Add MBEDTLS_LMS_PRIVATE define

To enable private key operations Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-09-01 12:24:31 +01:00 · 2022-09-01 12:24:31 +01:00 · ab4f87413a
commit ab4f87413a
parent ebd35b5b80
8 changed files with 104 additions and 72 deletions
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@ -358,6 +358,11 @@
 #error "MBEDTLS_LMS_C requires MBEDTLS_PSA_CRYPTO_C"
 #endif

+#if defined(MBEDTLS_LMS_PRIVATE) &&                                    \
+    ( !defined(MBEDTLS_LMS_C) )
+#error "MBEDTLS_LMS_PRIVATE requires MBEDTLS_LMS_C"
+#endif
+
 #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) &&                          \
    ( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_PLATFORM_MEMORY) )
 #error "MBEDTLS_MEMORY_BUFFER_ALLOC_C defined, but not all prerequisites"
--- a/include/mbedtls/lms.h
+++ b/include/mbedtls/lms.h
@ -106,6 +106,7 @@ typedef struct {
 } mbedtls_lms_public_t;


+#ifdef MBEDTLS_LMS_PRIVATE
 /** LMS private context structure.
 *
 * A LMS private key is a set of LMOTS private keys, an index to the next usable
@ -133,6 +134,7 @@ typedef struct {
    unsigned char MBEDTLS_PRIVATE(have_private_key); /*!< Whether the context contains a private key.
                                                     Boolean values only. */
 } mbedtls_lms_private_t;
+#endif /* MBEDTLS_LMS_PRIVATE */

 /**
 * \brief                    This function initializes an LMS public context
@ -196,6 +198,7 @@ int mbedtls_lms_verify( const mbedtls_lms_public_t *ctx,
                        const unsigned char *msg, size_t msg_size,
                        const unsigned char *sig, size_t sig_size );

+#ifdef MBEDTLS_LMS_PRIVATE
 /**
 * \brief                    This function initializes an LMS private context
 *
@ -328,6 +331,7 @@ int mbedtls_lms_sign( mbedtls_lms_private_t *ctx,
                      int (*f_rng)(void *, unsigned char *, size_t),
                      void* p_rng, unsigned char *msg, unsigned int msg_size,
                      unsigned char *sig, size_t sig_size, size_t *sig_len);
+#endif /* MBEDTLS_LMS_PRIVATE */

 #ifdef __cplusplus
 }
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@ -2469,12 +2469,24 @@
 * Module:  library/lms.c
 * Caller:
 *
- * Requires: MBEDTLS_MD_C
+ * Requires: MBEDTLS_PSA_CRYPTO_C
 *
- * Uncomment to enable the LMS signature algorithm.
+ * Uncomment to enable the LMS verification algorithm and public key operations.
 */
 #define MBEDTLS_LMS_C

+/**
+ * \def MBEDTLS_LMS_PRIVATE
+ *
+ * Enable LMS private-key operations and signing code. Functions enabled by this
+ * option are experimental, and should not be used in production.
+ *
+ * Requires: MBEDTLS_LMS_C
+ *
+ * Uncomment to enable the LMS signature algorithm and private key operations.
+ */
+// #define MBEDTLS_LMS_PRIVATE
+
 /**
 * \def MBEDTLS_NIST_KW_C
 *