add debug message on authorization call and function signatures in wh_client.h

JacobBarthelmeh · JacobBarthelmeh · commit e421ae47be6f · 2025-12-16T16:28:16.000-07:00
diff --git a/src/wh_auth.c b/src/wh_auth.c
@@ -114,15 +114,15 @@ int wh_Auth_SessionGet(whAuthContext* context, whSessionId session_id,
     return WH_ERROR_NOTIMPL;
 }
 
-int wh_Auth_CheckAuthorization(whAuthContext* context, whSessionId session_id,
-                                whAuthAction action, uint32_t object_id)
+int wh_Auth_CheckAuthorization(whAuthContext* context, uint8_t client_id,
+    uint16_t group, uint16_t action)
 {
-    /* TODO: Check if action is authorized for session */
+    /* TODO: Check if action is authorized for client */
+
+    printf("In authorization check: Client ID: %d, Group: %d, Action: %d\n",
+        client_id, group, action);
     (void)context;
-    (void)session_id;
-    (void)action;
-    (void)object_id;
-    return WH_ERROR_NOTIMPL;
+    return WH_ERROR_OK;
 }
 
 int wh_Auth_UserAdd(whAuthContext* context, const char* username,
diff --git a/src/wh_server.c b/src/wh_server.c
@@ -321,6 +321,17 @@ int wh_Server_HandleRequestMessage(whServerContext* server)
     if (rc == 0) {
         group = WH_MESSAGE_GROUP(kind);
         action = WH_MESSAGE_ACTION(kind);
+
+        /* If the authentication context is set then check if the action is
+         * allowed */
+        if (server->auth != NULL) {
+            rc = wh_Auth_CheckAuthorization(server->auth,
+                server->comm->client_id, group, action);
+            if (rc != WH_ERROR_OK) {
+                return rc;
+            }
+        }
+
         switch (group) {
 
         case WH_MESSAGE_GROUP_COMM:
diff --git a/wolfhsm/wh_auth.h b/wolfhsm/wh_auth.h
@@ -40,7 +40,6 @@
 #include <stdbool.h>
 
 #include "wolfhsm/wh_common.h"
-#include "wolfhsm/wh_comm.h"  /* For whClientId */
 
 /** Auth Manager Types */
 
@@ -219,8 +218,8 @@ int wh_Auth_SessionGet(whAuthContext* context, whSessionId session_id,
                         whAuthSession* out_session);
 
 /* Check authorization for an action */
-int wh_Auth_CheckAuthorization(whAuthContext* context, whSessionId session_id,
-                                whAuthAction action, uint32_t object_id);
+int wh_Auth_CheckAuthorization(whAuthContext* context, uint8_t client_id,
+    uint16_t group, uint16_t action);
 
 /* Add a new user */
 int wh_Auth_UserAdd(whAuthContext* context, const char* username,
diff --git a/wolfhsm/wh_client.h b/wolfhsm/wh_client.h
@@ -53,6 +53,7 @@
 #include "wolfhsm/wh_dma.h"
 #endif /* WOLFHSM_CFG_DMA */
 #include "wolfhsm/wh_keyid.h"
+#include "wolfhsm/wh_auth.h"
 
 
 /* Forward declaration of the client structure so its elements can reference
@@ -1866,6 +1867,67 @@ int wh_Client_CustomCbCheckRegisteredResponse(whClientContext* c,
 int wh_Client_CustomCbCheckRegistered(whClientContext* c, uint16_t id,
                                       int* responseError);
 
+/* Auth Manager functions */
+
+/**
+ * @brief Sends an authentication request to the server.
+ *
+ * This function prepares and sends an authentication request message to the server.
+ * The request includes the authentication method and authentication data (e.g., PIN).
+ * This function does not block; it returns immediately after sending the request.
+ *
+ * @param[in] c Pointer to the client context.
+ * @param[in] method The authentication method to use (e.g., WH_AUTH_METHOD_PIN).
+ * @param[in] auth_data Pointer to the authentication data.
+ * @param[in] auth_data_len Length of the authentication data.
+ * @return int Returns 0 on success, or a negative error code on failure.
+ */
+int wh_Client_AuthAuthenticateRequest(whClientContext* c,
+        whAuthMethod method, const void* auth_data, uint16_t auth_data_len);
+
+/**
+ * @brief Receives an authentication response from the server.
+ *
+ * This function attempts to process an authentication response message from the server.
+ * It validates the response and extracts the return code, user ID, session ID, and
+ * permissions. This function does not block; it returns WH_ERROR_NOTREADY if a
+ * response has not been received.
+ *
+ * @param[in] c Pointer to the client context.
+ * @param[out] out_rc Pointer to store the return code from the server.
+ * @param[out] out_user_id Pointer to store the authenticated user ID.
+ * @param[out] out_session_id Pointer to store the session ID.
+ * @param[out] out_permissions Pointer to store the user permissions.
+ * @return int Returns 0 on success, WH_ERROR_NOTREADY if no response is
+ * available, or a negative error code on failure.
+ */
+int wh_Client_AuthAuthenticateResponse(whClientContext* c, int32_t *out_rc,
+        whUserId* out_user_id, whSessionId* out_session_id,
+        whAuthPermissions* out_permissions);
+
+/**
+ * @brief Authenticates a user with the server (blocking convenience wrapper).
+ *
+ * This function handles the complete process of sending an authentication request
+ * to the server and receiving the response. It sends the request and repeatedly
+ * attempts to receive a valid response. This function blocks until the entire
+ * operation is complete or an error occurs.
+ *
+ * @param[in] c Pointer to the client context.
+ * @param[in] method The authentication method to use (e.g., WH_AUTH_METHOD_PIN).
+ * @param[in] auth_data Pointer to the authentication data.
+ * @param[in] auth_data_len Length of the authentication data.
+ * @param[out] out_rc Pointer to store the return code from the server.
+ * @param[out] out_user_id Pointer to store the authenticated user ID.
+ * @param[out] out_session_id Pointer to store the session ID.
+ * @param[out] out_permissions Pointer to store the user permissions.
+ * @return int Returns 0 on success, or a negative error code on failure.
+ */
+int wh_Client_AuthAuthenticate(whClientContext* c, whAuthMethod method,
+        const void* auth_data, uint16_t auth_data_len,
+        int32_t* out_rc, whUserId* out_user_id, whSessionId* out_session_id,
+        whAuthPermissions* out_permissions);
+
 /* Certificate functions */
 
 /**
