Files
wolfssl/cmake
David Garske e05ce26fc9 wolfCrypt SRAM PUF Support
Add SRAM PUF (Physically Unclonable Function) support to wolfCrypt. Derives device-unique cryptographic keys from the power-on state of SRAM memory using a BCH(127,64,t=10) fuzzy extractor with HKDF key derivation.

- **wolfCrypt PUF API** (`wolfcrypt/src/puf.c`, `wolfssl/wolfcrypt/puf.h`)
  - `wc_PufInit`, `wc_PufReadSram`, `wc_PufEnroll`, `wc_PufReconstruct`
  - `wc_PufDeriveKey` (HKDF-SHA256), `wc_PufGetIdentity` (SHA-256 device fingerprint)
  - `wc_PufZeroize` (secure context cleanup)
  - `wc_PufSetTestData` (synthetic SRAM for testing without hardware)
- **BCH(127,64,t=10) error-correcting codec** - corrects up to 10 bit flips per 127-bit codeword across 16 codewords
- **`WC_PUF_SHA3` build option** - select SHA3-256 instead of SHA-256 for identity hash and HKDF (default: SHA-256)
- **Precomputed GF(2^7) tables** - `const` arrays in `.rodata` (no runtime init, thread-safe, flash-resident on embedded)
- `./configure --enable-puf` (auto-enables HKDF dependency)
- CMake: `WOLFSSL_PUF=yes`
- `WOLFSSL_USER_SETTINGS`: define `WOLFSSL_PUF` and `WOLFSSL_PUF_SRAM`
- See wolfssl-examples/puf for example implementation on STM32 NUCLEO-H563ZI (Cortex-M33, STM32H563ZI)
- Supports test mode (synthetic SRAM)
- Builds to ~13KB `.elf`
- Tested on NUCLEO-H563ZI: enrollment, noisy reconstruction, key derivation all pass
- `.github/workflows/puf.yml`: host build + test workflow for PUF feature
- Doxygen API docs for all 8 public functions
- PUF group added to `doxygen_groups.h`
2026-04-22 11:39:39 -07:00
..
2026-02-02 10:26:58 +01:00
2023-09-19 10:57:02 -07:00
2026-02-02 10:26:58 +01:00
2026-04-22 11:39:39 -07:00
2026-02-02 10:26:58 +01:00
2026-02-02 10:26:58 +01:00

wolfSSL CMake

This directory contains some supplementary functions for the CMakeLists.txt in the root.

See also cmake notes in the INSTALL documentation file. When building with autoconf/automake, CMake package files are installed by default under $(libdir)/cmake/wolfssl to support find_package(wolfssl). Disable with ./configure --disable-cmake-install.

If new CMake build options are added cmake/options.h.in must also be updated.

For more information on building wolfSSL, see the wolfSSL Manual.

In summary for cmake:

# From the root of the wolfSSL repo:

mkdir -p out
pushd out
cmake ..
cmake --build .

# View the available ciphers with:
./examples/client/client -e
popd

CMake Presets

The CMakePresets.json; see [cmake-presets(https://cmake.org/cmake/help/latest/manual/cmake-presets.7.html)

  • Cross-platform and cross-IDE.

  • Standardized CMake feature (since CMake 3.19+, recommended after 3.21).

  • Works in Visual Studio, VS Code, CLI, CI systems, etc..

Visual Studio Settings

There's also a Visual Studio specific file: CMakeSettings.json. This the file that supports the GUI CMake settings.

See the Microsoft CMakeSettings.json schema reference

Visual Studio (2022 v17.1 and later):

  • Prefers CMakePresets.json if it exists.

  • Falls back to CMakeSettings.json if no presets are found.

  • Lets you override or extend presets via CMakeSettings.json.

Recommendations:

  • Use CMakePresets.json to define shared, cross-platform presets.

  • Use CMakeSettings.json to define Visual Studio-specific overrides, like:

    • Custom output directories
    • Specific environment variables
    • *UI-related tweaks