diff options
author | TreeHugger Robot <treehugger-gerrit@google.com> | 2022-06-02 18:22:46 +0000 |
---|---|---|
committer | Android (Google) Code Review <android-gerrit@google.com> | 2022-06-02 18:22:46 +0000 |
commit | aaeb517ed1b12748340c0dd2ef98444e3f93abe4 (patch) | |
tree | c32cccecc2b8935d59e093749474acb83e81fea5 | |
parent | 286b1390a43e9b696ec4fa82ebabd67d07cdaf3d (diff) | |
parent | 5497ed742921fdbd33c078ba63e043281d659bb7 (diff) | |
download | cuttlefish-aaeb517ed1b12748340c0dd2ef98444e3f93abe4.tar.gz |
Merge "Apply clang-format to KM sources." into tm-dev
-rw-r--r-- | host/commands/secure_env/keymaster_responder.cpp | 65 | ||||
-rw-r--r-- | host/commands/secure_env/tpm_keymaster_context.cpp | 67 | ||||
-rw-r--r-- | host/commands/secure_env/tpm_keymaster_context.h | 23 | ||||
-rw-r--r-- | host/commands/secure_env/tpm_keymaster_enforcement.cpp | 91 | ||||
-rw-r--r-- | host/commands/secure_env/tpm_keymaster_enforcement.h | 19 |
5 files changed, 120 insertions, 145 deletions
diff --git a/host/commands/secure_env/keymaster_responder.cpp b/host/commands/secure_env/keymaster_responder.cpp index 69186026b..c5d4e3b44 100644 --- a/host/commands/secure_env/keymaster_responder.cpp +++ b/host/commands/secure_env/keymaster_responder.cpp @@ -20,10 +20,9 @@ namespace cuttlefish { -KeymasterResponder::KeymasterResponder( - cuttlefish::KeymasterChannel& channel, keymaster::AndroidKeymaster& keymaster) - : channel_(channel), keymaster_(keymaster) { -} +KeymasterResponder::KeymasterResponder(cuttlefish::KeymasterChannel& channel, + keymaster::AndroidKeymaster& keymaster) + : channel_(channel), keymaster_(keymaster) {} bool KeymasterResponder::ProcessMessage() { auto request = channel_.ReceiveMessage(); @@ -33,19 +32,19 @@ bool KeymasterResponder::ProcessMessage() { } const uint8_t* buffer = request->payload; const uint8_t* end = request->payload + request->payload_size; - switch(request->cmd) { + switch (request->cmd) { using namespace keymaster; -#define HANDLE_MESSAGE(ENUM_NAME, METHOD_NAME) \ - case ENUM_NAME: {\ - METHOD_NAME##Request request(keymaster_.message_version()); \ - if (!request.Deserialize(&buffer, end)) { \ - LOG(ERROR) << "Failed to deserialize " #METHOD_NAME "Request"; \ - return false; \ - } \ - METHOD_NAME##Response response(keymaster_.message_version()); \ - keymaster_.METHOD_NAME(request, &response); \ - return channel_.SendResponse(ENUM_NAME, response); \ - } +#define HANDLE_MESSAGE(ENUM_NAME, METHOD_NAME) \ + case ENUM_NAME: { \ + METHOD_NAME##Request request(keymaster_.message_version()); \ + if (!request.Deserialize(&buffer, end)) { \ + LOG(ERROR) << "Failed to deserialize " #METHOD_NAME "Request"; \ + return false; \ + } \ + METHOD_NAME##Response response(keymaster_.message_version()); \ + keymaster_.METHOD_NAME(request, &response); \ + return channel_.SendResponse(ENUM_NAME, response); \ + } HANDLE_MESSAGE(GENERATE_KEY, GenerateKey) HANDLE_MESSAGE(BEGIN_OPERATION, BeginOperation) HANDLE_MESSAGE(UPDATE_OPERATION, UpdateOperation) @@ -71,16 +70,16 @@ bool KeymasterResponder::ProcessMessage() { HANDLE_MESSAGE(GENERATE_CSR, GenerateCsr) HANDLE_MESSAGE(GENERATE_TIMESTAMP_TOKEN, GenerateTimestampToken) #undef HANDLE_MESSAGE -#define HANDLE_MESSAGE_W_RETURN(ENUM_NAME, METHOD_NAME) \ - case ENUM_NAME: {\ - METHOD_NAME##Request request(keymaster_.message_version()); \ - if (!request.Deserialize(&buffer, end)) { \ - LOG(ERROR) << "Failed to deserialize " #METHOD_NAME "Request"; \ - return false; \ - } \ - auto response = keymaster_.METHOD_NAME(request); \ - return channel_.SendResponse(ENUM_NAME, response); \ - } +#define HANDLE_MESSAGE_W_RETURN(ENUM_NAME, METHOD_NAME) \ + case ENUM_NAME: { \ + METHOD_NAME##Request request(keymaster_.message_version()); \ + if (!request.Deserialize(&buffer, end)) { \ + LOG(ERROR) << "Failed to deserialize " #METHOD_NAME "Request"; \ + return false; \ + } \ + auto response = keymaster_.METHOD_NAME(request); \ + return channel_.SendResponse(ENUM_NAME, response); \ + } HANDLE_MESSAGE_W_RETURN(COMPUTE_SHARED_HMAC, ComputeSharedHmac) HANDLE_MESSAGE_W_RETURN(VERIFY_AUTHORIZATION, VerifyAuthorization) HANDLE_MESSAGE_W_RETURN(DEVICE_LOCKED, DeviceLocked) @@ -92,11 +91,12 @@ bool KeymasterResponder::ProcessMessage() { ConfigureVerifiedBootInfo) #undef HANDLE_MESSAGE_W_RETURN #define HANDLE_MESSAGE_W_RETURN_NO_ARG(ENUM_NAME, METHOD_NAME) \ - case ENUM_NAME: {\ - auto response = keymaster_.METHOD_NAME(); \ - return channel_.SendResponse(ENUM_NAME, response); \ - } - HANDLE_MESSAGE_W_RETURN_NO_ARG(GET_HMAC_SHARING_PARAMETERS, GetHmacSharingParameters) + case ENUM_NAME: { \ + auto response = keymaster_.METHOD_NAME(); \ + return channel_.SendResponse(ENUM_NAME, response); \ + } + HANDLE_MESSAGE_W_RETURN_NO_ARG(GET_HMAC_SHARING_PARAMETERS, + GetHmacSharingParameters) HANDLE_MESSAGE_W_RETURN_NO_ARG(EARLY_BOOT_ENDED, EarlyBootEnded) #undef HANDLE_MESSAGE_W_RETURN_NO_ARG case ADD_RNG_ENTROPY: { @@ -105,7 +105,8 @@ bool KeymasterResponder::ProcessMessage() { LOG(ERROR) << "Failed to deserialize AddEntropyRequest"; return false; } - AddEntropyResponse response(keymaster_.message_version());; + AddEntropyResponse response(keymaster_.message_version()); + ; keymaster_.AddRngEntropy(request, &response); return channel_.SendResponse(ADD_RNG_ENTROPY, response); } diff --git a/host/commands/secure_env/tpm_keymaster_context.cpp b/host/commands/secure_env/tpm_keymaster_context.cpp index 2d4154e20..4a6091501 100644 --- a/host/commands/secure_env/tpm_keymaster_context.cpp +++ b/host/commands/secure_env/tpm_keymaster_context.cpp @@ -82,10 +82,10 @@ TpmKeymasterContext::TpmKeymasterContext( attestation_context_(new TpmAttestationRecordContext), remote_provisioning_context_( new TpmRemoteProvisioningContext(resource_manager_)) { - key_factories_.emplace( - KM_ALGORITHM_RSA, new keymaster::RsaKeyFactory(*key_blob_maker_, *this)); - key_factories_.emplace( - KM_ALGORITHM_EC, new keymaster::EcKeyFactory(*key_blob_maker_, *this)); + key_factories_.emplace(KM_ALGORITHM_RSA, + new keymaster::RsaKeyFactory(*key_blob_maker_, *this)); + key_factories_.emplace(KM_ALGORITHM_EC, + new keymaster::EcKeyFactory(*key_blob_maker_, *this)); key_factories_.emplace( KM_ALGORITHM_AES, new keymaster::AesKeyFactory(*key_blob_maker_, *random_source_)); @@ -110,8 +110,8 @@ keymaster_error_t TpmKeymasterContext::SetSystemVersion( return KM_ERROR_OK; } -void TpmKeymasterContext::GetSystemVersion( - uint32_t* os_version, uint32_t* os_patchlevel) const { +void TpmKeymasterContext::GetSystemVersion(uint32_t* os_version, + uint32_t* os_patchlevel) const { *os_version = os_version_; *os_patchlevel = os_patchlevel_; } @@ -131,7 +131,7 @@ OperationFactory* TpmKeymasterContext::GetOperationFactory( auto key_factory = GetKeyFactory(algorithm); if (key_factory == nullptr) { LOG(ERROR) << "Tried to get operation factory for " << purpose - << " for invalid algorithm " << algorithm; + << " for invalid algorithm " << algorithm; return nullptr; } auto operation_factory = key_factory->GetOperationFactory(purpose); @@ -143,18 +143,16 @@ OperationFactory* TpmKeymasterContext::GetOperationFactory( } const keymaster_algorithm_t* TpmKeymasterContext::GetSupportedAlgorithms( - size_t* algorithms_count) const { + size_t* algorithms_count) const { *algorithms_count = supported_algorithms_.size(); return supported_algorithms_.data(); } -// Based on https://cs.android.com/android/platform/superproject/+/master:system/keymaster/key_blob_utils/software_keyblobs.cpp;l=44;drc=master +// Based on +// https://cs.android.com/android/platform/superproject/+/master:system/keymaster/key_blob_utils/software_keyblobs.cpp;l=44;drc=master -static bool UpgradeIntegerTag( - keymaster_tag_t tag, - uint32_t value, - AuthorizationSet* set, - bool* set_changed) { +static bool UpgradeIntegerTag(keymaster_tag_t tag, uint32_t value, + AuthorizationSet* set, bool* set_changed) { int index = set->find(tag); if (index == -1) { keymaster_key_param_t param; @@ -176,7 +174,8 @@ static bool UpgradeIntegerTag( return true; } -// Based on https://cs.android.com/android/platform/superproject/+/master:system/keymaster/key_blob_utils/software_keyblobs.cpp;l=310;drc=master +// Based on +// https://cs.android.com/android/platform/superproject/+/master:system/keymaster/key_blob_utils/software_keyblobs.cpp;l=310;drc=master keymaster_error_t TpmKeymasterContext::UpgradeKeyBlob( const KeymasterKeyBlob& blob_to_upgrade, @@ -230,8 +229,7 @@ keymaster_error_t TpmKeymasterContext::UpgradeKeyBlob( } keymaster_error_t TpmKeymasterContext::ParseKeyBlob( - const KeymasterKeyBlob& blob, - const AuthorizationSet& additional_params, + const KeymasterKeyBlob& blob, const AuthorizationSet& additional_params, keymaster::UniquePtr<keymaster::Key>* key) const { keymaster::AuthorizationSet hw_enforced; keymaster::AuthorizationSet sw_enforced; @@ -258,21 +256,16 @@ keymaster_error_t TpmKeymasterContext::ParseKeyBlob( LOG(ERROR) << "Unable to find key factory for " << algorithm; return KM_ERROR_UNSUPPORTED_ALGORITHM; } - rc = - factory->LoadKey( - std::move(key_material), - additional_params, - std::move(hw_enforced), - std::move(sw_enforced), - key); + rc = factory->LoadKey(std::move(key_material), additional_params, + std::move(hw_enforced), std::move(sw_enforced), key); if (rc != KM_ERROR_OK) { LOG(ERROR) << "Unable to load unwrapped key: " << rc; } return rc; } -keymaster_error_t TpmKeymasterContext::AddRngEntropy( - const uint8_t* buffer, size_t size) const { +keymaster_error_t TpmKeymasterContext::AddRngEntropy(const uint8_t* buffer, + size_t size) const { return random_source_->AddRngEntropy(buffer, size); } @@ -280,7 +273,8 @@ keymaster::KeymasterEnforcement* TpmKeymasterContext::enforcement_policy() { return &enforcement_; } -// Based on https://cs.android.com/android/platform/superproject/+/master:system/keymaster/contexts/pure_soft_keymaster_context.cpp;l=261;drc=8367d5351c4d417a11f49b12394b63a413faa02d +// Based on +// https://cs.android.com/android/platform/superproject/+/master:system/keymaster/contexts/pure_soft_keymaster_context.cpp;l=261;drc=8367d5351c4d417a11f49b12394b63a413faa02d keymaster::CertificateChain TpmKeymasterContext::GenerateAttestation( const keymaster::Key& key, const keymaster::AuthorizationSet& attest_params, @@ -337,22 +331,25 @@ keymaster::CertificateChain TpmKeymasterContext::GenerateSelfSignedCertificate( const keymaster::Key& key, const keymaster::AuthorizationSet& cert_params, bool fake_signature, keymaster_error_t* error) const { keymaster_algorithm_t key_algorithm; - if (!key.authorizations().GetTagValue(keymaster::TAG_ALGORITHM, &key_algorithm)) { - *error = KM_ERROR_UNKNOWN_ERROR; - return {}; + if (!key.authorizations().GetTagValue(keymaster::TAG_ALGORITHM, + &key_algorithm)) { + *error = KM_ERROR_UNKNOWN_ERROR; + return {}; } if ((key_algorithm != KM_ALGORITHM_RSA && key_algorithm != KM_ALGORITHM_EC)) { - *error = KM_ERROR_INCOMPATIBLE_ALGORITHM; - return {}; + *error = KM_ERROR_INCOMPATIBLE_ALGORITHM; + return {}; } - // We have established that the given key has the correct algorithm, and because this is the - // SoftKeymasterContext we can assume that the Key is an AsymmetricKey. So we can downcast. + // We have established that the given key has the correct algorithm, and + // because this is the SoftKeymasterContext we can assume that the Key is an + // AsymmetricKey. So we can downcast. const keymaster::AsymmetricKey& asymmetric_key = static_cast<const keymaster::AsymmetricKey&>(key); - return generate_self_signed_cert(asymmetric_key, cert_params, fake_signature, error); + return generate_self_signed_cert(asymmetric_key, cert_params, fake_signature, + error); } keymaster_error_t TpmKeymasterContext::UnwrapKey( diff --git a/host/commands/secure_env/tpm_keymaster_context.h b/host/commands/secure_env/tpm_keymaster_context.h index 0029c1d40..afd8f6f1a 100644 --- a/host/commands/secure_env/tpm_keymaster_context.h +++ b/host/commands/secure_env/tpm_keymaster_context.h @@ -38,14 +38,15 @@ class TpmRemoteProvisioningContext; * https://cs.android.com/android/platform/superproject/+/master:system/keymaster/include/keymaster/keymaster_context.h;drc=821acb74d7febb886a9b7cefee4ee3df4cc8c556 */ class TpmKeymasterContext : public keymaster::KeymasterContext { -private: + private: TpmResourceManager& resource_manager_; keymaster::KeymasterEnforcement& enforcement_; std::unique_ptr<TpmKeyBlobMaker> key_blob_maker_; std::unique_ptr<TpmRandomSource> random_source_; std::unique_ptr<TpmAttestationRecordContext> attestation_context_; std::unique_ptr<TpmRemoteProvisioningContext> remote_provisioning_context_; - std::map<keymaster_algorithm_t, std::unique_ptr<keymaster::KeyFactory>> key_factories_; + std::map<keymaster_algorithm_t, std::unique_ptr<keymaster::KeyFactory>> + key_factories_; std::vector<keymaster_algorithm_t> supported_algorithms_; uint32_t os_version_; uint32_t os_patchlevel_; @@ -63,10 +64,10 @@ private: return attestation_context_->GetKmVersion(); } - keymaster_error_t SetSystemVersion( - uint32_t os_version, uint32_t os_patchlevel) override; - void GetSystemVersion( - uint32_t* os_version, uint32_t* os_patchlevel) const override; + keymaster_error_t SetSystemVersion(uint32_t os_version, + uint32_t os_patchlevel) override; + void GetSystemVersion(uint32_t* os_version, + uint32_t* os_patchlevel) const override; const keymaster::KeyFactory* GetKeyFactory( keymaster_algorithm_t algorithm) const override; @@ -86,8 +87,8 @@ private: const keymaster::AuthorizationSet& additional_params, keymaster::UniquePtr<keymaster::Key>* key) const override; - keymaster_error_t AddRngEntropy( - const uint8_t* buf, size_t length) const override; + keymaster_error_t AddRngEntropy(const uint8_t* buf, + size_t length) const override; keymaster::KeymasterEnforcement* enforcement_policy() override; @@ -99,10 +100,8 @@ private: keymaster_error_t* error) const override; keymaster::CertificateChain GenerateSelfSignedCertificate( - const keymaster::Key& key, - const keymaster::AuthorizationSet& cert_params, - bool fake_signature, - keymaster_error_t* error) const override; + const keymaster::Key& key, const keymaster::AuthorizationSet& cert_params, + bool fake_signature, keymaster_error_t* error) const override; keymaster_error_t UnwrapKey( const keymaster::KeymasterKeyBlob& wrapped_key_blob, diff --git a/host/commands/secure_env/tpm_keymaster_enforcement.cpp b/host/commands/secure_env/tpm_keymaster_enforcement.cpp index 60a9a5a28..e73c57bef 100644 --- a/host/commands/secure_env/tpm_keymaster_enforcement.cpp +++ b/host/commands/secure_env/tpm_keymaster_enforcement.cpp @@ -25,11 +25,11 @@ namespace cuttlefish { -using keymaster::km_id_t; using keymaster::HmacSharingParameters; using keymaster::HmacSharingParametersArray; using keymaster::KeymasterBlob; using keymaster::KeymasterEnforcement; +using keymaster::km_id_t; using keymaster::VerifyAuthorizationRequest; using keymaster::VerifyAuthorizationResponse; namespace { @@ -46,9 +46,9 @@ bool operator==(const HmacSharingParameters& a, } } // namespace class CompareHmacSharingParams { -public: - bool operator()( - const HmacSharingParameters& a, const HmacSharingParameters& b) const { + public: + bool operator()(const HmacSharingParameters& a, + const HmacSharingParameters& b) const { if (a.seed.data_length != b.seed.data_length) { return a.seed.data_length < b.seed.data_length; } @@ -86,11 +86,9 @@ TpmKeymasterEnforcement::TpmKeymasterEnforcement( TpmResourceManager& resource_manager, TpmGatekeeper& gatekeeper) : KeymasterEnforcement(64, 64), resource_manager_(resource_manager), - gatekeeper_(gatekeeper) { -} + gatekeeper_(gatekeeper) {} -TpmKeymasterEnforcement::~TpmKeymasterEnforcement() { -} +TpmKeymasterEnforcement::~TpmKeymasterEnforcement() {} bool TpmKeymasterEnforcement::activation_date_valid( uint64_t activation_date) const { @@ -102,10 +100,10 @@ bool TpmKeymasterEnforcement::expiration_date_passed( return expiration_date < get_wall_clock_time_ms(); } -bool TpmKeymasterEnforcement::auth_token_timed_out( - const hw_auth_token_t& token, uint32_t timeout) const { +bool TpmKeymasterEnforcement::auth_token_timed_out(const hw_auth_token_t& token, + uint32_t timeout) const { // timeout comes in seconds, token.timestamp comes in milliseconds - uint64_t timeout_ms = 1000 * (uint64_t) timeout; + uint64_t timeout_ms = 1000 * (uint64_t)timeout; return (be64toh(token.timestamp) + timeout_ms) < get_current_time_ms(); } @@ -132,32 +130,24 @@ bool TpmKeymasterEnforcement::ValidateTokenSignature( * GateKeeper::MintAuthToken */ - const uint8_t *auth_token_key = nullptr; + const uint8_t* auth_token_key = nullptr; uint32_t auth_token_key_len = 0; if (!gatekeeper_.GetAuthTokenKey(&auth_token_key, &auth_token_key_len)) { LOG(WARNING) << "Unable to get gatekeeper auth token"; return false; } + constexpr uint32_t hashable_length = + sizeof(token.version) + sizeof(token.challenge) + sizeof(token.user_id) + + sizeof(token.authenticator_id) + sizeof(token.authenticator_type) + + sizeof(token.timestamp); - constexpr uint32_t hashable_length = sizeof(token.version) + - sizeof(token.challenge) + - sizeof(token.user_id) + - sizeof(token.authenticator_id) + - sizeof(token.authenticator_type) + - sizeof(token.timestamp); - - static_assert( - offsetof(hw_auth_token_t, hmac) == hashable_length, - "hw_auth_token_t does not appear to be packed"); - + static_assert(offsetof(hw_auth_token_t, hmac) == hashable_length, + "hw_auth_token_t does not appear to be packed"); gatekeeper_.ComputeSignature( - comparison_token.hmac, - sizeof(comparison_token.hmac), - auth_token_key, - auth_token_key_len, - reinterpret_cast<uint8_t*>(&comparison_token), + comparison_token.hmac, sizeof(comparison_token.hmac), auth_token_key, + auth_token_key_len, reinterpret_cast<uint8_t*>(&comparison_token), hashable_length); static_assert(sizeof(token.hmac) == sizeof(comparison_token.hmac)); @@ -170,9 +160,8 @@ keymaster_error_t TpmKeymasterEnforcement::GetHmacSharingParameters( if (!have_saved_params_) { saved_params_.seed = {}; TpmRandomSource random_source{resource_manager_.Esys()}; - auto rc = - random_source.GenerateRandom( - saved_params_.nonce, sizeof(saved_params_.nonce)); + auto rc = random_source.GenerateRandom(saved_params_.nonce, + sizeof(saved_params_.nonce)); if (rc != KM_ERROR_OK) { LOG(ERROR) << "Failed to generate HmacSharingParameters nonce"; return rc; @@ -185,18 +174,15 @@ keymaster_error_t TpmKeymasterEnforcement::GetHmacSharingParameters( } keymaster_error_t TpmKeymasterEnforcement::ComputeSharedHmac( - const HmacSharingParametersArray& hmac_array, - KeymasterBlob* sharingCheck) { + const HmacSharingParametersArray& hmac_array, KeymasterBlob* sharingCheck) { std::set<HmacSharingParameters, CompareHmacSharingParams> sorted_hmac_inputs; bool found_mine = false; for (int i = 0; i < hmac_array.num_params; i++) { HmacSharingParameters sharing_params; sharing_params.seed = keymaster::KeymasterBlob(hmac_array.params_array[i].seed); - memcpy( - sharing_params.nonce, - hmac_array.params_array[i].nonce, - sizeof(sharing_params.nonce)); + memcpy(sharing_params.nonce, hmac_array.params_array[i].nonce, + sizeof(sharing_params.nonce)); found_mine = found_mine || (sharing_params == saved_params_); sorted_hmac_inputs.emplace(std::move(sharing_params)); } @@ -218,7 +204,6 @@ keymaster_error_t TpmKeymasterEnforcement::ComputeSharedHmac( } } - auto signing_key_builder = PrimaryKeyBuilder(); signing_key_builder.SigningKey(); signing_key_builder.UniqueData(std::string(unique_data, sizeof(unique_data))); @@ -230,12 +215,9 @@ keymaster_error_t TpmKeymasterEnforcement::ComputeSharedHmac( static const uint8_t signing_input[] = "Keymaster HMAC Verification"; - auto hmac = TpmHmac( - resource_manager_, - signing_key->get(), - TpmAuth(ESYS_TR_PASSWORD), - signing_input, - sizeof(signing_input)); + auto hmac = + TpmHmac(resource_manager_, signing_key->get(), TpmAuth(ESYS_TR_PASSWORD), + signing_input, sizeof(signing_input)); if (!hmac) { LOG(ERROR) << "Unable to complete signing check"; @@ -260,10 +242,10 @@ VerifyAuthorizationResponse TpmKeymasterEnforcement::VerifyAuthorization( response.token.timestamp = get_current_time_ms(); response.token.security_level = SecurityLevel(); - VerificationData verify_data { - .challenge = response.token.challenge, - .timestamp = response.token.timestamp, - .security_level = response.token.security_level, + VerificationData verify_data{ + .challenge = response.token.challenge, + .timestamp = response.token.timestamp, + .security_level = response.token.security_level, }; auto signing_key_builder = PrimaryKeyBuilder(); @@ -274,12 +256,9 @@ VerifyAuthorizationResponse TpmKeymasterEnforcement::VerifyAuthorization( LOG(ERROR) << "Could not make signing key for verifying authorization"; return response; } - auto hmac = TpmHmac( - resource_manager_, - signing_key->get(), - TpmAuth(ESYS_TR_PASSWORD), - reinterpret_cast<uint8_t*>(&verify_data), - sizeof(verify_data)); + auto hmac = + TpmHmac(resource_manager_, signing_key->get(), TpmAuth(ESYS_TR_PASSWORD), + reinterpret_cast<uint8_t*>(&verify_data), sizeof(verify_data)); if (!hmac) { LOG(ERROR) << "Could not calculate verification hmac"; @@ -324,8 +303,8 @@ keymaster_error_t TpmKeymasterEnforcement::GenerateTimestampToken( return KM_ERROR_OK; } -bool TpmKeymasterEnforcement::CreateKeyId( - const keymaster_key_blob_t& key_blob, km_id_t* keyid) const { +bool TpmKeymasterEnforcement::CreateKeyId(const keymaster_key_blob_t& key_blob, + km_id_t* keyid) const { auto signing_key_builder = PrimaryKeyBuilder(); signing_key_builder.SigningKey(); signing_key_builder.UniqueData("key_id"); diff --git a/host/commands/secure_env/tpm_keymaster_enforcement.h b/host/commands/secure_env/tpm_keymaster_enforcement.h index 8db59301c..e1de8c7d8 100644 --- a/host/commands/secure_env/tpm_keymaster_enforcement.h +++ b/host/commands/secure_env/tpm_keymaster_enforcement.h @@ -28,22 +28,22 @@ namespace cuttlefish { * system/keymaster/include/keymaster/keymaster_enforcement.h */ class TpmKeymasterEnforcement : public keymaster::KeymasterEnforcement { -public: - TpmKeymasterEnforcement( - TpmResourceManager& resource_manager, TpmGatekeeper& gatekeeper); + public: + TpmKeymasterEnforcement(TpmResourceManager& resource_manager, + TpmGatekeeper& gatekeeper); ~TpmKeymasterEnforcement(); bool activation_date_valid(uint64_t activation_date) const override; bool expiration_date_passed(uint64_t expiration_date) const override; - bool auth_token_timed_out( - const hw_auth_token_t& token, uint32_t timeout) const override; + bool auth_token_timed_out(const hw_auth_token_t& token, + uint32_t timeout) const override; uint64_t get_current_time_ms() const override; keymaster_security_level_t SecurityLevel() const override; bool ValidateTokenSignature(const hw_auth_token_t& token) const override; keymaster_error_t GetHmacSharingParameters( - keymaster::HmacSharingParameters* params) override; + keymaster::HmacSharingParameters* params) override; keymaster_error_t ComputeSharedHmac( const keymaster::HmacSharingParametersArray& params_array, keymaster::KeymasterBlob* sharingCheck) override; @@ -54,11 +54,10 @@ public: keymaster_error_t GenerateTimestampToken( keymaster::TimestampToken* token) override; - bool CreateKeyId( - const keymaster_key_blob_t& key_blob, - keymaster::km_id_t* keyid) const override; + bool CreateKeyId(const keymaster_key_blob_t& key_blob, + keymaster::km_id_t* keyid) const override; -private: + private: TpmResourceManager& resource_manager_; TpmGatekeeper& gatekeeper_; bool have_saved_params_ = false; |