Skip to content

Commit 1f0076d

Browse files
dgarskedgarske
committed
Added tests for brainpool curves and proper macro checking
1 parent 407922b commit 1f0076d

5 files changed

Lines changed: 581 additions & 13 deletions

File tree

stsafe/Makefile

Lines changed: 9 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -96,18 +96,16 @@ basic: $(TEST_SRC) $(PLATFORM_SRC)
9696

9797
# wolfSSL crypto callback test build
9898
# Note: We compile stsafe.c directly since it's not built into libwolfssl by default
99-
# IMPORTANT: Use WOLFSSL_USE_OPTIONS_H to get options.h included for proper wolfSSL settings
100-
# We add -DWOLFSSL_STSAFEA120 -DUSE_STSAFE_RNG_SEED to enable STSAFE in stsafe.c
101-
WOLFSSL_STSAFE_FLAGS = -DWOLFSSL_USE_OPTIONS_H -DWOLFSSL_STSAFEA120 -DUSE_STSAFE_RNG_SEED -Wno-strict-prototypes
99+
WOLFSSL_STSAFE_FLAGS = -DWOLFSSL_USER_SETTINGS -Wno-strict-prototypes
102100
WOLFSSL_BASE_FLAGS = -Wall -Wextra -O2 -g
103101
wolfssl: $(WOLFSSL_TEST_SRC) $(PLATFORM_SRC) $(PLATFORM_CRYPTO_SRC)
104-
$(CC) $(WOLFSSL_BASE_FLAGS) $(WOLFSSL_STSAFE_FLAGS) -I$(STSELIB_DIR) -I$(PLATFORM_DIR) -I$(WOLFSSL_DIR) \
102+
$(CC) $(WOLFSSL_BASE_FLAGS) $(WOLFSSL_STSAFE_FLAGS) -I. -I$(STSELIB_DIR) -I$(PLATFORM_DIR) -I$(WOLFSSL_DIR) \
105103
-c $(WOLFSSL_STSAFE_SRC) -o stsafe.o
106-
$(CC) $(WOLFSSL_BASE_FLAGS) $(WOLFSSL_STSAFE_FLAGS) -I$(STSELIB_DIR) -I$(PLATFORM_DIR) -I$(WOLFSSL_DIR) \
104+
$(CC) $(WOLFSSL_BASE_FLAGS) $(WOLFSSL_STSAFE_FLAGS) -I. -I$(STSELIB_DIR) -I$(PLATFORM_DIR) -I$(WOLFSSL_DIR) \
107105
-c $(PLATFORM_SRC) -o stse_platform_linux.o
108-
$(CC) $(WOLFSSL_BASE_FLAGS) $(WOLFSSL_STSAFE_FLAGS) -I$(STSELIB_DIR) -I$(PLATFORM_DIR) -I$(WOLFSSL_DIR) \
106+
$(CC) $(WOLFSSL_BASE_FLAGS) $(WOLFSSL_STSAFE_FLAGS) -I. -I$(STSELIB_DIR) -I$(PLATFORM_DIR) -I$(WOLFSSL_DIR) \
109107
-c $(PLATFORM_CRYPTO_SRC) -o stse_platform_crypto.o
110-
$(CC) $(WOLFSSL_BASE_FLAGS) $(WOLFSSL_STSAFE_FLAGS) -I$(STSELIB_DIR) -I$(PLATFORM_DIR) -I$(WOLFSSL_DIR) \
108+
$(CC) $(WOLFSSL_BASE_FLAGS) $(WOLFSSL_STSAFE_FLAGS) -I. -I$(STSELIB_DIR) -I$(PLATFORM_DIR) -I$(WOLFSSL_DIR) \
111109
-o $(WOLFSSL_TARGET) \
112110
$(WOLFSSL_TEST_SRC) \
113111
stse_platform_linux.o stse_platform_crypto.o stsafe.o \
@@ -125,13 +123,13 @@ test-wolfssl: wolfssl
125123

126124
# Full wolfSSL integration test with ECDH and benchmarks
127125
wolfssl-full: $(WOLFSSL_FULL_TEST_SRC) $(PLATFORM_SRC) $(PLATFORM_CRYPTO_SRC)
128-
$(CC) $(WOLFSSL_BASE_FLAGS) $(WOLFSSL_STSAFE_FLAGS) -I$(STSELIB_DIR) -I$(PLATFORM_DIR) -I$(WOLFSSL_DIR) \
126+
$(CC) $(WOLFSSL_BASE_FLAGS) $(WOLFSSL_STSAFE_FLAGS) -I. -I$(STSELIB_DIR) -I$(PLATFORM_DIR) -I$(WOLFSSL_DIR) \
129127
-c $(WOLFSSL_STSAFE_SRC) -o stsafe.o
130-
$(CC) $(WOLFSSL_BASE_FLAGS) $(WOLFSSL_STSAFE_FLAGS) -I$(STSELIB_DIR) -I$(PLATFORM_DIR) -I$(WOLFSSL_DIR) \
128+
$(CC) $(WOLFSSL_BASE_FLAGS) $(WOLFSSL_STSAFE_FLAGS) -I. -I$(STSELIB_DIR) -I$(PLATFORM_DIR) -I$(WOLFSSL_DIR) \
131129
-c $(PLATFORM_SRC) -o stse_platform_linux.o
132-
$(CC) $(WOLFSSL_BASE_FLAGS) $(WOLFSSL_STSAFE_FLAGS) -I$(STSELIB_DIR) -I$(PLATFORM_DIR) -I$(WOLFSSL_DIR) \
130+
$(CC) $(WOLFSSL_BASE_FLAGS) $(WOLFSSL_STSAFE_FLAGS) -I. -I$(STSELIB_DIR) -I$(PLATFORM_DIR) -I$(WOLFSSL_DIR) \
133131
-c $(PLATFORM_CRYPTO_SRC) -o stse_platform_crypto.o
134-
$(CC) $(WOLFSSL_BASE_FLAGS) $(WOLFSSL_STSAFE_FLAGS) -I$(STSELIB_DIR) -I$(PLATFORM_DIR) -I$(WOLFSSL_DIR) \
132+
$(CC) $(WOLFSSL_BASE_FLAGS) $(WOLFSSL_STSAFE_FLAGS) -I. -I$(STSELIB_DIR) -I$(PLATFORM_DIR) -I$(WOLFSSL_DIR) \
135133
-o $(WOLFSSL_FULL_TARGET) \
136134
$(WOLFSSL_FULL_TEST_SRC) \
137135
stse_platform_linux.o stse_platform_crypto.o stsafe.o \

stsafe/platform/stse_conf.h

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -41,6 +41,8 @@ extern "C" {
4141
/* STSAFE-A ECC services configuration - enable P-256 and P-384 for wolfSSL */
4242
#define STSE_CONF_ECC_NIST_P_256
4343
#define STSE_CONF_ECC_NIST_P_384
44+
//#define STSE_CONF_ECC_BRAINPOOL_P_256
45+
//#define STSE_CONF_ECC_BRAINPOOL_P_384
4446

4547
/* STSAFE-A HASH services configuration */
4648
#define STSE_CONF_HASH_SHA_256

stsafe/user_settings.h

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -67,6 +67,10 @@ extern "C" {
6767
#undef NO_ECC256 /* Enable P-256 */
6868
#define HAVE_ECC384 /* Enable P-384 */
6969
#define ECC_TIMING_RESISTANT
70+
/* Brainpool curves require WOLFSSL_CUSTOM_CURVES */
71+
#define WOLFSSL_CUSTOM_CURVES
72+
#define HAVE_ECC_BRAINPOOL
73+
#define HAVE_ECC_CDH
7074

7175
/* ECC key import/export functions */
7276
#define WOLFSSL_PUBLIC_MP /* For mp_int access in ECC verify */

stsafe/wolfssl_stsafe_full_test.c

Lines changed: 201 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
/* wolfssl_stsafe_full_test.c
22
*
33
* Comprehensive wolfSSL integration tests with STSAFE-A120
4-
* Tests: RNG, ECC KeyGen, ECDSA Sign/Verify, ECDH, Benchmarks
4+
* Tests: RNG, ECC KeyGen, ECDSA Sign/Verify, ECDH, Benchmarks, Brainpool curves
55
*
66
* Copyright (C) 2006-2026 wolfSSL Inc.
77
*
@@ -353,6 +353,200 @@ static int test_ecdh_p256(void)
353353
return 0;
354354
}
355355

356+
/*-----------------------------------------------------------------------------
357+
* Test: ECDSA Brainpool P-256 Benchmark
358+
*---------------------------------------------------------------------------*/
359+
#if defined(HAVE_ECC_BRAINPOOL) && defined(STSE_CONF_ECC_BRAINPOOL_P_256)
360+
static int test_ecdsa_brainpool_p256_benchmark(void)
361+
{
362+
ecc_key key;
363+
WC_RNG rng;
364+
int ret;
365+
byte digest[32];
366+
byte sig[128];
367+
word32 sigLen;
368+
int verified = 0;
369+
int iterations = 10;
370+
double start, end, elapsed;
371+
int i;
372+
373+
printf("\nTest: ECDSA Brainpool P-256 Benchmark (STSAFE-A120)\n");
374+
375+
ret = wc_InitRng(&rng);
376+
if (ret != 0) {
377+
printf(" Error: wc_InitRng failed: %d\n", ret);
378+
TEST_FAIL("ECDSA Brainpool P-256 benchmark RNG init");
379+
return -1;
380+
}
381+
382+
memset(digest, 0xAB, sizeof(digest));
383+
384+
ret = wc_ecc_init_ex(&key, NULL, g_devId);
385+
if (ret != 0) {
386+
printf(" Error: wc_ecc_init_ex failed: %d\n", ret);
387+
wc_FreeRng(&rng);
388+
TEST_FAIL("ECDSA Brainpool P-256 benchmark key init");
389+
return -1;
390+
}
391+
392+
/* Benchmark key generation */
393+
start = get_time_us();
394+
ret = wc_ecc_make_key_ex(&rng, 32, &key, ECC_BRAINPOOLP256R1);
395+
end = get_time_us();
396+
elapsed = (end - start) / 1000.0;
397+
398+
if (ret != 0) {
399+
printf(" Error: wc_ecc_make_key_ex failed: %d\n", ret);
400+
wc_ecc_free(&key);
401+
wc_FreeRng(&rng);
402+
TEST_FAIL("ECDSA Brainpool P-256 keygen");
403+
return -1;
404+
}
405+
printf(" Key generation: %.2f ms\n", elapsed);
406+
407+
/* Benchmark signing */
408+
start = get_time_us();
409+
for (i = 0; i < iterations; i++) {
410+
sigLen = sizeof(sig);
411+
ret = wc_ecc_sign_hash(digest, sizeof(digest), sig, &sigLen, &rng, &key);
412+
if (ret != 0) break;
413+
}
414+
end = get_time_us();
415+
elapsed = (end - start) / 1000.0;
416+
417+
if (ret != 0) {
418+
printf(" Error: wc_ecc_sign_hash failed: %d\n", ret);
419+
wc_ecc_free(&key);
420+
wc_FreeRng(&rng);
421+
TEST_FAIL("ECDSA Brainpool P-256 sign");
422+
return -1;
423+
}
424+
printf(" Signing: %d ops in %.2f ms (%.2f ops/sec)\n",
425+
iterations, elapsed, iterations / (elapsed / 1000.0));
426+
427+
/* Benchmark verification */
428+
start = get_time_us();
429+
for (i = 0; i < iterations; i++) {
430+
ret = wc_ecc_verify_hash(sig, sigLen, digest, sizeof(digest), &verified, &key);
431+
if (ret != 0 || verified != 1) break;
432+
}
433+
end = get_time_us();
434+
elapsed = (end - start) / 1000.0;
435+
436+
if (ret != 0 || verified != 1) {
437+
printf(" Error: wc_ecc_verify_hash failed: %d, verified=%d\n", ret, verified);
438+
wc_ecc_free(&key);
439+
wc_FreeRng(&rng);
440+
TEST_FAIL("ECDSA Brainpool P-256 verify");
441+
return -1;
442+
}
443+
printf(" Verification: %d ops in %.2f ms (%.2f ops/sec)\n",
444+
iterations, elapsed, iterations / (elapsed / 1000.0));
445+
446+
wc_ecc_free(&key);
447+
wc_FreeRng(&rng);
448+
TEST_PASS("ECDSA Brainpool P-256 benchmark");
449+
return 0;
450+
}
451+
#endif /* HAVE_ECC_BRAINPOOL && STSE_CONF_ECC_BRAINPOOL_P_256 */
452+
453+
/*-----------------------------------------------------------------------------
454+
* Test: ECDSA Brainpool P-384 Benchmark
455+
*---------------------------------------------------------------------------*/
456+
#if defined(HAVE_ECC_BRAINPOOL) && defined(STSE_CONF_ECC_BRAINPOOL_P_384)
457+
static int test_ecdsa_brainpool_p384_benchmark(void)
458+
{
459+
ecc_key key;
460+
WC_RNG rng;
461+
int ret;
462+
byte digest[48];
463+
byte sig[128];
464+
word32 sigLen;
465+
int verified = 0;
466+
int iterations = 10;
467+
double start, end, elapsed;
468+
int i;
469+
470+
printf("\nTest: ECDSA Brainpool P-384 Benchmark (STSAFE-A120)\n");
471+
472+
ret = wc_InitRng(&rng);
473+
if (ret != 0) {
474+
printf(" Error: wc_InitRng failed: %d\n", ret);
475+
TEST_FAIL("ECDSA Brainpool P-384 benchmark RNG init");
476+
return -1;
477+
}
478+
479+
memset(digest, 0xCD, sizeof(digest));
480+
481+
ret = wc_ecc_init_ex(&key, NULL, g_devId);
482+
if (ret != 0) {
483+
printf(" Error: wc_ecc_init_ex failed: %d\n", ret);
484+
wc_FreeRng(&rng);
485+
TEST_FAIL("ECDSA Brainpool P-384 benchmark key init");
486+
return -1;
487+
}
488+
489+
/* Benchmark key generation */
490+
start = get_time_us();
491+
ret = wc_ecc_make_key_ex(&rng, 48, &key, ECC_BRAINPOOLP384R1);
492+
end = get_time_us();
493+
elapsed = (end - start) / 1000.0;
494+
495+
if (ret != 0) {
496+
printf(" Error: wc_ecc_make_key_ex failed: %d\n", ret);
497+
wc_ecc_free(&key);
498+
wc_FreeRng(&rng);
499+
TEST_FAIL("ECDSA Brainpool P-384 keygen");
500+
return -1;
501+
}
502+
printf(" Key generation: %.2f ms\n", elapsed);
503+
504+
/* Benchmark signing */
505+
start = get_time_us();
506+
for (i = 0; i < iterations; i++) {
507+
sigLen = sizeof(sig);
508+
ret = wc_ecc_sign_hash(digest, sizeof(digest), sig, &sigLen, &rng, &key);
509+
if (ret != 0) break;
510+
}
511+
end = get_time_us();
512+
elapsed = (end - start) / 1000.0;
513+
514+
if (ret != 0) {
515+
printf(" Error: wc_ecc_sign_hash failed: %d\n", ret);
516+
wc_ecc_free(&key);
517+
wc_FreeRng(&rng);
518+
TEST_FAIL("ECDSA Brainpool P-384 sign");
519+
return -1;
520+
}
521+
printf(" Signing: %d ops in %.2f ms (%.2f ops/sec)\n",
522+
iterations, elapsed, iterations / (elapsed / 1000.0));
523+
524+
/* Benchmark verification */
525+
start = get_time_us();
526+
for (i = 0; i < iterations; i++) {
527+
ret = wc_ecc_verify_hash(sig, sigLen, digest, sizeof(digest), &verified, &key);
528+
if (ret != 0 || verified != 1) break;
529+
}
530+
end = get_time_us();
531+
elapsed = (end - start) / 1000.0;
532+
533+
if (ret != 0 || verified != 1) {
534+
printf(" Error: wc_ecc_verify_hash failed: %d, verified=%d\n", ret, verified);
535+
wc_ecc_free(&key);
536+
wc_FreeRng(&rng);
537+
TEST_FAIL("ECDSA Brainpool P-384 verify");
538+
return -1;
539+
}
540+
printf(" Verification: %d ops in %.2f ms (%.2f ops/sec)\n",
541+
iterations, elapsed, iterations / (elapsed / 1000.0));
542+
543+
wc_ecc_free(&key);
544+
wc_FreeRng(&rng);
545+
TEST_PASS("ECDSA Brainpool P-384 benchmark");
546+
return 0;
547+
}
548+
#endif /* HAVE_ECC_BRAINPOOL && STSE_CONF_ECC_BRAINPOOL_P_384 */
549+
356550
/*-----------------------------------------------------------------------------
357551
* Test: Multiple Key Slots
358552
*---------------------------------------------------------------------------*/
@@ -479,6 +673,12 @@ int main(void)
479673
/* Run tests */
480674
test_rng_benchmark();
481675
test_ecdsa_p256_benchmark();
676+
#if defined(HAVE_ECC_BRAINPOOL) && defined(STSE_CONF_ECC_BRAINPOOL_P_256)
677+
test_ecdsa_brainpool_p256_benchmark();
678+
#endif
679+
#if defined(HAVE_ECC_BRAINPOOL) && defined(STSE_CONF_ECC_BRAINPOOL_P_384)
680+
test_ecdsa_brainpool_p384_benchmark();
681+
#endif
482682

483683
/* ECDH test - now uses ECDHE ephemeral keys */
484684
test_ecdh_p256();

0 commit comments

Comments
 (0)