Add typing: asn, exceptions, hashes, pwdbased, utils.#125
Add typing: asn, exceptions, hashes, pwdbased, utils.#125roberthdevries wants to merge 5 commits into
Conversation
roberthdevries
force-pushed
the
add-more-typing
branch
2 times, most recently
from
65d14db to
1c2b082
Compare
|
This also adds the |
dgarske
left a comment
dgarske
left a comment
There was a problem hiding this comment.
Skoll Code Review
Scan type: reviewOverall recommendation: REQUEST_CHANGES
Findings: 7 total — 7 posted, 0 skipped
6 finding(s) posted as inline comments (see file-level comments below)
Posted findings
- [High] AES-SIV single-block associated-data length uses char count of original input, not encoded byte length —
wolfcrypt/ciphers.py:397-400 - [Medium] sign_with_seed no longer accepts bytearray/memoryview seeds (regression) —
wolfcrypt/ciphers.py:2513-2546 - [Medium] make_key_from_seed now silently UTF-8-encodes a str seed instead of rejecting it —
wolfcrypt/ciphers.py:2360-2367 - [Low] ChaCha init renamed size to _size, breaking the documented backward-compatible keyword —
wolfcrypt/ciphers.py:544 - [Low] HKDF helpers annotate hash_cls as instance type instead of class type —
wolfcrypt/hkdf.py:33,78,105 - [Low] Random no longer nulls native_object on init failure; del frees an uninitialized RNG —
wolfcrypt/random.py:37-52 - [Low] RsaPublic.init made key a required positional argument —
wolfcrypt/ciphers.py:771-774
Review generated by Skoll
This has some fallout in random.py to simplify checks. Also one test is slightly adapted to produced the desired failure.
roberthdevries
force-pushed
the
add-more-typing
branch
2 times, most recently
from
8f9280c to
1af1a55
Compare
dgarske
left a comment
dgarske
left a comment
There was a problem hiding this comment.
Skoll Code Review
Scan type: reviewOverall recommendation: REQUEST_CHANGES
Findings: 7 total — 7 posted, 0 skipped
4 finding(s) posted as inline comments (see file-level comments below)
Posted findings
- [High] New undeclared runtime dependency on typing_extensions —
wolfcrypt/ciphers.py:28, wolfcrypt/hashes.py:28 - [Medium] Removed _ffi.from_buffer() drops bytearray/memoryview support for seed/rand inputs —
wolfcrypt/ciphers.py:2383, 2548, 2559, 2067, 2110 - [Medium] **_Cipher.new() dropped kwargs, breaking PEP 272 extra keyword arguments —
wolfcrypt/ciphers.py:187-199 - [Medium] HKDF functions annotate hash_cls as instance type instead of class type —
wolfcrypt/hkdf.py:33, 78, 105 - [Medium] asn.py leaves function arguments unannotated while enabling ANN ruff rules —
wolfcrypt/asn.py:81, 99 - [Low] test_mldsa now relies on cffi's low-level TypeError instead of an explicit guard —
tests/test_mldsa.py:186 - [Low] RsaPublic.init made key a required positional argument —
wolfcrypt/ciphers.py:781
Review generated by Skoll
Tests are now also type checked as this helps verifying the correctness of the type annotations.
dgarske
left a comment
dgarske
left a comment
There was a problem hiding this comment.
Skoll Code Review
Scan type: reviewOverall recommendation: COMMENT
Findings: 3 total — 3 posted, 0 skipped
3 finding(s) posted as inline comments (see file-level comments below)
Posted findings
- [Medium] ML-DSA seed handling: bytearray/memoryview now rejected, and the two seed methods validate inconsistently —
wolfcrypt/ciphers.py:2371-2392 (make_key_from_seed), 2516-2540 (sign_with_seed) - [Low] *ML-KEM _with_random helpers no longer accept bytearray/memoryview for rand —
wolfcrypt/ciphers.py:2059-2077 (encapsulate_with_random), 2103-2119 (make_key_with_random) - [Low] hkdf.py forces a runtime import of _Hmac for a type annotation (no from future import annotations) —
wolfcrypt/hkdf.py:30-33
Review generated by Skoll
| @@ -2004,7 +2068,7 @@ def encapsulate_with_random(self, rand): | |||
| ct = _ffi.new(f"unsigned char[{ct_size}]") | |||
| ss = _ffi.new(f"unsigned char[{ss_size}]") | |||
| ret = _lib.wc_KyberKey_EncapsulateWithRandom( | |||
There was a problem hiding this comment.
*🔵 [Low] ML-KEM _with_random helpers no longer accept bytearray/memoryview for rand
These calls dropped _ffi.from_buffer(rand) and now pass rand directly to wc_KyberKey_EncapsulateWithRandom / wc_KyberKey_MakeKeyWithRandom (const unsigned char*). Unlike decode_key/decapsulate, rand is not run through t2b, so a bytes value still works but a bytearray or memoryview (which from_buffer previously handled) now raises a cffi TypeError. The annotation was narrowed to rand: bytes, which documents the intent, but it is still a silent runtime behavior change for callers passing other buffer types. Tests only pass bytes (unhexlify(...)), so the change is untested.
Fix: Either normalize rand with t2b() (matching the other ML-KEM methods) to preserve buffer-protocol support, or explicitly document that only bytes is accepted now.
| @@ -28,8 +28,9 @@ | |||
|
|
|||
|
|
|||
| if _lib.HKDF_ENABLED: | |||
There was a problem hiding this comment.
🔵 [Low] hkdf.py forces a runtime import of _Hmac for a type annotation (no from future import annotations)
Unlike the other modified modules (asn.py, ciphers.py, hashes.py, pwdbased.py), hkdf.py does not add from __future__ import annotations. As a result the new annotation def HKDF(hash_cls: type[_Hmac], ...) is evaluated at import time, which is why a real runtime import from wolfcrypt.hashes import _Hmac was added inside if _lib.HKDF_ENABLED:. _Hmac is only defined when _lib.HMAC_ENABLED. In a build where HKDF is enabled but HMAC is not, import wolfcrypt.hkdf would now raise ImportError where it previously succeeded. wolfSSL's HKDF structurally depends on HMAC so this is unlikely in practice, but the new import coupling is avoidable.
Fix: Add from __future__ import annotations to hkdf.py and move the _Hmac import under TYPE_CHECKING (or guard it on _lib.HMAC_ENABLED) so the annotation does not create a hard runtime dependency.
| @@ -2306,45 +2369,38 @@ def make_key(cls, mldsa_type, rng=None): | |||
| return mldsa_priv | |||
|
|
|||
| @classmethod | |||
There was a problem hiding this comment.
🟠 [Medium] ML-DSA seed handling: bytearray/memoryview now rejected, and the two seed methods validate inconsistently
Before this PR both methods accepted any buffer-protocol object (bytes, bytearray, memoryview) via memoryview(seed) followed by _ffi.from_buffer(seed_view). The PR removes that normalization and the two methods now diverge:
make_key_from_seedonly doeslen(seed)and passesseedstraight towc_dilithium_make_key_from_seed(...)(aconst byte*argument). CFFI acceptsbytes,listandtuplefor that argument but raisesTypeErrorforbytearrayandmemoryview(verified empirically against_cffi_backend). So a bytearray/memoryview seed that worked before now fails with an opaque cffi error.sign_with_seedadds an explicitif not isinstance(seed, (list, tuple, bytes)): raise TypeError(...), which also rejects bytearray/memoryview but with a different (clearer) error.
Net effect: the accepted seed set changed from {bytes, bytearray, memoryview} to {bytes, list, tuple}. bytes (the common path, and the only one exercised by tests) still works, but bytearray/memoryview are a silent regression, and the two methods now raise different error types for the same bad input. No test covers list/tuple seeds or bytearray/memoryview seeds, so CI will not catch the change.
Fix: Apply the same validation/normalization in both methods. If the input-type contract is intentionally being narrowed, note it in ChangeLog.rst and add tests covering list/tuple (and rejected bytearray) seeds so the behavior is pinned.
Note: Referenced line (
wolfcrypt/ciphers.py:2371-2392 (make_key_from_seed), 2516-2540 (sign_with_seed)) is outside the diff hunk. Comment anchored to nearest changed region.
No description provided.