address review comments

Author: bigbrett

examples/posix/wh_posix_server/wh_posix_server.c

@@ -118,16 +118,6 @@ static int loadAndStoreKeys(whServerContext* server, whKeyId* outKeyId,
     return ret;
 }
 
-static int _InitDemoServer(whServerContext* server, whServerConfig* config)
-{
-    int ret;
-
-    ret = wh_Server_Init(server, config);
-
-    return ret;
-}
-
-
 static int wh_ServerTask(void* cf, const char* keyFilePath, int keyId,
                          int clientId)
 {
@@ -141,7 +131,7 @@ static int wh_ServerTask(void* cf, const char* keyFilePath, int keyId,
         return -1;
     }
 
-    ret = _InitDemoServer(server, config);
+    ret = wh_Server_Init(server, config);
 
     /* Load keys into cache if file path is provided */
     if (keyFilePath != NULL) {
@@ -191,7 +181,7 @@ static int wh_ServerTask(void* cf, const char* keyFilePath, int keyId,
                         (void)wh_Server_Cleanup(server);
 
                         /* Reinitialize the server */
-                        ret = _InitDemoServer(server, config);
+                        ret = wh_Server_Init(server, config);
                         if (ret != 0) {
                             printf("Failed to reinitialize server: %d\n", ret);
                             break;

src/wh_server_keystore.c

@@ -873,8 +873,9 @@ static int _HandleWrapKeyRequest(whServerContext*               server,
     memcpy(&metadata, reqData, sizeof(metadata));
     memcpy(key, reqData + sizeof(metadata), req->keySz);
 
+    /* Ensure the keyId in the wrapped metadata has the wrapped flag set */
     if (!WH_KEYID_ISWRAPPED(metadata.id)) {
-        return WH_ERROR_CONFIG;
+        return WH_ERROR_BADARGS;
     }
 
     /* Store the wrapped key in the response data */
@@ -969,8 +970,9 @@ static int _HandleUnwrapAndExportKeyRequest(
                 return ret;
             }
 
+            /* Ensure unwrapped metadata has the wrapped flag set */
             if (!WH_KEYID_ISWRAPPED(metadata->id)) {
-                return WH_ERROR_CONFIG;
+                return WH_ERROR_ABORTED;
             }
 
             /* Check if the key is exportable */
@@ -1079,7 +1081,7 @@ _HandleUnwrapAndCacheKeyRequest(whServerContext*                         server,
 
     /* Require explicit wrapped-key encoding */
     if (wrappedKeyType != WH_KEYTYPE_WRAPPED) {
-        return WH_ERROR_CONFIG;
+        return WH_ERROR_ABORTED;
     }
 
     /* Validate ownership: USER field must match requesting client.

test/wh_test_crypto.c

@@ -3599,10 +3599,12 @@ int whTest_CryptoClientConfig(whClientConfig* config)
         ret = whTest_NonExportableKeystore(client, WH_DEV_ID, rng);
     }
 
+#ifdef WOLFHSM_CFG_KEYWRAP
     if (ret == 0) {
         /* Test keywrap functionality */
         ret = whTest_Client_KeyWrap(client);
     }
+#endif
 
 #ifndef NO_AES
     i = 0;

test/wh_test_multiclient.c

@@ -61,10 +61,12 @@
 #define FLASH_PAGE_SIZE (8)            /* 8B */
 #define BUFFER_SIZE 4096
 
+#ifdef WOLFHSM_CFG_GLOBAL_KEYS
 /* Test key data */
 static const uint8_t TEST_KEY_DATA_1[] = "TestGlobalKey1Data";
 static const uint8_t TEST_KEY_DATA_2[] = "TestLocalKey2Data";
 static const uint8_t TEST_KEY_DATA_3[] = "TestGlobalKey3DataLonger";
+#endif
 
 /* ============================================================================
  * DUMMY KEY ID DEFINITIONS

wolfhsm/wh_common.h

@@ -113,11 +113,14 @@ WH_INLINE whKeyId WH_TRANSLATE_CLIENT_KEYID(uint16_t type, uint16_t clientId,
     }
 #endif
 
+#ifdef WOLFHSM_CFG_KEYWRAP
     /* Check for wrapped flag (bit 9: 0x0200) */
     if ((reqId & 0x0200) != 0) {
         type = WH_KEYTYPE_WRAPPED;
     }
-    else {
+    else
+#endif
+    {
         type = WH_KEYTYPE_CRYPTO;
     }
 

wolfhsm/wh_error.h

@@ -43,9 +43,6 @@ enum WH_ERROR_ENUM {
     WH_ERROR_NOHANDLER = -2007,   /* No customcb handler registered */
     WH_ERROR_NOTIMPL   = -2008,   /* Functionality not implemented given the
                                       compile-time configuration */
-    WH_ERROR_CONFIG = -2009, /* Server configuration assumption error, something
-                                occured at runtime that is prohibited by the
-                                server configuration */
 
     /* NVM and keystore specific status returns */
     WH_ERROR_LOCKED      = -2100, /* Unlock and retry if necessary */

wolfhsm/wh_nvm.h

@@ -42,11 +42,8 @@
 
 #include <stdint.h>
 
-#include "wolfhsm/wh_common.h"  /* For whNvm types */
-
-#if !defined(WOLFHSM_CFG_NO_CRYPTO) && defined(WOLFHSM_CFG_GLOBAL_KEYS)
+#include "wolfhsm/wh_common.h"       /* For whNvm types */
 #include "wolfhsm/wh_server_cache.h" /* For whKeyCacheContext */
-#endif
 
 typedef struct {
     int (*Init)(void* context, const void *config);

wolfhsm/wh_server_keystore.h

@@ -190,7 +190,6 @@ int wh_Server_KeystoreExportKeyDma(whServerContext* server, whKeyId keyId,
                                    uint64_t keyAddr, uint64_t keySz,
                                    whNvmMetadata* outMeta);
 
-#ifdef WOLFHSM_CFG_KEYWRAP
 /**
  * @brief Query whether a key identifier refers to wrapped material
  *
@@ -201,6 +200,5 @@ int wh_Server_KeystoreExportKeyDma(whServerContext* server, whKeyId keyId,
  */
 int wh_Server_KeystoreIsWrappedKey(whServerContext* server, whKeyId keyId,
                                    int* outIsWrapped);
-#endif /* WOLFHSM_CFG_KEYWRAP */
 
 #endif /* !WOLFHSM_WH_SERVER_KEYSTORE_H_ */