Tidy crypto (#7009)

Author: achamayou

.clang-tidy

@@ -19,8 +19,24 @@ Checks: >
   -readability-function-cognitive-complexity,
   -misc-const-correctness,
   -misc-include-cleaner,
-  -readability-identifier-length
+  -readability-identifier-length,
+  -cppcoreguidelines-pro-type-union-access,
+  -cppcoreguidelines-pro-type-reinterpret-cast,
+  -cppcoreguidelines-avoid-non-const-global-variables,
+  -misc-use-anonymous-namespace,
+  -readability-avoid-nested-conditional-operator,
+  -cppcoreguidelines-pro-bounds-constant-array-index,
+  -cppcoreguidelines-narrowing-conversions,
+  -bugprone-narrowing-conversions,
+  -bugprone-easily-swappable-parameters,
+  -cppcoreguidelines-pro-bounds-pointer-arithmetic,
+  -cppcoreguidelines-avoid-c-arrays,
+  -modernize-avoid-c-arrays,
+  -cppcoreguidelines-pro-type-const-cast,
+  -bugprone-assignment-in-if-condition,
+  -performance-enum-size,
+  -bugprone-casting-through-void
 
 WarningsAsErrors: '*'
-HeaderFilterRegex: '.*/3rdparty/.*'
+HeaderFilterRegex: '?!(3rdparty)'
 FormatStyle:     'file'

cmake/crypto.cmake

@@ -33,6 +33,7 @@ set(CCFCRYPTO_SRC
 if(COMPILE_TARGET STREQUAL "snp")
   add_library(ccfcrypto.snp ${CCFCRYPTO_SRC})
   add_san(ccfcrypto.snp)
+  add_tidy(ccfcrypto.snp)
   target_compile_options(ccfcrypto.snp PUBLIC ${COMPILE_LIBCXX})
   target_link_options(ccfcrypto.snp PUBLIC ${LINK_LIBCXX})
   target_link_libraries(ccfcrypto.snp PUBLIC qcbor.snp)
@@ -56,6 +57,7 @@ find_library(TLS_LIBRARY ssl)
 
 add_library(ccfcrypto.host STATIC ${CCFCRYPTO_SRC})
 add_san(ccfcrypto.host)
+add_tidy(ccfcrypto.host)
 target_compile_options(ccfcrypto.host PUBLIC ${COMPILE_LIBCXX})
 target_link_options(ccfcrypto.host PUBLIC ${LINK_LIBCXX})
 

include/ccf/crypto/key_pair.h

@@ -183,7 +183,7 @@ namespace ccf::crypto
    * @param pkey PEM key to load
    * @return Key pair
    */
-  KeyPairPtr make_key_pair(const Pem& pkey);
+  KeyPairPtr make_key_pair(const Pem& pem);
 
   /**
    * Construct a new public / private ECDSA key pair from a JsonWebKeyECPrivate

include/ccf/crypto/openssl/openssl_wrappers.h

@@ -32,7 +32,7 @@ namespace ccf::crypto
      */
 
     /// Returns the error string from an error code
-    inline std::string error_string(int ec)
+    inline std::string error_string(unsigned long ec)
     {
       // ERR_error_string doesn't really expect the code could actually be zero
       // and uses the `static char buf[256]` which is NOT cleaned nor checked
@@ -42,7 +42,7 @@ namespace ccf::crypto
         std::string err(256, '\0');
         ERR_load_crypto_strings();
         SSL_load_error_strings();
-        ERR_error_string_n((unsigned long)ec, err.data(), err.size());
+        ERR_error_string_n(ec, err.data(), err.size());
         ERR_free_strings();
         // Remove any trailing NULs before returning
         err.resize(std::strlen(err.c_str()));
@@ -166,9 +166,9 @@ namespace ccf::crypto
         Unique_SSL_OBJECT(
           BIO_new_mem_buf(buf, len), [](auto x) { BIO_free(x); })
       {}
-      Unique_BIO(const std::vector<uint8_t>& d) :
+      Unique_BIO(std::span<const uint8_t> s) :
         Unique_SSL_OBJECT(
-          BIO_new_mem_buf(d.data(), d.size()), [](auto x) { BIO_free(x); })
+          BIO_new_mem_buf(s.data(), s.size()), [](auto x) { BIO_free(x); })
       {}
       Unique_BIO(const Pem& pem) :
         Unique_SSL_OBJECT(

include/ccf/crypto/pem.h

@@ -22,7 +22,7 @@ namespace ccf::crypto
 
   public:
     Pem() = default;
-    Pem(const std::string& s_);
+    Pem(std::string pem_string);
     Pem(const uint8_t* data, size_t size);
 
     explicit Pem(std::span<const uint8_t> s) : Pem(s.data(), s.size()) {}

src/crypto/base64.cpp

@@ -17,16 +17,18 @@ namespace ccf::crypto
   std::vector<uint8_t> raw_from_b64url(const std::string_view& b64url_string)
   {
     std::string b64_string = std::string(b64url_string);
-    for (size_t i = 0; i < b64_string.size(); i++)
+    for (char& c : b64_string)
     {
-      switch (b64_string[i])
+      switch (c)
       {
         case '-':
-          b64_string[i] = '+';
+          c = '+';
           break;
         case '_':
-          b64_string[i] = '/';
+          c = '/';
           break;
+        default:
+          continue;
       }
     }
     auto padding = b64_string.size() % 4 == 2 ? 2 :
@@ -51,16 +53,18 @@ namespace ccf::crypto
   {
     auto r = Base64Impl::b64_from_raw(data, size);
 
-    for (size_t i = 0; i < r.size(); i++)
+    for (char& c : r)
     {
-      switch (r[i])
+      switch (c)
       {
         case '+':
-          r[i] = '-';
+          c = '-';
           break;
         case '/':
-          r[i] = '_';
+          c = '_';
           break;
+        default:
+          continue;
       }
     }
 

src/crypto/cose.cpp

@@ -16,7 +16,7 @@ namespace ccf::cose::edit
   {
     UsefulBufC buf{cose_input.data(), cose_input.size()};
 
-    QCBORError err;
+    QCBORError err = QCBOR_SUCCESS;
     QCBORDecodeContext ctx;
     QCBORDecode_Init(&ctx, buf, QCBOR_DECODE_MODE_NORMAL);
 
@@ -88,7 +88,7 @@ namespace ccf::cose::edit
     }
     else if (std::holds_alternative<desc::Value>(descriptor))
     {
-      auto& [pos, key, value] = std::get<desc::Value>(descriptor);
+      const auto& [pos, key, value] = std::get<desc::Value>(descriptor);
 
       // Maximum expected size of the additional map, sub-map is the
       // worst-case scenario
@@ -126,7 +126,7 @@ namespace ccf::cose::edit
     }
     else if (std::holds_alternative<desc::Value>(descriptor))
     {
-      auto& [pos, key, value] = std::get<desc::Value>(descriptor);
+      const auto& [pos, key, value] = std::get<desc::Value>(descriptor);
 
       if (std::holds_alternative<pos::InArray>(pos))
       {

src/crypto/ecdsa.cpp

@@ -39,7 +39,7 @@ namespace ccf::crypto
     auto der_size = i2d_ECDSA_SIG(sig, nullptr);
     OpenSSL::CHECK0(der_size);
     std::vector<uint8_t> der_sig(der_size);
-    auto der_sig_buf = der_sig.data();
+    auto* der_sig_buf = der_sig.data();
     OpenSSL::CHECK0(i2d_ECDSA_SIG(sig, &der_sig_buf));
     return der_sig;
   }
@@ -55,9 +55,9 @@ namespace ccf::crypto
   std::vector<uint8_t> ecdsa_sig_der_to_p1363(
     const std::vector<uint8_t>& signature, CurveID curveId)
   {
-    auto sig_ptr = signature.data();
+    const auto* sig_ptr = signature.data();
     OpenSSL::Unique_ECDSA_SIG ecdsa_sig(
-      d2i_ECDSA_SIG(NULL, &sig_ptr, signature.size()));
+      d2i_ECDSA_SIG(nullptr, &sig_ptr, signature.size()));
     // r and s are managed by Unique_ECDSA_SIG object, so we shouldn't use
     // Unique_BIGNUM for them
     const BIGNUM* r = ECDSA_SIG_get0_r(ecdsa_sig);

src/crypto/hash.cpp

@@ -10,7 +10,7 @@ namespace ccf::crypto
 {
   void default_sha256(const std::span<const uint8_t>& data, uint8_t* h)
   {
-    return openssl_sha256(data, h);
+    openssl_sha256(data, h);
   }
 
   std::vector<uint8_t> sha256(const std::vector<uint8_t>& data)

src/crypto/hmac.cpp

@@ -4,6 +4,7 @@
 
 #include "crypto/openssl/hash.h"
 
+#include <limits>
 #include <openssl/hmac.h>
 
 namespace ccf::crypto
@@ -15,18 +16,23 @@ namespace ccf::crypto
       const std::vector<uint8_t>& key,
       const std::vector<uint8_t>& data)
     {
-      auto o_md_type = OpenSSL::get_md_type(type);
+      const auto* o_md_type = OpenSSL::get_md_type(type);
       HashBytes r(EVP_MD_size(o_md_type));
       unsigned int len = 0;
-      auto rc = HMAC(
+      if (key.size() > std::numeric_limits<int>::max())
+      {
+        throw std::logic_error("Key size is too large");
+      }
+      int key_size = static_cast<int>(key.size());
+      auto* rc = HMAC(
         o_md_type,
         key.data(),
-        key.size(),
+        key_size,
         data.data(),
         data.size(),
         r.data(),
         &len);
-      if (rc == 0)
+      if (rc == nullptr)
       {
         throw std::logic_error("HMAC Failed");
       }

src/crypto/key_wrap.cpp

@@ -8,6 +8,7 @@
 #include "ccf/crypto/symmetric_key.h"
 #include "openssl/symmetric_key.h"
 
+#include <climits>
 #include <cstdint>
 #include <openssl/rand.h>
 #include <stdexcept>
@@ -19,7 +20,7 @@ namespace ccf::crypto
   // http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/cos01/pkcs11-curr-v2.40-cos01.html
 
   std::vector<uint8_t> ckm_rsa_pkcs_oaep_wrap(
-    RSAPublicKeyPtr wrapping_key,
+    RSAPublicKeyPtr wrapping_key, // NOLINT(performance-unnecessary-value-param)
     const std::vector<uint8_t>& unwrapped,
     const std::optional<std::vector<uint8_t>>& label)
   {
@@ -36,7 +37,7 @@ namespace ccf::crypto
   }
 
   std::vector<uint8_t> ckm_rsa_pkcs_oaep_unwrap(
-    RSAKeyPairPtr wrapping_key,
+    RSAKeyPairPtr wrapping_key, // NOLINT(performance-unnecessary-value-param)
     const std::vector<uint8_t>& wrapped,
     const std::optional<std::vector<uint8_t>>& label)
   {
@@ -68,18 +69,30 @@ namespace ccf::crypto
     return ossl->ckm_aes_key_unwrap_pad(wrapped);
   }
 
+  static constexpr size_t AES_KEY_SIZE_128 = 128;
+  static constexpr size_t AES_KEY_SIZE_192 = 192;
+  static constexpr size_t AES_KEY_SIZE_256 = 256;
+
+  static constexpr size_t AES_KEY_SIZE_128_BYTES = 16;
+  static constexpr size_t AES_KEY_SIZE_192_BYTES = 24;
+  static constexpr size_t AES_KEY_SIZE_256_BYTES = 32;
+
   std::vector<uint8_t> ckm_rsa_aes_key_wrap(
     size_t aes_key_size,
-    RSAPublicKeyPtr wrapping_key,
+    RSAPublicKeyPtr wrapping_key, // NOLINT(performance-unnecessary-value-param)
     const std::vector<uint8_t>& unwrapped,
     const std::optional<std::vector<uint8_t>>& label)
   {
-    if (aes_key_size != 128 && aes_key_size != 192 && aes_key_size != 256)
+    if (
+      aes_key_size != AES_KEY_SIZE_128 && aes_key_size != AES_KEY_SIZE_192 &&
+      aes_key_size != AES_KEY_SIZE_256)
+    {
       throw std::runtime_error("invalid key size");
+    }
 
     // - Generates temporary random AES key of ulAESKeyBits length. This key is
     //   not accessible to the user - no handle is returned.
-    std::vector<uint8_t> taeskey(aes_key_size / 8);
+    std::vector<uint8_t> taeskey(aes_key_size / CHAR_BIT);
     RAND_bytes(taeskey.data(), taeskey.size());
 
     // - Wraps the AES key with the wrapping RSA key using CKM_RSA_PKCS_OAEP
@@ -112,18 +125,20 @@ namespace ccf::crypto
   }
 
   std::vector<uint8_t> ckm_rsa_aes_key_unwrap(
-    RSAKeyPairPtr wrapping_key,
+    RSAKeyPairPtr wrapping_key, // NOLINT(performance-unnecessary-value-param)
     const std::vector<uint8_t>& wrapped,
     const std::optional<std::vector<uint8_t>>& label)
   {
     // - Splits the input into two parts. The first is the wrapped AES key, and
     //   the second is the wrapped target key. The length of the first part is
     //   equal to the length of the unwrapping RSA key.
 
-    size_t w_aes_sz = wrapping_key->key_size() / 8;
+    size_t w_aes_sz = wrapping_key->key_size() / CHAR_BIT;
 
     if (wrapped.size() <= w_aes_sz)
+    {
       throw std::runtime_error("not enough ciphertext");
+    }
 
     std::vector<uint8_t> w_aeskey(wrapped.begin(), wrapped.begin() + w_aes_sz);
     std::vector<uint8_t> w_target(wrapped.begin() + w_aes_sz, wrapped.end());
@@ -134,8 +149,13 @@ namespace ccf::crypto
     std::vector<uint8_t> t_aeskey =
       wrapping_key->rsa_oaep_unwrap(w_aeskey, label);
 
-    if (t_aeskey.size() != 16 && t_aeskey.size() != 24 && t_aeskey.size() != 32)
+    if (
+      t_aeskey.size() != AES_KEY_SIZE_128_BYTES &&
+      t_aeskey.size() != AES_KEY_SIZE_192_BYTES &&
+      t_aeskey.size() != AES_KEY_SIZE_256_BYTES)
+    {
       throw std::runtime_error("invalid key size");
+    }
 
     // - Un-wraps the target key from the second part with the temporary AES key
     //   using CKM_AES_KEY_WRAP_PAD (RFC5649).