From e9e5b2801fc41a5bb7014b7504a2467a274729d5 Mon Sep 17 00:00:00 2001 From: Brett Nicholas <7547222+bigbrett@users.noreply.github.com> Date: Wed, 19 Nov 2025 16:23:59 -0700 Subject: [PATCH] allow passing key flags to example server CLI --- .../posix/wh_posix_server/wh_posix_server.c | 63 ++++++++++++------- 1 file changed, 41 insertions(+), 22 deletions(-) diff --git a/examples/posix/wh_posix_server/wh_posix_server.c b/examples/posix/wh_posix_server/wh_posix_server.c index 54b6bd0c..ca49dd8f 100644 --- a/examples/posix/wh_posix_server/wh_posix_server.c +++ b/examples/posix/wh_posix_server/wh_posix_server.c @@ -32,7 +32,7 @@ /** Local declarations */ static int wh_ServerTask(void* cf, const char* keyFilePath, int keyId, - int clientId); + int clientId, whNvmFlags flags); static void _sleepMs(long milliseconds); #if !defined(WOLFHSM_CFG_NO_CRYPTO) @@ -56,7 +56,8 @@ enum { const char* type = "tcp"; /* default to tcp type */ static int loadAndStoreKeys(whServerContext* server, whKeyId* outKeyId, - const char* keyFilePath, int keyId, int clientId) + const char* keyFilePath, int keyId, int clientId, + whNvmFlags flags) { #if !defined(WOLFHSM_CFG_NO_CRYPTO) int ret; @@ -83,14 +84,14 @@ static int loadAndStoreKeys(whServerContext* server, whKeyId* outKeyId, ret = 0; close(keyFd); - WOLFHSM_CFG_PRINTF( - "Loading key from %s (size=%d) with keyId=0x%02X and clientId=0x%01X\n", - keyFilePath, keySz, keyId, clientId); + WOLFHSM_CFG_PRINTF("Loading key from %s (size=%d) with keyId=0x%02X and " + "clientId=0x%01X and flags=0x%04X\n", + keyFilePath, keySz, keyId, clientId, flags); /* cache the key in the HSM, get HSM assigned keyId */ /* set the metadata fields */ meta.id = WH_MAKE_KEYID(WH_KEYTYPE_CRYPTO, clientId, keyId); - meta.flags = 0; + meta.flags = (whNvmFlags)flags; meta.len = keySz; memcpy(meta.label, keyLabel, strlen(keyLabel)); @@ -99,10 +100,11 @@ static int loadAndStoreKeys(whServerContext* server, whKeyId* outKeyId, ret = wh_Server_KeystoreGetUniqueId(server, &meta.id); WOLFHSM_CFG_PRINTF("got unique ID = 0x%02X\n", meta.id & WH_KEYID_MASK); } - WOLFHSM_CFG_PRINTF( - "key NVM ID = 0x%04X\n\ttype=0x%01X\n\tuser=0x%01X\n\tkeyId=0x%02X\n", - meta.id, WH_KEYID_TYPE(meta.id), WH_KEYID_USER(meta.id), - WH_KEYID_ID(meta.id)); + WOLFHSM_CFG_PRINTF("key NVM ID = " + "0x%04X\n\ttype=0x%01X\n\tuser=0x%01X\n\tkeyId=0x%" + "02X\n\tflags=0x%04X\n", + meta.id, WH_KEYID_TYPE(meta.id), WH_KEYID_USER(meta.id), + WH_KEYID_ID(meta.id), meta.flags); if (ret == 0) { ret = wh_Server_KeystoreCacheKey(server, &meta, keyBuf); @@ -124,12 +126,13 @@ static int loadAndStoreKeys(whServerContext* server, whKeyId* outKeyId, (void)keyFilePath; (void)keyId; (void)clientId; + (void)flags; return WH_ERROR_NOTIMPL; #endif /* !WOLFHSM_CFG_NO_CRYPTO */ } static int wh_ServerTask(void* cf, const char* keyFilePath, int keyId, - int clientId) + int clientId, whNvmFlags flags) { whServerContext server[1]; whServerConfig* config = (whServerConfig*)cf; @@ -146,7 +149,7 @@ static int wh_ServerTask(void* cf, const char* keyFilePath, int keyId, /* Load keys into cache if file path is provided */ if (keyFilePath != NULL) { ret = loadAndStoreKeys(server, &loadedKeyId, keyFilePath, keyId, - clientId); + clientId, flags); if (ret != 0) { WOLFHSM_CFG_PRINTF("server failed to load key, ret=%d\n", ret); (void)wh_Server_Cleanup(server); @@ -206,9 +209,9 @@ static int wh_ServerTask(void* cf, const char* keyFilePath, int keyId, /* Reload keys into cache if file path was provided */ if (keyFilePath != NULL) { - ret = - loadAndStoreKeys(server, &loadedKeyId, - keyFilePath, keyId, clientId); + ret = loadAndStoreKeys(server, &loadedKeyId, + keyFilePath, keyId, clientId, + flags); if (ret != 0) { WOLFHSM_CFG_PRINTF("server failed to load key, ret=%d\n", ret); @@ -266,12 +269,13 @@ static int _hardwareCryptoCb(int devId, struct wc_CryptoInfo* info, void* ctx) #endif static void Usage(const char* exeName) { - WOLFHSM_CFG_PRINTF("Usage: %s --key --id --client " - "--nvminit --type \n", - exeName); + WOLFHSM_CFG_PRINTF( + "Usage: %s --key --id --client " + "--nvminit --type --flags \n", + exeName); WOLFHSM_CFG_PRINTF("Example: %s --key key.bin --id 123 --client 456 " - "--nvminit nvm_init.txt --type tcp\n", - exeName); + "--nvminit nvm_init.txt --type tcp --flags 0\n", + exeName); WOLFHSM_CFG_PRINTF("type: tcp (default), shm, dma\n"); } @@ -283,6 +287,8 @@ int main(int argc, char** argv) const char* nvmInitFilePath = NULL; int keyId = WH_KEYID_ERASED; /* Default key ID if none provided */ int clientId = 12; /* Default client ID if none provided */ + whNvmFlags flags = + WH_NVM_FLAGS_USAGE_ANY; /* Default flags if none provided */ uint8_t memory[WH_POSIX_FLASH_RAM_SIZE] = {0}; whServerConfig s_conf[1]; @@ -310,6 +316,19 @@ int main(int argc, char** argv) else if (strcmp(argv[i], "--type") == 0 && i + 1 < argc) { type = argv[++i]; } + else if (strcmp(argv[i], "--flags") == 0 && i + 1 < argc) { + char* end; + errno = 0; + unsigned long val = strtoul(argv[i + 1], &end, 0); + + if (errno || *end || val > 0xFFFF) { + WOLFHSM_CFG_PRINTF("Invalid --flags value: %s\n", argv[i + 1]); + return -1; + } + + flags = (whNvmFlags)val; + i++; + } else { WOLFHSM_CFG_PRINTF("Invalid argument: %s\n", argv[i]); Usage(argv[0]); @@ -399,7 +418,7 @@ int main(int argc, char** argv) return rc; } - rc = wh_ServerTask(s_conf, keyFilePath, keyId, clientId); + rc = wh_ServerTask(s_conf, keyFilePath, keyId, clientId, flags); if (rc != WH_ERROR_OK) { WOLFHSM_CFG_PRINTF("Server task failed: %d\n", rc); return rc; @@ -418,7 +437,7 @@ int main(int argc, char** argv) (void)keyFilePath; (void)keyId; (void)clientId; - rc = wh_ServerTask(s_conf, keyFilePath, keyId, clientId); + rc = wh_ServerTask(s_conf, keyFilePath, keyId, clientId, flags); if (rc != WH_ERROR_OK) { WOLFHSM_CFG_PRINTF("Server task failed: %d\n", rc); return rc;