Skip to content

Commit

Permalink
Secret Key Query (#1572)
Browse files Browse the repository at this point in the history
* Added functions to query the total, as well as, the remaining numbers of signing operation for a given secret key.

* Cleanup unused variable

* Fix code style
  • Loading branch information
ashman-p authored and SWilson4 committed Apr 12, 2024
1 parent 6dccf2e commit 78f3b9f
Show file tree
Hide file tree
Showing 2 changed files with 128 additions and 10 deletions.
61 changes: 54 additions & 7 deletions src/sig_stfl/lms/sig_stfl_lms_functions.c
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,9 @@
#include "external/hss_verify_inc.h"
#include "external/hss_sign_inc.h"
#include "external/hss.h"
#include "external/endian.h"
#include "external/hss_internal.h"
#include "sig_stfl_lms_wrap.h"
#include <stdio.h>

#define DEFAULT_AUX_DATA 10916 /* Use 10+k of aux data (which works well */
/* with the above default parameter set) */
Expand Down Expand Up @@ -136,17 +137,39 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_lms_verify(const uint8_t *message, size_t me
}

OQS_API OQS_STATUS OQS_SIG_STFL_lms_sigs_left(unsigned long long *remain, const OQS_SIG_STFL_SECRET_KEY *secret_key) {
OQS_STATUS status;
uint8_t *priv_key = NULL;
unsigned long long total_sigs = 0;
sequence_t current_count = 0;
oqs_lms_key_data *oqs_key_data = NULL;

if (remain == NULL || secret_key == NULL) {
return OQS_ERROR;
}

status = OQS_SIG_STFL_lms_sigs_total(&total_sigs, secret_key);
if (status != OQS_SUCCESS) {
return OQS_ERROR;
}

/* Lock secret key to ensure data integrity use */
if ((secret_key->lock_key) && (secret_key->mutex)) {
secret_key->lock_key(secret_key->mutex);
}

remain = 0;
oqs_key_data = secret_key->secret_key_data;
if (oqs_key_data == NULL) {
goto err;
}
priv_key = oqs_key_data->sec_key;
if (priv_key == NULL) {
goto err;
}

current_count = get_bigendian(priv_key + PRIVATE_KEY_INDEX, PRIVATE_KEY_INDEX_LEN /*0, 8 */);
*remain = (total_sigs - (unsigned long long)current_count);

err:
/* Unlock secret key */
if ((secret_key->unlock_key) && (secret_key->mutex)) {
secret_key->unlock_key(secret_key->mutex);
Expand All @@ -156,11 +179,38 @@ OQS_API OQS_STATUS OQS_SIG_STFL_lms_sigs_left(unsigned long long *remain, const

OQS_API OQS_STATUS OQS_SIG_STFL_lms_sigs_total(unsigned long long *total, const OQS_SIG_STFL_SECRET_KEY *secret_key) {

uint8_t *priv_key = NULL;
oqs_lms_key_data *oqs_key_data = NULL;
struct hss_working_key *working_key = NULL;


if (total == NULL || secret_key == NULL) {
return OQS_ERROR;
}

total = 0;
oqs_key_data = secret_key->secret_key_data;
if (!oqs_key_data) {
return OQS_ERROR;
}

priv_key = oqs_key_data->sec_key;
if (!priv_key) {
return OQS_ERROR;
}

working_key = hss_load_private_key(NULL, priv_key,
0,
NULL,
0,
0);
if (!working_key) {
return OQS_ERROR;
}



*total = (unsigned long long)working_key->max_count;
OQS_MEM_secure_free(working_key, sizeof(struct hss_working_key));
return OQS_SUCCESS;
}

Expand Down Expand Up @@ -293,7 +343,7 @@ int oqs_sig_stfl_lms_keypair(uint8_t *pk, OQS_SIG_STFL_SECRET_KEY *sk, const uin
memcpy(pk, oqs_key_data->public_key, len_public_key);
sk->secret_key_data = oqs_key_data;
} else {
OQS_MEM_insecure_free(oqs_key_data->sec_key);
OQS_MEM_secure_free(oqs_key_data->sec_key, sk->length_secret_key * sizeof(uint8_t));
OQS_MEM_insecure_free(oqs_key_data->aux_data);
OQS_MEM_insecure_free(oqs_key_data);
oqs_key_data = NULL;
Expand Down Expand Up @@ -329,7 +379,6 @@ int oqs_sig_stfl_lms_sign(OQS_SIG_STFL_SECRET_KEY *sk,
0,
0);
if (!w) {
printf( "Error loading private key\n" );
hss_free_working_key(w);
return 0;
}
Expand All @@ -340,14 +389,12 @@ int oqs_sig_stfl_lms_sign(OQS_SIG_STFL_SECRET_KEY *sk,

sig_len = hss_get_signature_len_from_working_key(w);
if (sig_len == 0) {
printf( "Error getting signature len\n" );
hss_free_working_key(w);
return 0;
}

sig = malloc(sig_len);
if (!sig) {
printf( "Error during malloc\n" );
hss_free_working_key(w);
return -1;
}
Expand Down
77 changes: 74 additions & 3 deletions tests/test_sig_stfl.c
Original file line number Diff line number Diff line change
Expand Up @@ -559,7 +559,7 @@ static OQS_STATUS sig_stfl_test_secret_key(const char *method_name) {
OQS_STATUS rc = OQS_SUCCESS;
OQS_SIG_STFL_SECRET_KEY *sk = NULL;
OQS_SIG_STFL_SECRET_KEY *sk_frm_file = NULL;

unsigned long long num_sig_left = 0, max_num_sigs = 0;
OQS_SIG_STFL *sig_obj = NULL;
uint8_t *public_key = NULL;
uint8_t *frm_file_sk_buf = NULL;
Expand Down Expand Up @@ -677,6 +677,23 @@ static OQS_STATUS sig_stfl_test_secret_key(const char *method_name) {
goto err;
}

/*
* Get max num signature and the amount remaining
*/
rc = OQS_SIG_STFL_sigs_total((const OQS_SIG_STFL *)sig_obj, &max_num_sigs, (const OQS_SIG_STFL_SECRET_KEY *)sk);
if (rc != OQS_SUCCESS) {
fprintf(stderr, "OQS STFL key: Failed to get max number of sig from %s.\n", method_name);
goto err;
}
printf("%s Maximum num of sign operations = %llu\n", method_name, max_num_sigs);

rc = OQS_SIG_STFL_sigs_remaining((const OQS_SIG_STFL *)sig_obj, &num_sig_left, (const OQS_SIG_STFL_SECRET_KEY *)sk);
if (rc != OQS_SUCCESS) {
fprintf(stderr, "OQS STFL key: Failed to get the remaining number of sig from %s.\n", method_name);
goto err;
}
printf("%s Remaining number of sign operations = %llu\n", method_name, num_sig_left);

/* write sk key to disk */
rc = OQS_SECRET_KEY_STFL_serialize_key(sk, &to_file_sk_len, &to_file_sk_buf);
if (rc != OQS_SUCCESS) {
Expand Down Expand Up @@ -837,6 +854,25 @@ static OQS_STATUS sig_stfl_test_sig_gen(const char *method_name) {
}


/*
* Get max num signature and the amount remaining
*/
unsigned long long num_sig_left = 0, max_num_sigs = 0;
rc = OQS_SIG_STFL_sigs_total((const OQS_SIG_STFL *)lock_test_sig_obj, &max_num_sigs, (const OQS_SIG_STFL_SECRET_KEY *)lock_test_sk);
if (rc != OQS_SUCCESS) {
fprintf(stderr, "OQS STFL key: Failed to get max number of sig from %s.\n", method_name);
goto err;
}
printf("%s Maximum num of sign operations = %llu\n", method_name, max_num_sigs);

rc = OQS_SIG_STFL_sigs_remaining((const OQS_SIG_STFL *)lock_test_sig_obj, &num_sig_left, (const OQS_SIG_STFL_SECRET_KEY *)lock_test_sk);
if (rc != OQS_SUCCESS) {
fprintf(stderr, "OQS STFL key: Failed to get the remaining number of sig from %s.\n", method_name);
goto err;
}
printf("%s Remaining number of sign operations = %llu\n", method_name, num_sig_left);


printf("================================================================================\n");
printf("Sig Gen 1 %s\n", method_name);
printf("================================================================================\n");
Expand All @@ -850,7 +886,23 @@ static OQS_STATUS sig_stfl_test_sig_gen(const char *method_name) {
goto err;
}

sleep(3);
/*
* Get max num signature and the amount remaining
*/
num_sig_left = 0, max_num_sigs = 0;
rc = OQS_SIG_STFL_sigs_total((const OQS_SIG_STFL *)lock_test_sig_obj, &max_num_sigs, (const OQS_SIG_STFL_SECRET_KEY *)lock_test_sk);
if (rc != OQS_SUCCESS) {
fprintf(stderr, "OQS STFL key: Failed to get max number of sig from %s.\n", method_name);
goto err;
}
printf("%s Maximum num of sign operations = %llu\n", method_name, max_num_sigs);

rc = OQS_SIG_STFL_sigs_remaining((const OQS_SIG_STFL *)lock_test_sig_obj, &num_sig_left, (const OQS_SIG_STFL_SECRET_KEY *)lock_test_sk);
if (rc != OQS_SUCCESS) {
fprintf(stderr, "OQS STFL key: Failed to get the remaining number of sig from %s.\n", method_name);
goto err;
}
printf("%s Remaining number of sign operations = %llu\n", method_name, num_sig_left);

printf("================================================================================\n");
printf("Sig Gen 2 %s\n", method_name);
Expand All @@ -864,10 +916,29 @@ static OQS_STATUS sig_stfl_test_sig_gen(const char *method_name) {
fprintf(stderr, "ERROR: lock thread test OQS_SIG_STFL_sign failed\n");
goto err;
}
rc = OQS_SUCCESS;

printf("================================================================================\n");
printf("Stateful Key Gen %s Passed.\n", method_name);
printf("================================================================================\n");

/*
* Get max num signature and the amount remaining
*/
num_sig_left = 0, max_num_sigs = 0;
rc = OQS_SIG_STFL_sigs_total((const OQS_SIG_STFL *)lock_test_sig_obj, &max_num_sigs, (const OQS_SIG_STFL_SECRET_KEY *)lock_test_sk);
if (rc != OQS_SUCCESS) {
fprintf(stderr, "OQS STFL key: Failed to get max number of sig from %s.\n", method_name);
goto err;
}
printf("%s Maximum num of sign operations = %llu\n", method_name, max_num_sigs);

rc = OQS_SIG_STFL_sigs_remaining((const OQS_SIG_STFL *)lock_test_sig_obj, &num_sig_left, (const OQS_SIG_STFL_SECRET_KEY *)lock_test_sk);
if (rc != OQS_SUCCESS) {
fprintf(stderr, "OQS STFL key: Failed to get the remaining number of sig from %s.\n", method_name);
goto err;
}
printf("%s Remaining number of sign operations = %llu\n", method_name, num_sig_left);

goto end_it;
err:
rc = OQS_ERROR;
Expand Down

0 comments on commit 78f3b9f

Please sign in to comment.