authentication manager feature addition

[JacobBarthelmeh]

The authentication manager feature adds support for a user login and checking a users permissions for performing a group+action. The API was designed with PKCS11 in mind.

Some things of note:

• I added a callback function framework for checking authorization of key use based on key ID and user permissions but did not tie in that check yet. I would like to tie that in later when/if needed. This currently checks for authorization of user for a group/action that they can do. Which ties a user ID to crypto actions done.
• The user list in port/posix/posix_auth.c is a simple list not yet in NVM. This initial simplicity is deliberate.
• There is a TODO listed for logging of authentication events. Login failures, success, crypto actions should have logging additions in the future.

[Copilot]

Pull request overview

This pull request adds a comprehensive authentication and authorization manager to wolfHSM, enabling user management, login/logout functionality, and permission-based access control for HSM operations.

Changes:

• New authentication manager with PIN and certificate-based authentication support
• Authorization system with group and action-level permission checks
• User management APIs for adding, deleting, and modifying users and their credentials
• Complete client and server implementation with message translation support

Reviewed changes

Copilot reviewed 22 out of 23 changed files in this pull request and generated 8 comments.

Show a summary per file

File	Description
wolfhsm/wh_auth.h	Core auth manager types, structures, and API definitions
wolfhsm/wh_message_auth.h	Message structures and translation functions for auth operations
wolfhsm/wh_server_auth.h	Server-side auth request handler declaration
wolfhsm/wh_client.h	Client-side auth API function declarations
wolfhsm/wh_server.h	Server context updated with auth context pointer
wolfhsm/wh_message.h	New auth message group and action enums
wolfhsm/wh_error.h	New auth-specific error codes
src/wh_auth.c	Core auth manager implementation with callback wrappers
src/wh_message_auth.c	Message translation implementations for auth messages
src/wh_server_auth.c	Server-side request handler for auth operations
src/wh_client_auth.c	Client-side auth API implementations
src/wh_server.c	Server integration with authorization checks
src/wh_client.c	Minor formatting fixes
port/posix/posix_auth.h	POSIX auth backend declarations
port/posix/posix_auth.c	POSIX auth backend implementation with in-memory user storage
test/wh_test_auth.h	Auth test suite declarations
test/wh_test_auth.c	Comprehensive auth test suite implementation
test/wh_test.c	Test integration for auth tests
examples/posix/wh_posix_server/*	Server configuration with auth context setup
examples/demo/client/wh_demo_client_all.c	Demo integration for auth

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull request overview

Copilot reviewed 24 out of 25 changed files in this pull request and generated 3 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull request overview

Copilot reviewed 29 out of 30 changed files in this pull request and generated no new comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull request overview

Copilot reviewed 29 out of 30 changed files in this pull request and generated 2 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[bigbrett]

@JacobBarthelmeh merge conflicts

[JacobBarthelmeh]

Force pushed to resolve merge conflict.

[Copilot]

Pull request overview

Copilot reviewed 28 out of 29 changed files in this pull request and generated 17 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.