-
Notifications
You must be signed in to change notification settings - Fork 484
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Stateful Signature (XMSS and LMS) #1650
Conversation
* | ||
* Caller is responsible for allocating sufficient memory for `public_key` based | ||
* on the `length_*` members in this object or the per-scheme compile-time macros | ||
* `OQS_SIG_STFL_*_length_*`. The caller is also responsible for initializing |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Out of curiosity: Why is there so much responsibility put onto the user to "do things right"? Can't the library "help" (ensure there's less room for user error)?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OK, I'm impressed by the amount of new functionality -- but please forgive me for being tired by now looking through this: Please see/address the single comments. One general question: I do not see any specific new CI test configs, but many new config variables: Wouldn't at least some of them be worthwhile exercising in CI? For example, is it possible to set/unset all config vars with the new algs, e.g., OQS_MINIMAL_BUILD? Does liboqs
build OK with & without the new algs, e.g., OQS_ENABLE_SIG_STFL_XMSS=OFF/ON? Is memory leak testing for SIG_STFL out of scope or did I overlook the tests for that?
TODO: Address @baentsch comments here: #1098 (comment) |
Thanks very much for this gargantuan effort @ashman-p @ducnguyen-sb! Since this is such a big PR, I'm going to review a few files at a time and occasionally leave a batch of comments. It will probably take me at least a couple of days to get through everything thoroughly. More to come next week... |
* Simplify security assumption in docs * Get rid of commented functions * Rename sm variable; use OQS_MEM_cleanse * Clean up TODOs * Update markdown files
I had forgotten about those comments (they were hidden in the GitHub UI). They are all resolved with the latest commit. EDIT: Should clarify that by "those comments" I meant my own; Michael spoke to his above. |
The checks are all green. Comments are resolved. I can't wait for this PR to be merged! |
At this point I would approve the PR, but, as the author of a number of commits, I think that I should not be the one to push it over the "ready to merge" threshold. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think that I should not be the one to push it over the "ready to merge" threshold.
Well, strictly speaking, me neither given I have not taken a serious new look at it -- primarily out of fear of finding more things... and I already feel guilty of having caused a lot of work. So let me approve regardless and we then deal with any consequences later :-) I think it's called YOLO.
.CMake/alg_support.cmake
Outdated
cmake_dependent_option(OQS_ENABLE_SIG_STFL_lms_sha256_h20_w8_h15_w8 "" ON "OQS_ENABLE_SIG_STFL_LMS" OFF) | ||
cmake_dependent_option(OQS_ENABLE_SIG_STFL_lms_sha256_h20_w8_h20_w8 "" ON "OQS_ENABLE_SIG_STFL_LMS" OFF) | ||
|
||
option(OQS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN "Enable stateful key and signature generation for research and experimentation" OFF) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Didn't we hear suggestions to make this config option sound really dangerous and hard to accidentally enable? What about naming it "OQS_ENABLE_EXPERIMENTAL_AND_BORDERING_ON_IRRESPONSIBLE_STATEFUL_HASHBASED_SIGNATURE_AND_KEYGEN_FEATURE" (basically quoting one such feedback)?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How about OQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN
as something that sounds reasonably professional while conveying the essence of "bordering on irresponsible"?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sounds good to me.
Hmm -- DCO is not clean. But then again, I'm not sure we really care about this, do we? |
Given that this PR predates DCO being enabled, perhaps we could bypass it just this once? We would need to either have one almighty sign-off (which seems wrong, given that the PR has four different authors) or have the authors sign off on their own commits individually (which seems like an inordinate amount of busywork). |
As discussed in today's OQS meeting, this is the last call for reviews of this PR. It will be merged at the end of the week. |
I've provided instructions on how to fix DCO to @dstebila. It will involve 1 commit each from four people. |
Please see this topic |
I, Douglas Stebila, retroactively sign off on these commits: commit b0c06fa Fix API and build issues commit 7b59154 Add SIG_STFL to tests/dump_alg_info commit 8e1dd5c Update sig_stfl dummy scheme and add basic test program commit c9c3835 Re-add OQS_SECRET_KEY (#1493) Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca>
commit 001e96a Update GitHub Actions workflows for stateful signatures (#1692) commit 8524a16 Post-rebase cleanup commit 5da49e3 Satisfy astyle commit a535114 Fix macOS build error: lld -> llu commit 71ee535 Bring EVP_DigestUpdate calls in line with main commit 154d8e4 Fix test program linkage for cross-compiling commit e92aab3 Stateful sigs: Rename keygen / sign option, add more tests, fix memory errors (#1755) commit b075878 Clean up OQS_SIG_STFL_SECRET_KEY_free commit db000c2 Remove unused sig member commit 9b60f60 Naming convention for serialize / deserialize functions commit 7dd4ea0 Test stateful sigs on arm64, s390x, and powerpc (#1772) commit 31bdf13 Clean up unresolved comments on stateful-sigs PR (#1793) commit 8e75f98 Update config variable name commit ca27922 Strengthen warning in CONFIGURE.md Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
commit 244288f Add XMSS parameter xmss_sha256_h10 (#1482) commit a7e26d9 Add 12 XMSS and 16 XMSSMT parameters. (#1489) commit 4694fc3 Add secret key object to XMSS (#1530) commit 99067be Add XMSS Serialize/Deserialize (#1542) commit 2dbfc40 Update XMSS secret key object APIs, sync with LMS (#1588) commit 47740ad Enforce idx from unsigned int to uint32_t. (#1611) commit 9610576 Fix windows-x86 and arm compiling error. (#1634) commit bb658b7 Address stateful-sigs comments in #1650 (#1656) commit 7db8ddf Update `sig_stfl.h` document for #1650 (#1655) commit c3e5750 Add Apache 2.0 and MIT License to XMSS (#1662) commit e1f02b2 Change XMSS License from `(Apache 2.0 AND MIT)` to `(Apache 2.0 OR MIT) AND CC0-1.0` (#1697) commit 17c12c3 Add return status for XMSS lock/unlock functions. (#1712) commit 1941636 Add return check for lock/unlock function (#1727) commit b45415c Use `abort()` instead of exit to get the trace log. (#1728) commit ba63672 Reduce number of `malloc/free` call in `XMSS/external` (#1724) Signed-off-by: Duc Tri Nguyen <dnguye69@gmu.edu>
commit e356ebf Na lms (#1486) commit 55094c3 LMS H5_W1 (#1513) commit 4d773d7 Convert to use OQS_SIG_STFL_SECRET_KEY struct (#1525) commit 245aede LMS updated to use new SK API (#1533) commit a85a9aa Stateful sigs secret key storage callback (#1553) commit 3934949 Na statful sig lock (#1559) commit 3db6b44 Secret Key Query (#1572) commit 2446c64 Na stateful sigs lms var (#1574) commit 8df2539 Stateful sigs XMSS updates (#1590) commit a7b2987 SHA2 Increment with arbitrary length (non-block sizes) (#1614) commit 2dd9e07 Na lms kat multi level (#1620) commit 982b440 Fix Build Errors (#1635) commit ddae644 Various fixes commit cc50ef0 Fix warning commit cf03392 Update README.md commit 9325713 Update README.md commit a52b217 Update README.md commit d442ac9 Update README.md commit 72ab478 Update README.md commit 5967f12 Update src/CMakeLists.txt commit fc6d512 Update documentation and license text. (#1663) commit e7a83c7 Disable Stateful Signatures in the build by default (#1676) commit 6c81bae Na stateful macro (#1687) Signed-off-by: Norman Ashley <nashley@cisco.com>
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
Better late then never. CI is now passing thanks to #1805 and recent DCO fixes, so I am going ahead with the merge. |
Sorry for being late to this... But it just happened today: " I suggest that |
@lingxinh-aws please file an issue for this |
Thanks @lingxinh-aws, as ryjones suggested please open an issue, I will take a look at it shortly, in the mean time. |
Hi, I filed the issue here: #1815 as suggested.
Regards,
Xinhua (Frank) Ling, PhD CISSP GCED
Amazon Web Services
From: Norman Ashley ***@***.***>
Sent: Friday, June 7, 2024 8:47 AM
To: open-quantum-safe/liboqs ***@***.***>
Cc: Ling, Frank ***@***.***>; Mention ***@***.***>
Subject: Re: [open-quantum-safe/liboqs] Add Stateful Signature (XMSS and LMS) (PR #1650)
Thanks @lingxinh-aws<https://github.com/lingxinh-aws>, as ryjones suggested please open an issue, I will take a look at it shortly, in the mean time.
—
Reply to this email directly, view it on GitHub<#1650 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AWSVHCM2QTUK4YNRHYOR3VDZGGTUNAVCNFSM6AAAAABBMGCRI6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCNJUG43DKOJXGM>.
You are receiving this because you were mentioned.Message ID: ***@***.******@***.***>>
|
Adds implementations of stateful signatures to liboqs for XMSS and LMS. The feature include new OQS APIs to generate key-pairs, signature generation, verification, and secret key state-management. Actual secret key storage is left up to the application.
This PR also includes an enhancement to OQS SHA2 API to allow handling updates with arbitrary length buffers.
OQS provider support is a separate and forthcoming feature. This is separated because of the need to manage the stateful of secret keys.