Description
What: wolfcose.c is currently ~6300 lines containing all COSE message types (Sign1, Sign, Encrypt0, Encrypt, MAC0, MAC), all crypto dispatch (ECC, EdDSA,
RSA-PSS, Dilithium, AES-GCM, AES-CCM, ChaCha20-Poly1305, HMAC, AES-CBC-MAC), COSE_Key encode/decode, key distribution (ECDH-ES, key wrap), and all
internal helpers (structure builders, algorithm lookup tables, DER↔raw signature conversion). wolfcose_cbor.c (637 lines) is already split out, but the
rest is monolithic.
Why it matters:
- Review burden: A security reviewer reading the Sign1 verify path has to scroll past 4000 lines of unrelated Encrypt/MAC/key-distribution code. The
relevant code for any single operation is scattered across the file with no clear boundaries.
- Merge conflicts: Any two contributors working on different message types will collide on the same file. This slows down parallel development.
- Compile-time gating: wolfCOSE already has fine-grained WOLFCOSE_NO_* feature gates, but the compiler still has to parse the entire file. Splitting lets
#ifdef blocks live in their own translation units, and linkers can dead-strip entire .o files.
- Testability: Unit-testing internal helpers (like wolfCose_EccSignRaw or wolfCose_BuildToBeSignedMaced) is easier when they're in focused files with
clear boundaries.
Ground rules for the split:
- No behavior changes — pure refactor, all tests must pass identically before and after
- wolfcose_internal.h remains the single internal header, extended as needed with WOLFCOSE_LOCAL prototypes for cross-file calls
- Feature gates (#ifdef WOLFCOSE_SIGN1, etc.) move to the file boundaries so entire files compile to nothing when disabled
- wc_ForceZero patterns stay exactly where they are — this is not an opportunity to "clean up" wipe calls
Description
What: wolfcose.c is currently ~6300 lines containing all COSE message types (Sign1, Sign, Encrypt0, Encrypt, MAC0, MAC), all crypto dispatch (ECC, EdDSA,
RSA-PSS, Dilithium, AES-GCM, AES-CCM, ChaCha20-Poly1305, HMAC, AES-CBC-MAC), COSE_Key encode/decode, key distribution (ECDH-ES, key wrap), and all
internal helpers (structure builders, algorithm lookup tables, DER↔raw signature conversion). wolfcose_cbor.c (637 lines) is already split out, but the
rest is monolithic.
Why it matters:
relevant code for any single operation is scattered across the file with no clear boundaries.
#ifdef blocks live in their own translation units, and linkers can dead-strip entire .o files.
clear boundaries.
Ground rules for the split: