Skip to content

Commit a0b8bd2

Browse files
claudeclaude
committed
Add RFC 9802 HSS/LMS and XMSS/XMSS^MT X.509 certificate verification
Wires wolfCrypt's stateful hash-based signature implementations into the X.509 parse and verify paths per RFC 9802. Parsing, loading into a WOLFSSL_CERT_MANAGER, and ConfirmSignature now recognise: * id-alg-hss-lms-hashsig 1.2.840.113549.1.9.16.3.17 * id-alg-xmss-hashsig 1.3.6.1.5.5.7.6.34 * id-alg-xmssmt-hashsig 1.3.6.1.5.5.7.6.35 with parameters absent per RFC 9802 §2 and no pre-hash of the TBS. Scope is verify-only on WOLFSSL_HAVE_LMS / WOLFSSL_HAVE_XMSS. wolfCrypt-level changes: * wc_LmsKey_ImportPubRaw auto-derives the parameter set from u32str(L) || lmsType || lmOtsType when key->params == NULL, and validates against pre-set params when they are set. The candidate LmsParams is held in a local until the length check passes so a failing length check doesn't leave key->params half-set. Documented behaviour change in wc_lms.h: callers that relied on BUFFER_E from a missing SetParameters call now see success for well-formed input. * wc_LmsKey_GetSigLen now NULL-checks key->params (closes the NULL-deref when called between Init and SetParameters; matches GetPubLen / GetPrivLen behaviour). * wc_XmssKey_SetParamsFromPubRaw is new: derives params from the 4-byte OID prefix of a raw RFC 8391 public key, with an is_xmssmt hint to disambiguate the overlapping OID namespaces. * wc_XmssKey_GetSigLen NULL-checks key->params for symmetry. X.509 wiring in asn.c: * New OID arrays sigHssLmsOid / sigXmssOid / sigXmssMtOid and matching keyType arrays. * GetObjectId / GetAlgoId / oidSigType / oidKeyType dispatch. * StoreKey guard extended; GetCertKey switch handles the three new keyOIDs. * IsSigAlgoECC / SigOidMatchesKeyOid / HashForSignature updated to omit AlgorithmIdentifier parameters and skip pre-hashing. * SignatureCtx union gets LmsKey / XmssKey members; FreeSignatureCtx handles cleanup. * Three ConfirmSignature states (KEY / DO / CHECK) gain LMS and XMSS / XMSS^MT cases. scripts/asn1_oid_sum.pl gains the three OIDs; oid_sum.h regenerated with HSS_LMSk / XMSSk / XMSSMTk and CTC_HSS_LMS / CTC_XMSS / CTC_XMSSMT. enum cert_enums reserves HSS_LMS_KEY / XMSS_KEY / XMSSMT_KEY for future cert-gen support. Tests in test_rfc9802_x509_verify exercise: * 9 Bouncy Castle 1.81-generated fixtures (LMS h5/w4, h10/w8; HSS L2_H5_W8 and L3_H5_W4; XMSS H=10 and H=16; XMSS^MT 20/2, 20/4, 40/8); plus a CA→leaf LMS chain. * wc_ParseCert with OID assertions, full wolfSSL_CertManagerVerifyBuffer against a self-installed trust anchor, signature-byte tamper, TBSCertificate-interior tamper at the midpoint of [certBegin, sigIndex), KeyUsage extension presence. * wolfCrypt-level negative tests: unknown lmsType / lmOtsType, unknown XMSS/XMSS^MT OID, truncated input, NULL args, GetSigLen on a key with no params set, cross-OID mismatch between SPKI and outer signatureAlgorithm. All fixtures carry BasicConstraints (CA:TRUE on issuers, CA:FALSE on leaves) and KeyUsage per RFC 9802 §3 / RFC 5280 §4.2.1.9. BC's default XMSS/XMSS^MT encoding uses pre-standard ISARA OIDs and an OCTET STRING SPKI wrapper, so the fixture generator overrides both to match RFC 9802. Verified across configure permutations: * default (no LMS/XMSS) * --enable-lms * --enable-xmss * --enable-lms --enable-xmss * --enable-lms --enable-xmss --enable-certgen Out of scope: cert generation, TLS 1.3 SignatureScheme, OpenSSL compat shims (wolfSSL_LMS_*), OCSP/CRL signed with these algorithms. https://claude.ai/code/session_01SnSQMb145Hkyyf7hQQQ8cq
1 parent a057975 commit a0b8bd2

24 files changed

Lines changed: 930 additions & 55 deletions

certs/include.am

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -160,6 +160,8 @@ include certs/falcon/include.am
160160
include certs/rsapss/include.am
161161
include certs/dilithium/include.am
162162
include certs/sphincs/include.am
163+
include certs/lms/include.am
164+
include certs/xmss/include.am
163165
include certs/rpk/include.am
164166
include certs/acert/include.am
165167
include certs/mldsa/include.am

certs/lms/bc_hss_L2_H5_W8_root.der

2.85 KB
Binary file not shown.

certs/lms/bc_hss_L3_H5_W4_root.der

7.26 KB
Binary file not shown.

certs/lms/bc_lms_chain_ca.der

2.58 KB
Binary file not shown.

certs/lms/bc_lms_chain_leaf.der

2.58 KB
Binary file not shown.

certs/lms/bc_lms_sha256_h10_w8_root.der

1.69 KB
Binary file not shown.

certs/lms/bc_lms_sha256_h5_w4_root.der

2.57 KB
Binary file not shown.

certs/lms/include.am

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
# vim:ft=automake
2+
# All paths should be given relative to the root
3+
#
4+
5+
EXTRA_DIST += \
6+
certs/lms/bc_lms_sha256_h5_w4_root.der \
7+
certs/lms/bc_lms_sha256_h10_w8_root.der \
8+
certs/lms/bc_hss_L2_H5_W8_root.der \
9+
certs/lms/bc_hss_L3_H5_W4_root.der \
10+
certs/lms/bc_lms_chain_ca.der \
11+
certs/lms/bc_lms_chain_leaf.der

certs/xmss/bc_xmss_sha2_10_256_root.der

2.72 KB
Binary file not shown.

certs/xmss/bc_xmss_sha2_16_256_root.der

2.9 KB
Binary file not shown.

0 commit comments

Comments
 (0)