LMS: cleanup INSTALL, and cap threads to 4.

philljj · philljj · commit 4c125ece77e0 · 2023-07-11T15:04:51.000-05:00
diff --git a/INSTALL b/INSTALL
@@ -258,8 +258,10 @@ We also have vcpkg ports for wolftpm, wolfmqtt and curl.
 17. Building with hash-sigs lib for LMS/HSS support [EXPERIMENTAL]
 
     Using LMS/HSS requires that the hash-sigs lib has been built on
-    your system. At present we support the current master branch of
-    the hash-sigs project.
+    your system. We support hash-sigs lib at this git commit:
+      b0631b8891295bf2929e68761205337b7c031726
+    At the time of writing this, this is the HEAD of the master
+    branch of the hash-sigs project.
 
     Currently the hash-sigs project only builds static libraries:
       - hss_lib.a: a single-threaded static lib.
@@ -282,6 +284,7 @@ We also have vcpkg ports for wolftpm, wolfmqtt and curl.
       $ cd ~/hash_sigs
       $ git clone https://github.com/cisco/hash-sigs.git src
       $ cd src
+      $ git checkout b0631b8891295bf2929e68761205337b7c031726
 
     In sha256.h, set USE_OPENSSL to 0:
       #define USE_OPENSSL 0
diff --git a/wolfcrypt/src/ext_lms.c b/wolfcrypt/src/ext_lms.c
@@ -37,6 +37,16 @@
     #include <wolfcrypt/src/misc.c>
 #endif
 
+/* If built against hss_lib_thread.a, the hash-sigs lib will spawn
+ * worker threads to parallelize cpu intensive tasks. This will mainly
+ * speedup key generation and signing, and to a lesser extent
+ * verifying for larger levels values.
+ *
+ * Their default max is 16 worker threads, but can be capped with
+ * hss_extra_info_set_threads(). To be safe we are capping at 4 here.
+ * */
+#define EXT_LMS_MAX_THREADS (4)
+
 /* The hash-sigs hss_generate_private_key API requires a generate_random
  * callback that only has output and length args. The RNG struct must be global
  * to the function. Maybe there should be a wc_LmsKey_SetRngCb. */
@@ -347,7 +357,9 @@ int wc_LmsKey_Init_ex(LmsKey * key, int levels, int height,
         key->lm_ots_type[i] = ots;
     }
 
+    /* Set the max number of worker threads that hash-sigs can spawn. */
     hss_init_extra_info(&key->info);
+    hss_extra_info_set_threads(&key->info, EXT_LMS_MAX_THREADS);
 
     key->working_key = NULL;
     key->write_private_key = NULL;
