Skip to content

Commit 6cd6fd9

Browse files
rizlikrizlik
committed
fixup! docs: updates documentation with nvm enforcing and key revocation
1 parent edb28d0 commit 6cd6fd9

File tree

2 files changed

+68
-92
lines changed

2 files changed

+68
-92
lines changed

docs/src/appendix01.md

Lines changed: 0 additions & 85 deletions
Original file line numberDiff line numberDiff line change
@@ -91,88 +91,3 @@ Error codes:
9191
- `WH_ERROR_BADARGS` if parameters are invalid.
9292
- `WH_ERROR_NOTFOUND` if the key is missing.
9393
- Propagates NVM/storage errors (for example `WH_ERROR_NOSPACE`).
94-
95-
## NVM Access and Flag Controls
96-
97-
### whNvmFlags
98-
99-
Policy flags for NVM objects and keys.
100-
101-
Flags include `WH_NVM_FLAGS_NONMODIFIABLE`, `WH_NVM_FLAGS_NONDESTROYABLE`,
102-
`WH_NVM_FLAGS_NONEXPORTABLE`, and the usage policy flags `WH_NVM_FLAGS_USAGE_*`.
103-
If no usage flags are set, the key is not permitted for cryptographic use.
104-
105-
### wh_Nvm_AddObjectChecked
106-
107-
Add an NVM object with policy enforcement.
108-
109-
This function applies NVM policy checks (for example non-modifiable objects)
110-
before writing the object.
111-
112-
Parameters:
113-
114-
- `context`: NVM context.
115-
- `meta`: Metadata describing the object.
116-
- `data_len`: Length of object data.
117-
- `data`: Object data buffer.
118-
119-
Return values:
120-
121-
- `WH_ERROR_OK` on success.
122-
- A negative error code on failure.
123-
124-
Error codes:
125-
126-
- `WH_ERROR_BADARGS` if parameters are invalid.
127-
- `WH_ERROR_ACCESS` if the object is non-modifiable.
128-
- Propagates backend errors (for example `WH_ERROR_NOSPACE`).
129-
130-
### wh_Nvm_ReadChecked
131-
132-
Read an NVM object with policy enforcement.
133-
134-
This function applies NVM policy checks (for example non-exportable objects)
135-
before reading the object data.
136-
137-
Parameters:
138-
139-
- `context`: NVM context.
140-
- `id`: Object ID to read.
141-
- `offset`: Byte offset into the object.
142-
- `data_len`: Length of data to read.
143-
- `data`: Output buffer.
144-
145-
Return values:
146-
147-
- `WH_ERROR_OK` on success.
148-
- A negative error code on failure.
149-
150-
Error codes:
151-
152-
- `WH_ERROR_BADARGS` if parameters are invalid.
153-
- `WH_ERROR_ACCESS` if the object is non-exportable.
154-
- `WH_ERROR_NOTFOUND` if the object does not exist.
155-
156-
### wh_Nvm_DestroyObjectsChecked
157-
158-
Destroy NVM objects with policy enforcement.
159-
160-
This function applies NVM policy checks (for example non-destroyable objects)
161-
before erasing the objects.
162-
163-
Parameters:
164-
165-
- `context`: NVM context.
166-
- `list_count`: Number of IDs in the list.
167-
- `id_list`: Array of object IDs to destroy.
168-
169-
Return values:
170-
171-
- `WH_ERROR_OK` on success.
172-
- A negative error code on failure.
173-
174-
Error codes:
175-
176-
- `WH_ERROR_BADARGS` if parameters are invalid.
177-
- `WH_ERROR_ACCESS` if any object is non-destroyable or non-modifiable.
178-
- `WH_ERROR_NOTFOUND` if a listed object is missing.

docs/src/chapter05.md

Lines changed: 68 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -339,17 +339,78 @@ if (rc == WH_ERROR_USAGE) {
339339
wc_AesFree(&aes);
340340
```
341341
342-
Security notes:
343-
344-
- Set explicit usage flags for each key; avoid `WH_NVM_FLAGS_USAGE_ANY` unless required.
345-
- Use `WH_NVM_FLAGS_NONEXPORTABLE` for private keys and long-lived secrets.
346-
- Revoke keys on compromise and rotate to new key IDs rather than reusing revoked IDs.
347-
348342
Compatibility notes:
349343
350344
- Keys stored with `WH_NVM_FLAGS_NONE` (no usage flags) are treated as not permitted for cryptographic use and will return `WH_ERROR_USAGE`.
351345
- Keys committed to NVM retain revocation state across resets; cached-only keys do not persist after reset or eviction.
352-
- Keys cached via `wh_Client_KeyCache` are stored with `WH_NVM_ACCESS_ANY` on the server side.
346+
347+
### Key revocation client API
348+
349+
#### wh_Client_KeyRevokeRequest
350+
351+
Send a key revocation request to the server (non-blocking).
352+
353+
This function prepares and sends a revoke request for the specified key ID. It
354+
returns after the request is sent; use `wh_Client_KeyRevokeResponse()` to
355+
retrieve the result.
356+
357+
Parameters:
358+
359+
- `c`: Client context.
360+
- `keyId`: Key ID to revoke.
361+
362+
Return values:
363+
364+
- `WH_ERROR_OK` on successful request send.
365+
- A negative error code on failure.
366+
367+
Error codes:
368+
369+
- `WH_ERROR_BADARGS` if `c` is NULL or `keyId` is invalid.
370+
- Propagates comm layer errors on send failure.
371+
372+
#### wh_Client_KeyRevokeResponse
373+
374+
Receive a key revocation response.
375+
376+
This function polls for the revoke response and returns `WH_ERROR_NOTREADY`
377+
until the server reply is available.
378+
379+
Parameters:
380+
381+
- `c`: Client context.
382+
383+
Return values:
384+
385+
- `WH_ERROR_OK` on success.
386+
- `WH_ERROR_NOTREADY` if the response has not arrived.
387+
- A negative error code on failure.
388+
389+
Error codes:
390+
391+
- `WH_ERROR_BADARGS` if `c` is NULL.
392+
- Server error codes such as `WH_ERROR_NOTFOUND`.
393+
394+
#### wh_Client_KeyRevoke
395+
396+
Revoke a key using a blocking request/response.
397+
398+
This helper sends a revoke request and waits for the response.
399+
400+
Parameters:
401+
402+
- `c`: Client context.
403+
- `keyId`: Key ID to revoke.
404+
405+
Return values:
406+
407+
- `WH_ERROR_OK` on success.
408+
- A negative error code on failure.
409+
410+
Error codes:
411+
412+
- Any error code returned by `wh_Client_KeyRevokeRequest()` or
413+
`wh_Client_KeyRevokeResponse()`.
353414
354415
## Cryptography
355416

0 commit comments

Comments
 (0)