wolfBoot icon indicating copy to clipboard operation
wolfBoot copied to clipboard
verified publisher icon wolfSSL

Add wolfcrypt xmss and lms support.

Open philljj opened this issue 1 year ago • 1 comments

Description

Adds wolfcrypt xmss (wc_xmss) and lms (wc_lms) support to wolfboot. This uses the more performant implementations in wolfcrypt/src/wc_xmss.c , wolfcrypt/src/wc_xmss_impl.c, wolfcrypt/src/wc_lms.c, and wolfcrypt/src/wc_lms_impl.c.

The previous sign methods XMSS, LMS were renamed to ext_XMSS, ext_LMS to signify external 3rd party xmss, lms integration.

Going forward, XMSS and LMS will indicate the wolfcrypt implementations for XMSS and LMS.

The ext_xmss/ext_lms support will be kept for now, for backwards compatibility and interop testing.

Testing

Tested these combinations with sim-config:

  • ext_alg wolfboot, ext_alg keytools
  • wc_alg wolfboot, ext_alg keytools
  • wc_alg wolfboot, wc_alg keytools

Also tested nrf52 renode with wc_xmss, ext_xmss, wc_lms, and ext_lms.

Docs

Updated the docs/PQ.md and docs/Signing.md.

Notes

Requires these four PRs to work:

  • https://github.com/wolfSSL/pqcrypto/pull/9
  • https://github.com/wolfSSL/wolfssl/pull/7393
  • https://github.com/wolfSSL/pqcrypto/pull/10
  • https://github.com/wolfSSL/wolfssl/pull/7421

philljj avatar Apr 09 '24 19:04 philljj

@philljj https://github.com/wolfSSL/wolfssl/pull/7500 was merged, please update submodule wolfssl to latest master

danielinux avatar May 07 '24 08:05 danielinux

Well done! Thanks @philljj

danielinux avatar May 07 '24 17:05 danielinux