From 6fb617aba96d6eab02860f3c11dddef6710bc3cd Mon Sep 17 00:00:00 2001 From: rizlik Date: Wed, 22 Apr 2026 13:14:00 +0000 Subject: [PATCH] tests/swdev: add ECC support to wc_swdev Extend the swdev callback to handle ECC operations: keygen, ECDH, sign, verify, get-size, get-sig-size. Relax WOLF_CRYPTO_CB_ONLY_ECC guards in the test suite so that tests run under swdev, and wire wc_SwDev_Init/Cleanup into testsuite, client, and server. Two tests are intentionally kept excluded even with swdev because they call raw ECC math primitives (wc_ecc_mulmod, on-curve validation in wc_ecc_import_x963) that are stripped below the cryptocb dispatch layer: - ecc_mulmod_test (wolfcrypt/test/test.c) - test_wc_ecc_import_x963_off_curve (tests/api/test_ecc.c) --- examples/client/client.c | 13 +++++ examples/client/include.am | 5 ++ examples/server/include.am | 5 ++ examples/server/server.c | 13 +++++ tests/api.c | 54 ++++++++++++--------- tests/api/test_ecc.c | 5 +- tests/include.am | 5 ++ tests/suites.c | 3 +- tests/swdev/swdev.c | 97 +++++++++++++++++++++++++++++++++++++- tests/unit.c | 31 ++++++++++++ testsuite/include.am | 5 ++ testsuite/testsuite.c | 30 +++++++++++- wolfcrypt/test/test.c | 62 ++++++++++++++---------- wolfcrypt/test/test.h | 2 +- 14 files changed, 276 insertions(+), 54 deletions(-) diff --git a/examples/client/client.c b/examples/client/client.c index 4a60f3b6a1..a35639ef84 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -51,6 +51,10 @@ static const char *wolfsentry_config_path = NULL; #include #include +#ifdef WOLFSSL_SWDEV + #include "tests/swdev/swdev_loader.h" +#endif + #ifdef USE_FLAT_TEST_H #include "client.h" #else @@ -5056,6 +5060,12 @@ exit: wolfSSL_Debugging_ON(); #endif wolfSSL_Init(); +#ifdef WOLFSSL_SWDEV + if (wc_SwDev_Init() != 0) { + fprintf(stderr, "wc_SwDev_Init failed\n"); + return EXIT_FAILURE; + } +#endif ChangeToWolfRoot(); #if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_TLS) @@ -5066,6 +5076,9 @@ exit: #endif #else fprintf(stderr, "Client not compiled in!\n"); +#endif +#ifdef WOLFSSL_SWDEV + wc_SwDev_Cleanup(); #endif wolfSSL_Cleanup(); diff --git a/examples/client/include.am b/examples/client/include.am index 36e65f218c..30d70e8c81 100644 --- a/examples/client/include.am +++ b/examples/client/include.am @@ -7,6 +7,11 @@ noinst_HEADERS += examples/client/client.h examples_client_client_SOURCES = examples/client/client.c examples_client_client_LDADD = src/libwolfssl@LIBSUFFIX@.la $(LIB_STATIC_ADD) $(WOLFSENTRY_LIB) examples_client_client_DEPENDENCIES = src/libwolfssl@LIBSUFFIX@.la +if BUILD_SWDEV +examples_client_client_SOURCES += tests/swdev/swdev_loader.c +examples_client_client_LDADD += $(top_builddir)/tests/swdev/build/swdev.o $(LIBM) +examples_client_client_DEPENDENCIES += $(top_builddir)/tests/swdev/build/swdev.o +endif examples_client_client_CFLAGS = $(WOLFSENTRY_INCLUDE) $(AM_CFLAGS) endif EXTRA_DIST += examples/client/client.sln diff --git a/examples/server/include.am b/examples/server/include.am index cb591d9e34..990bff650d 100644 --- a/examples/server/include.am +++ b/examples/server/include.am @@ -9,6 +9,11 @@ noinst_HEADERS += examples/server/server.h examples_server_server_SOURCES = examples/server/server.c examples_server_server_LDADD = src/libwolfssl@LIBSUFFIX@.la $(LIB_STATIC_ADD) $(WOLFSENTRY_LIB) examples_server_server_DEPENDENCIES = src/libwolfssl@LIBSUFFIX@.la +if BUILD_SWDEV +examples_server_server_SOURCES += tests/swdev/swdev_loader.c +examples_server_server_LDADD += $(top_builddir)/tests/swdev/build/swdev.o $(LIBM) +examples_server_server_DEPENDENCIES += $(top_builddir)/tests/swdev/build/swdev.o +endif examples_server_server_CFLAGS = $(WOLFSENTRY_INCLUDE) $(AM_CFLAGS) endif EXTRA_DIST += examples/server/server.sln diff --git a/examples/server/server.c b/examples/server/server.c index e0e0d85da1..a3fba6591e 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -67,6 +67,10 @@ static const char *wolfsentry_config_path = NULL; #include #include +#ifdef WOLFSSL_SWDEV + #include "tests/swdev/swdev_loader.h" +#endif + #ifdef USE_FLAT_TEST_H #include "server.h" #else @@ -4255,6 +4259,12 @@ exit: wolfSSL_Init(); #ifdef WC_RNG_SEED_CB wc_SetSeed_Cb(WC_GENERATE_SEED_DEFAULT); +#endif +#ifdef WOLFSSL_SWDEV + if (wc_SwDev_Init() != 0) { + fprintf(stderr, "wc_SwDev_Init failed\n"); + return EXIT_FAILURE; + } #endif ChangeToWolfRoot(); @@ -4268,6 +4278,9 @@ exit: fprintf(stderr, "Server not compiled in!\n"); #endif +#ifdef WOLFSSL_SWDEV + wc_SwDev_Cleanup(); +#endif wolfSSL_Cleanup(); FreeTcpReady(&ready); diff --git a/tests/api.c b/tests/api.c index 983d02ecd6..79f1bed2d5 100644 --- a/tests/api.c +++ b/tests/api.c @@ -65,6 +65,10 @@ #include #include +#ifdef WOLFSSL_SWDEV +#include "swdev/swdev_loader.h" +#endif + /* for testing compatibility layer callbacks */ #include "examples/server/server.h" @@ -40790,7 +40794,9 @@ TEST_CASE testCases[] = { static void TestSetup(void) { -/* Stub, for now. Add common test setup code here. */ +#ifdef WOLFSSL_SWDEV + (void)wc_SwDev_Init(); +#endif } static void TestCleanup(void) @@ -41012,20 +41018,24 @@ int ApiTest(void) printf(" Begin API Tests\n"); fflush(stdout); - /* we must perform init and cleanup if not all tests are running */ - if (!testAll) { - #ifdef WOLFCRYPT_ONLY - if (wolfCrypt_Init() != 0) { - printf("wolfCrypt Initialization failed\n"); - res = 1; - } - #else - if (wolfSSL_Init() != WOLFSSL_SUCCESS) { - printf("wolfSSL Initialization failed\n"); - res = 1; - } - #endif +#ifdef WOLFCRYPT_ONLY + if (wolfCrypt_Init() != 0) { + printf("wolfCrypt Initialization failed\n"); + res = 1; } +#else + if (wolfSSL_Init() != WOLFSSL_SUCCESS) { + printf("wolfSSL Initialization failed\n"); + res = 1; + } +#endif + +#ifdef WOLFSSL_SWDEV + if (res == 0 && wc_SwDev_Init() != 0) { + printf("wc_SwDev_Init failed\n"); + res = 1; + } +#endif #ifdef WOLFSSL_DUMP_MEMIO_STREAM if (res == 0) { @@ -41117,13 +41127,15 @@ int ApiTest(void) wc_ecc_fp_free(); /* free per thread cache */ #endif - if (!testAll) { - #ifdef WOLFCRYPT_ONLY - wolfCrypt_Cleanup(); - #else - wolfSSL_Cleanup(); - #endif - } +#ifdef WOLFSSL_SWDEV + wc_SwDev_Cleanup(); +#endif + +#ifdef WOLFCRYPT_ONLY + wolfCrypt_Cleanup(); +#else + wolfSSL_Cleanup(); +#endif (void)testDevId; diff --git a/tests/api/test_ecc.c b/tests/api/test_ecc.c index 88d1ece7fc..90d5ced882 100644 --- a/tests/api/test_ecc.c +++ b/tests/api/test_ecc.c @@ -785,9 +785,12 @@ int test_wc_ecc_import_x963(void) int test_wc_ecc_import_x963_off_curve(void) { EXPECT_DECLS; +/* point-on-curve validation inside wc_ecc_import_x963 is raw math stripped + * by WOLF_CRYPTO_CB_ONLY_ECC; swdev cannot reach below the dispatch layer. */ #if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_IMPORT) && \ !defined(NO_ECC256) && !defined(NO_ECC_SECP) && \ - (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7,0)) && !defined(HAVE_SELFTEST) + (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7,0)) && !defined(HAVE_SELFTEST) && \ + !defined(WOLF_CRYPTO_CB_ONLY_ECC) ecc_key pubKey; /* Uncompressed X9.63 P-256 point: 0x04 || Gx || Gy with the last byte * of Gy flipped by 1. Gx/Gy are the NIST P-256 generator coordinates; diff --git a/tests/include.am b/tests/include.am index b512f72449..fae3242a88 100644 --- a/tests/include.am +++ b/tests/include.am @@ -24,6 +24,11 @@ endif tests_unit_test_CFLAGS = -DNO_MAIN_DRIVER $(AM_CFLAGS) $(WOLFSENTRY_INCLUDE) tests_unit_test_LDADD = src/libwolfssl@LIBSUFFIX@.la $(LIB_STATIC_ADD) $(WOLFSENTRY_LIB) tests_unit_test_DEPENDENCIES = src/libwolfssl@LIBSUFFIX@.la +if BUILD_SWDEV +tests_unit_test_SOURCES += tests/swdev/swdev_loader.c +tests_unit_test_LDADD += $(top_builddir)/tests/swdev/build/swdev.o $(LIBM) +tests_unit_test_DEPENDENCIES += $(top_builddir)/tests/swdev/build/swdev.o +endif include tests/api/include.am endif EXTRA_DIST += tests/unit.h \ diff --git a/tests/suites.c b/tests/suites.c index 3192e5070c..4e830fd75a 100644 --- a/tests/suites.c +++ b/tests/suites.c @@ -1008,7 +1008,8 @@ int SuiteTest(int argc, char** argv) { #if !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) && \ !defined(NO_TLS) && !defined(SINGLE_THREADED) && \ - !defined(WOLF_CRYPTO_CB_ONLY_RSA) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) + (defined(WOLFSSL_SWDEV) || \ + (!defined(WOLF_CRYPTO_CB_ONLY_RSA) && !defined(WOLF_CRYPTO_CB_ONLY_ECC))) func_args args; char argv0[3][80]; char* myArgv[3]; diff --git a/tests/swdev/swdev.c b/tests/swdev/swdev.c index 476bbfb243..6c85e54973 100644 --- a/tests/swdev/swdev.c +++ b/tests/swdev/swdev.c @@ -7,6 +7,10 @@ #include #include +#ifdef HAVE_ECC +#include +#endif + static int swdev_initialized = 0; static int swdev_ensure_init(void) @@ -20,6 +24,74 @@ static int swdev_ensure_init(void) return 0; } +#ifdef HAVE_ECC +static int swdev_ecc_keygen(wc_CryptoInfo* info) +{ +#ifdef HAVE_ECC_DHE + return wc_ecc_make_key_ex(info->pk.eckg.rng, info->pk.eckg.size, + info->pk.eckg.key, info->pk.eckg.curveId); +#else + (void)info; + return CRYPTOCB_UNAVAILABLE; +#endif +} + +static int swdev_ecdh(wc_CryptoInfo* info) +{ +#ifdef HAVE_ECC_DHE + return wc_ecc_shared_secret(info->pk.ecdh.private_key, + info->pk.ecdh.public_key, info->pk.ecdh.out, + info->pk.ecdh.outlen); +#else + (void)info; + return CRYPTOCB_UNAVAILABLE; +#endif +} + +static int swdev_ecc_sign(wc_CryptoInfo* info) +{ +#ifdef HAVE_ECC_SIGN + return wc_ecc_sign_hash(info->pk.eccsign.in, info->pk.eccsign.inlen, + info->pk.eccsign.out, info->pk.eccsign.outlen, + info->pk.eccsign.rng, info->pk.eccsign.key); +#else + (void)info; + return CRYPTOCB_UNAVAILABLE; +#endif +} + +static int swdev_ecc_verify(wc_CryptoInfo* info) +{ +#ifdef HAVE_ECC_VERIFY + return wc_ecc_verify_hash(info->pk.eccverify.sig, + info->pk.eccverify.siglen, info->pk.eccverify.hash, + info->pk.eccverify.hashlen, info->pk.eccverify.res, + info->pk.eccverify.key); +#else + (void)info; + return CRYPTOCB_UNAVAILABLE; +#endif +} + +static int swdev_ecc_get_size(wc_CryptoInfo* info) +{ + int sz = wc_ecc_size((ecc_key*)info->pk.ecc_get_size.key); + if (sz <= 0) + return sz; /* propagate negative error */ + *info->pk.ecc_get_size.keySize = sz; + return 0; +} + +static int swdev_ecc_get_sig_size(wc_CryptoInfo* info) +{ + int sz = wc_ecc_sig_size(info->pk.ecc_get_sig_size.key); + if (sz <= 0) + return sz; + *info->pk.ecc_get_sig_size.sigSize = sz; + return 0; +} +#endif /* HAVE_ECC */ + WC_SWDEV_EXPORT int wc_SwDev_Callback(int devId, wc_CryptoInfo* info, void* ctx) { @@ -35,6 +107,27 @@ WC_SWDEV_EXPORT int wc_SwDev_Callback(int devId, wc_CryptoInfo* info, if (ret != 0) return ret; - (void)ret; - return CRYPTOCB_UNAVAILABLE; + switch (info->algo_type) { +#ifdef HAVE_ECC + case WC_ALGO_TYPE_PK: + switch (info->pk.type) { + case WC_PK_TYPE_EC_KEYGEN: + return swdev_ecc_keygen(info); + case WC_PK_TYPE_ECDH: + return swdev_ecdh(info); + case WC_PK_TYPE_ECDSA_SIGN: + return swdev_ecc_sign(info); + case WC_PK_TYPE_ECDSA_VERIFY: + return swdev_ecc_verify(info); + case WC_PK_TYPE_EC_GET_SIZE: + return swdev_ecc_get_size(info); + case WC_PK_TYPE_EC_GET_SIG_SIZE: + return swdev_ecc_get_sig_size(info); + default: + return CRYPTOCB_UNAVAILABLE; + } +#endif /* HAVE_ECC */ + default: + return CRYPTOCB_UNAVAILABLE; + } } diff --git a/tests/unit.c b/tests/unit.c index 9a26183e83..1734f7abbe 100644 --- a/tests/unit.c +++ b/tests/unit.c @@ -37,6 +37,10 @@ #include "wolfcrypt/test/test.h" #endif +#ifdef WOLFSSL_SWDEV +#include "swdev/swdev_loader.h" +#endif + int allTesting = 1; int apiTesting = 1; int myoptind = 0; @@ -263,6 +267,13 @@ int unit_test(int argc, char** argv) goto exit; } + #ifdef WOLFSSL_SWDEV + if ((ret = wc_SwDev_Init()) != 0) { + fprintf(stderr, "wc_SwDev_Init failed: %d\n", (int)ret); + goto exit; + } + #endif + XMEMSET(&wc_args, 0, sizeof(wc_args)); wolfcrypt_test(&wc_args); if (wc_args.return_code != 0) { @@ -270,6 +281,10 @@ int unit_test(int argc, char** argv) goto exit; } + #ifdef WOLFSSL_SWDEV + wc_SwDev_Cleanup(); + #endif + if ((ret = wolfCrypt_Cleanup()) != 0) { fprintf(stderr, "wolfCrypt_Cleanup failed: %d\n", (int)ret); goto exit; @@ -322,10 +337,26 @@ int unit_test(int argc, char** argv) !defined(NO_TLS) && \ !defined(SINGLE_THREADED) && \ defined(WOLFSSL_PEM_TO_DER) + #ifdef WOLFSSL_SWDEV + if (wolfCrypt_Init() != 0) { + fprintf(stderr, "wolfCrypt_Init before SuiteTest failed\n"); + ret = 1; + goto exit; + } + if (wc_SwDev_Init() != 0) { + fprintf(stderr, "wc_SwDev_Init before SuiteTest failed\n"); + ret = 1; + goto exit; + } + #endif if ((ret = SuiteTest(argc, argv)) != 0) { fprintf(stderr, "suite test failed with %d\n", ret); goto exit; } + #ifdef WOLFSSL_SWDEV + wc_SwDev_Cleanup(); + wolfCrypt_Cleanup(); + #endif #endif exit: diff --git a/testsuite/include.am b/testsuite/include.am index 5c750e6a3f..97fe77ccda 100644 --- a/testsuite/include.am +++ b/testsuite/include.am @@ -17,6 +17,11 @@ testsuite_testsuite_test_SOURCES = \ testsuite_testsuite_test_CFLAGS = -DNO_MAIN_DRIVER $(AM_CFLAGS) $(WOLFSENTRY_INCLUDE) testsuite_testsuite_test_LDADD = src/libwolfssl@LIBSUFFIX@.la $(LIB_STATIC_ADD) $(WOLFSENTRY_LIB) testsuite_testsuite_test_DEPENDENCIES = src/libwolfssl@LIBSUFFIX@.la +if BUILD_SWDEV +testsuite_testsuite_test_SOURCES += tests/swdev/swdev_loader.c +testsuite_testsuite_test_LDADD += $(top_builddir)/tests/swdev/build/swdev.o $(LIBM) +testsuite_testsuite_test_DEPENDENCIES += $(top_builddir)/tests/swdev/build/swdev.o +endif endif EXTRA_DIST += testsuite/testsuite.sln EXTRA_DIST += testsuite/testsuite.vcproj diff --git a/testsuite/testsuite.c b/testsuite/testsuite.c index 0b48adbd17..9dda0e51d4 100644 --- a/testsuite/testsuite.c +++ b/testsuite/testsuite.c @@ -47,6 +47,10 @@ #include #include +#ifdef WOLFSSL_SWDEV + #include "../tests/swdev/swdev_loader.h" +#endif + #include #include #include @@ -125,7 +129,8 @@ int testsuite_test(int argc, char** argv) { #if !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) && \ !defined(NO_TLS) && \ - (!defined(WOLF_CRYPTO_CB_ONLY_RSA) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)) + (defined(WOLFSSL_SWDEV) || \ + (!defined(WOLF_CRYPTO_CB_ONLY_RSA) && !defined(WOLF_CRYPTO_CB_ONLY_ECC))) func_args server_args; tcp_ready ready; @@ -191,6 +196,13 @@ int testsuite_test(int argc, char** argv) server_args.signal = &ready; InitTcpReady(&ready); +#ifdef WOLFSSL_SWDEV + if (wc_SwDev_Init() != 0) { + printf("wc_SwDev_Init failed\n"); + return EXIT_FAILURE; + } +#endif + #ifndef NO_CRYPT_TEST /* wc_ test */ #ifdef HAVE_STACK_SIZE @@ -275,6 +287,10 @@ int testsuite_test(int argc, char** argv) return EXIT_FAILURE; #endif +#ifdef WOLFSSL_SWDEV + wc_SwDev_Cleanup(); +#endif + wolfSSL_Cleanup(); FreeTcpReady(&ready); @@ -600,7 +616,8 @@ static int test_ocsp_responder(void) #if !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) && \ !defined(NO_TLS) && \ - (!defined(WOLF_CRYPTO_CB_ONLY_RSA) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)) + (defined(WOLFSSL_SWDEV) || \ + (!defined(WOLF_CRYPTO_CB_ONLY_RSA) && !defined(WOLF_CRYPTO_CB_ONLY_ECC))) /* Perform a basic TLS handshake. * * First connection to echo a file. @@ -856,8 +873,17 @@ int main(int argc, char** argv) wolfSSL_Init(); ChangeToWolfRoot(); +#ifdef WOLFSSL_SWDEV + if (wc_SwDev_Init() != 0) { + printf("wc_SwDev_Init failed\n"); + return EXIT_FAILURE; + } +#endif /* No TLS - only doing cryptographic algorithm testing. */ wolfcrypt_test(&wolfcrypt_test_args); +#ifdef WOLFSSL_SWDEV + wc_SwDev_Cleanup(); +#endif if (wolfcrypt_test_args.return_code != 0) return wolfcrypt_test_args.return_code; diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index a6c8bcb124..b5388d3e6e 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -943,7 +943,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t scrypt_test(void); !defined(WOLFSSL_ATECC608A) && !defined(WOLFSSL_MICROCHIP_TA100) && \ !defined(NO_ECC256) && \ defined(HAVE_ECC_VERIFY) && defined(HAVE_ECC_SIGN) && \ - !defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(NO_ECC_SECP) && \ + (!defined(WOLF_CRYPTO_CB_ONLY_ECC) || defined(WOLFSSL_SWDEV)) && !defined(NO_ECC_SECP) && \ !defined(WOLFSSL_SE050) /* skip for ATECC508/608A (cannot import private key buffers) and * SE050 (test vector uses a digest size SE050 does not accept) */ @@ -3022,7 +3022,8 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\ else TEST_PASS("OPENSSL (PKEY1) passed!\n"); - #if !defined(WOLF_CRYPTO_CB_ONLY_RSA) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) + #if (!defined(WOLF_CRYPTO_CB_ONLY_RSA) || defined(WOLFSSL_SWDEV)) && \ + (!defined(WOLF_CRYPTO_CB_ONLY_ECC) || defined(WOLFSSL_SWDEV)) if ( (ret = openssl_evpSig_test()) != 0) TEST_FAIL("OPENSSL (EVP Sign/Verify) test failed!\n", ret); else @@ -3048,7 +3049,7 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\ !defined(WOLFSSL_ATECC608A) && !defined(WOLFSSL_MICROCHIP_TA100) && \ !defined(NO_ECC256) && \ defined(HAVE_ECC_VERIFY) && defined(HAVE_ECC_SIGN) && \ - !defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(NO_ECC_SECP) && \ + (!defined(WOLF_CRYPTO_CB_ONLY_ECC) || defined(WOLFSSL_SWDEV)) && !defined(NO_ECC_SECP) && \ !defined(WOLFSSL_SE050) /* skip for ATECC508/608A (cannot import private key buffers) and * SE050 (test vector uses a digest size SE050 does not accept) */ @@ -25393,12 +25394,13 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memory_test(void) #endif #endif #if defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG) && \ - !defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(NO_ASN_CRYPT) + (!defined(WOLF_CRYPTO_CB_ONLY_ECC) || defined(WOLFSSL_SWDEV)) && \ + !defined(NO_ASN_CRYPT) static const char* eccCaKeyPemFile = CERT_WRITE_TEMP_DIR "ecc-key.pem"; static const char* eccPubKeyDerFile = CERT_WRITE_TEMP_DIR "ecc-public-key.der"; static const char* eccCaKeyTempFile = CERT_WRITE_TEMP_DIR "ecc-key.der"; #if defined(HAVE_PKCS8) && !defined(WC_NO_RNG) && \ - !defined(WOLF_CRYPTO_CB_ONLY_ECC) + (!defined(WOLF_CRYPTO_CB_ONLY_ECC) || defined(WOLFSSL_SWDEV)) static const char* eccPkcs8KeyDerFile = CERT_WRITE_TEMP_DIR "ecc-key-pkcs8.der"; #endif #endif /* HAVE_ECC_KEY_EXPORT */ @@ -26523,7 +26525,7 @@ static wc_test_ret_t rsa_sig_test(RsaKey* key, word32 keyLen, int modLen, WC_RNG if (ret != 0) #elif defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB) /* async may not require RNG */ - #if defined(WOLF_CRYPTO_CB_ONLY_RSA) + #if defined(WOLF_CRYPTO_CB_ONLY_RSA) && !defined(WOLFSSL_SWDEV) if (ret != WC_NO_ERR_TRACE(NO_VALID_DEVID)) #else #if defined(WOLFSSL_MICROCHIP_TA100) @@ -37459,7 +37461,7 @@ typedef struct eccVector { word32 sSz; } eccVector; -#if !defined(WOLF_CRYPTO_CB_ONLY_ECC) +#if !defined(WOLF_CRYPTO_CB_ONLY_ECC) || defined(WOLFSSL_SWDEV) static wc_test_ret_t ecc_test_vector_item(const eccVector* vector) { wc_test_ret_t ret = 0; @@ -38934,7 +38936,7 @@ done: } #if defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT) && \ - !defined(WC_NO_RNG) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) + !defined(WC_NO_RNG) && (!defined(WOLF_CRYPTO_CB_ONLY_ECC) || defined(WOLFSSL_SWDEV)) static wc_test_ret_t ecc_test_key_decode(WC_RNG* rng, int keySize) { wc_test_ret_t ret; @@ -39015,7 +39017,7 @@ static wc_test_ret_t ecc_test_key_decode(WC_RNG* rng, int keySize) #endif /* HAVE_ECC_KEY_IMPORT */ #if defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT) && \ - !defined(WC_NO_RNG) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) + !defined(WC_NO_RNG) && (!defined(WOLF_CRYPTO_CB_ONLY_ECC) || defined(WOLFSSL_SWDEV)) static wc_test_ret_t ecc_test_key_gen(WC_RNG* rng, int keySize) { wc_test_ret_t ret = 0; @@ -39645,7 +39647,8 @@ static wc_test_ret_t ecc_test_curve(WC_RNG* rng, int keySize, int curve_id) return ret; } } -#if !defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(WOLFSSL_MICROCHIP_TA100) +#if (!defined(WOLF_CRYPTO_CB_ONLY_ECC) || defined(WOLFSSL_SWDEV)) && \ + !defined(WOLFSSL_MICROCHIP_TA100) #if FIPS_VERSION3_GE(6,0,0) skip_A: #endif @@ -39958,7 +39961,7 @@ done: } #endif /* !WOLFSSL_ATECC508A && HAVE_ECC_KEY_IMPORT && HAVE_ECC_KEY_EXPORT */ -#if !defined(NO_SIG_WRAPPER) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) && \ +#if !defined(NO_SIG_WRAPPER) && (!defined(WOLF_CRYPTO_CB_ONLY_ECC) || defined(WOLFSSL_SWDEV)) && \ !defined(NO_ECC_SIGN) static wc_test_ret_t ecc_sig_test(WC_RNG* rng, ecc_key* key) { @@ -40017,7 +40020,8 @@ static wc_test_ret_t ecc_sig_test(WC_RNG* rng, ecc_key* key) #endif #if defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT) && \ - !defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(WOLFSSL_MICROCHIP_TA100) + (!defined(WOLF_CRYPTO_CB_ONLY_ECC) || defined(WOLFSSL_SWDEV)) && \ + !defined(WOLFSSL_MICROCHIP_TA100) static wc_test_ret_t ecc_exp_imp_test(ecc_key* key) { @@ -40129,6 +40133,8 @@ done: } #endif /* HAVE_ECC_KEY_IMPORT && HAVE_ECC_KEY_EXPORT */ +/* wc_ecc_mulmod is a raw math primitive stripped by WOLF_CRYPTO_CB_ONLY_ECC; + * swdev operates at the cryptocb dispatch layer and cannot rescue it. */ #if defined(HAVE_ECC_KEY_IMPORT) && !defined(WOLFSSL_VALIDATE_ECC_IMPORT) && \ !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) && \ !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \ @@ -40298,7 +40304,7 @@ static wc_test_ret_t ecc_def_curve_test(WC_RNG *rng) ret = wc_ecc_set_flags(key, 0); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); -#ifndef WOLF_CRYPTO_CB_ONLY_ECC +#if !defined(WOLF_CRYPTO_CB_ONLY_ECC) || defined(WOLFSSL_SWDEV) #ifndef WC_NO_RNG ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, key); #if defined(WOLFSSL_ASYNC_CRYPT) @@ -41545,7 +41551,7 @@ exit: #endif /* WOLFSSL_CERT_GEN */ #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \ - !defined(WOLFSSL_NO_MALLOC) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) && \ + !defined(WOLFSSL_NO_MALLOC) && (!defined(WOLF_CRYPTO_CB_ONLY_ECC) || defined(WOLFSSL_SWDEV)) && \ (!defined(NO_ECC_SECP) || defined(WOLFSSL_CUSTOM_CURVES)) /* Test for the wc_ecc_key_new() and wc_ecc_key_free() functions. */ static wc_test_ret_t ecc_test_allocator(WC_RNG* rng) @@ -42386,7 +42392,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_test(void) } #endif #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && !defined(WOLFSSL_NO_MALLOC) && \ - !defined(WOLF_CRYPTO_CB_ONLY_ECC) && (!defined(NO_ECC_SECP) || \ + (!defined(WOLF_CRYPTO_CB_ONLY_ECC) || defined(WOLFSSL_SWDEV)) && (!defined(NO_ECC_SECP) || \ defined(WOLFSSL_CUSTOM_CURVES)) ret = ecc_test_allocator(&rng); if (ret != 0) { @@ -43244,7 +43250,7 @@ done: !defined(WOLFSSL_ATECC608A) && !defined(WOLFSSL_MICROCHIP_TA100) && \ !defined(NO_ECC256) && \ defined(HAVE_ECC_VERIFY) && defined(HAVE_ECC_SIGN) && \ - !defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(NO_ECC_SECP) && \ + (!defined(WOLF_CRYPTO_CB_ONLY_ECC) || defined(WOLFSSL_SWDEV)) && !defined(NO_ECC_SECP) && \ !defined(WOLFSSL_SE050) #if defined(HAVE_ECC_ENCRYPT) && defined(HAVE_HKDF) && \ @@ -71013,7 +71019,8 @@ static wc_test_ret_t ecc_onlycb_test(myCryptoDevCtx *ctx) ecc_key* pub = (ecc_key *)XMALLOC(sizeof(*pub), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); byte* out = (byte*)XMALLOC(256, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - #if !defined(WOLFCRYPT_ONLY) && defined(OPENSSL_EXTRA) + #if !defined(WOLFCRYPT_ONLY) && defined(OPENSSL_EXTRA) && \ + defined(USE_CERT_BUFFERS_256) byte* check = (byte*)XMALLOC(256, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); #endif #else @@ -71024,17 +71031,17 @@ static wc_test_ret_t ecc_onlycb_test(myCryptoDevCtx *ctx) #if defined(HAVE_ECC_SIGN) && defined(HAVE_ECC_VERIFY) byte out[256]; #endif - #if !defined(WOLFCRYPT_ONLY) && defined(OPENSSL_EXTRA) + #if !defined(WOLFCRYPT_ONLY) && defined(OPENSSL_EXTRA) && \ + defined(USE_CERT_BUFFERS_256) byte check[256]; #endif #endif -#if !defined(WOLFCRYPT_ONLY) && defined(OPENSSL_EXTRA) +#if !defined(WOLFCRYPT_ONLY) && defined(OPENSSL_EXTRA) && \ + defined(USE_CERT_BUFFERS_256) WOLFSSL_EVP_PKEY* privKey = NULL; WOLFSSL_EVP_PKEY* pubKey = NULL; - #ifdef USE_CERT_BUFFERS_256 ecc_key* pkey; const unsigned char* cp; - #endif WOLFSSL_EVP_MD_CTX mdCtx; const char testData[] = "Hi There"; size_t checkSz = -1; @@ -71179,7 +71186,8 @@ static wc_test_ret_t ecc_onlycb_test(myCryptoDevCtx *ctx) #endif /* HAVE_ECC_DHE */ -#if !defined(WOLFCRYPT_ONLY) && defined(OPENSSL_EXTRA) +#if !defined(WOLFCRYPT_ONLY) && defined(OPENSSL_EXTRA) && \ + defined(USE_CERT_BUFFERS_256) (void)pkey; cp = ecc_clikey_der_256; privKey = d2i_PrivateKey(WC_EVP_PKEY_EC, NULL, &cp, @@ -71275,7 +71283,7 @@ static wc_test_ret_t ecc_onlycb_test(myCryptoDevCtx *ctx) ERROR_OUT(WC_TEST_RET_ENC_NC, exit_onlycb); } else ret = 0; -#endif /* !WOLFCRYPT_ONLY && OPENSSL_EXTRA */ +#endif /* !WOLFCRYPT_ONLY && OPENSSL_EXTRA && USE_CERT_BUFFERS_256 */ (void)keyFormat; (void)encInfo; @@ -71289,14 +71297,16 @@ exit_onlycb: } XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - #if !defined(WOLFCRYPT_ONLY) && defined(OPENSSL_EXTRA) + #if !defined(WOLFCRYPT_ONLY) && defined(OPENSSL_EXTRA) && \ + defined(USE_CERT_BUFFERS_256) if (check) { FREE(check, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); } #endif #else wc_ecc_free(key); - #if !defined(WOLFCRYPT_ONLY) && defined(OPENSSL_EXTRA) + #if !defined(WOLFCRYPT_ONLY) && defined(OPENSSL_EXTRA) && \ + defined(USE_CERT_BUFFERS_256) if (privKey) wolfSSL_EVP_PKEY_free(privKey); if (pubKey) @@ -73145,7 +73155,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cryptocb_test(void) ret = ecc_test(); PRIVATE_KEY_LOCK(); #endif -#if defined(WOLF_CRYPTO_CB_ONLY_ECC) +#if defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(WOLFSSL_SWDEV) PRIVATE_KEY_UNLOCK(); if (ret == 0) ret = ecc_onlycb_test(&myCtx); diff --git a/wolfcrypt/test/test.h b/wolfcrypt/test/test.h index 97be48121b..9c1154fc2d 100644 --- a/wolfcrypt/test/test.h +++ b/wolfcrypt/test/test.h @@ -287,7 +287,7 @@ extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t scrypt_test(void); #if defined(USE_CERT_BUFFERS_256) && !defined(WOLFSSL_ATECC508A) && \ !defined(WOLFSSL_ATECC608A) && !defined(NO_ECC256) && \ defined(HAVE_ECC_VERIFY) && defined(HAVE_ECC_SIGN) && \ - !defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(NO_ECC_SECP) + (!defined(WOLF_CRYPTO_CB_ONLY_ECC) || defined(WOLFSSL_SWDEV)) && !defined(NO_ECC_SECP) /* skip for ATECC508/608A, cannot import private key buffers */ extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_test_buffers(void); #endif