Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add wolfcrypt xmss and lms support. #429

Merged
merged 12 commits into from May 7, 2024
Merged

Add wolfcrypt xmss and lms support. #429

merged 12 commits into from May 7, 2024

Conversation

philljj
Copy link
Contributor

@philljj philljj commented Apr 9, 2024
edited

Description

Adds wolfcrypt xmss (wc_xmss) and lms (wc_lms) support to wolfboot. This uses the more performant implementations in wolfcrypt/src/wc_xmss.c , wolfcrypt/src/wc_xmss_impl.c, wolfcrypt/src/wc_lms.c, and wolfcrypt/src/wc_lms_impl.c.

The previous sign methods XMSS, LMS were renamed to ext_XMSS, ext_LMS to signify external 3rd party xmss, lms integration.

Going forward, XMSS and LMS will indicate the wolfcrypt implementations for XMSS and LMS.

The ext_xmss/ext_lms support will be kept for now, for backwards compatibility and interop testing.

Testing

Updated our renode github workflow to test LMS, XMSS, ext_LMS, ext_XMSS.

Updated our stm32 lms test to use LMS (not ext_LMS), and cleaned up some unnecessary hash-sigs steps.

Tested these combinations with sim-config:

  • ext_alg wolfboot, ext_alg keytools
  • wc_alg wolfboot, ext_alg keytools
  • wc_alg wolfboot, wc_alg keytools

Also tested nrf52 renode with wc_xmss, ext_xmss, wc_lms, and ext_lms.

Docs

Updated the docs/PQ.md and docs/Signing.md.

Notes

Requires these PRs to work:

@philljj philljj self-assigned this Apr 9, 2024
@philljj philljj changed the title Wolfboot wc xmss support Add wolfcrypt xmss support. Apr 9, 2024
@philljj philljj requested a review from danielinux April 9, 2024 20:23
@philljj philljj changed the title Add wolfcrypt xmss support. Add wolfcrypt xmss and lms support. Apr 23, 2024
@danielinux
Copy link
Member

@philljj wolfSSL/wolfssl#7500 was merged, please update submodule wolfssl to latest master

danielinux
danielinux requested changes May 7, 2024
View reviewed changes
Copy link
Member

@danielinux danielinux left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

wolfSSL/wolfssl#7500 is now merged in, please update submodule + add tests for SIGN=LMS/XMSS accordingly.

danielinux
danielinux requested changes May 7, 2024
View reviewed changes
tools/scripts/renode-test-update.sh
@@ -20,6 +20,9 @@ quit_renode() {

rm -f $RENODE_UART

#
# LMS and ext_LMS
#
if (echo $TEST_OPTIONS | grep "LMS" &>/dev/null); then
# Need git.
apt install -y git
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is now useless, we just want to follow the "latest merged" version in this test so all the test results having the same codebase.
Please remove

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's cleaned up now. Only does minimal steps to add & prep the external libs.

@philljj philljj requested a review from danielinux May 7, 2024 17:11
@danielinux
Copy link
Member

Well done! Thanks @philljj

@danielinux danielinux merged commit dc92ac3 into wolfSSL:master May 7, 2024
86 checks passed
@philljj philljj deleted the wolfboot_wc_xmss_support branch May 9, 2024 13:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@danielinux danielinux danielinux approved these changes

Assignees

@danielinux danielinux

@philljj philljj

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@philljj @danielinux