Use byte ctxLen in wc_dilithium_verify_ctx_msg cdef (F-4014)#141
Draft
julek-wolfssl wants to merge 2 commits into
Draft
Use byte ctxLen in wc_dilithium_verify_ctx_msg cdef (F-4014)#141julek-wolfssl wants to merge 2 commits into
julek-wolfssl wants to merge 2 commits into
Conversation
The CFFI cdef declared wc_dilithium_verify_ctx_msg with word32 ctxLen while the sign variants use byte ctxLen. wolfSSL's real API (wc_MlDsaKey_VerifyCtx in wolfcrypt/wc_mldsa.h, which the wc_dilithium_verify_ctx_msg macro forwards to) takes byte ctxLen, matching FIPS 204's 255-byte context cap. The mismatched cdef made CFFI marshal a 4-byte word32 into a 1-byte slot, silently truncating any ctxLen > 255 to its low byte. Declare ctxLen as byte to match the sign cdef and the underlying API.
There was a problem hiding this comment.
Pull request overview
This pull request fixes an FFI type mismatch for ML-DSA (Dilithium) context-length handling so the Python CFFI binding matches wolfSSL’s underlying API and FIPS 204’s 255-byte context limit.
Changes:
- Update the CFFI
cdefforwc_dilithium_verify_ctx_msgsoctxLenis declared asbyte(notword32). - Align the verify cdef with the existing sign cdefs and the underlying forwarded wolfSSL API to avoid silent truncation.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| int wc_dilithium_sign_ctx_msg(const byte* ctx, byte ctxLen, const byte* msg, word32 msgLen, byte* sig, word32* sigLen, dilithium_key* key, WC_RNG* rng); | ||
| int wc_dilithium_sign_ctx_msg_with_seed(const byte* ctx, byte ctxLen, const byte* msg, word32 msgLen, byte* sig, word32* sigLen, dilithium_key* key, const byte* seed); | ||
| int wc_dilithium_verify_ctx_msg(const byte* sig, word32 sigLen, const byte* ctx, word32 ctxLen, const byte* msg, word32 msgLen, int* res, dilithium_key* key); | ||
| int wc_dilithium_verify_ctx_msg(const byte* sig, word32 sigLen, const byte* ctx, byte ctxLen, const byte* msg, word32 msgLen, int* res, dilithium_key* key); |
MlDsa.sign/sign_with_seed reject a context longer than 255 bytes with ValueError, but verify did not. With ctxLen now correctly declared as byte in the cdef, an over-long ctx would surface as a low-level CFFI OverflowError instead of the consistent ValueError callers get from the signing paths. Reject len(ctx) > 255 with ValueError in verify, matching sign.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
The CFFI cdef for
wc_dilithium_verify_ctx_msgdeclaredctxLenasword32, while the sign variants (wc_dilithium_sign_ctx_msg,wc_dilithium_sign_ctx_msg_with_seed) declare it asbyte.wolfSSL's real API is
wc_MlDsaKey_VerifyCtx(wolfssl/wolfcrypt/wc_mldsa.h), which thewc_dilithium_verify_ctx_msgmacro forwards to, and it takesbyte ctxLen— matching FIPS 204's 255-byte context cap.The mismatched cdef made CFFI marshal a 4-byte
word32into a 1-byte slot, silently truncating anyctxLen > 255to its low byte.This declares
ctxLenasbyteso the cdef matches both the sign cdefs and the underlying API.Fixes
F-4014