Support for Curve25519 non-blocking cryptography (based on PR #5764)

Author: dgarske

.github/workflows/os-check.yml

@@ -81,6 +81,7 @@ jobs:
           '--enable-all CPPFLAGS=-DWOLFSSL_NO_CLIENT_AUTH',
           '--enable-all CPPFLAGS=''-DNO_WOLFSSL_CLIENT -DWOLFSSL_NO_CLIENT_AUTH''',
           '--enable-all CPPFLAGS=''-DNO_WOLFSSL_SERVER -DWOLFSSL_NO_CLIENT_AUTH''',
+          '--enable-curve25519=nonblock --enable-ecc=nonblock --enable-sp=yes,nonblock CFLAGS="-DWOLFSSL_PUBLIC_MP -DWOLFSSL_DEBUG_NONBLOCK"',
         ]
     name: make check
     if: github.repository_owner == 'wolfssl'
@@ -127,6 +128,7 @@ jobs:
           'examples/configs/user_settings_dtls13.h',
           'examples/configs/user_settings_EBSnet.h',
           'examples/configs/user_settings_eccnonblock.h',
+          'examples/configs/user_settings_curve25519nonblock.h',
           'examples/configs/user_settings_min_ecc.h',
           'examples/configs/user_settings_openssl_compat.h',
           'examples/configs/user_settings_pkcs7.h',

.wolfssl_known_macro_extras

@@ -597,6 +597,7 @@ WC_AES_GCM_DEC_AUTH_EARLY
 WC_ASN_HASH_SHA256
 WC_ASN_RUNTIME_DATE_CHECK_CONTROL
 WC_ASYNC_ENABLE_ECC_KEYGEN
+WC_ASYNC_ENABLE_X25519
 WC_ASYNC_NO_3DES
 WC_ASYNC_NO_AES
 WC_ASYNC_NO_ARC4

configure.ac

@@ -4816,11 +4816,18 @@ ENABLED_ED25519_SMALL=no
 
 # CURVE25519
 AC_ARG_ENABLE([curve25519],
-    [AS_HELP_STRING([--enable-curve25519],[Enable Curve25519 (default: disabled)])],
+    [AS_HELP_STRING([--enable-curve25519],[Enable Curve25519 (default: disabled). Set to "nonblock" to enable non-blocking support for key gen and shared secret])],
     [ ENABLED_CURVE25519=$enableval ],
     [ ENABLED_CURVE25519=no ]
     )
 
+# Handle curve25519 nonblock option - enable asynccrypt and asynccrypt-sw early
+if test "$ENABLED_CURVE25519" = "nonblock"
+then
+    test -z "$enable_asynccrypt" && enable_asynccrypt=yes
+    test -z "$enable_asynccrypt_sw" && enable_asynccrypt_sw=yes
+fi
+
 if test "$ENABLED_CURVE25519" = "no" && test "$ENABLED_QUIC" = "yes" && test "$ENABLED_FIPS" = "no"
 then
     ENABLED_CURVE25519=yes
@@ -10328,12 +10335,17 @@ fi
 
 if test "$ENABLED_CURVE25519" != "no"
 then
-    if test "$ENABLED_CURVE25519" = "small" || test "$ENABLED_LOWRESOURCE" = "yes"
+    if test "$ENABLED_CURVE25519" = "small" || test "$ENABLED_CURVE25519" = "nonblock" || test "$ENABLED_LOWRESOURCE" = "yes"
     then
         AM_CFLAGS="$AM_CFLAGS -DCURVE25519_SMALL"
         ENABLED_CURVE25519_SMALL=yes
     fi
 
+    if test "$ENABLED_CURVE25519" = "nonblock"
+    then
+        AM_CFLAGS="$AM_CFLAGS -DWC_X25519_NONBLOCK"
+    fi
+
     if test "$ENABLED_CURVE25519" = "no128bit" || test "$ENABLED_32BIT" = "yes"
     then
         AM_CFLAGS="$AM_CFLAGS -DNO_CURVED25519_128BIT"

examples/async/async_client.c

@@ -47,16 +47,25 @@
 #include "examples/async/async_tls.h"
 
 /* Test certificates and keys for RSA and ECC */
-#ifndef NO_RSA
-    #define CERT_FILE "./certs/client-cert.pem"
-    #define KEY_FILE  "./certs/client-key.pem"
-    #define CA_FILE   "./certs/ca-cert.pem"
-#elif defined(HAVE_ECC)
+#if defined(ASYNC_ECC_ONLY)
+    #ifndef HAVE_ECC
+        #error ASYNC_ECC_ONLY requires HAVE_ECC
+    #endif
     #define CERT_FILE "./certs/client-ecc-cert.pem"
     #define KEY_FILE  "./certs/ecc-client-key.pem"
     #define CA_FILE   "./certs/ca-ecc-cert.pem"
 #else
-    #error No authentication algorithm (ECC/RSA)
+    #ifndef NO_RSA
+        #define CERT_FILE "./certs/client-cert.pem"
+        #define KEY_FILE  "./certs/client-key.pem"
+        #define CA_FILE   "./certs/ca-cert.pem"
+    #elif defined(HAVE_ECC)
+        #define CERT_FILE "./certs/client-ecc-cert.pem"
+        #define KEY_FILE  "./certs/ecc-client-key.pem"
+        #define CA_FILE   "./certs/ca-ecc-cert.pem"
+    #else
+        #error No authentication algorithm (ECC/RSA)
+    #endif
 #endif
 
 int client_async_test(int argc, char** argv)
@@ -123,6 +132,7 @@ int client_async_test(int argc, char** argv)
         fprintf(stderr, "ERROR: Failed to initialize the library\n");
         goto exit;
     }
+    async_print_ecc_nonblock_status();
 
     /* Create and initialize WOLFSSL_CTX */
     if ((ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())) == NULL) {

examples/async/async_server.c

@@ -52,16 +52,25 @@
 #include "examples/async/async_tls.h"
 
 /* Test certificates and keys for RSA and ECC */
-#ifndef NO_RSA
-    #define CERT_FILE "./certs/server-cert.pem"
-    #define KEY_FILE  "./certs/server-key.pem"
-    #define CA_FILE   "./certs/client-cert.pem"
-#elif defined(HAVE_ECC)
+#if defined(ASYNC_ECC_ONLY)
+    #ifndef HAVE_ECC
+        #error ASYNC_ECC_ONLY requires HAVE_ECC
+    #endif
     #define CERT_FILE "./certs/server-ecc.pem"
     #define KEY_FILE  "./certs/ecc-key.pem"
     #define CA_FILE   "./certs/client-ecc-cert.pem"
 #else
-    #error No authentication algorithm (ECC/RSA)
+    #ifndef NO_RSA
+        #define CERT_FILE "./certs/server-cert.pem"
+        #define KEY_FILE  "./certs/server-key.pem"
+        #define CA_FILE   "./certs/client-cert.pem"
+    #elif defined(HAVE_ECC)
+        #define CERT_FILE "./certs/server-ecc.pem"
+        #define KEY_FILE  "./certs/ecc-key.pem"
+        #define CA_FILE   "./certs/client-ecc-cert.pem"
+    #else
+        #error No authentication algorithm (ECC/RSA)
+    #endif
 #endif
 
 static int mSockfd = SOCKET_INVALID;
@@ -173,6 +182,7 @@ int server_async_test(int argc, char** argv)
         fprintf(stderr, "ERROR: Failed to initialize the library\n");
         goto exit;
     }
+    async_print_ecc_nonblock_status();
 
     /* Create and initialize WOLFSSL_CTX */
     if ((ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())) == NULL) {

examples/async/async_tls.h

@@ -26,6 +26,22 @@
 #define DEFAULT_PORT 11111
 #define TEST_BUF_SZ  256
 
+/* Force ECC-only certs/keys for these async TLS examples. */
+#ifndef ASYNC_ECC_ONLY
+#define ASYNC_ECC_ONLY 1
+#endif
+
+static WC_INLINE void async_print_ecc_nonblock_status(void)
+{
+#if defined(WC_ECC_NONBLOCK) && defined(WOLFSSL_HAVE_SP_ECC)
+    printf("ECC non-blocking: enabled (WC_ECC_NONBLOCK + WOLFSSL_HAVE_SP_ECC)\n");
+#elif defined(WC_ECC_NONBLOCK)
+    printf("ECC non-blocking: WC_ECC_NONBLOCK defined but SP-ECC missing\n");
+#else
+    printf("ECC non-blocking: disabled (WC_ECC_NONBLOCK not defined)\n");
+#endif
+}
+
 #ifdef WOLF_CRYPTO_CB
 /* Example custom context for crypto callback */
 typedef struct {

examples/configs/README.md

@@ -12,6 +12,7 @@ Example wolfSSL configuration file templates for use when autoconf is not availa
 * `user_settings_espressif.h`: Example configuration for Espressif ESP32. See also [wolfSSL/IDE/Espressif](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif).
 * `user_settings_fipsv2.h`: The FIPS v2 (3389) 140-2 certificate build options.
 * `user_settings_fipsv5.h`: The FIPS v5 (ready) 140-3 build options. Equivalent to `./configure --enable-fips=v5-dev`.
+* `user_settings_curve25519nonblock.h`: Example Curve25519 (X25519) non-blocking configuration.
 * `user_settings_min_ecc.h`: Minimal ECC and SHA-256 only (no TLS). For ECC verify only add `NO_ECC_SIGN`.
 * `user_settings_platformio.h`: An example for PlatformIO library. See also [platformio/wolfssl](https://registry.platformio.org/libraries/wolfssl/wolfssl).
 * `user_settings_stm32.h`: Example configuration file generated from the wolfSSL STM32 Cube pack.

examples/configs/user_settings_curve25519nonblock.h

@@ -0,0 +1,88 @@
+/* user_settings_curve25519nonblock.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* Example wolfSSL user_settings.h file for Curve25519 (X25519) non-blocking.
+ * See doc/dox_comments/header_files/curve25519.h wc_curve25519_set_nonblock.
+ */
+
+/* Settings based on this configure:
+./configure --enable-curve25519=nonblock --enable-ecc=nonblock \
+    --enable-sp=yes,nonblock \
+    CFLAGS="-DWOLFSSL_PUBLIC_MP -DWOLFSSL_DEBUG_NONBLOCK"
+*/
+
+/* Tested using:
+cp ./examples/configs/user_settings_curve25519nonblock.h user_settings.h
+./configure --enable-usersettings --enable-debug --disable-examples
+make
+./wolfcrypt/test/testwolfcrypt
+*/
+
+/* Example test results:
+CURVE25519 non-block key gen: 1273 times
+CURVE25519 non-block shared secret: 1275 times
+CURVE25519 test passed!
+*/
+
+#ifndef WOLFSSL_USER_SETTINGS_H
+#define WOLFSSL_USER_SETTINGS_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Features */
+#define WOLFCRYPT_ONLY
+#define WOLFSSL_ASN_TEMPLATE
+#define WOLFSSL_PUBLIC_MP /* expose mp_ math API's */
+#define HAVE_HASHDRBG
+
+/* Curve25519 (X25519) */
+#define HAVE_CURVE25519
+#define CURVE25519_SMALL
+#define WC_X25519_NONBLOCK
+
+/* Debugging */
+#if 1
+    #undef  DEBUG_WOLFSSL
+    #define DEBUG_WOLFSSL
+    #define WOLFSSL_DEBUG_NONBLOCK
+#endif
+
+/* Disabled algorithms */
+#define NO_OLD_TLS
+#define NO_RSA
+#define NO_DH
+#define NO_PSK
+#define NO_MD4
+#define NO_MD5
+#define NO_SHA
+#define NO_DSA
+#define NO_DES3
+#define NO_RC4
+#define WOLFSSL_NO_SHAKE128
+#define WOLFSSL_NO_SHAKE256
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* WOLFSSL_USER_SETTINGS_H */

src/internal.c

@@ -6117,7 +6117,7 @@ static int X25519SharedSecret(WOLFSSL* ssl, curve25519_key* priv_key,
 
 #ifdef WOLFSSL_ASYNC_CRYPT
     /* initialize event */
-    ret = wolfSSL_AsyncInit(ssl, &priv_key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
+    ret = wolfSSL_AsyncInit(ssl, &priv_key->asyncDev, WC_ASYNC_FLAG_NONE);
     if (ret != 0)
         return ret;
 #endif
@@ -8189,6 +8189,14 @@ void FreeKey(WOLFSSL* ssl, int type, void** pKey)
         #endif /* HAVE_ED25519 */
         #ifdef HAVE_CURVE25519
             case DYNAMIC_TYPE_CURVE25519:
+            #if defined(WC_X25519_NONBLOCK) && \
+                defined(WOLFSSL_ASYNC_CRYPT_SW) && \
+                defined(WC_ASYNC_ENABLE_X25519)
+                if (((curve25519_key*)*pKey)->nbCtx != NULL) {
+                    XFREE(((curve25519_key*)*pKey)->nbCtx, ssl->heap,
+                          DYNAMIC_TYPE_TMP_BUFFER);
+                }
+            #endif
                 wc_curve25519_free((curve25519_key*)*pKey);
                 break;
         #endif /* HAVE_CURVE25519 */
@@ -8236,8 +8244,15 @@ int AllocKey(WOLFSSL* ssl, int type, void** pKey)
 #endif /* HAVE_ECC */
 #if defined(WC_ECC_NONBLOCK) && defined(WOLFSSL_ASYNC_CRYPT_SW) && \
     defined(WC_ASYNC_ENABLE_ECC)
-    ecc_nb_ctx_t* nbCtx;
-#endif /* WC_ECC_NONBLOCK && WOLFSSL_ASYNC_CRYPT_SW && WC_ASYNC_ENABLE_ECC*/
+    ecc_nb_ctx_t* eccNbCtx;
+#endif /* WC_ECC_NONBLOCK && WOLFSSL_ASYNC_CRYPT_SW && WC_ASYNC_ENABLE_ECC */
+#ifdef HAVE_CURVE25519
+    curve25519_key* x25519Key;
+#endif /* HAVE_CURVE25519 */
+#if defined(WC_X25519_NONBLOCK) && defined(WOLFSSL_ASYNC_CRYPT_SW) && \
+    defined(WC_ASYNC_ENABLE_X25519)
+    x25519_nb_ctx_t* x25519NbCtx;
+#endif /* WC_ECC_NONBLOCK && WOLFSSL_ASYNC_CRYPT_SW && WC_ASYNC_ENABLE_X25519 */
 
     if (ssl == NULL || pKey == NULL) {
         return BAD_FUNC_ARG;
@@ -8323,23 +8338,23 @@ int AllocKey(WOLFSSL* ssl, int type, void** pKey)
         case DYNAMIC_TYPE_ECC:
             eccKey = (ecc_key*)*pKey;
             ret = wc_ecc_init_ex(eccKey, ssl->heap, ssl->devId);
+        #if defined(WC_ECC_NONBLOCK) && defined(WOLFSSL_ASYNC_CRYPT_SW) && \
+            defined(WC_ASYNC_ENABLE_ECC)
             if (ret == 0) {
-            #if defined(WC_ECC_NONBLOCK) && defined(WOLFSSL_ASYNC_CRYPT_SW) && \
-                defined(WC_ASYNC_ENABLE_ECC)
-                nbCtx = (ecc_nb_ctx_t*)XMALLOC(sizeof(ecc_nb_ctx_t),
-                            eccKey->heap, DYNAMIC_TYPE_TMP_BUFFER);
-                if (nbCtx == NULL) {
+                eccNbCtx = (ecc_nb_ctx_t*)XMALLOC(sizeof(ecc_nb_ctx_t),
+                               eccKey->heap, DYNAMIC_TYPE_TMP_BUFFER);
+                if (eccNbCtx == NULL) {
                     ret = MEMORY_E;
                 }
                 else {
-                    ret = wc_ecc_set_nonblock(eccKey, nbCtx);
+                    ret = wc_ecc_set_nonblock(eccKey, eccNbCtx);
                     if (ret != 0) {
-                        XFREE(nbCtx, eccKey->heap, DYNAMIC_TYPE_TMP_BUFFER);
+                        XFREE(eccNbCtx, eccKey->heap, DYNAMIC_TYPE_TMP_BUFFER);
                     }
                 }
-            #endif /* WC_ECC_NONBLOCK && WOLFSSL_ASYNC_CRYPT_SW &&
-                      WC_ASYNC_ENABLE_ECC */
             }
+        #endif /* WC_ECC_NONBLOCK && WOLFSSL_ASYNC_CRYPT_SW &&
+                  WC_ASYNC_ENABLE_ECC */
             break;
     #endif /* HAVE_ECC */
     #ifdef HAVE_ED25519
@@ -8350,8 +8365,25 @@ int AllocKey(WOLFSSL* ssl, int type, void** pKey)
     #endif /* HAVE_CURVE25519 */
     #ifdef HAVE_CURVE25519
         case DYNAMIC_TYPE_CURVE25519:
-            wc_curve25519_init_ex((curve25519_key*)*pKey, ssl->heap, ssl->devId);
-            ret = 0;
+            x25519Key = (curve25519_key*)*pKey;
+            ret = wc_curve25519_init_ex(x25519Key, ssl->heap, ssl->devId);
+        #if defined(WC_X25519_NONBLOCK) && defined(WOLFSSL_ASYNC_CRYPT_SW) && \
+            defined(WC_ASYNC_ENABLE_X25519)
+            if (ret == 0) {
+                x25519NbCtx = (x25519_nb_ctx_t*)XMALLOC(sizeof(x25519_nb_ctx_t),
+                                  ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
+                if (x25519NbCtx == NULL) {
+                    ret = MEMORY_E;
+                }
+                else {
+                    ret = wc_curve25519_set_nonblock(x25519Key, x25519NbCtx);
+                    if (ret != 0) {
+                        XFREE(x25519NbCtx, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
+                    }
+                }
+            }
+        #endif /* WC_X25519_NONBLOCK && WOLFSSL_ASYNC_CRYPT_SW &&
+                  WC_ASYNC_ENABLE_X25519 */
             break;
     #endif /* HAVE_CURVE25519 */
     #ifdef HAVE_ED448

src/ssl.c

@@ -31,6 +31,7 @@
 
 #include <wolfssl/internal.h>
 #include <wolfssl/error-ssl.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
 #include <wolfssl/wolfcrypt/coding.h>
 #include <wolfssl/wolfcrypt/kdf.h>
 #ifdef NO_INLINE
@@ -4693,6 +4694,10 @@ int wolfSSL_get_error(WOLFSSL* ssl, int ret)
         return WOLFSSL_ERROR_SYSCALL;           /* convert to OpenSSL type */
     else if (ssl->error == WC_NO_ERR_TRACE(SOCKET_PEER_CLOSED_E))
         return WOLFSSL_ERROR_SYSCALL;           /* convert to OpenSSL type */
+#endif
+#ifdef WOLFSSL_ASYNC_CRYPT
+    else if (ssl->error == WC_NO_ERR_TRACE(MP_WOULDBLOCK))
+        return WC_PENDING_E;                    /* map non-blocking crypto */
 #endif
     return ssl->error;
 }