Skip to content

Support for Curve25519 non-blocking cryptography (based on PR #5764)#9721

Open
dgarske wants to merge 2 commits intowolfSSL:masterfrom
dgarske:x25519_nb
Open

Support for Curve25519 non-blocking cryptography (based on PR #5764)#9721
dgarske wants to merge 2 commits intowolfSSL:masterfrom
dgarske:x25519_nb

Conversation

@dgarske
Copy link
Contributor

@dgarske dgarske commented Jan 29, 2026

Add X25519 Non-Blocking Support

Description

This PR adds non-blocking (yield) support for X25519 (Curve25519) key generation and shared secret operations, similar to the existing WC_ECC_NONBLOCK support for ECC operations.

Changes

New Features:

  • Added WC_X25519_NONBLOCK configuration macro to enable non-blocking X25519 operations
  • Added x25519_nb_ctx_t context structure to track non-blocking operation state
  • Added wc_curve25519_set_nonblock() API to configure non-blocking mode on a key
  • Added non-blocking implementations for:
    • wc_curve25519_make_key() - key generation
    • wc_curve25519_shared_secret() - ECDH shared secret computation

Files Modified:

  • src/internal.c - Added X25519 non-blocking context allocation/deallocation in TLS AllocKey/FreeKey
  • wolfcrypt/src/curve25519.c - Added non-blocking key generation and shared secret functions
  • wolfcrypt/src/fe_low_mem.c - Added curve25519_nb() and fe_inv__distinct_nb() non-blocking implementations
  • wolfcrypt/test/test.c - Added x25519_nonblock_test() and async wait calls for X25519 operations
  • wolfssl/wolfcrypt/curve25519.h - Added x25519_nb_ctx_t struct and wc_curve25519_set_nonblock() API
  • wolfssl/wolfcrypt/fe_operations.h - Added non-blocking function declarations

Requirements

  • Requires CURVE25519_SMALL (enabled via --enable-curve25519=small)
  • Build error will be generated if WC_X25519_NONBLOCK is used without CURVE25519_SMALL

Testing

Build command:

./configure CFLAGS="-g3 -O0" CPPFLAGS="-DWC_X25519_NONBLOCK" \
    --enable-curve25519=small --enable-asynccrypt --enable-asynccrypt-sw && make

Run tests:

./wolfcrypt/test/testwolfcrypt

Expected output should include:

CURVE25519 test passed!

Alternative build (with debugging output):

./configure CFLAGS="-g3 -O0" CPPFLAGS="-DWC_X25519_NONBLOCK" \
    --enable-curve25519=small --enable-asynccrypt --enable-asynccrypt-sw \
    --enable-debug && make

This will print iteration counts for non-blocking operations:

CURVE25519 non-block key gen: <N> times
CURVE25519 non-block shared secret: <N> times

API Usage Example

#include <wolfssl/wolfcrypt/curve25519.h>

curve25519_key key;
x25519_nb_ctx_t nbCtx;
int ret;

/* Initialize key */
wc_curve25519_init(&key);

/* Set non-blocking context */
wc_curve25519_set_nonblock(&key, &nbCtx);

/* Generate key with non-blocking loop */
do {
    ret = wc_curve25519_make_key(rng, 32, &key);
} while (ret == FP_WOULDBLOCK);

if (ret != 0) {
    /* Handle error */
}

/* Key is now ready for use */

@dgarske dgarske self-assigned this Jan 29, 2026
@dgarske dgarske marked this pull request as ready for review January 29, 2026 20:06
@dgarske dgarske force-pushed the x25519_nb branch 4 times, most recently from e8fc0a8 to 50dea8f Compare February 2, 2026 17:40
@night1rider
Copy link
Contributor

night1rider commented Feb 3, 2026

Jenkins retest this please - CI issue PRB-Master-Job

@dgarske
Copy link
Contributor Author

dgarske commented Feb 4, 2026

Jenkins retest this please

@dgarske
Add X25519 non-blocking support for key gen and shared secret
4d3925d 
## Summary
- Add non-blocking (incremental) Curve25519 key generation and shared secret via `WC_X25519_NONBLOCK`, modeled after the existing ECC non-blocking pattern (`WC_ECC_NONBLOCK`)
- Implement `curve25519_nb()` and `fe_inv__distinct_nb()` in `fe_low_mem.c` as state-machine variants that return `FP_WOULDBLOCK` to yield after each field multiply
- Add `wc_curve25519_set_nonblock()` API to attach/detach non-blocking context to a key
- Integrate X25519 non-blocking with TLS 1.2/1.3 key share generation and shared secret in `tls.c` and `internal.c` (behind `WC_X25519_NONBLOCK && WOLFSSL_ASYNC_CRYPT_SW`)
- Add `--enable-curve25519=nonblock` configure option (auto-enables `--enable-asynccrypt` and `--enable-asynccrypt-sw`)
- Add X25519 async software dispatch cases in `async.c` and types in `async.h`
- Fix async guard in `curve25519.c` to require `WOLFSSL_ASYNC_CRYPT_SW` (matching other algorithms)
- Overhaul `examples/async/` client/server: non-blocking I/O via `WOLFSSL_USER_IO`, standalone `Makefile`, X25519/ECC mode selection, CI-friendly ready-file sync
- Add `examples/configs/user_settings_curve25519nonblock.h` and CI coverage in `os-check.yml` and new `async-examples.yml` workflow
- Add wolfcrypt test and API test coverage for X25519 non-blocking
@dgarske
Tests for mutual authentication
e9b711e
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@dgarske dgarske

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@dgarske @night1rider @wolfSSL-Bot