Add benchmarking for stateful hash based schemes: speed_sig_stfl

[cr-marcstevens]

This pull requests adds an executable tests/speed_sig_stfl to be able to benchmark the stateful hash based schemes in liboqs.

The source code tests/speed_sig_stfl.c is directly copied from tests/speed_sig.c,
but making the relevant changes to use the SIG_STFL functions and types instead.

Here are some issues encountered specific to SIG_STFL code:

• A secure store needs to be set for the secret key, the context must not be NULL
• A stfl sig has a maximum number of signatures, potentially as low as 2^5=32. One needs to create a new secret key once this number of signatures has been reached.
• key generation and signing can be extremely costly for some stfl sig algorithms. Automatic testing should focus only on small parameters.
• You cannot create a new secret key over an old (used up) one. You need to free the old secret key, and create a new one.
• Bugfix new code: be careful to actually return the new secret key pointer between functions. Otherwise there is a use-after-free bug.
• for stfl sigs it is possible to disable key generation and signing, but enable verification. Benchmarking doesn't work in such a case, and it simply needs to abort and return success.

[SWilson4]

Thanks for the contribution! Would you please add the new executable to the list in the README? It would also be nice to have it run in tests/test_speed.py, similarly to speed_kem and speed_sig.

[baentsch]

Thanks very much for the contribution @cr-marcstevens ! The code LGTM. One question, though: Would it be OK for you to add it to the test harness, e.g., at "scripts/noregress.sh" (or any other place where it could run regularly such as to help improve test coverage)? [Edit/add: Sorry for the kind of duplicate message -- for some reason the comment by @SWilson4 didn't show up in my timeline when I wrote this... weird]

[cr-marcstevens]

I'll look into the extra changes needed throughout the repo with the added executable.
But I'm not fully familiar with how all that infrastructure is meant to be used.

For now I found out that speed_sig_stfl.c needed 2 fixes:

• signing didn't actually happen unless a secure keystore is set to the private key, so I provided a dummy one.
• timing sig ops didn't take into account max signatures. So for 2^10 max sigs, it could run out and invalidate the benchmark.

[cr-marcstevens]

I've noticed two issues and resolved them:

• Bugfix new code: in my solution to reset the secret key, be careful to actually return the new secret key pointer between functions. Otherwise there is a use-after-free bug.
• for stfl sigs it is possible to disable key generation and signing, but enable verification. Benchmarking doesn't work in such a case, and it simply needs to abort and return success.

[cothan]

@cr-marcstevens All tests have passed. Feel free to merge it whenever you like.
Great work.

[cr-marcstevens]

Indeed I think all issues are resolved now, so it is ready for merging.

[SWilson4]

Thanks for the contribution!