Skip to content

Commit bc144d9

Browse files
JacobBarthelmehJacobBarthelmeh
committed
move base example auth users to port/posix directory
1 parent cd88f8c commit bc144d9

5 files changed

Lines changed: 132 additions & 113 deletions

File tree

examples/posix/wh_posix_server/wh_posix_server_cfg.c

Lines changed: 28 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -15,13 +15,13 @@
1515
#include "wolfhsm/wh_nvm_flash.h"
1616
#include "wolfhsm/wh_flash_ramsim.h"
1717
#include "wolfhsm/wh_auth.h"
18-
#include "wolfhsm/wh_auth_base.h"
1918

2019
#include "port/posix/posix_transport_shm.h"
2120
#include "port/posix/posix_transport_tcp.h"
2221
#ifdef WOLFHSM_CFG_TLS
2322
#include "port/posix/posix_transport_tls.h"
2423
#endif
24+
#include "port/posix/posix_auth.h"
2525

2626
posixTransportShmConfig shmConfig;
2727
posixTransportTcpConfig tcpConfig;
@@ -656,17 +656,17 @@ int wh_PosixServer_ExampleNvmConfig(void* conf, const char* nvmInitFilePath)
656656

657657
/* Default auth callback structure */
658658
static whAuthCb default_auth_cb = {
659-
.Init = wh_AuthBase_Init,
660-
.Cleanup = wh_AuthBase_Cleanup,
661-
.Login = wh_AuthBase_Login,
662-
.Logout = wh_AuthBase_Logout,
663-
.CheckRequestAuthorization = wh_AuthBase_CheckRequestAuthorization,
664-
.CheckKeyAuthorization = wh_AuthBase_CheckKeyAuthorization,
665-
.UserAdd = wh_AuthBase_UserAdd,
666-
.UserDelete = wh_AuthBase_UserDelete,
667-
.UserSetPermissions = wh_AuthBase_UserSetPermissions,
668-
.UserGet = wh_AuthBase_UserGet,
669-
.UserSetCredentials = wh_AuthBase_UserSetCredentials};
659+
.Init = posixAuth_Init,
660+
.Cleanup = posixAuth_Cleanup,
661+
.Login = posixAuth_Login,
662+
.Logout = posixAuth_Logout,
663+
.CheckRequestAuthorization = posixAuth_CheckRequestAuthorization,
664+
.CheckKeyAuthorization = posixAuth_CheckKeyAuthorization,
665+
.UserAdd = posixAuth_UserAdd,
666+
.UserDelete = posixAuth_UserDelete,
667+
.UserSetPermissions = posixAuth_UserSetPermissions,
668+
.UserGet = posixAuth_UserGet,
669+
.UserSetCredentials = posixAuth_UserSetCredentials};
670670
static whAuthContext auth_ctx = {0};
671671

672672
/**
@@ -687,6 +687,9 @@ int wh_PosixServer_ExampleAuthConfig(void* conf)
687687
static void* auth_backend_context =
688688
NULL; /* No backend context needed for stubs */
689689
static whAuthConfig auth_config = {0};
690+
whAuthPermissions permissions;
691+
uint16_t out_user_id;
692+
int i;
690693

691694
if (s_conf == NULL) {
692695
return WH_ERROR_BADARGS;
@@ -709,5 +712,18 @@ int wh_PosixServer_ExampleAuthConfig(void* conf)
709712
WOLFHSM_CFG_PRINTF(
710713
"Default auth context configured (stub implementation)\n");
711714

715+
/* Add and admin user with permissions for everything */
716+
memset(&permissions, 0xFF, sizeof(whAuthPermissions));
717+
permissions.keyIdCount = 0;
718+
for (i = 0; i < WH_AUTH_MAX_KEY_IDS; i++) {
719+
permissions.keyIds[i] = 0;
720+
}
721+
rc = posixAuth_UserAdd(&auth_ctx, "admin", &out_user_id, permissions,
722+
WH_AUTH_METHOD_PIN, "1234", 4);
723+
if (rc != WH_ERROR_OK) {
724+
WOLFHSM_CFG_PRINTF("Failed to add admin user: %d\n", rc);
725+
return rc;
726+
}
727+
712728
return WH_ERROR_OK;
713729
}

src/wh_auth_base.c renamed to port/posix/posix_auth.c

Lines changed: 24 additions & 40 deletions
Original file line numberDiff line numberDiff line change
@@ -32,7 +32,7 @@
3232

3333
#include "wolfhsm/wh_message.h"
3434
#include "wolfhsm/wh_message_auth.h"
35-
#include "wolfhsm/wh_auth_base.h"
35+
#include "posix_auth.h"
3636

3737
/* simple base user list */
3838
#define WH_AUTH_BASE_MAX_USERS 5
@@ -48,37 +48,21 @@ static whAuthBase_User users[WH_AUTH_BASE_MAX_USERS];
4848
#include <wolfssl/ssl.h>
4949
#include <wolfssl/wolfcrypt/asn.h>
5050

51-
int wh_AuthBase_Init(void* context, const void* config)
51+
int posixAuth_Init(void* context, const void* config)
5252
{
53-
whAuthPermissions permissions;
54-
int rc;
55-
uint16_t out_user_id;
56-
int i;
57-
58-
/* TODO: Initialize auth manager context */
5953
(void)context;
6054
(void)config;
6155

62-
memset(&permissions, 0xFF, sizeof(whAuthPermissions));
63-
permissions.keyIdCount = 0;
64-
for (i = 0; i < WH_AUTH_MAX_KEY_IDS; i++) {
65-
permissions.keyIds[i] = 0;
66-
}
67-
68-
/* add a demo user with admin permissions */
69-
rc = wh_AuthBase_UserAdd(context, "admin", &out_user_id, permissions,
70-
WH_AUTH_METHOD_PIN, "1234", 4);
71-
return rc;
56+
return WH_ERROR_OK;
7257
}
7358

74-
int wh_AuthBase_Cleanup(void* context)
59+
int posixAuth_Cleanup(void* context)
7560
{
76-
/* TODO: Cleanup auth manager context */
7761
(void)context;
78-
return WH_ERROR_NOTIMPL;
62+
return WH_ERROR_OK;
7963
}
8064

81-
static whAuthBase_User* FindUser(const char* username)
65+
static whAuthBase_User* posixAuth_FindUser(const char* username)
8266
{
8367
int i;
8468
for (i = 0; i < WH_AUTH_BASE_MAX_USERS; i++) {
@@ -89,11 +73,11 @@ static whAuthBase_User* FindUser(const char* username)
8973
return NULL;
9074
}
9175

92-
static whAuthBase_User* CheckPin(const char* username, const void* auth_data,
76+
static whAuthBase_User* posixAuth_CheckPin(const char* username, const void* auth_data,
9377
uint16_t auth_data_len)
9478
{
9579
whAuthBase_User* found_user;
96-
found_user = FindUser(username);
80+
found_user = posixAuth_FindUser(username);
9781
if (found_user != NULL && found_user->credentials_len == auth_data_len &&
9882
memcmp(found_user->credentials, auth_data, auth_data_len) == 0) {
9983
return found_user;
@@ -102,7 +86,7 @@ static whAuthBase_User* CheckPin(const char* username, const void* auth_data,
10286
}
10387

10488

105-
static int VerifyCertificate(whAuthBase_User* found_user,
89+
static int posixAuth_VerifyCertificate(whAuthBase_User* found_user,
10690
const uint8_t* certificate,
10791
uint16_t certificate_len)
10892
{
@@ -128,24 +112,24 @@ static int VerifyCertificate(whAuthBase_User* found_user,
128112
return rc;
129113
}
130114

131-
static whAuthBase_User* CheckCertificate(const char* username,
115+
static whAuthBase_User* posixAuth_CheckCertificate(const char* username,
132116
const void* auth_data,
133117
uint16_t auth_data_len)
134118
{
135119
whAuthBase_User* found_user;
136-
found_user = FindUser(username);
120+
found_user = posixAuth_FindUser(username);
137121
if (found_user != NULL &&
138122
found_user->method == WH_AUTH_METHOD_CERTIFICATE &&
139123
found_user->credentials_len > 0) {
140-
if (VerifyCertificate(found_user, auth_data, auth_data_len) ==
124+
if (posixAuth_VerifyCertificate(found_user, auth_data, auth_data_len) ==
141125
WH_ERROR_OK) {
142126
return found_user;
143127
}
144128
}
145129
return NULL;
146130
}
147131

148-
int wh_AuthBase_Login(void* context, uint8_t client_id, whAuthMethod method,
132+
int posixAuth_Login(void* context, uint8_t client_id, whAuthMethod method,
149133
const char* username, const void* auth_data,
150134
uint16_t auth_data_len, uint16_t* out_user_id,
151135
whAuthPermissions* out_permissions, int* loggedIn)
@@ -162,10 +146,10 @@ int wh_AuthBase_Login(void* context, uint8_t client_id, whAuthMethod method,
162146
(void)client_id;
163147
switch (method) {
164148
case WH_AUTH_METHOD_PIN:
165-
current_user = CheckPin(username, auth_data, auth_data_len);
149+
current_user = posixAuth_CheckPin(username, auth_data, auth_data_len);
166150
break;
167151
case WH_AUTH_METHOD_CERTIFICATE:
168-
current_user = CheckCertificate(username, auth_data, auth_data_len);
152+
current_user = posixAuth_CheckCertificate(username, auth_data, auth_data_len);
169153
break;
170154
default:
171155
return WH_ERROR_BADARGS;
@@ -188,7 +172,7 @@ int wh_AuthBase_Login(void* context, uint8_t client_id, whAuthMethod method,
188172
return WH_ERROR_OK;
189173
}
190174

191-
int wh_AuthBase_Logout(void* context, uint16_t current_user_id,
175+
int posixAuth_Logout(void* context, uint16_t current_user_id,
192176
uint16_t user_id)
193177
{
194178
whAuthBase_User* user;
@@ -211,7 +195,7 @@ int wh_AuthBase_Logout(void* context, uint16_t current_user_id,
211195
}
212196

213197

214-
int wh_AuthBase_CheckRequestAuthorization(void* context, uint16_t user_id,
198+
int posixAuth_CheckRequestAuthorization(void* context, uint16_t user_id,
215199
uint16_t group, uint16_t action)
216200
{
217201
int rc;
@@ -266,7 +250,7 @@ int wh_AuthBase_CheckRequestAuthorization(void* context, uint16_t user_id,
266250

267251
/* authorization check on key usage after the request has been parsed and before
268252
* the action is done */
269-
int wh_AuthBase_CheckKeyAuthorization(void* context, uint16_t user_id,
253+
int posixAuth_CheckKeyAuthorization(void* context, uint16_t user_id,
270254
uint32_t key_id, uint16_t action)
271255
{
272256
int rc = WH_ERROR_ACCESS;
@@ -304,7 +288,7 @@ int wh_AuthBase_CheckKeyAuthorization(void* context, uint16_t user_id,
304288
}
305289

306290

307-
int wh_AuthBase_UserAdd(void* context, const char* username,
291+
int posixAuth_UserAdd(void* context, const char* username,
308292
uint16_t* out_user_id, whAuthPermissions permissions,
309293
whAuthMethod method, const void* credentials,
310294
uint16_t credentials_len)
@@ -369,7 +353,7 @@ int wh_AuthBase_UserAdd(void* context, const char* username,
369353
return WH_ERROR_OK;
370354
}
371355

372-
int wh_AuthBase_UserDelete(void* context, uint16_t current_user_id,
356+
int posixAuth_UserDelete(void* context, uint16_t current_user_id,
373357
uint16_t user_id)
374358
{
375359
whAuthBase_User* user;
@@ -389,7 +373,7 @@ int wh_AuthBase_UserDelete(void* context, uint16_t current_user_id,
389373
return WH_ERROR_OK;
390374
}
391375

392-
int wh_AuthBase_UserSetPermissions(void* context, uint16_t current_user_id,
376+
int posixAuth_UserSetPermissions(void* context, uint16_t current_user_id,
393377
uint16_t user_id,
394378
whAuthPermissions permissions)
395379
{
@@ -422,11 +406,11 @@ int wh_AuthBase_UserSetPermissions(void* context, uint16_t current_user_id,
422406
}
423407

424408

425-
int wh_AuthBase_UserGet(void* context, const char* username,
409+
int posixAuth_UserGet(void* context, const char* username,
426410
uint16_t* out_user_id,
427411
whAuthPermissions* out_permissions)
428412
{
429-
whAuthBase_User* user = FindUser(username);
413+
whAuthBase_User* user = posixAuth_FindUser(username);
430414
if (user == NULL) {
431415
return WH_ERROR_NOTFOUND;
432416
}
@@ -437,7 +421,7 @@ int wh_AuthBase_UserGet(void* context, const char* username,
437421
}
438422

439423

440-
int wh_AuthBase_UserSetCredentials(void* context, uint16_t user_id,
424+
int posixAuth_UserSetCredentials(void* context, uint16_t user_id,
441425
whAuthMethod method,
442426
const void* current_credentials,
443427
uint16_t current_credentials_len,

wolfhsm/wh_auth_base.h renamed to port/posix/posix_auth.h

Lines changed: 15 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -17,13 +17,13 @@
1717
* along with wolfHSM. If not, see <http://www.gnu.org/licenses/>.
1818
*/
1919
/*
20-
* wolfhsm/wh_auth_base.h
20+
* posix_auth.h
2121
*
2222
* Basic authentication and authorization implementation.
2323
*/
2424

25-
#ifndef WOLFHSM_WH_AUTH_BASE_H_
26-
#define WOLFHSM_WH_AUTH_BASE_H_
25+
#ifndef PORT_POSIX_POSIX_AUTH_H_
26+
#define PORT_POSIX_POSIX_AUTH_H_
2727

2828
/* Pick up compile-time configuration */
2929
#include "wolfhsm/wh_settings.h"
@@ -40,15 +40,15 @@
4040
* @param[in] config Pointer to the configuration data.
4141
* @return int Returns 0 on success, or a negative error code on failure.
4242
*/
43-
int wh_AuthBase_Init(void* context, const void* config);
43+
int posixAuth_Init(void* context, const void* config);
4444

4545
/**
4646
* @brief Cleanup the auth base backend.
4747
*
4848
* @param[in] context Pointer to the auth base context.
4949
* @return int Returns 0 on success, or a negative error code on failure.
5050
*/
51-
int wh_AuthBase_Cleanup(void* context);
51+
int posixAuth_Cleanup(void* context);
5252

5353
/**
5454
* @brief Authenticate a user using the specified method.
@@ -64,7 +64,7 @@ int wh_AuthBase_Cleanup(void* context);
6464
* @param[out] loggedIn Pointer to store the login status.
6565
* @return int Returns 0 on success, or a negative error code on failure.
6666
*/
67-
int wh_AuthBase_Login(void* context, uint8_t client_id, whAuthMethod method,
67+
int posixAuth_Login(void* context, uint8_t client_id, whAuthMethod method,
6868
const char* username, const void* auth_data,
6969
uint16_t auth_data_len, uint16_t* out_user_id,
7070
whAuthPermissions* out_permissions, int* loggedIn);
@@ -77,7 +77,7 @@ int wh_AuthBase_Login(void* context, uint8_t client_id, whAuthMethod method,
7777
* @param[in] user_id The user ID to logout.
7878
* @return int Returns 0 on success, or a negative error code on failure.
7979
*/
80-
int wh_AuthBase_Logout(void* context, uint16_t current_user_id,
80+
int posixAuth_Logout(void* context, uint16_t current_user_id,
8181
uint16_t user_id);
8282

8383
/**
@@ -89,12 +89,12 @@ int wh_AuthBase_Logout(void* context, uint16_t current_user_id,
8989
* @param[in] action The action to check authorization for.
9090
* @return int Returns 0 if authorized, or a negative error code on failure.
9191
*/
92-
int wh_AuthBase_CheckRequestAuthorization(void* context, uint16_t user_id,
92+
int posixAuth_CheckRequestAuthorization(void* context, uint16_t user_id,
9393
uint16_t group, uint16_t action);
9494

9595
/* authorization check on key usage after the request has been parsed and before
9696
* the action is done */
97-
int wh_AuthBase_CheckKeyAuthorization(void* context, uint16_t user_id,
97+
int posixAuth_CheckKeyAuthorization(void* context, uint16_t user_id,
9898
uint32_t key_id, uint16_t action);
9999

100100
/**
@@ -109,7 +109,7 @@ int wh_AuthBase_CheckKeyAuthorization(void* context, uint16_t user_id,
109109
* @param[in] credentials_len Length of the credentials data.
110110
* @return int Returns 0 on success, or a negative error code on failure.
111111
*/
112-
int wh_AuthBase_UserAdd(void* context, const char* username,
112+
int posixAuth_UserAdd(void* context, const char* username,
113113
uint16_t* out_user_id, whAuthPermissions permissions,
114114
whAuthMethod method, const void* credentials,
115115
uint16_t credentials_len);
@@ -122,7 +122,7 @@ int wh_AuthBase_UserAdd(void* context, const char* username,
122122
* @param[in] user_id The user ID to delete.
123123
* @return int Returns 0 on success, or a negative error code on failure.
124124
*/
125-
int wh_AuthBase_UserDelete(void* context, uint16_t current_user_id,
125+
int posixAuth_UserDelete(void* context, uint16_t current_user_id,
126126
uint16_t user_id);
127127

128128
/**
@@ -134,7 +134,7 @@ int wh_AuthBase_UserDelete(void* context, uint16_t current_user_id,
134134
* @param[in] permissions The new permissions to set.
135135
* @return int Returns 0 on success, or a negative error code on failure.
136136
*/
137-
int wh_AuthBase_UserSetPermissions(void* context, uint16_t current_user_id,
137+
int posixAuth_UserSetPermissions(void* context, uint16_t current_user_id,
138138
uint16_t user_id,
139139
whAuthPermissions permissions);
140140

@@ -147,7 +147,7 @@ int wh_AuthBase_UserSetPermissions(void* context, uint16_t current_user_id,
147147
* @param[out] out_permissions Pointer to store the user permissions.
148148
* @return int Returns 0 on success, or a negative error code on failure.
149149
*/
150-
int wh_AuthBase_UserGet(void* context, const char* username,
150+
int posixAuth_UserGet(void* context, const char* username,
151151
uint16_t* out_user_id,
152152
whAuthPermissions* out_permissions);
153153

@@ -163,11 +163,11 @@ int wh_AuthBase_UserGet(void* context, const char* username,
163163
* @param[in] new_credentials_len Length of the new credentials data.
164164
* @return int Returns 0 on success, or a negative error code on failure.
165165
*/
166-
int wh_AuthBase_UserSetCredentials(void* context, uint16_t user_id,
166+
int posixAuth_UserSetCredentials(void* context, uint16_t user_id,
167167
whAuthMethod method,
168168
const void* current_credentials,
169169
uint16_t current_credentials_len,
170170
const void* new_credentials,
171171
uint16_t new_credentials_len);
172172

173-
#endif /* WOLFHSM_WH_AUTH_BASE_H_ */
173+
#endif /* PORT_POSIX_POSIX_AUTH_H_ */

0 commit comments

Comments
 (0)