Skip to content

Commit dc56e87

Browse files
authored
Merge pull request wolfSSL#10466 from Frauschi/slhdsa_cryptocb
Add CryptoCb support for SLH-DSA
2 parents 583dbaf + b27c1a8 commit dc56e87

7 files changed

Lines changed: 668 additions & 14 deletions

File tree

doc/dox_comments/header_files/wc_slhdsa.h

Lines changed: 97 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -42,6 +42,103 @@
4242
int wc_SlhDsaKey_Init(SlhDsaKey* key, enum SlhDsaParam param,
4343
void* heap, int devId);
4444

45+
/*!
46+
\ingroup SLH_DSA
47+
48+
\brief Initializes an SLH-DSA key with a device-side key identifier (id).
49+
Equivalent to wc_SlhDsaKey_Init() but also stashes a binary id that a
50+
crypto callback can use to look up the underlying key material on the
51+
device. Only available when wolfSSL is built with WOLF_PRIVATE_KEY_ID.
52+
53+
The id is copied into the key object; the caller may free its buffer
54+
immediately after this call returns.
55+
56+
\return 0 on success.
57+
\return BAD_FUNC_ARG if key is NULL, or if id is NULL while len > 0.
58+
\return BUFFER_E if len is negative or greater than SLHDSA_MAX_ID_LEN.
59+
60+
\param [in,out] key Pointer to the SlhDsaKey to initialize.
61+
\param [in] param Parameter set to use (see wc_SlhDsaKey_Init).
62+
\param [in] id Pointer to the device-side key identifier bytes. May be
63+
NULL if len is 0.
64+
\param [in] len Number of bytes in id. Must be in [0, SLHDSA_MAX_ID_LEN].
65+
\param [in] heap Pointer to heap hint for dynamic memory allocation.
66+
May be NULL.
67+
\param [in] devId Device identifier for the crypto callback. Should be
68+
a registered cb devId, not INVALID_DEVID, for the id to be meaningful.
69+
70+
_Example_
71+
\code
72+
SlhDsaKey key;
73+
unsigned char id[8] = { 0x01, 0x02, 0x03, 0x04,
74+
0x05, 0x06, 0x07, 0x08 };
75+
int ret;
76+
77+
ret = wc_SlhDsaKey_Init_id(&key, SLHDSA_SHAKE128F, id, sizeof(id),
78+
NULL, devId);
79+
if (ret != 0) {
80+
// error initializing key with id
81+
}
82+
// ... use key, the cb resolves id -> device key ...
83+
wc_SlhDsaKey_Free(&key);
84+
\endcode
85+
86+
\sa wc_SlhDsaKey_Init
87+
\sa wc_SlhDsaKey_Init_label
88+
\sa wc_SlhDsaKey_Free
89+
*/
90+
int wc_SlhDsaKey_Init_id(SlhDsaKey* key, enum SlhDsaParam param,
91+
const unsigned char* id, int len, void* heap, int devId);
92+
93+
/*!
94+
\ingroup SLH_DSA
95+
96+
\brief Initializes an SLH-DSA key with a device-side key label.
97+
Equivalent to wc_SlhDsaKey_Init() but also stashes a label string that
98+
a crypto callback can use to look up the underlying key material on
99+
the device. Only available when wolfSSL is built with
100+
WOLF_PRIVATE_KEY_ID.
101+
102+
The label length is taken via XSTRLEN, so embedded NUL bytes terminate
103+
the label. The copy stored in key->label is NOT guaranteed to be
104+
NUL-terminated (when the input is exactly SLHDSA_MAX_LABEL_LEN bytes
105+
the entire array is consumed). Consumers must read at most
106+
key->labelLen bytes — do not pass key->label to C-string APIs.
107+
108+
\return 0 on success.
109+
\return BAD_FUNC_ARG if key or label is NULL.
110+
\return BUFFER_E if label is empty or longer than SLHDSA_MAX_LABEL_LEN.
111+
112+
\param [in,out] key Pointer to the SlhDsaKey to initialize.
113+
\param [in] param Parameter set to use (see wc_SlhDsaKey_Init).
114+
\param [in] label NUL-terminated device-side key label string.
115+
\param [in] heap Pointer to heap hint for dynamic memory allocation.
116+
May be NULL.
117+
\param [in] devId Device identifier for the crypto callback. Should be
118+
a registered cb devId, not INVALID_DEVID, for the label to be
119+
meaningful.
120+
121+
_Example_
122+
\code
123+
SlhDsaKey key;
124+
int ret;
125+
126+
ret = wc_SlhDsaKey_Init_label(&key, SLHDSA_SHAKE128F,
127+
"device-key-1", NULL, devId);
128+
if (ret != 0) {
129+
// error initializing key with label
130+
}
131+
// ... use key, the cb resolves label -> device key ...
132+
wc_SlhDsaKey_Free(&key);
133+
\endcode
134+
135+
\sa wc_SlhDsaKey_Init
136+
\sa wc_SlhDsaKey_Init_id
137+
\sa wc_SlhDsaKey_Free
138+
*/
139+
int wc_SlhDsaKey_Init_label(SlhDsaKey* key, enum SlhDsaParam param,
140+
const char* label, void* heap, int devId);
141+
45142
/*!
46143
\ingroup SLH_DSA
47144

wolfcrypt/src/cryptocb.c

Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1288,7 +1288,8 @@ int wc_CryptoCb_PqcDecapsulate(const byte* ciphertext, word32 ciphertextLen,
12881288
}
12891289
#endif /* WOLFSSL_HAVE_MLKEM */
12901290

1291-
#if defined(HAVE_FALCON) || defined(HAVE_DILITHIUM)
1291+
#if defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) || \
1292+
defined(WOLFSSL_HAVE_SLHDSA)
12921293
int wc_CryptoCb_PqcSigGetDevId(int type, void* key)
12931294
{
12941295
int devId = INVALID_DEVID;
@@ -1307,6 +1308,11 @@ int wc_CryptoCb_PqcSigGetDevId(int type, void* key)
13071308
devId = ((falcon_key*) key)->devId;
13081309
}
13091310
#endif
1311+
#if defined(WOLFSSL_HAVE_SLHDSA)
1312+
if (type == WC_PQC_SIG_TYPE_SLHDSA) {
1313+
devId = ((SlhDsaKey*) key)->devId;
1314+
}
1315+
#endif
13101316

13111317
return devId;
13121318
}
@@ -1456,7 +1462,7 @@ int wc_CryptoCb_PqcSignatureCheckPrivKey(void* key, int type,
14561462

14571463
return wc_CryptoCb_TranslateErrorCode(ret);
14581464
}
1459-
#endif /* HAVE_FALCON || HAVE_DILITHIUM */
1465+
#endif /* HAVE_FALCON || HAVE_DILITHIUM || WOLFSSL_HAVE_SLHDSA */
14601466

14611467
#ifndef NO_AES
14621468
#ifdef HAVE_AESGCM

0 commit comments

Comments
 (0)