Review feedback:

- Reserve removed error codes (wh_error.h): WH_ERROR_RESERVED{1,2}
- Reserve removed message group (wh_message.h): WH_MESSAGE_GROUP_RESERVED
- Rename CMAC → CmacAes (wh_message_crypto.h, all consumers): All structs and translation functions renamed to indicate AES-specific
- Remove `type` field from request structs and translation; use WC_CMAC_AES literal on server
- Remove switch(req.type) in server handlers; guard with #if defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_DIRECT) instead
- Extract _CmacResolveKey() static helper for shared key resolution (inline key or keystore + usage policy + size validation)
- Extract wh_Crypto_CmacAesSaveStateToMsg() / RestoreStateFromMsg() to deduplicate state pack/unpack across client + server + DMA
- BAD_FUNC_ARG → WH_ERROR_BADARGS for bufferSz validation (now inside RestoreStateFromMsg)
- Don't read req.* after response may overlap — use WC_CMAC_AES literal instead of req.type
- #define/#undef → enum for CMAC_MLEN_* test constants

Author: bigbrett

src/wh_client_crypto.c

@@ -3587,12 +3587,12 @@ int wh_Client_Cmac(whClientContext* ctx, Cmac* cmac, CmacType type,
                    const uint8_t* key, uint32_t keyLen, const uint8_t* in,
                    uint32_t inLen, uint8_t* outMac, uint32_t* outMacLen)
 {
-    int                           ret     = WH_ERROR_OK;
-    uint16_t                      group   = WH_MESSAGE_GROUP_CRYPTO;
-    uint16_t                      action  = WC_ALGO_TYPE_CMAC;
-    whMessageCrypto_CmacRequest*  req     = NULL;
-    whMessageCrypto_CmacResponse* res     = NULL;
-    uint8_t*                      dataPtr = NULL;
+    int                              ret     = WH_ERROR_OK;
+    uint16_t                         group   = WH_MESSAGE_GROUP_CRYPTO;
+    uint16_t                         action  = WC_ALGO_TYPE_CMAC;
+    whMessageCrypto_CmacAesRequest*  req     = NULL;
+    whMessageCrypto_CmacAesResponse* res     = NULL;
+    uint8_t*                         dataPtr = NULL;
 
     if (ctx == NULL || cmac == NULL) {
         return WH_ERROR_BADARGS;
@@ -3630,8 +3630,8 @@ int wh_Client_Cmac(whClientContext* ctx, Cmac* cmac, CmacType type,
     }
 
     /* Setup generic header and get pointer to request data */
-    req = (whMessageCrypto_CmacRequest*)_createCryptoRequest(dataPtr,
-                                                             WC_ALGO_TYPE_CMAC);
+    req = (whMessageCrypto_CmacAesRequest*)_createCryptoRequest(
+        dataPtr, WC_ALGO_TYPE_CMAC);
 
     uint8_t* req_in  = (uint8_t*)(req + 1);
     uint8_t* req_key = req_in + inLen;
@@ -3645,19 +3645,13 @@ int wh_Client_Cmac(whClientContext* ctx, Cmac* cmac, CmacType type,
     uint16_t req_len = hdr_sz + inLen + keyLen;
 
     /* Setup request packet */
-    req->type  = type;
     req->inSz  = inLen;
     req->keyId = key_id;
     req->keySz = keyLen;
     req->outSz = mac_len;
 
     /* Pack non-sensitive CMAC state into request */
-    memcpy(req->resumeState.buffer, cmac->buffer,
-           sizeof(req->resumeState.buffer));
-    memcpy(req->resumeState.digest, cmac->digest,
-           sizeof(req->resumeState.digest));
-    req->resumeState.bufferSz = cmac->bufferSz;
-    req->resumeState.totalSz  = cmac->totalSz;
+    wh_Crypto_CmacAesSaveStateToMsg(&req->resumeState, cmac);
 
     /* copy input data to request, if relevant */
     if ((in != NULL) && (inLen > 0)) {
@@ -3693,15 +3687,11 @@ int wh_Client_Cmac(whClientContext* ctx, Cmac* cmac, CmacType type,
              * scenarios */
             if (ret >= 0) {
                 /* Restore non-sensitive state from server response */
-                memcpy(cmac->buffer, res->resumeState.buffer,
-                       sizeof(cmac->buffer));
-                memcpy(cmac->digest, res->resumeState.digest,
-                       sizeof(cmac->digest));
-                cmac->bufferSz = res->resumeState.bufferSz;
-                cmac->totalSz  = res->resumeState.totalSz;
+                ret = wh_Crypto_CmacAesRestoreStateFromMsg(cmac,
+                                                           &res->resumeState);
 
                 /* Copy out finalized CMAC if present */
-                if (outMac != NULL && outMacLen != NULL) {
+                if (ret == 0 && outMac != NULL && outMacLen != NULL) {
                     if (res->outSz < *outMacLen) {
                         *outMacLen = res->outSz;
                     }
@@ -3722,11 +3712,11 @@ int wh_Client_CmacDma(whClientContext* ctx, Cmac* cmac, CmacType type,
                       const uint8_t* key, uint32_t keyLen, const uint8_t* in,
                       uint32_t inLen, uint8_t* outMac, uint32_t* outMacLen)
 {
-    int                              ret     = WH_ERROR_OK;
-    whMessageCrypto_CmacDmaRequest*  req     = NULL;
-    whMessageCrypto_CmacDmaResponse* res     = NULL;
-    uint8_t*                         dataPtr = NULL;
-    uintptr_t                        inAddr  = 0;
+    int                                 ret     = WH_ERROR_OK;
+    whMessageCrypto_CmacAesDmaRequest*  req     = NULL;
+    whMessageCrypto_CmacAesDmaResponse* res     = NULL;
+    uint8_t*                            dataPtr = NULL;
+    uintptr_t                           inAddr  = 0;
 
     if (ctx == NULL || cmac == NULL) {
         return WH_ERROR_BADARGS;
@@ -3763,7 +3753,7 @@ int wh_Client_CmacDma(whClientContext* ctx, Cmac* cmac, CmacType type,
     }
 
     /* Setup generic header and get pointer to request data */
-    req = (whMessageCrypto_CmacDmaRequest*)_createCryptoRequest(
+    req = (whMessageCrypto_CmacAesDmaRequest*)_createCryptoRequest(
         dataPtr, WC_ALGO_TYPE_CMAC);
     memset(req, 0, sizeof(*req));
 
@@ -3777,16 +3767,12 @@ int wh_Client_CmacDma(whClientContext* ctx, Cmac* cmac, CmacType type,
     uint16_t req_len = hdr_sz + keyLen;
 
     /* Setup request fields */
-    req->type  = type;
     req->outSz = mac_len;
     req->keyId = key_id;
     req->keySz = keyLen;
 
     /* Pack non-sensitive CMAC state into request */
-    memcpy(req->resumeState.buffer, cmac->buffer, AES_BLOCK_SIZE);
-    memcpy(req->resumeState.digest, cmac->digest, AES_BLOCK_SIZE);
-    req->resumeState.bufferSz = cmac->bufferSz;
-    req->resumeState.totalSz  = cmac->totalSz;
+    wh_Crypto_CmacAesSaveStateToMsg(&req->resumeState, cmac);
 
     /* Copy key bytes into trailing data */
     if ((key != NULL) && (keyLen > 0)) {
@@ -3833,13 +3819,11 @@ int wh_Client_CmacDma(whClientContext* ctx, Cmac* cmac, CmacType type,
             /* wolfCrypt allows positive error codes on success */
             if (ret >= 0) {
                 /* Restore non-sensitive state from server response */
-                memcpy(cmac->buffer, res->resumeState.buffer, AES_BLOCK_SIZE);
-                memcpy(cmac->digest, res->resumeState.digest, AES_BLOCK_SIZE);
-                cmac->bufferSz = res->resumeState.bufferSz;
-                cmac->totalSz  = res->resumeState.totalSz;
+                ret = wh_Crypto_CmacAesRestoreStateFromMsg(cmac,
+                                                           &res->resumeState);
 
                 /* Copy out finalized CMAC if present */
-                if (outMac != NULL && outMacLen != NULL) {
+                if (ret == 0 && outMac != NULL && outMacLen != NULL) {
                     if (res->outSz < *outMacLen) {
                         *outMacLen = res->outSz;
                     }

src/wh_crypto.c

@@ -32,10 +32,13 @@
 #include <stdint.h>
 #include <stddef.h>  /* For NULL */
 
+#include <string.h>
+
 #include "wolfssl/wolfcrypt/settings.h"
 #include "wolfssl/wolfcrypt/types.h"
 #include "wolfssl/wolfcrypt/error-crypt.h"
 #include "wolfssl/wolfcrypt/asn.h"
+#include "wolfssl/wolfcrypt/cmac.h"
 #include "wolfssl/wolfcrypt/rsa.h"
 #include "wolfssl/wolfcrypt/curve25519.h"
 #include "wolfssl/wolfcrypt/ecc.h"
@@ -376,4 +379,28 @@ int wh_Crypto_MlDsaDeserializeKeyDer(const uint8_t* buffer, uint16_t size,
 }
 #endif /* HAVE_DILITHIUM */
 
+#ifdef WOLFSSL_CMAC
+void wh_Crypto_CmacAesSaveStateToMsg(whMessageCrypto_CmacAesState* state,
+                                     const Cmac*                   cmac)
+{
+    memcpy(state->buffer, cmac->buffer, AES_BLOCK_SIZE);
+    memcpy(state->digest, cmac->digest, AES_BLOCK_SIZE);
+    state->bufferSz = cmac->bufferSz;
+    state->totalSz  = cmac->totalSz;
+}
+
+int wh_Crypto_CmacAesRestoreStateFromMsg(
+    Cmac* cmac, const whMessageCrypto_CmacAesState* state)
+{
+    if (state->bufferSz > AES_BLOCK_SIZE) {
+        return WH_ERROR_BADARGS;
+    }
+    memcpy(cmac->buffer, state->buffer, AES_BLOCK_SIZE);
+    memcpy(cmac->digest, state->digest, AES_BLOCK_SIZE);
+    cmac->bufferSz = state->bufferSz;
+    cmac->totalSz  = state->totalSz;
+    return 0;
+}
+#endif /* WOLFSSL_CMAC */
+
 #endif  /* !WOLFHSM_CFG_NO_CRYPTO */

src/wh_message_crypto.c

@@ -695,10 +695,10 @@ int wh_MessageCrypto_TranslateSha2Response(
 }
 
 
-/* CMAC State translation */
-int wh_MessageCrypto_TranslateCmacState(uint16_t                         magic,
-                                        const whMessageCrypto_CmacState* src,
-                                        whMessageCrypto_CmacState*       dest)
+/* CMAC-AES State translation */
+int wh_MessageCrypto_TranslateCmacAesState(
+    uint16_t magic, const whMessageCrypto_CmacAesState* src,
+    whMessageCrypto_CmacAesState* dest)
 {
     if ((src == NULL) || (dest == NULL)) {
         return WH_ERROR_BADARGS;
@@ -711,35 +711,34 @@ int wh_MessageCrypto_TranslateCmacState(uint16_t                         magic,
     return 0;
 }
 
-/* CMAC Request translation */
-int wh_MessageCrypto_TranslateCmacRequest(
-    uint16_t magic, const whMessageCrypto_CmacRequest* src,
-    whMessageCrypto_CmacRequest* dest)
+/* CMAC-AES Request translation */
+int wh_MessageCrypto_TranslateCmacAesRequest(
+    uint16_t magic, const whMessageCrypto_CmacAesRequest* src,
+    whMessageCrypto_CmacAesRequest* dest)
 {
     if ((src == NULL) || (dest == NULL)) {
         return WH_ERROR_BADARGS;
     }
-    WH_T32(magic, dest, src, type);
     WH_T32(magic, dest, src, outSz);
     WH_T32(magic, dest, src, inSz);
     WH_T32(magic, dest, src, keySz);
     WH_T16(magic, dest, src, keyId);
-    return wh_MessageCrypto_TranslateCmacState(magic, &src->resumeState,
-                                               &dest->resumeState);
+    return wh_MessageCrypto_TranslateCmacAesState(magic, &src->resumeState,
+                                                  &dest->resumeState);
 }
 
-/* CMAC Response translation */
-int wh_MessageCrypto_TranslateCmacResponse(
-    uint16_t magic, const whMessageCrypto_CmacResponse* src,
-    whMessageCrypto_CmacResponse* dest)
+/* CMAC-AES Response translation */
+int wh_MessageCrypto_TranslateCmacAesResponse(
+    uint16_t magic, const whMessageCrypto_CmacAesResponse* src,
+    whMessageCrypto_CmacAesResponse* dest)
 {
     if ((src == NULL) || (dest == NULL)) {
         return WH_ERROR_BADARGS;
     }
     WH_T32(magic, dest, src, outSz);
     WH_T16(magic, dest, src, keyId);
-    return wh_MessageCrypto_TranslateCmacState(magic, &src->resumeState,
-                                               &dest->resumeState);
+    return wh_MessageCrypto_TranslateCmacAesState(magic, &src->resumeState,
+                                                  &dest->resumeState);
 }
 
 /* ML-DSA Key Generation Request translation */
@@ -904,10 +903,10 @@ int wh_MessageCrypto_TranslateSha2DmaResponse(
                                                    &dest->dmaAddrStatus);
 }
 
-/* CMAC DMA Request translation */
-int wh_MessageCrypto_TranslateCmacDmaRequest(
-    uint16_t magic, const whMessageCrypto_CmacDmaRequest* src,
-    whMessageCrypto_CmacDmaRequest* dest)
+/* CMAC-AES DMA Request translation */
+int wh_MessageCrypto_TranslateCmacAesDmaRequest(
+    uint16_t magic, const whMessageCrypto_CmacAesDmaRequest* src,
+    whMessageCrypto_CmacAesDmaRequest* dest)
 {
     int ret;
 
@@ -920,20 +919,19 @@ int wh_MessageCrypto_TranslateCmacDmaRequest(
         return ret;
     }
 
-    WH_T32(magic, dest, src, type);
     WH_T32(magic, dest, src, outSz);
     WH_T32(magic, dest, src, keySz);
     WH_T16(magic, dest, src, keyId);
 
-    ret = wh_MessageCrypto_TranslateCmacState(magic, &src->resumeState,
-                                              &dest->resumeState);
+    ret = wh_MessageCrypto_TranslateCmacAesState(magic, &src->resumeState,
+                                                 &dest->resumeState);
     return ret;
 }
 
-/* CMAC DMA Response translation */
-int wh_MessageCrypto_TranslateCmacDmaResponse(
-    uint16_t magic, const whMessageCrypto_CmacDmaResponse* src,
-    whMessageCrypto_CmacDmaResponse* dest)
+/* CMAC-AES DMA Response translation */
+int wh_MessageCrypto_TranslateCmacAesDmaResponse(
+    uint16_t magic, const whMessageCrypto_CmacAesDmaResponse* src,
+    whMessageCrypto_CmacAesDmaResponse* dest)
 {
     int ret;
 
@@ -950,8 +948,8 @@ int wh_MessageCrypto_TranslateCmacDmaResponse(
     WH_T32(magic, dest, src, outSz);
     WH_T16(magic, dest, src, keyId);
 
-    ret = wh_MessageCrypto_TranslateCmacState(magic, &src->resumeState,
-                                              &dest->resumeState);
+    ret = wh_MessageCrypto_TranslateCmacAesState(magic, &src->resumeState,
+                                                 &dest->resumeState);
     return ret;
 }