Add wolfcrypt xmss and lms support. #429
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
philljj
force-pushed
the
wolfboot_wc_xmss_support
branch
from
b2bd8ab to
aa6707f
Compare
philljj
changed the title
|
@philljj wolfSSL/wolfssl#7500 was merged, please update submodule |
danielinux
requested changes
May 7, 2024
There was a problem hiding this comment.
wolfSSL/wolfssl#7500 is now merged in, please update submodule + add tests for SIGN=LMS/XMSS accordingly.
danielinux
requested changes
May 7, 2024
| @@ -20,6 +20,9 @@ quit_renode() { | |||
|
|
|||
| rm -f $RENODE_UART | |||
|
|
|||
| # | |||
| # LMS and ext_LMS | |||
| # | |||
| if (echo $TEST_OPTIONS | grep "LMS" &>/dev/null); then | |||
| # Need git. | |||
| apt install -y git | |||
There was a problem hiding this comment.
This is now useless, we just want to follow the "latest merged" version in this test so all the test results having the same codebase.
Please remove
There was a problem hiding this comment.
It's cleaned up now. Only does minimal steps to add & prep the external libs.
philljj
force-pushed
the
wolfboot_wc_xmss_support
branch
from
22308c9 to
711ce0d
Compare
philljj
force-pushed
the
wolfboot_wc_xmss_support
branch
from
711ce0d to
2b6cd4d
Compare
danielinux
approved these changes
May 7, 2024
|
Well done! Thanks @philljj |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Adds wolfcrypt xmss (wc_xmss) and lms (wc_lms) support to wolfboot. This uses the more performant implementations in
wolfcrypt/src/wc_xmss.c,wolfcrypt/src/wc_xmss_impl.c,wolfcrypt/src/wc_lms.c, andwolfcrypt/src/wc_lms_impl.c.The previous sign methods
XMSS,LMSwere renamed toext_XMSS,ext_LMSto signify external 3rd party xmss, lms integration.Going forward,
XMSSandLMSwill indicate the wolfcrypt implementations for XMSS and LMS.The ext_xmss/ext_lms support will be kept for now, for backwards compatibility and interop testing.
Testing
Updated our renode github workflow to test LMS, XMSS, ext_LMS, ext_XMSS.
Updated our stm32 lms test to use LMS (not ext_LMS), and cleaned up some unnecessary hash-sigs steps.
Tested these combinations with sim-config:
Also tested nrf52 renode with wc_xmss, ext_xmss, wc_lms, and ext_lms.
Docs
Updated the docs/PQ.md and docs/Signing.md.
Notes
Requires these PRs to work: