diff --git a/docs/algorithms/sig_stfl/lms.md b/docs/algorithms/sig_stfl/lms.md
new file mode 100644
index 0000000000..8357d0a8f6
--- /dev/null
+++ b/docs/algorithms/sig_stfl/lms.md
@@ -0,0 +1,50 @@
+# LMS
+
+- **Algorithm type**: Digital signature scheme.
+- **Main cryptographic assumption**: hash function second-preimage resistance.
+- **Principal submitters**: Scott Fluhrer.
+- **Auxiliary submitters**: C Martin, Maurice Hieronymus.
+- **Authors' website**: https://www.rfc-editor.org/info/rfc8554
+- **Specification version**: None.
+- **Primary Source**:
+ - **Source**: https://github.com/cisco/hash-sigs
+ - **Implementation license (SPDX-Identifier)**: MIT
+
+
+## Parameter set summary
+
+| Parameter set | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Signature size (bytes) |
+|:------------------------:|:-----------------|:---------------------|--------------------------:|--------------------------:|-------------------------:|
+| LMS_SHA256_H5_W1 | | | 60 | 64 | 8688 |
+| LMS_SHA256_H5_W2 | | | 60 | 64 | 4464 |
+| LMS_SHA256_H5_W4 | | | 60 | 64 | 2352 |
+| LMS_SHA256_H5_W8 | | | 60 | 64 | 1296 |
+| LMS_SHA256_H10_W1 | | | 60 | 64 | 8848 |
+| LMS_SHA256_H10_W2 | | | 60 | 64 | 4624 |
+| LMS_SHA256_H10_W4 | | | 60 | 64 | 2512 |
+| LMS_SHA256_H10_W8 | | | 60 | 64 | 1456 |
+| LMS_SHA256_H15_W1 | | | 60 | 64 | 9008 |
+| LMS_SHA256_H15_W2 | | | 60 | 64 | 4784 |
+| LMS_SHA256_H15_W4 | | | 60 | 64 | 2672 |
+| LMS_SHA256_H15_W8 | | | 60 | 64 | 1616 |
+| LMS_SHA256_H20_W1 | | | 60 | 64 | 9168 |
+| LMS_SHA256_H20_W2 | | | 60 | 64 | 4944 |
+| LMS_SHA256_H20_W4 | | | 60 | 64 | 2832 |
+| LMS_SHA256_H20_W8 | | | 60 | 64 | 1776 |
+| LMS_SHA256_H25_W1 | | | 60 | 64 | 9328 |
+| LMS_SHA256_H25_W2 | | | 60 | 64 | 5104 |
+| LMS_SHA256_H25_W4 | | | 60 | 64 | 2992 |
+| LMS_SHA256_H25_W8 | | | 60 | 64 | 1936 |
+| LMS_SHA256_H5_W8_H5_W8 | | | 60 | 64 | 2644 |
+| LMS_SHA256_H10_W4_H5_W8 | | | 60 | 64 | 2804 |
+| LMS_SHA256_H10_W8_H5_W8 | | | 60 | 64 | 3860 |
+| LMS_SHA256_H10_W2_H10_W2 | | | 60 | 64 | 9300 |
+| LMS_SHA256_H10_W4_H10_W4 | | | 60 | 64 | 5076 |
+| LMS_SHA256_H10_W8_H10_W8 | | | 60 | 64 | 2964 |
+| LMS_SHA256_H15_W8_H5_W8 | | | 60 | 64 | 2964 |
+| LMS_SHA256_H15_W8_H10_W8 | | | 60 | 64 | 3124 |
+| LMS_SHA256_H15_W8_H15_W8 | | | 60 | 64 | 3284 |
+| LMS_SHA256_H20_W8_H5_W8 | | | 60 | 64 | 3124 |
+| LMS_SHA256_H20_W8_H10_W8 | | | 60 | 64 | 3284 |
+| LMS_SHA256_H20_W8_H15_W8 | | | 60 | 64 | 3444 |
+| LMS_SHA256_H20_W8_H20_W8 | | | 60 | 64 | 3604 |
diff --git a/docs/algorithms/sig_stfl/lms.yml b/docs/algorithms/sig_stfl/lms.yml
new file mode 100644
index 0000000000..2741a3afea
--- /dev/null
+++ b/docs/algorithms/sig_stfl/lms.yml
@@ -0,0 +1,216 @@
+name: LMS
+type: stateful signature
+principal-submitters:
+- Scott Fluhrer
+auxiliary-submitters:
+- C Martin
+- Maurice Hieronymus
+
+crypto-assumption: hash function second-preimage resistance
+website: https://www.rfc-editor.org/info/rfc8554
+nist-round:
+spec-version:
+spdx-license-identifier:
+primary-upstream:
+ source: https://github.com/cisco/hash-sigs
+ spdx-license-identifier: MIT
+ upstream-ancestors:
+parameter-sets:
+- name: LMS_SHA256_H5_W1
+ claimed-nist-level:
+ claimed-security:
+ length-public-key: 60
+ length-secret-key: 64
+ length-signature: 8688
+- name: LMS_SHA256_H5_W2
+ claimed-nist-level:
+ claimed-security:
+ length-public-key: 60
+ length-secret-key: 64
+ length-signature: 4464
+- name: LMS_SHA256_H5_W4
+ claimed-nist-level:
+ claimed-security:
+ length-public-key: 60
+ length-secret-key: 64
+ length-signature: 2352
+- name: LMS_SHA256_H5_W8
+ claimed-nist-level:
+ claimed-security:
+ length-public-key: 60
+ length-secret-key: 64
+ length-signature: 1296
+- name: LMS_SHA256_H10_W1
+ claimed-nist-level:
+ claimed-security:
+ length-public-key: 60
+ length-secret-key: 64
+ length-signature: 8848
+- name: LMS_SHA256_H10_W2
+ claimed-nist-level:
+ claimed-security:
+ length-public-key: 60
+ length-secret-key: 64
+ length-signature: 4624
+- name: LMS_SHA256_H10_W4
+ claimed-nist-level:
+ claimed-security:
+ length-public-key: 60
+ length-secret-key: 64
+ length-signature: 2512
+- name: LMS_SHA256_H10_W8
+ claimed-nist-level:
+ claimed-security:
+ length-public-key: 60
+ length-secret-key: 64
+ length-signature: 1456
+- name: LMS_SHA256_H15_W1
+ claimed-nist-level:
+ claimed-security:
+ length-public-key: 60
+ length-secret-key: 64
+ length-signature: 9008
+- name: LMS_SHA256_H15_W2
+ claimed-nist-level:
+ claimed-security:
+ length-public-key: 60
+ length-secret-key: 64
+ length-signature: 4784
+- name: LMS_SHA256_H15_W4
+ claimed-nist-level:
+ claimed-security:
+ length-public-key: 60
+ length-secret-key: 64
+ length-signature: 2672
+- name: LMS_SHA256_H15_W8
+ claimed-nist-level:
+ claimed-security:
+ length-public-key: 60
+ length-secret-key: 64
+ length-signature: 1616
+- name: LMS_SHA256_H20_W1
+ claimed-nist-level:
+ claimed-security:
+ length-public-key: 60
+ length-secret-key: 64
+ length-signature: 9168
+- name: LMS_SHA256_H20_W2
+ claimed-nist-level:
+ claimed-security:
+ length-public-key: 60
+ length-secret-key: 64
+ length-signature: 4944
+- name: LMS_SHA256_H20_W4
+ claimed-nist-level:
+ claimed-security:
+ length-public-key: 60
+ length-secret-key: 64
+ length-signature: 2832
+- name: LMS_SHA256_H20_W8
+ claimed-nist-level:
+ claimed-security:
+ length-public-key: 60
+ length-secret-key: 64
+ length-signature: 1776
+- name: LMS_SHA256_H25_W1
+ claimed-nist-level:
+ claimed-security:
+ length-public-key: 60
+ length-secret-key: 64
+ length-signature: 9328
+- name: LMS_SHA256_H25_W2
+ claimed-nist-level:
+ claimed-security:
+ length-public-key: 60
+ length-secret-key: 64
+ length-signature: 5104
+- name: LMS_SHA256_H25_W4
+ claimed-nist-level:
+ claimed-security:
+ length-public-key: 60
+ length-secret-key: 64
+ length-signature: 2992
+- name: LMS_SHA256_H25_W8
+ claimed-nist-level:
+ claimed-security:
+ length-public-key: 60
+ length-secret-key: 64
+ length-signature: 1936
+- name: LMS_SHA256_H5_W8_H5_W8
+ claimed-nist-level:
+ claimed-security:
+ length-public-key: 60
+ length-secret-key: 64
+ length-signature: 2644
+- name: LMS_SHA256_H10_W4_H5_W8
+ claimed-nist-level:
+ claimed-security:
+ length-public-key: 60
+ length-secret-key: 64
+ length-signature: 2804
+- name: LMS_SHA256_H10_W8_H5_W8
+ claimed-nist-level:
+ claimed-security:
+ length-public-key: 60
+ length-secret-key: 64
+ length-signature: 3860
+- name: LMS_SHA256_H10_W2_H10_W2
+ claimed-nist-level:
+ claimed-security:
+ length-public-key: 60
+ length-secret-key: 64
+ length-signature: 9300
+- name: LMS_SHA256_H10_W4_H10_W4
+ claimed-nist-level:
+ claimed-security:
+ length-public-key: 60
+ length-secret-key: 64
+ length-signature: 5076
+- name: LMS_SHA256_H10_W8_H10_W8
+ claimed-nist-level:
+ claimed-security:
+ length-public-key: 60
+ length-secret-key: 64
+ length-signature: 2964
+- name: LMS_SHA256_H15_W8_H5_W8
+ claimed-nist-level:
+ claimed-security:
+ length-public-key: 60
+ length-secret-key: 64
+ length-signature: 2964
+- name: LMS_SHA256_H15_W8_H10_W8
+ claimed-nist-level:
+ claimed-security:
+ length-public-key: 60
+ length-secret-key: 64
+ length-signature: 3124
+- name: LMS_SHA256_H15_W8_H15_W8
+ claimed-nist-level:
+ claimed-security:
+ length-public-key: 60
+ length-secret-key: 64
+ length-signature: 3284
+- name: LMS_SHA256_H20_W8_H5_W8
+ claimed-nist-level:
+ claimed-security:
+ length-public-key: 60
+ length-secret-key: 64
+ length-signature: 3124
+- name: LMS_SHA256_H20_W8_H10_W8
+ claimed-nist-level:
+ claimed-security:
+ length-public-key: 60
+ length-secret-key: 64
+ length-signature: 3284
+- name: LMS_SHA256_H20_W8_H15_W8
+ claimed-nist-level:
+ claimed-security:
+ length-public-key: 60
+ length-secret-key: 64
+ length-signature: 3444
+- name: LMS_SHA256_H20_W8_H20_W8
+ claimed-nist-level:
+ claimed-security:
+ length-public-key: 60
+ length-secret-key: 64
+ length-signature: 3604
diff --git a/docs/algorithms/sig_stfl/sig_stfl.md b/docs/algorithms/sig_stfl/sig_stfl.md
new file mode 100644
index 0000000000..dfd0403066
--- /dev/null
+++ b/docs/algorithms/sig_stfl/sig_stfl.md
@@ -0,0 +1,29 @@
+
+# **Stateful Hash Based Signatures**
+
+The security of hash based signatures (HBS) is based on the underlying hash functions on which they are built.
+NIST recommendation is that they are suitable for near term use to mitigate against attacks mounted by quantum computers.
+While not a general purpose solution, they are useful means to authenticate boot or firmware images.
+
+**General**
+
+This package provides full support for a variety of variants for XMSS and LMS.
+Key generation, signature generation, and signature verification.
+Security of HBS also depends on the management of the state of the secret key. Secret keys can only used once to generate a signature.
+Multiple signing with same key can reveal that key to an attacker.
+Because of this, NIST recommends that key and signature generation be done in hardware security modules.
+Having said that, this library is fully functional for research purposes. Secret keys are incremented after each sign operation.
+However, secure storage and lifecycle management of the secret keys are left to applications using this feature.
+Secret key storage is easily done by supplying a callback function to the library. This callback is invoked to store the secret key.
+
+
+**Key State Management**
+
+Application writers have to supply callback functions to store and update secret keys.
+After a sign operation the secret key index is advanced and stored. This ensures one-time use of the key.
+Signing operations will fail without this callback set because the private key cannot be advanced (to prevent reuse).
+
+Stateful keys can generate a finite number of signatures. A counter tracks the limit when the key is created and is decremented after each signature is generated.
+When the counter is down to 0, signature generation fails. Applications can query the remaining count via an API.
+
+
diff --git a/docs/algorithms/sig_stfl/xmss.md b/docs/algorithms/sig_stfl/xmss.md
new file mode 100644
index 0000000000..b78dce983b
--- /dev/null
+++ b/docs/algorithms/sig_stfl/xmss.md
@@ -0,0 +1,44 @@
+# XMSS
+
+- **Algorithm type**: Digital signature scheme.
+- **Main cryptographic assumption**: hash function second-preimage resistance.
+- **Principal submitters**: Joost Rijneveld, A. Huelsing, David Cooper, Bas Westerbaan.
+- **Authors' website**: https://www.rfc-editor.org/info/rfc8391
+- **Specification version**: None.
+- **Primary Source**:
+ - **Source**: https://github.com/XMSS/xmss-reference
+ - **Implementation license (SPDX-Identifier)**: Apache-2.0 AND MIT
+
+
+## Parameter set summary
+
+| Parameter set | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Signature size (bytes) |
+|:----------------------:|:-----------------|:---------------------|--------------------------:|--------------------------:|-------------------------:|
+| XMSS-SHA2_10_256 | | | 64 | 1373 | 2500 |
+| XMSS-SHA2_16_256 | | | 64 | 2093 | 2692 |
+| XMSS-SHA2_20_256 | | | 64 | 2573 | 2820 |
+| XMSS-SHAKE_10_256 | | | 64 | 1373 | 2500 |
+| XMSS-SHAKE_16_256 | | | 64 | 2093 | 2692 |
+| XMSS-SHAKE_20_256 | | | 64 | 2573 | 2820 |
+| XMSS-SHA2_10_512 | | | 128 | 2653 | 9092 |
+| XMSS-SHA2_16_512 | | | 128 | 4045 | 9476 |
+| XMSS-SHA2_20_512 | | | 128 | 2653 | 9732 |
+| XMSS-SHAKE_10_512 | | | 128 | 2653 | 9092 |
+| XMSS-SHAKE_16_512 | | | 128 | 4045 | 9476 |
+| XMSS-SHAKE_20_512 | | | 128 | 4973 | 9732 |
+| XMSSMT-SHA2_20/2_256 | | | 64 | 5998 | 4963 |
+| XMSSMT-SHA2_20/4_256 | | | 64 | 10938 | 9251 |
+| XMSSMT-SHA2_40/2_256 | | | 64 | 9600 | 5605 |
+| XMSSMT-SHA2_40/4_256 | | | 64 | 15252 | 9893 |
+| XMSSMT-SHA2_40/8_256 | | | 64 | 24516 | 18469 |
+| XMSSMT-SHA2_60/3_256 | | | 64 | 16629 | 8392 |
+| XMSSMT-SHA2_60/6_256 | | | 64 | 24507 | 14824 |
+| XMSSMT-SHA2_60/12_256 | | | 64 | 38095 | 27688 |
+| XMSSMT-SHAKE_20/2_256 | | | 64 | 5998 | 4963 |
+| XMSSMT-SHAKE_20/4_256 | | | 64 | 10938 | 9251 |
+| XMSSMT-SHAKE_40/2_256 | | | 64 | 9600 | 5605 |
+| XMSSMT-SHAKE_40/4_256 | | | 64 | 15252 | 9893 |
+| XMSSMT-SHAKE_40/8_256 | | | 64 | 24516 | 18469 |
+| XMSSMT-SHAKE_60/3_256 | | | 64 | 24516 | 8392 |
+| XMSSMT-SHAKE_60/6_256 | | | 64 | 24507 | 14824 |
+| XMSSMT-SHAKE_60/12_256 | | | 64 | 38095 | 27688 |
diff --git a/docs/algorithms/sig_stfl/xmss.yml b/docs/algorithms/sig_stfl/xmss.yml
new file mode 100644
index 0000000000..bf57a7eeb8
--- /dev/null
+++ b/docs/algorithms/sig_stfl/xmss.yml
@@ -0,0 +1,187 @@
+name: XMSS
+type: stateful signature
+principal-submitters:
+- Joost Rijneveld
+- A. Huelsing
+- David Cooper
+- Bas Westerbaan
+auxiliary-submitters:
+
+crypto-assumption: hash function second-preimage resistance
+website: https://www.rfc-editor.org/info/rfc8391
+nist-round:
+spec-version:
+spdx-license-identifier: Apache-2.0 AND MIT
+primary-upstream:
+ source: https://github.com/XMSS/xmss-reference
+ spdx-license-identifier: Apache-2.0 AND MIT
+ upstream-ancestors:
+parameter-sets:
+- name: XMSS-SHA2_10_256
+ claimed-nist-level:
+ claimed-security:
+ length-public-key: 64
+ length-secret-key: 1373
+ length-signature: 2500
+- name: XMSS-SHA2_16_256
+ claimed-nist-level:
+ claimed-security:
+ length-public-key: 64
+ length-secret-key: 2093
+ length-signature: 2692
+- name: XMSS-SHA2_20_256
+ claimed-nist-level:
+ claimed-security:
+ length-public-key: 64
+ length-secret-key: 2573
+ length-signature: 2820
+- name: XMSS-SHAKE_10_256
+ claimed-nist-level:
+ claimed-security:
+ length-public-key: 64
+ length-secret-key: 1373
+ length-signature: 2500
+- name: XMSS-SHAKE_16_256
+ claimed-nist-level:
+ claimed-security:
+ length-public-key: 64
+ length-secret-key: 2093
+ length-signature: 2692
+- name: XMSS-SHAKE_20_256
+ claimed-nist-level:
+ claimed-security:
+ length-public-key: 64
+ length-secret-key: 2573
+ length-signature: 2820
+- name: XMSS-SHA2_10_512
+ claimed-nist-level:
+ claimed-security:
+ length-public-key: 128
+ length-secret-key: 2653
+ length-signature: 9092
+- name: XMSS-SHA2_16_512
+ claimed-nist-level:
+ claimed-security:
+ length-public-key: 128
+ length-secret-key: 4045
+ length-signature: 9476
+- name: XMSS-SHA2_20_512
+ claimed-nist-level:
+ claimed-security:
+ length-public-key: 128
+ length-secret-key: 2653
+ length-signature: 9732
+- name: XMSS-SHAKE_10_512
+ claimed-nist-level:
+ claimed-security:
+ length-public-key: 128
+ length-secret-key: 2653
+ length-signature: 9092
+- name: XMSS-SHAKE_16_512
+ claimed-nist-level:
+ claimed-security:
+ length-public-key: 128
+ length-secret-key: 4045
+ length-signature: 9476
+- name: XMSS-SHAKE_20_512
+ claimed-nist-level:
+ claimed-security:
+ length-public-key: 128
+ length-secret-key: 4973
+ length-signature: 9732
+- name: XMSSMT-SHA2_20/2_256
+ claimed-nist-level:
+ claimed-security:
+ length-public-key: 64
+ length-secret-key: 5998
+ length-signature: 4963
+- name: XMSSMT-SHA2_20/4_256
+ claimed-nist-level:
+ claimed-security:
+ length-public-key: 64
+ length-secret-key: 10938
+ length-signature: 9251
+- name: XMSSMT-SHA2_40/2_256
+ claimed-nist-level:
+ claimed-security:
+ length-public-key: 64
+ length-secret-key: 9600
+ length-signature: 5605
+- name: XMSSMT-SHA2_40/4_256
+ claimed-nist-level:
+ claimed-security:
+ length-public-key: 64
+ length-secret-key: 15252
+ length-signature: 9893
+- name: XMSSMT-SHA2_40/8_256
+ claimed-nist-level:
+ claimed-security:
+ length-public-key: 64
+ length-secret-key: 24516
+ length-signature: 18469
+- name: XMSSMT-SHA2_60/3_256
+ claimed-nist-level:
+ claimed-security:
+ length-public-key: 64
+ length-secret-key: 16629
+ length-signature: 8392
+- name: XMSSMT-SHA2_60/6_256
+ claimed-nist-level:
+ claimed-security:
+ length-public-key: 64
+ length-secret-key: 24507
+ length-signature: 14824
+- name: XMSSMT-SHA2_60/12_256
+ claimed-nist-level:
+ claimed-security:
+ length-public-key: 64
+ length-secret-key: 38095
+ length-signature: 27688
+- name: XMSSMT-SHAKE_20/2_256
+ claimed-nist-level:
+ claimed-security:
+ length-public-key: 64
+ length-secret-key: 5998
+ length-signature: 4963
+- name: XMSSMT-SHAKE_20/4_256
+ claimed-nist-level:
+ claimed-security:
+ length-public-key: 64
+ length-secret-key: 10938
+ length-signature: 9251
+- name: XMSSMT-SHAKE_40/2_256
+ claimed-nist-level:
+ claimed-security:
+ length-public-key: 64
+ length-secret-key: 9600
+ length-signature: 5605
+- name: XMSSMT-SHAKE_40/4_256
+ claimed-nist-level:
+ claimed-security:
+ length-public-key: 64
+ length-secret-key: 15252
+ length-signature: 9893
+- name: XMSSMT-SHAKE_40/8_256
+ claimed-nist-level:
+ claimed-security:
+ length-public-key: 64
+ length-secret-key: 24516
+ length-signature: 18469
+- name: XMSSMT-SHAKE_60/3_256
+ claimed-nist-level:
+ claimed-security:
+ length-public-key: 64
+ length-secret-key: 24516
+ length-signature: 8392
+- name: XMSSMT-SHAKE_60/6_256
+ claimed-nist-level:
+ claimed-security:
+ length-public-key: 64
+ length-secret-key: 24507
+ length-signature: 14824
+- name: XMSSMT-SHAKE_60/12_256
+ claimed-nist-level:
+ claimed-security:
+ length-public-key: 64
+ length-secret-key: 38095
+ length-signature: 27688
\ No newline at end of file
diff --git a/scripts/update_docs_from_yaml.py b/scripts/update_docs_from_yaml.py
index ef152d376a..a07a81c2d0 100644
--- a/scripts/update_docs_from_yaml.py
+++ b/scripts/update_docs_from_yaml.py
@@ -17,6 +17,7 @@ def file_get_contents(filename, encoding=None):
kem_yamls = []
sig_yamls = []
+sig_stfl_yamls = []
########################################
# Update the KEM markdown documentation.
@@ -269,6 +270,66 @@ def do_it(liboqs_root):
out_md.write('- **Large Stack Usage**: Implementations identified as having such may cause failures when running in threads or in constrained environments.')
+ ##############################################
+ # Update the stateful signature markdown documentation.
+ ##############################################
+ for sig_stfl_yaml_path in sorted(glob.glob(os.path.join(liboqs_root, 'docs', 'algorithms', 'sig_stfl', '*.yml'))):
+ sig_stfl_yaml = load_yaml(sig_stfl_yaml_path)
+ sig_stfl_yamls.append(sig_stfl_yaml)
+ sig_stfl_name = os.path.splitext(os.path.basename(sig_stfl_yaml_path))[0]
+ print('Updating {}/{}.md'.format(os.path.dirname(sig_stfl_yaml_path), sig_stfl_name))
+
+ with open(os.path.join(liboqs_root, 'docs', 'algorithms', 'sig_stfl', '{}.md'.format(sig_stfl_name)), mode='w', encoding='utf-8') as out_md:
+ out_md.write('# {}\n\n'.format(sig_stfl_yaml['name']))
+ out_md.write('- **Algorithm type**: Digital signature scheme.\n')
+ out_md.write('- **Main cryptographic assumption**: {}.\n'.format(sig_stfl_yaml['crypto-assumption']))
+ out_md.write('- **Principal submitters**: {}.\n'.format(', '.join(sig_stfl_yaml['principal-submitters'])))
+ if 'auxiliary-submitters' in sig_stfl_yaml and sig_stfl_yaml['auxiliary-submitters']:
+ out_md.write('- **Auxiliary submitters**: {}.\n'.format(', '.join(sig_stfl_yaml['auxiliary-submitters'])))
+ out_md.write('- **Authors\' website**: {}\n'.format(sig_stfl_yaml['website']))
+ out_md.write('- **Specification version**: {}.\n'.format(sig_stfl_yaml['spec-version']))
+
+ out_md.write('- **Primary Source**:\n')
+ out_md.write(' - **Source**: {}\n'.format(sig_stfl_yaml['primary-upstream']['source']))
+ out_md.write(' - **Implementation license (SPDX-Identifier)**: {}\n'.format(sig_stfl_yaml['primary-upstream']['spdx-license-identifier']))
+ if 'optimized-upstreams' in sig_stfl_yaml:
+ out_md.write('- **Optimized Implementation sources**: {}\n'.format(sig_stfl_yaml['primary-upstream']['source']))
+ for opt_upstream in sig_stfl_yaml['optimized-upstreams']:
+ out_md.write(' - **{}**:\n'.format(opt_upstream, opt_upstream))
+ out_md.write(' - **Source**: {}\n'.format(sig_stfl_yaml['optimized-upstreams'][opt_upstream]['source']))
+ out_md.write(' - **Implementation license (SPDX-Identifier)**: {}\n'.format(sig_stfl_yaml['optimized-upstreams'][opt_upstream]['spdx-license-identifier']))
+
+ if 'upstream-ancestors' in sig_stfl_yaml:
+ out_md.write(', which takes it from:\n')
+ for url in sig_stfl_yaml['upstream-ancestors'][:-1]:
+ out_md.write(' - {}, which takes it from:\n'.format(url))
+ out_md.write(' - {}\n'.format(sig_stfl_yaml['upstream-ancestors'][-1]))
+ else:
+ out_md.write('\n')
+
+ if 'advisories' in sig_stfl_yaml:
+ out_md.write('\n## Advisories\n\n')
+ for advisory in sig_stfl_yaml['advisories']:
+ out_md.write('- {}\n'.format(advisory))
+
+ out_md.write('\n## Parameter set summary\n\n')
+ table = [['Parameter set',
+ 'Security model',
+ 'Claimed NIST Level',
+ 'Public key size (bytes)',
+ 'Secret key size (bytes)',
+ 'Signature size (bytes)']]
+ for parameter_set in sig_stfl_yaml['parameter-sets']:
+ table.append([parameter_set['name'],
+ parameter_set['claimed-security'],
+ parameter_set['claimed-nist-level'],
+ parameter_set['length-public-key'],
+ parameter_set['length-secret-key'],
+ parameter_set['length-signature']])
+ out_md.write(tabulate.tabulate(table, tablefmt="pipe", headers="firstrow", colalign=("center",)))
+ out_md.write('\n')
+
+
####################
# Update the README.
diff --git a/src/sig_stfl/lms/external/common_defs.h b/src/sig_stfl/lms/external/common_defs.h
index 83739949ee..1c7c85d382 100644
--- a/src/sig_stfl/lms/external/common_defs.h
+++ b/src/sig_stfl/lms/external/common_defs.h
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: MIT
#if !defined( COMMON_DEFS_H_ )
#define COMMON_DEFS_H_
diff --git a/src/sig_stfl/lms/external/config.h b/src/sig_stfl/lms/external/config.h
index e23d19fa9a..f9549858a9 100644
--- a/src/sig_stfl/lms/external/config.h
+++ b/src/sig_stfl/lms/external/config.h
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: MIT
#if !defined( CONFIG_H_ )
#define CONFIG_H_
diff --git a/src/sig_stfl/lms/external/endian.c b/src/sig_stfl/lms/external/endian.c
index 0c3c55b0fe..52f8439baf 100644
--- a/src/sig_stfl/lms/external/endian.c
+++ b/src/sig_stfl/lms/external/endian.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: MIT
#include "endian.h"
void put_bigendian( void *target, unsigned long long value, size_t bytes ) {
diff --git a/src/sig_stfl/lms/external/endian.h b/src/sig_stfl/lms/external/endian.h
index a94177ddeb..09b9a609da 100644
--- a/src/sig_stfl/lms/external/endian.h
+++ b/src/sig_stfl/lms/external/endian.h
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: MIT
#if !defined( ENDIAN_H_ )
#define ENDIAN_H_
diff --git a/src/sig_stfl/lms/external/hash.c b/src/sig_stfl/lms/external/hash.c
index 0fe23ecc62..090dafd66c 100644
--- a/src/sig_stfl/lms/external/hash.c
+++ b/src/sig_stfl/lms/external/hash.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: MIT
#include
#include "hash.h"
#include "hss_zeroize.h"
diff --git a/src/sig_stfl/lms/external/hash.h b/src/sig_stfl/lms/external/hash.h
index 8b1891f108..bd42d3f0e9 100644
--- a/src/sig_stfl/lms/external/hash.h
+++ b/src/sig_stfl/lms/external/hash.h
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: MIT
#if !defined( HASH_H__ )
#define HASH_H__
#include
diff --git a/src/sig_stfl/lms/external/hss.c b/src/sig_stfl/lms/external/hss.c
index c38455daed..fd5342a982 100644
--- a/src/sig_stfl/lms/external/hss.c
+++ b/src/sig_stfl/lms/external/hss.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: MIT
/*
* This is an implementation of the HSS signature scheme from LMS
* This is designed to be full-featured
diff --git a/src/sig_stfl/lms/external/hss.h b/src/sig_stfl/lms/external/hss.h
index 5ff8fc5c52..675089ddf0 100644
--- a/src/sig_stfl/lms/external/hss.h
+++ b/src/sig_stfl/lms/external/hss.h
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: MIT
#if !defined(HSS_H_)
#define HSS_H_
diff --git a/src/sig_stfl/lms/external/hss_alloc.c b/src/sig_stfl/lms/external/hss_alloc.c
index 9e6e7694c1..53eaa762e2 100644
--- a/src/sig_stfl/lms/external/hss_alloc.c
+++ b/src/sig_stfl/lms/external/hss_alloc.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: MIT
/*
* This is the code which allocates a working key (and initializes the fields
* that are independent of the key)
diff --git a/src/sig_stfl/lms/external/hss_aux.c b/src/sig_stfl/lms/external/hss_aux.c
index 0d8777386f..a53b73a42b 100644
--- a/src/sig_stfl/lms/external/hss_aux.c
+++ b/src/sig_stfl/lms/external/hss_aux.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: MIT
/*
* This is the implementation of the aux data within the HSS tree
*/
diff --git a/src/sig_stfl/lms/external/hss_aux.h b/src/sig_stfl/lms/external/hss_aux.h
index 02e6677a38..8e5386b5b3 100644
--- a/src/sig_stfl/lms/external/hss_aux.h
+++ b/src/sig_stfl/lms/external/hss_aux.h
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: MIT
#if !defined( HSS_AUX_H_ )
#define HSS_AUX_H_
diff --git a/src/sig_stfl/lms/external/hss_common.c b/src/sig_stfl/lms/external/hss_common.c
index d07261dd26..4c764d6650 100644
--- a/src/sig_stfl/lms/external/hss_common.c
+++ b/src/sig_stfl/lms/external/hss_common.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: MIT
/*
* This is the code that is common between an HSS verifier, and a full HSS
* implementation that both signs and verifies
diff --git a/src/sig_stfl/lms/external/hss_common.h b/src/sig_stfl/lms/external/hss_common.h
index a5640d669e..17729a6a97 100644
--- a/src/sig_stfl/lms/external/hss_common.h
+++ b/src/sig_stfl/lms/external/hss_common.h
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: MIT
#if !defined( HSS_COMMON_H_ )
#define HSS_COMMON_H_
diff --git a/src/sig_stfl/lms/external/hss_compute.c b/src/sig_stfl/lms/external/hss_compute.c
index 752a7e2868..f4b1f3c1cd 100644
--- a/src/sig_stfl/lms/external/hss_compute.c
+++ b/src/sig_stfl/lms/external/hss_compute.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: MIT
/*
* This includes some computation methods that are shared between different
* subsystems of the HSS signature package
diff --git a/src/sig_stfl/lms/external/hss_derive.c b/src/sig_stfl/lms/external/hss_derive.c
index fc8833594a..d978fc5a66 100644
--- a/src/sig_stfl/lms/external/hss_derive.c
+++ b/src/sig_stfl/lms/external/hss_derive.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: MIT
/*
* This is the file that contains the routines that generate various 'random'
* values from the master seed.
diff --git a/src/sig_stfl/lms/external/hss_derive.h b/src/sig_stfl/lms/external/hss_derive.h
index 57ba4a1bc8..4886ab3f6a 100644
--- a/src/sig_stfl/lms/external/hss_derive.h
+++ b/src/sig_stfl/lms/external/hss_derive.h
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: MIT
#if !defined( HSS_DERIVE_H_ )
#define HSS_DERIVE_H_
diff --git a/src/sig_stfl/lms/external/hss_generate.c b/src/sig_stfl/lms/external/hss_generate.c
index 5d6880c267..28fcc9eaee 100644
--- a/src/sig_stfl/lms/external/hss_generate.c
+++ b/src/sig_stfl/lms/external/hss_generate.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: MIT
/*
* This is the routine that generates the ephemeral ("working") key from the
* short private value. It builds all the various current, building and
diff --git a/src/sig_stfl/lms/external/hss_internal.h b/src/sig_stfl/lms/external/hss_internal.h
index 4e7c53675d..3458e9ef85 100644
--- a/src/sig_stfl/lms/external/hss_internal.h
+++ b/src/sig_stfl/lms/external/hss_internal.h
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: MIT
#if !defined( HSS_INTERNAL_H_ )
#define HSS_INTERNAL_H_
diff --git a/src/sig_stfl/lms/external/hss_keygen.c b/src/sig_stfl/lms/external/hss_keygen.c
index 7a364b3f04..71da413325 100644
--- a/src/sig_stfl/lms/external/hss_keygen.c
+++ b/src/sig_stfl/lms/external/hss_keygen.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: MIT
#include
#include
#include "common_defs.h"
diff --git a/src/sig_stfl/lms/external/hss_param.c b/src/sig_stfl/lms/external/hss_param.c
index a1c20ab14c..838f7a8381 100644
--- a/src/sig_stfl/lms/external/hss_param.c
+++ b/src/sig_stfl/lms/external/hss_param.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: MIT
#include
#include "hss.h"
#include "hss_internal.h"
diff --git a/src/sig_stfl/lms/external/hss_reserve.c b/src/sig_stfl/lms/external/hss_reserve.c
index 7ef8585560..662df26628 100644
--- a/src/sig_stfl/lms/external/hss_reserve.c
+++ b/src/sig_stfl/lms/external/hss_reserve.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: MIT
#include
#include "common_defs.h"
#include "hss_internal.h"
diff --git a/src/sig_stfl/lms/external/hss_reserve.h b/src/sig_stfl/lms/external/hss_reserve.h
index 14f4da3096..d5c8284cf9 100644
--- a/src/sig_stfl/lms/external/hss_reserve.h
+++ b/src/sig_stfl/lms/external/hss_reserve.h
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: MIT
#if !defined( HSS_RESERVE_H_ )
#define HSS_RESERVE_H_
diff --git a/src/sig_stfl/lms/external/hss_sign.c b/src/sig_stfl/lms/external/hss_sign.c
index cbcbdf845b..44e850424e 100644
--- a/src/sig_stfl/lms/external/hss_sign.c
+++ b/src/sig_stfl/lms/external/hss_sign.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: MIT
/*
* This is an implementation of the HSS signature scheme from LMS
* This is the part that actually generates the signature
diff --git a/src/sig_stfl/lms/external/hss_sign_inc.c b/src/sig_stfl/lms/external/hss_sign_inc.c
index 6890a4a621..72a8a22c91 100644
--- a/src/sig_stfl/lms/external/hss_sign_inc.c
+++ b/src/sig_stfl/lms/external/hss_sign_inc.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: MIT
/*
* This is the code that implements the hierarchical part of the LMS hash
* based signatures; in this case, incremental signing
diff --git a/src/sig_stfl/lms/external/hss_sign_inc.h b/src/sig_stfl/lms/external/hss_sign_inc.h
index cf4f25aec6..ddca5ea63e 100644
--- a/src/sig_stfl/lms/external/hss_sign_inc.h
+++ b/src/sig_stfl/lms/external/hss_sign_inc.h
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: MIT
#if !defined( HSS_SIGN_INC_H_ )
#define HSS_SIGN_INC_H_
#include
diff --git a/src/sig_stfl/lms/external/hss_thread.h b/src/sig_stfl/lms/external/hss_thread.h
index 0fa48e958c..d2dcd8a3ea 100644
--- a/src/sig_stfl/lms/external/hss_thread.h
+++ b/src/sig_stfl/lms/external/hss_thread.h
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: MIT
#if !defined( HSS_THREAD_H_ )
#define HSS_THREAD_H_
/*
diff --git a/src/sig_stfl/lms/external/hss_thread_pthread.c b/src/sig_stfl/lms/external/hss_thread_pthread.c
index b5f64d3764..1ea90cc161 100644
--- a/src/sig_stfl/lms/external/hss_thread_pthread.c
+++ b/src/sig_stfl/lms/external/hss_thread_pthread.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: MIT
#include "hss_thread.h"
#include
diff --git a/src/sig_stfl/lms/external/hss_thread_single.c b/src/sig_stfl/lms/external/hss_thread_single.c
index d844385293..698e2dba6a 100644
--- a/src/sig_stfl/lms/external/hss_thread_single.c
+++ b/src/sig_stfl/lms/external/hss_thread_single.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: MIT
#include "hss_thread.h"
#include "config.h"
diff --git a/src/sig_stfl/lms/external/hss_verify.c b/src/sig_stfl/lms/external/hss_verify.c
index b7f0f8b489..1b993aa9b4 100644
--- a/src/sig_stfl/lms/external/hss_verify.c
+++ b/src/sig_stfl/lms/external/hss_verify.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: MIT
/*
* This is the code that implements the hierarchical part of the LMS hash
* based signatures
diff --git a/src/sig_stfl/lms/external/hss_verify.h b/src/sig_stfl/lms/external/hss_verify.h
index 6561ee2a3c..d806900fe4 100644
--- a/src/sig_stfl/lms/external/hss_verify.h
+++ b/src/sig_stfl/lms/external/hss_verify.h
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: MIT
#if !defined( HSS_VERIFY_H_ )
#define HSS_VERIFY_H_
diff --git a/src/sig_stfl/lms/external/hss_verify_inc.c b/src/sig_stfl/lms/external/hss_verify_inc.c
index 4b5cf7e7a1..e12cf5c021 100644
--- a/src/sig_stfl/lms/external/hss_verify_inc.c
+++ b/src/sig_stfl/lms/external/hss_verify_inc.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: MIT
/*
* This is the code that implements the hierarchical part of the LMS hash
* based signatures; in this case, incremental verification
diff --git a/src/sig_stfl/lms/external/hss_verify_inc.h b/src/sig_stfl/lms/external/hss_verify_inc.h
index 6c3ec74da1..c09d006e4a 100644
--- a/src/sig_stfl/lms/external/hss_verify_inc.h
+++ b/src/sig_stfl/lms/external/hss_verify_inc.h
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: MIT
#if !defined( HSS_VERIFY_INC_H_ )
#define HSS_VERIFY_INC_H_
#include
diff --git a/src/sig_stfl/lms/external/hss_zeroize.c b/src/sig_stfl/lms/external/hss_zeroize.c
index f2bd334903..9c31168069 100644
--- a/src/sig_stfl/lms/external/hss_zeroize.c
+++ b/src/sig_stfl/lms/external/hss_zeroize.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: MIT
#include "hss_zeroize.h"
#include
diff --git a/src/sig_stfl/lms/external/hss_zeroize.h b/src/sig_stfl/lms/external/hss_zeroize.h
index bfe84db155..6571c4233d 100644
--- a/src/sig_stfl/lms/external/hss_zeroize.h
+++ b/src/sig_stfl/lms/external/hss_zeroize.h
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: MIT
#if !defined( HSS_ZEROIZE_H_ )
#define HSS_ZEROIZE_H_
diff --git a/src/sig_stfl/lms/external/license.txt b/src/sig_stfl/lms/external/license.txt
new file mode 100644
index 0000000000..4e5a9b9b1e
--- /dev/null
+++ b/src/sig_stfl/lms/external/license.txt
@@ -0,0 +1,29 @@
+******************************************************************************
+Copyright (c) 2017 Cisco Systems, Inc. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+Redistributions in binary form must reproduce the above
+ copyright notice, this list of conditions and the following
+ disclaimer in the documentation and/or other materials provided
+ with the distribution.
+Neither the name of the Cisco Systems, Inc. nor the names of its
+ contributors may be used to endorse or promote products derived
+ from this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+OF THE POSSIBILITY OF SUCH DAMAGE.
+******************************************************************************
diff --git a/src/sig_stfl/lms/external/lm_common.c b/src/sig_stfl/lms/external/lm_common.c
index 5976f4b589..6f37af627e 100644
--- a/src/sig_stfl/lms/external/lm_common.c
+++ b/src/sig_stfl/lms/external/lm_common.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: MIT
/*
* This is the code that implements the tree part of the LMS hash
* based signatures
diff --git a/src/sig_stfl/lms/external/lm_common.h b/src/sig_stfl/lms/external/lm_common.h
index b577c22462..c7197fd5a0 100644
--- a/src/sig_stfl/lms/external/lm_common.h
+++ b/src/sig_stfl/lms/external/lm_common.h
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: MIT
#if !defined(LM_COMMON_H_)
#define LM_COMMON_H_
diff --git a/src/sig_stfl/lms/external/lm_ots.h b/src/sig_stfl/lms/external/lm_ots.h
index 4e33d9e9fd..f0cc42d11f 100644
--- a/src/sig_stfl/lms/external/lm_ots.h
+++ b/src/sig_stfl/lms/external/lm_ots.h
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: MIT
#if !defined( LM_OTS_H_ )
#define LM_OTS_H_
diff --git a/src/sig_stfl/lms/external/lm_ots_common.c b/src/sig_stfl/lms/external/lm_ots_common.c
index 45672e18b2..100eff606a 100644
--- a/src/sig_stfl/lms/external/lm_ots_common.c
+++ b/src/sig_stfl/lms/external/lm_ots_common.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: MIT
/*
* This is the code that implements the one-time-signature part of the LMS hash
* based signatures
diff --git a/src/sig_stfl/lms/external/lm_ots_common.h b/src/sig_stfl/lms/external/lm_ots_common.h
index fe6faebe98..db25d20999 100644
--- a/src/sig_stfl/lms/external/lm_ots_common.h
+++ b/src/sig_stfl/lms/external/lm_ots_common.h
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: MIT
#if !defined( LM_OTS_COMMON_H_ )
#define LM_OTS_COMMON_H_
diff --git a/src/sig_stfl/lms/external/lm_ots_sign.c b/src/sig_stfl/lms/external/lm_ots_sign.c
index ee8f56b0a2..7e0950c564 100644
--- a/src/sig_stfl/lms/external/lm_ots_sign.c
+++ b/src/sig_stfl/lms/external/lm_ots_sign.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: MIT
/*
* This is the code that implements the one-time-signature part of the LMS hash
* based signatures
diff --git a/src/sig_stfl/lms/external/lm_ots_verify.c b/src/sig_stfl/lms/external/lm_ots_verify.c
index 478f5ffe8d..b6e3980ab7 100644
--- a/src/sig_stfl/lms/external/lm_ots_verify.c
+++ b/src/sig_stfl/lms/external/lm_ots_verify.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: MIT
/*
* This is the code that implements the one-time-signature part of the LMS hash
* based signatures
diff --git a/src/sig_stfl/lms/external/lm_ots_verify.h b/src/sig_stfl/lms/external/lm_ots_verify.h
index dcf6551b0f..006ffe23bd 100644
--- a/src/sig_stfl/lms/external/lm_ots_verify.h
+++ b/src/sig_stfl/lms/external/lm_ots_verify.h
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: MIT
#if !defined( LM_OTS_VERIFY_H_ )
#define LM_OTS_VERIFY_H_
diff --git a/src/sig_stfl/lms/external/lm_verify.c b/src/sig_stfl/lms/external/lm_verify.c
index 3ec4cb6599..50fa54f475 100644
--- a/src/sig_stfl/lms/external/lm_verify.c
+++ b/src/sig_stfl/lms/external/lm_verify.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: MIT
/*
* This is the code that implements the tree part of the LMS hash
* based signatures
diff --git a/src/sig_stfl/lms/external/lm_verify.h b/src/sig_stfl/lms/external/lm_verify.h
index b7b6b0736d..ff67f51ac8 100644
--- a/src/sig_stfl/lms/external/lm_verify.h
+++ b/src/sig_stfl/lms/external/lm_verify.h
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: MIT
#if !defined(LM_VERIFY_H_)
#define LM_VERIFY_H_
diff --git a/src/sig_stfl/lms/external/lms_namespace.h b/src/sig_stfl/lms/external/lms_namespace.h
index c1b8f142ae..099a37c19b 100644
--- a/src/sig_stfl/lms/external/lms_namespace.h
+++ b/src/sig_stfl/lms/external/lms_namespace.h
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: MIT
#ifndef _LMS_NAMESPACE_H
#define _LMS_NAMESPACE_H