Skip to content

Adds NVM for storing users with authentication feature#290

Draft
JacobBarthelmeh wants to merge 1 commit into
wolfSSL:mainfrom
JacobBarthelmeh:auth_nvm
Draft

Adds NVM for storing users with authentication feature#290
JacobBarthelmeh wants to merge 1 commit into
wolfSSL:mainfrom
JacobBarthelmeh:auth_nvm

Conversation

@JacobBarthelmeh

Copy link
Copy Markdown
Contributor

Builds on top of (#270) with adding NVM storage for users.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds an Authentication Manager feature with a default backend that can persist the user database into NVM, and wires auth into the client/server request path (plus tests, docs, and CI knobs).

Changes:

  • Introduces Auth Manager public API, message group/actions, and client/server handlers for login/logout/user management.
  • Adds a base auth backend (wh_auth_base) with optional NVM-backed persistence of the user DB.
  • Updates tests, examples, documentation, and CI/Makefiles to support AUTH=1 builds and auth-enabled runs.

Reviewed changes

Copilot reviewed 41 out of 43 changed files in this pull request and generated 4 comments.

Show a summary per file
File Description
wolfhsm/wh_utils.h Declares secure zero + constant-time compare helpers used by auth.
wolfhsm/wh_server_auth.h New server-side auth request handler API header.
wolfhsm/wh_server.h Adds auth context pointer to server config/context.
wolfhsm/wh_message_auth.h New auth message definitions + permissions flattening API.
wolfhsm/wh_message.h Adds AUTH message group and auth action IDs; defines WH_NUMBER_OF_GROUPS.
wolfhsm/wh_error.h Adds auth-specific error codes.
wolfhsm/wh_client.h Adds client-side auth API declarations.
wolfhsm/wh_auth_base.h Declares default auth backend with optional NVM persistence.
wolfhsm/wh_auth.h Adds core Auth Manager API/types + permissions macros.
test/wh_test_she.c Logs in as admin for auth-enabled test runs.
test/wh_test_posix_threadsafe_stress.c Skips stress test on macOS due to missing barriers.
test/wh_test_keywrap.c Logs in as admin for auth-enabled keywrap tests.
test/wh_test_crypto.c Logs in as admin for auth-enabled crypto tests; minor formatting tweaks.
test/wh_test_common.h Adds WH_TEST_SKIP and allows skip in WH_TEST_RETURN_ON_FAIL.
test/wh_test_clientserver.c Logs in as admin for auth-enabled runs; explicitly disables auth in some tests.
test/wh_test_auth.h Declares auth test entry points.
test/wh_test_auth.c Implements auth unit tests and a memory-transport auth harness.
test/wh_test.c Hooks auth tests into unit and TCP test flows.
test/Makefile Adds AUTH=1 build option; tweaks coverage gcovr behavior.
src/wh_utils.c Implements wh_Utils_ForceZero and constant-time compare.
src/wh_server_she.c Minor formatting change.
src/wh_server_auth.c Implements server-side auth request dispatch + zeroization of credentials.
src/wh_server.c Enforces auth authorization checks for requests; adds auth group handling and error formatting helper.
src/wh_message_auth.c Implements auth message translation + permissions flatten/unflatten.
src/wh_client_auth.c Implements client auth request/response helpers and blocking wrappers.
src/wh_client.c Minor formatting fix.
src/wh_auth_base.c Implements default auth backend, including NVM persistence of the user DB.
src/wh_auth.c Implements core Auth Manager wrapper logic, locking, and authorization checks.
port/posix/posix_transport_tls.c Minor formatting + comment tweaks.
examples/posix/wh_posix_server/wh_posix_server_cfg.h Adds auth config function declaration.
examples/posix/wh_posix_server/wh_posix_server_cfg.c Adds default auth configuration (NVM-backed) and seeds admin user.
examples/posix/wh_posix_server/wh_posix_server.c Initializes Auth Manager in the POSIX server example when enabled.
examples/posix/wh_posix_server/Makefile Adds coverage flags and AUTH=1 option.
examples/posix/wh_posix_client/Makefile Adds AUTH=1 option.
examples/demo/client/wh_demo_client_auth.h Declares auth demo entry point.
examples/demo/client/wh_demo_client_auth.c Adds a full auth demo (PIN + cert) and persistence check.
examples/demo/client/wh_demo_client_all.c Runs auth demo and logs in as admin before other demos.
docs/src/chapter09.md New documentation chapter for Authentication Manager.
Makefile Exports AUTH to sub-makes.
.github/workflows/code-coverage.yml Adds gcovr ignore-parse-errors option for negative hits.
.github/workflows/build-and-test.yml Adds AUTH build/test permutations (ASAN/THREADSAFE/NOCRYPTO).
.github/workflows/build-and-test-clientonly.yml Adds client-only AUTH testing against auth+non-auth servers.
.github/workflows/build-and-run-examples.yml Adds matrix option to build/run examples with AUTH=1.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread src/wh_auth_base.c
Comment thread src/wh_auth_base.c
Comment thread src/wh_server.c
Comment thread src/wh_utils.c

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 4 out of 4 changed files in this pull request and generated 11 comments.

Comment thread src/wh_auth_base.c
Comment thread src/wh_auth_base.c
Comment thread src/wh_auth_base.c
Comment thread src/wh_auth_base.c
Comment on lines +460 to +462
rc = wh_Auth_BasePersistToNvm();
(void)auth_context;
return WH_ERROR_OK;
return rc;
Comment thread src/wh_auth_base.c
Comment thread src/wh_auth_base.c
Comment thread src/wh_auth_base.c
Comment thread examples/posix/wh_posix_server/wh_posix_server_cfg.c
Comment thread examples/demo/client/wh_demo_client_auth.c
Comment thread src/wh_auth_base.c
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants