wolfhsm 0.1.1

Rust bindings to wolfHSM
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273

use std::ffi::CString;

use wolfhsm_sys::{
    whAuthPermissions, wh_Client_AuthLogin, wh_Client_AuthLogout, wh_Client_AuthUserAdd,
    wh_Client_AuthUserDelete, wh_Client_AuthUserGet, wh_Client_AuthUserSetCredentials,
    wh_Client_AuthUserSetPermissions,
};

use crate::client::Client;
use crate::error::Error;

/// wolfHSM authentication method.
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
#[repr(u32)]
pub enum AuthMethod {
    None = 0,        // WH_AUTH_METHOD_NONE
    Pin = 1,         // WH_AUTH_METHOD_PIN
    Certificate = 2, // WH_AUTH_METHOD_CERTIFICATE
}

/// A wolfHSM user identifier.
#[derive(Debug, Clone, Copy, PartialEq, Eq, Hash)]
pub struct UserId(pub(crate) u16);

impl UserId {
    /// Wrap a raw user identifier value.
    ///
    /// Prefer the [`From<u16>`] impl in non-`const` contexts.
    pub const fn new(id: u16) -> Self {
        Self(id)
    }
}

impl From<u16> for UserId {
    fn from(v: u16) -> Self {
        UserId(v)
    }
}

impl From<UserId> for u16 {
    fn from(u: UserId) -> Self {
        u.0
    }
}

/// wolfHSM user permission set.
///
/// Construct a zeroed (no-permissions) instance with [`AuthPermissions::none`].
/// To set specific permission bits, use the wolfHSM C macros via
/// [`AuthPermissions::as_raw_mut`] or build from a raw value with
/// `AuthPermissions::from(raw)` / `.into()`.
///
/// The internal layout mirrors `whAuthPermissions` from the wolfHSM C library.
///
/// `PartialEq`/`Eq` are not derived because bindgen does not generate them for
/// `whAuthPermissions` (it only derives `Debug, Copy, Clone`). The fields are
/// all integer types so there is no soundness obstacle, but we do not implement
/// them manually to avoid silent breakage if the C struct gains a field that
/// makes byte-equality wrong. Use [`AuthPermissions::as_raw_mut`] for
/// field-level comparisons if needed.
#[derive(Debug, Clone, Copy)]
pub struct AuthPermissions(whAuthPermissions);

impl AuthPermissions {
    /// Create an `AuthPermissions` with no permissions granted.
    pub fn none() -> Self {
        // SAFETY: zero-initialising a C POD struct is valid.
        Self(unsafe { core::mem::zeroed() })
    }

    /// Return a mutable reference to the inner `whAuthPermissions` for use
    /// with wolfHSM C macros that set individual permission bits.
    /// Key macros from `wolfhsm/wh_auth.h`:
    /// `WH_AUTH_SET_ALLOWED_GROUP`, `WH_AUTH_SET_ALLOWED_ACTION`,
    /// `WH_AUTH_CLEAR_ALLOWED_GROUP`, `WH_AUTH_CLEAR_ALLOWED_ACTION`,
    /// `WH_AUTH_SET_IS_ADMIN`.
    pub fn as_raw_mut(&mut self) -> &mut whAuthPermissions {
        &mut self.0
    }
}

impl From<whAuthPermissions> for AuthPermissions {
    fn from(raw: whAuthPermissions) -> Self {
        Self(raw)
    }
}

impl From<AuthPermissions> for whAuthPermissions {
    fn from(p: AuthPermissions) -> Self {
        p.0
    }
}

impl Client {
    /// Authenticate to the server and open a session.
    ///
    /// `auth_data` is the PIN bytes for [`AuthMethod::Pin`], or the DER client
    /// certificate for [`AuthMethod::Certificate`].
    ///
    /// On success returns the server-assigned [`UserId`] for the session.
    pub fn auth_login(
        &mut self,
        method: AuthMethod,
        username: &str,
        auth_data: &[u8],
    ) -> Result<UserId, Error> {
        let cname = CString::new(username).map_err(|_| Error::BadArgs {
            msg: "username contains an interior NUL byte",
        })?;
        let auth_len = u16::try_from(auth_data.len()).map_err(|_| Error::BadArgs {
            msg: "auth_data exceeds u16::MAX bytes",
        })?;
        let mut out_rc: i32 = 0;
        let mut out_user_id: u16 = 0;
        // SAFETY: all pointers are valid for the duration of this call.
        let rc = unsafe {
            wh_Client_AuthLogin(
                self.ctx_ptr(),
                method as u32,
                cname.as_ptr(),
                auth_data.as_ptr() as *const core::ffi::c_void,
                auth_len,
                &mut out_rc,
                &mut out_user_id,
            )
        };
        Error::check(rc, "wh_Client_AuthLogin")?;
        Error::check(out_rc, "wh_Client_AuthLogin(server)")?;
        Ok(UserId(out_user_id))
    }

    /// Close a session identified by `user_id`.
    pub fn auth_logout(&mut self, user_id: UserId) -> Result<(), Error> {
        let mut out_rc: i32 = 0;
        // SAFETY: ctx_ptr is valid; out_rc is a valid stack allocation.
        let rc = unsafe { wh_Client_AuthLogout(self.ctx_ptr(), user_id.0, &mut out_rc) };
        Error::check(rc, "wh_Client_AuthLogout")?;
        Error::check(out_rc, "wh_Client_AuthLogout(server)")?;
        Ok(())
    }

    /// Create a new user on the server.
    ///
    /// `credentials` is the initial PIN bytes or certificate DER.
    ///
    /// Returns the server-assigned [`UserId`] for the new account.
    pub fn auth_user_add(
        &mut self,
        username: &str,
        permissions: AuthPermissions,
        method: AuthMethod,
        credentials: &[u8],
    ) -> Result<UserId, Error> {
        let cname = CString::new(username).map_err(|_| Error::BadArgs {
            msg: "username contains an interior NUL byte",
        })?;
        let cred_len = u16::try_from(credentials.len()).map_err(|_| Error::BadArgs {
            msg: "credentials exceed u16::MAX bytes",
        })?;
        let mut out_rc: i32 = 0;
        let mut out_user_id: u16 = 0;
        // SAFETY: all pointers are valid for the duration of this call.
        let rc = unsafe {
            wh_Client_AuthUserAdd(
                self.ctx_ptr(),
                cname.as_ptr(),
                permissions.into(),
                method as u32,
                credentials.as_ptr() as *const core::ffi::c_void,
                cred_len,
                &mut out_rc,
                &mut out_user_id,
            )
        };
        Error::check(rc, "wh_Client_AuthUserAdd")?;
        Error::check(out_rc, "wh_Client_AuthUserAdd(server)")?;
        Ok(UserId(out_user_id))
    }

    /// Look up a user by name and return their `(UserId, AuthPermissions)`.
    pub fn auth_user_get(
        &mut self,
        username: &str,
    ) -> Result<(UserId, AuthPermissions), Error> {
        let cname = CString::new(username).map_err(|_| Error::BadArgs {
            msg: "username contains an interior NUL byte",
        })?;
        let mut out_rc: i32 = 0;
        let mut out_user_id: u16 = 0;
        let mut out_permissions = AuthPermissions::none();
        // SAFETY: all pointers are valid for the duration of this call.
        let rc = unsafe {
            wh_Client_AuthUserGet(
                self.ctx_ptr(),
                cname.as_ptr(),
                &mut out_rc,
                &mut out_user_id,
                &mut out_permissions.0,
            )
        };
        Error::check(rc, "wh_Client_AuthUserGet")?;
        Error::check(out_rc, "wh_Client_AuthUserGet(server)")?;
        Ok((UserId(out_user_id), out_permissions))
    }

    /// Delete the user identified by `user_id`.
    pub fn auth_user_delete(&mut self, user_id: UserId) -> Result<(), Error> {
        let mut out_rc: i32 = 0;
        // SAFETY: ctx_ptr is valid; out_rc is a valid stack allocation.
        let rc = unsafe { wh_Client_AuthUserDelete(self.ctx_ptr(), user_id.0, &mut out_rc) };
        Error::check(rc, "wh_Client_AuthUserDelete")?;
        Error::check(out_rc, "wh_Client_AuthUserDelete(server)")?;
        Ok(())
    }

    /// Replace the permissions for user `user_id`.
    pub fn auth_user_set_permissions(
        &mut self,
        user_id: UserId,
        permissions: AuthPermissions,
    ) -> Result<(), Error> {
        let mut out_rc: i32 = 0;
        // SAFETY: ctx_ptr is valid; all other args are by-value or stack allocations.
        let rc = unsafe {
            wh_Client_AuthUserSetPermissions(
                self.ctx_ptr(),
                user_id.0,
                permissions.into(),
                &mut out_rc,
            )
        };
        Error::check(rc, "wh_Client_AuthUserSetPermissions")?;
        Error::check(out_rc, "wh_Client_AuthUserSetPermissions(server)")?;
        Ok(())
    }

    /// Change the credentials for user `user_id`.
    ///
    /// `current_credentials` is the existing PIN/certificate (used for
    /// authorisation).  `new_credentials` replaces it.
    pub fn auth_user_set_credentials(
        &mut self,
        user_id: UserId,
        method: AuthMethod,
        current_credentials: &[u8],
        new_credentials: &[u8],
    ) -> Result<(), Error> {
        let cur_len =
            u16::try_from(current_credentials.len()).map_err(|_| Error::BadArgs {
                msg: "current_credentials exceed u16::MAX bytes",
            })?;
        let new_len = u16::try_from(new_credentials.len()).map_err(|_| Error::BadArgs {
            msg: "new_credentials exceed u16::MAX bytes",
        })?;
        let mut out_rc: i32 = 0;
        // SAFETY: all pointers are valid for the duration of this call.
        let rc = unsafe {
            wh_Client_AuthUserSetCredentials(
                self.ctx_ptr(),
                user_id.0,
                method as u32,
                current_credentials.as_ptr() as *const core::ffi::c_void,
                cur_len,
                new_credentials.as_ptr() as *const core::ffi::c_void,
                new_len,
                &mut out_rc,
            )
        };
        Error::check(rc, "wh_Client_AuthUserSetCredentials")?;
        Error::check(out_rc, "wh_Client_AuthUserSetCredentials(server)")?;
        Ok(())
    }
}