Skip to content

Commit 433994a

Browse files
claudeclaude
committed
Add RFC 9802 HSS/LMS and XMSS/XMSS^MT X.509 certificate verification
Wires wolfCrypt's stateful hash-based signature implementations into the X.509 parse and verify paths per RFC 9802. Parsing, loading into a WOLFSSL_CERT_MANAGER, and ConfirmSignature now recognise: * id-alg-hss-lms-hashsig 1.2.840.113549.1.9.16.3.17 * id-alg-xmss-hashsig 1.3.6.1.5.5.7.6.34 * id-alg-xmssmt-hashsig 1.3.6.1.5.5.7.6.35 with parameters absent per RFC 9802 sec 2 and no pre-hash of the TBS. Scope is verify-only on WOLFSSL_HAVE_LMS / WOLFSSL_HAVE_XMSS. wolfCrypt-level changes: * wc_LmsKey_ImportPubRaw auto-derives the parameter set from u32str(L) || lmsType || lmOtsType when key->params == NULL, and validates against pre-set params when they are set. * wc_LmsKey_GetSigLen and wc_XmssKey_GetSigLen now NULL-check key->params (matches sibling GetPubLen / GetPrivLen). * wc_XmssKey_ImportPubRaw_ex is new: derives params from the 4-byte OID prefix of a raw RFC 8391 public key, with an is_xmssmt hint to disambiguate the overlapping OID namespaces. Accepts INITED, PARMSET, OK and VERIFYONLY states; rejects a contradictory is_xmssmt hint when params are already set. X.509 wiring in asn.c (anchored on the new SLH-DSA landmarks after upstream's SPHINCS+ -> SLH-DSA replacement): * New OID arrays sigHssLmsOid / sigXmssOid / sigXmssMtOid + key counterparts. * GetObjectId / oidSigType / oidKeyType dispatch. * StoreKey guard extended; GetCertKey switch handles the three new keyOIDs. * IsSigAlgoECC / SigOidMatchesKeyOid / HashForSignature updated to omit AlgorithmIdentifier parameters and skip pre-hashing. * SignatureCtx union gets LmsKey / XmssKey members; FreeSignatureCtx handles cleanup. * Three ConfirmSignature states (KEY / DO / CHECK) gain LMS and XMSS / XMSS^MT cases. scripts/asn1_oid_sum.pl gains the three OIDs; oid_sum.h regenerated with HSS_LMSk / XMSSk / XMSSMTk and CTC_HSS_LMS / CTC_XMSS / CTC_XMSSMT plus the manually-curated WOLFSSL_ACME_OID block reapplied. enum cert_enums reserves HSS_LMS_KEY / XMSS_KEY / XMSSMT_KEY (36/37/38) for future cert-gen support, slotting after SLH_DSA_SHAKE_256F_KEY. Tests in test_rfc9802_x509_verify exercise: * 9 Bouncy Castle 1.81-generated fixtures (LMS h5/w4 and h10/w8; HSS L2_H5_W8 and L3_H5_W4; XMSS H=10 and H=16; XMSS^MT 20/2, 20/4 and 40/8) plus a CA->leaf LMS chain. * wc_ParseCert with OID assertions, full wolfSSL_CertManagerVerifyBuffer against a self-installed trust anchor, signature-byte tamper, TBSCertificate-interior tamper at the midpoint of [certBegin, sigIndex), KeyUsage extension presence. * wolfCrypt-level negative tests: unknown lmsType / lmOtsType, unknown XMSS/XMSS^MT OID, truncated input, NULL args, GetSigLen on a key with no params set, partial-write invariant on length mismatch (key->params stays NULL), and PARMSET-state mismatch (OID prefix or is_xmssmt hint disagreeing with set params). * X.509-level negative: cross-OID mismatch between SPKI and outer signatureAlgorithm. All fixtures carry BasicConstraints (CA:TRUE on issuers, CA:FALSE on leaves) and KeyUsage per RFC 9802 sec 3 / RFC 5280 sec 4.2.1.9. BC's default XMSS / XMSS^MT encoding uses pre-standard ISARA OIDs and an OCTET STRING SPKI wrapper, so the fixture generator overrides both to match RFC 9802. Verified across configure permutations: * default (no LMS/XMSS) * --enable-lms * --enable-xmss * --enable-lms --enable-xmss * --enable-lms --enable-xmss --enable-certgen Out of scope: cert generation, TLS 1.3 SignatureScheme, OpenSSL compat shims (wolfSSL_LMS_*), OCSP/CRL signed with these algorithms. https://claude.ai/code/session_01SnSQMb145Hkyyf7hQQQ8cq
1 parent 13f4591 commit 433994a

23 files changed

Lines changed: 979 additions & 22 deletions

certs/include.am

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -161,6 +161,8 @@ include certs/falcon/include.am
161161
include certs/rsapss/include.am
162162
include certs/dilithium/include.am
163163
include certs/slhdsa/include.am
164+
include certs/lms/include.am
165+
include certs/xmss/include.am
164166
include certs/rpk/include.am
165167
include certs/acert/include.am
166168
include certs/mldsa/include.am

certs/lms/bc_hss_L2_H5_W8_root.der

2.85 KB
Binary file not shown.

certs/lms/bc_hss_L3_H5_W4_root.der

7.26 KB
Binary file not shown.

certs/lms/bc_lms_chain_ca.der

2.58 KB
Binary file not shown.

certs/lms/bc_lms_chain_leaf.der

2.58 KB
Binary file not shown.

certs/lms/bc_lms_sha256_h10_w8_root.der

1.69 KB
Binary file not shown.

certs/lms/bc_lms_sha256_h5_w4_root.der

2.57 KB
Binary file not shown.

certs/lms/include.am

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
# vim:ft=automake
2+
# All paths should be given relative to the root
3+
#
4+
5+
EXTRA_DIST += \
6+
certs/lms/bc_lms_sha256_h5_w4_root.der \
7+
certs/lms/bc_lms_sha256_h10_w8_root.der \
8+
certs/lms/bc_hss_L2_H5_W8_root.der \
9+
certs/lms/bc_hss_L3_H5_W4_root.der \
10+
certs/lms/bc_lms_chain_ca.der \
11+
certs/lms/bc_lms_chain_leaf.der

certs/xmss/bc_xmss_sha2_10_256_root.der

2.72 KB
Binary file not shown.

certs/xmss/bc_xmss_sha2_16_256_root.der

2.9 KB
Binary file not shown.

0 commit comments

Comments
 (0)