authentication manager feature addition#270
Open
JacobBarthelmeh wants to merge 46 commits intowolfSSL:mainfrom
Open
authentication manager feature addition#270JacobBarthelmeh wants to merge 46 commits intowolfSSL:mainfrom
JacobBarthelmeh wants to merge 46 commits intowolfSSL:mainfrom
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
This pull request adds a comprehensive authentication and authorization manager to wolfHSM, enabling user management, login/logout functionality, and permission-based access control for HSM operations.
Changes:
- New authentication manager with PIN and certificate-based authentication support
- Authorization system with group and action-level permission checks
- User management APIs for adding, deleting, and modifying users and their credentials
- Complete client and server implementation with message translation support
Reviewed changes
Copilot reviewed 22 out of 23 changed files in this pull request and generated 8 comments.
Show a summary per file
| File | Description |
|---|---|
| wolfhsm/wh_auth.h | Core auth manager types, structures, and API definitions |
| wolfhsm/wh_message_auth.h | Message structures and translation functions for auth operations |
| wolfhsm/wh_server_auth.h | Server-side auth request handler declaration |
| wolfhsm/wh_client.h | Client-side auth API function declarations |
| wolfhsm/wh_server.h | Server context updated with auth context pointer |
| wolfhsm/wh_message.h | New auth message group and action enums |
| wolfhsm/wh_error.h | New auth-specific error codes |
| src/wh_auth.c | Core auth manager implementation with callback wrappers |
| src/wh_message_auth.c | Message translation implementations for auth messages |
| src/wh_server_auth.c | Server-side request handler for auth operations |
| src/wh_client_auth.c | Client-side auth API implementations |
| src/wh_server.c | Server integration with authorization checks |
| src/wh_client.c | Minor formatting fixes |
| port/posix/posix_auth.h | POSIX auth backend declarations |
| port/posix/posix_auth.c | POSIX auth backend implementation with in-memory user storage |
| test/wh_test_auth.h | Auth test suite declarations |
| test/wh_test_auth.c | Comprehensive auth test suite implementation |
| test/wh_test.c | Test integration for auth tests |
| examples/posix/wh_posix_server/* | Server configuration with auth context setup |
| examples/demo/client/wh_demo_client_all.c | Demo integration for auth |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 24 out of 25 changed files in this pull request and generated 3 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
JacobBarthelmeh
force-pushed
the
auth_manager
branch
2 times, most recently
from
6b32384 to
1bd722a
Compare
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 29 out of 30 changed files in this pull request and generated no new comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
JacobBarthelmeh
assigned
bigbrett,
wolfSSL-Bot and
billphipps and unassigned
JacobBarthelmeh
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 29 out of 30 changed files in this pull request and generated 2 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Contributor
|
@JacobBarthelmeh merge conflicts |
JacobBarthelmeh
force-pushed
the
auth_manager
branch
from
04bd058 to
4d0af48
Compare
Contributor
Author
|
Force pushed to resolve merge conflict. |
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 28 out of 29 changed files in this pull request and generated 17 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
…g WOLFHSM_CFG_ENABLE_AUTHENTICATION
…ouch up for test cases
…d test that authorization callback override is being called when set
…ique max credentials, add force zero to utils
… to auth translation layer, admin user add restriction, duplicate user name restriction
JacobBarthelmeh
force-pushed
the
auth_manager
branch
from
ae3efd5 to
104e5e1
Compare
Contributor
Author
|
Rebased to resolve merge conflicts |
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 41 out of 43 changed files in this pull request and generated 9 comments.
Comments suppressed due to low confidence (1)
test/wh_test_crypto.c:1
- The
TEST_ADMIN_USERNAME/TEST_ADMIN_PINdefinitions are duplicated across multiple test files (crypto/keywrap/she/clientserver/auth). Centralizing these in a shared header (e.g.,test/wh_test_common.h) reduces the chance of inconsistencies and keeps test configuration in one place.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
Comment on lines
+159
to
+180
| int wh_Auth_Logout(whAuthContext* context, whUserId user_id) | ||
| { | ||
| int rc; | ||
|
|
||
| if ((context == NULL) || (context->cb == NULL) || | ||
| (context->cb->Logout == NULL)) { | ||
| return WH_ERROR_BADARGS; | ||
| } | ||
|
|
||
| rc = WH_AUTH_LOCK(context); | ||
| if (rc == WH_ERROR_OK) { | ||
| rc = context->cb->Logout(context->context, context->user.user_id, | ||
| user_id); | ||
| if (rc == WH_ERROR_OK) { | ||
| /* Clear the user context */ | ||
| memset(&context->user, 0, sizeof(whAuthUser)); | ||
| } | ||
|
|
||
| (void)WH_AUTH_UNLOCK(context); | ||
| } /* LOCK() */ | ||
| return rc; | ||
| } |
Comment on lines
+519
to
+526
| if (server->auth != NULL) { | ||
| rc = wh_Auth_CheckRequestAuthorization(server->auth, group, action); | ||
| if (rc != WH_ERROR_OK) { | ||
| /* Authorization failed - format and send error response to | ||
| * client */ | ||
| int32_t error_code = (int32_t)WH_AUTH_PERMISSION_ERROR; | ||
| uint16_t resp_size = _FormatAuthErrorResponse( | ||
| magic, group, action, error_code, data); |
Comment on lines
+314
to
+321
| #ifdef WOLFHSM_CFG_ENABLE_AUTHENTICATION | ||
| /* Helper to format an authorization error response for any group/action. | ||
| * All response structures have int32_t rc as the first field. | ||
| * Returns the response size to send. */ | ||
| static uint16_t _FormatAuthErrorResponse(uint16_t magic, uint16_t group, | ||
| uint16_t action, int32_t error_code, | ||
| void* resp_packet) | ||
| { |
Comment on lines
+468
to
+476
| default: | ||
| /* For other groups, use minimum size (just rc field). | ||
| * Most response structures have int32_t rc as first field, so | ||
| * clients should be able to read at least the error code. If a | ||
| * group needs special handling, it can be added above. */ | ||
| /* Error code already written above */ | ||
| resp_size = sizeof(int32_t); | ||
| break; | ||
| } |
Comment on lines
+128
to
+157
| rc = wh_Client_RecvResponse(c, &resp_group, &resp_action, &resp_size, | ||
| buffer); | ||
| if (rc == WH_ERROR_OK) { | ||
| /* Validate response */ | ||
| if ((resp_group != WH_MESSAGE_GROUP_AUTH) || | ||
| (resp_action != WH_MESSAGE_AUTH_ACTION_LOGIN) || | ||
| (resp_size != sizeof(whMessageAuth_LoginResponse))) { | ||
| rc = WH_ERROR_ABORTED; | ||
|
|
||
| /* check if server did not understand the request and responded with | ||
| * a simple error response */ | ||
| if (resp_size == sizeof(whMessageAuth_SimpleResponse)) { | ||
| /* NOT accepting WH_ERROR_OK from server if we got a response | ||
| * other than a login response */ | ||
| if (out_rc != NULL && msg->rc != WH_ERROR_OK) { | ||
| *out_rc = msg->rc; | ||
| rc = WH_ERROR_OK; | ||
| } | ||
| } | ||
| } | ||
| else { | ||
| /* Valid message */ | ||
| if (out_rc != NULL) { | ||
| *out_rc = msg->rc; | ||
| } | ||
| if (out_user_id != NULL) { | ||
| *out_user_id = msg->user_id; | ||
| } | ||
| } | ||
| } |
Comment on lines
+256
to
+260
| int wh_Auth_BaseUserAdd(void* context, const char* username, | ||
| whUserId* out_user_id, whAuthPermissions permissions, | ||
| whAuthMethod method, const void* credentials, | ||
| uint16_t credentials_len) | ||
| { |
Comment on lines
+277
to
+286
| for (i = 0; i < WH_AUTH_BASE_MAX_USERS; i++) { | ||
| if (users[i].user.user_id == WH_USER_ID_INVALID) { | ||
| break; | ||
| } | ||
|
|
||
| /* do not allow duplicate users with same name */ | ||
| if (strcmp(users[i].user.username, username) == 0) { | ||
| return WH_ERROR_BADARGS; | ||
| } | ||
| } |
Comment on lines
+76
to
+80
| expected_size = (uint16_t)(header_size + dest_header->auth_data_len); | ||
| if (dest_header->auth_data_len > WH_MESSAGE_AUTH_LOGIN_MAX_AUTH_DATA_LEN || | ||
| src_size < expected_size) { | ||
| return WH_ERROR_BADARGS; | ||
| } |
Comment on lines
+250
to
+254
| expected_size = (uint16_t)(header_size + dest_header->credentials_len); | ||
| if (dest_header->credentials_len > WH_MESSAGE_AUTH_USERADD_MAX_CREDENTIALS_LEN || | ||
| src_size < expected_size) { | ||
| return WH_ERROR_BUFFER_SIZE; | ||
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The authentication manager feature adds support for a user login and checking a users permissions for performing a group+action. The API was designed with PKCS11 in mind.
Some things of note: