Skip to content

Commit bd0e25a

Browse files
philljjdanielinux
philljj
authored and
danielinux
committed
Add wc_lms support.
1 parent 13d746a commit bd0e25a

7 files changed

Lines changed: 83 additions & 23 deletions

File tree

.github/workflows/test-renode-nrf52.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -60,7 +60,7 @@ jobs:
6060

6161
# LMS TEST
6262
- name: Renode Tests LMS-8-5-5
63-
run: ./tools/renode/docker-test.sh "SIGN=LMS LMS_LEVELS=2 LMS_HEIGHT=5 LMS_WINTERNITZ=8 WOLFBOOT_SMALL_STACK=0 IMAGE_SIGNATURE_SIZE=2644 IMAGE_HEADER_SIZE=5288"
63+
run: ./tools/renode/docker-test.sh "SIGN=ext_LMS LMS_LEVELS=2 LMS_HEIGHT=5 LMS_WINTERNITZ=8 WOLFBOOT_SMALL_STACK=0 IMAGE_SIGNATURE_SIZE=2644 IMAGE_HEADER_SIZE=5288"
6464

6565
# XMSS TEST
6666
- name: Renode Tests XMSS-SHA2_10_256

options.mk

Lines changed: 31 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -323,7 +323,7 @@ ifneq ($(findstring RSA4096,$(SIGN)),)
323323
endif
324324
endif
325325

326-
ifeq ($(SIGN),LMS)
326+
ifneq (,$(filter $(SIGN), LMS ext_LMS))
327327
# For LMS the signature size is a function of the LMS parameters.
328328
# All five of these parms must be set in the LMS .config file:
329329
# LMS_LEVELS, LMS_HEIGHT, LMS_WINTERNITZ, IMAGE_SIGNATURE_SIZE,
@@ -348,7 +348,30 @@ ifeq ($(SIGN),LMS)
348348
ifndef IMAGE_HEADER_SIZE
349349
$(error IMAGE_HEADER_SIZE not set)
350350
endif
351+
endif
351352

353+
ifeq ($(SIGN),LMS)
354+
KEYGEN_OPTIONS+=--lms
355+
SIGN_OPTIONS+=--lms
356+
WOLFCRYPT_OBJS+= \
357+
./lib/wolfssl/wolfcrypt/src/wc_lms.o \
358+
./lib/wolfssl/wolfcrypt/src/wc_lms_impl.o \
359+
./lib/wolfssl/wolfcrypt/src/memory.o \
360+
./lib/wolfssl/wolfcrypt/src/wc_port.o \
361+
./lib/wolfssl/wolfcrypt/src/hash.o
362+
CFLAGS+=-D"WOLFBOOT_SIGN_LMS" -D"WOLFSSL_HAVE_LMS" -D"WOLFSSL_WC_LMS" \
363+
-D"LMS_LEVELS=$(LMS_LEVELS)" -D"LMS_HEIGHT=$(LMS_HEIGHT)" \
364+
-D"LMS_WINTERNITZ=$(LMS_WINTERNITZ)" -I$(LMSDIR)/src \
365+
-D"IMAGE_SIGNATURE_SIZE"=$(IMAGE_SIGNATURE_SIZE) \
366+
-D"WOLFSSL_LMS_VERIFY_ONLY"
367+
ifeq ($(WOLFBOOT_SMALL_STACK),1)
368+
$(error WOLFBOOT_SMALL_STACK with LMS not supported)
369+
else
370+
STACK_USAGE=1024
371+
endif
372+
endif
373+
374+
ifeq ($(SIGN),ext_LMS)
352375
LMSDIR = lib/hash-sigs
353376
KEYGEN_OPTIONS+=--lms
354377
SIGN_OPTIONS+=--lms
@@ -377,7 +400,7 @@ ifeq ($(SIGN),LMS)
377400
ifeq ($(WOLFBOOT_SMALL_STACK),1)
378401
$(error WOLFBOOT_SMALL_STACK with LMS not supported)
379402
else
380-
STACK_USAGE=18064
403+
STACK_USAGE=1024
381404
endif
382405
endif
383406

@@ -447,8 +470,8 @@ ifeq ($(SIGN),ext_XMSS)
447470
endif
448471

449472
# Only needed if using 3rd party integration. This can be
450-
# removed when wc_lms and wc_xmss become default in wolfboot.
451-
ifneq (,$(filter $(SIGN), LMS ext_XMSS))
473+
# removed if ext_lms and ext_xmss are deprecated.
474+
ifneq (,$(filter $(SIGN), ext_LMS ext_XMSS))
452475
CFLAGS +=-DWOLFSSL_EXPERIMENTAL_SETTINGS
453476
endif
454477

@@ -777,3 +800,7 @@ endif
777800
ifeq ($(SIGN_ALG),ext_XMSS)
778801
SIGN_ALG=XMSS
779802
endif
803+
804+
ifeq ($(SIGN_ALG),ext_LMS)
805+
SIGN_ALG=LMS
806+
endif

src/image.c

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -320,6 +320,8 @@ static void wolfBoot_verify_signature(uint8_t key_slot,
320320
#include <wolfssl/wolfcrypt/lms.h>
321321
#ifdef HAVE_LIBLMS
322322
#include <wolfssl/wolfcrypt/ext_lms.h>
323+
#else
324+
#include <wolfssl/wolfcrypt/wc_lms.h>
323325
#endif
324326

325327
static void wolfBoot_verify_signature(uint8_t key_slot,

tools/keytools/Makefile

Lines changed: 44 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -17,33 +17,47 @@ LDFLAGS =
1717
OBJDIR = ./
1818
LIBS =
1919

20-
ifeq ($(SIGN),LMS)
20+
# Common to wc_lms and ext_lms.
21+
ifneq (,$(filter $(SIGN), LMS ext_LMS))
22+
CFLAGS +=-DWOLFBOOT_SIGN_LMS -DWOLFSSL_HAVE_LMS \
23+
-D"LMS_LEVELS=$(LMS_LEVELS)" -D"LMS_HEIGHT=$(LMS_HEIGHT)" \
24+
-D"LMS_WINTERNITZ=$(LMS_WINTERNITZ)"
25+
endif
26+
27+
# Specific to ext_lms.
28+
ifeq ($(SIGN),ext_LMS)
2129
LMSDIR = $(WOLFBOOTDIR)/lib/hash-sigs
2230
LIBS += $(LMSDIR)/lib/hss_lib.a
23-
CFLAGS +=-DWOLFBOOT_SIGN_LMS -DWOLFSSL_HAVE_LMS -DHAVE_LIBLMS -I$(LMSDIR)/src \
24-
-D"LMS_LEVELS=$(LMS_LEVELS)" -D"LMS_HEIGHT=$(LMS_HEIGHT)" \
25-
-D"LMS_WINTERNITZ=$(LMS_WINTERNITZ)"
31+
CFLAGS +=-DHAVE_LIBLMS -I$(LMSDIR)/src
2632
endif
2733

28-
ifeq ($(SIGN),ext_XMSS)
34+
# Specific to wc_lms.
35+
ifeq ($(SIGN),LMS)
36+
CFLAGS +=-DWOLFSSL_WC_LMS
37+
endif
38+
39+
# Common to wc_xmss and ext_xmss.
40+
ifneq (,$(filter $(SIGN), XMSS ext_XMSS))
2941
$(info xmss params: $(XMSS_PARAMS))
42+
CFLAGS +=-DWOLFBOOT_SIGN_XMSS -DWOLFSSL_HAVE_XMSS \
43+
-D"IMAGE_SIGNATURE_SIZE"=$(IMAGE_SIGNATURE_SIZE) \
44+
-DWOLFBOOT_XMSS_PARAMS=\"$(XMSS_PARAMS)\"
45+
endif
46+
47+
# Specific to ext_xmss.
48+
ifeq ($(SIGN),ext_XMSS)
3049
XMSSDIR = $(WOLFBOOTDIR)/lib/xmss
31-
CFLAGS +=-DWOLFBOOT_SIGN_XMSS -DWOLFSSL_HAVE_XMSS -DHAVE_LIBXMSS -I$(XMSSDIR) \
32-
-D"IMAGE_SIGNATURE_SIZE"=$(IMAGE_SIGNATURE_SIZE) \
33-
-DWOLFBOOT_XMSS_PARAMS=\"$(XMSS_PARAMS)\"
50+
CFLAGS +=-DHAVE_LIBXMSS -I$(XMSSDIR)
3451
endif
3552

53+
# Specific to wc_xmss.
3654
ifeq ($(SIGN),XMSS)
37-
$(info xmss params: $(XMSS_PARAMS))
38-
CFLAGS +=-DWOLFBOOT_SIGN_XMSS -DWOLFSSL_HAVE_XMSS -D"WOLFSSL_WC_XMSS" \
39-
-D"WOLFSSL_XMSS_MAX_HEIGHT=32" \
40-
-D"IMAGE_SIGNATURE_SIZE"=$(IMAGE_SIGNATURE_SIZE) \
41-
-DWOLFBOOT_XMSS_PARAMS=\"$(XMSS_PARAMS)\"
55+
CFLAGS +=-D"WOLFSSL_WC_XMSS" -D"WOLFSSL_XMSS_MAX_HEIGHT=32"
4256
endif
4357

4458
# Only needed if using 3rd party integration. This can be
45-
# removed when wc_lms and wc_xmss become default in wolfboot.
46-
ifneq (,$(filter $(SIGN), LMS ext_XMSS))
59+
# removed if ext_lms and ext_xmss are deprecated.
60+
ifneq (,$(filter $(SIGN), ext_LMS ext_XMSS))
4761
CFLAGS +=-DWOLFSSL_EXPERIMENTAL_SETTINGS
4862
endif
4963

@@ -96,18 +110,31 @@ OBJS_REAL=\
96110
$(WOLFDIR)/wolfcrypt/src/sha512.o \
97111
$(WOLFDIR)/wolfcrypt/src/tfm.o \
98112
$(WOLFDIR)/wolfcrypt/src/wc_port.o \
99-
$(WOLFDIR)/wolfcrypt/src/wolfmath.o \
100-
$(WOLFDIR)/wolfcrypt/src/ext_lms.o
113+
$(WOLFDIR)/wolfcrypt/src/wolfmath.o
101114

102115
OBJS_REAL+=\
103116
$(WOLFBOOTDIR)/src/delta.o
104117

118+
# Add wolfcrypt lms implementation.
119+
ifeq ($(SIGN),LMS)
120+
OBJS_REAL+=\
121+
$(WOLFDIR)/wolfcrypt/src/wc_lms.o \
122+
$(WOLFDIR)/wolfcrypt/src/wc_lms_impl.o
123+
endif
124+
125+
# Add external lms integration.
126+
ifeq ($(SIGN),ext_LMS)
127+
OBJS_REAL+= $(WOLFDIR)/wolfcrypt/src/ext_lms.o
128+
endif
129+
130+
# Add wolfcrypt xmss implementation.
105131
ifeq ($(SIGN),XMSS)
106132
OBJS_REAL+=\
107133
$(WOLFDIR)/wolfcrypt/src/wc_xmss.o \
108134
$(WOLFDIR)/wolfcrypt/src/wc_xmss_impl.o
109135
endif
110136

137+
# Add external xmss integration.
111138
ifeq ($(SIGN),ext_XMSS)
112139
OBJS_REAL+=\
113140
$(WOLFDIR)/wolfcrypt/src/ext_xmss.o \

tools/keytools/keygen.c

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -65,6 +65,8 @@
6565
#include <wolfssl/wolfcrypt/lms.h>
6666
#ifdef HAVE_LIBLMS
6767
#include <wolfssl/wolfcrypt/ext_lms.h>
68+
#else
69+
#include <wolfssl/wolfcrypt/wc_lms.h>
6870
#endif
6971
#endif
7072

tools/keytools/sign.c

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -110,6 +110,8 @@ static inline int fp_truncate(FILE *f, size_t len)
110110
#include <wolfssl/wolfcrypt/lms.h>
111111
#ifdef HAVE_LIBLMS
112112
#include <wolfssl/wolfcrypt/ext_lms.h>
113+
#else
114+
#include <wolfssl/wolfcrypt/wc_lms.h>
113115
#endif
114116
#endif
115117

tools/test.mk

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -51,7 +51,7 @@ endif
5151
ifeq ($(SIGN),RSA4096)
5252
SIGN_ARGS+= --rsa4096
5353
endif
54-
ifeq ($(SIGN),LMS)
54+
ifneq (,$(filter $(SIGN), LMS ext_LMS))
5555
SIGN_ARGS+= --lms
5656
endif
5757
ifneq (,$(filter $(SIGN), XMSS ext_XMSS))

0 commit comments

Comments
 (0)