mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-06 13:20:48 +02:00
4d3925d526
## Summary - Add non-blocking (incremental) Curve25519 key generation and shared secret via `WC_X25519_NONBLOCK`, modeled after the existing ECC non-blocking pattern (`WC_ECC_NONBLOCK`) - Implement `curve25519_nb()` and `fe_inv__distinct_nb()` in `fe_low_mem.c` as state-machine variants that return `FP_WOULDBLOCK` to yield after each field multiply - Add `wc_curve25519_set_nonblock()` API to attach/detach non-blocking context to a key - Integrate X25519 non-blocking with TLS 1.2/1.3 key share generation and shared secret in `tls.c` and `internal.c` (behind `WC_X25519_NONBLOCK && WOLFSSL_ASYNC_CRYPT_SW`) - Add `--enable-curve25519=nonblock` configure option (auto-enables `--enable-asynccrypt` and `--enable-asynccrypt-sw`) - Add X25519 async software dispatch cases in `async.c` and types in `async.h` - Fix async guard in `curve25519.c` to require `WOLFSSL_ASYNC_CRYPT_SW` (matching other algorithms) - Overhaul `examples/async/` client/server: non-blocking I/O via `WOLFSSL_USER_IO`, standalone `Makefile`, X25519/ECC mode selection, CI-friendly ready-file sync - Add `examples/configs/user_settings_curve25519nonblock.h` and CI coverage in `os-check.yml` and new `async-examples.yml` workflow - Add wolfcrypt test and API test coverage for X25519 non-blocking
44 lines
1.7 KiB
Markdown
44 lines
1.7 KiB
Markdown
# wolfSSL Asynchronous Cryptography support
|
|
|
|
Supported with:
|
|
* Intel QuickAssist
|
|
* Marvell (Cavium) Nitrox
|
|
* Crypto Callbacks (`--enable-cryptocb`)
|
|
* PK Callbacks (`--enable-pkcallbacks`)
|
|
|
|
Tested with:
|
|
* `./configure --enable-asynccrypt --enable-rsa --disable-ecc`
|
|
* `./configure --enable-asynccrypt --disable-rsa --enable-ecc`
|
|
* `./configure --enable-asynccrypt --enable-cryptocb --enable-rsa --disable-ecc`
|
|
* `./configure --enable-asynccrypt --enable-cryptocb --disable-rsa --enable-ecc`
|
|
* `./configure --enable-asynccrypt --enable-pkcallbacks --enable-rsa --disable-ecc`
|
|
* `./configure --enable-asynccrypt --enable-pkcallbacks --disable-rsa --enable-ecc`
|
|
|
|
```
|
|
make -C examples/async
|
|
./examples/async/async_server --ecc
|
|
./examples/async/async_client --ecc 127.0.0.1 11111
|
|
./examples/async/async_client --x25519 ecc256.badssl.com 443
|
|
```
|
|
|
|
Optional ready-file sync (CI-friendly, avoids sleeps):
|
|
```
|
|
export WOLFSSL_ASYNC_READYFILE=/tmp/wolfssl_async_ready
|
|
./examples/async/async_server --ecc
|
|
WOLFSSL_ASYNC_READYFILE=/tmp/wolfssl_async_ready ./examples/async/async_client --ecc 127.0.0.1 11111
|
|
```
|
|
|
|
Porting the TCP/IP stack:
|
|
Define `NET_USER_HEADER` to include your network shim and provide the
|
|
`NET_*` macros plus `NET_IO_SEND_CB` / `NET_IO_RECV_CB`.
|
|
|
|
## Asynchronous Cryptography Design
|
|
|
|
When a cryptographic call is handed off to hardware it return `WC_PENDING_E` up to caller. Then it can keep calling until the operation completes. For some platforms it is required to call `wolfSSL_AsyncPoll`. At the TLS layer a "devId" (Device ID) must be set using `wolfSSL_CTX_SetDevId` to indicate desire to offload cryptography.
|
|
|
|
For further design details please see: https://github.com/wolfSSL/wolfAsyncCrypt#design
|
|
|
|
## Support
|
|
|
|
For questions please email support@wolfssl.com
|