wolfSSL
diff --git a/‎docs/draft/crypto_affinity.md‎
Lines changed: 49 additions & 11 deletions b/‎docs/draft/crypto_affinity.md‎
Lines changed: 49 additions & 11 deletions
diff --git a/‎src/wh_client.c‎
Lines changed: 67 additions & 2 deletions b/‎src/wh_client.c‎
Lines changed: 67 additions & 2 deletions
diff --git a/‎src/wh_message_comm.c‎
Lines changed: 12 additions & 0 deletions b/‎src/wh_message_comm.c‎
Lines changed: 12 additions & 0 deletions
diff --git a/‎src/wh_server.c‎
Lines changed: 55 additions & 28 deletions b/‎src/wh_server.c‎
Lines changed: 55 additions & 28 deletions
diff --git a/‎test/wh_test_check_struct_padding.c‎
Lines changed: 1 addition & 0 deletions b/‎test/wh_test_check_struct_padding.c‎
Lines changed: 1 addition & 0 deletions
@@ -1,17 +1,17 @@
-# SetCryptoAffinity Client API
+# Crypto Affinity Client API
 
-The SetCryptoAffinity feature allows a client to control whether the server uses **software** or **hardware** cryptographic implementations.
+The crypto affinity feature allows a client to control and query whether the server uses **software** or **hardware** cryptographic implementations.
 
 ## Affinity Values
 
 ```c
 enum WH_CRYPTO_AFFINITY_ENUM {
     WH_CRYPTO_AFFINITY_SW = 0,  // Use software crypto (devId = INVALID_DEVID)
-    WH_CRYPTO_AFFINITY_HW = 1,  // Use hardware crypto (devId = configured value)
+    WH_CRYPTO_AFFINITY_HW = 1,  // Attmept to use hardware crypto (devId = configured value)
 };
 ```
 
-## Client API Functions
+## SetCryptoAffinity
 
 ### Blocking API (simplest)
 
@@ -31,14 +31,43 @@ int wh_Client_SetCryptoAffinityResponse(whClientContext* c, int32_t* out_rc,
         uint32_t* out_affinity);
 ```
 
+## GetCryptoAffinity
+
+### Blocking API (simplest)
+
+```c
+int wh_Client_GetCryptoAffinity(whClientContext* c,
+        int32_t* out_rc, uint32_t* out_affinity);
+```
+
+### Non-blocking (async) API
+
+```c
+// Send request
+int wh_Client_GetCryptoAffinityRequest(whClientContext* c);
+
+// Receive response
+int wh_Client_GetCryptoAffinityResponse(whClientContext* c, int32_t* out_rc,
+        uint32_t* out_affinity);
+```
+
 ## Usage Example
 
 ```c
 int32_t  server_rc;
 uint32_t current_affinity;
 
+// Query current crypto affinity
+int rc = wh_Client_GetCryptoAffinity(client,
+        &server_rc,
+        &current_affinity);
+
+if (rc == WH_ERROR_OK && server_rc == WH_ERROR_OK) {
+    // current_affinity contains the active affinity
+}
+
 // Switch to software crypto
-int rc = wh_Client_SetCryptoAffinity(client,
+rc = wh_Client_SetCryptoAffinity(client,
         WH_CRYPTO_AFFINITY_SW,
         &server_rc,
         &current_affinity);
@@ -57,7 +86,7 @@ rc = wh_Client_SetCryptoAffinity(client,
 if (rc == WH_ERROR_OK) {
     if (server_rc == WH_ERROR_OK) {
         // Server is now using hardware crypto
-    } else if (server_rc == WH_ERROR_BADCONFIG) {
+    } else if (server_rc == WH_ERROR_NOTIMPL) {
         // HW crypto not available (server wasn't configured with a valid devId)
     }
 }
@@ -70,15 +99,22 @@ if (rc == WH_ERROR_OK) {
 | `rc` (function return) | Transport/communication errors |
 | `server_rc` (output parameter) | Server-side result |
 
-### Server Return Codes
+### Server Return Codes (SetCryptoAffinity)
 
 | Code | Description |
 |------|-------------|
 | `WH_ERROR_OK` | Affinity changed successfully |
-| `WH_ERROR_BADCONFIG` | HW requested but no HW crypto configured |
+| `WH_ERROR_NOTIMPL` | HW requested but no HW crypto configured, `WOLF_CRYPTO_CB` is not defined, or `WOLFHSM_CFG_NO_CRYPTO` is defined |
 | `WH_ERROR_BADARGS` | Invalid affinity value |
 | `WH_ERROR_ABORTED` | Server crypto context is NULL |
-| `WH_ERROR_NOTIMPL` | Affinity change not implemented (returned when `WOLF_CRYPTO_CB` is not defined and HW affinity is requested, or when `WOLFHSM_CFG_NO_CRYPTO` is defined) |
+
+### Server Return Codes (GetCryptoAffinity)
+
+| Code | Description |
+|------|-------------|
+| `WH_ERROR_OK` | Affinity queried successfully |
+| `WH_ERROR_ABORTED` | Server crypto context is NULL |
+| `WH_ERROR_NOTIMPL` | Not implemented (returned when `WOLFHSM_CFG_NO_CRYPTO` is defined) |
 
 ## Server Behavior
 
@@ -87,6 +123,8 @@ When affinity is set:
 | Affinity | Server Action |
 |----------|---------------|
 | `WH_CRYPTO_AFFINITY_SW` | `server->crypto->devId = INVALID_DEVID` (wolfCrypt uses software) |
-| `WH_CRYPTO_AFFINITY_HW` | `server->crypto->devId = server->crypto->configDevId` (wolfCrypt uses registered crypto callback) |
+| `WH_CRYPTO_AFFINITY_HW` | `server->crypto->devId = server->crypto->defaultDevId` (wolfCrypt uses registered crypto callback) |
+
+When affinity is queried (Get), the server reads the current `devId` and returns the corresponding affinity value without modifying any state.
 
-The `configDevId` is stored at server init from `config->devId`.
+The `defaultDevId` is stored at server init from `config->devId`.
@@ -439,7 +439,7 @@ int wh_Client_SetCryptoAffinityResponse(whClientContext* c, int32_t* out_rc,
     }
 
     rc = wh_Client_RecvResponse(c, &resp_group, &resp_action, &resp_size, &msg);
-    if (rc == 0) {
+    if (rc == WH_ERROR_OK) {
         /* Validate response */
         if ((resp_group != WH_MESSAGE_GROUP_COMM) ||
             (resp_action != WH_MESSAGE_COMM_ACTION_SET_CRYPTO_AFFINITY) ||
@@ -471,14 +471,79 @@ int wh_Client_SetCryptoAffinity(whClientContext* c, uint32_t affinity,
         rc = wh_Client_SetCryptoAffinityRequest(c, affinity);
     } while (rc == WH_ERROR_NOTREADY);
 
-    if (rc == 0) {
+    if (rc == WH_ERROR_OK) {
         do {
             rc = wh_Client_SetCryptoAffinityResponse(c, out_rc, out_affinity);
         } while (rc == WH_ERROR_NOTREADY);
     }
     return rc;
 }
 
+int wh_Client_GetCryptoAffinityRequest(whClientContext* c)
+{
+    if (c == NULL) {
+        return WH_ERROR_BADARGS;
+    }
+
+    return wh_Client_SendRequest(c, WH_MESSAGE_GROUP_COMM,
+                                 WH_MESSAGE_COMM_ACTION_GET_CRYPTO_AFFINITY,
+                                 0, NULL);
+}
+
+int wh_Client_GetCryptoAffinityResponse(whClientContext* c, int32_t* out_rc,
+                                        uint32_t* out_affinity)
+{
+    int                                    rc          = 0;
+    whMessageCommGetCryptoAffinityResponse msg         = {0};
+    uint16_t                               resp_group  = 0;
+    uint16_t                               resp_action = 0;
+    uint16_t                               resp_size   = 0;
+
+    if (c == NULL) {
+        return WH_ERROR_BADARGS;
+    }
+
+    rc = wh_Client_RecvResponse(c, &resp_group, &resp_action, &resp_size, &msg);
+    if (rc == 0) {
+        /* Validate response */
+        if ((resp_group != WH_MESSAGE_GROUP_COMM) ||
+            (resp_action != WH_MESSAGE_COMM_ACTION_GET_CRYPTO_AFFINITY) ||
+            (resp_size != sizeof(msg))) {
+            /* Invalid message */
+            rc = WH_ERROR_ABORTED;
+        }
+        else {
+            /* Valid message */
+            if (out_rc != NULL) {
+                *out_rc = msg.rc;
+            }
+            if (out_affinity != NULL) {
+                *out_affinity = msg.affinity;
+            }
+        }
+    }
+    return rc;
+}
+
+int wh_Client_GetCryptoAffinity(whClientContext* c, int32_t* out_rc,
+                                uint32_t* out_affinity)
+{
+    int rc = 0;
+    if (c == NULL) {
+        return WH_ERROR_BADARGS;
+    }
+    do {
+        rc = wh_Client_GetCryptoAffinityRequest(c);
+    } while (rc == WH_ERROR_NOTREADY);
+
+    if (rc == 0) {
+        do {
+            rc = wh_Client_GetCryptoAffinityResponse(c, out_rc, out_affinity);
+        } while (rc == WH_ERROR_NOTREADY);
+    }
+    return rc;
+}
+
 
 int wh_Client_CommCloseRequest(whClientContext* c)
 {
 
@@ -105,3 +105,15 @@ int wh_MessageComm_TranslateSetCryptoAffinityResponse(
     WH_T32(magic, dest, src, affinity);
     return 0;
 }
+
+int wh_MessageComm_TranslateGetCryptoAffinityResponse(
+    uint16_t magic, const whMessageCommGetCryptoAffinityResponse* src,
+    whMessageCommGetCryptoAffinityResponse* dest)
+{
+    if ((src == NULL) || (dest == NULL)) {
+        return WH_ERROR_BADARGS;
+    }
+    WH_T32(magic, dest, src, rc);
+    WH_T32(magic, dest, src, affinity);
+    return 0;
+}
@@ -79,13 +79,8 @@ int wh_Server_Init(whServerContext* server, whServerConfig* config)
 #ifndef WOLFHSM_CFG_NO_CRYPTO
     server->crypto = config->crypto;
     if (server->crypto != NULL) {
-#if defined(WOLF_CRYPTO_CB)
         server->crypto->devId = config->devId;
-        server->crypto->configDevId = config->devId;
-#else
-        server->crypto->devId = INVALID_DEVID;
-        server->crypto->configDevId = INVALID_DEVID;
-#endif
+        server->crypto->defaultDevId = config->devId;
     }
 #ifdef WOLFHSM_CFG_SHE_EXTENSION
     server->she = config->she;
@@ -253,7 +248,16 @@ static int _wh_Server_HandleCommRequest(whServerContext* server,
         whMessageCommSetCryptoAffinityRequest  req  = {0};
         whMessageCommSetCryptoAffinityResponse resp = {0};
 
-        wh_MessageComm_TranslateSetCryptoAffinityRequest(
+        if (req_size != sizeof(whMessageCommSetCryptoAffinityRequest)) {
+            resp.rc = WH_ERROR_ABORTED; 
+
+            (void)wh_MessageComm_TranslateSetCryptoAffinityResponse(
+                magic, &resp, (whMessageCommSetCryptoAffinityResponse*)resp_packet);
+            *out_resp_size = sizeof(resp);
+            break;
+        }
+
+        (void)wh_MessageComm_TranslateSetCryptoAffinityRequest(
             magic, (const whMessageCommSetCryptoAffinityRequest*)req_packet,
             &req);
 
@@ -263,28 +267,27 @@ static int _wh_Server_HandleCommRequest(whServerContext* server,
             resp.affinity = WH_CRYPTO_AFFINITY_SW;
         }
         else {
-            switch (req.affinity) {
-                case WH_CRYPTO_AFFINITY_SW:
-                    server->crypto->devId = INVALID_DEVID;
+            if (req.affinity == WH_CRYPTO_AFFINITY_SW) {
+                server->crypto->devId = INVALID_DEVID;
+                resp.rc               = WH_ERROR_OK;
+            }
+            else if (req.affinity == WH_CRYPTO_AFFINITY_HW) {
+                /* If the devId the server was configured with is valid then
+                 * switch back to it. The devId is used to call the appropriate
+                 * callback to utilize HW crypto */
+                if (server->crypto->defaultDevId != INVALID_DEVID) {
+                    server->crypto->devId = server->crypto->defaultDevId;
                     resp.rc               = WH_ERROR_OK;
-                    break;
-                case WH_CRYPTO_AFFINITY_HW:
-#ifdef WOLF_CRYPTO_CB
-                    if (server->crypto->configDevId != INVALID_DEVID) {
-                        server->crypto->devId = server->crypto->configDevId;
-                        resp.rc               = WH_ERROR_OK;
-                    }
-                    else {
-                        resp.rc = WH_ERROR_BADCONFIG;
-                    }
-                    break;
-#else
+                }
+                /* If the server was not configured with a valid devId
+                 * Then we are unable to use HW crypto. Return error back
+                 * back to the client */
+                else {
                     resp.rc = WH_ERROR_NOTIMPL;
-                    break;
-#endif
-                default:
-                    resp.rc = WH_ERROR_BADARGS;
-                    break;
+                }
+            }
+            else {
+                resp.rc = WH_ERROR_BADARGS;
             }
             resp.affinity = (server->crypto->devId == INVALID_DEVID)
                                 ? WH_CRYPTO_AFFINITY_SW
@@ -295,11 +298,35 @@ static int _wh_Server_HandleCommRequest(whServerContext* server,
         resp.affinity = WH_CRYPTO_AFFINITY_SW;
 #endif
 
-        wh_MessageComm_TranslateSetCryptoAffinityResponse(
+        (void)wh_MessageComm_TranslateSetCryptoAffinityResponse(
             magic, &resp, (whMessageCommSetCryptoAffinityResponse*)resp_packet);
         *out_resp_size = sizeof(resp);
     }; break;
 
+    case WH_MESSAGE_COMM_ACTION_GET_CRYPTO_AFFINITY: {
+        whMessageCommGetCryptoAffinityResponse resp = {0};
+
+#ifndef WOLFHSM_CFG_NO_CRYPTO
+        if (server->crypto == NULL) {
+            resp.rc       = WH_ERROR_ABORTED;
+            resp.affinity = WH_CRYPTO_AFFINITY_SW;
+        }
+        else {
+            resp.rc       = WH_ERROR_OK;
+            resp.affinity = (server->crypto->devId == INVALID_DEVID)
+                                ? WH_CRYPTO_AFFINITY_SW
+                                : WH_CRYPTO_AFFINITY_HW;
+        }
+#else
+        resp.rc       = WH_ERROR_NOTIMPL;
+        resp.affinity = WH_CRYPTO_AFFINITY_SW;
+#endif
+
+        wh_MessageComm_TranslateGetCryptoAffinityResponse(
+            magic, &resp, (whMessageCommGetCryptoAffinityResponse*)resp_packet);
+        *out_resp_size = sizeof(resp);
+    }; break;
+
     case WH_MESSAGE_COMM_ACTION_CLOSE:
     {
         /* No message */
 
@@ -33,6 +33,7 @@ whMessageCommInitResponse               whMessageCommInitResponse_test;
 whMessageCommInfoResponse               whMessageCommInfoResponse_test;
 whMessageCommSetCryptoAffinityRequest   whMessageCommSetCryptoAffinityRequest_test;
 whMessageCommSetCryptoAffinityResponse  whMessageCommSetCryptoAffinityResponse_test;
+whMessageCommGetCryptoAffinityResponse  whMessageCommGetCryptoAffinityResponse_test;
 
 #include "wolfhsm/wh_message_customcb.h"
 whMessageCustomCb_Request  whMessageCustomCb_Request_test;