add admin boolean to permissions, aditional delete user test case, unique max credentials, add force zero to utils

Author: JacobBarthelmeh

src/wh_auth_base.c

@@ -29,6 +29,7 @@
 
 #include "wolfhsm/wh_common.h"
 #include "wolfhsm/wh_error.h"
+#include "wolfhsm/wh_utils.h"
 
 #include "wolfhsm/wh_message.h"
 #include "wolfhsm/wh_message_auth.h"
@@ -70,6 +71,7 @@ int wh_Auth_BaseInit(void* context, const void* config)
 int wh_Auth_BaseCleanup(void* context)
 {
     (void)context;
+    wh_Utils_ForceZero(users, sizeof(users));
     return WH_ERROR_OK;
 }
 
@@ -231,16 +233,20 @@ int wh_Auth_BaseLogout(void* context, uint16_t current_user_id,
 {
     whAuthBase_User* user;
 
-    if (user_id == WH_USER_ID_INVALID) {
+    if (current_user_id == WH_USER_ID_INVALID ||
+        user_id == WH_USER_ID_INVALID) {
         return WH_ERROR_BADARGS;
     }
 
-    if (user_id > WH_AUTH_BASE_MAX_USERS) {
+    if (current_user_id > WH_AUTH_BASE_MAX_USERS ||
+        user_id > WH_AUTH_BASE_MAX_USERS) {
         return WH_ERROR_NOTFOUND;
     }
 
-    /* @TODO there likely should be restrictions here on who can logout who */
-    (void)current_user_id;
+    if (current_user_id != user_id &&
+        !WH_AUTH_IS_ADMIN(users[current_user_id - 1].user.permissions)) {
+        return WH_ERROR_ACCESS;
+    }
 
     user                 = &users[user_id - 1];
     user->user.is_active = false;
@@ -348,14 +354,23 @@ int wh_Auth_BaseUserDelete(void* context, uint16_t current_user_id,
         return WH_ERROR_NOTFOUND;
     }
 
+    if (current_user_id == WH_USER_ID_INVALID ||
+        current_user_id > WH_AUTH_BASE_MAX_USERS) {
+        return WH_ERROR_BADARGS;
+    }
+
+    /* Only allow an admin user to delete users */
+    if (!WH_AUTH_IS_ADMIN(users[current_user_id - 1].user.permissions)) {
+        return WH_ERROR_ACCESS;
+    }
+
     user = &users[user_id - 1];
     if (user->user.user_id == WH_USER_ID_INVALID) {
         return WH_ERROR_NOTFOUND;
     }
 
     memset(user, 0, sizeof(whAuthBase_User));
     (void)context;
-    (void)current_user_id;
     return WH_ERROR_OK;
 }
 
@@ -369,6 +384,11 @@ int wh_Auth_BaseUserSetPermissions(void* context, uint16_t current_user_id,
         return WH_ERROR_NOTFOUND;
     }
 
+    /* Only allow an admin user to change permissions */
+    if (!WH_AUTH_IS_ADMIN(users[current_user_id - 1].user.permissions)) {
+        return WH_ERROR_ACCESS;
+    }
+
     user = &users[user_id - 1];
     if (user->user.user_id == WH_USER_ID_INVALID) {
         return WH_ERROR_NOTFOUND;
@@ -387,7 +407,6 @@ int wh_Auth_BaseUserSetPermissions(void* context, uint16_t current_user_id,
         }
     }
     (void)context;
-    (void)current_user_id;
     return WH_ERROR_OK;
 }
 

src/wh_client_auth.c

@@ -40,6 +40,7 @@
 
 #include "wolfhsm/wh_client.h"
 #include "wolfhsm/wh_auth.h"
+#include "wolfhsm/wh_utils.h"
 
 /* Does not find the user name in the list, only verifies that the user name is
  * not too long and not null. */
@@ -64,6 +65,7 @@ int wh_Client_AuthLoginRequest(whClientContext* c, whAuthMethod method,
     whMessageAuth_LoginRequest* msg = (whMessageAuth_LoginRequest*)buffer;
     uint8_t*                    msg_auth_data = buffer + sizeof(*msg);
     size_t                      msg_size;
+    int                         rc;
 
     if (c == NULL) {
         return WH_ERROR_BADARGS;
@@ -73,7 +75,7 @@ int wh_Client_AuthLoginRequest(whClientContext* c, whAuthMethod method,
         return WH_ERROR_BADARGS;
     }
 
-    if (auth_data_len > WH_MESSAGE_AUTH_MAX_CREDENTIALS_LEN) {
+    if (auth_data_len > WH_MESSAGE_AUTH_LOGIN_MAX_AUTH_DATA_LEN) {
         return WH_ERROR_BADARGS;
     }
 
@@ -94,9 +96,14 @@ int wh_Client_AuthLoginRequest(whClientContext* c, whAuthMethod method,
         memcpy(msg_auth_data, auth_data, auth_data_len);
     }
 
-    return wh_Client_SendRequest(c, WH_MESSAGE_GROUP_AUTH,
-                                 WH_MESSAGE_AUTH_ACTION_LOGIN,
-                                 (uint16_t)msg_size, buffer);
+    rc = wh_Client_SendRequest(c, WH_MESSAGE_GROUP_AUTH,
+                               WH_MESSAGE_AUTH_ACTION_LOGIN,
+                               (uint16_t)msg_size, buffer);
+
+    /* Zeroize sensitive credential data before returning */
+    wh_Utils_ForceZero(buffer, sizeof(buffer));
+
+    return rc;
 }
 
 int wh_Client_AuthLoginResponse(whClientContext* c, int32_t* out_rc,
@@ -252,6 +259,7 @@ int wh_Client_AuthUserAddRequest(whClientContext* c, const char* username,
     whMessageAuth_UserAddRequest* msg = (whMessageAuth_UserAddRequest*)buffer;
     uint8_t*                      msg_credentials = buffer + sizeof(*msg);
     size_t                        msg_size;
+    int                           rc = WH_ERROR_OK;
 
     if (c == NULL) {
         return WH_ERROR_BADARGS;
@@ -266,28 +274,41 @@ int wh_Client_AuthUserAddRequest(whClientContext* c, const char* username,
 
     if (wh_MessageAuth_FlattenPermissions(&permissions, msg->permissions,
                                           sizeof(msg->permissions)) != 0) {
-        return WH_ERROR_BUFFER_SIZE;
-    }
-
-    msg->method          = method;
-    msg->credentials_len = credentials_len;
-    if (credentials_len > 0) {
-        if (credentials == NULL) {
-            return WH_ERROR_BADARGS;
+        rc = WH_ERROR_BUFFER_SIZE;
+    }
+    else {
+        msg->method          = method;
+        msg->credentials_len = credentials_len;
+        if (credentials_len > 0) {
+            if (credentials == NULL) {
+                rc = WH_ERROR_BADARGS;
+            }
+            else if (credentials_len >
+                     WH_MESSAGE_AUTH_USERADD_MAX_CREDENTIALS_LEN) {
+                rc = WH_ERROR_BUFFER_SIZE;
+            }
+            else {
+                memcpy(msg_credentials, credentials, credentials_len);
+            }
         }
-        if (credentials_len > WH_MESSAGE_AUTH_MAX_CREDENTIALS_LEN) {
-            return WH_ERROR_BUFFER_SIZE;
+
+        if (rc == WH_ERROR_OK) {
+            msg_size = sizeof(*msg) + credentials_len;
+            if (msg_size > WOLFHSM_CFG_COMM_DATA_LEN) {
+                rc = WH_ERROR_BUFFER_SIZE;
+            }
+            else {
+                rc = wh_Client_SendRequest(c, WH_MESSAGE_GROUP_AUTH,
+                                           WH_MESSAGE_AUTH_ACTION_USER_ADD,
+                                           (uint16_t)msg_size, buffer);
+            }
         }
-        memcpy(msg_credentials, credentials, credentials_len);
     }
 
-    msg_size = sizeof(*msg) + credentials_len;
-    if (msg_size > WOLFHSM_CFG_COMM_DATA_LEN) {
-        return WH_ERROR_BUFFER_SIZE;
-    }
-    return wh_Client_SendRequest(c, WH_MESSAGE_GROUP_AUTH,
-                                 WH_MESSAGE_AUTH_ACTION_USER_ADD,
-                                 (uint16_t)msg_size, buffer);
+    /* Zeroize sensitive credential data before returning */
+    wh_Utils_ForceZero(buffer, sizeof(buffer));
+
+    return rc;
 }
 
 int wh_Client_AuthUserAddResponse(whClientContext* c, int32_t* out_rc,
@@ -597,15 +618,16 @@ int wh_Client_AuthUserSetCredentialsRequest(
     uint8_t* msg_current_creds = buffer + sizeof(*msg);
     uint8_t* msg_new_creds     = msg_current_creds + current_credentials_len;
     uint16_t total_size;
+    int      rc;
 
     if (c == NULL) {
         return WH_ERROR_BADARGS;
     }
 
-    if (current_credentials_len > WH_MESSAGE_AUTH_MAX_CREDENTIALS_LEN) {
+    if (current_credentials_len > WH_MESSAGE_AUTH_SETCREDS_MAX_CREDENTIALS_LEN) {
         return WH_ERROR_BUFFER_SIZE;
     }
-    if (new_credentials_len > WH_MESSAGE_AUTH_MAX_CREDENTIALS_LEN) {
+    if (new_credentials_len > WH_MESSAGE_AUTH_SETCREDS_MAX_CREDENTIALS_LEN) {
         return WH_ERROR_BUFFER_SIZE;
     }
     if (current_credentials_len > 0 && current_credentials == NULL) {
@@ -635,9 +657,14 @@ int wh_Client_AuthUserSetCredentialsRequest(
         memcpy(msg_new_creds, new_credentials, new_credentials_len);
     }
 
-    return wh_Client_SendRequest(c, WH_MESSAGE_GROUP_AUTH,
-                                 WH_MESSAGE_AUTH_ACTION_USER_SET_CREDENTIALS,
-                                 total_size, buffer);
+    rc = wh_Client_SendRequest(c, WH_MESSAGE_GROUP_AUTH,
+                               WH_MESSAGE_AUTH_ACTION_USER_SET_CREDENTIALS,
+                               total_size, buffer);
+
+    /* Zeroize sensitive credential data before returning */
+    wh_Utils_ForceZero(buffer, sizeof(buffer));
+
+    return rc;
 }
 
 int wh_Client_AuthUserSetCredentialsResponse(whClientContext* c,

src/wh_message_auth.c

@@ -76,7 +76,7 @@ int wh_MessageAuth_TranslateLoginRequest(
     WH_T16(magic, dest_header, src_header, auth_data_len);
 
     expected_size = (uint16_t)(header_size + dest_header->auth_data_len);
-    if (dest_header->auth_data_len > WH_MESSAGE_AUTH_MAX_CREDENTIALS_LEN ||
+    if (dest_header->auth_data_len > WH_MESSAGE_AUTH_LOGIN_MAX_AUTH_DATA_LEN ||
         src_size < expected_size) {
         return WH_ERROR_BADARGS;
     }
@@ -126,8 +126,9 @@ int wh_MessageAuth_FlattenPermissions(whAuthPermissions* permissions,
         return WH_ERROR_BADARGS;
     }
 
-    /* Serialize groupPermissions array (WH_NUMBER_OF_GROUPS bytes) */
-    for (i = 0; i < WH_NUMBER_OF_GROUPS; i++) {
+    /* Serialize groupPermissions array (WH_NUMBER_OF_GROUPS + 1 bytes)
+     * The last byte is the admin flag */
+    for (i = 0; i < WH_NUMBER_OF_GROUPS + 1; i++) {
         buffer[idx++] = permissions->groupPermissions[i];
     }
 
@@ -181,8 +182,9 @@ int wh_MessageAuth_UnflattenPermissions(uint8_t* buffer, uint16_t buffer_len,
         return WH_ERROR_BADARGS;
     }
 
-    /* Deserialize groupPermissions array (WH_NUMBER_OF_GROUPS bytes) */
-    for (i = 0; i < WH_NUMBER_OF_GROUPS; i++) {
+    /* Deserialize groupPermissions array (WH_NUMBER_OF_GROUPS + 1 bytes)
+     * The last byte is the admin flag */
+    for (i = 0; i < WH_NUMBER_OF_GROUPS + 1; i++) {
         permissions->groupPermissions[i] = buffer[idx++];
     }
 
@@ -253,7 +255,7 @@ int wh_MessageAuth_TranslateUserAddRequest(
     WH_T16(magic, dest_header, src_header, credentials_len);
 
     expected_size = (uint16_t)(header_size + dest_header->credentials_len);
-    if (dest_header->credentials_len > WH_MESSAGE_AUTH_MAX_CREDENTIALS_LEN ||
+    if (dest_header->credentials_len > WH_MESSAGE_AUTH_USERADD_MAX_CREDENTIALS_LEN ||
         src_size < expected_size) {
         return WH_ERROR_BUFFER_SIZE;
     }
@@ -362,10 +364,11 @@ int wh_MessageAuth_TranslateUserSetCredentialsRequest(
     WH_T16(magic, dest_header, src_header, new_credentials_len);
 
     if (src_header->current_credentials_len >
-        WH_MESSAGE_AUTH_MAX_CREDENTIALS_LEN) {
+        WH_MESSAGE_AUTH_SETCREDS_MAX_CREDENTIALS_LEN) {
         return WH_ERROR_BUFFER_SIZE;
     }
-    if (src_header->new_credentials_len > WH_MESSAGE_AUTH_MAX_CREDENTIALS_LEN) {
+    if (src_header->new_credentials_len >
+        WH_MESSAGE_AUTH_SETCREDS_MAX_CREDENTIALS_LEN) {
         return WH_ERROR_BUFFER_SIZE;
     }
 

src/wh_server_auth.c

@@ -65,10 +65,10 @@ int wh_Server_HandleAuthRequest(whServerContext* server, uint16_t magic,
     switch (action) {
 
         case WH_MESSAGE_AUTH_ACTION_LOGIN: {
-            whMessageAuth_LoginRequest  req                        = {0};
-            whMessageAuth_LoginResponse resp                       = {0};
-            int                         loggedIn                   = 0;
-            uint8_t auth_data[WH_MESSAGE_AUTH_MAX_CREDENTIALS_LEN] = {0};
+            whMessageAuth_LoginRequest  req                            = {0};
+            whMessageAuth_LoginResponse resp                           = {0};
+            int                         loggedIn                       = 0;
+            uint8_t auth_data[WH_MESSAGE_AUTH_LOGIN_MAX_AUTH_DATA_LEN] = {0};
 
             rc = wh_MessageAuth_TranslateLoginRequest(
                 magic, req_packet, req_size, &req, auth_data);
@@ -118,10 +118,10 @@ int wh_Server_HandleAuthRequest(whServerContext* server, uint16_t magic,
         } break;
 
         case WH_MESSAGE_AUTH_ACTION_USER_ADD: {
-            whMessageAuth_UserAddRequest  req                        = {0};
-            whMessageAuth_UserAddResponse resp                       = {0};
-            whAuthPermissions             permissions                = {0};
-            uint8_t credentials[WH_MESSAGE_AUTH_MAX_CREDENTIALS_LEN] = {0};
+            whMessageAuth_UserAddRequest  req         = {0};
+            whMessageAuth_UserAddResponse resp        = {0};
+            whAuthPermissions             permissions = {0};
+            uint8_t credentials[WH_MESSAGE_AUTH_USERADD_MAX_CREDENTIALS_LEN] = {0};
 
             rc = wh_MessageAuth_TranslateUserAddRequest(
                 magic, req_packet, req_size, &req, credentials);
@@ -223,10 +223,10 @@ int wh_Server_HandleAuthRequest(whServerContext* server, uint16_t magic,
         } break;
 
         case WH_MESSAGE_AUTH_ACTION_USER_SET_CREDENTIALS: {
-            whMessageAuth_UserSetCredentialsRequest req_header         = {0};
-            uint8_t current_creds[WH_MESSAGE_AUTH_MAX_CREDENTIALS_LEN] = {0};
-            uint8_t new_creds[WH_MESSAGE_AUTH_MAX_CREDENTIALS_LEN]     = {0};
-            whMessageAuth_SimpleResponse resp                          = {0};
+            whMessageAuth_UserSetCredentialsRequest req_header = {0};
+            uint8_t current_creds[WH_MESSAGE_AUTH_SETCREDS_MAX_CREDENTIALS_LEN] = {0};
+            uint8_t new_creds[WH_MESSAGE_AUTH_SETCREDS_MAX_CREDENTIALS_LEN]     = {0};
+            whMessageAuth_SimpleResponse resp                                   = {0};
             uint16_t min_size = sizeof(whMessageAuth_UserSetCredentialsRequest);
 
             if (req_size < min_size) {