add demo for set permissions and update delete function to have current user

Author: JacobBarthelmeh

src/wh_auth.c

@@ -208,18 +208,21 @@ int wh_Auth_UserDelete(whAuthContext* context, whUserId user_id)
         return WH_ERROR_BADARGS;
     }
 
-    return context->cb->UserDelete(context->context, user_id);
+    return context->cb->UserDelete(context->context, context->user.user_id, user_id);
 }
 
 
 int wh_Auth_UserSetPermissions(whAuthContext* context, whUserId user_id,
                                  whAuthPermissions permissions)
 {
-    /* TODO: Set user permissions */
-    (void)context;
-    (void)user_id;
-    (void)permissions;
-    return WH_ERROR_NOTIMPL;
+    if (    (context == NULL) ||
+            (context->cb == NULL) ||
+            (context->cb->UserSetPermissions == NULL) ) {
+        return WH_ERROR_BADARGS;
+    }
+
+    return context->cb->UserSetPermissions(context->context,
+        context->user.user_id, user_id, permissions);
 }
 
 int wh_Auth_UserGet(whAuthContext* context, const char* username, whUserId* out_user_id,

src/wh_auth_base.c

@@ -173,6 +173,7 @@ int wh_AuthBase_Login(void* context, uint8_t client_id,
             *loggedIn = 1;
             *out_user_id = current_user->user.user_id;
             current_user->user.is_active = true;
+            *out_permissions = current_user->user.permissions;
         }
     }
 
@@ -267,27 +268,41 @@ int wh_AuthBase_CheckRequestAuthorization(void* context,
 int wh_AuthBase_CheckKeyAuthorization(void* context, uint16_t user_id,
     uint32_t key_id, uint16_t action)
 {
-    int rc = WH_ERROR_OK;
+    int rc = WH_ERROR_ACCESS;
+    int i;
+    whAuthBase_User* user;
 
     printf("In key authorization check: User ID: %d, Key ID: %d, Action: %d\n",
         user_id, key_id, action);
 
     if (user_id == WH_USER_ID_INVALID) {
-        rc = WH_ERROR_ACCESS;
+        return WH_ERROR_ACCESS;
     }
-    else {
-        /*
-        if (auth_context->user.permissions.keyId == key_id) {
+
+    if (user_id - 1 >= WH_AUTH_BASE_MAX_USERS) {
+        return WH_ERROR_NOTFOUND;
+    }
+
+    user = &users[user_id - 1];
+
+    if (user->user.user_id == WH_USER_ID_INVALID) {
+        return WH_ERROR_NOTFOUND;
+    }
+
+    /* Check if the requested key_id is in the user's keyIds array */
+    for (i = 0; i < user->user.permissions.keyIdCount && i < WH_AUTH_MAX_KEY_IDS; i++) {
+        if (user->user.permissions.keyIds[i] == key_id) {
             rc = WH_ERROR_OK;
+            break;
         }
-        else {
-            printf("User does not have access to the key");
-            rc = WH_ERROR_ACCESS;
-        }
-        */
+    }
+
+    if (rc != WH_ERROR_OK) {
+        printf("User does not have access to the key");
     }
 
     (void)context;
+    (void)action; /* Action could be used for future fine-grained key access control */
     return rc;
 }
 
@@ -324,6 +339,17 @@ int wh_AuthBase_UserAdd(void* context, const char* username,
     new_user->user.user_id = userId;
     *out_user_id = userId;
     new_user->user.permissions = permissions;
+    /* Clamp keyIdCount to valid range and zero out unused keyIds */
+    if (new_user->user.permissions.keyIdCount > WH_AUTH_MAX_KEY_IDS) {
+        new_user->user.permissions.keyIdCount = WH_AUTH_MAX_KEY_IDS;
+    }
+    /* Zero out unused keyIds beyond keyIdCount */
+    if (new_user->user.permissions.keyIdCount < WH_AUTH_MAX_KEY_IDS) {
+        int j;
+        for (j = new_user->user.permissions.keyIdCount; j < WH_AUTH_MAX_KEY_IDS; j++) {
+            new_user->user.permissions.keyIds[j] = 0;
+        }
+    }
     strcpy(new_user->user.username, username);
     new_user->user.is_active = false;
     new_user->user.failed_attempts = 0;
@@ -343,26 +369,39 @@ int wh_AuthBase_UserAdd(void* context, const char* username,
     return WH_ERROR_OK;
 }
 
-int wh_AuthBase_UserDelete(void* context, uint16_t user_id)
+int wh_AuthBase_UserDelete(void* context, uint16_t current_user_id, uint16_t user_id)
 {
-    whAuthBase_User* user = &users[user_id];
+    whAuthBase_User* user = &users[user_id - 1];
     if (user->user.user_id == WH_USER_ID_INVALID) {
         return WH_ERROR_NOTFOUND;
     }
     memset(user, 0, sizeof(whAuthBase_User));
     (void)context;
+    (void)current_user_id;
     return WH_ERROR_OK;
 }
 
-int wh_AuthBase_UserSetPermissions(void* context, uint16_t user_id,
-    whAuthPermissions permissions)
+int wh_AuthBase_UserSetPermissions(void* context, uint16_t current_user_id,
+    uint16_t user_id, whAuthPermissions permissions)
 {
-    whAuthBase_User* user = &users[user_id];
+    whAuthBase_User* user = &users[user_id - 1];
     if (user->user.user_id == WH_USER_ID_INVALID) {
         return WH_ERROR_NOTFOUND;
     }
     user->user.permissions = permissions;
+    /* Clamp keyIdCount to valid range and zero out unused keyIds */
+    if (user->user.permissions.keyIdCount > WH_AUTH_MAX_KEY_IDS) {
+        user->user.permissions.keyIdCount = WH_AUTH_MAX_KEY_IDS;
+    }
+    /* Zero out unused keyIds beyond keyIdCount */
+    if (user->user.permissions.keyIdCount < WH_AUTH_MAX_KEY_IDS) {
+        int j;
+        for (j = user->user.permissions.keyIdCount; j < WH_AUTH_MAX_KEY_IDS; j++) {
+            user->user.permissions.keyIds[j] = 0;
+        }
+    }
     (void)context;
+    (void)current_user_id;
     return WH_ERROR_OK;
 }
 

src/wh_client_auth.c

@@ -443,36 +443,75 @@ int wh_Client_AuthUserGet(whClientContext* c, const char* username,
 int wh_Client_AuthUserSetPermissionsRequest(whClientContext* c,
         whUserId user_id, whAuthPermissions permissions)
 {
-    /* TODO: Send user set permissions request (non-blocking).
-     * Builds and sends the user set permissions request message. Returns immediately.
-     * May return WH_ERROR_NOTREADY if send buffer is busy. */
-    (void)c;
-    (void)user_id;
-    (void)permissions;
-    return WH_ERROR_NOTIMPL;
+    whMessageAuth_UserSetPermissionsRequest msg = {0};
+
+    if (c == NULL){
+        return WH_ERROR_BADARGS;
+    }
+
+    msg.user_id = user_id;
+    if (wh_MessageAuth_FlattenPermissions(&permissions, msg.permissions,
+        sizeof(msg.permissions)) != 0) {
+        return WH_ERROR_BUFFER_SIZE;
+    }
+    return wh_Client_SendRequest(c,
+            WH_MESSAGE_GROUP_AUTH, WH_MESSAGE_AUTH_ACTION_USER_SET_PERMISSIONS,
+            sizeof(msg), &msg);
 }
 
 int wh_Client_AuthUserSetPermissionsResponse(whClientContext* c, int32_t *out_rc)
 {
-    /* TODO: Receive user set permissions response (non-blocking).
-     * Polls for and processes the user set permissions response. Returns immediately.
-     * Returns WH_ERROR_NOTREADY if response not yet available. */
-    (void)c;
-    (void)out_rc;
-    return WH_ERROR_NOTIMPL;
+    uint8_t                    buffer[WOLFHSM_CFG_COMM_DATA_LEN] = {0};
+    whMessageAuth_SimpleResponse* msg = (whMessageAuth_SimpleResponse*)buffer;
+
+    int rc = 0;
+    uint16_t resp_group = 0;
+    uint16_t resp_action = 0;
+    uint16_t resp_size = 0;
+
+    if (c == NULL){
+        return WH_ERROR_BADARGS;
+    }
+
+    rc = wh_Client_RecvResponse(c,
+            &resp_group, &resp_action,
+            &resp_size, buffer);
+    if (rc == 0) {
+        /* Validate response */
+        if ((resp_group != WH_MESSAGE_GROUP_AUTH) ||
+            (resp_action != WH_MESSAGE_AUTH_ACTION_USER_SET_PERMISSIONS) ||
+            (resp_size != sizeof(whMessageAuth_SimpleResponse))) {
+            /* Invalid message */
+            rc = WH_ERROR_ABORTED;
+        }
+        else {
+            /* Valid message */
+            if (out_rc != NULL) {
+                *out_rc = msg->rc;
+            }
+        }
+    }
+    return rc;
 }
 
 int wh_Client_AuthUserSetPermissions(whClientContext* c, whUserId user_id,
         whAuthPermissions permissions, int32_t* out_rc)
 {
-    /* TODO: Set user permissions (blocking convenience wrapper).
-     * Calls Request, then loops on Response until complete. Blocks until
-     * permissions are set or operation fails. */
-    (void)c;
-    (void)user_id;
-    (void)permissions;
-    (void)out_rc;
-    return WH_ERROR_NOTIMPL;
+    int rc;
+
+    do {
+        rc = wh_Client_AuthUserSetPermissionsRequest(c, user_id, permissions);
+    } while (rc == WH_ERROR_NOTREADY);
+
+    if (rc != 0) {
+        return rc;
+    }
+
+    do {
+        rc = wh_Client_AuthUserSetPermissionsResponse(c, out_rc);
+    } while (rc == WH_ERROR_NOTREADY);
+
+    return rc;
 }
 
 /** User Set Credentials */

src/wh_message_auth.c

@@ -94,17 +94,40 @@ int wh_MessageAuth_FlattenPermissions(whAuthPermissions* permissions,
     uint8_t* buffer, uint16_t buffer_len)
 {
     int idx = 0, i;
+    uint16_t keyIdCount;
+    uint32_t keyId;
 
     if (permissions == NULL || buffer == NULL ||
         buffer_len < WH_FLAT_PERRMISIONS_LEN) {
         return WH_ERROR_BADARGS;
     }
-    buffer[idx++] = permissions->groupPermissions;
-    for (i = 0; i < WH_NUMBER_OF_GROUPS && (idx + i) < buffer_len; i++) {
-        buffer[idx + i] = permissions->actionPermissions[i];
-        idx++;
+
+    /* Serialize groupPermissions (2 bytes) */
+    buffer[idx++] = (uint8_t)(permissions->groupPermissions & 0xFF);
+    buffer[idx++] = (uint8_t)((permissions->groupPermissions >> 8) & 0xFF);
+
+    /* Serialize actionPermissions array (2*WH_NUMBER_OF_GROUPS bytes) */
+    for (i = 0; i < WH_NUMBER_OF_GROUPS && (idx + (i*2) + 1) < buffer_len; i++) {
+        buffer[idx + (i*2)] = (uint8_t)(permissions->actionPermissions[i] & 0xFF);
+        buffer[idx + (i*2) + 1] = (uint8_t)((permissions->actionPermissions[i] >> 8) & 0xFF);
     }
-    buffer[idx] = permissions->keyId;
+    idx += (2 * WH_NUMBER_OF_GROUPS);
+
+    /* Serialize keyIdCount (2 bytes) */
+    keyIdCount = (permissions->keyIdCount > WH_AUTH_MAX_KEY_IDS) ? WH_AUTH_MAX_KEY_IDS : permissions->keyIdCount;
+    buffer[idx++] = (uint8_t)(keyIdCount & 0xFF);
+    buffer[idx++] = (uint8_t)((keyIdCount >> 8) & 0xFF);
+
+    /* Serialize keyIds array (4*WH_AUTH_MAX_KEY_IDS bytes) */
+    for (i = 0; i < WH_AUTH_MAX_KEY_IDS && (idx + (i*4) + 3) < buffer_len; i++) {
+        if (i < keyIdCount) {
+            keyId = permissions->keyIds[i];
+        } else {
+            keyId = 0; /* Pad with zeros */
+        }
+        memcpy(&buffer[idx + (i*4)], &keyId, sizeof(keyId));
+    }
+
     return 0;
 }
 
@@ -113,17 +136,38 @@ int wh_MessageAuth_UnflattenPermissions(uint8_t* buffer, uint16_t buffer_len,
     whAuthPermissions* permissions)
 {
     int idx = 0, i;
+    uint16_t keyIdCount;
+    uint32_t keyId;
 
     if (buffer == NULL || permissions == NULL ||
         buffer_len < WH_FLAT_PERRMISIONS_LEN) {
         return WH_ERROR_BADARGS;
     }
-    permissions->groupPermissions = buffer[idx++];
-    for (i = 0; i < WH_NUMBER_OF_GROUPS && (idx + i) < buffer_len; i++) {
-        permissions->actionPermissions[i] = buffer[idx + i];
-        idx++;
+
+    /* Deserialize groupPermissions (2 bytes) */
+    permissions->groupPermissions = buffer[idx] | (buffer[idx + 1] << 8);
+    idx += 2;
+
+    /* Deserialize actionPermissions array (2*WH_NUMBER_OF_GROUPS bytes) */
+    for (i = 0; i < WH_NUMBER_OF_GROUPS && (idx + (i*2) + 1) < buffer_len; i++) {
+        permissions->actionPermissions[i] = buffer[idx + (i*2)] | (buffer[idx + (i*2) + 1] << 8);
     }
-    permissions->keyId = buffer[idx];
+    idx += (2 * WH_NUMBER_OF_GROUPS);
+
+    /* Deserialize keyIdCount (2 bytes) */
+    keyIdCount = buffer[idx] | (buffer[idx + 1] << 8);
+    idx += 2;
+    if (keyIdCount > WH_AUTH_MAX_KEY_IDS) {
+        keyIdCount = WH_AUTH_MAX_KEY_IDS;
+    }
+    permissions->keyIdCount = keyIdCount;
+
+    /* Deserialize keyIds array (4*WH_AUTH_MAX_KEY_IDS bytes) */
+    for (i = 0; i < WH_AUTH_MAX_KEY_IDS && (idx + (i*4) + 3) < buffer_len; i++) {
+        memcpy(&keyId, &buffer[idx + (i*4)], sizeof(keyId));
+        permissions->keyIds[i] = keyId;
+    }
+
     return 0;
 }
 
@@ -166,10 +210,11 @@ int wh_MessageAuth_TranslateUserDeleteRequest(uint16_t magic,
         const whMessageAuth_UserDeleteRequest* src,
         whMessageAuth_UserDeleteRequest* dest)
 {
-    /* TODO: Translate user delete request message */
-    (void)magic;
-    (void)src;
-    (void)dest;
+    if ((src == NULL) || (dest == NULL)) {
+        return WH_ERROR_BADARGS;
+    }
+
+    WH_T16(magic, dest, src, user_id);
     return 0;
 }
 
@@ -207,10 +252,13 @@ int wh_MessageAuth_TranslateUserSetPermissionsRequest(uint16_t magic,
         const whMessageAuth_UserSetPermissionsRequest* src,
         whMessageAuth_UserSetPermissionsRequest* dest)
 {
-    /* TODO: Translate user set permissions request message */
-    (void)magic;
-    (void)src;
-    (void)dest;
+    if ((src == NULL) || (dest == NULL)) {
+        return WH_ERROR_BADARGS;
+    }
+    WH_T16(magic, dest, src, user_id);
+    if (src != dest) {
+        memcpy(dest->permissions, src->permissions, sizeof(dest->permissions));
+    }
     return 0;
 }
 
@@ -265,26 +313,3 @@ int wh_MessageAuth_TranslateUserSetCredentialsRequest(uint16_t magic,
 
     return 0;
 }
-
-
-int wh_MessageAuth_TranslateCheckAuthorizationRequest(uint16_t magic,
-        const whMessageAuth_CheckAuthorizationRequest* src,
-        whMessageAuth_CheckAuthorizationRequest* dest)
-{
-    /* TODO: Translate check authorization request message */
-    (void)magic;
-    (void)src;
-    (void)dest;
-    return 0;
-}
-
-int wh_MessageAuth_TranslateCheckAuthorizationResponse(uint16_t magic,
-        const whMessageAuth_CheckAuthorizationResponse* src,
-        whMessageAuth_CheckAuthorizationResponse* dest)
-{
-    /* TODO: Translate check authorization response message */
-    (void)magic;
-    (void)src;
-    (void)dest;
-    return 0;
-}