From 3db6b44f775fdb57440678c42153c57660ad50c1 Mon Sep 17 00:00:00 2001
From: Norman Ashley <nashley@cisco.com>
Date: Thu, 5 Oct 2023 14:19:13 -0400
Subject: [PATCH] Secret Key Query  (#1572)

* Added functions to query the total, as well as, the remaining numbers of signing operation for a given secret key.

* Cleanup unused variable

* Fix code style
---
 src/sig_stfl/lms/sig_stfl_lms_functions.c | 61 +++++++++++++++---
 tests/test_sig_stfl.c                     | 77 ++++++++++++++++++++++-
 2 files changed, 128 insertions(+), 10 deletions(-)

diff --git a/src/sig_stfl/lms/sig_stfl_lms_functions.c b/src/sig_stfl/lms/sig_stfl_lms_functions.c
index 59265f3110..018b04b21e 100644
--- a/src/sig_stfl/lms/sig_stfl_lms_functions.c
+++ b/src/sig_stfl/lms/sig_stfl_lms_functions.c
@@ -7,8 +7,9 @@
 #include "external/hss_verify_inc.h"
 #include "external/hss_sign_inc.h"
 #include "external/hss.h"
+#include "external/endian.h"
+#include "external/hss_internal.h"
 #include "sig_stfl_lms_wrap.h"
-#include <stdio.h>
 
 #define DEFAULT_AUX_DATA 10916   /* Use 10+k of aux data (which works well */
 /* with the above default parameter set)  */
@@ -136,17 +137,39 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_lms_verify(const uint8_t *message, size_t me
 }
 
 OQS_API OQS_STATUS OQS_SIG_STFL_lms_sigs_left(unsigned long long *remain, const OQS_SIG_STFL_SECRET_KEY *secret_key) {
+	OQS_STATUS status;
+	uint8_t *priv_key = NULL;
+	unsigned long long total_sigs = 0;
+	sequence_t current_count = 0;
+	oqs_lms_key_data *oqs_key_data = NULL;
 
 	if (remain == NULL  || secret_key == NULL) {
 		return OQS_ERROR;
 	}
+
+	status = OQS_SIG_STFL_lms_sigs_total(&total_sigs, secret_key);
+	if (status != OQS_SUCCESS) {
+		return OQS_ERROR;
+	}
+
 	/* Lock secret key to ensure data integrity use */
 	if ((secret_key->lock_key) && (secret_key->mutex)) {
 		secret_key->lock_key(secret_key->mutex);
 	}
 
-	remain = 0;
+	oqs_key_data = secret_key->secret_key_data;
+	if (oqs_key_data == NULL) {
+		goto err;
+	}
+	priv_key = oqs_key_data->sec_key;
+	if (priv_key == NULL) {
+		goto err;
+	}
+
+	current_count = get_bigendian(priv_key + PRIVATE_KEY_INDEX, PRIVATE_KEY_INDEX_LEN /*0, 8 */);
+	*remain =  (total_sigs - (unsigned long long)current_count);
 
+err:
 	/* Unlock secret key */
 	if ((secret_key->unlock_key) && (secret_key->mutex)) {
 		secret_key->unlock_key(secret_key->mutex);
@@ -156,11 +179,38 @@ OQS_API OQS_STATUS OQS_SIG_STFL_lms_sigs_left(unsigned long long *remain, const
 
 OQS_API OQS_STATUS OQS_SIG_STFL_lms_sigs_total(unsigned long long *total, const OQS_SIG_STFL_SECRET_KEY *secret_key) {
 
+	uint8_t *priv_key = NULL;
+	oqs_lms_key_data *oqs_key_data = NULL;
+	struct hss_working_key *working_key = NULL;
+
+
 	if (total == NULL  || secret_key == NULL) {
 		return OQS_ERROR;
 	}
 
-	total = 0;
+	oqs_key_data = secret_key->secret_key_data;
+	if (!oqs_key_data) {
+		return OQS_ERROR;
+	}
+
+	priv_key = oqs_key_data->sec_key;
+	if (!priv_key) {
+		return OQS_ERROR;
+	}
+
+	working_key = hss_load_private_key(NULL, priv_key,
+	                                   0,
+	                                   NULL,
+	                                   0,
+	                                   0);
+	if (!working_key) {
+		return OQS_ERROR;
+	}
+
+
+
+	*total = (unsigned long long)working_key->max_count;
+	OQS_MEM_secure_free(working_key, sizeof(struct hss_working_key));
 	return OQS_SUCCESS;
 }
 
@@ -293,7 +343,7 @@ int oqs_sig_stfl_lms_keypair(uint8_t *pk, OQS_SIG_STFL_SECRET_KEY *sk, const uin
 		memcpy(pk, oqs_key_data->public_key, len_public_key);
 		sk->secret_key_data = oqs_key_data;
 	} else {
-		OQS_MEM_insecure_free(oqs_key_data->sec_key);
+		OQS_MEM_secure_free(oqs_key_data->sec_key, sk->length_secret_key * sizeof(uint8_t));
 		OQS_MEM_insecure_free(oqs_key_data->aux_data);
 		OQS_MEM_insecure_free(oqs_key_data);
 		oqs_key_data = NULL;
@@ -329,7 +379,6 @@ int oqs_sig_stfl_lms_sign(OQS_SIG_STFL_SECRET_KEY *sk,
 	                         0,
 	                         0);
 	if (!w) {
-		printf( "Error loading private key\n" );
 		hss_free_working_key(w);
 		return 0;
 	}
@@ -340,14 +389,12 @@ int oqs_sig_stfl_lms_sign(OQS_SIG_STFL_SECRET_KEY *sk,
 
 	sig_len = hss_get_signature_len_from_working_key(w);
 	if (sig_len == 0) {
-		printf( "Error getting signature len\n" );
 		hss_free_working_key(w);
 		return 0;
 	}
 
 	sig = malloc(sig_len);
 	if (!sig) {
-		printf( "Error during malloc\n" );
 		hss_free_working_key(w);
 		return -1;
 	}
diff --git a/tests/test_sig_stfl.c b/tests/test_sig_stfl.c
index 8a3cb2252d..2f2b176016 100644
--- a/tests/test_sig_stfl.c
+++ b/tests/test_sig_stfl.c
@@ -559,7 +559,7 @@ static OQS_STATUS sig_stfl_test_secret_key(const char *method_name) {
 	OQS_STATUS rc = OQS_SUCCESS;
 	OQS_SIG_STFL_SECRET_KEY *sk = NULL;
 	OQS_SIG_STFL_SECRET_KEY *sk_frm_file = NULL;
-
+	unsigned long long num_sig_left = 0, max_num_sigs = 0;
 	OQS_SIG_STFL *sig_obj = NULL;
 	uint8_t *public_key = NULL;
 	uint8_t *frm_file_sk_buf = NULL;
@@ -677,6 +677,23 @@ static OQS_STATUS sig_stfl_test_secret_key(const char *method_name) {
 		goto err;
 	}
 
+	/*
+	 * Get max num signature and the amount remaining
+	 */
+	rc = OQS_SIG_STFL_sigs_total((const OQS_SIG_STFL *)sig_obj, &max_num_sigs, (const OQS_SIG_STFL_SECRET_KEY *)sk);
+	if (rc != OQS_SUCCESS) {
+		fprintf(stderr, "OQS STFL key: Failed to get max number of sig from %s.\n", method_name);
+		goto err;
+	}
+	printf("%s Maximum num of sign operations = %llu\n", method_name, max_num_sigs);
+
+	rc = OQS_SIG_STFL_sigs_remaining((const OQS_SIG_STFL *)sig_obj, &num_sig_left, (const OQS_SIG_STFL_SECRET_KEY *)sk);
+	if (rc != OQS_SUCCESS) {
+		fprintf(stderr, "OQS STFL key: Failed to get the remaining number of sig from %s.\n", method_name);
+		goto err;
+	}
+	printf("%s Remaining number of sign operations = %llu\n", method_name, num_sig_left);
+
 	/* write sk key to disk */
 	rc = OQS_SECRET_KEY_STFL_serialize_key(sk, &to_file_sk_len, &to_file_sk_buf);
 	if (rc != OQS_SUCCESS) {
@@ -837,6 +854,25 @@ static OQS_STATUS sig_stfl_test_sig_gen(const char *method_name) {
 	}
 
 
+	/*
+	 * Get max num signature and the amount remaining
+	 */
+	unsigned long long num_sig_left = 0, max_num_sigs = 0;
+	rc = OQS_SIG_STFL_sigs_total((const OQS_SIG_STFL *)lock_test_sig_obj, &max_num_sigs, (const OQS_SIG_STFL_SECRET_KEY *)lock_test_sk);
+	if (rc != OQS_SUCCESS) {
+		fprintf(stderr, "OQS STFL key: Failed to get max number of sig from %s.\n", method_name);
+		goto err;
+	}
+	printf("%s Maximum num of sign operations = %llu\n", method_name, max_num_sigs);
+
+	rc = OQS_SIG_STFL_sigs_remaining((const OQS_SIG_STFL *)lock_test_sig_obj, &num_sig_left, (const OQS_SIG_STFL_SECRET_KEY *)lock_test_sk);
+	if (rc != OQS_SUCCESS) {
+		fprintf(stderr, "OQS STFL key: Failed to get the remaining number of sig from %s.\n", method_name);
+		goto err;
+	}
+	printf("%s Remaining number of sign operations = %llu\n", method_name, num_sig_left);
+
+
 	printf("================================================================================\n");
 	printf("Sig Gen 1  %s\n", method_name);
 	printf("================================================================================\n");
@@ -850,7 +886,23 @@ static OQS_STATUS sig_stfl_test_sig_gen(const char *method_name) {
 		goto err;
 	}
 
-	sleep(3);
+	/*
+	 * Get max num signature and the amount remaining
+	 */
+	num_sig_left = 0, max_num_sigs = 0;
+	rc = OQS_SIG_STFL_sigs_total((const OQS_SIG_STFL *)lock_test_sig_obj, &max_num_sigs, (const OQS_SIG_STFL_SECRET_KEY *)lock_test_sk);
+	if (rc != OQS_SUCCESS) {
+		fprintf(stderr, "OQS STFL key: Failed to get max number of sig from %s.\n", method_name);
+		goto err;
+	}
+	printf("%s Maximum num of sign operations = %llu\n", method_name, max_num_sigs);
+
+	rc = OQS_SIG_STFL_sigs_remaining((const OQS_SIG_STFL *)lock_test_sig_obj, &num_sig_left, (const OQS_SIG_STFL_SECRET_KEY *)lock_test_sk);
+	if (rc != OQS_SUCCESS) {
+		fprintf(stderr, "OQS STFL key: Failed to get the remaining number of sig from %s.\n", method_name);
+		goto err;
+	}
+	printf("%s Remaining number of sign operations = %llu\n", method_name, num_sig_left);
 
 	printf("================================================================================\n");
 	printf("Sig Gen 2 %s\n", method_name);
@@ -864,10 +916,29 @@ static OQS_STATUS sig_stfl_test_sig_gen(const char *method_name) {
 		fprintf(stderr, "ERROR: lock thread test OQS_SIG_STFL_sign failed\n");
 		goto err;
 	}
-	rc = OQS_SUCCESS;
+
 	printf("================================================================================\n");
 	printf("Stateful Key Gen %s Passed.\n", method_name);
 	printf("================================================================================\n");
+
+	/*
+	 * Get max num signature and the amount remaining
+	 */
+	num_sig_left = 0, max_num_sigs = 0;
+	rc = OQS_SIG_STFL_sigs_total((const OQS_SIG_STFL *)lock_test_sig_obj, &max_num_sigs, (const OQS_SIG_STFL_SECRET_KEY *)lock_test_sk);
+	if (rc != OQS_SUCCESS) {
+		fprintf(stderr, "OQS STFL key: Failed to get max number of sig from %s.\n", method_name);
+		goto err;
+	}
+	printf("%s Maximum num of sign operations = %llu\n", method_name, max_num_sigs);
+
+	rc = OQS_SIG_STFL_sigs_remaining((const OQS_SIG_STFL *)lock_test_sig_obj, &num_sig_left, (const OQS_SIG_STFL_SECRET_KEY *)lock_test_sk);
+	if (rc != OQS_SUCCESS) {
+		fprintf(stderr, "OQS STFL key: Failed to get the remaining number of sig from %s.\n", method_name);
+		goto err;
+	}
+	printf("%s Remaining number of sign operations = %llu\n", method_name, num_sig_left);
+
 	goto end_it;
 err:
 	rc = OQS_ERROR;