Skip to content

Fixes for STSAFE-A120 ECDHE #9703

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
JacobBarthelmeh merged 1 commit into from
Jan 23, 2026
Merged

Fixes for STSAFE-A120 ECDHE #9703

JacobBarthelmeh merged 1 commit into from
Jan 23, 2026
+45 −17

Conversation

@dgarske
Copy link
Contributor

@dgarske dgarske commented Jan 22, 2026

Description

Fixes for STSAFE-A120 ECDHE

Testing

On Pi5 with STSAFE-A120:

=== Running wolfssl_stsafe_test ===
================================================
wolfSSL STSAFE-A120 Crypto Callback Test Suite
================================================

Initializing STSAFE-A120...
STSAFE-A120 initialized successfully.
STSAFE crypto callback registered (devId: 0x53545341).

Test: RNG with STSAFE-A120
  Random data: 85 59 8D B2 0C EA 44 60 86 98 79 6D B4 8F CE 78 ...
[PASS] RNG with STSAFE-A120

Test: ECC P-256 Key Generation with STSAFE-A120
STSAFE: KeyGen slot 1, curve_id 0
  Public Key X: 6C4DCA5736637C77...
  Public Key Y: B44A20A27C0F7D5A...
[PASS] ECC P-256 key generation

Test: ECC P-384 Key Generation with STSAFE-A120
STSAFE: KeyGen slot 1, curve_id 1
  Public Key X: 229BA85B27643A95...
  Public Key Y: D9E0FDB641DF9224...
[PASS] ECC P-384 key generation

Test: ECDSA P-256 Sign/Verify with STSAFE-A120
STSAFE: KeyGen slot 1, curve_id 0
  Key pair generated.
STSAFE: Sign using slot 1
  Signature (70 bytes): 3044022024DC7E23...
  Signature verified!
  Verifying signature using STSAFE hardware...
  Hardware signature verified!
[PASS] ECDSA P-256 sign/verify

Test: ECDSA P-384 Sign/Verify with STSAFE-A120
STSAFE: KeyGen slot 1, curve_id 1
  Key pair generated.
STSAFE: Sign using slot 1
  Signature (104 bytes): 3066023100A161F0...
  Signature verified!
  Verifying signature using STSAFE hardware...
  Hardware signature verified!
[PASS] ECDSA P-384 sign/verify

Test: ECDHE P-256 Ephemeral Key Generation with STSAFE-A120
  Note: Uses stse_generate_ECDHE_key_pair() for ephemeral keys
STSAFE: KeyGen slot 255, curve_id 0
  Public Key X: B00E019415B256BC...
  Public Key Y: 1ADE13316DBDD227...
  Ephemeral key generated successfully (private key in STSE internal memory)
[PASS] ECDHE P-256 ephemeral key generation

Test: ECDH P-256 Shared Secret Computation (STSAFE + wolfCrypt)
  Note: One side uses STSAFE hardware (ephemeral slot), other uses wolfCrypt software
  Generating hardware key pair (STSAFE ephemeral slot via crypto callback)...
STSAFE: KeyGen slot 255, curve_id 0
    HW key generated (in ephemeral slot)
  Generating software key pair (wolfCrypt)...
    SW key generated
  Computing shared secret (STSAFE: HW priv * SW pub)...
STSAFE: ECDH with slot 255, curve_id 0
    STSAFE shared secret computed (32 bytes)
  Computing shared secret (wolfCrypt: SW priv * HW pub)...
    wolfCrypt shared secret computed (32 bytes)
  Shared secrets match! (20D59859DD3F3836...)
[PASS] ECDH P-256 shared secret computation

================================================
Test Summary: 7 passed, 0 failed
================================================

=== Running wolfssl_stsafe_full_test ===
================================================================
wolfSSL STSAFE-A120 Full Integration Test Suite
================================================================

Initializing STSAFE-A120...
STSAFE-A120 initialized successfully.
STSAFE crypto callback registered (devId: 0x53545341).

Test: RNG Benchmark (STSAFE-A120)
  Generated 100 x 256 bytes in 2.90 ms
  Throughput: 8632.60 KB/s
[PASS] RNG benchmark

Test: ECDSA P-256 Benchmark (STSAFE-A120)
STSAFE: KeyGen slot 1, curve_id 0
  Key generation: 49.66 ms
STSAFE: Sign using slot 1
STSAFE: Sign using slot 1
STSAFE: Sign using slot 1
STSAFE: Sign using slot 1
STSAFE: Sign using slot 1
STSAFE: Sign using slot 1
STSAFE: Sign using slot 1
STSAFE: Sign using slot 1
STSAFE: Sign using slot 1
STSAFE: Sign using slot 1
  Signing: 10 ops in 512.94 ms (19.50 ops/sec)
  Verification: 10 ops in 788.35 ms (12.68 ops/sec)
[PASS] ECDSA P-256 benchmark

Test: ECDH P-256 Key Exchange (HW + SW)
  Note: STSAFE key (ephemeral slot 0xFF) for one side, software for other
  Generating hardware key pair (STSAFE)...
STSAFE: KeyGen slot 255, curve_id 0
    HW Key generated in 39.50 ms
  Generating software key pair...
    SW Key generated in 10.64 ms
  Computing shared secret (STSAFE: HW priv * SW pub)...
STSAFE: ECDH with slot 255, curve_id 0
    STSAFE ECDH computed in 71.75 ms
  Computing shared secret (Software: SW priv * HW pub)...
    Software ECDH computed in 10.66 ms
  Shared secrets match! (D639079B44D7ADC9...)
[PASS] ECDH P-256 key exchange (HW+SW)

Test: Multiple Sequential Operations
  Generating key pair 1...
STSAFE: KeyGen slot 1, curve_id 0
STSAFE: Sign using slot 1
    Key 1: Generated and signed successfully
  Generating key pair 2...
STSAFE: KeyGen slot 1, curve_id 0
STSAFE: Sign using slot 1
    Key 2: Generated and signed successfully
  Generating key pair 3...
STSAFE: KeyGen slot 1, curve_id 0
STSAFE: Sign using slot 1
    Key 3: Generated and signed successfully
  Verifying all signatures...
    All 3 signatures verified!
[PASS] Multiple sequential operations

================================================================
Test Summary: 4 passed, 0 failed
================================================================

Checklist

  • added tests
  • updated/added doxygen
  • updated appropriate READMEs
  • Updated manual and documentation

@dgarske
Copy link
Contributor Author

dgarske commented Jan 23, 2026

Jenkins retest this please: "Generic Config" "AgentOfflineException"

@dgarske dgarske assigned JacobBarthelmeh and unassigned dgarske Jan 23, 2026
@JacobBarthelmeh JacobBarthelmeh merged commit 2f388dd into wolfSSL:master Jan 23, 2026
480 of 483 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@JacobBarthelmeh JacobBarthelmeh JacobBarthelmeh approved these changes

Assignees

@JacobBarthelmeh JacobBarthelmeh

@wolfSSL-Bot wolfSSL-Bot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@dgarske @JacobBarthelmeh @wolfSSL-Bot