Add SRAM PUF (Physically Unclonable Function) support to wolfCrypt. Derives device-unique cryptographic keys from the power-on state of SRAM memory using a BCH(127,64,t=10) fuzzy extractor with HKDF key derivation. - **wolfCrypt PUF API** (`wolfcrypt/src/puf.c`, `wolfssl/wolfcrypt/puf.h`) - `wc_PufInit`, `wc_PufReadSram`, `wc_PufEnroll`, `wc_PufReconstruct` - `wc_PufDeriveKey` (HKDF-SHA256), `wc_PufGetIdentity` (SHA-256 device fingerprint) - `wc_PufZeroize` (secure context cleanup) - `wc_PufSetTestData` (synthetic SRAM for testing without hardware) - **BCH(127,64,t=10) error-correcting codec** - corrects up to 10 bit flips per 127-bit codeword across 16 codewords - **`WC_PUF_SHA3` build option** - select SHA3-256 instead of SHA-256 for identity hash and HKDF (default: SHA-256) - **Precomputed GF(2^7) tables** - `const` arrays in `.rodata` (no runtime init, thread-safe, flash-resident on embedded) - `./configure --enable-puf` (auto-enables HKDF dependency) - CMake: `WOLFSSL_PUF=yes` - `WOLFSSL_USER_SETTINGS`: define `WOLFSSL_PUF` and `WOLFSSL_PUF_SRAM` - See wolfssl-examples/puf for example implementation on STM32 NUCLEO-H563ZI (Cortex-M33, STM32H563ZI) - Supports test mode (synthetic SRAM) - Builds to ~13KB `.elf` - Tested on NUCLEO-H563ZI: enrollment, noisy reconstruction, key derivation all pass - `.github/workflows/puf.yml`: host build + test workflow for PUF feature - Doxygen API docs for all 8 public functions - PUF group added to `doxygen_groups.h`
wolfSSL CMake
This directory contains some supplementary functions for the CMakeLists.txt in the root.
See also cmake notes in the INSTALL documentation file. When building with autoconf/automake, CMake package files are installed by default under $(libdir)/cmake/wolfssl to support find_package(wolfssl). Disable with ./configure --disable-cmake-install.
If new CMake build options are added cmake/options.h.in must also be updated.
For more information on building wolfSSL, see the wolfSSL Manual.
In summary for cmake:
# From the root of the wolfSSL repo:
mkdir -p out
pushd out
cmake ..
cmake --build .
# View the available ciphers with:
./examples/client/client -e
popd
CMake Presets
The CMakePresets.json; see [cmake-presets(https://cmake.org/cmake/help/latest/manual/cmake-presets.7.html)
-
Cross-platform and cross-IDE.
-
Standardized CMake feature (since CMake 3.19+, recommended after 3.21).
-
Works in Visual Studio, VS Code, CLI, CI systems, etc..
Visual Studio Settings
There's also a Visual Studio specific file: CMakeSettings.json. This the file that supports the GUI CMake settings.
See the Microsoft CMakeSettings.json schema reference
Visual Studio (2022 v17.1 and later):
-
Prefers
CMakePresets.jsonif it exists. -
Falls back to
CMakeSettings.jsonif no presets are found. -
Lets you override or extend presets via
CMakeSettings.json.
Recommendations:
-
Use
CMakePresets.jsonto define shared, cross-platform presets. -
Use
CMakeSettings.jsonto define Visual Studio-specific overrides, like:- Custom output directories
- Specific environment variables
- *UI-related tweaks