Add STSAFE-A120 Support

[dgarske]

Add STSAFE-A120 Support via STSELib

Description

This PR adds support for the ST STSAFE-A120 secure element using the open-source STSELib SDK. The STSAFE-A120 is ST's latest secure element with enhanced cryptographic capabilities and is the successor to the STSAFE-A100/A110 series.

Changes

Files Modified:

• wolfcrypt/src/port/st/stsafe.c - Added STSAFE-A120/STSELib implementation
• wolfssl/wolfcrypt/port/st/stsafe.h - Added type abstractions and curve mappings
• wolfcrypt/src/wc_port.c - Updated STSAFE initialization
• wolfcrypt/src/port/st/README.md - Added documentation

Features

• True Random Number Generation (TRNG) - Hardware RNG for seeding wolfSSL's RNG
• ECC Key Generation - P-256 and P-384 key pair generation in secure element
• ECDSA Sign/Verify - Hardware-accelerated ECDSA operations
• ECDH Shared Secret - Elliptic curve Diffie-Hellman key exchange
• Device Certificate - Read X.509 certificates from secure storage
• Crypto Callbacks - Full integration with wolfSSL's crypto callback mechanism

Configuration

Enable with:

#define WOLFSSL_STSAFEA120Optional defines:
#define USE_STSAFE_RNG_SEED    /* Use STSAFE for RNG seeding */
#define WOLF_CRYPTO_CB         /* Enable crypto callbacks */
#define STSAFE_I2C_BUS 1       /* I2C bus number (default: 1) */

Dependencies

• STSELib - ST Secure Element Library (BSD-3-Clause)
  • Available from: https://github.com/STMicroelectronics/STSELib
  • Requires platform abstraction layer implementation

API Compatibility

The new implementation maintains API compatibility with the existing STSAFE-A100 code:

• stsafe_interface_init() - Initialize device
• wolfSSL_STSAFE_CryptoDevCb() - Crypto callback handler
• SSL_STSAFE_* callback functions for TLS integration

Testing

Tested on Raspberry Pi 5 with STSAFE-A120 connected via I2C:

• Echo command ✅
• Random number generation ✅
• ECC P-256 key generation ✅
• ECC P-384 key generation ✅
• ECDSA P-256 sign/verify ✅
• ECDSA P-384 sign/verify ✅
• Crypto callback integration ✅

Performance (Raspberry Pi 5)

Operation	Time
ECC P-256 KeyGen	~40 ms
ECDSA P-256 Sign	~51 ms
ECDSA P-256 Verify	~79 ms
RNG (256 bytes)	<1 ms

Notes

• The STSELib uses conditional compilation for ECC curves via stse_conf.h
• Curve ID values in stsafe.h depend on which curves are enabled in stse_conf.h
• Default configuration enables NIST P-256 and P-384

Related

• STSELib: https://github.com/STMicroelectronics/STSELib
• STSAFE-A120 Datasheet: https://www.st.com/en/secure-mcus/stsafe-a120.html
• Example / Tests: Example for ST-SAFE A120 wolfssl-examples#553

ZD 20780

[devin-ai-integration]

🛟 Devin Lifeguard found 3 likely issues in this PR

• check-all-return-codes snippet: Capture the return value of stsafe_interface_init() in wolfCrypt_Init and, if it is non-zero, propagate or handle the error (e.g., ret = stsafe_interface_init(); if (ret != 0) return ret;).
• no-memory-leaks snippet: After copying the shared secret, add XFREE(sharedSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER); (and similarly free other SDK-allocated buffers such as pubX/pubY, signature, readBuf, echo_resp) before the function returns.
• limit-stack-usage snippet: Replace large local buffers (e.g., sigRS, pubKeyX, pubKeyY in SSL_STSAFE_VerifyPeerCertCb) with heap allocations under the WOLFSSL_SMALL_STACK pattern, freeing them before return.

@dgarske
please take a look at the above issues which Devin flagged. Devin will not fix these issues automatically.

[dgarske]

Jenkins retest this please: "AgentOfflineException"

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

[dgarske]

Jenkins retest this please: "AgentOfflineException"

[Copilot]

Pull request overview

Copilot reviewed 6 out of 6 changed files in this pull request and generated 4 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

[Copilot]

Pull request overview

Copilot reviewed 6 out of 6 changed files in this pull request and generated 6 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[dgarske]

Jenkins retest this please. AgentOffline

[Copilot]

Pull request overview

Copilot reviewed 6 out of 6 changed files in this pull request and generated 1 comment.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[dgarske]

Jenkins retest this please

[Copilot]

Pull request overview

Copilot reviewed 6 out of 6 changed files in this pull request and generated 5 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull request overview

Copilot reviewed 6 out of 6 changed files in this pull request and generated 5 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The comment says there are “compile-time static assertions and runtime checks in stsafe_interface_init()” verifying STSELib enum values, but no such checks exist in stsafe.c. Either add the checks (preferred, since the numeric mappings are fragile) or update this comment to avoid misleading integrators.

Suggested change

	* NOTE: If other curves are enabled, these values change!
	*
	* Compile-time static assertions and runtime checks in stsafe_interface_init()
	* verify that these constants match the actual STSE_ECC_KT enum values. */
	* NOTE: If other curves are enabled, these values change and the
	* constants below MUST be updated to match the STSE_ECC_KT
	* enum values configured in STSELib.
	* These numeric mappings are fragile and mismatches can result in
	* incorrect curve selection at runtime. Integrators should verify
	* that their STSELib configuration matches these values. */

[Copilot]

stsafe_read_certificate treats certLen == 0 as success when stse_get_device_certificate_size returns STSE_OK (it sets rc = (int)ret, which is 0). This can lead to returning success with a 0-length certificate (or relying on XMALLOC(0) behavior). Treat certLen == 0 as an error and return a wolfCrypt error code.

Suggested change

	rc = (int)ret;
	if (ret != STSE_OK) {
	rc = (int)ret;
	}
	else {
	/* Zero-length certificate is treated as an error */
	rc = BAD_FUNC_ARG;
	}

[Copilot]

If the first 4 bytes don’t match an expected ASN.1 SEQUENCE/length encoding, *pCertLen remains 0 and rc stays STSAFE_A_OK. SSL_STSAFE_LoadDeviceCertificate will then treat this as success and return a 0-length certificate. Set an explicit error (e.g., ASN_PARSE_E) when the header/length can’t be parsed.

[Copilot]

In the ECDH crypto callback, when the private key’s devCtx indicates slot 1, the code generates a new key pair in the ephemeral slot and overwrites private_key->devCtx and the public key. This will break ECDH whenever the public key derived from the original key (slot 1) has already been shared with the peer (shared secret will be computed with a different private key). Don’t regenerate/overwrite the key during WC_PK_TYPE_ECDH; instead compute the shared secret using the existing slot from devCtx, or ensure keygen creates the correct type/slot of key up front.

[JacobBarthelmeh]

Looks like the macro list needs touched up:

[check-source-text] [2 of 7] [wolfssl]
    autogen.sh wolfssl...   real 0m12.528s  user 0m11.009s  sys 0m0.260s
    configure...   real 0m9.835s  user 0m8.108s  sys 0m1.841s
unrecognized macros used:
STSE_CONF_ECC_BRAINPOOL_P_256
STSE_CONF_ECC_BRAINPOOL_P_384
add well-formed but unknown macros to .wolfssl_known_macro_extras at top of source tree.