Add secret key object to XMSS (#1530)

* Initial addition of sig_stfl API and dummy XMSS variant

* add secret key object

* allocate and free using wrapper function instead of malloc/free

* cleaner function signature

* Fix comment

* Delete old file

* Missing newline

* Missing newlines

src/CMakeLists.txt

@@ -65,6 +65,8 @@ add_library(oqs kem/kem.c
                 ${SIG_OBJS}
                 sig_stfl/sig_stfl.c
                 ${SIG_STFL_OBJS}
+                sig_stfl/sig_stfl.c
+                ${SIG_STFL_OBJS}
                 ${COMMON_OBJS})
 set(COMMON_OBJS ${COMMON_OBJS} PARENT_SCOPE)
 if(DEFINED SANITIZER_LD_FLAGS)

src/sig_stfl/sig_stfl.c

@@ -438,7 +438,7 @@ OQS_API OQS_STATUS OQS_SIG_STFL_keypair(const OQS_SIG_STFL *sig, uint8_t *public
 }
 
 OQS_API OQS_STATUS OQS_SIG_STFL_sign(const OQS_SIG_STFL *sig, uint8_t *signature, size_t *signature_len, const uint8_t *message,
-                                     size_t message_len, const OQS_SIG_STFL_SECRET_KEY *secret_key) {
+                                     size_t message_len, OQS_SIG_STFL_SECRET_KEY *secret_key) {
 	if (sig == NULL || sig->sign == NULL || sig->sign(signature, signature_len, message, message_len, secret_key) != 0) {
 		return OQS_ERROR;
 	} else {

src/sig_stfl/sig_stfl.h

@@ -147,7 +147,7 @@ typedef struct OQS_SIG_STFL {
 	 * @param[in] secret_key The secret key represented as a byte string.
 	 * @return OQS_SUCCESS or OQS_ERROR
 	 */
-	OQS_STATUS (*sign)(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const OQS_SIG_STFL_SECRET_KEY *secret_key);
+	OQS_STATUS (*sign)(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, OQS_SIG_STFL_SECRET_KEY *secret_key);
 
 	/**
 	 * Signature verification algorithm.
@@ -296,7 +296,7 @@ OQS_API OQS_STATUS OQS_SIG_STFL_keypair(const OQS_SIG_STFL *sig, uint8_t *pk, OQ
  * @param[in] secret_key The secret key represented as a byte string.
  * @return OQS_SUCCESS or OQS_ERROR
  */
-OQS_API OQS_STATUS OQS_SIG_STFL_sign(const OQS_SIG_STFL *sig, uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const OQS_SIG_STFL_SECRET_KEY *secret_key);
+OQS_API OQS_STATUS OQS_SIG_STFL_sign(const OQS_SIG_STFL *sig, uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, OQS_SIG_STFL_SECRET_KEY *secret_key);
 
 /**
  * Signature verification algorithm.
@@ -315,7 +315,6 @@ OQS_API OQS_STATUS OQS_SIG_STFL_verify(const OQS_SIG_STFL *sig, const uint8_t *m
  * Query number of remaining signatures
  *
  * @param[in] sig The OQS_SIG_STFL object representing the signature scheme.
- * @param[out] remain The number of remaining signatures
  * @param[in] secret_key The secret key represented as a byte string.
  * @return OQS_SUCCESS or OQS_ERROR
  */
@@ -334,7 +333,6 @@ OQS_API OQS_STATUS OQS_SIG_STFL_sigs_total(const OQS_SIG_STFL *sig, unsigned lon
 /**
  * Frees an OQS_SIG_STFL object that was constructed by OQS_SIG_STFL_new.
  *
- * @param[in] sig The OQS_SIG_STFL object to free.
  */
 OQS_API void OQS_SIG_STFL_free(OQS_SIG_STFL *sig);
 

src/sig_stfl/xmss/external/core_hash.c

@@ -35,4 +35,4 @@ int core_hash(const xmss_params *params,
 #endif
 
 	return 0;
-}
+}

src/sig_stfl/xmss/sig_stfl_xmss_sha256_h10.c

@@ -65,28 +65,28 @@ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_XMSS_SHA256_H10_new(void) {
 	return sk;
 }
 
-OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha256_h10_keypair(XMSS_UNUSED_ATT uint8_t *public_key, XMSS_UNUSED_ATT uint8_t *secret_key) {
+OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha256_h10_keypair(XMSS_UNUSED_ATT uint8_t *public_key, XMSS_UNUSED_ATT OQS_SIG_STFL_SECRET_KEY *secret_key) {
 
-	if (public_key == NULL || secret_key == NULL) {
+	if (public_key == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) {
 		return OQS_ERROR;
 	}
 
 	const uint32_t xmss_sha256_h10_oid = 0x01;
-	if (xmss_keypair(public_key, secret_key, xmss_sha256_h10_oid)) {
+	if (xmss_keypair(public_key, secret_key->secret_key_data, xmss_sha256_h10_oid)) {
 		return OQS_ERROR;
 	}
 
 	return OQS_SUCCESS;
 }
 
-OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha256_h10_sign(uint8_t *signature, size_t *signature_len, XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, XMSS_UNUSED_ATT uint8_t *secret_key) {
+OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha256_h10_sign(uint8_t *signature, size_t *signature_len, XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, XMSS_UNUSED_ATT OQS_SIG_STFL_SECRET_KEY *secret_key) {
 
-	if (signature == NULL || signature_len == NULL || message == NULL || secret_key == NULL) {
+	if (signature == NULL || signature_len == NULL || message == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) {
 		return OQS_ERROR;
 	}
 
 	unsigned long long sig_length = 0;
-	if (xmss_sign(secret_key, signature, &sig_length, message, message_len)) {
+	if (xmss_sign(secret_key->secret_key_data, signature, &sig_length, message, message_len)) {
 		return OQS_ERROR;
 	}
 	*signature_len = (size_t)sig_length;
@@ -107,24 +107,24 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha256_h10_verify(XMSS_UNUSED_ATT const
 	return OQS_SUCCESS;
 }
 
-OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha256_h10_sigs_remaining(unsigned long long *remain, const uint8_t *secret_key) {
-	if (remain == NULL || secret_key == NULL) {
+OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha256_h10_sigs_remaining(unsigned long long *remain, const OQS_SIG_STFL_SECRET_KEY *secret_key) {
+	if (remain == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) {
 		return OQS_ERROR;
 	}
 
-	if (xmss_remaining_signatures(remain, secret_key)) {
+	if (xmss_remaining_signatures(remain, secret_key->secret_key_data)) {
 		return OQS_ERROR;
 	}
 
 	return OQS_SUCCESS;
 }
 
-OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha256_h10_sigs_total(unsigned long long *total, const uint8_t *secret_key) {
-	if (total == NULL || secret_key == NULL) {
+OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha256_h10_sigs_total(unsigned long long *total, const OQS_SIG_STFL_SECRET_KEY *secret_key) {
+	if (total == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) {
 		return OQS_ERROR;
 	}
 
-	if (xmss_total_signatures(total, secret_key)) {
+	if (xmss_total_signatures(total, secret_key->secret_key_data)) {
 		return OQS_ERROR;
 	}
 

src/sig_stfl/xmss/sig_stfl_xmss_sha256_h16.c

@@ -65,28 +65,28 @@ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_XMSS_SHA256_H16_new(void) {
 	return sk;
 }
 
-OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha256_h16_keypair(XMSS_UNUSED_ATT uint8_t *public_key, XMSS_UNUSED_ATT uint8_t *secret_key) {
+OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha256_h16_keypair(XMSS_UNUSED_ATT uint8_t *public_key, XMSS_UNUSED_ATT OQS_SIG_STFL_SECRET_KEY *secret_key) {
 
-	if (public_key == NULL || secret_key == NULL) {
+	if (public_key == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) {
 		return OQS_ERROR;
 	}
 
 	const uint32_t xmss_sha256_h16_oid = 0x02;
-	if (xmss_keypair(public_key, secret_key, xmss_sha256_h16_oid)) {
+	if (xmss_keypair(public_key, secret_key->secret_key_data, xmss_sha256_h16_oid)) {
 		return OQS_ERROR;
 	}
 
 	return OQS_SUCCESS;
 }
 
-OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha256_h16_sign(uint8_t *signature, size_t *signature_len, XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, XMSS_UNUSED_ATT uint8_t *secret_key) {
+OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha256_h16_sign(uint8_t *signature, size_t *signature_len, XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, XMSS_UNUSED_ATT OQS_SIG_STFL_SECRET_KEY *secret_key) {
 
-	if (signature == NULL || signature_len == NULL || message == NULL || secret_key == NULL) {
+	if (signature == NULL || signature_len == NULL || message == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) {
 		return OQS_ERROR;
 	}
 
 	unsigned long long sig_length = 0;
-	if (xmss_sign(secret_key, signature, &sig_length, message, message_len)) {
+	if (xmss_sign(secret_key->secret_key_data, signature, &sig_length, message, message_len)) {
 		return OQS_ERROR;
 	}
 	*signature_len = (size_t) sig_length;
@@ -107,26 +107,26 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha256_h16_verify(XMSS_UNUSED_ATT const
 	return OQS_SUCCESS;
 }
 
-OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha256_h16_sigs_remaining(unsigned long long *remain, const uint8_t *secret_key) {
-	if (remain == NULL || secret_key == NULL) {
+OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha256_h16_sigs_remaining(unsigned long long *remain, const OQS_SIG_STFL_SECRET_KEY *secret_key) {
+	if (remain == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) {
 		return OQS_ERROR;
 	}
 
-	if (xmss_remaining_signatures(remain, secret_key)) {
+	if (xmss_remaining_signatures(remain, secret_key->secret_key_data)) {
 		return OQS_ERROR;
 	}
 
 	return OQS_SUCCESS;
 }
 
-OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha256_h16_sigs_total(unsigned long long *total, const uint8_t *secret_key) {
-	if (total == NULL || secret_key == NULL) {
+OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha256_h16_sigs_total(unsigned long long *total, const OQS_SIG_STFL_SECRET_KEY *secret_key) {
+	if (total == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) {
 		return OQS_ERROR;
 	}
 
-	if (xmss_total_signatures(total, secret_key)) {
+	if (xmss_total_signatures(total, secret_key->secret_key_data)) {
 		return OQS_ERROR;
 	}
 
 	return OQS_SUCCESS;
-}
+}

src/sig_stfl/xmss/sig_stfl_xmss_sha256_h20.c

@@ -65,28 +65,28 @@ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_XMSS_SHA256_H20_new(void) {
 	return sk;
 }
 
-OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha256_h20_keypair(XMSS_UNUSED_ATT uint8_t *public_key, XMSS_UNUSED_ATT uint8_t *secret_key) {
+OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha256_h20_keypair(XMSS_UNUSED_ATT uint8_t *public_key, XMSS_UNUSED_ATT OQS_SIG_STFL_SECRET_KEY *secret_key) {
 
-	if (public_key == NULL || secret_key == NULL) {
+	if (public_key == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) {
 		return OQS_ERROR;
 	}
 
 	const uint32_t xmss_sha256_h20_oid = 0x03;
-	if (xmss_keypair(public_key, secret_key, xmss_sha256_h20_oid)) {
+	if (xmss_keypair(public_key, secret_key->secret_key_data, xmss_sha256_h20_oid)) {
 		return OQS_ERROR;
 	}
 
 	return OQS_SUCCESS;
 }
 
-OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha256_h20_sign(uint8_t *signature, size_t *signature_len, XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, XMSS_UNUSED_ATT uint8_t *secret_key) {
+OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha256_h20_sign(uint8_t *signature, size_t *signature_len, XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, XMSS_UNUSED_ATT OQS_SIG_STFL_SECRET_KEY *secret_key) {
 
-	if (signature == NULL || signature_len == NULL || message == NULL || secret_key == NULL) {
+	if (signature == NULL || signature_len == NULL || message == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) {
 		return OQS_ERROR;
 	}
 
 	unsigned long long sig_length = 0;
-	if (xmss_sign(secret_key, signature, &sig_length, message, message_len)) {
+	if (xmss_sign(secret_key->secret_key_data, signature, &sig_length, message, message_len)) {
 		return OQS_ERROR;
 	}
 	*signature_len = (size_t) sig_length;
@@ -107,26 +107,26 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha256_h20_verify(XMSS_UNUSED_ATT const
 	return OQS_SUCCESS;
 }
 
-OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha256_h20_sigs_remaining(unsigned long long *remain, const uint8_t *secret_key) {
-	if (remain == NULL || secret_key == NULL) {
+OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha256_h20_sigs_remaining(unsigned long long *remain, const OQS_SIG_STFL_SECRET_KEY *secret_key) {
+	if (remain == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) {
 		return OQS_ERROR;
 	}
 
-	if (xmss_remaining_signatures(remain, secret_key)) {
+	if (xmss_remaining_signatures(remain, secret_key->secret_key_data)) {
 		return OQS_ERROR;
 	}
 
 	return OQS_SUCCESS;
 }
 
-OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha256_h20_sigs_total(unsigned long long *total, const uint8_t *secret_key) {
-	if (total == NULL || secret_key == NULL) {
+OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha256_h20_sigs_total(unsigned long long *total, const OQS_SIG_STFL_SECRET_KEY *secret_key) {
+	if (total == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) {
 		return OQS_ERROR;
 	}
 
-	if (xmss_total_signatures(total, secret_key)) {
+	if (xmss_total_signatures(total, secret_key->secret_key_data)) {
 		return OQS_ERROR;
 	}
 
 	return OQS_SUCCESS;
-}
+}

src/sig_stfl/xmss/sig_stfl_xmss_sha512_h10.c

@@ -65,28 +65,28 @@ OQS_SIG_STFL_SECRET_KEY *OQS_SECRET_KEY_XMSS_SHA512_H10_new(void) {
 	return sk;
 }
 
-OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha512_h10_keypair(XMSS_UNUSED_ATT uint8_t *public_key, XMSS_UNUSED_ATT uint8_t *secret_key) {
+OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha512_h10_keypair(XMSS_UNUSED_ATT uint8_t *public_key, XMSS_UNUSED_ATT OQS_SIG_STFL_SECRET_KEY *secret_key) {
 
-	if (public_key == NULL || secret_key == NULL) {
+	if (public_key == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) {
 		return OQS_ERROR;
 	}
 
 	const uint32_t xmss_sha512_h10_oid = 0x04;
-	if (xmss_keypair(public_key, secret_key, xmss_sha512_h10_oid)) {
+	if (xmss_keypair(public_key, secret_key->secret_key_data, xmss_sha512_h10_oid)) {
 		return OQS_ERROR;
 	}
 
 	return OQS_SUCCESS;
 }
 
-OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha512_h10_sign(uint8_t *signature, size_t *signature_len, XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, XMSS_UNUSED_ATT uint8_t *secret_key) {
+OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha512_h10_sign(uint8_t *signature, size_t *signature_len, XMSS_UNUSED_ATT const uint8_t *message, XMSS_UNUSED_ATT size_t message_len, XMSS_UNUSED_ATT OQS_SIG_STFL_SECRET_KEY *secret_key) {
 
-	if (signature == NULL || signature_len == NULL || message == NULL || secret_key == NULL) {
+	if (signature == NULL || signature_len == NULL || message == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) {
 		return OQS_ERROR;
 	}
 
 	unsigned long long sig_length = 0;
-	if (xmss_sign(secret_key, signature, &sig_length, message, message_len)) {
+	if (xmss_sign(secret_key->secret_key_data, signature, &sig_length, message, message_len)) {
 		return OQS_ERROR;
 	}
 	*signature_len = (size_t) sig_length;
@@ -107,26 +107,26 @@ OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha512_h10_verify(XMSS_UNUSED_ATT const
 	return OQS_SUCCESS;
 }
 
-OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha512_h10_sigs_remaining(unsigned long long *remain, const uint8_t *secret_key) {
-	if (remain == NULL || secret_key == NULL) {
+OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha512_h10_sigs_remaining(unsigned long long *remain, const OQS_SIG_STFL_SECRET_KEY *secret_key) {
+	if (remain == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) {
 		return OQS_ERROR;
 	}
 
-	if (xmss_remaining_signatures(remain, secret_key)) {
+	if (xmss_remaining_signatures(remain, secret_key->secret_key_data)) {
 		return OQS_ERROR;
 	}
 
 	return OQS_SUCCESS;
 }
 
-OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha512_h10_sigs_total(unsigned long long *total, const uint8_t *secret_key) {
-	if (total == NULL || secret_key == NULL) {
+OQS_API OQS_STATUS OQS_SIG_STFL_alg_xmss_sha512_h10_sigs_total(unsigned long long *total, const OQS_SIG_STFL_SECRET_KEY *secret_key) {
+	if (total == NULL || secret_key == NULL || secret_key->secret_key_data == NULL) {
 		return OQS_ERROR;
 	}
 
-	if (xmss_total_signatures(total, secret_key)) {
+	if (xmss_total_signatures(total, secret_key->secret_key_data)) {
 		return OQS_ERROR;
 	}
 
 	return OQS_SUCCESS;
-}
+}