Merge pull request #454 from tropicsquare/ETR01SDK-556-Add-WolfCrypt-support-to-STM32-tests

ETR01SDK-556: Add wolfCrypt support to STM32 tests

Author: medexs

tests/functional/stm32/download_deps.sh

@@ -53,4 +53,19 @@ fi
 
 tar -xjf "$SCRIPT_DIR/_deps/mbedtls.tar.bz2" -C "$SCRIPT_DIR/_deps"
 rm "$SCRIPT_DIR/_deps/mbedtls.tar.bz2"
-mv "$SCRIPT_DIR/_deps/mbedtls-4.0.0" "$SCRIPT_DIR/_deps/mbedtls_v4"
+mv "$SCRIPT_DIR/_deps/mbedtls-4.0.0" "$SCRIPT_DIR/_deps/mbedtls_v4"
+
+echo "Downloading WolfSSL..."
+curl -L -o "$SCRIPT_DIR/_deps/wolfssl.zip" "https://github.com/wolfSSL/wolfssl/archive/refs/tags/v5.8.4-stable.zip"
+
+echo "Verifying wolfssl.zip checksum..."
+EXPECTED_WOLFSSL="9f52b92b2937acdbb03f2a731160d70f23f74a375f651de057214783c266fbeb"
+ACTUAL_WOLFSSL=$(sha256sum "$SCRIPT_DIR/_deps/wolfssl.zip" | awk '{print $1}')
+if [ "$EXPECTED_WOLFSSL" != "$ACTUAL_WOLFSSL" ]; then
+  echo "Checksum mismatch for wolfssl.zip: expected $EXPECTED_WOLFSSL, got $ACTUAL_WOLFSSL" >&2
+  exit 1
+fi
+
+unzip "$SCRIPT_DIR/_deps/wolfssl.zip" -d "$SCRIPT_DIR/_deps"
+mv "$SCRIPT_DIR/_deps/wolfssl-5.8.4-stable" "$SCRIPT_DIR/_deps/wolfssl"
+rm "$SCRIPT_DIR/_deps/wolfssl.zip"

tests/functional/stm32/nucleo_f439zi/CMakeLists.txt

@@ -90,6 +90,15 @@ endif()
 # Add path to libtropic's repository root folder
 add_subdirectory(${PATH_FN_TESTS} "libtropic_functional_tests")
 
+# Additional configuration for WolfCrypt.
+if(LT_CAL STREQUAL "wolfcrypt")
+    target_compile_definitions(wolfssl PUBLIC WOLFSSL_USER_SETTINGS)
+    # Use BUILD_INTERFACE to strictly limit this path to the build phase
+    target_include_directories(wolfssl PUBLIC 
+        $<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/Src/wolfcrypt>
+    )
+endif()
+
 ###########################################################################
 #                                                                         #
 #   Sources                                                               #
@@ -131,6 +140,11 @@ if (LT_CAL STREQUAL "mbedtls_v4")
         # MbedTLS platform-specific implementations
         ${CMAKE_CURRENT_SOURCE_DIR}/Src/mbedtls_v4/mbedtls_platform.c
     )
+elseif (LT_CAL STREQUAL "wolfcrypt")
+    set(SOURCES ${SOURCES}
+        # WolfCrypt platform-specific implementations
+        ${CMAKE_CURRENT_SOURCE_DIR}/Src/wolfcrypt/wolfcrypt_platform.c
+    )
 endif()
 
 # Include path for directories containing header files

tests/functional/stm32/nucleo_f439zi/Src/main.c

@@ -24,9 +24,16 @@
 
 #if LT_USE_TREZOR_CRYPTO
 #include "libtropic_trezor_crypto.h"
+#define CRYPTO_CTX_TYPE lt_ctx_trezor_crypto_t
 #elif LT_USE_MBEDTLS_V4
 #include "libtropic_mbedtls_v4.h"
 #include "psa/crypto.h"
+#define CRYPTO_CTX_TYPE lt_ctx_mbedtls_v4_t
+#elif LT_USE_WOLFCRYPT
+#include "libtropic_wolfcrypt.h"
+#include "wolfssl/wolfcrypt/error-crypt.h"
+#include "wolfssl/wolfcrypt/wc_port.h"
+#define CRYPTO_CTX_TYPE lt_ctx_wolfcrypt_t
 #endif
 
 /** @addtogroup STM32F4xx_HAL_Examples
@@ -162,6 +169,12 @@ int main(void)
         LT_LOG_ERROR("PSA Crypto initialization failed, status=%d (psa_status_t)", status);
         return -1;
     }
+#elif LT_USE_WOLFCRYPT
+    int ret = wolfCrypt_Init();
+    if (ret != 0) {
+        LT_LOG_ERROR("WolfCrypt initialization failed, ret=%d (%s)", ret, wc_GetErrorString(ret));
+        return ret;
+    }
 #endif
 
     /* Libtropic handle initialization */
@@ -187,12 +200,7 @@ int main(void)
     lt_handle.l2.device = &device;
 
     /* Crypto abstraction layer (CAL) context (selectable). */
-#if LT_USE_TREZOR_CRYPTO
-    lt_ctx_trezor_crypto_t
-#elif LT_USE_MBEDTLS_V4
-    lt_ctx_mbedtls_v4_t
-#endif
-        crypto_ctx;
+    CRYPTO_CTX_TYPE crypto_ctx;
     lt_handle.l3.crypto_ctx = &crypto_ctx;
 
     /* Test code (correct test function is selected automatically per binary)
@@ -203,6 +211,12 @@ int main(void)
     /* Cryptographic function provider deinitialization. */
 #if LT_USE_MBEDTLS_V4
     mbedtls_psa_crypto_free();
+#elif LT_USE_WOLFCRYPT
+    ret = wolfCrypt_Cleanup();
+    if (ret != 0) {
+        LT_LOG_ERROR("WolfCrypt cleanup failed, ret=%d (%s)", ret, wc_GetErrorString(ret));
+        return ret;
+    }
 #endif
 
     /* Inform the test runner that the test finished */

tests/functional/stm32/nucleo_f439zi/Src/wolfcrypt/user_settings.h

@@ -0,0 +1,26 @@
+#ifndef USER_SETTINGS_H
+#define USER_SETTINGS_H
+
+#define WOLFCRYPT_ONLY  // Build only wolfCrypt library.
+#define NO_OLD_RNGNAME  // Resolves collision between STM32 HAL 'RNG' and WolfSSL 'RNG'.
+// #define USE_FAST_MATH
+
+// We will provide custom implementation for seed generation.
+extern int wolfcrypt_custom_seed_gen(unsigned char *output, unsigned int sz);
+#define CUSTOM_RAND_GENERATE_SEED wolfcrypt_custom_seed_gen
+
+#define WOLFSSL_SMALL_STACK   // Offload stack usage to heap where possible.
+#define WOLFSSL_MALLOC_CHECK  // Optional: Safety check for malloc failures.
+
+#define NO_FILESYSTEM        // Prevents filesystem errors on bare metal.
+#undef WOLFSSL_SYS_CA_CERTS  // Force disable system CA certs (fixes dirent.h / filesystem errors).
+#define NO_WRITEV            // IO vector write support usually missing.
+#define NO_WRITE_TEMP_FILES
+#define NO_DEV_RANDOM  // We use STM32's RNG, not /dev/random.
+#define NO_MAIN_DRIVER
+
+#define WOLFSSL_USER_IO  // Disable the default BSD socket callbacks.
+
+#define SINGLE_THREADED  // No threads.
+
+#endif /* USER_SETTINGS_H */

tests/functional/stm32/nucleo_f439zi/Src/wolfcrypt/wolfcrypt_platform.c

@@ -0,0 +1,27 @@
+#include <stdint.h>
+#include <string.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+
+#include "main.h"
+#include "stm32f4xx_hal.h"
+
+int wolfcrypt_custom_seed_gen(unsigned char *output, unsigned int sz)
+{
+    HAL_StatusTypeDef hal_status = HAL_OK;
+    uint32_t random_data;
+    size_t bytes_left = sz;
+
+    while (bytes_left) {
+        hal_status = HAL_RNG_GenerateRandomNumber(&RNGHandle, &random_data);
+        if (hal_status != HAL_OK) {
+            return RNG_FAILURE_E;
+        }
+
+        size_t cpy_cnt = bytes_left < sizeof(random_data) ? bytes_left : sizeof(random_data);
+        memcpy(output, &random_data, cpy_cnt);
+        bytes_left -= cpy_cnt;
+        output += cpy_cnt;
+    }
+
+    return 0;
+}

tests/functional/stm32/nucleo_l432kc/CMakeLists.txt

@@ -94,6 +94,15 @@ endif()
 # Add path to libtropic's repository root folder
 add_subdirectory(${PATH_FN_TESTS} "libtropic_functional_tests")
 
+# Additional configuration for WolfCrypt.
+if(LT_CAL STREQUAL "wolfcrypt")
+    target_compile_definitions(wolfssl PUBLIC WOLFSSL_USER_SETTINGS)
+    # Use BUILD_INTERFACE to strictly limit this path to the build phase
+    target_include_directories(wolfssl PUBLIC 
+        $<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/Src/wolfcrypt>
+    )
+endif()
+
 ###########################################################################
 #                                                                         #
 #   Sources                                                               #
@@ -136,6 +145,11 @@ if (LT_CAL STREQUAL "mbedtls_v4")
         # MbedTLS platform-specific implementations
         ${CMAKE_CURRENT_SOURCE_DIR}/Src/mbedtls_v4/mbedtls_platform.c
     )
+elseif (LT_CAL STREQUAL "wolfcrypt")
+    set(SOURCES ${SOURCES}
+        # WolfCrypt platform-specific implementations
+        ${CMAKE_CURRENT_SOURCE_DIR}/Src/wolfcrypt/wolfcrypt_platform.c
+    )
 endif()
 
 # Include path for directories containing header files

tests/functional/stm32/nucleo_l432kc/Src/main.c

@@ -23,9 +23,16 @@
 
 #if LT_USE_TREZOR_CRYPTO
 #include "libtropic_trezor_crypto.h"
+#define CRYPTO_CTX_TYPE lt_ctx_trezor_crypto_t
 #elif LT_USE_MBEDTLS_V4
 #include "libtropic_mbedtls_v4.h"
 #include "psa/crypto.h"
+#define CRYPTO_CTX_TYPE lt_ctx_mbedtls_v4_t
+#elif LT_USE_WOLFCRYPT
+#include "libtropic_wolfcrypt.h"
+#include "wolfssl/wolfcrypt/error-crypt.h"
+#include "wolfssl/wolfcrypt/wc_port.h"
+#define CRYPTO_CTX_TYPE lt_ctx_wolfcrypt_t
 #endif
 
 /** @addtogroup STM32L4xx_HAL_Examples
@@ -198,6 +205,12 @@ int main(void)
         LT_LOG_ERROR("PSA Crypto initialization failed, status=%d (psa_status_t)", status);
         return -1;
     }
+#elif LT_USE_WOLFCRYPT
+    int ret = wolfCrypt_Init();
+    if (ret != 0) {
+        LT_LOG_ERROR("WolfCrypt initialization failed, ret=%d (%s)", ret, wc_GetErrorString(ret));
+        return ret;
+    }
 #endif
 
     /* Libtropic handle initialization */
@@ -215,12 +228,7 @@ int main(void)
     lt_handle.l2.device = &device;
 
     /* Crypto abstraction layer (CAL) context (selectable). */
-#if LT_USE_TREZOR_CRYPTO
-    lt_ctx_trezor_crypto_t
-#elif LT_USE_MBEDTLS_V4
-    lt_ctx_mbedtls_v4_t
-#endif
-        crypto_ctx;
+    CRYPTO_CTX_TYPE crypto_ctx;
     lt_handle.l3.crypto_ctx = &crypto_ctx;
 
     /* Test code (correct test function is selected automatically per binary)
@@ -231,6 +239,12 @@ int main(void)
     /* Cryptographic function provider deinitialization. */
 #if LT_USE_MBEDTLS_V4
     mbedtls_psa_crypto_free();
+#elif LT_USE_WOLFCRYPT
+    ret = wolfCrypt_Cleanup();
+    if (ret != 0) {
+        LT_LOG_ERROR("WolfCrypt cleanup failed, ret=%d (%s)", ret, wc_GetErrorString(ret));
+        return ret;
+    }
 #endif
 
     /* Inform the test runner that the test finished */

tests/functional/stm32/nucleo_l432kc/Src/wolfcrypt/user_settings.h

@@ -0,0 +1,26 @@
+#ifndef USER_SETTINGS_H
+#define USER_SETTINGS_H
+
+#define WOLFCRYPT_ONLY  // Build only wolfCrypt library.
+#define NO_OLD_RNGNAME  // Resolves collision between STM32 HAL 'RNG' and WolfSSL 'RNG'.
+// #define USE_FAST_MATH
+
+// We will provide custom implementation for seed generation.
+extern int wolfcrypt_custom_seed_gen(unsigned char *output, unsigned int sz);
+#define CUSTOM_RAND_GENERATE_SEED wolfcrypt_custom_seed_gen
+
+#define WOLFSSL_SMALL_STACK   // Offload stack usage to heap where possible.
+#define WOLFSSL_MALLOC_CHECK  // Optional: Safety check for malloc failures.
+
+#define NO_FILESYSTEM        // Prevents filesystem errors on bare metal.
+#undef WOLFSSL_SYS_CA_CERTS  // Force disable system CA certs (fixes dirent.h / filesystem errors).
+#define NO_WRITEV            // IO vector write support usually missing.
+#define NO_WRITE_TEMP_FILES
+#define NO_DEV_RANDOM  // We use STM32's RNG, not /dev/random.
+#define NO_MAIN_DRIVER
+
+#define WOLFSSL_USER_IO  // Disable the default BSD socket callbacks.
+
+#define SINGLE_THREADED  // No threads.
+
+#endif /* USER_SETTINGS_H */

tests/functional/stm32/nucleo_l432kc/Src/wolfcrypt/wolfcrypt_platform.c

@@ -0,0 +1,27 @@
+#include <stdint.h>
+#include <string.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+
+#include "main.h"
+#include "stm32l4xx_hal.h"
+
+int wolfcrypt_custom_seed_gen(unsigned char *output, unsigned int sz)
+{
+    HAL_StatusTypeDef hal_status = HAL_OK;
+    uint32_t random_data;
+    size_t bytes_left = sz;
+
+    while (bytes_left) {
+        hal_status = HAL_RNG_GenerateRandomNumber(&RNGHandle, &random_data);
+        if (hal_status != HAL_OK) {
+            return RNG_FAILURE_E;
+        }
+
+        size_t cpy_cnt = bytes_left < sizeof(random_data) ? bytes_left : sizeof(random_data);
+        memcpy(output, &random_data, cpy_cnt);
+        bytes_left -= cpy_cnt;
+        output += cpy_cnt;
+    }
+
+    return 0;
+}