Stateful sigs XMSS updates (#1590)

* Update XMSS to use callbacks. Update test cases.

* Fix format

* Fix SA issues

* Fix format

* Fix SA issue

* set secure function callback for KAT tests. Block slow tests

* set secure function callback for KAT tests. Block slow tests.

src/sig_stfl/lms/sig_stfl_lms_functions.c

@@ -69,6 +69,7 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_lms_sign(uint8_t *signature, size_t *signatu
 	 * Don't even attempt signing without a way to safe the updated private key
 	 */
 	if (secret_key->secure_store_scrt_key == NULL) {
+		fprintf(stderr, "No Secure-store set for secret key.\n.");
 		goto err;
 	}
 
@@ -94,7 +95,7 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_lms_sign(uint8_t *signature, size_t *signatu
 		goto err;
 	}
 
-	context = lms_key_data->context;
+	context = secret_key->context;
 	rc_keyupdate = secret_key->secure_store_scrt_key(sk_key_buf, sk_key_buf_len, context);
 	if (rc_keyupdate != OQS_SUCCESS) {
 		goto err;
@@ -241,40 +242,41 @@ int oqs_sig_stfl_lms_keypair(uint8_t *pk, OQS_SIG_STFL_SECRET_KEY *sk, const uin
 	}
 
 	oqs_key_data = malloc(sizeof(oqs_lms_key_data));
-	if (oqs_key_data) {
-		oqs_key_data->levels = 1;
-		if (sk->length_secret_key) {
-			oqs_key_data->len_sec_key = sk->length_secret_key;
-			oqs_key_data->sec_key = (uint8_t *)malloc(sk->length_secret_key * sizeof(uint8_t));
-			if (oqs_key_data->sec_key) {
-				memset(oqs_key_data->sec_key, 0, sk->length_secret_key);
-			} else {
-				OQS_MEM_insecure_free(oqs_key_data);
-				oqs_key_data = NULL;
-				return -1;
-			}
-		} else {
-			OQS_MEM_insecure_free(oqs_key_data);
-			oqs_key_data = NULL;
-			return -1;
-		}
+	if (oqs_key_data == NULL) {
+		return -1;
+	}
 
-		//Aux Data
-		size_t len_aux_data = DEFAULT_AUX_DATA;
-		uint8_t *aux_data =  malloc(sizeof(uint8_t) * len_aux_data);
-		if (aux_data) {
-			oqs_key_data->aux_data = aux_data;
-			oqs_key_data->len_aux_data = len_aux_data;
-		} else {
-			OQS_MEM_insecure_free( oqs_key_data->sec_key);
-			OQS_MEM_insecure_free(oqs_key_data);
-			return -1;
-		}
-	} else {
-		//TODO log error
+	memset(oqs_key_data, 0, sizeof(oqs_lms_key_data));
+	if (sk->length_secret_key == 0) {
+		OQS_MEM_insecure_free(oqs_key_data);
+		oqs_key_data = NULL;
+		return -1;
+	}
+
+	oqs_key_data->levels = 1;
+	oqs_key_data->len_sec_key = sk->length_secret_key;
+	oqs_key_data->sec_key = (uint8_t *)malloc(sk->length_secret_key * sizeof(uint8_t));
+	if (oqs_key_data->sec_key == NULL) {
+		OQS_MEM_insecure_free(oqs_key_data);
+		oqs_key_data = NULL;
 		return -1;
 	}
 
+	memset(oqs_key_data->sec_key, 0, sk->length_secret_key);
+
+	//Aux Data
+	size_t len_aux_data = DEFAULT_AUX_DATA;
+	uint8_t *aux_data =  malloc(sizeof(uint8_t) * len_aux_data);
+	if (aux_data == NULL) {
+		OQS_MEM_insecure_free( oqs_key_data->sec_key);
+		OQS_MEM_insecure_free(oqs_key_data);
+		return -1;
+	}
+
+	oqs_key_data->aux_data = aux_data;
+	oqs_key_data->len_aux_data = len_aux_data;
+	oqs_key_data->context = sk->context;
+
 	/* Set lms param set */
 	switch (oid) {
 	case OQS_LMS_ID_sha256_n32_h5_w1:
@@ -668,6 +670,7 @@ OQS_STATUS oqs_deserialize_lms_key(OQS_SIG_STFL_SECRET_KEY *sk, const size_t sk_
 		lms_key_data->len_aux_data = aux_buf_len;
 	}
 
+	sk->context = context;
 	sk->secret_key_data = lms_key_data;
 	goto success;
 
@@ -682,9 +685,10 @@ OQS_STATUS oqs_deserialize_lms_key(OQS_SIG_STFL_SECRET_KEY *sk, const size_t sk_
 }
 
 void oqs_lms_key_set_store_cb(OQS_SIG_STFL_SECRET_KEY *sk, secure_store_sk store_cb, void *context) {
-	oqs_lms_key_data *lms_key_data = (oqs_lms_key_data *)sk->secret_key_data;
-	if (lms_key_data) {
-		lms_key_data->context = context;
-		sk->secure_store_scrt_key = store_cb;
+
+	if (sk == NULL) {
+		return;
 	}
+	sk->secure_store_scrt_key = store_cb;
+	sk->context = context;
 }

src/sig_stfl/sig_stfl.h

@@ -268,6 +268,9 @@ typedef struct OQS_SIG_STFL_SECRET_KEY {
 	/* mutual exclusion struct */
 	void *mutex;
 
+	/* file storage handle */
+	void *context;
+
 	/**
 	 * Secret Key retrieval Function
 	 *

src/sig_stfl/xmss/sig_stfl_xmss.h

@@ -503,4 +503,7 @@ OQS_STATUS OQS_SECRET_KEY_XMSS_serialize_key(const OQS_SIG_STFL_SECRET_KEY *sk,
 /* Deserialize XMSS byte string into an XMSS secret key data */
 OQS_STATUS OQS_SECRET_KEY_XMSS_deserialize_key(OQS_SIG_STFL_SECRET_KEY *sk, const size_t sk_len, const uint8_t *sk_buf, void *context);
 
+/* Set XMSS byte string into an XMSS secret key data */
+void OQS_SECRET_KEY_XMSS_set_store_cb(OQS_SIG_STFL_SECRET_KEY *sk, secure_store_sk store_cb, void *context);
+
 #endif /* OQS_SIG_STFL_XMSS_H */

src/sig_stfl/xmss/sig_stfl_xmss_secret_key_functions.c

@@ -37,9 +37,8 @@ OQS_STATUS OQS_SECRET_KEY_XMSS_deserialize_key(OQS_SIG_STFL_SECRET_KEY *sk, cons
 	}
 
 	if (sk->secret_key_data != NULL) {
-		// Key data already present
-		// We dont want to trample over data
-		return OQS_ERROR;
+		OQS_MEM_secure_free(sk->secret_key_data, sk->length_secret_key);
+		sk->secret_key_data = NULL;
 	}
 
 	// Assume key data is not present
@@ -48,7 +47,17 @@ OQS_STATUS OQS_SECRET_KEY_XMSS_deserialize_key(OQS_SIG_STFL_SECRET_KEY *sk, cons
 		return OQS_ERROR;
 	}
 
+	sk->context = context;
 	memcpy(sk->secret_key_data, sk_buf, sk_len);
 
 	return OQS_SUCCESS;
 }
+
+void OQS_SECRET_KEY_XMSS_set_store_cb(OQS_SIG_STFL_SECRET_KEY *sk, secure_store_sk store_cb, void *context) {
+	if (!sk || !store_cb || !context) {
+		return;
+	}
+
+	sk->context = context;
+	sk->secure_store_scrt_key = store_cb;
+}

src/sig_stfl/xmss/sig_stfl_xmss_sha256_h10.c

@@ -68,6 +68,8 @@ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_XMSS_SHA256_H10_new(void) {
 
 	sk->free_key = OQS_SECRET_KEY_XMSS_free;
 
+	sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb;
+
 	return sk;
 }
 
@@ -87,17 +89,56 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha256_h10_keypair(XMSS_UNUSED_ATT uint
 
 OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha256_h10_sign(uint8_t *signature, size_t *signature_len, XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, XMSS_UNUSED_ATT OQS_SIG_STFL_SECRET_KEY *secret_key) {
 
+	OQS_STATUS rc_keyupdate, status = OQS_SUCCESS;
+	const OQS_SIG_STFL_SECRET_KEY *sk;
+	uint8_t *sk_key_buf_ptr = NULL;
+	unsigned long long sig_length = 0;
+	size_t sk_key_buf_len = 0;
+
 	if (signature == NULL || signature_len == NULL || message == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) {
 		return OQS_ERROR;
 	}
 
-	unsigned long long sig_length = 0;
-	if (xmss_sign(secret_key->secret_key_data, signature, &sig_length, message, message_len)) {
+	/* check for secret key update function */
+	if (secret_key->secure_store_scrt_key == NULL) {
 		return OQS_ERROR;
 	}
+
+	/* Lock secret to ensure OTS use */
+	if ((secret_key->lock_key) && (secret_key->mutex)) {
+		secret_key->lock_key(secret_key->mutex);
+	}
+
+	if (xmss_sign(secret_key->secret_key_data, signature, &sig_length, message, message_len)) {
+		status = OQS_ERROR;
+		goto err;
+	}
 	*signature_len = (size_t)sig_length;
 
-	return OQS_SUCCESS;
+	/*
+	 * serialize and securely store the updated private key
+	 * but, delete signature and the serialized key other wise
+	 */
+
+	sk = secret_key;
+	rc_keyupdate = OQS_SECRET_KEY_XMSS_serialize_key(sk, &sk_key_buf_len, &sk_key_buf_ptr);
+	if (rc_keyupdate != OQS_SUCCESS) {
+		status = OQS_ERROR;
+		goto err;
+	}
+
+	rc_keyupdate = secret_key->secure_store_scrt_key(sk_key_buf_ptr, sk_key_buf_len, secret_key->context);
+	if (rc_keyupdate != OQS_SUCCESS) {
+		status = OQS_ERROR;
+	}
+
+	OQS_MEM_secure_free(sk_key_buf_ptr, sk_key_buf_len);
+err:
+	/* Unlock secret to ensure OTS use */
+	if ((secret_key->unlock_key) && (secret_key->mutex)) {
+		secret_key->unlock_key(secret_key->mutex);
+	}
+	return status;
 }
 
 OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha256_h10_verify(XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, const uint8_t *signature, size_t signature_len, XMSS_UNUSED_ATT const uint8_t *public_key) {

src/sig_stfl/xmss/sig_stfl_xmss_sha256_h16.c

@@ -67,6 +67,8 @@ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_XMSS_SHA256_H16_new(void) {
 
 	sk->free_key = OQS_SECRET_KEY_XMSS_free;
 
+	sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb;
+
 	return sk;
 }
 
@@ -86,17 +88,56 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha256_h16_keypair(XMSS_UNUSED_ATT uint
 
 OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha256_h16_sign(uint8_t *signature, size_t *signature_len, XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, XMSS_UNUSED_ATT OQS_SIG_STFL_SECRET_KEY *secret_key) {
 
+	OQS_STATUS rc_keyupdate, status = OQS_SUCCESS;
+	const OQS_SIG_STFL_SECRET_KEY *sk;
+	uint8_t *sk_key_buf_ptr = NULL;
+	unsigned long long sig_length = 0;
+	size_t sk_key_buf_len = 0;
+
 	if (signature == NULL || signature_len == NULL || message == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) {
 		return OQS_ERROR;
 	}
 
-	unsigned long long sig_length = 0;
-	if (xmss_sign(secret_key->secret_key_data, signature, &sig_length, message, message_len)) {
+	/* check for secret key update function */
+	if (secret_key->secure_store_scrt_key == NULL) {
 		return OQS_ERROR;
 	}
-	*signature_len = (size_t) sig_length;
 
-	return OQS_SUCCESS;
+	/* Lock secret to ensure OTS use */
+	if ((secret_key->lock_key) && (secret_key->mutex)) {
+		secret_key->lock_key(secret_key->mutex);
+	}
+
+	if (xmss_sign(secret_key->secret_key_data, signature, &sig_length, message, message_len)) {
+		status = OQS_ERROR;
+		goto err;
+	}
+	*signature_len = (size_t)sig_length;
+
+	/*
+	 * serialize and securely store the updated private key
+	 * but, delete signature and the serialized key other wise
+	 */
+
+	sk = secret_key;
+	rc_keyupdate = OQS_SECRET_KEY_XMSS_serialize_key(sk, &sk_key_buf_len, &sk_key_buf_ptr);
+	if (rc_keyupdate != OQS_SUCCESS) {
+		status = OQS_ERROR;
+		goto err;
+	}
+
+	rc_keyupdate = secret_key->secure_store_scrt_key(sk_key_buf_ptr, sk_key_buf_len, secret_key->context);
+	if (rc_keyupdate != OQS_SUCCESS) {
+		status = OQS_ERROR;
+	}
+
+	OQS_MEM_secure_free(sk_key_buf_ptr, sk_key_buf_len);
+err:
+	/* Unlock secret to ensure OTS use */
+	if ((secret_key->unlock_key) && (secret_key->mutex)) {
+		secret_key->unlock_key(secret_key->mutex);
+	}
+	return status;
 }
 
 OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha256_h16_verify(XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, const uint8_t *signature, size_t signature_len, XMSS_UNUSED_ATT const uint8_t *public_key) {

src/sig_stfl/xmss/sig_stfl_xmss_sha256_h20.c

@@ -67,6 +67,8 @@ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_XMSS_SHA256_H20_new(void) {
 
 	sk->free_key = OQS_SECRET_KEY_XMSS_free;
 
+	sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb;
+
 	return sk;
 }
 
@@ -86,17 +88,56 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha256_h20_keypair(XMSS_UNUSED_ATT uint
 
 OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha256_h20_sign(uint8_t *signature, size_t *signature_len, XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, XMSS_UNUSED_ATT OQS_SIG_STFL_SECRET_KEY *secret_key) {
 
+	OQS_STATUS rc_keyupdate, status = OQS_SUCCESS;
+	const OQS_SIG_STFL_SECRET_KEY *sk;
+	uint8_t *sk_key_buf_ptr = NULL;
+	unsigned long long sig_length = 0;
+	size_t sk_key_buf_len = 0;
+
 	if (signature == NULL || signature_len == NULL || message == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) {
 		return OQS_ERROR;
 	}
 
-	unsigned long long sig_length = 0;
-	if (xmss_sign(secret_key->secret_key_data, signature, &sig_length, message, message_len)) {
+	/* check for secret key update function */
+	if (secret_key->secure_store_scrt_key == NULL) {
 		return OQS_ERROR;
 	}
-	*signature_len = (size_t) sig_length;
 
-	return OQS_SUCCESS;
+	/* Lock secret to ensure OTS use */
+	if ((secret_key->lock_key) && (secret_key->mutex)) {
+		secret_key->lock_key(secret_key->mutex);
+	}
+
+	if (xmss_sign(secret_key->secret_key_data, signature, &sig_length, message, message_len)) {
+		status = OQS_ERROR;
+		goto err;
+	}
+	*signature_len = (size_t)sig_length;
+
+	/*
+	 * serialize and securely store the updated private key
+	 * but, delete signature and the serialized key other wise
+	 */
+
+	sk = secret_key;
+	rc_keyupdate = OQS_SECRET_KEY_XMSS_serialize_key(sk, &sk_key_buf_len, &sk_key_buf_ptr);
+	if (rc_keyupdate != OQS_SUCCESS) {
+		status = OQS_ERROR;
+		goto err;
+	}
+
+	rc_keyupdate = secret_key->secure_store_scrt_key(sk_key_buf_ptr, sk_key_buf_len, secret_key->context);
+	if (rc_keyupdate != OQS_SUCCESS) {
+		status = OQS_ERROR;
+	}
+
+	OQS_MEM_secure_free(sk_key_buf_ptr, sk_key_buf_len);
+err:
+	/* Unlock secret to ensure OTS use */
+	if ((secret_key->unlock_key) && (secret_key->mutex)) {
+		secret_key->unlock_key(secret_key->mutex);
+	}
+	return status;
 }
 
 OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha256_h20_verify(XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, const uint8_t *signature, size_t signature_len, XMSS_UNUSED_ATT const uint8_t *public_key) {