Add RealTek AmebaPro2 (RTL8735B) HUK wolfCrypt example

[dgarske]

wolfSSL/wolfssl#10677

Summary

Adds an AmebaPro2/ example that demonstrates wolfCrypt AES bound to the RealTek RTL8735B silicon Hardware Unique Key (HUK) through the crypto-callback (CryptoCb) framework. A 256-bit "seed" is run through the AmebaPro2 HAL secure HKDF key-ladder against the HUK to derive a per-purpose working key in a secure key-storage slot; the working key never enters software. The app sets the seed as the AES key and uses the normal wolfCrypt AES APIs -- the HUK crypto-callback device does the derivation and the hardware crypto. It builds inside the RealTek AmebaPro2 FreeRTOS SDK, which supplies the startup, HAL, and elf2bin/uartfwburn image+flash tooling.

Files

• main.c -- a FreeRTOS task that registers the HUK device (wc_AmebaPro2_HukRegister) and runs AES-GCM/ECB/CBC/CTR under the HUK-derived key, plus edge-case checks (unaligned buffers, in-place + multi-call CBC, and non-12-byte-IV rejection).
• user_settings.h -- a lean wolfCrypt config (AES + CryptoCb + WOLFSSL_REALTEK_HUK), with the RNG seeded from the SDK TRNG.
• wolfcrypt_huk.cmake -- SDK build wiring (adds wolfCrypt + the RealTek HUK port; -DEXAMPLE=wolfcrypt_huk -DWOLFSSL_ROOT=...).
• README.md -- prerequisites, SDK integration, build, flash (J27 download mode + uartfwburn), expected output, and notes.

What it shows

• The key is device-bound and deterministic: same seed -> same key (GMAC verifies, AES round-trips), wrong seed -> AES_GCM_AUTH_E.
• The port tolerates unaligned caller buffers and handles in-place / multi-call CBC; a non-12-byte GCM IV is rejected rather than silently falling back to software.

Dependency

Requires the wolfSSL RealTek AmebaPro2 HUK port (wolfcrypt/src/port/realtek/, enabled with WOLFSSL_REALTEK_HUK + WOLF_CRYPTO_CB), submitted to the wolfSSL repository separately. Point WOLFSSL_ROOT at a wolfSSL tree containing that port.

Testing

Built with the RealTek ASDK 10.3.0 toolchain and flashed to an RTL8735B EVB over UART. On hardware all checks PASS: registration, AES-GCM (encrypt / deterministic tag / decrypt-verify / round-trip / wrong-seed -> AES_GCM_AUTH_E), AES-ECB, AES-CBC (incl. in-place + multi-call), AES-CTR, the unaligned-buffer GCM case, and the non-12-byte-IV rejection.

Documentation

• AmebaPro2/README.md -- integration, build, flash, expected output.
• Port internals are documented in the wolfSSL tree (wolfcrypt/src/port/realtek/README.md, wolfssl/wolfcrypt/port/realtek/amebapro2.h).

[Copilot]

Pull request overview

Adds a new RealTek AmebaPro2 (RTL8735B) wolfCrypt example that demonstrates using the Hardware Unique Key (HUK) via wolfCrypt CryptoCb, intended to be built inside the RealTek FreeRTOS SDK.

Changes:

• Introduces an AmebaPro2 HUK AES example app (GCM/ECB/CBC/CTR) that registers the HUK crypto-callback device and runs known-answer/round-trip checks.
• Adds a minimal user_settings.h configuration for a wolfCrypt-only, AES-focused build in the SDK.
• Adds CMake wiring (wolfcrypt_huk.cmake) and README instructions for integrating the example into the RealTek SDK build.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 8 comments.

File	Description
AmebaPro2/main.c	New FreeRTOS task example exercising AES modes via the HUK crypto-callback device.
AmebaPro2/user_settings.h	New wolfCrypt configuration for the example (CryptoCb + AES modes + HashDRBG seed hook).
AmebaPro2/wolfcrypt_huk.cmake	New SDK build “wiring” to add wolfCrypt sources, include paths, and defines.
AmebaPro2/README.md	New integration/build/flash documentation for the AmebaPro2 HUK example.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull request overview

Copilot reviewed 4 out of 4 changed files in this pull request and generated 5 comments.