diff options
author | Nick Bray <ncbray@google.com> | 2018-06-20 15:51:19 -0700 |
---|---|---|
committer | Nick Bray <ncbray@google.com> | 2018-07-26 15:01:35 -0700 |
commit | dc27e3aaa7b2bc73fe97b6abc534ec689c72eb8d (patch) | |
tree | 662b2703907dc4d2cfddb5b13c101baf278e5eb7 | |
parent | 5dc366caaa30e4228f99ab44c68cbd071e1c8a80 (diff) | |
download | gatekeeper-dc27e3aaa7b2bc73fe97b6abc534ec689c72eb8d.tar.gz |
Enable pre-upload clang formatting.
Also re-format the code with clang format.
Bug: 110489128
Change-Id: I56075cab57be2d929d6481c92934fb94f839c81e
-rw-r--r-- | .clang-format | 24 | ||||
-rw-r--r-- | PREUPLOAD.cfg | 7 | ||||
-rw-r--r-- | ipc/gatekeeper_ipc.cpp | 141 | ||||
-rw-r--r-- | ipc/gatekeeper_ipc.h | 9 | ||||
-rw-r--r-- | manifest.c | 25 | ||||
-rw-r--r-- | trusty_gatekeeper.cpp | 93 | ||||
-rw-r--r-- | trusty_gatekeeper.h | 66 |
7 files changed, 216 insertions, 149 deletions
diff --git a/.clang-format b/.clang-format new file mode 100644 index 0000000..97e6791 --- /dev/null +++ b/.clang-format @@ -0,0 +1,24 @@ +# Trusty Style +# This is a Google-derived style with 4-space indent and a few quirks for +# systems code. +BasedOnStyle: Chromium + +# 4-space indent, no tabs. +IndentWidth: 4 +UseTab: Never +TabWidth: 4 + +# Double indent arguments when none of them are on the first line. +ContinuationIndentWidth: 8 +ConstructorInitializerIndentWidth: 8 + +# Don't indent public/private/protected. +# It's a little more common to do a half indent, but folks didn't like that. +AccessModifierOffset: -4 + +# Don't indent case labels. +IndentCaseLabels: false + +# Don't break strings to make it easier to grep for error messages. +# Note: this can result in lines that exceed the column limit. +BreakStringLiterals: false diff --git a/PREUPLOAD.cfg b/PREUPLOAD.cfg new file mode 100644 index 0000000..587b0de --- /dev/null +++ b/PREUPLOAD.cfg @@ -0,0 +1,7 @@ +[Builtin Hooks] +clang_format = true +commit_msg_bug_field = true +commit_msg_changeid_field = true + +[Builtin Hooks Options] +clang_format = --commit ${PREUPLOAD_COMMIT} --style file --extensions c,h,cc,cpp diff --git a/ipc/gatekeeper_ipc.cpp b/ipc/gatekeeper_ipc.cpp index 7e6c58b..30bb6b2 100644 --- a/ipc/gatekeeper_ipc.cpp +++ b/ipc/gatekeeper_ipc.cpp @@ -14,27 +14,23 @@ * limitations under the License. */ +#include <stdio.h> #include <stdlib.h> #include <string.h> -#include <stdio.h> #include <trusty_ipc.h> #include <uapi/err.h> -#include "trusty_gatekeeper.h" #include "gatekeeper_ipc.h" +#include "trusty_gatekeeper.h" using namespace gatekeeper; -TrustyGateKeeper *device; +TrustyGateKeeper* device; class SessionManager { - public: - SessionManager(long* err) { - *err = device->OpenSession(); - } - ~SessionManager() { - device->CloseSession(); - } +public: + SessionManager(long* err) { *err = device->OpenSession(); } + ~SessionManager() { device->CloseSession(); } }; class MessageDeleter { @@ -44,34 +40,34 @@ public: id_ = id; } - ~MessageDeleter() { - put_msg(chan_, id_); - } + ~MessageDeleter() { put_msg(chan_, id_); } private: handle_t chan_; int id_; }; - static gatekeeper_error_t tipc_err_to_gatekeeper_err(long tipc_err) { switch (tipc_err) { - case NO_ERROR: - return ERROR_NONE; - case ERR_BAD_LEN: - case ERR_NOT_VALID: - case ERR_NOT_IMPLEMENTED: - case ERR_NOT_SUPPORTED: - return ERROR_INVALID; - default: - return ERROR_UNKNOWN; + case NO_ERROR: + return ERROR_NONE; + case ERR_BAD_LEN: + case ERR_NOT_VALID: + case ERR_NOT_IMPLEMENTED: + case ERR_NOT_SUPPORTED: + return ERROR_INVALID; + default: + return ERROR_UNKNOWN; } } template <typename Request, typename Response> -static gatekeeper_error_t exec_cmd(void (GateKeeper::*operation)(const Request&, Response*), - uint8_t *in_buf, uint32_t in_size, - UniquePtr<uint8_t[]> *out_buf, uint32_t *out_size) { +static gatekeeper_error_t exec_cmd(void (GateKeeper::*operation)(const Request&, + Response*), + uint8_t* in_buf, + uint32_t in_size, + UniquePtr<uint8_t[]>* out_buf, + uint32_t* out_size) { long rc; SessionManager sm(&rc); if (rc != NO_ERROR) @@ -100,7 +96,8 @@ static gatekeeper_error_t exec_cmd(void (GateKeeper::*operation)(const Request&, return ERROR_UNKNOWN; } - if(rsp.Serialize(out_buf->get(), out_buf->get() + *out_size) != *out_size) { + if (rsp.Serialize(out_buf->get(), out_buf->get() + *out_size) != + *out_size) { TLOGE("error serializing response message\n"); return ERROR_UNKNOWN; } @@ -108,29 +105,33 @@ static gatekeeper_error_t exec_cmd(void (GateKeeper::*operation)(const Request&, return ERROR_NONE; } -static gatekeeper_error_t handle_request(uint32_t cmd, uint8_t *in_buf, uint32_t in_buf_size, - UniquePtr<uint8_t[]> *out_buf, uint32_t *out_buf_size) { +static gatekeeper_error_t handle_request(uint32_t cmd, + uint8_t* in_buf, + uint32_t in_buf_size, + UniquePtr<uint8_t[]>* out_buf, + uint32_t* out_buf_size) { switch (cmd) { - case GK_ENROLL: - return exec_cmd(&GateKeeper::Enroll, in_buf, in_buf_size, - out_buf, out_buf_size); - case GK_VERIFY: - return exec_cmd(&GateKeeper::Verify, in_buf, in_buf_size, - out_buf, out_buf_size); - default: - return ERROR_INVALID; + case GK_ENROLL: + return exec_cmd(&GateKeeper::Enroll, in_buf, in_buf_size, out_buf, + out_buf_size); + case GK_VERIFY: + return exec_cmd(&GateKeeper::Verify, in_buf, in_buf_size, out_buf, + out_buf_size); + default: + return ERROR_INVALID; } } - static gatekeeper_error_t send_response(handle_t chan, - uint32_t cmd, uint8_t *out_buf, uint32_t out_buf_size) { - struct gatekeeper_message gk_msg = { cmd | GK_RESP_BIT, {}}; + uint32_t cmd, + uint8_t* out_buf, + uint32_t out_buf_size) { + struct gatekeeper_message gk_msg = {cmd | GK_RESP_BIT, {}}; iovec_t iov[2] = { - { &gk_msg, sizeof(gk_msg) }, - { out_buf, out_buf_size }, + {&gk_msg, sizeof(gk_msg)}, + {out_buf, out_buf_size}, }; - ipc_msg_t msg = { 2, iov, 0, NULL }; + ipc_msg_t msg = {2, iov, 0, NULL}; /* send message back to the caller */ long rc = send_msg(chan, &msg); @@ -144,10 +145,12 @@ static gatekeeper_error_t send_response(handle_t chan, return ERROR_NONE; } -static gatekeeper_error_t send_error_response(handle_t chan, uint32_t cmd, gatekeeper_error_t err) { +static gatekeeper_error_t send_error_response(handle_t chan, + uint32_t cmd, + gatekeeper_error_t err) { GateKeeperMessage msg(err); size_t serialized_size = msg.GetSerializedSize(); - uint8_t *out_buf = new uint8_t[serialized_size]; + uint8_t* out_buf = new uint8_t[serialized_size]; if (out_buf == NULL) { return ERROR_UNKNOWN; } @@ -159,7 +162,6 @@ static gatekeeper_error_t send_error_response(handle_t chan, uint32_t cmd, gatek return rc; } - static long handle_msg(handle_t chan) { /* get message info */ ipc_msg_info_t msg_inf; @@ -170,8 +172,8 @@ static long handle_msg(handle_t chan) { // fatal error if (rc != NO_ERROR) { - TLOGE("failed (%ld) to get_msg for chan (%d), closing connection\n", - rc, chan); + TLOGE("failed (%ld) to get_msg for chan (%d), closing connection\n", rc, + chan); return rc; } @@ -180,8 +182,8 @@ static long handle_msg(handle_t chan) { UniquePtr<uint8_t[]> msg_buf(new uint8_t[msg_inf.len]); /* read msg content */ - iovec_t iov = { msg_buf.get(), msg_inf.len }; - ipc_msg_t msg = { 1, &iov, 0, NULL} ; + iovec_t iov = {msg_buf.get(), msg_inf.len}; + ipc_msg_t msg = {1, &iov, 0, NULL}; rc = read_msg(chan, msg_inf.id, 0, &msg); @@ -190,24 +192,26 @@ static long handle_msg(handle_t chan) { return rc; } - if(((size_t)rc) < sizeof(gatekeeper_message)) { - TLOGE("invalid message of size (%zu) for chan (%d)\n", - (size_t)rc, chan); + if (((size_t)rc) < sizeof(gatekeeper_message)) { + TLOGE("invalid message of size (%zu) for chan (%d)\n", (size_t)rc, + chan); return ERROR_INVALID; } /* get request command */ - gatekeeper_message *gk_msg = - reinterpret_cast<struct gatekeeper_message *>(msg_buf.get()); + gatekeeper_message* gk_msg = + reinterpret_cast<struct gatekeeper_message*>(msg_buf.get()); UniquePtr<uint8_t[]> out_buf; uint32_t out_buf_size = 0; rc = handle_request(gk_msg->cmd, gk_msg->payload, - msg_inf.len - sizeof(gatekeeper_message), &out_buf, &out_buf_size); + msg_inf.len - sizeof(gatekeeper_message), &out_buf, + &out_buf_size); if (rc < 0) { TLOGE("unable (%ld) to handle request", rc); - return send_error_response(chan, gk_msg->cmd, tipc_err_to_gatekeeper_err(rc)); + return send_error_response(chan, gk_msg->cmd, + tipc_err_to_gatekeeper_err(rc)); } rc = send_response(chan, gk_msg->cmd, out_buf.get(), out_buf_size); @@ -219,14 +223,13 @@ static long handle_msg(handle_t chan) { return rc; } -static void gatekeeper_handle_port(uevent_t *ev) { +static void gatekeeper_handle_port(uevent_t* ev) { if ((ev->event & IPC_HANDLE_POLL_ERROR) || (ev->event & IPC_HANDLE_POLL_HUP) || (ev->event & IPC_HANDLE_POLL_MSG) || (ev->event & IPC_HANDLE_POLL_SEND_UNBLOCKED)) { /* should never happen with port handles */ - TLOGE("error event (0x%x) for port (%d)\n", - ev->event, ev->handle); + TLOGE("error event (0x%x) for port (%d)\n", ev->event, ev->handle); abort(); } @@ -235,19 +238,17 @@ static void gatekeeper_handle_port(uevent_t *ev) { /* incoming connection: accept it */ int rc = accept(ev->handle, &peer_uuid); if (rc < 0) { - TLOGE("failed (%d) to accept on port %d\n", - rc, ev->handle); + TLOGE("failed (%d) to accept on port %d\n", rc, ev->handle); return; } } } -static void gatekeeper_handle_channel(uevent_t *ev) { +static void gatekeeper_handle_channel(uevent_t* ev) { if ((ev->event & IPC_HANDLE_POLL_ERROR) || (ev->event & IPC_HANDLE_POLL_READY)) { /* close it as it is in an error state */ - TLOGE("error event (0x%x) for chan (%d)\n", - ev->event, ev->handle); + TLOGE("error event (0x%x) for chan (%d)\n", ev->event, ev->handle); abort(); } @@ -257,7 +258,8 @@ static void gatekeeper_handle_channel(uevent_t *ev) { long rc = handle_msg(chan); if (rc != NO_ERROR) { /* report an error and close channel */ - TLOGE("failed (%ld) to handle event on channel %d\n", rc, ev->handle); + TLOGE("failed (%ld) to handle event on channel %d\n", rc, + ev->handle); close(chan); } } @@ -267,7 +269,6 @@ static void gatekeeper_handle_channel(uevent_t *ev) { close(chan); return; } - } static long gatekeeper_ipc_init(void) { @@ -275,7 +276,7 @@ static long gatekeeper_ipc_init(void) { /* Initialize service */ rc = port_create(GATEKEEPER_PORT, 1, GATEKEEPER_MAX_BUFFER_LENGTH, - IPC_PORT_ALLOW_NS_CONNECT); + IPC_PORT_ALLOW_NS_CONNECT); if (rc < 0) { TLOGE("Failed (%d) to create port %s\n", rc, GATEKEEPER_PORT); } @@ -297,12 +298,12 @@ int main(void) { return rc; } - handle_t port = (handle_t) rc; + handle_t port = (handle_t)rc; /* enter main event loop */ while (true) { event.handle = INVALID_IPC_HANDLE; - event.event = 0; + event.event = 0; event.cookie = NULL; rc = wait_any(&event, -1); diff --git a/ipc/gatekeeper_ipc.h b/ipc/gatekeeper_ipc.h index ed86419..086cf9c 100644 --- a/ipc/gatekeeper_ipc.h +++ b/ipc/gatekeeper_ipc.h @@ -18,11 +18,11 @@ #define GATEKEEPER_MAX_BUFFER_LENGTH 1024 enum gatekeeper_command { - GK_REQ_SHIFT = 1, - GK_RESP_BIT = 1, + GK_REQ_SHIFT = 1, + GK_RESP_BIT = 1, - GK_ENROLL = (0 << GK_REQ_SHIFT), - GK_VERIFY = (1 << GK_REQ_SHIFT), + GK_ENROLL = (0 << GK_REQ_SHIFT), + GK_VERIFY = (1 << GK_REQ_SHIFT), }; /** @@ -35,4 +35,3 @@ struct gatekeeper_message { uint32_t cmd; uint8_t payload[0]; }; - @@ -17,19 +17,20 @@ #include <trusty_app_manifest.h> // TODO: generate my own UUID -trusty_app_manifest_t TRUSTY_APP_MANIFEST_ATTRS trusty_app_manifest = -{ +trusty_app_manifest_t TRUSTY_APP_MANIFEST_ATTRS trusty_app_manifest = { - /* UUID : {38ba0cdc-df0e-11e4-9869-233fb6ae4795} */ - { 0x38ba0cdc, 0xdf0e, 0x11e4, - { 0x98, 0x69, 0x23, 0x3f, 0xb6, 0xae, 0x47, 0x95 } }, + /* UUID : {38ba0cdc-df0e-11e4-9869-233fb6ae4795} */ + {0x38ba0cdc, + 0xdf0e, + 0x11e4, + {0x98, 0x69, 0x23, 0x3f, 0xb6, 0xae, 0x47, 0x95}}, - /* optional configuration options here */ - { - /* openssl need a larger heap */ - TRUSTY_APP_CONFIG_MIN_HEAP_SIZE(2 * 4096), + /* optional configuration options here */ + { + /* openssl need a larger heap */ + TRUSTY_APP_CONFIG_MIN_HEAP_SIZE(2 * 4096), - /* openssl need a larger stack */ - TRUSTY_APP_CONFIG_MIN_STACK_SIZE(1 * 4096), - }, + /* openssl need a larger stack */ + TRUSTY_APP_CONFIG_MIN_STACK_SIZE(1 * 4096), + }, }; diff --git a/trusty_gatekeeper.cpp b/trusty_gatekeeper.cpp index a5a9845..248540e 100644 --- a/trusty_gatekeeper.cpp +++ b/trusty_gatekeeper.cpp @@ -27,7 +27,7 @@ #include <openssl/hmac.h> #define CALLS_BETWEEN_RNG_RESEEDS 32 -#define RNG_RESEED_SIZE 64 +#define RNG_RESEED_SIZE 64 #define HMAC_SHA_256_KEY_SIZE 32 @@ -39,7 +39,8 @@ namespace gatekeeper { -static const uint8_t DERIVATION_DATA[HMAC_SHA_256_KEY_SIZE] = "TrustyGateKeeperDerivationData0"; +static const uint8_t DERIVATION_DATA[HMAC_SHA_256_KEY_SIZE] = + "TrustyGateKeeperDerivationData0"; TrustyGateKeeper::TrustyGateKeeper() : GateKeeper() { rng_initialized_ = false; @@ -95,13 +96,13 @@ long TrustyGateKeeper::DeriveMasterKey() { return rc; } - hwkey_session_t session = (hwkey_session_t) rc; + hwkey_session_t session = (hwkey_session_t)rc; master_key_.reset(new uint8_t[HMAC_SHA_256_KEY_SIZE]); uint32_t kdf_version = HWKEY_KDF_VERSION_1; rc = hwkey_derive(session, &kdf_version, DERIVATION_DATA, master_key_.get(), - HMAC_SHA_256_KEY_SIZE); + HMAC_SHA_256_KEY_SIZE); hwkey_close(session); return rc; @@ -112,8 +113,8 @@ void TrustyGateKeeper::ClearMasterKey() { master_key_.reset(); } -bool TrustyGateKeeper::GetAuthTokenKey(const uint8_t **auth_token_key, - size_t *length) const { +bool TrustyGateKeeper::GetAuthTokenKey(const uint8_t** auth_token_key, + size_t* length) const { *length = 0; *auth_token_key = NULL; @@ -122,9 +123,9 @@ bool TrustyGateKeeper::GetAuthTokenKey(const uint8_t **auth_token_key, return false; } - keymaster_session_t session = (keymaster_session_t) rc; + keymaster_session_t session = (keymaster_session_t)rc; - uint8_t *key = NULL; + uint8_t* key = NULL; uint32_t local_length = 0; rc = keymaster_get_auth_token_key(session, &key, &local_length); @@ -139,36 +140,46 @@ bool TrustyGateKeeper::GetAuthTokenKey(const uint8_t **auth_token_key, } } -void TrustyGateKeeper::GetPasswordKey(const uint8_t **password_key, size_t *length) { - *password_key = const_cast<const uint8_t *>(master_key_.get()); +void TrustyGateKeeper::GetPasswordKey(const uint8_t** password_key, + size_t* length) { + *password_key = const_cast<const uint8_t*>(master_key_.get()); *length = HMAC_SHA_256_KEY_SIZE; } -void TrustyGateKeeper::ComputePasswordSignature(uint8_t *signature, size_t signature_length, - const uint8_t *key, size_t key_length, const uint8_t *password, - size_t password_length, salt_t salt) const { +void TrustyGateKeeper::ComputePasswordSignature(uint8_t* signature, + size_t signature_length, + const uint8_t* key, + size_t key_length, + const uint8_t* password, + size_t password_length, + salt_t salt) const { // todo: heap allocate uint8_t salted_password[password_length + sizeof(salt)]; memcpy(salted_password, &salt, sizeof(salt)); memcpy(salted_password + sizeof(salt), password, password_length); - ComputeSignature(signature, signature_length, key, key_length, salted_password, - password_length + sizeof(salt)); + ComputeSignature(signature, signature_length, key, key_length, + salted_password, password_length + sizeof(salt)); } -void TrustyGateKeeper::GetRandom(void *random, size_t requested_size) const { - if (random == NULL) return; +void TrustyGateKeeper::GetRandom(void* random, size_t requested_size) const { + if (random == NULL) + return; trusty_rng_secure_rand(reinterpret_cast<uint8_t*>(random), requested_size); } -void TrustyGateKeeper::ComputeSignature(uint8_t *signature, size_t signature_length, - const uint8_t *key, size_t key_length, const uint8_t *message, - const size_t length) const { +void TrustyGateKeeper::ComputeSignature(uint8_t* signature, + size_t signature_length, + const uint8_t* key, + size_t key_length, + const uint8_t* message, + const size_t length) const { uint8_t buf[HMAC_SHA_256_KEY_SIZE]; size_t buf_len; HMAC(EVP_sha256(), key, key_length, message, length, buf, &buf_len); size_t to_write = buf_len; - if (buf_len > signature_length) to_write = signature_length; + if (buf_len > signature_length) + to_write = signature_length; memset(signature, 0, signature_length); memcpy(signature, buf, to_write); } @@ -177,16 +188,16 @@ uint64_t TrustyGateKeeper::GetMillisecondsSinceBoot() const { status_t rc; int64_t secure_time_ns = 0; rc = gettime(0, 0, &secure_time_ns); - if (rc != NO_ERROR){ + if (rc != NO_ERROR) { secure_time_ns = 0; TLOGE("%s Error:[0x%x].\n", __func__, rc); } return secure_time_ns / 1000 / 1000; } -bool TrustyGateKeeper::GetSecureFailureRecord(uint32_t uid, secure_id_t user_id, - failure_record_t *record) { - +bool TrustyGateKeeper::GetSecureFailureRecord(uint32_t uid, + secure_id_t user_id, + failure_record_t* record) { storage_session_t session; int rc = storage_open_session(&session, STORAGE_CLIENT_TD_PORT); if (rc < 0) { @@ -216,14 +227,14 @@ bool TrustyGateKeeper::GetSecureFailureRecord(uint32_t uid, secure_id_t user_id, return false; } - if ((size_t) rc < sizeof(owner_record)) { + if ((size_t)rc < sizeof(owner_record)) { TLOGE("Error: invalid object size [%d].\n", rc); return false; } if (owner_record.secure_user_id != user_id) { TLOGE("Error:[%llu != %llu] secure storage corrupt.\n", - owner_record.secure_user_id, user_id); + owner_record.secure_user_id, user_id); return false; } @@ -231,8 +242,10 @@ bool TrustyGateKeeper::GetSecureFailureRecord(uint32_t uid, secure_id_t user_id, return true; } -bool TrustyGateKeeper::GetFailureRecord(uint32_t uid, secure_id_t user_id, failure_record_t *record, - bool secure) { +bool TrustyGateKeeper::GetFailureRecord(uint32_t uid, + secure_id_t user_id, + failure_record_t* record, + bool secure) { if (secure) { return GetSecureFailureRecord(uid, user_id, record); } else { @@ -240,7 +253,9 @@ bool TrustyGateKeeper::GetFailureRecord(uint32_t uid, secure_id_t user_id, failu } } -bool TrustyGateKeeper::ClearFailureRecord(uint32_t uid, secure_id_t user_id, bool secure) { +bool TrustyGateKeeper::ClearFailureRecord(uint32_t uid, + secure_id_t user_id, + bool secure) { failure_record_t record; record.secure_user_id = user_id; record.last_checked_timestamp = 0; @@ -248,7 +263,8 @@ bool TrustyGateKeeper::ClearFailureRecord(uint32_t uid, secure_id_t user_id, boo return WriteFailureRecord(uid, &record, secure); } -bool TrustyGateKeeper::WriteSecureFailureRecord(uint32_t uid, failure_record_t *record) { +bool TrustyGateKeeper::WriteSecureFailureRecord(uint32_t uid, + failure_record_t* record) { storage_session_t session; int rc = storage_open_session(&session, STORAGE_CLIENT_TD_PORT); if (rc < 0) { @@ -277,7 +293,7 @@ bool TrustyGateKeeper::WriteSecureFailureRecord(uint32_t uid, failure_record_t * return false; } - if ((size_t) rc < sizeof(*record)) { + if ((size_t)rc < sizeof(*record)) { TLOGE("Error: invalid object size [%d].\n", rc); return false; } @@ -285,7 +301,9 @@ bool TrustyGateKeeper::WriteSecureFailureRecord(uint32_t uid, failure_record_t * return true; } -bool TrustyGateKeeper::WriteFailureRecord(uint32_t uid, failure_record_t *record, bool secure) { +bool TrustyGateKeeper::WriteFailureRecord(uint32_t uid, + failure_record_t* record, + bool secure) { if (secure) { return WriteSecureFailureRecord(uid, record); } else { @@ -299,14 +317,15 @@ bool TrustyGateKeeper::IsHardwareBacked() const { void TrustyGateKeeper::InitMemoryRecords() { if (!mem_records_.get()) { - failure_record_t *mem_recs = new failure_record_t[MAX_FAILURE_RECORDS]; + failure_record_t* mem_recs = new failure_record_t[MAX_FAILURE_RECORDS]; memset(mem_recs, 0, sizeof(*mem_recs)); mem_records_.reset(mem_recs); num_mem_records_ = 0; } } -bool TrustyGateKeeper::GetMemoryRecord(secure_id_t user_id, failure_record_t *record) { +bool TrustyGateKeeper::GetMemoryRecord(secure_id_t user_id, + failure_record_t* record) { InitMemoryRecords(); for (int i = 0; i < num_mem_records_; i++) { @@ -323,7 +342,7 @@ bool TrustyGateKeeper::GetMemoryRecord(secure_id_t user_id, failure_record_t *re return true; } -bool TrustyGateKeeper::WriteMemoryRecord(failure_record_t *record) { +bool TrustyGateKeeper::WriteMemoryRecord(failure_record_t* record) { InitMemoryRecords(); int idx = 0; @@ -351,4 +370,4 @@ bool TrustyGateKeeper::WriteMemoryRecord(failure_record_t *record) { return true; } -} +} // namespace gatekeeper diff --git a/trusty_gatekeeper.h b/trusty_gatekeeper.h index 2924b34..9466da5 100644 --- a/trusty_gatekeeper.h +++ b/trusty_gatekeeper.h @@ -23,11 +23,11 @@ #define LOG_TAG "trusty_gatekeeper" #define TLOGE(fmt, ...) \ - fprintf(stderr, "%s: %d: " fmt, LOG_TAG, __LINE__, ## __VA_ARGS__) + fprintf(stderr, "%s: %d: " fmt, LOG_TAG, __LINE__, ##__VA_ARGS__) #if LOCAL_TRACE #define TLOGI(fmt, ...) \ - fprintf(stderr, "%s: %d: " fmt, LOG_TAG, __LINE__, ## __VA_ARGS__) + fprintf(stderr, "%s: %d: " fmt, LOG_TAG, __LINE__, ##__VA_ARGS__) #else #define TLOGI(fmt, ...) #endif @@ -40,27 +40,42 @@ public: long OpenSession(); void CloseSession(); + protected: // See gatekeeper/gatekeeper.h for documentation - virtual bool GetAuthTokenKey(const uint8_t **auth_token_key, size_t *length) const; - - virtual void GetPasswordKey(const uint8_t **password_key, size_t *length); - - virtual void ComputePasswordSignature(uint8_t *signature, size_t signature_length, - const uint8_t *key, size_t key_length, const uint8_t *password, - size_t password_length, salt_t salt) const; - - virtual void GetRandom(void *random, size_t requested_size) const; - virtual void ComputeSignature(uint8_t *signature, size_t signature_length, - const uint8_t *key, size_t key_length, const uint8_t *message, - const size_t length) const; + virtual bool GetAuthTokenKey(const uint8_t** auth_token_key, + size_t* length) const; + + virtual void GetPasswordKey(const uint8_t** password_key, size_t* length); + + virtual void ComputePasswordSignature(uint8_t* signature, + size_t signature_length, + const uint8_t* key, + size_t key_length, + const uint8_t* password, + size_t password_length, + salt_t salt) const; + + virtual void GetRandom(void* random, size_t requested_size) const; + virtual void ComputeSignature(uint8_t* signature, + size_t signature_length, + const uint8_t* key, + size_t key_length, + const uint8_t* message, + const size_t length) const; virtual uint64_t GetMillisecondsSinceBoot() const; - virtual bool GetFailureRecord(uint32_t uid, secure_id_t user_id, failure_record_t *record, - bool secure); - virtual bool WriteFailureRecord(uint32_t uid, failure_record_t *record, bool secure); - virtual bool ClearFailureRecord(uint32_t uid, secure_id_t user_id, bool secure); + virtual bool GetFailureRecord(uint32_t uid, + secure_id_t user_id, + failure_record_t* record, + bool secure); + virtual bool WriteFailureRecord(uint32_t uid, + failure_record_t* record, + bool secure); + virtual bool ClearFailureRecord(uint32_t uid, + secure_id_t user_id, + bool secure); virtual bool IsHardwareBacked() const; @@ -73,11 +88,12 @@ private: void ClearMasterKey(); void InitMemoryRecords(); - bool GetMemoryRecord(secure_id_t user_id, failure_record_t *record); - bool WriteMemoryRecord(failure_record_t *record); - bool GetSecureFailureRecord(uint32_t uid, secure_id_t user_id, - failure_record_t *record); - bool WriteSecureFailureRecord(uint32_t uid, failure_record_t *record); + bool GetMemoryRecord(secure_id_t user_id, failure_record_t* record); + bool WriteMemoryRecord(failure_record_t* record); + bool GetSecureFailureRecord(uint32_t uid, + secure_id_t user_id, + failure_record_t* record); + bool WriteSecureFailureRecord(uint32_t uid, failure_record_t* record); UniquePtr<uint8_t[]> master_key_; bool rng_initialized_; @@ -87,6 +103,6 @@ private: UniquePtr<failure_record_t[]> mem_records_; }; -} +} // namespace gatekeeper -#endif // TRUSTY_GATEKEEPER_H_ +#endif // TRUSTY_GATEKEEPER_H_ |