Skip to content

Commit 4d37d38

Browse files
FrauschiFrauschi
committed
ML-KEM fixes
* fix -Wconversion warnings * allow APIs without RNG usage in case WC_NO_RNG is defined
1 parent a619c1e commit 4d37d38

5 files changed

Lines changed: 487 additions & 412 deletions

File tree

.github/workflows/wolfCrypt-Wconversion.yml

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,12 @@ jobs:
2323
'--enable-smallstack --disable-asm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion"',
2424
'--enable-smallstack --enable-intelasm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion"',
2525
'--enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -DNO_INT128"',
26-
'--enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests CPPFLAGS="-Wdeclaration-after-statement -Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion" --enable-32bit CFLAGS=-m32'
26+
'--enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests CPPFLAGS="-Wdeclaration-after-statement -Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion" --enable-32bit CFLAGS=-m32',
27+
'--enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem=yes,small CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -DNO_INT128"',
28+
'--enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem=yes,no-large-code CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -DNO_INT128"',
29+
'--enable-smallstack --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem=yes CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -DNO_INT128"',
30+
'--disable-intelasm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests CPPFLAGS="-DWOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM -DWOLFSSL_MLKEM_MAKEKEY_SMALL_MEM -Wdeclaration-after-statement -Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion" --enable-32bit CFLAGS=-m32',
31+
'--disable-intelasm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem=yes,small CPPFLAGS="-DWOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM -DWOLFSSL_MLKEM_MAKEKEY_SMALL_MEM -Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -DNO_INT128"',
2732
]
2833
name: build library
2934
if: github.repository_owner == 'wolfssl'

configure.ac

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1746,6 +1746,9 @@ do
17461746
small)
17471747
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLKEM_SMALL"
17481748
;;
1749+
no-large-code)
1750+
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLKEM_NO_LARGE_CODE"
1751+
;;
17491752
cache-a)
17501753
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLKEM_CACHE_A"
17511754
;;

wolfcrypt/src/wc_mlkem.c

Lines changed: 31 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -368,6 +368,7 @@ int wc_MlKemKey_Free(MlKemKey* key)
368368
*/
369369
int wc_MlKemKey_MakeKey(MlKemKey* key, WC_RNG* rng)
370370
{
371+
#ifndef WC_NO_RNG
371372
int ret = 0;
372373
unsigned char rand[WC_ML_KEM_MAKEKEY_RAND_SZ];
373374

@@ -397,6 +398,11 @@ int wc_MlKemKey_MakeKey(MlKemKey* key, WC_RNG* rng)
397398

398399
/* Step 4: return ret != 0 on falsum or internal key generation failure. */
399400
return ret;
401+
#else
402+
(void)key;
403+
(void)rng;
404+
return NOT_COMPILED_IN;
405+
#endif /* WC_NO_RNG */
400406
}
401407

402408
/**
@@ -516,16 +522,16 @@ int wc_MlKemKey_MakeKeyWithRandom(MlKemKey* key, const unsigned char* rand,
516522
#ifndef WOLFSSL_MLKEM_MAKEKEY_SMALL_MEM
517523
#ifndef WOLFSSL_MLKEM_CACHE_A
518524
/* e (v) | a (m) */
519-
e = (sword16*)XMALLOC((k + 1) * k * MLKEM_N * sizeof(sword16),
525+
e = (sword16*)XMALLOC((size_t)((k + 1) * k * MLKEM_N) * sizeof(sword16),
520526
key->heap, DYNAMIC_TYPE_TMP_BUFFER);
521527
#else
522528
/* e (v) */
523-
e = (sword16*)XMALLOC(k * MLKEM_N * sizeof(sword16),
529+
e = (sword16*)XMALLOC((size_t)(k * MLKEM_N) * sizeof(sword16),
524530
key->heap, DYNAMIC_TYPE_TMP_BUFFER);
525531
#endif
526532
#else
527533
/* e (v) */
528-
e = (sword16*)XMALLOC(k * MLKEM_N * sizeof(sword16),
534+
e = (sword16*)XMALLOC((size_t)(k * MLKEM_N) * sizeof(sword16),
529535
key->heap, DYNAMIC_TYPE_TMP_BUFFER);
530536
#endif
531537
if (e == NULL) {
@@ -557,7 +563,7 @@ int wc_MlKemKey_MakeKeyWithRandom(MlKemKey* key, const unsigned char* rand,
557563
#endif
558564
#ifndef WOLFSSL_NO_ML_KEM
559565
{
560-
buf[0] = k;
566+
buf[0] = (byte)k;
561567
/* Expand 33 bytes of random to 32.
562568
* Alg 13: Step 1: (rho,sigma) <- G(d||k)
563569
*/
@@ -849,7 +855,7 @@ static int mlkemkey_encapsulate(MlKemKey* key, const byte* m, byte* r, byte* c)
849855
/* Generate noise using PRF.
850856
* Steps 9-17: generate y, e_1, e_2
851857
*/
852-
ret = mlkem_get_noise(&key->prf, k, y, e1, e2, r);
858+
ret = mlkem_get_noise(&key->prf, (int)k, y, e1, e2, r);
853859
}
854860
#ifdef WOLFSSL_MLKEM_CACHE_A
855861
if ((ret == 0) && ((key->flags & MLKEM_FLAG_A_SET) != 0)) {
@@ -870,7 +876,7 @@ static int mlkemkey_encapsulate(MlKemKey* key, const byte* m, byte* r, byte* c)
870876
if (ret == 0) {
871877
/* Generate the transposed matrix.
872878
* Step 4-8: generate matrix A_hat */
873-
ret = mlkem_gen_matrix(&key->prf, a, k, key->pubSeed, 1);
879+
ret = mlkem_gen_matrix(&key->prf, a, (int)k, key->pubSeed, 1);
874880
}
875881
if (ret == 0) {
876882
/* Assign remaining allocated dynamic memory to pointers.
@@ -880,7 +886,7 @@ static int mlkemkey_encapsulate(MlKemKey* key, const byte* m, byte* r, byte* c)
880886

881887
/* Perform encapsulation maths.
882888
* Steps 18-19, 21: calculate u and v */
883-
mlkem_encapsulate(key->pub, u, v, a, y, e1, e2, mu, k);
889+
mlkem_encapsulate(key->pub, u, v, a, y, e1, e2, mu, (int)k);
884890
}
885891
#else /* WOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM */
886892
if (ret == 0) {
@@ -892,7 +898,7 @@ static int mlkemkey_encapsulate(MlKemKey* key, const byte* m, byte* r, byte* c)
892898
mlkem_prf_init(&key->prf);
893899
/* Generate noise using PRF.
894900
* Steps 9-12: generate y */
895-
ret = mlkem_get_noise(&key->prf, k, y, NULL, NULL, r);
901+
ret = mlkem_get_noise(&key->prf, (int)k, y, NULL, NULL, r);
896902
}
897903
if (ret == 0) {
898904
/* Assign remaining allocated dynamic memory to pointers.
@@ -903,7 +909,7 @@ static int mlkemkey_encapsulate(MlKemKey* key, const byte* m, byte* r, byte* c)
903909
/* Perform encapsulation maths.
904910
* Steps 13-17: generate e_1 and e_2
905911
* Steps 18-19, 21: calculate u and v */
906-
ret = mlkem_encapsulate_seeds(key->pub, &key->prf, u, a, y, k, m,
912+
ret = mlkem_encapsulate_seeds(key->pub, &key->prf, u, a, y, (int)k, m,
907913
key->pubSeed, r);
908914
}
909915
#endif /* WOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM */
@@ -977,6 +983,7 @@ static int mlkemkey_encapsulate(MlKemKey* key, const byte* m, byte* r, byte* c)
977983
int wc_MlKemKey_Encapsulate(MlKemKey* key, unsigned char* c, unsigned char* k,
978984
WC_RNG* rng)
979985
{
986+
#ifndef WC_NO_RNG
980987
int ret = 0;
981988
unsigned char m[WC_ML_KEM_ENC_RAND_SZ];
982989

@@ -1001,6 +1008,13 @@ int wc_MlKemKey_Encapsulate(MlKemKey* key, unsigned char* c, unsigned char* k,
10011008

10021009
/* Step 3: return ret != 0 on falsum or internal key generation failure. */
10031010
return ret;
1011+
#else
1012+
(void)key;
1013+
(void)c;
1014+
(void)k;
1015+
(void)rng;
1016+
return NOT_COMPILED_IN;
1017+
#endif /* WC_NO_RNG */
10041018
}
10051019

10061020
/**
@@ -1344,7 +1358,7 @@ static MLKEM_NOINLINE int mlkemkey_decapsulate(MlKemKey* key, byte* m,
13441358

13451359
/* Decapsulate the cipher text into polynomial.
13461360
* Step 6: w <- v' - InvNTT(s_hat_trans o NTT(u')) */
1347-
mlkem_decapsulate(key->priv, w, u, v, k);
1361+
mlkem_decapsulate(key->priv, w, u, v, (int)k);
13481362

13491363
/* Convert the polynomial into a array of bytes (message).
13501364
* Step 7: m <- ByteEncode_1(Compress_1(w)) */
@@ -1498,7 +1512,7 @@ int wc_MlKemKey_Decapsulate(MlKemKey* key, unsigned char* ss,
14981512
}
14991513
if (ret == 0) {
15001514
/* Compare generated cipher text with that passed in. */
1501-
fail = mlkem_cmp(ct, cmp, ctSz);
1515+
fail = mlkem_cmp(ct, cmp, (int)ctSz);
15021516

15031517
#if defined(WOLFSSL_MLKEM_KYBER) && !defined(WOLFSSL_NO_ML_KEM)
15041518
if (key->type & MLKEM_KYBER)
@@ -1527,7 +1541,7 @@ int wc_MlKemKey_Decapsulate(MlKemKey* key, unsigned char* ss,
15271541
if (ret == 0) {
15281542
/* Set secret to kr or fake secret on comparison failure. */
15291543
for (i = 0; i < WC_ML_KEM_SYM_SZ; i++) {
1530-
ss[i] = kr[i] ^ ((kr[i] ^ msg[i]) & fail);
1544+
ss[i] = (byte)(kr[i] ^ ((kr[i] ^ msg[i]) & fail));
15311545
}
15321546
}
15331547
}
@@ -1568,7 +1582,7 @@ static void mlkemkey_decode_public(sword16* pub, byte* pubSeed, const byte* p,
15681582

15691583
/* Decode public key that is vector of polynomials.
15701584
* Step 2: t <- ByteDecode_12(ek_PKE[0 : 384k]) */
1571-
mlkem_from_bytes(pub, p, k);
1585+
mlkem_from_bytes(pub, p, (int)k);
15721586
p += k * WC_ML_KEM_POLY_SIZE;
15731587

15741588
/* Read public key seed.
@@ -1684,7 +1698,7 @@ int wc_MlKemKey_DecodePrivateKey(MlKemKey* key, const unsigned char* in,
16841698
/* Decode private key that is vector of polynomials.
16851699
* Alg 18 Step 1: dk_PKE <- dk[0 : 384k]
16861700
* Alg 15 Step 5: s_hat <- ByteDecode_12(dk_PKE) */
1687-
mlkem_from_bytes(key->priv, p, k);
1701+
mlkem_from_bytes(key->priv, p, (int)k);
16881702
p += k * WC_ML_KEM_POLY_SIZE;
16891703

16901704
/* Decode the public key that is after the private key. */
@@ -1793,7 +1807,7 @@ int wc_MlKemKey_DecodePublicKey(MlKemKey* key, const unsigned char* in,
17931807

17941808
if (ret == 0) {
17951809
mlkemkey_decode_public(key->pub, key->pubSeed, p, k);
1796-
ret = mlkem_check_public(key->pub, k);
1810+
ret = mlkem_check_public(key->pub, (int)k);
17971811
}
17981812
if (ret == 0) {
17991813
/* Calculate public hash. */
@@ -2038,7 +2052,7 @@ int wc_MlKemKey_EncodePrivateKey(MlKemKey* key, unsigned char* out, word32 len)
20382052

20392053
if (ret == 0) {
20402054
/* Encode private key that is vector of polynomials. */
2041-
mlkem_to_bytes(p, key->priv, k);
2055+
mlkem_to_bytes(p, key->priv, (int)k);
20422056
p += WC_ML_KEM_POLY_SIZE * k;
20432057

20442058
/* Encode public key. */
@@ -2155,7 +2169,7 @@ int wc_MlKemKey_EncodePublicKey(MlKemKey* key, unsigned char* out, word32 len)
21552169
int i;
21562170

21572171
/* Encode public key polynomial by polynomial. */
2158-
mlkem_to_bytes(p, key->pub, k);
2172+
mlkem_to_bytes(p, key->pub, (int)k);
21592173
p += k * WC_ML_KEM_POLY_SIZE;
21602174

21612175
/* Append public seed. */

0 commit comments

Comments
 (0)