From b05776c3e92ee7bfd4744df1b9e5b12f8c0b6af5 Mon Sep 17 00:00:00 2001 From: Duc Nguyen Date: Thu, 19 Oct 2023 22:48:43 -0400 Subject: [PATCH 01/32] Init --- src/sig_stfl/sig_stfl.c | 44 ++---- src/sig_stfl/sig_stfl.h | 8 +- src/sig_stfl/xmss/external/sign.c | 139 ------------------ src/sig_stfl/xmss/external/sign.h | 90 ------------ src/sig_stfl/xmss/sig_stfl_xmss.h | 93 ++++++++---- .../xmss/sig_stfl_xmss_secret_key_functions.c | 36 ++++- src/sig_stfl/xmss/sig_stfl_xmss_sha256_h10.c | 23 ++- src/sig_stfl/xmss/sig_stfl_xmss_sha256_h16.c | 23 ++- src/sig_stfl/xmss/sig_stfl_xmss_sha256_h20.c | 23 ++- src/sig_stfl/xmss/sig_stfl_xmss_sha512_h10.c | 23 ++- src/sig_stfl/xmss/sig_stfl_xmss_sha512_h16.c | 23 ++- src/sig_stfl/xmss/sig_stfl_xmss_sha512_h20.c | 23 ++- .../xmss/sig_stfl_xmss_shake128_h10.c | 23 ++- .../xmss/sig_stfl_xmss_shake128_h16.c | 23 ++- .../xmss/sig_stfl_xmss_shake128_h20.c | 23 ++- .../xmss/sig_stfl_xmss_shake256_h10.c | 23 ++- .../xmss/sig_stfl_xmss_shake256_h16.c | 23 ++- .../xmss/sig_stfl_xmss_shake256_h20.c | 23 ++- .../xmss/sig_stfl_xmssmt_sha256_h20_2.c | 23 ++- .../xmss/sig_stfl_xmssmt_sha256_h20_4.c | 23 ++- .../xmss/sig_stfl_xmssmt_sha256_h40_2.c | 23 ++- .../xmss/sig_stfl_xmssmt_sha256_h40_4.c | 23 ++- .../xmss/sig_stfl_xmssmt_sha256_h40_8.c | 23 ++- .../xmss/sig_stfl_xmssmt_sha256_h60_12.c | 23 ++- .../xmss/sig_stfl_xmssmt_sha256_h60_3.c | 23 ++- .../xmss/sig_stfl_xmssmt_sha256_h60_6.c | 23 ++- .../xmss/sig_stfl_xmssmt_shake128_h20_2.c | 23 ++- .../xmss/sig_stfl_xmssmt_shake128_h20_4.c | 23 ++- .../xmss/sig_stfl_xmssmt_shake128_h40_2.c | 23 ++- .../xmss/sig_stfl_xmssmt_shake128_h40_4.c | 23 ++- .../xmss/sig_stfl_xmssmt_shake128_h40_8.c | 23 ++- .../xmss/sig_stfl_xmssmt_shake128_h60_12.c | 23 ++- .../xmss/sig_stfl_xmssmt_shake128_h60_3.c | 23 ++- .../xmss/sig_stfl_xmssmt_shake128_h60_6.c | 23 ++- 34 files changed, 698 insertions(+), 356 deletions(-) delete mode 100644 src/sig_stfl/xmss/external/sign.c delete mode 100644 src/sig_stfl/xmss/external/sign.h diff --git a/src/sig_stfl/sig_stfl.c b/src/sig_stfl/sig_stfl.c index b434f54715..4d9894fd00 100644 --- a/src/sig_stfl/sig_stfl.c +++ b/src/sig_stfl/sig_stfl.c @@ -14,6 +14,7 @@ OQS_API const char *OQS_SIG_STFL_alg_identifier(size_t i) { const char *a[OQS_SIG_STFL_algs_length] = { + // XMSS OQS_SIG_STFL_alg_xmss_sha256_h10, OQS_SIG_STFL_alg_xmss_sha256_h16, OQS_SIG_STFL_alg_xmss_sha256_h20, @@ -42,6 +43,7 @@ OQS_API const char *OQS_SIG_STFL_alg_identifier(size_t i) { OQS_SIG_STFL_alg_xmssmt_shake128_h60_3, OQS_SIG_STFL_alg_xmssmt_shake128_h60_6, OQS_SIG_STFL_alg_xmssmt_shake128_h60_12, + // LMS OQS_SIG_STFL_alg_lms_sha256_n32_h5_w1, OQS_SIG_STFL_alg_lms_sha256_n32_h5_w2, OQS_SIG_STFL_alg_lms_sha256_n32_h5_w4, @@ -799,54 +801,38 @@ OQS_API OQS_SIG_STFL_SECRET_KEY *OQS_SIG_STFL_SECRET_KEY_new(const char *method_ } } -void OQS_SECRET_KEY_XMSS_free(OQS_SIG_STFL_SECRET_KEY *sk) { - if (sk == NULL) { - return; - } - - OQS_MEM_secure_free(sk->secret_key_data, sk->length_secret_key); - sk->secret_key_data = NULL; -} - OQS_API void OQS_SIG_STFL_SECRET_KEY_free(OQS_SIG_STFL_SECRET_KEY *sk) { - if (sk == NULL) { + if (sk == NULL || sk->free_key == NULL) { return; } /* Call object specific free */ - if (sk->free_key) { - sk->free_key(sk); - } + sk->free_key(sk); + + /* Free sk object */ OQS_MEM_secure_free(sk, sizeof(sk)); + sk = NULL; } OQS_API void OQS_SIG_STFL_SECRET_KEY_SET_store_cb(OQS_SIG_STFL_SECRET_KEY *sk, secure_store_sk store_cb, void *context) { - if (sk) { - if (sk->set_scrt_key_store_cb) { - sk->set_scrt_key_store_cb(sk, store_cb, context); - } + if (sk == NULL || sk->set_scrt_key_store_cb == NULL) { + return; } + sk->set_scrt_key_store_cb(sk, store_cb, context); } /* Convert secret key object to byte string */ OQS_API OQS_STATUS OQS_SECRET_KEY_STFL_serialize_key(const OQS_SIG_STFL_SECRET_KEY *sk, size_t *sk_len, uint8_t **sk_buf) { - if ((sk == NULL) || (sk_len == NULL) || (sk_buf == NULL)) { - return 0; - } - if (sk->serialize_key) { - return sk->serialize_key(sk, sk_len, sk_buf); - } else { - return 0; + if (sk == NULL || sk_len == NULL || sk_buf == NULL || sk->serialize_key == NULL) { + return OQS_ERROR; } + + return sk->serialize_key(sk, sk_len, sk_buf); } /* Insert secret key byte string in an Stateful secret key object */ OQS_API OQS_STATUS OQS_SECRET_KEY_STFL_deserialize_key(OQS_SIG_STFL_SECRET_KEY *sk, const size_t key_len, const uint8_t *sk_buf, void *context) { - if ((sk == NULL) || (sk_buf == NULL)) { - return OQS_ERROR; - } - - if (sk->deserialize_key == NULL) { + if (sk == NULL || sk_buf == NULL || sk->deserialize_key == NULL) { return OQS_ERROR; } diff --git a/src/sig_stfl/sig_stfl.h b/src/sig_stfl/sig_stfl.h index e4b7d42c9c..dc47c41647 100644 --- a/src/sig_stfl/sig_stfl.h +++ b/src/sig_stfl/sig_stfl.h @@ -165,7 +165,7 @@ OQS_API int OQS_SIG_STFL_alg_is_enabled(const char *method_name); */ typedef struct OQS_SIG_STFL { - /** A local ordinal representing the LMS parameter of the signature scheme. */ + /** A local ordinal representing the OID parameter of the signature scheme. */ uint32_t oid; /** Printable string representing the name of the signature scheme. */ @@ -283,12 +283,12 @@ typedef struct OQS_SIG_STFL_SECRET_KEY { OQS_STATUS (*serialize_key)(const OQS_SIG_STFL_SECRET_KEY *sk, size_t *sk_len, uint8_t **sk_buf_ptr); /** - * set Secret Key to internal structure Function + * Secret Key to internal structure Function * * @param[in] sk OQS_SIG_STFL_SECRET_KEY object * @param[in] key_len length of the returned byte string - * @param[in] sk_buf The secret key data to populate key obj - * @param[in] context application specific data + * @param[in] sk_buf The secret key data to populate key object + * @param[in] context application specific data * @returns status of the operation populated with key material none-zero length. Caller * deletes the buffer. if sk_buf is NULL the function returns the length */ diff --git a/src/sig_stfl/xmss/external/sign.c b/src/sig_stfl/xmss/external/sign.c deleted file mode 100644 index 8bffc7f516..0000000000 --- a/src/sig_stfl/xmss/external/sign.c +++ /dev/null @@ -1,139 +0,0 @@ -/*============================================================================= - * Copyright (c) 2022 by SandboxAQ Inc - * Author: Duc Tri Nguyen (ductri.nguyen@sandboxaq.com) - * SPDX-License-Identifier: MIT -=============================================================================*/ -#include -#include - -#include "sign.h" -#include "sign_params.h" - -/************************************************* - * Name: XMSS_crypto_sign_keypair - * - * Description: Generates public and private key. - * - * Arguments: - uint8_t *pk: pointer to output public key (allocated - * array of CRYPTO_PUBLICKEYBYTES bytes) - * - uint8_t *sk: pointer to output private key (allocated - * array of CRYPTO_SECRETKEYBYTES bytes) - * - * Returns 0 (success), -1 otherwise - **************************************************/ -int crypto_sign_keypair(unsigned char *pk, unsigned char *sk) -{ - xmss_params params; - uint32_t oid; - int ret = 0; - - ret |= XMSS_STR_TO_OID(&oid, XMSS_OID); - if (ret) - { - return OQS_ERROR; - } - - ret |= XMSS_PARSE_OID(¶ms, oid); - if (ret) - { - return OQS_ERROR; - } - - // TODO: set OID directly here - ret |= XMSS_KEYPAIR(pk, sk, oid); - if (ret) - { - return OQS_ERROR; - } - - return OQS_SUCCESS; -} - -/************************************************* - * Name: XMSS_crypto_sign - * - * Description: Computes signature. - * - * Arguments: - uint8_t *sm: pointer to output signature (of length CRYPTO_BYTES) - * - uint64_t *smlen: pointer to output length of signature - * - uint8_t *m: pointer to message to be signed - * - uint64_t mlen: length of message - * - uint8_t *sk: pointer to bit-packed secret key - * - * Returns 0 (success), -1 otherwise - **************************************************/ -int crypto_sign(unsigned char *sm, unsigned long long *smlen, - const unsigned char *m, unsigned long long mlen, unsigned char *sk) -{ - int ret = XMSS_SIGN(sk, sm, smlen, m, mlen); - if (ret) - { - return OQS_ERROR; - } - - return OQS_SUCCESS; -} - -/************************************************* - * Name: XMSS_crypto_sign_open - * - * Description: Verify signed message. - * - * Arguments: - * - uint8_t *m: pointer to output message (allocated - * array with smlen bytes), can be equal to sm - * - uint64_t *mlen: pointer to output length of message - * - uint8_t *sm: pointer to signed message - * - uint64_t smlen: length of signed message - * - uint8_t *pk: pointer to bit-packed public key - * - * Returns 0 if signed message could be verified correctly and -1 otherwise - **************************************************/ -int crypto_sign_open(const unsigned char *m, unsigned long long mlen, - const unsigned char *sm, unsigned long long smlen, const unsigned char *pk) -{ - if (XMSS_SIGN_OPEN(m, mlen, sm, smlen, pk)) - { - return OQS_ERROR; - } - - return OQS_SUCCESS; -} - -/************************************************* - * Name: XMSS_crypto_remaining_signatures - * - * Description: Return number of remaining signatures - * - * Arguments: - uint64_t *remain: remaining signatures - * - uint8_t *sk: pointer to bit-packed private key - * - * Returns 0 (sucess), -1 otherwise - **************************************************/ -int crypto_remaining_signatures(unsigned long long *remain, const unsigned char *sk) -{ - if (XMSS_REMAINING_SIG(remain, sk)) - { - return OQS_ERROR; - } - return OQS_SUCCESS; -} - -/************************************************* - * Name: XMSS_crypto_total_signatures - * - * Description: Return number of total signatures - * - * Arguments: - uint64_t *max: maximum number of signatures - * - uint8_t *sk: pointer to bit-packed private key - * - * Returns 0 (sucess), -1 otherwise - **************************************************/ -int crypto_total_signatures(unsigned long long *max, const unsigned char *sk) -{ - if (XMSS_TOTAL_SIG(max, sk)) - { - return OQS_ERROR; - } - return OQS_SUCCESS; -} diff --git a/src/sig_stfl/xmss/external/sign.h b/src/sig_stfl/xmss/external/sign.h deleted file mode 100644 index df2c2fb7ca..0000000000 --- a/src/sig_stfl/xmss/external/sign.h +++ /dev/null @@ -1,90 +0,0 @@ -/*============================================================================= - * Copyright (c) 2022 by SandboxAQ Inc - * Author: Duc Tri Nguyen (ductri.nguyen@sandboxaq.com) - * SPDX-License-Identifier: MIT -=============================================================================*/ -#ifndef API_H -#define API_H - -#include -#include "namespace.h" -/************************************************* - * Name: XMSS_crypto_sign_keypair - * - * Description: Generates public and private key. - * - * Arguments: - uint8_t *pk: pointer to output public key (allocated - * array of CRYPTO_PUBLICKEYBYTES bytes) - * - uint8_t *sk: pointer to output private key (allocated - * array of CRYPTO_SECRETKEYBYTES bytes) - * - * Returns 0 (success), -1 otherwise - **************************************************/ -#define crypto_sign_keypair XMSS_NAMESPACE(crypto_sign_keypair) -int crypto_sign_keypair(unsigned char *pk, unsigned char *sk); - -/************************************************* - * Name: XMSS_crypto_sign - * - * Description: Computes signature. - * - * Arguments: - uint8_t *sm: pointer to output signature (of length CRYPTO_BYTES) - * - uint64_t *smlen: pointer to output length of signature - * - uint8_t *m: pointer to message to be signed - * - uint64_t mlen: length of message - * - uint8_t *sk: pointer to bit-packed secret key - * - * Returns 0 (success), -1 otherwise - **************************************************/ -#define crypto_sign XMSS_NAMESPACE(crypto_sign) -int crypto_sign(unsigned char *sm, unsigned long long *smlen, - const unsigned char *m, unsigned long long mlen, unsigned char *sk); - -/************************************************* - * Name: XMSS_crypto_sign_open - * - * Description: Verify signed message. - * - * Arguments: - * - uint8_t *m: pointer to output message (allocated - * array with smlen bytes), can be equal to sm - * - uint64_t *mlen: pointer to output length of message - * - uint8_t *sm: pointer to signed message - * - uint64_t smlen: length of signed message - * - uint8_t *pk: pointer to bit-packed public key - * - * Returns 0 if signed message could be verified correctly and -1 otherwise - **************************************************/ -#define crypto_sign_open XMSS_NAMESPACE(crypto_sign_open) -int crypto_sign_open(const unsigned char *m, unsigned long long mlen, - const unsigned char *sm, unsigned long long smlen, const unsigned char *pk); - -/************************************************* - * Name: XMSS_crypto_remaining_signatures - * - * Description: Return number of signatures left - * - * Arguments: - uint64_t *remain: remaining signatures - * - uint8_t *sk: pointer to bit-packed private key - * - * Returns 0 (sucess), -1 otherwise - **************************************************/ -#define crypto_remaining_signatures XMSS_NAMESPACE(crypto_remaining_signatures) -int crypto_remaining_signatures(unsigned long long *remain, const unsigned char *sk); - - -/************************************************* - * Name: XMSS_crypto_total_signatures - * - * Description: Return number of total signatures - * - * Arguments: - uint64_t *max: maximum number of signatures - * - uint8_t *sk: pointer to bit-packed private key - * - * Returns 0 (sucess), -1 otherwise - **************************************************/ -#define crypto_total_signatures XMSS_NAMESPACE(crypto_total_signatures) -int crypto_total_signatures(unsigned long long *max, const unsigned char *sk); - -#endif - diff --git a/src/sig_stfl/xmss/sig_stfl_xmss.h b/src/sig_stfl/xmss/sig_stfl_xmss.h index 8b9536daed..7ffdb863e1 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmss.h +++ b/src/sig_stfl/xmss/sig_stfl_xmss.h @@ -9,45 +9,46 @@ void OQS_SECRET_KEY_XMSS_free(OQS_SIG_STFL_SECRET_KEY *sk); /* - * | Algorithms | oid | sk | pk | sig | n | - * |-------------------------------|------|--------|-----|------|----| - * | XMSS-SHA2_10_256 | 0x01 | 1373 | 64 | 2500 | 32 | - * | XMSS-SHA2_16_256 | 0x02 | 2093 | 64 | 2692 | 32 | - * | XMSS-SHA2_20_256 | 0x03 | 2573 | 64 | 2820 | 32 | + * | Algorithms | oid | sk (b) | pk (b) | sig (b) | n | + * |-------------------------------|------|--------|--------|---------|----| + * | XMSS-SHA2_10_256 | 0x01 | 1373 | 64 | 2500 | 32 | + * | XMSS-SHA2_16_256 | 0x02 | 2093 | 64 | 2692 | 32 | + * | XMSS-SHA2_20_256 | 0x03 | 2573 | 64 | 2820 | 32 | * - * | XMSS-SHAKE_10_256 | 0x07 | 1373 | 64 | 2500 | 32 | - * | XMSS-SHAKE_16_256 | 0x08 | 2093 | 64 | 2692 | 32 | - * | XMSS-SHAKE_20_256 | 0x09 | 2573 | 64 | 2820 | 32 | + * | XMSS-SHAKE_10_256 | 0x07 | 1373 | 64 | 2500 | 32 | + * | XMSS-SHAKE_16_256 | 0x08 | 2093 | 64 | 2692 | 32 | + * | XMSS-SHAKE_20_256 | 0x09 | 2573 | 64 | 2820 | 32 | * - * | XMSS-SHA2_10_512 | 0x04 | 2653 | 128 | 9092 | 64 | - * | XMSS-SHA2_16_512 | 0x05 | 4045 | 128 | 9476 | 64 | - * | XMSS-SHA2_20_512 | 0x06 | 4973 | 128 | 9732 | 64 | + * | XMSS-SHA2_10_512 | 0x04 | 2653 | 128 | 9092 | 64 | + * | XMSS-SHA2_16_512 | 0x05 | 4045 | 128 | 9476 | 64 | + * | XMSS-SHA2_20_512 | 0x06 | 4973 | 128 | 9732 | 64 | * - * | XMSS-SHAKE_10_512 | 0x0a | 2653 | 128 | 9092 | 64 | - * | XMSS-SHAKE_16_512 | 0x0b | 4045 | 128 | 9476 | 64 | - * | XMSS-SHAKE_20_512 | 0x0c | 4973 | 128 | 9732 | 64 | + * | XMSS-SHAKE_10_512 | 0x0a | 2653 | 128 | 9092 | 64 | + * | XMSS-SHAKE_16_512 | 0x0b | 4045 | 128 | 9476 | 64 | + * | XMSS-SHAKE_20_512 | 0x0c | 4973 | 128 | 9732 | 64 | * - * | XMSSMT-SHA2_20/2_256 | 0x01 | 5998 | 64 | 4963 | 32 | - * | XMSSMT-SHA2_20/4_256 | 0x02 | 10938 | 64 | 9251 | 32 | - * | XMSSMT-SHA2_40/2_256 | 0x03 | 9600 | 64 | 5605 | 32 | - * | XMSSMT-SHA2_40/4_256 | 0x04 | 15252 | 64 | 9893 | 32 | - * | XMSSMT-SHA2_40/8_256 | 0x05 | 24516 | 64 | 18469 | 32 | - * | XMSSMT-SHA2_60/3_256 | 0x06 | 16629 | 64 | 8392 | 32 | - * | XMSSMT-SHA2_60/6_256 | 0x07 | 24507 | 64 | 14824 | 32 | - * | XMSSMT-SHA2_60/12_256 | 0x08 | 38095 | 64 | 27688 | 32 | + * | XMSSMT-SHA2_20/2_256 | 0x01 | 5998 | 64 | 4963 | 32 | + * | XMSSMT-SHA2_20/4_256 | 0x02 | 10938 | 64 | 9251 | 32 | + * | XMSSMT-SHA2_40/2_256 | 0x03 | 9600 | 64 | 5605 | 32 | + * | XMSSMT-SHA2_40/4_256 | 0x04 | 15252 | 64 | 9893 | 32 | + * | XMSSMT-SHA2_40/8_256 | 0x05 | 24516 | 64 | 18469 | 32 | + * | XMSSMT-SHA2_60/3_256 | 0x06 | 16629 | 64 | 8392 | 32 | + * | XMSSMT-SHA2_60/6_256 | 0x07 | 24507 | 64 | 14824 | 32 | + * | XMSSMT-SHA2_60/12_256 | 0x08 | 38095 | 64 | 27688 | 32 | * - * | XMSSMT-SHAKE_20/2_256 | 0x11 | 5998 | 64 | 4963 | 32 | - * | XMSSMT-SHAKE_20/4_256 | 0x12 | 10938 | 64 | 9251 | 32 | - * | XMSSMT-SHAKE_40/2_256 | 0x13 | 9600 | 64 | 5605 | 32 | - * | XMSSMT-SHAKE_40/4_256 | 0x14 | 15252 | 64 | 9893 | 32 | - * | XMSSMT-SHAKE_40/8_256 | 0x15 | 24516 | 64 | 18469 | 32 | - * | XMSSMT-SHAKE_60/3_256 | 0x16 | 16629 | 64 | 8392 | 32 | - * | XMSSMT-SHAKE_60/6_256 | 0x17 | 24507 | 64 | 14824 | 32 | - * | XMSSMT-SHAKE_60/12_256 | 0x18 | 38095 | 64 | 27688 | 32 | + * | XMSSMT-SHAKE_20/2_256 | 0x11 | 5998 | 64 | 4963 | 32 | + * | XMSSMT-SHAKE_20/4_256 | 0x12 | 10938 | 64 | 9251 | 32 | + * | XMSSMT-SHAKE_40/2_256 | 0x13 | 9600 | 64 | 5605 | 32 | + * | XMSSMT-SHAKE_40/4_256 | 0x14 | 15252 | 64 | 9893 | 32 | + * | XMSSMT-SHAKE_40/8_256 | 0x15 | 24516 | 64 | 18469 | 32 | + * | XMSSMT-SHAKE_60/3_256 | 0x16 | 16629 | 64 | 8392 | 32 | + * | XMSSMT-SHAKE_60/6_256 | 0x17 | 24507 | 64 | 14824 | 32 | + * | XMSSMT-SHAKE_60/12_256 | 0x18 | 38095 | 64 | 27688 | 32 | */ #ifdef OQS_ENABLE_SIG_STFL_xmss_sha256_h10 +#define OQS_SIG_STFL_alg_xmss_sha256_h10_oid 0x01 #define OQS_SIG_STFL_alg_xmss_sha256_h10_length_sk (1373 + XMSS_OID_LEN) #define OQS_SIG_STFL_alg_xmss_sha256_h10_length_pk (64 + XMSS_OID_LEN) #define OQS_SIG_STFL_alg_xmss_sha256_h10_length_signature 2500 @@ -64,6 +65,7 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha256_h10_sigs_total(unsigned long lon #ifdef OQS_ENABLE_SIG_STFL_xmss_sha256_h16 +#define OQS_SIG_STFL_alg_xmss_sha256_h16_oid 0x02 #define OQS_SIG_STFL_alg_xmss_sha256_h16_length_sk (2093 + XMSS_OID_LEN) #define OQS_SIG_STFL_alg_xmss_sha256_h16_length_pk (64 + XMSS_OID_LEN) #define OQS_SIG_STFL_alg_xmss_sha256_h16_length_signature 2692 @@ -80,6 +82,7 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha256_h16_sigs_total(unsigned long lon #ifdef OQS_ENABLE_SIG_STFL_xmss_sha256_h20 +#define OQS_SIG_STFL_alg_xmss_sha256_h20_oid 0x03 #define OQS_SIG_STFL_alg_xmss_sha256_h20_length_sk (2573 + XMSS_OID_LEN) #define OQS_SIG_STFL_alg_xmss_sha256_h20_length_pk (64 + XMSS_OID_LEN) #define OQS_SIG_STFL_alg_xmss_sha256_h20_length_signature 2820 @@ -96,6 +99,7 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha256_h20_sigs_total(unsigned long lon #ifdef OQS_ENABLE_SIG_STFL_xmss_shake128_h10 +#define OQS_SIG_STFL_alg_xmss_shake128_h10_oid 0x07 #define OQS_SIG_STFL_alg_xmss_shake128_h10_length_sk (1373 + XMSS_OID_LEN) #define OQS_SIG_STFL_alg_xmss_shake128_h10_length_pk (64 + XMSS_OID_LEN) #define OQS_SIG_STFL_alg_xmss_shake128_h10_length_signature 2500 @@ -112,6 +116,7 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_shake128_h10_sigs_total(unsigned long l #ifdef OQS_ENABLE_SIG_STFL_xmss_shake128_h16 +#define OQS_SIG_STFL_alg_xmss_shake128_h16_oid 0x08 #define OQS_SIG_STFL_alg_xmss_shake128_h16_length_sk (2093 + XMSS_OID_LEN) #define OQS_SIG_STFL_alg_xmss_shake128_h16_length_pk (64 + XMSS_OID_LEN) #define OQS_SIG_STFL_alg_xmss_shake128_h16_length_signature 2692 @@ -128,6 +133,7 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_shake128_h16_sigs_total(unsigned long l #ifdef OQS_ENABLE_SIG_STFL_xmss_shake128_h20 +#define OQS_SIG_STFL_alg_xmss_shake128_h20_oid 0x09 #define OQS_SIG_STFL_alg_xmss_shake128_h20_length_sk (2573 + XMSS_OID_LEN) #define OQS_SIG_STFL_alg_xmss_shake128_h20_length_pk (64 + XMSS_OID_LEN) #define OQS_SIG_STFL_alg_xmss_shake128_h20_length_signature 2820 @@ -144,6 +150,7 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_shake128_h20_sigs_total(unsigned long l #ifdef OQS_ENABLE_SIG_STFL_xmss_sha512_h10 +#define OQS_SIG_STFL_alg_xmss_sha512_h10_oid 0x04 #define OQS_SIG_STFL_alg_xmss_sha512_h10_length_sk (2653 + XMSS_OID_LEN) #define OQS_SIG_STFL_alg_xmss_sha512_h10_length_pk (128 + XMSS_OID_LEN) #define OQS_SIG_STFL_alg_xmss_sha512_h10_length_signature 9092 @@ -160,6 +167,7 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha512_h10_sigs_total(unsigned long lon #ifdef OQS_ENABLE_SIG_STFL_xmss_sha512_h16 +#define OQS_SIG_STFL_alg_xmss_sha512_h16_oid 0x05 #define OQS_SIG_STFL_alg_xmss_sha512_h16_length_sk (4045 + XMSS_OID_LEN) #define OQS_SIG_STFL_alg_xmss_sha512_h16_length_pk (128 + XMSS_OID_LEN) #define OQS_SIG_STFL_alg_xmss_sha512_h16_length_signature 9476 @@ -176,6 +184,7 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha512_h16_sigs_total(unsigned long lon #ifdef OQS_ENABLE_SIG_STFL_xmss_sha512_h20 +#define OQS_SIG_STFL_alg_xmss_sha512_h20_oid 0x06 #define OQS_SIG_STFL_alg_xmss_sha512_h20_length_sk (4973 + XMSS_OID_LEN) #define OQS_SIG_STFL_alg_xmss_sha512_h20_length_pk (128 + XMSS_OID_LEN) #define OQS_SIG_STFL_alg_xmss_sha512_h20_length_signature 9732 @@ -192,6 +201,7 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha512_h20_sigs_total(unsigned long lon #ifdef OQS_ENABLE_SIG_STFL_xmss_shake256_h10 +#define OQS_SIG_STFL_alg_xmss_shake256_h10_oid 0x0a #define OQS_SIG_STFL_alg_xmss_shake256_h10_length_sk (2653 + XMSS_OID_LEN) #define OQS_SIG_STFL_alg_xmss_shake256_h10_length_pk (128 + XMSS_OID_LEN) #define OQS_SIG_STFL_alg_xmss_shake256_h10_length_signature 9092 @@ -208,6 +218,7 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_shake256_h10_sigs_total(unsigned long l #ifdef OQS_ENABLE_SIG_STFL_xmss_shake256_h16 +#define OQS_SIG_STFL_alg_xmss_shake256_h16_oid 0x0b #define OQS_SIG_STFL_alg_xmss_shake256_h16_length_sk (4045 + XMSS_OID_LEN) #define OQS_SIG_STFL_alg_xmss_shake256_h16_length_pk (128 + XMSS_OID_LEN) #define OQS_SIG_STFL_alg_xmss_shake256_h16_length_signature 9476 @@ -224,6 +235,7 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_shake256_h16_sigs_total(unsigned long l #ifdef OQS_ENABLE_SIG_STFL_xmss_shake256_h20 +#define OQS_SIG_STFL_alg_xmss_shake256_h20_oid 0x0c #define OQS_SIG_STFL_alg_xmss_shake256_h20_length_sk (4973 + XMSS_OID_LEN) #define OQS_SIG_STFL_alg_xmss_shake256_h20_length_pk (128 + XMSS_OID_LEN) #define OQS_SIG_STFL_alg_xmss_shake256_h20_length_signature 9732 @@ -240,6 +252,7 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_shake256_h20_sigs_total(unsigned long l #ifdef OQS_ENABLE_SIG_STFL_xmssmt_sha256_h20_2 +#define OQS_SIG_STFL_alg_xmssmt_sha256_h20_2_oid 0x01 #define OQS_SIG_STFL_alg_xmssmt_sha256_h20_2_length_sk (5998 + XMSS_OID_LEN) #define OQS_SIG_STFL_alg_xmssmt_sha256_h20_2_length_pk (64 + XMSS_OID_LEN) #define OQS_SIG_STFL_alg_xmssmt_sha256_h20_2_length_signature 4963 @@ -256,6 +269,7 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sha256_h20_2_sigs_total(unsigned long #ifdef OQS_ENABLE_SIG_STFL_xmssmt_sha256_h20_4 +#define OQS_SIG_STFL_alg_xmssmt_sha256_h20_4_oid 0x02 #define OQS_SIG_STFL_alg_xmssmt_sha256_h20_4_length_sk (10938 + XMSS_OID_LEN) #define OQS_SIG_STFL_alg_xmssmt_sha256_h20_4_length_pk (64 + XMSS_OID_LEN) #define OQS_SIG_STFL_alg_xmssmt_sha256_h20_4_length_signature 9251 @@ -272,6 +286,7 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sha256_h20_4_sigs_total(unsigned long #ifdef OQS_ENABLE_SIG_STFL_xmssmt_sha256_h40_2 +#define OQS_SIG_STFL_alg_xmssmt_sha256_h40_2_oid 0x03 #define OQS_SIG_STFL_alg_xmssmt_sha256_h40_2_length_sk (9600 + XMSS_OID_LEN) #define OQS_SIG_STFL_alg_xmssmt_sha256_h40_2_length_pk (64 + XMSS_OID_LEN) #define OQS_SIG_STFL_alg_xmssmt_sha256_h40_2_length_signature 5605 @@ -288,6 +303,7 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sha256_h40_2_sigs_total(unsigned long #ifdef OQS_ENABLE_SIG_STFL_xmssmt_sha256_h40_4 +#define OQS_SIG_STFL_alg_xmssmt_sha256_h40_4_oid 0x04 #define OQS_SIG_STFL_alg_xmssmt_sha256_h40_4_length_sk (15252 + XMSS_OID_LEN) #define OQS_SIG_STFL_alg_xmssmt_sha256_h40_4_length_pk (64 + XMSS_OID_LEN) #define OQS_SIG_STFL_alg_xmssmt_sha256_h40_4_length_signature 9893 @@ -304,6 +320,7 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sha256_h40_4_sigs_total(unsigned long #ifdef OQS_ENABLE_SIG_STFL_xmssmt_sha256_h40_8 +#define OQS_SIG_STFL_alg_xmssmt_sha256_h40_8_oid 0x05 #define OQS_SIG_STFL_alg_xmssmt_sha256_h40_8_length_sk (24516 + XMSS_OID_LEN) #define OQS_SIG_STFL_alg_xmssmt_sha256_h40_8_length_pk (64 + XMSS_OID_LEN) #define OQS_SIG_STFL_alg_xmssmt_sha256_h40_8_length_signature 18469 @@ -320,6 +337,7 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sha256_h40_8_sigs_total(unsigned long #ifdef OQS_ENABLE_SIG_STFL_xmssmt_sha256_h60_3 +#define OQS_SIG_STFL_alg_xmssmt_sha256_h60_3_oid 0x06 #define OQS_SIG_STFL_alg_xmssmt_sha256_h60_3_length_sk (16629 + XMSS_OID_LEN) #define OQS_SIG_STFL_alg_xmssmt_sha256_h60_3_length_pk (64 + XMSS_OID_LEN) #define OQS_SIG_STFL_alg_xmssmt_sha256_h60_3_length_signature 8392 @@ -336,6 +354,7 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sha256_h60_3_sigs_total(unsigned long #ifdef OQS_ENABLE_SIG_STFL_xmssmt_sha256_h60_6 +#define OQS_SIG_STFL_alg_xmssmt_sha256_h60_6_oid 0x07 #define OQS_SIG_STFL_alg_xmssmt_sha256_h60_6_length_sk (24507 + XMSS_OID_LEN) #define OQS_SIG_STFL_alg_xmssmt_sha256_h60_6_length_pk (64 + XMSS_OID_LEN) #define OQS_SIG_STFL_alg_xmssmt_sha256_h60_6_length_signature 14824 @@ -352,6 +371,7 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sha256_h60_6_sigs_total(unsigned long #ifdef OQS_ENABLE_SIG_STFL_xmssmt_sha256_h60_12 +#define OQS_SIG_STFL_alg_xmssmt_sha256_h60_12_oid 0x08 #define OQS_SIG_STFL_alg_xmssmt_sha256_h60_12_length_sk (38095 + XMSS_OID_LEN) #define OQS_SIG_STFL_alg_xmssmt_sha256_h60_12_length_pk (64 + XMSS_OID_LEN) #define OQS_SIG_STFL_alg_xmssmt_sha256_h60_12_length_signature 27688 @@ -368,6 +388,7 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sha256_h60_12_sigs_total(unsigned lon #ifdef OQS_ENABLE_SIG_STFL_xmssmt_shake128_h20_2 +#define OQS_SIG_STFL_alg_xmssmt_shake128_h20_2_oid 0x11 #define OQS_SIG_STFL_alg_xmssmt_shake128_h20_2_length_sk (5998 + XMSS_OID_LEN) #define OQS_SIG_STFL_alg_xmssmt_shake128_h20_2_length_pk (64 + XMSS_OID_LEN) #define OQS_SIG_STFL_alg_xmssmt_shake128_h20_2_length_signature 4963 @@ -384,6 +405,7 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_shake128_h20_2_sigs_total(unsigned lo #ifdef OQS_ENABLE_SIG_STFL_xmssmt_shake128_h20_4 +#define OQS_SIG_STFL_alg_xmssmt_shake128_h20_4_oid 0x12 #define OQS_SIG_STFL_alg_xmssmt_shake128_h20_4_length_sk (10938 + XMSS_OID_LEN) #define OQS_SIG_STFL_alg_xmssmt_shake128_h20_4_length_pk (64 + XMSS_OID_LEN) #define OQS_SIG_STFL_alg_xmssmt_shake128_h20_4_length_signature 9251 @@ -400,6 +422,7 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_shake128_h20_4_sigs_total(unsigned lo #ifdef OQS_ENABLE_SIG_STFL_xmssmt_shake128_h40_2 +#define OQS_SIG_STFL_alg_xmssmt_shake128_h40_2_oid 0x13 #define OQS_SIG_STFL_alg_xmssmt_shake128_h40_2_length_sk (9600 + XMSS_OID_LEN) #define OQS_SIG_STFL_alg_xmssmt_shake128_h40_2_length_pk (64 + XMSS_OID_LEN) #define OQS_SIG_STFL_alg_xmssmt_shake128_h40_2_length_signature 5605 @@ -416,6 +439,7 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_shake128_h40_2_sigs_total(unsigned lo #ifdef OQS_ENABLE_SIG_STFL_xmssmt_shake128_h40_4 +#define OQS_SIG_STFL_alg_xmssmt_shake128_h40_4_oid 0x14 #define OQS_SIG_STFL_alg_xmssmt_shake128_h40_4_length_sk (15252 + XMSS_OID_LEN) #define OQS_SIG_STFL_alg_xmssmt_shake128_h40_4_length_pk (64 + XMSS_OID_LEN) #define OQS_SIG_STFL_alg_xmssmt_shake128_h40_4_length_signature 9893 @@ -432,6 +456,7 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_shake128_h40_4_sigs_total(unsigned lo #ifdef OQS_ENABLE_SIG_STFL_xmssmt_shake128_h40_8 +#define OQS_SIG_STFL_alg_xmssmt_shake128_h40_8_oid 0x15 #define OQS_SIG_STFL_alg_xmssmt_shake128_h40_8_length_sk (24516 + XMSS_OID_LEN) #define OQS_SIG_STFL_alg_xmssmt_shake128_h40_8_length_pk (64 + XMSS_OID_LEN) #define OQS_SIG_STFL_alg_xmssmt_shake128_h40_8_length_signature 18469 @@ -448,6 +473,7 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_shake128_h40_8_sigs_total(unsigned lo #ifdef OQS_ENABLE_SIG_STFL_xmssmt_shake128_h60_3 +#define OQS_SIG_STFL_alg_xmssmt_shake128_h60_3_oid 0x16 #define OQS_SIG_STFL_alg_xmssmt_shake128_h60_3_length_sk (16629 + XMSS_OID_LEN) #define OQS_SIG_STFL_alg_xmssmt_shake128_h60_3_length_pk (64 + XMSS_OID_LEN) #define OQS_SIG_STFL_alg_xmssmt_shake128_h60_3_length_signature 8392 @@ -464,6 +490,7 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_shake128_h60_3_sigs_total(unsigned lo #ifdef OQS_ENABLE_SIG_STFL_xmssmt_shake128_h60_6 +#define OQS_SIG_STFL_alg_xmssmt_shake128_h60_6_oid 0x17 #define OQS_SIG_STFL_alg_xmssmt_shake128_h60_6_length_sk (24507 + XMSS_OID_LEN) #define OQS_SIG_STFL_alg_xmssmt_shake128_h60_6_length_pk (64 + XMSS_OID_LEN) #define OQS_SIG_STFL_alg_xmssmt_shake128_h60_6_length_signature 14824 @@ -480,6 +507,7 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_shake128_h60_6_sigs_total(unsigned lo #ifdef OQS_ENABLE_SIG_STFL_xmssmt_shake128_h60_12 +#define OQS_SIG_STFL_alg_xmssmt_shake128_h60_12_oid 0x18 #define OQS_SIG_STFL_alg_xmssmt_shake128_h60_12_length_sk (38095 + XMSS_OID_LEN) #define OQS_SIG_STFL_alg_xmssmt_shake128_h60_12_length_pk (64 + XMSS_OID_LEN) #define OQS_SIG_STFL_alg_xmssmt_shake128_h60_12_length_signature 27688 @@ -503,7 +531,10 @@ OQS_STATUS OQS_SECRET_KEY_XMSS_serialize_key(const OQS_SIG_STFL_SECRET_KEY *sk, /* Deserialize XMSS byte string into an XMSS secret key data */ OQS_STATUS OQS_SECRET_KEY_XMSS_deserialize_key(OQS_SIG_STFL_SECRET_KEY *sk, const size_t sk_len, const uint8_t *sk_buf, void *context); -/* Set XMSS byte string into an XMSS secret key data */ +/* Store Secret Key Function, idealy written to secure device */ void OQS_SECRET_KEY_XMSS_set_store_cb(OQS_SIG_STFL_SECRET_KEY *sk, secure_store_sk store_cb, void *context); +/* Free Secret key object */ +void OQS_SECRET_KEY_XMSS_free(OQS_SIG_STFL_SECRET_KEY *sk); + #endif /* OQS_SIG_STFL_XMSS_H */ diff --git a/src/sig_stfl/xmss/sig_stfl_xmss_secret_key_functions.c b/src/sig_stfl/xmss/sig_stfl_xmss_secret_key_functions.c index a9ea864cdb..22871251c1 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmss_secret_key_functions.c +++ b/src/sig_stfl/xmss/sig_stfl_xmss_secret_key_functions.c @@ -16,6 +16,11 @@ OQS_STATUS OQS_SECRET_KEY_XMSS_serialize_key(const OQS_SIG_STFL_SECRET_KEY *sk, return OQS_ERROR; } + // Lock the key if possible + if (sk->lock_key != NULL && sk->mutex != NULL) { + sk->lock_key(sk->mutex); + } + uint8_t *sk_buf = malloc(sk->length_secret_key * sizeof(uint8_t)); if (sk_buf == NULL) { return OQS_ERROR; @@ -27,6 +32,11 @@ OQS_STATUS OQS_SECRET_KEY_XMSS_serialize_key(const OQS_SIG_STFL_SECRET_KEY *sk, *sk_buf_ptr = sk_buf; *sk_len = sk->length_secret_key; + // Unlock the key if possible + if (sk->unlock_key != NULL && sk->mutex != NULL) { + sk->unlock_key(sk->mutex); + } + return OQS_SUCCESS; } @@ -36,12 +46,11 @@ OQS_STATUS OQS_SECRET_KEY_XMSS_deserialize_key(OQS_SIG_STFL_SECRET_KEY *sk, cons return OQS_ERROR; } - if (sk->secret_key_data != NULL) { - OQS_MEM_secure_free(sk->secret_key_data, sk->length_secret_key); - sk->secret_key_data = NULL; + // Lock the key if possible + if (sk->lock_key != NULL && sk->mutex != NULL) { + sk->lock_key(sk->mutex); } - // Assume key data is not present sk->secret_key_data = malloc(sk_len); if (sk->secret_key_data == NULL) { return OQS_ERROR; @@ -50,14 +59,27 @@ OQS_STATUS OQS_SECRET_KEY_XMSS_deserialize_key(OQS_SIG_STFL_SECRET_KEY *sk, cons sk->context = context; memcpy(sk->secret_key_data, sk_buf, sk_len); + // Unlock the key if possible + if (sk->unlock_key != NULL && sk->mutex != NULL) { + sk->unlock_key(sk->mutex); + } + return OQS_SUCCESS; } void OQS_SECRET_KEY_XMSS_set_store_cb(OQS_SIG_STFL_SECRET_KEY *sk, secure_store_sk store_cb, void *context) { - if (!sk || !store_cb || !context) { + if (sk == NULL || store_cb == NULL) { return; } - - sk->context = context; sk->secure_store_scrt_key = store_cb; + sk->context = context; +} + +void OQS_SECRET_KEY_XMSS_free(OQS_SIG_STFL_SECRET_KEY *sk) { + if (sk == NULL) { + return; + } + + OQS_MEM_secure_free(sk->secret_key_data, sk->length_secret_key); + sk->secret_key_data = NULL; } diff --git a/src/sig_stfl/xmss/sig_stfl_xmss_sha256_h10.c b/src/sig_stfl/xmss/sig_stfl_xmss_sha256_h10.c index 2affc67195..143b41a95b 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmss_sha256_h10.c +++ b/src/sig_stfl/xmss/sig_stfl_xmss_sha256_h10.c @@ -24,6 +24,7 @@ OQS_SIG_STFL *OQS_SIG_STFL_alg_xmss_sha256_h10_new(void) { } memset(sig, 0, sizeof(OQS_SIG_STFL)); + sig->oid = OQS_SIG_STFL_alg_xmss_sha256_h10_oid; sig->method_name = "XMSS-SHA2_10_256"; sig->alg_version = "https://datatracker.ietf.org/doc/html/rfc8391"; sig->euf_cma = true; @@ -66,6 +67,25 @@ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_XMSS_SHA256_H10_new(void) { memset(sk->secret_key_data, 0, sk->length_secret_key); + // Point to associated OQS_SIG_STFL object + sk->sig = NULL; + + // Mutual exclusion struct + sk->mutex = NULL; + + // Set Secret Key locking function + sk->lock_key = NULL; + + // Set Secret Key unlocking / releasing function + sk->unlock_key = NULL; + + // Set Secret Key saving function + sk->secure_store_scrt_key = NULL; + + // Set Secret Key store callback function + sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; + + // Set Secret Key free function sk->free_key = OQS_SECRET_KEY_XMSS_free; sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; @@ -79,8 +99,7 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha256_h10_keypair(XMSS_UNUSED_ATT uint return OQS_ERROR; } - const uint32_t xmss_sha256_h10_oid = 0x01; - if (xmss_keypair(public_key, secret_key->secret_key_data, xmss_sha256_h10_oid)) { + if (xmss_keypair(public_key, secret_key->secret_key_data, OQS_SIG_STFL_alg_xmss_sha256_h10_oid)) { return OQS_ERROR; } diff --git a/src/sig_stfl/xmss/sig_stfl_xmss_sha256_h16.c b/src/sig_stfl/xmss/sig_stfl_xmss_sha256_h16.c index cfaa958dd7..033ab5d90e 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmss_sha256_h16.c +++ b/src/sig_stfl/xmss/sig_stfl_xmss_sha256_h16.c @@ -24,6 +24,7 @@ OQS_SIG_STFL *OQS_SIG_STFL_alg_xmss_sha256_h16_new(void) { } memset(sig, 0, sizeof(OQS_SIG_STFL)); + sig->oid = OQS_SIG_STFL_alg_xmss_sha256_h16_oid; sig->method_name = "XMSS-SHA2_16_256"; sig->alg_version = "https://datatracker.ietf.org/doc/html/rfc8391"; sig->euf_cma = true; @@ -65,6 +66,25 @@ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_XMSS_SHA256_H16_new(void) { } memset(sk->secret_key_data, 0, sk->length_secret_key); + // Point to associated OQS_SIG_STFL object + sk->sig = NULL; + + // Mutual exclusion struct + sk->mutex = NULL; + + // Set Secret Key locking function + sk->lock_key = NULL; + + // Set Secret Key unlocking / releasing function + sk->unlock_key = NULL; + + // Set Secret Key saving function + sk->secure_store_scrt_key = NULL; + + // Set Secret Key store callback function + sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; + + // Set Secret Key free function sk->free_key = OQS_SECRET_KEY_XMSS_free; sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; @@ -78,8 +98,7 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha256_h16_keypair(XMSS_UNUSED_ATT uint return OQS_ERROR; } - const uint32_t xmss_sha256_h16_oid = 0x02; - if (xmss_keypair(public_key, secret_key->secret_key_data, xmss_sha256_h16_oid)) { + if (xmss_keypair(public_key, secret_key->secret_key_data, OQS_SIG_STFL_alg_xmss_sha256_h16_oid)) { return OQS_ERROR; } diff --git a/src/sig_stfl/xmss/sig_stfl_xmss_sha256_h20.c b/src/sig_stfl/xmss/sig_stfl_xmss_sha256_h20.c index 1145d17e2b..618a5ba1da 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmss_sha256_h20.c +++ b/src/sig_stfl/xmss/sig_stfl_xmss_sha256_h20.c @@ -24,6 +24,7 @@ OQS_SIG_STFL *OQS_SIG_STFL_alg_xmss_sha256_h20_new(void) { } memset(sig, 0, sizeof(OQS_SIG_STFL)); + sig->oid = OQS_SIG_STFL_alg_xmss_sha256_h20_oid; sig->method_name = "XMSS-SHA2_20_256"; sig->alg_version = "https://datatracker.ietf.org/doc/html/rfc8391"; sig->euf_cma = true; @@ -65,6 +66,25 @@ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_XMSS_SHA256_H20_new(void) { } memset(sk->secret_key_data, 0, sk->length_secret_key); + // Point to associated OQS_SIG_STFL object + sk->sig = NULL; + + // Mutual exclusion struct + sk->mutex = NULL; + + // Set Secret Key locking function + sk->lock_key = NULL; + + // Set Secret Key unlocking / releasing function + sk->unlock_key = NULL; + + // Set Secret Key saving function + sk->secure_store_scrt_key = NULL; + + // Set Secret Key store callback function + sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; + + // Set Secret Key free function sk->free_key = OQS_SECRET_KEY_XMSS_free; sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; @@ -78,8 +98,7 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha256_h20_keypair(XMSS_UNUSED_ATT uint return OQS_ERROR; } - const uint32_t xmss_sha256_h20_oid = 0x03; - if (xmss_keypair(public_key, secret_key->secret_key_data, xmss_sha256_h20_oid)) { + if (xmss_keypair(public_key, secret_key->secret_key_data, OQS_SIG_STFL_alg_xmss_sha256_h20_oid)) { return OQS_ERROR; } diff --git a/src/sig_stfl/xmss/sig_stfl_xmss_sha512_h10.c b/src/sig_stfl/xmss/sig_stfl_xmss_sha512_h10.c index c7ca88eee7..bfb24fcbda 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmss_sha512_h10.c +++ b/src/sig_stfl/xmss/sig_stfl_xmss_sha512_h10.c @@ -24,6 +24,7 @@ OQS_SIG_STFL *OQS_SIG_STFL_alg_xmss_sha512_h10_new(void) { } memset(sig, 0, sizeof(OQS_SIG_STFL)); + sig->oid = OQS_SIG_STFL_alg_xmss_sha512_h10_oid; sig->method_name = "XMSS-SHA2_10_512"; sig->alg_version = "https://datatracker.ietf.org/doc/html/rfc8391"; sig->euf_cma = true; @@ -65,6 +66,25 @@ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_XMSS_SHA512_H10_new(void) { } memset(sk->secret_key_data, 0, sk->length_secret_key); + // Point to associated OQS_SIG_STFL object + sk->sig = NULL; + + // Mutual exclusion struct + sk->mutex = NULL; + + // Set Secret Key locking function + sk->lock_key = NULL; + + // Set Secret Key unlocking / releasing function + sk->unlock_key = NULL; + + // Set Secret Key saving function + sk->secure_store_scrt_key = NULL; + + // Set Secret Key store callback function + sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; + + // Set Secret Key free function sk->free_key = OQS_SECRET_KEY_XMSS_free; sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; @@ -78,8 +98,7 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha512_h10_keypair(XMSS_UNUSED_ATT uint return OQS_ERROR; } - const uint32_t xmss_sha512_h10_oid = 0x04; - if (xmss_keypair(public_key, secret_key->secret_key_data, xmss_sha512_h10_oid)) { + if (xmss_keypair(public_key, secret_key->secret_key_data, OQS_SIG_STFL_alg_xmss_sha512_h10_oid)) { return OQS_ERROR; } diff --git a/src/sig_stfl/xmss/sig_stfl_xmss_sha512_h16.c b/src/sig_stfl/xmss/sig_stfl_xmss_sha512_h16.c index 70123ccb16..6ee95da8c1 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmss_sha512_h16.c +++ b/src/sig_stfl/xmss/sig_stfl_xmss_sha512_h16.c @@ -24,6 +24,7 @@ OQS_SIG_STFL *OQS_SIG_STFL_alg_xmss_sha512_h16_new(void) { } memset(sig, 0, sizeof(OQS_SIG_STFL)); + sig->oid = OQS_SIG_STFL_alg_xmss_sha512_h16_oid; sig->method_name = "XMSS-SHA2_16_512"; sig->alg_version = "https://datatracker.ietf.org/doc/html/rfc8391"; sig->euf_cma = true; @@ -65,6 +66,25 @@ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_XMSS_SHA512_H16_new(void) { } memset(sk->secret_key_data, 0, sk->length_secret_key); + // Point to associated OQS_SIG_STFL object + sk->sig = NULL; + + // Mutual exclusion struct + sk->mutex = NULL; + + // Set Secret Key locking function + sk->lock_key = NULL; + + // Set Secret Key unlocking / releasing function + sk->unlock_key = NULL; + + // Set Secret Key saving function + sk->secure_store_scrt_key = NULL; + + // Set Secret Key store callback function + sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; + + // Set Secret Key free function sk->free_key = OQS_SECRET_KEY_XMSS_free; sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; @@ -78,8 +98,7 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha512_h16_keypair(XMSS_UNUSED_ATT uint return OQS_ERROR; } - const uint32_t xmss_sha512_h16_oid = 0x05; - if (xmss_keypair(public_key, secret_key->secret_key_data, xmss_sha512_h16_oid)) { + if (xmss_keypair(public_key, secret_key->secret_key_data, OQS_SIG_STFL_alg_xmss_sha512_h16_oid)) { return OQS_ERROR; } diff --git a/src/sig_stfl/xmss/sig_stfl_xmss_sha512_h20.c b/src/sig_stfl/xmss/sig_stfl_xmss_sha512_h20.c index ebb03643a6..222c297b86 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmss_sha512_h20.c +++ b/src/sig_stfl/xmss/sig_stfl_xmss_sha512_h20.c @@ -24,6 +24,7 @@ OQS_SIG_STFL *OQS_SIG_STFL_alg_xmss_sha512_h20_new(void) { } memset(sig, 0, sizeof(OQS_SIG_STFL)); + sig->oid = OQS_SIG_STFL_alg_xmss_sha512_h20_oid; sig->method_name = "XMSS-SHA2_20_512"; sig->alg_version = "https://datatracker.ietf.org/doc/html/rfc8391"; sig->euf_cma = true; @@ -65,6 +66,25 @@ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_XMSS_SHA512_H20_new(void) { } memset(sk->secret_key_data, 0, sk->length_secret_key); + // Point to associated OQS_SIG_STFL object + sk->sig = NULL; + + // Mutual exclusion struct + sk->mutex = NULL; + + // Set Secret Key locking function + sk->lock_key = NULL; + + // Set Secret Key unlocking / releasing function + sk->unlock_key = NULL; + + // Set Secret Key saving function + sk->secure_store_scrt_key = NULL; + + // Set Secret Key store callback function + sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; + + // Set Secret Key free function sk->free_key = OQS_SECRET_KEY_XMSS_free; sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; @@ -78,8 +98,7 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha512_h20_keypair(XMSS_UNUSED_ATT uint return OQS_ERROR; } - const uint32_t xmss_sha512_h20_oid = 0x06; - if (xmss_keypair(public_key, secret_key->secret_key_data, xmss_sha512_h20_oid)) { + if (xmss_keypair(public_key, secret_key->secret_key_data, OQS_SIG_STFL_alg_xmss_sha512_h20_oid)) { return OQS_ERROR; } diff --git a/src/sig_stfl/xmss/sig_stfl_xmss_shake128_h10.c b/src/sig_stfl/xmss/sig_stfl_xmss_shake128_h10.c index 4d15d86461..1f16bac2d2 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmss_shake128_h10.c +++ b/src/sig_stfl/xmss/sig_stfl_xmss_shake128_h10.c @@ -24,6 +24,7 @@ OQS_SIG_STFL *OQS_SIG_STFL_alg_xmss_shake128_h10_new(void) { } memset(sig, 0, sizeof(OQS_SIG_STFL)); + sig->oid = OQS_SIG_STFL_alg_xmss_shake128_h10_oid; sig->method_name = "XMSS-SHAKE_10_256"; sig->alg_version = "https://datatracker.ietf.org/doc/html/rfc8391"; sig->euf_cma = true; @@ -65,6 +66,25 @@ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_XMSS_SHAKE128_H10_new(void) { } memset(sk->secret_key_data, 0, sk->length_secret_key); + // Point to associated OQS_SIG_STFL object + sk->sig = NULL; + + // Mutual exclusion struct + sk->mutex = NULL; + + // Set Secret Key locking function + sk->lock_key = NULL; + + // Set Secret Key unlocking / releasing function + sk->unlock_key = NULL; + + // Set Secret Key saving function + sk->secure_store_scrt_key = NULL; + + // Set Secret Key store callback function + sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; + + // Set Secret Key free function sk->free_key = OQS_SECRET_KEY_XMSS_free; sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; @@ -78,8 +98,7 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_shake128_h10_keypair(XMSS_UNUSED_ATT ui return OQS_ERROR; } - const uint32_t xmss_shake128_h10_oid = 0x07; - if (xmss_keypair(public_key, secret_key->secret_key_data, xmss_shake128_h10_oid)) { + if (xmss_keypair(public_key, secret_key->secret_key_data, OQS_SIG_STFL_alg_xmss_shake128_h10_oid)) { return OQS_ERROR; } diff --git a/src/sig_stfl/xmss/sig_stfl_xmss_shake128_h16.c b/src/sig_stfl/xmss/sig_stfl_xmss_shake128_h16.c index 499ba294ad..440a62095b 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmss_shake128_h16.c +++ b/src/sig_stfl/xmss/sig_stfl_xmss_shake128_h16.c @@ -24,6 +24,7 @@ OQS_SIG_STFL *OQS_SIG_STFL_alg_xmss_shake128_h16_new(void) { } memset(sig, 0, sizeof(OQS_SIG_STFL)); + sig->oid = OQS_SIG_STFL_alg_xmss_shake128_h16_oid; sig->method_name = "XMSS-SHAKE_16_256"; sig->alg_version = "https://datatracker.ietf.org/doc/html/rfc8391"; sig->euf_cma = true; @@ -65,6 +66,25 @@ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_XMSS_SHAKE128_H16_new(void) { } memset(sk->secret_key_data, 0, sk->length_secret_key); + // Point to associated OQS_SIG_STFL object + sk->sig = NULL; + + // Mutual exclusion struct + sk->mutex = NULL; + + // Set Secret Key locking function + sk->lock_key = NULL; + + // Set Secret Key unlocking / releasing function + sk->unlock_key = NULL; + + // Set Secret Key saving function + sk->secure_store_scrt_key = NULL; + + // Set Secret Key store callback function + sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; + + // Set Secret Key free function sk->free_key = OQS_SECRET_KEY_XMSS_free; sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; @@ -78,8 +98,7 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_shake128_h16_keypair(XMSS_UNUSED_ATT ui return OQS_ERROR; } - const uint32_t xmss_shake128_h16_oid = 0x08; - if (xmss_keypair(public_key, secret_key->secret_key_data, xmss_shake128_h16_oid)) { + if (xmss_keypair(public_key, secret_key->secret_key_data, OQS_SIG_STFL_alg_xmss_shake128_h16_oid)) { return OQS_ERROR; } diff --git a/src/sig_stfl/xmss/sig_stfl_xmss_shake128_h20.c b/src/sig_stfl/xmss/sig_stfl_xmss_shake128_h20.c index 8f47a4f825..0b2e39e27f 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmss_shake128_h20.c +++ b/src/sig_stfl/xmss/sig_stfl_xmss_shake128_h20.c @@ -24,6 +24,7 @@ OQS_SIG_STFL *OQS_SIG_STFL_alg_xmss_shake128_h20_new(void) { } memset(sig, 0, sizeof(OQS_SIG_STFL)); + sig->oid = OQS_SIG_STFL_alg_xmss_shake128_h20_oid; sig->method_name = "XMSS-SHAKE_20_256"; sig->alg_version = "https://datatracker.ietf.org/doc/html/rfc8391"; sig->euf_cma = true; @@ -65,6 +66,25 @@ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_XMSS_SHAKE128_H20_new(void) { } memset(sk->secret_key_data, 0, sk->length_secret_key); + // Point to associated OQS_SIG_STFL object + sk->sig = NULL; + + // Mutual exclusion struct + sk->mutex = NULL; + + // Set Secret Key locking function + sk->lock_key = NULL; + + // Set Secret Key unlocking / releasing function + sk->unlock_key = NULL; + + // Set Secret Key saving function + sk->secure_store_scrt_key = NULL; + + // Set Secret Key store callback function + sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; + + // Set Secret Key free function sk->free_key = OQS_SECRET_KEY_XMSS_free; sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; @@ -78,8 +98,7 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_shake128_h20_keypair(XMSS_UNUSED_ATT ui return OQS_ERROR; } - const uint32_t xmss_shake128_h20_oid = 0x09; - if (xmss_keypair(public_key, secret_key->secret_key_data, xmss_shake128_h20_oid)) { + if (xmss_keypair(public_key, secret_key->secret_key_data, OQS_SIG_STFL_alg_xmss_shake128_h20_oid)) { return OQS_ERROR; } diff --git a/src/sig_stfl/xmss/sig_stfl_xmss_shake256_h10.c b/src/sig_stfl/xmss/sig_stfl_xmss_shake256_h10.c index 944a34d9de..f56db2bb76 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmss_shake256_h10.c +++ b/src/sig_stfl/xmss/sig_stfl_xmss_shake256_h10.c @@ -24,6 +24,7 @@ OQS_SIG_STFL *OQS_SIG_STFL_alg_xmss_shake256_h10_new(void) { } memset(sig, 0, sizeof(OQS_SIG_STFL)); + sig->oid = OQS_SIG_STFL_alg_xmss_shake256_h10_oid; sig->method_name = "XMSS-SHAKE_10_512"; sig->alg_version = "https://datatracker.ietf.org/doc/html/rfc8391"; sig->euf_cma = true; @@ -65,6 +66,25 @@ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_XMSS_SHAKE256_H10_new(void) { } memset(sk->secret_key_data, 0, sk->length_secret_key); + // Point to associated OQS_SIG_STFL object + sk->sig = NULL; + + // Mutual exclusion struct + sk->mutex = NULL; + + // Set Secret Key locking function + sk->lock_key = NULL; + + // Set Secret Key unlocking / releasing function + sk->unlock_key = NULL; + + // Set Secret Key saving function + sk->secure_store_scrt_key = NULL; + + // Set Secret Key store callback function + sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; + + // Set Secret Key free function sk->free_key = OQS_SECRET_KEY_XMSS_free; sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; @@ -78,8 +98,7 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_shake256_h10_keypair(XMSS_UNUSED_ATT ui return OQS_ERROR; } - const uint32_t xmss_shake256_h10_oid = 0x0a; - if (xmss_keypair(public_key, secret_key->secret_key_data, xmss_shake256_h10_oid)) { + if (xmss_keypair(public_key, secret_key->secret_key_data, OQS_SIG_STFL_alg_xmss_shake256_h10_oid)) { return OQS_ERROR; } diff --git a/src/sig_stfl/xmss/sig_stfl_xmss_shake256_h16.c b/src/sig_stfl/xmss/sig_stfl_xmss_shake256_h16.c index 93e8791bf8..e6096359d7 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmss_shake256_h16.c +++ b/src/sig_stfl/xmss/sig_stfl_xmss_shake256_h16.c @@ -24,6 +24,7 @@ OQS_SIG_STFL *OQS_SIG_STFL_alg_xmss_shake256_h16_new(void) { } memset(sig, 0, sizeof(OQS_SIG_STFL)); + sig->oid = OQS_SIG_STFL_alg_xmss_shake256_h16_oid; sig->method_name = "XMSS-SHAKE_16_512"; sig->alg_version = "https://datatracker.ietf.org/doc/html/rfc8391"; sig->euf_cma = true; @@ -65,6 +66,25 @@ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_XMSS_SHAKE256_H16_new(void) { } memset(sk->secret_key_data, 0, sk->length_secret_key); + // Point to associated OQS_SIG_STFL object + sk->sig = NULL; + + // Mutual exclusion struct + sk->mutex = NULL; + + // Set Secret Key locking function + sk->lock_key = NULL; + + // Set Secret Key unlocking / releasing function + sk->unlock_key = NULL; + + // Set Secret Key saving function + sk->secure_store_scrt_key = NULL; + + // Set Secret Key store callback function + sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; + + // Set Secret Key free function sk->free_key = OQS_SECRET_KEY_XMSS_free; sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; @@ -78,8 +98,7 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_shake256_h16_keypair(XMSS_UNUSED_ATT ui return OQS_ERROR; } - const uint32_t xmss_shake256_h16_oid = 0x0b; - if (xmss_keypair(public_key, secret_key->secret_key_data, xmss_shake256_h16_oid)) { + if (xmss_keypair(public_key, secret_key->secret_key_data, OQS_SIG_STFL_alg_xmss_shake256_h16_oid)) { return OQS_ERROR; } diff --git a/src/sig_stfl/xmss/sig_stfl_xmss_shake256_h20.c b/src/sig_stfl/xmss/sig_stfl_xmss_shake256_h20.c index e701614e79..ac2ac4a7d5 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmss_shake256_h20.c +++ b/src/sig_stfl/xmss/sig_stfl_xmss_shake256_h20.c @@ -24,6 +24,7 @@ OQS_SIG_STFL *OQS_SIG_STFL_alg_xmss_shake256_h20_new(void) { } memset(sig, 0, sizeof(OQS_SIG_STFL)); + sig->oid = OQS_SIG_STFL_alg_xmss_shake256_h20_oid; sig->method_name = "XMSS-SHAKE_20_512"; sig->alg_version = "https://datatracker.ietf.org/doc/html/rfc8391"; sig->euf_cma = true; @@ -65,6 +66,25 @@ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_XMSS_SHAKE256_H20_new(void) { } memset(sk->secret_key_data, 0, sk->length_secret_key); + // Point to associated OQS_SIG_STFL object + sk->sig = NULL; + + // Mutual exclusion struct + sk->mutex = NULL; + + // Set Secret Key locking function + sk->lock_key = NULL; + + // Set Secret Key unlocking / releasing function + sk->unlock_key = NULL; + + // Set Secret Key saving function + sk->secure_store_scrt_key = NULL; + + // Set Secret Key store callback function + sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; + + // Set Secret Key free function sk->free_key = OQS_SECRET_KEY_XMSS_free; sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; @@ -78,8 +98,7 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_shake256_h20_keypair(XMSS_UNUSED_ATT ui return OQS_ERROR; } - const uint32_t xmss_shake256_h20_oid = 0x0c; - if (xmss_keypair(public_key, secret_key->secret_key_data, xmss_shake256_h20_oid)) { + if (xmss_keypair(public_key, secret_key->secret_key_data, OQS_SIG_STFL_alg_xmss_shake256_h20_oid)) { return OQS_ERROR; } diff --git a/src/sig_stfl/xmss/sig_stfl_xmssmt_sha256_h20_2.c b/src/sig_stfl/xmss/sig_stfl_xmssmt_sha256_h20_2.c index f333b08a0e..b7e705bee4 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmssmt_sha256_h20_2.c +++ b/src/sig_stfl/xmss/sig_stfl_xmssmt_sha256_h20_2.c @@ -24,6 +24,7 @@ OQS_SIG_STFL *OQS_SIG_STFL_alg_xmssmt_sha256_h20_2_new(void) { } memset(sig, 0, sizeof(OQS_SIG_STFL)); + sig->oid = OQS_SIG_STFL_alg_xmssmt_sha256_h20_2_oid; sig->method_name = "XMSSMT-SHA2_20/2_256"; sig->alg_version = "https://datatracker.ietf.org/doc/html/rfc8391"; sig->euf_cma = true; @@ -65,6 +66,25 @@ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_XMSSMT_SHA256_H20_2_new(void) { } memset(sk->secret_key_data, 0, sk->length_secret_key); + // Point to associated OQS_SIG_STFL object + sk->sig = NULL; + + // Mutual exclusion struct + sk->mutex = NULL; + + // Set Secret Key locking function + sk->lock_key = NULL; + + // Set Secret Key unlocking / releasing function + sk->unlock_key = NULL; + + // Set Secret Key saving function + sk->secure_store_scrt_key = NULL; + + // Set Secret Key store callback function + sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; + + // Set Secret Key free function sk->free_key = OQS_SECRET_KEY_XMSS_free; sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; @@ -78,8 +98,7 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sha256_h20_2_keypair(XMSS_UNUSED_ATT return OQS_ERROR; } - const uint32_t xmssmt_sha256_h20_2_oid = 0x01; - if (xmssmt_keypair(public_key, secret_key->secret_key_data, xmssmt_sha256_h20_2_oid)) { + if (xmssmt_keypair(public_key, secret_key->secret_key_data, OQS_SIG_STFL_alg_xmssmt_sha256_h20_2_oid)) { return OQS_ERROR; } diff --git a/src/sig_stfl/xmss/sig_stfl_xmssmt_sha256_h20_4.c b/src/sig_stfl/xmss/sig_stfl_xmssmt_sha256_h20_4.c index 76febd3103..4589dd8823 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmssmt_sha256_h20_4.c +++ b/src/sig_stfl/xmss/sig_stfl_xmssmt_sha256_h20_4.c @@ -24,6 +24,7 @@ OQS_SIG_STFL *OQS_SIG_STFL_alg_xmssmt_sha256_h20_4_new(void) { } memset(sig, 0, sizeof(OQS_SIG_STFL)); + sig->oid = OQS_SIG_STFL_alg_xmssmt_sha256_h20_4_oid; sig->method_name = "XMSSMT-SHA2_20/4_256"; sig->alg_version = "https://datatracker.ietf.org/doc/html/rfc8391"; sig->euf_cma = true; @@ -65,6 +66,25 @@ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_XMSSMT_SHA256_H20_4_new(void) { } memset(sk->secret_key_data, 0, sk->length_secret_key); + // Point to associated OQS_SIG_STFL object + sk->sig = NULL; + + // Mutual exclusion struct + sk->mutex = NULL; + + // Set Secret Key locking function + sk->lock_key = NULL; + + // Set Secret Key unlocking / releasing function + sk->unlock_key = NULL; + + // Set Secret Key saving function + sk->secure_store_scrt_key = NULL; + + // Set Secret Key store callback function + sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; + + // Set Secret Key free function sk->free_key = OQS_SECRET_KEY_XMSS_free; sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; @@ -78,8 +98,7 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sha256_h20_4_keypair(XMSS_UNUSED_ATT return OQS_ERROR; } - const uint32_t xmssmt_sha256_h20_4_oid = 0x02; - if (xmssmt_keypair(public_key, secret_key->secret_key_data, xmssmt_sha256_h20_4_oid)) { + if (xmssmt_keypair(public_key, secret_key->secret_key_data, OQS_SIG_STFL_alg_xmssmt_sha256_h20_4_oid)) { return OQS_ERROR; } diff --git a/src/sig_stfl/xmss/sig_stfl_xmssmt_sha256_h40_2.c b/src/sig_stfl/xmss/sig_stfl_xmssmt_sha256_h40_2.c index b2b39b51ec..dd12e8260c 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmssmt_sha256_h40_2.c +++ b/src/sig_stfl/xmss/sig_stfl_xmssmt_sha256_h40_2.c @@ -24,6 +24,7 @@ OQS_SIG_STFL *OQS_SIG_STFL_alg_xmssmt_sha256_h40_2_new(void) { } memset(sig, 0, sizeof(OQS_SIG_STFL)); + sig->oid = OQS_SIG_STFL_alg_xmssmt_sha256_h40_2_oid; sig->method_name = "XMSSMT-SHA2_40/2_256"; sig->alg_version = "https://datatracker.ietf.org/doc/html/rfc8391"; sig->euf_cma = true; @@ -65,6 +66,25 @@ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_XMSSMT_SHA256_H40_2_new(void) { } memset(sk->secret_key_data, 0, sk->length_secret_key); + // Point to associated OQS_SIG_STFL object + sk->sig = NULL; + + // Mutual exclusion struct + sk->mutex = NULL; + + // Set Secret Key locking function + sk->lock_key = NULL; + + // Set Secret Key unlocking / releasing function + sk->unlock_key = NULL; + + // Set Secret Key saving function + sk->secure_store_scrt_key = NULL; + + // Set Secret Key store callback function + sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; + + // Set Secret Key free function sk->free_key = OQS_SECRET_KEY_XMSS_free; sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; @@ -78,8 +98,7 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sha256_h40_2_keypair(XMSS_UNUSED_ATT return OQS_ERROR; } - const uint32_t xmssmt_sha256_h40_2_oid = 0x03; - if (xmssmt_keypair(public_key, secret_key->secret_key_data, xmssmt_sha256_h40_2_oid)) { + if (xmssmt_keypair(public_key, secret_key->secret_key_data, OQS_SIG_STFL_alg_xmssmt_sha256_h40_2_oid)) { return OQS_ERROR; } diff --git a/src/sig_stfl/xmss/sig_stfl_xmssmt_sha256_h40_4.c b/src/sig_stfl/xmss/sig_stfl_xmssmt_sha256_h40_4.c index 4781f49cfe..9e716aa791 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmssmt_sha256_h40_4.c +++ b/src/sig_stfl/xmss/sig_stfl_xmssmt_sha256_h40_4.c @@ -24,6 +24,7 @@ OQS_SIG_STFL *OQS_SIG_STFL_alg_xmssmt_sha256_h40_4_new(void) { } memset(sig, 0, sizeof(OQS_SIG_STFL)); + sig->oid = OQS_SIG_STFL_alg_xmssmt_sha256_h40_4_oid; sig->method_name = "XMSSMT-SHA2_40/4_256"; sig->alg_version = "https://datatracker.ietf.org/doc/html/rfc8391"; sig->euf_cma = true; @@ -65,6 +66,25 @@ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_XMSSMT_SHA256_H40_4_new(void) { } memset(sk->secret_key_data, 0, sk->length_secret_key); + // Point to associated OQS_SIG_STFL object + sk->sig = NULL; + + // Mutual exclusion struct + sk->mutex = NULL; + + // Set Secret Key locking function + sk->lock_key = NULL; + + // Set Secret Key unlocking / releasing function + sk->unlock_key = NULL; + + // Set Secret Key saving function + sk->secure_store_scrt_key = NULL; + + // Set Secret Key store callback function + sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; + + // Set Secret Key free function sk->free_key = OQS_SECRET_KEY_XMSS_free; sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; @@ -78,8 +98,7 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sha256_h40_4_keypair(XMSS_UNUSED_ATT return OQS_ERROR; } - const uint32_t xmssmt_sha256_h40_4_oid = 0x04; - if (xmssmt_keypair(public_key, secret_key->secret_key_data, xmssmt_sha256_h40_4_oid)) { + if (xmssmt_keypair(public_key, secret_key->secret_key_data, OQS_SIG_STFL_alg_xmssmt_sha256_h40_4_oid)) { return OQS_ERROR; } diff --git a/src/sig_stfl/xmss/sig_stfl_xmssmt_sha256_h40_8.c b/src/sig_stfl/xmss/sig_stfl_xmssmt_sha256_h40_8.c index 2acbc1046e..dd49efdc5d 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmssmt_sha256_h40_8.c +++ b/src/sig_stfl/xmss/sig_stfl_xmssmt_sha256_h40_8.c @@ -24,6 +24,7 @@ OQS_SIG_STFL *OQS_SIG_STFL_alg_xmssmt_sha256_h40_8_new(void) { } memset(sig, 0, sizeof(OQS_SIG_STFL)); + sig->oid = OQS_SIG_STFL_alg_xmssmt_sha256_h40_8_oid; sig->method_name = "XMSSMT-SHA2_40/8_256"; sig->alg_version = "https://datatracker.ietf.org/doc/html/rfc8391"; sig->euf_cma = true; @@ -65,6 +66,25 @@ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_XMSSMT_SHA256_H40_8_new(void) { } memset(sk->secret_key_data, 0, sk->length_secret_key); + // Point to associated OQS_SIG_STFL object + sk->sig = NULL; + + // Mutual exclusion struct + sk->mutex = NULL; + + // Set Secret Key locking function + sk->lock_key = NULL; + + // Set Secret Key unlocking / releasing function + sk->unlock_key = NULL; + + // Set Secret Key saving function + sk->secure_store_scrt_key = NULL; + + // Set Secret Key store callback function + sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; + + // Set Secret Key free function sk->free_key = OQS_SECRET_KEY_XMSS_free; sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; @@ -78,8 +98,7 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sha256_h40_8_keypair(XMSS_UNUSED_ATT return OQS_ERROR; } - const uint32_t xmssmt_sha256_h40_8_oid = 0x05; - if (xmssmt_keypair(public_key, secret_key->secret_key_data, xmssmt_sha256_h40_8_oid)) { + if (xmssmt_keypair(public_key, secret_key->secret_key_data, OQS_SIG_STFL_alg_xmssmt_sha256_h40_8_oid)) { return OQS_ERROR; } diff --git a/src/sig_stfl/xmss/sig_stfl_xmssmt_sha256_h60_12.c b/src/sig_stfl/xmss/sig_stfl_xmssmt_sha256_h60_12.c index d9b98a749f..3a2959cba1 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmssmt_sha256_h60_12.c +++ b/src/sig_stfl/xmss/sig_stfl_xmssmt_sha256_h60_12.c @@ -24,6 +24,7 @@ OQS_SIG_STFL *OQS_SIG_STFL_alg_xmssmt_sha256_h60_12_new(void) { } memset(sig, 0, sizeof(OQS_SIG_STFL)); + sig->oid = OQS_SIG_STFL_alg_xmssmt_sha256_h60_12_oid; sig->method_name = "XMSSMT-SHA2_60/12_256"; sig->alg_version = "https://datatracker.ietf.org/doc/html/rfc8391"; sig->euf_cma = true; @@ -65,6 +66,25 @@ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_XMSSMT_SHA256_H60_12_new(void) { } memset(sk->secret_key_data, 0, sk->length_secret_key); + // Point to associated OQS_SIG_STFL object + sk->sig = NULL; + + // Mutual exclusion struct + sk->mutex = NULL; + + // Set Secret Key locking function + sk->lock_key = NULL; + + // Set Secret Key unlocking / releasing function + sk->unlock_key = NULL; + + // Set Secret Key saving function + sk->secure_store_scrt_key = NULL; + + // Set Secret Key store callback function + sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; + + // Set Secret Key free function sk->free_key = OQS_SECRET_KEY_XMSS_free; sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; @@ -78,8 +98,7 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sha256_h60_12_keypair(XMSS_UNUSED_ATT return OQS_ERROR; } - const uint32_t xmssmt_sha256_h60_12_oid = 0x08; - if (xmssmt_keypair(public_key, secret_key->secret_key_data, xmssmt_sha256_h60_12_oid)) { + if (xmssmt_keypair(public_key, secret_key->secret_key_data, OQS_SIG_STFL_alg_xmssmt_sha256_h60_12_oid)) { return OQS_ERROR; } diff --git a/src/sig_stfl/xmss/sig_stfl_xmssmt_sha256_h60_3.c b/src/sig_stfl/xmss/sig_stfl_xmssmt_sha256_h60_3.c index c45fef5959..8823b3ebbe 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmssmt_sha256_h60_3.c +++ b/src/sig_stfl/xmss/sig_stfl_xmssmt_sha256_h60_3.c @@ -24,6 +24,7 @@ OQS_SIG_STFL *OQS_SIG_STFL_alg_xmssmt_sha256_h60_3_new(void) { } memset(sig, 0, sizeof(OQS_SIG_STFL)); + sig->oid = OQS_SIG_STFL_alg_xmssmt_sha256_h60_3_oid; sig->method_name = "XMSSMT-SHA2_60/3_256"; sig->alg_version = "https://datatracker.ietf.org/doc/html/rfc8391"; sig->euf_cma = true; @@ -65,6 +66,25 @@ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_XMSSMT_SHA256_H60_3_new(void) { } memset(sk->secret_key_data, 0, sk->length_secret_key); + // Point to associated OQS_SIG_STFL object + sk->sig = NULL; + + // Mutual exclusion struct + sk->mutex = NULL; + + // Set Secret Key locking function + sk->lock_key = NULL; + + // Set Secret Key unlocking / releasing function + sk->unlock_key = NULL; + + // Set Secret Key saving function + sk->secure_store_scrt_key = NULL; + + // Set Secret Key store callback function + sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; + + // Set Secret Key free function sk->free_key = OQS_SECRET_KEY_XMSS_free; sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; @@ -78,8 +98,7 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sha256_h60_3_keypair(XMSS_UNUSED_ATT return OQS_ERROR; } - const uint32_t xmssmt_sha256_h60_3_oid = 0x06; - if (xmssmt_keypair(public_key, secret_key->secret_key_data, xmssmt_sha256_h60_3_oid)) { + if (xmssmt_keypair(public_key, secret_key->secret_key_data, OQS_SIG_STFL_alg_xmssmt_sha256_h60_3_oid)) { return OQS_ERROR; } diff --git a/src/sig_stfl/xmss/sig_stfl_xmssmt_sha256_h60_6.c b/src/sig_stfl/xmss/sig_stfl_xmssmt_sha256_h60_6.c index f43f87c6b4..71ba4fe49e 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmssmt_sha256_h60_6.c +++ b/src/sig_stfl/xmss/sig_stfl_xmssmt_sha256_h60_6.c @@ -24,6 +24,7 @@ OQS_SIG_STFL *OQS_SIG_STFL_alg_xmssmt_sha256_h60_6_new(void) { } memset(sig, 0, sizeof(OQS_SIG_STFL)); + sig->oid = OQS_SIG_STFL_alg_xmssmt_sha256_h60_6_oid; sig->method_name = "XMSSMT-SHA2_60/6_256"; sig->alg_version = "https://datatracker.ietf.org/doc/html/rfc8391"; sig->euf_cma = true; @@ -65,6 +66,25 @@ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_XMSSMT_SHA256_H60_6_new(void) { } memset(sk->secret_key_data, 0, sk->length_secret_key); + // Point to associated OQS_SIG_STFL object + sk->sig = NULL; + + // Mutual exclusion struct + sk->mutex = NULL; + + // Set Secret Key locking function + sk->lock_key = NULL; + + // Set Secret Key unlocking / releasing function + sk->unlock_key = NULL; + + // Set Secret Key saving function + sk->secure_store_scrt_key = NULL; + + // Set Secret Key store callback function + sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; + + // Set Secret Key free function sk->free_key = OQS_SECRET_KEY_XMSS_free; sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; @@ -78,8 +98,7 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sha256_h60_6_keypair(XMSS_UNUSED_ATT return OQS_ERROR; } - const uint32_t xmssmt_sha256_h60_6_oid = 0x07; - if (xmssmt_keypair(public_key, secret_key->secret_key_data, xmssmt_sha256_h60_6_oid)) { + if (xmssmt_keypair(public_key, secret_key->secret_key_data, OQS_SIG_STFL_alg_xmssmt_sha256_h60_6_oid)) { return OQS_ERROR; } diff --git a/src/sig_stfl/xmss/sig_stfl_xmssmt_shake128_h20_2.c b/src/sig_stfl/xmss/sig_stfl_xmssmt_shake128_h20_2.c index 16d7270593..edf421dd9a 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmssmt_shake128_h20_2.c +++ b/src/sig_stfl/xmss/sig_stfl_xmssmt_shake128_h20_2.c @@ -24,6 +24,7 @@ OQS_SIG_STFL *OQS_SIG_STFL_alg_xmssmt_shake128_h20_2_new(void) { } memset(sig, 0, sizeof(OQS_SIG_STFL)); + sig->oid = OQS_SIG_STFL_alg_xmssmt_shake128_h20_2_oid; sig->method_name = "XMSSMT-SHAKE_20/2_256"; sig->alg_version = "https://datatracker.ietf.org/doc/html/rfc8391"; sig->euf_cma = true; @@ -65,6 +66,25 @@ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_XMSSMT_SHAKE128_H20_2_new(void) { } memset(sk->secret_key_data, 0, sk->length_secret_key); + // Point to associated OQS_SIG_STFL object + sk->sig = NULL; + + // Mutual exclusion struct + sk->mutex = NULL; + + // Set Secret Key locking function + sk->lock_key = NULL; + + // Set Secret Key unlocking / releasing function + sk->unlock_key = NULL; + + // Set Secret Key saving function + sk->secure_store_scrt_key = NULL; + + // Set Secret Key store callback function + sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; + + // Set Secret Key free function sk->free_key = OQS_SECRET_KEY_XMSS_free; sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; @@ -78,8 +98,7 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_shake128_h20_2_keypair(XMSS_UNUSED_AT return OQS_ERROR; } - const uint32_t xmssmt_shake128_h20_2_oid = 0x11; - if (xmssmt_keypair(public_key, secret_key->secret_key_data, xmssmt_shake128_h20_2_oid)) { + if (xmssmt_keypair(public_key, secret_key->secret_key_data, OQS_SIG_STFL_alg_xmssmt_shake128_h20_2_oid)) { return OQS_ERROR; } diff --git a/src/sig_stfl/xmss/sig_stfl_xmssmt_shake128_h20_4.c b/src/sig_stfl/xmss/sig_stfl_xmssmt_shake128_h20_4.c index 941a2ecb3c..aedfc7d8a6 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmssmt_shake128_h20_4.c +++ b/src/sig_stfl/xmss/sig_stfl_xmssmt_shake128_h20_4.c @@ -24,6 +24,7 @@ OQS_SIG_STFL *OQS_SIG_STFL_alg_xmssmt_shake128_h20_4_new(void) { } memset(sig, 0, sizeof(OQS_SIG_STFL)); + sig->oid = OQS_SIG_STFL_alg_xmssmt_shake128_h20_4_oid; sig->method_name = "XMSSMT-SHAKE_20/4_256"; sig->alg_version = "https://datatracker.ietf.org/doc/html/rfc8391"; sig->euf_cma = true; @@ -65,6 +66,25 @@ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_XMSSMT_SHAKE128_H20_4_new(void) { } memset(sk->secret_key_data, 0, sk->length_secret_key); + // Point to associated OQS_SIG_STFL object + sk->sig = NULL; + + // Mutual exclusion struct + sk->mutex = NULL; + + // Set Secret Key locking function + sk->lock_key = NULL; + + // Set Secret Key unlocking / releasing function + sk->unlock_key = NULL; + + // Set Secret Key saving function + sk->secure_store_scrt_key = NULL; + + // Set Secret Key store callback function + sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; + + // Set Secret Key free function sk->free_key = OQS_SECRET_KEY_XMSS_free; sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; @@ -78,8 +98,7 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_shake128_h20_4_keypair(XMSS_UNUSED_AT return OQS_ERROR; } - const uint32_t xmssmt_shake128_h20_4_oid = 0x12; - if (xmssmt_keypair(public_key, secret_key->secret_key_data, xmssmt_shake128_h20_4_oid)) { + if (xmssmt_keypair(public_key, secret_key->secret_key_data, OQS_SIG_STFL_alg_xmssmt_shake128_h20_4_oid)) { return OQS_ERROR; } diff --git a/src/sig_stfl/xmss/sig_stfl_xmssmt_shake128_h40_2.c b/src/sig_stfl/xmss/sig_stfl_xmssmt_shake128_h40_2.c index adc47b4d11..b0b90b185e 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmssmt_shake128_h40_2.c +++ b/src/sig_stfl/xmss/sig_stfl_xmssmt_shake128_h40_2.c @@ -24,6 +24,7 @@ OQS_SIG_STFL *OQS_SIG_STFL_alg_xmssmt_shake128_h40_2_new(void) { } memset(sig, 0, sizeof(OQS_SIG_STFL)); + sig->oid = OQS_SIG_STFL_alg_xmssmt_shake128_h40_2_oid; sig->method_name = "XMSSMT-SHAKE_40/2_256"; sig->alg_version = "https://datatracker.ietf.org/doc/html/rfc8391"; sig->euf_cma = true; @@ -65,6 +66,25 @@ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_XMSSMT_SHAKE128_H40_2_new(void) { } memset(sk->secret_key_data, 0, sk->length_secret_key); + // Point to associated OQS_SIG_STFL object + sk->sig = NULL; + + // Mutual exclusion struct + sk->mutex = NULL; + + // Set Secret Key locking function + sk->lock_key = NULL; + + // Set Secret Key unlocking / releasing function + sk->unlock_key = NULL; + + // Set Secret Key saving function + sk->secure_store_scrt_key = NULL; + + // Set Secret Key store callback function + sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; + + // Set Secret Key free function sk->free_key = OQS_SECRET_KEY_XMSS_free; sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; @@ -78,8 +98,7 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_shake128_h40_2_keypair(XMSS_UNUSED_AT return OQS_ERROR; } - const uint32_t xmssmt_shake128_h40_2_oid = 0x13; - if (xmssmt_keypair(public_key, secret_key->secret_key_data, xmssmt_shake128_h40_2_oid)) { + if (xmssmt_keypair(public_key, secret_key->secret_key_data, OQS_SIG_STFL_alg_xmssmt_shake128_h40_2_oid)) { return OQS_ERROR; } diff --git a/src/sig_stfl/xmss/sig_stfl_xmssmt_shake128_h40_4.c b/src/sig_stfl/xmss/sig_stfl_xmssmt_shake128_h40_4.c index 3312f25477..8c47abe815 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmssmt_shake128_h40_4.c +++ b/src/sig_stfl/xmss/sig_stfl_xmssmt_shake128_h40_4.c @@ -24,6 +24,7 @@ OQS_SIG_STFL *OQS_SIG_STFL_alg_xmssmt_shake128_h40_4_new(void) { } memset(sig, 0, sizeof(OQS_SIG_STFL)); + sig->oid = OQS_SIG_STFL_alg_xmssmt_shake128_h40_4_oid; sig->method_name = "XMSSMT-SHAKE_40/4_256"; sig->alg_version = "https://datatracker.ietf.org/doc/html/rfc8391"; sig->euf_cma = true; @@ -65,6 +66,25 @@ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_XMSSMT_SHAKE128_H40_4_new(void) { } memset(sk->secret_key_data, 0, sk->length_secret_key); + // Point to associated OQS_SIG_STFL object + sk->sig = NULL; + + // Mutual exclusion struct + sk->mutex = NULL; + + // Set Secret Key locking function + sk->lock_key = NULL; + + // Set Secret Key unlocking / releasing function + sk->unlock_key = NULL; + + // Set Secret Key saving function + sk->secure_store_scrt_key = NULL; + + // Set Secret Key store callback function + sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; + + // Set Secret Key free function sk->free_key = OQS_SECRET_KEY_XMSS_free; sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; @@ -78,8 +98,7 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_shake128_h40_4_keypair(XMSS_UNUSED_AT return OQS_ERROR; } - const uint32_t xmssmt_shake128_h40_4_oid = 0x14; - if (xmssmt_keypair(public_key, secret_key->secret_key_data, xmssmt_shake128_h40_4_oid)) { + if (xmssmt_keypair(public_key, secret_key->secret_key_data, OQS_SIG_STFL_alg_xmssmt_shake128_h40_4_oid)) { return OQS_ERROR; } diff --git a/src/sig_stfl/xmss/sig_stfl_xmssmt_shake128_h40_8.c b/src/sig_stfl/xmss/sig_stfl_xmssmt_shake128_h40_8.c index 43afdfeeff..652014854e 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmssmt_shake128_h40_8.c +++ b/src/sig_stfl/xmss/sig_stfl_xmssmt_shake128_h40_8.c @@ -24,6 +24,7 @@ OQS_SIG_STFL *OQS_SIG_STFL_alg_xmssmt_shake128_h40_8_new(void) { } memset(sig, 0, sizeof(OQS_SIG_STFL)); + sig->oid = OQS_SIG_STFL_alg_xmssmt_shake128_h40_8_oid; sig->method_name = "XMSSMT-SHAKE_40/8_256"; sig->alg_version = "https://datatracker.ietf.org/doc/html/rfc8391"; sig->euf_cma = true; @@ -65,6 +66,25 @@ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_XMSSMT_SHAKE128_H40_8_new(void) { } memset(sk->secret_key_data, 0, sk->length_secret_key); + // Point to associated OQS_SIG_STFL object + sk->sig = NULL; + + // Mutual exclusion struct + sk->mutex = NULL; + + // Set Secret Key locking function + sk->lock_key = NULL; + + // Set Secret Key unlocking / releasing function + sk->unlock_key = NULL; + + // Set Secret Key saving function + sk->secure_store_scrt_key = NULL; + + // Set Secret Key store callback function + sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; + + // Set Secret Key free function sk->free_key = OQS_SECRET_KEY_XMSS_free; sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; @@ -78,8 +98,7 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_shake128_h40_8_keypair(XMSS_UNUSED_AT return OQS_ERROR; } - const uint32_t xmssmt_shake128_h40_8_oid = 0x15; - if (xmssmt_keypair(public_key, secret_key->secret_key_data, xmssmt_shake128_h40_8_oid)) { + if (xmssmt_keypair(public_key, secret_key->secret_key_data, OQS_SIG_STFL_alg_xmssmt_shake128_h40_8_oid)) { return OQS_ERROR; } diff --git a/src/sig_stfl/xmss/sig_stfl_xmssmt_shake128_h60_12.c b/src/sig_stfl/xmss/sig_stfl_xmssmt_shake128_h60_12.c index bf7c0c56d2..899c793ce3 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmssmt_shake128_h60_12.c +++ b/src/sig_stfl/xmss/sig_stfl_xmssmt_shake128_h60_12.c @@ -24,6 +24,7 @@ OQS_SIG_STFL *OQS_SIG_STFL_alg_xmssmt_shake128_h60_12_new(void) { } memset(sig, 0, sizeof(OQS_SIG_STFL)); + sig->oid = OQS_SIG_STFL_alg_xmssmt_shake128_h60_12_oid; sig->method_name = "XMSSMT-SHAKE_60/12_256"; sig->alg_version = "https://datatracker.ietf.org/doc/html/rfc8391"; sig->euf_cma = true; @@ -65,6 +66,25 @@ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_XMSSMT_SHAKE128_H60_12_new(void) { } memset(sk->secret_key_data, 0, sk->length_secret_key); + // Point to associated OQS_SIG_STFL object + sk->sig = NULL; + + // Mutual exclusion struct + sk->mutex = NULL; + + // Set Secret Key locking function + sk->lock_key = NULL; + + // Set Secret Key unlocking / releasing function + sk->unlock_key = NULL; + + // Set Secret Key saving function + sk->secure_store_scrt_key = NULL; + + // Set Secret Key store callback function + sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; + + // Set Secret Key free function sk->free_key = OQS_SECRET_KEY_XMSS_free; sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; @@ -78,8 +98,7 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_shake128_h60_12_keypair(XMSS_UNUSED_A return OQS_ERROR; } - const uint32_t xmssmt_shake128_h60_12_oid = 0x18; - if (xmssmt_keypair(public_key, secret_key->secret_key_data, xmssmt_shake128_h60_12_oid)) { + if (xmssmt_keypair(public_key, secret_key->secret_key_data, OQS_SIG_STFL_alg_xmssmt_shake128_h60_12_oid)) { return OQS_ERROR; } diff --git a/src/sig_stfl/xmss/sig_stfl_xmssmt_shake128_h60_3.c b/src/sig_stfl/xmss/sig_stfl_xmssmt_shake128_h60_3.c index f8b6ab6ec5..4a58336d26 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmssmt_shake128_h60_3.c +++ b/src/sig_stfl/xmss/sig_stfl_xmssmt_shake128_h60_3.c @@ -24,6 +24,7 @@ OQS_SIG_STFL *OQS_SIG_STFL_alg_xmssmt_shake128_h60_3_new(void) { } memset(sig, 0, sizeof(OQS_SIG_STFL)); + sig->oid = OQS_SIG_STFL_alg_xmssmt_shake128_h60_3_oid; sig->method_name = "XMSSMT-SHAKE_60/3_256"; sig->alg_version = "https://datatracker.ietf.org/doc/html/rfc8391"; sig->euf_cma = true; @@ -65,6 +66,25 @@ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_XMSSMT_SHAKE128_H60_3_new(void) { } memset(sk->secret_key_data, 0, sk->length_secret_key); + // Point to associated OQS_SIG_STFL object + sk->sig = NULL; + + // Mutual exclusion struct + sk->mutex = NULL; + + // Set Secret Key locking function + sk->lock_key = NULL; + + // Set Secret Key unlocking / releasing function + sk->unlock_key = NULL; + + // Set Secret Key saving function + sk->secure_store_scrt_key = NULL; + + // Set Secret Key store callback function + sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; + + // Set Secret Key free function sk->free_key = OQS_SECRET_KEY_XMSS_free; sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; @@ -78,8 +98,7 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_shake128_h60_3_keypair(XMSS_UNUSED_AT return OQS_ERROR; } - const uint32_t xmssmt_shake128_h60_3_oid = 0x16; - if (xmssmt_keypair(public_key, secret_key->secret_key_data, xmssmt_shake128_h60_3_oid)) { + if (xmssmt_keypair(public_key, secret_key->secret_key_data, OQS_SIG_STFL_alg_xmssmt_shake128_h60_3_oid)) { return OQS_ERROR; } diff --git a/src/sig_stfl/xmss/sig_stfl_xmssmt_shake128_h60_6.c b/src/sig_stfl/xmss/sig_stfl_xmssmt_shake128_h60_6.c index 1821340645..84fea192f9 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmssmt_shake128_h60_6.c +++ b/src/sig_stfl/xmss/sig_stfl_xmssmt_shake128_h60_6.c @@ -24,6 +24,7 @@ OQS_SIG_STFL *OQS_SIG_STFL_alg_xmssmt_shake128_h60_6_new(void) { } memset(sig, 0, sizeof(OQS_SIG_STFL)); + sig->oid = OQS_SIG_STFL_alg_xmssmt_shake128_h60_6_oid; sig->method_name = "XMSSMT-SHAKE_60/6_256"; sig->alg_version = "https://datatracker.ietf.org/doc/html/rfc8391"; sig->euf_cma = true; @@ -65,6 +66,25 @@ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_XMSSMT_SHAKE128_H60_6_new(void) { } memset(sk->secret_key_data, 0, sk->length_secret_key); + // Point to associated OQS_SIG_STFL object + sk->sig = NULL; + + // Mutual exclusion struct + sk->mutex = NULL; + + // Set Secret Key locking function + sk->lock_key = NULL; + + // Set Secret Key unlocking / releasing function + sk->unlock_key = NULL; + + // Set Secret Key saving function + sk->secure_store_scrt_key = NULL; + + // Set Secret Key store callback function + sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; + + // Set Secret Key free function sk->free_key = OQS_SECRET_KEY_XMSS_free; sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; @@ -78,8 +98,7 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_shake128_h60_6_keypair(XMSS_UNUSED_AT return OQS_ERROR; } - const uint32_t xmssmt_shake128_h60_6_oid = 0x17; - if (xmssmt_keypair(public_key, secret_key->secret_key_data, xmssmt_shake128_h60_6_oid)) { + if (xmssmt_keypair(public_key, secret_key->secret_key_data, OQS_SIG_STFL_alg_xmssmt_shake128_h60_6_oid)) { return OQS_ERROR; } From 77668b9e39e647a5c2d9337024504398f29664db Mon Sep 17 00:00:00 2001 From: Duc Nguyen Date: Thu, 19 Oct 2023 23:41:45 -0400 Subject: [PATCH 02/32] convert all variable length array to malloc/free fix astyle fixed all memory errors --- src/sig_stfl/xmss/external/hash.c | 41 ++++++-- src/sig_stfl/xmss/external/utils.h | 2 +- src/sig_stfl/xmss/external/wots.c | 25 +++-- src/sig_stfl/xmss/external/xmss_commons.c | 28 +++-- src/sig_stfl/xmss/external/xmss_core_fast.c | 107 ++++++++++++-------- 5 files changed, 133 insertions(+), 70 deletions(-) diff --git a/src/sig_stfl/xmss/external/hash.c b/src/sig_stfl/xmss/external/hash.c index c335d7d680..a6bac00724 100644 --- a/src/sig_stfl/xmss/external/hash.c +++ b/src/sig_stfl/xmss/external/hash.c @@ -30,13 +30,17 @@ int prf(const xmss_params *params, unsigned char *out, const unsigned char in[32], const unsigned char *key) { - unsigned char buf[params->padding_len + params->n + 32]; + unsigned char* buf = malloc(params->padding_len + params->n + 32); ull_to_bytes(buf, params->padding_len, XMSS_HASH_PADDING_PRF); memcpy(buf + params->padding_len, key, params->n); memcpy(buf + params->padding_len + params->n, in, 32); - return core_hash(params, out, buf, params->padding_len + params->n + 32); + int ret = core_hash(params, out, buf, params->padding_len + params->n + 32); + + OQS_MEM_insecure_free(buf); + + return ret; } /* @@ -47,13 +51,17 @@ int prf_keygen(const xmss_params *params, unsigned char *out, const unsigned char *in, const unsigned char *key) { - unsigned char buf[params->padding_len + 2*params->n + 32]; + unsigned char *buf = malloc(params->padding_len + 2*params->n + 32); ull_to_bytes(buf, params->padding_len, XMSS_HASH_PADDING_PRF_KEYGEN); memcpy(buf + params->padding_len, key, params->n); memcpy(buf + params->padding_len + params->n, in, params->n + 32); - return core_hash(params, out, buf, params->padding_len + 2*params->n + 32); + int ret = core_hash(params, out, buf, params->padding_len + 2*params->n + 32); + + OQS_MEM_insecure_free(buf); + + return ret; } /* @@ -85,8 +93,11 @@ int thash_h(const xmss_params *params, unsigned char *out, const unsigned char *in, const unsigned char *pub_seed, uint32_t addr[8]) { - unsigned char buf[params->padding_len + 3 * params->n]; - unsigned char bitmask[2 * params->n]; + unsigned char *tmp = malloc(params->padding_len + 3 * params->n + 2 * params->n); + + unsigned char *buf = tmp; + unsigned char *bitmask = tmp + (params->padding_len + 3 * params->n); + unsigned char addr_as_bytes[32]; unsigned int i; @@ -110,15 +121,21 @@ int thash_h(const xmss_params *params, for (i = 0; i < 2 * params->n; i++) { buf[params->padding_len + params->n + i] = in[i] ^ bitmask[i]; } - return core_hash(params, out, buf, params->padding_len + 3 * params->n); + int ret = core_hash(params, out, buf, params->padding_len + 3 * params->n); + + OQS_MEM_insecure_free(tmp); + + return ret; } int thash_f(const xmss_params *params, unsigned char *out, const unsigned char *in, const unsigned char *pub_seed, uint32_t addr[8]) { - unsigned char buf[params->padding_len + 2 * params->n]; - unsigned char bitmask[params->n]; + unsigned char *tmp = malloc(params->padding_len + 2 * params->n + params->n); + unsigned char *buf = tmp; + unsigned char *bitmask = tmp + (params->padding_len + 2 * params->n); + unsigned char addr_as_bytes[32]; unsigned int i; @@ -138,5 +155,9 @@ int thash_f(const xmss_params *params, for (i = 0; i < params->n; i++) { buf[params->padding_len + params->n + i] = in[i] ^ bitmask[i]; } - return core_hash(params, out, buf, params->padding_len + 2 * params->n); + int ret = core_hash(params, out, buf, params->padding_len + 2 * params->n); + + OQS_MEM_insecure_free(tmp); + + return ret; } diff --git a/src/sig_stfl/xmss/external/utils.h b/src/sig_stfl/xmss/external/utils.h index 0cdf79475a..fc5df634a6 100644 --- a/src/sig_stfl/xmss/external/utils.h +++ b/src/sig_stfl/xmss/external/utils.h @@ -2,7 +2,7 @@ #define XMSS_UTILS_H #include "namespace.h" - +#include /** * Converts the value of 'in' to 'outlen' bytes in big-endian byte order. */ diff --git a/src/sig_stfl/xmss/external/wots.c b/src/sig_stfl/xmss/external/wots.c index 90a6bd74d0..09db90e55c 100644 --- a/src/sig_stfl/xmss/external/wots.c +++ b/src/sig_stfl/xmss/external/wots.c @@ -12,11 +12,11 @@ * Expands an n-byte array into a len*n byte array using the `prf_keygen` function. */ static void expand_seed(const xmss_params *params, - unsigned char *outseeds, const unsigned char *inseed, + unsigned char *outseeds, const unsigned char *inseed, const unsigned char *pub_seed, uint32_t addr[8]) { unsigned int i; - unsigned char buf[params->n + 32]; + unsigned char *buf = malloc(params->n + 32); set_hash_addr(addr, 0); set_key_and_mask(addr, 0); @@ -26,6 +26,8 @@ static void expand_seed(const xmss_params *params, addr_to_bytes(buf + params->n, addr); prf_keygen(params, outseeds + i*params->n, buf, inseed); } + + OQS_MEM_insecure_free(buf); } /** @@ -83,7 +85,8 @@ static void wots_checksum(const xmss_params *params, unsigned int *csum_base_w, const unsigned int *msg_base_w) { int csum = 0; - unsigned char csum_bytes[(params->wots_len2 * params->wots_log_w + 7) / 8]; + unsigned int csum_bytes_length = (params->wots_len2 * params->wots_log_w + 7) / 8; + unsigned char *csum_bytes = malloc(csum_bytes_length); unsigned int i; /* Compute checksum. */ @@ -94,8 +97,10 @@ static void wots_checksum(const xmss_params *params, /* Convert checksum to base_w. */ /* Make sure expected empty zero bits are the least significant bits. */ csum = csum << (8 - ((params->wots_len2 * params->wots_log_w) % 8)); - ull_to_bytes(csum_bytes, sizeof(csum_bytes), csum); + ull_to_bytes(csum_bytes, csum_bytes_length, csum); base_w(params, csum_base_w, params->wots_len2, csum_bytes); + + OQS_MEM_insecure_free(csum_bytes); } /* Takes a message and derives the matching chain lengths. */ @@ -139,11 +144,9 @@ void wots_sign(const xmss_params *params, const unsigned char *seed, const unsigned char *pub_seed, uint32_t addr[8]) { - unsigned int lengths[params->wots_len]; + unsigned int *lengths = calloc(params->wots_len, sizeof(unsigned int)); unsigned int i; - memset(lengths, 0, sizeof(unsigned int)*params->wots_len); - chain_lengths(params, lengths, msg); /* The WOTS+ private key is derived from the seed. */ @@ -154,6 +157,8 @@ void wots_sign(const xmss_params *params, gen_chain(params, sig + i*params->n, sig + i*params->n, 0, lengths[i], pub_seed, addr); } + + OQS_MEM_insecure_free(lengths); } /** @@ -165,11 +170,9 @@ void wots_pk_from_sig(const xmss_params *params, unsigned char *pk, const unsigned char *sig, const unsigned char *msg, const unsigned char *pub_seed, uint32_t addr[8]) { - unsigned int lengths[params->wots_len]; + unsigned int *lengths = calloc(params->wots_len, sizeof(unsigned int )); unsigned int i; - memset(lengths, 0, sizeof(unsigned int)*params->wots_len); - chain_lengths(params, lengths, msg); for (i = 0; i < params->wots_len; i++) { @@ -177,4 +180,6 @@ void wots_pk_from_sig(const xmss_params *params, unsigned char *pk, gen_chain(params, pk + i*params->n, sig + i*params->n, lengths[i], params->wots_w - 1 - lengths[i], pub_seed, addr); } + + OQS_MEM_insecure_free(lengths); } diff --git a/src/sig_stfl/xmss/external/xmss_commons.c b/src/sig_stfl/xmss/external/xmss_commons.c index 882a3e39d6..9838f755b0 100644 --- a/src/sig_stfl/xmss/external/xmss_commons.c +++ b/src/sig_stfl/xmss/external/xmss_commons.c @@ -57,7 +57,7 @@ static void compute_root(const xmss_params *params, unsigned char *root, const unsigned char *pub_seed, uint32_t addr[8]) { uint32_t i; - unsigned char buffer[2*params->n]; + unsigned char *buffer = malloc(2*params->n); /* If leafidx is odd (last bit = 1), current path element is a right child and auth_path has to go left. Otherwise it is the other way around. */ @@ -93,6 +93,8 @@ static void compute_root(const xmss_params *params, unsigned char *root, leafidx >>= 1; set_tree_index(addr, leafidx); thash_h(params, root, buffer, pub_seed, addr); + + OQS_MEM_insecure_free(buffer); } @@ -105,11 +107,13 @@ void gen_leaf_wots(const xmss_params *params, unsigned char *leaf, const unsigned char *sk_seed, const unsigned char *pub_seed, uint32_t ltree_addr[8], uint32_t ots_addr[8]) { - unsigned char pk[params->wots_sig_bytes]; + unsigned char *pk = malloc(params->wots_sig_bytes); wots_pkgen(params, pk, sk_seed, pub_seed, ots_addr); l_tree(params, leaf, pk, pub_seed, ltree_addr); + + OQS_MEM_insecure_free(pk); } @@ -140,16 +144,18 @@ int xmssmt_core_sign_open(const xmss_params *params, { const unsigned char *pub_root = pk; const unsigned char *pub_seed = pk + params->n; - unsigned char wots_pk[params->wots_sig_bytes]; - unsigned char leaf[params->n]; - unsigned char root[params->n]; + + unsigned char *tmp = malloc(params->wots_sig_bytes + params->n + params->n); + unsigned char *wots_pk = tmp; + unsigned char *leaf = tmp + params->wots_sig_bytes; + unsigned char *root = leaf + params->n; unsigned long long prefix_length = params->padding_len + 3*params->n; unsigned char m_with_prefix[mlen + prefix_length]; - + unsigned char *mhash = root; unsigned long long idx = 0; - unsigned int i; + unsigned int i, ret; uint32_t idx_leaf; uint32_t ots_addr[8] = {0}; @@ -209,8 +215,12 @@ int xmssmt_core_sign_open(const xmss_params *params, /* Check if the root node equals the root node in the public key. */ if (memcmp(root, pub_root, params->n)) { /* If not, return fail */ - return -1; + ret = -1; + goto fail; } + ret = 0; +fail: + OQS_MEM_insecure_free(tmp); + return ret; - return 0; } diff --git a/src/sig_stfl/xmss/external/xmss_core_fast.c b/src/sig_stfl/xmss/external/xmss_core_fast.c index b3de5f17f0..78dd95ec1d 100644 --- a/src/sig_stfl/xmss/external/xmss_core_fast.c +++ b/src/sig_stfl/xmss/external/xmss_core_fast.c @@ -170,11 +170,11 @@ static void deep_state_swap(const xmss_params *params, } // TODO this is extremely ugly and should be refactored // TODO right now, this ensures that both 'stack' and 'retain' fit - unsigned char t[ + unsigned char *t = malloc( ((params->tree_height + 1) > ((1 << params->bds_k) - params->bds_k - 1) ? (params->tree_height + 1) : ((1 << params->bds_k) - params->bds_k - 1)) - * params->n]; + * params->n); unsigned int i; memswap(a->stack, b->stack, t, (params->tree_height + 1) * params->n); @@ -193,6 +193,8 @@ static void deep_state_swap(const xmss_params *params, memswap(a->retain, b->retain, t, ((1 << params->bds_k) - params->bds_k - 1) * params->n); memswap(&a->next_leaf, &b->next_leaf, t, sizeof(a->next_leaf)); + + OQS_MEM_insecure_free(t); } static int treehash_minheight_on_stack(const xmss_params *params, @@ -235,7 +237,7 @@ static void treehash_init(const xmss_params *params, uint32_t lastnode, i; unsigned char *stack = calloc((height+1)*params->n, sizeof(unsigned char)); - unsigned int stacklevels[height+1]; + unsigned int *stacklevels = malloc((height + 1)*sizeof(unsigned int)); unsigned int stackoffset=0; unsigned int nodeh; @@ -283,6 +285,7 @@ static void treehash_init(const xmss_params *params, node[i] = stack[i]; } + OQS_MEM_insecure_free(stacklevels); OQS_MEM_insecure_free(stack); } @@ -307,7 +310,7 @@ static void treehash_update(const xmss_params *params, set_ltree_addr(ltree_addr, treehash->next_idx); set_ots_addr(ots_addr, treehash->next_idx); - unsigned char nodebuffer[2 * params->n]; + unsigned char *nodebuffer = malloc(2 * params->n); unsigned int nodeheight = 0; gen_leaf_wots(params, nodebuffer, sk_seed, pub_seed, ltree_addr, ots_addr); while (treehash->stackusage > 0 && state->stacklevels[state->stackoffset-1] == nodeheight) { @@ -331,6 +334,8 @@ static void treehash_update(const xmss_params *params, state->stackoffset++; treehash->next_idx++; } + + OQS_MEM_insecure_free(nodebuffer); } /** @@ -454,7 +459,7 @@ static void bds_round(const xmss_params *params, unsigned int tau = params->tree_height; unsigned int startidx; unsigned int offset, rowidx; - unsigned char buf[2 * params->n]; + unsigned char *buf = malloc(2 * params->n); uint32_t ots_addr[8] = {0}; uint32_t ltree_addr[8] = {0}; @@ -514,6 +519,8 @@ static void bds_round(const xmss_params *params, } } } + + OQS_MEM_insecure_free(buf); } /** @@ -551,7 +558,7 @@ int xmss_core_keypair(const xmss_params *params, // TODO refactor BDS state not to need separate treehash instances bds_state state; - treehash_inst treehash[params->tree_height - params->bds_k]; + treehash_inst *treehash = calloc(params->tree_height - params->bds_k, sizeof(treehash_inst)); state.treehash = treehash; xmss_deserialize_state(params, &state, sk); @@ -580,6 +587,8 @@ int xmss_core_keypair(const xmss_params *params, /* Write the BDS state into sk. */ xmss_serialize_state(params, sk, &state); + OQS_MEM_insecure_free(treehash); + return 0; } @@ -601,12 +610,13 @@ int xmss_core_sign(const xmss_params *params, } const unsigned char *pub_root = sk + params->index_bytes + 2*params->n; + int ret; uint16_t i = 0; // TODO refactor BDS state not to need separate treehash instances bds_state state; - treehash_inst treehash[params->tree_height - params->bds_k]; + treehash_inst *treehash = calloc(params->tree_height - params->bds_k, sizeof(treehash_inst)); state.treehash = treehash; /* Load the BDS state from sk. */ @@ -617,29 +627,32 @@ int xmss_core_sign(const xmss_params *params, /* Check if we can still sign with this sk. * If not, return -2 - * - * If this is the last possible signature (because the max index value - * is reached), production implementations should delete the secret key + * + * If this is the last possible signature (because the max index value + * is reached), production implementations should delete the secret key * to prevent accidental further use. - * - * For the case of total tree height of 64 we do not use the last signature - * to be on the safe side (there is no index value left to indicate that the + * + * For the case of total tree height of 64 we do not use the last signature + * to be on the safe side (there is no index value left to indicate that the * key is finished, hence external handling would be necessary) - */ + */ if (idx >= ((1ULL << params->full_height) - 1)) { // Delete secret key here. We only do this in memory, production code // has to make sure that this happens on disk. memset(sk, 0xFF, params->index_bytes); memset(sk + params->index_bytes, 0, (params->sk_bytes - params->index_bytes)); if (idx > ((1ULL << params->full_height) - 1)) - return -2; // We already used all one-time keys + ret = -2; // We already used all one-time keys + goto cleanup; } - - unsigned char sk_seed[params->n]; + unsigned char *tmp = malloc(5 * params->n); + + unsigned char *sk_seed = tmp; + unsigned char *sk_prf = sk_seed + params->n; + unsigned char *pub_seed = sk_prf + params->n; + memcpy(sk_seed, sk + params->index_bytes, params->n); - unsigned char sk_prf[params->n]; memcpy(sk_prf, sk + params->index_bytes + params->n, params->n); - unsigned char pub_seed[params->n]; memcpy(pub_seed, sk + params->index_bytes + 3*params->n, params->n); // index as 32 bytes string @@ -656,8 +669,8 @@ int xmss_core_sign(const xmss_params *params, // and write the updated secret key at this point! // Init working params - unsigned char R[params->n]; - unsigned char msg_h[params->n]; + unsigned char *R = pub_seed + params->n; + unsigned char *msg_h = R + params->n; uint32_t ots_addr[8] = {0}; // --------------------------------- @@ -671,7 +684,7 @@ int xmss_core_sign(const xmss_params *params, /* Already put the message in the right place, to make it easier to prepend * things when computing the hash over the message. */ unsigned long long prefix_length = params->padding_len + 3*params->n; - unsigned char m_with_prefix[mlen + prefix_length]; + unsigned char *m_with_prefix = malloc(mlen + prefix_length); memcpy(m_with_prefix, sm + params->sig_bytes - prefix_length, prefix_length); memcpy(m_with_prefix + prefix_length, m, mlen); @@ -727,7 +740,15 @@ int xmss_core_sign(const xmss_params *params, /* Write the updated BDS state back into sk. */ xmss_serialize_state(params, sk, &state); - return 0; + ret = 0; + + OQS_MEM_insecure_free(m_with_prefix); + OQS_MEM_insecure_free(tmp); + +cleanup: + OQS_MEM_insecure_free(treehash); + + return ret; } /* @@ -743,8 +764,8 @@ int xmssmt_core_keypair(const xmss_params *params, unsigned char *wots_sigs; // TODO refactor BDS state not to need separate treehash instances - bds_state states[2*params->d - 1]; - treehash_inst treehash[(2*params->d - 1) * (params->tree_height - params->bds_k)]; + bds_state *states = calloc(2*params->d - 1, sizeof(bds_state)); + treehash_inst *treehash = calloc((2*params->d - 1) * (params->tree_height - params->bds_k), sizeof(treehash_inst)); for (i = 0; i < 2*params->d - 1; i++) { states[i].treehash = treehash + i * (params->tree_height - params->bds_k); } @@ -783,6 +804,9 @@ int xmssmt_core_keypair(const xmss_params *params, xmssmt_serialize_state(params, sk, states); + OQS_MEM_insecure_free(treehash); + OQS_MEM_insecure_free(states); + return 0; } @@ -811,12 +835,14 @@ int xmssmt_core_sign(const xmss_params *params, int needswap_upto = -1; unsigned int updates; - unsigned char sk_seed[params->n]; - unsigned char sk_prf[params->n]; - unsigned char pub_seed[params->n]; + unsigned char *tmp = malloc(5 * params->n); + + unsigned char *sk_seed = tmp; + unsigned char *sk_prf = sk_seed + params->n; + unsigned char *pub_seed = sk_prf + params->n; // Init working params - unsigned char R[params->n]; - unsigned char msg_h[params->n]; + unsigned char *R = pub_seed + params->n; + unsigned char *msg_h = R + params->n; uint32_t addr[8] = {0}; uint32_t ots_addr[8] = {0}; unsigned char idx_bytes_32[32]; @@ -828,7 +854,7 @@ int xmssmt_core_sign(const xmss_params *params, // TODO refactor BDS state not to need separate treehash instances bds_state *states = calloc(2*params->d - 1, sizeof(bds_state)); - treehash_inst treehash[(2*params->d - 1) * (params->tree_height - params->bds_k)]; + treehash_inst *treehash = calloc((2*params->d - 1) * (params->tree_height - params->bds_k), sizeof(treehash_inst)); for (i = 0; i < 2*params->d - 1; i++) { states[i].stack = NULL; states[i].stackoffset = 0; @@ -850,15 +876,15 @@ int xmssmt_core_sign(const xmss_params *params, /* Check if we can still sign with this sk. * If not, return -2 - * - * If this is the last possible signature (because the max index value - * is reached), production implementations should delete the secret key + * + * If this is the last possible signature (because the max index value + * is reached), production implementations should delete the secret key * to prevent accidental further use. - * - * For the case of total tree height of 64 we do not use the last signature - * to be on the safe side (there is no index value left to indicate that the + * + * For the case of total tree height of 64 we do not use the last signature + * to be on the safe side (there is no index value left to indicate that the * key is finished, hence external handling would be necessary) - */ + */ if (idx >= ((1ULL << params->full_height) - 1)) { // Delete secret key here. We only do this in memory, production code // has to make sure that this happens on disk. @@ -870,7 +896,7 @@ int xmssmt_core_sign(const xmss_params *params, goto cleanup; } } - + memcpy(sk_seed, sk+params->index_bytes, params->n); memcpy(sk_prf, sk+params->index_bytes+params->n, params->n); memcpy(pub_seed, sk+params->index_bytes+3*params->n, params->n); @@ -1012,10 +1038,11 @@ int xmssmt_core_sign(const xmss_params *params, } xmssmt_serialize_state(params, sk, states); - goto cleanup; cleanup: + OQS_MEM_insecure_free(treehash); OQS_MEM_insecure_free(states); + OQS_MEM_insecure_free(tmp); return ret; } From ac3456ace35e7f6f341294afb00a7ef6bec26170 Mon Sep 17 00:00:00 2001 From: Duc Nguyen Date: Sat, 21 Oct 2023 21:30:20 -0400 Subject: [PATCH 03/32] refactor XMSS and XMSS^MT, shorten LOC --- src/sig_stfl/xmss/CMakeLists.txt | 56 ++--- src/sig_stfl/xmss/sig_stfl_xmss.h | 24 +++ src/sig_stfl/xmss/sig_stfl_xmss_functions.c | 191 ++++++++++++++++++ .../xmss/sig_stfl_xmss_secret_key_functions.c | 79 +++++--- src/sig_stfl/xmss/sig_stfl_xmss_sha256_h10.c | 136 +------------ src/sig_stfl/xmss/sig_stfl_xmss_sha256_h16.c | 135 +------------ src/sig_stfl/xmss/sig_stfl_xmss_sha256_h20.c | 139 +------------ src/sig_stfl/xmss/sig_stfl_xmss_sha512_h10.c | 135 +------------ src/sig_stfl/xmss/sig_stfl_xmss_sha512_h16.c | 135 +------------ src/sig_stfl/xmss/sig_stfl_xmss_sha512_h20.c | 135 +------------ .../xmss/sig_stfl_xmss_shake128_h10.c | 135 +------------ .../xmss/sig_stfl_xmss_shake128_h16.c | 136 +------------ .../xmss/sig_stfl_xmss_shake128_h20.c | 135 +------------ .../xmss/sig_stfl_xmss_shake256_h10.c | 135 +------------ .../xmss/sig_stfl_xmss_shake256_h16.c | 136 +------------ .../xmss/sig_stfl_xmss_shake256_h20.c | 135 +------------ src/sig_stfl/xmss/sig_stfl_xmssmt_functions.c | 102 ++++++++++ .../xmss/sig_stfl_xmssmt_sha256_h20_2.c | 135 +------------ .../xmss/sig_stfl_xmssmt_sha256_h20_4.c | 135 +------------ .../xmss/sig_stfl_xmssmt_sha256_h40_2.c | 136 +------------ .../xmss/sig_stfl_xmssmt_sha256_h40_4.c | 135 +------------ .../xmss/sig_stfl_xmssmt_sha256_h40_8.c | 135 +------------ .../xmss/sig_stfl_xmssmt_sha256_h60_12.c | 136 +------------ .../xmss/sig_stfl_xmssmt_sha256_h60_3.c | 135 +------------ .../xmss/sig_stfl_xmssmt_sha256_h60_6.c | 135 +------------ .../xmss/sig_stfl_xmssmt_shake128_h20_2.c | 135 +------------ .../xmss/sig_stfl_xmssmt_shake128_h20_4.c | 135 +------------ .../xmss/sig_stfl_xmssmt_shake128_h40_2.c | 135 +------------ .../xmss/sig_stfl_xmssmt_shake128_h40_4.c | 135 +------------ .../xmss/sig_stfl_xmssmt_shake128_h40_8.c | 135 +------------ .../xmss/sig_stfl_xmssmt_shake128_h60_12.c | 136 +------------ .../xmss/sig_stfl_xmssmt_shake128_h60_3.c | 135 +------------ .../xmss/sig_stfl_xmssmt_shake128_h60_6.c | 96 +-------- 33 files changed, 602 insertions(+), 3601 deletions(-) create mode 100644 src/sig_stfl/xmss/sig_stfl_xmss_functions.c create mode 100644 src/sig_stfl/xmss/sig_stfl_xmssmt_functions.c diff --git a/src/sig_stfl/xmss/CMakeLists.txt b/src/sig_stfl/xmss/CMakeLists.txt index 1b55b20866..e1d287472f 100644 --- a/src/sig_stfl/xmss/CMakeLists.txt +++ b/src/sig_stfl/xmss/CMakeLists.txt @@ -17,169 +17,169 @@ add_library(sig_stfl_xmss_secret_key_functions OBJECT sig_stfl_xmss_secret_key_f set(_XMSS_OBJS ${_XMSS_OBJS} $) if (OQS_ENABLE_SIG_STFL_xmss_sha256_h10) - add_library(xmss_sha256_h10 OBJECT sig_stfl_xmss_sha256_h10.c ${SRCS}) + add_library(xmss_sha256_h10 OBJECT sig_stfl_xmss_sha256_h10.c sig_stfl_xmss_functions.c ${SRCS}) target_compile_options(xmss_sha256_h10 PRIVATE -DXMSS_PARAMS_NAMESPACE=xmss_sha256_h10 -DHASH=3) set(_XMSS_OBJS ${_XMSS_OBJS} $) endif() if (OQS_ENABLE_SIG_STFL_xmss_sha256_h16) - add_library(xmss_sha256_h16 OBJECT sig_stfl_xmss_sha256_h16.c ${SRCS}) + add_library(xmss_sha256_h16 OBJECT sig_stfl_xmss_sha256_h16.c sig_stfl_xmss_functions.c ${SRCS}) target_compile_options(xmss_sha256_h16 PRIVATE -DXMSS_PARAMS_NAMESPACE=xmss_sha256_h16 -DHASH=3) set(_XMSS_OBJS ${_XMSS_OBJS} $) endif() if (OQS_ENABLE_SIG_STFL_xmss_sha256_h20) - add_library(xmss_sha256_h20 OBJECT sig_stfl_xmss_sha256_h20.c ${SRCS}) + add_library(xmss_sha256_h20 OBJECT sig_stfl_xmss_sha256_h20.c sig_stfl_xmss_functions.c ${SRCS}) target_compile_options(xmss_sha256_h20 PRIVATE -DXMSS_PARAMS_NAMESPACE=xmss_sha256_h20 -DHASH=3) set(_XMSS_OBJS ${_XMSS_OBJS} $) endif() if (OQS_ENABLE_SIG_STFL_xmss_shake128_h10) - add_library(xmss_shake128_h10 OBJECT sig_stfl_xmss_shake128_h10.c ${SRCS}) + add_library(xmss_shake128_h10 OBJECT sig_stfl_xmss_shake128_h10.c sig_stfl_xmss_functions.c ${SRCS}) target_compile_options(xmss_shake128_h10 PRIVATE -DXMSS_PARAMS_NAMESPACE=xmss_shake128_h10 -DHASH=4) set(_XMSS_OBJS ${_XMSS_OBJS} $) endif() if (OQS_ENABLE_SIG_STFL_xmss_shake128_h16) - add_library(xmss_shake128_h16 OBJECT sig_stfl_xmss_shake128_h16.c ${SRCS}) + add_library(xmss_shake128_h16 OBJECT sig_stfl_xmss_shake128_h16.c sig_stfl_xmss_functions.c ${SRCS}) target_compile_options(xmss_shake128_h16 PRIVATE -DXMSS_PARAMS_NAMESPACE=xmss_shake128_h16 -DHASH=4) set(_XMSS_OBJS ${_XMSS_OBJS} $) endif() if (OQS_ENABLE_SIG_STFL_xmss_shake128_h20) - add_library(xmss_shake128_h20 OBJECT sig_stfl_xmss_shake128_h20.c ${SRCS}) + add_library(xmss_shake128_h20 OBJECT sig_stfl_xmss_shake128_h20.c sig_stfl_xmss_functions.c ${SRCS}) target_compile_options(xmss_shake128_h20 PRIVATE -DXMSS_PARAMS_NAMESPACE=xmss_shake128_h20 -DHASH=4) set(_XMSS_OBJS ${_XMSS_OBJS} $) endif() if (OQS_ENABLE_SIG_STFL_xmss_sha512_h10) - add_library(xmss_sha512_h10 OBJECT sig_stfl_xmss_sha512_h10.c ${SRCS}) + add_library(xmss_sha512_h10 OBJECT sig_stfl_xmss_sha512_h10.c sig_stfl_xmss_functions.c ${SRCS}) target_compile_options(xmss_sha512_h10 PRIVATE -DXMSS_PARAMS_NAMESPACE=xmss_sha512_h10 -DHASH=6) set(_XMSS_OBJS ${_XMSS_OBJS} $) endif() if (OQS_ENABLE_SIG_STFL_xmss_sha512_h16) - add_library(xmss_sha512_h16 OBJECT sig_stfl_xmss_sha512_h16.c ${SRCS}) + add_library(xmss_sha512_h16 OBJECT sig_stfl_xmss_sha512_h16.c sig_stfl_xmss_functions.c ${SRCS}) target_compile_options(xmss_sha512_h16 PRIVATE -DXMSS_PARAMS_NAMESPACE=xmss_sha512_h16 -DHASH=6) set(_XMSS_OBJS ${_XMSS_OBJS} $) endif() if (OQS_ENABLE_SIG_STFL_xmss_sha512_h20) - add_library(xmss_sha512_h20 OBJECT sig_stfl_xmss_sha512_h20.c ${SRCS}) + add_library(xmss_sha512_h20 OBJECT sig_stfl_xmss_sha512_h20.c sig_stfl_xmss_functions.c ${SRCS}) target_compile_options(xmss_sha512_h20 PRIVATE -DXMSS_PARAMS_NAMESPACE=xmss_sha512_h20 -DHASH=6) set(_XMSS_OBJS ${_XMSS_OBJS} $) endif() if (OQS_ENABLE_SIG_STFL_xmss_shake256_h10) - add_library(xmss_shake256_h10 OBJECT sig_stfl_xmss_shake256_h10.c ${SRCS}) + add_library(xmss_shake256_h10 OBJECT sig_stfl_xmss_shake256_h10.c sig_stfl_xmss_functions.c ${SRCS}) target_compile_options(xmss_shake256_h10 PRIVATE -DXMSS_PARAMS_NAMESPACE=xmss_shake256_h10 -DHASH=7) set(_XMSS_OBJS ${_XMSS_OBJS} $) endif() if (OQS_ENABLE_SIG_STFL_xmss_shake256_h16) - add_library(xmss_shake256_h16 OBJECT sig_stfl_xmss_shake256_h16.c ${SRCS}) + add_library(xmss_shake256_h16 OBJECT sig_stfl_xmss_shake256_h16.c sig_stfl_xmss_functions.c ${SRCS}) target_compile_options(xmss_shake256_h16 PRIVATE -DXMSS_PARAMS_NAMESPACE=xmss_shake256_h16 -DHASH=7) set(_XMSS_OBJS ${_XMSS_OBJS} $) endif() if (OQS_ENABLE_SIG_STFL_xmss_shake256_h20) - add_library(xmss_shake256_h20 OBJECT sig_stfl_xmss_shake256_h20.c ${SRCS}) + add_library(xmss_shake256_h20 OBJECT sig_stfl_xmss_shake256_h20.c sig_stfl_xmss_functions.c ${SRCS}) target_compile_options(xmss_shake256_h20 PRIVATE -DXMSS_PARAMS_NAMESPACE=xmss_shake256_h20 -DHASH=7) set(_XMSS_OBJS ${_XMSS_OBJS} $) endif() if (OQS_ENABLE_SIG_STFL_xmssmt_sha256_h20_2) - add_library(xmssmt_sha256_h20_2 OBJECT sig_stfl_xmssmt_sha256_h20_2.c ${SRCS}) + add_library(xmssmt_sha256_h20_2 OBJECT sig_stfl_xmssmt_sha256_h20_2.c sig_stfl_xmssmt_functions.c ${SRCS}) target_compile_options(xmssmt_sha256_h20_2 PRIVATE -DXMSS_PARAMS_NAMESPACE=xmssmt_sha256_h20_2 -DHASH=3) set(_XMSS_OBJS ${_XMSS_OBJS} $) endif() if (OQS_ENABLE_SIG_STFL_xmssmt_sha256_h20_4) - add_library(xmssmt_sha256_h20_4 OBJECT sig_stfl_xmssmt_sha256_h20_4.c ${SRCS}) + add_library(xmssmt_sha256_h20_4 OBJECT sig_stfl_xmssmt_sha256_h20_4.c sig_stfl_xmssmt_functions.c ${SRCS}) target_compile_options(xmssmt_sha256_h20_4 PRIVATE -DXMSS_PARAMS_NAMESPACE=xmssmt_sha256_h20_4 -DHASH=3) set(_XMSS_OBJS ${_XMSS_OBJS} $) endif() if (OQS_ENABLE_SIG_STFL_xmssmt_sha256_h40_2) - add_library(xmssmt_sha256_h40_2 OBJECT sig_stfl_xmssmt_sha256_h40_2.c ${SRCS}) + add_library(xmssmt_sha256_h40_2 OBJECT sig_stfl_xmssmt_sha256_h40_2.c sig_stfl_xmssmt_functions.c ${SRCS}) target_compile_options(xmssmt_sha256_h40_2 PRIVATE -DXMSS_PARAMS_NAMESPACE=xmssmt_sha256_h40_2 -DHASH=3) set(_XMSS_OBJS ${_XMSS_OBJS} $) endif() if (OQS_ENABLE_SIG_STFL_xmssmt_sha256_h40_4) - add_library(xmssmt_sha256_h40_4 OBJECT sig_stfl_xmssmt_sha256_h40_4.c ${SRCS}) + add_library(xmssmt_sha256_h40_4 OBJECT sig_stfl_xmssmt_sha256_h40_4.c sig_stfl_xmssmt_functions.c ${SRCS}) target_compile_options(xmssmt_sha256_h40_4 PRIVATE -DXMSS_PARAMS_NAMESPACE=xmssmt_sha256_h40_4 -DHASH=3) set(_XMSS_OBJS ${_XMSS_OBJS} $) endif() if (OQS_ENABLE_SIG_STFL_xmssmt_sha256_h40_8) - add_library(xmssmt_sha256_h40_8 OBJECT sig_stfl_xmssmt_sha256_h40_8.c ${SRCS}) + add_library(xmssmt_sha256_h40_8 OBJECT sig_stfl_xmssmt_sha256_h40_8.c sig_stfl_xmssmt_functions.c ${SRCS}) target_compile_options(xmssmt_sha256_h40_8 PRIVATE -DXMSS_PARAMS_NAMESPACE=xmssmt_sha256_h40_8 -DHASH=3) set(_XMSS_OBJS ${_XMSS_OBJS} $) endif() if (OQS_ENABLE_SIG_STFL_xmssmt_sha256_h60_3) - add_library(xmssmt_sha256_h60_3 OBJECT sig_stfl_xmssmt_sha256_h60_3.c ${SRCS}) + add_library(xmssmt_sha256_h60_3 OBJECT sig_stfl_xmssmt_sha256_h60_3.c sig_stfl_xmssmt_functions.c ${SRCS}) target_compile_options(xmssmt_sha256_h60_3 PRIVATE -DXMSS_PARAMS_NAMESPACE=xmssmt_sha256_h60_3 -DHASH=3) set(_XMSS_OBJS ${_XMSS_OBJS} $) endif() if (OQS_ENABLE_SIG_STFL_xmssmt_sha256_h60_6) - add_library(xmssmt_sha256_h60_6 OBJECT sig_stfl_xmssmt_sha256_h60_6.c ${SRCS}) + add_library(xmssmt_sha256_h60_6 OBJECT sig_stfl_xmssmt_sha256_h60_6.c sig_stfl_xmssmt_functions.c ${SRCS}) target_compile_options(xmssmt_sha256_h60_6 PRIVATE -DXMSS_PARAMS_NAMESPACE=xmssmt_sha256_h60_6 -DHASH=3) set(_XMSS_OBJS ${_XMSS_OBJS} $) endif() if (OQS_ENABLE_SIG_STFL_xmssmt_sha256_h60_12) - add_library(xmssmt_sha256_h60_12 OBJECT sig_stfl_xmssmt_sha256_h60_12.c ${SRCS}) + add_library(xmssmt_sha256_h60_12 OBJECT sig_stfl_xmssmt_sha256_h60_12.c sig_stfl_xmssmt_functions.c ${SRCS}) target_compile_options(xmssmt_sha256_h60_12 PRIVATE -DXMSS_PARAMS_NAMESPACE=xmssmt_sha256_h60_12 -DHASH=3) set(_XMSS_OBJS ${_XMSS_OBJS} $) endif() if (OQS_ENABLE_SIG_STFL_xmssmt_shake128_h20_2) - add_library(xmssmt_shake128_h20_2 OBJECT sig_stfl_xmssmt_shake128_h20_2.c ${SRCS}) + add_library(xmssmt_shake128_h20_2 OBJECT sig_stfl_xmssmt_shake128_h20_2.c sig_stfl_xmssmt_functions.c ${SRCS}) target_compile_options(xmssmt_shake128_h20_2 PRIVATE -DXMSS_PARAMS_NAMESPACE=xmssmt_shake128_h20_2 -DHASH=4) set(_XMSS_OBJS ${_XMSS_OBJS} $) endif() if (OQS_ENABLE_SIG_STFL_xmssmt_shake128_h20_4) - add_library(xmssmt_shake128_h20_4 OBJECT sig_stfl_xmssmt_shake128_h20_4.c ${SRCS}) + add_library(xmssmt_shake128_h20_4 OBJECT sig_stfl_xmssmt_shake128_h20_4.c sig_stfl_xmssmt_functions.c ${SRCS}) target_compile_options(xmssmt_shake128_h20_4 PRIVATE -DXMSS_PARAMS_NAMESPACE=xmssmt_shake128_h20_4 -DHASH=4) set(_XMSS_OBJS ${_XMSS_OBJS} $) endif() if (OQS_ENABLE_SIG_STFL_xmssmt_shake128_h40_2) - add_library(xmssmt_shake128_h40_2 OBJECT sig_stfl_xmssmt_shake128_h40_2.c ${SRCS}) + add_library(xmssmt_shake128_h40_2 OBJECT sig_stfl_xmssmt_shake128_h40_2.c sig_stfl_xmssmt_functions.c ${SRCS}) target_compile_options(xmssmt_shake128_h40_2 PRIVATE -DXMSS_PARAMS_NAMESPACE=xmssmt_shake128_h40_2 -DHASH=4) set(_XMSS_OBJS ${_XMSS_OBJS} $) endif() if (OQS_ENABLE_SIG_STFL_xmssmt_shake128_h40_4) - add_library(xmssmt_shake128_h40_4 OBJECT sig_stfl_xmssmt_shake128_h40_4.c ${SRCS}) + add_library(xmssmt_shake128_h40_4 OBJECT sig_stfl_xmssmt_shake128_h40_4.c sig_stfl_xmssmt_functions.c ${SRCS}) target_compile_options(xmssmt_shake128_h40_4 PRIVATE -DXMSS_PARAMS_NAMESPACE=xmssmt_shake128_h40_4 -DHASH=4) set(_XMSS_OBJS ${_XMSS_OBJS} $) endif() if (OQS_ENABLE_SIG_STFL_xmssmt_shake128_h40_8) - add_library(xmssmt_shake128_h40_8 OBJECT sig_stfl_xmssmt_shake128_h40_8.c ${SRCS}) + add_library(xmssmt_shake128_h40_8 OBJECT sig_stfl_xmssmt_shake128_h40_8.c sig_stfl_xmssmt_functions.c ${SRCS}) target_compile_options(xmssmt_shake128_h40_8 PRIVATE -DXMSS_PARAMS_NAMESPACE=xmssmt_shake128_h40_8 -DHASH=4) set(_XMSS_OBJS ${_XMSS_OBJS} $) endif() if (OQS_ENABLE_SIG_STFL_xmssmt_shake128_h60_3) - add_library(xmssmt_shake128_h60_3 OBJECT sig_stfl_xmssmt_shake128_h60_3.c ${SRCS}) + add_library(xmssmt_shake128_h60_3 OBJECT sig_stfl_xmssmt_shake128_h60_3.c sig_stfl_xmssmt_functions.c ${SRCS}) target_compile_options(xmssmt_shake128_h60_3 PRIVATE -DXMSS_PARAMS_NAMESPACE=xmssmt_shake128_h60_3 -DHASH=4) set(_XMSS_OBJS ${_XMSS_OBJS} $) endif() if (OQS_ENABLE_SIG_STFL_xmssmt_shake128_h60_6) - add_library(xmssmt_shake128_h60_6 OBJECT sig_stfl_xmssmt_shake128_h60_6.c ${SRCS}) + add_library(xmssmt_shake128_h60_6 OBJECT sig_stfl_xmssmt_shake128_h60_6.c sig_stfl_xmssmt_functions.c ${SRCS}) target_compile_options(xmssmt_shake128_h60_6 PRIVATE -DXMSS_PARAMS_NAMESPACE=xmssmt_shake128_h60_6 -DHASH=4) set(_XMSS_OBJS ${_XMSS_OBJS} $) endif() if (OQS_ENABLE_SIG_STFL_xmssmt_shake128_h60_12) - add_library(xmssmt_shake128_h60_12 OBJECT sig_stfl_xmssmt_shake128_h60_12.c ${SRCS}) + add_library(xmssmt_shake128_h60_12 OBJECT sig_stfl_xmssmt_shake128_h60_12.c sig_stfl_xmssmt_functions.c ${SRCS}) target_compile_options(xmssmt_shake128_h60_12 PRIVATE -DXMSS_PARAMS_NAMESPACE=xmssmt_shake128_h60_12 -DHASH=4) set(_XMSS_OBJS ${_XMSS_OBJS} $) endif() diff --git a/src/sig_stfl/xmss/sig_stfl_xmss.h b/src/sig_stfl/xmss/sig_stfl_xmss.h index 7ffdb863e1..1dac7713f1 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmss.h +++ b/src/sig_stfl/xmss/sig_stfl_xmss.h @@ -4,6 +4,11 @@ #define OQS_SIG_STFL_XMSS_H #include +#if defined(__GNUC__) || defined(__clang__) +#define XMSS_UNUSED_ATT __attribute__((unused)) +#else +#define XMSS_UNUSED_ATT +#endif #define XMSS_OID_LEN 4 void OQS_SECRET_KEY_XMSS_free(OQS_SIG_STFL_SECRET_KEY *sk); @@ -522,9 +527,28 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_shake128_h60_12_sigs_total(unsigned l #endif +/* + * Generic XMSS APIs + */ +OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sign(uint8_t *signature, size_t *signature_len, XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, XMSS_UNUSED_ATT OQS_SIG_STFL_SECRET_KEY *secret_key); +OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_verify(XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, const uint8_t *signature, size_t signature_len, XMSS_UNUSED_ATT const uint8_t *public_key); +OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sigs_remaining(unsigned long long *remain, const OQS_SIG_STFL_SECRET_KEY *secret_key); +OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sigs_total(unsigned long long *total, const OQS_SIG_STFL_SECRET_KEY *secret_key); + +/* + * Generic XMSS^MT APIs + */ +OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sign(uint8_t *signature, size_t *signature_len, XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, XMSS_UNUSED_ATT OQS_SIG_STFL_SECRET_KEY *secret_key); +OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_verify(XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, const uint8_t *signature, size_t signature_len, XMSS_UNUSED_ATT const uint8_t *public_key); +OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sigs_remaining(unsigned long long *remain, const OQS_SIG_STFL_SECRET_KEY *secret_key); +OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sigs_total(unsigned long long *total, const OQS_SIG_STFL_SECRET_KEY *secret_key); + /* * Secret key functions */ +/* Generic XMSS SECRET_KEY object initialization */ +OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_XMSS_new(size_t length_secret_key); + /* Serialize XMSS secret key data into a byte string */ OQS_STATUS OQS_SECRET_KEY_XMSS_serialize_key(const OQS_SIG_STFL_SECRET_KEY *sk, size_t *sk_len, uint8_t **sk_buf_ptr); diff --git a/src/sig_stfl/xmss/sig_stfl_xmss_functions.c b/src/sig_stfl/xmss/sig_stfl_xmss_functions.c new file mode 100644 index 0000000000..e4178ded72 --- /dev/null +++ b/src/sig_stfl/xmss/sig_stfl_xmss_functions.c @@ -0,0 +1,191 @@ +// SPDX-License-Identifier: MIT + +#include +#include + +#include +#include "sig_stfl_xmss.h" + +#include "external/xmss.h" + +#if defined(__GNUC__) || defined(__clang__) +#define XMSS_UNUSED_ATT __attribute__((unused)) +#else +#define XMSS_UNUSED_ATT +#endif + +/* -------------- XMSS -------------- */ + +OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sign(uint8_t *signature, size_t *signature_len, XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, XMSS_UNUSED_ATT OQS_SIG_STFL_SECRET_KEY *secret_key) { + + OQS_STATUS rc_keyupdate, status = OQS_SUCCESS; + const OQS_SIG_STFL_SECRET_KEY *sk; + uint8_t *sk_key_buf_ptr = NULL; + unsigned long long sig_length = 0; + size_t sk_key_buf_len = 0; + + if (signature == NULL || signature_len == NULL || message == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { + return OQS_ERROR; + } + + /* Don't even attempt signing without a way to safe the updated private key */ + if (secret_key->secure_store_scrt_key == NULL) { + return OQS_ERROR; + } + + /* Lock secret to ensure OTS use */ + if ((secret_key->lock_key != NULL) && (secret_key->mutex != NULL)) { + secret_key->lock_key(secret_key->mutex); + } + + if (xmss_sign(secret_key->secret_key_data, signature, &sig_length, message, message_len)) { + status = OQS_ERROR; + goto err; + } + *signature_len = (size_t)sig_length; + /* + * serialize and securely store the updated private key + * regardless, delete signature and the serialized key other wise + */ + + status = OQS_SECRET_KEY_XMSS_serialize_key(secret_key, &sk_key_buf_len, &sk_key_buf_ptr); + if (status != OQS_SUCCESS) { + goto err; + } + + // Store updated private key securely + status = secret_key->secure_store_scrt_key(sk_key_buf_ptr, sk_key_buf_len, secret_key->context); + OQS_MEM_secure_free(sk_key_buf_ptr, sk_key_buf_len); + +err: + /* Unlock secret to ensure OTS use */ + if ((secret_key->unlock_key != NULL) && (secret_key->mutex != NULL)) { + printf("secret unlock\n"); + secret_key->unlock_key(secret_key->mutex); + } + return status; +} + +OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_verify(XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, const uint8_t *signature, size_t signature_len, XMSS_UNUSED_ATT const uint8_t *public_key) { + + if (message == NULL || signature == NULL || public_key == NULL) { + return OQS_ERROR; + } + + if (xmss_sign_open(message, (unsigned long long)message_len, signature, (unsigned long long)signature_len, public_key)) { + return OQS_ERROR; + } + + return OQS_SUCCESS; +} + +OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sigs_remaining(unsigned long long *remain, const OQS_SIG_STFL_SECRET_KEY *secret_key) { + if (remain == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { + return OQS_ERROR; + } + + if (xmss_remaining_signatures(remain, secret_key->secret_key_data)) { + return OQS_ERROR; + } + + return OQS_SUCCESS; +} + +OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sigs_total(unsigned long long *total, const OQS_SIG_STFL_SECRET_KEY *secret_key) { + if (total == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { + return OQS_ERROR; + } + + if (xmss_total_signatures(total, secret_key->secret_key_data)) { + return OQS_ERROR; + } + + return OQS_SUCCESS; +} + +/* -------------- XMSSMT -------------- */ + +OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sign(uint8_t *signature, size_t *signature_len, XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, XMSS_UNUSED_ATT OQS_SIG_STFL_SECRET_KEY *secret_key) { + + OQS_STATUS rc_keyupdate, status = OQS_SUCCESS; + const OQS_SIG_STFL_SECRET_KEY *sk; + uint8_t *sk_key_buf_ptr = NULL; + unsigned long long sig_length = 0; + size_t sk_key_buf_len = 0; + + if (signature == NULL || signature_len == NULL || message == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { + return OQS_ERROR; + } + + /* Don't even attempt signing without a way to safe the updated private key */ + if (secret_key->secure_store_scrt_key == NULL) { + return OQS_ERROR; + } + + /* Lock secret to ensure OTS use */ + if ((secret_key->lock_key != NULL) && (secret_key->mutex != NULL)) { + secret_key->lock_key(secret_key->mutex); + } + if (xmssmt_sign(secret_key->secret_key_data, signature, &sig_length, message, message_len)) { + status = OQS_ERROR; + goto err; + } + *signature_len = (size_t)sig_length; + /* + * serialize and securely store the updated private key + * regardless, delete signature and the serialized key other wise + */ + + status = OQS_SECRET_KEY_XMSS_serialize_key(secret_key, &sk_key_buf_len, &sk_key_buf_ptr); + if (status != OQS_SUCCESS) { + goto err; + } + + // Store updated private key securely + status = secret_key->secure_store_scrt_key(sk_key_buf_ptr, sk_key_buf_len, secret_key->context); + OQS_MEM_secure_free(sk_key_buf_ptr, sk_key_buf_len); + +err: + /* Unlock secret to ensure OTS use */ + if ((secret_key->unlock_key != NULL) && (secret_key->mutex != NULL)) { + secret_key->unlock_key(secret_key->mutex); + } + return status; +} + +OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_verify(XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, const uint8_t *signature, size_t signature_len, XMSS_UNUSED_ATT const uint8_t *public_key) { + + if (message == NULL || signature == NULL || public_key == NULL) { + return OQS_ERROR; + } + + if (xmssmt_sign_open(message, (unsigned long long)message_len, signature, (unsigned long long)signature_len, public_key)) { + return OQS_ERROR; + } + + return OQS_SUCCESS; +} + +OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sigs_remaining(unsigned long long *remain, const OQS_SIG_STFL_SECRET_KEY *secret_key) { + if (remain == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { + return OQS_ERROR; + } + + if (xmssmt_remaining_signatures(remain, secret_key->secret_key_data)) { + return OQS_ERROR; + } + + return OQS_SUCCESS; +} + +OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sigs_total(unsigned long long *total, const OQS_SIG_STFL_SECRET_KEY *secret_key) { + if (total == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { + return OQS_ERROR; + } + + if (xmssmt_total_signatures(total, secret_key->secret_key_data)) { + return OQS_ERROR; + } + + return OQS_SUCCESS; +} diff --git a/src/sig_stfl/xmss/sig_stfl_xmss_secret_key_functions.c b/src/sig_stfl/xmss/sig_stfl_xmss_secret_key_functions.c index 22871251c1..8e4389d75c 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmss_secret_key_functions.c +++ b/src/sig_stfl/xmss/sig_stfl_xmss_secret_key_functions.c @@ -10,17 +10,65 @@ #define XMSS_UNUSED_ATT #endif -/* Serialize XMSS secret key data into a byte string */ +extern inline +OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_XMSS_new(size_t length_secret_key) { + + // Initialize the secret key in the heap with adequate memory + OQS_SIG_STFL_SECRET_KEY *sk = malloc(sizeof(OQS_SIG_STFL_SECRET_KEY)); + if (sk == NULL) { + return NULL; + } + memset(sk, 0, sizeof(OQS_SIG_STFL_SECRET_KEY)); + + sk->length_secret_key = length_secret_key; + + // Secret serialize/deserialize function + sk->serialize_key = OQS_SECRET_KEY_XMSS_serialize_key; + sk->deserialize_key = OQS_SECRET_KEY_XMSS_deserialize_key; + + // Initialize the key with length_secret_key amount of bytes. + sk->secret_key_data = (uint8_t *)malloc(sk->length_secret_key * sizeof(uint8_t)); + + if (sk->secret_key_data == NULL) { + OQS_MEM_insecure_free(sk); + return NULL; + } + + memset(sk->secret_key_data, 0, sk->length_secret_key); + + // Set application specific context + sk->context = NULL; + + // Point to associated OQS_SIG_STFL object + sk->sig = NULL; + + // Mutual exclusion struct + sk->mutex = NULL; + + // Set Secret Key locking function + sk->lock_key = NULL; + + // Set Secret Key unlocking / releasing function + sk->unlock_key = NULL; + + // Set Secret Key saving function + sk->secure_store_scrt_key = NULL; + + // Set Secret Key store callback function + sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; + + // Set Secret Key free function + sk->free_key = OQS_SECRET_KEY_XMSS_free; + + return sk; +} + +/* Serialize XMSS secret key data into a byte string, assume the key is locked before serializing */ OQS_STATUS OQS_SECRET_KEY_XMSS_serialize_key(const OQS_SIG_STFL_SECRET_KEY *sk, size_t *sk_len, uint8_t **sk_buf_ptr) { if (sk == NULL || sk_len == NULL || sk_buf_ptr == NULL) { return OQS_ERROR; } - // Lock the key if possible - if (sk->lock_key != NULL && sk->mutex != NULL) { - sk->lock_key(sk->mutex); - } - uint8_t *sk_buf = malloc(sk->length_secret_key * sizeof(uint8_t)); if (sk_buf == NULL) { return OQS_ERROR; @@ -32,37 +80,22 @@ OQS_STATUS OQS_SECRET_KEY_XMSS_serialize_key(const OQS_SIG_STFL_SECRET_KEY *sk, *sk_buf_ptr = sk_buf; *sk_len = sk->length_secret_key; - // Unlock the key if possible - if (sk->unlock_key != NULL && sk->mutex != NULL) { - sk->unlock_key(sk->mutex); - } - return OQS_SUCCESS; } -/* Deserialize XMSS byte string into an XMSS secret key data */ +/* Deserialize XMSS byte string into an XMSS secret key data. assume the key is locked before serializing */ OQS_STATUS OQS_SECRET_KEY_XMSS_deserialize_key(OQS_SIG_STFL_SECRET_KEY *sk, const size_t sk_len, const uint8_t *sk_buf, XMSS_UNUSED_ATT void *context) { if (sk == NULL || sk_buf == NULL || (sk_len != sk->length_secret_key)) { return OQS_ERROR; } - // Lock the key if possible - if (sk->lock_key != NULL && sk->mutex != NULL) { - sk->lock_key(sk->mutex); - } - sk->secret_key_data = malloc(sk_len); if (sk->secret_key_data == NULL) { return OQS_ERROR; } - sk->context = context; memcpy(sk->secret_key_data, sk_buf, sk_len); - - // Unlock the key if possible - if (sk->unlock_key != NULL && sk->mutex != NULL) { - sk->unlock_key(sk->mutex); - } + sk->context = context; return OQS_SUCCESS; } diff --git a/src/sig_stfl/xmss/sig_stfl_xmss_sha256_h10.c b/src/sig_stfl/xmss/sig_stfl_xmss_sha256_h10.c index 143b41a95b..849839ef0d 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmss_sha256_h10.c +++ b/src/sig_stfl/xmss/sig_stfl_xmss_sha256_h10.c @@ -43,54 +43,7 @@ OQS_SIG_STFL *OQS_SIG_STFL_alg_xmss_sha256_h10_new(void) { } OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_XMSS_SHA256_H10_new(void) { - - // Initialize the secret key in the heap with adequate memory - OQS_SIG_STFL_SECRET_KEY *sk = malloc(sizeof(OQS_SIG_STFL_SECRET_KEY)); - if (sk == NULL) { - return NULL; - } - memset(sk, 0, sizeof(OQS_SIG_STFL_SECRET_KEY)); - - sk->length_secret_key = OQS_SIG_STFL_alg_xmss_sha256_h10_length_sk; - - // Secret serialize/deserialize function - sk->serialize_key = OQS_SECRET_KEY_XMSS_serialize_key; - sk->deserialize_key = OQS_SECRET_KEY_XMSS_deserialize_key; - - // Initialize the key with length_secret_key amount of bytes. - sk->secret_key_data = (uint8_t *)malloc(sk->length_secret_key * sizeof(uint8_t)); - - if (sk->secret_key_data == NULL) { - OQS_MEM_insecure_free(sk); - return NULL; - } - - memset(sk->secret_key_data, 0, sk->length_secret_key); - - // Point to associated OQS_SIG_STFL object - sk->sig = NULL; - - // Mutual exclusion struct - sk->mutex = NULL; - - // Set Secret Key locking function - sk->lock_key = NULL; - - // Set Secret Key unlocking / releasing function - sk->unlock_key = NULL; - - // Set Secret Key saving function - sk->secure_store_scrt_key = NULL; - - // Set Secret Key store callback function - sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; - - // Set Secret Key free function - sk->free_key = OQS_SECRET_KEY_XMSS_free; - - sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; - - return sk; + return OQS_SECRET_KEY_XMSS_new(OQS_SIG_STFL_alg_xmss_sha256_h10_length_sk); } OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha256_h10_keypair(XMSS_UNUSED_ATT uint8_t *public_key, XMSS_UNUSED_ATT OQS_SIG_STFL_SECRET_KEY *secret_key) { @@ -106,93 +59,18 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha256_h10_keypair(XMSS_UNUSED_ATT uint return OQS_SUCCESS; } -OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha256_h10_sign(uint8_t *signature, size_t *signature_len, XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, XMSS_UNUSED_ATT OQS_SIG_STFL_SECRET_KEY *secret_key) { - - OQS_STATUS rc_keyupdate, status = OQS_SUCCESS; - const OQS_SIG_STFL_SECRET_KEY *sk; - uint8_t *sk_key_buf_ptr = NULL; - unsigned long long sig_length = 0; - size_t sk_key_buf_len = 0; - - if (signature == NULL || signature_len == NULL || message == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - /* check for secret key update function */ - if (secret_key->secure_store_scrt_key == NULL) { - return OQS_ERROR; - } - - /* Lock secret to ensure OTS use */ - if ((secret_key->lock_key) && (secret_key->mutex)) { - secret_key->lock_key(secret_key->mutex); - } - - if (xmss_sign(secret_key->secret_key_data, signature, &sig_length, message, message_len)) { - status = OQS_ERROR; - goto err; - } - *signature_len = (size_t)sig_length; - - /* - * serialize and securely store the updated private key - * but, delete signature and the serialized key other wise - */ - - sk = secret_key; - rc_keyupdate = OQS_SECRET_KEY_XMSS_serialize_key(sk, &sk_key_buf_len, &sk_key_buf_ptr); - if (rc_keyupdate != OQS_SUCCESS) { - status = OQS_ERROR; - goto err; - } - - rc_keyupdate = secret_key->secure_store_scrt_key(sk_key_buf_ptr, sk_key_buf_len, secret_key->context); - if (rc_keyupdate != OQS_SUCCESS) { - status = OQS_ERROR; - } - - OQS_MEM_secure_free(sk_key_buf_ptr, sk_key_buf_len); -err: - /* Unlock secret to ensure OTS use */ - if ((secret_key->unlock_key) && (secret_key->mutex)) { - secret_key->unlock_key(secret_key->mutex); - } - return status; +OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha256_h10_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, OQS_SIG_STFL_SECRET_KEY *secret_key) { + return OQS_SIG_STFL_alg_xmss_sign(signature, signature_len, message, message_len, secret_key); } -OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha256_h10_verify(XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, const uint8_t *signature, size_t signature_len, XMSS_UNUSED_ATT const uint8_t *public_key) { - - if (message == NULL || signature == NULL || public_key == NULL) { - return OQS_ERROR; - } - - if (xmss_sign_open(message, (unsigned long long)message_len, signature, (unsigned long long)signature_len, public_key)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; +OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha256_h10_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key) { + return OQS_SIG_STFL_alg_xmss_verify(message, message_len, signature, signature_len, public_key); } OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha256_h10_sigs_remaining(unsigned long long *remain, const OQS_SIG_STFL_SECRET_KEY *secret_key) { - if (remain == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - if (xmss_remaining_signatures(remain, secret_key->secret_key_data)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; + return OQS_SIG_STFL_alg_xmss_sigs_remaining(remain, secret_key); } OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha256_h10_sigs_total(unsigned long long *total, const OQS_SIG_STFL_SECRET_KEY *secret_key) { - if (total == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - if (xmss_total_signatures(total, secret_key->secret_key_data)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; + return OQS_SIG_STFL_alg_xmss_sigs_total(total, secret_key); } diff --git a/src/sig_stfl/xmss/sig_stfl_xmss_sha256_h16.c b/src/sig_stfl/xmss/sig_stfl_xmss_sha256_h16.c index 033ab5d90e..53fd443a44 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmss_sha256_h16.c +++ b/src/sig_stfl/xmss/sig_stfl_xmss_sha256_h16.c @@ -43,53 +43,7 @@ OQS_SIG_STFL *OQS_SIG_STFL_alg_xmss_sha256_h16_new(void) { } OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_XMSS_SHA256_H16_new(void) { - - // Initialize the secret key in the heap with adequate memory - OQS_SIG_STFL_SECRET_KEY *sk = malloc(sizeof(OQS_SIG_STFL_SECRET_KEY)); - if (sk == NULL) { - return NULL; - } - memset(sk, 0, sizeof(OQS_SIG_STFL_SECRET_KEY)); - - sk->length_secret_key = OQS_SIG_STFL_alg_xmss_sha256_h16_length_sk; - - // Secret serialize/deserialize function - sk->serialize_key = OQS_SECRET_KEY_XMSS_serialize_key; - sk->deserialize_key = OQS_SECRET_KEY_XMSS_deserialize_key; - - // Initialize the key with length_secret_key amount of bytes. - sk->secret_key_data = (uint8_t *)malloc(sk->length_secret_key * sizeof(uint8_t)); - - if (sk->secret_key_data == NULL) { - OQS_MEM_insecure_free(sk); - return NULL; - } - memset(sk->secret_key_data, 0, sk->length_secret_key); - - // Point to associated OQS_SIG_STFL object - sk->sig = NULL; - - // Mutual exclusion struct - sk->mutex = NULL; - - // Set Secret Key locking function - sk->lock_key = NULL; - - // Set Secret Key unlocking / releasing function - sk->unlock_key = NULL; - - // Set Secret Key saving function - sk->secure_store_scrt_key = NULL; - - // Set Secret Key store callback function - sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; - - // Set Secret Key free function - sk->free_key = OQS_SECRET_KEY_XMSS_free; - - sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; - - return sk; + return OQS_SECRET_KEY_XMSS_new(OQS_SIG_STFL_alg_xmss_sha256_h16_length_sk); } OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha256_h16_keypair(XMSS_UNUSED_ATT uint8_t *public_key, XMSS_UNUSED_ATT OQS_SIG_STFL_SECRET_KEY *secret_key) { @@ -105,93 +59,18 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha256_h16_keypair(XMSS_UNUSED_ATT uint return OQS_SUCCESS; } -OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha256_h16_sign(uint8_t *signature, size_t *signature_len, XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, XMSS_UNUSED_ATT OQS_SIG_STFL_SECRET_KEY *secret_key) { - - OQS_STATUS rc_keyupdate, status = OQS_SUCCESS; - const OQS_SIG_STFL_SECRET_KEY *sk; - uint8_t *sk_key_buf_ptr = NULL; - unsigned long long sig_length = 0; - size_t sk_key_buf_len = 0; - - if (signature == NULL || signature_len == NULL || message == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - /* check for secret key update function */ - if (secret_key->secure_store_scrt_key == NULL) { - return OQS_ERROR; - } - - /* Lock secret to ensure OTS use */ - if ((secret_key->lock_key) && (secret_key->mutex)) { - secret_key->lock_key(secret_key->mutex); - } - - if (xmss_sign(secret_key->secret_key_data, signature, &sig_length, message, message_len)) { - status = OQS_ERROR; - goto err; - } - *signature_len = (size_t)sig_length; - - /* - * serialize and securely store the updated private key - * but, delete signature and the serialized key other wise - */ - - sk = secret_key; - rc_keyupdate = OQS_SECRET_KEY_XMSS_serialize_key(sk, &sk_key_buf_len, &sk_key_buf_ptr); - if (rc_keyupdate != OQS_SUCCESS) { - status = OQS_ERROR; - goto err; - } - - rc_keyupdate = secret_key->secure_store_scrt_key(sk_key_buf_ptr, sk_key_buf_len, secret_key->context); - if (rc_keyupdate != OQS_SUCCESS) { - status = OQS_ERROR; - } - - OQS_MEM_secure_free(sk_key_buf_ptr, sk_key_buf_len); -err: - /* Unlock secret to ensure OTS use */ - if ((secret_key->unlock_key) && (secret_key->mutex)) { - secret_key->unlock_key(secret_key->mutex); - } - return status; +OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha256_h16_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, OQS_SIG_STFL_SECRET_KEY *secret_key) { + return OQS_SIG_STFL_alg_xmss_sign(signature, signature_len, message, message_len, secret_key); } -OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha256_h16_verify(XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, const uint8_t *signature, size_t signature_len, XMSS_UNUSED_ATT const uint8_t *public_key) { - - if (message == NULL || signature == NULL || public_key == NULL) { - return OQS_ERROR; - } - - if (xmss_sign_open(message, (unsigned long long) message_len, signature, (unsigned long long) signature_len, public_key)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; +OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha256_h16_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key) { + return OQS_SIG_STFL_alg_xmss_verify(message, message_len, signature, signature_len, public_key); } OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha256_h16_sigs_remaining(unsigned long long *remain, const OQS_SIG_STFL_SECRET_KEY *secret_key) { - if (remain == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - if (xmss_remaining_signatures(remain, secret_key->secret_key_data)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; + return OQS_SIG_STFL_alg_xmss_sigs_remaining(remain, secret_key); } OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha256_h16_sigs_total(unsigned long long *total, const OQS_SIG_STFL_SECRET_KEY *secret_key) { - if (total == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - if (xmss_total_signatures(total, secret_key->secret_key_data)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; + return OQS_SIG_STFL_alg_xmss_sigs_total(total, secret_key); } diff --git a/src/sig_stfl/xmss/sig_stfl_xmss_sha256_h20.c b/src/sig_stfl/xmss/sig_stfl_xmss_sha256_h20.c index 618a5ba1da..d0995e2a7f 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmss_sha256_h20.c +++ b/src/sig_stfl/xmss/sig_stfl_xmss_sha256_h20.c @@ -43,53 +43,7 @@ OQS_SIG_STFL *OQS_SIG_STFL_alg_xmss_sha256_h20_new(void) { } OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_XMSS_SHA256_H20_new(void) { - - // Initialize the secret key in the heap with adequate memory - OQS_SIG_STFL_SECRET_KEY *sk = malloc(sizeof(OQS_SIG_STFL_SECRET_KEY)); - if (sk == NULL) { - return NULL; - } - memset(sk, 0, sizeof(OQS_SIG_STFL_SECRET_KEY)); - - sk->length_secret_key = OQS_SIG_STFL_alg_xmss_sha256_h20_length_sk; - - // Secret serialize/deserialize function - sk->serialize_key = OQS_SECRET_KEY_XMSS_serialize_key; - sk->deserialize_key = OQS_SECRET_KEY_XMSS_deserialize_key; - - // Initialize the key with length_secret_key amount of bytes. - sk->secret_key_data = (uint8_t *)malloc(sk->length_secret_key * sizeof(uint8_t)); - - if (sk->secret_key_data == NULL) { - OQS_MEM_insecure_free(sk); - return NULL; - } - memset(sk->secret_key_data, 0, sk->length_secret_key); - - // Point to associated OQS_SIG_STFL object - sk->sig = NULL; - - // Mutual exclusion struct - sk->mutex = NULL; - - // Set Secret Key locking function - sk->lock_key = NULL; - - // Set Secret Key unlocking / releasing function - sk->unlock_key = NULL; - - // Set Secret Key saving function - sk->secure_store_scrt_key = NULL; - - // Set Secret Key store callback function - sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; - - // Set Secret Key free function - sk->free_key = OQS_SECRET_KEY_XMSS_free; - - sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; - - return sk; + return OQS_SECRET_KEY_XMSS_new(OQS_SIG_STFL_alg_xmss_sha256_h20_length_sk); } OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha256_h20_keypair(XMSS_UNUSED_ATT uint8_t *public_key, XMSS_UNUSED_ATT OQS_SIG_STFL_SECRET_KEY *secret_key) { @@ -105,93 +59,18 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha256_h20_keypair(XMSS_UNUSED_ATT uint return OQS_SUCCESS; } -OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha256_h20_sign(uint8_t *signature, size_t *signature_len, XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, XMSS_UNUSED_ATT OQS_SIG_STFL_SECRET_KEY *secret_key) { - - OQS_STATUS rc_keyupdate, status = OQS_SUCCESS; - const OQS_SIG_STFL_SECRET_KEY *sk; - uint8_t *sk_key_buf_ptr = NULL; - unsigned long long sig_length = 0; - size_t sk_key_buf_len = 0; - - if (signature == NULL || signature_len == NULL || message == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - /* check for secret key update function */ - if (secret_key->secure_store_scrt_key == NULL) { - return OQS_ERROR; - } - - /* Lock secret to ensure OTS use */ - if ((secret_key->lock_key) && (secret_key->mutex)) { - secret_key->lock_key(secret_key->mutex); - } - - if (xmss_sign(secret_key->secret_key_data, signature, &sig_length, message, message_len)) { - status = OQS_ERROR; - goto err; - } - *signature_len = (size_t)sig_length; - - /* - * serialize and securely store the updated private key - * but, delete signature and the serialized key other wise - */ - - sk = secret_key; - rc_keyupdate = OQS_SECRET_KEY_XMSS_serialize_key(sk, &sk_key_buf_len, &sk_key_buf_ptr); - if (rc_keyupdate != OQS_SUCCESS) { - status = OQS_ERROR; - goto err; - } - - rc_keyupdate = secret_key->secure_store_scrt_key(sk_key_buf_ptr, sk_key_buf_len, secret_key->context); - if (rc_keyupdate != OQS_SUCCESS) { - status = OQS_ERROR; - } - - OQS_MEM_secure_free(sk_key_buf_ptr, sk_key_buf_len); -err: - /* Unlock secret to ensure OTS use */ - if ((secret_key->unlock_key) && (secret_key->mutex)) { - secret_key->unlock_key(secret_key->mutex); - } - return status; +OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha256_h20_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, OQS_SIG_STFL_SECRET_KEY *secret_key){ + return OQS_SIG_STFL_alg_xmss_sign(signature, signature_len, message, message_len, secret_key); } -OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha256_h20_verify(XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, const uint8_t *signature, size_t signature_len, XMSS_UNUSED_ATT const uint8_t *public_key) { - - if (message == NULL || signature == NULL || public_key == NULL) { - return OQS_ERROR; - } - - if (xmss_sign_open(message, (unsigned long long) message_len, signature, (unsigned long long) signature_len, public_key)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; +OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha256_h20_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key){ + return OQS_SIG_STFL_alg_xmss_verify(message, message_len, signature, signature_len, public_key); } -OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha256_h20_sigs_remaining(unsigned long long *remain, const OQS_SIG_STFL_SECRET_KEY *secret_key) { - if (remain == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - if (xmss_remaining_signatures(remain, secret_key->secret_key_data)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; +OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha256_h20_sigs_remaining(unsigned long long *remain, const OQS_SIG_STFL_SECRET_KEY *secret_key){ + return OQS_SIG_STFL_alg_xmss_sigs_remaining(remain, secret_key); } -OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha256_h20_sigs_total(unsigned long long *total, const OQS_SIG_STFL_SECRET_KEY *secret_key) { - if (total == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - if (xmss_total_signatures(total, secret_key->secret_key_data)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; +OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha256_h20_sigs_total(unsigned long long *total, const OQS_SIG_STFL_SECRET_KEY *secret_key){ + return OQS_SIG_STFL_alg_xmss_sigs_total(total, secret_key); } diff --git a/src/sig_stfl/xmss/sig_stfl_xmss_sha512_h10.c b/src/sig_stfl/xmss/sig_stfl_xmss_sha512_h10.c index bfb24fcbda..6c382dcabb 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmss_sha512_h10.c +++ b/src/sig_stfl/xmss/sig_stfl_xmss_sha512_h10.c @@ -43,53 +43,7 @@ OQS_SIG_STFL *OQS_SIG_STFL_alg_xmss_sha512_h10_new(void) { } OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_XMSS_SHA512_H10_new(void) { - - // Initialize the secret key in the heap with adequate memory - OQS_SIG_STFL_SECRET_KEY *sk = malloc(sizeof(OQS_SIG_STFL_SECRET_KEY)); - if (sk == NULL) { - return NULL; - } - memset(sk, 0, sizeof(OQS_SIG_STFL_SECRET_KEY)); - - sk->length_secret_key = OQS_SIG_STFL_alg_xmss_sha512_h10_length_sk; - - // Secret serialize/deserialize function - sk->serialize_key = OQS_SECRET_KEY_XMSS_serialize_key; - sk->deserialize_key = OQS_SECRET_KEY_XMSS_deserialize_key; - - // Initialize the key with length_secret_key amount of bytes. - sk->secret_key_data = (uint8_t *)malloc(sk->length_secret_key * sizeof(uint8_t)); - - if (sk->secret_key_data == NULL) { - OQS_MEM_insecure_free(sk); - return NULL; - } - memset(sk->secret_key_data, 0, sk->length_secret_key); - - // Point to associated OQS_SIG_STFL object - sk->sig = NULL; - - // Mutual exclusion struct - sk->mutex = NULL; - - // Set Secret Key locking function - sk->lock_key = NULL; - - // Set Secret Key unlocking / releasing function - sk->unlock_key = NULL; - - // Set Secret Key saving function - sk->secure_store_scrt_key = NULL; - - // Set Secret Key store callback function - sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; - - // Set Secret Key free function - sk->free_key = OQS_SECRET_KEY_XMSS_free; - - sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; - - return sk; + return OQS_SECRET_KEY_XMSS_new(OQS_SIG_STFL_alg_xmss_sha512_h10_length_sk); } OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha512_h10_keypair(XMSS_UNUSED_ATT uint8_t *public_key, XMSS_UNUSED_ATT OQS_SIG_STFL_SECRET_KEY *secret_key) { @@ -105,93 +59,18 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha512_h10_keypair(XMSS_UNUSED_ATT uint return OQS_SUCCESS; } -OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha512_h10_sign(uint8_t *signature, size_t *signature_len, XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, XMSS_UNUSED_ATT OQS_SIG_STFL_SECRET_KEY *secret_key) { - - OQS_STATUS rc_keyupdate, status = OQS_SUCCESS; - const OQS_SIG_STFL_SECRET_KEY *sk; - uint8_t *sk_key_buf_ptr = NULL; - unsigned long long sig_length = 0; - size_t sk_key_buf_len = 0; - - if (signature == NULL || signature_len == NULL || message == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - /* check for secret key update function */ - if (secret_key->secure_store_scrt_key == NULL) { - return OQS_ERROR; - } - - /* Lock secret to ensure OTS use */ - if ((secret_key->lock_key) && (secret_key->mutex)) { - secret_key->lock_key(secret_key->mutex); - } - - if (xmss_sign(secret_key->secret_key_data, signature, &sig_length, message, message_len)) { - status = OQS_ERROR; - goto err; - } - *signature_len = (size_t)sig_length; - - /* - * serialize and securely store the updated private key - * but, delete signature and the serialized key other wise - */ - - sk = secret_key; - rc_keyupdate = OQS_SECRET_KEY_XMSS_serialize_key(sk, &sk_key_buf_len, &sk_key_buf_ptr); - if (rc_keyupdate != OQS_SUCCESS) { - status = OQS_ERROR; - goto err; - } - - rc_keyupdate = secret_key->secure_store_scrt_key(sk_key_buf_ptr, sk_key_buf_len, secret_key->context); - if (rc_keyupdate != OQS_SUCCESS) { - status = OQS_ERROR; - } - - OQS_MEM_secure_free(sk_key_buf_ptr, sk_key_buf_len); -err: - /* Unlock secret to ensure OTS use */ - if ((secret_key->unlock_key) && (secret_key->mutex)) { - secret_key->unlock_key(secret_key->mutex); - } - return status; +OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha512_h10_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, OQS_SIG_STFL_SECRET_KEY *secret_key) { + return OQS_SIG_STFL_alg_xmss_sign(signature, signature_len, message, message_len, secret_key); } -OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha512_h10_verify(XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, const uint8_t *signature, size_t signature_len, XMSS_UNUSED_ATT const uint8_t *public_key) { - - if (message == NULL || signature == NULL || public_key == NULL) { - return OQS_ERROR; - } - - if (xmss_sign_open(message, (unsigned long long) message_len, signature, (unsigned long long) signature_len, public_key)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; +OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha512_h10_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key) { + return OQS_SIG_STFL_alg_xmss_verify(message, message_len, signature, signature_len, public_key); } OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha512_h10_sigs_remaining(unsigned long long *remain, const OQS_SIG_STFL_SECRET_KEY *secret_key) { - if (remain == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - if (xmss_remaining_signatures(remain, secret_key->secret_key_data)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; + return OQS_SIG_STFL_alg_xmss_sigs_remaining(remain, secret_key); } OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha512_h10_sigs_total(unsigned long long *total, const OQS_SIG_STFL_SECRET_KEY *secret_key) { - if (total == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - if (xmss_total_signatures(total, secret_key->secret_key_data)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; + return OQS_SIG_STFL_alg_xmss_sigs_total(total, secret_key); } diff --git a/src/sig_stfl/xmss/sig_stfl_xmss_sha512_h16.c b/src/sig_stfl/xmss/sig_stfl_xmss_sha512_h16.c index 6ee95da8c1..c9b2a3e51e 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmss_sha512_h16.c +++ b/src/sig_stfl/xmss/sig_stfl_xmss_sha512_h16.c @@ -43,53 +43,7 @@ OQS_SIG_STFL *OQS_SIG_STFL_alg_xmss_sha512_h16_new(void) { } OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_XMSS_SHA512_H16_new(void) { - - // Initialize the secret key in the heap with adequate memory - OQS_SIG_STFL_SECRET_KEY *sk = malloc(sizeof(OQS_SIG_STFL_SECRET_KEY)); - if (sk == NULL) { - return NULL; - } - memset(sk, 0, sizeof(OQS_SIG_STFL_SECRET_KEY)); - - sk->length_secret_key = OQS_SIG_STFL_alg_xmss_sha512_h16_length_sk; - - // Secret serialize/deserialize function - sk->serialize_key = OQS_SECRET_KEY_XMSS_serialize_key; - sk->deserialize_key = OQS_SECRET_KEY_XMSS_deserialize_key; - - // Initialize the key with length_secret_key amount of bytes. - sk->secret_key_data = (uint8_t *)malloc(sk->length_secret_key * sizeof(uint8_t)); - - if (sk->secret_key_data == NULL) { - OQS_MEM_insecure_free(sk); - return NULL; - } - memset(sk->secret_key_data, 0, sk->length_secret_key); - - // Point to associated OQS_SIG_STFL object - sk->sig = NULL; - - // Mutual exclusion struct - sk->mutex = NULL; - - // Set Secret Key locking function - sk->lock_key = NULL; - - // Set Secret Key unlocking / releasing function - sk->unlock_key = NULL; - - // Set Secret Key saving function - sk->secure_store_scrt_key = NULL; - - // Set Secret Key store callback function - sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; - - // Set Secret Key free function - sk->free_key = OQS_SECRET_KEY_XMSS_free; - - sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; - - return sk; + return OQS_SECRET_KEY_XMSS_new(OQS_SIG_STFL_alg_xmss_sha512_h16_length_sk); } OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha512_h16_keypair(XMSS_UNUSED_ATT uint8_t *public_key, XMSS_UNUSED_ATT OQS_SIG_STFL_SECRET_KEY *secret_key) { @@ -105,93 +59,18 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha512_h16_keypair(XMSS_UNUSED_ATT uint return OQS_SUCCESS; } -OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha512_h16_sign(uint8_t *signature, size_t *signature_len, XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, XMSS_UNUSED_ATT OQS_SIG_STFL_SECRET_KEY *secret_key) { - - OQS_STATUS rc_keyupdate, status = OQS_SUCCESS; - const OQS_SIG_STFL_SECRET_KEY *sk; - uint8_t *sk_key_buf_ptr = NULL; - unsigned long long sig_length = 0; - size_t sk_key_buf_len = 0; - - if (signature == NULL || signature_len == NULL || message == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - /* check for secret key update function */ - if (secret_key->secure_store_scrt_key == NULL) { - return OQS_ERROR; - } - - /* Lock secret to ensure OTS use */ - if ((secret_key->lock_key) && (secret_key->mutex)) { - secret_key->lock_key(secret_key->mutex); - } - - if (xmss_sign(secret_key->secret_key_data, signature, &sig_length, message, message_len)) { - status = OQS_ERROR; - goto err; - } - *signature_len = (size_t)sig_length; - - /* - * serialize and securely store the updated private key - * but, delete signature and the serialized key other wise - */ - - sk = secret_key; - rc_keyupdate = OQS_SECRET_KEY_XMSS_serialize_key(sk, &sk_key_buf_len, &sk_key_buf_ptr); - if (rc_keyupdate != OQS_SUCCESS) { - status = OQS_ERROR; - goto err; - } - - rc_keyupdate = secret_key->secure_store_scrt_key(sk_key_buf_ptr, sk_key_buf_len, secret_key->context); - if (rc_keyupdate != OQS_SUCCESS) { - status = OQS_ERROR; - } - - OQS_MEM_secure_free(sk_key_buf_ptr, sk_key_buf_len); -err: - /* Unlock secret to ensure OTS use */ - if ((secret_key->unlock_key) && (secret_key->mutex)) { - secret_key->unlock_key(secret_key->mutex); - } - return status; +OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha512_h16_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, OQS_SIG_STFL_SECRET_KEY *secret_key) { + return OQS_SIG_STFL_alg_xmss_sign(signature, signature_len, message, message_len, secret_key); } -OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha512_h16_verify(XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, const uint8_t *signature, size_t signature_len, XMSS_UNUSED_ATT const uint8_t *public_key) { - - if (message == NULL || signature == NULL || public_key == NULL) { - return OQS_ERROR; - } - - if (xmss_sign_open(message, (unsigned long long) message_len, signature, (unsigned long long) signature_len, public_key)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; +OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha512_h16_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key) { + return OQS_SIG_STFL_alg_xmss_verify(message, message_len, signature, signature_len, public_key); } OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha512_h16_sigs_remaining(unsigned long long *remain, const OQS_SIG_STFL_SECRET_KEY *secret_key) { - if (remain == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - if (xmss_remaining_signatures(remain, secret_key->secret_key_data)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; + return OQS_SIG_STFL_alg_xmss_sigs_remaining(remain, secret_key); } OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha512_h16_sigs_total(unsigned long long *total, const OQS_SIG_STFL_SECRET_KEY *secret_key) { - if (total == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - if (xmss_total_signatures(total, secret_key->secret_key_data)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; + return OQS_SIG_STFL_alg_xmss_sigs_total(total, secret_key); } diff --git a/src/sig_stfl/xmss/sig_stfl_xmss_sha512_h20.c b/src/sig_stfl/xmss/sig_stfl_xmss_sha512_h20.c index 222c297b86..817004658b 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmss_sha512_h20.c +++ b/src/sig_stfl/xmss/sig_stfl_xmss_sha512_h20.c @@ -43,53 +43,7 @@ OQS_SIG_STFL *OQS_SIG_STFL_alg_xmss_sha512_h20_new(void) { } OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_XMSS_SHA512_H20_new(void) { - - // Initialize the secret key in the heap with adequate memory - OQS_SIG_STFL_SECRET_KEY *sk = malloc(sizeof(OQS_SIG_STFL_SECRET_KEY)); - if (sk == NULL) { - return NULL; - } - memset(sk, 0, sizeof(OQS_SIG_STFL_SECRET_KEY)); - - sk->length_secret_key = OQS_SIG_STFL_alg_xmss_sha512_h20_length_sk; - - // Secret serialize/deserialize function - sk->serialize_key = OQS_SECRET_KEY_XMSS_serialize_key; - sk->deserialize_key = OQS_SECRET_KEY_XMSS_deserialize_key; - - // Initialize the key with length_secret_key amount of bytes. - sk->secret_key_data = (uint8_t *)malloc(sk->length_secret_key * sizeof(uint8_t)); - - if (sk->secret_key_data == NULL) { - OQS_MEM_insecure_free(sk); - return NULL; - } - memset(sk->secret_key_data, 0, sk->length_secret_key); - - // Point to associated OQS_SIG_STFL object - sk->sig = NULL; - - // Mutual exclusion struct - sk->mutex = NULL; - - // Set Secret Key locking function - sk->lock_key = NULL; - - // Set Secret Key unlocking / releasing function - sk->unlock_key = NULL; - - // Set Secret Key saving function - sk->secure_store_scrt_key = NULL; - - // Set Secret Key store callback function - sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; - - // Set Secret Key free function - sk->free_key = OQS_SECRET_KEY_XMSS_free; - - sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; - - return sk; + return OQS_SECRET_KEY_XMSS_new(OQS_SIG_STFL_alg_xmss_sha512_h20_length_sk); } OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha512_h20_keypair(XMSS_UNUSED_ATT uint8_t *public_key, XMSS_UNUSED_ATT OQS_SIG_STFL_SECRET_KEY *secret_key) { @@ -105,93 +59,18 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha512_h20_keypair(XMSS_UNUSED_ATT uint return OQS_SUCCESS; } -OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha512_h20_sign(uint8_t *signature, size_t *signature_len, XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, XMSS_UNUSED_ATT OQS_SIG_STFL_SECRET_KEY *secret_key) { - - OQS_STATUS rc_keyupdate, status = OQS_SUCCESS; - const OQS_SIG_STFL_SECRET_KEY *sk; - uint8_t *sk_key_buf_ptr = NULL; - unsigned long long sig_length = 0; - size_t sk_key_buf_len = 0; - - if (signature == NULL || signature_len == NULL || message == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - /* check for secret key update function */ - if (secret_key->secure_store_scrt_key == NULL) { - return OQS_ERROR; - } - - /* Lock secret to ensure OTS use */ - if ((secret_key->lock_key) && (secret_key->mutex)) { - secret_key->lock_key(secret_key->mutex); - } - - if (xmss_sign(secret_key->secret_key_data, signature, &sig_length, message, message_len)) { - status = OQS_ERROR; - goto err; - } - *signature_len = (size_t)sig_length; - - /* - * serialize and securely store the updated private key - * but, delete signature and the serialized key other wise - */ - - sk = secret_key; - rc_keyupdate = OQS_SECRET_KEY_XMSS_serialize_key(sk, &sk_key_buf_len, &sk_key_buf_ptr); - if (rc_keyupdate != OQS_SUCCESS) { - status = OQS_ERROR; - goto err; - } - - rc_keyupdate = secret_key->secure_store_scrt_key(sk_key_buf_ptr, sk_key_buf_len, secret_key->context); - if (rc_keyupdate != OQS_SUCCESS) { - status = OQS_ERROR; - } - - OQS_MEM_secure_free(sk_key_buf_ptr, sk_key_buf_len); -err: - /* Unlock secret to ensure OTS use */ - if ((secret_key->unlock_key) && (secret_key->mutex)) { - secret_key->unlock_key(secret_key->mutex); - } - return status; +OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha512_h20_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, OQS_SIG_STFL_SECRET_KEY *secret_key) { + return OQS_SIG_STFL_alg_xmss_sign(signature, signature_len, message, message_len, secret_key); } -OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha512_h20_verify(XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, const uint8_t *signature, size_t signature_len, XMSS_UNUSED_ATT const uint8_t *public_key) { - - if (message == NULL || signature == NULL || public_key == NULL) { - return OQS_ERROR; - } - - if (xmss_sign_open(message, (unsigned long long) message_len, signature, (unsigned long long) signature_len, public_key)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; +OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha512_h20_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key) { + return OQS_SIG_STFL_alg_xmss_verify(message, message_len, signature, signature_len, public_key); } OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha512_h20_sigs_remaining(unsigned long long *remain, const OQS_SIG_STFL_SECRET_KEY *secret_key) { - if (remain == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - if (xmss_remaining_signatures(remain, secret_key->secret_key_data)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; + return OQS_SIG_STFL_alg_xmss_sigs_remaining(remain, secret_key); } OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha512_h20_sigs_total(unsigned long long *total, const OQS_SIG_STFL_SECRET_KEY *secret_key) { - if (total == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - if (xmss_total_signatures(total, secret_key->secret_key_data)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; + return OQS_SIG_STFL_alg_xmss_sigs_total(total, secret_key); } diff --git a/src/sig_stfl/xmss/sig_stfl_xmss_shake128_h10.c b/src/sig_stfl/xmss/sig_stfl_xmss_shake128_h10.c index 1f16bac2d2..971b3de4ed 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmss_shake128_h10.c +++ b/src/sig_stfl/xmss/sig_stfl_xmss_shake128_h10.c @@ -43,53 +43,7 @@ OQS_SIG_STFL *OQS_SIG_STFL_alg_xmss_shake128_h10_new(void) { } OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_XMSS_SHAKE128_H10_new(void) { - - // Initialize the secret key in the heap with adequate memory - OQS_SIG_STFL_SECRET_KEY *sk = malloc(sizeof(OQS_SIG_STFL_SECRET_KEY)); - if (sk == NULL) { - return NULL; - } - memset(sk, 0, sizeof(OQS_SIG_STFL_SECRET_KEY)); - - sk->length_secret_key = OQS_SIG_STFL_alg_xmss_shake128_h10_length_sk; - - // Secret serialize/deserialize function - sk->serialize_key = OQS_SECRET_KEY_XMSS_serialize_key; - sk->deserialize_key = OQS_SECRET_KEY_XMSS_deserialize_key; - - // Initialize the key with length_secret_key amount of bytes. - sk->secret_key_data = (uint8_t *)malloc(sk->length_secret_key * sizeof(uint8_t)); - - if (sk->secret_key_data == NULL) { - OQS_MEM_insecure_free(sk); - return NULL; - } - memset(sk->secret_key_data, 0, sk->length_secret_key); - - // Point to associated OQS_SIG_STFL object - sk->sig = NULL; - - // Mutual exclusion struct - sk->mutex = NULL; - - // Set Secret Key locking function - sk->lock_key = NULL; - - // Set Secret Key unlocking / releasing function - sk->unlock_key = NULL; - - // Set Secret Key saving function - sk->secure_store_scrt_key = NULL; - - // Set Secret Key store callback function - sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; - - // Set Secret Key free function - sk->free_key = OQS_SECRET_KEY_XMSS_free; - - sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; - - return sk; + return OQS_SECRET_KEY_XMSS_new(OQS_SIG_STFL_alg_xmss_shake128_h10_length_sk); } OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_shake128_h10_keypair(XMSS_UNUSED_ATT uint8_t *public_key, XMSS_UNUSED_ATT OQS_SIG_STFL_SECRET_KEY *secret_key) { @@ -105,93 +59,18 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_shake128_h10_keypair(XMSS_UNUSED_ATT ui return OQS_SUCCESS; } -OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_shake128_h10_sign(uint8_t *signature, size_t *signature_len, XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, XMSS_UNUSED_ATT OQS_SIG_STFL_SECRET_KEY *secret_key) { - - OQS_STATUS rc_keyupdate, status = OQS_SUCCESS; - const OQS_SIG_STFL_SECRET_KEY *sk; - uint8_t *sk_key_buf_ptr = NULL; - unsigned long long sig_length = 0; - size_t sk_key_buf_len = 0; - - if (signature == NULL || signature_len == NULL || message == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - /* check for secret key update function */ - if (secret_key->secure_store_scrt_key == NULL) { - return OQS_ERROR; - } - - /* Lock secret to ensure OTS use */ - if ((secret_key->lock_key) && (secret_key->mutex)) { - secret_key->lock_key(secret_key->mutex); - } - - if (xmss_sign(secret_key->secret_key_data, signature, &sig_length, message, message_len)) { - status = OQS_ERROR; - goto err; - } - *signature_len = (size_t)sig_length; - - /* - * serialize and securely store the updated private key - * but, delete signature and the serialized key other wise - */ - - sk = secret_key; - rc_keyupdate = OQS_SECRET_KEY_XMSS_serialize_key(sk, &sk_key_buf_len, &sk_key_buf_ptr); - if (rc_keyupdate != OQS_SUCCESS) { - status = OQS_ERROR; - goto err; - } - - rc_keyupdate = secret_key->secure_store_scrt_key(sk_key_buf_ptr, sk_key_buf_len, secret_key->context); - if (rc_keyupdate != OQS_SUCCESS) { - status = OQS_ERROR; - } - - OQS_MEM_secure_free(sk_key_buf_ptr, sk_key_buf_len); -err: - /* Unlock secret to ensure OTS use */ - if ((secret_key->unlock_key) && (secret_key->mutex)) { - secret_key->unlock_key(secret_key->mutex); - } - return status; +OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_shake128_h10_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, OQS_SIG_STFL_SECRET_KEY *secret_key) { + return OQS_SIG_STFL_alg_xmss_sign(signature, signature_len, message, message_len, secret_key); } -OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_shake128_h10_verify(XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, const uint8_t *signature, size_t signature_len, XMSS_UNUSED_ATT const uint8_t *public_key) { - - if (message == NULL || signature == NULL || public_key == NULL) { - return OQS_ERROR; - } - - if (xmss_sign_open(message, (unsigned long long) message_len, signature, (unsigned long long) signature_len, public_key)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; +OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_shake128_h10_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key) { + return OQS_SIG_STFL_alg_xmss_verify(message, message_len, signature, signature_len, public_key); } OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_shake128_h10_sigs_remaining(unsigned long long *remain, const OQS_SIG_STFL_SECRET_KEY *secret_key) { - if (remain == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - if (xmss_remaining_signatures(remain, secret_key->secret_key_data)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; + return OQS_SIG_STFL_alg_xmss_sigs_remaining(remain, secret_key); } OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_shake128_h10_sigs_total(unsigned long long *total, const OQS_SIG_STFL_SECRET_KEY *secret_key) { - if (total == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - if (xmss_total_signatures(total, secret_key->secret_key_data)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; + return OQS_SIG_STFL_alg_xmss_sigs_total(total, secret_key); } diff --git a/src/sig_stfl/xmss/sig_stfl_xmss_shake128_h16.c b/src/sig_stfl/xmss/sig_stfl_xmss_shake128_h16.c index 440a62095b..93abb5d6e2 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmss_shake128_h16.c +++ b/src/sig_stfl/xmss/sig_stfl_xmss_shake128_h16.c @@ -43,53 +43,7 @@ OQS_SIG_STFL *OQS_SIG_STFL_alg_xmss_shake128_h16_new(void) { } OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_XMSS_SHAKE128_H16_new(void) { - - // Initialize the secret key in the heap with adequate memory - OQS_SIG_STFL_SECRET_KEY *sk = malloc(sizeof(OQS_SIG_STFL_SECRET_KEY)); - if (sk == NULL) { - return NULL; - } - memset(sk, 0, sizeof(OQS_SIG_STFL_SECRET_KEY)); - - sk->length_secret_key = OQS_SIG_STFL_alg_xmss_shake128_h16_length_sk; - - // Secret serialize/deserialize function - sk->serialize_key = OQS_SECRET_KEY_XMSS_serialize_key; - sk->deserialize_key = OQS_SECRET_KEY_XMSS_deserialize_key; - - // Initialize the key with length_secret_key amount of bytes. - sk->secret_key_data = (uint8_t *)malloc(sk->length_secret_key * sizeof(uint8_t)); - - if (sk->secret_key_data == NULL) { - OQS_MEM_insecure_free(sk); - return NULL; - } - memset(sk->secret_key_data, 0, sk->length_secret_key); - - // Point to associated OQS_SIG_STFL object - sk->sig = NULL; - - // Mutual exclusion struct - sk->mutex = NULL; - - // Set Secret Key locking function - sk->lock_key = NULL; - - // Set Secret Key unlocking / releasing function - sk->unlock_key = NULL; - - // Set Secret Key saving function - sk->secure_store_scrt_key = NULL; - - // Set Secret Key store callback function - sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; - - // Set Secret Key free function - sk->free_key = OQS_SECRET_KEY_XMSS_free; - - sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; - - return sk; + return OQS_SECRET_KEY_XMSS_new(OQS_SIG_STFL_alg_xmss_shake128_h16_length_sk); } OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_shake128_h16_keypair(XMSS_UNUSED_ATT uint8_t *public_key, XMSS_UNUSED_ATT OQS_SIG_STFL_SECRET_KEY *secret_key) { @@ -105,93 +59,19 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_shake128_h16_keypair(XMSS_UNUSED_ATT ui return OQS_SUCCESS; } -OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_shake128_h16_sign(uint8_t *signature, size_t *signature_len, XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, XMSS_UNUSED_ATT OQS_SIG_STFL_SECRET_KEY *secret_key) { - - OQS_STATUS rc_keyupdate, status = OQS_SUCCESS; - const OQS_SIG_STFL_SECRET_KEY *sk; - uint8_t *sk_key_buf_ptr = NULL; - unsigned long long sig_length = 0; - size_t sk_key_buf_len = 0; - - if (signature == NULL || signature_len == NULL || message == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - /* check for secret key update function */ - if (secret_key->secure_store_scrt_key == NULL) { - return OQS_ERROR; - } - - /* Lock secret to ensure OTS use */ - if ((secret_key->lock_key) && (secret_key->mutex)) { - secret_key->lock_key(secret_key->mutex); - } - - if (xmss_sign(secret_key->secret_key_data, signature, &sig_length, message, message_len)) { - status = OQS_ERROR; - goto err; - } - *signature_len = (size_t)sig_length; - - /* - * serialize and securely store the updated private key - * but, delete signature and the serialized key other wise - */ - - sk = secret_key; - rc_keyupdate = OQS_SECRET_KEY_XMSS_serialize_key(sk, &sk_key_buf_len, &sk_key_buf_ptr); - if (rc_keyupdate != OQS_SUCCESS) { - status = OQS_ERROR; - goto err; - } - - rc_keyupdate = secret_key->secure_store_scrt_key(sk_key_buf_ptr, sk_key_buf_len, secret_key->context); - if (rc_keyupdate != OQS_SUCCESS) { - status = OQS_ERROR; - } - - OQS_MEM_secure_free(sk_key_buf_ptr, sk_key_buf_len); -err: - /* Unlock secret to ensure OTS use */ - if ((secret_key->unlock_key) && (secret_key->mutex)) { - secret_key->unlock_key(secret_key->mutex); - } - return status; +OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_shake128_h16_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, OQS_SIG_STFL_SECRET_KEY *secret_key) { + return OQS_SIG_STFL_alg_xmss_sign(signature, signature_len, message, message_len, secret_key); } -OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_shake128_h16_verify(XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, const uint8_t *signature, size_t signature_len, XMSS_UNUSED_ATT const uint8_t *public_key) { - - if (message == NULL || signature == NULL || public_key == NULL) { - return OQS_ERROR; - } - - if (xmss_sign_open(message, (unsigned long long) message_len, signature, (unsigned long long) signature_len, public_key)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; +OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_shake128_h16_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key) { + return OQS_SIG_STFL_alg_xmss_verify(message, message_len, signature, signature_len, public_key); } OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_shake128_h16_sigs_remaining(unsigned long long *remain, const OQS_SIG_STFL_SECRET_KEY *secret_key) { - if (remain == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - if (xmss_remaining_signatures(remain, secret_key->secret_key_data)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; + return OQS_SIG_STFL_alg_xmss_sigs_remaining(remain, secret_key); } OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_shake128_h16_sigs_total(unsigned long long *total, const OQS_SIG_STFL_SECRET_KEY *secret_key) { - if (total == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - if (xmss_total_signatures(total, secret_key->secret_key_data)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; + return OQS_SIG_STFL_alg_xmss_sigs_total(total, secret_key); } + diff --git a/src/sig_stfl/xmss/sig_stfl_xmss_shake128_h20.c b/src/sig_stfl/xmss/sig_stfl_xmss_shake128_h20.c index 0b2e39e27f..1e320ed7ba 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmss_shake128_h20.c +++ b/src/sig_stfl/xmss/sig_stfl_xmss_shake128_h20.c @@ -43,53 +43,7 @@ OQS_SIG_STFL *OQS_SIG_STFL_alg_xmss_shake128_h20_new(void) { } OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_XMSS_SHAKE128_H20_new(void) { - - // Initialize the secret key in the heap with adequate memory - OQS_SIG_STFL_SECRET_KEY *sk = malloc(sizeof(OQS_SIG_STFL_SECRET_KEY)); - if (sk == NULL) { - return NULL; - } - memset(sk, 0, sizeof(OQS_SIG_STFL_SECRET_KEY)); - - sk->length_secret_key = OQS_SIG_STFL_alg_xmss_shake128_h20_length_sk; - - // Secret serialize/deserialize function - sk->serialize_key = OQS_SECRET_KEY_XMSS_serialize_key; - sk->deserialize_key = OQS_SECRET_KEY_XMSS_deserialize_key; - - // Initialize the key with length_secret_key amount of bytes. - sk->secret_key_data = (uint8_t *)malloc(sk->length_secret_key * sizeof(uint8_t)); - - if (sk->secret_key_data == NULL) { - OQS_MEM_insecure_free(sk); - return NULL; - } - memset(sk->secret_key_data, 0, sk->length_secret_key); - - // Point to associated OQS_SIG_STFL object - sk->sig = NULL; - - // Mutual exclusion struct - sk->mutex = NULL; - - // Set Secret Key locking function - sk->lock_key = NULL; - - // Set Secret Key unlocking / releasing function - sk->unlock_key = NULL; - - // Set Secret Key saving function - sk->secure_store_scrt_key = NULL; - - // Set Secret Key store callback function - sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; - - // Set Secret Key free function - sk->free_key = OQS_SECRET_KEY_XMSS_free; - - sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; - - return sk; + return OQS_SECRET_KEY_XMSS_new(OQS_SIG_STFL_alg_xmss_shake128_h20_length_sk); } OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_shake128_h20_keypair(XMSS_UNUSED_ATT uint8_t *public_key, XMSS_UNUSED_ATT OQS_SIG_STFL_SECRET_KEY *secret_key) { @@ -105,93 +59,18 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_shake128_h20_keypair(XMSS_UNUSED_ATT ui return OQS_SUCCESS; } -OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_shake128_h20_sign(uint8_t *signature, size_t *signature_len, XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, XMSS_UNUSED_ATT OQS_SIG_STFL_SECRET_KEY *secret_key) { - - OQS_STATUS rc_keyupdate, status = OQS_SUCCESS; - const OQS_SIG_STFL_SECRET_KEY *sk; - uint8_t *sk_key_buf_ptr = NULL; - unsigned long long sig_length = 0; - size_t sk_key_buf_len = 0; - - if (signature == NULL || signature_len == NULL || message == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - /* check for secret key update function */ - if (secret_key->secure_store_scrt_key == NULL) { - return OQS_ERROR; - } - - /* Lock secret to ensure OTS use */ - if ((secret_key->lock_key) && (secret_key->mutex)) { - secret_key->lock_key(secret_key->mutex); - } - - if (xmss_sign(secret_key->secret_key_data, signature, &sig_length, message, message_len)) { - status = OQS_ERROR; - goto err; - } - *signature_len = (size_t)sig_length; - - /* - * serialize and securely store the updated private key - * but, delete signature and the serialized key other wise - */ - - sk = secret_key; - rc_keyupdate = oqs_serialize_lms_key(sk, &sk_key_buf_len, &sk_key_buf_ptr); - if (rc_keyupdate != OQS_SUCCESS) { - status = OQS_ERROR; - goto err; - } - - rc_keyupdate = secret_key->secure_store_scrt_key(sk_key_buf_ptr, sk_key_buf_len, secret_key->context); - if (rc_keyupdate != OQS_SUCCESS) { - status = OQS_ERROR; - } - - OQS_MEM_secure_free(sk_key_buf_ptr, sk_key_buf_len); -err: - /* Unlock secret to ensure OTS use */ - if ((secret_key->unlock_key) && (secret_key->mutex)) { - secret_key->unlock_key(secret_key->mutex); - } - return status; +OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_shake128_h20_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, OQS_SIG_STFL_SECRET_KEY *secret_key) { + return OQS_SIG_STFL_alg_xmss_sign(signature, signature_len, message, message_len, secret_key); } -OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_shake128_h20_verify(XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, const uint8_t *signature, size_t signature_len, XMSS_UNUSED_ATT const uint8_t *public_key) { - - if (message == NULL || signature == NULL || public_key == NULL) { - return OQS_ERROR; - } - - if (xmss_sign_open(message, (unsigned long long) message_len, signature, (unsigned long long) signature_len, public_key)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; +OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_shake128_h20_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key) { + return OQS_SIG_STFL_alg_xmss_verify(message, message_len, signature, signature_len, public_key); } OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_shake128_h20_sigs_remaining(unsigned long long *remain, const OQS_SIG_STFL_SECRET_KEY *secret_key) { - if (remain == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - if (xmss_remaining_signatures(remain, secret_key->secret_key_data)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; + return OQS_SIG_STFL_alg_xmss_sigs_remaining(remain, secret_key); } OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_shake128_h20_sigs_total(unsigned long long *total, const OQS_SIG_STFL_SECRET_KEY *secret_key) { - if (total == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - if (xmss_total_signatures(total, secret_key->secret_key_data)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; + return OQS_SIG_STFL_alg_xmss_sigs_total(total, secret_key); } diff --git a/src/sig_stfl/xmss/sig_stfl_xmss_shake256_h10.c b/src/sig_stfl/xmss/sig_stfl_xmss_shake256_h10.c index f56db2bb76..d67c17015b 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmss_shake256_h10.c +++ b/src/sig_stfl/xmss/sig_stfl_xmss_shake256_h10.c @@ -43,53 +43,7 @@ OQS_SIG_STFL *OQS_SIG_STFL_alg_xmss_shake256_h10_new(void) { } OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_XMSS_SHAKE256_H10_new(void) { - - // Initialize the secret key in the heap with adequate memory - OQS_SIG_STFL_SECRET_KEY *sk = malloc(sizeof(OQS_SIG_STFL_SECRET_KEY)); - if (sk == NULL) { - return NULL; - } - memset(sk, 0, sizeof(OQS_SIG_STFL_SECRET_KEY)); - - sk->length_secret_key = OQS_SIG_STFL_alg_xmss_shake256_h10_length_sk; - - // Secret serialize/deserialize function - sk->serialize_key = OQS_SECRET_KEY_XMSS_serialize_key; - sk->deserialize_key = OQS_SECRET_KEY_XMSS_deserialize_key; - - // Initialize the key with length_secret_key amount of bytes. - sk->secret_key_data = (uint8_t *)malloc(sk->length_secret_key * sizeof(uint8_t)); - - if (sk->secret_key_data == NULL) { - OQS_MEM_insecure_free(sk); - return NULL; - } - memset(sk->secret_key_data, 0, sk->length_secret_key); - - // Point to associated OQS_SIG_STFL object - sk->sig = NULL; - - // Mutual exclusion struct - sk->mutex = NULL; - - // Set Secret Key locking function - sk->lock_key = NULL; - - // Set Secret Key unlocking / releasing function - sk->unlock_key = NULL; - - // Set Secret Key saving function - sk->secure_store_scrt_key = NULL; - - // Set Secret Key store callback function - sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; - - // Set Secret Key free function - sk->free_key = OQS_SECRET_KEY_XMSS_free; - - sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; - - return sk; + return OQS_SECRET_KEY_XMSS_new(OQS_SIG_STFL_alg_xmss_shake256_h10_length_sk); } OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_shake256_h10_keypair(XMSS_UNUSED_ATT uint8_t *public_key, XMSS_UNUSED_ATT OQS_SIG_STFL_SECRET_KEY *secret_key) { @@ -105,93 +59,18 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_shake256_h10_keypair(XMSS_UNUSED_ATT ui return OQS_SUCCESS; } -OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_shake256_h10_sign(uint8_t *signature, size_t *signature_len, XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, XMSS_UNUSED_ATT OQS_SIG_STFL_SECRET_KEY *secret_key) { - - OQS_STATUS rc_keyupdate, status = OQS_SUCCESS; - const OQS_SIG_STFL_SECRET_KEY *sk; - uint8_t *sk_key_buf_ptr = NULL; - unsigned long long sig_length = 0; - size_t sk_key_buf_len = 0; - - if (signature == NULL || signature_len == NULL || message == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - /* check for secret key update function */ - if (secret_key->secure_store_scrt_key == NULL) { - return OQS_ERROR; - } - - /* Lock secret to ensure OTS use */ - if ((secret_key->lock_key) && (secret_key->mutex)) { - secret_key->lock_key(secret_key->mutex); - } - - if (xmss_sign(secret_key->secret_key_data, signature, &sig_length, message, message_len)) { - status = OQS_ERROR; - goto err; - } - *signature_len = (size_t)sig_length; - - /* - * serialize and securely store the updated private key - * but, delete signature and the serialized key other wise - */ - - sk = secret_key; - rc_keyupdate = OQS_SECRET_KEY_XMSS_serialize_key(sk, &sk_key_buf_len, &sk_key_buf_ptr); - if (rc_keyupdate != OQS_SUCCESS) { - status = OQS_ERROR; - goto err; - } - - rc_keyupdate = secret_key->secure_store_scrt_key(sk_key_buf_ptr, sk_key_buf_len, secret_key->context); - if (rc_keyupdate != OQS_SUCCESS) { - status = OQS_ERROR; - } - - OQS_MEM_secure_free(sk_key_buf_ptr, sk_key_buf_len); -err: - /* Unlock secret to ensure OTS use */ - if ((secret_key->unlock_key) && (secret_key->mutex)) { - secret_key->unlock_key(secret_key->mutex); - } - return status; +OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_shake256_h10_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, OQS_SIG_STFL_SECRET_KEY *secret_key) { + return OQS_SIG_STFL_alg_xmss_sign(signature, signature_len, message, message_len, secret_key); } -OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_shake256_h10_verify(XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, const uint8_t *signature, size_t signature_len, XMSS_UNUSED_ATT const uint8_t *public_key) { - - if (message == NULL || signature == NULL || public_key == NULL) { - return OQS_ERROR; - } - - if (xmss_sign_open(message, (unsigned long long) message_len, signature, (unsigned long long) signature_len, public_key)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; +OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_shake256_h10_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key) { + return OQS_SIG_STFL_alg_xmss_verify(message, message_len, signature, signature_len, public_key); } OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_shake256_h10_sigs_remaining(unsigned long long *remain, const OQS_SIG_STFL_SECRET_KEY *secret_key) { - if (remain == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - if (xmss_remaining_signatures(remain, secret_key->secret_key_data)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; + return OQS_SIG_STFL_alg_xmss_sigs_remaining(remain, secret_key); } OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_shake256_h10_sigs_total(unsigned long long *total, const OQS_SIG_STFL_SECRET_KEY *secret_key) { - if (total == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - if (xmss_total_signatures(total, secret_key->secret_key_data)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; + return OQS_SIG_STFL_alg_xmss_sigs_total(total, secret_key); } diff --git a/src/sig_stfl/xmss/sig_stfl_xmss_shake256_h16.c b/src/sig_stfl/xmss/sig_stfl_xmss_shake256_h16.c index e6096359d7..e938187119 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmss_shake256_h16.c +++ b/src/sig_stfl/xmss/sig_stfl_xmss_shake256_h16.c @@ -43,53 +43,7 @@ OQS_SIG_STFL *OQS_SIG_STFL_alg_xmss_shake256_h16_new(void) { } OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_XMSS_SHAKE256_H16_new(void) { - - // Initialize the secret key in the heap with adequate memory - OQS_SIG_STFL_SECRET_KEY *sk = malloc(sizeof(OQS_SIG_STFL_SECRET_KEY)); - if (sk == NULL) { - return NULL; - } - memset(sk, 0, sizeof(OQS_SIG_STFL_SECRET_KEY)); - - sk->length_secret_key = OQS_SIG_STFL_alg_xmss_shake256_h16_length_sk; - - // Secret serialize/deserialize function - sk->serialize_key = OQS_SECRET_KEY_XMSS_serialize_key; - sk->deserialize_key = OQS_SECRET_KEY_XMSS_deserialize_key; - - // Initialize the key with length_secret_key amount of bytes. - sk->secret_key_data = (uint8_t *)malloc(sk->length_secret_key * sizeof(uint8_t)); - - if (sk->secret_key_data == NULL) { - OQS_MEM_insecure_free(sk); - return NULL; - } - memset(sk->secret_key_data, 0, sk->length_secret_key); - - // Point to associated OQS_SIG_STFL object - sk->sig = NULL; - - // Mutual exclusion struct - sk->mutex = NULL; - - // Set Secret Key locking function - sk->lock_key = NULL; - - // Set Secret Key unlocking / releasing function - sk->unlock_key = NULL; - - // Set Secret Key saving function - sk->secure_store_scrt_key = NULL; - - // Set Secret Key store callback function - sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; - - // Set Secret Key free function - sk->free_key = OQS_SECRET_KEY_XMSS_free; - - sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; - - return sk; + return OQS_SECRET_KEY_XMSS_new(OQS_SIG_STFL_alg_xmss_shake256_h16_length_sk); } OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_shake256_h16_keypair(XMSS_UNUSED_ATT uint8_t *public_key, XMSS_UNUSED_ATT OQS_SIG_STFL_SECRET_KEY *secret_key) { @@ -105,93 +59,19 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_shake256_h16_keypair(XMSS_UNUSED_ATT ui return OQS_SUCCESS; } -OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_shake256_h16_sign(uint8_t *signature, size_t *signature_len, XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, XMSS_UNUSED_ATT OQS_SIG_STFL_SECRET_KEY *secret_key) { - - OQS_STATUS rc_keyupdate, status = OQS_SUCCESS; - const OQS_SIG_STFL_SECRET_KEY *sk; - uint8_t *sk_key_buf_ptr = NULL; - unsigned long long sig_length = 0; - size_t sk_key_buf_len = 0; - - if (signature == NULL || signature_len == NULL || message == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - /* check for secret key update function */ - if (secret_key->secure_store_scrt_key == NULL) { - return OQS_ERROR; - } - - /* Lock secret to ensure OTS use */ - if ((secret_key->lock_key) && (secret_key->mutex)) { - secret_key->lock_key(secret_key->mutex); - } - - if (xmss_sign(secret_key->secret_key_data, signature, &sig_length, message, message_len)) { - status = OQS_ERROR; - goto err; - } - *signature_len = (size_t)sig_length; - - /* - * serialize and securely store the updated private key - * but, delete signature and the serialized key other wise - */ - - sk = secret_key; - rc_keyupdate = OQS_SECRET_KEY_XMSS_serialize_key(sk, &sk_key_buf_len, &sk_key_buf_ptr); - if (rc_keyupdate != OQS_SUCCESS) { - status = OQS_ERROR; - goto err; - } - - rc_keyupdate = secret_key->secure_store_scrt_key(sk_key_buf_ptr, sk_key_buf_len, secret_key->context); - if (rc_keyupdate != OQS_SUCCESS) { - status = OQS_ERROR; - } - - OQS_MEM_secure_free(sk_key_buf_ptr, sk_key_buf_len); -err: - /* Unlock secret to ensure OTS use */ - if ((secret_key->unlock_key) && (secret_key->mutex)) { - secret_key->unlock_key(secret_key->mutex); - } - return status; +OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_shake256_h16_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, OQS_SIG_STFL_SECRET_KEY *secret_key) { + return OQS_SIG_STFL_alg_xmss_sign(signature, signature_len, message, message_len, secret_key); } -OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_shake256_h16_verify(XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, const uint8_t *signature, size_t signature_len, XMSS_UNUSED_ATT const uint8_t *public_key) { - - if (message == NULL || signature == NULL || public_key == NULL) { - return OQS_ERROR; - } - - if (xmss_sign_open(message, (unsigned long long) message_len, signature, (unsigned long long) signature_len, public_key)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; +OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_shake256_h16_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key) { + return OQS_SIG_STFL_alg_xmss_verify(message, message_len, signature, signature_len, public_key); } OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_shake256_h16_sigs_remaining(unsigned long long *remain, const OQS_SIG_STFL_SECRET_KEY *secret_key) { - if (remain == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - if (xmss_remaining_signatures(remain, secret_key->secret_key_data)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; + return OQS_SIG_STFL_alg_xmss_sigs_remaining(remain, secret_key); } OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_shake256_h16_sigs_total(unsigned long long *total, const OQS_SIG_STFL_SECRET_KEY *secret_key) { - if (total == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - if (xmss_total_signatures(total, secret_key->secret_key_data)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; + return OQS_SIG_STFL_alg_xmss_sigs_total(total, secret_key); } + diff --git a/src/sig_stfl/xmss/sig_stfl_xmss_shake256_h20.c b/src/sig_stfl/xmss/sig_stfl_xmss_shake256_h20.c index ac2ac4a7d5..15f591466e 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmss_shake256_h20.c +++ b/src/sig_stfl/xmss/sig_stfl_xmss_shake256_h20.c @@ -43,53 +43,7 @@ OQS_SIG_STFL *OQS_SIG_STFL_alg_xmss_shake256_h20_new(void) { } OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_XMSS_SHAKE256_H20_new(void) { - - // Initialize the secret key in the heap with adequate memory - OQS_SIG_STFL_SECRET_KEY *sk = malloc(sizeof(OQS_SIG_STFL_SECRET_KEY)); - if (sk == NULL) { - return NULL; - } - memset(sk, 0, sizeof(OQS_SIG_STFL_SECRET_KEY)); - - sk->length_secret_key = OQS_SIG_STFL_alg_xmss_shake256_h20_length_sk; - - // Secret serialize/deserialize function - sk->serialize_key = OQS_SECRET_KEY_XMSS_serialize_key; - sk->deserialize_key = OQS_SECRET_KEY_XMSS_deserialize_key; - - // Initialize the key with length_secret_key amount of bytes. - sk->secret_key_data = (uint8_t *)malloc(sk->length_secret_key * sizeof(uint8_t)); - - if (sk->secret_key_data == NULL) { - OQS_MEM_insecure_free(sk); - return NULL; - } - memset(sk->secret_key_data, 0, sk->length_secret_key); - - // Point to associated OQS_SIG_STFL object - sk->sig = NULL; - - // Mutual exclusion struct - sk->mutex = NULL; - - // Set Secret Key locking function - sk->lock_key = NULL; - - // Set Secret Key unlocking / releasing function - sk->unlock_key = NULL; - - // Set Secret Key saving function - sk->secure_store_scrt_key = NULL; - - // Set Secret Key store callback function - sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; - - // Set Secret Key free function - sk->free_key = OQS_SECRET_KEY_XMSS_free; - - sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; - - return sk; + return OQS_SECRET_KEY_XMSS_new(OQS_SIG_STFL_alg_xmss_shake256_h20_length_sk); } OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_shake256_h20_keypair(XMSS_UNUSED_ATT uint8_t *public_key, XMSS_UNUSED_ATT OQS_SIG_STFL_SECRET_KEY *secret_key) { @@ -105,93 +59,18 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_shake256_h20_keypair(XMSS_UNUSED_ATT ui return OQS_SUCCESS; } -OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_shake256_h20_sign(uint8_t *signature, size_t *signature_len, XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, XMSS_UNUSED_ATT OQS_SIG_STFL_SECRET_KEY *secret_key) { - - OQS_STATUS rc_keyupdate, status = OQS_SUCCESS; - const OQS_SIG_STFL_SECRET_KEY *sk; - uint8_t *sk_key_buf_ptr = NULL; - unsigned long long sig_length = 0; - size_t sk_key_buf_len = 0; - - if (signature == NULL || signature_len == NULL || message == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - /* check for secret key update function */ - if (secret_key->secure_store_scrt_key == NULL) { - return OQS_ERROR; - } - - /* Lock secret to ensure OTS use */ - if ((secret_key->lock_key) && (secret_key->mutex)) { - secret_key->lock_key(secret_key->mutex); - } - - if (xmss_sign(secret_key->secret_key_data, signature, &sig_length, message, message_len)) { - status = OQS_ERROR; - goto err; - } - *signature_len = (size_t)sig_length; - - /* - * serialize and securely store the updated private key - * but, delete signature and the serialized key other wise - */ - - sk = secret_key; - rc_keyupdate = OQS_SECRET_KEY_XMSS_serialize_key(sk, &sk_key_buf_len, &sk_key_buf_ptr); - if (rc_keyupdate != OQS_SUCCESS) { - status = OQS_ERROR; - goto err; - } - - rc_keyupdate = secret_key->secure_store_scrt_key(sk_key_buf_ptr, sk_key_buf_len, secret_key->context); - if (rc_keyupdate != OQS_SUCCESS) { - status = OQS_ERROR; - } - - OQS_MEM_secure_free(sk_key_buf_ptr, sk_key_buf_len); -err: - /* Unlock secret to ensure OTS use */ - if ((secret_key->unlock_key) && (secret_key->mutex)) { - secret_key->unlock_key(secret_key->mutex); - } - return status; +OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_shake256_h20_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, OQS_SIG_STFL_SECRET_KEY *secret_key) { + return OQS_SIG_STFL_alg_xmss_sign(signature, signature_len, message, message_len, secret_key); } -OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_shake256_h20_verify(XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, const uint8_t *signature, size_t signature_len, XMSS_UNUSED_ATT const uint8_t *public_key) { - - if (message == NULL || signature == NULL || public_key == NULL) { - return OQS_ERROR; - } - - if (xmss_sign_open(message, (unsigned long long) message_len, signature, (unsigned long long) signature_len, public_key)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; +OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_shake256_h20_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key) { + return OQS_SIG_STFL_alg_xmss_verify(message, message_len, signature, signature_len, public_key); } OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_shake256_h20_sigs_remaining(unsigned long long *remain, const OQS_SIG_STFL_SECRET_KEY *secret_key) { - if (remain == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - if (xmss_remaining_signatures(remain, secret_key->secret_key_data)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; + return OQS_SIG_STFL_alg_xmss_sigs_remaining(remain, secret_key); } OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_shake256_h20_sigs_total(unsigned long long *total, const OQS_SIG_STFL_SECRET_KEY *secret_key) { - if (total == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - if (xmss_total_signatures(total, secret_key->secret_key_data)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; + return OQS_SIG_STFL_alg_xmss_sigs_total(total, secret_key); } diff --git a/src/sig_stfl/xmss/sig_stfl_xmssmt_functions.c b/src/sig_stfl/xmss/sig_stfl_xmssmt_functions.c new file mode 100644 index 0000000000..7800d59e78 --- /dev/null +++ b/src/sig_stfl/xmss/sig_stfl_xmssmt_functions.c @@ -0,0 +1,102 @@ +// SPDX-License-Identifier: MIT + +#include +#include + +#include +#include "sig_stfl_xmss.h" + +#include "external/xmss.h" + +#if defined(__GNUC__) || defined(__clang__) +#define XMSS_UNUSED_ATT __attribute__((unused)) +#else +#define XMSS_UNUSED_ATT +#endif + +/* -------------- XMSSMT -------------- */ + +OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sign(uint8_t *signature, size_t *signature_len, XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, XMSS_UNUSED_ATT OQS_SIG_STFL_SECRET_KEY *secret_key) { + + OQS_STATUS rc_keyupdate, status = OQS_SUCCESS; + const OQS_SIG_STFL_SECRET_KEY *sk; + uint8_t *sk_key_buf_ptr = NULL; + unsigned long long sig_length = 0; + size_t sk_key_buf_len = 0; + + if (signature == NULL || signature_len == NULL || message == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { + return OQS_ERROR; + } + + /* Don't even attempt signing without a way to safe the updated private key */ + if (secret_key->secure_store_scrt_key == NULL) { + return OQS_ERROR; + } + + /* Lock secret to ensure OTS use */ + if ((secret_key->lock_key != NULL) && (secret_key->mutex != NULL)) { + secret_key->lock_key(secret_key->mutex); + } + if (xmssmt_sign(secret_key->secret_key_data, signature, &sig_length, message, message_len)) { + status = OQS_ERROR; + goto err; + } + *signature_len = (size_t)sig_length; + /* + * serialize and securely store the updated private key + * regardless, delete signature and the serialized key other wise + */ + + status = OQS_SECRET_KEY_XMSS_serialize_key(secret_key, &sk_key_buf_len, &sk_key_buf_ptr); + if (status != OQS_SUCCESS) { + goto err; + } + + // Store updated private key securely + status = secret_key->secure_store_scrt_key(sk_key_buf_ptr, sk_key_buf_len, secret_key->context); + OQS_MEM_secure_free(sk_key_buf_ptr, sk_key_buf_len); + +err: + /* Unlock secret to ensure OTS use */ + if ((secret_key->unlock_key != NULL) && (secret_key->mutex != NULL)) { + secret_key->unlock_key(secret_key->mutex); + } + return status; +} + +OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_verify(XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, const uint8_t *signature, size_t signature_len, XMSS_UNUSED_ATT const uint8_t *public_key) { + + if (message == NULL || signature == NULL || public_key == NULL) { + return OQS_ERROR; + } + + if (xmssmt_sign_open(message, (unsigned long long)message_len, signature, (unsigned long long)signature_len, public_key)) { + return OQS_ERROR; + } + + return OQS_SUCCESS; +} + +OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sigs_remaining(unsigned long long *remain, const OQS_SIG_STFL_SECRET_KEY *secret_key) { + if (remain == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { + return OQS_ERROR; + } + + if (xmssmt_remaining_signatures(remain, secret_key->secret_key_data)) { + return OQS_ERROR; + } + + return OQS_SUCCESS; +} + +OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sigs_total(unsigned long long *total, const OQS_SIG_STFL_SECRET_KEY *secret_key) { + if (total == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { + return OQS_ERROR; + } + + if (xmssmt_total_signatures(total, secret_key->secret_key_data)) { + return OQS_ERROR; + } + + return OQS_SUCCESS; +} diff --git a/src/sig_stfl/xmss/sig_stfl_xmssmt_sha256_h20_2.c b/src/sig_stfl/xmss/sig_stfl_xmssmt_sha256_h20_2.c index b7e705bee4..ab3c2d6765 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmssmt_sha256_h20_2.c +++ b/src/sig_stfl/xmss/sig_stfl_xmssmt_sha256_h20_2.c @@ -43,53 +43,7 @@ OQS_SIG_STFL *OQS_SIG_STFL_alg_xmssmt_sha256_h20_2_new(void) { } OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_XMSSMT_SHA256_H20_2_new(void) { - - // Initialize the secret key in the heap with adequate memory - OQS_SIG_STFL_SECRET_KEY *sk = malloc(sizeof(OQS_SIG_STFL_SECRET_KEY)); - if (sk == NULL) { - return NULL; - } - memset(sk, 0, sizeof(OQS_SIG_STFL_SECRET_KEY)); - - sk->length_secret_key = OQS_SIG_STFL_alg_xmssmt_sha256_h20_2_length_sk; - - // Secret serialize/deserialize function - sk->serialize_key = OQS_SECRET_KEY_XMSS_serialize_key; - sk->deserialize_key = OQS_SECRET_KEY_XMSS_deserialize_key; - - // Initialize the key with length_secret_key amount of bytes. - sk->secret_key_data = (uint8_t *)malloc(sk->length_secret_key * sizeof(uint8_t)); - - if (sk->secret_key_data == NULL) { - OQS_MEM_insecure_free(sk); - return NULL; - } - memset(sk->secret_key_data, 0, sk->length_secret_key); - - // Point to associated OQS_SIG_STFL object - sk->sig = NULL; - - // Mutual exclusion struct - sk->mutex = NULL; - - // Set Secret Key locking function - sk->lock_key = NULL; - - // Set Secret Key unlocking / releasing function - sk->unlock_key = NULL; - - // Set Secret Key saving function - sk->secure_store_scrt_key = NULL; - - // Set Secret Key store callback function - sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; - - // Set Secret Key free function - sk->free_key = OQS_SECRET_KEY_XMSS_free; - - sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; - - return sk; + return OQS_SECRET_KEY_XMSS_new(OQS_SIG_STFL_alg_xmssmt_sha256_h20_2_length_sk); } OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sha256_h20_2_keypair(XMSS_UNUSED_ATT uint8_t *public_key, XMSS_UNUSED_ATT OQS_SIG_STFL_SECRET_KEY *secret_key) { @@ -105,93 +59,18 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sha256_h20_2_keypair(XMSS_UNUSED_ATT return OQS_SUCCESS; } -OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sha256_h20_2_sign(uint8_t *signature, size_t *signature_len, XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, XMSS_UNUSED_ATT OQS_SIG_STFL_SECRET_KEY *secret_key) { - - OQS_STATUS rc_keyupdate, status = OQS_SUCCESS; - const OQS_SIG_STFL_SECRET_KEY *sk; - uint8_t *sk_key_buf_ptr = NULL; - unsigned long long sig_length = 0; - size_t sk_key_buf_len = 0; - - if (signature == NULL || signature_len == NULL || message == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - /* check for secret key update function */ - if (secret_key->secure_store_scrt_key == NULL) { - return OQS_ERROR; - } - - /* Lock secret to ensure OTS use */ - if ((secret_key->lock_key) && (secret_key->mutex)) { - secret_key->lock_key(secret_key->mutex); - } - - if (xmss_sign(secret_key->secret_key_data, signature, &sig_length, message, message_len)) { - status = OQS_ERROR; - goto err; - } - *signature_len = (size_t)sig_length; - - /* - * serialize and securely store the updated private key - * but, delete signature and the serialized key other wise - */ - - sk = secret_key; - rc_keyupdate = OQS_SECRET_KEY_XMSS_serialize_key(sk, &sk_key_buf_len, &sk_key_buf_ptr); - if (rc_keyupdate != OQS_SUCCESS) { - status = OQS_ERROR; - goto err; - } - - rc_keyupdate = secret_key->secure_store_scrt_key(sk_key_buf_ptr, sk_key_buf_len, secret_key->context); - if (rc_keyupdate != OQS_SUCCESS) { - status = OQS_ERROR; - } - - OQS_MEM_secure_free(sk_key_buf_ptr, sk_key_buf_len); -err: - /* Unlock secret to ensure OTS use */ - if ((secret_key->unlock_key) && (secret_key->mutex)) { - secret_key->unlock_key(secret_key->mutex); - } - return status; +OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sha256_h20_2_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, OQS_SIG_STFL_SECRET_KEY *secret_key) { + return OQS_SIG_STFL_alg_xmssmt_sign(signature, signature_len, message, message_len, secret_key); } -OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sha256_h20_2_verify(XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, const uint8_t *signature, size_t signature_len, XMSS_UNUSED_ATT const uint8_t *public_key) { - - if (message == NULL || signature == NULL || public_key == NULL) { - return OQS_ERROR; - } - - if (xmssmt_sign_open(message, (unsigned long long) message_len, signature, (unsigned long long) signature_len, public_key)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; +OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sha256_h20_2_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key) { + return OQS_SIG_STFL_alg_xmssmt_verify(message, message_len, signature, signature_len, public_key); } OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sha256_h20_2_sigs_remaining(unsigned long long *remain, const OQS_SIG_STFL_SECRET_KEY *secret_key) { - if (remain == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - if (xmssmt_remaining_signatures(remain, secret_key->secret_key_data)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; + return OQS_SIG_STFL_alg_xmssmt_sigs_remaining(remain, secret_key); } OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sha256_h20_2_sigs_total(unsigned long long *total, const OQS_SIG_STFL_SECRET_KEY *secret_key) { - if (total == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - if (xmssmt_total_signatures(total, secret_key->secret_key_data)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; + return OQS_SIG_STFL_alg_xmssmt_sigs_total(total, secret_key); } diff --git a/src/sig_stfl/xmss/sig_stfl_xmssmt_sha256_h20_4.c b/src/sig_stfl/xmss/sig_stfl_xmssmt_sha256_h20_4.c index 4589dd8823..62df91e621 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmssmt_sha256_h20_4.c +++ b/src/sig_stfl/xmss/sig_stfl_xmssmt_sha256_h20_4.c @@ -43,53 +43,7 @@ OQS_SIG_STFL *OQS_SIG_STFL_alg_xmssmt_sha256_h20_4_new(void) { } OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_XMSSMT_SHA256_H20_4_new(void) { - - // Initialize the secret key in the heap with adequate memory - OQS_SIG_STFL_SECRET_KEY *sk = malloc(sizeof(OQS_SIG_STFL_SECRET_KEY)); - if (sk == NULL) { - return NULL; - } - memset(sk, 0, sizeof(OQS_SIG_STFL_SECRET_KEY)); - - sk->length_secret_key = OQS_SIG_STFL_alg_xmssmt_sha256_h20_4_length_sk; - - // Secret serialize/deserialize function - sk->serialize_key = OQS_SECRET_KEY_XMSS_serialize_key; - sk->deserialize_key = OQS_SECRET_KEY_XMSS_deserialize_key; - - // Initialize the key with length_secret_key amount of bytes. - sk->secret_key_data = (uint8_t *)malloc(sk->length_secret_key * sizeof(uint8_t)); - - if (sk->secret_key_data == NULL) { - OQS_MEM_insecure_free(sk); - return NULL; - } - memset(sk->secret_key_data, 0, sk->length_secret_key); - - // Point to associated OQS_SIG_STFL object - sk->sig = NULL; - - // Mutual exclusion struct - sk->mutex = NULL; - - // Set Secret Key locking function - sk->lock_key = NULL; - - // Set Secret Key unlocking / releasing function - sk->unlock_key = NULL; - - // Set Secret Key saving function - sk->secure_store_scrt_key = NULL; - - // Set Secret Key store callback function - sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; - - // Set Secret Key free function - sk->free_key = OQS_SECRET_KEY_XMSS_free; - - sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; - - return sk; + return OQS_SECRET_KEY_XMSS_new(OQS_SIG_STFL_alg_xmssmt_sha256_h20_4_length_sk); } OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sha256_h20_4_keypair(XMSS_UNUSED_ATT uint8_t *public_key, XMSS_UNUSED_ATT OQS_SIG_STFL_SECRET_KEY *secret_key) { @@ -105,93 +59,18 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sha256_h20_4_keypair(XMSS_UNUSED_ATT return OQS_SUCCESS; } -OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sha256_h20_4_sign(uint8_t *signature, size_t *signature_len, XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, XMSS_UNUSED_ATT OQS_SIG_STFL_SECRET_KEY *secret_key) { - - OQS_STATUS rc_keyupdate, status = OQS_SUCCESS; - const OQS_SIG_STFL_SECRET_KEY *sk; - uint8_t *sk_key_buf_ptr = NULL; - unsigned long long sig_length = 0; - size_t sk_key_buf_len = 0; - - if (signature == NULL || signature_len == NULL || message == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - /* check for secret key update function */ - if (secret_key->secure_store_scrt_key == NULL) { - return OQS_ERROR; - } - - /* Lock secret to ensure OTS use */ - if ((secret_key->lock_key) && (secret_key->mutex)) { - secret_key->lock_key(secret_key->mutex); - } - - if (xmss_sign(secret_key->secret_key_data, signature, &sig_length, message, message_len)) { - status = OQS_ERROR; - goto err; - } - *signature_len = (size_t)sig_length; - - /* - * serialize and securely store the updated private key - * but, delete signature and the serialized key other wise - */ - - sk = secret_key; - rc_keyupdate = OQS_SECRET_KEY_XMSS_serialize_key(sk, &sk_key_buf_len, &sk_key_buf_ptr); - if (rc_keyupdate != OQS_SUCCESS) { - status = OQS_ERROR; - goto err; - } - - rc_keyupdate = secret_key->secure_store_scrt_key(sk_key_buf_ptr, sk_key_buf_len, secret_key->context); - if (rc_keyupdate != OQS_SUCCESS) { - status = OQS_ERROR; - } - - OQS_MEM_secure_free(sk_key_buf_ptr, sk_key_buf_len); -err: - /* Unlock secret to ensure OTS use */ - if ((secret_key->unlock_key) && (secret_key->mutex)) { - secret_key->unlock_key(secret_key->mutex); - } - return status; +OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sha256_h20_4_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, OQS_SIG_STFL_SECRET_KEY *secret_key) { + return OQS_SIG_STFL_alg_xmssmt_sign(signature, signature_len, message, message_len, secret_key); } -OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sha256_h20_4_verify(XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, const uint8_t *signature, size_t signature_len, XMSS_UNUSED_ATT const uint8_t *public_key) { - - if (message == NULL || signature == NULL || public_key == NULL) { - return OQS_ERROR; - } - - if (xmssmt_sign_open(message, (unsigned long long) message_len, signature, (unsigned long long) signature_len, public_key)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; +OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sha256_h20_4_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key) { + return OQS_SIG_STFL_alg_xmssmt_verify(message, message_len, signature, signature_len, public_key); } OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sha256_h20_4_sigs_remaining(unsigned long long *remain, const OQS_SIG_STFL_SECRET_KEY *secret_key) { - if (remain == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - if (xmssmt_remaining_signatures(remain, secret_key->secret_key_data)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; + return OQS_SIG_STFL_alg_xmssmt_sigs_remaining(remain, secret_key); } OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sha256_h20_4_sigs_total(unsigned long long *total, const OQS_SIG_STFL_SECRET_KEY *secret_key) { - if (total == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - if (xmssmt_total_signatures(total, secret_key->secret_key_data)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; + return OQS_SIG_STFL_alg_xmssmt_sigs_total(total, secret_key); } diff --git a/src/sig_stfl/xmss/sig_stfl_xmssmt_sha256_h40_2.c b/src/sig_stfl/xmss/sig_stfl_xmssmt_sha256_h40_2.c index dd12e8260c..0ff6054cc6 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmssmt_sha256_h40_2.c +++ b/src/sig_stfl/xmss/sig_stfl_xmssmt_sha256_h40_2.c @@ -43,53 +43,7 @@ OQS_SIG_STFL *OQS_SIG_STFL_alg_xmssmt_sha256_h40_2_new(void) { } OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_XMSSMT_SHA256_H40_2_new(void) { - - // Initialize the secret key in the heap with adequate memory - OQS_SIG_STFL_SECRET_KEY *sk = malloc(sizeof(OQS_SIG_STFL_SECRET_KEY)); - if (sk == NULL) { - return NULL; - } - memset(sk, 0, sizeof(OQS_SIG_STFL_SECRET_KEY)); - - sk->length_secret_key = OQS_SIG_STFL_alg_xmssmt_sha256_h40_2_length_sk; - - // Secret serialize/deserialize function - sk->serialize_key = OQS_SECRET_KEY_XMSS_serialize_key; - sk->deserialize_key = OQS_SECRET_KEY_XMSS_deserialize_key; - - // Initialize the key with length_secret_key amount of bytes. - sk->secret_key_data = (uint8_t *)malloc(sk->length_secret_key * sizeof(uint8_t)); - - if (sk->secret_key_data == NULL) { - OQS_MEM_insecure_free(sk); - return NULL; - } - memset(sk->secret_key_data, 0, sk->length_secret_key); - - // Point to associated OQS_SIG_STFL object - sk->sig = NULL; - - // Mutual exclusion struct - sk->mutex = NULL; - - // Set Secret Key locking function - sk->lock_key = NULL; - - // Set Secret Key unlocking / releasing function - sk->unlock_key = NULL; - - // Set Secret Key saving function - sk->secure_store_scrt_key = NULL; - - // Set Secret Key store callback function - sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; - - // Set Secret Key free function - sk->free_key = OQS_SECRET_KEY_XMSS_free; - - sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; - - return sk; + return OQS_SECRET_KEY_XMSS_new(OQS_SIG_STFL_alg_xmssmt_sha256_h40_2_length_sk); } OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sha256_h40_2_keypair(XMSS_UNUSED_ATT uint8_t *public_key, XMSS_UNUSED_ATT OQS_SIG_STFL_SECRET_KEY *secret_key) { @@ -105,94 +59,18 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sha256_h40_2_keypair(XMSS_UNUSED_ATT return OQS_SUCCESS; } -OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sha256_h40_2_sign(uint8_t *signature, size_t *signature_len, XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, XMSS_UNUSED_ATT OQS_SIG_STFL_SECRET_KEY *secret_key) { - - OQS_STATUS rc_keyupdate, status = OQS_SUCCESS; - const OQS_SIG_STFL_SECRET_KEY *sk; - uint8_t *sk_key_buf_ptr = NULL; - unsigned long long sig_length = 0; - size_t sk_key_buf_len = 0; - - if (signature == NULL || signature_len == NULL || message == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - /* check for secret key update function */ - if (secret_key->secure_store_scrt_key == NULL) { - fprintf(stderr, "No secret key secure-store set.\n"); - return OQS_ERROR; - } - - /* Lock secret to ensure OTS use */ - if ((secret_key->lock_key) && (secret_key->mutex)) { - secret_key->lock_key(secret_key->mutex); - } - - if (xmss_sign(secret_key->secret_key_data, signature, &sig_length, message, message_len)) { - status = OQS_ERROR; - goto err; - } - *signature_len = (size_t)sig_length; - - /* - * serialize and securely store the updated private key - * but, delete signature and the serialized key other wise - */ - - sk = secret_key; - rc_keyupdate = OQS_SECRET_KEY_XMSS_serialize_key(sk, &sk_key_buf_len, &sk_key_buf_ptr); - if (rc_keyupdate != OQS_SUCCESS) { - status = OQS_ERROR; - goto err; - } - - rc_keyupdate = secret_key->secure_store_scrt_key(sk_key_buf_ptr, sk_key_buf_len, secret_key->context); - if (rc_keyupdate != OQS_SUCCESS) { - status = OQS_ERROR; - } - - OQS_MEM_secure_free(sk_key_buf_ptr, sk_key_buf_len); -err: - /* Unlock secret to ensure OTS use */ - if ((secret_key->unlock_key) && (secret_key->mutex)) { - secret_key->unlock_key(secret_key->mutex); - } - return status; +OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sha256_h40_2_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, OQS_SIG_STFL_SECRET_KEY *secret_key) { + return OQS_SIG_STFL_alg_xmssmt_sign(signature, signature_len, message, message_len, secret_key); } -OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sha256_h40_2_verify(XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, const uint8_t *signature, size_t signature_len, XMSS_UNUSED_ATT const uint8_t *public_key) { - - if (message == NULL || signature == NULL || public_key == NULL) { - return OQS_ERROR; - } - - if (xmssmt_sign_open(message, (unsigned long long) message_len, signature, (unsigned long long) signature_len, public_key)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; +OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sha256_h40_2_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key) { + return OQS_SIG_STFL_alg_xmssmt_verify(message, message_len, signature, signature_len, public_key); } OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sha256_h40_2_sigs_remaining(unsigned long long *remain, const OQS_SIG_STFL_SECRET_KEY *secret_key) { - if (remain == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - if (xmssmt_remaining_signatures(remain, secret_key->secret_key_data)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; + return OQS_SIG_STFL_alg_xmssmt_sigs_remaining(remain, secret_key); } OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sha256_h40_2_sigs_total(unsigned long long *total, const OQS_SIG_STFL_SECRET_KEY *secret_key) { - if (total == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - if (xmssmt_total_signatures(total, secret_key->secret_key_data)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; + return OQS_SIG_STFL_alg_xmssmt_sigs_total(total, secret_key); } diff --git a/src/sig_stfl/xmss/sig_stfl_xmssmt_sha256_h40_4.c b/src/sig_stfl/xmss/sig_stfl_xmssmt_sha256_h40_4.c index 9e716aa791..721eba5f9f 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmssmt_sha256_h40_4.c +++ b/src/sig_stfl/xmss/sig_stfl_xmssmt_sha256_h40_4.c @@ -43,53 +43,7 @@ OQS_SIG_STFL *OQS_SIG_STFL_alg_xmssmt_sha256_h40_4_new(void) { } OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_XMSSMT_SHA256_H40_4_new(void) { - - // Initialize the secret key in the heap with adequate memory - OQS_SIG_STFL_SECRET_KEY *sk = malloc(sizeof(OQS_SIG_STFL_SECRET_KEY)); - if (sk == NULL) { - return NULL; - } - memset(sk, 0, sizeof(OQS_SIG_STFL_SECRET_KEY)); - - sk->length_secret_key = OQS_SIG_STFL_alg_xmssmt_sha256_h40_4_length_sk; - - // Secret serialize/deserialize function - sk->serialize_key = OQS_SECRET_KEY_XMSS_serialize_key; - sk->deserialize_key = OQS_SECRET_KEY_XMSS_deserialize_key; - - // Initialize the key with length_secret_key amount of bytes. - sk->secret_key_data = (uint8_t *)malloc(sk->length_secret_key * sizeof(uint8_t)); - - if (sk->secret_key_data == NULL) { - OQS_MEM_insecure_free(sk); - return NULL; - } - memset(sk->secret_key_data, 0, sk->length_secret_key); - - // Point to associated OQS_SIG_STFL object - sk->sig = NULL; - - // Mutual exclusion struct - sk->mutex = NULL; - - // Set Secret Key locking function - sk->lock_key = NULL; - - // Set Secret Key unlocking / releasing function - sk->unlock_key = NULL; - - // Set Secret Key saving function - sk->secure_store_scrt_key = NULL; - - // Set Secret Key store callback function - sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; - - // Set Secret Key free function - sk->free_key = OQS_SECRET_KEY_XMSS_free; - - sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; - - return sk; + return OQS_SECRET_KEY_XMSS_new(OQS_SIG_STFL_alg_xmssmt_sha256_h40_4_length_sk); } OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sha256_h40_4_keypair(XMSS_UNUSED_ATT uint8_t *public_key, XMSS_UNUSED_ATT OQS_SIG_STFL_SECRET_KEY *secret_key) { @@ -105,93 +59,18 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sha256_h40_4_keypair(XMSS_UNUSED_ATT return OQS_SUCCESS; } -OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sha256_h40_4_sign(uint8_t *signature, size_t *signature_len, XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, XMSS_UNUSED_ATT OQS_SIG_STFL_SECRET_KEY *secret_key) { - - OQS_STATUS rc_keyupdate, status = OQS_SUCCESS; - const OQS_SIG_STFL_SECRET_KEY *sk; - uint8_t *sk_key_buf_ptr = NULL; - unsigned long long sig_length = 0; - size_t sk_key_buf_len = 0; - - if (signature == NULL || signature_len == NULL || message == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - /* check for secret key update function */ - if (secret_key->secure_store_scrt_key == NULL) { - return OQS_ERROR; - } - - /* Lock secret to ensure OTS use */ - if ((secret_key->lock_key) && (secret_key->mutex)) { - secret_key->lock_key(secret_key->mutex); - } - - if (xmss_sign(secret_key->secret_key_data, signature, &sig_length, message, message_len)) { - status = OQS_ERROR; - goto err; - } - *signature_len = (size_t)sig_length; - - /* - * serialize and securely store the updated private key - * but, delete signature and the serialized key other wise - */ - - sk = secret_key; - rc_keyupdate = OQS_SECRET_KEY_XMSS_serialize_key(sk, &sk_key_buf_len, &sk_key_buf_ptr); - if (rc_keyupdate != OQS_SUCCESS) { - status = OQS_ERROR; - goto err; - } - - rc_keyupdate = secret_key->secure_store_scrt_key(sk_key_buf_ptr, sk_key_buf_len, secret_key->context); - if (rc_keyupdate != OQS_SUCCESS) { - status = OQS_ERROR; - } - - OQS_MEM_secure_free(sk_key_buf_ptr, sk_key_buf_len); -err: - /* Unlock secret to ensure OTS use */ - if ((secret_key->unlock_key) && (secret_key->mutex)) { - secret_key->unlock_key(secret_key->mutex); - } - return status; +OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sha256_h40_4_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, OQS_SIG_STFL_SECRET_KEY *secret_key) { + return OQS_SIG_STFL_alg_xmssmt_sign(signature, signature_len, message, message_len, secret_key); } -OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sha256_h40_4_verify(XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, const uint8_t *signature, size_t signature_len, XMSS_UNUSED_ATT const uint8_t *public_key) { - - if (message == NULL || signature == NULL || public_key == NULL) { - return OQS_ERROR; - } - - if (xmssmt_sign_open(message, (unsigned long long) message_len, signature, (unsigned long long) signature_len, public_key)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; +OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sha256_h40_4_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key) { + return OQS_SIG_STFL_alg_xmssmt_verify(message, message_len, signature, signature_len, public_key); } OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sha256_h40_4_sigs_remaining(unsigned long long *remain, const OQS_SIG_STFL_SECRET_KEY *secret_key) { - if (remain == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - if (xmssmt_remaining_signatures(remain, secret_key->secret_key_data)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; + return OQS_SIG_STFL_alg_xmssmt_sigs_remaining(remain, secret_key); } OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sha256_h40_4_sigs_total(unsigned long long *total, const OQS_SIG_STFL_SECRET_KEY *secret_key) { - if (total == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - if (xmssmt_total_signatures(total, secret_key->secret_key_data)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; + return OQS_SIG_STFL_alg_xmssmt_sigs_total(total, secret_key); } diff --git a/src/sig_stfl/xmss/sig_stfl_xmssmt_sha256_h40_8.c b/src/sig_stfl/xmss/sig_stfl_xmssmt_sha256_h40_8.c index dd49efdc5d..9433c61944 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmssmt_sha256_h40_8.c +++ b/src/sig_stfl/xmss/sig_stfl_xmssmt_sha256_h40_8.c @@ -43,53 +43,7 @@ OQS_SIG_STFL *OQS_SIG_STFL_alg_xmssmt_sha256_h40_8_new(void) { } OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_XMSSMT_SHA256_H40_8_new(void) { - - // Initialize the secret key in the heap with adequate memory - OQS_SIG_STFL_SECRET_KEY *sk = malloc(sizeof(OQS_SIG_STFL_SECRET_KEY)); - if (sk == NULL) { - return NULL; - } - memset(sk, 0, sizeof(OQS_SIG_STFL_SECRET_KEY)); - - sk->length_secret_key = OQS_SIG_STFL_alg_xmssmt_sha256_h40_8_length_sk; - - // Secret serialize/deserialize function - sk->serialize_key = OQS_SECRET_KEY_XMSS_serialize_key; - sk->deserialize_key = OQS_SECRET_KEY_XMSS_deserialize_key; - - // Initialize the key with length_secret_key amount of bytes. - sk->secret_key_data = (uint8_t *)malloc(sk->length_secret_key * sizeof(uint8_t)); - - if (sk->secret_key_data == NULL) { - OQS_MEM_insecure_free(sk); - return NULL; - } - memset(sk->secret_key_data, 0, sk->length_secret_key); - - // Point to associated OQS_SIG_STFL object - sk->sig = NULL; - - // Mutual exclusion struct - sk->mutex = NULL; - - // Set Secret Key locking function - sk->lock_key = NULL; - - // Set Secret Key unlocking / releasing function - sk->unlock_key = NULL; - - // Set Secret Key saving function - sk->secure_store_scrt_key = NULL; - - // Set Secret Key store callback function - sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; - - // Set Secret Key free function - sk->free_key = OQS_SECRET_KEY_XMSS_free; - - sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; - - return sk; + return OQS_SECRET_KEY_XMSS_new(OQS_SIG_STFL_alg_xmssmt_sha256_h40_8_length_sk); } OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sha256_h40_8_keypair(XMSS_UNUSED_ATT uint8_t *public_key, XMSS_UNUSED_ATT OQS_SIG_STFL_SECRET_KEY *secret_key) { @@ -105,93 +59,18 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sha256_h40_8_keypair(XMSS_UNUSED_ATT return OQS_SUCCESS; } -OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sha256_h40_8_sign(uint8_t *signature, size_t *signature_len, XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, XMSS_UNUSED_ATT OQS_SIG_STFL_SECRET_KEY *secret_key) { - - OQS_STATUS rc_keyupdate, status = OQS_SUCCESS; - const OQS_SIG_STFL_SECRET_KEY *sk; - uint8_t *sk_key_buf_ptr = NULL; - unsigned long long sig_length = 0; - size_t sk_key_buf_len = 0; - - if (signature == NULL || signature_len == NULL || message == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - /* check for secret key update function */ - if (secret_key->secure_store_scrt_key == NULL) { - return OQS_ERROR; - } - - /* Lock secret to ensure OTS use */ - if ((secret_key->lock_key) && (secret_key->mutex)) { - secret_key->lock_key(secret_key->mutex); - } - - if (xmss_sign(secret_key->secret_key_data, signature, &sig_length, message, message_len)) { - status = OQS_ERROR; - goto err; - } - *signature_len = (size_t)sig_length; - - /* - * serialize and securely store the updated private key - * but, delete signature and the serialized key other wise - */ - - sk = secret_key; - rc_keyupdate = OQS_SECRET_KEY_XMSS_serialize_key(sk, &sk_key_buf_len, &sk_key_buf_ptr); - if (rc_keyupdate != OQS_SUCCESS) { - status = OQS_ERROR; - goto err; - } - - rc_keyupdate = secret_key->secure_store_scrt_key(sk_key_buf_ptr, sk_key_buf_len, secret_key->context); - if (rc_keyupdate != OQS_SUCCESS) { - status = OQS_ERROR; - } - - OQS_MEM_secure_free(sk_key_buf_ptr, sk_key_buf_len); -err: - /* Unlock secret to ensure OTS use */ - if ((secret_key->unlock_key) && (secret_key->mutex)) { - secret_key->unlock_key(secret_key->mutex); - } - return status; +OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sha256_h40_8_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, OQS_SIG_STFL_SECRET_KEY *secret_key) { + return OQS_SIG_STFL_alg_xmssmt_sign(signature, signature_len, message, message_len, secret_key); } -OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sha256_h40_8_verify(XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, const uint8_t *signature, size_t signature_len, XMSS_UNUSED_ATT const uint8_t *public_key) { - - if (message == NULL || signature == NULL || public_key == NULL) { - return OQS_ERROR; - } - - if (xmssmt_sign_open(message, (unsigned long long) message_len, signature, (unsigned long long) signature_len, public_key)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; +OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sha256_h40_8_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key) { + return OQS_SIG_STFL_alg_xmssmt_verify(message, message_len, signature, signature_len, public_key); } OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sha256_h40_8_sigs_remaining(unsigned long long *remain, const OQS_SIG_STFL_SECRET_KEY *secret_key) { - if (remain == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - if (xmssmt_remaining_signatures(remain, secret_key->secret_key_data)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; + return OQS_SIG_STFL_alg_xmssmt_sigs_remaining(remain, secret_key); } OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sha256_h40_8_sigs_total(unsigned long long *total, const OQS_SIG_STFL_SECRET_KEY *secret_key) { - if (total == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - if (xmssmt_total_signatures(total, secret_key->secret_key_data)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; + return OQS_SIG_STFL_alg_xmssmt_sigs_total(total, secret_key); } diff --git a/src/sig_stfl/xmss/sig_stfl_xmssmt_sha256_h60_12.c b/src/sig_stfl/xmss/sig_stfl_xmssmt_sha256_h60_12.c index 3a2959cba1..edfc7239d6 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmssmt_sha256_h60_12.c +++ b/src/sig_stfl/xmss/sig_stfl_xmssmt_sha256_h60_12.c @@ -43,53 +43,7 @@ OQS_SIG_STFL *OQS_SIG_STFL_alg_xmssmt_sha256_h60_12_new(void) { } OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_XMSSMT_SHA256_H60_12_new(void) { - - // Initialize the secret key in the heap with adequate memory - OQS_SIG_STFL_SECRET_KEY *sk = malloc(sizeof(OQS_SIG_STFL_SECRET_KEY)); - if (sk == NULL) { - return NULL; - } - memset(sk, 0, sizeof(OQS_SIG_STFL_SECRET_KEY)); - - sk->length_secret_key = OQS_SIG_STFL_alg_xmssmt_sha256_h60_12_length_sk; - - // Secret serialize/deserialize function - sk->serialize_key = OQS_SECRET_KEY_XMSS_serialize_key; - sk->deserialize_key = OQS_SECRET_KEY_XMSS_deserialize_key; - - // Initialize the key with length_secret_key amount of bytes. - sk->secret_key_data = (uint8_t *)malloc(sk->length_secret_key * sizeof(uint8_t)); - - if (sk->secret_key_data == NULL) { - OQS_MEM_insecure_free(sk); - return NULL; - } - memset(sk->secret_key_data, 0, sk->length_secret_key); - - // Point to associated OQS_SIG_STFL object - sk->sig = NULL; - - // Mutual exclusion struct - sk->mutex = NULL; - - // Set Secret Key locking function - sk->lock_key = NULL; - - // Set Secret Key unlocking / releasing function - sk->unlock_key = NULL; - - // Set Secret Key saving function - sk->secure_store_scrt_key = NULL; - - // Set Secret Key store callback function - sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; - - // Set Secret Key free function - sk->free_key = OQS_SECRET_KEY_XMSS_free; - - sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; - - return sk; + return OQS_SECRET_KEY_XMSS_new(OQS_SIG_STFL_alg_xmssmt_sha256_h60_12_length_sk); } OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sha256_h60_12_keypair(XMSS_UNUSED_ATT uint8_t *public_key, XMSS_UNUSED_ATT OQS_SIG_STFL_SECRET_KEY *secret_key) { @@ -105,94 +59,18 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sha256_h60_12_keypair(XMSS_UNUSED_ATT return OQS_SUCCESS; } -OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sha256_h60_12_sign(uint8_t *signature, size_t *signature_len, XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, XMSS_UNUSED_ATT OQS_SIG_STFL_SECRET_KEY *secret_key) { - - - OQS_STATUS rc_keyupdate, status = OQS_SUCCESS; - const OQS_SIG_STFL_SECRET_KEY *sk; - uint8_t *sk_key_buf_ptr = NULL; - unsigned long long sig_length = 0; - size_t sk_key_buf_len = 0; - - if (signature == NULL || signature_len == NULL || message == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - /* check for secret key update function */ - if (secret_key->secure_store_scrt_key == NULL) { - return OQS_ERROR; - } - - /* Lock secret to ensure OTS use */ - if ((secret_key->lock_key) && (secret_key->mutex)) { - secret_key->lock_key(secret_key->mutex); - } - - if (xmss_sign(secret_key->secret_key_data, signature, &sig_length, message, message_len)) { - status = OQS_ERROR; - goto err; - } - *signature_len = (size_t)sig_length; - - /* - * serialize and securely store the updated private key - * but, delete signature and the serialized key other wise - */ - - sk = secret_key; - rc_keyupdate = OQS_SECRET_KEY_XMSS_serialize_key(sk, &sk_key_buf_len, &sk_key_buf_ptr); - if (rc_keyupdate != OQS_SUCCESS) { - status = OQS_ERROR; - goto err; - } - - rc_keyupdate = secret_key->secure_store_scrt_key(sk_key_buf_ptr, sk_key_buf_len, secret_key->context); - if (rc_keyupdate != OQS_SUCCESS) { - status = OQS_ERROR; - } - - OQS_MEM_secure_free(sk_key_buf_ptr, sk_key_buf_len); -err: - /* Unlock secret to ensure OTS use */ - if ((secret_key->unlock_key) && (secret_key->mutex)) { - secret_key->unlock_key(secret_key->mutex); - } - return status; +OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sha256_h60_12_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, OQS_SIG_STFL_SECRET_KEY *secret_key) { + return OQS_SIG_STFL_alg_xmssmt_sign(signature, signature_len, message, message_len, secret_key); } -OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sha256_h60_12_verify(XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, const uint8_t *signature, size_t signature_len, XMSS_UNUSED_ATT const uint8_t *public_key) { - - if (message == NULL || signature == NULL || public_key == NULL) { - return OQS_ERROR; - } - - if (xmssmt_sign_open(message, (unsigned long long) message_len, signature, (unsigned long long) signature_len, public_key)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; +OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sha256_h60_12_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key) { + return OQS_SIG_STFL_alg_xmssmt_verify(message, message_len, signature, signature_len, public_key); } OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sha256_h60_12_sigs_remaining(unsigned long long *remain, const OQS_SIG_STFL_SECRET_KEY *secret_key) { - if (remain == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - if (xmssmt_remaining_signatures(remain, secret_key->secret_key_data)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; + return OQS_SIG_STFL_alg_xmssmt_sigs_remaining(remain, secret_key); } OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sha256_h60_12_sigs_total(unsigned long long *total, const OQS_SIG_STFL_SECRET_KEY *secret_key) { - if (total == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - if (xmssmt_total_signatures(total, secret_key->secret_key_data)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; + return OQS_SIG_STFL_alg_xmssmt_sigs_total(total, secret_key); } diff --git a/src/sig_stfl/xmss/sig_stfl_xmssmt_sha256_h60_3.c b/src/sig_stfl/xmss/sig_stfl_xmssmt_sha256_h60_3.c index 8823b3ebbe..1d66ba99cc 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmssmt_sha256_h60_3.c +++ b/src/sig_stfl/xmss/sig_stfl_xmssmt_sha256_h60_3.c @@ -43,53 +43,7 @@ OQS_SIG_STFL *OQS_SIG_STFL_alg_xmssmt_sha256_h60_3_new(void) { } OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_XMSSMT_SHA256_H60_3_new(void) { - - // Initialize the secret key in the heap with adequate memory - OQS_SIG_STFL_SECRET_KEY *sk = malloc(sizeof(OQS_SIG_STFL_SECRET_KEY)); - if (sk == NULL) { - return NULL; - } - memset(sk, 0, sizeof(OQS_SIG_STFL_SECRET_KEY)); - - sk->length_secret_key = OQS_SIG_STFL_alg_xmssmt_sha256_h60_3_length_sk; - - // Secret serialize/deserialize function - sk->serialize_key = OQS_SECRET_KEY_XMSS_serialize_key; - sk->deserialize_key = OQS_SECRET_KEY_XMSS_deserialize_key; - - // Initialize the key with length_secret_key amount of bytes. - sk->secret_key_data = (uint8_t *)malloc(sk->length_secret_key * sizeof(uint8_t)); - - if (sk->secret_key_data == NULL) { - OQS_MEM_insecure_free(sk); - return NULL; - } - memset(sk->secret_key_data, 0, sk->length_secret_key); - - // Point to associated OQS_SIG_STFL object - sk->sig = NULL; - - // Mutual exclusion struct - sk->mutex = NULL; - - // Set Secret Key locking function - sk->lock_key = NULL; - - // Set Secret Key unlocking / releasing function - sk->unlock_key = NULL; - - // Set Secret Key saving function - sk->secure_store_scrt_key = NULL; - - // Set Secret Key store callback function - sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; - - // Set Secret Key free function - sk->free_key = OQS_SECRET_KEY_XMSS_free; - - sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; - - return sk; + return OQS_SECRET_KEY_XMSS_new(OQS_SIG_STFL_alg_xmssmt_sha256_h60_3_length_sk); } OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sha256_h60_3_keypair(XMSS_UNUSED_ATT uint8_t *public_key, XMSS_UNUSED_ATT OQS_SIG_STFL_SECRET_KEY *secret_key) { @@ -105,93 +59,18 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sha256_h60_3_keypair(XMSS_UNUSED_ATT return OQS_SUCCESS; } -OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sha256_h60_3_sign(uint8_t *signature, size_t *signature_len, XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, XMSS_UNUSED_ATT OQS_SIG_STFL_SECRET_KEY *secret_key) { - - OQS_STATUS rc_keyupdate, status = OQS_SUCCESS; - const OQS_SIG_STFL_SECRET_KEY *sk; - uint8_t *sk_key_buf_ptr = NULL; - unsigned long long sig_length = 0; - size_t sk_key_buf_len = 0; - - if (signature == NULL || signature_len == NULL || message == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - /* check for secret key update function */ - if (secret_key->secure_store_scrt_key == NULL) { - return OQS_ERROR; - } - - /* Lock secret to ensure OTS use */ - if ((secret_key->lock_key) && (secret_key->mutex)) { - secret_key->lock_key(secret_key->mutex); - } - - if (xmss_sign(secret_key->secret_key_data, signature, &sig_length, message, message_len)) { - status = OQS_ERROR; - goto err; - } - *signature_len = (size_t)sig_length; - - /* - * serialize and securely store the updated private key - * but, delete signature and the serialized key other wise - */ - - sk = secret_key; - rc_keyupdate = OQS_SECRET_KEY_XMSS_serialize_key(sk, &sk_key_buf_len, &sk_key_buf_ptr); - if (rc_keyupdate != OQS_SUCCESS) { - status = OQS_ERROR; - goto err; - } - - rc_keyupdate = secret_key->secure_store_scrt_key(sk_key_buf_ptr, sk_key_buf_len, secret_key->context); - if (rc_keyupdate != OQS_SUCCESS) { - status = OQS_ERROR; - } - - OQS_MEM_secure_free(sk_key_buf_ptr, sk_key_buf_len); -err: - /* Unlock secret to ensure OTS use */ - if ((secret_key->unlock_key) && (secret_key->mutex)) { - secret_key->unlock_key(secret_key->mutex); - } - return status; +OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sha256_h60_3_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, OQS_SIG_STFL_SECRET_KEY *secret_key) { + return OQS_SIG_STFL_alg_xmssmt_sign(signature, signature_len, message, message_len, secret_key); } -OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sha256_h60_3_verify(XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, const uint8_t *signature, size_t signature_len, XMSS_UNUSED_ATT const uint8_t *public_key) { - - if (message == NULL || signature == NULL || public_key == NULL) { - return OQS_ERROR; - } - - if (xmssmt_sign_open(message, (unsigned long long) message_len, signature, (unsigned long long) signature_len, public_key)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; +OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sha256_h60_3_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key) { + return OQS_SIG_STFL_alg_xmssmt_verify(message, message_len, signature, signature_len, public_key); } OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sha256_h60_3_sigs_remaining(unsigned long long *remain, const OQS_SIG_STFL_SECRET_KEY *secret_key) { - if (remain == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - if (xmssmt_remaining_signatures(remain, secret_key->secret_key_data)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; + return OQS_SIG_STFL_alg_xmssmt_sigs_remaining(remain, secret_key); } OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sha256_h60_3_sigs_total(unsigned long long *total, const OQS_SIG_STFL_SECRET_KEY *secret_key) { - if (total == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - if (xmssmt_total_signatures(total, secret_key->secret_key_data)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; + return OQS_SIG_STFL_alg_xmssmt_sigs_total(total, secret_key); } diff --git a/src/sig_stfl/xmss/sig_stfl_xmssmt_sha256_h60_6.c b/src/sig_stfl/xmss/sig_stfl_xmssmt_sha256_h60_6.c index 71ba4fe49e..e445cb05f8 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmssmt_sha256_h60_6.c +++ b/src/sig_stfl/xmss/sig_stfl_xmssmt_sha256_h60_6.c @@ -43,53 +43,7 @@ OQS_SIG_STFL *OQS_SIG_STFL_alg_xmssmt_sha256_h60_6_new(void) { } OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_XMSSMT_SHA256_H60_6_new(void) { - - // Initialize the secret key in the heap with adequate memory - OQS_SIG_STFL_SECRET_KEY *sk = malloc(sizeof(OQS_SIG_STFL_SECRET_KEY)); - if (sk == NULL) { - return NULL; - } - memset(sk, 0, sizeof(OQS_SIG_STFL_SECRET_KEY)); - - sk->length_secret_key = OQS_SIG_STFL_alg_xmssmt_sha256_h60_6_length_sk; - - // Secret serialize/deserialize function - sk->serialize_key = OQS_SECRET_KEY_XMSS_serialize_key; - sk->deserialize_key = OQS_SECRET_KEY_XMSS_deserialize_key; - - // Initialize the key with length_secret_key amount of bytes. - sk->secret_key_data = (uint8_t *)malloc(sk->length_secret_key * sizeof(uint8_t)); - - if (sk->secret_key_data == NULL) { - OQS_MEM_insecure_free(sk); - return NULL; - } - memset(sk->secret_key_data, 0, sk->length_secret_key); - - // Point to associated OQS_SIG_STFL object - sk->sig = NULL; - - // Mutual exclusion struct - sk->mutex = NULL; - - // Set Secret Key locking function - sk->lock_key = NULL; - - // Set Secret Key unlocking / releasing function - sk->unlock_key = NULL; - - // Set Secret Key saving function - sk->secure_store_scrt_key = NULL; - - // Set Secret Key store callback function - sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; - - // Set Secret Key free function - sk->free_key = OQS_SECRET_KEY_XMSS_free; - - sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; - - return sk; + return OQS_SECRET_KEY_XMSS_new(OQS_SIG_STFL_alg_xmssmt_sha256_h60_6_length_sk); } OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sha256_h60_6_keypair(XMSS_UNUSED_ATT uint8_t *public_key, XMSS_UNUSED_ATT OQS_SIG_STFL_SECRET_KEY *secret_key) { @@ -105,93 +59,18 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sha256_h60_6_keypair(XMSS_UNUSED_ATT return OQS_SUCCESS; } -OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sha256_h60_6_sign(uint8_t *signature, size_t *signature_len, XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, XMSS_UNUSED_ATT OQS_SIG_STFL_SECRET_KEY *secret_key) { - - OQS_STATUS rc_keyupdate, status = OQS_SUCCESS; - const OQS_SIG_STFL_SECRET_KEY *sk; - uint8_t *sk_key_buf_ptr = NULL; - unsigned long long sig_length = 0; - size_t sk_key_buf_len = 0; - - if (signature == NULL || signature_len == NULL || message == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - /* check for secret key update function */ - if (secret_key->secure_store_scrt_key == NULL) { - return OQS_ERROR; - } - - /* Lock secret to ensure OTS use */ - if ((secret_key->lock_key) && (secret_key->mutex)) { - secret_key->lock_key(secret_key->mutex); - } - - if (xmss_sign(secret_key->secret_key_data, signature, &sig_length, message, message_len)) { - status = OQS_ERROR; - goto err; - } - *signature_len = (size_t)sig_length; - - /* - * serialize and securely store the updated private key - * but, delete signature and the serialized key other wise - */ - - sk = secret_key; - rc_keyupdate = OQS_SECRET_KEY_XMSS_serialize_key(sk, &sk_key_buf_len, &sk_key_buf_ptr); - if (rc_keyupdate != OQS_SUCCESS) { - status = OQS_ERROR; - goto err; - } - - rc_keyupdate = secret_key->secure_store_scrt_key(sk_key_buf_ptr, sk_key_buf_len, secret_key->context); - if (rc_keyupdate != OQS_SUCCESS) { - status = OQS_ERROR; - } - - OQS_MEM_secure_free(sk_key_buf_ptr, sk_key_buf_len); -err: - /* Unlock secret to ensure OTS use */ - if ((secret_key->unlock_key) && (secret_key->mutex)) { - secret_key->unlock_key(secret_key->mutex); - } - return status; +OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sha256_h60_6_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, OQS_SIG_STFL_SECRET_KEY *secret_key) { + return OQS_SIG_STFL_alg_xmssmt_sign(signature, signature_len, message, message_len, secret_key); } -OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sha256_h60_6_verify(XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, const uint8_t *signature, size_t signature_len, XMSS_UNUSED_ATT const uint8_t *public_key) { - - if (message == NULL || signature == NULL || public_key == NULL) { - return OQS_ERROR; - } - - if (xmssmt_sign_open(message, (unsigned long long) message_len, signature, (unsigned long long) signature_len, public_key)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; +OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sha256_h60_6_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key) { + return OQS_SIG_STFL_alg_xmssmt_verify(message, message_len, signature, signature_len, public_key); } OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sha256_h60_6_sigs_remaining(unsigned long long *remain, const OQS_SIG_STFL_SECRET_KEY *secret_key) { - if (remain == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - if (xmssmt_remaining_signatures(remain, secret_key->secret_key_data)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; + return OQS_SIG_STFL_alg_xmssmt_sigs_remaining(remain, secret_key); } OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sha256_h60_6_sigs_total(unsigned long long *total, const OQS_SIG_STFL_SECRET_KEY *secret_key) { - if (total == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - if (xmssmt_total_signatures(total, secret_key->secret_key_data)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; + return OQS_SIG_STFL_alg_xmssmt_sigs_total(total, secret_key); } diff --git a/src/sig_stfl/xmss/sig_stfl_xmssmt_shake128_h20_2.c b/src/sig_stfl/xmss/sig_stfl_xmssmt_shake128_h20_2.c index edf421dd9a..13e9ae5d8e 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmssmt_shake128_h20_2.c +++ b/src/sig_stfl/xmss/sig_stfl_xmssmt_shake128_h20_2.c @@ -43,53 +43,7 @@ OQS_SIG_STFL *OQS_SIG_STFL_alg_xmssmt_shake128_h20_2_new(void) { } OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_XMSSMT_SHAKE128_H20_2_new(void) { - - // Initialize the secret key in the heap with adequate memory - OQS_SIG_STFL_SECRET_KEY *sk = malloc(sizeof(OQS_SIG_STFL_SECRET_KEY)); - if (sk == NULL) { - return NULL; - } - memset(sk, 0, sizeof(OQS_SIG_STFL_SECRET_KEY)); - - sk->length_secret_key = OQS_SIG_STFL_alg_xmssmt_shake128_h20_2_length_sk; - - // Secret serialize/deserialize function - sk->serialize_key = OQS_SECRET_KEY_XMSS_serialize_key; - sk->deserialize_key = OQS_SECRET_KEY_XMSS_deserialize_key; - - // Initialize the key with length_secret_key amount of bytes. - sk->secret_key_data = (uint8_t *)malloc(sk->length_secret_key * sizeof(uint8_t)); - - if (sk->secret_key_data == NULL) { - OQS_MEM_insecure_free(sk); - return NULL; - } - memset(sk->secret_key_data, 0, sk->length_secret_key); - - // Point to associated OQS_SIG_STFL object - sk->sig = NULL; - - // Mutual exclusion struct - sk->mutex = NULL; - - // Set Secret Key locking function - sk->lock_key = NULL; - - // Set Secret Key unlocking / releasing function - sk->unlock_key = NULL; - - // Set Secret Key saving function - sk->secure_store_scrt_key = NULL; - - // Set Secret Key store callback function - sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; - - // Set Secret Key free function - sk->free_key = OQS_SECRET_KEY_XMSS_free; - - sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; - - return sk; + return OQS_SECRET_KEY_XMSS_new(OQS_SIG_STFL_alg_xmssmt_shake128_h20_2_length_sk); } OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_shake128_h20_2_keypair(XMSS_UNUSED_ATT uint8_t *public_key, XMSS_UNUSED_ATT OQS_SIG_STFL_SECRET_KEY *secret_key) { @@ -105,93 +59,18 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_shake128_h20_2_keypair(XMSS_UNUSED_AT return OQS_SUCCESS; } -OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_shake128_h20_2_sign(uint8_t *signature, size_t *signature_len, XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, XMSS_UNUSED_ATT OQS_SIG_STFL_SECRET_KEY *secret_key) { - - OQS_STATUS rc_keyupdate, status = OQS_SUCCESS; - const OQS_SIG_STFL_SECRET_KEY *sk; - uint8_t *sk_key_buf_ptr = NULL; - unsigned long long sig_length = 0; - size_t sk_key_buf_len = 0; - - if (signature == NULL || signature_len == NULL || message == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - /* check for secret key update function */ - if (secret_key->secure_store_scrt_key == NULL) { - return OQS_ERROR; - } - - /* Lock secret to ensure OTS use */ - if ((secret_key->lock_key) && (secret_key->mutex)) { - secret_key->lock_key(secret_key->mutex); - } - - if (xmss_sign(secret_key->secret_key_data, signature, &sig_length, message, message_len)) { - status = OQS_ERROR; - goto err; - } - *signature_len = (size_t)sig_length; - - /* - * serialize and securely store the updated private key - * but, delete signature and the serialized key other wise - */ - - sk = secret_key; - rc_keyupdate = OQS_SECRET_KEY_XMSS_serialize_key(sk, &sk_key_buf_len, &sk_key_buf_ptr); - if (rc_keyupdate != OQS_SUCCESS) { - status = OQS_ERROR; - goto err; - } - - rc_keyupdate = secret_key->secure_store_scrt_key(sk_key_buf_ptr, sk_key_buf_len, secret_key->context); - if (rc_keyupdate != OQS_SUCCESS) { - status = OQS_ERROR; - } - - OQS_MEM_secure_free(sk_key_buf_ptr, sk_key_buf_len); -err: - /* Unlock secret to ensure OTS use */ - if ((secret_key->unlock_key) && (secret_key->mutex)) { - secret_key->unlock_key(secret_key->mutex); - } - return status; +OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_shake128_h20_2_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, OQS_SIG_STFL_SECRET_KEY *secret_key) { + return OQS_SIG_STFL_alg_xmssmt_sign(signature, signature_len, message, message_len, secret_key); } -OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_shake128_h20_2_verify(XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, const uint8_t *signature, size_t signature_len, XMSS_UNUSED_ATT const uint8_t *public_key) { - - if (message == NULL || signature == NULL || public_key == NULL) { - return OQS_ERROR; - } - - if (xmssmt_sign_open(message, (unsigned long long) message_len, signature, (unsigned long long) signature_len, public_key)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; +OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_shake128_h20_2_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key) { + return OQS_SIG_STFL_alg_xmssmt_verify(message, message_len, signature, signature_len, public_key); } OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_shake128_h20_2_sigs_remaining(unsigned long long *remain, const OQS_SIG_STFL_SECRET_KEY *secret_key) { - if (remain == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - if (xmssmt_remaining_signatures(remain, secret_key->secret_key_data)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; + return OQS_SIG_STFL_alg_xmssmt_sigs_remaining(remain, secret_key); } OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_shake128_h20_2_sigs_total(unsigned long long *total, const OQS_SIG_STFL_SECRET_KEY *secret_key) { - if (total == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - if (xmssmt_total_signatures(total, secret_key->secret_key_data)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; + return OQS_SIG_STFL_alg_xmssmt_sigs_total(total, secret_key); } diff --git a/src/sig_stfl/xmss/sig_stfl_xmssmt_shake128_h20_4.c b/src/sig_stfl/xmss/sig_stfl_xmssmt_shake128_h20_4.c index aedfc7d8a6..1e1ac0915d 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmssmt_shake128_h20_4.c +++ b/src/sig_stfl/xmss/sig_stfl_xmssmt_shake128_h20_4.c @@ -43,53 +43,7 @@ OQS_SIG_STFL *OQS_SIG_STFL_alg_xmssmt_shake128_h20_4_new(void) { } OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_XMSSMT_SHAKE128_H20_4_new(void) { - - // Initialize the secret key in the heap with adequate memory - OQS_SIG_STFL_SECRET_KEY *sk = malloc(sizeof(OQS_SIG_STFL_SECRET_KEY)); - if (sk == NULL) { - return NULL; - } - memset(sk, 0, sizeof(OQS_SIG_STFL_SECRET_KEY)); - - sk->length_secret_key = OQS_SIG_STFL_alg_xmssmt_shake128_h20_4_length_sk; - - // Secret serialize/deserialize function - sk->serialize_key = OQS_SECRET_KEY_XMSS_serialize_key; - sk->deserialize_key = OQS_SECRET_KEY_XMSS_deserialize_key; - - // Initialize the key with length_secret_key amount of bytes. - sk->secret_key_data = (uint8_t *)malloc(sk->length_secret_key * sizeof(uint8_t)); - - if (sk->secret_key_data == NULL) { - OQS_MEM_insecure_free(sk); - return NULL; - } - memset(sk->secret_key_data, 0, sk->length_secret_key); - - // Point to associated OQS_SIG_STFL object - sk->sig = NULL; - - // Mutual exclusion struct - sk->mutex = NULL; - - // Set Secret Key locking function - sk->lock_key = NULL; - - // Set Secret Key unlocking / releasing function - sk->unlock_key = NULL; - - // Set Secret Key saving function - sk->secure_store_scrt_key = NULL; - - // Set Secret Key store callback function - sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; - - // Set Secret Key free function - sk->free_key = OQS_SECRET_KEY_XMSS_free; - - sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; - - return sk; + return OQS_SECRET_KEY_XMSS_new(OQS_SIG_STFL_alg_xmssmt_shake128_h20_4_length_sk); } OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_shake128_h20_4_keypair(XMSS_UNUSED_ATT uint8_t *public_key, XMSS_UNUSED_ATT OQS_SIG_STFL_SECRET_KEY *secret_key) { @@ -105,93 +59,18 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_shake128_h20_4_keypair(XMSS_UNUSED_AT return OQS_SUCCESS; } -OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_shake128_h20_4_sign(uint8_t *signature, size_t *signature_len, XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, XMSS_UNUSED_ATT OQS_SIG_STFL_SECRET_KEY *secret_key) { - - OQS_STATUS rc_keyupdate, status = OQS_SUCCESS; - const OQS_SIG_STFL_SECRET_KEY *sk; - uint8_t *sk_key_buf_ptr = NULL; - unsigned long long sig_length = 0; - size_t sk_key_buf_len = 0; - - if (signature == NULL || signature_len == NULL || message == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - /* check for secret key update function */ - if (secret_key->secure_store_scrt_key == NULL) { - return OQS_ERROR; - } - - /* Lock secret to ensure OTS use */ - if ((secret_key->lock_key) && (secret_key->mutex)) { - secret_key->lock_key(secret_key->mutex); - } - - if (xmss_sign(secret_key->secret_key_data, signature, &sig_length, message, message_len)) { - status = OQS_ERROR; - goto err; - } - *signature_len = (size_t)sig_length; - - /* - * serialize and securely store the updated private key - * but, delete signature and the serialized key other wise - */ - - sk = secret_key; - rc_keyupdate = OQS_SECRET_KEY_XMSS_serialize_key(sk, &sk_key_buf_len, &sk_key_buf_ptr); - if (rc_keyupdate != OQS_SUCCESS) { - status = OQS_ERROR; - goto err; - } - - rc_keyupdate = secret_key->secure_store_scrt_key(sk_key_buf_ptr, sk_key_buf_len, secret_key->context); - if (rc_keyupdate != OQS_SUCCESS) { - status = OQS_ERROR; - } - - OQS_MEM_secure_free(sk_key_buf_ptr, sk_key_buf_len); -err: - /* Unlock secret to ensure OTS use */ - if ((secret_key->unlock_key) && (secret_key->mutex)) { - secret_key->unlock_key(secret_key->mutex); - } - return status; +OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_shake128_h20_4_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, OQS_SIG_STFL_SECRET_KEY *secret_key) { + return OQS_SIG_STFL_alg_xmssmt_sign(signature, signature_len, message, message_len, secret_key); } -OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_shake128_h20_4_verify(XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, const uint8_t *signature, size_t signature_len, XMSS_UNUSED_ATT const uint8_t *public_key) { - - if (message == NULL || signature == NULL || public_key == NULL) { - return OQS_ERROR; - } - - if (xmssmt_sign_open(message, (unsigned long long) message_len, signature, (unsigned long long) signature_len, public_key)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; +OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_shake128_h20_4_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key) { + return OQS_SIG_STFL_alg_xmssmt_verify(message, message_len, signature, signature_len, public_key); } OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_shake128_h20_4_sigs_remaining(unsigned long long *remain, const OQS_SIG_STFL_SECRET_KEY *secret_key) { - if (remain == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - if (xmssmt_remaining_signatures(remain, secret_key->secret_key_data)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; + return OQS_SIG_STFL_alg_xmssmt_sigs_remaining(remain, secret_key); } OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_shake128_h20_4_sigs_total(unsigned long long *total, const OQS_SIG_STFL_SECRET_KEY *secret_key) { - if (total == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - if (xmssmt_total_signatures(total, secret_key->secret_key_data)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; + return OQS_SIG_STFL_alg_xmssmt_sigs_total(total, secret_key); } diff --git a/src/sig_stfl/xmss/sig_stfl_xmssmt_shake128_h40_2.c b/src/sig_stfl/xmss/sig_stfl_xmssmt_shake128_h40_2.c index b0b90b185e..3bc608f484 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmssmt_shake128_h40_2.c +++ b/src/sig_stfl/xmss/sig_stfl_xmssmt_shake128_h40_2.c @@ -43,53 +43,7 @@ OQS_SIG_STFL *OQS_SIG_STFL_alg_xmssmt_shake128_h40_2_new(void) { } OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_XMSSMT_SHAKE128_H40_2_new(void) { - - // Initialize the secret key in the heap with adequate memory - OQS_SIG_STFL_SECRET_KEY *sk = malloc(sizeof(OQS_SIG_STFL_SECRET_KEY)); - if (sk == NULL) { - return NULL; - } - memset(sk, 0, sizeof(OQS_SIG_STFL_SECRET_KEY)); - - sk->length_secret_key = OQS_SIG_STFL_alg_xmssmt_shake128_h40_2_length_sk; - - // Secret serialize/deserialize function - sk->serialize_key = OQS_SECRET_KEY_XMSS_serialize_key; - sk->deserialize_key = OQS_SECRET_KEY_XMSS_deserialize_key; - - // Initialize the key with length_secret_key amount of bytes. - sk->secret_key_data = (uint8_t *)malloc(sk->length_secret_key * sizeof(uint8_t)); - - if (sk->secret_key_data == NULL) { - OQS_MEM_insecure_free(sk); - return NULL; - } - memset(sk->secret_key_data, 0, sk->length_secret_key); - - // Point to associated OQS_SIG_STFL object - sk->sig = NULL; - - // Mutual exclusion struct - sk->mutex = NULL; - - // Set Secret Key locking function - sk->lock_key = NULL; - - // Set Secret Key unlocking / releasing function - sk->unlock_key = NULL; - - // Set Secret Key saving function - sk->secure_store_scrt_key = NULL; - - // Set Secret Key store callback function - sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; - - // Set Secret Key free function - sk->free_key = OQS_SECRET_KEY_XMSS_free; - - sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; - - return sk; + return OQS_SECRET_KEY_XMSS_new(OQS_SIG_STFL_alg_xmssmt_shake128_h40_2_length_sk); } OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_shake128_h40_2_keypair(XMSS_UNUSED_ATT uint8_t *public_key, XMSS_UNUSED_ATT OQS_SIG_STFL_SECRET_KEY *secret_key) { @@ -105,93 +59,18 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_shake128_h40_2_keypair(XMSS_UNUSED_AT return OQS_SUCCESS; } -OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_shake128_h40_2_sign(uint8_t *signature, size_t *signature_len, XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, XMSS_UNUSED_ATT OQS_SIG_STFL_SECRET_KEY *secret_key) { - - OQS_STATUS rc_keyupdate, status = OQS_SUCCESS; - const OQS_SIG_STFL_SECRET_KEY *sk; - uint8_t *sk_key_buf_ptr = NULL; - unsigned long long sig_length = 0; - size_t sk_key_buf_len = 0; - - if (signature == NULL || signature_len == NULL || message == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - /* check for secret key update function */ - if (secret_key->secure_store_scrt_key == NULL) { - return OQS_ERROR; - } - - /* Lock secret to ensure OTS use */ - if ((secret_key->lock_key) && (secret_key->mutex)) { - secret_key->lock_key(secret_key->mutex); - } - - if (xmss_sign(secret_key->secret_key_data, signature, &sig_length, message, message_len)) { - status = OQS_ERROR; - goto err; - } - *signature_len = (size_t)sig_length; - - /* - * serialize and securely store the updated private key - * but, delete signature and the serialized key other wise - */ - - sk = secret_key; - rc_keyupdate = OQS_SECRET_KEY_XMSS_serialize_key(sk, &sk_key_buf_len, &sk_key_buf_ptr); - if (rc_keyupdate != OQS_SUCCESS) { - status = OQS_ERROR; - goto err; - } - - rc_keyupdate = secret_key->secure_store_scrt_key(sk_key_buf_ptr, sk_key_buf_len, secret_key->context); - if (rc_keyupdate != OQS_SUCCESS) { - status = OQS_ERROR; - } - - OQS_MEM_secure_free(sk_key_buf_ptr, sk_key_buf_len); -err: - /* Unlock secret to ensure OTS use */ - if ((secret_key->unlock_key) && (secret_key->mutex)) { - secret_key->unlock_key(secret_key->mutex); - } - return status; +OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_shake128_h40_2_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, OQS_SIG_STFL_SECRET_KEY *secret_key) { + return OQS_SIG_STFL_alg_xmssmt_sign(signature, signature_len, message, message_len, secret_key); } -OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_shake128_h40_2_verify(XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, const uint8_t *signature, size_t signature_len, XMSS_UNUSED_ATT const uint8_t *public_key) { - - if (message == NULL || signature == NULL || public_key == NULL) { - return OQS_ERROR; - } - - if (xmssmt_sign_open(message, (unsigned long long) message_len, signature, (unsigned long long) signature_len, public_key)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; +OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_shake128_h40_2_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key) { + return OQS_SIG_STFL_alg_xmssmt_verify(message, message_len, signature, signature_len, public_key); } OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_shake128_h40_2_sigs_remaining(unsigned long long *remain, const OQS_SIG_STFL_SECRET_KEY *secret_key) { - if (remain == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - if (xmssmt_remaining_signatures(remain, secret_key->secret_key_data)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; + return OQS_SIG_STFL_alg_xmssmt_sigs_remaining(remain, secret_key); } OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_shake128_h40_2_sigs_total(unsigned long long *total, const OQS_SIG_STFL_SECRET_KEY *secret_key) { - if (total == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - if (xmssmt_total_signatures(total, secret_key->secret_key_data)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; + return OQS_SIG_STFL_alg_xmssmt_sigs_total(total, secret_key); } diff --git a/src/sig_stfl/xmss/sig_stfl_xmssmt_shake128_h40_4.c b/src/sig_stfl/xmss/sig_stfl_xmssmt_shake128_h40_4.c index 8c47abe815..0bee9336da 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmssmt_shake128_h40_4.c +++ b/src/sig_stfl/xmss/sig_stfl_xmssmt_shake128_h40_4.c @@ -43,53 +43,7 @@ OQS_SIG_STFL *OQS_SIG_STFL_alg_xmssmt_shake128_h40_4_new(void) { } OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_XMSSMT_SHAKE128_H40_4_new(void) { - - // Initialize the secret key in the heap with adequate memory - OQS_SIG_STFL_SECRET_KEY *sk = malloc(sizeof(OQS_SIG_STFL_SECRET_KEY)); - if (sk == NULL) { - return NULL; - } - memset(sk, 0, sizeof(OQS_SIG_STFL_SECRET_KEY)); - - sk->length_secret_key = OQS_SIG_STFL_alg_xmssmt_shake128_h40_4_length_sk; - - // Secret serialize/deserialize function - sk->serialize_key = OQS_SECRET_KEY_XMSS_serialize_key; - sk->deserialize_key = OQS_SECRET_KEY_XMSS_deserialize_key; - - // Initialize the key with length_secret_key amount of bytes. - sk->secret_key_data = (uint8_t *)malloc(sk->length_secret_key * sizeof(uint8_t)); - - if (sk->secret_key_data == NULL) { - OQS_MEM_insecure_free(sk); - return NULL; - } - memset(sk->secret_key_data, 0, sk->length_secret_key); - - // Point to associated OQS_SIG_STFL object - sk->sig = NULL; - - // Mutual exclusion struct - sk->mutex = NULL; - - // Set Secret Key locking function - sk->lock_key = NULL; - - // Set Secret Key unlocking / releasing function - sk->unlock_key = NULL; - - // Set Secret Key saving function - sk->secure_store_scrt_key = NULL; - - // Set Secret Key store callback function - sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; - - // Set Secret Key free function - sk->free_key = OQS_SECRET_KEY_XMSS_free; - - sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; - - return sk; + return OQS_SECRET_KEY_XMSS_new(OQS_SIG_STFL_alg_xmssmt_shake128_h40_4_length_sk); } OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_shake128_h40_4_keypair(XMSS_UNUSED_ATT uint8_t *public_key, XMSS_UNUSED_ATT OQS_SIG_STFL_SECRET_KEY *secret_key) { @@ -105,93 +59,18 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_shake128_h40_4_keypair(XMSS_UNUSED_AT return OQS_SUCCESS; } -OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_shake128_h40_4_sign(uint8_t *signature, size_t *signature_len, XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, XMSS_UNUSED_ATT OQS_SIG_STFL_SECRET_KEY *secret_key) { - - OQS_STATUS rc_keyupdate, status = OQS_SUCCESS; - const OQS_SIG_STFL_SECRET_KEY *sk; - uint8_t *sk_key_buf_ptr = NULL; - unsigned long long sig_length = 0; - size_t sk_key_buf_len = 0; - - if (signature == NULL || signature_len == NULL || message == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - /* check for secret key update function */ - if (secret_key->secure_store_scrt_key == NULL) { - return OQS_ERROR; - } - - /* Lock secret to ensure OTS use */ - if ((secret_key->lock_key) && (secret_key->mutex)) { - secret_key->lock_key(secret_key->mutex); - } - - if (xmss_sign(secret_key->secret_key_data, signature, &sig_length, message, message_len)) { - status = OQS_ERROR; - goto err; - } - *signature_len = (size_t)sig_length; - - /* - * serialize and securely store the updated private key - * but, delete signature and the serialized key other wise - */ - - sk = secret_key; - rc_keyupdate = OQS_SECRET_KEY_XMSS_serialize_key(sk, &sk_key_buf_len, &sk_key_buf_ptr); - if (rc_keyupdate != OQS_SUCCESS) { - status = OQS_ERROR; - goto err; - } - - rc_keyupdate = secret_key->secure_store_scrt_key(sk_key_buf_ptr, sk_key_buf_len, secret_key->context); - if (rc_keyupdate != OQS_SUCCESS) { - status = OQS_ERROR; - } - - OQS_MEM_secure_free(sk_key_buf_ptr, sk_key_buf_len); -err: - /* Unlock secret to ensure OTS use */ - if ((secret_key->unlock_key) && (secret_key->mutex)) { - secret_key->unlock_key(secret_key->mutex); - } - return status; +OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_shake128_h40_4_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, OQS_SIG_STFL_SECRET_KEY *secret_key) { + return OQS_SIG_STFL_alg_xmssmt_sign(signature, signature_len, message, message_len, secret_key); } -OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_shake128_h40_4_verify(XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, const uint8_t *signature, size_t signature_len, XMSS_UNUSED_ATT const uint8_t *public_key) { - - if (message == NULL || signature == NULL || public_key == NULL) { - return OQS_ERROR; - } - - if (xmssmt_sign_open(message, (unsigned long long) message_len, signature, (unsigned long long) signature_len, public_key)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; +OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_shake128_h40_4_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key) { + return OQS_SIG_STFL_alg_xmssmt_verify(message, message_len, signature, signature_len, public_key); } OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_shake128_h40_4_sigs_remaining(unsigned long long *remain, const OQS_SIG_STFL_SECRET_KEY *secret_key) { - if (remain == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - if (xmssmt_remaining_signatures(remain, secret_key->secret_key_data)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; + return OQS_SIG_STFL_alg_xmssmt_sigs_remaining(remain, secret_key); } OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_shake128_h40_4_sigs_total(unsigned long long *total, const OQS_SIG_STFL_SECRET_KEY *secret_key) { - if (total == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - if (xmssmt_total_signatures(total, secret_key->secret_key_data)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; + return OQS_SIG_STFL_alg_xmssmt_sigs_total(total, secret_key); } diff --git a/src/sig_stfl/xmss/sig_stfl_xmssmt_shake128_h40_8.c b/src/sig_stfl/xmss/sig_stfl_xmssmt_shake128_h40_8.c index 652014854e..994393935f 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmssmt_shake128_h40_8.c +++ b/src/sig_stfl/xmss/sig_stfl_xmssmt_shake128_h40_8.c @@ -43,53 +43,7 @@ OQS_SIG_STFL *OQS_SIG_STFL_alg_xmssmt_shake128_h40_8_new(void) { } OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_XMSSMT_SHAKE128_H40_8_new(void) { - - // Initialize the secret key in the heap with adequate memory - OQS_SIG_STFL_SECRET_KEY *sk = malloc(sizeof(OQS_SIG_STFL_SECRET_KEY)); - if (sk == NULL) { - return NULL; - } - memset(sk, 0, sizeof(OQS_SIG_STFL_SECRET_KEY)); - - sk->length_secret_key = OQS_SIG_STFL_alg_xmssmt_shake128_h40_8_length_sk; - - // Secret serialize/deserialize function - sk->serialize_key = OQS_SECRET_KEY_XMSS_serialize_key; - sk->deserialize_key = OQS_SECRET_KEY_XMSS_deserialize_key; - - // Initialize the key with length_secret_key amount of bytes. - sk->secret_key_data = (uint8_t *)malloc(sk->length_secret_key * sizeof(uint8_t)); - - if (sk->secret_key_data == NULL) { - OQS_MEM_insecure_free(sk); - return NULL; - } - memset(sk->secret_key_data, 0, sk->length_secret_key); - - // Point to associated OQS_SIG_STFL object - sk->sig = NULL; - - // Mutual exclusion struct - sk->mutex = NULL; - - // Set Secret Key locking function - sk->lock_key = NULL; - - // Set Secret Key unlocking / releasing function - sk->unlock_key = NULL; - - // Set Secret Key saving function - sk->secure_store_scrt_key = NULL; - - // Set Secret Key store callback function - sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; - - // Set Secret Key free function - sk->free_key = OQS_SECRET_KEY_XMSS_free; - - sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; - - return sk; + return OQS_SECRET_KEY_XMSS_new(OQS_SIG_STFL_alg_xmssmt_shake128_h40_8_length_sk); } OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_shake128_h40_8_keypair(XMSS_UNUSED_ATT uint8_t *public_key, XMSS_UNUSED_ATT OQS_SIG_STFL_SECRET_KEY *secret_key) { @@ -105,93 +59,18 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_shake128_h40_8_keypair(XMSS_UNUSED_AT return OQS_SUCCESS; } -OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_shake128_h40_8_sign(uint8_t *signature, size_t *signature_len, XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, XMSS_UNUSED_ATT OQS_SIG_STFL_SECRET_KEY *secret_key) { - - OQS_STATUS rc_keyupdate, status = OQS_SUCCESS; - const OQS_SIG_STFL_SECRET_KEY *sk; - uint8_t *sk_key_buf_ptr = NULL; - unsigned long long sig_length = 0; - size_t sk_key_buf_len = 0; - - if (signature == NULL || signature_len == NULL || message == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - /* check for secret key update function */ - if (secret_key->secure_store_scrt_key == NULL) { - return OQS_ERROR; - } - - /* Lock secret to ensure OTS use */ - if ((secret_key->lock_key) && (secret_key->mutex)) { - secret_key->lock_key(secret_key->mutex); - } - - if (xmss_sign(secret_key->secret_key_data, signature, &sig_length, message, message_len)) { - status = OQS_ERROR; - goto err; - } - *signature_len = (size_t)sig_length; - - /* - * serialize and securely store the updated private key - * but, delete signature and the serialized key other wise - */ - - sk = secret_key; - rc_keyupdate = OQS_SECRET_KEY_XMSS_serialize_key(sk, &sk_key_buf_len, &sk_key_buf_ptr); - if (rc_keyupdate != OQS_SUCCESS) { - status = OQS_ERROR; - goto err; - } - - rc_keyupdate = secret_key->secure_store_scrt_key(sk_key_buf_ptr, sk_key_buf_len, secret_key->context); - if (rc_keyupdate != OQS_SUCCESS) { - status = OQS_ERROR; - } - - OQS_MEM_secure_free(sk_key_buf_ptr, sk_key_buf_len); -err: - /* Unlock secret to ensure OTS use */ - if ((secret_key->unlock_key) && (secret_key->mutex)) { - secret_key->unlock_key(secret_key->mutex); - } - return status; +OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_shake128_h40_8_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, OQS_SIG_STFL_SECRET_KEY *secret_key) { + return OQS_SIG_STFL_alg_xmssmt_sign(signature, signature_len, message, message_len, secret_key); } -OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_shake128_h40_8_verify(XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, const uint8_t *signature, size_t signature_len, XMSS_UNUSED_ATT const uint8_t *public_key) { - - if (message == NULL || signature == NULL || public_key == NULL) { - return OQS_ERROR; - } - - if (xmssmt_sign_open(message, (unsigned long long) message_len, signature, (unsigned long long) signature_len, public_key)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; +OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_shake128_h40_8_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key) { + return OQS_SIG_STFL_alg_xmssmt_verify(message, message_len, signature, signature_len, public_key); } OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_shake128_h40_8_sigs_remaining(unsigned long long *remain, const OQS_SIG_STFL_SECRET_KEY *secret_key) { - if (remain == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - if (xmssmt_remaining_signatures(remain, secret_key->secret_key_data)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; + return OQS_SIG_STFL_alg_xmssmt_sigs_remaining(remain, secret_key); } OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_shake128_h40_8_sigs_total(unsigned long long *total, const OQS_SIG_STFL_SECRET_KEY *secret_key) { - if (total == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - if (xmssmt_total_signatures(total, secret_key->secret_key_data)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; + return OQS_SIG_STFL_alg_xmssmt_sigs_total(total, secret_key); } diff --git a/src/sig_stfl/xmss/sig_stfl_xmssmt_shake128_h60_12.c b/src/sig_stfl/xmss/sig_stfl_xmssmt_shake128_h60_12.c index 899c793ce3..c60eecd101 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmssmt_shake128_h60_12.c +++ b/src/sig_stfl/xmss/sig_stfl_xmssmt_shake128_h60_12.c @@ -43,53 +43,7 @@ OQS_SIG_STFL *OQS_SIG_STFL_alg_xmssmt_shake128_h60_12_new(void) { } OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_XMSSMT_SHAKE128_H60_12_new(void) { - - // Initialize the secret key in the heap with adequate memory - OQS_SIG_STFL_SECRET_KEY *sk = malloc(sizeof(OQS_SIG_STFL_SECRET_KEY)); - if (sk == NULL) { - return NULL; - } - memset(sk, 0, sizeof(OQS_SIG_STFL_SECRET_KEY)); - - sk->length_secret_key = OQS_SIG_STFL_alg_xmssmt_shake128_h60_12_length_sk; - - // Secret serialize/deserialize function - sk->serialize_key = OQS_SECRET_KEY_XMSS_serialize_key; - sk->deserialize_key = OQS_SECRET_KEY_XMSS_deserialize_key; - - // Initialize the key with length_secret_key amount of bytes. - sk->secret_key_data = (uint8_t *)malloc(sk->length_secret_key * sizeof(uint8_t)); - - if (sk->secret_key_data == NULL) { - OQS_MEM_insecure_free(sk); - return NULL; - } - memset(sk->secret_key_data, 0, sk->length_secret_key); - - // Point to associated OQS_SIG_STFL object - sk->sig = NULL; - - // Mutual exclusion struct - sk->mutex = NULL; - - // Set Secret Key locking function - sk->lock_key = NULL; - - // Set Secret Key unlocking / releasing function - sk->unlock_key = NULL; - - // Set Secret Key saving function - sk->secure_store_scrt_key = NULL; - - // Set Secret Key store callback function - sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; - - // Set Secret Key free function - sk->free_key = OQS_SECRET_KEY_XMSS_free; - - sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; - - return sk; + return OQS_SECRET_KEY_XMSS_new(OQS_SIG_STFL_alg_xmssmt_shake128_h60_12_length_sk); } OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_shake128_h60_12_keypair(XMSS_UNUSED_ATT uint8_t *public_key, XMSS_UNUSED_ATT OQS_SIG_STFL_SECRET_KEY *secret_key) { @@ -105,93 +59,19 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_shake128_h60_12_keypair(XMSS_UNUSED_A return OQS_SUCCESS; } -OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_shake128_h60_12_sign(uint8_t *signature, size_t *signature_len, XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, XMSS_UNUSED_ATT OQS_SIG_STFL_SECRET_KEY *secret_key) { - - OQS_STATUS rc_keyupdate, status = OQS_SUCCESS; - const OQS_SIG_STFL_SECRET_KEY *sk; - uint8_t *sk_key_buf_ptr = NULL; - unsigned long long sig_length = 0; - size_t sk_key_buf_len = 0; - - if (signature == NULL || signature_len == NULL || message == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - /* check for secret key update function */ - if (secret_key->secure_store_scrt_key == NULL) { - return OQS_ERROR; - } - - /* Lock secret to ensure OTS use */ - if ((secret_key->lock_key) && (secret_key->mutex)) { - secret_key->lock_key(secret_key->mutex); - } - - if (xmss_sign(secret_key->secret_key_data, signature, &sig_length, message, message_len)) { - status = OQS_ERROR; - goto err; - } - *signature_len = (size_t)sig_length; - - /* - * serialize and securely store the updated private key - * but, delete signature and the serialized key other wise - */ - - sk = secret_key; - rc_keyupdate = OQS_SECRET_KEY_XMSS_serialize_key(sk, &sk_key_buf_len, &sk_key_buf_ptr); - if (rc_keyupdate != OQS_SUCCESS) { - status = OQS_ERROR; - goto err; - } - - rc_keyupdate = secret_key->secure_store_scrt_key(sk_key_buf_ptr, sk_key_buf_len, secret_key->context); - if (rc_keyupdate != OQS_SUCCESS) { - status = OQS_ERROR; - } - - OQS_MEM_secure_free(sk_key_buf_ptr, sk_key_buf_len); -err: - /* Unlock secret to ensure OTS use */ - if ((secret_key->unlock_key) && (secret_key->mutex)) { - secret_key->unlock_key(secret_key->mutex); - } - return status; +OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_shake128_h60_12_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, OQS_SIG_STFL_SECRET_KEY *secret_key) { + return OQS_SIG_STFL_alg_xmssmt_sign(signature, signature_len, message, message_len, secret_key); } -OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_shake128_h60_12_verify(XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, const uint8_t *signature, size_t signature_len, XMSS_UNUSED_ATT const uint8_t *public_key) { - - if (message == NULL || signature == NULL || public_key == NULL) { - return OQS_ERROR; - } - - if (xmssmt_sign_open(message, (unsigned long long) message_len, signature, (unsigned long long) signature_len, public_key)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; +OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_shake128_h60_12_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key) { + return OQS_SIG_STFL_alg_xmssmt_verify(message, message_len, signature, signature_len, public_key); } OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_shake128_h60_12_sigs_remaining(unsigned long long *remain, const OQS_SIG_STFL_SECRET_KEY *secret_key) { - if (remain == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - if (xmssmt_remaining_signatures(remain, secret_key->secret_key_data)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; + return OQS_SIG_STFL_alg_xmssmt_sigs_remaining(remain, secret_key); } OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_shake128_h60_12_sigs_total(unsigned long long *total, const OQS_SIG_STFL_SECRET_KEY *secret_key) { - if (total == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - if (xmssmt_total_signatures(total, secret_key->secret_key_data)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; + return OQS_SIG_STFL_alg_xmssmt_sigs_total(total, secret_key); } + diff --git a/src/sig_stfl/xmss/sig_stfl_xmssmt_shake128_h60_3.c b/src/sig_stfl/xmss/sig_stfl_xmssmt_shake128_h60_3.c index 4a58336d26..5c3242a8e1 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmssmt_shake128_h60_3.c +++ b/src/sig_stfl/xmss/sig_stfl_xmssmt_shake128_h60_3.c @@ -43,53 +43,7 @@ OQS_SIG_STFL *OQS_SIG_STFL_alg_xmssmt_shake128_h60_3_new(void) { } OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_XMSSMT_SHAKE128_H60_3_new(void) { - - // Initialize the secret key in the heap with adequate memory - OQS_SIG_STFL_SECRET_KEY *sk = malloc(sizeof(OQS_SIG_STFL_SECRET_KEY)); - if (sk == NULL) { - return NULL; - } - memset(sk, 0, sizeof(OQS_SIG_STFL_SECRET_KEY)); - - sk->length_secret_key = OQS_SIG_STFL_alg_xmssmt_shake128_h60_3_length_sk; - - // Secret serialize/deserialize function - sk->serialize_key = OQS_SECRET_KEY_XMSS_serialize_key; - sk->deserialize_key = OQS_SECRET_KEY_XMSS_deserialize_key; - - // Initialize the key with length_secret_key amount of bytes. - sk->secret_key_data = (uint8_t *)malloc(sk->length_secret_key * sizeof(uint8_t)); - - if (sk->secret_key_data == NULL) { - OQS_MEM_insecure_free(sk); - return NULL; - } - memset(sk->secret_key_data, 0, sk->length_secret_key); - - // Point to associated OQS_SIG_STFL object - sk->sig = NULL; - - // Mutual exclusion struct - sk->mutex = NULL; - - // Set Secret Key locking function - sk->lock_key = NULL; - - // Set Secret Key unlocking / releasing function - sk->unlock_key = NULL; - - // Set Secret Key saving function - sk->secure_store_scrt_key = NULL; - - // Set Secret Key store callback function - sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; - - // Set Secret Key free function - sk->free_key = OQS_SECRET_KEY_XMSS_free; - - sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; - - return sk; + return OQS_SECRET_KEY_XMSS_new(OQS_SIG_STFL_alg_xmssmt_shake128_h60_3_length_sk); } OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_shake128_h60_3_keypair(XMSS_UNUSED_ATT uint8_t *public_key, XMSS_UNUSED_ATT OQS_SIG_STFL_SECRET_KEY *secret_key) { @@ -105,93 +59,18 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_shake128_h60_3_keypair(XMSS_UNUSED_AT return OQS_SUCCESS; } -OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_shake128_h60_3_sign(uint8_t *signature, size_t *signature_len, XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, XMSS_UNUSED_ATT OQS_SIG_STFL_SECRET_KEY *secret_key) { - - OQS_STATUS rc_keyupdate, status = OQS_SUCCESS; - const OQS_SIG_STFL_SECRET_KEY *sk; - uint8_t *sk_key_buf_ptr = NULL; - unsigned long long sig_length = 0; - size_t sk_key_buf_len = 0; - - if (signature == NULL || signature_len == NULL || message == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - /* check for secret key update function */ - if (secret_key->secure_store_scrt_key == NULL) { - return OQS_ERROR; - } - - /* Lock secret to ensure OTS use */ - if ((secret_key->lock_key) && (secret_key->mutex)) { - secret_key->lock_key(secret_key->mutex); - } - - if (xmss_sign(secret_key->secret_key_data, signature, &sig_length, message, message_len)) { - status = OQS_ERROR; - goto err; - } - *signature_len = (size_t)sig_length; - - /* - * serialize and securely store the updated private key - * but, delete signature and the serialized key other wise - */ - - sk = secret_key; - rc_keyupdate = OQS_SECRET_KEY_XMSS_serialize_key(sk, &sk_key_buf_len, &sk_key_buf_ptr); - if (rc_keyupdate != OQS_SUCCESS) { - status = OQS_ERROR; - goto err; - } - - rc_keyupdate = secret_key->secure_store_scrt_key(sk_key_buf_ptr, sk_key_buf_len, secret_key->context); - if (rc_keyupdate != OQS_SUCCESS) { - status = OQS_ERROR; - } - - OQS_MEM_secure_free(sk_key_buf_ptr, sk_key_buf_len); -err: - /* Unlock secret to ensure OTS use */ - if ((secret_key->unlock_key) && (secret_key->mutex)) { - secret_key->unlock_key(secret_key->mutex); - } - return status; +OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_shake128_h60_3_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, OQS_SIG_STFL_SECRET_KEY *secret_key) { + return OQS_SIG_STFL_alg_xmssmt_sign(signature, signature_len, message, message_len, secret_key); } -OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_shake128_h60_3_verify(XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, const uint8_t *signature, size_t signature_len, XMSS_UNUSED_ATT const uint8_t *public_key) { - - if (message == NULL || signature == NULL || public_key == NULL) { - return OQS_ERROR; - } - - if (xmssmt_sign_open(message, (unsigned long long) message_len, signature, (unsigned long long) signature_len, public_key)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; +OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_shake128_h60_3_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key) { + return OQS_SIG_STFL_alg_xmssmt_verify(message, message_len, signature, signature_len, public_key); } OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_shake128_h60_3_sigs_remaining(unsigned long long *remain, const OQS_SIG_STFL_SECRET_KEY *secret_key) { - if (remain == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - if (xmssmt_remaining_signatures(remain, secret_key->secret_key_data)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; + return OQS_SIG_STFL_alg_xmssmt_sigs_remaining(remain, secret_key); } OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_shake128_h60_3_sigs_total(unsigned long long *total, const OQS_SIG_STFL_SECRET_KEY *secret_key) { - if (total == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - if (xmssmt_total_signatures(total, secret_key->secret_key_data)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; + return OQS_SIG_STFL_alg_xmssmt_sigs_total(total, secret_key); } diff --git a/src/sig_stfl/xmss/sig_stfl_xmssmt_shake128_h60_6.c b/src/sig_stfl/xmss/sig_stfl_xmssmt_shake128_h60_6.c index 84fea192f9..3874589c2f 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmssmt_shake128_h60_6.c +++ b/src/sig_stfl/xmss/sig_stfl_xmssmt_shake128_h60_6.c @@ -43,53 +43,7 @@ OQS_SIG_STFL *OQS_SIG_STFL_alg_xmssmt_shake128_h60_6_new(void) { } OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_XMSSMT_SHAKE128_H60_6_new(void) { - - // Initialize the secret key in the heap with adequate memory - OQS_SIG_STFL_SECRET_KEY *sk = malloc(sizeof(OQS_SIG_STFL_SECRET_KEY)); - if (sk == NULL) { - return NULL; - } - memset(sk, 0, sizeof(OQS_SIG_STFL_SECRET_KEY)); - - sk->length_secret_key = OQS_SIG_STFL_alg_xmssmt_shake128_h60_6_length_sk; - - // Secret serialize/deserialize function - sk->serialize_key = OQS_SECRET_KEY_XMSS_serialize_key; - sk->deserialize_key = OQS_SECRET_KEY_XMSS_deserialize_key; - - // Initialize the key with length_secret_key amount of bytes. - sk->secret_key_data = (uint8_t *)malloc(sk->length_secret_key * sizeof(uint8_t)); - - if (sk->secret_key_data == NULL) { - OQS_MEM_insecure_free(sk); - return NULL; - } - memset(sk->secret_key_data, 0, sk->length_secret_key); - - // Point to associated OQS_SIG_STFL object - sk->sig = NULL; - - // Mutual exclusion struct - sk->mutex = NULL; - - // Set Secret Key locking function - sk->lock_key = NULL; - - // Set Secret Key unlocking / releasing function - sk->unlock_key = NULL; - - // Set Secret Key saving function - sk->secure_store_scrt_key = NULL; - - // Set Secret Key store callback function - sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; - - // Set Secret Key free function - sk->free_key = OQS_SECRET_KEY_XMSS_free; - - sk->set_scrt_key_store_cb = OQS_SECRET_KEY_XMSS_set_store_cb; - - return sk; + return OQS_SECRET_KEY_XMSS_new(OQS_SIG_STFL_alg_xmssmt_shake128_h60_6_length_sk); } OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_shake128_h60_6_keypair(XMSS_UNUSED_ATT uint8_t *public_key, XMSS_UNUSED_ATT OQS_SIG_STFL_SECRET_KEY *secret_key) { @@ -105,54 +59,18 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_shake128_h60_6_keypair(XMSS_UNUSED_AT return OQS_SUCCESS; } -OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_shake128_h60_6_sign(uint8_t *signature, size_t *signature_len, XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, XMSS_UNUSED_ATT OQS_SIG_STFL_SECRET_KEY *secret_key) { - - if (signature == NULL || signature_len == NULL || message == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - unsigned long long sig_length = 0; - if (xmssmt_sign(secret_key->secret_key_data, signature, &sig_length, message, message_len)) { - return OQS_ERROR; - } - *signature_len = (size_t) sig_length; - - return OQS_SUCCESS; +OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_shake128_h60_6_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, OQS_SIG_STFL_SECRET_KEY *secret_key) { + return OQS_SIG_STFL_alg_xmssmt_sign(signature, signature_len, message, message_len, secret_key); } -OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_shake128_h60_6_verify(XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, const uint8_t *signature, size_t signature_len, XMSS_UNUSED_ATT const uint8_t *public_key) { - - if (message == NULL || signature == NULL || public_key == NULL) { - return OQS_ERROR; - } - - if (xmssmt_sign_open(message, (unsigned long long) message_len, signature, (unsigned long long) signature_len, public_key)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; +OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_shake128_h60_6_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key) { + return OQS_SIG_STFL_alg_xmssmt_verify(message, message_len, signature, signature_len, public_key); } OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_shake128_h60_6_sigs_remaining(unsigned long long *remain, const OQS_SIG_STFL_SECRET_KEY *secret_key) { - if (remain == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - if (xmssmt_remaining_signatures(remain, secret_key->secret_key_data)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; + return OQS_SIG_STFL_alg_xmssmt_sigs_remaining(remain, secret_key); } OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_shake128_h60_6_sigs_total(unsigned long long *total, const OQS_SIG_STFL_SECRET_KEY *secret_key) { - if (total == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - if (xmssmt_total_signatures(total, secret_key->secret_key_data)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; + return OQS_SIG_STFL_alg_xmssmt_sigs_total(total, secret_key); } From 03ebc654b5be53ec707316a8c7f4da79ca8f37ae Mon Sep 17 00:00:00 2001 From: Duc Nguyen Date: Sat, 21 Oct 2023 21:35:57 -0400 Subject: [PATCH 04/32] clean up unused function --- src/sig_stfl/xmss/sig_stfl_xmss_functions.c | 88 --------------------- 1 file changed, 88 deletions(-) diff --git a/src/sig_stfl/xmss/sig_stfl_xmss_functions.c b/src/sig_stfl/xmss/sig_stfl_xmss_functions.c index e4178ded72..f219616d86 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmss_functions.c +++ b/src/sig_stfl/xmss/sig_stfl_xmss_functions.c @@ -60,7 +60,6 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sign(uint8_t *signature, size_t *signat err: /* Unlock secret to ensure OTS use */ if ((secret_key->unlock_key != NULL) && (secret_key->mutex != NULL)) { - printf("secret unlock\n"); secret_key->unlock_key(secret_key->mutex); } return status; @@ -102,90 +101,3 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sigs_total(unsigned long long *total, c return OQS_SUCCESS; } - -/* -------------- XMSSMT -------------- */ - -OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sign(uint8_t *signature, size_t *signature_len, XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, XMSS_UNUSED_ATT OQS_SIG_STFL_SECRET_KEY *secret_key) { - - OQS_STATUS rc_keyupdate, status = OQS_SUCCESS; - const OQS_SIG_STFL_SECRET_KEY *sk; - uint8_t *sk_key_buf_ptr = NULL; - unsigned long long sig_length = 0; - size_t sk_key_buf_len = 0; - - if (signature == NULL || signature_len == NULL || message == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - /* Don't even attempt signing without a way to safe the updated private key */ - if (secret_key->secure_store_scrt_key == NULL) { - return OQS_ERROR; - } - - /* Lock secret to ensure OTS use */ - if ((secret_key->lock_key != NULL) && (secret_key->mutex != NULL)) { - secret_key->lock_key(secret_key->mutex); - } - if (xmssmt_sign(secret_key->secret_key_data, signature, &sig_length, message, message_len)) { - status = OQS_ERROR; - goto err; - } - *signature_len = (size_t)sig_length; - /* - * serialize and securely store the updated private key - * regardless, delete signature and the serialized key other wise - */ - - status = OQS_SECRET_KEY_XMSS_serialize_key(secret_key, &sk_key_buf_len, &sk_key_buf_ptr); - if (status != OQS_SUCCESS) { - goto err; - } - - // Store updated private key securely - status = secret_key->secure_store_scrt_key(sk_key_buf_ptr, sk_key_buf_len, secret_key->context); - OQS_MEM_secure_free(sk_key_buf_ptr, sk_key_buf_len); - -err: - /* Unlock secret to ensure OTS use */ - if ((secret_key->unlock_key != NULL) && (secret_key->mutex != NULL)) { - secret_key->unlock_key(secret_key->mutex); - } - return status; -} - -OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_verify(XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, const uint8_t *signature, size_t signature_len, XMSS_UNUSED_ATT const uint8_t *public_key) { - - if (message == NULL || signature == NULL || public_key == NULL) { - return OQS_ERROR; - } - - if (xmssmt_sign_open(message, (unsigned long long)message_len, signature, (unsigned long long)signature_len, public_key)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; -} - -OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sigs_remaining(unsigned long long *remain, const OQS_SIG_STFL_SECRET_KEY *secret_key) { - if (remain == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - if (xmssmt_remaining_signatures(remain, secret_key->secret_key_data)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; -} - -OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sigs_total(unsigned long long *total, const OQS_SIG_STFL_SECRET_KEY *secret_key) { - if (total == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) { - return OQS_ERROR; - } - - if (xmssmt_total_signatures(total, secret_key->secret_key_data)) { - return OQS_ERROR; - } - - return OQS_SUCCESS; -} From 54fa82945ad97067da6c80c422034f74364a9e32 Mon Sep 17 00:00:00 2001 From: Duc Nguyen Date: Sat, 21 Oct 2023 22:32:34 -0400 Subject: [PATCH 05/32] TODO: restore core_hash.c later --- src/sig_stfl/xmss/external/core_hash.c | 76 ++++++++++++++++++-------- 1 file changed, 52 insertions(+), 24 deletions(-) diff --git a/src/sig_stfl/xmss/external/core_hash.c b/src/sig_stfl/xmss/external/core_hash.c index b27ad2ca9b..e98d9f1038 100644 --- a/src/sig_stfl/xmss/external/core_hash.c +++ b/src/sig_stfl/xmss/external/core_hash.c @@ -3,36 +3,64 @@ #include "core_hash.h" #include -int core_hash(const xmss_params *params, - unsigned char *out, - const unsigned char *in, unsigned long long inlen) { +// int core_hash(const xmss_params *params, +// unsigned char *out, +// const unsigned char *in, unsigned long long inlen) { + +// (void)params; +// #if HASH == XMSS_CORE_HASH_SHA256_N24 +// unsigned char buf[32]; +// OQS_SHA2_sha256(buf, in, inlen); +// memcpy(out, buf, 24); + +// #elif HASH == XMSS_CORE_HASH_SHAKE256_N24 +// OQS_SHA3_shake256(out, 24, in, inlen); - (void)params; -#if HASH == XMSS_CORE_HASH_SHA256_N24 - unsigned char buf[32]; - OQS_SHA2_sha256(buf, in, inlen); - memcpy(out, buf, 24); +// #elif HASH == XMSS_CORE_HASH_SHA256_N32 +// OQS_SHA2_sha256(out, in, inlen); -#elif HASH == XMSS_CORE_HASH_SHAKE256_N24 - OQS_SHA3_shake256(out, 24, in, inlen); +// #elif HASH == XMSS_CORE_HASH_SHAKE128_N32 +// OQS_SHA3_shake128(out, 32, in, inlen); -#elif HASH == XMSS_CORE_HASH_SHA256_N32 - OQS_SHA2_sha256(out, in, inlen); +// #elif HASH == XMSS_CORE_HASH_SHAKE256_N32 +// OQS_SHA3_shake256(out, 32, in, inlen); -#elif HASH == XMSS_CORE_HASH_SHAKE128_N32 - OQS_SHA3_shake128(out, 32, in, inlen); +// #elif HASH == XMSS_CORE_HASH_SHA512_N64 +// OQS_SHA2_sha512(out, in, inlen); -#elif HASH == XMSS_CORE_HASH_SHAKE256_N32 - OQS_SHA3_shake256(out, 32, in, inlen); +// #elif HASH == XMSS_CORE_HASH_SHAKE256_N64 +// OQS_SHA3_shake256(out, 64, in, inlen); +// #else +// return -1; +// #endif -#elif HASH == XMSS_CORE_HASH_SHA512_N64 - OQS_SHA2_sha512(out, in, inlen); +// return 0; +// } -#elif HASH == XMSS_CORE_HASH_SHAKE256_N64 - OQS_SHA3_shake256(out, 64, in, inlen); -#else - return -1; -#endif +int core_hash(const xmss_params *params, + unsigned char *out, + const unsigned char *in, unsigned long long inlen) { + + if (params->n == 24 && params->func == XMSS_SHA2) { + unsigned char buf[32]; + OQS_SHA2_sha256(buf, in, inlen); + memcpy(out, buf, 24); + } else if (params->n == 24 && params->func == XMSS_SHAKE256) { + OQS_SHA3_shake256(out, 24, in, inlen); + } else if (params->n == 32 && params->func == XMSS_SHA2) { + OQS_SHA2_sha256(out, in, inlen); + } else if (params->n == 32 && params->func == XMSS_SHAKE128) { + OQS_SHA3_shake128(out, 32, in, inlen); + } else if (params->n == 32 && params->func == XMSS_SHAKE256) { + OQS_SHA3_shake256(out, 32, in, inlen); + } else if (params->n == 64 && params->func == XMSS_SHA2) { + OQS_SHA2_sha512(out, in, inlen); + } else if (params->n == 64 && params->func == XMSS_SHAKE256) { + OQS_SHA3_shake256(out, 64, in, inlen); + } else { + return -1; + } return 0; -} + +} \ No newline at end of file From aff21eb89074d36f550ca6c4f4a7db84597c352f Mon Sep 17 00:00:00 2001 From: Duc Nguyen Date: Sun, 22 Oct 2023 10:42:11 -0400 Subject: [PATCH 06/32] Add activate_lock and activate_unlock functions --- src/sig_stfl/xmss/sig_stfl_xmss.h | 8 +++- src/sig_stfl/xmss/sig_stfl_xmss_functions.c | 9 ++--- .../xmss/sig_stfl_xmss_secret_key_functions.c | 40 ++++++++++++++++++- src/sig_stfl/xmss/sig_stfl_xmssmt_functions.c | 10 ++--- 4 files changed, 53 insertions(+), 14 deletions(-) diff --git a/src/sig_stfl/xmss/sig_stfl_xmss.h b/src/sig_stfl/xmss/sig_stfl_xmss.h index 1dac7713f1..06d23ee3db 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmss.h +++ b/src/sig_stfl/xmss/sig_stfl_xmss.h @@ -550,7 +550,7 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sigs_total(unsigned long long *total, OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_XMSS_new(size_t length_secret_key); /* Serialize XMSS secret key data into a byte string */ -OQS_STATUS OQS_SECRET_KEY_XMSS_serialize_key(const OQS_SIG_STFL_SECRET_KEY *sk, size_t *sk_len, uint8_t **sk_buf_ptr); +OQS_STATUS OQS_SECRET_KEY_XMSS_serialize_key(OQS_SIG_STFL_SECRET_KEY *sk, size_t *sk_len, uint8_t **sk_buf_ptr); /* Deserialize XMSS byte string into an XMSS secret key data */ OQS_STATUS OQS_SECRET_KEY_XMSS_deserialize_key(OQS_SIG_STFL_SECRET_KEY *sk, const size_t sk_len, const uint8_t *sk_buf, void *context); @@ -561,4 +561,10 @@ void OQS_SECRET_KEY_XMSS_set_store_cb(OQS_SIG_STFL_SECRET_KEY *sk, secure_store_ /* Free Secret key object */ void OQS_SECRET_KEY_XMSS_free(OQS_SIG_STFL_SECRET_KEY *sk); +/* Lock the key if possible */ +void OQS_SECRET_KEY_XMSS_activate_lock(OQS_SIG_STFL_SECRET_KEY *sk); + +/* Unlock the key if possible */ +void OQS_SECRET_KEY_XMSS_activate_unlock(OQS_SIG_STFL_SECRET_KEY *sk); + #endif /* OQS_SIG_STFL_XMSS_H */ diff --git a/src/sig_stfl/xmss/sig_stfl_xmss_functions.c b/src/sig_stfl/xmss/sig_stfl_xmss_functions.c index f219616d86..f1055c82be 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmss_functions.c +++ b/src/sig_stfl/xmss/sig_stfl_xmss_functions.c @@ -34,9 +34,7 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sign(uint8_t *signature, size_t *signat } /* Lock secret to ensure OTS use */ - if ((secret_key->lock_key != NULL) && (secret_key->mutex != NULL)) { - secret_key->lock_key(secret_key->mutex); - } + OQS_SECRET_KEY_XMSS_activate_lock(secret_key); if (xmss_sign(secret_key->secret_key_data, signature, &sig_length, message, message_len)) { status = OQS_ERROR; @@ -59,9 +57,8 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sign(uint8_t *signature, size_t *signat err: /* Unlock secret to ensure OTS use */ - if ((secret_key->unlock_key != NULL) && (secret_key->mutex != NULL)) { - secret_key->unlock_key(secret_key->mutex); - } + OQS_SECRET_KEY_XMSS_activate_unlock(secret_key); + return status; } diff --git a/src/sig_stfl/xmss/sig_stfl_xmss_secret_key_functions.c b/src/sig_stfl/xmss/sig_stfl_xmss_secret_key_functions.c index 8e4389d75c..d6147cfdd7 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmss_secret_key_functions.c +++ b/src/sig_stfl/xmss/sig_stfl_xmss_secret_key_functions.c @@ -2,6 +2,7 @@ #include #include +#include #include "sig_stfl_xmss.h" #if defined(__GNUC__) || defined(__clang__) @@ -51,6 +52,9 @@ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_XMSS_new(size_t length_secret_key) { // Set Secret Key unlocking / releasing function sk->unlock_key = NULL; + // Boolean if the secret key is locked + sk->is_locked = false; + // Set Secret Key saving function sk->secure_store_scrt_key = NULL; @@ -64,11 +68,14 @@ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_XMSS_new(size_t length_secret_key) { } /* Serialize XMSS secret key data into a byte string, assume the key is locked before serializing */ -OQS_STATUS OQS_SECRET_KEY_XMSS_serialize_key(const OQS_SIG_STFL_SECRET_KEY *sk, size_t *sk_len, uint8_t **sk_buf_ptr) { +OQS_STATUS OQS_SECRET_KEY_XMSS_serialize_key(OQS_SIG_STFL_SECRET_KEY *sk, size_t *sk_len, uint8_t **sk_buf_ptr) { if (sk == NULL || sk_len == NULL || sk_buf_ptr == NULL) { return OQS_ERROR; } + /* Lock the key if possible */ + OQS_SECRET_KEY_XMSS_activate_lock(sk); + uint8_t *sk_buf = malloc(sk->length_secret_key * sizeof(uint8_t)); if (sk_buf == NULL) { return OQS_ERROR; @@ -80,6 +87,9 @@ OQS_STATUS OQS_SECRET_KEY_XMSS_serialize_key(const OQS_SIG_STFL_SECRET_KEY *sk, *sk_buf_ptr = sk_buf; *sk_len = sk->length_secret_key; + /* Unlock the key if possible */ + OQS_SECRET_KEY_XMSS_activate_unlock(sk); + return OQS_SUCCESS; } @@ -116,3 +126,31 @@ void OQS_SECRET_KEY_XMSS_free(OQS_SIG_STFL_SECRET_KEY *sk) { OQS_MEM_secure_free(sk->secret_key_data, sk->length_secret_key); sk->secret_key_data = NULL; } + +void OQS_SECRET_KEY_XMSS_activate_lock(OQS_SIG_STFL_SECRET_KEY *sk) { + if (sk == NULL) { + return; + } + + if (sk->is_locked == false) { + /* Lock the key if possible */ + if ((sk->lock_key != NULL) && (sk->mutex != NULL)) { + sk->lock_key(sk->mutex); + sk->is_locked = true; + } + } +} + +void OQS_SECRET_KEY_XMSS_activate_unlock(OQS_SIG_STFL_SECRET_KEY *sk) { + if (sk == NULL) { + return; + } + + if (sk->is_locked == true) { + /* Unlock the key if possible */ + if ((sk->unlock_key != NULL) && (sk->mutex != NULL)) { + sk->unlock_key(sk->mutex); + sk->is_locked = false; + } + } +} \ No newline at end of file diff --git a/src/sig_stfl/xmss/sig_stfl_xmssmt_functions.c b/src/sig_stfl/xmss/sig_stfl_xmssmt_functions.c index 7800d59e78..7df65bfa74 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmssmt_functions.c +++ b/src/sig_stfl/xmss/sig_stfl_xmssmt_functions.c @@ -34,9 +34,8 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sign(uint8_t *signature, size_t *sign } /* Lock secret to ensure OTS use */ - if ((secret_key->lock_key != NULL) && (secret_key->mutex != NULL)) { - secret_key->lock_key(secret_key->mutex); - } + OQS_SECRET_KEY_XMSS_activate_lock(secret_key); + if (xmssmt_sign(secret_key->secret_key_data, signature, &sig_length, message, message_len)) { status = OQS_ERROR; goto err; @@ -58,9 +57,8 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sign(uint8_t *signature, size_t *sign err: /* Unlock secret to ensure OTS use */ - if ((secret_key->unlock_key != NULL) && (secret_key->mutex != NULL)) { - secret_key->unlock_key(secret_key->mutex); - } + OQS_SECRET_KEY_XMSS_activate_unlock(secret_key); + return status; } From 6178748ad27b8daf954e80d6aa4e398267a27649 Mon Sep 17 00:00:00 2001 From: Duc Nguyen Date: Sun, 22 Oct 2023 10:43:01 -0400 Subject: [PATCH 07/32] Add `bool is_locked` to retain lock information, and adjust function signatures --- src/sig_stfl/sig_stfl.c | 2 +- src/sig_stfl/sig_stfl.h | 7 +++++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/src/sig_stfl/sig_stfl.c b/src/sig_stfl/sig_stfl.c index 4d9894fd00..43c19dcff9 100644 --- a/src/sig_stfl/sig_stfl.c +++ b/src/sig_stfl/sig_stfl.c @@ -822,7 +822,7 @@ OQS_API void OQS_SIG_STFL_SECRET_KEY_SET_store_cb(OQS_SIG_STFL_SECRET_KEY *sk, s } /* Convert secret key object to byte string */ -OQS_API OQS_STATUS OQS_SECRET_KEY_STFL_serialize_key(const OQS_SIG_STFL_SECRET_KEY *sk, size_t *sk_len, uint8_t **sk_buf) { +OQS_API OQS_STATUS OQS_SECRET_KEY_STFL_serialize_key(OQS_SIG_STFL_SECRET_KEY *sk, size_t *sk_len, uint8_t **sk_buf) { if (sk == NULL || sk_len == NULL || sk_buf == NULL || sk->serialize_key == NULL) { return OQS_ERROR; } diff --git a/src/sig_stfl/sig_stfl.h b/src/sig_stfl/sig_stfl.h index dc47c41647..2101481696 100644 --- a/src/sig_stfl/sig_stfl.h +++ b/src/sig_stfl/sig_stfl.h @@ -271,6 +271,9 @@ typedef struct OQS_SIG_STFL_SECRET_KEY { /* file storage handle */ void *context; + /* Secret key lock status: 0: key is locked, otherwise key is unlocked */ + bool is_locked; + /** * Secret Key retrieval Function * @@ -280,7 +283,7 @@ typedef struct OQS_SIG_STFL_SECRET_KEY { * @returns length of key material data available * Caller deletes the buffer if memory was allocated. */ - OQS_STATUS (*serialize_key)(const OQS_SIG_STFL_SECRET_KEY *sk, size_t *sk_len, uint8_t **sk_buf_ptr); + OQS_STATUS (*serialize_key)(OQS_SIG_STFL_SECRET_KEY *sk, size_t *sk_len, uint8_t **sk_buf_ptr); /** * Secret Key to internal structure Function @@ -516,7 +519,7 @@ OQS_STATUS OQS_SIG_STFL_SECRET_KEY_unlock(OQS_SIG_STFL_SECRET_KEY *sk); */ void OQS_SIG_STFL_SECRET_KEY_SET_store_cb(OQS_SIG_STFL_SECRET_KEY *sk, secure_store_sk store_cb, void *context); -OQS_API OQS_STATUS OQS_SECRET_KEY_STFL_serialize_key(const OQS_SIG_STFL_SECRET_KEY *sk, size_t *sk_len, uint8_t **sk_buf); +OQS_API OQS_STATUS OQS_SECRET_KEY_STFL_serialize_key(OQS_SIG_STFL_SECRET_KEY *sk, size_t *sk_len, uint8_t **sk_buf); /* Insert lms byte string in an LMS secret key object */ OQS_API OQS_STATUS OQS_SECRET_KEY_STFL_deserialize_key(OQS_SIG_STFL_SECRET_KEY *sk, size_t key_len, const uint8_t *sk_buf, void *context); From 4ad3f424d07d85a03ab469698d2f1283742f76b4 Mon Sep 17 00:00:00 2001 From: Duc Nguyen Date: Sun, 22 Oct 2023 12:52:23 -0400 Subject: [PATCH 08/32] cleanup test_sig_stfl.c --- tests/test_sig_stfl.c | 447 ++++++------------------------------------ 1 file changed, 55 insertions(+), 392 deletions(-) diff --git a/tests/test_sig_stfl.c b/tests/test_sig_stfl.c index 305001a462..e5abc27cd7 100644 --- a/tests/test_sig_stfl.c +++ b/tests/test_sig_stfl.c @@ -17,6 +17,8 @@ #if OQS_USE_PTHREADS_IN_TESTS #include + +static pthread_mutex_t *test_sk_lock = NULL; #endif #ifdef OQS_ENABLE_TEST_CONSTANT_TIME @@ -46,24 +48,23 @@ static size_t signature_len_1; static size_t signature_len_2; static uint8_t message_1[] = "The quick brown fox ..."; static uint8_t message_2[] = "The quick brown fox jumped from the tree."; -static pthread_mutex_t *test_sk_lock = NULL; /* * Write stateful secret keys to disk. */ static OQS_STATUS test_save_secret_key(uint8_t *key_buf, size_t buf_len, void *context) { - uint8_t *kb = key_buf; - - if (key_buf && context && buf_len != 0) { - if (oqs_fstore("sk", (const char *)context, kb, buf_len) == OQS_SUCCESS) { - printf("\n================================================================================\n"); - printf("Updated STFL SK <%s>.\n", (const char *)context); - printf("================================================================================\n"); - return OQS_SUCCESS; - } else { - return OQS_ERROR; - } + if (key_buf == NULL || buf_len == 0 || context == NULL) { + return OQS_ERROR; } + const char *context_char = context; + + if (oqs_fstore("sk", context_char, key_buf, buf_len) == OQS_SUCCESS) { + printf("\n================================================================================\n"); + printf("Updated STFL SK <%s>.\n", context_char); + printf("================================================================================\n"); + return OQS_SUCCESS; + } + return OQS_ERROR; } @@ -91,11 +92,11 @@ static OQS_STATUS unlock_sk_key(void *mutex) { } #else static OQS_STATUS lock_sk_key(void *mutex) { - return sk != NULL ? OQS_SUCCESS : OQS_ERROR; + return OQS_SUCCESS; } static OQS_STATUS unlock_sk_key(void *mutex) { - return sk != NULL ? OQS_SUCCESS : OQS_ERROR; + return OQS_SUCCESS; } #endif @@ -194,10 +195,6 @@ int ReadHex(FILE *infile, unsigned char *a, unsigned long Length, char *str) { OQS_STATUS sig_stfl_keypair_from_keygen(OQS_SIG_STFL *sig, uint8_t *public_key, OQS_SIG_STFL_SECRET_KEY *secret_key) { OQS_STATUS rc; - if ((sig == NULL) || (public_key == NULL) || (secret_key == NULL)) { - return OQS_ERROR; - } - rc = OQS_SIG_STFL_keypair(sig, public_key, secret_key); OQS_TEST_CT_DECLASSIFY(&rc, sizeof rc); if (rc != OQS_SUCCESS) { @@ -250,8 +247,10 @@ OQS_STATUS sig_stfl_keypair_from_KATs(OQS_SIG_STFL *sig, uint8_t *public_key, OQ * XMSSMT-SHAKE_60/3_256 */ OQS_STATUS sig_stfl_KATs_keygen(OQS_SIG_STFL *sig, uint8_t *public_key, OQS_SIG_STFL_SECRET_KEY *secret_key, const char *katfile) { + if (sig == NULL || public_key == NULL || secret_key == NULL || katfile == NULL) { + return OQS_ERROR; + } - printf("%s ", sig->method_name); if (0) { #ifdef OQS_ENABLE_SIG_STFL_xmss_sha256_h16 @@ -323,9 +322,11 @@ typedef struct magic_s { } magic_t; static char *convert_method_name_to_file_name(const char *method_name) { + if (method_name == NULL) { + return NULL; + } const char *file_store = NULL; - char *name = NULL; if (strcmp(method_name, OQS_SIG_STFL_alg_xmssmt_sha256_h20_2) == 0) { file_store = "XMSSMT-SHA2_20-2_256"; } else if (strcmp(method_name, OQS_SIG_STFL_alg_xmssmt_sha256_h20_4) == 0) { @@ -362,10 +363,7 @@ static char *convert_method_name_to_file_name(const char *method_name) { file_store = method_name; } - if (file_store) { - name = strdup(file_store); - } - return name; + return strdup(file_store); } static OQS_STATUS sig_stfl_test_correctness(const char *method_name, const char *katfile) { @@ -373,7 +371,6 @@ static OQS_STATUS sig_stfl_test_correctness(const char *method_name, const char OQS_SIG_STFL *sig = NULL; uint8_t *public_key = NULL; OQS_SIG_STFL_SECRET_KEY *secret_key = NULL; - const OQS_SIG_STFL_SECRET_KEY *sk = NULL; OQS_SIG_STFL_SECRET_KEY *secret_key_rd = NULL; uint8_t *message = NULL; size_t message_len = 100; @@ -395,74 +392,8 @@ static OQS_STATUS sig_stfl_test_correctness(const char *method_name, const char OQS_STATUS rc, ret = OQS_ERROR; - if (0) { - -#ifdef OQS_ENABLE_SIG_STFL_xmss_sha256_h16 - } else if (strcmp(method_name, OQS_SIG_STFL_alg_xmss_sha256_h16) == 0) { - goto skip_test; -#endif -#ifdef OQS_ENABLE_SIG_STFL_xmss_sha256_h20 - } else if (strcmp(method_name, OQS_SIG_STFL_alg_xmss_sha256_h20) == 0) { - goto skip_test; -#endif - -#ifdef OQS_ENABLE_SIG_STFL_xmss_shake128_h16 - } else if (0 == strcasecmp(method_name, OQS_SIG_STFL_alg_xmss_shake128_h16)) { - goto skip_test; -#endif -#ifdef OQS_ENABLE_SIG_STFL_xmss_shake128_h20 - } else if (0 == strcasecmp(method_name, OQS_SIG_STFL_alg_xmss_shake128_h20)) { - goto skip_test; -#endif - -#ifdef OQS_ENABLE_SIG_STFL_xmss_sha512_h16 - } else if (0 == strcasecmp(method_name, OQS_SIG_STFL_alg_xmss_sha512_h16)) { - goto skip_test; -#endif -#ifdef OQS_ENABLE_SIG_STFL_xmss_sha512_h20 - } else if (0 == strcasecmp(method_name, OQS_SIG_STFL_alg_xmss_sha512_h20)) { - goto skip_test; -#endif - -#ifdef OQS_ENABLE_SIG_STFL_xmss_shake256_h16 - } else if (0 == strcasecmp(method_name, OQS_SIG_STFL_alg_xmss_shake256_h16)) { - goto skip_test; -#endif -#ifdef OQS_ENABLE_SIG_STFL_xmss_shake256_h20 - } else if (0 == strcasecmp(method_name, OQS_SIG_STFL_alg_xmss_shake256_h20)) { - goto skip_test; -#endif - -#ifdef OQS_ENABLE_SIG_STFL_xmssmt_sha256_h40_2 - } else if (0 == strcasecmp(method_name, OQS_SIG_STFL_alg_xmssmt_sha256_h40_2)) { - goto skip_test; -#endif -#ifdef OQS_ENABLE_SIG_STFL_xmssmt_sha256_h60_3 - } else if (0 == strcasecmp(method_name, OQS_SIG_STFL_alg_xmssmt_sha256_h60_3)) { - goto skip_test; -#endif - -#ifdef OQS_ENABLE_SIG_STFL_xmssmt_shake128_h40_2 - } else if (0 == strcasecmp(method_name, OQS_SIG_STFL_alg_xmssmt_shake128_h40_2)) { - goto skip_test; -#endif -#ifdef OQS_ENABLE_SIG_STFL_xmssmt_shake128_h60_3 - } else if (0 == strcasecmp(method_name, OQS_SIG_STFL_alg_xmssmt_shake128_h60_3)) { - goto skip_test; -#endif - } else { - goto test_on; - } -skip_test: - printf("skipping slow test %s\n", method_name); - return OQS_SUCCESS; - -test_on: - //The magic numbers are random values. //The length of the magic number was chosen to be 31 to break alignment - - OQS_randombytes(magic.val, sizeof(magic_t)); sig = OQS_SIG_STFL_new(method_name); @@ -532,14 +463,13 @@ static OQS_STATUS sig_stfl_test_correctness(const char *method_name, const char * Some keypair generation is fast, so we only read keypair from KATs for slow XMSS parameters */ rc = sig_stfl_KATs_keygen(sig, public_key, secret_key, katfile); - sk = secret_key; OQS_TEST_CT_DECLASSIFY(&rc, sizeof rc); if (rc != OQS_SUCCESS) { fprintf(stderr, "ERROR: OQS_SIG_STFL_keypair failed\n"); goto err; } - rc = OQS_SECRET_KEY_STFL_serialize_key(sk, &sk_buf_len, &sk_buf); + rc = OQS_SECRET_KEY_STFL_serialize_key(secret_key, &sk_buf_len, &sk_buf); if (rc != OQS_SUCCESS) { goto err; } @@ -604,7 +534,6 @@ static OQS_STATUS sig_stfl_test_correctness(const char *method_name, const char } #endif - printf("verification passes as expected\n"); ret = OQS_SUCCESS; goto cleanup; @@ -639,7 +568,7 @@ static OQS_STATUS sig_stfl_test_correctness(const char *method_name, const char return ret; } -static OQS_STATUS sig_stfl_test_secret_key(const char *method_name) { +static OQS_STATUS sig_stfl_test_secret_key(const char *method_name, const char *katfile) { OQS_STATUS rc = OQS_SUCCESS; OQS_SIG_STFL_SECRET_KEY *sk = NULL; OQS_SIG_STFL_SECRET_KEY *sk_frm_file = NULL; @@ -658,71 +587,6 @@ static OQS_STATUS sig_stfl_test_secret_key(const char *method_name) { * Temporarily skip algs with long key generation times. */ - if (0) { - -#ifdef OQS_ENABLE_SIG_STFL_xmss_sha256_h16 - } else if (strcmp(method_name, OQS_SIG_STFL_alg_xmss_sha256_h16) == 0) { - goto skip_test; -#endif -#ifdef OQS_ENABLE_SIG_STFL_xmss_sha256_h20 - } else if (strcmp(method_name, OQS_SIG_STFL_alg_xmss_sha256_h20) == 0) { - goto skip_test; -#endif - -#ifdef OQS_ENABLE_SIG_STFL_xmss_shake128_h16 - } else if (0 == strcasecmp(method_name, OQS_SIG_STFL_alg_xmss_shake128_h16)) { - goto skip_test; -#endif -#ifdef OQS_ENABLE_SIG_STFL_xmss_shake128_h20 - } else if (0 == strcasecmp(method_name, OQS_SIG_STFL_alg_xmss_shake128_h20)) { - goto skip_test; -#endif - -#ifdef OQS_ENABLE_SIG_STFL_xmss_sha512_h16 - } else if (0 == strcasecmp(method_name, OQS_SIG_STFL_alg_xmss_sha512_h16)) { - goto skip_test; -#endif -#ifdef OQS_ENABLE_SIG_STFL_xmss_sha512_h20 - } else if (0 == strcasecmp(method_name, OQS_SIG_STFL_alg_xmss_sha512_h20)) { - goto skip_test; -#endif - -#ifdef OQS_ENABLE_SIG_STFL_xmss_shake256_h16 - } else if (0 == strcasecmp(method_name, OQS_SIG_STFL_alg_xmss_shake256_h16)) { - goto skip_test; -#endif -#ifdef OQS_ENABLE_SIG_STFL_xmss_shake256_h20 - } else if (0 == strcasecmp(method_name, OQS_SIG_STFL_alg_xmss_shake256_h20)) { - goto skip_test; -#endif - -#ifdef OQS_ENABLE_SIG_STFL_xmssmt_sha256_h40_2 - } else if (0 == strcasecmp(method_name, OQS_SIG_STFL_alg_xmssmt_sha256_h40_2)) { - goto skip_test; -#endif -#ifdef OQS_ENABLE_SIG_STFL_xmssmt_sha256_h60_3 - } else if (0 == strcasecmp(method_name, OQS_SIG_STFL_alg_xmssmt_sha256_h60_3)) { - goto skip_test; -#endif - -#ifdef OQS_ENABLE_SIG_STFL_xmssmt_shake128_h40_2 - } else if (0 == strcasecmp(method_name, OQS_SIG_STFL_alg_xmssmt_shake128_h40_2)) { - goto skip_test; -#endif -#ifdef OQS_ENABLE_SIG_STFL_xmssmt_shake128_h60_3 - } else if (0 == strcasecmp(method_name, OQS_SIG_STFL_alg_xmssmt_shake128_h60_3)) { - goto skip_test; -#endif - } else { - goto keep_going; - } - -skip_test: - printf("Skip slow test %s.\n", method_name); - return rc; - -keep_going: - printf("================================================================================\n"); printf("Create stateful Signature %s\n", method_name); printf("================================================================================\n"); @@ -749,7 +613,7 @@ static OQS_STATUS sig_stfl_test_secret_key(const char *method_name) { printf("Generate keypair %s\n", method_name); printf("================================================================================\n"); - rc = OQS_SIG_STFL_keypair(sig_obj, public_key, sk); + rc = sig_stfl_KATs_keygen(sig_obj, public_key, sk, katfile); if (rc != OQS_SUCCESS) { fprintf(stderr, "OQS STFL key gen failed.\n"); @@ -764,14 +628,12 @@ static OQS_STATUS sig_stfl_test_secret_key(const char *method_name) { fprintf(stderr, "OQS STFL key: Failed to get max number of sig from %s.\n", method_name); goto err; } - printf("%s Maximum num of sign operations = %llu\n", method_name, max_num_sigs); rc = OQS_SIG_STFL_sigs_remaining((const OQS_SIG_STFL *)sig_obj, &num_sig_left, (const OQS_SIG_STFL_SECRET_KEY *)sk); if (rc != OQS_SUCCESS) { fprintf(stderr, "OQS STFL key: Failed to get the remaining number of sig from %s.\n", method_name); goto err; } - printf("%s Remaining number of sign operations = %llu\n", method_name, num_sig_left); /* write sk key to disk */ rc = OQS_SECRET_KEY_STFL_serialize_key(sk, &to_file_sk_len, &to_file_sk_buf); @@ -819,12 +681,12 @@ static OQS_STATUS sig_stfl_test_secret_key(const char *method_name) { goto err; } - printf("Secret Key created as expected.\n"); - goto end_it; + rc = OQS_SUCCESS; + goto cleanup; err: rc = OQS_ERROR; -end_it: +cleanup: OQS_SIG_STFL_SECRET_KEY_free(sk); OQS_SIG_STFL_SECRET_KEY_free(sk_frm_file); @@ -848,77 +710,13 @@ static OQS_STATUS sig_stfl_test_query_key(const char *method_name) { * Temporarily skip algs with long key generation times. */ - if (0) { - -#ifdef OQS_ENABLE_SIG_STFL_xmss_sha256_h16 - } else if (strcmp(method_name, OQS_SIG_STFL_alg_xmss_sha256_h16) == 0) { - goto skip_test; -#endif -#ifdef OQS_ENABLE_SIG_STFL_xmss_sha256_h20 - } else if (strcmp(method_name, OQS_SIG_STFL_alg_xmss_sha256_h20) == 0) { - goto skip_test; -#endif - -#ifdef OQS_ENABLE_SIG_STFL_xmss_shake128_h16 - } else if (0 == strcasecmp(method_name, OQS_SIG_STFL_alg_xmss_shake128_h16)) { - goto skip_test; -#endif -#ifdef OQS_ENABLE_SIG_STFL_xmss_shake128_h20 - } else if (0 == strcasecmp(method_name, OQS_SIG_STFL_alg_xmss_shake128_h20)) { - goto skip_test; -#endif - -#ifdef OQS_ENABLE_SIG_STFL_xmss_sha512_h16 - } else if (0 == strcasecmp(method_name, OQS_SIG_STFL_alg_xmss_sha512_h16)) { - goto skip_test; -#endif -#ifdef OQS_ENABLE_SIG_STFL_xmss_sha512_h20 - } else if (0 == strcasecmp(method_name, OQS_SIG_STFL_alg_xmss_sha512_h20)) { - goto skip_test; -#endif - -#ifdef OQS_ENABLE_SIG_STFL_xmss_shake256_h16 - } else if (0 == strcasecmp(method_name, OQS_SIG_STFL_alg_xmss_shake256_h16)) { - goto skip_test; -#endif -#ifdef OQS_ENABLE_SIG_STFL_xmss_shake256_h20 - } else if (0 == strcasecmp(method_name, OQS_SIG_STFL_alg_xmss_shake256_h20)) { - goto skip_test; -#endif - -#ifdef OQS_ENABLE_SIG_STFL_xmssmt_sha256_h40_2 - } else if (0 == strcasecmp(method_name, OQS_SIG_STFL_alg_xmssmt_sha256_h40_2)) { - goto skip_test; -#endif -#ifdef OQS_ENABLE_SIG_STFL_xmssmt_sha256_h60_3 - } else if (0 == strcasecmp(method_name, OQS_SIG_STFL_alg_xmssmt_sha256_h60_3)) { - goto skip_test; -#endif - -#ifdef OQS_ENABLE_SIG_STFL_xmssmt_shake128_h40_2 - } else if (0 == strcasecmp(method_name, OQS_SIG_STFL_alg_xmssmt_shake128_h40_2)) { - goto skip_test; -#endif -#ifdef OQS_ENABLE_SIG_STFL_xmssmt_shake128_h60_3 - } else if (0 == strcasecmp(method_name, OQS_SIG_STFL_alg_xmssmt_shake128_h60_3)) { - goto skip_test; -#endif - } else { - goto keep_going; - } - -skip_test: - printf("Skip slow test %s.\n", method_name); - return rc; - -keep_going: - printf("================================================================================\n"); printf("Testing stateful Signature Verification %s\n", method_name); printf("================================================================================\n"); - if ( lock_test_sk == NULL || lock_test_sig_obj == NULL || signature_1 == NULL - || signature_2 == NULL || lock_test_public_key == NULL) { + if ( lock_test_sk == NULL || lock_test_sig_obj == NULL || + signature_1 == NULL || signature_2 == NULL || + lock_test_public_key == NULL) { return OQS_ERROR; } @@ -943,16 +741,14 @@ static OQS_STATUS sig_stfl_test_query_key(const char *method_name) { fprintf(stderr, "ERROR: lock thread test OQS_SIG_STFL_verify failed\n"); goto err; } - rc = OQS_SUCCESS; printf("================================================================================\n"); printf("Stateful Signature Verification %s Passed.\n", method_name); printf("================================================================================\n"); - goto end_it; -err: - rc = OQS_ERROR; -end_it: - return rc; + return OQS_SUCCESS; + +err: + return OQS_ERROR; } static OQS_STATUS sig_stfl_test_sig_gen(const char *method_name) { @@ -967,71 +763,6 @@ static OQS_STATUS sig_stfl_test_sig_gen(const char *method_name) { * Temporarily skip algs with long key generation times. */ - if (0) { - -#ifdef OQS_ENABLE_SIG_STFL_xmss_sha256_h16 - } else if (strcmp(method_name, OQS_SIG_STFL_alg_xmss_sha256_h16) == 0) { - goto skip_test; -#endif -#ifdef OQS_ENABLE_SIG_STFL_xmss_sha256_h20 - } else if (strcmp(method_name, OQS_SIG_STFL_alg_xmss_sha256_h20) == 0) { - goto skip_test; -#endif - -#ifdef OQS_ENABLE_SIG_STFL_xmss_shake128_h16 - } else if (0 == strcasecmp(method_name, OQS_SIG_STFL_alg_xmss_shake128_h16)) { - goto skip_test; -#endif -#ifdef OQS_ENABLE_SIG_STFL_xmss_shake128_h20 - } else if (0 == strcasecmp(method_name, OQS_SIG_STFL_alg_xmss_shake128_h20)) { - goto skip_test; -#endif - -#ifdef OQS_ENABLE_SIG_STFL_xmss_sha512_h16 - } else if (0 == strcasecmp(method_name, OQS_SIG_STFL_alg_xmss_sha512_h16)) { - goto skip_test; -#endif -#ifdef OQS_ENABLE_SIG_STFL_xmss_sha512_h20 - } else if (0 == strcasecmp(method_name, OQS_SIG_STFL_alg_xmss_sha512_h20)) { - goto skip_test; -#endif - -#ifdef OQS_ENABLE_SIG_STFL_xmss_shake256_h16 - } else if (0 == strcasecmp(method_name, OQS_SIG_STFL_alg_xmss_shake256_h16)) { - goto skip_test; -#endif -#ifdef OQS_ENABLE_SIG_STFL_xmss_shake256_h20 - } else if (0 == strcasecmp(method_name, OQS_SIG_STFL_alg_xmss_shake256_h20)) { - goto skip_test; -#endif - -#ifdef OQS_ENABLE_SIG_STFL_xmssmt_sha256_h40_2 - } else if (0 == strcasecmp(method_name, OQS_SIG_STFL_alg_xmssmt_sha256_h40_2)) { - goto skip_test; -#endif -#ifdef OQS_ENABLE_SIG_STFL_xmssmt_sha256_h60_3 - } else if (0 == strcasecmp(method_name, OQS_SIG_STFL_alg_xmssmt_sha256_h60_3)) { - goto skip_test; -#endif - -#ifdef OQS_ENABLE_SIG_STFL_xmssmt_shake128_h40_2 - } else if (0 == strcasecmp(method_name, OQS_SIG_STFL_alg_xmssmt_shake128_h40_2)) { - goto skip_test; -#endif -#ifdef OQS_ENABLE_SIG_STFL_xmssmt_shake128_h60_3 - } else if (0 == strcasecmp(method_name, OQS_SIG_STFL_alg_xmssmt_shake128_h60_3)) { - goto skip_test; -#endif - } else { - goto keep_going; - } - -skip_test: - printf("Skip slow test %s.\n", method_name); - return rc; - -keep_going: - printf("================================================================================\n"); printf("Testing stateful Signature Generation %s\n", method_name); printf("================================================================================\n"); @@ -1054,14 +785,12 @@ static OQS_STATUS sig_stfl_test_sig_gen(const char *method_name) { fprintf(stderr, "OQS STFL key: Failed to get max number of sig from %s.\n", method_name); goto err; } - printf("%s Maximum num of sign operations = %llu\n", method_name, max_num_sigs); rc = OQS_SIG_STFL_sigs_remaining((const OQS_SIG_STFL *)lock_test_sig_obj, &num_sig_left, (const OQS_SIG_STFL_SECRET_KEY *)lock_test_sk); if (rc != OQS_SUCCESS) { fprintf(stderr, "OQS STFL key: Failed to get the remaining number of sig from %s.\n", method_name); goto err; } - printf("%s Remaining number of sign operations = %llu\n", method_name, num_sig_left); printf("================================================================================\n"); printf("Sig Gen 1 %s\n", method_name); @@ -1085,14 +814,12 @@ static OQS_STATUS sig_stfl_test_sig_gen(const char *method_name) { fprintf(stderr, "OQS STFL key: Failed to get max number of sig from %s.\n", method_name); goto err; } - printf("%s Maximum num of sign operations = %llu\n", method_name, max_num_sigs); rc = OQS_SIG_STFL_sigs_remaining((const OQS_SIG_STFL *)lock_test_sig_obj, &num_sig_left, (const OQS_SIG_STFL_SECRET_KEY *)lock_test_sk); if (rc != OQS_SUCCESS) { fprintf(stderr, "OQS STFL key: Failed to get the remaining number of sig from %s.\n", method_name); goto err; } - printf("%s Remaining number of sign operations = %llu\n", method_name, num_sig_left); printf("================================================================================\n"); printf("Sig Gen 2 %s\n", method_name); @@ -1120,26 +847,25 @@ static OQS_STATUS sig_stfl_test_sig_gen(const char *method_name) { fprintf(stderr, "OQS STFL key: Failed to get max number of sig from %s.\n", method_name); goto err; } - printf("%s Maximum num of sign operations = %llu\n", method_name, max_num_sigs); rc = OQS_SIG_STFL_sigs_remaining((const OQS_SIG_STFL *)lock_test_sig_obj, &num_sig_left, (const OQS_SIG_STFL_SECRET_KEY *)lock_test_sk); if (rc != OQS_SUCCESS) { fprintf(stderr, "OQS STFL key: Failed to get the remaining number of sig from %s.\n", method_name); goto err; } - printf("%s Remaining number of sign operations = %llu\n", method_name, num_sig_left); - goto end_it; + rc = OQS_SUCCESS; + goto cleanup; err: rc = OQS_ERROR; -end_it: +cleanup: OQS_MEM_insecure_free(context); OQS_MEM_insecure_free(key_store_name); return rc; } -static OQS_STATUS sig_stfl_test_secret_key_lock(const char *method_name) { +static OQS_STATUS sig_stfl_test_secret_key_lock(const char *method_name, const char *katfile) { OQS_STATUS rc = OQS_SUCCESS; printf("================================================================================\n"); @@ -1150,71 +876,6 @@ static OQS_STATUS sig_stfl_test_secret_key_lock(const char *method_name) { * Temporarily skip algs with long key generation times. */ - if (0) { - -#ifdef OQS_ENABLE_SIG_STFL_xmss_sha256_h16 - } else if (strcmp(method_name, OQS_SIG_STFL_alg_xmss_sha256_h16) == 0) { - goto skip_test; -#endif -#ifdef OQS_ENABLE_SIG_STFL_xmss_sha256_h20 - } else if (strcmp(method_name, OQS_SIG_STFL_alg_xmss_sha256_h20) == 0) { - goto skip_test; -#endif - -#ifdef OQS_ENABLE_SIG_STFL_xmss_shake128_h16 - } else if (0 == strcasecmp(method_name, OQS_SIG_STFL_alg_xmss_shake128_h16)) { - goto skip_test; -#endif -#ifdef OQS_ENABLE_SIG_STFL_xmss_shake128_h20 - } else if (0 == strcasecmp(method_name, OQS_SIG_STFL_alg_xmss_shake128_h20)) { - goto skip_test; -#endif - -#ifdef OQS_ENABLE_SIG_STFL_xmss_sha512_h16 - } else if (0 == strcasecmp(method_name, OQS_SIG_STFL_alg_xmss_sha512_h16)) { - goto skip_test; -#endif -#ifdef OQS_ENABLE_SIG_STFL_xmss_sha512_h20 - } else if (0 == strcasecmp(method_name, OQS_SIG_STFL_alg_xmss_sha512_h20)) { - goto skip_test; -#endif - -#ifdef OQS_ENABLE_SIG_STFL_xmss_shake256_h16 - } else if (0 == strcasecmp(method_name, OQS_SIG_STFL_alg_xmss_shake256_h16)) { - goto skip_test; -#endif -#ifdef OQS_ENABLE_SIG_STFL_xmss_shake256_h20 - } else if (0 == strcasecmp(method_name, OQS_SIG_STFL_alg_xmss_shake256_h20)) { - goto skip_test; -#endif - -#ifdef OQS_ENABLE_SIG_STFL_xmssmt_sha256_h40_2 - } else if (0 == strcasecmp(method_name, OQS_SIG_STFL_alg_xmssmt_sha256_h40_2)) { - goto skip_test; -#endif -#ifdef OQS_ENABLE_SIG_STFL_xmssmt_sha256_h60_3 - } else if (0 == strcasecmp(method_name, OQS_SIG_STFL_alg_xmssmt_sha256_h60_3)) { - goto skip_test; -#endif - -#ifdef OQS_ENABLE_SIG_STFL_xmssmt_shake128_h40_2 - } else if (0 == strcasecmp(method_name, OQS_SIG_STFL_alg_xmssmt_shake128_h40_2)) { - goto skip_test; -#endif -#ifdef OQS_ENABLE_SIG_STFL_xmssmt_shake128_h60_3 - } else if (0 == strcasecmp(method_name, OQS_SIG_STFL_alg_xmssmt_shake128_h60_3)) { - goto skip_test; -#endif - } else { - goto keep_going; - } - -skip_test: - printf("Skip slow test %s.\n", method_name); - return rc; - -keep_going: - printf("================================================================================\n"); printf("Create stateful Signature %s\n", method_name); printf("================================================================================\n"); @@ -1257,7 +918,7 @@ static OQS_STATUS sig_stfl_test_secret_key_lock(const char *method_name) { printf("Generate keypair %s\n", method_name); printf("================================================================================\n"); - rc = OQS_SIG_STFL_keypair(lock_test_sig_obj, lock_test_public_key, lock_test_sk); + rc = sig_stfl_KATs_keygen(lock_test_sig_obj, lock_test_public_key, lock_test_sk, katfile); if (rc != OQS_SUCCESS) { fprintf(stderr, "OQS STFL key gen failed.\n"); @@ -1275,13 +936,10 @@ static OQS_STATUS sig_stfl_test_secret_key_lock(const char *method_name) { lock_test_sk->set_scrt_key_store_cb(lock_test_sk, test_save_secret_key, (void *)lock_test_context); } - printf("Test Secret Key Creator Thread created Stateful Signature and Secret Key objects.\n"); - goto end_it; + return OQS_SUCCESS; err: - rc = OQS_ERROR; -end_it: - return rc; + return OQS_ERROR; } #ifdef OQS_ENABLE_TEST_CONSTANT_TIME @@ -1310,6 +968,7 @@ struct thread_data { struct lock_test_data { const char *alg_name; + const char *katfile; OQS_STATUS rc; }; @@ -1332,7 +991,7 @@ void *test_sig_gen(void *arg) { void *test_create_keys(void *arg) { struct lock_test_data *td = arg; printf("\n%s: Start Generate Keys\n", __FUNCTION__); - td->rc = sig_stfl_test_secret_key_lock(td->alg_name); + td->rc = sig_stfl_test_secret_key_lock(td->alg_name, td->katfile); printf("%s: End Generate Stateful Keys\n\n", __FUNCTION__); return NULL; } @@ -1340,7 +999,7 @@ void *test_create_keys(void *arg) { void *test_wrapper(void *arg) { struct thread_data *td = arg; td->rc = sig_stfl_test_correctness(td->alg_name, td->katfile); - td->rc1 = sig_stfl_test_secret_key(td->alg_name); + td->rc1 = sig_stfl_test_secret_key(td->alg_name, td->katfile); return NULL; } #endif @@ -1381,7 +1040,8 @@ int main(int argc, char **argv) { OQS_randombytes_switch_algorithm("system"); #endif - OQS_STATUS rc, rc1, rc_lck, rc_sig, rc_qry; + OQS_STATUS rc = OQS_SUCCESS, rc1 = OQS_SUCCESS, + rc_lck = OQS_SUCCESS, rc_sig = OQS_SUCCESS, rc_qry = OQS_SUCCESS; #if OQS_USE_PTHREADS_IN_TESTS #define MAX_LEN_SIG_NAME_ 64 @@ -1400,6 +1060,10 @@ int main(int argc, char **argv) { td_sign.alg_name = alg_name; td_query.alg_name = alg_name; + td_create.katfile = katfile; + td_sign.katfile = katfile; + td_query.katfile = katfile; + int trc = pthread_create(&thread, NULL, test_wrapper, &td); if (trc) { fprintf(stderr, "ERROR: Creating pthread\n"); @@ -1438,7 +1102,7 @@ int main(int argc, char **argv) { rc_qry = td_query.rc; #else rc = sig_stfl_test_correctness(alg_name, katfile); - rc1 = sig_stfl_test_secret_key(alg_name); + rc1 = sig_stfl_test_secret_key(alg_name, katfile); #endif OQS_SIG_STFL_SECRET_KEY_free(lock_test_sk); @@ -1448,11 +1112,10 @@ int main(int argc, char **argv) { OQS_MEM_insecure_free(signature_1); OQS_MEM_insecure_free(signature_2); - if ((rc != OQS_SUCCESS) || (rc1 != OQS_SUCCESS) || (rc_lck != OQS_SUCCESS) || (rc_sig != OQS_SUCCESS) - || (rc_qry != OQS_SUCCESS)) { - OQS_destroy(); + OQS_destroy(); + if (rc != OQS_SUCCESS || rc1 != OQS_SUCCESS || + rc_lck != OQS_SUCCESS || rc_sig != OQS_SUCCESS || rc_qry != OQS_SUCCESS) { return EXIT_FAILURE; } - OQS_destroy(); return EXIT_SUCCESS; } From c04295f568f406cc46010a0f64cde55debd977be Mon Sep 17 00:00:00 2001 From: Duc Nguyen Date: Sun, 22 Oct 2023 13:04:27 -0400 Subject: [PATCH 09/32] remove const in LMS_serialize_key and add `is_locked` to OQS_SIG_STFL_SECRET_KEY initialization --- src/sig_stfl/lms/sig_stfl_lms.c | 64 ++++++++++++++++++++++- src/sig_stfl/lms/sig_stfl_lms.h | 2 +- src/sig_stfl/lms/sig_stfl_lms_functions.c | 11 ++-- 3 files changed, 67 insertions(+), 10 deletions(-) diff --git a/src/sig_stfl/lms/sig_stfl_lms.c b/src/sig_stfl/lms/sig_stfl_lms.c index 3503c7447b..d5a978bfa1 100644 --- a/src/sig_stfl/lms/sig_stfl_lms.c +++ b/src/sig_stfl/lms/sig_stfl_lms.c @@ -8,7 +8,7 @@ #include "sig_stfl_lms.h" /* Convert LMS secret key object to byte string */ -static OQS_STATUS OQS_SECRET_KEY_LMS_serialize_key(const OQS_SIG_STFL_SECRET_KEY *sk, size_t *sk_len, uint8_t **sk_buf_ptr); +static OQS_STATUS OQS_SECRET_KEY_LMS_serialize_key(OQS_SIG_STFL_SECRET_KEY *sk, size_t *sk_len, uint8_t **sk_buf_ptr); /* Insert lms byte string in an LMS secret key object */ static OQS_STATUS OQS_SECRET_KEY_LMS_deserialize_key(OQS_SIG_STFL_SECRET_KEY *sk, const size_t sk_len, const uint8_t *sk_buf, void *context); @@ -82,6 +82,9 @@ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_LMS_SHA256_H5_W1_new(void) { */ sk->lock_key = NULL; + /* Boolean if the secret key is locked */ + sk->is_locked = false; + /* * Set Secret Key Unlocking / Releasing Function */ @@ -169,6 +172,9 @@ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_LMS_SHA256_H5_W2_new(void) { */ sk->lock_key = NULL; + /* Boolean if the secret key is locked */ + sk->is_locked = false; + /* * Set Secret Key Unlocking / Releasing Function */ @@ -256,6 +262,9 @@ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_LMS_SHA256_H5_W4_new(void) { */ sk->lock_key = NULL; + /* Boolean if the secret key is locked */ + sk->is_locked = false; + /* * Set Secret Key Unlocking / Releasing Function */ @@ -343,6 +352,9 @@ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_LMS_SHA256_H5_W8_new(void) { */ sk->lock_key = NULL; + /* Boolean if the secret key is locked */ + sk->is_locked = false; + /* * Set Secret Key Unlocking / Releasing Function */ @@ -430,6 +442,9 @@ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_LMS_SHA256_H10_W1_new(void) { */ sk->lock_key = NULL; + /* Boolean if the secret key is locked */ + sk->is_locked = false; + /* * Set Secret Key Unlocking / Releasing Function */ @@ -517,6 +532,9 @@ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_LMS_SHA256_H10_W2_new(void) { */ sk->lock_key = NULL; + /* Boolean if the secret key is locked */ + sk->is_locked = false; + /* * Set Secret Key Unlocking / Releasing Function */ @@ -604,6 +622,9 @@ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_LMS_SHA256_H10_W4_new(void) { */ sk->lock_key = NULL; + /* Boolean if the secret key is locked */ + sk->is_locked = false; + /* * Set Secret Key Unlocking / Releasing Function */ @@ -691,6 +712,9 @@ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_LMS_SHA256_H10_W8_new(void) { */ sk->lock_key = NULL; + /* Boolean if the secret key is locked */ + sk->is_locked = false; + /* * Set Secret Key Unlocking / Releasing Function */ @@ -778,6 +802,9 @@ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_LMS_SHA256_H15_W1_new(void) { */ sk->lock_key = NULL; + /* Boolean if the secret key is locked */ + sk->is_locked = false; + /* * Set Secret Key Unlocking / Releasing Function */ @@ -865,6 +892,9 @@ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_LMS_SHA256_H15_W2_new(void) { */ sk->lock_key = NULL; + /* Boolean if the secret key is locked */ + sk->is_locked = false; + /* * Set Secret Key Unlocking / Releasing Function */ @@ -952,6 +982,9 @@ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_LMS_SHA256_H15_W4_new(void) { */ sk->lock_key = NULL; + /* Boolean if the secret key is locked */ + sk->is_locked = false; + /* * Set Secret Key Unlocking / Releasing Function */ @@ -1039,6 +1072,9 @@ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_LMS_SHA256_H15_W8_new(void) { */ sk->lock_key = NULL; + /* Boolean if the secret key is locked */ + sk->is_locked = false; + /* * Set Secret Key Unlocking / Releasing Function */ @@ -1126,6 +1162,9 @@ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_LMS_SHA256_H20_W1_new(void) { */ sk->lock_key = NULL; + /* Boolean if the secret key is locked */ + sk->is_locked = false; + /* * Set Secret Key Unlocking / Releasing Function */ @@ -1213,6 +1252,9 @@ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_LMS_SHA256_H20_W2_new(void) { */ sk->lock_key = NULL; + /* Boolean if the secret key is locked */ + sk->is_locked = false; + /* * Set Secret Key Unlocking / Releasing Function */ @@ -1300,6 +1342,9 @@ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_LMS_SHA256_H20_W4_new(void) { */ sk->lock_key = NULL; + /* Boolean if the secret key is locked */ + sk->is_locked = false; + /* * Set Secret Key Unlocking / Releasing Function */ @@ -1387,6 +1432,9 @@ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_LMS_SHA256_H20_W8_new(void) { */ sk->lock_key = NULL; + /* Boolean if the secret key is locked */ + sk->is_locked = false; + /* * Set Secret Key Unlocking / Releasing Function */ @@ -1474,6 +1522,9 @@ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_LMS_SHA256_H25_W1_new(void) { */ sk->lock_key = NULL; + /* Boolean if the secret key is locked */ + sk->is_locked = false; + /* * Set Secret Key Unlocking / Releasing Function */ @@ -1561,6 +1612,9 @@ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_LMS_SHA256_H25_W2_new(void) { */ sk->lock_key = NULL; + /* Boolean if the secret key is locked */ + sk->is_locked = false; + /* * Set Secret Key Unlocking / Releasing Function */ @@ -1648,6 +1702,9 @@ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_LMS_SHA256_H25_W4_new(void) { */ sk->lock_key = NULL; + /* Boolean if the secret key is locked */ + sk->is_locked = false; + /* * Set Secret Key Unlocking / Releasing Function */ @@ -1735,6 +1792,9 @@ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_LMS_SHA256_H25_W8_new(void) { */ sk->lock_key = NULL; + /* Boolean if the secret key is locked */ + sk->is_locked = false; + /* * Set Secret Key Unlocking / Releasing Function */ @@ -1760,7 +1820,7 @@ void OQS_SECRET_KEY_LMS_free(OQS_SIG_STFL_SECRET_KEY *sk) { } /* Convert LMS secret key object to byte string */ -static OQS_STATUS OQS_SECRET_KEY_LMS_serialize_key(const OQS_SIG_STFL_SECRET_KEY *sk, size_t *sk_len, uint8_t **sk_buf_ptr) { +static OQS_STATUS OQS_SECRET_KEY_LMS_serialize_key(OQS_SIG_STFL_SECRET_KEY *sk, size_t *sk_len, uint8_t **sk_buf_ptr) { OQS_STATUS status; if (sk->lock_key && sk->mutex) { sk->lock_key(sk->mutex); diff --git a/src/sig_stfl/lms/sig_stfl_lms.h b/src/sig_stfl/lms/sig_stfl_lms.h index e42450fd15..a2d00cd9bb 100644 --- a/src/sig_stfl/lms/sig_stfl_lms.h +++ b/src/sig_stfl/lms/sig_stfl_lms.h @@ -209,7 +209,7 @@ int oqs_sig_stfl_lms_verify(const uint8_t *m, size_t mlen, const uint8_t *sm, si void oqs_secret_lms_key_free(OQS_SIG_STFL_SECRET_KEY *sk); -OQS_STATUS oqs_serialize_lms_key(const OQS_SIG_STFL_SECRET_KEY *sk, size_t *sk_len, uint8_t **sk_key); +OQS_STATUS oqs_serialize_lms_key(OQS_SIG_STFL_SECRET_KEY *sk, size_t *sk_len, uint8_t **sk_key); OQS_STATUS oqs_deserialize_lms_key(OQS_SIG_STFL_SECRET_KEY *sk, const size_t sk_len, const uint8_t *sk_buf, void *context); void oqs_lms_key_set_store_cb(OQS_SIG_STFL_SECRET_KEY *sk, secure_store_sk store_cb, void *context); diff --git a/src/sig_stfl/lms/sig_stfl_lms_functions.c b/src/sig_stfl/lms/sig_stfl_lms_functions.c index 63db4c49f1..57baf021ae 100644 --- a/src/sig_stfl/lms/sig_stfl_lms_functions.c +++ b/src/sig_stfl/lms/sig_stfl_lms_functions.c @@ -47,11 +47,10 @@ typedef struct OQS_LMS_KEY_DATA { } oqs_lms_key_data; OQS_API OQS_STATUS OQS_SIG_STFL_alg_lms_sign(uint8_t *signature, size_t *signature_length, const uint8_t *message, - size_t message_len, OQS_SIG_STFL_SECRET_KEY *secret_key) { + size_t message_len, OQS_SIG_STFL_SECRET_KEY *secret_key) { OQS_STATUS status = OQS_ERROR; OQS_STATUS rc_keyupdate = OQS_ERROR; oqs_lms_key_data *lms_key_data = NULL; - const OQS_SIG_STFL_SECRET_KEY *sk; uint8_t *sk_key_buf = NULL; size_t sk_key_buf_len = 0; void *context; @@ -89,8 +88,7 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_lms_sign(uint8_t *signature, size_t *signatu * but, delete signature and the serialized key other wise */ - sk = secret_key; - rc_keyupdate = oqs_serialize_lms_key(sk, &sk_key_buf_len, &sk_key_buf); + rc_keyupdate = oqs_serialize_lms_key(secret_key, &sk_key_buf_len, &sk_key_buf); if (rc_keyupdate != OQS_SUCCESS) { goto err; } @@ -121,8 +119,7 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_lms_sign(uint8_t *signature, size_t *signatu } OQS_API OQS_STATUS OQS_SIG_STFL_alg_lms_verify(const uint8_t *message, size_t message_len, - const uint8_t *signature, size_t signature_len, - const uint8_t *public_key) { + const uint8_t *signature, size_t signature_len, const uint8_t *public_key) { if (message == NULL || signature == NULL || public_key == NULL) { return OQS_ERROR; @@ -566,7 +563,7 @@ void oqs_secret_lms_key_free(OQS_SIG_STFL_SECRET_KEY *sk) { * Convert LMS secret key object to byte string * Writes secret key + aux data if present */ -OQS_STATUS oqs_serialize_lms_key(const OQS_SIG_STFL_SECRET_KEY *sk, size_t *sk_len, uint8_t **sk_key) { +OQS_STATUS oqs_serialize_lms_key(OQS_SIG_STFL_SECRET_KEY *sk, size_t *sk_len, uint8_t **sk_key) { if (sk == NULL || sk_len == NULL || sk_key == NULL) { return OQS_ERROR; From 269ada66e1b697f11f54a3d28052a1a6f1b418c3 Mon Sep 17 00:00:00 2001 From: Duc Nguyen Date: Sun, 22 Oct 2023 13:08:37 -0400 Subject: [PATCH 10/32] fix astyle error --- src/sig_stfl/lms/sig_stfl_lms_wrap.h | 3 --- src/sig_stfl/xmss/sig_stfl_xmss_sha256_h20.c | 8 ++++---- 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/src/sig_stfl/lms/sig_stfl_lms_wrap.h b/src/sig_stfl/lms/sig_stfl_lms_wrap.h index 1d5486d21a..e113a16ed6 100644 --- a/src/sig_stfl/lms/sig_stfl_lms_wrap.h +++ b/src/sig_stfl/lms/sig_stfl_lms_wrap.h @@ -7,7 +7,6 @@ #include "external/hss.h" #include "external/hss_sign_inc.h" - /** * @brief OQS_LMS_KEY object for HSS key pair */ @@ -17,7 +16,6 @@ typedef struct OQS_LMS_SIG_DATA oqs_lms_sig_data; typedef struct OQS_LMS_SIG_DATA { - /* message buffer */ unsigned char *message; @@ -33,4 +31,3 @@ typedef struct OQS_LMS_SIG_DATA { } oqs_lms_sig_data; #endif //OQS_SIG_STFL_LMS_H - diff --git a/src/sig_stfl/xmss/sig_stfl_xmss_sha256_h20.c b/src/sig_stfl/xmss/sig_stfl_xmss_sha256_h20.c index d0995e2a7f..a95007730b 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmss_sha256_h20.c +++ b/src/sig_stfl/xmss/sig_stfl_xmss_sha256_h20.c @@ -59,18 +59,18 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha256_h20_keypair(XMSS_UNUSED_ATT uint return OQS_SUCCESS; } -OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha256_h20_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, OQS_SIG_STFL_SECRET_KEY *secret_key){ +OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha256_h20_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, OQS_SIG_STFL_SECRET_KEY *secret_key) { return OQS_SIG_STFL_alg_xmss_sign(signature, signature_len, message, message_len, secret_key); } -OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha256_h20_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key){ +OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha256_h20_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key) { return OQS_SIG_STFL_alg_xmss_verify(message, message_len, signature, signature_len, public_key); } -OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha256_h20_sigs_remaining(unsigned long long *remain, const OQS_SIG_STFL_SECRET_KEY *secret_key){ +OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha256_h20_sigs_remaining(unsigned long long *remain, const OQS_SIG_STFL_SECRET_KEY *secret_key) { return OQS_SIG_STFL_alg_xmss_sigs_remaining(remain, secret_key); } -OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha256_h20_sigs_total(unsigned long long *total, const OQS_SIG_STFL_SECRET_KEY *secret_key){ +OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha256_h20_sigs_total(unsigned long long *total, const OQS_SIG_STFL_SECRET_KEY *secret_key) { return OQS_SIG_STFL_alg_xmss_sigs_total(total, secret_key); } From 0a924bff51eaa74c9536a82f498ec9468eff2cc6 Mon Sep 17 00:00:00 2001 From: Duc Nguyen Date: Sun, 22 Oct 2023 13:19:32 -0400 Subject: [PATCH 11/32] fix astyle. I have to update local astyle to 3.4.10 --- src/sig_stfl/lms/sig_stfl_lms_functions.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/sig_stfl/lms/sig_stfl_lms_functions.c b/src/sig_stfl/lms/sig_stfl_lms_functions.c index 57baf021ae..d9577d2b8d 100644 --- a/src/sig_stfl/lms/sig_stfl_lms_functions.c +++ b/src/sig_stfl/lms/sig_stfl_lms_functions.c @@ -47,7 +47,7 @@ typedef struct OQS_LMS_KEY_DATA { } oqs_lms_key_data; OQS_API OQS_STATUS OQS_SIG_STFL_alg_lms_sign(uint8_t *signature, size_t *signature_length, const uint8_t *message, - size_t message_len, OQS_SIG_STFL_SECRET_KEY *secret_key) { + size_t message_len, OQS_SIG_STFL_SECRET_KEY *secret_key) { OQS_STATUS status = OQS_ERROR; OQS_STATUS rc_keyupdate = OQS_ERROR; oqs_lms_key_data *lms_key_data = NULL; @@ -119,7 +119,7 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_lms_sign(uint8_t *signature, size_t *signatu } OQS_API OQS_STATUS OQS_SIG_STFL_alg_lms_verify(const uint8_t *message, size_t message_len, - const uint8_t *signature, size_t signature_len, const uint8_t *public_key) { + const uint8_t *signature, size_t signature_len, const uint8_t *public_key) { if (message == NULL || signature == NULL || public_key == NULL) { return OQS_ERROR; From b23e8988e93d6678682f5c88d53f9e53a2a5c61a Mon Sep 17 00:00:00 2001 From: Duc Nguyen Date: Sun, 22 Oct 2023 13:24:44 -0400 Subject: [PATCH 12/32] remove incorrect comments --- src/sig_stfl/xmss/sig_stfl_xmss_secret_key_functions.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/sig_stfl/xmss/sig_stfl_xmss_secret_key_functions.c b/src/sig_stfl/xmss/sig_stfl_xmss_secret_key_functions.c index d6147cfdd7..0dcf1d6731 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmss_secret_key_functions.c +++ b/src/sig_stfl/xmss/sig_stfl_xmss_secret_key_functions.c @@ -67,7 +67,7 @@ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_XMSS_new(size_t length_secret_key) { return sk; } -/* Serialize XMSS secret key data into a byte string, assume the key is locked before serializing */ +/* Serialize XMSS secret key data into a byte string. */ OQS_STATUS OQS_SECRET_KEY_XMSS_serialize_key(OQS_SIG_STFL_SECRET_KEY *sk, size_t *sk_len, uint8_t **sk_buf_ptr) { if (sk == NULL || sk_len == NULL || sk_buf_ptr == NULL) { return OQS_ERROR; @@ -93,7 +93,7 @@ OQS_STATUS OQS_SECRET_KEY_XMSS_serialize_key(OQS_SIG_STFL_SECRET_KEY *sk, size_t return OQS_SUCCESS; } -/* Deserialize XMSS byte string into an XMSS secret key data. assume the key is locked before serializing */ +/* Deserialize XMSS byte string into an XMSS secret key data. */ OQS_STATUS OQS_SECRET_KEY_XMSS_deserialize_key(OQS_SIG_STFL_SECRET_KEY *sk, const size_t sk_len, const uint8_t *sk_buf, XMSS_UNUSED_ATT void *context) { if (sk == NULL || sk_buf == NULL || (sk_len != sk->length_secret_key)) { return OQS_ERROR; From 7a0945b0c5b62155d7cfa782ecd54db9b38b241a Mon Sep 17 00:00:00 2001 From: Duc Nguyen Date: Sun, 22 Oct 2023 13:32:57 -0400 Subject: [PATCH 13/32] remove unsued variables --- src/sig_stfl/xmss/sig_stfl_xmss_functions.c | 3 +-- src/sig_stfl/xmss/sig_stfl_xmssmt_functions.c | 3 +-- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/src/sig_stfl/xmss/sig_stfl_xmss_functions.c b/src/sig_stfl/xmss/sig_stfl_xmss_functions.c index f1055c82be..e808635b21 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmss_functions.c +++ b/src/sig_stfl/xmss/sig_stfl_xmss_functions.c @@ -18,8 +18,7 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sign(uint8_t *signature, size_t *signature_len, XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, XMSS_UNUSED_ATT OQS_SIG_STFL_SECRET_KEY *secret_key) { - OQS_STATUS rc_keyupdate, status = OQS_SUCCESS; - const OQS_SIG_STFL_SECRET_KEY *sk; + OQS_STATUS status = OQS_SUCCESS; uint8_t *sk_key_buf_ptr = NULL; unsigned long long sig_length = 0; size_t sk_key_buf_len = 0; diff --git a/src/sig_stfl/xmss/sig_stfl_xmssmt_functions.c b/src/sig_stfl/xmss/sig_stfl_xmssmt_functions.c index 7df65bfa74..812033426c 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmssmt_functions.c +++ b/src/sig_stfl/xmss/sig_stfl_xmssmt_functions.c @@ -18,8 +18,7 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sign(uint8_t *signature, size_t *signature_len, XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, XMSS_UNUSED_ATT OQS_SIG_STFL_SECRET_KEY *secret_key) { - OQS_STATUS rc_keyupdate, status = OQS_SUCCESS; - const OQS_SIG_STFL_SECRET_KEY *sk; + OQS_STATUS status = OQS_SUCCESS; uint8_t *sk_key_buf_ptr = NULL; unsigned long long sig_length = 0; size_t sk_key_buf_len = 0; From a36c288655f34b654e15de5542e7e465243cde83 Mon Sep 17 00:00:00 2001 From: Duc Nguyen Date: Sun, 22 Oct 2023 13:33:05 -0400 Subject: [PATCH 14/32] fix if guard --- src/sig_stfl/xmss/external/xmss_core_fast.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/sig_stfl/xmss/external/xmss_core_fast.c b/src/sig_stfl/xmss/external/xmss_core_fast.c index 78dd95ec1d..4dd4c9b41d 100644 --- a/src/sig_stfl/xmss/external/xmss_core_fast.c +++ b/src/sig_stfl/xmss/external/xmss_core_fast.c @@ -641,9 +641,10 @@ int xmss_core_sign(const xmss_params *params, // has to make sure that this happens on disk. memset(sk, 0xFF, params->index_bytes); memset(sk + params->index_bytes, 0, (params->sk_bytes - params->index_bytes)); - if (idx > ((1ULL << params->full_height) - 1)) + if (idx > ((1ULL << params->full_height) - 1)) { ret = -2; // We already used all one-time keys goto cleanup; + } } unsigned char *tmp = malloc(5 * params->n); From 521afc785a808859740976120a1bf353feb3a7db Mon Sep 17 00:00:00 2001 From: Duc Nguyen Date: Sun, 22 Oct 2023 13:33:16 -0400 Subject: [PATCH 15/32] fix const warnings --- tests/kat_sig_stfl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/kat_sig_stfl.c b/tests/kat_sig_stfl.c index 9fdbeefe11..112003db59 100644 --- a/tests/kat_sig_stfl.c +++ b/tests/kat_sig_stfl.c @@ -69,7 +69,7 @@ int FindMarker(FILE *infile, const char *marker) { // // ALLOW TO READ HEXADECIMAL ENTRY (KEYS, DATA, TEXT, etc.) // -int ReadHex(FILE *infile, unsigned char *a, unsigned long Length, char *str) { +int ReadHex(FILE *infile, unsigned char *a, unsigned long Length, const char *str) { int ch, started; unsigned long i; unsigned char ich; From 8d47af80a37de9fa1d00f78126dc0b9017bf4674 Mon Sep 17 00:00:00 2001 From: Duc Nguyen Date: Sun, 22 Oct 2023 13:55:34 -0400 Subject: [PATCH 16/32] fix namespace error. revert core_hash.c to original namespace separation --- src/sig_stfl/xmss/external/core_hash.c | 76 ++++++++------------------ src/sig_stfl/xmss/sig_stfl_xmss.h | 18 ++++++ 2 files changed, 42 insertions(+), 52 deletions(-) diff --git a/src/sig_stfl/xmss/external/core_hash.c b/src/sig_stfl/xmss/external/core_hash.c index e98d9f1038..b27ad2ca9b 100644 --- a/src/sig_stfl/xmss/external/core_hash.c +++ b/src/sig_stfl/xmss/external/core_hash.c @@ -3,64 +3,36 @@ #include "core_hash.h" #include -// int core_hash(const xmss_params *params, -// unsigned char *out, -// const unsigned char *in, unsigned long long inlen) { - -// (void)params; -// #if HASH == XMSS_CORE_HASH_SHA256_N24 -// unsigned char buf[32]; -// OQS_SHA2_sha256(buf, in, inlen); -// memcpy(out, buf, 24); - -// #elif HASH == XMSS_CORE_HASH_SHAKE256_N24 -// OQS_SHA3_shake256(out, 24, in, inlen); - -// #elif HASH == XMSS_CORE_HASH_SHA256_N32 -// OQS_SHA2_sha256(out, in, inlen); +int core_hash(const xmss_params *params, + unsigned char *out, + const unsigned char *in, unsigned long long inlen) { -// #elif HASH == XMSS_CORE_HASH_SHAKE128_N32 -// OQS_SHA3_shake128(out, 32, in, inlen); + (void)params; +#if HASH == XMSS_CORE_HASH_SHA256_N24 + unsigned char buf[32]; + OQS_SHA2_sha256(buf, in, inlen); + memcpy(out, buf, 24); -// #elif HASH == XMSS_CORE_HASH_SHAKE256_N32 -// OQS_SHA3_shake256(out, 32, in, inlen); +#elif HASH == XMSS_CORE_HASH_SHAKE256_N24 + OQS_SHA3_shake256(out, 24, in, inlen); -// #elif HASH == XMSS_CORE_HASH_SHA512_N64 -// OQS_SHA2_sha512(out, in, inlen); +#elif HASH == XMSS_CORE_HASH_SHA256_N32 + OQS_SHA2_sha256(out, in, inlen); -// #elif HASH == XMSS_CORE_HASH_SHAKE256_N64 -// OQS_SHA3_shake256(out, 64, in, inlen); -// #else -// return -1; -// #endif +#elif HASH == XMSS_CORE_HASH_SHAKE128_N32 + OQS_SHA3_shake128(out, 32, in, inlen); -// return 0; -// } +#elif HASH == XMSS_CORE_HASH_SHAKE256_N32 + OQS_SHA3_shake256(out, 32, in, inlen); +#elif HASH == XMSS_CORE_HASH_SHA512_N64 + OQS_SHA2_sha512(out, in, inlen); -int core_hash(const xmss_params *params, - unsigned char *out, - const unsigned char *in, unsigned long long inlen) { +#elif HASH == XMSS_CORE_HASH_SHAKE256_N64 + OQS_SHA3_shake256(out, 64, in, inlen); +#else + return -1; +#endif - if (params->n == 24 && params->func == XMSS_SHA2) { - unsigned char buf[32]; - OQS_SHA2_sha256(buf, in, inlen); - memcpy(out, buf, 24); - } else if (params->n == 24 && params->func == XMSS_SHAKE256) { - OQS_SHA3_shake256(out, 24, in, inlen); - } else if (params->n == 32 && params->func == XMSS_SHA2) { - OQS_SHA2_sha256(out, in, inlen); - } else if (params->n == 32 && params->func == XMSS_SHAKE128) { - OQS_SHA3_shake128(out, 32, in, inlen); - } else if (params->n == 32 && params->func == XMSS_SHAKE256) { - OQS_SHA3_shake256(out, 32, in, inlen); - } else if (params->n == 64 && params->func == XMSS_SHA2) { - OQS_SHA2_sha512(out, in, inlen); - } else if (params->n == 64 && params->func == XMSS_SHAKE256) { - OQS_SHA3_shake256(out, 64, in, inlen); - } else { - return -1; - } return 0; - -} \ No newline at end of file +} diff --git a/src/sig_stfl/xmss/sig_stfl_xmss.h b/src/sig_stfl/xmss/sig_stfl_xmss.h index 06d23ee3db..757a3a2d40 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmss.h +++ b/src/sig_stfl/xmss/sig_stfl_xmss.h @@ -527,20 +527,38 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_shake128_h60_12_sigs_total(unsigned l #endif +#define __alg_xmss_XMSS(funcname, postfix) funcname##_##postfix +#define _alg_xmss_XMSS(funcname, postfix) __alg_xmss_XMSS(funcname, postfix) +#define OQS_SIG_STFL_alg_xmss_NAMESPACE(funcname) _alg_xmss_XMSS(funcname, XMSS_PARAMS_NAMESPACE) + /* * Generic XMSS APIs */ +#define OQS_SIG_STFL_alg_xmss_sign OQS_SIG_STFL_alg_xmss_NAMESPACE(OQS_SIG_STFL_alg_xmss_sign) OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sign(uint8_t *signature, size_t *signature_len, XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, XMSS_UNUSED_ATT OQS_SIG_STFL_SECRET_KEY *secret_key); + +#define OQS_SIG_STFL_alg_xmss_verify OQS_SIG_STFL_alg_xmss_NAMESPACE(OQS_SIG_STFL_alg_xmss_verify) OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_verify(XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, const uint8_t *signature, size_t signature_len, XMSS_UNUSED_ATT const uint8_t *public_key); + +#define OQS_SIG_STFL_alg_xmss_sigs_remaining OQS_SIG_STFL_alg_xmss_NAMESPACE(OQS_SIG_STFL_alg_xmss_sigs_remaining) OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sigs_remaining(unsigned long long *remain, const OQS_SIG_STFL_SECRET_KEY *secret_key); + +#define OQS_SIG_STFL_alg_xmss_sigs_total OQS_SIG_STFL_alg_xmss_NAMESPACE(OQS_SIG_STFL_alg_xmss_sigs_total) OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sigs_total(unsigned long long *total, const OQS_SIG_STFL_SECRET_KEY *secret_key); /* * Generic XMSS^MT APIs */ +#define OQS_SIG_STFL_alg_xmssmt_sign OQS_SIG_STFL_alg_xmss_NAMESPACE(OQS_SIG_STFL_alg_xmssmt_sign) OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sign(uint8_t *signature, size_t *signature_len, XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, XMSS_UNUSED_ATT OQS_SIG_STFL_SECRET_KEY *secret_key); + +#define OQS_SIG_STFL_alg_xmssmt_verify OQS_SIG_STFL_alg_xmss_NAMESPACE(OQS_SIG_STFL_alg_xmssmt_verify) OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_verify(XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, const uint8_t *signature, size_t signature_len, XMSS_UNUSED_ATT const uint8_t *public_key); + +#define OQS_SIG_STFL_alg_xmssmt_sigs_remaining OQS_SIG_STFL_alg_xmss_NAMESPACE(OQS_SIG_STFL_alg_xmssmt_sigs_remaining) OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sigs_remaining(unsigned long long *remain, const OQS_SIG_STFL_SECRET_KEY *secret_key); + +#define OQS_SIG_STFL_alg_xmssmt_sigs_total OQS_SIG_STFL_alg_xmss_NAMESPACE(OQS_SIG_STFL_alg_xmssmt_sigs_total) OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sigs_total(unsigned long long *total, const OQS_SIG_STFL_SECRET_KEY *secret_key); /* From b4c7ca0adc2174fa39221be16e6252854416b72f Mon Sep 17 00:00:00 2001 From: Duc Nguyen Date: Sun, 22 Oct 2023 14:33:18 -0400 Subject: [PATCH 17/32] move XMSS_free to internal of XMSS --- src/sig_stfl/sig_stfl.h | 8 -------- src/sig_stfl/xmss/sig_stfl_xmss.h | 1 - 2 files changed, 9 deletions(-) diff --git a/src/sig_stfl/sig_stfl.h b/src/sig_stfl/sig_stfl.h index 2101481696..1052b24f21 100644 --- a/src/sig_stfl/sig_stfl.h +++ b/src/sig_stfl/sig_stfl.h @@ -435,14 +435,6 @@ OQS_API void OQS_SIG_STFL_free(OQS_SIG_STFL *sig); */ OQS_API OQS_SIG_STFL_SECRET_KEY *OQS_SIG_STFL_SECRET_KEY_new(const char *method_name); -/** - * Frees an OQS_SIG_STFL_SECRET_KEY **inner** data that was constructed by OQS_SECRET_KEY_new. - * - * @param[in] sig The OQS_SIG_STFL_SECRET_KEY object to free. - * @return OQS_SUCCESS if successful, or OQS_ERROR if the object could not be freed. - */ -void OQS_SECRET_KEY_XMSS_free(OQS_SIG_STFL_SECRET_KEY *sk); - /** * Frees an OQS_SIG_STFL_SECRET_KEY object that was constructed by OQS_SECRET_KEY_new. * diff --git a/src/sig_stfl/xmss/sig_stfl_xmss.h b/src/sig_stfl/xmss/sig_stfl_xmss.h index 757a3a2d40..361224c3fe 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmss.h +++ b/src/sig_stfl/xmss/sig_stfl_xmss.h @@ -11,7 +11,6 @@ #endif #define XMSS_OID_LEN 4 -void OQS_SECRET_KEY_XMSS_free(OQS_SIG_STFL_SECRET_KEY *sk); /* * | Algorithms | oid | sk (b) | pk (b) | sig (b) | n | From 5a49b6b013e5624a0cc05daad5eb636c750f8ae3 Mon Sep 17 00:00:00 2001 From: Duc Nguyen Date: Sun, 22 Oct 2023 15:13:14 -0400 Subject: [PATCH 18/32] Fix memory leaks --- src/sig_stfl/sig_stfl.h | 11 +++---- src/sig_stfl/xmss/sig_stfl_xmss.h | 2 +- .../xmss/sig_stfl_xmss_secret_key_functions.c | 9 ++---- tests/test_sig_stfl.c | 30 +++++++++---------- 4 files changed, 24 insertions(+), 28 deletions(-) diff --git a/src/sig_stfl/sig_stfl.h b/src/sig_stfl/sig_stfl.h index 1052b24f21..df46e7a6bb 100644 --- a/src/sig_stfl/sig_stfl.h +++ b/src/sig_stfl/sig_stfl.h @@ -262,7 +262,7 @@ typedef struct OQS_SIG_STFL_SECRET_KEY { /* The (maximum) length, in bytes, of secret keys for this signature scheme. */ size_t length_secret_key; - /* The variant specific secret key data */ + /* The variant specific secret key data, must be allocated at the initialization. */ void *secret_key_data; /* mutual exclusion struct */ @@ -281,7 +281,7 @@ typedef struct OQS_SIG_STFL_SECRET_KEY { * @param[out] sk_len length of private key as a byte stream * @param[out] sk_buf_ptr pointer to private key data as a byte stream * @returns length of key material data available - * Caller deletes the buffer if memory was allocated. + * Caller is responsible to **unallocate** the pointer to buffer `sk_buf_ptr`. */ OQS_STATUS (*serialize_key)(OQS_SIG_STFL_SECRET_KEY *sk, size_t *sk_len, uint8_t **sk_buf_ptr); @@ -292,8 +292,8 @@ typedef struct OQS_SIG_STFL_SECRET_KEY { * @param[in] key_len length of the returned byte string * @param[in] sk_buf The secret key data to populate key object * @param[in] context application specific data - * @returns status of the operation populated with key material none-zero length. Caller - * deletes the buffer. if sk_buf is NULL the function returns the length + * @returns status of the operation populated with key material none-zero length. + * Caller is responsible to **unallocate** the buffer `sk_buf`. */ OQS_STATUS (*deserialize_key)(OQS_SIG_STFL_SECRET_KEY *sk, const size_t sk_len, const uint8_t *sk_buf, void *context); @@ -511,9 +511,10 @@ OQS_STATUS OQS_SIG_STFL_SECRET_KEY_unlock(OQS_SIG_STFL_SECRET_KEY *sk); */ void OQS_SIG_STFL_SECRET_KEY_SET_store_cb(OQS_SIG_STFL_SECRET_KEY *sk, secure_store_sk store_cb, void *context); +/* Serialize stateful secret key data into a byte string, return an allocated buffer. Users is responsible to unallocate the buffer `sk_buf`. */ OQS_API OQS_STATUS OQS_SECRET_KEY_STFL_serialize_key(OQS_SIG_STFL_SECRET_KEY *sk, size_t *sk_len, uint8_t **sk_buf); -/* Insert lms byte string in an LMS secret key object */ +/* Insert stateful byte string into an secret key object. User is responsible to unallocate buffer `sk_buf`. */ OQS_API OQS_STATUS OQS_SECRET_KEY_STFL_deserialize_key(OQS_SIG_STFL_SECRET_KEY *sk, size_t key_len, const uint8_t *sk_buf, void *context); #if defined(__cplusplus) diff --git a/src/sig_stfl/xmss/sig_stfl_xmss.h b/src/sig_stfl/xmss/sig_stfl_xmss.h index 361224c3fe..0254e695c0 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmss.h +++ b/src/sig_stfl/xmss/sig_stfl_xmss.h @@ -566,7 +566,7 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sigs_total(unsigned long long *total, /* Generic XMSS SECRET_KEY object initialization */ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_XMSS_new(size_t length_secret_key); -/* Serialize XMSS secret key data into a byte string */ +/* Serialize XMSS secret key data into a byte string, return an allocated buffer. Users have to unallocated the buffer. */ OQS_STATUS OQS_SECRET_KEY_XMSS_serialize_key(OQS_SIG_STFL_SECRET_KEY *sk, size_t *sk_len, uint8_t **sk_buf_ptr); /* Deserialize XMSS byte string into an XMSS secret key data */ diff --git a/src/sig_stfl/xmss/sig_stfl_xmss_secret_key_functions.c b/src/sig_stfl/xmss/sig_stfl_xmss_secret_key_functions.c index 0dcf1d6731..141b2a7da3 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmss_secret_key_functions.c +++ b/src/sig_stfl/xmss/sig_stfl_xmss_secret_key_functions.c @@ -67,7 +67,7 @@ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_XMSS_new(size_t length_secret_key) { return sk; } -/* Serialize XMSS secret key data into a byte string. */ +/* Serialize XMSS secret key data into a byte string, return an allocated buffer. Users have to unallocated the buffer. */ OQS_STATUS OQS_SECRET_KEY_XMSS_serialize_key(OQS_SIG_STFL_SECRET_KEY *sk, size_t *sk_len, uint8_t **sk_buf_ptr) { if (sk == NULL || sk_len == NULL || sk_buf_ptr == NULL) { return OQS_ERROR; @@ -99,12 +99,7 @@ OQS_STATUS OQS_SECRET_KEY_XMSS_deserialize_key(OQS_SIG_STFL_SECRET_KEY *sk, cons return OQS_ERROR; } - sk->secret_key_data = malloc(sk_len); - if (sk->secret_key_data == NULL) { - return OQS_ERROR; - } - - memcpy(sk->secret_key_data, sk_buf, sk_len); + memcpy(sk->secret_key_data, sk_buf, sk->length_secret_key); sk->context = context; return OQS_SUCCESS; diff --git a/tests/test_sig_stfl.c b/tests/test_sig_stfl.c index e5abc27cd7..744816718a 100644 --- a/tests/test_sig_stfl.c +++ b/tests/test_sig_stfl.c @@ -52,7 +52,7 @@ static uint8_t message_2[] = "The quick brown fox jumped from the tree."; /* * Write stateful secret keys to disk. */ -static OQS_STATUS test_save_secret_key(uint8_t *key_buf, size_t buf_len, void *context) { +static OQS_STATUS save_secret_key(uint8_t *key_buf, size_t buf_len, void *context) { if (key_buf == NULL || buf_len == 0 || context == NULL) { return OQS_ERROR; } @@ -420,7 +420,7 @@ static OQS_STATUS sig_stfl_test_correctness(const char *method_name, const char /* set context and secure store callback */ context = strdup(((file_store))); - OQS_SIG_STFL_SECRET_KEY_SET_store_cb(secret_key, test_save_secret_key, (void *)context); + OQS_SIG_STFL_SECRET_KEY_SET_store_cb(secret_key, save_secret_key, (void *)context); #if OQS_USE_PTHREADS_IN_TESTS sk_lock = (pthread_mutex_t *)malloc(sizeof(pthread_mutex_t)); @@ -571,13 +571,13 @@ static OQS_STATUS sig_stfl_test_correctness(const char *method_name, const char static OQS_STATUS sig_stfl_test_secret_key(const char *method_name, const char *katfile) { OQS_STATUS rc = OQS_SUCCESS; OQS_SIG_STFL_SECRET_KEY *sk = NULL; - OQS_SIG_STFL_SECRET_KEY *sk_frm_file = NULL; + OQS_SIG_STFL_SECRET_KEY *sk_from_file = NULL; unsigned long long num_sig_left = 0, max_num_sigs = 0; OQS_SIG_STFL *sig_obj = NULL; uint8_t *public_key = NULL; - uint8_t *frm_file_sk_buf = NULL; + uint8_t *from_file_sk_buf = NULL; uint8_t *to_file_sk_buf = NULL; - size_t frm_file_sk_len = 0; + size_t from_file_sk_len = 0; size_t to_file_sk_len = 0; char *context = NULL; char *context_2 = NULL; @@ -654,27 +654,27 @@ static OQS_STATUS sig_stfl_test_secret_key(const char *method_name, const char * /* set context and secure store callback */ if (sk->set_scrt_key_store_cb) { context = strdup(file_store_name); - sk->set_scrt_key_store_cb(sk, test_save_secret_key, (void *)context); + sk->set_scrt_key_store_cb(sk, save_secret_key, (void *)context); } /* read secret key from disk */ - frm_file_sk_buf = malloc(to_file_sk_len); - if (oqs_fload("sk", file_store_name, frm_file_sk_buf, to_file_sk_len, &frm_file_sk_len) != OQS_SUCCESS) { + from_file_sk_buf = malloc(to_file_sk_len); + if (oqs_fload("sk", file_store_name, from_file_sk_buf, to_file_sk_len, &from_file_sk_len) != OQS_SUCCESS) { goto err; } - if (to_file_sk_len != frm_file_sk_len) { + if (to_file_sk_len != from_file_sk_len) { fprintf(stderr, "ERROR: OQS_SECRET_KEY_new stored length not equal read length\n"); goto err; } - sk_frm_file = OQS_SIG_STFL_SECRET_KEY_new(method_name); - if (sk_frm_file == NULL) { + sk_from_file = OQS_SIG_STFL_SECRET_KEY_new(method_name); + if (sk_from_file == NULL) { fprintf(stderr, "ERROR: 2nd OQS_SECRET_KEY_new failed\n"); goto err; } context_2 = strdup(file_store_name); - rc = OQS_SECRET_KEY_STFL_deserialize_key(sk_frm_file, frm_file_sk_len, frm_file_sk_buf, (void *)context_2); + rc = OQS_SECRET_KEY_STFL_deserialize_key(sk_from_file, from_file_sk_len, from_file_sk_buf, (void *)context_2); if (rc != OQS_SUCCESS) { fprintf(stderr, "OQS restore %s from file failed.\n", method_name); @@ -693,7 +693,7 @@ static OQS_STATUS sig_stfl_test_secret_key(const char *method_name, const char * OQS_MEM_insecure_free(public_key); OQS_MEM_secure_free(to_file_sk_buf, to_file_sk_len); - OQS_MEM_secure_free(frm_file_sk_buf, frm_file_sk_len); + OQS_MEM_secure_free(from_file_sk_buf, from_file_sk_len); OQS_SIG_STFL_free(sig_obj); OQS_MEM_insecure_free(context); OQS_MEM_insecure_free(context_2); @@ -774,7 +774,7 @@ static OQS_STATUS sig_stfl_test_sig_gen(const char *method_name) { key_store_name = convert_method_name_to_file_name(method_name); /* set context and secure store callback */ context = strdup(((key_store_name))); - OQS_SIG_STFL_SECRET_KEY_SET_store_cb(lock_test_sk, test_save_secret_key, (void *)context); + OQS_SIG_STFL_SECRET_KEY_SET_store_cb(lock_test_sk, save_secret_key, (void *)context); /* * Get max num signature and the amount remaining @@ -933,7 +933,7 @@ static OQS_STATUS sig_stfl_test_secret_key_lock(const char *method_name, const c /* set context and secure store callback */ if (lock_test_sk->set_scrt_key_store_cb) { lock_test_context = convert_method_name_to_file_name(method_name); - lock_test_sk->set_scrt_key_store_cb(lock_test_sk, test_save_secret_key, (void *)lock_test_context); + lock_test_sk->set_scrt_key_store_cb(lock_test_sk, save_secret_key, (void *)lock_test_context); } return OQS_SUCCESS; From 1afc35cb91adfa478d5bf2933447d69a27493af9 Mon Sep 17 00:00:00 2001 From: Duc Nguyen Date: Sun, 22 Oct 2023 15:15:50 -0400 Subject: [PATCH 19/32] fix astyle format --- src/sig_stfl/sig_stfl.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/sig_stfl/sig_stfl.h b/src/sig_stfl/sig_stfl.h index df46e7a6bb..f3916438a4 100644 --- a/src/sig_stfl/sig_stfl.h +++ b/src/sig_stfl/sig_stfl.h @@ -292,8 +292,8 @@ typedef struct OQS_SIG_STFL_SECRET_KEY { * @param[in] key_len length of the returned byte string * @param[in] sk_buf The secret key data to populate key object * @param[in] context application specific data - * @returns status of the operation populated with key material none-zero length. - * Caller is responsible to **unallocate** the buffer `sk_buf`. + * @returns status of the operation populated with key material none-zero length. + * Caller is responsible to **unallocate** the buffer `sk_buf`. */ OQS_STATUS (*deserialize_key)(OQS_SIG_STFL_SECRET_KEY *sk, const size_t sk_len, const uint8_t *sk_buf, void *context); From 2d817e10d70a0c009e2e59bf0a2c2a2c0328570c Mon Sep 17 00:00:00 2001 From: Duc Nguyen Date: Sun, 22 Oct 2023 15:16:52 -0400 Subject: [PATCH 20/32] fix typo --- tests/test_sig_stfl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/test_sig_stfl.c b/tests/test_sig_stfl.c index 744816718a..dc6487f24e 100644 --- a/tests/test_sig_stfl.c +++ b/tests/test_sig_stfl.c @@ -689,7 +689,7 @@ static OQS_STATUS sig_stfl_test_secret_key(const char *method_name, const char * cleanup: OQS_SIG_STFL_SECRET_KEY_free(sk); - OQS_SIG_STFL_SECRET_KEY_free(sk_frm_file); + OQS_SIG_STFL_SECRET_KEY_free(sk_from_file); OQS_MEM_insecure_free(public_key); OQS_MEM_secure_free(to_file_sk_buf, to_file_sk_len); From ef1bb9a92e4224bb76db02552dc2b6f1e0cf9107 Mon Sep 17 00:00:00 2001 From: Duc Nguyen Date: Sun, 22 Oct 2023 15:44:27 -0400 Subject: [PATCH 21/32] improve readablity --- src/sig_stfl/xmss/sig_stfl_xmss_secret_key_functions.c | 2 +- tests/test_sig_stfl.c | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/sig_stfl/xmss/sig_stfl_xmss_secret_key_functions.c b/src/sig_stfl/xmss/sig_stfl_xmss_secret_key_functions.c index 141b2a7da3..5e083d3550 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmss_secret_key_functions.c +++ b/src/sig_stfl/xmss/sig_stfl_xmss_secret_key_functions.c @@ -148,4 +148,4 @@ void OQS_SECRET_KEY_XMSS_activate_unlock(OQS_SIG_STFL_SECRET_KEY *sk) { sk->is_locked = false; } } -} \ No newline at end of file +} diff --git a/tests/test_sig_stfl.c b/tests/test_sig_stfl.c index dc6487f24e..428bf35697 100644 --- a/tests/test_sig_stfl.c +++ b/tests/test_sig_stfl.c @@ -646,13 +646,13 @@ static OQS_STATUS sig_stfl_test_secret_key(const char *method_name, const char * goto err; } - if (!sk->secret_key_data) { + if (sk->secret_key_data == NULL) { fprintf(stderr, "ERROR: OQS_SECRET_KEY_new incomplete.\n"); goto err; } /* set context and secure store callback */ - if (sk->set_scrt_key_store_cb) { + if (sk->set_scrt_key_store_cb != NULL) { context = strdup(file_store_name); sk->set_scrt_key_store_cb(sk, save_secret_key, (void *)context); } @@ -925,7 +925,7 @@ static OQS_STATUS sig_stfl_test_secret_key_lock(const char *method_name, const c goto err; } - if (!lock_test_sk->secret_key_data) { + if (lock_test_sk->secret_key_data == NULL) { fprintf(stderr, "ERROR: OQS_SECRET_KEY_new incomplete.\n"); goto err; } From 8e422a569c96a9d6254a0274d84b01ac3884af1e Mon Sep 17 00:00:00 2001 From: Duc Nguyen Date: Tue, 24 Oct 2023 09:38:38 -0700 Subject: [PATCH 22/32] Update OID comment. --- src/sig_stfl/sig_stfl.h | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/sig_stfl/sig_stfl.h b/src/sig_stfl/sig_stfl.h index f3916438a4..3003a6d76a 100644 --- a/src/sig_stfl/sig_stfl.h +++ b/src/sig_stfl/sig_stfl.h @@ -165,7 +165,10 @@ OQS_API int OQS_SIG_STFL_alg_is_enabled(const char *method_name); */ typedef struct OQS_SIG_STFL { - /** A local ordinal representing the OID parameter of the signature scheme. */ + /** + * A local ordinal representing the LMS/XMSS OID parameter of the signature scheme. + * This OID is unrelated to ASN.1 OID or anything, it's only for LMS/XMSS internal usage. + */ uint32_t oid; /** Printable string representing the name of the signature scheme. */ @@ -271,7 +274,7 @@ typedef struct OQS_SIG_STFL_SECRET_KEY { /* file storage handle */ void *context; - /* Secret key lock status: 0: key is locked, otherwise key is unlocked */ + /* Secret key lock status boolean: (true) key is locked, (false) key is unlocked */ bool is_locked; /** From f5b86ab574dda467c6a407e557aaa81d5a1812bf Mon Sep 17 00:00:00 2001 From: Duc Nguyen Date: Tue, 24 Oct 2023 09:40:56 -0700 Subject: [PATCH 23/32] Trim the space --- src/sig_stfl/sig_stfl.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/sig_stfl/sig_stfl.h b/src/sig_stfl/sig_stfl.h index 3003a6d76a..04eee3fd57 100644 --- a/src/sig_stfl/sig_stfl.h +++ b/src/sig_stfl/sig_stfl.h @@ -165,8 +165,8 @@ OQS_API int OQS_SIG_STFL_alg_is_enabled(const char *method_name); */ typedef struct OQS_SIG_STFL { - /** - * A local ordinal representing the LMS/XMSS OID parameter of the signature scheme. + /** + * A local ordinal representing the LMS/XMSS OID parameter of the signature scheme. * This OID is unrelated to ASN.1 OID or anything, it's only for LMS/XMSS internal usage. */ uint32_t oid; From fc0a7f46ec9dd40c2783c963c44b2549b165656f Mon Sep 17 00:00:00 2001 From: Norman Ashley Date: Wed, 25 Oct 2023 09:11:05 -0400 Subject: [PATCH 24/32] Remove mutex status bool --- src/sig_stfl/sig_stfl.h | 3 --- 1 file changed, 3 deletions(-) diff --git a/src/sig_stfl/sig_stfl.h b/src/sig_stfl/sig_stfl.h index 04eee3fd57..711bcbc5c6 100644 --- a/src/sig_stfl/sig_stfl.h +++ b/src/sig_stfl/sig_stfl.h @@ -274,9 +274,6 @@ typedef struct OQS_SIG_STFL_SECRET_KEY { /* file storage handle */ void *context; - /* Secret key lock status boolean: (true) key is locked, (false) key is unlocked */ - bool is_locked; - /** * Secret Key retrieval Function * From 28e87731c4b2c76b855328821e070b52c535e229 Mon Sep 17 00:00:00 2001 From: Norman Ashley Date: Wed, 25 Oct 2023 09:16:29 -0400 Subject: [PATCH 25/32] =?UTF-8?q?Remove=20use=20of=20mutex=20status=20bool?= =?UTF-8?q?.=20Use=20recursive=20mutex=E2=80=9D=20src/sig=5Fstfl/lms/sig?= =?UTF-8?q?=5Fstfl=5Flms.c=20src/sig=5Fstfl/xmss/sig=5Fstfl=5Fxmss=5Fsecre?= =?UTF-8?q?t=5Fkey=5Ffunctions.c=20tests/test=5Fsig=5Fstfl.c?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/sig_stfl/lms/sig_stfl_lms.c | 60 ----------------- .../xmss/sig_stfl_xmss_secret_key_functions.c | 21 ++---- tests/test_sig_stfl.c | 65 +++++++++++-------- 3 files changed, 43 insertions(+), 103 deletions(-) diff --git a/src/sig_stfl/lms/sig_stfl_lms.c b/src/sig_stfl/lms/sig_stfl_lms.c index d5a978bfa1..2ea68ab135 100644 --- a/src/sig_stfl/lms/sig_stfl_lms.c +++ b/src/sig_stfl/lms/sig_stfl_lms.c @@ -82,9 +82,6 @@ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_LMS_SHA256_H5_W1_new(void) { */ sk->lock_key = NULL; - /* Boolean if the secret key is locked */ - sk->is_locked = false; - /* * Set Secret Key Unlocking / Releasing Function */ @@ -172,9 +169,6 @@ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_LMS_SHA256_H5_W2_new(void) { */ sk->lock_key = NULL; - /* Boolean if the secret key is locked */ - sk->is_locked = false; - /* * Set Secret Key Unlocking / Releasing Function */ @@ -262,9 +256,6 @@ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_LMS_SHA256_H5_W4_new(void) { */ sk->lock_key = NULL; - /* Boolean if the secret key is locked */ - sk->is_locked = false; - /* * Set Secret Key Unlocking / Releasing Function */ @@ -352,9 +343,6 @@ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_LMS_SHA256_H5_W8_new(void) { */ sk->lock_key = NULL; - /* Boolean if the secret key is locked */ - sk->is_locked = false; - /* * Set Secret Key Unlocking / Releasing Function */ @@ -442,9 +430,6 @@ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_LMS_SHA256_H10_W1_new(void) { */ sk->lock_key = NULL; - /* Boolean if the secret key is locked */ - sk->is_locked = false; - /* * Set Secret Key Unlocking / Releasing Function */ @@ -532,9 +517,6 @@ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_LMS_SHA256_H10_W2_new(void) { */ sk->lock_key = NULL; - /* Boolean if the secret key is locked */ - sk->is_locked = false; - /* * Set Secret Key Unlocking / Releasing Function */ @@ -622,9 +604,6 @@ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_LMS_SHA256_H10_W4_new(void) { */ sk->lock_key = NULL; - /* Boolean if the secret key is locked */ - sk->is_locked = false; - /* * Set Secret Key Unlocking / Releasing Function */ @@ -712,9 +691,6 @@ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_LMS_SHA256_H10_W8_new(void) { */ sk->lock_key = NULL; - /* Boolean if the secret key is locked */ - sk->is_locked = false; - /* * Set Secret Key Unlocking / Releasing Function */ @@ -802,9 +778,6 @@ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_LMS_SHA256_H15_W1_new(void) { */ sk->lock_key = NULL; - /* Boolean if the secret key is locked */ - sk->is_locked = false; - /* * Set Secret Key Unlocking / Releasing Function */ @@ -892,9 +865,6 @@ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_LMS_SHA256_H15_W2_new(void) { */ sk->lock_key = NULL; - /* Boolean if the secret key is locked */ - sk->is_locked = false; - /* * Set Secret Key Unlocking / Releasing Function */ @@ -982,9 +952,6 @@ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_LMS_SHA256_H15_W4_new(void) { */ sk->lock_key = NULL; - /* Boolean if the secret key is locked */ - sk->is_locked = false; - /* * Set Secret Key Unlocking / Releasing Function */ @@ -1072,9 +1039,6 @@ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_LMS_SHA256_H15_W8_new(void) { */ sk->lock_key = NULL; - /* Boolean if the secret key is locked */ - sk->is_locked = false; - /* * Set Secret Key Unlocking / Releasing Function */ @@ -1162,9 +1126,6 @@ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_LMS_SHA256_H20_W1_new(void) { */ sk->lock_key = NULL; - /* Boolean if the secret key is locked */ - sk->is_locked = false; - /* * Set Secret Key Unlocking / Releasing Function */ @@ -1252,9 +1213,6 @@ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_LMS_SHA256_H20_W2_new(void) { */ sk->lock_key = NULL; - /* Boolean if the secret key is locked */ - sk->is_locked = false; - /* * Set Secret Key Unlocking / Releasing Function */ @@ -1342,9 +1300,6 @@ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_LMS_SHA256_H20_W4_new(void) { */ sk->lock_key = NULL; - /* Boolean if the secret key is locked */ - sk->is_locked = false; - /* * Set Secret Key Unlocking / Releasing Function */ @@ -1432,9 +1387,6 @@ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_LMS_SHA256_H20_W8_new(void) { */ sk->lock_key = NULL; - /* Boolean if the secret key is locked */ - sk->is_locked = false; - /* * Set Secret Key Unlocking / Releasing Function */ @@ -1522,9 +1474,6 @@ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_LMS_SHA256_H25_W1_new(void) { */ sk->lock_key = NULL; - /* Boolean if the secret key is locked */ - sk->is_locked = false; - /* * Set Secret Key Unlocking / Releasing Function */ @@ -1612,9 +1561,6 @@ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_LMS_SHA256_H25_W2_new(void) { */ sk->lock_key = NULL; - /* Boolean if the secret key is locked */ - sk->is_locked = false; - /* * Set Secret Key Unlocking / Releasing Function */ @@ -1702,9 +1648,6 @@ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_LMS_SHA256_H25_W4_new(void) { */ sk->lock_key = NULL; - /* Boolean if the secret key is locked */ - sk->is_locked = false; - /* * Set Secret Key Unlocking / Releasing Function */ @@ -1792,9 +1735,6 @@ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_LMS_SHA256_H25_W8_new(void) { */ sk->lock_key = NULL; - /* Boolean if the secret key is locked */ - sk->is_locked = false; - /* * Set Secret Key Unlocking / Releasing Function */ diff --git a/src/sig_stfl/xmss/sig_stfl_xmss_secret_key_functions.c b/src/sig_stfl/xmss/sig_stfl_xmss_secret_key_functions.c index 5e083d3550..351695efda 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmss_secret_key_functions.c +++ b/src/sig_stfl/xmss/sig_stfl_xmss_secret_key_functions.c @@ -52,9 +52,6 @@ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_XMSS_new(size_t length_secret_key) { // Set Secret Key unlocking / releasing function sk->unlock_key = NULL; - // Boolean if the secret key is locked - sk->is_locked = false; - // Set Secret Key saving function sk->secure_store_scrt_key = NULL; @@ -127,12 +124,9 @@ void OQS_SECRET_KEY_XMSS_activate_lock(OQS_SIG_STFL_SECRET_KEY *sk) { return; } - if (sk->is_locked == false) { - /* Lock the key if possible */ - if ((sk->lock_key != NULL) && (sk->mutex != NULL)) { - sk->lock_key(sk->mutex); - sk->is_locked = true; - } + /* Lock the key if possible */ + if ((sk->lock_key != NULL) && (sk->mutex != NULL)) { + sk->lock_key(sk->mutex); } } @@ -141,11 +135,8 @@ void OQS_SECRET_KEY_XMSS_activate_unlock(OQS_SIG_STFL_SECRET_KEY *sk) { return; } - if (sk->is_locked == true) { - /* Unlock the key if possible */ - if ((sk->unlock_key != NULL) && (sk->mutex != NULL)) { - sk->unlock_key(sk->mutex); - sk->is_locked = false; - } + /* Unlock the key if possible */ + if ((sk->unlock_key != NULL) && (sk->mutex != NULL)) { + sk->unlock_key(sk->mutex); } } diff --git a/tests/test_sig_stfl.c b/tests/test_sig_stfl.c index 428bf35697..530f67383d 100644 --- a/tests/test_sig_stfl.c +++ b/tests/test_sig_stfl.c @@ -19,6 +19,7 @@ #include static pthread_mutex_t *test_sk_lock = NULL; +static pthread_mutex_t *sk_lock = NULL; #endif #ifdef OQS_ENABLE_TEST_CONSTANT_TIME @@ -247,7 +248,7 @@ OQS_STATUS sig_stfl_keypair_from_KATs(OQS_SIG_STFL *sig, uint8_t *public_key, OQ * XMSSMT-SHAKE_60/3_256 */ OQS_STATUS sig_stfl_KATs_keygen(OQS_SIG_STFL *sig, uint8_t *public_key, OQS_SIG_STFL_SECRET_KEY *secret_key, const char *katfile) { - if (sig == NULL || public_key == NULL || secret_key == NULL || katfile == NULL) { + if (sig == NULL || public_key == NULL || secret_key == NULL ) { return OQS_ERROR; } @@ -386,10 +387,6 @@ static OQS_STATUS sig_stfl_test_correctness(const char *method_name, const char magic_t magic; -#if OQS_USE_PTHREADS_IN_TESTS - pthread_mutex_t *sk_lock = NULL; -#endif - OQS_STATUS rc, ret = OQS_ERROR; //The magic numbers are random values. @@ -423,14 +420,6 @@ static OQS_STATUS sig_stfl_test_correctness(const char *method_name, const char OQS_SIG_STFL_SECRET_KEY_SET_store_cb(secret_key, save_secret_key, (void *)context); #if OQS_USE_PTHREADS_IN_TESTS - sk_lock = (pthread_mutex_t *)malloc(sizeof(pthread_mutex_t)); - if (sk_lock == NULL) { - goto err; - } - - if (0 != pthread_mutex_init(sk_lock, 0)) { - goto err; - } OQS_SIG_STFL_SECRET_KEY_SET_mutex(secret_key, sk_lock); #endif public_key = malloc(sig->length_public_key + 2 * sizeof(magic_t)); @@ -559,12 +548,6 @@ static OQS_STATUS sig_stfl_test_correctness(const char *method_name, const char OQS_MEM_insecure_free(context); OQS_MEM_insecure_free(file_store); -#if OQS_USE_PTHREADS_IN_TESTS - if (sk_lock) { - pthread_mutex_destroy(sk_lock); - OQS_MEM_insecure_free(sk_lock); - } -#endif return ret; } @@ -902,15 +885,6 @@ static OQS_STATUS sig_stfl_test_secret_key_lock(const char *method_name, const c OQS_SIG_STFL_SECRET_KEY_SET_unlock(lock_test_sk, unlock_sk_key); #if OQS_USE_PTHREADS_IN_TESTS - - test_sk_lock = (pthread_mutex_t *)malloc(sizeof(pthread_mutex_t)); - if (test_sk_lock == NULL) { - goto err; - } - - if (0 != pthread_mutex_init(test_sk_lock, 0)) { - goto err; - } OQS_SIG_STFL_SECRET_KEY_SET_mutex(lock_test_sk, test_sk_lock); #endif @@ -1063,6 +1037,33 @@ int main(int argc, char **argv) { td_create.katfile = katfile; td_sign.katfile = katfile; td_query.katfile = katfile; + pthread_mutexattr_t attr1, attr2; + + test_sk_lock = (pthread_mutex_t *)malloc(sizeof(pthread_mutex_t)); + if (test_sk_lock == NULL) { + goto err; + } + sk_lock = (pthread_mutex_t *)malloc(sizeof(pthread_mutex_t)); + if (sk_lock == NULL) { + goto err; + } + + if (0 != pthread_mutexattr_init(&attr1)) { + goto err; + } + if (0 != pthread_mutexattr_init(&attr2)) { + goto err; + } + + pthread_mutexattr_settype(&attr1, PTHREAD_MUTEX_RECURSIVE); + pthread_mutexattr_settype(&attr2, PTHREAD_MUTEX_RECURSIVE); + + if (0 != pthread_mutex_init(test_sk_lock, &attr1)) { + goto err; + } + if (0 != pthread_mutex_init(test_sk_lock, &attr2)) { + goto err; + } int trc = pthread_create(&thread, NULL, test_wrapper, &td); if (trc) { @@ -1100,6 +1101,14 @@ int main(int argc, char **argv) { } pthread_join(query_key_thread, NULL); rc_qry = td_query.rc; + +err: + if (test_sk_lock) { + pthread_mutex_destroy(test_sk_lock); + } + if (sk_lock) { + pthread_mutex_destroy(sk_lock); + } #else rc = sig_stfl_test_correctness(alg_name, katfile); rc1 = sig_stfl_test_secret_key(alg_name, katfile); From 760d27435093be229966d441bad59631a3b2990c Mon Sep 17 00:00:00 2001 From: Duc Nguyen Date: Tue, 31 Oct 2023 22:45:04 -0400 Subject: [PATCH 26/32] rename lock function --- src/sig_stfl/xmss/sig_stfl_xmss.h | 4 ++-- src/sig_stfl/xmss/sig_stfl_xmss_functions.c | 4 ++-- src/sig_stfl/xmss/sig_stfl_xmss_secret_key_functions.c | 8 ++++---- src/sig_stfl/xmss/sig_stfl_xmssmt_functions.c | 4 ++-- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/src/sig_stfl/xmss/sig_stfl_xmss.h b/src/sig_stfl/xmss/sig_stfl_xmss.h index 0254e695c0..b58327c09b 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmss.h +++ b/src/sig_stfl/xmss/sig_stfl_xmss.h @@ -579,9 +579,9 @@ void OQS_SECRET_KEY_XMSS_set_store_cb(OQS_SIG_STFL_SECRET_KEY *sk, secure_store_ void OQS_SECRET_KEY_XMSS_free(OQS_SIG_STFL_SECRET_KEY *sk); /* Lock the key if possible */ -void OQS_SECRET_KEY_XMSS_activate_lock(OQS_SIG_STFL_SECRET_KEY *sk); +void OQS_SECRET_KEY_XMSS_acquire_lock(OQS_SIG_STFL_SECRET_KEY *sk); /* Unlock the key if possible */ -void OQS_SECRET_KEY_XMSS_activate_unlock(OQS_SIG_STFL_SECRET_KEY *sk); +void OQS_SECRET_KEY_XMSS_release_lock(OQS_SIG_STFL_SECRET_KEY *sk); #endif /* OQS_SIG_STFL_XMSS_H */ diff --git a/src/sig_stfl/xmss/sig_stfl_xmss_functions.c b/src/sig_stfl/xmss/sig_stfl_xmss_functions.c index e808635b21..86b09bc363 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmss_functions.c +++ b/src/sig_stfl/xmss/sig_stfl_xmss_functions.c @@ -33,7 +33,7 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sign(uint8_t *signature, size_t *signat } /* Lock secret to ensure OTS use */ - OQS_SECRET_KEY_XMSS_activate_lock(secret_key); + OQS_SECRET_KEY_XMSS_acquire_lock(secret_key); if (xmss_sign(secret_key->secret_key_data, signature, &sig_length, message, message_len)) { status = OQS_ERROR; @@ -56,7 +56,7 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sign(uint8_t *signature, size_t *signat err: /* Unlock secret to ensure OTS use */ - OQS_SECRET_KEY_XMSS_activate_unlock(secret_key); + OQS_SECRET_KEY_XMSS_release_lock(secret_key); return status; } diff --git a/src/sig_stfl/xmss/sig_stfl_xmss_secret_key_functions.c b/src/sig_stfl/xmss/sig_stfl_xmss_secret_key_functions.c index 351695efda..e5078fb165 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmss_secret_key_functions.c +++ b/src/sig_stfl/xmss/sig_stfl_xmss_secret_key_functions.c @@ -71,7 +71,7 @@ OQS_STATUS OQS_SECRET_KEY_XMSS_serialize_key(OQS_SIG_STFL_SECRET_KEY *sk, size_t } /* Lock the key if possible */ - OQS_SECRET_KEY_XMSS_activate_lock(sk); + OQS_SECRET_KEY_XMSS_acquire_lock(sk); uint8_t *sk_buf = malloc(sk->length_secret_key * sizeof(uint8_t)); if (sk_buf == NULL) { @@ -85,7 +85,7 @@ OQS_STATUS OQS_SECRET_KEY_XMSS_serialize_key(OQS_SIG_STFL_SECRET_KEY *sk, size_t *sk_len = sk->length_secret_key; /* Unlock the key if possible */ - OQS_SECRET_KEY_XMSS_activate_unlock(sk); + OQS_SECRET_KEY_XMSS_release_lock(sk); return OQS_SUCCESS; } @@ -119,7 +119,7 @@ void OQS_SECRET_KEY_XMSS_free(OQS_SIG_STFL_SECRET_KEY *sk) { sk->secret_key_data = NULL; } -void OQS_SECRET_KEY_XMSS_activate_lock(OQS_SIG_STFL_SECRET_KEY *sk) { +void OQS_SECRET_KEY_XMSS_acquire_lock(OQS_SIG_STFL_SECRET_KEY *sk) { if (sk == NULL) { return; } @@ -130,7 +130,7 @@ void OQS_SECRET_KEY_XMSS_activate_lock(OQS_SIG_STFL_SECRET_KEY *sk) { } } -void OQS_SECRET_KEY_XMSS_activate_unlock(OQS_SIG_STFL_SECRET_KEY *sk) { +void OQS_SECRET_KEY_XMSS_release_lock(OQS_SIG_STFL_SECRET_KEY *sk) { if (sk == NULL) { return; } diff --git a/src/sig_stfl/xmss/sig_stfl_xmssmt_functions.c b/src/sig_stfl/xmss/sig_stfl_xmssmt_functions.c index 812033426c..97ea79dc33 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmssmt_functions.c +++ b/src/sig_stfl/xmss/sig_stfl_xmssmt_functions.c @@ -33,7 +33,7 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sign(uint8_t *signature, size_t *sign } /* Lock secret to ensure OTS use */ - OQS_SECRET_KEY_XMSS_activate_lock(secret_key); + OQS_SECRET_KEY_XMSS_acquire_lock(secret_key); if (xmssmt_sign(secret_key->secret_key_data, signature, &sig_length, message, message_len)) { status = OQS_ERROR; @@ -56,7 +56,7 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sign(uint8_t *signature, size_t *sign err: /* Unlock secret to ensure OTS use */ - OQS_SECRET_KEY_XMSS_activate_unlock(secret_key); + OQS_SECRET_KEY_XMSS_release_lock(secret_key); return status; } From 1c716628ae4715556c39b8536c187f302ca11edd Mon Sep 17 00:00:00 2001 From: Duc Nguyen Date: Tue, 31 Oct 2023 22:45:23 -0400 Subject: [PATCH 27/32] simplify the check with 0 --- tests/test_sig_stfl.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/test_sig_stfl.c b/tests/test_sig_stfl.c index 530f67383d..7a73a4be1f 100644 --- a/tests/test_sig_stfl.c +++ b/tests/test_sig_stfl.c @@ -1048,20 +1048,20 @@ int main(int argc, char **argv) { goto err; } - if (0 != pthread_mutexattr_init(&attr1)) { + if (pthread_mutexattr_init(&attr1)) { goto err; } - if (0 != pthread_mutexattr_init(&attr2)) { + if (pthread_mutexattr_init(&attr2)) { goto err; } pthread_mutexattr_settype(&attr1, PTHREAD_MUTEX_RECURSIVE); pthread_mutexattr_settype(&attr2, PTHREAD_MUTEX_RECURSIVE); - if (0 != pthread_mutex_init(test_sk_lock, &attr1)) { + if (pthread_mutex_init(test_sk_lock, &attr1)) { goto err; } - if (0 != pthread_mutex_init(test_sk_lock, &attr2)) { + if (pthread_mutex_init(test_sk_lock, &attr2)) { goto err; } From efbeec90c402703aa7391becf706d7068d77c910 Mon Sep 17 00:00:00 2001 From: Duc Nguyen Date: Tue, 31 Oct 2023 22:58:02 -0400 Subject: [PATCH 28/32] Fix grammar --- src/sig_stfl/sig_stfl.h | 88 ++++++++++++++++++++--------------------- 1 file changed, 44 insertions(+), 44 deletions(-) diff --git a/src/sig_stfl/sig_stfl.h b/src/sig_stfl/sig_stfl.h index 711bcbc5c6..a879c9ee03 100644 --- a/src/sig_stfl/sig_stfl.h +++ b/src/sig_stfl/sig_stfl.h @@ -18,15 +18,15 @@ /* * Developer's Notes: - * Stateful signatures are based on one-time use of a secret key. A pool of secret keys are created for this purpose. - * The state of these keys are tracked to ensure that they are used only once to generate a signature. + * Stateful signatures are based on the one-time use of a secret key. A pool of secret keys is created for this purpose. + * The state of these keys is tracked to ensure that they are used only once to generate a signature. * - * As such, product specific environments do play a role in ensuring the safety of the keys. - * Secret keys must be store securely. + * As such, product-specific environments do play a role in ensuring the safety of the keys. + * Secret keys must be stored securely. * The key index/counter must be updated after each signature generation. - * Secret key must be protected in a thread-save manner. + * The secret key must be protected in a thread-safe manner. * - * Application therefore are required to provide environment specific callback functions to + * Applications therefore are required to provide environment-specific callback functions to * - store private key * - lock/unlock private key * @@ -109,7 +109,7 @@ typedef struct OQS_SIG_STFL_SECRET_KEY OQS_SIG_STFL_SECRET_KEY; /** * Application provided function to securely store data * @param[in] sk_buf pointer to the data to be saved - * @param[in] buf_len length of the the data to be store + * @param[in] buf_len length of the data to be stored * @param[out] context pointer to application relevant data. * return OQS_SUCCESS if successful, otherwise OQS_ERROR */ @@ -117,7 +117,7 @@ typedef OQS_STATUS (*secure_store_sk)(uint8_t *sk_buf, size_t buf_len, void *con /** * Application provided function to lock secret key object serialize access - * @param[in] sk pointer to secret key object to lock + * @param[in] sk pointer to the secret key object to lock * @param[in] mutex pointer to mutex struct * return OQS_SUCCESS if successful, otherwise OQS_ERROR */ @@ -125,7 +125,7 @@ typedef OQS_STATUS (*lock_key)(void *mutex); /** * Application provided function to unlock secret key object - * @param[in] sk pointer to secret key object to unlock + * @param[in] sk pointer to the secret key object to unlock * @param[in] mutex pointer to mutex struct * return OQS_SUCCESS if successful, otherwise OQS_ERROR */ @@ -199,8 +199,8 @@ typedef struct OQS_SIG_STFL { * based on the `length_*` members in this object or the per-scheme * compile-time macros `OQS_SIG_STFL_*_length_*`. * - * @param[out] public_key The public key represented as a byte string. - * @param[out] secret_key The secret key represented as a byt string + * @param[out] public_key The public key is represented as a byte string. + * @param[out] secret_key The secret key is represented as a byte string * @return OQS_SUCCESS or OQS_ERROR */ OQS_STATUS (*keypair)(uint8_t *public_key, OQS_SIG_STFL_SECRET_KEY *secret_key); @@ -212,11 +212,11 @@ typedef struct OQS_SIG_STFL { * based on the `length_*` members in this object or the per-scheme * compile-time macros `OQS_SIG_STFL_*_length_*`. * - * @param[out] signature The signature on the message represented as a byte string. + * @param[out] signature The signature on the message is represented as a byte string. * @param[out] signature_len The length of the signature. - * @param[in] message The message to sign represented as a byte string. + * @param[in] message The message to sign is represented as a byte string. * @param[in] message_len The length of the message to sign. - * @param[in] secret_key The secret key represented as a byte string. + * @param[in] secret_key The secret key is represented as a byte string. * @return OQS_SUCCESS or OQS_ERROR */ OQS_STATUS (*sign)(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, OQS_SIG_STFL_SECRET_KEY *secret_key); @@ -224,11 +224,11 @@ typedef struct OQS_SIG_STFL { /** * Signature verification algorithm. * - * @param[in] message The message represented as a byte string. + * @param[in] message The message is represented as a byte string. * @param[in] message_len The length of the message. - * @param[in] signature The signature on the message represented as a byte string. + * @param[in] signature The signature on the message is represented as a byte string. * @param[in] signature_len The length of the signature. - * @param[in] public_key The public key represented as a byte string. + * @param[in] public_key The public key is represented as a byte string. * @return OQS_SUCCESS or OQS_ERROR */ OQS_STATUS (*verify)(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); @@ -237,7 +237,7 @@ typedef struct OQS_SIG_STFL { * Query number of remaining signatures * * @param[out] remain The number of remaining signatures - * @param[in] secret_key The secret key represented as a byte string. + * @param[in] secret_key The secret key is represented as a byte string. * @return OQS_SUCCESS or OQS_ERROR */ OQS_STATUS (*sigs_remaining)(unsigned long long *remain, const OQS_SIG_STFL_SECRET_KEY *secret_key); @@ -246,7 +246,7 @@ typedef struct OQS_SIG_STFL { * Total number of signatures * * @param[out] total The total number of signatures - * @param[in] secret_key The secret key represented as a byte string. + * @param[in] secret_key The secret key is represented as a byte string. * @return OQS_SUCCESS or OQS_ERROR */ OQS_STATUS (*sigs_total)(unsigned long long *total, const OQS_SIG_STFL_SECRET_KEY *secret_key); @@ -265,7 +265,7 @@ typedef struct OQS_SIG_STFL_SECRET_KEY { /* The (maximum) length, in bytes, of secret keys for this signature scheme. */ size_t length_secret_key; - /* The variant specific secret key data, must be allocated at the initialization. */ + /* The variant-specific secret key data, must be allocated at the initialization. */ void *secret_key_data; /* mutual exclusion struct */ @@ -278,7 +278,7 @@ typedef struct OQS_SIG_STFL_SECRET_KEY { * Secret Key retrieval Function * * @param[in] sk The secret key represented as OQS_SIG_STFL_SECRET_KEY object - * @param[out] sk_len length of private key as a byte stream + * @param[out] sk_len length of the private key as a byte stream * @param[out] sk_buf_ptr pointer to private key data as a byte stream * @returns length of key material data available * Caller is responsible to **unallocate** the pointer to buffer `sk_buf_ptr`. @@ -290,9 +290,9 @@ typedef struct OQS_SIG_STFL_SECRET_KEY { * * @param[in] sk OQS_SIG_STFL_SECRET_KEY object * @param[in] key_len length of the returned byte string - * @param[in] sk_buf The secret key data to populate key object - * @param[in] context application specific data - * @returns status of the operation populated with key material none-zero length. + * @param[in] sk_buf The secret key data to populate the key object + * @param[in] context application-specific data + * @returns status of the operation populated with key material none zero length. * Caller is responsible to **unallocate** the buffer `sk_buf`. */ OQS_STATUS (*deserialize_key)(OQS_SIG_STFL_SECRET_KEY *sk, const size_t sk_len, const uint8_t *sk_buf, void *context); @@ -318,15 +318,15 @@ typedef struct OQS_SIG_STFL_SECRET_KEY { * Callback function used to securely store key data * @param[in] sk_buf The serialized secret key data to secure store * @param[in] buf_len length of data to secure - * @param[in] context aides the secure writing of data + * @param[in] context aids the secure writing of data * * @return OQS_SUCCESS or OQS_ERROR - * Idealy written to secure device + * Ideally written to secure device */ OQS_STATUS (*secure_store_scrt_key)(uint8_t *sk_buf, size_t buf_len, void *context); /** - * Secret Key free internal variant specific data + * Free internal variant-specific data * * @param[in] sk The secret key represented as OQS_SIG_STFL_SECRET_KEY object * @return none @@ -359,12 +359,12 @@ OQS_API OQS_SIG_STFL *OQS_SIG_STFL_new(const char *method_name); * * Caller is responsible for allocating sufficient memory for `public_key` based * on the `length_*` members in this object or the per-scheme compile-time macros - * `OQS_SIG_STFL_*_length_*`. Caller is also responsible for initializing + * `OQS_SIG_STFL_*_length_*`. The caller is also responsible for initializing * `secret_key` using the OQS_SIG_STFL_SECRET_KEY(*) function * * @param[in] sig The OQS_SIG_STFL object representing the signature scheme. - * @param[out] public_key The public key represented as a byte string. - * @param[out] secret_key The secret key represented as a byte string. + * @param[out] public_key The public key is represented as a byte string. + * @param[out] secret_key The secret key is represented as a byte string. * @return OQS_SUCCESS or OQS_ERROR */ OQS_API OQS_STATUS OQS_SIG_STFL_keypair(const OQS_SIG_STFL *sig, uint8_t *public_key, OQS_SIG_STFL_SECRET_KEY *secret_key); @@ -377,11 +377,11 @@ OQS_API OQS_STATUS OQS_SIG_STFL_keypair(const OQS_SIG_STFL *sig, uint8_t *public * compile-time macros `OQS_SIG_STFL_*_length_*`. * * @param[in] sig The OQS_SIG_STFL object representing the signature scheme. - * @param[out] signature The signature on the message represented as a byte string. + * @param[out] signature The signature on the message is represented as a byte string. * @param[out] signature_len The length of the signature. - * @param[in] message The message to sign represented as a byte string. + * @param[in] message The message to sign is represented as a byte string. * @param[in] message_len The length of the message to sign. - * @param[in] secret_key The secret key represented as a byte string. + * @param[in] secret_key The secret key is represented as a byte string. * @return OQS_SUCCESS or OQS_ERROR */ OQS_API OQS_STATUS OQS_SIG_STFL_sign(const OQS_SIG_STFL *sig, uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, OQS_SIG_STFL_SECRET_KEY *secret_key); @@ -390,11 +390,11 @@ OQS_API OQS_STATUS OQS_SIG_STFL_sign(const OQS_SIG_STFL *sig, uint8_t *signature * Signature verification algorithm. * * @param[in] sig The OQS_SIG_STFL object representing the signature scheme. - * @param[in] message The message represented as a byte string. + * @param[in] message The message is represented as a byte string. * @param[in] message_len The length of the message. - * @param[in] signature The signature on the message represented as a byte string. + * @param[in] signature The signature on the message is represented as a byte string. * @param[in] signature_len The length of the signature. - * @param[in] public_key The public key represented as a byte string. + * @param[in] public_key The public key is represented as a byte string. * @return OQS_SUCCESS or OQS_ERROR */ OQS_API OQS_STATUS OQS_SIG_STFL_verify(const OQS_SIG_STFL *sig, const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key); @@ -403,7 +403,7 @@ OQS_API OQS_STATUS OQS_SIG_STFL_verify(const OQS_SIG_STFL *sig, const uint8_t *m * Query number of remaining signatures * * @param[in] sig The OQS_SIG_STFL object representing the signature scheme. - * @param[in] secret_key The secret key represented as a byte string. + * @param[in] secret_key The secret key is represented as a byte string. * @return OQS_SUCCESS or OQS_ERROR */ OQS_API OQS_STATUS OQS_SIG_STFL_sigs_remaining(const OQS_SIG_STFL *sig, unsigned long long *remain, const OQS_SIG_STFL_SECRET_KEY *secret_key); @@ -413,7 +413,7 @@ OQS_API OQS_STATUS OQS_SIG_STFL_sigs_remaining(const OQS_SIG_STFL *sig, unsigned * * @param[in] sig The OQS_SIG_STFL object representing the signature scheme. * @param[out] max The number of remaining signatures - * @param[in] secret_key The secret key represented as a byte string. + * @param[in] secret_key The secret key is represented as a byte string. * @return OQS_SUCCESS or OQS_ERROR */ OQS_API OQS_STATUS OQS_SIG_STFL_sigs_total(const OQS_SIG_STFL *sig, unsigned long long *max, const OQS_SIG_STFL_SECRET_KEY *secret_key); @@ -439,7 +439,7 @@ OQS_API OQS_SIG_STFL_SECRET_KEY *OQS_SIG_STFL_SECRET_KEY_new(const char *method_ * Frees an OQS_SIG_STFL_SECRET_KEY object that was constructed by OQS_SECRET_KEY_new. * * @param[in] sig The OQS_SIG_STFL_SECRET_KEY object to free. - * @return OQS_SUCCESS if successful, or OQS_ERROR if the object could not be freed. + * @return OQS_SUCCESS if successful, or OQS_ERROR if the object cannot be freed. */ OQS_API void OQS_SIG_STFL_SECRET_KEY_free(OQS_SIG_STFL_SECRET_KEY *sk); @@ -479,7 +479,7 @@ void OQS_SIG_STFL_SECRET_KEY_SET_mutex(OQS_SIG_STFL_SECRET_KEY *sk, void *mutex) /** * OQS_SIG_STFL_SECRET_KEY_lock . * - * Locks sk so only one application that holds the lock can access it. + * Locks the secret key so only one application that holds the lock can access it. * * @param[in] sk secret key pointer to be locked * @return OQS_SUCCESS if successful, or OQS_ERROR if the object fails to apply the lock @@ -490,7 +490,7 @@ OQS_STATUS OQS_SIG_STFL_SECRET_KEY_lock(OQS_SIG_STFL_SECRET_KEY *sk); /** * OQS_SIG_STFL_SECRET_KEY_unlock . * - * Unlocks the resouces so that th enext process can access it. + * Unlocks the secret key so that the next process can access it. * * @param[in] sk secret key pointer * @return OQS_SUCCESS if successful, or OQS_ERROR if the object fails to release the lock @@ -502,7 +502,7 @@ OQS_STATUS OQS_SIG_STFL_SECRET_KEY_unlock(OQS_SIG_STFL_SECRET_KEY *sk); * OQS_SIG_STFL_SECRET_KEY_SET_store_cb . * * Can be called after creating a new stateful secret key has been generated. - * Allows the lib to securely store and update secret key after a sign operation. + * Allows the lib to securely store and update the secret key after a sign operation. * * @param[in] sk secret key pointer to be updated * @param[in] store_cb callback pointer @@ -511,10 +511,10 @@ OQS_STATUS OQS_SIG_STFL_SECRET_KEY_unlock(OQS_SIG_STFL_SECRET_KEY *sk); */ void OQS_SIG_STFL_SECRET_KEY_SET_store_cb(OQS_SIG_STFL_SECRET_KEY *sk, secure_store_sk store_cb, void *context); -/* Serialize stateful secret key data into a byte string, return an allocated buffer. Users is responsible to unallocate the buffer `sk_buf`. */ +/* Serialize stateful secret key data into a byte string, and return an allocated buffer. Users are responsible for deallocating the buffer `sk_buf`. */ OQS_API OQS_STATUS OQS_SECRET_KEY_STFL_serialize_key(OQS_SIG_STFL_SECRET_KEY *sk, size_t *sk_len, uint8_t **sk_buf); -/* Insert stateful byte string into an secret key object. User is responsible to unallocate buffer `sk_buf`. */ +/* Insert stateful byte string into a secret key object. Users are responsible for deallocating buffer `sk_buf`. */ OQS_API OQS_STATUS OQS_SECRET_KEY_STFL_deserialize_key(OQS_SIG_STFL_SECRET_KEY *sk, size_t key_len, const uint8_t *sk_buf, void *context); #if defined(__cplusplus) From 60e947cd42f87e0a9c21a54387a931ec12f24f7e Mon Sep 17 00:00:00 2001 From: Duc Nguyen Date: Tue, 31 Oct 2023 23:18:03 -0400 Subject: [PATCH 29/32] add `const` back to serialize. Reorder parameters to follow liboqs convention --- src/sig_stfl/lms/sig_stfl_lms.c | 6 +++--- src/sig_stfl/lms/sig_stfl_lms.h | 2 +- src/sig_stfl/lms/sig_stfl_lms_functions.c | 4 ++-- src/sig_stfl/sig_stfl.c | 6 +++--- src/sig_stfl/sig_stfl.h | 6 +++--- src/sig_stfl/xmss/sig_stfl_xmss.h | 10 +++++----- src/sig_stfl/xmss/sig_stfl_xmss_functions.c | 2 +- src/sig_stfl/xmss/sig_stfl_xmss_secret_key_functions.c | 6 +++--- src/sig_stfl/xmss/sig_stfl_xmssmt_functions.c | 2 +- tests/test_sig_stfl.c | 4 ++-- 10 files changed, 24 insertions(+), 24 deletions(-) diff --git a/src/sig_stfl/lms/sig_stfl_lms.c b/src/sig_stfl/lms/sig_stfl_lms.c index 2ea68ab135..b6d57902ee 100644 --- a/src/sig_stfl/lms/sig_stfl_lms.c +++ b/src/sig_stfl/lms/sig_stfl_lms.c @@ -8,7 +8,7 @@ #include "sig_stfl_lms.h" /* Convert LMS secret key object to byte string */ -static OQS_STATUS OQS_SECRET_KEY_LMS_serialize_key(OQS_SIG_STFL_SECRET_KEY *sk, size_t *sk_len, uint8_t **sk_buf_ptr); +static OQS_STATUS OQS_SECRET_KEY_LMS_serialize_key(uint8_t **sk_buf_ptr, size_t *sk_len, const OQS_SIG_STFL_SECRET_KEY *sk); /* Insert lms byte string in an LMS secret key object */ static OQS_STATUS OQS_SECRET_KEY_LMS_deserialize_key(OQS_SIG_STFL_SECRET_KEY *sk, const size_t sk_len, const uint8_t *sk_buf, void *context); @@ -1760,13 +1760,13 @@ void OQS_SECRET_KEY_LMS_free(OQS_SIG_STFL_SECRET_KEY *sk) { } /* Convert LMS secret key object to byte string */ -static OQS_STATUS OQS_SECRET_KEY_LMS_serialize_key(OQS_SIG_STFL_SECRET_KEY *sk, size_t *sk_len, uint8_t **sk_buf_ptr) { +static OQS_STATUS OQS_SECRET_KEY_LMS_serialize_key(uint8_t **sk_buf_ptr, size_t *sk_len, const OQS_SIG_STFL_SECRET_KEY *sk) { OQS_STATUS status; if (sk->lock_key && sk->mutex) { sk->lock_key(sk->mutex); } - status = oqs_serialize_lms_key(sk, sk_len, sk_buf_ptr); + status = oqs_serialize_lms_key(sk_buf_ptr, sk_len, sk); if (sk->unlock_key && sk->mutex) { sk->unlock_key(sk->mutex); diff --git a/src/sig_stfl/lms/sig_stfl_lms.h b/src/sig_stfl/lms/sig_stfl_lms.h index a2d00cd9bb..b75446d2e3 100644 --- a/src/sig_stfl/lms/sig_stfl_lms.h +++ b/src/sig_stfl/lms/sig_stfl_lms.h @@ -209,7 +209,7 @@ int oqs_sig_stfl_lms_verify(const uint8_t *m, size_t mlen, const uint8_t *sm, si void oqs_secret_lms_key_free(OQS_SIG_STFL_SECRET_KEY *sk); -OQS_STATUS oqs_serialize_lms_key(OQS_SIG_STFL_SECRET_KEY *sk, size_t *sk_len, uint8_t **sk_key); +OQS_STATUS oqs_serialize_lms_key(uint8_t **sk_key, size_t *sk_len, const OQS_SIG_STFL_SECRET_KEY *sk); OQS_STATUS oqs_deserialize_lms_key(OQS_SIG_STFL_SECRET_KEY *sk, const size_t sk_len, const uint8_t *sk_buf, void *context); void oqs_lms_key_set_store_cb(OQS_SIG_STFL_SECRET_KEY *sk, secure_store_sk store_cb, void *context); diff --git a/src/sig_stfl/lms/sig_stfl_lms_functions.c b/src/sig_stfl/lms/sig_stfl_lms_functions.c index d9577d2b8d..1e3154b009 100644 --- a/src/sig_stfl/lms/sig_stfl_lms_functions.c +++ b/src/sig_stfl/lms/sig_stfl_lms_functions.c @@ -88,7 +88,7 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_lms_sign(uint8_t *signature, size_t *signatu * but, delete signature and the serialized key other wise */ - rc_keyupdate = oqs_serialize_lms_key(secret_key, &sk_key_buf_len, &sk_key_buf); + rc_keyupdate = oqs_serialize_lms_key(&sk_key_buf, &sk_key_buf_len, secret_key); if (rc_keyupdate != OQS_SUCCESS) { goto err; } @@ -563,7 +563,7 @@ void oqs_secret_lms_key_free(OQS_SIG_STFL_SECRET_KEY *sk) { * Convert LMS secret key object to byte string * Writes secret key + aux data if present */ -OQS_STATUS oqs_serialize_lms_key(OQS_SIG_STFL_SECRET_KEY *sk, size_t *sk_len, uint8_t **sk_key) { +OQS_STATUS oqs_serialize_lms_key(uint8_t **sk_key, size_t *sk_len, const OQS_SIG_STFL_SECRET_KEY *sk) { if (sk == NULL || sk_len == NULL || sk_key == NULL) { return OQS_ERROR; diff --git a/src/sig_stfl/sig_stfl.c b/src/sig_stfl/sig_stfl.c index 43c19dcff9..9bdee77780 100644 --- a/src/sig_stfl/sig_stfl.c +++ b/src/sig_stfl/sig_stfl.c @@ -822,12 +822,12 @@ OQS_API void OQS_SIG_STFL_SECRET_KEY_SET_store_cb(OQS_SIG_STFL_SECRET_KEY *sk, s } /* Convert secret key object to byte string */ -OQS_API OQS_STATUS OQS_SECRET_KEY_STFL_serialize_key(OQS_SIG_STFL_SECRET_KEY *sk, size_t *sk_len, uint8_t **sk_buf) { - if (sk == NULL || sk_len == NULL || sk_buf == NULL || sk->serialize_key == NULL) { +OQS_API OQS_STATUS OQS_SECRET_KEY_STFL_serialize_key(uint8_t **sk_buf_ptr, size_t *sk_len, const OQS_SIG_STFL_SECRET_KEY *sk) { + if (sk == NULL || sk_len == NULL || sk_buf_ptr == NULL || sk->serialize_key == NULL) { return OQS_ERROR; } - return sk->serialize_key(sk, sk_len, sk_buf); + return sk->serialize_key(sk_buf_ptr, sk_len, sk); } /* Insert secret key byte string in an Stateful secret key object */ diff --git a/src/sig_stfl/sig_stfl.h b/src/sig_stfl/sig_stfl.h index a879c9ee03..ad55b11d1a 100644 --- a/src/sig_stfl/sig_stfl.h +++ b/src/sig_stfl/sig_stfl.h @@ -281,9 +281,9 @@ typedef struct OQS_SIG_STFL_SECRET_KEY { * @param[out] sk_len length of the private key as a byte stream * @param[out] sk_buf_ptr pointer to private key data as a byte stream * @returns length of key material data available - * Caller is responsible to **unallocate** the pointer to buffer `sk_buf_ptr`. + * Caller is responsible for **deallocating** the pointer to buffer `sk_buf_ptr`. */ - OQS_STATUS (*serialize_key)(OQS_SIG_STFL_SECRET_KEY *sk, size_t *sk_len, uint8_t **sk_buf_ptr); + OQS_STATUS (*serialize_key)(uint8_t **sk_buf_ptr, size_t *sk_len, const OQS_SIG_STFL_SECRET_KEY *sk); /** * Secret Key to internal structure Function @@ -512,7 +512,7 @@ OQS_STATUS OQS_SIG_STFL_SECRET_KEY_unlock(OQS_SIG_STFL_SECRET_KEY *sk); void OQS_SIG_STFL_SECRET_KEY_SET_store_cb(OQS_SIG_STFL_SECRET_KEY *sk, secure_store_sk store_cb, void *context); /* Serialize stateful secret key data into a byte string, and return an allocated buffer. Users are responsible for deallocating the buffer `sk_buf`. */ -OQS_API OQS_STATUS OQS_SECRET_KEY_STFL_serialize_key(OQS_SIG_STFL_SECRET_KEY *sk, size_t *sk_len, uint8_t **sk_buf); +OQS_API OQS_STATUS OQS_SECRET_KEY_STFL_serialize_key(uint8_t **sk_buf_ptr, size_t *sk_len, const OQS_SIG_STFL_SECRET_KEY *sk); /* Insert stateful byte string into a secret key object. Users are responsible for deallocating buffer `sk_buf`. */ OQS_API OQS_STATUS OQS_SECRET_KEY_STFL_deserialize_key(OQS_SIG_STFL_SECRET_KEY *sk, size_t key_len, const uint8_t *sk_buf, void *context); diff --git a/src/sig_stfl/xmss/sig_stfl_xmss.h b/src/sig_stfl/xmss/sig_stfl_xmss.h index b58327c09b..de74208947 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmss.h +++ b/src/sig_stfl/xmss/sig_stfl_xmss.h @@ -566,22 +566,22 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sigs_total(unsigned long long *total, /* Generic XMSS SECRET_KEY object initialization */ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_XMSS_new(size_t length_secret_key); -/* Serialize XMSS secret key data into a byte string, return an allocated buffer. Users have to unallocated the buffer. */ -OQS_STATUS OQS_SECRET_KEY_XMSS_serialize_key(OQS_SIG_STFL_SECRET_KEY *sk, size_t *sk_len, uint8_t **sk_buf_ptr); +/* Serialize XMSS secret key data into a byte string, and return an allocated buffer. Users must deallocate the buffer. */ +OQS_STATUS OQS_SECRET_KEY_XMSS_serialize_key(uint8_t **sk_buf_ptr, size_t *sk_len, const OQS_SIG_STFL_SECRET_KEY *sk); /* Deserialize XMSS byte string into an XMSS secret key data */ OQS_STATUS OQS_SECRET_KEY_XMSS_deserialize_key(OQS_SIG_STFL_SECRET_KEY *sk, const size_t sk_len, const uint8_t *sk_buf, void *context); -/* Store Secret Key Function, idealy written to secure device */ +/* Store Secret Key Function, ideally written to secure device */ void OQS_SECRET_KEY_XMSS_set_store_cb(OQS_SIG_STFL_SECRET_KEY *sk, secure_store_sk store_cb, void *context); /* Free Secret key object */ void OQS_SECRET_KEY_XMSS_free(OQS_SIG_STFL_SECRET_KEY *sk); /* Lock the key if possible */ -void OQS_SECRET_KEY_XMSS_acquire_lock(OQS_SIG_STFL_SECRET_KEY *sk); +void OQS_SECRET_KEY_XMSS_acquire_lock(const OQS_SIG_STFL_SECRET_KEY *sk); /* Unlock the key if possible */ -void OQS_SECRET_KEY_XMSS_release_lock(OQS_SIG_STFL_SECRET_KEY *sk); +void OQS_SECRET_KEY_XMSS_release_lock(const OQS_SIG_STFL_SECRET_KEY *sk); #endif /* OQS_SIG_STFL_XMSS_H */ diff --git a/src/sig_stfl/xmss/sig_stfl_xmss_functions.c b/src/sig_stfl/xmss/sig_stfl_xmss_functions.c index 86b09bc363..6c8802480a 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmss_functions.c +++ b/src/sig_stfl/xmss/sig_stfl_xmss_functions.c @@ -45,7 +45,7 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sign(uint8_t *signature, size_t *signat * regardless, delete signature and the serialized key other wise */ - status = OQS_SECRET_KEY_XMSS_serialize_key(secret_key, &sk_key_buf_len, &sk_key_buf_ptr); + status = OQS_SECRET_KEY_XMSS_serialize_key(&sk_key_buf_ptr, &sk_key_buf_len, secret_key); if (status != OQS_SUCCESS) { goto err; } diff --git a/src/sig_stfl/xmss/sig_stfl_xmss_secret_key_functions.c b/src/sig_stfl/xmss/sig_stfl_xmss_secret_key_functions.c index e5078fb165..ca6fff476b 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmss_secret_key_functions.c +++ b/src/sig_stfl/xmss/sig_stfl_xmss_secret_key_functions.c @@ -65,7 +65,7 @@ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_XMSS_new(size_t length_secret_key) { } /* Serialize XMSS secret key data into a byte string, return an allocated buffer. Users have to unallocated the buffer. */ -OQS_STATUS OQS_SECRET_KEY_XMSS_serialize_key(OQS_SIG_STFL_SECRET_KEY *sk, size_t *sk_len, uint8_t **sk_buf_ptr) { +OQS_STATUS OQS_SECRET_KEY_XMSS_serialize_key(uint8_t **sk_buf_ptr, size_t *sk_len, const OQS_SIG_STFL_SECRET_KEY *sk) { if (sk == NULL || sk_len == NULL || sk_buf_ptr == NULL) { return OQS_ERROR; } @@ -119,7 +119,7 @@ void OQS_SECRET_KEY_XMSS_free(OQS_SIG_STFL_SECRET_KEY *sk) { sk->secret_key_data = NULL; } -void OQS_SECRET_KEY_XMSS_acquire_lock(OQS_SIG_STFL_SECRET_KEY *sk) { +void OQS_SECRET_KEY_XMSS_acquire_lock(const OQS_SIG_STFL_SECRET_KEY *sk) { if (sk == NULL) { return; } @@ -130,7 +130,7 @@ void OQS_SECRET_KEY_XMSS_acquire_lock(OQS_SIG_STFL_SECRET_KEY *sk) { } } -void OQS_SECRET_KEY_XMSS_release_lock(OQS_SIG_STFL_SECRET_KEY *sk) { +void OQS_SECRET_KEY_XMSS_release_lock(const OQS_SIG_STFL_SECRET_KEY *sk) { if (sk == NULL) { return; } diff --git a/src/sig_stfl/xmss/sig_stfl_xmssmt_functions.c b/src/sig_stfl/xmss/sig_stfl_xmssmt_functions.c index 97ea79dc33..b9857d2915 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmssmt_functions.c +++ b/src/sig_stfl/xmss/sig_stfl_xmssmt_functions.c @@ -45,7 +45,7 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sign(uint8_t *signature, size_t *sign * regardless, delete signature and the serialized key other wise */ - status = OQS_SECRET_KEY_XMSS_serialize_key(secret_key, &sk_key_buf_len, &sk_key_buf_ptr); + status = OQS_SECRET_KEY_XMSS_serialize_key(&sk_key_buf_ptr, &sk_key_buf_len, secret_key); if (status != OQS_SUCCESS) { goto err; } diff --git a/tests/test_sig_stfl.c b/tests/test_sig_stfl.c index 7a73a4be1f..8134c9ed0b 100644 --- a/tests/test_sig_stfl.c +++ b/tests/test_sig_stfl.c @@ -458,7 +458,7 @@ static OQS_STATUS sig_stfl_test_correctness(const char *method_name, const char goto err; } - rc = OQS_SECRET_KEY_STFL_serialize_key(secret_key, &sk_buf_len, &sk_buf); + rc = OQS_SECRET_KEY_STFL_serialize_key(&sk_buf, &sk_buf_len, secret_key); if (rc != OQS_SUCCESS) { goto err; } @@ -619,7 +619,7 @@ static OQS_STATUS sig_stfl_test_secret_key(const char *method_name, const char * } /* write sk key to disk */ - rc = OQS_SECRET_KEY_STFL_serialize_key(sk, &to_file_sk_len, &to_file_sk_buf); + rc = OQS_SECRET_KEY_STFL_serialize_key(&to_file_sk_buf, &to_file_sk_len, sk); if (rc != OQS_SUCCESS) { goto err; } From b2d56704bf0871655cdbc5a9ffaea96a248dc50a Mon Sep 17 00:00:00 2001 From: Duc Nguyen Date: Wed, 1 Nov 2023 11:29:07 -0400 Subject: [PATCH 30/32] use inner_serialize to avoid recursive lock --- src/sig_stfl/xmss/sig_stfl_xmss.h | 3 + src/sig_stfl/xmss/sig_stfl_xmss_functions.c | 2 +- .../xmss/sig_stfl_xmss_secret_key_functions.c | 20 ++ src/sig_stfl/xmss/sig_stfl_xmssmt_functions.c | 2 +- tests/test_sig_stfl.c | 212 ++++++++---------- 5 files changed, 117 insertions(+), 122 deletions(-) diff --git a/src/sig_stfl/xmss/sig_stfl_xmss.h b/src/sig_stfl/xmss/sig_stfl_xmss.h index de74208947..d1663f1720 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmss.h +++ b/src/sig_stfl/xmss/sig_stfl_xmss.h @@ -569,6 +569,9 @@ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_XMSS_new(size_t length_secret_key); /* Serialize XMSS secret key data into a byte string, and return an allocated buffer. Users must deallocate the buffer. */ OQS_STATUS OQS_SECRET_KEY_XMSS_serialize_key(uint8_t **sk_buf_ptr, size_t *sk_len, const OQS_SIG_STFL_SECRET_KEY *sk); +/* Only for internal use. Similar to OQS_SECRET_KEY_XMSS_serialize_key, this function does not acquire and release a lock. */ +OQS_STATUS OQS_SECRET_KEY_XMSS_inner_serialize_key(uint8_t **sk_buf_ptr, size_t *sk_len, const OQS_SIG_STFL_SECRET_KEY *sk); + /* Deserialize XMSS byte string into an XMSS secret key data */ OQS_STATUS OQS_SECRET_KEY_XMSS_deserialize_key(OQS_SIG_STFL_SECRET_KEY *sk, const size_t sk_len, const uint8_t *sk_buf, void *context); diff --git a/src/sig_stfl/xmss/sig_stfl_xmss_functions.c b/src/sig_stfl/xmss/sig_stfl_xmss_functions.c index 6c8802480a..bfdf3e023b 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmss_functions.c +++ b/src/sig_stfl/xmss/sig_stfl_xmss_functions.c @@ -45,7 +45,7 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sign(uint8_t *signature, size_t *signat * regardless, delete signature and the serialized key other wise */ - status = OQS_SECRET_KEY_XMSS_serialize_key(&sk_key_buf_ptr, &sk_key_buf_len, secret_key); + status = OQS_SECRET_KEY_XMSS_inner_serialize_key(&sk_key_buf_ptr, &sk_key_buf_len, secret_key); if (status != OQS_SUCCESS) { goto err; } diff --git a/src/sig_stfl/xmss/sig_stfl_xmss_secret_key_functions.c b/src/sig_stfl/xmss/sig_stfl_xmss_secret_key_functions.c index ca6fff476b..cfeab4548e 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmss_secret_key_functions.c +++ b/src/sig_stfl/xmss/sig_stfl_xmss_secret_key_functions.c @@ -90,6 +90,26 @@ OQS_STATUS OQS_SECRET_KEY_XMSS_serialize_key(uint8_t **sk_buf_ptr, size_t *sk_le return OQS_SUCCESS; } +/* Only for internal use. Similar to OQS_SECRET_KEY_XMSS_serialize_key, but this function does not aquire and release lock. */ +OQS_STATUS OQS_SECRET_KEY_XMSS_inner_serialize_key(uint8_t **sk_buf_ptr, size_t *sk_len, const OQS_SIG_STFL_SECRET_KEY *sk) { + if (sk == NULL || sk_len == NULL || sk_buf_ptr == NULL) { + return OQS_ERROR; + } + + uint8_t *sk_buf = malloc(sk->length_secret_key * sizeof(uint8_t)); + if (sk_buf == NULL) { + return OQS_ERROR; + } + + // Simply copy byte string of secret_key_data + memcpy(sk_buf, sk->secret_key_data, sk->length_secret_key); + + *sk_buf_ptr = sk_buf; + *sk_len = sk->length_secret_key; + + return OQS_SUCCESS; +} + /* Deserialize XMSS byte string into an XMSS secret key data. */ OQS_STATUS OQS_SECRET_KEY_XMSS_deserialize_key(OQS_SIG_STFL_SECRET_KEY *sk, const size_t sk_len, const uint8_t *sk_buf, XMSS_UNUSED_ATT void *context) { if (sk == NULL || sk_buf == NULL || (sk_len != sk->length_secret_key)) { diff --git a/src/sig_stfl/xmss/sig_stfl_xmssmt_functions.c b/src/sig_stfl/xmss/sig_stfl_xmssmt_functions.c index b9857d2915..d1aa9e923d 100644 --- a/src/sig_stfl/xmss/sig_stfl_xmssmt_functions.c +++ b/src/sig_stfl/xmss/sig_stfl_xmssmt_functions.c @@ -45,7 +45,7 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmssmt_sign(uint8_t *signature, size_t *sign * regardless, delete signature and the serialized key other wise */ - status = OQS_SECRET_KEY_XMSS_serialize_key(&sk_key_buf_ptr, &sk_key_buf_len, secret_key); + status = OQS_SECRET_KEY_XMSS_inner_serialize_key(&sk_key_buf_ptr, &sk_key_buf_len, secret_key); if (status != OQS_SUCCESS) { goto err; } diff --git a/tests/test_sig_stfl.c b/tests/test_sig_stfl.c index 8134c9ed0b..689397af52 100644 --- a/tests/test_sig_stfl.c +++ b/tests/test_sig_stfl.c @@ -39,68 +39,6 @@ static pthread_mutex_t *sk_lock = NULL; */ #define MAX_MARKER_LEN 50 -static OQS_SIG_STFL_SECRET_KEY *lock_test_sk = NULL; -static OQS_SIG_STFL *lock_test_sig_obj = NULL; -static uint8_t *lock_test_public_key = NULL; -static char *lock_test_context = NULL; -static uint8_t *signature_1 = NULL; -static uint8_t *signature_2 = NULL; -static size_t signature_len_1; -static size_t signature_len_2; -static uint8_t message_1[] = "The quick brown fox ..."; -static uint8_t message_2[] = "The quick brown fox jumped from the tree."; - -/* - * Write stateful secret keys to disk. - */ -static OQS_STATUS save_secret_key(uint8_t *key_buf, size_t buf_len, void *context) { - if (key_buf == NULL || buf_len == 0 || context == NULL) { - return OQS_ERROR; - } - const char *context_char = context; - - if (oqs_fstore("sk", context_char, key_buf, buf_len) == OQS_SUCCESS) { - printf("\n================================================================================\n"); - printf("Updated STFL SK <%s>.\n", context_char); - printf("================================================================================\n"); - return OQS_SUCCESS; - } - - return OQS_ERROR; -} - -#if OQS_USE_PTHREADS_IN_TESTS -static OQS_STATUS lock_sk_key(void *mutex) { - if (mutex == NULL) { - return OQS_ERROR; - } - - if (!(pthread_mutex_lock((pthread_mutex_t *)mutex))) { - return OQS_SUCCESS; - } - return OQS_ERROR; -} - -static OQS_STATUS unlock_sk_key(void *mutex) { - if (mutex == NULL) { - return OQS_ERROR; - } - - if (!(pthread_mutex_unlock((pthread_mutex_t *)mutex))) { - return OQS_SUCCESS; - } - return OQS_ERROR; -} -#else -static OQS_STATUS lock_sk_key(void *mutex) { - return OQS_SUCCESS; -} - -static OQS_STATUS unlock_sk_key(void *mutex) { - return OQS_SUCCESS; -} -#endif - // // ALLOW TO READ HEXADECIMAL ENTRY (KEYS, DATA, TEXT, etc.) // @@ -193,6 +131,68 @@ int ReadHex(FILE *infile, unsigned char *a, unsigned long Length, char *str) { return 1; } +static OQS_SIG_STFL_SECRET_KEY *lock_test_sk = NULL; +static OQS_SIG_STFL *lock_test_sig_obj = NULL; +static uint8_t *lock_test_public_key = NULL; +static char *lock_test_context = NULL; +static uint8_t *signature_1 = NULL; +static uint8_t *signature_2 = NULL; +static size_t signature_len_1; +static size_t signature_len_2; +static uint8_t message_1[] = "The quick brown fox ..."; +static uint8_t message_2[] = "The quick brown fox jumped from the tree."; + +/* + * Write stateful secret keys to disk. + */ +static OQS_STATUS save_secret_key(uint8_t *key_buf, size_t buf_len, void *context) { + if (key_buf == NULL || buf_len == 0 || context == NULL) { + return OQS_ERROR; + } + const char *context_char = context; + + if (oqs_fstore("sk", context_char, key_buf, buf_len) == OQS_SUCCESS) { + printf("\n================================================================================\n"); + printf("Updated STFL SK <%s>.\n", context_char); + printf("================================================================================\n"); + return OQS_SUCCESS; + } + + return OQS_ERROR; +} + +#if OQS_USE_PTHREADS_IN_TESTS +static OQS_STATUS lock_sk_key(void *mutex) { + if (mutex == NULL) { + return OQS_ERROR; + } + + if (pthread_mutex_lock((pthread_mutex_t *)mutex)) { + return OQS_ERROR; + } + return OQS_SUCCESS; +} + +static OQS_STATUS unlock_sk_key(void *mutex) { + if (mutex == NULL) { + return OQS_ERROR; + } + + if (pthread_mutex_unlock((pthread_mutex_t *)mutex)) { + return OQS_ERROR; + } + return OQS_SUCCESS; +} +#else +static OQS_STATUS lock_sk_key(void *mutex) { + return OQS_SUCCESS; +} + +static OQS_STATUS unlock_sk_key(void *mutex) { + return OQS_SUCCESS; +} +#endif + OQS_STATUS sig_stfl_keypair_from_keygen(OQS_SIG_STFL *sig, uint8_t *public_key, OQS_SIG_STFL_SECRET_KEY *secret_key) { OQS_STATUS rc; @@ -933,18 +933,18 @@ static void TEST_SIG_STFL_randombytes(uint8_t *random_array, size_t bytes_to_rea #endif #if OQS_USE_PTHREADS_IN_TESTS -struct thread_data { +typedef struct thread_data { const char *alg_name; const char *katfile; OQS_STATUS rc; OQS_STATUS rc1; -}; +} thread_data_t; -struct lock_test_data { +typedef struct lock_test_data { const char *alg_name; const char *katfile; OQS_STATUS rc; -}; +} lock_test_data_t; void *test_query_key(void *arg) { struct lock_test_data *td = arg; @@ -1014,30 +1014,21 @@ int main(int argc, char **argv) { OQS_randombytes_switch_algorithm("system"); #endif - OQS_STATUS rc = OQS_SUCCESS, rc1 = OQS_SUCCESS, - rc_lck = OQS_SUCCESS, rc_sig = OQS_SUCCESS, rc_qry = OQS_SUCCESS; + OQS_STATUS rc = OQS_ERROR, rc1 = OQS_ERROR; + #if OQS_USE_PTHREADS_IN_TESTS #define MAX_LEN_SIG_NAME_ 64 + OQS_STATUS rc_create = OQS_ERROR, rc_sign = OQS_ERROR, rc_query = OQS_ERROR; pthread_t thread; pthread_t create_key_thread; pthread_t sign_key_thread; pthread_t query_key_thread; - struct thread_data td; - td.alg_name = alg_name; - td.katfile = katfile; - - struct lock_test_data td_create; - struct lock_test_data td_sign; - struct lock_test_data td_query; - td_create.alg_name = alg_name; - td_sign.alg_name = alg_name; - td_query.alg_name = alg_name; - - td_create.katfile = katfile; - td_sign.katfile = katfile; - td_query.katfile = katfile; - pthread_mutexattr_t attr1, attr2; + + thread_data_t td = {.alg_name = alg_name, .katfile = katfile, .rc = OQS_ERROR, .rc1 = OQS_ERROR}; + lock_test_data_t td_create = {.alg_name = alg_name, .katfile = katfile, .rc = OQS_ERROR}; + lock_test_data_t td_sign = {.alg_name = alg_name, .katfile = katfile, .rc = OQS_ERROR}; + lock_test_data_t td_query = {.alg_name = alg_name, .katfile = katfile, .rc = OQS_ERROR}; test_sk_lock = (pthread_mutex_t *)malloc(sizeof(pthread_mutex_t)); if (test_sk_lock == NULL) { @@ -1048,64 +1039,45 @@ int main(int argc, char **argv) { goto err; } - if (pthread_mutexattr_init(&attr1)) { - goto err; - } - if (pthread_mutexattr_init(&attr2)) { + if (pthread_mutex_init(test_sk_lock, NULL) || pthread_mutex_init(sk_lock, NULL)) { + fprintf(stderr, "ERROR: Initializing mutex\n"); goto err; } - pthread_mutexattr_settype(&attr1, PTHREAD_MUTEX_RECURSIVE); - pthread_mutexattr_settype(&attr2, PTHREAD_MUTEX_RECURSIVE); - - if (pthread_mutex_init(test_sk_lock, &attr1)) { - goto err; - } - if (pthread_mutex_init(test_sk_lock, &attr2)) { + if (pthread_create(&thread, NULL, test_wrapper, &td)) { + fprintf(stderr, "ERROR: Creating pthread for test_wrapper\n"); goto err; } - - int trc = pthread_create(&thread, NULL, test_wrapper, &td); - if (trc) { - fprintf(stderr, "ERROR: Creating pthread\n"); - OQS_destroy(); - return EXIT_FAILURE; - } pthread_join(thread, NULL); rc = td.rc; rc1 = td.rc1; - int trc_2 = pthread_create(&create_key_thread, NULL, test_create_keys, &td_create); - if (trc_2) { - fprintf(stderr, "ERROR: Creating pthread for stateful key gen test\n"); - OQS_destroy(); - return EXIT_FAILURE; + if (pthread_create(&create_key_thread, NULL, test_create_keys, &td_create)) { + fprintf(stderr, "ERROR: Creating pthread for test_create_keys\n"); + goto err; } pthread_join(create_key_thread, NULL); - rc_lck = td_create.rc; + rc_create = td_create.rc; - int trc_3 = pthread_create(&sign_key_thread, NULL, test_sig_gen, &td_sign); - if (trc_3) { - fprintf(stderr, "ERROR: Creating pthread for sig gen test\n"); - OQS_destroy(); - return EXIT_FAILURE; + if (pthread_create(&sign_key_thread, NULL, test_sig_gen, &td_sign)) { + fprintf(stderr, "ERROR: Creating pthread for test_sig_gen\n"); + goto err; } pthread_join(sign_key_thread, NULL); - rc_sig = td_sign.rc; + rc_sign = td_sign.rc; - int trc_4 = pthread_create(&query_key_thread, NULL, test_query_key, &td_query); - if (trc_4) { - fprintf(stderr, "ERROR: Creating pthread for query key test.\n"); - OQS_destroy(); - return EXIT_FAILURE; + if (pthread_create(&query_key_thread, NULL, test_query_key, &td_query)) { + fprintf(stderr, "ERROR: Creating pthread for test_query_key\n"); + goto err; } pthread_join(query_key_thread, NULL); - rc_qry = td_query.rc; + rc_query = td_query.rc; err: if (test_sk_lock) { pthread_mutex_destroy(test_sk_lock); } + if (sk_lock) { pthread_mutex_destroy(sk_lock); } @@ -1123,7 +1095,7 @@ int main(int argc, char **argv) { OQS_destroy(); if (rc != OQS_SUCCESS || rc1 != OQS_SUCCESS || - rc_lck != OQS_SUCCESS || rc_sig != OQS_SUCCESS || rc_qry != OQS_SUCCESS) { + rc_create != OQS_SUCCESS || rc_sign != OQS_SUCCESS || rc_query != OQS_SUCCESS) { return EXIT_FAILURE; } return EXIT_SUCCESS; From 9fbb5c3087eb0e90e808aca1d6ba0108b2903c5d Mon Sep 17 00:00:00 2001 From: Duc Nguyen Date: Wed, 1 Nov 2023 11:50:26 -0400 Subject: [PATCH 31/32] add return code in case pthread API has errors --- tests/test_sig_stfl.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/tests/test_sig_stfl.c b/tests/test_sig_stfl.c index 689397af52..4b346707e3 100644 --- a/tests/test_sig_stfl.c +++ b/tests/test_sig_stfl.c @@ -14,6 +14,7 @@ #include #include "tmp_store.c" +#include "system_info.c" #if OQS_USE_PTHREADS_IN_TESTS #include @@ -31,8 +32,6 @@ static pthread_mutex_t *sk_lock = NULL; #define OQS_TEST_CT_DECLASSIFY(addr, len) #endif -#include "system_info.c" - /* * For stateful signature, we skip key generation because it can takes hours to complete. * So the ReadHex and and FindMarker serve the purpose of reading pre-generate keypair from KATs. @@ -1015,6 +1014,7 @@ int main(int argc, char **argv) { #endif OQS_STATUS rc = OQS_ERROR, rc1 = OQS_ERROR; + int exit_status = EXIT_SUCCESS; #if OQS_USE_PTHREADS_IN_TESTS #define MAX_LEN_SIG_NAME_ 64 @@ -1041,11 +1041,13 @@ int main(int argc, char **argv) { if (pthread_mutex_init(test_sk_lock, NULL) || pthread_mutex_init(sk_lock, NULL)) { fprintf(stderr, "ERROR: Initializing mutex\n"); + exit_status = EXIT_FAILURE; goto err; } if (pthread_create(&thread, NULL, test_wrapper, &td)) { fprintf(stderr, "ERROR: Creating pthread for test_wrapper\n"); + exit_status = EXIT_FAILURE; goto err; } pthread_join(thread, NULL); @@ -1054,6 +1056,7 @@ int main(int argc, char **argv) { if (pthread_create(&create_key_thread, NULL, test_create_keys, &td_create)) { fprintf(stderr, "ERROR: Creating pthread for test_create_keys\n"); + exit_status = EXIT_FAILURE; goto err; } pthread_join(create_key_thread, NULL); @@ -1061,6 +1064,7 @@ int main(int argc, char **argv) { if (pthread_create(&sign_key_thread, NULL, test_sig_gen, &td_sign)) { fprintf(stderr, "ERROR: Creating pthread for test_sig_gen\n"); + exit_status = EXIT_FAILURE; goto err; } pthread_join(sign_key_thread, NULL); @@ -1068,19 +1072,15 @@ int main(int argc, char **argv) { if (pthread_create(&query_key_thread, NULL, test_query_key, &td_query)) { fprintf(stderr, "ERROR: Creating pthread for test_query_key\n"); + exit_status = EXIT_FAILURE; goto err; } pthread_join(query_key_thread, NULL); rc_query = td_query.rc; err: - if (test_sk_lock) { - pthread_mutex_destroy(test_sk_lock); - } - - if (sk_lock) { - pthread_mutex_destroy(sk_lock); - } + pthread_mutex_destroy(test_sk_lock); + pthread_mutex_destroy(sk_lock); #else rc = sig_stfl_test_correctness(alg_name, katfile); rc1 = sig_stfl_test_secret_key(alg_name, katfile); @@ -1098,5 +1098,5 @@ int main(int argc, char **argv) { rc_create != OQS_SUCCESS || rc_sign != OQS_SUCCESS || rc_query != OQS_SUCCESS) { return EXIT_FAILURE; } - return EXIT_SUCCESS; + return exit_status; } From 2dab95447a1022611186219444a0255be3a8a59c Mon Sep 17 00:00:00 2001 From: Duc Nguyen Date: Wed, 1 Nov 2023 12:17:10 -0400 Subject: [PATCH 32/32] fix scan_build NULL error --- tests/test_sig_stfl.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/tests/test_sig_stfl.c b/tests/test_sig_stfl.c index 4b346707e3..dd75b8a916 100644 --- a/tests/test_sig_stfl.c +++ b/tests/test_sig_stfl.c @@ -1079,8 +1079,12 @@ int main(int argc, char **argv) { rc_query = td_query.rc; err: - pthread_mutex_destroy(test_sk_lock); - pthread_mutex_destroy(sk_lock); + if (test_sk_lock) { + pthread_mutex_destroy(test_sk_lock); + } + if (sk_lock) { + pthread_mutex_destroy(sk_lock); + } #else rc = sig_stfl_test_correctness(alg_name, katfile); rc1 = sig_stfl_test_secret_key(alg_name, katfile);