lowRISC · pamaury · Jan 14, 2025 · Dec 19, 2024 · Jan 13, 2025 · Jan 13, 2025
diff --git a/MODULE.bazel.lock b/MODULE.bazel.lock
diff --git a/...m/tokens/1fb9bf0b-6f47-74b5-05b9-e1ccf1488ff0/30272913-d12b-af71-8cc9-c2686e538e23.object b/...m/tokens/1fb9bf0b-6f47-74b5-05b9-e1ccf1488ff0/30272913-d12b-af71-8cc9-c2686e538e23.object
diff --git a/...30272913-d12b-af71-8cc9-c2686e538e23.lock → ...ef3261cb-77ce-b359-0c9f-43fa2d34f8d3.lock b/...30272913-d12b-af71-8cc9-c2686e538e23.lock → ...ef3261cb-77ce-b359-0c9f-43fa2d34f8d3.lock
diff --git a/...m/tokens/1fb9bf0b-6f47-74b5-05b9-e1ccf1488ff0/ef3261cb-77ce-b359-0c9f-43fa2d34f8d3.object b/...m/tokens/1fb9bf0b-6f47-74b5-05b9-e1ccf1488ff0/ef3261cb-77ce-b359-0c9f-43fa2d34f8d3.object
diff --git a/signing/softhsm/tokens/1fb9bf0b-6f47-74b5-05b9-e1ccf1488ff0/token.object b/signing/softhsm/tokens/1fb9bf0b-6f47-74b5-05b9-e1ccf1488ff0/token.object
diff --git a/sw/host/hsmtool/BUILD b/sw/host/hsmtool/BUILD
@@ -126,10 +126,12 @@ rust_library(
         "src/commands/spx/verify.rs",
         "src/commands/token.rs",
         "src/error.rs",
+        "src/extra/mod.rs",
+        "src/extra/spxef.rs",
+        "src/extra/spxkms.rs",
         "src/lib.rs",
         "src/module.rs",
         "src/profile.rs",
-        "src/spxef/mod.rs",
         "src/util/attribute/attr.rs",
         "src/util/attribute/data.rs",
         "src/util/attribute/date.rs",
@@ -163,6 +165,7 @@ rust_library(
         "//sw/host/hsmtool/acorn",
         "//sw/host/sphincsplus",
         "@crate_index//:anyhow",
+        "@crate_index//:base64ct",
         "@crate_index//:clap",
         "@crate_index//:cryptoki",
         "@crate_index//:cryptoki-sys",
@@ -177,6 +180,7 @@ rust_library(
         "@crate_index//:pem-rfc7468",
         "@crate_index//:rand",
         "@crate_index//:regex",
+        "@crate_index//:reqwest",
         "@crate_index//:rsa",
         "@crate_index//:rustix",
         "@crate_index//:serde",

diff --git a/sw/host/hsmtool/acorn/BUILD b/sw/host/hsmtool/acorn/BUILD
@@ -17,6 +17,7 @@ rust_library(
     crate_root = "lib.rs",
     deps = [
         "//sw/host/hsmtool/acorn/vendor:acorn_bindgen",
+        "//sw/host/sphincsplus",
         "@crate_index//:anyhow",
         "@crate_index//:bitflags",
         "@crate_index//:libloading",

@@ -4,6 +4,7 @@
 
 use anyhow::Result;
 use libloading::Library;
+use sphincsplus::SpxDomain;
 use std::ffi::{CStr, CString};
 use thiserror::Error;
 
@@ -436,9 +437,16 @@ impl SpxInterface for Acorn {
         }
     }
 
-    fn sign(&self, alias: Option<&str>, key_hash: Option<&str>, message: &[u8]) -> Result<Vec<u8>> {
+    fn sign(
+        &self,
+        alias: Option<&str>,
+        key_hash: Option<&str>,
+        domain: SpxDomain,
+        message: &[u8],
+    ) -> Result<Vec<u8>> {
         let alias = alias.map(CString::new).transpose()?;
         let key_hash = key_hash.map(CString::new).transpose()?;
+        let message = domain.prepare(message);
         // SAFETY: The signature returned by `sign` is copied into a rust Vec.
         // The memory allocated by the acorn library is freed by the acorn library's
         // free function.
@@ -478,11 +486,13 @@ impl SpxInterface for Acorn {
         &self,
         alias: Option<&str>,
         key_hash: Option<&str>,
+        domain: SpxDomain,
         message: &[u8],
         signature: &[u8],
     ) -> Result<bool> {
         let alias = alias.map(CString::new).transpose()?;
         let key_hash = key_hash.map(CString::new).transpose()?;
+        let message = domain.prepare(message);
         // SAFETY: The signature returned by `sign` is copied into a rust Vec.
         // The memory allocated by the acorn library is freed by the acorn library's
         // free function.

@@ -4,6 +4,7 @@
 
 use anyhow::Result;
 use bitflags::bitflags;
+use sphincsplus::SpxDomain;
 
 #[derive(Debug, Default)]
 pub struct KeyEntry {
@@ -71,13 +72,20 @@ pub trait SpxInterface {
     ) -> Result<KeyEntry>;
 
     /// Sign a message.
-    fn sign(&self, alias: Option<&str>, key_hash: Option<&str>, message: &[u8]) -> Result<Vec<u8>>;
+    fn sign(
+        &self,
+        alias: Option<&str>,
+        key_hash: Option<&str>,
+        domain: SpxDomain,
+        message: &[u8],
+    ) -> Result<Vec<u8>>;
 
     /// Verify a message.
     fn verify(
         &self,
         alias: Option<&str>,
         key_hash: Option<&str>,
+        domain: SpxDomain,
         message: &[u8],
         signature: &[u8],
     ) -> Result<bool>;

@@ -43,7 +43,12 @@ impl Dispatch for Sign {
 
         let data = std::fs::read(&self.input)?;
         let data = self.format.spx_prepare(self.domain, &data)?;
-        let result = spx.sign(self.label.as_deref(), self.id.as_deref(), &data)?;
+        let result = spx.sign(
+            self.label.as_deref(),
+            self.id.as_deref(),
+            self.domain,
+            &data,
+        )?;
         std::fs::write(&self.output, &result)?;
         Ok(Box::<BasicResult>::default())
     }

@@ -43,7 +43,13 @@ impl Dispatch for Verify {
         let data = std::fs::read(&self.input)?;
         let data = self.format.spx_prepare(self.domain, &data)?;
         let signature = std::fs::read(&self.signature)?;
-        let result = spx.verify(self.label.as_deref(), self.id.as_deref(), &data, &signature)?;
+        let result = spx.verify(
+            self.label.as_deref(),
+            self.id.as_deref(),
+            self.domain,
+            &data,
+            &signature,
+        )?;
         Ok(Box::new(BasicResult {
             success: result,
             error: if result {

@@ -0,0 +1,9 @@
+// Copyright lowRISC contributors (OpenTitan project).
+// Licensed under the Apache License, Version 2.0, see LICENSE for details.
+// SPDX-License-Identifier: Apache-2.0
+
+mod spxef;
+mod spxkms;
+
+pub use spxef::SpxEf;
+pub use spxkms::SpxKms;
@@ -184,20 +184,27 @@ impl SpxInterface for SpxEf {
     }
 
     /// Sign a message.
-    fn sign(&self, alias: Option<&str>, key_hash: Option<&str>, message: &[u8]) -> Result<Vec<u8>> {
+    fn sign(
+        &self,
+        alias: Option<&str>,
+        key_hash: Option<&str>,
+        domain: SpxDomain,
+        message: &[u8],
+    ) -> Result<Vec<u8>> {
         let alias = alias.ok_or(HsmError::NoSearchCriteria)?;
         if key_hash.is_some() {
             log::warn!("ignored key_hash {key_hash:?}");
         }
         let sk = self.load_key(alias)?;
-        Ok(sk.sign(SpxDomain::None, message)?)
+        Ok(sk.sign(domain, message)?)
     }
 
     /// Verify a message.
     fn verify(
         &self,
         alias: Option<&str>,
         key_hash: Option<&str>,
+        domain: SpxDomain,
         message: &[u8],
         signature: &[u8],
     ) -> Result<bool> {
@@ -207,7 +214,7 @@ impl SpxInterface for SpxEf {
         }
         let sk = self.load_key(alias)?;
         let pk = SpxPublicKey::from(&sk);
-        match pk.verify(SpxDomain::None, signature, message) {
+        match pk.verify(domain, signature, message) {
             Ok(()) => Ok(true),
             Err(SpxError::BadSignature) => Ok(false),
             Err(e) => Err(e.into()),