 |
XMSS Library
|
|
XMSS Library
|
This document provides guidelines for building the library targeting (small) embedded systems.
As an example, we consider an ARM Cortex-M controller.
On Ubuntu, the gcc-arm-none-eabi cross-compiler can be used to target the controller. This would lead to configuring the library using:
The platform, like most embedded platforms, does not provide all the standard C functionality such as file IO. newlib can be used to provide a minimum set of C functions. A default build would fail due to the absence of any IO-related C functions. This can be resolved adding one more configuration option:
Embedded systems usually have limited amounts of memory, especially when the library is built as part of a small boot loader.
The following additional cmake option can be used to optimize the library for size:
If the library is only going to be used for verification (which is the case for boot loaders), then you can disable building any of the signing code with:
If it is known in advance that only one hash algorithm is going to be used by the signer, then disabling the other algorithm reduces the size of the library. See Hash optimization.
For example, if only the SHA-256 algorithm will be used then configure the library with:
See Hash optimization on how to replace the default implementation of a hash algorithm with an override that could both increase the performance as well as reduce the size of the library.
Given the example platform and boot loader use case, we could configure the library as follows to reduce its size:
1.9.1