Add typing: asn, exceptions, hashes, pwdbased, utils.#125
Add typing: asn, exceptions, hashes, pwdbased, utils.#125roberthdevries wants to merge 8 commits into
Conversation
roberthdevries
force-pushed
the
add-more-typing
branch
2 times, most recently
from
65d14db to
1c2b082
Compare
|
This also adds the |
dgarske
left a comment
dgarske
left a comment
There was a problem hiding this comment.
Skoll Code Review
Scan type: reviewOverall recommendation: REQUEST_CHANGES
Findings: 7 total — 7 posted, 0 skipped
6 finding(s) posted as inline comments (see file-level comments below)
Posted findings
- [High] AES-SIV single-block associated-data length uses char count of original input, not encoded byte length —
wolfcrypt/ciphers.py:397-400 - [Medium] sign_with_seed no longer accepts bytearray/memoryview seeds (regression) —
wolfcrypt/ciphers.py:2513-2546 - [Medium] make_key_from_seed now silently UTF-8-encodes a str seed instead of rejecting it —
wolfcrypt/ciphers.py:2360-2367 - [Low] ChaCha init renamed size to _size, breaking the documented backward-compatible keyword —
wolfcrypt/ciphers.py:544 - [Low] HKDF helpers annotate hash_cls as instance type instead of class type —
wolfcrypt/hkdf.py:33,78,105 - [Low] Random no longer nulls native_object on init failure; del frees an uninitialized RNG —
wolfcrypt/random.py:37-52 - [Low] RsaPublic.init made key a required positional argument —
wolfcrypt/ciphers.py:771-774
Review generated by Skoll
This has some fallout in random.py to simplify checks. Also one test is slightly adapted to produced the desired failure.
roberthdevries
force-pushed
the
add-more-typing
branch
2 times, most recently
from
8f9280c to
1af1a55
Compare
dgarske
left a comment
dgarske
left a comment
There was a problem hiding this comment.
Skoll Code Review
Scan type: reviewOverall recommendation: REQUEST_CHANGES
Findings: 7 total — 7 posted, 0 skipped
4 finding(s) posted as inline comments (see file-level comments below)
Posted findings
- [High] New undeclared runtime dependency on typing_extensions —
wolfcrypt/ciphers.py:28, wolfcrypt/hashes.py:28 - [Medium] Removed _ffi.from_buffer() drops bytearray/memoryview support for seed/rand inputs —
wolfcrypt/ciphers.py:2383, 2548, 2559, 2067, 2110 - [Medium] **_Cipher.new() dropped kwargs, breaking PEP 272 extra keyword arguments —
wolfcrypt/ciphers.py:187-199 - [Medium] HKDF functions annotate hash_cls as instance type instead of class type —
wolfcrypt/hkdf.py:33, 78, 105 - [Medium] asn.py leaves function arguments unannotated while enabling ANN ruff rules —
wolfcrypt/asn.py:81, 99 - [Low] test_mldsa now relies on cffi's low-level TypeError instead of an explicit guard —
tests/test_mldsa.py:186 - [Low] RsaPublic.init made key a required positional argument —
wolfcrypt/ciphers.py:781
Review generated by Skoll
Tests are now also type checked as this helps verifying the correctness of the type annotations.
dgarske
left a comment
dgarske
left a comment
There was a problem hiding this comment.
Skoll Code Review
Scan type: reviewOverall recommendation: COMMENT
Findings: 3 total — 3 posted, 0 skipped
3 finding(s) posted as inline comments (see file-level comments below)
Posted findings
- [Medium] ML-DSA seed handling: bytearray/memoryview now rejected, and the two seed methods validate inconsistently —
wolfcrypt/ciphers.py:2371-2392 (make_key_from_seed), 2516-2540 (sign_with_seed) - [Low] *ML-KEM _with_random helpers no longer accept bytearray/memoryview for rand —
wolfcrypt/ciphers.py:2059-2077 (encapsulate_with_random), 2103-2119 (make_key_with_random) - [Low] hkdf.py forces a runtime import of _Hmac for a type annotation (no from future import annotations) —
wolfcrypt/hkdf.py:30-33
Review generated by Skoll
dgarske
left a comment
dgarske
left a comment
There was a problem hiding this comment.
Skoll Code Review
Scan type: reviewOverall recommendation: COMMENT
Findings: 4 total — 4 posted, 0 skipped
4 finding(s) posted as inline comments (see file-level comments below)
Posted findings
- [Medium] ML-DSA seed validation now rejects bytearray/memoryview (regression) —
wolfcrypt/ciphers.py:2383,2537 - [Medium] Advertised list/tuple seed support is untested and likely fails at the cffi boundary —
wolfcrypt/ciphers.py:2372,2391 - [Low] setup.py install_requires not synced with new typing-extensions runtime dependency —
setup.py:62-63 - [Low] Hard runtime import of private cffi symbol _cffi_backend.Lib only to satisfy a cast —
wolfcrypt/__init__.py:20-22,56
Review generated by Skoll
dgarske
left a comment
dgarske
left a comment
There was a problem hiding this comment.
See #125 (review)
If you disagree just make note. We are getting close on this and thank you for your efforts
Also added a line to the change log to mention that typing information has been added.
dgarske
left a comment
dgarske
left a comment
There was a problem hiding this comment.
Skoll Code Review
Scan type: reviewOverall recommendation: COMMENT
Findings: 4 total — 4 posted, 0 skipped
4 finding(s) posted as inline comments (see file-level comments below)
Posted findings
- [Medium] typing-extensions dependency has no minimum version (override requires =4.4.0) —
pyproject.toml:27 - [Low] bytes(seed) silently accepts an int, dropping the friendly type check for ML-DSA seeds —
wolfcrypt/ciphers.py:2383,2536 - [Info] New module wolfcrypt/types.py shadows the stdlib types module name —
wolfcrypt/types.py:1 - [Info] Inconsistent # ty:ignore comment lacks the space used everywhere else —
wolfcrypt/__init__.py:53
Review generated by Skoll
| dynamic = ["version"] | ||
| dependencies = [ | ||
| "cffi>=1.0.0,<2", | ||
| "typing-extensions", |
There was a problem hiding this comment.
🟠 [Medium] typing-extensions dependency has no minimum version (override requires =4.4.0)
The PR adds from typing_extensions import override as an unconditional runtime import in wolfcrypt/ciphers.py and wolfcrypt/hashes.py. override was only added to typing_extensions in 4.4.0 (and typing.override does not exist until Python 3.12, while this package now supports 3.10/3.11 per requires-python = ">=3.10"). The new dependency is declared as just "typing-extensions" with no version floor. On an environment that already has an older typing_extensions installed, pip will treat the unconstrained requirement as already satisfied and not upgrade it, so from typing_extensions import override raises ImportError and the entire wolfcrypt package fails to import.
Fix: Pin a minimum version (typing-extensions>=4.4.0) so override is guaranteed to be importable on all supported Python versions.
| @@ -2316,35 +2379,31 @@ def make_key_from_seed(cls, mldsa_type, seed): | |||
| :type seed: bytes | |||
| """ | |||
| mldsa_priv = cls(mldsa_type) | |||
There was a problem hiding this comment.
🔵 [Low] bytes(seed) silently accepts an int, dropping the friendly type check for ML-DSA seeds
The previous code wrapped the seed in memoryview(seed) inside a try/except that raised a clear TypeError("seed must support the buffer protocol, such as bytesorbytearray") for non-buffer inputs. The new code replaces that with seed = bytes(seed). For str/None this still raises TypeError (acceptable), but for an int argument bytes(n) silently produces n zero bytes. If a caller mistakenly passes the integer seed length (e.g. make_key_from_seed(t, 32)), the length check len(seed) != ML_DSA_KEYGEN_SEED_LENGTH passes and an all-zero deterministic seed is used to generate a key/signature with no error -- a subtle footgun for a cryptographic seed input. The original explicit, descriptive error message is also lost.
Fix: Reject int (and other non-buffer scalar) inputs explicitly, or restore a buffer-protocol type check, so a misused integer cannot be silently coerced into an all-zero seed.
There was a problem hiding this comment.
Restored the buffer protocol check using memoryview without using the result of memoryview.
Instead the conversion to bytes will take care of passing the right datatype to the cffi wrapped function.
| @@ -0,0 +1,35 @@ | |||
| # types.py | |||
There was a problem hiding this comment.
⚪ [Info] New module wolfcrypt/types.py shadows the stdlib types module name
The PR introduces wolfcrypt/types.py. It is consumed only via package-relative imports (from .types import ...), and Python 3 absolute imports prevent it from shadowing the stdlib types module elsewhere, so there is no runtime bug. However, naming a module types is a well-known footgun for maintainability (any future import types inside the package can confuse readers/tools).
Fix: Consider renaming the module to avoid colliding with the stdlib types name; optional, no functional impact.
There was a problem hiding this comment.
Renamed to wc_types.py
| if hasattr(_lib, 'WC_RNG_SEED_CB_ENABLED'): | ||
| if _lib.WC_RNG_SEED_CB_ENABLED: | ||
| ret = _lib.wc_SetSeed_Cb(_ffi.addressof(_lib, "wc_GenerateSeed")) | ||
| ret = _lib.wc_SetSeed_Cb(_ffi.addressof(_lib, "wc_GenerateSeed")) # ty:ignore[no-matching-overload] |
There was a problem hiding this comment.
⚪ [Info] Inconsistent # ty:ignore comment lacks the space used everywhere else
Every other suppression added in this PR uses the form # ty: ignore[...] (with a space after the colon), but this one is written # ty:ignore[no-matching-overload] (no space). If the ty checker's comment parser requires the canonical # ty: ignore spelling, this suppression will not take effect and the overload diagnostic will still surface. Cosmetic/tooling only -- no runtime impact.
Fix: Normalize to # ty: ignore[no-matching-overload] to match the rest of the codebase and ensure the suppression is recognized.
No description provided.