Skip to content

Add LMS/HSS (verify only) to wolfCrypt JNI and wolfJCE#233

Merged
rlm2002 merged 1 commit into
wolfSSL:masterfrom
cconlon:pqc-lms
Jul 2, 2026
Merged

Add LMS/HSS (verify only) to wolfCrypt JNI and wolfJCE#233
rlm2002 merged 1 commit into
wolfSSL:masterfrom
cconlon:pqc-lms

Conversation

@cconlon

@cconlon cconlon commented Jun 25, 2026

Copy link
Copy Markdown
Member

This PR adds verify-only LMS/HSS to the JNI wrapper (com.wolfssl.wolfcrypt.Lms) and the wolfJCE provider. Verify-only matches the JDK SUN provider. Stateful hash-based signing belongs in hardware (NIST SP 800-208), so key generation, signing, and private keys are intentionally not supported yet.

Services

  • SignatureLMS, HSS/LMS, OID 1.2.840.113549.1.9.16.3.17 (verify, initSign throws InvalidKeyException)
  • KeyFactory — public keys only, X.509 SPKI (generatePrivate throws InvalidKeySpecException)
  • KeyStore (WKS) — LMS certificates / public keys
  • No KeyPairGenerator

Notes

  • Public keys: writes RFC 9708 (unwrapped) SPKI, reads RFC 9708 + RFC 8708 (wrapped). Verifies against the JDK SUN HSS/LMS provider.
  • All four hash families: SHA-256/256, SHA-256/192, SHAKE256/256, SHAKE256/192.

Requirements

Native wolfSSL with --enable-lms (or --enable-lms=verify-only). Add --enable-sha3 for SHAKE families.

Testing

Added unit tests. JNI and JCE known-answer tests use RFC 8554 (TC1) and RFC 9858 (A.1–A.4) vectors.

Added new GitHub pull request workflows for the following native wolfSSL builds:

    strategy:
      matrix:
        os: [ 'ubuntu-latest', 'macos-latest' ]
        jdk_version: [ '11', '21', '24' ]
        wolfssl_configure:
          - '--enable-jni --enable-lms'
          - '--enable-jni --enable-lms=verify-only'
          - '--enable-jni --enable-lms=verify-only,small'
          - '--enable-jni --enable-lms=sha256-192,shake256 --enable-sha3'
          - '--enable-jni --enable-all --enable-lms'

@cconlon cconlon self-assigned this Jun 25, 2026
Copilot AI review requested due to automatic review settings June 25, 2026 18:35

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This pull request adds verify-only LMS/HSS (RFC 8554) support across the wolfCrypt JNI wrapper and the wolfJCE provider, including public-key (SPKI) handling and tests based on RFC vectors, aligning behavior with the JDK SUN provider’s verify-only posture.

Changes:

  • Add com.wolfssl.wolfcrypt.Lms JNI wrapper + native JNI bindings for LMS/HSS verification and parameter introspection.
  • Register LMS/HSS Signature (verify-only) and KeyFactory (public only) services in wolfJCE, including SPKI encode/decode utilities and public key implementation.
  • Add unit tests (JNI KATs + JCE API tests) and update build/docs/scripts to include LMS artifacts.

Reviewed changes

Copilot reviewed 19 out of 21 changed files in this pull request and generated 4 comments.

Show a summary per file
File Description
src/test/java/com/wolfssl/wolfcrypt/test/WolfCryptTestSuite.java Adds LmsTest to the wolfCrypt JNI test suite.
src/test/java/com/wolfssl/wolfcrypt/test/LmsTest.java Adds JNI-level RFC 8554 / RFC 9858 known-answer verification tests.
src/test/java/com/wolfssl/provider/jce/test/WolfSSLKeyStoreTest.java Adds WKS KeyStore round-trip test for an LMS certificate and public-key import.
src/test/java/com/wolfssl/provider/jce/test/WolfJCETestSuite.java Adds LMS JCE tests to the wolfJCE test suite.
src/test/java/com/wolfssl/provider/jce/test/WolfCryptLmsSignatureTest.java Adds JCE Signature (verify-only) tests for LMS/HSS using SPKI-wrapped RFC vectors.
src/test/java/com/wolfssl/provider/jce/test/WolfCryptLmsKeyFactoryTest.java Adds JCE KeyFactory tests for LMS public key import/round-trip and private-key rejection.
src/main/java/com/wolfssl/wolfcrypt/Lms.java Introduces the JVM wrapper for native verify-only LMS/HSS key operations.
src/main/java/com/wolfssl/provider/jce/WolfCryptProvider.java Registers LMS/HSS Signature and KeyFactory services (gated by native feature detection).
src/main/java/com/wolfssl/provider/jce/WolfCryptLmsUtil.java Adds strict DER parsing + SPKI encoding/decoding helpers for LMS/HSS public keys.
src/main/java/com/wolfssl/provider/jce/WolfCryptLmsSignature.java Adds verify-only SignatureSpi implementation for LMS/HSS.
src/main/java/com/wolfssl/provider/jce/WolfCryptLmsPublicKey.java Adds LMS/HSS PublicKey implementation with canonicalized SPKI encoding and destroy support.
src/main/java/com/wolfssl/provider/jce/WolfCryptLmsKeyFactory.java Adds verify-only LMS/HSS KeyFactorySpi supporting X.509 public keys only.
scripts/infer.sh Adds new LMS Java sources to Infer’s compilation list.
README.md Documents how to enable native LMS and describes verify-only JCE behavior.
README_JCE.md Lists LMS/HSS as supported by wolfJCE (names + OID).
makefile.macosx Links in jni_lms.o.
makefile.linux Links in jni_lms.o.
jni/jni_lms.c Implements JNI bridge to native wc_LmsKey_* verify/import/parameter APIs.
jni/include/com_wolfssl_wolfcrypt_Lms.h Adds generated JNI header for the new Lms class.
examples/certs/update-certs.sh Adds LMS certificate(s) to the cert update script.
Files not reviewed (1)
  • jni/include/com_wolfssl_wolfcrypt_Lms.h: Generated file

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread src/main/java/com/wolfssl/provider/jce/WolfCryptLmsSignature.java
Comment thread src/test/java/com/wolfssl/wolfcrypt/test/LmsTest.java

@wolfSSL-Fenrir-bot wolfSSL-Fenrir-bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fenrir Automated Review — PR #233

Scan targets checked: wolfcrypt-jni-bugs, wolfcrypt-jni-src

No new issues found in the changed files. ✅

@cconlon cconlon assigned rlm2002 and unassigned cconlon Jun 25, 2026
@cconlon cconlon changed the title JNI/JCE: add LMS/HSS (verify only) to wolfCrypt JNI and wolfJCE Add LMS/HSS (verify only) to wolfCrypt JNI and wolfJCE Jun 26, 2026
Comment thread jni/jni_lms.c
Comment thread src/main/java/com/wolfssl/provider/jce/WolfCryptLmsPublicKey.java Outdated
Comment thread makefile.macosx Outdated

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 24 out of 26 changed files in this pull request and generated 2 comments.

Files not reviewed (1)
  • jni/include/com_wolfssl_wolfcrypt_Lms.h: Generated file

Comment thread src/main/java/com/wolfssl/provider/jce/WolfCryptLmsUtil.java Outdated
Comment thread src/main/java/com/wolfssl/provider/jce/WolfCryptLmsSignature.java

@wolfSSL-Fenrir-bot wolfSSL-Fenrir-bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fenrir Automated Review — PR #233

Scan targets checked: wolfcrypt-jni-bugs, wolfcrypt-jni-src

No new issues found in the changed files. ✅

@cconlon cconlon assigned rlm2002 and unassigned cconlon Jun 30, 2026
@rlm2002 rlm2002 assigned cconlon and unassigned rlm2002 Jun 30, 2026
@cconlon cconlon force-pushed the pqc-lms branch 4 times, most recently from 804814a to 2a5a9ef Compare July 1, 2026 18:22

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 28 out of 30 changed files in this pull request and generated no new comments.

Files not reviewed (1)
  • jni/include/com_wolfssl_wolfcrypt_Lms.h: Generated file

@cconlon cconlon assigned rlm2002 and unassigned cconlon Jul 1, 2026
@rlm2002 rlm2002 merged commit d686a43 into wolfSSL:master Jul 2, 2026
144 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants