------------- */ #if 0 /* LMS signatures */ #define WOLFSSL_HAVE_LMS - #define WOLFSSL_WC_LMS #ifndef LMS_LEVELS #define LMS_LEVELS 2 #endif @@ -122,7 +121,6 @@ extern "C" { /* ------------------------------------------------- */ #if 0 /* XMSS signatures */ #define WOLFSSL_HAVE_XMSS - #define WOLFSSL_WC_XMSS #ifndef WOLFSSL_XMSS_MAX_HEIGHT #define WOLFSSL_XMSS_MAX_HEIGHT 20 #endif diff --git a/examples/configs/user_settings_wolfboot_keytools.h b/examples/configs/user_settings_wolfboot_keytools.h index 8c44d3f0f7e..be97f5d3c5c 100644 --- a/examples/configs/user_settings_wolfboot_keytools.h +++ b/examples/configs/user_settings_wolfboot_keytools.h @@ -131,7 +131,6 @@ extern "C" { #if 1 /* LMS */ #define WOLFSSL_HAVE_LMS - #define WOLFSSL_WC_LMS #ifndef LMS_LEVELS #define LMS_LEVELS 1 #endif @@ -145,7 +144,6 @@ extern "C" { #if 1 /* XMSS */ #define WOLFSSL_HAVE_XMSS - #define WOLFSSL_WC_XMSS #ifndef WOLFSSL_XMSS_MAX_HEIGHT #define WOLFSSL_XMSS_MAX_HEIGHT 32 #endif diff --git a/linuxkm/module_exports.c.template b/linuxkm/module_exports.c.template index ad2f07cac95..e5292705b9d 100644 --- a/linuxkm/module_exports.c.template +++ b/linuxkm/module_exports.c.template @@ -159,20 +159,12 @@ #endif #if defined(WOLFSSL_HAVE_XMSS) #include -#ifdef HAVE_LIBXMSS - #include -#else #include #endif -#endif #if defined(WOLFSSL_HAVE_LMS) #include -#ifdef HAVE_LIBLMS - #include -#else #include #endif -#endif #ifdef HAVE_DILITHIUM #include #endif diff --git a/src/include.am b/src/include.am index 09610bcfdf9..1ab6aa1756a 100644 --- a/src/include.am +++ b/src/include.am @@ -1442,12 +1442,12 @@ endif BUILD_INTELASM endif !BUILD_X86_ASM endif -if BUILD_WC_LMS +if BUILD_LMS src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/wc_lms.c src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/wc_lms_impl.c endif -if BUILD_WC_XMSS +if BUILD_XMSS src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/wc_xmss.c src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/wc_xmss_impl.c endif @@ -1597,14 +1597,6 @@ src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/ext_mlkem.c src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/liboqs/liboqs.c endif -if BUILD_LIBLMS -src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/ext_lms.c -endif - -if BUILD_LIBXMSS -src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/ext_xmss.c -endif - if BUILD_LIBZ src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/compress.c endif diff --git a/tests/api.c b/tests/api.c index 2b259d54abd..617e9376dee 100644 --- a/tests/api.c +++ b/tests/api.c @@ -35399,8 +35399,7 @@ int stopOnFail = 0; int test_wc_LmsKey_sign_verify(void); int test_wc_LmsKey_reload_cache(void); -#if defined(WOLFSSL_HAVE_LMS) && defined(WOLFSSL_WC_LMS) && \ - !defined(WOLFSSL_LMS_VERIFY_ONLY) +#if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY) #include #include @@ -35456,7 +35455,7 @@ static int test_lms_init_key(LmsKey* key, WC_RNG* rng) return 0; } -#endif /* WOLFSSL_HAVE_LMS && WOLFSSL_WC_LMS && !WOLFSSL_LMS_VERIFY_ONLY */ +#endif /* WOLFSSL_HAVE_LMS && !WOLFSSL_LMS_VERIFY_ONLY */ /* * Test basic LMS sign/verify with multiple signings. @@ -35465,8 +35464,7 @@ static int test_lms_init_key(LmsKey* key, WC_RNG* rng) int test_wc_LmsKey_sign_verify(void) { EXPECT_DECLS; -#if defined(WOLFSSL_HAVE_LMS) && defined(WOLFSSL_WC_LMS) && \ - !defined(WOLFSSL_LMS_VERIFY_ONLY) +#if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY) LmsKey key; WC_RNG rng; byte msg[] = "test message for LMS signing"; @@ -35515,8 +35513,7 @@ int test_wc_LmsKey_sign_verify(void) int test_wc_LmsKey_reload_cache(void) { EXPECT_DECLS; -#if defined(WOLFSSL_HAVE_LMS) && defined(WOLFSSL_WC_LMS) && \ - !defined(WOLFSSL_LMS_VERIFY_ONLY) +#if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY) LmsKey key; LmsKey vkey; WC_RNG rng; diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c index 5d8e8efb898..f70906286b9 100644 --- a/wolfcrypt/benchmark/benchmark.c +++ b/wolfcrypt/benchmark/benchmark.c @@ -179,19 +179,11 @@ #endif #if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY) #include - #ifdef HAVE_LIBLMS - #include - #else - #include - #endif + #include #endif #if defined(WOLFSSL_HAVE_XMSS) && !defined(WOLFSSL_XMSS_VERIFY_ONLY) #include - #ifdef HAVE_LIBXMSS - #include - #else - #include - #endif + #include #endif #if defined(WOLFSSL_HAVE_SLHDSA) #include @@ -11419,10 +11411,8 @@ static void bench_lms_sign_verify(enum wc_LmsParm parm, byte* pub) #ifndef WOLFSSL_WC_LMS_SMALL do { - #ifdef WOLFSSL_WC_LMS key.priv.inited = 0; key.state = WC_LMS_STATE_PARMSET; - #endif ret = wc_LmsKey_Reload(&key); if (ret) { printf("wc_LmsKey_Reload failed: %d\n", ret); @@ -11443,9 +11433,6 @@ static void bench_lms_sign_verify(enum wc_LmsParm parm, byte* pub) printf("wc_LmsKey_GetPrivLen failed: %d\n", ret); goto exit_lms_sign_verify; } - #ifdef HAVE_LIBLMS - break; - #endif } while (bench_stats_check(start) #ifdef MULTI_VALUE_STATISTICS || runs < minimum_runs @@ -11564,7 +11551,7 @@ void bench_lms(void) #ifndef WOLFSSL_NO_LMS_SHA256_256 #ifdef BENCH_LMS_SLOW_KEYGEN -#if !defined(WOLFSSL_WC_LMS) || (LMS_MAX_HEIGHT >= 15) +#if (LMS_MAX_HEIGHT >= 15) bench_lms_keygen(WC_LMS_PARM_L1_H15_W2, pub); bench_lms_sign_verify(WC_LMS_PARM_L1_H15_W2, pub); bench_lms_keygen(WC_LMS_PARM_L1_H15_W4, pub); @@ -11573,8 +11560,7 @@ void bench_lms(void) #define LMS_PARAMS_BENCHED #endif #endif -#if !defined(WOLFSSL_WC_LMS) || ((LMS_MAX_LEVELS >= 2) && \ - (LMS_MAX_HEIGHT >= 10)) +#if (LMS_MAX_LEVELS >= 2) && (LMS_MAX_HEIGHT >= 10) bench_lms_keygen(WC_LMS_PARM_L2_H10_W2, pub); bench_lms_sign_verify(WC_LMS_PARM_L2_H10_W2, pub); bench_lms_keygen(WC_LMS_PARM_L2_H10_W4, pub); @@ -11586,7 +11572,7 @@ void bench_lms(void) bench_lms_sign_verify(WC_LMS_PARM_L2_H10_W8, pub); #endif #endif -#if !defined(WOLFSSL_WC_LMS) || (LMS_MAX_LEVELS >= 3) +#if (LMS_MAX_LEVELS >= 3) bench_lms_keygen(WC_LMS_PARM_L3_H5_W4, pub); bench_lms_sign_verify(WC_LMS_PARM_L3_H5_W4, pub); bench_lms_keygen(WC_LMS_PARM_L3_H5_W8, pub); @@ -11594,17 +11580,16 @@ void bench_lms(void) #undef LMS_PARAMS_BENCHED #define LMS_PARAMS_BENCHED #endif -#if !defined(WOLFSSL_WC_LMS) || ((LMS_MAX_LEVELS >= 3) && \ - (LMS_MAX_HEIGHT >= 10)) +#if (LMS_MAX_LEVELS >= 3) && (LMS_MAX_HEIGHT >= 10) bench_lms_keygen(WC_LMS_PARM_L3_H10_W4, pub); bench_lms_sign_verify(WC_LMS_PARM_L3_H10_W4, pub); #endif -#if !defined(WOLFSSL_WC_LMS) || (LMS_MAX_LEVELS >= 4) +#if (LMS_MAX_LEVELS >= 4) bench_lms_keygen(WC_LMS_PARM_L4_H5_W8, pub); bench_lms_sign_verify(WC_LMS_PARM_L4_H5_W8, pub); #endif -#if defined(WOLFSSL_WC_LMS) && !defined(LMS_PARAMS_BENCHED) +#ifndef LMS_PARAMS_BENCHED bench_lms_keygen(WC_LMS_PARM_L1_H5_W1, pub); bench_lms_sign_verify(WC_LMS_PARM_L1_H5_W1, pub); #endif @@ -11612,7 +11597,7 @@ void bench_lms(void) #ifdef WOLFSSL_LMS_SHA256_192 #ifdef BENCH_LMS_SLOW_KEYGEN -#if !defined(WOLFSSL_WC_LMS) || (LMS_MAX_HEIGHT >= 15) +#if (LMS_MAX_HEIGHT >= 15) bench_lms_keygen(WC_LMS_PARM_SHA256_192_L1_H15_W2, pub); bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L1_H15_W2, pub); bench_lms_keygen(WC_LMS_PARM_SHA256_192_L1_H15_W4, pub); @@ -11621,8 +11606,7 @@ void bench_lms(void) #define LMS_PARAMS_BENCHED #endif #endif -#if !defined(WOLFSSL_WC_LMS) || ((LMS_MAX_LEVELS >= 2) && \ - (LMS_MAX_HEIGHT >= 10)) +#if (LMS_MAX_LEVELS >= 2) && (LMS_MAX_HEIGHT >= 10) bench_lms_keygen(WC_LMS_PARM_SHA256_192_L2_H10_W2, pub); bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L2_H10_W2, pub); bench_lms_keygen(WC_LMS_PARM_SHA256_192_L2_H10_W4, pub); @@ -11634,7 +11618,7 @@ void bench_lms(void) bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L2_H10_W8, pub); #endif #endif -#if !defined(WOLFSSL_WC_LMS) || (LMS_MAX_LEVELS >= 3) +#if (LMS_MAX_LEVELS >= 3) bench_lms_keygen(WC_LMS_PARM_SHA256_192_L3_H5_W4, pub); bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L3_H5_W4, pub); bench_lms_keygen(WC_LMS_PARM_SHA256_192_L3_H5_W8, pub); @@ -11642,17 +11626,16 @@ void bench_lms(void) #undef LMS_PARAMS_BENCHED #define LMS_PARAMS_BENCHED #endif -#if !defined(WOLFSSL_WC_LMS) || ((LMS_MAX_LEVELS >= 3) && \ - (LMS_MAX_HEIGHT >= 10)) +#if (LMS_MAX_LEVELS >= 3) && (LMS_MAX_HEIGHT >= 10) bench_lms_keygen(WC_LMS_PARM_SHA256_192_L3_H10_W4, pub); bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L3_H10_W4, pub); #endif -#if !defined(WOLFSSL_WC_LMS) || (LMS_MAX_LEVELS >= 4) +#if (LMS_MAX_LEVELS >= 4) bench_lms_keygen(WC_LMS_PARM_SHA256_192_L4_H5_W8, pub); bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L4_H5_W8, pub); #endif -#if defined(WOLFSSL_WC_LMS) && !defined(LMS_PARAMS_BENCHED) +#ifndef LMS_PARAMS_BENCHED bench_lms_keygen(WC_LMS_PARM_SHA256_192_L1_H5_W1, pub); bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L1_H5_W1, pub); #endif @@ -11733,13 +11716,6 @@ static void bench_xmss_sign_verify(const char * params) printf("wc_XmssKey_GetPubLen failed: %d\n", ret); goto exit_xmss_sign_verify; } -#ifndef WOLFSSL_WC_XMSS - if (pkSz != XMSS_SHA256_PUBLEN) { - printf("error: xmss pub len: got %u, expected %d\n", pkSz, - XMSS_SHA256_PUBLEN); - goto exit_xmss_sign_verify; - } -#endif ret = wc_XmssKey_GetPrivLen(&key, &skSz); if (ret != 0 || skSz <= 0) { diff --git a/wolfcrypt/src/ext_lms.c b/wolfcrypt/src/ext_lms.c deleted file mode 100644 index c953abcfb38..00000000000 --- a/wolfcrypt/src/ext_lms.c +++ /dev/null @@ -1,1083 +0,0 @@ -/* ext_lms.c - * - * Copyright (C) 2006-2026 wolfSSL Inc. - * - * This file is part of wolfSSL. - * - * wolfSSL is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * wolfSSL is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA - */ - -#include - -#if defined(WOLFSSL_HAVE_LMS) && defined(HAVE_LIBLMS) - -#include - -#ifdef NO_INLINE - #include -#else - #define WOLFSSL_MISC_INCLUDED - #include -#endif - -#ifndef WOLFSSL_LMS_VERIFY_ONLY -/* If built against hss_lib_thread.a, the hash-sigs lib will spawn - * worker threads to parallelize cpu intensive tasks. This will mainly - * speedup key generation and signing, and to a lesser extent - * verifying for larger levels values. - * - * Their default max is 16 worker threads, but can be capped with - * hss_extra_info_set_threads(). To be safe we are capping at 4 here. - * */ -#define EXT_LMS_MAX_THREADS (4) - -/* The hash-sigs hss_generate_private_key API requires a generate_random - * callback that only has output and length args. The RNG struct must be global - * to the function. Maybe there should be a wc_LmsKey_SetRngCb. */ -static THREAD_LS_T WC_RNG * LmsRng = NULL; - -static bool LmsGenerateRand(void * output, size_t length) -{ - int ret = 0; - - if (output == NULL || LmsRng == NULL) { - return false; - } - - if (length == 0) { - return true; - } - - ret = wc_RNG_GenerateBlock(LmsRng, output, (word32) length); - - if (ret) { - WOLFSSL_MSG("error: LmsGenerateRand failed"); - return false; - } - - return true; -} - -/* Write callback passed into hash-sigs hss lib. - * - * Returns true on success. */ -static bool LmsWritePrivKey(unsigned char *private_key, - size_t len_private_key, void *lmsKey) -{ - LmsKey * key = (LmsKey *) lmsKey; - enum wc_LmsRc ret = WC_LMS_RC_NONE; - - if (private_key == NULL || key == NULL || len_private_key <= 0) { - WOLFSSL_MSG("error: LmsWritePrivKey: invalid args"); - return false; - } - - if (key->state != WC_LMS_STATE_PARMSET && key->state != WC_LMS_STATE_OK) { - /* The LmsKey is not ready for writing. */ - WOLFSSL_MSG("error: LmsWritePrivKey: LMS key not in writeable state"); - return false; - } - - if (key->write_private_key == NULL) { - WOLFSSL_MSG("error: LmsWritePrivKey: LMS key write callback not set"); - key->state = WC_LMS_STATE_BAD; - return false; - } - - /* Use write callback that saves private key to non-volatile storage. */ - ret = key->write_private_key(private_key, (word32)len_private_key, - key->context); - - if (ret != WC_LMS_RC_SAVED_TO_NV_MEMORY) { - WOLFSSL_MSG("error: LmsKey write_private_key failed"); - WOLFSSL_MSG(wc_LmsKey_RcToStr(ret)); - key->state = WC_LMS_STATE_BAD; - return false; - } - - return true; -} - -/* Read callback passed into hash-sigs hss lib. - * - * Returns true on success. */ -static bool LmsReadPrivKey(unsigned char *private_key, - size_t len_private_key, void *lmsKey) -{ - LmsKey * key = (LmsKey *) lmsKey; - enum wc_LmsRc ret = WC_LMS_RC_NONE; - - if (private_key == NULL || key == NULL || len_private_key <= 0) { - WOLFSSL_MSG("error: LmsReadPrivKey: invalid args"); - return false; - } - - if (key->state != WC_LMS_STATE_PARMSET && key->state != WC_LMS_STATE_OK) { - /* The LmsKey is not ready for reading. */ - WOLFSSL_MSG("error: LmsReadPrivKey: LMS key not in readable state"); - return false; - } - - if (key->read_private_key == NULL) { - WOLFSSL_MSG("error: LmsReadPrivKey: LMS key read callback not set"); - key->state = WC_LMS_STATE_BAD; - return false; - } - - /* Use read callback that reads private key from non-volatile storage. */ - ret = key->read_private_key(private_key, (word32)len_private_key, - key->context); - - if (ret != WC_LMS_RC_READ_TO_MEMORY) { - WOLFSSL_MSG("error: LmsKey read_private_key failed"); - WOLFSSL_MSG(wc_LmsKey_RcToStr(ret)); - key->state = WC_LMS_STATE_BAD; - return false; - } - - return true; -} -#endif /* ifndef WOLFSSL_LMS_VERIFY_ONLY */ - -const char * wc_LmsKey_ParmToStr(enum wc_LmsParm lmsParm) -{ - switch (lmsParm) { - case WC_LMS_PARM_NONE: - return "LMS/HSS NONE"; - case WC_LMS_PARM_L1_H5_W1: - return "LMS/HSS L1_H5_W1"; - case WC_LMS_PARM_L1_H5_W2: - return "LMS/HSS L1_H5_W2"; - case WC_LMS_PARM_L1_H5_W4: - return "LMS/HSS L1_H5_W4"; - case WC_LMS_PARM_L1_H5_W8: - return "LMS/HSS L1_H5_W8"; - case WC_LMS_PARM_L1_H10_W2: - return "LMS/HSS L1_H10_W2"; - case WC_LMS_PARM_L1_H10_W4: - return "LMS/HSS L1_H10_W4"; - case WC_LMS_PARM_L1_H10_W8: - return "LMS/HSS L1_H10_W8"; - case WC_LMS_PARM_L1_H15_W2: - return "LMS/HSS L1_H15_W2"; - case WC_LMS_PARM_L1_H15_W4: - return "LMS/HSS L1_H15_W4"; - case WC_LMS_PARM_L1_H15_W8: - return "LMS/HSS L1_H15_W8"; - case WC_LMS_PARM_L1_H20_W2: - return "LMS/HSS L1_H20_W2"; - case WC_LMS_PARM_L1_H20_W4: - return "LMS/HSS L1_H20_W4"; - case WC_LMS_PARM_L1_H20_W8: - return "LMS/HSS L1_H20_W8"; - case WC_LMS_PARM_L2_H5_W2: - return "LMS/HSS L2_H5_W2"; - case WC_LMS_PARM_L2_H5_W4: - return "LMS/HSS L2_H5_W4"; - case WC_LMS_PARM_L2_H5_W8: - return "LMS/HSS L2_H5_W8"; - case WC_LMS_PARM_L2_H10_W2: - return "LMS/HSS L2_H10_W2"; - case WC_LMS_PARM_L2_H10_W4: - return "LMS/HSS L2_H10_W4"; - case WC_LMS_PARM_L2_H10_W8: - return "LMS/HSS L2_H10_W8"; - case WC_LMS_PARM_L2_H15_W2: - return "LMS/HSS L2_H15_W2"; - case WC_LMS_PARM_L2_H15_W4: - return "LMS/HSS L2_H15_W4"; - case WC_LMS_PARM_L2_H15_W8: - return "LMS/HSS L2_H15_W8"; - case WC_LMS_PARM_L2_H20_W2: - return "LMS/HSS L2_H20_W2"; - case WC_LMS_PARM_L2_H20_W4: - return "LMS/HSS L2_H20_W4"; - case WC_LMS_PARM_L2_H20_W8: - return "LMS/HSS L2_H20_W8"; - case WC_LMS_PARM_L3_H5_W2: - return "LMS/HSS L3_H5_W2"; - case WC_LMS_PARM_L3_H5_W4: - return "LMS/HSS L3_H5_W4"; - case WC_LMS_PARM_L3_H5_W8: - return "LMS/HSS L3_H5_W8"; - case WC_LMS_PARM_L3_H10_W4: - return "LMS/HSS L3_H10_W4"; - case WC_LMS_PARM_L3_H10_W8: - return "LMS/HSS L3_H10_W8"; - case WC_LMS_PARM_L4_H5_W2: - return "LMS/HSS L4_H5_W2"; - case WC_LMS_PARM_L4_H5_W4: - return "LMS/HSS L4_H5_W4"; - case WC_LMS_PARM_L4_H5_W8: - return "LMS/HSS L4_H5_W8"; - case WC_LMS_PARM_L4_H10_W4: - return "LMS/HSS L4_H10_W4"; - case WC_LMS_PARM_L4_H10_W8: - return "LMS/HSS L4_H10_W8"; - default: - WOLFSSL_MSG("error: invalid LMS parameter"); - break; - } - - return "LMS_INVALID"; -} - -const char * wc_LmsKey_RcToStr(enum wc_LmsRc lmsEc) -{ - switch (lmsEc) { - case WC_LMS_RC_NONE: - return "LMS_RC_NONE"; - - case WC_LMS_RC_BAD_ARG: - return "LMS_RC_BAD_ARG"; - - case WC_LMS_RC_WRITE_FAIL: - return "LMS_RC_WRITE_FAIL"; - - case WC_LMS_RC_READ_FAIL: - return "LMS_RC_READ_FAIL"; - - case WC_LMS_RC_SAVED_TO_NV_MEMORY: - return "LMS_RC_SAVED_TO_NV_MEMORY"; - - case WC_LMS_RC_READ_TO_MEMORY: - return "LMS_RC_READ_TO_MEMORY"; - - default: - WOLFSSL_MSG("error: invalid LMS error code"); - break; - } - - return "LMS_RC_INVALID"; -} - -/* Init an LMS key. - * - * Call this before setting the params of an LMS key. - * - * Returns 0 on success. - * */ -int wc_LmsKey_Init(LmsKey * key, void * heap, int devId) -{ - if (key == NULL) { - return BAD_FUNC_ARG; - } - - (void) heap; - (void) devId; - - ForceZero(key, sizeof(LmsKey)); - -#ifndef WOLFSSL_LMS_VERIFY_ONLY - hss_init_extra_info(&key->info); - /* Set the max number of worker threads that hash-sigs can spawn. */ - hss_extra_info_set_threads(&key->info, EXT_LMS_MAX_THREADS); - - key->working_key = NULL; - key->write_private_key = NULL; - key->read_private_key = NULL; - key->context = NULL; -#endif /* ifndef WOLFSSL_LMS_VERIFY_ONLY */ - key->state = WC_LMS_STATE_INITED; - - return 0; -} - -/* Set the wc_LmsParm of an LMS key. - * - * Use this if you wish to set a key with a predefined parameter set, - * such as WC_LMS_PARM_L2_H10_W8. - * - * Key must be inited before calling this. - * - * Returns 0 on success. - * */ -int wc_LmsKey_SetLmsParm(LmsKey * key, enum wc_LmsParm lmsParm) -{ - if (key == NULL) { - return BAD_FUNC_ARG; - } - - /* If NONE is passed, default to the lowest predefined set. */ - switch (lmsParm) { - case WC_LMS_PARM_NONE: - case WC_LMS_PARM_L1_H5_W1: - return wc_LmsKey_SetParameters(key, 1, 5, 1); - case WC_LMS_PARM_L1_H5_W2: - return wc_LmsKey_SetParameters(key, 1, 5, 2); - case WC_LMS_PARM_L1_H5_W4: - return wc_LmsKey_SetParameters(key, 1, 5, 4); - case WC_LMS_PARM_L1_H5_W8: - return wc_LmsKey_SetParameters(key, 1, 5, 8); - case WC_LMS_PARM_L1_H10_W2: - return wc_LmsKey_SetParameters(key, 1, 10, 2); - case WC_LMS_PARM_L1_H10_W4: - return wc_LmsKey_SetParameters(key, 1, 10, 4); - case WC_LMS_PARM_L1_H10_W8: - return wc_LmsKey_SetParameters(key, 1, 10, 8); - case WC_LMS_PARM_L1_H15_W2: - return wc_LmsKey_SetParameters(key, 1, 15, 2); - case WC_LMS_PARM_L1_H15_W4: - return wc_LmsKey_SetParameters(key, 1, 15, 4); - case WC_LMS_PARM_L1_H15_W8: - return wc_LmsKey_SetParameters(key, 1, 15, 8); - case WC_LMS_PARM_L1_H20_W2: - return wc_LmsKey_SetParameters(key, 1, 20, 2); - case WC_LMS_PARM_L1_H20_W4: - return wc_LmsKey_SetParameters(key, 1, 20, 4); - case WC_LMS_PARM_L1_H20_W8: - return wc_LmsKey_SetParameters(key, 1, 20, 8); - case WC_LMS_PARM_L2_H5_W2: - return wc_LmsKey_SetParameters(key, 2, 5, 2); - case WC_LMS_PARM_L2_H5_W4: - return wc_LmsKey_SetParameters(key, 2, 5, 4); - case WC_LMS_PARM_L2_H5_W8: - return wc_LmsKey_SetParameters(key, 2, 5, 8); - case WC_LMS_PARM_L2_H10_W2: - return wc_LmsKey_SetParameters(key, 2, 10, 2); - case WC_LMS_PARM_L2_H10_W4: - return wc_LmsKey_SetParameters(key, 2, 10, 4); - case WC_LMS_PARM_L2_H10_W8: - return wc_LmsKey_SetParameters(key, 2, 10, 8); - case WC_LMS_PARM_L2_H15_W2: - return wc_LmsKey_SetParameters(key, 2, 15, 2); - case WC_LMS_PARM_L2_H15_W4: - return wc_LmsKey_SetParameters(key, 2, 15, 4); - case WC_LMS_PARM_L2_H15_W8: - return wc_LmsKey_SetParameters(key, 2, 15, 8); - case WC_LMS_PARM_L2_H20_W2: - return wc_LmsKey_SetParameters(key, 2, 20, 2); - case WC_LMS_PARM_L2_H20_W4: - return wc_LmsKey_SetParameters(key, 2, 20, 4); - case WC_LMS_PARM_L2_H20_W8: - return wc_LmsKey_SetParameters(key, 2, 20, 8); - case WC_LMS_PARM_L3_H5_W2: - return wc_LmsKey_SetParameters(key, 3, 5, 2); - case WC_LMS_PARM_L3_H5_W4: - return wc_LmsKey_SetParameters(key, 3, 5, 4); - case WC_LMS_PARM_L3_H5_W8: - return wc_LmsKey_SetParameters(key, 3, 5, 8); - case WC_LMS_PARM_L3_H10_W4: - return wc_LmsKey_SetParameters(key, 3, 10, 4); - case WC_LMS_PARM_L3_H10_W8: - return wc_LmsKey_SetParameters(key, 3, 10, 8); - case WC_LMS_PARM_L4_H5_W2: - return wc_LmsKey_SetParameters(key, 4, 5, 2); - case WC_LMS_PARM_L4_H5_W4: - return wc_LmsKey_SetParameters(key, 4, 5, 4); - case WC_LMS_PARM_L4_H5_W8: - return wc_LmsKey_SetParameters(key, 4, 5, 8); - case WC_LMS_PARM_L4_H10_W4: - return wc_LmsKey_SetParameters(key, 4, 10, 4); - case WC_LMS_PARM_L4_H10_W8: - return wc_LmsKey_SetParameters(key, 4, 10, 8); - default: - WOLFSSL_MSG("error: invalid LMS parameter set"); - break; - } - - return BAD_FUNC_ARG; -} - -/* Set the parameters of an LMS key. - * - * Use this if you wish to set specific parameters not found in the - * wc_LmsParm predefined sets. See comments in lms.h for allowed - * parameters. - * - * Key must be inited before calling this. - * - * Returns 0 on success. - * */ -int wc_LmsKey_SetParameters(LmsKey * key, int levels, int height, - int winternitz) -{ - int i = 0; - param_set_t lm = LMS_SHA256_N32_H5; - param_set_t ots = LMOTS_SHA256_N32_W1; - - if (key == NULL) { - return BAD_FUNC_ARG; - } - - if (key->state != WC_LMS_STATE_INITED) { - WOLFSSL_MSG("error: LmsKey needs init"); - return -1; - } - - /* Verify inputs make sense. - * - * Note: there does not seem to be a define for min or - * max Winternitz integer in hash-sigs lib or RFC8554. */ - - if (levels < MIN_HSS_LEVELS || levels > MAX_HSS_LEVELS) { - WOLFSSL_MSG("error: invalid level parameter"); - return BAD_FUNC_ARG; - } - - if (height < MIN_MERKLE_HEIGHT || height > MAX_MERKLE_HEIGHT) { - WOLFSSL_MSG("error: invalid height parameter"); - return BAD_FUNC_ARG; - } - - switch (height) { - case 5: - lm = LMS_SHA256_N32_H5; - break; - case 10: - lm = LMS_SHA256_N32_H10; - break; - case 15: - lm = LMS_SHA256_N32_H15; - break; - case 20: - lm = LMS_SHA256_N32_H20; - break; - case 25: - lm = LMS_SHA256_N32_H25; - break; - default: - WOLFSSL_MSG("error: invalid height parameter"); - return BAD_FUNC_ARG; - } - - switch (winternitz) { - case 1: - ots = LMOTS_SHA256_N32_W1; - break; - case 2: - ots = LMOTS_SHA256_N32_W2; - break; - case 4: - ots = LMOTS_SHA256_N32_W4; - break; - case 8: - ots = LMOTS_SHA256_N32_W8; - break; - default: - WOLFSSL_MSG("error: invalid winternitz parameter"); - return BAD_FUNC_ARG; - } - - key->levels = levels; - - for (i = 0; i < levels; ++i) { - key->lm_type[i] = lm; - key->lm_ots_type[i] = ots; - } - - /* Move the state to params set. - * Key is ready for MakeKey or Reload. */ - key->state = WC_LMS_STATE_PARMSET; - - return 0; -} - -/* Get the parameters of an LMS key. - * - * Key must be inited and parameters set before calling this. - * - * Returns 0 on success. - * */ -int wc_LmsKey_GetParameters(const LmsKey * key, int * levels, int * height, - int * winternitz) -{ - if (key == NULL || levels == NULL || height == NULL || winternitz == NULL) { - return BAD_FUNC_ARG; - } - - /* This shouldn't happen, but check the LmsKey parameters aren't invalid. */ - - if (key->levels < MIN_HSS_LEVELS || key->levels > MAX_HSS_LEVELS) { - WOLFSSL_MSG("error: LmsKey invalid level parameter"); - return -1; - } - - *levels = key->levels; - - switch (key->lm_type[0]) { - case LMS_SHA256_N32_H5: - *height = 5; - break; - case LMS_SHA256_N32_H10: - *height = 10; - break; - case LMS_SHA256_N32_H15: - *height = 15; - break; - case LMS_SHA256_N32_H20: - *height = 20; - break; - case LMS_SHA256_N32_H25: - *height = 25; - break; - default: - WOLFSSL_MSG("error: LmsKey invalid height parameter"); - return -1; - } - - switch (key->lm_ots_type[0]) { - case LMOTS_SHA256_N32_W1: - *winternitz = 1; - break; - case LMOTS_SHA256_N32_W2: - *winternitz = 2; - break; - case LMOTS_SHA256_N32_W4: - *winternitz = 4; - break; - case LMOTS_SHA256_N32_W8: - *winternitz = 8; - break; - default: - WOLFSSL_MSG("error: LmsKey invalid winternitz parameter"); - return -1; - } - - return 0; -} - -/* Frees the LMS key from memory. - * - * This does not affect the private key saved to non-volatile storage. - * */ -void wc_LmsKey_Free(LmsKey* key) -{ - if (key == NULL) { - return; - } - -#ifndef WOLFSSL_LMS_VERIFY_ONLY - if (key->working_key != NULL) { - hss_free_working_key(key->working_key); - key->working_key = NULL; - } -#endif /* ifndef WOLFSSL_LMS_VERIFY_ONLY */ - - ForceZero(key, sizeof(LmsKey)); - - key->state = WC_LMS_STATE_FREED; - - return; -} - -#ifndef WOLFSSL_LMS_VERIFY_ONLY -/* Set the write private key callback to the LMS key structure. - * - * The callback must be able to write/update the private key to - * non-volatile storage. - * - * Returns 0 on success. - * */ -int wc_LmsKey_SetWriteCb(LmsKey * key, wc_lms_write_private_key_cb write_cb) -{ - if (key == NULL || write_cb == NULL) { - return BAD_FUNC_ARG; - } - - /* Changing the write callback of an already working key is forbidden. */ - if (key->state == WC_LMS_STATE_OK) { - WOLFSSL_MSG("error: wc_LmsKey_SetWriteCb: key in use"); - return -1; - } - - key->write_private_key = write_cb; - - return 0; -} - -/* Set the read private key callback to the LMS key structure. - * - * The callback must be able to read the private key from - * non-volatile storage. - * - * Returns 0 on success. - * */ -int wc_LmsKey_SetReadCb(LmsKey * key, wc_lms_read_private_key_cb read_cb) -{ - if (key == NULL || read_cb == NULL) { - return BAD_FUNC_ARG; - } - - /* Changing the read callback of an already working key is forbidden. */ - if (key->state == WC_LMS_STATE_OK) { - WOLFSSL_MSG("error: wc_LmsKey_SetReadCb: key in use"); - return -1; - } - - key->read_private_key = read_cb; - - return 0; -} - -/* Sets the context to be used by write and read callbacks. - * - * E.g. this could be a filename if the callbacks write/read to file. - * - * Returns 0 on success. - * */ -int wc_LmsKey_SetContext(LmsKey * key, void * context) -{ - if (key == NULL || context == NULL) { - return BAD_FUNC_ARG; - } - - /* Setting context of an already working key is forbidden. */ - if (key->state == WC_LMS_STATE_OK) { - WOLFSSL_MSG("error: wc_LmsKey_SetContext: key in use"); - return -1; - } - - key->context = context; - - return 0; -} - -/* Make the LMS private/public key pair. The key must have its parameters - * set before calling this. - * - * Write/read callbacks, and context data, must be set prior. - * Key must have parameters set. - * - * Returns 0 on success. - * */ -int wc_LmsKey_MakeKey(LmsKey* key, WC_RNG * rng) -{ - bool result = true; - - if (key == NULL || rng == NULL) { - return BAD_FUNC_ARG; - } - - if (key->state != WC_LMS_STATE_PARMSET) { - WOLFSSL_MSG("error: LmsKey not ready for generation"); - return -1; - } - - if (key->write_private_key == NULL || key->read_private_key == NULL) { - WOLFSSL_MSG("error: LmsKey write/read callbacks are not set"); - return -1; - } - - if (key->context == NULL) { - WOLFSSL_MSG("error: LmsKey context is not set"); - return -1; - } - - LmsRng = rng; - - /* TODO: The hash-sigs lib allows you to save variable length auxiliary - * data, which can be used to speed up key reloading when signing. The - * aux data can be 300B - 1KB in size. - * - * Not implemented at the moment. - * - * key->aux_data_len = hss_get_aux_data_len(AUX_DATA_MAX_LEN, key->levels, - * key->lm_type, - * key->lm_ots_type); - * - * key->aux_data = XMALLOC(key->aux_data_len, NULL, - * DYNAMIC_TYPE_TMP_BUFFER); - */ - - /* First generate the private key using the parameters and callbacks. - * If successful, private key will be saved to non-volatile storage, - * and the public key will be in memory. */ - result = hss_generate_private_key(LmsGenerateRand, key->levels, - key->lm_type, key->lm_ots_type, - LmsWritePrivKey, key, - key->pub, sizeof(key->pub), - NULL, 0, &key->info); - - if (!result) { - WOLFSSL_MSG("error: hss_generate_private_key failed"); - key->state = WC_LMS_STATE_BAD; - return -1; - } - - /* Once generated, now we must load the private key so we have - * an hss working key for signing operations. */ - key->working_key = hss_load_private_key(LmsReadPrivKey, key, - 0, NULL, 0, &key->info); - - if (key->working_key == NULL) { - WOLFSSL_MSG("error: hss_load_private_key failed"); - key->state = WC_LMS_STATE_BAD; - return -1; - } - - /* This should not happen, but check just in case. */ - if (wc_LmsKey_SigsLeft(key) == 0) { - WOLFSSL_MSG("error: generated LMS key signatures exhausted"); - key->state = WC_LMS_STATE_NOSIGS; - return -1; - } - - key->state = WC_LMS_STATE_OK; - - return 0; -} - -/* Reload a key that has been prepared with the appropriate params and - * data. Use this if you wish to resume signing with an existing key. - * - * Write/read callbacks, and context data, must be set prior. - * Key must have parameters set. - * - * Returns 0 on success. */ -int wc_LmsKey_Reload(LmsKey * key) -{ - bool result = true; - - if (key == NULL) { - return BAD_FUNC_ARG; - } - - if (key->state != WC_LMS_STATE_PARMSET) { - WOLFSSL_MSG("error: LmsKey not ready for reload"); - return -1; - } - - if (key->write_private_key == NULL || key->read_private_key == NULL) { - WOLFSSL_MSG("error: LmsKey write/read callbacks are not set"); - return -1; - } - - if (key->context == NULL) { - WOLFSSL_MSG("error: LmsKey context is not set"); - return -1; - } - - key->working_key = hss_load_private_key(LmsReadPrivKey, key, - 0, NULL, 0, &key->info); - - if (key->working_key == NULL) { - WOLFSSL_MSG("error: hss_load_private_key failed"); - key->state = WC_LMS_STATE_BAD; - return -1; - } - - result = hss_get_parameter_set(&key->levels, key->lm_type, - key->lm_ots_type, LmsReadPrivKey, key); - - if (!result) { - WOLFSSL_MSG("error: hss_get_parameter_set failed"); - key->state = WC_LMS_STATE_BAD; - hss_free_working_key(key->working_key); - key->working_key = NULL; - return -1; - } - - /* Double check the key actually has signatures left. */ - if (wc_LmsKey_SigsLeft(key) == 0) { - WOLFSSL_MSG("error: reloaded LMS key signatures exhausted"); - key->state = WC_LMS_STATE_NOSIGS; - return -1; - } - - key->state = WC_LMS_STATE_OK; - - return 0; -} - -/* Given a levels, height, winternitz parameter set, determine - * the private key length */ -int wc_LmsKey_GetPrivLen(const LmsKey * key, word32 * len) -{ - if (key == NULL || len == NULL) { - return BAD_FUNC_ARG; - } - - *len = (word32) hss_get_private_key_len(key->levels, key->lm_type, - key->lm_ots_type); - - return 0; -} - -int wc_LmsKey_Sign(LmsKey* key, byte * sig, word32 * sigSz, const byte * msg, - int msgSz) -{ - bool result = true; - size_t len = 0; - - if (key == NULL || sig == NULL || sigSz == NULL || msg == NULL) { - return BAD_FUNC_ARG; - } - - if (msgSz <= 0) { - return BAD_FUNC_ARG; - } - - if (key->state == WC_LMS_STATE_NOSIGS) { - WOLFSSL_MSG("error: LMS signatures exhausted"); - return -1; - } - else if (key->state != WC_LMS_STATE_OK) { - /* The key had an error the last time it was used, and we - * can't guarantee its state. */ - WOLFSSL_MSG("error: can't sign, LMS key not in good state"); - return -1; - } - - len = hss_get_signature_len(key->levels, key->lm_type, key->lm_ots_type); - - if (len == 0) { - /* Key parameters are invalid. */ - WOLFSSL_MSG("error: hss_get_signature_len failed"); - key->state = WC_LMS_STATE_BAD; - return -1; - } - - if ((size_t)*sigSz < len) { - /* Signature buffer too small. */ - WOLFSSL_MSG("error: LMS sig buffer too small"); - return BUFFER_E; - } - - if (key->write_private_key == NULL) { - WOLFSSL_MSG("error: LmsKey write/read callbacks are not set"); - return BAD_FUNC_ARG; - } - - if (key->context == NULL) { - WOLFSSL_MSG("error: LmsKey context is not set"); - return BAD_FUNC_ARG; - } - - result = hss_generate_signature(key->working_key, LmsWritePrivKey, - key, (const void *) msg, msgSz, - sig, len, &key->info); - - if (!result) { - /* Erase any partial signature to prevent OTS key reuse if state - * is rolled back. */ - ForceZero(sig, len); - - if (wc_LmsKey_SigsLeft(key) == 0) { - WOLFSSL_MSG("error: LMS signatures exhausted"); - key->state = WC_LMS_STATE_NOSIGS; - return -1; - } - - WOLFSSL_MSG("error: hss_generate_signature failed"); - key->state = WC_LMS_STATE_BAD; - return -1; - } - - *sigSz = (word32) len; - - return 0; -} - -/* Returns 1 if there are signatures remaining. - * Returns 0 if available signatures are exhausted. - * - * Note: the number of remaining signatures is hidden behind an opaque - * pointer in the hash-sigs lib. We could add a counter here that is - * decremented on every signature. The number of available signatures - * grows as - * N = 2 ** (levels * height) - * so it would need to be a big integer. */ -int wc_LmsKey_SigsLeft(LmsKey * key) -{ - if (key == NULL) { - return BAD_FUNC_ARG; - } - - if (hss_extra_info_test_last_signature(&key->info)) { - return 0; - } - - return 1; -} - -#endif /* ifndef WOLFSSL_LMS_VERIFY_ONLY*/ - -/* Given a levels, height, winternitz parameter set, determine - * the public key length */ -int wc_LmsKey_GetPubLen(const LmsKey * key, word32 * len) -{ - if (key == NULL || len == NULL) { - return BAD_FUNC_ARG; - } - - *len = (word32) hss_get_public_key_len(key->levels, key->lm_type, - key->lm_ots_type); - - return 0; -} - -/* Export a generated public key and parameter set from one LmsKey - * to another. Use this to prepare a signature verification LmsKey - * that is pub only. - * - * Though the public key is all that is used to verify signatures, - * the parameter set is needed to calculate the signature length - * before hand. */ -int wc_LmsKey_ExportPub(LmsKey * keyDst, const LmsKey * keySrc) -{ - if (keyDst == NULL || keySrc == NULL) { - return BAD_FUNC_ARG; - } - - ForceZero(keyDst, sizeof(LmsKey)); - - XMEMCPY(keyDst->pub, keySrc->pub, sizeof(keySrc->pub)); - XMEMCPY(keyDst->lm_type, keySrc->lm_type, sizeof(keySrc->lm_type)); - XMEMCPY(keyDst->lm_ots_type, keySrc->lm_ots_type, - sizeof(keySrc->lm_ots_type)); - - keyDst->levels = keySrc->levels; - - /* Mark this key as verify only, to prevent misuse. */ - keyDst->state = WC_LMS_STATE_VERIFYONLY; - - return 0; -} - -/* Exports the raw LMS public key buffer from key to out buffer. - * The out buffer should be large enough to hold the public key, and - * outLen should indicate the size of the buffer. - * - * - Returns 0 on success, and sets outLen to LMS pubLen. - * - Returns BUFFER_E if outLen < LMS pubLen. - * - * Call wc_LmsKey_GetPubLen beforehand to determine pubLen. - * */ -int wc_LmsKey_ExportPubRaw(const LmsKey * key, byte * out, word32 * outLen) -{ - int ret = 0; - word32 pubLen = 0; - - if (key == NULL || out == NULL || outLen == NULL) { - return BAD_FUNC_ARG; - } - - ret = wc_LmsKey_GetPubLen(key, &pubLen); - - if (ret != 0) { - WOLFSSL_MSG("error: wc_LmsKey_GetPubLen failed"); - return -1; - } - - if (*outLen < pubLen) { - return BUFFER_E; - } - - XMEMCPY(out, key->pub, pubLen); - *outLen = pubLen; - - return 0; -} - -/* Imports a raw public key buffer from in array to LmsKey key. - * - * The LMS parameters must be set first with wc_LmsKey_SetLmsParm or - * wc_LmsKey_SetParameters, and inLen must match the length returned - * by wc_LmsKey_GetPubLen. - * - * - Returns 0 on success. - * - Returns BUFFER_E if inlen != LMS pubLen. - * - * Call wc_LmsKey_GetPubLen beforehand to determine pubLen. - * */ -int wc_LmsKey_ImportPubRaw(LmsKey * key, const byte * in, word32 inLen) -{ - int ret = 0; - word32 pubLen = 0; - - if (key == NULL || in == NULL) { - return BAD_FUNC_ARG; - } - - ret = wc_LmsKey_GetPubLen(key, &pubLen); - - if (ret != 0) { - WOLFSSL_MSG("error: wc_LmsKey_GetPubLen failed"); - return -1; - } - - if (inLen != pubLen) { - /* Something inconsistent. Parameters weren't set, or input - * pub key is wrong.*/ - return BUFFER_E; - } - - XMEMCPY(key->pub, in, pubLen); - - return 0; -} - -/* Given a levels, height, winternitz parameter set, determine - * the signature length. - * - * Call this before wc_LmsKey_Sign so you know the length of - * the required signature buffer. */ -int wc_LmsKey_GetSigLen(const LmsKey * key, word32 * len) -{ - if (key == NULL || len == NULL) { - return BAD_FUNC_ARG; - } - - *len = (word32) hss_get_signature_len(key->levels, key->lm_type, - key->lm_ots_type); - - return 0; -} - -int wc_LmsKey_Verify(LmsKey * key, const byte * sig, word32 sigSz, - const byte * msg, int msgSz) -{ - bool result = true; - - if (key == NULL || sig == NULL || msg == NULL) { - return BAD_FUNC_ARG; - } - -#ifdef WOLFSSL_LMS_VERIFY_ONLY - result = hss_validate_signature(key->pub, (const void *) msg, msgSz, sig, - sigSz, NULL); -#else - result = hss_validate_signature(key->pub, (const void *) msg, msgSz, sig, - sigSz, &key->info); -#endif - - - if (!result) { - WOLFSSL_MSG("error: hss_validate_signature failed"); - return -1; - } - - return 0; -} - -int wc_LmsKey_GetKid(LmsKey * key, const byte ** kid, word32* kidSz) -{ - if ((key == NULL) || (kid == NULL) || (kidSz == NULL)) { - return BAD_FUNC_ARG; - } - - return NOT_COMPILED_IN; -} - -const byte * wc_LmsKey_GetKidFromPrivRaw(const byte * priv, word32 privSz) -{ - if ((priv == NULL) || (privSz < 16)) { - return NULL; - } - return priv - 16; -} - -#endif /* WOLFSSL_HAVE_LMS && HAVE_LIBLMS */ diff --git a/wolfcrypt/src/ext_xmss.c b/wolfcrypt/src/ext_xmss.c deleted file mode 100644 index a3ddb6f4540..00000000000 --- a/wolfcrypt/src/ext_xmss.c +++ /dev/null @@ -1,1041 +0,0 @@ -/* ext_xmss.c - * - * Copyright (C) 2006-2026 wolfSSL Inc. - * - * This file is part of wolfSSL. - * - * wolfSSL is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * wolfSSL is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA - */ - -#include - -#include - -#if defined(WOLFSSL_HAVE_XMSS) && defined(HAVE_LIBXMSS) - -#include - -#ifdef NO_INLINE - #include -#else - #define WOLFSSL_MISC_INCLUDED - #include -#endif - -#include -#include - -#ifndef WOLFSSL_XMSS_VERIFY_ONLY -static THREAD_LS_T WC_RNG * xmssRng = NULL; - -/* RNG callback used by xmss. - * */ -static int rng_cb(void * output, size_t length) -{ - int ret = 0; - - if (output == NULL || xmssRng == NULL) { - return -1; - } - - if (length == 0) { - return 0; - } - - ret = wc_RNG_GenerateBlock(xmssRng, (byte *)output, (word32)length); - - if (ret) { - WOLFSSL_MSG("error: XMSS rng_cb failed"); - return -1; - } - - return 0; -} -#endif /* ifndef WOLFSSL_XMSS_VERIFY_ONLY */ - -/* SHA256 callback used by XMSS. - * */ -static int sha256_cb(const unsigned char *in, unsigned long long inlen, - unsigned char *out) -{ - wc_Sha256 sha; - - if (wc_InitSha256_ex(&sha, NULL, INVALID_DEVID) != 0) { - WOLFSSL_MSG("SHA256 Init failed"); - return -1; - } - - if (wc_Sha256Update(&sha, in, (word32) inlen) != 0) { - WOLFSSL_MSG("SHA256 Update failed"); - return -1; - } - - if (wc_Sha256Final(&sha, out) != 0) { - WOLFSSL_MSG("SHA256 Final failed"); - wc_Sha256Free(&sha); - return -1; - } - wc_Sha256Free(&sha); - - return 0; -} - -/* Init an XMSS key. - * - * Call this before setting the params of an XMSS key. - * - * key [in] The XMSS key to init. - * heap [in] Unused. - * devId [in] Unused. - * - * returns 0 on success. - * returns BAD_FUNC_ARG when a parameter is NULL. - * */ -int wc_XmssKey_Init(XmssKey * key, void * heap, int devId) -{ - if (key == NULL) { - return BAD_FUNC_ARG; - } - - (void) heap; - (void) devId; - - ForceZero(key, sizeof(XmssKey)); - -#ifndef WOLFSSL_XMSS_VERIFY_ONLY - key->sk = NULL; - key->sk_len = 0; - key->write_private_key = NULL; - key->read_private_key = NULL; - key->context = NULL; -#endif /* ifndef WOLFSSL_XMSS_VERIFY_ONLY */ - key->state = WC_XMSS_STATE_INITED; - - return 0; -} - -/* Sets the XMSS key parameters, given an OID. - * - * Note: XMSS and XMSS^MT parameter sets do have overlapping - * OIDs, therefore is_xmssmt is necessary to toggle. - * - * key [in] The XMSS key to set. - * OID [in] The XMSS parameter set OID. - * is_xmssmt [in] 1 The OID is assumed to be XMSS^MT. - * 0 The OID is assumed to be XMSS. - * - * returns 0 on success. - * returns BAD_FUNC_ARG when a parameter is NULL. - * returns -1 on parse failure. - * */ -static int wc_XmssKey_SetOid(XmssKey * key, uint32_t oid, int is_xmssmt) -{ - int ret = 0; - - if (key == NULL || oid == 0) { - return BAD_FUNC_ARG; - } - - /* Parse the OID and load the XMSS params structure. */ - if (is_xmssmt) { - ret = xmssmt_parse_oid(&key->params, oid); - } - else { - ret = xmss_parse_oid(&key->params, oid); - } - - if (ret != 0) { - WOLFSSL_MSG("error: XMSS parse oid failed"); - return -1; - } - - /* Finally, sanity check that this is a supported parameter set. - * - * We are only supporting XMSS/XMSS^MT with SHA256 parameter sets - * that NIST SP 800-208 has standardized. See patched xmss-reference - * params.h for the defines. */ - if (key->params.func != XMSS_SHA2 || - key->params.n != XMSS_SHA256_N || - key->params.padding_len != XMSS_SHA256_PADDING_LEN || - key->params.wots_w != 16 || - key->params.wots_len != XMSS_SHA256_WOTS_LEN) { - WOLFSSL_MSG("error: unsupported XMSS/XMSS^MT parameter set"); - return -1; - } - if ((key->params.full_height < WOLFSSL_XMSS_MIN_HEIGHT) || - (key->params.full_height > WOLFSSL_XMSS_MAX_HEIGHT)) { - WOLFSSL_MSG("error: unsupported XMSS/XMSS^MT parameter set - height"); - return -1; - } - - ret = xmss_set_sha_cb(sha256_cb); - if (ret != 0) { - WOLFSSL_MSG("error: xmss_set_sha_cb failed"); - return -1; - } - -#ifndef WOLFSSL_XMSS_VERIFY_ONLY - ret = xmss_set_rng_cb(rng_cb); - if (ret != 0) { - WOLFSSL_MSG("error: xmss_set_rng_cb failed"); - return -1; - } -#endif - - key->oid = oid; - key->is_xmssmt = is_xmssmt; - key->state = WC_XMSS_STATE_PARMSET; - - return 0; -} - -/* Set the XMSS key parameter string. - * - * The input string must be one of the supported param set names in - * the "Name" section from the table in wolfssl/wolfcrypt/xmss.h, - * e.g. "XMSS-SHA2_10_256" or "XMSSMT-SHA2_20/4_256". - * - * key [in] The XMSS key to set. - * str [in] The XMSS/XMSS^MT parameter string. - * - * returns 0 on success. - * returns BAD_FUNC_ARG when a parameter is NULL. - * returns -1 on failure. - * */ -int wc_XmssKey_SetParamStr(XmssKey * key, const char * str) -{ - int ret = 0; - uint32_t oid = 0; - int is_xmssmt = 0; - - if (key == NULL || str == NULL) { - return BAD_FUNC_ARG; - } - - if (key->state != WC_XMSS_STATE_INITED) { - WOLFSSL_MSG("error: XMSS key needs init"); - return BAD_FUNC_ARG; - } - - switch(XSTRLEN(str)) { - case XMSS_NAME_LEN: - is_xmssmt = 0; - break; - case XMSSMT_NAME_MIN_LEN: - case XMSSMT_NAME_MAX_LEN: - is_xmssmt = 1; - break; - default: - WOLFSSL_MSG("error: XMSS param str invalid length"); - return BAD_FUNC_ARG; - } - - /* Convert XMSS param string to OID. */ - if (is_xmssmt) { - ret = xmssmt_str_to_oid(&oid, str); - } - else { - ret = xmss_str_to_oid(&oid, str); - } - - if (ret != 0) { - WOLFSSL_MSG("error: xmssmt_str_to_oid failed"); - return -1; - } - - return wc_XmssKey_SetOid(key, oid, is_xmssmt); -} - -/* Force zeros and frees the XMSS key from memory. - * - * This does not touch the private key saved to non-volatile storage. - * - * This is the only function that frees the key->sk array. - * - * key [in] The XMSS key. - * - * returns void - * */ -void wc_XmssKey_Free(XmssKey* key) -{ - if (key == NULL) { - return; - } - -#ifndef WOLFSSL_XMSS_VERIFY_ONLY - if (key->sk != NULL) { - ForceZero(key->sk, key->sk_len); - XFREE(key->sk, NULL, DYNAMIC_TYPE_TMP_BUFFER); - key->sk = NULL; - key->sk_len = 0; - } -#endif /* ifndef WOLFSSL_XMSS_VERIFY_ONLY */ - - ForceZero(key, sizeof(XmssKey)); - - key->state = WC_XMSS_STATE_FREED; - - return; -} - -#ifndef WOLFSSL_XMSS_VERIFY_ONLY -/* Sets the XMSS write private key callback. - * - * The callback must be able to write/update the private key to - * non-volatile storage. - * - * key [in] The XMSS key. - * write_cb [in] The write private key callback. - * - * returns 0 on success. - * returns BAD_FUNC_ARG when a parameter is NULL. - * returns -1 on failure. - * */ -int wc_XmssKey_SetWriteCb(XmssKey * key, wc_xmss_write_private_key_cb write_cb) -{ - if (key == NULL || write_cb == NULL) { - return BAD_FUNC_ARG; - } - - /* Changing the write callback of an already working key is forbidden. */ - if (key->state == WC_XMSS_STATE_OK) { - WOLFSSL_MSG("error: wc_XmssKey_SetWriteCb: key in use"); - return -1; - } - - key->write_private_key = write_cb; - - return 0; -} - -/* Sets the XMSS read private key callback. - * - * The callback must be able to read the private key from - * non-volatile storage. - * - * key [in] The XMSS key. - * read_cb [in] The read private key callback. - * - * returns 0 on success. - * returns BAD_FUNC_ARG when a parameter is NULL. - * returns -1 on failure. - * */ -int wc_XmssKey_SetReadCb(XmssKey * key, wc_xmss_read_private_key_cb read_cb) -{ - if (key == NULL || read_cb == NULL) { - return BAD_FUNC_ARG; - } - - /* Changing the read callback of an already working key is forbidden. */ - if (key->state == WC_XMSS_STATE_OK) { - WOLFSSL_MSG("error: wc_XmssKey_SetReadCb: key in use"); - return -1; - } - - key->read_private_key = read_cb; - - return 0; -} - -/* Sets the XMSS context to be used by write and read callbacks. - * - * E.g. this could be a filename if the callbacks write/read to file. - * - * key [in] The XMSS key. - * context [in] The context pointer. - * - * returns 0 on success. - * returns BAD_FUNC_ARG when a parameter is NULL. - * returns -1 on failure. - * */ -int wc_XmssKey_SetContext(XmssKey * key, void * context) -{ - if (key == NULL || context == NULL) { - return BAD_FUNC_ARG; - } - - /* Setting context of an already working key is forbidden. */ - if (key->state == WC_XMSS_STATE_OK) { - WOLFSSL_MSG("error: wc_XmssKey_SetContext: key in use"); - return -1; - } - - key->context = context; - - return 0; -} - - -/* Allocates the XMSS secret key (sk) array. - * - * The XMSS/XMSS^MT secret key length is a function of the - * parameters, and can't be allocated until the param string - * has been set with SetParamStr. - * - * This is only called by MakeKey() and Reload(). - * - * Note: the XMSS sk array is force zeroed after every use. - * - * key [in] The XMSS key. - * - * returns 0 on success. - * returns BAD_FUNC_ARG when a parameter is NULL. - * returns -1 on failure. - * */ -static int wc_XmssKey_AllocSk(XmssKey* key) -{ - int ret = 0; - - if (key == NULL) { - return BAD_FUNC_ARG; - } - - if (key->sk != NULL) { - WOLFSSL_MSG("error: XMSS secret key already exists"); - return -1; - } - - /* The XMSS/XMSS^MT secret key length is a function of the - * parameters. Therefore can't allocate this until param - * string has been set. */ - ret = wc_XmssKey_GetPrivLen(key, &key->sk_len); - - if (ret != 0 || key->sk_len <= 0) { - WOLFSSL_MSG("error: wc_XmssKey_GetPrivLen failed"); - return -1; - } - - key->sk = (unsigned char *)XMALLOC(key->sk_len, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - - if (key->sk == NULL) { - WOLFSSL_MSG("error: malloc XMSS key->sk failed"); - return -1; - } - - ForceZero(key->sk, key->sk_len); - - return 0; -} - -/* Make the XMSS/XMSS^MT private/public key pair. The key must have its parameters - * set before calling this. - * - * Write/read callbacks, and context data, must be set prior. - * Key must have parameters set. - * - * This function and Reload() are the only functions that allocate - * key->sk array. wc_XmssKey_FreeKey is the only function that - * deallocates key->sk. - * - * key [in] The XMSS key to make. - * rng [in] Initialized WC_RNG pointer. - * - * returns 0 on success. - * returns BAD_FUNC_ARG when a parameter is NULL. - * returns -1 on verify fail. - * */ -int wc_XmssKey_MakeKey(XmssKey* key, WC_RNG * rng) -{ - int ret = 0; - enum wc_XmssRc cb_rc = WC_XMSS_RC_NONE; - - if (key == NULL || rng == NULL) { - return BAD_FUNC_ARG; - } - - if (key->state != WC_XMSS_STATE_PARMSET) { - WOLFSSL_MSG("error: XmssKey not ready for generation"); - return -1; - } - - if (key->write_private_key == NULL || key->read_private_key == NULL) { - WOLFSSL_MSG("error: XmssKey write/read callbacks are not set"); - return -1; - } - - if (key->context == NULL) { - WOLFSSL_MSG("error: XmssKey context is not set"); - return -1; - } - - /* Allocate sk array. */ - ret = wc_XmssKey_AllocSk(key); - - if (ret != 0) { - return ret; - } - - xmssRng = rng; - - /* Finally make the secret public key pair. Immediately write it to NV - * storage and then clear from memory. */ - if (key->is_xmssmt) { - ret = xmssmt_keypair(key->pk, key->sk, key->oid); - } - else { - ret = xmss_keypair(key->pk, key->sk, key->oid); - } - - if (ret == 0) { - cb_rc = key->write_private_key(key->sk, key->sk_len, key->context); - } - - ForceZero(key->sk, key->sk_len); - - if (ret != 0) { - WOLFSSL_MSG("error: XMSS keypair failed"); - key->state = WC_XMSS_STATE_BAD; - return -1; - } - - if (cb_rc != WC_XMSS_RC_SAVED_TO_NV_MEMORY) { - WOLFSSL_MSG("error: XMSS write to NV storage failed"); - key->state = WC_XMSS_STATE_BAD; - return -1; - } - - key->state = WC_XMSS_STATE_OK; - - return 0; -} - -/* This function allocates the secret key buffer, and does a - * quick sanity check to verify the secret key is readable - * from NV storage, and then force zeros the key from memory. - * - * On success it sets the key state to OK. - * - * Use this function to resume signing with an already existing - * XMSS key pair. - * - * Write/read callbacks, and context data, must be set prior. - * Key must have parameters set. - * - * Returns 0 on success. - * - * This function and MakeKey are the only functions that allocate - * key->sk array. wc_XmssKey_FreeKey is the only function that - * deallocates key->sk. - * - * key [in] XMSS key to load. - * - * returns 0 on success. - * returns BAD_FUNC_ARG when a parameter is NULL. - * returns -1 on load fail. - * */ -int wc_XmssKey_Reload(XmssKey * key) -{ - int ret = 0; - enum wc_XmssRc cb_rc = WC_XMSS_RC_NONE; - - if (key == NULL) { - return BAD_FUNC_ARG; - } - - if (key->state != WC_XMSS_STATE_PARMSET) { - WOLFSSL_MSG("error: XmssKey not ready for reload"); - return -1; - } - - if (key->write_private_key == NULL || key->read_private_key == NULL) { - WOLFSSL_MSG("error: XmssKey write/read callbacks are not set"); - return -1; - } - - if (key->context == NULL) { - WOLFSSL_MSG("error: XmssKey context is not set"); - return -1; - } - - /* Allocate sk array. */ - ret = wc_XmssKey_AllocSk(key); - - if (ret != 0) { - return ret; - } - - /* Read the current secret key from NV storage. Force clear it - * immediately. This is just to sanity check the secret key - * is readable from permanent storage. */ - cb_rc = key->read_private_key(key->sk, key->sk_len, key->context); - ForceZero(key->sk, key->sk_len); - - if (cb_rc != WC_XMSS_RC_READ_TO_MEMORY) { - WOLFSSL_MSG("error: XMSS read from NV storage failed"); - key->state = WC_XMSS_STATE_BAD; - return -1; - } - - key->state = WC_XMSS_STATE_OK; - - return 0; -} - -/* Gets the XMSS/XMSS^MT private key length. - * - * Parameters must be set before calling this, as the key size (sk_bytes) - * is a function of the parameters. - * - * Note: the XMSS/XMSS^MT private key format is implementation specific, - * and not standardized. Interoperability of XMSS private keys should - * not be expected. - * - * key [in] The XMSS key. - * len [out] The length of the private key in bytes. - * - * returns 0 on success. - * returns BAD_FUNC_ARG when a parameter is NULL. - * returns -1 on sign fail. - * */ -int wc_XmssKey_GetPrivLen(const XmssKey * key, word32 * len) -{ - if (key == NULL || len == NULL) { - return BAD_FUNC_ARG; - } - - if (key->state != WC_XMSS_STATE_OK && key->state != WC_XMSS_STATE_PARMSET) { - /* params.sk_bytes not set yet. */ - return -1; - } - - *len = XMSS_OID_LEN + (word32) key->params.sk_bytes; - - return 0; -} - -/* Signs the message using the XMSS secret key, and - * updates the secret key on NV storage. - * - * Both operations must succeed to be considered - * successful. - * - * On success: sets key state to WC_XMSS_STATE_OK. - * On failure: sets key state to WC_XMSS_STATE_BAD - * - * If no signatures are left, sets state to WC_XMSS_STATE_NOSIGS. - */ -static void wc_XmssKey_SignUpdate(XmssKey* key, byte * sig, word32 * sigLen, - const byte * msg, int msgLen) -{ - int ret = -1; - unsigned long long len = *sigLen; - enum wc_XmssRc cb_rc = WC_XMSS_RC_NONE; - - /* Set the key state to bad by default. State is presumed bad - * unless a correct sign and update operation happen together. */ - key->state = WC_XMSS_STATE_BAD; - *sigLen = 0; - - /* Read the current secret key from NV storage.*/ - cb_rc = key->read_private_key(key->sk, key->sk_len, key->context); - - if (cb_rc == WC_XMSS_RC_READ_TO_MEMORY) { - /* Read was good. Now sign and update the secret key in memory. */ - if (key->is_xmssmt) { - ret = xmssmt_sign(key->sk, sig, &len, msg, msgLen); - } - else { - ret = xmss_sign(key->sk, sig, &len, msg, msgLen); - } - - if (ret == 0 && len == key->params.sig_bytes) { - /* The signature succeeded. key->sk is now updated and must be - * committed to NV storage. */ - cb_rc = key->write_private_key(key->sk, key->sk_len, key->context); - - if (cb_rc == WC_XMSS_RC_SAVED_TO_NV_MEMORY) { - /* key->sk was successfully committed to NV storage. Set the - * key state to OK, and set the sigLen. */ - key->state = WC_XMSS_STATE_OK; - *sigLen = (word32) len; - } - else { - /* Write to NV storage failed. Erase the signature from - * memory. */ - ForceZero(sig, key->params.sig_bytes); - WOLFSSL_MSG("error: XMSS write_private_key failed"); - } - } - else if (ret == -2) { - /* Signature space exhausted. */ - key->state = WC_XMSS_STATE_NOSIGS; - WOLFSSL_MSG("error: no XMSS signatures remaining"); - } - else { - /* Something failed or inconsistent in signature. Erase the - * signature just to be safe. */ - ForceZero(sig, key->params.sig_bytes); - WOLFSSL_MSG("error: XMSS sign failed"); - } - } - else { - /* Read from NV storage failed. */ - WOLFSSL_MSG("error: XMSS read_private_key failed"); - } - - /* Force zero the secret key from memory always. */ - ForceZero(key->sk, key->sk_len); - - return; -} - -/* Sign the message using the XMSS secret key. - * - * key [in] XMSS key to use to sign. - * sig [in] Buffer to write signature into. - * sigLen [in/out] On in, size of buffer. - * On out, the length of the signature in bytes. - * msg [in] Message to sign. - * msgLen [in] Length of the message in bytes. - * - * returns 0 on success. - * returns -1 on sign fail. - * returns BAD_FUNC_ARG when a parameter is NULL. - * returns BUFFER_E when sigLen is too small. - */ -int wc_XmssKey_Sign(XmssKey* key, byte * sig, word32 * sigLen, const byte * msg, - int msgLen) -{ - if (key == NULL || sig == NULL || sigLen == NULL || msg == NULL) { - return BAD_FUNC_ARG; - } - - if (msgLen <= 0) { - return BAD_FUNC_ARG; - } - - if (*sigLen < key->params.sig_bytes) { - /* Signature buffer too small. */ - WOLFSSL_MSG("error: XMSS sig buffer too small"); - return BUFFER_E; - } - - if (key->state == WC_XMSS_STATE_NOSIGS) { - WOLFSSL_MSG("error: XMSS signatures exhausted"); - return -1; - } - else if (key->state != WC_XMSS_STATE_OK) { - /* The key had an error the last time it was used, and we - * can't guarantee its state. */ - WOLFSSL_MSG("error: can't sign, XMSS key not in good state"); - return -1; - } - - if (key->write_private_key == NULL || key->read_private_key == NULL) { - WOLFSSL_MSG("error: XmssKey write/read callbacks are not set"); - return -1; - } - - if (key->context == NULL) { - WOLFSSL_MSG("error: XmssKey context is not set"); - return -1; - } - - /* Finally, sign and update the secret key. */ - wc_XmssKey_SignUpdate(key, sig, sigLen, msg, msgLen); - - return (key->state == WC_XMSS_STATE_OK) ? 0 : -1; -} - - -/* Check if more signatures are possible with key. - * - * @param [in] key XMSS key to check. - * @return 1 when signatures possible. - * @return 0 when key exhausted. - */ -int wc_XmssKey_SigsLeft(XmssKey* key) -{ - int ret = 0; - - /* Validate parameter. */ - if (key == NULL) { - ret = 0; - } - /* Validate state. */ - else if (key->state == WC_XMSS_STATE_NOSIGS) { - WOLFSSL_MSG("error: XMSS signatures exhausted"); - ret = 0; - } - else if (key->state != WC_XMSS_STATE_OK) { - WOLFSSL_MSG("error: can't sign, XMSS key not in good state"); - ret = 0; - } - /* Read the current secret key from NV storage.*/ - else if (key->read_private_key(key->sk, key->sk_len, key->context) != - WC_XMSS_RC_READ_TO_MEMORY) { - WOLFSSL_MSG("error: XMSS read_private_key failed"); - ret = 0; - } - else { - /* The following assumes core_fast implementation is used - * from patched xmss-reference. */ - const unsigned char* sk = (key->sk + XMSS_OID_LEN); - const xmss_params* params = &key->params; - unsigned long long idx = 0; - - if (key->is_xmssmt) { - for (uint64_t i = 0; i < params->index_bytes; i++) { - idx |= ((unsigned long long)sk[i]) - << 8 * (params->index_bytes - 1 - i); - } - } - else { - idx = ((unsigned long)sk[0] << 24) | - ((unsigned long)sk[1] << 16) | - ((unsigned long)sk[2] << 8) | sk[3]; - } - - ret = idx < ((1ULL << params->full_height) - 1); - - /* Force zero the secret key from memory always. */ - ForceZero(key->sk, key->sk_len); - } - - return ret; -} -#endif /* ifndef WOLFSSL_XMSS_VERIFY_ONLY*/ - -/* Get the XMSS/XMSS^MT public key length. The public key - * is static in size and does not depend on parameters, - * other than the choice of SHA256 as hashing function. - * - * key [in] The XMSS key. - * len [out] The length of the public key. - * - * returns 0 on success. - * returns BAD_FUNC_ARG when a parameter is NULL. - */ -int wc_XmssKey_GetPubLen(const XmssKey * key, word32 * len) -{ - if (key == NULL || len == NULL) { - return BAD_FUNC_ARG; - } - - *len = XMSS_SHA256_PUBLEN; - - return 0; -} - -/* Export a generated public key and parameter set from one XmssKey - * to another. Use this to prepare a signature verification XmssKey - * that is pub only. - * - * keyDst [out] Destination key for copy. - * keySrc [in] Source key for copy. - * - * returns 0 on success. - * returns BAD_FUNC_ARG when a parameter is NULL. - * */ -int wc_XmssKey_ExportPub(XmssKey * keyDst, const XmssKey * keySrc) -{ - if (keyDst == NULL || keySrc == NULL) { - return BAD_FUNC_ARG; - } - - ForceZero(keyDst, sizeof(XmssKey)); - - XMEMCPY(keyDst->pk, keySrc->pk, sizeof(keySrc->pk)); - - keyDst->oid = keySrc->oid; - keyDst->is_xmssmt = keySrc->is_xmssmt; - - /* Mark keyDst as verify only, to prevent misuse. */ - keyDst->state = WC_XMSS_STATE_VERIFYONLY; - - return 0; -} - -/* Exports the raw XMSS public key buffer from key to out buffer. - * The out buffer should be large enough to hold the public key, and - * outLen should indicate the size of the buffer. - * - * key [in] XMSS key. - * out [out] Array holding public key. - * outLen [in/out] On in, size of buffer. - * On out, the length of the public key. - * - * returns 0 on success. - * returns -1 on failure. - * returns BAD_FUNC_ARG when a parameter is NULL. - * returns BUFFER_E if array is too small. - * */ -int wc_XmssKey_ExportPubRaw(const XmssKey * key, byte * out, word32 * outLen) -{ - int ret = 0; - word32 pubLen = 0; - - if (key == NULL || out == NULL || outLen == NULL) { - return BAD_FUNC_ARG; - } - - ret = wc_XmssKey_GetPubLen(key, &pubLen); - - if (ret != 0) { - WOLFSSL_MSG("error: wc_XmssKey_GetPubLen failed"); - return -1; - } - - if (*outLen < pubLen) { - return BUFFER_E; - } - - XMEMCPY(out, key->pk, pubLen); - *outLen = pubLen; - - return 0; -} - -/* Imports a raw public key buffer from in array to XmssKey key. - * - * The XMSS parameters must be set first with wc_XmssKey_SetParamStr, - * and inLen must match the length returned by wc_XmssKey_GetPubLen. - * - * key [in] XMSS key. - * in [in] Array holding public key. - * inLen [in] Length of array in bytes. - * - * returns 0 on success. - * returns BAD_FUNC_ARG when a parameter is NULL. - * returns BUFFER_E if array is incorrect size. - * returns -1 on failure. - * */ -int wc_XmssKey_ImportPubRaw(XmssKey * key, const byte * in, word32 inLen) -{ - int ret = 0; - word32 pubLen = 0; - - if (key == NULL || in == NULL) { - return BAD_FUNC_ARG; - } - - if (key->state != WC_XMSS_STATE_PARMSET) { - /* XMSS key not ready for import. Param str must be set first. */ - WOLFSSL_MSG("error: XMSS key not ready for import"); - return -1; - } - - ret = wc_XmssKey_GetPubLen(key, &pubLen); - - if (ret != 0) { - WOLFSSL_MSG("error: wc_XmssKey_GetPubLen failed"); - return -1; - } - - if (inLen != pubLen) { - /* Something inconsistent. Parameters weren't set, or input - * pub key is wrong.*/ - return BUFFER_E; - } - - XMEMCPY(key->pk, in, pubLen); - - key->state = WC_XMSS_STATE_VERIFYONLY; - - return 0; -} - -/* Gets the XMSS/XMSS^MT signature length. - * - * Parameters must be set before calling this, as the signature size - * is a function of the parameters. - * - * Note: call this before wc_XmssKey_Sign or Verify so you know the - * length of the required signature buffer. - * - * key [in] XMSS key to use to sign. - * len [out] The length of the signature in bytes. - * - * returns 0 on success. - * returns BAD_FUNC_ARG when a parameter is NULL. - * returns -1 on sign fail. - * */ -int wc_XmssKey_GetSigLen(const XmssKey * key, word32 * len) -{ - if (key == NULL || len == NULL) { - return BAD_FUNC_ARG; - } - - if (key->state != WC_XMSS_STATE_OK && key->state != WC_XMSS_STATE_PARMSET) { - return -1; - } - - *len = key->params.sig_bytes; - - return 0; -} - -/* Verify the signature using the XMSS public key. - * - * Requires that XMSS parameters have been set with - * wc_XmssKey_SetParamStr, and that a public key is available - * from importing or MakeKey(). - * - * Call wc_XmssKey_GetSigLen() before this function to determine - * length of the signature buffer. - * - * key [in] XMSS key to use to verify. - * sig [in] Signature to verify. - * sigLen [in] Size of signature in bytes. - * msg [in] Message to verify. - * msgLen [in] Length of the message in bytes. - * - * returns 0 on success. - * returns -1 on verify fail. - * returns BAD_FUNC_ARG when a parameter is NULL. - * returns BUFFER_E when sigLen is too small. - */ -int wc_XmssKey_Verify(XmssKey * key, const byte * sig, word32 sigLen, - const byte * msg, int msgLen) -{ - int ret = 0; - unsigned long long msg_len = 0; - - msg_len = msgLen; - - if (key == NULL || sig == NULL || msg == NULL) { - return BAD_FUNC_ARG; - } - - if (sigLen < key->params.sig_bytes) { - /* Signature buffer too small. */ - return BUFFER_E; - } - - if (key->state != WC_XMSS_STATE_OK && - key->state != WC_XMSS_STATE_VERIFYONLY) { - /* XMSS key not ready for verification. Param str must be - * set first, and Reload() called. */ - WOLFSSL_MSG("error: XMSS key not ready for verification"); - return -1; - } - - if (key->is_xmssmt) { - ret = xmssmt_sign_open(msg, &msg_len, sig, sigLen, key->pk); - } - else { - ret = xmss_sign_open(msg, &msg_len, sig, sigLen, key->pk); - } - - if (ret != 0 || (int) msg_len != msgLen) { - WOLFSSL_MSG("error: XMSS verify failed"); - return -1; - } - - return ret; -} - -#endif /* WOLFSSL_HAVE_XMSS && HAVE_LIBXMSS */ diff --git a/wolfcrypt/src/wc_lms.c b/wolfcrypt/src/wc_lms.c index 2a3c1edc466..85bbd2d4ffc 100644 --- a/wolfcrypt/src/wc_lms.c +++ b/wolfcrypt/src/wc_lms.c @@ -21,7 +21,7 @@ #include -#if defined(WOLFSSL_HAVE_LMS) && defined(WOLFSSL_WC_LMS) +#ifdef WOLFSSL_HAVE_LMS #include #ifdef NO_INLINE @@ -1359,4 +1359,4 @@ const byte * wc_LmsKey_GetKidFromPrivRaw(const byte * priv, word32 privSz) #endif -#endif /* WOLFSSL_HAVE_LMS && WOLFSSL_WC_LMS */ +#endif /* WOLFSSL_HAVE_LMS */ diff --git a/wolfcrypt/src/wc_lms_impl.c b/wolfcrypt/src/wc_lms_impl.c index d0baf82183a..32d74d1db87 100644 --- a/wolfcrypt/src/wc_lms_impl.c +++ b/wolfcrypt/src/wc_lms_impl.c @@ -48,7 +48,7 @@ #include #endif -#if defined(WOLFSSL_HAVE_LMS) && defined(WOLFSSL_WC_LMS) +#ifdef WOLFSSL_HAVE_LMS /* Length of R in bytes. */ #define LMS_R_LEN 4 @@ -3731,5 +3731,5 @@ int wc_hss_verify(LmsState* state, const byte* pub, const byte* msg, return ret; } -#endif /* WOLFSSL_HAVE_LMS && WOLFSSL_WC_LMS */ +#endif /* WOLFSSL_HAVE_LMS */ diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 1d6eb278223..7a793642dea 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -402,20 +402,12 @@ static const byte const_byte_array[] = "A+Gd\0\0\0"; #endif #if defined(WOLFSSL_HAVE_XMSS) #include -#ifdef HAVE_LIBXMSS - #include -#else #include #endif -#endif #if defined(WOLFSSL_HAVE_LMS) #include -#ifdef HAVE_LIBLMS - #include -#else #include #endif -#endif #if defined(WOLFSSL_HAVE_SLHDSA) #include #endif @@ -975,8 +967,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t scrypt_test(void); #endif #if defined(WOLFSSL_HAVE_LMS) #if !defined(WOLFSSL_SMALL_STACK) - #if (defined(WOLFSSL_WC_LMS) && (LMS_MAX_HEIGHT >= 10) && \ - !defined(WOLFSSL_NO_LMS_SHA256_256)) || defined(HAVE_LIBLMS) + #if (LMS_MAX_HEIGHT >= 10) && !defined(WOLFSSL_NO_LMS_SHA256_256) WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test_verify_only(void); #endif #endif @@ -3158,8 +3149,7 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\ #if defined(WOLFSSL_HAVE_LMS) #if !defined(WOLFSSL_SMALL_STACK) - #if (defined(WOLFSSL_WC_LMS) && (LMS_MAX_HEIGHT >= 10) && \ - !defined(WOLFSSL_NO_LMS_SHA256_256)) || defined(HAVE_LIBLMS) + #if (LMS_MAX_HEIGHT >= 10) && !defined(WOLFSSL_NO_LMS_SHA256_256) if ( (ret = lms_test_verify_only()) != 0) TEST_FAIL("LMS Vfy test failed!\n", ret); else @@ -53120,10 +53110,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test(void) #else byte sig[WC_TEST_LMS_SIG_LEN]; #endif -#if !defined(HAVE_LIBLMS) const byte * kid; word32 kidSz; -#endif WOLFSSL_ENTER("lms_test"); @@ -53182,7 +53170,6 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test(void) XMEMCPY(old_priv, priv, sizeof(priv)); -#if !defined(HAVE_LIBLMS) ret = wc_LmsKey_GetKid(NULL, NULL, NULL); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); @@ -53209,7 +53196,6 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test(void) if (kidSz != WC_LMS_I_LEN) { ERROR_OUT(WC_TEST_RET_ENC_I(kidSz), out); } -#endif ret = wc_LmsKey_ExportPub(&verifyKey, &signingKey); if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); } @@ -53321,8 +53307,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test(void) #endif /* if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY) */ #if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_SMALL_STACK) -#if (defined(WOLFSSL_WC_LMS) && (LMS_MAX_HEIGHT >= 10) && \ - !defined(WOLFSSL_NO_LMS_SHA256_256)) || defined(HAVE_LIBLMS) +#if (LMS_MAX_HEIGHT >= 10) && !defined(WOLFSSL_NO_LMS_SHA256_256) /* A simple LMS verify only test. * diff --git a/wolfcrypt/test/test.h b/wolfcrypt/test/test.h index 72b9ff586dc..e90c83cfc6d 100644 --- a/wolfcrypt/test/test.h +++ b/wolfcrypt/test/test.h @@ -310,8 +310,7 @@ extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t scrypt_test(void); #endif #if defined(WOLFSSL_HAVE_LMS) #if !defined(WOLFSSL_SMALL_STACK) - #if (defined(WOLFSSL_WC_LMS) && (LMS_MAX_HEIGHT >= 10) && \ - !defined(WOLFSSL_NO_LMS_SHA256_256)) || defined(HAVE_LIBLMS) + #if (LMS_MAX_HEIGHT >= 10) && !defined(WOLFSSL_NO_LMS_SHA256_256) extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test_verify_only(void); #endif #endif diff --git a/wolfssl/wolfcrypt/ext_lms.h b/wolfssl/wolfcrypt/ext_lms.h deleted file mode 100644 index b1bc4fccd2a..00000000000 --- a/wolfssl/wolfcrypt/ext_lms.h +++ /dev/null @@ -1,62 +0,0 @@ -/* ext_lms.h - * - * Copyright (C) 2006-2026 wolfSSL Inc. - * - * This file is part of wolfSSL. - * - * wolfSSL is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * wolfSSL is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA - */ - -#ifndef EXT_LMS_H -#define EXT_LMS_H - -#if defined(WOLFSSL_HAVE_LMS) && defined(HAVE_LIBLMS) - -#include - -/* hash-sigs LMS HSS includes */ -#include - -#if defined(WOLFSSL_WC_LMS) -#error "This code is incompatible with wolfCrypt's implementation of LMS." -#endif - -/* - * The hash-sigs LMS lib supports from MIN_HSS_LEVELS to MAX_HSS_LEVELS - * number of levels of Merkle trees. It allows for the tree height and - * winternitz parameter to be unique per level. - */ - -/* hss structs */ -typedef struct hss_working_key hss_working_key; -typedef struct hss_extra_info hss_extra_info; - -struct LmsKey { - unsigned levels; /* Number of tree levels. */ - param_set_t lm_type[MAX_HSS_LEVELS]; /* Height param per level. */ - param_set_t lm_ots_type[MAX_HSS_LEVELS]; /* Winternitz param per level. */ - unsigned char pub[HSS_MAX_PUBLIC_KEY_LEN]; -#ifndef WOLFSSL_LMS_VERIFY_ONLY - hss_working_key * working_key; - wc_lms_write_private_key_cb write_private_key; /* Callback to write/update key. */ - wc_lms_read_private_key_cb read_private_key; /* Callback to read key. */ - void * context; /* Context arg passed to callbacks. */ - hss_extra_info info; -#endif /* ifndef WOLFSSL_LMS_VERIFY_ONLY */ - enum wc_LmsState state; -}; - -#endif /* WOLFSSL_HAVE_LMS */ -#endif /* EXT_LMS_H */ diff --git a/wolfssl/wolfcrypt/ext_xmss.h b/wolfssl/wolfcrypt/ext_xmss.h deleted file mode 100644 index d21d03ffbf2..00000000000 --- a/wolfssl/wolfcrypt/ext_xmss.h +++ /dev/null @@ -1,53 +0,0 @@ -/* ext_xmss.h - * - * Copyright (C) 2006-2026 wolfSSL Inc. - * - * This file is part of wolfSSL. - * - * wolfSSL is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * wolfSSL is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA - */ - -#ifndef EXT_XMSS_H -#define EXT_XMSS_H - -#if defined(WOLFSSL_HAVE_XMSS) && defined(HAVE_LIBXMSS) - -#include - -#include -#include - -#if defined(WOLFSSL_WC_XMSS) - #error "This code is incompatible with wolfCrypt's implementation of XMSS." -#endif - -struct XmssKey { - unsigned char pk[XMSS_SHA256_PUBLEN]; - word32 oid; - int is_xmssmt; - xmss_params params; -#ifndef WOLFSSL_XMSS_VERIFY_ONLY - /* The secret key length is a function of xmss_params. */ - unsigned char * sk; - word32 sk_len; - wc_xmss_write_private_key_cb write_private_key; /* Callback to write/update key. */ - wc_xmss_read_private_key_cb read_private_key; /* Callback to read key. */ - void * context; /* Context arg passed to callbacks. */ -#endif /* ifndef WOLFSSL_XMSS_VERIFY_ONLY */ - enum wc_XmssState state; -}; - -#endif /* WOLFSSL_HAVE_XMSS */ -#endif /* EXT_XMSS_H */ diff --git a/wolfssl/wolfcrypt/include.am b/wolfssl/wolfcrypt/include.am index 7f07389a07d..4e95e7cd2ee 100644 --- a/wolfssl/wolfcrypt/include.am +++ b/wolfssl/wolfcrypt/include.am @@ -85,10 +85,8 @@ nobase_include_HEADERS+= \ wolfssl/wolfcrypt/sm4.h \ wolfssl/wolfcrypt/lms.h \ wolfssl/wolfcrypt/wc_lms.h \ - wolfssl/wolfcrypt/ext_lms.h \ wolfssl/wolfcrypt/xmss.h \ wolfssl/wolfcrypt/wc_xmss.h \ - wolfssl/wolfcrypt/ext_xmss.h \ wolfssl/wolfcrypt/wc_slhdsa.h \ wolfssl/wolfcrypt/puf.h \ wolfssl/wolfcrypt/oid_sum.h diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 63b66d92cdc..80a666a5e39 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -4587,8 +4587,6 @@ extern void uITRON4_free(void *p) ; #endif #if (defined(HAVE_LIBOQS) || \ - defined(HAVE_LIBXMSS) || \ - defined(HAVE_LIBLMS) || \ defined(WOLFSSL_DUAL_ALG_CERTS) || \ defined(HAVE_ASCON)) && \ !defined(WOLFSSL_EXPERIMENTAL_SETTINGS) @@ -4649,15 +4647,15 @@ extern void uITRON4_free(void *p) ; /* (D)TLS v1.3 requires 64-bit number wrappers as does XMSS and LMS. */ #if defined(WOLFSSL_TLS13) || defined(WOLFSSL_DTLS_DROP_STATS) || \ - (defined(WOLFSSL_WC_XMSS) && (!defined(WOLFSSL_XMSS_MAX_HEIGHT) || \ - WOLFSSL_XMSS_MAX_HEIGHT > 32)) || (defined(WOLFSSL_WC_LMS) && \ + (defined(WOLFSSL_HAVE_XMSS) && (!defined(WOLFSSL_XMSS_MAX_HEIGHT) || \ + WOLFSSL_XMSS_MAX_HEIGHT > 32)) || (defined(WOLFSSL_HAVE_LMS) && \ !defined(WOLFSSL_LMS_VERIFY_ONLY)) #undef WOLFSSL_W64_WRAPPER #define WOLFSSL_W64_WRAPPER #endif /* wc_xmss and wc_lms require these misc.c functions. */ -#if defined(WOLFSSL_WC_XMSS) || defined(WOLFSSL_WC_LMS) +#if defined(WOLFSSL_HAVE_XMSS) || defined(WOLFSSL_HAVE_LMS) #undef WOLFSSL_NO_INT_ENCODE #undef WOLFSSL_NO_INT_DECODE #endif diff --git a/wolfssl/wolfcrypt/wc_lms.h b/wolfssl/wolfcrypt/wc_lms.h index 914ffa13712..4145875d1c9 100644 --- a/wolfssl/wolfcrypt/wc_lms.h +++ b/wolfssl/wolfcrypt/wc_lms.h @@ -90,7 +90,7 @@ #include -#if defined(WOLFSSL_HAVE_LMS) && defined(WOLFSSL_WC_LMS) +#ifdef WOLFSSL_HAVE_LMS #include #include @@ -507,6 +507,6 @@ int wc_hss_sigsleft(const LmsParams* params, const byte* priv_raw); int wc_hss_verify(LmsState* state, const byte* pub, const byte* msg, word32 msgSz, const byte* sig); -#endif /* WOLFSSL_HAVE_LMS && WOLFSSL_WC_LMS */ +#endif /* WOLFSSL_HAVE_LMS */ #endif /* WC_LMS_H */ diff --git a/wolfssl/wolfcrypt/wc_xmss.h b/wolfssl/wolfcrypt/wc_xmss.h index 200cd4322ef..905ada94e39 100644 --- a/wolfssl/wolfcrypt/wc_xmss.h +++ b/wolfssl/wolfcrypt/wc_xmss.h @@ -40,10 +40,6 @@ #define WC_XMSS_FULL_HASH #endif -#if !defined(WOLFSSL_WC_XMSS) - #error "This code is incompatible with external implementation of XMSS." -#endif - #if (defined(WC_XMSS_SHA512) || defined(WC_XMSS_SHAKE256)) && \ (WOLFSSL_WC_XMSS_MAX_HASH_SIZE >= 512) #define WC_XMSS_MAX_N 64 diff --git a/wolfssl/wolfcrypt/xmss.h b/wolfssl/wolfcrypt/xmss.h index 4fd4da1cca8..f30b281705e 100644 --- a/wolfssl/wolfcrypt/xmss.h +++ b/wolfssl/wolfcrypt/xmss.h @@ -89,17 +89,13 @@ #define XMSSMT_NAME_MIN_LEN (20) /* strlen("XMSSMT-SHA2_20/2_256") */ #define XMSSMT_NAME_MAX_LEN (21) /* strlen("XMSSMT-SHA2_60/12_256") */ -#if defined(HAVE_FIPS) || defined(HAVE_LIBXMSS) +#if defined(HAVE_FIPS) #undef WOLFSSL_WC_XMSS_NO_SHA512 #define WOLFSSL_WC_XMSS_NO_SHA512 #undef WOLFSSL_WC_XMSS_NO_SHAKE128 #define WOLFSSL_WC_XMSS_NO_SHAKE128 #undef WOLFSSL_WC_XMSS_MAX_HASH_SIZE - #ifdef HAVE_LIBXMSS - #define WOLFSSL_WC_XMSS_MIN_HASH_SIZE 256 - #else - #define WOLFSSL_WC_XMSS_MIN_HASH_SIZE 192 - #endif + #define WOLFSSL_WC_XMSS_MIN_HASH_SIZE 192 #define WOLFSSL_WC_XMSS_MAX_HASH_SIZE 256 #endif