Add hash-sigs support

.github/workflows/build.yml

@@ -22,6 +22,7 @@ jobs:
           - tinycrypt
           - mbedtls
           - c25519
+          - hash-sigs
         include:
           - crypto: sodium
             crypto_script: true
@@ -40,6 +41,9 @@ jobs:
               apt install -y unzip &&
               wget https://www.dlbeer.co.nz/downloads/c25519-2017-10-05.zip -O ../c25519.zip &&
               bash -c 'cd .. && unzip c25519.zip'
+          - crypto: hash-sigs
+            crypto_script: >-
+              git clone https://github.com/future-proof-iot/hash-sigs.git ../hash-sigs
 
           - container: silkeh/clang:12
             CC: clang

Makefile

@@ -46,6 +46,9 @@ endif
 ifneq (,$(filter tinycrypt,$(CRYPTO)))
 	include $(MK_DIR)/tinycrypt.mk
 endif
+ifneq (,$(filter hash-sigs,$(CRYPTO)))
+	include $(MK_DIR)/hash-sigs.mk
+endif
 
 CFLAGS += $(CFLAGS_CRYPTO)
 

include/cose/crypto.h

@@ -47,6 +47,9 @@
 #if defined(CRYPTO_TINYCRYPT)
 #include "cose/crypto/tinycrypt.h"
 #endif
+#if defined(CRYPTO_HASH_SIGS)
+#include "cose/crypto/hash-sigs.h"
+#endif
 
 #include "cose/crypto/selectors.h"
 
@@ -361,9 +364,10 @@ void cose_crypto_keypair_ecdsa(cose_key_t *key, cose_curve_t curve);
 size_t cose_crypto_sig_size_ed25519(void);
 /** @} */
 
-#ifdef __cplusplus
-}
-#endif
+int cose_crypto_keypair_hsslms(cose_key_t *key);
+int cose_crypto_sign_hsslms(const cose_key_t *key, uint8_t *sig, size_t *siglen, uint8_t *msg, unsigned long long int msglen);
+int cose_crypto_verify_hsslms(const cose_key_t *key, const uint8_t *sign, size_t signlen, uint8_t *msg, uint64_t msglen);
+size_t cose_crypto_sig_size_hsslms(void);
 
 #endif /* COSE_CRYPTO_H */
 

include/cose/crypto/hash-sigs.h

@@ -0,0 +1,52 @@
+/*
+ * Copyright (C) 2022 Inria
+ *
+ * This file is subject to the terms and conditions of the GNU Lesser
+ * General Public License v2.1. See the file LICENSE in the top level
+ * directory for more details.
+ */
+
+/**
+ * @defgroup    cose_cryto_tinycrypt Crypto glue layer, tinycrypt definitions
+ * @ingroup     cose_crypto
+ *
+ * Crypto function api for glueing tinycrypt
+ * @{
+ *
+ * @file
+ * @brief       Crypto function api for glueing tinycrypt.
+ *
+ * @author      Kaspar Schleiser <kaspar@schleiser.de>
+ */
+
+#ifndef COSE_CRYPTO_HASH_SIGS_H
+#define COSE_CRYPTO_HASH_SIGS_H
+
+#include "hash_sig_api.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * @name list of provided algorithms
+ *
+ * @{
+ */
+#define HAVE_ALGO_HSSLMS     /**< HSS/LMS support*/
+/** @} */
+
+/**
+ * @brief HSS/LMS key sizes
+ */
+#define COSE_CRYPTO_HSSLMS_PUBLICKEYBYTES               (HSS_MAX_PUBLIC_KEY_LEN)
+#define COSE_CRYPTO_HSSLMS_SECRETKEYBYTES               (PRIVATE_KEY_LEN)
+/** @} */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
+
+/** @} */

makefiles/hash-sigs.mk

@@ -0,0 +1,37 @@
+CFLAGS += -Wno-sign-compare
+CFLAGS += -Wno-unused-parameter
+CFLAGS += -Wno-char-subscripts
+CFLAGS += -Wno-shadow
+
+HASH_SIGS_DIR ?= $(PWD)/../hash-sigs
+CFLAGS+=-DCRYPTO_HASH_SIGS -I$(HASH_SIGS_DIR)
+
+CRYPTOSRC +=$(SRC_DIR)/crypt/hash-sigs.c
+
+CRYPTOSRC+=$(HASH_SIGS_DIR)/hss.c
+CRYPTOSRC+=$(HASH_SIGS_DIR)/hss_alloc.c
+CRYPTOSRC+=$(HASH_SIGS_DIR)/hss_aux.c
+CRYPTOSRC+=$(HASH_SIGS_DIR)/hss_common.c
+CRYPTOSRC+=$(HASH_SIGS_DIR)/hss_compute.c
+CRYPTOSRC+=$(HASH_SIGS_DIR)/hss_generate.c
+CRYPTOSRC+=$(HASH_SIGS_DIR)/hss_keygen.c
+CRYPTOSRC+=$(HASH_SIGS_DIR)/hss_param.c
+CRYPTOSRC+=$(HASH_SIGS_DIR)/hss_reserve.c
+CRYPTOSRC+=$(HASH_SIGS_DIR)/hss_sign.c
+CRYPTOSRC+=$(HASH_SIGS_DIR)/hss_sign_inc.c
+CRYPTOSRC+=$(HASH_SIGS_DIR)/hss_verify.c
+CRYPTOSRC+=$(HASH_SIGS_DIR)/hss_verify_inc.c
+CRYPTOSRC+=$(HASH_SIGS_DIR)/hss_derive.c
+CRYPTOSRC+=$(HASH_SIGS_DIR)/hss_zeroize.c
+CRYPTOSRC+=$(HASH_SIGS_DIR)/hss_thread_single.c
+CRYPTOSRC+=$(HASH_SIGS_DIR)/lm_common.c
+CRYPTOSRC+=$(HASH_SIGS_DIR)/lm_ots_common.c
+CRYPTOSRC+=$(HASH_SIGS_DIR)/lm_ots_sign.c
+CRYPTOSRC+=$(HASH_SIGS_DIR)/lm_ots_verify.c
+CRYPTOSRC+=$(HASH_SIGS_DIR)/lm_verify.c
+CRYPTOSRC+=$(HASH_SIGS_DIR)/endian.c
+CRYPTOSRC+=$(HASH_SIGS_DIR)/hash.c
+CRYPTOSRC+=$(HASH_SIGS_DIR)/sha256.c
+CRYPTOSRC+=$(HASH_SIGS_DIR)/signatures.c
+CRYPTOSRC+=$(SRC_DIR)/crypt/helpers.c
+CRYPTOOBJS+=$(CRYPTOSRC:.c:.c)

src/cose_crypto.c

@@ -203,6 +203,11 @@ int cose_crypto_sign(const cose_key_t *key, uint8_t *sign, size_t *signlen, uint
             /* Needs to be splitted as soon as ed448 support is required */
             return cose_crypto_sign_ed25519(key, sign, signlen, msg, msglen);
             break;
+#endif
+#ifdef HAVE_ALGO_HSSLMS
+        case COSE_ALGO_HSSLMS:
+            return cose_crypto_sign_hsslms(key, sign, signlen, msg, msglen);
+            break;
 #endif
         default:
             (void)key;
@@ -231,6 +236,11 @@ int cose_crypto_verify(const cose_key_t *key, const uint8_t *sign, size_t signle
             /* Needs to be splitted as soon as ed448 support is required */
             return cose_crypto_verify_ed25519(key, sign, signlen, msg, msglen);
             break;
+#endif
+#ifdef HAVE_ALGO_HSSLMS
+        case COSE_ALGO_HSSLMS:
+            return cose_crypto_verify_hsslms(key, sign, signlen, msg, msglen);
+            break;
 #endif
         default:
             (void)key;

src/crypt/hash-sigs.c

@@ -0,0 +1,37 @@
+#include <stdint.h>
+#include <hss.h>
+#include <hash_sig_api.h>
+#include "cose.h"
+
+int cose_crypto_keypair_hsslms(cose_key_t *key)
+{
+    key->algo = COSE_ALGO_HSSLMS;
+    int res = keygen(key->d, key->x);
+
+    return res ? COSE_OK : COSE_ERR_CRYPTO;;
+}
+
+int cose_crypto_sign_hsslms(const cose_key_t *key, uint8_t *sig, size_t *siglen,
+                            uint8_t *msg, unsigned long long int msglen)
+{
+    /* cose provides siglen as `size_t`, hash-sigs uses `long long unsigned` ... */
+    unsigned long long siglen_tmp = *siglen;
+
+    int res = sign(sig, &siglen_tmp, msg, msglen, key->d);
+
+    *siglen = siglen_tmp;
+
+    return res ? COSE_OK : COSE_ERR_CRYPTO;;
+}
+
+int cose_crypto_verify_hsslms(const cose_key_t *key, const uint8_t *sig,
+                              size_t siglen, uint8_t *msg, uint64_t msglen)
+{
+    int res = verify(key->x, (unsigned char *)sig, siglen, msg, msglen);
+    return res ? COSE_OK : COSE_ERR_CRYPTO;;
+}
+
+size_t cose_crypto_sig_size_hsslms(void)
+{
+    return CRYPTO_BYTES;
+}

tests/sign.c

@@ -29,6 +29,12 @@ static char kid2[] = "koen@example.net";
 #elif defined(HAVE_ALGO_ECDSA)
 #define TEST_CRYPTO_SIGN_PUBLICKEYBYTES COSE_CRYPTO_SIGN_P521_PUBLICKEYBYTES
 #define TEST_CRYPTO_SIGN_SECRETKEYBYTES COSE_CRYPTO_SIGN_P521_SECRETKEYBYTES
+#elif defined(HAVE_ALGO_HSSLMS)
+#define TEST_CRYPTO_SIGN_PUBLICKEYBYTES (8192)
+#define TEST_CRYPTO_SIGN_SECRETKEYBYTES (8192)
+// segfaults with these:
+/* #define TEST_CRYPTO_SIGN_PUBLICKEYBYTES (COSE_CRYPTO_HSSLMS_PUBLICKEYBYTES) */
+/* #define TEST_CRYPTO_SIGN_SECRETKEYBYTES (COSE_CRYPTO_HSSLMS_SECRETKEYBYTES) */
 #else
 #error No suitable signature algorithm
 #endif
@@ -58,10 +64,15 @@ static void genkey(cose_key_t *key, uint8_t *pkx, uint8_t *pky, uint8_t *sk)
     cose_curve_t curve = COSE_EC_CURVE_P256;
     cose_algo_t algo = COSE_ALGO_ES256;
 #else
-#error No suitable ECDSA curve signature algorithm available
+#error No suitable signature algorithm available
 #endif
     cose_key_set_keys(key, curve, algo, pkx, pky, sk);
     cose_crypto_keypair_ecdsa(key, curve);
+#elif defined(HAVE_ALGO_HSSLMS)
+    cose_curve_t curve = COSE_EC_NONE;
+    cose_algo_t algo = COSE_ALGO_HSSLMS;
+    cose_key_set_keys(key, curve, algo, pkx, NULL, sk);
+    cose_crypto_keypair_hsslms(key);
 #endif
 }
 

tests/suit.c

@@ -20,6 +20,7 @@
 #include "CUnit/Basic.h"
 #include "CUnit/Automated.h"
 
+#ifndef HAVE_ALGO_HSSLMS
 static uint8_t buf[2048];
 
 #ifdef HAVE_ALGO_EDDSA
@@ -160,6 +161,8 @@ void test_suit1(void)
     CU_ASSERT_EQUAL(memcmp(kid, keyid, sizeof(keyid) - 1), 0);
 }
 
+#endif
+
 const test_t tests_suit[] = {
 #if defined(HAVE_ALGO_EDDSA) || ( defined(HAVE_ALGO_ECDSA) && defined(HAVE_CURVE_P521))
     {