Remove wc_*Key_HashMsg functions and PKCS#11 references

padelsbach · padelsbach · commit 8c2bf1dfd457 · 2026-05-06T09:56:22.000-07:00
diff --git a/wolfcrypt/src/wc_lms.c b/wolfcrypt/src/wc_lms.c
@@ -1282,66 +1282,6 @@ int wc_LmsKey_GetPrivLen(const LmsKey* key, word32* len)
     return ret;
 }
 
-/* Compute the digest of msg using the hash function dictated by the LMS
- * parameter set. Crypto-callback / HSM backends that follow PKCS#11 v3.2
- * CKM_HSS semantics (pre-computed digest input) can call this from within
- * their callback; backends that take the raw message (e.g. wolfHSM) can
- * ignore it. *hashSz is in/out: it must be at least params->hash_len on
- * entry and is set to the actual digest length on success.
- *
- * @param [in]      key     LMS key (must have a parameter set bound).
- * @param [in]      msg     Message to hash.
- * @param [in]      msgSz   Length of msg in bytes.
- * @param [out]     hash    Buffer receiving the digest.
- * @param [in,out]  hashSz  On entry, size of hash buffer. On success,
- *                          the digest length.
- * @return  0 on success.
- * @return  BAD_FUNC_ARG when an argument is NULL or the buffer is too
- *          small for the digest.
- * @return  NOT_COMPILED_IN when the param set's hash family is disabled.
- */
-int wc_LmsKey_HashMsg(const LmsKey* key, const byte* msg, word32 msgSz,
-    byte* hash, word32* hashSz)
-{
-    int ret = 0;
-    word32 needSz;
-
-    if ((key == NULL) || (msg == NULL) || (hash == NULL) || (hashSz == NULL))
-        return BAD_FUNC_ARG;
-    if (key->params == NULL)
-        return BAD_FUNC_ARG;
-    needSz = (word32)key->params->hash_len;
-    if (*hashSz < needSz)
-        return BAD_FUNC_ARG;
-
-    switch (key->params->lmsType & LMS_HASH_MASK) {
-        case LMS_SHA256:      /* 32-byte SHA-256 */
-        case LMS_SHA256_192:  /* SHA-256 truncated to 24 bytes */ {
-            byte full[WC_SHA256_DIGEST_SIZE];
-            ret = wc_Sha256Hash(msg, msgSz, full);
-            if (ret == 0)
-                XMEMCPY(hash, full, needSz);
-            break;
-        }
-    #ifdef WOLFSSL_LMS_SHAKE256
-        case LMS_SHAKE256:      /* SHAKE256 with 32-byte output */
-        case LMS_SHAKE256_192:  /* SHAKE256 with 24-byte output */ {
-            ret = wc_Shake256Hash(msg, msgSz, hash, needSz);
-            break;
-        }
-    #endif
-        default:
-            WOLFSSL_MSG("LMS: unsupported hash family for HashMsg");
-            ret = NOT_COMPILED_IN;
-            break;
-    }
-
-    if (ret == 0)
-        *hashSz = needSz;
-
-    return ret;
-}
-
 /* Sign a message.
  *
  * @param [in, out] key    LMS key to sign with.
diff --git a/wolfcrypt/src/wc_xmss.c b/wolfcrypt/src/wc_xmss.c
@@ -1421,79 +1421,6 @@ int wc_XmssKey_GetPrivLen(const XmssKey* key, word32* len)
     return ret;
 }
 
-/* Compute the digest of msg using the hash function dictated by the XMSS
- * parameter set. Crypto-callback / HSM backends that follow PKCS#11 v3.2
- * CKM_XMSS / CKM_XMSSMT semantics (pre-computed digest input, see section
- * 6.66.8 "XMSS and XMSSMT without hashing") can call this from within
- * their callback; backends that take the raw message (e.g. wolfHSM) can
- * ignore it. *hashSz is in/out: it must be at least params->n on entry
- * and is set to the actual digest length on success.
- *
- * @param [in]      key     XMSS key (must have a parameter set bound).
- * @param [in]      msg     Message to hash.
- * @param [in]      msgSz   Length of msg in bytes.
- * @param [out]     hash    Buffer receiving the digest.
- * @param [in,out]  hashSz  On entry, size of hash buffer. On success,
- *                          the digest length.
- * @return  0 on success.
- * @return  BAD_FUNC_ARG when an argument is NULL or the buffer is too
- *          small for the digest.
- * @return  NOT_COMPILED_IN when the param set's hash family is disabled.
- */
-int wc_XmssKey_HashMsg(const XmssKey* key, const byte* msg, word32 msgSz,
-    byte* hash, word32* hashSz)
-{
-    int ret = 0;
-    word32 needSz;
-
-    if ((key == NULL) || (msg == NULL) || (hash == NULL) || (hashSz == NULL))
-        return BAD_FUNC_ARG;
-    if (key->params == NULL)
-        return BAD_FUNC_ARG;
-    needSz = (word32)key->params->n;
-    if (*hashSz < needSz)
-        return BAD_FUNC_ARG;
-
-    switch (key->params->hash) {
-    #ifdef WC_XMSS_SHA256
-        case WC_HASH_TYPE_SHA256: {
-            /* SHA2_*_192 variants set n=24, but wc_Hash rejects an output
-             * smaller than WC_SHA256_DIGEST_SIZE. Hash to a full buffer and
-             * copy the requested prefix. */
-            byte full[WC_SHA256_DIGEST_SIZE];
-            ret = wc_Sha256Hash(msg, msgSz, full);
-            if (ret == 0)
-                XMEMCPY(hash, full, needSz);
-            break;
-        }
-    #endif
-    #ifdef WC_XMSS_SHA512
-        case WC_HASH_TYPE_SHA512:
-            ret = wc_Hash(WC_HASH_TYPE_SHA512, msg, msgSz, hash, needSz);
-            break;
-    #endif
-    #ifdef WC_XMSS_SHAKE128
-        case WC_HASH_TYPE_SHAKE128:
-            ret = wc_Shake128Hash(msg, msgSz, hash, needSz);
-            break;
-    #endif
-    #ifdef WC_XMSS_SHAKE256
-        case WC_HASH_TYPE_SHAKE256:
-            ret = wc_Shake256Hash(msg, msgSz, hash, needSz);
-            break;
-    #endif
-        default:
-            WOLFSSL_MSG("XMSS: unsupported hash for HashMsg");
-            ret = NOT_COMPILED_IN;
-            break;
-    }
-
-    if (ret == 0)
-        *hashSz = needSz;
-
-    return ret;
-}
-
 /* Sign the message using the XMSS secret key.
  *
  * @param [in]      key     XMSS key to use to sign.
diff --git a/wolfssl/wolfcrypt/cryptocb.h b/wolfssl/wolfcrypt/cryptocb.h
@@ -357,11 +357,6 @@ typedef struct wc_CryptoInfo {
                 int         type; /* enum wc_PqcStatefulSignatureType */
             } pqc_stateful_sig_kg;
             struct {
-                /* Raw message. Backends following the PKCS#11 v3.2
-                 * CKM_HSS / CKM_XMSS convention of operating on a
-                 * pre-computed digest can call wc_LmsKey_HashMsg /
-                 * wc_XmssKey_HashMsg from inside the callback to obtain
-                 * the algorithm-dictated digest of msg. */
                 const byte* msg;
                 word32      msgSz;
                 byte*       out;
@@ -372,7 +367,6 @@ typedef struct wc_CryptoInfo {
             struct {
                 const byte* sig;
                 word32      sigSz;
-                /* Raw message. See sign note. */
                 const byte* msg;
                 word32      msgSz;
                 int*        res;
@@ -757,9 +751,6 @@ WOLFSSL_LOCAL int wc_CryptoCb_PqcStatefulSigGetDevId(int type, void* key);
 
 WOLFSSL_LOCAL int wc_CryptoCb_PqcStatefulSigKeyGen(int type, void* key,
     WC_RNG* rng);
-/* The raw message is forwarded to the callback. Backends that follow the
- * PKCS#11 v3.2 CKM_HSS / CKM_XMSS convention (digest input) can call
- * wc_LmsKey_HashMsg / wc_XmssKey_HashMsg from inside the callback. */
 WOLFSSL_LOCAL int wc_CryptoCb_PqcStatefulSigSign(const byte* msg,
     word32 msgSz, byte* out, word32* outSz, int type, void* key);
 WOLFSSL_LOCAL int wc_CryptoCb_PqcStatefulSigVerify(const byte* sig,
diff --git a/wolfssl/wolfcrypt/wc_lms.h b/wolfssl/wolfcrypt/wc_lms.h
@@ -825,8 +825,6 @@ WOLFSSL_API int  wc_LmsKey_ImportPubRaw(LmsKey * key, const byte * in,
     word32 inLen);
 WOLFSSL_API int  wc_LmsKey_Verify(LmsKey * key, const byte * sig, word32 sigSz,
     const byte * msg, int msgSz);
-WOLFSSL_API int  wc_LmsKey_HashMsg(const LmsKey * key, const byte * msg,
-    word32 msgSz, byte * hash, word32 * hashSz);
 WOLFSSL_API const char * wc_LmsKey_ParmToStr(enum wc_LmsParm lmsParm);
 WOLFSSL_API const char * wc_LmsKey_RcToStr(enum wc_LmsRc lmsRc);
 
diff --git a/wolfssl/wolfcrypt/wc_xmss.h b/wolfssl/wolfcrypt/wc_xmss.h
@@ -457,12 +457,6 @@ WOLFSSL_API int  wc_XmssKey_ImportPubRaw(XmssKey* key, const byte* in,
     word32 inLen);
 WOLFSSL_API int  wc_XmssKey_Verify(XmssKey* key, const byte* sig, word32 sigSz,
     const byte* msg, int msgSz);
-/* Compute the digest of a message with the hash function dictated by the
- * XMSS parameter set. Useful for crypto-callback / HSM backends that follow
- * the PKCS#11 v3.2 CKM_XMSS / CKM_XMSSMT convention of taking a
- * pre-computed digest. */
-WOLFSSL_API int  wc_XmssKey_HashMsg(const XmssKey* key, const byte* msg,
-    word32 msgSz, byte* hash, word32* hashSz);
 
 WOLFSSL_LOCAL int wc_xmssmt_keygen(XmssState *state, const unsigned char* seed,
     unsigned char *sk, unsigned char *pk);
