LMS updated to use new SK API (#1533)

* Use secret key struct in LMS. Update de/serialize sk API

* Updates per comments

* Update per comments

* Fix mem leak

* Address scan bild issue

* Removed unused variable

* Remove unused struc member

* Address macOS-noopenssl build failures

src/sig_stfl/lms/sig_stfl_lms.c

@@ -10,7 +10,7 @@
 
 // ======================== LMS-SHA256 H5/W1 ======================== //
 
-OQS_API OQS_STATUS OQS_SIG_STFL_alg_lms_sha256_h5_w1_keypair(uint8_t *public_key, uint8_t *secret_key) {
+OQS_API OQS_STATUS OQS_SIG_STFL_alg_lms_sha256_h5_w1_keypair(uint8_t *public_key, OQS_SIG_STFL_SECRET_KEY *secret_key) {
 	if (secret_key == NULL || public_key == NULL) {
 		return OQS_ERROR;
 	}
@@ -60,34 +60,55 @@ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_LMS_SHA256_H5_W1_new(void) {
 	// Initialize the key with length_secret_key amount of bytes.
 	sk->length_secret_key = OQS_SIG_STFL_alg_lms_sha256_h5_w1_length_sk;
 
-	if (sk->length_secret_key) {
-		sk->secret_key_data = (uint8_t *)malloc(sk->length_secret_key * sizeof(uint8_t));
-		if (sk->secret_key_data) {
-			memset(sk->secret_key_data, 0, sk->length_secret_key);
-		} else {
-			OQS_SECRET_KEY_LMS_free(sk);
-			OQS_MEM_insecure_free(sk);
-			sk = NULL;
-			return NULL;
-		}
-	}
+	/* Function that returns the total number of signatures for the secret key */
+	sk->sigs_total = NULL;
+
+	/* set Function to returns the number of signatures left for the secret key */
+	sk->sigs_left = NULL;
+
+	/*
+	 * Secret Key retrieval Function
+	 */
+	sk->serialize_key = OQS_SECRET_KEY_LMS_serialize_key;
+
+	/*
+	 * set Secret Key to internal structure Function
+	 */
+	sk->deserialize_key = OQS_SECRET_KEY_LMS_deserialize_key;
+
+	/*
+	 * Set Secret Key Locking Function
+	 */
+	sk->lock_key = NULL;
+
+	/*
+	 * Set Secret Key Unlocking / Releasing Function
+	 */
+	sk->unlock_key = NULL;
 
+	/*
+	 * Set Secret Key Saving Function
+	 */
+	sk->save_secret_key = NULL;
+
+	/*
+	 * Set Secret Key free function
+	 */
 	sk->free_key = OQS_SECRET_KEY_LMS_free;
 
 	return sk;
 }
 
 void OQS_SECRET_KEY_LMS_free(OQS_SIG_STFL_SECRET_KEY *sk) {
-	if (sk == NULL) {
-		return;
-	}
+	oqs_secret_lms_key_free(sk);
+}
 
-	//TODO: cleanup lock_key
+/* Convert LMS secret key object to byte string */
+size_t OQS_SECRET_KEY_LMS_serialize_key(const OQS_SIG_STFL_SECRET_KEY *sk,  uint8_t **sk_buf) {
+	return oqs_serialize_lms_key(sk, sk_buf);
+}
 
-	if (sk->sig) {
-		OQS_MEM_insecure_free(sk->sig);
-		sk->sig = NULL;
-	}
-	OQS_MEM_secure_free(sk->secret_key_data, sk->length_secret_key);
-	sk->secret_key_data = NULL;
+/* Insert lms byte string in an LMS secret key object */
+OQS_STATUS OQS_SECRET_KEY_LMS_deserialize_key(OQS_SIG_STFL_SECRET_KEY *sk, size_t key_len, const uint8_t *sk_buf) {
+	return oqs_deserialize_lms_key(sk, key_len, sk_buf);
 }

src/sig_stfl/lms/sig_stfl_lms.h

@@ -10,32 +10,43 @@
 #define OQS_SIG_STFL_alg_lms_sha256_h5_w1_length_pk 60
 #define OQS_SIG_STFL_alg_lms_sha256_h5_w1_length_sk 64
 
-OQS_API OQS_STATUS OQS_SIG_STFL_alg_lms_sha256_h5_w1_keypair(uint8_t *public_key, uint8_t *secret_key);
+OQS_API OQS_STATUS OQS_SIG_STFL_alg_lms_sha256_h5_w1_keypair(uint8_t *public_key, OQS_SIG_STFL_SECRET_KEY *secret_key);
 
 OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_LMS_SHA256_H5_W1_new(void);
+
+/* Convert LMS secret key object to byte string */
+size_t OQS_SECRET_KEY_LMS_serialize_key(const OQS_SIG_STFL_SECRET_KEY *sk,  uint8_t **sk_buf);
+
+/* Insert lms byte string in an LMS secret key object */
+OQS_STATUS OQS_SECRET_KEY_LMS_deserialize_key(OQS_SIG_STFL_SECRET_KEY *sk, size_t key_len, const uint8_t *sk_buf);
+
 OQS_SIG_STFL *OQS_SIG_STFL_alg_lms_sha256_h5_w1_new(void);
 
-OQS_API OQS_STATUS OQS_SIG_STFL_lms_sigs_left(unsigned long long *remain, const uint8_t *secret_key);
-OQS_API OQS_STATUS OQS_SIG_STFL_lms_sigs_total(uint64_t *totaln, const uint8_t *secret_key);
+OQS_API OQS_STATUS OQS_SIG_STFL_lms_sigs_left(unsigned long long *remain, const OQS_SIG_STFL_SECRET_KEY *secret_key);
+OQS_API OQS_STATUS OQS_SIG_STFL_lms_sigs_total(uint64_t *totaln, const OQS_SIG_STFL_SECRET_KEY *secret_key);
 
 void OQS_SECRET_KEY_LMS_free(OQS_SIG_STFL_SECRET_KEY *sk);
 
 // ----------------------------------- WRAPPER FUNCTIONS ------------------------------------------------
-int oqs_sig_stfl_lms_keypair(uint8_t *pk, uint8_t *sk, const uint32_t oid);
+int oqs_sig_stfl_lms_keypair(uint8_t *pk, OQS_SIG_STFL_SECRET_KEY *sk, const uint32_t oid);
 
-int oqs_sig_stfl_lms_sign(uint8_t *sk, uint8_t *sm, size_t *smlen,
+int oqs_sig_stfl_lms_sign(OQS_SIG_STFL_SECRET_KEY *sk, uint8_t *sm, size_t *smlen,
                           const uint8_t *m, size_t mlen);
 
 int oqs_sig_stfl_lms_verify(const uint8_t *m, size_t mlen, const uint8_t *sm, size_t smlen,
                             const uint8_t *pk);
 
+void oqs_secret_lms_key_free(OQS_SIG_STFL_SECRET_KEY *sk);
+
+size_t oqs_serialize_lms_key(const OQS_SIG_STFL_SECRET_KEY *sk,  uint8_t **sk_key);
+int oqs_deserialize_lms_key(OQS_SIG_STFL_SECRET_KEY *sk, size_t key_len, const uint8_t *sk_buf);
+
 // ---------------------------- FUNCTIONS INDEPENDENT OF VARIANT -----------------------------------------
 
-OQS_API OQS_STATUS OQS_SIG_STFL_alg_lms_sign(uint8_t *signature, size_t *signature_length, const uint8_t *message, size_t message_len, uint8_t *secret_key);
+OQS_API OQS_STATUS OQS_SIG_STFL_alg_lms_sign(uint8_t *signature, size_t *signature_length, const uint8_t *message, size_t message_len, OQS_SIG_STFL_SECRET_KEY *secret_key);
 
 OQS_API OQS_STATUS OQS_SIG_STFL_alg_lms_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key);
 
-
 // --------------------------------------------------------------------------------------------------------
 
 #endif /* OQS_SIG_STFL_LMS_H */