Merge pull request wolfSSL#10406 from Frauschi/lms_xmss_certs

Support RFC 9802 LMS and XMSS in X.509 verification

Author: SparkiDev

CMakeLists.txt

@@ -699,16 +699,24 @@ add_option(WOLFSSL_LMSSHA256192
     "Enable the LMS SHA_256_192 truncated variant (default: disabled)"
     "no" "yes;no")
 
+add_option(WOLFSSL_LMSNOSHA256256
+    "Disable the LMS SHA_256_256 standard variant (default: disabled)"
+    "no" "yes;no")
+
 if (WOLFSSL_LMS)
     list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_HAVE_LMS")
 
     set_wolfssl_definitions("WOLFSSL_HAVE_LMS" RESULT)
 
     if (WOLFSSL_LMSSHA256192)
         list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_LMS_SHA256_192")
-        list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_NO_LMS_SHA256_256")
 
         set_wolfssl_definitions("WOLFSSL_LMS_SHA256_192"    RESULT)
+    endif()
+
+    if (WOLFSSL_LMSNOSHA256256)
+        list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_NO_LMS_SHA256_256")
+
         set_wolfssl_definitions("WOLFSSL_NO_LMS_SHA256_256" RESULT)
     endif()
 endif()

certs/include.am

@@ -161,6 +161,8 @@ include certs/falcon/include.am
 include certs/rsapss/include.am
 include certs/dilithium/include.am
 include certs/slhdsa/include.am
+include certs/lms/include.am
+include certs/xmss/include.am
 include certs/rpk/include.am
 include certs/acert/include.am
 include certs/mldsa/include.am

certs/lms/bc_hss_L2_H5_W8_root.der

@@ -0,0 +1,12 @@
+# vim:ft=automake
+# All paths should be given relative to the root
+#
+
+EXTRA_DIST += \
+         certs/lms/bc_lms_sha256_h5_w4_root.der \
+         certs/lms/bc_lms_sha256_h10_w8_root.der \
+         certs/lms/bc_hss_L2_H5_W8_root.der \
+         certs/lms/bc_hss_L3_H5_W4_root.der \
+         certs/lms/bc_lms_chain_ca.der \
+         certs/lms/bc_lms_chain_leaf.der \
+         certs/lms/bc_lms_native_bc_root.der