spelling fixes, cast on sizeof return, macro guard for certificate use, less verbose auth demos

Author: JacobBarthelmeh

port/posix/posix_auth.c

@@ -45,8 +45,10 @@ typedef struct whAuthBase_User {
 } whAuthBase_User;
 static whAuthBase_User users[WH_AUTH_BASE_MAX_USERS];
 
+#if defined(WOLFHSM_CFG_CERTIFICATE_MANAGER) && !defined(WOLFHSM_CFG_NO_CRYPTO)
 #include <wolfssl/ssl.h>
 #include <wolfssl/wolfcrypt/asn.h>
+#endif
 
 int posixAuth_Init(void* context, const void* config)
 {
@@ -85,7 +87,7 @@ static whAuthBase_User* posixAuth_CheckPin(const char* username, const void* aut
     return NULL;
 }
 
-
+#if defined(WOLFHSM_CFG_CERTIFICATE_MANAGER) && !defined(WOLFHSM_CFG_NO_CRYPTO)
 static int posixAuth_VerifyCertificate(whAuthBase_User* found_user,
                              const uint8_t*   certificate,
                              uint16_t         certificate_len)
@@ -128,6 +130,7 @@ static whAuthBase_User* posixAuth_CheckCertificate(const char* username,
     }
     return NULL;
 }
+#endif /* WOLFHSM_CFG_CERTIFICATE_MANAGER && !WOLFHSM_CFG_NO_CRYPTO */
 
 int posixAuth_Login(void* context, uint8_t client_id, whAuthMethod method,
                       const char* username, const void* auth_data,
@@ -148,9 +151,11 @@ int posixAuth_Login(void* context, uint8_t client_id, whAuthMethod method,
         case WH_AUTH_METHOD_PIN:
             current_user = posixAuth_CheckPin(username, auth_data, auth_data_len);
             break;
+#if defined(WOLFHSM_CFG_CERTIFICATE_MANAGER) && !defined(WOLFHSM_CFG_NO_CRYPTO)
         case WH_AUTH_METHOD_CERTIFICATE:
             current_user = posixAuth_CheckCertificate(username, auth_data, auth_data_len);
             break;
+#endif /* WOLFHSM_CFG_CERTIFICATE_MANAGER && !WOLFHSM_CFG_NO_CRYPTO */
         default:
             return WH_ERROR_BADARGS;
     }
@@ -300,8 +305,11 @@ int posixAuth_UserAdd(void* context, const char* username,
 
     /* Validate method is supported if credentials are provided */
     if (credentials != NULL && credentials_len > 0) {
-        if (method != WH_AUTH_METHOD_PIN &&
-            method != WH_AUTH_METHOD_CERTIFICATE) {
+        if (method != WH_AUTH_METHOD_PIN
+#if defined(WOLFHSM_CFG_CERTIFICATE_MANAGER) && !defined(WOLFHSM_CFG_NO_CRYPTO)
+            && method != WH_AUTH_METHOD_CERTIFICATE
+#endif /* WOLFHSM_CFG_CERTIFICATE_MANAGER && !WOLFHSM_CFG_NO_CRYPTO */
+            ) {
             return WH_ERROR_BADARGS;
         }
     }
@@ -315,7 +323,7 @@ int posixAuth_UserAdd(void* context, const char* username,
     if (i >= WH_AUTH_BASE_MAX_USERS) {
         return WH_ERROR_BUFFER_SIZE;
     }
-    userId   = i + 1; /* save 0 fron WH_USER_ID_INVALID */
+    userId   = i + 1; /* save 0 for WH_USER_ID_INVALID */
     new_user = &users[i];
 
     memset(new_user, 0, sizeof(whAuthBase_User));
@@ -358,7 +366,7 @@ int posixAuth_UserDelete(void* context, uint16_t current_user_id,
 {
     whAuthBase_User* user;
 
-    if (user_id == WH_USER_ID_INVALID || user_id >= WH_AUTH_BASE_MAX_USERS) {
+    if (user_id == WH_USER_ID_INVALID || user_id > WH_AUTH_BASE_MAX_USERS) {
         return WH_ERROR_NOTFOUND;
     }
 
@@ -379,7 +387,7 @@ int posixAuth_UserSetPermissions(void* context, uint16_t current_user_id,
 {
     whAuthBase_User* user;
 
-    if (user_id == WH_USER_ID_INVALID || user_id >= WH_AUTH_BASE_MAX_USERS) {
+    if (user_id == WH_USER_ID_INVALID || user_id > WH_AUTH_BASE_MAX_USERS) {
         return WH_ERROR_NOTFOUND;
     }
 
@@ -432,12 +440,16 @@ int posixAuth_UserSetCredentials(void* context, uint16_t user_id,
     whAuthBase_User* user;
     int              rc = WH_ERROR_OK;
 
-    if (user_id == WH_USER_ID_INVALID || user_id >= WH_AUTH_BASE_MAX_USERS) {
+    if (user_id == WH_USER_ID_INVALID || user_id > WH_AUTH_BASE_MAX_USERS) {
         return WH_ERROR_BADARGS;
     }
 
     /* Validate method is supported */
-    if (method != WH_AUTH_METHOD_PIN && method != WH_AUTH_METHOD_CERTIFICATE) {
+    if (method != WH_AUTH_METHOD_PIN
+#if defined(WOLFHSM_CFG_CERTIFICATE_MANAGER) && !defined(WOLFHSM_CFG_NO_CRYPTO)
+        && method != WH_AUTH_METHOD_CERTIFICATE
+#endif /* WOLFHSM_CFG_CERTIFICATE_MANAGER && !WOLFHSM_CFG_NO_CRYPTO */
+        ) {
         return WH_ERROR_BADARGS;
     }
 

src/wh_client_auth.c

@@ -292,8 +292,8 @@ int wh_Client_AuthUserAddResponse(whClientContext* c, int32_t* out_rc,
         /* Validate response */
         if ((resp_group != WH_MESSAGE_GROUP_AUTH) ||
             (resp_action != WH_MESSAGE_AUTH_ACTION_USER_ADD) ||
-            (resp_size < hdr_len) || (resp_size > sizeof(buffer)) ||
-            (resp_size - hdr_len > sizeof(whMessageAuth_UserAddResponse))) {
+            (resp_size < hdr_len) || (resp_size > (uint16_t)sizeof(buffer)) ||
+            (resp_size - hdr_len > (uint16_t)sizeof(whMessageAuth_UserAddResponse))) {
             /* Invalid message */
             rc = WH_ERROR_ABORTED;
         }
@@ -415,7 +415,7 @@ int wh_Client_AuthUserGetRequest(whClientContext* c, const char* username)
         return WH_ERROR_BADARGS;
     }
 
-    strncpy(msg.username, username, sizeof(msg.username));
+    strncpy(msg.username, username, sizeof(msg.username) - 1);
     return wh_Client_SendRequest(c, WH_MESSAGE_GROUP_AUTH,
                                  WH_MESSAGE_AUTH_ACTION_USER_GET, sizeof(msg),
                                  &msg);

src/wh_message_auth.c

@@ -120,7 +120,7 @@ int wh_MessageAuth_FlattenPermissions(whAuthPermissions* permissions,
     uint32_t keyId;
 
     if (permissions == NULL || buffer == NULL ||
-        buffer_len < WH_FLAT_PERRMISIONS_LEN) {
+        buffer_len < WH_FLAT_PERMISSIONS_LEN) {
         return WH_ERROR_BADARGS;
     }
 
@@ -169,7 +169,7 @@ int wh_MessageAuth_UnflattenPermissions(uint8_t* buffer, uint16_t buffer_len,
     uint32_t keyId;
 
     if (buffer == NULL || permissions == NULL ||
-        buffer_len < WH_FLAT_PERRMISIONS_LEN) {
+        buffer_len < WH_FLAT_PERMISSIONS_LEN) {
         return WH_ERROR_BADARGS;
     }
 

test/wh_test_auth.c

@@ -414,7 +414,7 @@ static int _whTest_Auth_BadArgs(void)
     rc = wh_Auth_UserSetCredentials(&ctx, 1, WH_AUTH_METHOD_PIN, "pin", 3,
                                     "new", 3);
     WH_TEST_ASSERT_RETURN(rc == WH_ERROR_BADARGS);
-    rc = wh_Auth_Logout(NULL, 999); /* This test may be troublesum if the port
+    rc = wh_Auth_Logout(NULL, 999); /* This test may be troublesome if the port
                                      * supports 999 users */
     WH_TEST_ASSERT_RETURN(rc == WH_ERROR_BADARGS);
 

wolfhsm/wh_client.h

@@ -1934,13 +1934,12 @@ int wh_Client_AuthLoginRequest(whClientContext* c, whAuthMethod method,
  *
  * This function attempts to process an authentication response message from the
  * server. It validates the response and extracts the return code, user ID,
- * session ID, and permissions. This function does not block; it returns
+ * and permissions. This function does not block; it returns
  * WH_ERROR_NOTREADY if a response has not been received.
  *
  * @param[in] c Pointer to the client context.
  * @param[out] out_rc Pointer to store the return code from the server.
  * @param[out] out_user_id Pointer to store the authenticated user ID.
- * @param[out] out_session_id Pointer to store the session ID.
  * @param[out] out_permissions Pointer to store the user permissions.
  * @return int Returns 0 on success, WH_ERROR_NOTREADY if no response is
  * available, or a negative error code on failure.
@@ -1965,7 +1964,6 @@ int wh_Client_AuthLoginResponse(whClientContext* c, int32_t* out_rc,
  * @param[in] auth_data_len Length of the authentication data.
  * @param[out] out_rc Pointer to store the return code from the server.
  * @param[out] out_user_id Pointer to store the authenticated user ID.
- * @param[out] out_session_id Pointer to store the session ID.
  * @param[out] out_permissions Pointer to store the user permissions.
  * @return int Returns 0 on success, or a negative error code on failure.
  */

wolfhsm/wh_message_auth.h

@@ -136,7 +136,7 @@ int wh_MessageAuth_TranslateLogoutRequest(
  * uint16_t (groupPermissions) + uint16_t[WH_NUMBER_OF_GROUPS]
  * (actionPermissions) + uint16_t (keyIdCount) + uint32_t[WH_AUTH_MAX_KEY_IDS]
  * (keyIds) */
-#define WH_FLAT_PERRMISIONS_LEN \
+#define WH_FLAT_PERMISSIONS_LEN \
     (2 + (2 * WH_NUMBER_OF_GROUPS) + 2 + (4 * WH_AUTH_MAX_KEY_IDS))
 
 /**
@@ -165,7 +165,7 @@ int wh_MessageAuth_UnflattenPermissions(uint8_t* buffer, uint16_t buffer_len,
 /** User Add Request */
 typedef struct {
     char     username[WH_MESSAGE_AUTH_MAX_USERNAME_LEN];
-    uint8_t  permissions[WH_FLAT_PERRMISIONS_LEN];
+    uint8_t  permissions[WH_FLAT_PERMISSIONS_LEN];
     uint16_t method;
     uint16_t credentials_len;
     /* credentials follow */
@@ -247,7 +247,7 @@ int wh_MessageAuth_TranslateUserGetRequest(
 typedef struct {
     int32_t  rc;
     uint16_t user_id;
-    uint8_t  permissions[WH_FLAT_PERRMISIONS_LEN];
+    uint8_t  permissions[WH_FLAT_PERMISSIONS_LEN];
 } whMessageAuth_UserGetResponse;
 
 /**
@@ -265,7 +265,7 @@ int wh_MessageAuth_TranslateUserGetResponse(
 /** User Set Permissions Request */
 typedef struct {
     uint16_t user_id;
-    uint8_t  permissions[WH_FLAT_PERRMISIONS_LEN];
+    uint8_t  permissions[WH_FLAT_PERMISSIONS_LEN];
 } whMessageAuth_UserSetPermissionsRequest;
 
 /**