Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update sig_stfl.h document for #1650 #1655

Merged
merged 8 commits into from
Jan 11, 2024

Conversation

ducnguyen-sb
Copy link
Contributor

@ducnguyen-sb ducnguyen-sb commented Jan 8, 2024

This PR address the comments in #1650

This PR rewrite the documentation in sig_stfl.h header for a few APIs, make simpler and (somewhat) easier to read.

  • Does this PR change the input/output behaviour of a cryptographic algorithm (i.e., does it change known answer test values)? (If so, a version bump will be required from x.y.z to x.(y+1).0.)
  • Does this PR change the list of algorithms available -- either adding, removing, or renaming? Does this PR otherwise change an API? (If so, PRs in fully supported downstream projects dependent on these, i.e., oqs-provider and OQS-OpenSSH will also need to be ready for review and merge by the time this is merged.)

@ducnguyen-sb ducnguyen-sb requested a review from dstebila as a code owner January 8, 2024 20:40
@ducnguyen-sb ducnguyen-sb changed the title Update sig_stfl.h document Update sig_stfl.h document for #1650 Jan 8, 2024
src/sig_stfl/sig_stfl.h Outdated Show resolved Hide resolved
src/sig_stfl/sig_stfl.h Outdated Show resolved Hide resolved
*/
OQS_API OQS_STATUS OQS_SIG_STFL_SECRET_KEY_lock(OQS_SIG_STFL_SECRET_KEY *sk);

/**
* OQS_SIG_STFL_SECRET_KEY_unlock .
* Unlock the secret key, making it accessible to other processes.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same question as above: When does (an application) need to call this function?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So I added:

* This operation is essential in multi-threaded or multi-process contexts
 * in order to prevent simultaneous operations that could compromise the stateful signature security.
 
 ...
* @note It's not required to use lock and unlock functions in a single-threaded environment.

So, it's should be call in multi-threaded environment.
I wonder if the current documentation is good enough, let me know if it's unclear.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wonder if the current documentation is good enough, let me know if it's unclear.

I can only judge from my perspective and cannot know what other's may (mis)understand, so here goes my question now: Which (liboqs API) calls ("operations" in your wording above) need to be guarded with this function in multi-threaded environments? And a much more basic question: If there are such library functions failing to properly operate in a multi-threaded environment, wouldn't it be better to document them accordingly? And as follow-on question: Does it need such liboqs-based "lock/unlock" functions at all if such documentation exists? Why isn't use of any external, e.g. as provided by the application-chosen threading library, lock/unlock mechanisms sufficient?

I guess what I'd like to suggest in a more "brutal question": Should we not strive to implement a thread-safe library API OR completely get out of the way (giving the app developer full control of what they want/need to do)? Anything in between IMO has the potential for a "support nightmare" ("use API XYZ if you are using threading library ABC; if not using any threading, disregard XYZ but use API XZZ", etc....)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I answer each question below.

  1. What function need to be guarded with this function in a concurrent environment?

Only the Signing operation.

Thanks to your question, I updated this note:

* @note It's not necessary to use this function in either Keygen or Verifying operations.
 *       In a concurrent environment, the user is responsible for locking and unlocking the private key,
 *       to make sure that only one thread can access the private key during a Signing operation.
  1. Why such lock/unlock APIs are there? Is it meant we strive to be a thread-safe library?

These APIs intention is to limit to one owner of private key at a time in a concurrent environment.
If users supply lock/unlock logic with a mutex, we acquire the lock to be the only owner of the private key, and unlock after the Signing operation complete.
If users don't supply the lock/unlock logic or a mutex, they are simply NOP operations.

I think the key different here is: We don't execute stateful signature in multi-thread at the library itself, but we provide a way to let users use multi-thread securely, in the right way.

  1. Does it need such liboqs-based "lock/unlock" functions at all if such documentation exists?

I think to have lock/unlock functions help liboqs in:

  • Testing. Someone has to foreseen the usage of our proposed APIs in multi-thread environment, so we need lock/unlock to test if it's still safe in such if our low-level implementation change.

So we have it in test, well, why not exposed them to library user, it's convenience anyway. So there are liboqs-based lock/unlock functions.

  1. Why isn't use of any external, e.g. as provided by the application-chosen threading library, lock/unlock mechanisms sufficient?

Actually we don't concretely define the lock/unlock mechanisms in liboqs, if the function pointers of lock/unlock are non-NULL then we will run them to perform lock/unlock the private key.

So, we open to any application-chosen threading library, and it's user responsibility to create a proper lock/unlock functions, and it's up to them to define their mutex.

  1. Anything in between IMO has the potential for a "support nightmare" ("use API XYZ if you are using threading library ABC; if not using any threading, disregard XYZ but use API XZZ", etc....)

I totally agree with you, we don't want to get into "support nightmare". I want to run away from it as far as possible. :))

You have more experience than me in this matter, please let me know if there is something I need to change to get out of "support nightmare".

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@baentsch before I merge this PR, do I answer your questions?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You have more experience than me in this matter, please let me know if there is something I need to change to get out of "support nightmare".

I'm not sure I do -- I did not use these APIs -- yet. My "general" question regarding minimizing support effort is: Could we completely do away with those functions in the external OQS API? If we could, we won't have to support them.

So we have it in test, well, why not exposed them to library user, it's convenience anyway. So there are liboqs-based lock/unlock functions.

That's what I'm concerned with: If it's mere "convenience" (for us) we shouldn't externally make it available. Any API externally visible creates more support effort. Please see the discussion in #1648 and decide whether mutex/lock/unlock is another candidate for this internal API.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I double check, these APIs just for testing purpose, so I moved them to internal APIs.
Updated in 8b0e15e

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The set_lock, set_mutex, and set_unlock should still be public APIs.
@baentsch

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:-( I won't respond to user questions about them.

Copy link
Member

@baentsch baentsch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the updates addressing many of my original comments, @ducnguyen-sb ! I only re-reviewed the changes in the PR, not the merge-to-main PR again: Please let me know when I should do that (to close out/mark as resolved my comments there).

@ducnguyen-sb ducnguyen-sb requested a review from baentsch January 9, 2024 20:07
@ducnguyen-sb
Copy link
Contributor Author

Thanks @baentsch , I addressed your comments.
I believe it's simpler to address a smaller changes here rather than the big PR in #1650 , once it's resolved here we can mark the comments in the main branch as resolved.

Copy link
Member

@baentsch baentsch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the clarification.

@ducnguyen-sb ducnguyen-sb requested a review from baentsch January 11, 2024 16:05
@ducnguyen-sb ducnguyen-sb merged commit 0464a98 into stateful-sigs Jan 11, 2024
52 checks passed
@ducnguyen-sb ducnguyen-sb deleted the update_sig_stfl_header_document branch January 11, 2024 19:39
SWilson4 pushed a commit that referenced this pull request Feb 14, 2024
* update the stateful siganture header documentation

* catch the case when mutex is not set

* stress that only the Signing operation need to be locked/unlocked.

* make lock and unlock function to internal APIs.
cothan pushed a commit that referenced this pull request Apr 2, 2024
* update the stateful siganture header documentation

* catch the case when mutex is not set

* stress that only the Signing operation need to be locked/unlocked.

* make lock and unlock function to internal APIs.
SWilson4 pushed a commit that referenced this pull request Apr 12, 2024
* update the stateful siganture header documentation

* catch the case when mutex is not set

* stress that only the Signing operation need to be locked/unlocked.

* make lock and unlock function to internal APIs.
SWilson4 pushed a commit that referenced this pull request Apr 12, 2024
* update the stateful siganture header documentation

* catch the case when mutex is not set

* stress that only the Signing operation need to be locked/unlocked.

* make lock and unlock function to internal APIs.
SWilson4 pushed a commit that referenced this pull request Apr 12, 2024
* update the stateful siganture header documentation

* catch the case when mutex is not set

* stress that only the Signing operation need to be locked/unlocked.

* make lock and unlock function to internal APIs.
SWilson4 pushed a commit that referenced this pull request May 14, 2024
* update the stateful siganture header documentation

* catch the case when mutex is not set

* stress that only the Signing operation need to be locked/unlocked.

* make lock and unlock function to internal APIs.
cothan added a commit that referenced this pull request May 30, 2024
commit 244288f Add XMSS parameter xmss_sha256_h10 (#1482)
commit a7e26d9 Add 12 XMSS and 16 XMSSMT parameters. (#1489)
commit 4694fc3 Add secret key object to XMSS (#1530)
commit 99067be Add XMSS Serialize/Deserialize  (#1542)
commit 2dbfc40 Update XMSS secret key object APIs, sync with LMS  (#1588)
commit 47740ad Enforce idx from unsigned int to uint32_t. (#1611)
commit 9610576 Fix windows-x86 and arm compiling error. (#1634)
commit bb658b7 Address  stateful-sigs comments in #1650 (#1656)
commit 7db8ddf Update `sig_stfl.h` document for #1650 (#1655)
commit c3e5750 Add Apache 2.0 and MIT License to XMSS (#1662)
commit e1f02b2 Change XMSS License from `(Apache 2.0 AND MIT)` to `(Apache 2.0 OR MIT) AND CC0-1.0` (#1697)
commit 17c12c3 Add return status for XMSS lock/unlock functions. (#1712)
commit 1941636 Add return check for lock/unlock function (#1727)
commit b45415c Use `abort()` instead of exit to get the trace log. (#1728)
commit ba63672 Reduce number of `malloc/free` call in `XMSS/external` (#1724)

Signed-off-by: Duc Tri Nguyen <dnguye69@gmu.edu>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants