add server simple response back of auth not enabled

Author: JacobBarthelmeh

examples/demo/client/wh_demo_client_all.c

@@ -3,6 +3,7 @@
 #include "wh_demo_client_nvm.h"
 #ifdef WOLFHSM_CFG_ENABLE_AUTHENTICATION
 #include "wh_demo_client_auth.h"
+#include "wolfhsm/wh_error.h"
 #endif /* WOLFHSM_CFG_ENABLE_AUTHENTICATION */
 #include "wh_demo_client_keystore.h"
 #include "wh_demo_client_crypto.h"
@@ -26,7 +27,7 @@ int wh_DemoClient_All(whClientContext* clientContext)
         4, &rc, &userId) != 0) {
         return -1;
     }
-    if (rc != 0) {
+    if (rc != WH_ERROR_OK && rc != WH_AUTH_NOT_ENABLED) {
         return rc;
     }
 #endif /* WOLFHSM_CFG_ENABLE_AUTHENTICATION */

examples/demo/client/wh_demo_client_auth.c

@@ -50,10 +50,17 @@ static int wh_DemoClient_AuthPin(whClientContext* clientContext)
     /* login as the admin and add a new user  */
     rc = wh_Client_AuthLogin(clientContext,
             WH_AUTH_METHOD_PIN, "admin", "1234", 4, &serverRc, &adminUserId);
+    if (serverRc == WH_AUTH_NOT_ENABLED) {
+        printf("[AUTH-DEMO] Authentication not enabled on server, "
+            "skipping PIN demo.\n");
+        return WH_ERROR_OK;
+    }
+
     if (rc != 0) {
         printf("[AUTH-DEMO] Failed to login as admin: %d\n", rc);
         return rc;
     }
+
     if (serverRc != 0) {
         printf("[AUTH-DEMO] Server-side error logging in as admin: %d\n",
             (int)serverRc);
@@ -198,6 +205,12 @@ static int wh_DemoClient_AuthCertificate(whClientContext* clientContext)
             "1234", 4,
             &serverRc,
             &adminUserId);
+    if (serverRc == WH_AUTH_NOT_ENABLED) {
+        printf("[AUTH-DEMO] Authentication not enabled on server, "
+            "skipping certificate demo.\n");
+        return WH_ERROR_OK;
+    }
+
     if (rc != 0) {
         printf("[AUTH-DEMO] Failed to login as admin: %d\n", rc);
         return rc;
@@ -273,9 +286,16 @@ static int wh_DemoClient_AuthUserDelete(whClientContext* clientContext)
             "1234", 4,
             &serverRc,
             &adminUserId);
+    if (serverRc == WH_AUTH_NOT_ENABLED) {
+        printf("[AUTH-DEMO] Authentication not enabled on server, "
+            "skipping user delete demo.\n");
+        return WH_ERROR_OK;
+    }
+
     if (rc != 0) {
         return rc;
     }
+
     if (serverRc != 0) {
         return (int)serverRc;
     }
@@ -328,6 +348,12 @@ static int wh_DemoClient_AuthUserSetPermissions(whClientContext* clientContext)
             "1234", 4,
             &serverRc,
             &adminUserId);
+    if (serverRc == WH_AUTH_NOT_ENABLED) {
+        printf("[AUTH-DEMO] Authentication not enabled on server, "
+            "skipping user set permissions demo.\n");
+        return WH_ERROR_OK;
+    }
+
     if (rc != 0) {
         return rc;
     }
@@ -394,22 +420,22 @@ int wh_DemoClient_Auth(whClientContext* clientContext)
 
     printf("[AUTH-DEMO] Starting authentication demo...\n");
     rc = wh_DemoClient_AuthCertificate(clientContext);
-    if (rc != 0) {
+    if (rc != WH_ERROR_OK) {
         return rc;
     }
 
     rc = wh_DemoClient_AuthPin(clientContext);
-    if (rc != 0) {
+    if (rc != WH_ERROR_OK) {
         return rc;
     }
 
     rc = wh_DemoClient_AuthUserDelete(clientContext);
-    if (rc != 0) {
+    if (rc != WH_ERROR_OK) {
         return rc;
     }
 
     rc = wh_DemoClient_AuthUserSetPermissions(clientContext);
-    if (rc != 0) {
+    if (rc != WH_ERROR_OK) {
         return rc;
     }
     printf("[AUTH-DEMO] Authentication demo completed.\n");

src/wh_client_auth.c

@@ -110,15 +110,29 @@ int wh_Client_AuthLoginResponse(whClientContext* c, int32_t* out_rc,
         return WH_ERROR_BADARGS;
     }
 
+    if (out_user_id != NULL) {
+        *out_user_id = WH_USER_ID_INVALID;
+    }
+
     rc = wh_Client_RecvResponse(c, &resp_group, &resp_action, &resp_size,
                                 buffer);
     if (rc == WH_ERROR_OK) {
         /* Validate response */
         if ((resp_group != WH_MESSAGE_GROUP_AUTH) ||
             (resp_action != WH_MESSAGE_AUTH_ACTION_LOGIN) ||
             (resp_size != sizeof(whMessageAuth_LoginResponse))) {
-            /* Invalid message */
             rc = WH_ERROR_ABORTED;
+
+            /* check if server did not understand the request and responded with
+             * a simple error response */
+            if (resp_size == sizeof(whMessageAuth_SimpleResponse)) {
+                /* NOT accepting WH_ERROR_OK from server if we got a response
+                 * other than a login response */
+                if (out_rc != NULL && msg->rc != WH_ERROR_OK) {
+                    *out_rc = msg->rc;
+                    rc = WH_ERROR_OK;
+                }
+            }
         }
         else {
             /* Valid message */

src/wh_server.c

@@ -556,12 +556,22 @@ int wh_Server_HandleRequestMessage(whServerContext* server)
                     size, data, &size, data);
         break;
 
-#ifdef WOLFHSM_CFG_ENABLE_AUTHENTICATION
         case WH_MESSAGE_GROUP_AUTH:
+#ifdef WOLFHSM_CFG_ENABLE_AUTHENTICATION
             rc = wh_Server_HandleAuthRequest(server, magic, action, seq, size,
                                              data, &size, data);
-            break;
+#else
+            /* Format simple error response indicating auth is not enabled */
+            rc = WH_AUTH_NOT_ENABLED;
+            if (data != NULL) {
+                *(int32_t*)data = (int32_t)wh_Translate32(magic, (uint32_t)rc);
+                size = sizeof(int32_t);
+            }
+            else {
+                size = 0;
+            }
 #endif /* WOLFHSM_CFG_ENABLE_AUTHENTICATION */
+        break;
 
         case WH_MESSAGE_GROUP_COUNTER:
             rc = wh_Server_HandleCounter(server, magic, action, size, data,

wolfhsm/wh_error.h

@@ -72,6 +72,7 @@ enum WH_ERROR_ENUM {
     /* Auth error codes */
     WH_AUTH_LOGIN_FAILED     = -2300, /* user login attempt failed */
     WH_AUTH_PERMISSION_ERROR = -2301, /* user attempted an action not allowed */
+    WH_AUTH_NOT_ENABLED      = -2302, /* server does not have auth feature */
 };
 
 #define WH_SHE_ERC_NO_ERROR WH_ERROR_OK