Na stateful sigs lms var (#1574)

* Added new LMS varients. Removed unneeded vector functions from secret key data struc. * Add LMS variants * Fix formatting
open-quantum-safe · Dec 15, 2023 · ab02f53 · ab02f53
1 parent 753c650
commit ab02f53
Show file tree

Hide file tree

Showing 34 changed files with 2,132 additions and 178 deletions.
diff --git a/src/sig_stfl/lms/sig_stfl_lms.c b/src/sig_stfl/lms/sig_stfl_lms.c
diff --git a/src/sig_stfl/lms/sig_stfl_lms.h b/src/sig_stfl/lms/sig_stfl_lms.h
@@ -5,16 +5,193 @@
 
 #include <oqs/oqs.h>
 
+//OQS LMS parameter identifiers
+/* Defined LM parameter sets */
+#define OQS_LMS_ID_sha256_n32_h5_w1 0x1 //"5/1"
+#define OQS_LMS_ID_sha256_n32_h5_w2 0x2 //"5/2"
+#define OQS_LMS_ID_sha256_n32_h5_w4 0x3 //"5/4"
+#define OQS_LMS_ID_sha256_n32_h5_w8 0x4 //"5/8"
+
+#define OQS_LMS_ID_sha256_n32_h10_w1 0x5 //"10/1"
+#define OQS_LMS_ID_sha256_n32_h10_w2 0x7 //"10/2"
+#define OQS_LMS_ID_sha256_n32_h10_w4 0x8 //"10/4"
+#define OQS_LMS_ID_sha256_n32_h10_w8 0x9 //"10/8"
+
+#define OQS_LMS_ID_sha256_n32_h15_w1 0xa //"15/1"
+#define OQS_LMS_ID_sha256_n32_h15_w2 0xb //"15/2"
+#define OQS_LMS_ID_sha256_n32_h15_w4 0xc//"15/4"
+#define OQS_LMS_ID_sha256_n32_h15_w8 0xd //"15/8"
+
+#define OQS_LMS_ID_sha256_n32_h20_w1 0xe //"20/1"
+#define OQS_LMS_ID_sha256_n32_h20_w2 0xf //"20/2"
+#define OQS_LMS_ID_sha256_n32_h20_w4 0x10 //"20/4"
+#define OQS_LMS_ID_sha256_n32_h20_w8 0x11 //"20/8"
+
+#define OQS_LMS_ID_sha256_n32_h25_w1 0x12 //"25/1"
+#define OQS_LMS_ID_sha256_n32_h25_w2 0x13 //"25/2"
+#define OQS_LMS_ID_sha256_n32_h25_w4 0x14 //"25/4"
+#define OQS_LMS_ID_sha256_n32_h25_w8 0x15 //"25/8"
+
 //H5
 #define OQS_SIG_STFL_alg_lms_sha256_h5_w1_length_signature 8688
 #define OQS_SIG_STFL_alg_lms_sha256_h5_w1_length_pk 60
 #define OQS_SIG_STFL_alg_lms_sha256_h5_w1_length_sk 64
-
+OQS_SIG_STFL *OQS_SIG_STFL_alg_lms_sha256_h5_w1_new(void);
+OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_LMS_SHA256_H5_W1_new(void);
 OQS_API OQS_STATUS OQS_SIG_STFL_alg_lms_sha256_h5_w1_keypair(uint8_t *public_key, OQS_SIG_STFL_SECRET_KEY *secret_key);
 
-OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_LMS_SHA256_H5_W1_new(void);
+#define OQS_SIG_STFL_alg_lms_sha256_h5_w2_length_signature 4464
+#define OQS_SIG_STFL_alg_lms_sha256_h5_w2_length_pk 60
+#define OQS_SIG_STFL_alg_lms_sha256_h5_w2_length_sk 64
+OQS_SIG_STFL *OQS_SIG_STFL_alg_lms_sha256_h5_w2_new(void);
+OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_LMS_SHA256_H5_W2_new(void);
+OQS_API OQS_STATUS OQS_SIG_STFL_alg_lms_sha256_h5_w2_keypair(uint8_t *public_key, OQS_SIG_STFL_SECRET_KEY *secret_key);
+
+#define OQS_SIG_STFL_alg_lms_sha256_h5_w4_length_signature 2352
+#define OQS_SIG_STFL_alg_lms_sha256_h5_w4_length_pk 60
+#define OQS_SIG_STFL_alg_lms_sha256_h5_w4_length_sk 64
+OQS_SIG_STFL *OQS_SIG_STFL_alg_lms_sha256_h5_w4_new(void);
+OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_LMS_SHA256_H5_W4_new(void);
+OQS_API OQS_STATUS OQS_SIG_STFL_alg_lms_sha256_h5_w4_keypair(uint8_t *public_key, OQS_SIG_STFL_SECRET_KEY *secret_key);
+
+#define OQS_SIG_STFL_alg_lms_sha256_h5_w8_length_signature 1296
+#define OQS_SIG_STFL_alg_lms_sha256_h5_w8_length_pk 60
+#define OQS_SIG_STFL_alg_lms_sha256_h5_w8_length_sk 64
+OQS_SIG_STFL *OQS_SIG_STFL_alg_lms_sha256_h5_w8_new(void);
+OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_LMS_SHA256_H5_W8_new(void);
+OQS_API OQS_STATUS OQS_SIG_STFL_alg_lms_sha256_h5_w8_keypair(uint8_t *public_key, OQS_SIG_STFL_SECRET_KEY *secret_key);
+
+//H10
+//  H10           W1            60           8848            64
+//  H10           W2            60           4624            64
+//  H10           W4            60           2512            64
+//  H10           W8            60           1456            64
+#define OQS_SIG_STFL_alg_lms_sha256_h10_w1_length_signature 8848
+#define OQS_SIG_STFL_alg_lms_sha256_h10_w1_length_pk 60
+#define OQS_SIG_STFL_alg_lms_sha256_h10_w1_length_sk 64
+
+OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_LMS_SHA256_H10_W1_new(void);
+OQS_SIG_STFL *OQS_SIG_STFL_alg_lms_sha256_h10_w1_new(void);
+
+#define OQS_SIG_STFL_alg_lms_sha256_h10_w2_length_signature 4624
+#define OQS_SIG_STFL_alg_lms_sha256_h10_w2_length_pk 60
+#define OQS_SIG_STFL_alg_lms_sha256_h10_w2_length_sk 64
+
+OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_LMS_SHA256_H10_W2_new(void);
+OQS_SIG_STFL *OQS_SIG_STFL_alg_lms_sha256_h10_w2_new(void);
+
+#define OQS_SIG_STFL_alg_lms_sha256_h10_w4_length_signature 2512
+#define OQS_SIG_STFL_alg_lms_sha256_h10_w4_length_pk 60
+#define OQS_SIG_STFL_alg_lms_sha256_h10_w4_length_sk 64
+
+OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_LMS_SHA256_H10_W4_new(void);
+OQS_SIG_STFL *OQS_SIG_STFL_alg_lms_sha256_h10_w4_new(void);
+
+#define OQS_SIG_STFL_alg_lms_sha256_h10_w8_length_signature 1456
+#define OQS_SIG_STFL_alg_lms_sha256_h10_w8_length_pk 60
+#define OQS_SIG_STFL_alg_lms_sha256_h10_w8_length_sk 64
+
+OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_LMS_SHA256_H10_W8_new(void);
+OQS_SIG_STFL *OQS_SIG_STFL_alg_lms_sha256_h10_w8_new(void);
+
+//H15
+//  H15           W1            60           9008            64
+//  H15           W2            60           4784            64
+//  H15           W4            60           2672            64
+//  H15           W8            60           1616            64
+#define OQS_SIG_STFL_alg_lms_sha256_h15_w1_length_signature 9008
+#define OQS_SIG_STFL_alg_lms_sha256_h15_w1_length_pk 60
+#define OQS_SIG_STFL_alg_lms_sha256_h15_w1_length_sk 64
+
+OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_LMS_SHA256_H15_W1_new(void);
+OQS_SIG_STFL *OQS_SIG_STFL_alg_lms_sha256_h15_w1_new(void);
+
+#define OQS_SIG_STFL_alg_lms_sha256_h15_w2_length_signature 4784
+#define OQS_SIG_STFL_alg_lms_sha256_h15_w2_length_pk 60
+#define OQS_SIG_STFL_alg_lms_sha256_h15_w2_length_sk 64
+
+OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_LMS_SHA256_H15_W2_new(void);
+OQS_SIG_STFL *OQS_SIG_STFL_alg_lms_sha256_h15_w2_new(void);
+
+#define OQS_SIG_STFL_alg_lms_sha256_h15_w4_length_signature 2672
+#define OQS_SIG_STFL_alg_lms_sha256_h15_w4_length_pk 60
+#define OQS_SIG_STFL_alg_lms_sha256_h15_w4_length_sk 64
+
+OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_LMS_SHA256_H15_W4_new(void);
+OQS_SIG_STFL *OQS_SIG_STFL_alg_lms_sha256_h15_w4_new(void);
+
+#define OQS_SIG_STFL_alg_lms_sha256_h15_w8_length_signature 1616
+#define OQS_SIG_STFL_alg_lms_sha256_h15_w8_length_pk 60
+#define OQS_SIG_STFL_alg_lms_sha256_h15_w8_length_sk 64
+
+OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_LMS_SHA256_H15_W8_new(void);
+OQS_SIG_STFL *OQS_SIG_STFL_alg_lms_sha256_h15_w8_new(void);
+
+//H20
+//  H20           W1            60           9168            64
+//  H20           W2            60           4944            64
+//  H20           W4            60           2832            64
+//  H20           W8            60           1776            64
+#define OQS_SIG_STFL_alg_lms_sha256_h20_w1_length_signature 9168
+#define OQS_SIG_STFL_alg_lms_sha256_h20_w1_length_pk 60
+#define OQS_SIG_STFL_alg_lms_sha256_h20_w1_length_sk 64
+
+OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_LMS_SHA256_H20_W1_new(void);
+OQS_SIG_STFL *OQS_SIG_STFL_alg_lms_sha256_h20_w1_new(void);
+
+#define OQS_SIG_STFL_alg_lms_sha256_h20_w2_length_signature 4944
+#define OQS_SIG_STFL_alg_lms_sha256_h20_w2_length_pk 60
+#define OQS_SIG_STFL_alg_lms_sha256_h20_w2_length_sk 64
+
+OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_LMS_SHA256_H20_W2_new(void);
+OQS_SIG_STFL *OQS_SIG_STFL_alg_lms_sha256_h20_w2_new(void);
+
+#define OQS_SIG_STFL_alg_lms_sha256_h20_w4_length_signature 2832
+#define OQS_SIG_STFL_alg_lms_sha256_h20_w4_length_pk 60
+#define OQS_SIG_STFL_alg_lms_sha256_h20_w4_length_sk 64
+
+OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_LMS_SHA256_H20_W4_new(void);
+OQS_SIG_STFL *OQS_SIG_STFL_alg_lms_sha256_h20_w4_new(void);
+
+#define OQS_SIG_STFL_alg_lms_sha256_h20_w8_length_signature 1776
+#define OQS_SIG_STFL_alg_lms_sha256_h20_w8_length_pk 60
+#define OQS_SIG_STFL_alg_lms_sha256_h20_w8_length_sk 64
+
+OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_LMS_SHA256_H20_W8_new(void);
+OQS_SIG_STFL *OQS_SIG_STFL_alg_lms_sha256_h20_w8_new(void);
+
+//H25
+//  H25           W1            60           9328            64
+//  H25           W2            60           5104            64
+//  H25           W4            60           2992            64
+//  H25           W8            60           1936            64
+#define OQS_SIG_STFL_alg_lms_sha256_h25_w1_length_signature 9328
+#define OQS_SIG_STFL_alg_lms_sha256_h25_w1_length_pk 60
+#define OQS_SIG_STFL_alg_lms_sha256_h25_w1_length_sk 64
 
-OQS_SIG_STFL *OQS_SIG_STFL_alg_lms_sha256_h5_w1_new(void);
+OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_LMS_SHA256_H25_W1_new(void);
+OQS_SIG_STFL *OQS_SIG_STFL_alg_lms_sha256_h25_w1_new(void);
+
+#define OQS_SIG_STFL_alg_lms_sha256_h25_w2_length_signature 5104
+#define OQS_SIG_STFL_alg_lms_sha256_h25_w2_length_pk 60
+#define OQS_SIG_STFL_alg_lms_sha256_h25_w2_length_sk 64
+
+OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_LMS_SHA256_H25_W2_new(void);
+OQS_SIG_STFL *OQS_SIG_STFL_alg_lms_sha256_h25_w2_new(void);
+
+#define OQS_SIG_STFL_alg_lms_sha256_h25_w4_length_signature 2992
+#define OQS_SIG_STFL_alg_lms_sha256_h25_w4_length_pk 60
+#define OQS_SIG_STFL_alg_lms_sha256_h25_w4_length_sk 64
+
+OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_LMS_SHA256_H25_W4_new(void);
+OQS_SIG_STFL *OQS_SIG_STFL_alg_lms_sha256_h25_w4_new(void);
+
+#define OQS_SIG_STFL_alg_lms_sha256_h25_w8_length_signature 1936
+#define OQS_SIG_STFL_alg_lms_sha256_h25_w8_length_pk 60
+#define OQS_SIG_STFL_alg_lms_sha256_h25_w8_length_sk 64
+
+OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_LMS_SHA256_H25_W8_new(void);
+OQS_SIG_STFL *OQS_SIG_STFL_alg_lms_sha256_h25_w8_new(void);
 
 OQS_API OQS_STATUS OQS_SIG_STFL_lms_sigs_left(unsigned long long *remain, const OQS_SIG_STFL_SECRET_KEY *secret_key);
 OQS_API OQS_STATUS OQS_SIG_STFL_lms_sigs_total(unsigned long long *totaln, const OQS_SIG_STFL_SECRET_KEY *secret_key);

diff --git a/src/sig_stfl/lms/sig_stfl_lms_functions.c b/src/sig_stfl/lms/sig_stfl_lms_functions.c
@@ -183,7 +183,6 @@ OQS_API OQS_STATUS OQS_SIG_STFL_lms_sigs_total(unsigned long long *total, const
 	oqs_lms_key_data *oqs_key_data = NULL;
 	struct hss_working_key *working_key = NULL;
 
-
 	if (total == NULL  || secret_key == NULL) {
 		return OQS_ERROR;
 	}
@@ -207,8 +206,6 @@ OQS_API OQS_STATUS OQS_SIG_STFL_lms_sigs_total(unsigned long long *total, const
 		return OQS_ERROR;
 	}
 
-
-
 	*total = (unsigned long long)working_key->max_count;
 	OQS_MEM_secure_free(working_key, sizeof(struct hss_working_key));
 	return OQS_SUCCESS;
@@ -280,11 +277,91 @@ int oqs_sig_stfl_lms_keypair(uint8_t *pk, OQS_SIG_STFL_SECRET_KEY *sk, const uin
 
 	/* Set lms param set */
 	switch (oid) {
-	case 0x1:
+	case OQS_LMS_ID_sha256_n32_h5_w1:
 		oqs_key_data->lm_type[0] = LMS_SHA256_N32_H5;
 		oqs_key_data->lm_ots_type[0] = LMOTS_SHA256_N32_W1;
 		break;
-	default:
+	case OQS_LMS_ID_sha256_n32_h5_w2:
+		oqs_key_data->lm_type[0] = LMS_SHA256_N32_H5;
+		oqs_key_data->lm_ots_type[0] = LMOTS_SHA256_N32_W2;
+		break;
+	case OQS_LMS_ID_sha256_n32_h5_w4:
+		oqs_key_data->lm_type[0] = LMS_SHA256_N32_H5;
+		oqs_key_data->lm_ots_type[0] = LMOTS_SHA256_N32_W4;
+		break;
+	case OQS_LMS_ID_sha256_n32_h5_w8:
+		oqs_key_data->lm_type[0] = LMS_SHA256_N32_H5;
+		oqs_key_data->lm_ots_type[0] = LMOTS_SHA256_N32_W8;
+		break;
+
+	case OQS_LMS_ID_sha256_n32_h10_w1:
+		oqs_key_data->lm_type[0] = LMS_SHA256_N32_H10;
+		oqs_key_data->lm_ots_type[0] = LMOTS_SHA256_N32_W1;
+		break;
+	case OQS_LMS_ID_sha256_n32_h10_w2:
+		oqs_key_data->lm_type[0] = LMS_SHA256_N32_H10;
+		oqs_key_data->lm_ots_type[0] = LMOTS_SHA256_N32_W2;
+		break;
+	case OQS_LMS_ID_sha256_n32_h10_w4:
+		oqs_key_data->lm_type[0] = LMS_SHA256_N32_H10;
+		oqs_key_data->lm_ots_type[0] = LMOTS_SHA256_N32_W4;
+		break;
+	case OQS_LMS_ID_sha256_n32_h10_w8:
+		oqs_key_data->lm_type[0] = LMS_SHA256_N32_H10;
+		oqs_key_data->lm_ots_type[0] = LMOTS_SHA256_N32_W8;
+		break;
+
+	case OQS_LMS_ID_sha256_n32_h15_w1:
+		oqs_key_data->lm_type[0] = LMS_SHA256_N32_H15;
+		oqs_key_data->lm_ots_type[0] = LMOTS_SHA256_N32_W1;
+		break;
+	case OQS_LMS_ID_sha256_n32_h15_w2:
+		oqs_key_data->lm_type[0] = LMS_SHA256_N32_H15;
+		oqs_key_data->lm_ots_type[0] = LMOTS_SHA256_N32_W2;
+		break;
+	case OQS_LMS_ID_sha256_n32_h15_w4:
+		oqs_key_data->lm_type[0] = LMS_SHA256_N32_H15;
+		oqs_key_data->lm_ots_type[0] = LMOTS_SHA256_N32_W4;
+		break;
+	case OQS_LMS_ID_sha256_n32_h15_w8:
+		oqs_key_data->lm_type[0] = LMS_SHA256_N32_H15;
+		oqs_key_data->lm_ots_type[0] = LMOTS_SHA256_N32_W8;
+		break;
+
+	case OQS_LMS_ID_sha256_n32_h20_w1:
+		oqs_key_data->lm_type[0] = LMS_SHA256_N32_H20;
+		oqs_key_data->lm_ots_type[0] = LMOTS_SHA256_N32_W1;
+		break;
+	case OQS_LMS_ID_sha256_n32_h20_w2:
+		oqs_key_data->lm_type[0] = LMS_SHA256_N32_H20;
+		oqs_key_data->lm_ots_type[0] = LMOTS_SHA256_N32_W2;
+		break;
+	case OQS_LMS_ID_sha256_n32_h20_w4:
+		oqs_key_data->lm_type[0] = LMS_SHA256_N32_H20;
+		oqs_key_data->lm_ots_type[0] = LMOTS_SHA256_N32_W4;
+		break;
+	case OQS_LMS_ID_sha256_n32_h20_w8:
+		oqs_key_data->lm_type[0] = LMS_SHA256_N32_H20;
+		oqs_key_data->lm_ots_type[0] = LMOTS_SHA256_N32_W8;
+		break;
+
+	case OQS_LMS_ID_sha256_n32_h25_w1:
+		oqs_key_data->lm_type[0] = LMS_SHA256_N32_H25;
+		oqs_key_data->lm_ots_type[0] = LMOTS_SHA256_N32_W1;
+		break;
+	case OQS_LMS_ID_sha256_n32_h25_w2:
+		oqs_key_data->lm_type[0] = LMS_SHA256_N32_H25;
+		oqs_key_data->lm_ots_type[0] = LMOTS_SHA256_N32_W2;
+		break;
+	case OQS_LMS_ID_sha256_n32_h25_w4:
+		oqs_key_data->lm_type[0] = LMS_SHA256_N32_H25;
+		oqs_key_data->lm_ots_type[0] = LMOTS_SHA256_N32_W4;
+		break;
+	case OQS_LMS_ID_sha256_n32_h25_w8:
+		oqs_key_data->lm_type[0] = LMS_SHA256_N32_H25;
+		oqs_key_data->lm_ots_type[0] = LMOTS_SHA256_N32_W8;
+		break;
+
 		oqs_key_data->lm_type[0] = 0;
 		oqs_key_data->lm_ots_type[0] = 0;
 		parse_err = 1;