Add crypto callbacks for LMS and XMSS#10380
Add crypto callbacks for LMS and XMSS#10380padelsbach wants to merge 5 commits intowolfSSL:masterfrom
Conversation
wolfSSL-Fenrir-bot
left a comment
wolfSSL-Fenrir-bot
left a comment
There was a problem hiding this comment.
Fenrir Automated Review — PR #10380
Scan targets checked: wolfcrypt-bugs, wolfcrypt-src
Findings: 1
1 finding(s) posted as inline comments (see file-level comments below)
This review was generated automatically by Fenrir. Findings are non-blocking.
padelsbach
force-pushed
the
lms-xmss
branch
3 times, most recently
from
49f1cc2 to
6673edd
Compare
|
|
jenkins retest this please |
Frauschi
left a comment
Frauschi
left a comment
There was a problem hiding this comment.
A lot of minor things, mainly as the WiP patch I sent you was in a very rough state tbh (sorry for that).
|
jenkins retest this please |
|
Ok, I have updates regarding the PKCS#11 "pre-hash" thing. It turns out that this is actually an error in their specification, which is already corrected in the current working drafts for the next version. The data passed to the sign and verify operations is indeed the whole message, not any pre-hashed digest! After taking a more in-depth look into the algorithms, a simple pre-hash as proposed in the two helper methods of this PR also does not work and breaks spec compliance. Within both algorithms, the message is hashed together with the current state of the private key, which is not available in a CryptoCb / PKCS#11 setup on the host. Hence, this would have never worked properly anyway. In total, this greatly simplifies our efforts, as the “normal” callbacks can directly be used for PKCS#11 as well. Hence, the two new helper methods for pre-hashing ( |
4 participants
Description
Add struct fields and callbacks (
MakeKey,Sign,VerifyandSigsLeft) into existing LMS and XMSS code. Addwc_LmsKey_InitIdand_InitLabelfor PKCS11 compat. Added unit tests.Testing
New unit tests
Checklist