liboqs: add RNG support for sphincs

Frauschi · Frauschi · commit 0780fd9719ea · 2023-12-16T12:40:26.000+01:00
Added a RNG argument to the wc_sphincs_sign_msg method to properly
generate necessary random data using the desired WolfSSL RNG object.

Signed-off-by: Tobias Frauenschläger &lt;t.frauenschlaeger@me.com&gt;
diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c
@@ -12055,7 +12055,7 @@ void bench_sphincsKeySign(byte level, byte optim)
                     x = SPHINCS_SMALL_LEVEL5_SIG_SIZE;
                 }
 
-                ret = wc_sphincs_sign_msg(msg, sizeof(msg), sig, &x, &key);
+                ret = wc_sphincs_sign_msg(msg, sizeof(msg), sig, &x, &key, GLOBAL_RNG);
                 if (ret != 0) {
                     printf("wc_sphincs_sign_msg failed\n");
                 }
diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
@@ -28915,7 +28915,7 @@ static int MakeSignature(CertSignCtx* certSignCtx, const byte* buf, word32 sz,
         if (!rsaKey && !eccKey && !ed25519Key && !ed448Key && !falconKey &&
             !dilithiumKey && sphincsKey) {
             word32 outSz = sigSz;
-            ret = wc_sphincs_sign_msg(buf, sz, sig, &outSz, sphincsKey);
+            ret = wc_sphincs_sign_msg(buf, sz, sig, &outSz, sphincsKey, rng);
             if (ret == 0)
                 ret = outSz;
         }
diff --git a/wolfcrypt/src/sphincs.c b/wolfcrypt/src/sphincs.c
@@ -58,7 +58,7 @@
  *          0 otherwise.
  */
 int wc_sphincs_sign_msg(const byte* in, word32 inLen, byte* out, word32 *outLen,
-                        sphincs_key* key)
+                        sphincs_key* key, WC_RNG* rng)
 {
     int ret = 0;
 #ifdef HAVE_LIBOQS
@@ -135,6 +135,10 @@ int wc_sphincs_sign_msg(const byte* in, word32 inLen, byte* out, word32 *outLen,
         localOutLen = *outLen;
     }
 
+    if (ret == 0) {
+        ret = wolfSSL_liboqsRngMutexLock(rng);
+    }
+
     if ((ret == 0) &&
         (OQS_SIG_sign(oqssig, out, &localOutLen, in, inLen, key->k)
          == OQS_ERROR)) {
@@ -145,6 +149,8 @@ int wc_sphincs_sign_msg(const byte* in, word32 inLen, byte* out, word32 *outLen,
         *outLen = (word32)localOutLen;
     }
 
+    wolfSSL_liboqsRngMutexUnlock();
+
     if (oqssig != NULL) {
         OQS_SIG_free(oqssig);
     }
diff --git a/wolfssl/wolfcrypt/sphincs.h b/wolfssl/wolfcrypt/sphincs.h
@@ -41,6 +41,7 @@
 
 #ifdef HAVE_LIBOQS
 #include <oqs/oqs.h>
+#include <wolfssl/wolfcrypt/port/liboqs/liboqs.h>
 #endif
 
 #ifdef __cplusplus
@@ -99,7 +100,7 @@ struct sphincs_key {
 
 WOLFSSL_API
 int wc_sphincs_sign_msg(const byte* in, word32 inLen, byte* out, word32 *outLen,
-                        sphincs_key* key);
+                        sphincs_key* key, WC_RNG* rng);
 WOLFSSL_API
 int wc_sphincs_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
                           word32 msgLen, int* res, sphincs_key* key);

Original file line number	Diff line number	Diff line change
`@@ -12055,7 +12055,7 @@ void bench_sphincsKeySign(byte level, byte optim)`
`12055`	`12055`	`x = SPHINCS_SMALL_LEVEL5_SIG_SIZE;`
`12056`	`12056`	`}`
`12057`	`12057`
`12058`		`- ret = wc_sphincs_sign_msg(msg, sizeof(msg), sig, &x, &key);`
	`12058`	`+ ret = wc_sphincs_sign_msg(msg, sizeof(msg), sig, &x, &key, GLOBAL_RNG);`
`12059`	`12059`	`if (ret != 0) {`
`12060`	`12060`	`printf("wc_sphincs_sign_msg failed\n");`
`12061`	`12061`	`}`
Original file line number	Diff line number	Diff line change
`@@ -28915,7 +28915,7 @@ static int MakeSignature(CertSignCtx* certSignCtx, const byte* buf, word32 sz,`
`28915`	`28915`	`if (!rsaKey && !eccKey && !ed25519Key && !ed448Key && !falconKey &&`
`28916`	`28916`	`!dilithiumKey && sphincsKey) {`
`28917`	`28917`	`word32 outSz = sigSz;`
`28918`		`- ret = wc_sphincs_sign_msg(buf, sz, sig, &outSz, sphincsKey);`
	`28918`	`+ ret = wc_sphincs_sign_msg(buf, sz, sig, &outSz, sphincsKey, rng);`
`28919`	`28919`	`if (ret == 0)`
`28920`	`28920`	`ret = outSz;`
`28921`	`28921`	`}`