TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / ab4f87413a79b5fb9158530fa7e7b0f8324c0328^! / . / include / mbedtls
commitab4f87413a79b5fb9158530fa7e7b0f8324c0328[log] [tgz]
authorRaef Coles <raef.coles@arm.com>Thu Sep 01 12:24:31 2022 +0100
committerRaef Coles <raef.coles@arm.com>Thu Oct 13 14:28:35 2022 +0100
tree0d5ae188ad5b82311eac102f86925a7559877f24
parentebd35b5b80993221757a9c90a22336ecc6f59c4d [diff]
Add MBEDTLS_LMS_PRIVATE define

To enable private key operations

Signed-off-by: Raef Coles <raef.coles@arm.com>

diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index 2921278..570d9db 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h

@@ -358,6 +358,11 @@
 #error "MBEDTLS_LMS_C requires MBEDTLS_PSA_CRYPTO_C"
 #endif
 
+#if defined(MBEDTLS_LMS_PRIVATE) &&                                    \
+    ( !defined(MBEDTLS_LMS_C) )
+#error "MBEDTLS_LMS_PRIVATE requires MBEDTLS_LMS_C"
+#endif
+
 #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) &&                          \
     ( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_PLATFORM_MEMORY) )
 #error "MBEDTLS_MEMORY_BUFFER_ALLOC_C defined, but not all prerequisites"

diff --git a/include/mbedtls/lms.h b/include/mbedtls/lms.h
index c463b2a..65b1b7e 100644
--- a/include/mbedtls/lms.h
+++ b/include/mbedtls/lms.h

@@ -106,6 +106,7 @@
 } mbedtls_lms_public_t;
 
 
+#ifdef MBEDTLS_LMS_PRIVATE
 /** LMS private context structure.
  *
  * A LMS private key is a set of LMOTS private keys, an index to the next usable
@@ -133,6 +134,7 @@
     unsigned char MBEDTLS_PRIVATE(have_private_key); /*!< Whether the context contains a private key.
                                                      Boolean values only. */
 } mbedtls_lms_private_t;
+#endif /* MBEDTLS_LMS_PRIVATE */
 
 /**
  * \brief                    This function initializes an LMS public context
@@ -196,6 +198,7 @@
                         const unsigned char *msg, size_t msg_size,
                         const unsigned char *sig, size_t sig_size );
 
+#ifdef MBEDTLS_LMS_PRIVATE
 /**
  * \brief                    This function initializes an LMS private context
  *
@@ -328,6 +331,7 @@
                       int (*f_rng)(void *, unsigned char *, size_t),
                       void* p_rng, unsigned char *msg, unsigned int msg_size,
                       unsigned char *sig, size_t sig_size, size_t *sig_len);
+#endif /* MBEDTLS_LMS_PRIVATE */
 
 #ifdef __cplusplus
 }

diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index 8c833b1..c0caf75 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h

@@ -2469,13 +2469,25 @@
  * Module:  library/lms.c
  * Caller:
  *
- * Requires: MBEDTLS_MD_C
+ * Requires: MBEDTLS_PSA_CRYPTO_C
  *
- * Uncomment to enable the LMS signature algorithm.
+ * Uncomment to enable the LMS verification algorithm and public key operations.
  */
 #define MBEDTLS_LMS_C
 
 /**
+ * \def MBEDTLS_LMS_PRIVATE
+ *
+ * Enable LMS private-key operations and signing code. Functions enabled by this
+ * option are experimental, and should not be used in production.
+ *
+ * Requires: MBEDTLS_LMS_C
+ *
+ * Uncomment to enable the LMS signature algorithm and private key operations.
+ */
+// #define MBEDTLS_LMS_PRIVATE
+
+/**
  * \def MBEDTLS_NIST_KW_C
  *
  * Enable the Key Wrapping mode for 128-bit block ciphers,