summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNick Bray <ncbray@google.com>2018-06-20 15:51:19 -0700
committerNick Bray <ncbray@google.com>2018-07-26 15:01:35 -0700
commitdc27e3aaa7b2bc73fe97b6abc534ec689c72eb8d (patch)
tree662b2703907dc4d2cfddb5b13c101baf278e5eb7
parent5dc366caaa30e4228f99ab44c68cbd071e1c8a80 (diff)
downloadgatekeeper-dc27e3aaa7b2bc73fe97b6abc534ec689c72eb8d.tar.gz
Enable pre-upload clang formatting.
Also re-format the code with clang format. Bug: 110489128 Change-Id: I56075cab57be2d929d6481c92934fb94f839c81e
-rw-r--r--.clang-format24
-rw-r--r--PREUPLOAD.cfg7
-rw-r--r--ipc/gatekeeper_ipc.cpp141
-rw-r--r--ipc/gatekeeper_ipc.h9
-rw-r--r--manifest.c25
-rw-r--r--trusty_gatekeeper.cpp93
-rw-r--r--trusty_gatekeeper.h66
7 files changed, 216 insertions, 149 deletions
diff --git a/.clang-format b/.clang-format
new file mode 100644
index 0000000..97e6791
--- /dev/null
+++ b/.clang-format
@@ -0,0 +1,24 @@
+# Trusty Style
+# This is a Google-derived style with 4-space indent and a few quirks for
+# systems code.
+BasedOnStyle: Chromium
+
+# 4-space indent, no tabs.
+IndentWidth: 4
+UseTab: Never
+TabWidth: 4
+
+# Double indent arguments when none of them are on the first line.
+ContinuationIndentWidth: 8
+ConstructorInitializerIndentWidth: 8
+
+# Don't indent public/private/protected.
+# It's a little more common to do a half indent, but folks didn't like that.
+AccessModifierOffset: -4
+
+# Don't indent case labels.
+IndentCaseLabels: false
+
+# Don't break strings to make it easier to grep for error messages.
+# Note: this can result in lines that exceed the column limit.
+BreakStringLiterals: false
diff --git a/PREUPLOAD.cfg b/PREUPLOAD.cfg
new file mode 100644
index 0000000..587b0de
--- /dev/null
+++ b/PREUPLOAD.cfg
@@ -0,0 +1,7 @@
+[Builtin Hooks]
+clang_format = true
+commit_msg_bug_field = true
+commit_msg_changeid_field = true
+
+[Builtin Hooks Options]
+clang_format = --commit ${PREUPLOAD_COMMIT} --style file --extensions c,h,cc,cpp
diff --git a/ipc/gatekeeper_ipc.cpp b/ipc/gatekeeper_ipc.cpp
index 7e6c58b..30bb6b2 100644
--- a/ipc/gatekeeper_ipc.cpp
+++ b/ipc/gatekeeper_ipc.cpp
@@ -14,27 +14,23 @@
* limitations under the License.
*/
+#include <stdio.h>
#include <stdlib.h>
#include <string.h>
-#include <stdio.h>
#include <trusty_ipc.h>
#include <uapi/err.h>
-#include "trusty_gatekeeper.h"
#include "gatekeeper_ipc.h"
+#include "trusty_gatekeeper.h"
using namespace gatekeeper;
-TrustyGateKeeper *device;
+TrustyGateKeeper* device;
class SessionManager {
- public:
- SessionManager(long* err) {
- *err = device->OpenSession();
- }
- ~SessionManager() {
- device->CloseSession();
- }
+public:
+ SessionManager(long* err) { *err = device->OpenSession(); }
+ ~SessionManager() { device->CloseSession(); }
};
class MessageDeleter {
@@ -44,34 +40,34 @@ public:
id_ = id;
}
- ~MessageDeleter() {
- put_msg(chan_, id_);
- }
+ ~MessageDeleter() { put_msg(chan_, id_); }
private:
handle_t chan_;
int id_;
};
-
static gatekeeper_error_t tipc_err_to_gatekeeper_err(long tipc_err) {
switch (tipc_err) {
- case NO_ERROR:
- return ERROR_NONE;
- case ERR_BAD_LEN:
- case ERR_NOT_VALID:
- case ERR_NOT_IMPLEMENTED:
- case ERR_NOT_SUPPORTED:
- return ERROR_INVALID;
- default:
- return ERROR_UNKNOWN;
+ case NO_ERROR:
+ return ERROR_NONE;
+ case ERR_BAD_LEN:
+ case ERR_NOT_VALID:
+ case ERR_NOT_IMPLEMENTED:
+ case ERR_NOT_SUPPORTED:
+ return ERROR_INVALID;
+ default:
+ return ERROR_UNKNOWN;
}
}
template <typename Request, typename Response>
-static gatekeeper_error_t exec_cmd(void (GateKeeper::*operation)(const Request&, Response*),
- uint8_t *in_buf, uint32_t in_size,
- UniquePtr<uint8_t[]> *out_buf, uint32_t *out_size) {
+static gatekeeper_error_t exec_cmd(void (GateKeeper::*operation)(const Request&,
+ Response*),
+ uint8_t* in_buf,
+ uint32_t in_size,
+ UniquePtr<uint8_t[]>* out_buf,
+ uint32_t* out_size) {
long rc;
SessionManager sm(&rc);
if (rc != NO_ERROR)
@@ -100,7 +96,8 @@ static gatekeeper_error_t exec_cmd(void (GateKeeper::*operation)(const Request&,
return ERROR_UNKNOWN;
}
- if(rsp.Serialize(out_buf->get(), out_buf->get() + *out_size) != *out_size) {
+ if (rsp.Serialize(out_buf->get(), out_buf->get() + *out_size) !=
+ *out_size) {
TLOGE("error serializing response message\n");
return ERROR_UNKNOWN;
}
@@ -108,29 +105,33 @@ static gatekeeper_error_t exec_cmd(void (GateKeeper::*operation)(const Request&,
return ERROR_NONE;
}
-static gatekeeper_error_t handle_request(uint32_t cmd, uint8_t *in_buf, uint32_t in_buf_size,
- UniquePtr<uint8_t[]> *out_buf, uint32_t *out_buf_size) {
+static gatekeeper_error_t handle_request(uint32_t cmd,
+ uint8_t* in_buf,
+ uint32_t in_buf_size,
+ UniquePtr<uint8_t[]>* out_buf,
+ uint32_t* out_buf_size) {
switch (cmd) {
- case GK_ENROLL:
- return exec_cmd(&GateKeeper::Enroll, in_buf, in_buf_size,
- out_buf, out_buf_size);
- case GK_VERIFY:
- return exec_cmd(&GateKeeper::Verify, in_buf, in_buf_size,
- out_buf, out_buf_size);
- default:
- return ERROR_INVALID;
+ case GK_ENROLL:
+ return exec_cmd(&GateKeeper::Enroll, in_buf, in_buf_size, out_buf,
+ out_buf_size);
+ case GK_VERIFY:
+ return exec_cmd(&GateKeeper::Verify, in_buf, in_buf_size, out_buf,
+ out_buf_size);
+ default:
+ return ERROR_INVALID;
}
}
-
static gatekeeper_error_t send_response(handle_t chan,
- uint32_t cmd, uint8_t *out_buf, uint32_t out_buf_size) {
- struct gatekeeper_message gk_msg = { cmd | GK_RESP_BIT, {}};
+ uint32_t cmd,
+ uint8_t* out_buf,
+ uint32_t out_buf_size) {
+ struct gatekeeper_message gk_msg = {cmd | GK_RESP_BIT, {}};
iovec_t iov[2] = {
- { &gk_msg, sizeof(gk_msg) },
- { out_buf, out_buf_size },
+ {&gk_msg, sizeof(gk_msg)},
+ {out_buf, out_buf_size},
};
- ipc_msg_t msg = { 2, iov, 0, NULL };
+ ipc_msg_t msg = {2, iov, 0, NULL};
/* send message back to the caller */
long rc = send_msg(chan, &msg);
@@ -144,10 +145,12 @@ static gatekeeper_error_t send_response(handle_t chan,
return ERROR_NONE;
}
-static gatekeeper_error_t send_error_response(handle_t chan, uint32_t cmd, gatekeeper_error_t err) {
+static gatekeeper_error_t send_error_response(handle_t chan,
+ uint32_t cmd,
+ gatekeeper_error_t err) {
GateKeeperMessage msg(err);
size_t serialized_size = msg.GetSerializedSize();
- uint8_t *out_buf = new uint8_t[serialized_size];
+ uint8_t* out_buf = new uint8_t[serialized_size];
if (out_buf == NULL) {
return ERROR_UNKNOWN;
}
@@ -159,7 +162,6 @@ static gatekeeper_error_t send_error_response(handle_t chan, uint32_t cmd, gatek
return rc;
}
-
static long handle_msg(handle_t chan) {
/* get message info */
ipc_msg_info_t msg_inf;
@@ -170,8 +172,8 @@ static long handle_msg(handle_t chan) {
// fatal error
if (rc != NO_ERROR) {
- TLOGE("failed (%ld) to get_msg for chan (%d), closing connection\n",
- rc, chan);
+ TLOGE("failed (%ld) to get_msg for chan (%d), closing connection\n", rc,
+ chan);
return rc;
}
@@ -180,8 +182,8 @@ static long handle_msg(handle_t chan) {
UniquePtr<uint8_t[]> msg_buf(new uint8_t[msg_inf.len]);
/* read msg content */
- iovec_t iov = { msg_buf.get(), msg_inf.len };
- ipc_msg_t msg = { 1, &iov, 0, NULL} ;
+ iovec_t iov = {msg_buf.get(), msg_inf.len};
+ ipc_msg_t msg = {1, &iov, 0, NULL};
rc = read_msg(chan, msg_inf.id, 0, &msg);
@@ -190,24 +192,26 @@ static long handle_msg(handle_t chan) {
return rc;
}
- if(((size_t)rc) < sizeof(gatekeeper_message)) {
- TLOGE("invalid message of size (%zu) for chan (%d)\n",
- (size_t)rc, chan);
+ if (((size_t)rc) < sizeof(gatekeeper_message)) {
+ TLOGE("invalid message of size (%zu) for chan (%d)\n", (size_t)rc,
+ chan);
return ERROR_INVALID;
}
/* get request command */
- gatekeeper_message *gk_msg =
- reinterpret_cast<struct gatekeeper_message *>(msg_buf.get());
+ gatekeeper_message* gk_msg =
+ reinterpret_cast<struct gatekeeper_message*>(msg_buf.get());
UniquePtr<uint8_t[]> out_buf;
uint32_t out_buf_size = 0;
rc = handle_request(gk_msg->cmd, gk_msg->payload,
- msg_inf.len - sizeof(gatekeeper_message), &out_buf, &out_buf_size);
+ msg_inf.len - sizeof(gatekeeper_message), &out_buf,
+ &out_buf_size);
if (rc < 0) {
TLOGE("unable (%ld) to handle request", rc);
- return send_error_response(chan, gk_msg->cmd, tipc_err_to_gatekeeper_err(rc));
+ return send_error_response(chan, gk_msg->cmd,
+ tipc_err_to_gatekeeper_err(rc));
}
rc = send_response(chan, gk_msg->cmd, out_buf.get(), out_buf_size);
@@ -219,14 +223,13 @@ static long handle_msg(handle_t chan) {
return rc;
}
-static void gatekeeper_handle_port(uevent_t *ev) {
+static void gatekeeper_handle_port(uevent_t* ev) {
if ((ev->event & IPC_HANDLE_POLL_ERROR) ||
(ev->event & IPC_HANDLE_POLL_HUP) ||
(ev->event & IPC_HANDLE_POLL_MSG) ||
(ev->event & IPC_HANDLE_POLL_SEND_UNBLOCKED)) {
/* should never happen with port handles */
- TLOGE("error event (0x%x) for port (%d)\n",
- ev->event, ev->handle);
+ TLOGE("error event (0x%x) for port (%d)\n", ev->event, ev->handle);
abort();
}
@@ -235,19 +238,17 @@ static void gatekeeper_handle_port(uevent_t *ev) {
/* incoming connection: accept it */
int rc = accept(ev->handle, &peer_uuid);
if (rc < 0) {
- TLOGE("failed (%d) to accept on port %d\n",
- rc, ev->handle);
+ TLOGE("failed (%d) to accept on port %d\n", rc, ev->handle);
return;
}
}
}
-static void gatekeeper_handle_channel(uevent_t *ev) {
+static void gatekeeper_handle_channel(uevent_t* ev) {
if ((ev->event & IPC_HANDLE_POLL_ERROR) ||
(ev->event & IPC_HANDLE_POLL_READY)) {
/* close it as it is in an error state */
- TLOGE("error event (0x%x) for chan (%d)\n",
- ev->event, ev->handle);
+ TLOGE("error event (0x%x) for chan (%d)\n", ev->event, ev->handle);
abort();
}
@@ -257,7 +258,8 @@ static void gatekeeper_handle_channel(uevent_t *ev) {
long rc = handle_msg(chan);
if (rc != NO_ERROR) {
/* report an error and close channel */
- TLOGE("failed (%ld) to handle event on channel %d\n", rc, ev->handle);
+ TLOGE("failed (%ld) to handle event on channel %d\n", rc,
+ ev->handle);
close(chan);
}
}
@@ -267,7 +269,6 @@ static void gatekeeper_handle_channel(uevent_t *ev) {
close(chan);
return;
}
-
}
static long gatekeeper_ipc_init(void) {
@@ -275,7 +276,7 @@ static long gatekeeper_ipc_init(void) {
/* Initialize service */
rc = port_create(GATEKEEPER_PORT, 1, GATEKEEPER_MAX_BUFFER_LENGTH,
- IPC_PORT_ALLOW_NS_CONNECT);
+ IPC_PORT_ALLOW_NS_CONNECT);
if (rc < 0) {
TLOGE("Failed (%d) to create port %s\n", rc, GATEKEEPER_PORT);
}
@@ -297,12 +298,12 @@ int main(void) {
return rc;
}
- handle_t port = (handle_t) rc;
+ handle_t port = (handle_t)rc;
/* enter main event loop */
while (true) {
event.handle = INVALID_IPC_HANDLE;
- event.event = 0;
+ event.event = 0;
event.cookie = NULL;
rc = wait_any(&event, -1);
diff --git a/ipc/gatekeeper_ipc.h b/ipc/gatekeeper_ipc.h
index ed86419..086cf9c 100644
--- a/ipc/gatekeeper_ipc.h
+++ b/ipc/gatekeeper_ipc.h
@@ -18,11 +18,11 @@
#define GATEKEEPER_MAX_BUFFER_LENGTH 1024
enum gatekeeper_command {
- GK_REQ_SHIFT = 1,
- GK_RESP_BIT = 1,
+ GK_REQ_SHIFT = 1,
+ GK_RESP_BIT = 1,
- GK_ENROLL = (0 << GK_REQ_SHIFT),
- GK_VERIFY = (1 << GK_REQ_SHIFT),
+ GK_ENROLL = (0 << GK_REQ_SHIFT),
+ GK_VERIFY = (1 << GK_REQ_SHIFT),
};
/**
@@ -35,4 +35,3 @@ struct gatekeeper_message {
uint32_t cmd;
uint8_t payload[0];
};
-
diff --git a/manifest.c b/manifest.c
index fa80047..6796462 100644
--- a/manifest.c
+++ b/manifest.c
@@ -17,19 +17,20 @@
#include <trusty_app_manifest.h>
// TODO: generate my own UUID
-trusty_app_manifest_t TRUSTY_APP_MANIFEST_ATTRS trusty_app_manifest =
-{
+trusty_app_manifest_t TRUSTY_APP_MANIFEST_ATTRS trusty_app_manifest = {
- /* UUID : {38ba0cdc-df0e-11e4-9869-233fb6ae4795} */
- { 0x38ba0cdc, 0xdf0e, 0x11e4,
- { 0x98, 0x69, 0x23, 0x3f, 0xb6, 0xae, 0x47, 0x95 } },
+ /* UUID : {38ba0cdc-df0e-11e4-9869-233fb6ae4795} */
+ {0x38ba0cdc,
+ 0xdf0e,
+ 0x11e4,
+ {0x98, 0x69, 0x23, 0x3f, 0xb6, 0xae, 0x47, 0x95}},
- /* optional configuration options here */
- {
- /* openssl need a larger heap */
- TRUSTY_APP_CONFIG_MIN_HEAP_SIZE(2 * 4096),
+ /* optional configuration options here */
+ {
+ /* openssl need a larger heap */
+ TRUSTY_APP_CONFIG_MIN_HEAP_SIZE(2 * 4096),
- /* openssl need a larger stack */
- TRUSTY_APP_CONFIG_MIN_STACK_SIZE(1 * 4096),
- },
+ /* openssl need a larger stack */
+ TRUSTY_APP_CONFIG_MIN_STACK_SIZE(1 * 4096),
+ },
};
diff --git a/trusty_gatekeeper.cpp b/trusty_gatekeeper.cpp
index a5a9845..248540e 100644
--- a/trusty_gatekeeper.cpp
+++ b/trusty_gatekeeper.cpp
@@ -27,7 +27,7 @@
#include <openssl/hmac.h>
#define CALLS_BETWEEN_RNG_RESEEDS 32
-#define RNG_RESEED_SIZE 64
+#define RNG_RESEED_SIZE 64
#define HMAC_SHA_256_KEY_SIZE 32
@@ -39,7 +39,8 @@
namespace gatekeeper {
-static const uint8_t DERIVATION_DATA[HMAC_SHA_256_KEY_SIZE] = "TrustyGateKeeperDerivationData0";
+static const uint8_t DERIVATION_DATA[HMAC_SHA_256_KEY_SIZE] =
+ "TrustyGateKeeperDerivationData0";
TrustyGateKeeper::TrustyGateKeeper() : GateKeeper() {
rng_initialized_ = false;
@@ -95,13 +96,13 @@ long TrustyGateKeeper::DeriveMasterKey() {
return rc;
}
- hwkey_session_t session = (hwkey_session_t) rc;
+ hwkey_session_t session = (hwkey_session_t)rc;
master_key_.reset(new uint8_t[HMAC_SHA_256_KEY_SIZE]);
uint32_t kdf_version = HWKEY_KDF_VERSION_1;
rc = hwkey_derive(session, &kdf_version, DERIVATION_DATA, master_key_.get(),
- HMAC_SHA_256_KEY_SIZE);
+ HMAC_SHA_256_KEY_SIZE);
hwkey_close(session);
return rc;
@@ -112,8 +113,8 @@ void TrustyGateKeeper::ClearMasterKey() {
master_key_.reset();
}
-bool TrustyGateKeeper::GetAuthTokenKey(const uint8_t **auth_token_key,
- size_t *length) const {
+bool TrustyGateKeeper::GetAuthTokenKey(const uint8_t** auth_token_key,
+ size_t* length) const {
*length = 0;
*auth_token_key = NULL;
@@ -122,9 +123,9 @@ bool TrustyGateKeeper::GetAuthTokenKey(const uint8_t **auth_token_key,
return false;
}
- keymaster_session_t session = (keymaster_session_t) rc;
+ keymaster_session_t session = (keymaster_session_t)rc;
- uint8_t *key = NULL;
+ uint8_t* key = NULL;
uint32_t local_length = 0;
rc = keymaster_get_auth_token_key(session, &key, &local_length);
@@ -139,36 +140,46 @@ bool TrustyGateKeeper::GetAuthTokenKey(const uint8_t **auth_token_key,
}
}
-void TrustyGateKeeper::GetPasswordKey(const uint8_t **password_key, size_t *length) {
- *password_key = const_cast<const uint8_t *>(master_key_.get());
+void TrustyGateKeeper::GetPasswordKey(const uint8_t** password_key,
+ size_t* length) {
+ *password_key = const_cast<const uint8_t*>(master_key_.get());
*length = HMAC_SHA_256_KEY_SIZE;
}
-void TrustyGateKeeper::ComputePasswordSignature(uint8_t *signature, size_t signature_length,
- const uint8_t *key, size_t key_length, const uint8_t *password,
- size_t password_length, salt_t salt) const {
+void TrustyGateKeeper::ComputePasswordSignature(uint8_t* signature,
+ size_t signature_length,
+ const uint8_t* key,
+ size_t key_length,
+ const uint8_t* password,
+ size_t password_length,
+ salt_t salt) const {
// todo: heap allocate
uint8_t salted_password[password_length + sizeof(salt)];
memcpy(salted_password, &salt, sizeof(salt));
memcpy(salted_password + sizeof(salt), password, password_length);
- ComputeSignature(signature, signature_length, key, key_length, salted_password,
- password_length + sizeof(salt));
+ ComputeSignature(signature, signature_length, key, key_length,
+ salted_password, password_length + sizeof(salt));
}
-void TrustyGateKeeper::GetRandom(void *random, size_t requested_size) const {
- if (random == NULL) return;
+void TrustyGateKeeper::GetRandom(void* random, size_t requested_size) const {
+ if (random == NULL)
+ return;
trusty_rng_secure_rand(reinterpret_cast<uint8_t*>(random), requested_size);
}
-void TrustyGateKeeper::ComputeSignature(uint8_t *signature, size_t signature_length,
- const uint8_t *key, size_t key_length, const uint8_t *message,
- const size_t length) const {
+void TrustyGateKeeper::ComputeSignature(uint8_t* signature,
+ size_t signature_length,
+ const uint8_t* key,
+ size_t key_length,
+ const uint8_t* message,
+ const size_t length) const {
uint8_t buf[HMAC_SHA_256_KEY_SIZE];
size_t buf_len;
HMAC(EVP_sha256(), key, key_length, message, length, buf, &buf_len);
size_t to_write = buf_len;
- if (buf_len > signature_length) to_write = signature_length;
+ if (buf_len > signature_length)
+ to_write = signature_length;
memset(signature, 0, signature_length);
memcpy(signature, buf, to_write);
}
@@ -177,16 +188,16 @@ uint64_t TrustyGateKeeper::GetMillisecondsSinceBoot() const {
status_t rc;
int64_t secure_time_ns = 0;
rc = gettime(0, 0, &secure_time_ns);
- if (rc != NO_ERROR){
+ if (rc != NO_ERROR) {
secure_time_ns = 0;
TLOGE("%s Error:[0x%x].\n", __func__, rc);
}
return secure_time_ns / 1000 / 1000;
}
-bool TrustyGateKeeper::GetSecureFailureRecord(uint32_t uid, secure_id_t user_id,
- failure_record_t *record) {
-
+bool TrustyGateKeeper::GetSecureFailureRecord(uint32_t uid,
+ secure_id_t user_id,
+ failure_record_t* record) {
storage_session_t session;
int rc = storage_open_session(&session, STORAGE_CLIENT_TD_PORT);
if (rc < 0) {
@@ -216,14 +227,14 @@ bool TrustyGateKeeper::GetSecureFailureRecord(uint32_t uid, secure_id_t user_id,
return false;
}
- if ((size_t) rc < sizeof(owner_record)) {
+ if ((size_t)rc < sizeof(owner_record)) {
TLOGE("Error: invalid object size [%d].\n", rc);
return false;
}
if (owner_record.secure_user_id != user_id) {
TLOGE("Error:[%llu != %llu] secure storage corrupt.\n",
- owner_record.secure_user_id, user_id);
+ owner_record.secure_user_id, user_id);
return false;
}
@@ -231,8 +242,10 @@ bool TrustyGateKeeper::GetSecureFailureRecord(uint32_t uid, secure_id_t user_id,
return true;
}
-bool TrustyGateKeeper::GetFailureRecord(uint32_t uid, secure_id_t user_id, failure_record_t *record,
- bool secure) {
+bool TrustyGateKeeper::GetFailureRecord(uint32_t uid,
+ secure_id_t user_id,
+ failure_record_t* record,
+ bool secure) {
if (secure) {
return GetSecureFailureRecord(uid, user_id, record);
} else {
@@ -240,7 +253,9 @@ bool TrustyGateKeeper::GetFailureRecord(uint32_t uid, secure_id_t user_id, failu
}
}
-bool TrustyGateKeeper::ClearFailureRecord(uint32_t uid, secure_id_t user_id, bool secure) {
+bool TrustyGateKeeper::ClearFailureRecord(uint32_t uid,
+ secure_id_t user_id,
+ bool secure) {
failure_record_t record;
record.secure_user_id = user_id;
record.last_checked_timestamp = 0;
@@ -248,7 +263,8 @@ bool TrustyGateKeeper::ClearFailureRecord(uint32_t uid, secure_id_t user_id, boo
return WriteFailureRecord(uid, &record, secure);
}
-bool TrustyGateKeeper::WriteSecureFailureRecord(uint32_t uid, failure_record_t *record) {
+bool TrustyGateKeeper::WriteSecureFailureRecord(uint32_t uid,
+ failure_record_t* record) {
storage_session_t session;
int rc = storage_open_session(&session, STORAGE_CLIENT_TD_PORT);
if (rc < 0) {
@@ -277,7 +293,7 @@ bool TrustyGateKeeper::WriteSecureFailureRecord(uint32_t uid, failure_record_t *
return false;
}
- if ((size_t) rc < sizeof(*record)) {
+ if ((size_t)rc < sizeof(*record)) {
TLOGE("Error: invalid object size [%d].\n", rc);
return false;
}
@@ -285,7 +301,9 @@ bool TrustyGateKeeper::WriteSecureFailureRecord(uint32_t uid, failure_record_t *
return true;
}
-bool TrustyGateKeeper::WriteFailureRecord(uint32_t uid, failure_record_t *record, bool secure) {
+bool TrustyGateKeeper::WriteFailureRecord(uint32_t uid,
+ failure_record_t* record,
+ bool secure) {
if (secure) {
return WriteSecureFailureRecord(uid, record);
} else {
@@ -299,14 +317,15 @@ bool TrustyGateKeeper::IsHardwareBacked() const {
void TrustyGateKeeper::InitMemoryRecords() {
if (!mem_records_.get()) {
- failure_record_t *mem_recs = new failure_record_t[MAX_FAILURE_RECORDS];
+ failure_record_t* mem_recs = new failure_record_t[MAX_FAILURE_RECORDS];
memset(mem_recs, 0, sizeof(*mem_recs));
mem_records_.reset(mem_recs);
num_mem_records_ = 0;
}
}
-bool TrustyGateKeeper::GetMemoryRecord(secure_id_t user_id, failure_record_t *record) {
+bool TrustyGateKeeper::GetMemoryRecord(secure_id_t user_id,
+ failure_record_t* record) {
InitMemoryRecords();
for (int i = 0; i < num_mem_records_; i++) {
@@ -323,7 +342,7 @@ bool TrustyGateKeeper::GetMemoryRecord(secure_id_t user_id, failure_record_t *re
return true;
}
-bool TrustyGateKeeper::WriteMemoryRecord(failure_record_t *record) {
+bool TrustyGateKeeper::WriteMemoryRecord(failure_record_t* record) {
InitMemoryRecords();
int idx = 0;
@@ -351,4 +370,4 @@ bool TrustyGateKeeper::WriteMemoryRecord(failure_record_t *record) {
return true;
}
-}
+} // namespace gatekeeper
diff --git a/trusty_gatekeeper.h b/trusty_gatekeeper.h
index 2924b34..9466da5 100644
--- a/trusty_gatekeeper.h
+++ b/trusty_gatekeeper.h
@@ -23,11 +23,11 @@
#define LOG_TAG "trusty_gatekeeper"
#define TLOGE(fmt, ...) \
- fprintf(stderr, "%s: %d: " fmt, LOG_TAG, __LINE__, ## __VA_ARGS__)
+ fprintf(stderr, "%s: %d: " fmt, LOG_TAG, __LINE__, ##__VA_ARGS__)
#if LOCAL_TRACE
#define TLOGI(fmt, ...) \
- fprintf(stderr, "%s: %d: " fmt, LOG_TAG, __LINE__, ## __VA_ARGS__)
+ fprintf(stderr, "%s: %d: " fmt, LOG_TAG, __LINE__, ##__VA_ARGS__)
#else
#define TLOGI(fmt, ...)
#endif
@@ -40,27 +40,42 @@ public:
long OpenSession();
void CloseSession();
+
protected:
// See gatekeeper/gatekeeper.h for documentation
- virtual bool GetAuthTokenKey(const uint8_t **auth_token_key, size_t *length) const;
-
- virtual void GetPasswordKey(const uint8_t **password_key, size_t *length);
-
- virtual void ComputePasswordSignature(uint8_t *signature, size_t signature_length,
- const uint8_t *key, size_t key_length, const uint8_t *password,
- size_t password_length, salt_t salt) const;
-
- virtual void GetRandom(void *random, size_t requested_size) const;
- virtual void ComputeSignature(uint8_t *signature, size_t signature_length,
- const uint8_t *key, size_t key_length, const uint8_t *message,
- const size_t length) const;
+ virtual bool GetAuthTokenKey(const uint8_t** auth_token_key,
+ size_t* length) const;
+
+ virtual void GetPasswordKey(const uint8_t** password_key, size_t* length);
+
+ virtual void ComputePasswordSignature(uint8_t* signature,
+ size_t signature_length,
+ const uint8_t* key,
+ size_t key_length,
+ const uint8_t* password,
+ size_t password_length,
+ salt_t salt) const;
+
+ virtual void GetRandom(void* random, size_t requested_size) const;
+ virtual void ComputeSignature(uint8_t* signature,
+ size_t signature_length,
+ const uint8_t* key,
+ size_t key_length,
+ const uint8_t* message,
+ const size_t length) const;
virtual uint64_t GetMillisecondsSinceBoot() const;
- virtual bool GetFailureRecord(uint32_t uid, secure_id_t user_id, failure_record_t *record,
- bool secure);
- virtual bool WriteFailureRecord(uint32_t uid, failure_record_t *record, bool secure);
- virtual bool ClearFailureRecord(uint32_t uid, secure_id_t user_id, bool secure);
+ virtual bool GetFailureRecord(uint32_t uid,
+ secure_id_t user_id,
+ failure_record_t* record,
+ bool secure);
+ virtual bool WriteFailureRecord(uint32_t uid,
+ failure_record_t* record,
+ bool secure);
+ virtual bool ClearFailureRecord(uint32_t uid,
+ secure_id_t user_id,
+ bool secure);
virtual bool IsHardwareBacked() const;
@@ -73,11 +88,12 @@ private:
void ClearMasterKey();
void InitMemoryRecords();
- bool GetMemoryRecord(secure_id_t user_id, failure_record_t *record);
- bool WriteMemoryRecord(failure_record_t *record);
- bool GetSecureFailureRecord(uint32_t uid, secure_id_t user_id,
- failure_record_t *record);
- bool WriteSecureFailureRecord(uint32_t uid, failure_record_t *record);
+ bool GetMemoryRecord(secure_id_t user_id, failure_record_t* record);
+ bool WriteMemoryRecord(failure_record_t* record);
+ bool GetSecureFailureRecord(uint32_t uid,
+ secure_id_t user_id,
+ failure_record_t* record);
+ bool WriteSecureFailureRecord(uint32_t uid, failure_record_t* record);
UniquePtr<uint8_t[]> master_key_;
bool rng_initialized_;
@@ -87,6 +103,6 @@ private:
UniquePtr<failure_record_t[]> mem_records_;
};
-}
+} // namespace gatekeeper
-#endif // TRUSTY_GATEKEEPER_H_
+#endif // TRUSTY_GATEKEEPER_H_