Commit Graph

157 Commits

Author SHA1 Message Date
jordan 0fe21bbcd5 prepare for release 5.9.2 2026-06-24 12:01:51 -05:00
David Garske e05ce26fc9 wolfCrypt SRAM PUF Support
Add SRAM PUF (Physically Unclonable Function) support to wolfCrypt. Derives device-unique cryptographic keys from the power-on state of SRAM memory using a BCH(127,64,t=10) fuzzy extractor with HKDF key derivation.

- **wolfCrypt PUF API** (`wolfcrypt/src/puf.c`, `wolfssl/wolfcrypt/puf.h`)
  - `wc_PufInit`, `wc_PufReadSram`, `wc_PufEnroll`, `wc_PufReconstruct`
  - `wc_PufDeriveKey` (HKDF-SHA256), `wc_PufGetIdentity` (SHA-256 device fingerprint)
  - `wc_PufZeroize` (secure context cleanup)
  - `wc_PufSetTestData` (synthetic SRAM for testing without hardware)
- **BCH(127,64,t=10) error-correcting codec** - corrects up to 10 bit flips per 127-bit codeword across 16 codewords
- **`WC_PUF_SHA3` build option** - select SHA3-256 instead of SHA-256 for identity hash and HKDF (default: SHA-256)
- **Precomputed GF(2^7) tables** - `const` arrays in `.rodata` (no runtime init, thread-safe, flash-resident on embedded)
- `./configure --enable-puf` (auto-enables HKDF dependency)
- CMake: `WOLFSSL_PUF=yes`
- `WOLFSSL_USER_SETTINGS`: define `WOLFSSL_PUF` and `WOLFSSL_PUF_SRAM`
- See wolfssl-examples/puf for example implementation on STM32 NUCLEO-H563ZI (Cortex-M33, STM32H563ZI)
- Supports test mode (synthetic SRAM)
- Builds to ~13KB `.elf`
- Tested on NUCLEO-H563ZI: enrollment, noisy reconstruction, key derivation all pass
- `.github/workflows/puf.yml`: host build + test workflow for PUF feature
- Doxygen API docs for all 8 public functions
- PUF group added to `doxygen_groups.h`
2026-04-22 11:39:39 -07:00
David Garske 9ed79a2815 Merge pull request #10189 from michael-membrowse/master
ci: membrowse integration
2026-04-14 09:25:53 -07:00
Michael Rogov Papernov 18b2bb3dd9 ci: membrowse integration 2026-04-10 18:36:08 +01:00
JacobBarthelmeh 43f06851f1 update changelog notes 2026-04-09 20:45:59 -06:00
JacobBarthelmeh 719e98f717 prepare for release 5.9.1 2026-04-08 07:34:41 -06:00
JacobBarthelmeh 396d0719cd minor formatting fixes to changelog 2026-03-20 12:07:39 -06:00
JacobBarthelmeh a08fa98adc prepare for release 5.9.0 2026-03-18 16:18:12 -06:00
Sameeh Jubran 425dc1372d cryptocb: add AES CryptoCB key import support and tests
Add CryptoCB-based AES key import support to enable Secure Element
offload without exposing raw AES key material to wolfCrypt.

When WOLF_CRYPTO_CB_AES_SETKEY is defined, wolfCrypt invokes a CryptoCB
callback during AES key setup. Behavior is determined by the callback
return value:

- If callback returns 0: Key is imported to the device (aes->devCtx).
  Key is NOT copied to wolfCrypt RAM; GCM H/M tables are NOT generated.
  Full hardware offload is assumed.

- If callback returns CRYPTOCB_UNAVAILABLE: Device does not support
  SetKey. Normal software path is used; key is copied to devKey for
  optional encrypt/decrypt acceleration.

- Any other error: Propagated to the caller.

Key points:
- Add wc_CryptoCb_AesSetKey() callback for AES key import
- Update AES SetKey paths to call CryptoCB and branch on return value
- Skip GCM H/M table generation when callback succeeded (devCtx set)
- Preserve existing behavior when devId is INVALID_DEVID or
  WOLF_CRYPTO_CB_AES_SETKEY is not defined

Testing:
- Add unit test for CryptoCB AES SetKey (verifies key isolation when
  callback succeeds)
- Add end-to-end AES-GCM offload test (SetKey, Encrypt, Decrypt, Free
  via CryptoCB)
- Tests use a mock SE with software AES to validate routing

Enable with: CPPFLAGS="-DWOLF_CRYPTO_CB_AES_SETKEY -DWOLF_CRYPTO_CB_FREE"

Signed-off-by: Sameeh Jubran <sameeh@wolfssl.com>
2026-02-03 16:59:02 +02:00
Josh Holtrop ee708dc457 Update README and doxygen for BLAKE2b/BLAKE2s 2026-01-14 15:37:29 -05:00
JacobBarthelmeh 1d448ec3b4 public disclosure of CVE-2025-13912 2025-12-11 10:22:22 -07:00
JacobBarthelmeh ab98c150c6 prepare for release 5.8.4 2025-11-20 10:57:50 -07:00
Eric Blankenhorn f3428295f6 Clarify use of static ciphers in readme files (#9283)
embhorn : Clarify use of static ciphers in readme files
2025-10-13 11:38:11 -07:00
Eric Blankenhorn 6ab6634efc Fix markdown in docs 2025-08-25 09:28:08 -05:00
JacobBarthelmeh 3759c6f1a1 fix changelog formatting 2025-07-22 09:21:26 -06:00
JacobBarthelmeh c34e6ab8d9 prepare for release 5.8.2 2025-07-17 10:26:19 -06:00
JacobBarthelmeh e4cb69caef remove trailing space character in changelog 2025-04-24 12:20:23 -07:00
JacobBarthelmeh 9be6a81bab prepare for release 5.8.0 2025-04-24 10:41:40 -07:00
gojimmypi 4c7538e5ac Update README.md to reflect FIPS 140-3 validated Certificate #4718 2025-02-20 15:12:18 -08:00
JacobBarthelmeh 70e41d1ed1 prepare for release 5.7.6 2024-12-31 08:27:53 -07:00
JacobBarthelmeh 8c5e188dd4 remove trailing white space in README 2024-10-24 13:04:00 -06:00
JacobBarthelmeh 8604024b95 prepare for release 5.7.4 2024-10-24 11:32:33 -06:00
JacobBarthelmeh 4893017005 feature support will be listed in the next release notes 2024-09-25 15:54:59 -06:00
Joshua Okeleke 337456cc1e Add support for (DevkitPro)libnds 2024-09-18 21:27:53 +02:00
Daniel Pouzzner a3fb5029f8 clean up trailing whitespace and misplaced CRLFs, add missing final newlines, remove stray UTF8 nonprintables (BOMs) and ASCIIfy stray homoglyphs (spaces and apostrophes), guided by expanded coverage in wolfssl-multi-test check-source-text. 2024-09-05 14:52:18 -05:00
JacobBarthelmeh a26476b8b2 update changelog for kyber fix, thanks to Antoon Purnal 2024-07-11 09:01:11 -06:00
JacobBarthelmeh c8aa0fa351 remove * in changelog created from search and replace 2024-07-08 10:31:13 -06:00
JacobBarthelmeh 203f65a636 prepare for release 5.7.2 2024-07-08 09:47:46 -06:00
JacobBarthelmeh e80deece82 adjust ChangeLog text 2024-03-21 00:18:44 +07:00
JacobBarthelmeh e5914effab prepare for release 5.7.0 2024-03-20 19:32:22 +07:00
Eric Blankenhorn 26c5c6f93c Add directory layout to readme. 2024-02-27 12:07:28 -06:00
Chris Conlon 5046e577d3 update ChangeLog/README with 5.6.6 release information 2023-12-18 15:24:14 -07:00
Eric Blankenhorn 7223b5a708 Fix spelling warnings 2023-11-22 12:34:56 -06:00
JacobBarthelmeh 6cf75a7d42 prepare for release 5.6.4 2023-10-30 07:59:00 -06:00
JacobBarthelmeh 85fab2b4f7 remove packaging status badge 2023-10-26 15:15:36 -07:00
Juliusz Sosinowicz 9abc611550 Update dtls in readme 2023-10-05 13:32:58 +02:00
Juliusz Sosinowicz 6b28a68e42 Add DTLS 1.3 to README 2023-10-05 13:26:35 +02:00
Juliusz Sosinowicz c88fec1534 Remove unsupported distros from readme badge 2023-10-05 13:22:34 +02:00
John Safranek c322e1f7f8 update readme 2023-06-18 20:24:28 -07:00
John Safranek 42e934b251 Update read-me and change-log for the release. 2023-06-16 09:47:35 -07:00
JacobBarthelmeh 72536e0e10 prepare for 5.6.3 2023-06-13 14:47:06 -06:00
JacobBarthelmeh 032ac405db prepare for release 5.6.2 2023-06-09 05:51:18 -07:00
JacobBarthelmeh 877e026da4 prepare for release 5.6.0 2023-03-23 21:44:18 -07:00
Jacob Barthelmeh 50aeb2f79e add quality of release statement 2022-12-22 10:42:18 -07:00
Jacob Barthelmeh cca63a465d prepare for release 5.5.4 2022-12-20 14:19:59 -07:00
JacobBarthelmeh 9b895b74bf update for version 5.5.3 2022-11-02 13:58:37 -07:00
JacobBarthelmeh eb52083afd update version to 5.5.2 2022-10-28 06:25:33 -07:00
Jacob Barthelmeh e720d4ab3b update changelog notes 2022-10-06 14:31:25 -06:00
Jacob Barthelmeh eb5076bb89 update changelog for release 5.5.1 2022-09-27 13:40:00 -06:00
Jacob Barthelmeh d75ce08d75 update readme for release 5.5.0 2022-08-30 09:31:28 -06:00