tests/swdev: add RSA support to wc_swdev

rizlik · rizlik · commit 91183185326c · 2026-04-29T19:10:20.000+02:00
Extend the swdev callback to handle RSA operations: public/private encrypt
and decrypt, plus key generation.
diff --git a/tests/swdev/swdev.c b/tests/swdev/swdev.c
@@ -7,6 +7,9 @@
 #include <wolfssl/wolfcrypt/error-crypt.h>
 #include <wolfssl/wolfcrypt/wc_port.h>
 
+#ifndef NO_RSA
+#include <wolfssl/wolfcrypt/rsa.h>
+#endif
 #ifdef HAVE_ECC
 #include <wolfssl/wolfcrypt/ecc.h>
 #endif
@@ -24,6 +27,31 @@ static int swdev_ensure_init(void)
     return 0;
 }
 
+#ifndef NO_RSA
+static int swdev_rsa(wc_CryptoInfo* info)
+{
+    switch (info->pk.rsa.type) {
+    case RSA_PUBLIC_ENCRYPT:
+    case RSA_PUBLIC_DECRYPT:
+    case RSA_PRIVATE_ENCRYPT:
+    case RSA_PRIVATE_DECRYPT:
+        return wc_RsaFunction(info->pk.rsa.in, info->pk.rsa.inLen,
+            info->pk.rsa.out, info->pk.rsa.outLen, info->pk.rsa.type,
+            info->pk.rsa.key, info->pk.rsa.rng);
+    default:
+        return CRYPTOCB_UNAVAILABLE;
+    }
+}
+
+#ifdef WOLFSSL_KEY_GEN
+static int swdev_rsa_keygen(wc_CryptoInfo* info)
+{
+    return wc_MakeRsaKey(info->pk.rsakg.key, info->pk.rsakg.size,
+        info->pk.rsakg.e, info->pk.rsakg.rng);
+}
+#endif
+#endif /* !NO_RSA */
+
 #ifdef HAVE_ECC
 static int swdev_ecc_keygen(wc_CryptoInfo* info)
 {
@@ -108,9 +136,18 @@ WC_SWDEV_EXPORT int wc_SwDev_Callback(int devId, wc_CryptoInfo* info,
         return ret;
 
     switch (info->algo_type) {
-#ifdef HAVE_ECC
+#if !defined(NO_RSA) || defined(HAVE_ECC)
     case WC_ALGO_TYPE_PK:
         switch (info->pk.type) {
+    #ifndef NO_RSA
+        case WC_PK_TYPE_RSA:
+            return swdev_rsa(info);
+        #ifdef WOLFSSL_KEY_GEN
+        case WC_PK_TYPE_RSA_KEYGEN:
+            return swdev_rsa_keygen(info);
+        #endif
+    #endif /* !NO_RSA */
+    #ifdef HAVE_ECC
         case WC_PK_TYPE_EC_KEYGEN:
             return swdev_ecc_keygen(info);
         case WC_PK_TYPE_ECDH:
@@ -123,10 +160,11 @@ WC_SWDEV_EXPORT int wc_SwDev_Callback(int devId, wc_CryptoInfo* info,
             return swdev_ecc_get_size(info);
         case WC_PK_TYPE_EC_GET_SIG_SIZE:
             return swdev_ecc_get_sig_size(info);
+    #endif /* HAVE_ECC */
         default:
             return CRYPTOCB_UNAVAILABLE;
         }
-#endif /* HAVE_ECC */
+#endif
     default:
         return CRYPTOCB_UNAVAILABLE;
     }
diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
@@ -24118,7 +24118,7 @@ static wc_test_ret_t rsa_sig_test(RsaKey* key, word32 keyLen, int modLen, WC_RNG
     if (ret != WC_NO_ERR_TRACE(SIG_TYPE_E))
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_sig);
 #endif
-#if defined(WOLF_CRYPTO_CB_ONLY_RSA)
+#if defined(WOLF_CRYPTO_CB_ONLY_RSA) && !defined(WOLFSSL_SWDEV)
     ret = 0;
     goto exit_rsa_sig;
 #endif
@@ -24601,7 +24601,7 @@ static wc_test_ret_t rsa_decode_test(RsaKey* keyPub)
     !defined(WC_NO_RNG)
 /* Need to create known good signatures to test with this. */
 #if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \
-!defined(WOLF_CRYPTO_CB_ONLY_RSA)
+(!defined(WOLF_CRYPTO_CB_ONLY_RSA) || defined(WOLFSSL_SWDEV))
 static wc_test_ret_t rsa_pss_test(WC_RNG* rng, RsaKey* key)
 {
     byte             digest[WC_MAX_DIGEST_SIZE];
@@ -25983,7 +25983,7 @@ static wc_test_ret_t rsa_keygen_test(WC_RNG* rng)
     int    keySz = 2048;
 #endif
 
-#ifdef WOLF_CRYPTO_CB_ONLY_RSA
+#if defined(WOLF_CRYPTO_CB_ONLY_RSA) && !defined(WOLFSSL_SWDEV)
     if (devId == INVALID_DEVID) {
         /* must call keygen with devId */
         return 0;
@@ -26086,7 +26086,7 @@ static wc_test_ret_t rsa_keygen_test(WC_RNG* rng)
 #if !defined(WC_NO_RSA_OAEP) && !defined(WC_NO_RNG) && \
     (!defined(HAVE_FIPS) || \
       (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) \
-      && !defined(WOLF_CRYPTO_CB_ONLY_RSA)
+      && (!defined(WOLF_CRYPTO_CB_ONLY_RSA) || defined(WOLFSSL_SWDEV))
 static wc_test_ret_t rsa_oaep_padding_test(RsaKey* key, WC_RNG* rng)
 {
     wc_test_ret_t ret = 0;
@@ -26623,7 +26623,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void)
 #endif
 
 #if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \
-    !defined(WC_NO_RNG) && !defined(WOLF_CRYPTO_CB_ONLY_RSA)
+    !defined(WC_NO_RNG) && (!defined(WOLF_CRYPTO_CB_ONLY_RSA) || defined(WOLFSSL_SWDEV))
     /* Reload the key so the public-encrypt below is the first operation
      * against it. Exercises backends that distinguish public-only material
      * from full-keypair bindings: a public-encrypt on a freshly-loaded key
@@ -26751,7 +26751,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void)
 
 #if !defined(WC_NO_RNG) && !defined(WC_NO_RSA_OAEP) && \
     !defined(WOLFSSL_RSA_VERIFY_ONLY) && defined(WOLFSSL_PUBLIC_MP) && \
-    !defined(WOLF_CRYPTO_CB_ONLY_RSA)
+    (!defined(WOLF_CRYPTO_CB_ONLY_RSA) || defined(WOLFSSL_SWDEV))
     idx = (word32)ret;
     XMEMSET(plain, 0, plainSz);
     do {
@@ -26798,7 +26798,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void)
     #if !defined(WC_NO_RSA_OAEP) && !defined(WC_NO_RNG)
     #if (!defined(HAVE_FIPS) || \
          (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) \
-         && !defined(WOLF_CRYPTO_CB_ONLY_RSA)
+         && (!defined(WOLF_CRYPTO_CB_ONLY_RSA) || defined(WOLFSSL_SWDEV))
     ret = rsa_oaep_padding_test(key, &rng);
     if (ret != 0)
         goto exit_rsa;
@@ -27064,7 +27064,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void)
     !defined(WC_NO_RNG)
 /* Need to create known good signatures to test with this. */
 #if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \
-    !defined(WOLF_CRYPTO_CB_ONLY_RSA)
+    (!defined(WOLF_CRYPTO_CB_ONLY_RSA) || defined(WOLFSSL_SWDEV))
     ret = rsa_pss_test(&rng, key);
     if (ret != 0)
         goto exit_rsa;
