Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

20250107-clang-tidy-xmss #8339

Merged
merged 5 commits into from
Jan 8, 2025
Merged

20250107-clang-tidy-xmss #8339

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
8c32238
wolfcrypt/src/wc_xmss_impl.c: guided by clang-tidy 20.0.0_pre20250104…
douzzer Jan 7, 2025
b6ce89c
wolfcrypt/src/pkcs7.c: in wc_PKCS7_BuildSignedAttributes(), clear can…
douzzer Jan 7, 2025
27c37b2
tests/api.c: in test_dtls12_basic_connection_id(), add cast to fix a …
douzzer Jan 7, 2025
632d1c7
wolfcrypt/src/wc_xmss_impl.c: fix error-checking comparisons in wc_xm…
douzzer Jan 7, 2025
fd664fd
wolfcrypt/src/integer.c: add sanity checks to mollify clang-tidy 20.0…
douzzer Jan 8, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions wolfcrypt/src/pkcs7.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2073,6 +2073,8 @@ static int wc_PKCS7_BuildSignedAttributes(wc_PKCS7* pkcs7, ESD* esd,

cannedAttribsCount = sizeof(cannedAttribs)/sizeof(PKCS7Attrib);

XMEMSET(&cannedAttribs[idx], 0, sizeof(cannedAttribs[idx]));

if ((pkcs7->defaultSignedAttribs & WOLFSSL_CONTENT_TYPE_ATTRIBUTE) ||
pkcs7->defaultSignedAttribs == 0) {
cannedAttribs[idx].oid = contentTypeOid;
Expand Down
50 changes: 32 additions & 18 deletions wolfcrypt/src/wc_xmss_impl.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2675,7 +2675,7 @@ static void wc_xmss_bds_state_free(BdsState* bds)
* @param [out] bds BDS states.
* @param [out] wots_sigs WOTS signatures when XMSS^MT.
*/
static void wc_xmss_bds_state_load(const XmssState* state, byte* sk,
static int wc_xmss_bds_state_load(const XmssState* state, byte* sk,
BdsState* bds, byte** wots_sigs)
{
const XmssParams* params = state->params;
Expand All @@ -2689,6 +2689,9 @@ static void wc_xmss_bds_state_load(const XmssState* state, byte* sk,
/* Skip past standard SK = idx || wots_sk || SK_PRF || root || SEED; */
sk += params->idx_len + 4 * n;

if (2 * (int)params->d - 1 < 0)
return WC_FAILURE;
dgarske marked this conversation as resolved.
Show resolved Hide resolved

for (i = 0; i < 2 * (int)params->d - 1; i++) {
/* Set pointers into SK. */
bds[i].stack = sk;
Expand All @@ -2715,6 +2718,8 @@ static void wc_xmss_bds_state_load(const XmssState* state, byte* sk,
if (wots_sigs != NULL) {
*wots_sigs = sk;
}

return 0;
}

/* Store the BDS state into the secret/private key.
Expand All @@ -2723,7 +2728,7 @@ static void wc_xmss_bds_state_load(const XmssState* state, byte* sk,
* @param [in, out] sk Secret/private key.
* @param [in] bds BDS states.
*/
static void wc_xmss_bds_state_store(const XmssState* state, byte* sk,
static int wc_xmss_bds_state_store(const XmssState* state, byte* sk,
BdsState* bds)
{
int i;
Expand All @@ -2743,15 +2748,20 @@ static void wc_xmss_bds_state_store(const XmssState* state, byte* sk,
/* Ignore standard SK = idx || wots_sk || SK_PRF || root || SEED; */
sk += params->idx_len + 4 * n;

if (2 * (int)params->d - 1 < 0)
return WC_FAILURE;

for (i = 0; i < 2 * (int)params->d - 1; i++) {
/* Skip pointers into sk. */
sk += skip;
/* Save values - big-endian encoded. */
c32to24(bds[i].next, sk);
c32to24(bds[i].next, sk); /* NOLINT(clang-analyzer-core.CallAndMessage) */
sk += 3;
sk[0] = bds[i].offset;
sk += 1;
}

return 0;
}

/********************************************
Expand Down Expand Up @@ -3297,6 +3307,10 @@ int wc_xmss_keygen(XmssState* state, const unsigned char* seed,
if (ret == 0)
#endif
{
/* Setup pointers into sk - assumes sk is initialized to zeros. */
ret = wc_xmss_bds_state_load(state, sk, bds, NULL);
}
if (ret == 0) {
/* Offsets into seed. */
const byte* seed_priv = seed;
const byte* seed_pub = seed + 2 * n;
Expand All @@ -3306,9 +3320,6 @@ int wc_xmss_keygen(XmssState* state, const unsigned char* seed,
/* Offsets into public key. */
byte* pk_seed = pk + n;

/* Setup pointers into sk - assumes sk is initialized to zeros. */
wc_xmss_bds_state_load(state, sk, bds, NULL);

/* Set first index to 0 in private key. idx_len always 4. */
*sk_idx = 0;
/* Set private key seed and private key for PRF in to private key. */
Expand All @@ -3333,7 +3344,7 @@ int wc_xmss_keygen(XmssState* state, const unsigned char* seed,
XMEMCPY(sk_root, pk_root, 2 * n);

/* Store BDS state back into secret/private key. */
wc_xmss_bds_state_store(state, sk, bds);
ret = wc_xmss_bds_state_store(state, sk, bds);
}

#ifdef WOLFSSL_SMALL_STACK
Expand Down Expand Up @@ -3412,8 +3423,9 @@ int wc_xmss_sign(XmssState* state, const unsigned char* m, word32 mlen,
#endif
{
/* Load the BDS state from secret/private key. */
wc_xmss_bds_state_load(state, sk, bds, NULL);

ret = wc_xmss_bds_state_load(state, sk, bds, NULL);
}
if (ret == 0) {
/* Copy the index into the signature data: Sig = idx_sig || ... */
*((word32*)sig) = *((word32*)sk);
/* Read index from the secret key. */
Expand Down Expand Up @@ -3468,7 +3480,7 @@ int wc_xmss_sign(XmssState* state, const unsigned char* m, word32 mlen,
if (ret == 0) {
sig += params->wots_sig_len;
/* Add authentication path (auth) and calc new root. */
XMEMCPY(sig, bds->authPath, h * n);
XMEMCPY(sig, bds->authPath, h * n); /* NOLINT(clang-analyzer-core.CallAndMessage) */
ret = state->ret;
}

Expand All @@ -3490,7 +3502,7 @@ int wc_xmss_sign(XmssState* state, const unsigned char* m, word32 mlen,
}
if (ret == 0) {
/* Store BDS state back into secret/private key. */
wc_xmss_bds_state_store(state, sk, bds);
ret = wc_xmss_bds_state_store(state, sk, bds);
}

#ifdef WOLFSSL_SMALL_STACK
Expand Down Expand Up @@ -3580,14 +3592,15 @@ int wc_xmssmt_keygen(XmssState* state, const unsigned char* seed,

/* Allocate memory for BDS states and tree hash instances. */
ret = wc_xmss_bds_state_alloc(params, &bds);
if (ret == 0) {
/* Load the BDS state from secret/private key. */
ret = wc_xmss_bds_state_load(state, sk, bds, &wots_sigs);
}
if (ret == 0) {
/* Offsets into seed. */
const byte* seed_priv = seed;
const byte* seed_pub = seed + 2 * params->n;

/* Load the BDS state from secret/private key. */
wc_xmss_bds_state_load(state, sk, bds, &wots_sigs);

/* Set first index to 0 in private key. */
XMEMSET(sk, 0, params->idx_len);
/* Set private key seed and private key for PRF in to private key. */
Expand Down Expand Up @@ -3630,7 +3643,7 @@ int wc_xmssmt_keygen(XmssState* state, const unsigned char* seed,
XMEMCPY(sk_root, pk_root, 2 * n);

/* Store BDS state back into secret/private key. */
wc_xmss_bds_state_store(state, sk, bds);
ret = wc_xmss_bds_state_store(state, sk, bds);
}

/* Dispose of allocated data of BDS states. */
Expand Down Expand Up @@ -4000,8 +4013,9 @@ int wc_xmssmt_sign(XmssState* state, const unsigned char* m, word32 mlen,
ret = wc_xmss_bds_state_alloc(params, &bds);
if (ret == 0) {
/* Load the BDS state from secret/private key. */
wc_xmss_bds_state_load(state, sk, bds, &wots_sigs);

ret = wc_xmss_bds_state_load(state, sk, bds, &wots_sigs);
}
if (ret == 0) {
/* Copy the index into the signature data: Sig_MT = idx_sig. */
XMEMCPY(sig_mt, sk, idx_len);

Expand Down Expand Up @@ -4032,7 +4046,7 @@ int wc_xmssmt_sign(XmssState* state, const unsigned char* m, word32 mlen,

if (ret == 0) {
/* Store BDS state back into secret/private key. */
wc_xmss_bds_state_store(state, sk, bds);
ret = wc_xmss_bds_state_store(state, sk, bds);
}

/* Dispose of allocated data of BDS states. */
Expand Down
Loading