Skip to content

wolfCrypt SRAM PUF Support#10066

Open
dgarske wants to merge 1 commit intowolfSSL:masterfrom
dgarske:wc_puf
Open

wolfCrypt SRAM PUF Support#10066
dgarske wants to merge 1 commit intowolfSSL:masterfrom
dgarske:wc_puf

Conversation

@dgarske
Copy link
Copy Markdown
Contributor

@dgarske dgarske commented Mar 24, 2026

wolfCrypt SRAM PUF Support

Add SRAM PUF (Physically Unclonable Function) support to wolfCrypt. Derives device-unique cryptographic keys from the power-on state of SRAM memory using a BCH(127,64,t=10) fuzzy extractor with HKDF key derivation.

  • wolfCrypt PUF API (wolfcrypt/src/puf.c, wolfssl/wolfcrypt/puf.h)
    • wc_PufInit, wc_PufReadSram, wc_PufEnroll, wc_PufReconstruct
    • wc_PufDeriveKey (HKDF-SHA256), wc_PufGetIdentity (SHA-256 device fingerprint)
    • wc_PufZeroize (secure context cleanup)
    • wc_PufSetTestData (synthetic SRAM for testing without hardware)
  • BCH(127,64,t=10) error-correcting codec - corrects up to 10 bit flips per 127-bit codeword across 16 codewords
  • WC_PUF_SHA3 build option - select SHA3-256 instead of SHA-256 for identity hash and HKDF (default: SHA-256)
  • Precomputed GF(2^7) tables - const arrays in .rodata (no runtime init, thread-safe, flash-resident on embedded)
  • ./configure --enable-puf (auto-enables HKDF dependency)
  • CMake: WOLFSSL_PUF=yes
  • WOLFSSL_USER_SETTINGS: define WOLFSSL_PUF and WOLFSSL_PUF_SRAM
  • See wolfssl-examples/puf for example implementation on STM32 NUCLEO-H563ZI (Cortex-M33, STM32H563ZI)
  • Supports test mode (synthetic SRAM)
  • Builds to ~13KB .elf
  • Tested on NUCLEO-H563ZI: enrollment, noisy reconstruction, key derivation all pass
  • .github/workflows/puf.yml: host build + test workflow for PUF feature
  • Doxygen API docs for all 8 public functions
  • PUF group added to doxygen_groups.h

See example at: wolfSSL/wolfssl-examples#565

@dgarske dgarske self-assigned this Mar 24, 2026
@dgarske
Copy link
Copy Markdown
Contributor Author

dgarske commented Apr 5, 2026

Jenkins retest this please

@dgarske dgarske assigned wolfSSL-Bot and unassigned dgarske Apr 9, 2026
@dgarske dgarske requested review from SparkiDev and Copilot April 9, 2026 21:52
Copilot AI reviewed Apr 10, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Note

Copilot was unable to run its full agentic suite in this review.

Adds SRAM PUF support to wolfCrypt, including a BCH(127,64,t=10) fuzzy extractor and HKDF-based key derivation, plus build-system integration, docs, and CI coverage.

Changes:

  • Introduces new public PUF API (wc_Puf*) with context structure, enrollment/reconstruction, key derivation, identity, and zeroization.
  • Adds BCH codec + PUF implementation and wires it into Autotools/CMake builds and new error codes/strings.
  • Adds host-side test (synthetic SRAM mode), Doxygen grouping/docs, README blurb, and a GitHub Actions workflow.

Reviewed changes

Copilot reviewed 15 out of 15 changed files in this pull request and generated 4 comments.

Show a summary per file
File Description
wolfssl/wolfcrypt/puf.h New public header declaring the PUF API and constants/ctx layout.
wolfssl/wolfcrypt/include.am Installs puf.h as a public header.
wolfssl/wolfcrypt/error-crypt.h Adds PUF-specific error codes and updates span “last” markers.
wolfcrypt/src/error.c Adds human-readable strings for new PUF error codes.
wolfcrypt/test/test.c Adds puf_test() and invokes it from the main test runner when enabled.
wolfcrypt/src/puf.c Implements SRAM PUF, BCH codec, identity hash, and HKDF key derivation.
src/include.am Adds puf.c to lib sources when BUILD_PUF is enabled.
configure.ac Adds --enable-puf and --enable-puf-test, enables HKDF automatically, defines build conditional.
cmake/functions.cmake Adds PUF source inclusion when BUILD_PUF is set.
CMakeLists.txt Adds WOLFSSL_PUF/WOLFSSL_PUF_TEST options and enables HKDF when PUF is on.
.wolfssl_known_macro_extras Registers WC_PUF_SHA3 as a known macro.
doc/dox_comments/header_files/puf.h Adds Doxygen API docs for PUF functions.
doc/dox_comments/header_files/doxygen_groups.h Adds a Doxygen “PUF” group.
README.md Mentions --enable-puf and links to the example.
.github/workflows/puf.yml Adds CI job to configure/build/run wolfCrypt tests with PUF enabled.
Comments suppressed due to low confidence (2)

wolfcrypt/test/test.c:1

  • As written, puf_test() returns success without running any assertions unless WOLFSSL_PUF_TEST && HAVE_HKDF && !NO_SHA256 are all set. However, the main test runner prints “PUF test passed!” whenever WOLFSSL_PUF is enabled, which can mask missing coverage in common build configurations (e.g., --enable-puf without --enable-puf-test). Consider compiling/registering puf_test() only when the full test dependencies are present, or returning a distinct “skipped” result that the harness prints as skipped instead of passed.
    wolfcrypt/test/test.c:1
  • As written, puf_test() returns success without running any assertions unless WOLFSSL_PUF_TEST && HAVE_HKDF && !NO_SHA256 are all set. However, the main test runner prints “PUF test passed!” whenever WOLFSSL_PUF is enabled, which can mask missing coverage in common build configurations (e.g., --enable-puf without --enable-puf-test). Consider compiling/registering puf_test() only when the full test dependencies are present, or returning a distinct “skipped” result that the harness prints as skipped instead of passed.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@dgarske
wolfCrypt SRAM PUF Support
c3dcede 
Add SRAM PUF (Physically Unclonable Function) support to wolfCrypt. Derives device-unique cryptographic keys from the power-on state of SRAM memory using a BCH(127,64,t=10) fuzzy extractor with HKDF key derivation.

- **wolfCrypt PUF API** (`wolfcrypt/src/puf.c`, `wolfssl/wolfcrypt/puf.h`)
  - `wc_PufInit`, `wc_PufReadSram`, `wc_PufEnroll`, `wc_PufReconstruct`
  - `wc_PufDeriveKey` (HKDF-SHA256), `wc_PufGetIdentity` (SHA-256 device fingerprint)
  - `wc_PufZeroize` (secure context cleanup)
  - `wc_PufSetTestData` (synthetic SRAM for testing without hardware)
- **BCH(127,64,t=10) error-correcting codec** - corrects up to 10 bit flips per 127-bit codeword across 16 codewords
- **`WC_PUF_SHA3` build option** - select SHA3-256 instead of SHA-256 for identity hash and HKDF (default: SHA-256)
- **Precomputed GF(2^7) tables** - `const` arrays in `.rodata` (no runtime init, thread-safe, flash-resident on embedded)
- `./configure --enable-puf` (auto-enables HKDF dependency)
- CMake: `WOLFSSL_PUF=yes`
- `WOLFSSL_USER_SETTINGS`: define `WOLFSSL_PUF` and `WOLFSSL_PUF_SRAM`
- See wolfssl-examples/puf for example implementation on STM32 NUCLEO-H563ZI (Cortex-M33, STM32H563ZI)
- Supports test mode (synthetic SRAM)
- Builds to ~13KB `.elf`
- Tested on NUCLEO-H563ZI: enrollment, noisy reconstruction, key derivation all pass
- `.github/workflows/puf.yml`: host build + test workflow for PUF feature
- Doxygen API docs for all 8 public functions
- PUF group added to `doxygen_groups.h`
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@SparkiDev SparkiDev Awaiting requested review from SparkiDev

At least 1 approving review is required to merge this pull request.

Assignees

@wolfSSL-Bot wolfSSL-Bot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@dgarske @wolfSSL-Bot