Add option to enable wolfCrypt test/benchmark to test-app

Author: dgarske

config/examples/vorago_va416x0.config

@@ -33,7 +33,7 @@ DUALBANK_SWAP?=0
 PKA?=0
 ENCRYPT=0
 WOLFTPM?=0
-OPTIMIZATION_LEVEL=1
+OPTIMIZATION_LEVEL=s
 
 # Optionally allow downgrade to older valid version in update partition
 ALLOW_DOWNGRADE?=0
@@ -45,11 +45,11 @@ NO_ARM_ASM?=0
 # Optional: Use smaller SHA512
 #CFLAGS_EXTRA+=-DUSE_SLOW_SHA512
 
-# 38KB boot, 108KB partitions, 2KB swap
+# Optimized: 46KB wolfboot, 104KB partitions, 2KB swap
 WOLFBOOT_SECTOR_SIZE?=0x800
-WOLFBOOT_PARTITION_SIZE?=0x1B000
-WOLFBOOT_PARTITION_BOOT_ADDRESS?=0x9800
-WOLFBOOT_PARTITION_UPDATE_ADDRESS?=0x24800
+WOLFBOOT_PARTITION_SIZE?=0x1A000
+WOLFBOOT_PARTITION_BOOT_ADDRESS?=0xB800
+WOLFBOOT_PARTITION_UPDATE_ADDRESS?=0x25800
 WOLFBOOT_PARTITION_SWAP_ADDRESS?=0x3F800
 
 # ML-DSA 5: 36KB boot, 96KB partitions, 12KB swap
@@ -81,3 +81,9 @@ WOLFBOOT_RESTORE_CLOCK?=1
 # Optional debugging
 #CFLAGS_EXTRA+=-DDEBUG_EXT_FLASH
 #CFLAGS_EXTRA+=-DTEST_EXT_FLASH
+
+# Optional: Enable wolfCrypt test and benchmark in test-app
+# Uncomment to enable
+# Note: Requires ~80-160KB additional flash and ~10-20KB RAM
+#WOLFCRYPT_TEST?=1
+#WOLFCRYPT_BENCHMARK?=1

include/user_settings.h

@@ -101,8 +101,8 @@ extern int tolower(int c);
     defined(WOLFBOOT_SIGN_SECONDARY_ECC256) || \
     defined(WOLFBOOT_SIGN_SECONDARY_ECC384) || \
     defined(WOLFBOOT_SIGN_SECONDARY_ECC521) || \
-    defined(WOLFCRYPT_SECURE_MODE)
-
+    defined(WOLFCRYPT_SECURE_MODE) || \
+    defined(WOLFCRYPT_TEST) || defined(WOLFCRYPT_BENCHMARK)
 
 #   define HAVE_ECC
 #   define ECC_TIMING_RESISTANT
@@ -118,6 +118,7 @@ extern int tolower(int c);
 
     /* Some ECC options are disabled to reduce size */
 #   if !defined(WOLFCRYPT_SECURE_MODE) && \
+       !defined(WOLFCRYPT_TEST) && !defined(WOLFCRYPT_BENCHMARK) && \
        !defined(WOLFBOOT_ENABLE_WOLFHSM_CLIENT) && \
        !defined(WOLFBOOT_ENABLE_WOLFHSM_SERVER)
 #       if !defined(WOLFBOOT_TPM)
@@ -138,6 +139,7 @@ extern int tolower(int c);
 #       endif
 #   else
 #       define HAVE_ECC_SIGN
+#       define HAVE_ECC_VERIFY
 #ifndef PKCS11_SMALL
 #       define HAVE_ECC_CDH
 #endif
@@ -147,6 +149,7 @@ extern int tolower(int c);
 #       define WOLFSSL_HAVE_SP_ECC
 #       define WOLFSSL_KEY_GEN
 #       define HAVE_ECC_KEY_EXPORT
+#       define HAVE_ECC_KEY_IMPORT
 #   endif
 
     /* SP MATH */
@@ -160,15 +163,18 @@ extern int tolower(int c);
 
     /* Curve */
 #   if defined(WOLFBOOT_SIGN_ECC256) || defined(WOLFCRYPT_SECURE_MODE) || \
-        defined(WOLFBOOT_SIGN_SECONDARY_ECC256)
+        defined(WOLFBOOT_SIGN_SECONDARY_ECC256) || \
+        defined(WOLFCRYPT_TEST) || defined(WOLFCRYPT_BENCHMARK)
 #       define HAVE_ECC256
 #   endif
 #   if defined(WOLFBOOT_SIGN_ECC384) || \
         defined(WOLFBOOT_SIGN_SECONDARY_ECC384) || \
-        defined(WOLFCRYPT_SECURE_MODE)
+        defined(WOLFCRYPT_SECURE_MODE) || \
+        defined(WOLFCRYPT_TEST) || defined(WOLFCRYPT_BENCHMARK)
 #       define HAVE_ECC384
 #       define WOLFSSL_SP_384
 #   endif
+    /* ECC521 only enabled if specifically requested (not for tests - too large) */
 #   if defined(WOLFBOOT_SIGN_ECC521) || \
         defined(WOLFBOOT_SIGN_SECONDARY_ECC521) || \
         defined(WOLFCRYPT_SECURE_MODE)
@@ -219,6 +225,7 @@ extern int tolower(int c);
 #   define RSA_LOW_MEM
 #   define WC_ASN_HASH_SHA256
 #   if !defined(WOLFBOOT_TPM) && !defined(WOLFCRYPT_SECURE_MODE) && \
+       !defined(WOLFCRYPT_TEST) && !defined(WOLFCRYPT_BENCHMARK) && \
        !defined(WOLFBOOT_ENABLE_WOLFHSM_CLIENT) && \
        !defined(WOLFBOOT_ENABLE_WOLFHSM_SERVER)
 #       define WOLFSSL_RSA_VERIFY_INLINE
@@ -305,15 +312,17 @@ extern int tolower(int c);
 #ifdef WOLFBOOT_HASH_SHA3_384
 #   define WOLFSSL_SHA3
 #   if defined(NO_RSA) && !defined(WOLFBOOT_TPM) && \
-    !defined(WOLFCRYPT_SECURE_MODE)
+        !defined(WOLFCRYPT_SECURE_MODE) && \
+        !defined(WOLFCRYPT_TEST) && !defined(WOLFCRYPT_BENCHMARK)
 #       define NO_SHA256
 #   endif
 #endif
 
 #ifdef WOLFBOOT_HASH_SHA384
 #   define WOLFSSL_SHA384
 #   if defined(NO_RSA) && !defined(WOLFBOOT_TPM) && \
-    !defined(WOLFCRYPT_SECURE_MODE)
+    !defined(WOLFCRYPT_SECURE_MODE) && \
+    !defined(WOLFCRYPT_TEST) && !defined(WOLFCRYPT_BENCHMARK)
 #       define NO_SHA256
 #   endif
 #ifndef WOLFSSL_SHA512
@@ -410,7 +419,8 @@ extern int tolower(int c);
 
 #if (defined(WOLFBOOT_TPM_SEAL) && defined(WOLFBOOT_ATA_DISK_LOCK)) || \
     defined(WOLFBOOT_ENABLE_WOLFHSM_CLIENT) || \
-    defined(WOLFBOOT_ENABLE_WOLFHSM_SERVER)
+    defined(WOLFBOOT_ENABLE_WOLFHSM_SERVER) || \
+    defined(WOLFCRYPT_TEST) || defined(WOLFCRYPT_BENCHMARK)
 #   define WOLFSSL_BASE64_ENCODE
 #else
 #   define NO_CODING
@@ -464,7 +474,8 @@ extern int tolower(int c);
     #endif
 #endif
 
-#if !defined(WOLFCRYPT_SECURE_MODE) && !defined(WOLFBOOT_TPM_PARMENC)
+#if !defined(WOLFCRYPT_SECURE_MODE) && !defined(WOLFBOOT_TPM_PARMENC) && \
+    !defined(WOLFCRYPT_TEST) && !defined(WOLFCRYPT_BENCHMARK)
 #if !(defined(WOLFBOOT_ENABLE_WOLFHSM_CLIENT) && \
       defined(WOLFBOOT_SIGN_ML_DSA)) && \
     !defined(WOLFBOOT_ENABLE_WOLFHSM_SERVER)
@@ -473,8 +484,16 @@ extern int tolower(int c);
     #define WC_NO_HASHDRBG
     #define NO_AES_CBC
 #else
-    #define HAVE_HASHDRBG
-    #define WOLFSSL_AES_CFB
+    #if defined(WOLFCRYPT_TEST) || defined(WOLFCRYPT_BENCHMARK)
+        /* Use custom RNG for tests (saves ~7KB vs HASHDRBG) */
+        #define WC_NO_HASHDRBG
+        #define CUSTOM_RAND_GENERATE_SEED my_rng_seed_gen
+        #define CUSTOM_RAND_GENERATE_BLOCK my_rng_seed_gen
+        extern int my_rng_seed_gen(unsigned char* output, unsigned int sz);
+    #else
+        #define HAVE_HASHDRBG
+        #define WOLFSSL_AES_CFB
+    #endif
 #endif
 
 
@@ -485,11 +504,15 @@ extern int tolower(int c);
 
 #if !defined(WOLFBOOT_TPM) && !defined(WOLFCRYPT_SECURE_MODE)
 #   define NO_HMAC
-#if !(defined(WOLFBOOT_ENABLE_WOLFHSM_CLIENT) && \
-      defined(WOLFBOOT_SIGN_ML_DSA)) &&          \
-    !defined(WOLFBOOT_ENABLE_WOLFHSM_SERVER)
-#define WC_NO_RNG
 #endif
+
+#if !defined(WOLFBOOT_TPM) && !defined(WOLFCRYPT_SECURE_MODE) && \
+    !defined(WOLFCRYPT_TEST) && !defined(WOLFCRYPT_BENCHMARK)
+#   if !(defined(WOLFBOOT_ENABLE_WOLFHSM_CLIENT) && \
+       defined(WOLFBOOT_SIGN_ML_DSA)) &&          \
+      !defined(WOLFBOOT_ENABLE_WOLFHSM_SERVER)
+#   define WC_NO_RNG
+#   endif
 #   define WC_NO_HASHDRBG
 #   define NO_DEV_RANDOM
 #   if !defined(WOLFBOOT_ENABLE_WOLFHSM_CLIENT) && \
@@ -534,9 +557,49 @@ extern int tolower(int c);
 #define NO_CHECK_PRIVATE_KEY
 #define NO_KDF
 
-#define BENCH_EMBEDDED
-#define NO_CRYPT_TEST
-#define NO_CRYPT_BENCHMARK
+/* wolfCrypt Test/Benchmark Configuration */
+#ifdef WOLFCRYPT_TEST
+    /* Skip extended tests to save memory */
+    #define NO_CRYPT_TEST_EXTENDED
+    /* Use smaller certificate buffers */
+    #define USE_CERT_BUFFERS_256
+    /* Override default NO_CRYPT_TEST */
+    #undef NO_CRYPT_TEST
+#else
+    #define NO_CRYPT_TEST
+#endif
+
+#ifdef WOLFCRYPT_BENCHMARK
+    /* Embedded benchmark mode */
+    #ifndef BENCH_EMBEDDED
+        #define BENCH_EMBEDDED
+    #endif
+    /* Override default NO_CRYPT_BENCHMARK */
+    #undef NO_CRYPT_BENCHMARK
+#else
+    #define NO_CRYPT_BENCHMARK
+#endif
+
+/* Common optimizations when test/benchmark enabled */
+#if defined(WOLFCRYPT_TEST) || defined(WOLFCRYPT_BENCHMARK)
+    #define NO_WRITE_TEMP_FILES
+
+    /* Enable malloc for test/benchmark (they need dynamic allocation) */
+    #undef NO_WOLFSSL_MEMORY
+    #undef WOLFSSL_NO_MALLOC
+
+    /* Enable SP math digit operations */
+    #define WOLFSSL_SP_MUL_D
+
+    /* User time functions provided */
+    #define WOLFSSL_USER_CURRTIME
+    #define XTIME my_time
+    extern unsigned long my_time(unsigned long* timer);
+#endif
+
+#if !defined(WOLFCRYPT_TEST) && !defined(WOLFCRYPT_BENCHMARK)
+    #define BENCH_EMBEDDED
+#endif
 
 #if defined(WOLFCRYPT_TZ_PSA)
 #undef NO_CMAC

test-app/ARM-va416x0.ld

@@ -1,5 +1,5 @@
-_Min_Heap_Size  = 0x00002000; /* required amount of heap  */
-_Min_Stack_Size = 0x00002000; /* required amount of stack */
+_Min_Heap_Size  = 0x00003000; /* required amount of heap  */
+_Min_Stack_Size = 0x00003000; /* required amount of stack */
 
 /* Memory areas */
 MEMORY

test-app/Makefile

@@ -95,6 +95,68 @@ ifeq ($(DEBUG_UART),1)
     APP_OBJS+=../src/string.o
 endif
 
+# wolfCrypt Test and Benchmark Support
+WOLFCRYPT_SUPPORT=0
+
+ifeq ($(WOLFCRYPT_TEST),1)
+  CFLAGS+=-DWOLFCRYPT_TEST
+  WOLFCRYPT_SUPPORT=1
+  APP_OBJS+=$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/test/test.o
+endif
+
+ifeq ($(WOLFCRYPT_BENCHMARK),1)
+  CFLAGS+=-DWOLFCRYPT_BENCHMARK
+  WOLFCRYPT_SUPPORT=1
+  APP_OBJS+=$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/benchmark/benchmark.o
+endif
+
+ifeq ($(WOLFCRYPT_SUPPORT),1)
+  # Add support infrastructure
+  APP_OBJS+=wolfcrypt_support.o
+  APP_OBJS+=syscalls.o
+
+  # Add wolfCrypt core implementation files
+  APP_OBJS+=$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/hash.o
+  APP_OBJS+=$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/wc_port.o
+  APP_OBJS+=$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/logging.o
+  APP_OBJS+=$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/misc.o
+  APP_OBJS+=$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/wolfmath.o
+  APP_OBJS+=$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/memory.o
+  APP_OBJS+=$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/asn.o
+  APP_OBJS+=$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/coding.o
+
+  # Add SHA implementations (needed for test/benchmark)
+  APP_OBJS+=$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/sha256.o
+  APP_OBJS+=$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/sha512.o
+  APP_OBJS+=$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/hmac.o
+
+  # Add RNG support (needed for ECC signing and tests)
+  APP_OBJS+=$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/random.o
+
+  # Add ECC support (needed by test suite)
+  APP_OBJS+=$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/ecc.o
+  APP_OBJS+=$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/sp_int.o
+
+  # Add SP math implementations for ARM Cortex-M
+  APP_OBJS+=$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/sp_cortexm.o
+  APP_OBJS+=$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/sp_c32.o
+
+  ifneq ($(NO_ARM_ASM),1)
+    APP_OBJS+= \
+          $(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/port/arm/thumb2-aes-asm_c.o \
+          $(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/port/arm/thumb2-sha256-asm_c.o \
+          $(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/port/arm/thumb2-sha512-asm_c.o \
+          $(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/port/arm/thumb2-sha3-asm_c.o \
+          $(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/port/arm/thumb2-chacha-asm_c.o
+
+    CFLAGS+=-DWOLFSSL_ARMASM -DWOLFSSL_ARMASM_NO_HW_CRYPTO -DWOLFSSL_ARMASM_INLINE \
+                              -DWOLFSSL_ARMASM_NO_NEON -DWOLFSSL_ARMASM_THUMB2
+  endif
+
+  CFLAGS+=-DWOLFSSL_USER_SETTINGS
+  CFLAGS+=-I"$(WOLFBOOT_LIB_WOLFSSL)"
+endif
+
 ifeq ($(TZEN),1)
     CFLAGS+=-DNONSECURE_APP
     CFLAGS+=-I./
@@ -331,6 +393,9 @@ ifeq ($(TARGET),va416x0)
   APP_OBJS+=$(SDK_OBJS)
   LSCRIPT_TEMPLATE=ARM-va416x0.ld
   APP_OBJS+=../src/keystore.o
+  # Reduce size: newlib-nano (small printf/snprintf, no float) and section GC
+  LDFLAGS+=--specs=nano.specs --specs=nosys.specs
+  CFLAGS+=-ffunction-sections -fdata-sections
 endif
 
 ifeq ($(TARGET),sim)

test-app/app_va416x0.c

@@ -35,6 +35,19 @@
 
 #include "../hal/va416x0.h"
 
+/* wolfCrypt test/benchmark support */
+#ifdef WOLFCRYPT_TEST
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfcrypt/test/test.h>
+int wolfcrypt_test(void *args);
+#endif
+
+#ifdef WOLFCRYPT_BENCHMARK
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfcrypt/benchmark/benchmark.h>
+int benchmark_test(void *args);
+#endif
+
 /* Vorago HAL includes */
 #include "va416xx_hal.h"
 #include "va416xx_hal_clkgen.h"
@@ -151,6 +164,21 @@ void main(void)
 
     print_info();
 
+#ifdef WOLFCRYPT_TEST
+    wolfBoot_printf("\r\nRunning wolfCrypt tests...\r\n");
+    wolfCrypt_Init();
+    wolfcrypt_test(NULL);
+    wolfCrypt_Cleanup();
+    wolfBoot_printf("Tests complete.\r\n\r\n");
+#endif
+
+#ifdef WOLFCRYPT_BENCHMARK
+    wolfBoot_printf("Running wolfCrypt benchmarks...\r\n");
+    wolfCrypt_Init();
+    benchmark_test(NULL);
+    wolfCrypt_Cleanup();
+    wolfBoot_printf("Benchmarks complete.\r\n\r\n");
+#endif
 
     if (app_version > 1) {
         /* Turn on update LED */