Removal of manual func calls, internally handle func and LINE internally

Author: jackctj117

examples/demo/client/wh_demo_client_crypto.c

@@ -1471,7 +1471,7 @@ int wh_DemoClient_CryptoHkdfCacheInputKey(whClientContext* clientContext)
                              (uint32_t)strlen(keyLabel), ikm,
                              (uint32_t)sizeof(ikm), &keyIdIn);
     if (ret != WH_ERROR_OK) {
-        printf("Failed to wh_Client_KeyCache %d\n", ret);
+        WOLFHSM_CFG_PRINTF("Failed to wh_Client_KeyCache %d\n", ret);
         return ret;
     }
 
@@ -1487,7 +1487,7 @@ int wh_DemoClient_CryptoHkdfCacheInputKey(whClientContext* clientContext)
         (uint32_t)sizeof(salt), info, (uint32_t)sizeof(info), &keyIdOut,
         WH_NVM_FLAGS_NONE, NULL, 0, (uint32_t)sizeof(okm));
     if (ret != WH_ERROR_OK) {
-        printf("Failed to wh_Client_HkdfMakeCacheKey with cached input %d\n",
+        WOLFHSM_CFG_PRINTF("Failed to wh_Client_HkdfMakeCacheKey with cached input %d\n",
                ret);
         (void)wh_Client_KeyEvict(clientContext, keyIdIn);
         return ret;

examples/posix/wh_posix_server/user_settings.h

@@ -35,8 +35,8 @@ extern "C" {
 /* #define WC_NO_ASYNC_THREADING */
 
 /*
-#define DEBUG_CRYPTOCB
-#define DEBUG_CRYPTOCB_VERBOSE
+#define WOLFHSM_CFG_DEBUG
+#define WOLFHSM_CFG_DEBUG_VERBOSE
 */
 
 /** wolfHSM required settings for wolfCrypt */

src/wh_client_crypto.c

@@ -4335,8 +4335,8 @@ static int _MlDsaMakeKey(whClientContext* ctx, int size, int level,
                      * scenarios */
                     if (ret >= 0) {
                         WH_DEBUG_CLIENT_VERBOSE(
-                            "%s Res recv:keyid:%u, len:%u, ret:%d\n",
-                            __func__, (unsigned int)res->keyId,
+                            "Res recv:keyid:%u, len:%u, ret:%d\n",
+                            (unsigned int)res->keyId,
                             (unsigned int)res->len, ret);
                         /* Key is cached on server or is ephemeral */
                         key_id = (whKeyId)(res->keyId);

src/wh_server_crypto.c

@@ -4084,10 +4084,8 @@ static int _HandleMlDsaKeyGenDma(whServerContext* ctx, uint16_t magic,
                         if (WH_KEYID_ISERASED(keyId)) {
                             /* Generate a new id */
                             ret = wh_Server_KeystoreGetUniqueId(ctx, &keyId);
-#ifdef WOLFHSM_CFG_DEBUG
-                            WH_DEBUG_SERVER("%s UniqueId: keyId:%u, ret:%d\n",
-                                   __func__, keyId, ret);
-#endif
+                            WH_DEBUG_SERVER("UniqueId: keyId:%u, ret:%d\n",
+                                   keyId, ret);
                             if (ret != WH_ERROR_OK) {
                                 /* Early return on unique ID generation failure
                                  */

test/wh_test_clientserver.c

@@ -23,6 +23,7 @@
 #include "wolfhsm/wh_settings.h"
 
 #include "wh_test_common.h"
+#include "wh_test_clientserver.h"
 #include "wolfhsm/wh_error.h"
 
 #include "wolfhsm/wh_comm.h"

wolfhsm/wh_client.h

@@ -2433,6 +2433,21 @@ int wh_Client_CertVerifyAcertDmaRequest(whClientContext* c, const void* cert,
 int wh_Client_CertVerifyAcertDmaResponse(whClientContext* c, int32_t* out_rc);
 
 #if defined(WOLFHSM_CFG_DMA)
+/**
+ * @brief Registers a DMA address allowlist for client-side validation
+ *
+ * This function allows the client to register an allowlist of valid DMA
+ * addresses. The allowlist will be checked during DMA operations to ensure
+ * addresses are within allowed ranges.
+ *
+ * @param[in] client Pointer to the client context.
+ * @param[in] allowlist Pointer to the DMA address allowlist structure.
+ * @return int Returns WH_ERROR_OK on success, or WH_ERROR_BADARGS if the
+ * arguments are invalid.
+ */
+int wh_Client_DmaRegisterAllowList(struct whClientContext_t* client,
+                                   const whDmaAddrAllowList* allowlist);
+
 /**
  * @brief Registers a custom client DMA callback
  *

wolfhsm/wh_message_crypto.h

@@ -868,6 +868,15 @@ typedef struct {
     whMessageCrypto_DmaAddrStatus dmaAddrStatus;
 } whMessageCrypto_Sha2DmaResponse;
 
+/* DMA buffer translation functions */
+int wh_MessageCrypto_TranslateDmaBuffer(uint16_t                         magic,
+                                        const whMessageCrypto_DmaBuffer* src,
+                                        whMessageCrypto_DmaBuffer*       dest);
+
+int wh_MessageCrypto_TranslateDmaAddrStatus(
+    uint16_t magic, const whMessageCrypto_DmaAddrStatus* src,
+    whMessageCrypto_DmaAddrStatus* dest);
+
 /* SHA2 DMA translation functions */
 int wh_MessageCrypto_TranslateSha2DmaRequest(
     uint16_t magic, const whMessageCrypto_Sha2DmaRequest* src,

wolfhsm/wh_server_cert.h

@@ -92,6 +92,24 @@ int wh_Server_CertVerify(whServerContext* server, const uint8_t* cert,
                          uint32_t cert_len, whNvmId trustedRootNvmId,
                          whCertFlags flags, whKeyId* inout_keyId);
 
+#if defined(WOLFHSM_CFG_CERTIFICATE_MANAGER_ACERT)
+/**
+ * @brief Verifies an attribute certificate against a trusted root certificate
+ *
+ * This function retrieves a trusted root certificate from NVM using the
+ * specified NVM ID and verifies the provided attribute certificate against it.
+ *
+ * @param[in] server Pointer to the server context
+ * @param[in] cert Pointer to the attribute certificate data to verify
+ * @param[in] cert_len Length of the certificate data in bytes
+ * @param[in] trustedRootNvmId NVM ID of the trusted root certificate to verify
+ * against
+ * @return int Returns 0 on success, or a negative error code on failure.
+ */
+int wh_Server_CertVerifyAcert(whServerContext* server, const uint8_t* cert,
+                              uint32_t cert_len, whNvmId trustedRootNvmId);
+#endif
+
 /**
  * @brief Handle a certificate request and generate a response
  * @param server The server context