wolfSSL
diff --git a/‎.gitignore‎
Lines changed: 5 additions & 0 deletions b/‎.gitignore‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎stsafe/Makefile‎
Lines changed: 110 additions & 0 deletions b/‎stsafe/Makefile‎
Lines changed: 110 additions & 0 deletions
diff --git a/‎stsafe/README.md‎
Lines changed: 204 additions & 0 deletions b/‎stsafe/README.md‎
Lines changed: 204 additions & 0 deletions
@@ -402,3 +402,8 @@ kernel/bsdkm/bsd_example.ko
 kernel/bsdkm/machine
 kernel/bsdkm/opt_global.h
 kernel/bsdkm/x86
+
+# STSAFE test executables
+stsafe/stsafe_test
+stsafe/wolfssl_stsafe_test
+stsafe/wolfssl_stsafe_full_test
@@ -0,0 +1,110 @@
+# STSAFE-A120 Test Makefile for Raspberry Pi
+#
+# Copyright 2025 wolfSSL Inc.
+
+CC = gcc
+CFLAGS = -Wall -Wextra -O0 -g -Wno-strict-prototypes -DWOLFSSL_USER_SETTINGS
+
+# wolfSSL configuration
+# Option 1: Use installed wolfSSL (after make install)
+#WOLFSSL_DIR = /usr/local
+# Option 2: Use local wolfSSL source
+WOLFSSL_DIR = $(HOME)/wolfssl
+
+# STSELib paths
+STSELIB_DIR = $(HOME)/STSELib
+PLATFORM_DIR = ./platform
+
+# Include paths
+# Note: Current directory (.) must come first so our user_settings.h is found
+INCLUDES = -I. \
+           -I$(STSELIB_DIR) \
+           -I$(PLATFORM_DIR) \
+           -I$(WOLFSSL_DIR)
+
+# Build directory for artifacts
+BUILD_DIR = build
+
+# wolfSSL source files - build directly from source
+WOLFSSL_SRC = $(wildcard $(WOLFSSL_DIR)/src/*.c)
+WOLFSSL_CRYPT_SRC = $(wildcard $(WOLFSSL_DIR)/wolfcrypt/src/*.c)
+WOLFSSL_PORT_SRC = $(WOLFSSL_DIR)/wolfcrypt/src/port/st/stsafe.c
+WOLFSSL_ALL_SRC = $(WOLFSSL_SRC) $(WOLFSSL_CRYPT_SRC) $(WOLFSSL_PORT_SRC)
+
+# wolfSSL static library
+WOLFSSL_LIB = $(BUILD_DIR)/libwolfssl.a
+
+# Additional linker flags
+LDFLAGS = -L$(BUILD_DIR) -lwolfssl -lm
+
+# STSELib source files
+STSELIB_CORE_SRC = $(STSELIB_DIR)/core/stse_device.c \
+                   $(STSELIB_DIR)/core/stse_frame.c \
+                   $(STSELIB_DIR)/core/stse_generic_typedef.c \
+                   $(STSELIB_DIR)/core/stse_platform.c \
+                   $(STSELIB_DIR)/core/stse_session.c
+
+STSELIB_API_SRC = $(wildcard $(STSELIB_DIR)/api/*.c)
+STSELIB_SERVICES_SRC = $(wildcard $(STSELIB_DIR)/services/stsafea/*.c) \
+                       $(wildcard $(STSELIB_DIR)/services/stsafel/*.c)
+STSELIB_CERT_SRC = $(wildcard $(STSELIB_DIR)/certificate/*.c)
+
+# Platform source files
+PLATFORM_SRC = $(PLATFORM_DIR)/stse_platform_linux.c
+
+# Platform crypto source (wolfSSL implementation)
+# Uncomment when building with wolfSSL crypto support:
+PLATFORM_CRYPTO_SRC = $(PLATFORM_DIR)/stse_platform_crypto_wolfssl.c
+
+# Targets
+STSAFE_TARGET = stsafe_test
+WOLFSSL_TARGET = wolfssl_stsafe_test
+WOLFSSL_FULL_TARGET = wolfssl_stsafe_full_test
+ALL_TARGETS = $(STSAFE_TARGET) $(WOLFSSL_TARGET) $(WOLFSSL_FULL_TARGET)
+
+.PHONY: all clean test-all info
+
+all: $(WOLFSSL_LIB) $(ALL_TARGETS)
+
+# Create build directory
+$(BUILD_DIR):
+	mkdir -p $(BUILD_DIR)
+
+# Build wolfSSL static library
+$(WOLFSSL_LIB): $(WOLFSSL_ALL_SRC) | $(BUILD_DIR)
+	@echo "Building wolfSSL library..."
+	$(CC) $(CFLAGS) $(INCLUDES) -c $(WOLFSSL_ALL_SRC)
+	mv *.o $(BUILD_DIR)/
+	ar rcs $@ $(BUILD_DIR)/*.o
+	@echo "wolfSSL library built successfully"
+
+# Generic rule for all test targets - each target depends on its corresponding .c file
+$(ALL_TARGETS): %: %.c $(WOLFSSL_LIB)
+	$(CC) $(CFLAGS) $(INCLUDES) -o $@ $< \
+		$(PLATFORM_SRC) $(PLATFORM_CRYPTO_SRC) \
+		$(STSELIB_CORE_SRC) $(STSELIB_API_SRC) $(STSELIB_SERVICES_SRC) $(STSELIB_CERT_SRC) \
+		$(LDFLAGS)
+
+test-all: all
+	@echo "=== Running stsafe_test ===" && ./$(STSAFE_TARGET)
+	@echo ""
+	@echo "=== Running wolfssl_stsafe_test ===" && ./$(WOLFSSL_TARGET)
+	@echo ""
+	@echo "=== Running wolfssl_stsafe_full_test ===" && ./$(WOLFSSL_FULL_TARGET)
+
+clean:
+	rm -rf $(BUILD_DIR) $(ALL_TARGETS)
+
+# Show configuration
+info:
+	@echo "STSELib directory: $(STSELIB_DIR)"
+	@echo "wolfSSL directory: $(WOLFSSL_DIR)"
+	@echo "Platform directory: $(PLATFORM_DIR)"
+	@echo "Include paths: $(INCLUDES)"
+	@echo "Linker flags: $(LDFLAGS)"
+	@echo ""
+	@echo "Build targets:"
+	@echo "  make          - Build all test executables"
+	@echo "  make test-all - Build and run all tests"
+	@echo "  make clean    - Clean build artifacts"
+	@echo "  make info     - Show this configuration"
@@ -0,0 +1,204 @@
+# wolfSSL STSAFE-A120 Test Suite
+
+Test harness for wolfSSL integration with ST STSAFE-A120 secure element on Raspberry Pi 5.
+
+## Hardware Requirements
+
+- Raspberry Pi 5 (or compatible Linux system with I2C)
+- STSAFE-A120 secure element connected via I2C
+- I2C enabled on the system
+
+## Software Requirements
+
+- wolfSSL library (compiled with ECC, CMAC, SHA-384 support)
+- STSELib (ST Secure Element Library)
+- GCC compiler
+- Linux I2C development headers (`libi2c-dev`)
+
+## Quick Start
+
+### 1. Enable I2C on Raspberry Pi
+
+```bash
+sudo raspi-config
+# Navigate to: Interface Options -> I2C -> Enable
+```
+
+Reboot if prompted, then verify the STSAFE device is detected:
+
+```bash
+sudo i2cdetect -y 1
+# STSAFE should appear at address 0x20
+```
+
+Optional: Allow non-root I2C access:
+```bash
+sudo usermod -a -G i2c $USER
+# Logout and login again
+```
+
+### 2. Build wolfSSL
+
+```bash
+cd ~/wolfssl
+./configure --enable-cryptocb --enable-ecc --enable-cmac --enable-sha384
+make
+```
+
+### 3. Clone STSELib
+
+```bash
+git clone https://github.com/STMicroelectronics/STSELib.git ~/STSELib
+```
+
+### 4. Build and Run Tests
+
+```bash
+cd ~/wolfssl-examples/stsafe
+
+# Build all test executables
+make
+
+# Run all tests
+make test-all
+```
+
+## Test Suites
+
+### Basic STSELib Tests (`stsafe_test`)
+
+Tests core STSAFE-A120 functionality:
+- Echo command (I2C communication)
+- Random number generation
+- ECC P-256 key generation
+- ECDSA P-256 signing
+- ECC P-384 key generation
+
+```bash
+make && ./stsafe_test
+```
+
+### wolfSSL Crypto Callback Tests (`wolfssl_stsafe_test`)
+
+Tests wolfSSL crypto callbacks with STSAFE:
+- RNG with STSAFE-A120
+- ECC P-256/P-384 key generation via crypto callback
+- ECDSA P-256/P-384 sign/verify
+- ECDHE P-256 ephemeral key generation
+- ECDHE P-256 shared secret computation
+
+```bash
+make wolfssl && ./wolfssl_stsafe_test
+```
+
+### Full Integration Tests (`wolfssl_stsafe_full_test`)
+
+Comprehensive tests with benchmarks:
+- RNG benchmark
+- ECDSA P-256 benchmark (keygen, sign, verify timing)
+- ECDH P-256 key exchange (uses ECDHE ephemeral keys)
+- Multiple sequential operations
+
+```bash
+make wolfssl-full && ./wolfssl_stsafe_full_test
+```
+
+## Build Targets
+
+| Target | Description |
+|--------|-------------|
+| `make` | Build all test executables |
+| `make test-all` | Build and run all tests |
+| `make basic` | Build without wolfSSL (basic I2C tests only) |
+| `make clean` | Clean build artifacts |
+| `make info` | Show configuration |
+
+## Expected Output
+
+```
+================================================
+STSAFE-A120 Test Suite for wolfSSL Integration
+================================================
+
+Initializing STSAFE handler...
+STSAFE-A120 initialized successfully.
+
+Test: Echo Command
+  Echo response matches!
+[PASS] Echo command
+
+Test: Random Number Generation
+  Random data: A1 B2 C3 D4 ...
+[PASS] Random number generation
+
+Test: ECC Key Generation (P-256)
+  Public Key X: 12345678...
+  Public Key Y: ABCDEF01...
+[PASS] ECC P-256 key generation
+
+...
+
+================================================
+Test Summary: 5 passed, 0 failed
+================================================
+```
+
+## Performance Results (Raspberry Pi 5)
+
+| Operation | Time | Throughput |
+|-----------|------|------------|
+| RNG (256 bytes) | <1 ms | ~9 MB/s |
+| ECC P-256 KeyGen | ~40 ms | 25 ops/sec |
+| ECDSA P-256 Sign | ~51 ms | 19.5 ops/sec |
+| ECDSA P-256 Verify | ~79 ms | 12.7 ops/sec |
+| ECDHE P-256 KeyGen | ~42 ms | ~24 ops/sec |
+| ECDHE P-256 Shared Secret | ~38 ms | ~26 ops/sec |
+
+## Directory Structure
+
+```
+stsafe/
+├── Makefile                          # Build configuration
+├── README.md                         # This file
+├── user_settings.h                   # wolfSSL configuration
+├── stsafe_test.c                     # STSELib basic tests
+├── wolfssl_stsafe_test.c             # wolfSSL crypto callback tests
+├── wolfssl_stsafe_full_test.c        # Full integration tests with benchmarks
+└── platform/
+    ├── stse_conf.h                   # STSELib configuration
+    ├── stse_platform_generic.h       # Platform type definitions
+    ├── stse_platform_linux.c         # Linux I2C platform implementation
+    └── stse_platform_crypto_wolfssl.c # wolfSSL crypto for STSELib
+```
+
+## Environment Variables
+
+Default paths assume `~/wolfssl` and `~/STSELib`. Override if needed:
+
+```bash
+export WOLFSSL_DIR=/path/to/wolfssl
+export STSELIB_DIR=/path/to/STSELib
+```
+
+## Troubleshooting
+
+### Error 0x0104 (STSE_PLATFORM_BUS_ERR)
+
+I2C communication error. Check:
+1. I2C is enabled: `ls /dev/i2c*`
+2. Device detected: `sudo i2cdetect -y 1` (should show `20`)
+3. Wiring connections are secure
+
+### Build errors
+
+Ensure wolfSSL is built with required features:
+```bash
+./configure --enable-cryptocb --enable-ecc --enable-cmac --enable-sha384
+```
+
+## References
+
+- [wolfSSL Documentation](https://www.wolfssl.com/docs/)
+- [STSELib GitHub](https://github.com/STMicroelectronics/STSELib)
+- [STSAFE-A120 Datasheet](https://www.st.com/en/secure-mcus/stsafe-a120.html)
+- [Raspberry Pi I2C Documentation](https://www.raspberrypi.com/documentation/computers/raspberry-pi.html)