Add wc_xmss support.

Author: philljj

.github/workflows/test-renode-nrf52.yml

@@ -64,7 +64,7 @@ jobs:
 
 # XMSS TEST
       - name: Renode Tests XMSS-SHA2_10_256
-        run: ./tools/renode/docker-test.sh "SIGN=XMSS XMSS_PARAMS='XMSS-SHA2_10_256' WOLFBOOT_SMALL_STACK=0 IMAGE_SIGNATURE_SIZE=2500 IMAGE_HEADER_SIZE=5000"
+        run: ./tools/renode/docker-test.sh "SIGN=ext_XMSS XMSS_PARAMS='XMSS-SHA2_10_256' WOLFBOOT_SMALL_STACK=0 IMAGE_SIGNATURE_SIZE=2500 IMAGE_HEADER_SIZE=5000"
 
       - name: Upload Output Dir
         uses: actions/upload-artifact@v2

options.mk

@@ -381,7 +381,7 @@ ifeq ($(SIGN),LMS)
   endif
 endif
 
-ifeq ($(SIGN),XMSS)
+ifneq (,$(filter $(SIGN), XMSS ext_XMSS))
   ifndef XMSS_PARAMS
     $(error XMSS_PARAMS not set)
   endif
@@ -393,7 +393,32 @@ ifeq ($(SIGN),XMSS)
   ifndef IMAGE_HEADER_SIZE
     $(error IMAGE_HEADER_SIZE not set)
   endif
+endif
 
+ifeq ($(SIGN),XMSS)
+  # Use wc_xmss implementation.
+  KEYGEN_OPTIONS+=--xmss
+  SIGN_OPTIONS+=--xmss
+  WOLFCRYPT_OBJS+= \
+    ./lib/wolfssl/wolfcrypt/src/wc_xmss.o \
+    ./lib/wolfssl/wolfcrypt/src/wc_xmss_impl.o \
+    ./lib/wolfssl/wolfcrypt/src/memory.o \
+    ./lib/wolfssl/wolfcrypt/src/wc_port.o \
+    ./lib/wolfssl/wolfcrypt/src/hash.o
+  CFLAGS+=-D"WOLFBOOT_SIGN_XMSS" -D"WOLFSSL_HAVE_XMSS" \
+    -D"WOLFSSL_WC_XMSS" -D"WOLFSSL_WC_XMSS_SMALL" \
+    -DWOLFBOOT_XMSS_PARAMS=\"$(XMSS_PARAMS)\"  \
+    -D"IMAGE_SIGNATURE_SIZE"=$(IMAGE_SIGNATURE_SIZE) \
+    -D"WOLFSSL_XMSS_VERIFY_ONLY" -D"WOLFSSL_XMSS_MAX_HEIGHT=32"
+  ifeq ($(WOLFBOOT_SMALL_STACK),1)
+    $(error WOLFBOOT_SMALL_STACK with XMSS not supported)
+  else
+    STACK_USAGE=2688
+  endif
+endif
+
+ifeq ($(SIGN),ext_XMSS)
+  # Use ext_xmss implementation.
   XMSSDIR = lib/xmss
   KEYGEN_OPTIONS+=--xmss
   SIGN_OPTIONS+=--xmss
@@ -411,19 +436,19 @@ ifeq ($(SIGN),XMSS)
     ./lib/wolfssl/wolfcrypt/src/wc_port.o \
     ./lib/wolfssl/wolfcrypt/src/hash.o
   CFLAGS+=-D"WOLFBOOT_SIGN_XMSS" -D"WOLFSSL_HAVE_XMSS" -D"HAVE_LIBXMSS" \
-    -DXMSS_PARAMS=\"$(XMSS_PARAMS)\" -I$(XMSSDIR) \
+    -DWOLFBOOT_XMSS_PARAMS=\"$(XMSS_PARAMS)\" -I$(XMSSDIR) \
     -D"IMAGE_SIGNATURE_SIZE"=$(IMAGE_SIGNATURE_SIZE) \
     -D"WOLFSSL_XMSS_VERIFY_ONLY" -D"XMSS_VERIFY_ONLY"
   ifeq ($(WOLFBOOT_SMALL_STACK),1)
     $(error WOLFBOOT_SMALL_STACK with XMSS not supported)
   else
-    STACK_USAGE=18064
+    STACK_USAGE=2712
   endif
 endif
 
 # Only needed if using 3rd party integration. This can be
 # removed when wc_lms and wc_xmss become default in wolfboot.
-ifneq (,$(filter $(SIGN), LMS XMSS))
+ifneq (,$(filter $(SIGN), LMS ext_XMSS))
   CFLAGS  +=-DWOLFSSL_EXPERIMENTAL_SETTINGS
 endif
 
@@ -748,3 +773,7 @@ endif
 ifeq ($(SIGN_ALG),)
   SIGN_ALG=$(SIGN)
 endif
+
+ifeq ($(SIGN_ALG),ext_XMSS)
+  SIGN_ALG=XMSS
+endif

src/image.c

@@ -386,6 +386,8 @@ static void wolfBoot_verify_signature(uint8_t key_slot,
 #include <wolfssl/wolfcrypt/xmss.h>
 #ifdef HAVE_LIBXMSS
     #include <wolfssl/wolfcrypt/ext_xmss.h>
+#else
+    #include <wolfssl/wolfcrypt/wc_xmss.h>
 #endif
 
 static void wolfBoot_verify_signature(uint8_t key_slot,
@@ -410,18 +412,16 @@ static void wolfBoot_verify_signature(uint8_t key_slot,
         return;
     }
 
-    wolfBoot_printf("info: using XMSS parameters: %s\n", XMSS_PARAMS);
-
     /* Set the XMSS parameters. */
-    ret = wc_XmssKey_SetParamStr(&xmss, XMSS_PARAMS);
+    ret = wc_XmssKey_SetParamStr(&xmss, WOLFBOOT_XMSS_PARAMS);
     if (ret != 0) {
         /* Something is wrong with the pub key or XMSS parameters. */
         wolfBoot_printf("error: wc_XmssKey_SetParamStr(%s)" \
-                        " returned %d\n", XMSS_PARAMS, ret);
+                        " returned %d\n", WOLFBOOT_XMSS_PARAMS, ret);
         return;
     }
 
-    wolfBoot_printf("info: using XMSS parameters: %s\n", XMSS_PARAMS);
+    wolfBoot_printf("info: using XMSS parameters: %s\n", WOLFBOOT_XMSS_PARAMS);
 
     /* Set the public key. */
     ret = wc_XmssKey_ImportPubRaw(&xmss, pubkey, KEYSTORE_PUBKEY_SIZE);

tools/keytools/Makefile

@@ -25,17 +25,25 @@ ifeq ($(SIGN),LMS)
             -D"LMS_WINTERNITZ=$(LMS_WINTERNITZ)"
 endif
 
-ifeq ($(SIGN),XMSS)
+ifeq ($(SIGN),ext_XMSS)
   $(info xmss params: $(XMSS_PARAMS))
   XMSSDIR = $(WOLFBOOTDIR)/lib/xmss
   CFLAGS  +=-DWOLFBOOT_SIGN_XMSS -DWOLFSSL_HAVE_XMSS -DHAVE_LIBXMSS -I$(XMSSDIR) \
             -D"IMAGE_SIGNATURE_SIZE"=$(IMAGE_SIGNATURE_SIZE) \
-            -DXMSS_PARAMS=\"$(XMSS_PARAMS)\"
+            -DWOLFBOOT_XMSS_PARAMS=\"$(XMSS_PARAMS)\"
+endif
+
+ifeq ($(SIGN),XMSS)
+  $(info xmss params: $(XMSS_PARAMS))
+  CFLAGS  +=-DWOLFBOOT_SIGN_XMSS -DWOLFSSL_HAVE_XMSS -D"WOLFSSL_WC_XMSS" \
+            -D"WOLFSSL_XMSS_MAX_HEIGHT=32" \
+            -D"IMAGE_SIGNATURE_SIZE"=$(IMAGE_SIGNATURE_SIZE) \
+            -DWOLFBOOT_XMSS_PARAMS=\"$(XMSS_PARAMS)\"
 endif
 
 # Only needed if using 3rd party integration. This can be
 # removed when wc_lms and wc_xmss become default in wolfboot.
-ifneq (,$(filter $(SIGN), LMS XMSS))
+ifneq (,$(filter $(SIGN), LMS ext_XMSS))
   CFLAGS  +=-DWOLFSSL_EXPERIMENTAL_SETTINGS
 endif
 
@@ -89,14 +97,20 @@ OBJS_REAL=\
 	$(WOLFDIR)/wolfcrypt/src/tfm.o \
 	$(WOLFDIR)/wolfcrypt/src/wc_port.o \
 	$(WOLFDIR)/wolfcrypt/src/wolfmath.o \
-	$(WOLFDIR)/wolfcrypt/src/ext_lms.o \
-	$(WOLFDIR)/wolfcrypt/src/ext_xmss.o
+	$(WOLFDIR)/wolfcrypt/src/ext_lms.o
 
 OBJS_REAL+=\
 	$(WOLFBOOTDIR)/src/delta.o
 
 ifeq ($(SIGN),XMSS)
 OBJS_REAL+=\
+	$(WOLFDIR)/wolfcrypt/src/wc_xmss.o \
+	$(WOLFDIR)/wolfcrypt/src/wc_xmss_impl.o
+endif
+
+ifeq ($(SIGN),ext_XMSS)
+OBJS_REAL+=\
+	$(WOLFDIR)/wolfcrypt/src/ext_xmss.o \
 	$(XMSSDIR)/params.o \
 	$(XMSSDIR)/thash.o \
 	$(XMSSDIR)/hash_address.o \
@@ -112,7 +126,7 @@ vpath %.c $(WOLFDIR)/wolfcrypt/src/
 vpath %.c $(WOLFBOOTDIR)/src/
 vpath %.c ./
 
-ifeq ($(SIGN),XMSS)
+ifeq ($(SIGN),ext_XMSS)
     vpath %.c $(XMSSDIR)/
 endif
 

tools/keytools/keygen.c

@@ -72,6 +72,8 @@
     #include <wolfssl/wolfcrypt/xmss.h>
     #ifdef HAVE_LIBXMSS
         #include <wolfssl/wolfcrypt/ext_xmss.h>
+    #else
+        #include <wolfssl/wolfcrypt/wc_xmss.h>
     #endif
 #endif
 
@@ -627,14 +629,14 @@ static void keygen_xmss(const char *priv_fname, uint32_t id_mask)
         exit(1);
     }
 
-    ret = wc_XmssKey_SetParamStr(&key, XMSS_PARAMS);
+    ret = wc_XmssKey_SetParamStr(&key, WOLFBOOT_XMSS_PARAMS);
     if (ret != 0) {
         fprintf(stderr, "error: wc_XmssKey_SetParamStr(%s)" \
-                " returned %d\n", XMSS_PARAMS, ret);
+                " returned %d\n", WOLFBOOT_XMSS_PARAMS, ret);
         exit(1);
     }
 
-    printf("info: using XMSS parameters: %s\n", XMSS_PARAMS);
+    printf("info: using XMSS parameters: %s\n", WOLFBOOT_XMSS_PARAMS);
 
     ret = wc_XmssKey_SetWriteCb(&key, xmss_write_key);
     if (ret != 0) {

tools/keytools/sign.c

@@ -117,6 +117,8 @@ static inline int fp_truncate(FILE *f, size_t len)
     #include <wolfssl/wolfcrypt/xmss.h>
     #ifdef HAVE_LIBXMSS
         #include <wolfssl/wolfcrypt/ext_xmss.h>
+    #else
+        #include <wolfssl/wolfcrypt/wc_xmss.h>
     #endif
 #endif
 
@@ -781,7 +783,7 @@ static uint8_t *load_key(uint8_t **key_buffer, uint32_t *key_buffer_sz,
                  *
                  * If both priv/pub are present:
                  *  - The first ?? bytes is the private key.
-                 *  - The next 60 bytes is the public key. */
+                 *  - The next 68 bytes is the public key. */
                 word32 priv_sz = 0;
                 int    xmss_ret = 0;
 
@@ -969,7 +971,7 @@ static int sign_digest(int sign, int hash_algo,
             ret = wc_XmssKey_SetContext(&key.xmss, (void*)CMD.key_file);
         }
         if (ret == 0) {
-            ret = wc_XmssKey_SetParamStr(&key.xmss, XMSS_PARAMS);
+            ret = wc_XmssKey_SetParamStr(&key.xmss, WOLFBOOT_XMSS_PARAMS);
         }
         if (ret == 0) {
             ret = wc_XmssKey_Reload(&key.xmss);
@@ -2297,14 +2299,14 @@ int main(int argc, char** argv)
             exit(1);
         }
 
-        xmss_ret = wc_XmssKey_SetParamStr(&key.xmss, XMSS_PARAMS);
+        xmss_ret = wc_XmssKey_SetParamStr(&key.xmss, WOLFBOOT_XMSS_PARAMS);
         if (xmss_ret != 0) {
             fprintf(stderr, "error: wc_XmssKey_SetParamStr(%s)" \
-                    " returned %d\n", XMSS_PARAMS, ret);
+                    " returned %d\n", WOLFBOOT_XMSS_PARAMS, ret);
             exit(1);
         }
 
-        printf("info: using XMSS parameters: %s\n", XMSS_PARAMS);
+        printf("info: using XMSS parameters: %s\n", WOLFBOOT_XMSS_PARAMS);
 
         xmss_ret = wc_XmssKey_GetSigLen(&key.xmss, &sig_sz);
         if (xmss_ret != 0) {
@@ -2322,7 +2324,7 @@ int main(int argc, char** argv)
 
     if (((CMD.sign != NO_SIGN) && (CMD.signature_sz == 0)) ||
             CMD.header_sz == 0) {
-        printf("Invalid hash or signature type!\n");
+        printf("Invalid hash or signature type! %d\n", CMD.sign);
         exit(2);
     }
 

tools/test-renode.mk

@@ -20,7 +20,7 @@ RENODE_BINASSEMBLE=tools/bin-assemble/bin-assemble
 LMS_OPTS=LMS_LEVELS=2 LMS_HEIGHT=5 LMS_WINTERNITZ=8 WOLFBOOT_SMALL_STACK=0 \
          IMAGE_SIGNATURE_SIZE=2644 IMAGE_HEADER_SIZE=5288
 
-XMSS_OPTS=XMSS_PARAMS='XMSS-SHA2_10_256' WOLFBOOT_SMALL_STACK=0 \
+XMSS_OPTS=WOLFBOOT_XMSS_PARAMS='XMSS-SHA2_10_256' WOLFBOOT_SMALL_STACK=0 \
          IMAGE_SIGNATURE_SIZE=2500 IMAGE_HEADER_SIZE=5000
 
 # python version only supported using

tools/test.mk

@@ -54,7 +54,7 @@ endif
 ifeq ($(SIGN),LMS)
 	SIGN_ARGS+= --lms
 endif
-ifeq ($(SIGN),XMSS)
+ifneq (,$(filter $(SIGN), XMSS ext_XMSS))
 	SIGN_ARGS+= --xmss
 endif