address pr comments after code update

twcook86 · twcook86 · commit f4987d00da85 · 2026-06-15T11:22:53.000-04:00
diff --git a/wolfcrypt/src/hwpuf.c b/wolfcrypt/src/hwpuf.c
@@ -38,14 +38,15 @@
     #include <wolfssl/wolfcrypt/port/nxp/hwpuf_port.h>
 #endif
 
+static int hwpuf_registered = 0;
 
 WOLFSSL_API int wc_HWPUF_Register(wc_HWPUF* hwpuf, void* heap, int devId)
 {
     int ret = CRYPTOCB_UNAVAILABLE;
 
     if (hwpuf == NULL)
         return BAD_FUNC_ARG;
-    if (hwpuf->registered)
+    if (hwpuf_registered)
         return HWPUF_REGISTER_E;
 
     ForceZero(hwpuf, sizeof(wc_HWPUF));
@@ -55,12 +56,14 @@ WOLFSSL_API int wc_HWPUF_Register(wc_HWPUF* hwpuf, void* heap, int devId)
 #ifdef WOLFSSL_NXP_HWPUF
     ret = nxp_hwpuf_RegisterDevice(hwpuf);
 #endif
-
-    if (ret == 0)
-        hwpuf->registered = 1;
-    else
+    if (ret != 0) {
+        if (ret != CRYPTOCB_UNAVAILABLE) {
+            ret = HWPUF_REGISTER_E;
+        }
         ForceZero(hwpuf, sizeof(wc_HWPUF));
-
+        return ret;
+    }
+    hwpuf_registered = 1;
     return ret;
 }
 
@@ -70,15 +73,15 @@ WOLFSSL_API int wc_HWPUF_Unregister(wc_HWPUF* hwpuf)
 
     if (hwpuf == NULL)
         return BAD_FUNC_ARG;
-    if (!hwpuf->registered)
+    if (!hwpuf_registered)
         return 0;
 
 #ifdef WOLFSSL_NXP_HWPUF
     ret = nxp_hwpuf_UnregisterDevice(hwpuf);
 #endif
 
     ForceZero(hwpuf, sizeof(wc_HWPUF));
-
+    hwpuf_registered = 0;
     return ret;
 }
 
@@ -88,7 +91,7 @@ WOLFSSL_API int wc_HWPUF_Init(wc_HWPUF* hwpuf)
 
     if (hwpuf == NULL)
         return BAD_FUNC_ARG;
-    if (!hwpuf->registered)
+    if (!hwpuf_registered)
         return HWPUF_REGISTER_E;
     if ((hwpuf->flags & WC_HWPUF_FLAG_INITED) != 0)
         return 0;
@@ -106,7 +109,7 @@ WOLFSSL_API int wc_HWPUF_Deinit(wc_HWPUF* hwpuf)
 
     if (hwpuf == NULL)
         return BAD_FUNC_ARG;
-    if (!hwpuf->registered)
+    if (!hwpuf_registered)
         return HWPUF_REGISTER_E;
 
     ret = wc_CryptoCb_HwpufDeinit(hwpuf);
diff --git a/wolfcrypt/src/port/nxp/hwpuf_port.c b/wolfcrypt/src/port/nxp/hwpuf_port.c
@@ -43,6 +43,12 @@
     #include <wolfcrypt/src/misc.c>
 #endif
 
+typedef enum nxp_hwpuf_keytype {
+    nxp_hwpuf_keytype_user = 0,
+    nxp_hwpuf_keytype_intrinsic = 1,
+    nxp_hwpuf_keytype_max = nxp_hwpuf_keytype_intrinsic
+} nxp_hwpuf_keytype;
+
 typedef struct nxp_hwpuf_ctx {
     word32 keyMask; /* unique per reset */
 } nxp_hwpuf_ctx;
@@ -51,18 +57,8 @@ static nxp_hwpuf_ctx ctx;
 static puf_config_t conf;
 
 
-static int getACFromPFR(byte *ac)
-{
-    int ret;
-    flash_config_t flashInstance;
-
-    memset(&flashInstance, 0, sizeof(flash_config_t));
-    FLASH_Init(&flashInstance);
-    FFR_Init(&flashInstance);
-
-    ret = FFR_KeystoreGetAC(&flashInstance, ac);
-    return ret != kStatus_Success;
-}
+#define NXP_HWPUF_USER_KEY 0
+#define NXP_HWPUF_INTRINSIC_KEY 0
 
 static int keyCodeCheck(byte* keyCode, word32* keytype,
                         word32* keyidx, word32* keysize)
@@ -71,16 +67,18 @@ static int keyCodeCheck(byte* keyCode, word32* keytype,
     *keyidx = keyCode[1];
     *keysize = keyCode[3] == 0 ? 512 : 8 * keyCode[3] ;
 
-    if (*keytype >= 2)
+    if (*keytype > nxp_hwpuf_keytype_max)
         return 1;
-    if (*keyidx >= 16)
+    if (*keyidx > kPUF_KeyIndexMax)
         return 2;
     if ( !HWPUF_KEY_SIZE_IS_VALID(*keysize) )
         return 3;
 
     return 0;
 }
 
+static int nxp_rng_initialized = 0;
+
 static int nxp_hwpuf_Init(wc_HWPUF* hwpuf)
 {
     WOLFSSL_ENTER("nxp_hwpuf_Init");
@@ -93,6 +91,10 @@ static int nxp_hwpuf_Init(wc_HWPUF* hwpuf)
         PUF_Deinit(PUF, &conf);
         return HWPUF_INIT_E;
     }
+    if (!nxp_rng_initialized) {
+        RNG_Init(RNG);
+        nxp_rng_initialized = 1;
+    }
     ctx.keyMask = RNG->RANDOM_NUMBER;
     return 0;
 }
@@ -191,6 +193,12 @@ static int nxp_hwpuf_SetKey(wc_HWPUF* hwpuf, byte keyIdx,
     if (hwpuf == NULL)
         return BAD_FUNC_ARG;
 
+    (void)keyIdx;
+    (void)key;
+    (void)keySz;
+    (void)keyCode;
+    (void)keyCodeSz;
+
     return CRYPTOCB_UNAVAILABLE;
 }
 
@@ -255,12 +263,14 @@ static int nxp_hwpuf_Zeroize(wc_HWPUF* hwpuf)
     return 0;
 }
 
-static int nxp_hwpuf_CryptoDevCb(int devId, wc_CryptoInfo* info, void* ctx)
+static int nxp_hwpuf_CryptoDevCb(int devId, wc_CryptoInfo* info, void* devCtx)
 {
     int ret = CRYPTOCB_UNAVAILABLE;
 
     WOLFSSL_ENTER("nxp_hwpuf_CryptoDevCb");
 
+    (void)devCtx;
+
     if (info == NULL)
         return BAD_FUNC_ARG;
     if (devId == INVALID_DEVID)
diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
@@ -23431,7 +23431,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hwpuf_test(void)
     if (XMEMCMP(key32_1, key32_2, 32) != 0)
         return WC_TEST_RET_ENC_NC;
 
-    /* ---- Test 7: generate a key and send directly to hw bus ---- */
+    /* ---- Test 6: generate a key and send directly to hw bus ---- */
     ret = wc_HWPUF_GenerateKey(&hwpuf, 0, 32, keyCode32, sizeof(keyCode32));
     if (ret != 0)
         return WC_TEST_RET_ENC_EC(ret);
@@ -23440,13 +23440,19 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hwpuf_test(void)
     if (ret != 0)
         return WC_TEST_RET_ENC_EC(ret);
     { /* key1 should be zeroed */
-        int idx;
+        word32 idx;
         for (idx = 0; idx < sizeof(key32_2); ++idx) {
             if (key32_2[idx])
                 return WC_TEST_RET_ENC_NC;
         }
     }
 
+    /* ---- Test 7: set key fails for now ---- */
+    if (wc_HWPUF_SetKey(&hwpuf, 7, key32_2, sizeof(key32_2),
+                        keyCode32, sizeof(keyCode32))
+            != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+        return WC_TEST_RET_ENC_NC;
+
     /* ---- Test 8: Bad argument checks ---- */
     /* null hwpuf */
     if (wc_HWPUF_Init(NULL) != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
@@ -23492,6 +23498,11 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hwpuf_test(void)
             != WC_NO_ERR_TRACE(HWPUF_START_E))
         return WC_TEST_RET_ENC_NC;
 
+    /* ---- Test 10: double register fails ---- */
+    if (wc_HWPUF_Register(&hwpuf, NULL, INVALID_DEVID)
+            != WC_NO_ERR_TRACE(HWPUF_REGISTER_E))
+        return WC_TEST_RET_ENC_NC;
+
     /* ---- clean up ---- */
     (void)wc_HWPUF_Deinit(&hwpuf);
     ret = wc_HWPUF_Unregister(&hwpuf);
diff --git a/wolfssl/wolfcrypt/cryptocb.h b/wolfssl/wolfcrypt/cryptocb.h
@@ -580,7 +580,7 @@ typedef struct wc_CryptoInfo {
 #endif
 #ifdef WOLFSSL_HWPUF
     struct {
-        void*       hwpuf;      /* wc_HWPUF* context */
+        wc_HWPUF*   hwpuf;      /* wc_HWPUF* context */
         int         type;       /* enum wc_HwpufType - discriminator */
         const void* ctx;        /* read-only caller context */
         union {
diff --git a/wolfssl/wolfcrypt/error-crypt.h b/wolfssl/wolfcrypt/error-crypt.h
@@ -330,16 +330,15 @@ enum wolfCrypt_ErrorCodes {
 
     HWPUF_REGISTER_E    = -1019, /* HWPUF registration failed */
     HWPUF_INIT_E        = -1020, /* HWPUF initialization failed */
-    HWPUF_DEINIT_E      = -1021, /* HWPUF deinitialization failed */
-    HWPUF_ENROLL_E      = -1022, /* HWPUF enrollment failed */
-    HWPUF_START_E       = -1023, /* HWPUF start failed */
-    HWPUF_GENERATE_KEY_E= -1024, /* HWPUF generate key failed */
-    HWPUF_SET_KEY_E     = -1025, /* HWPUF set key failed */
-    HWPUF_GET_KEY_E     = -1026, /* HWPUF get key failed */
-    HWPUF_ZEROIZE_E     = -1027, /* HWPUF zeroize failed */
-
-    WC_SPAN2_LAST_E     = -1027, /* Update to indicate last used error code */
-    WC_LAST_E           = -1027, /* the last code used either here or in
+    HWPUF_ENROLL_E      = -1021, /* HWPUF enrollment failed */
+    HWPUF_START_E       = -1022, /* HWPUF start failed */
+    HWPUF_GENERATE_KEY_E= -1023, /* HWPUF generate key failed */
+    HWPUF_SET_KEY_E     = -1024, /* HWPUF set key failed */
+    HWPUF_GET_KEY_E     = -1025, /* HWPUF get key failed */
+    HWPUF_ZEROIZE_E     = -1026, /* HWPUF zeroize failed */
+
+    WC_SPAN2_LAST_E     = -1026, /* Update to indicate last used error code */
+    WC_LAST_E           = -1026, /* the last code used either here or in
                                   * error-ssl.h */
 
     WC_SPAN2_MIN_CODE_E = -1999, /* Last usable code in span 2 */
diff --git a/wolfssl/wolfcrypt/hwpuf.h b/wolfssl/wolfcrypt/hwpuf.h
@@ -65,7 +65,6 @@ enum wc_HwpufType {
 };
 
 typedef struct wc_HWPUF {
-    int registered;
     word32 flags;
     int devId;
     void* heap;
diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h
@@ -2204,9 +2204,12 @@
     #define WOLFSSL_NXP_CASPER_RSA_PUB_EXPTMOD
     #define NO_WOLFSSL_SHA256_INTERLEAVE
 #endif
-#if defined(WOLFSSL_NXP_HWPUF) && !defined(WOLF_CRYPTO_CB)
+
+#if defined(WOLFSSL_HWPUF) && defined(WOLFSSL_NXP_HWPUF)
+#ifndef WOLF_CRYPTO_CB
     #define WOLF_CRYPTO_CB
 #endif
+#endif
 
 #ifdef FREESCALE_LTC_TFM_RSA_4096_ENABLE
     #undef  USE_CERT_BUFFERS_4096
