Skip to content

Commit 9c52303

Browse files
bigbrettbigbrett
committed
review: rename trustedRootNvmId -> trustedRootId
1 parent 28548d9 commit 9c52303

6 files changed

Lines changed: 89 additions & 93 deletions

File tree

docs/draft/wrapped-certs.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -188,7 +188,7 @@ both the metadata and the raw data into the caller's buffers.
188188
189189
#### `wh_Server_CertVerify` / `wh_Server_CertVerifyAcert`
190190
191-
Signature changed from `whNvmId trustedRootNvmId` to `whKeyId trustedRootId`.
191+
Signature changed from `whNvmId trustedRootId` to `whKeyId trustedRootId`.
192192
Internally they just call `wh_Server_CertReadTrusted`, which now handles the
193193
routing.
194194
@@ -199,7 +199,7 @@ Every handler that accepts a trusted root ID (`READTRUSTED`, `VERIFY`,
199199
updated with the same pattern:
200200
201201
1. **Translate the client ID**: If the incoming `req.id` (or
202-
`req.trustedRootNvmId`) has `WH_KEYID_CLIENT_WRAPPED_FLAG` set, call
202+
`req.trustedRootId`) has `WH_KEYID_CLIENT_WRAPPED_FLAG` set, call
203203
`wh_KeyId_TranslateFromClient(WH_KEYTYPE_WRAPPED, server->comm->client_id, req.id)`
204204
to produce a full server-internal key ID with `TYPE=WH_KEYTYPE_WRAPPED`,
205205
`USER=client_id`, and the bare key `ID` in the low byte.

src/wh_client_cert.c

Lines changed: 38 additions & 42 deletions
Original file line numberDiff line numberDiff line change
@@ -38,7 +38,7 @@
3838

3939
/* Helper function to send a certificate verification request */
4040
static int _certVerifyRequest(whClientContext* c, const uint8_t* cert,
41-
uint32_t cert_len, whNvmId trustedRootNvmId,
41+
uint32_t cert_len, whKeyId trustedRootId,
4242
uint16_t verifyFlags, whNvmFlags cachedKeyFlags,
4343
whKeyId keyId);
4444

@@ -48,7 +48,7 @@ static int _certVerifyResponse(whClientContext* c, whKeyId* out_keyId,
4848

4949
/* Helper function to perform certificate verification */
5050
static int _certVerify(whClientContext* c, const uint8_t* cert,
51-
uint32_t cert_len, whNvmId trustedRootNvmId,
51+
uint32_t cert_len, whKeyId trustedRootId,
5252
uint16_t verifyFlags, whNvmFlags cachedKeyFlags,
5353
whKeyId* inout_keyId, int32_t* out_rc);
5454

@@ -363,7 +363,7 @@ int wh_Client_CertReadTrusted(whClientContext* c, whNvmId id, uint8_t* cert,
363363

364364
/* Helper function to send a verify request */
365365
static int _certVerifyRequest(whClientContext* c, const uint8_t* cert,
366-
uint32_t cert_len, whNvmId trustedRootNvmId,
366+
uint32_t cert_len, whKeyId trustedRootId,
367367
uint16_t verifyFlags, whNvmFlags cachedKeyFlags,
368368
whKeyId keyId)
369369
{
@@ -379,7 +379,7 @@ static int _certVerifyRequest(whClientContext* c, const uint8_t* cert,
379379

380380
/* Prepare request */
381381
req.cert_len = cert_len;
382-
req.trustedRootNvmId = trustedRootNvmId;
382+
req.trustedRootId = trustedRootId;
383383
req.flags = verifyFlags;
384384
req.cachedKeyFlags = cachedKeyFlags;
385385
req.keyId = keyId;
@@ -430,7 +430,7 @@ static int _certVerifyResponse(whClientContext* c, whKeyId* out_keyId,
430430
}
431431

432432
static int _certVerify(whClientContext* c, const uint8_t* cert,
433-
uint32_t cert_len, whNvmId trustedRootNvmId,
433+
uint32_t cert_len, whKeyId trustedRootId,
434434
uint16_t verifyFlags, whNvmFlags cachedKeyFlags,
435435
whKeyId* inout_keyId, int32_t* out_rc)
436436
{
@@ -446,8 +446,8 @@ static int _certVerify(whClientContext* c, const uint8_t* cert,
446446
}
447447

448448
do {
449-
rc = _certVerifyRequest(c, cert, cert_len, trustedRootNvmId,
450-
verifyFlags, cachedKeyFlags, keyId);
449+
rc = _certVerifyRequest(c, cert, cert_len, trustedRootId, verifyFlags,
450+
cachedKeyFlags, keyId);
451451
} while (rc == WH_ERROR_NOTREADY);
452452

453453
if (rc == 0) {
@@ -460,9 +460,9 @@ static int _certVerify(whClientContext* c, const uint8_t* cert,
460460
}
461461

462462
int wh_Client_CertVerifyRequest(whClientContext* c, const uint8_t* cert,
463-
uint32_t cert_len, whNvmId trustedRootNvmId)
463+
uint32_t cert_len, whKeyId trustedRootId)
464464
{
465-
return _certVerifyRequest(c, cert, cert_len, trustedRootNvmId,
465+
return _certVerifyRequest(c, cert, cert_len, trustedRootId,
466466
WH_CERT_FLAGS_NONE, WH_NVM_FLAGS_USAGE_ANY,
467467
WH_KEYID_ERASED);
468468
}
@@ -473,18 +473,18 @@ int wh_Client_CertVerifyResponse(whClientContext* c, int32_t* out_rc)
473473
}
474474

475475
int wh_Client_CertVerify(whClientContext* c, const uint8_t* cert,
476-
uint32_t cert_len, whNvmId trustedRootNvmId,
476+
uint32_t cert_len, whKeyId trustedRootId,
477477
int32_t* out_rc)
478478
{
479-
return _certVerify(c, cert, cert_len, trustedRootNvmId, WH_CERT_FLAGS_NONE,
479+
return _certVerify(c, cert, cert_len, trustedRootId, WH_CERT_FLAGS_NONE,
480480
WH_NVM_FLAGS_USAGE_ANY, NULL, out_rc);
481481
}
482482

483483
int wh_Client_CertVerifyAndCacheLeafPubKeyRequest(
484484
whClientContext* c, const uint8_t* cert, uint32_t cert_len,
485-
whNvmId trustedRootNvmId, whNvmFlags cachedKeyFlags, whKeyId keyId)
485+
whKeyId trustedRootId, whNvmFlags cachedKeyFlags, whKeyId keyId)
486486
{
487-
return _certVerifyRequest(c, cert, cert_len, trustedRootNvmId,
487+
return _certVerifyRequest(c, cert, cert_len, trustedRootId,
488488
WH_CERT_FLAGS_CACHE_LEAF_PUBKEY, cachedKeyFlags,
489489
keyId);
490490
}
@@ -499,10 +499,10 @@ int wh_Client_CertVerifyAndCacheLeafPubKeyResponse(whClientContext* c,
499499

500500
int wh_Client_CertVerifyAndCacheLeafPubKey(
501501
whClientContext* c, const uint8_t* cert, uint32_t cert_len,
502-
whNvmId trustedRootNvmId, whNvmFlags cachedKeyFlags, whKeyId* inout_keyId,
502+
whKeyId trustedRootId, whNvmFlags cachedKeyFlags, whKeyId* inout_keyId,
503503
int32_t* out_rc)
504504
{
505-
return _certVerify(c, cert, cert_len, trustedRootNvmId,
505+
return _certVerify(c, cert, cert_len, trustedRootId,
506506
WH_CERT_FLAGS_CACHE_LEAF_PUBKEY, cachedKeyFlags,
507507
inout_keyId, out_rc);
508508
}
@@ -664,7 +664,7 @@ int wh_Client_CertReadTrustedDma(whClientContext* c, whNvmId id, void* cert,
664664
}
665665

666666
static int _certVerifyDmaRequest(whClientContext* c, const void* cert,
667-
uint32_t cert_len, whNvmId trustedRootNvmId,
667+
uint32_t cert_len, whKeyId trustedRootId,
668668
uint16_t flags, whNvmFlags cachedKeyFlags,
669669
whKeyId keyId)
670670
{
@@ -677,7 +677,7 @@ static int _certVerifyDmaRequest(whClientContext* c, const void* cert,
677677
/* Prepare and send request */
678678
req.cert_addr = (uint64_t)(uintptr_t)cert;
679679
req.cert_len = cert_len;
680-
req.trustedRootNvmId = trustedRootNvmId;
680+
req.trustedRootId = trustedRootId;
681681
req.flags = flags;
682682
req.cachedKeyFlags = cachedKeyFlags;
683683
req.keyId = keyId;
@@ -721,7 +721,7 @@ static int _certVerifyDmaResponse(whClientContext* c, whKeyId* out_keyId,
721721
}
722722

723723
static int _certVerifyDma(whClientContext* c, const void* cert,
724-
uint32_t cert_len, whNvmId trustedRootNvmId,
724+
uint32_t cert_len, whKeyId trustedRootId,
725725
uint16_t flags, whNvmFlags cachedKeyFlags,
726726
whKeyId* inout_keyId, int32_t* out_rc)
727727
{
@@ -740,7 +740,7 @@ static int _certVerifyDma(whClientContext* c, const void* cert,
740740
}
741741

742742
do {
743-
rc = _certVerifyDmaRequest(c, cert, cert_len, trustedRootNvmId, flags,
743+
rc = _certVerifyDmaRequest(c, cert, cert_len, trustedRootId, flags,
744744
cachedKeyFlags, keyId);
745745
} while (rc == WH_ERROR_NOTREADY);
746746

@@ -754,9 +754,9 @@ static int _certVerifyDma(whClientContext* c, const void* cert,
754754
}
755755

756756
int wh_Client_CertVerifyDmaRequest(whClientContext* c, const void* cert,
757-
uint32_t cert_len, whNvmId trustedRootNvmId)
757+
uint32_t cert_len, whKeyId trustedRootId)
758758
{
759-
return _certVerifyDmaRequest(c, cert, cert_len, trustedRootNvmId,
759+
return _certVerifyDmaRequest(c, cert, cert_len, trustedRootId,
760760
WH_CERT_FLAGS_NONE, WH_NVM_FLAGS_USAGE_ANY,
761761
WH_KEYID_ERASED);
762762
}
@@ -767,19 +767,18 @@ int wh_Client_CertVerifyDmaResponse(whClientContext* c, int32_t* out_rc)
767767
}
768768

769769
int wh_Client_CertVerifyDma(whClientContext* c, const void* cert,
770-
uint32_t cert_len, whNvmId trustedRootNvmId,
770+
uint32_t cert_len, whKeyId trustedRootId,
771771
int32_t* out_rc)
772772
{
773-
return _certVerifyDma(c, cert, cert_len, trustedRootNvmId,
774-
WH_CERT_FLAGS_NONE, WH_NVM_FLAGS_USAGE_ANY, NULL,
775-
out_rc);
773+
return _certVerifyDma(c, cert, cert_len, trustedRootId, WH_CERT_FLAGS_NONE,
774+
WH_NVM_FLAGS_USAGE_ANY, NULL, out_rc);
776775
}
777776

778777
int wh_Client_CertVerifyDmaAndCacheLeafPubKeyRequest(
779778
whClientContext* c, const void* cert, uint32_t cert_len,
780-
whNvmId trustedRootNvmId, whNvmFlags cachedKeyFlags, whKeyId keyId)
779+
whKeyId trustedRootId, whNvmFlags cachedKeyFlags, whKeyId keyId)
781780
{
782-
return _certVerifyDmaRequest(c, cert, cert_len, trustedRootNvmId,
781+
return _certVerifyDmaRequest(c, cert, cert_len, trustedRootId,
783782
WH_CERT_FLAGS_CACHE_LEAF_PUBKEY,
784783
cachedKeyFlags, keyId);
785784
}
@@ -793,10 +792,10 @@ int wh_Client_CertVerifyDmaAndCacheLeafPubKeyResponse(whClientContext* c,
793792

794793
int wh_Client_CertVerifyDmaAndCacheLeafPubKey(
795794
whClientContext* c, const void* cert, uint32_t cert_len,
796-
whNvmId trustedRootNvmId, whNvmFlags cachedKeyFlags, whKeyId* inout_keyId,
795+
whKeyId trustedRootId, whNvmFlags cachedKeyFlags, whKeyId* inout_keyId,
797796
int32_t* out_rc)
798797
{
799-
return _certVerifyDma(c, cert, cert_len, trustedRootNvmId,
798+
return _certVerifyDma(c, cert, cert_len, trustedRootId,
800799
WH_CERT_FLAGS_CACHE_LEAF_PUBKEY, cachedKeyFlags,
801800
inout_keyId, out_rc);
802801
}
@@ -807,23 +806,21 @@ int wh_Client_CertVerifyDmaAndCacheLeafPubKey(
807806

808807

809808
int wh_Client_CertVerifyAcertRequest(whClientContext* c, const void* cert,
810-
uint32_t cert_len,
811-
whNvmId trustedRootNvmId)
809+
uint32_t cert_len, whKeyId trustedRootId)
812810
{
813811
whMessageCert_VerifyAcertRequest req = {0};
814812
uint8_t buffer[WOLFHSM_CFG_COMM_DATA_LEN];
815813
size_t hdr_len = sizeof(req);
816814
uint8_t* payload = buffer + hdr_len;
817815

818816

819-
if ((c == NULL) || (trustedRootNvmId == WH_NVM_ID_INVALID) ||
820-
(cert == NULL) || (cert_len == 0) ||
821-
(cert_len > (sizeof(buffer) - hdr_len))) {
817+
if ((c == NULL) || (trustedRootId == WH_NVM_ID_INVALID) || (cert == NULL) ||
818+
(cert_len == 0) || (cert_len > (sizeof(buffer) - hdr_len))) {
822819
return WH_ERROR_BADARGS;
823820
}
824821

825822
req.cert_len = cert_len;
826-
req.trustedRootNvmId = trustedRootNvmId;
823+
req.trustedRootId = trustedRootId;
827824

828825
memcpy(buffer, &req, sizeof(req));
829826
memcpy(payload, cert, cert_len);
@@ -859,7 +856,7 @@ int wh_Client_CertVerifyAcertResponse(whClientContext* c, int32_t* out_rc)
859856
}
860857

861858
int wh_Client_CertVerifyAcert(whClientContext* c, const void* cert,
862-
uint32_t cert_len, whNvmId trustedRootNvmId,
859+
uint32_t cert_len, whKeyId trustedRootId,
863860
int32_t* out_rc)
864861
{
865862
int rc = 0;
@@ -869,8 +866,7 @@ int wh_Client_CertVerifyAcert(whClientContext* c, const void* cert,
869866
}
870867

871868
do {
872-
rc = wh_Client_CertVerifyAcertRequest(c, cert, cert_len,
873-
trustedRootNvmId);
869+
rc = wh_Client_CertVerifyAcertRequest(c, cert, cert_len, trustedRootId);
874870
} while (rc == WH_ERROR_NOTREADY);
875871

876872
if (rc == 0) {
@@ -886,7 +882,7 @@ int wh_Client_CertVerifyAcert(whClientContext* c, const void* cert,
886882

887883
int wh_Client_CertVerifyAcertDmaRequest(whClientContext* c, const void* cert,
888884
uint32_t cert_len,
889-
whNvmId trustedRootNvmId)
885+
whKeyId trustedRootId)
890886
{
891887
whMessageCert_VerifyDmaRequest req = {0};
892888

@@ -896,7 +892,7 @@ int wh_Client_CertVerifyAcertDmaRequest(whClientContext* c, const void* cert,
896892

897893
req.cert_addr = (uint64_t)(intptr_t)cert;
898894
req.cert_len = cert_len;
899-
req.trustedRootNvmId = trustedRootNvmId;
895+
req.trustedRootId = trustedRootId;
900896
return wh_Client_SendRequest(c, WH_MESSAGE_GROUP_CERT,
901897
WH_MESSAGE_CERT_ACTION_VERIFY_ACERT_DMA,
902898
sizeof(req), &req);
@@ -932,7 +928,7 @@ int wh_Client_CertVerifyAcertDmaResponse(whClientContext* c, int32_t* out_rc)
932928
}
933929

934930
int wh_Client_CertVerifyAcertDma(whClientContext* c, const void* cert,
935-
uint32_t cert_len, whNvmId trustedRootNvmId,
931+
uint32_t cert_len, whKeyId trustedRootId,
936932
int32_t* out_rc)
937933
{
938934
int rc = 0;
@@ -943,7 +939,7 @@ int wh_Client_CertVerifyAcertDma(whClientContext* c, const void* cert,
943939

944940
do {
945941
rc = wh_Client_CertVerifyAcertDmaRequest(c, cert, cert_len,
946-
trustedRootNvmId);
942+
trustedRootId);
947943
} while (rc == WH_ERROR_NOTREADY);
948944

949945
if (rc == 0) {

src/wh_message_cert.c

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -103,7 +103,7 @@ int wh_MessageCert_TranslateVerifyRequest(
103103
return WH_ERROR_BADARGS;
104104
}
105105
WH_T32(magic, dest, src, cert_len);
106-
WH_T16(magic, dest, src, trustedRootNvmId);
106+
WH_T16(magic, dest, src, trustedRootId);
107107
WH_T16(magic, dest, src, flags);
108108
WH_T16(magic, dest, src, cachedKeyFlags);
109109
WH_T16(magic, dest, src, keyId);
@@ -163,7 +163,7 @@ int wh_MessageCert_TranslateVerifyDmaRequest(
163163
}
164164
WH_T64(magic, dest, src, cert_addr);
165165
WH_T32(magic, dest, src, cert_len);
166-
WH_T16(magic, dest, src, trustedRootNvmId);
166+
WH_T16(magic, dest, src, trustedRootId);
167167
WH_T16(magic, dest, src, flags);
168168
WH_T16(magic, dest, src, cachedKeyFlags);
169169
WH_T16(magic, dest, src, keyId);
@@ -192,7 +192,7 @@ int wh_MessageCert_TranslateVerifyAcertRequest(
192192
return WH_ERROR_BADARGS;
193193
}
194194
WH_T32(magic, dest, src, cert_len);
195-
WH_T16(magic, dest, src, trustedRootNvmId);
195+
WH_T16(magic, dest, src, trustedRootId);
196196
return 0;
197197
}
198198
#endif /* WOLFHSM_CFG_CERTIFICATE_MANAGER_ACERT */

src/wh_server_cert.c

Lines changed: 16 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -561,12 +561,12 @@ int wh_Server_HandleCertRequest(whServerContext* server, uint16_t magic,
561561
whKeyId keyId = wh_KeyId_TranslateFromClient(
562562
WH_KEYTYPE_CRYPTO, server->comm->client_id, req.keyId);
563563

564-
/* Translate trustedRootNvmId if client set wrapped flag */
565-
whKeyId trustedRootId = req.trustedRootNvmId;
566-
if (req.trustedRootNvmId & WH_KEYID_CLIENT_WRAPPED_FLAG) {
564+
/* Translate trustedRootId if client set wrapped flag */
565+
whKeyId trustedRootId = req.trustedRootId;
566+
if (req.trustedRootId & WH_KEYID_CLIENT_WRAPPED_FLAG) {
567567
trustedRootId = wh_KeyId_TranslateFromClient(
568568
WH_KEYTYPE_WRAPPED, server->comm->client_id,
569-
req.trustedRootNvmId);
569+
req.trustedRootId);
570570
}
571571

572572
rc = WH_SERVER_NVM_LOCK(server);
@@ -737,12 +737,12 @@ int wh_Server_HandleCertRequest(whServerContext* server, uint16_t magic,
737737
keyId = wh_KeyId_TranslateFromClient(
738738
WH_KEYTYPE_CRYPTO, server->comm->client_id, req.keyId);
739739

740-
/* Translate trustedRootNvmId if client set wrapped flag */
741-
trustedRootId = req.trustedRootNvmId;
742-
if (req.trustedRootNvmId & WH_KEYID_CLIENT_WRAPPED_FLAG) {
740+
/* Translate trustedRootId if client set wrapped flag */
741+
trustedRootId = req.trustedRootId;
742+
if (req.trustedRootId & WH_KEYID_CLIENT_WRAPPED_FLAG) {
743743
trustedRootId = wh_KeyId_TranslateFromClient(
744744
WH_KEYTYPE_WRAPPED, server->comm->client_id,
745-
req.trustedRootNvmId);
745+
req.trustedRootId);
746746
}
747747

748748
/* Process client address */
@@ -791,12 +791,12 @@ int wh_Server_HandleCertRequest(whServerContext* server, uint16_t magic,
791791

792792
cert_data = (const uint8_t*)req_packet + sizeof(req);
793793

794-
/* Translate trustedRootNvmId if client set wrapped flag */
795-
whKeyId trustedRootId = req.trustedRootNvmId;
796-
if (req.trustedRootNvmId & WH_KEYID_CLIENT_WRAPPED_FLAG) {
794+
/* Translate trustedRootId if client set wrapped flag */
795+
whKeyId trustedRootId = req.trustedRootId;
796+
if (req.trustedRootId & WH_KEYID_CLIENT_WRAPPED_FLAG) {
797797
trustedRootId = wh_KeyId_TranslateFromClient(
798798
WH_KEYTYPE_WRAPPED, server->comm->client_id,
799-
req.trustedRootNvmId);
799+
req.trustedRootId);
800800
}
801801

802802
rc = WH_SERVER_NVM_LOCK(server);
@@ -841,12 +841,12 @@ int wh_Server_HandleCertRequest(whServerContext* server, uint16_t magic,
841841
wh_MessageCert_TranslateVerifyDmaRequest(
842842
magic, (whMessageCert_VerifyDmaRequest*)req_packet, &req);
843843

844-
/* Translate trustedRootNvmId if client set wrapped flag */
845-
trustedRootId = req.trustedRootNvmId;
846-
if (req.trustedRootNvmId & WH_KEYID_CLIENT_WRAPPED_FLAG) {
844+
/* Translate trustedRootId if client set wrapped flag */
845+
trustedRootId = req.trustedRootId;
846+
if (req.trustedRootId & WH_KEYID_CLIENT_WRAPPED_FLAG) {
847847
trustedRootId = wh_KeyId_TranslateFromClient(
848848
WH_KEYTYPE_WRAPPED, server->comm->client_id,
849-
req.trustedRootNvmId);
849+
req.trustedRootId);
850850
}
851851

852852
/* Process client address */

0 commit comments

Comments
 (0)