Clang-format Keymaster.{cpp|h} and KeyStorage.{cpp|h}
Test: Build & boot
Change-Id: I92bb107409f493770028cf6fd637d34af7644262
diff --git a/KeyStorage.cpp b/KeyStorage.cpp
index 2f6aa1a..b564feb 100644
--- a/KeyStorage.cpp
+++ b/KeyStorage.cpp
@@ -41,7 +41,6 @@
#include <hardware/hw_auth_token.h>
-
extern "C" {
#include "crypto_scrypt.h"
@@ -63,7 +62,7 @@
static constexpr size_t SECDISCARDABLE_BYTES = 1 << 14;
static constexpr size_t STRETCHED_BYTES = 1 << 6;
-static constexpr uint32_t AUTH_TIMEOUT = 30; // Seconds
+static constexpr uint32_t AUTH_TIMEOUT = 30; // Seconds
static const char* kCurrentVersion = "1";
static const char* kRmPath = "/system/bin/rm";
@@ -131,8 +130,7 @@
return keymaster.generateKey(paramBuilder, key);
}
-static AuthorizationSet beginParams(const KeyAuthentication& auth,
- const std::string& appId) {
+static AuthorizationSet beginParams(const KeyAuthentication& auth, const std::string& appId) {
auto paramBuilder = AuthorizationSetBuilder()
.Authorization(TAG_BLOCK_MODE, BlockMode::GCM)
.Authorization(TAG_MAC_LENGTH, GCM_MAC_BYTES * 8)
@@ -204,10 +202,8 @@
return true;
}
-static KeymasterOperation begin(Keymaster& keymaster, const std::string& dir,
- KeyPurpose purpose,
- const AuthorizationSet &keyParams,
- const AuthorizationSet &opParams,
+static KeymasterOperation begin(Keymaster& keymaster, const std::string& dir, KeyPurpose purpose,
+ const AuthorizationSet& keyParams, const AuthorizationSet& opParams,
AuthorizationSet* outParams) {
auto kmKeyPath = dir + "/" + kFn_keymaster_key_blob;
std::string kmKey;
@@ -238,8 +234,8 @@
}
static bool encryptWithKeymasterKey(Keymaster& keymaster, const std::string& dir,
- const AuthorizationSet &keyParams,
- const KeyBuffer& message, std::string* ciphertext) {
+ const AuthorizationSet& keyParams, const KeyBuffer& message,
+ std::string* ciphertext) {
AuthorizationSet opParams;
AuthorizationSet outParams;
auto opHandle = begin(keymaster, dir, KeyPurpose::ENCRYPT, keyParams, opParams, &outParams);
@@ -250,7 +246,8 @@
return false;
}
// nonceBlob here is just a pointer into existing data, must not be freed
- std::string nonce(reinterpret_cast<const char*>(&nonceBlob.value()[0]), nonceBlob.value().size());
+ std::string nonce(reinterpret_cast<const char*>(&nonceBlob.value()[0]),
+ nonceBlob.value().size());
if (!checkSize("nonce", nonce.size(), GCM_NONCE_BYTES)) return false;
std::string body;
if (!opHandle.updateCompletely(message, &body)) return false;
@@ -263,12 +260,11 @@
}
static bool decryptWithKeymasterKey(Keymaster& keymaster, const std::string& dir,
- const AuthorizationSet &keyParams,
+ const AuthorizationSet& keyParams,
const std::string& ciphertext, KeyBuffer* message) {
auto nonce = ciphertext.substr(0, GCM_NONCE_BYTES);
auto bodyAndMac = ciphertext.substr(GCM_NONCE_BYTES);
- auto opParams = AuthorizationSetBuilder()
- .Authorization(TAG_NONCE, blob2hidlVec(nonce));
+ auto opParams = AuthorizationSetBuilder().Authorization(TAG_NONCE, blob2hidlVec(nonce));
auto opHandle = begin(keymaster, dir, KeyPurpose::DECRYPT, keyParams, opParams, nullptr);
if (!opHandle) return false;
if (!opHandle.updateCompletely(bodyAndMac, message)) return false;
@@ -313,9 +309,9 @@
}
stretched->assign(STRETCHED_BYTES, '\0');
if (crypto_scrypt(reinterpret_cast<const uint8_t*>(secret.data()), secret.size(),
- reinterpret_cast<const uint8_t*>(salt.data()), salt.size(),
- 1 << Nf, 1 << rf, 1 << pf,
- reinterpret_cast<uint8_t*>(&(*stretched)[0]), stretched->size()) != 0) {
+ reinterpret_cast<const uint8_t*>(salt.data()), salt.size(), 1 << Nf,
+ 1 << rf, 1 << pf, reinterpret_cast<uint8_t*>(&(*stretched)[0]),
+ stretched->size()) != 0) {
LOG(ERROR) << "scrypt failed with params: " << stretching;
return false;
}
@@ -339,8 +335,8 @@
LOG(ERROR) << "Openssl error: " << ERR_get_error();
}
-static bool encryptWithoutKeymaster(const std::string& preKey,
- const KeyBuffer& plaintext, std::string* ciphertext) {
+static bool encryptWithoutKeymaster(const std::string& preKey, const KeyBuffer& plaintext,
+ std::string* ciphertext) {
std::string key;
hashWithPrefix(kHashPrefix_keygen, preKey, &key);
key.resize(AES_KEY_BYTES);
@@ -352,16 +348,16 @@
return false;
}
if (1 != EVP_EncryptInit_ex(ctx.get(), EVP_aes_256_gcm(), NULL,
- reinterpret_cast<const uint8_t*>(key.data()),
- reinterpret_cast<const uint8_t*>(ciphertext->data()))) {
+ reinterpret_cast<const uint8_t*>(key.data()),
+ reinterpret_cast<const uint8_t*>(ciphertext->data()))) {
logOpensslError();
return false;
}
ciphertext->resize(GCM_NONCE_BYTES + plaintext.size() + GCM_MAC_BYTES);
int outlen;
- if (1 != EVP_EncryptUpdate(ctx.get(),
- reinterpret_cast<uint8_t*>(&(*ciphertext)[0] + GCM_NONCE_BYTES), &outlen,
- reinterpret_cast<const uint8_t*>(plaintext.data()), plaintext.size())) {
+ if (1 != EVP_EncryptUpdate(
+ ctx.get(), reinterpret_cast<uint8_t*>(&(*ciphertext)[0] + GCM_NONCE_BYTES),
+ &outlen, reinterpret_cast<const uint8_t*>(plaintext.data()), plaintext.size())) {
logOpensslError();
return false;
}
@@ -369,8 +365,10 @@
LOG(ERROR) << "GCM ciphertext length should be " << plaintext.size() << " was " << outlen;
return false;
}
- if (1 != EVP_EncryptFinal_ex(ctx.get(),
- reinterpret_cast<uint8_t*>(&(*ciphertext)[0] + GCM_NONCE_BYTES + plaintext.size()), &outlen)) {
+ if (1 != EVP_EncryptFinal_ex(
+ ctx.get(),
+ reinterpret_cast<uint8_t*>(&(*ciphertext)[0] + GCM_NONCE_BYTES + plaintext.size()),
+ &outlen)) {
logOpensslError();
return false;
}
@@ -379,15 +377,16 @@
return false;
}
if (1 != EVP_CIPHER_CTX_ctrl(ctx.get(), EVP_CTRL_GCM_GET_TAG, GCM_MAC_BYTES,
- reinterpret_cast<uint8_t*>(&(*ciphertext)[0] + GCM_NONCE_BYTES + plaintext.size()))) {
+ reinterpret_cast<uint8_t*>(&(*ciphertext)[0] + GCM_NONCE_BYTES +
+ plaintext.size()))) {
logOpensslError();
return false;
}
return true;
}
-static bool decryptWithoutKeymaster(const std::string& preKey,
- const std::string& ciphertext, KeyBuffer* plaintext) {
+static bool decryptWithoutKeymaster(const std::string& preKey, const std::string& ciphertext,
+ KeyBuffer* plaintext) {
if (ciphertext.size() < GCM_NONCE_BYTES + GCM_MAC_BYTES) {
LOG(ERROR) << "GCM ciphertext too small: " << ciphertext.size();
return false;
@@ -402,16 +401,16 @@
return false;
}
if (1 != EVP_DecryptInit_ex(ctx.get(), EVP_aes_256_gcm(), NULL,
- reinterpret_cast<const uint8_t*>(key.data()),
- reinterpret_cast<const uint8_t*>(ciphertext.data()))) {
+ reinterpret_cast<const uint8_t*>(key.data()),
+ reinterpret_cast<const uint8_t*>(ciphertext.data()))) {
logOpensslError();
return false;
}
*plaintext = KeyBuffer(ciphertext.size() - GCM_NONCE_BYTES - GCM_MAC_BYTES);
int outlen;
- if (1 != EVP_DecryptUpdate(ctx.get(),
- reinterpret_cast<uint8_t*>(&(*plaintext)[0]), &outlen,
- reinterpret_cast<const uint8_t*>(ciphertext.data() + GCM_NONCE_BYTES), plaintext->size())) {
+ if (1 != EVP_DecryptUpdate(ctx.get(), reinterpret_cast<uint8_t*>(&(*plaintext)[0]), &outlen,
+ reinterpret_cast<const uint8_t*>(ciphertext.data() + GCM_NONCE_BYTES),
+ plaintext->size())) {
logOpensslError();
return false;
}
@@ -420,13 +419,14 @@
return false;
}
if (1 != EVP_CIPHER_CTX_ctrl(ctx.get(), EVP_CTRL_GCM_SET_TAG, GCM_MAC_BYTES,
- const_cast<void *>(
- reinterpret_cast<const void*>(ciphertext.data() + GCM_NONCE_BYTES + plaintext->size())))) {
+ const_cast<void*>(reinterpret_cast<const void*>(
+ ciphertext.data() + GCM_NONCE_BYTES + plaintext->size())))) {
logOpensslError();
return false;
}
if (1 != EVP_DecryptFinal_ex(ctx.get(),
- reinterpret_cast<uint8_t*>(&(*plaintext)[0] + plaintext->size()), &outlen)) {
+ reinterpret_cast<uint8_t*>(&(*plaintext)[0] + plaintext->size()),
+ &outlen)) {
logOpensslError();
return false;
}
@@ -519,7 +519,8 @@
Keymaster keymaster;
if (!keymaster) return false;
auto keyParams = beginParams(auth, appId);
- if (!decryptWithKeymasterKey(keymaster, dir, keyParams, encryptedMessage, key)) return false;
+ if (!decryptWithKeymasterKey(keymaster, dir, keyParams, encryptedMessage, key))
+ return false;
} else {
if (!decryptWithoutKeymaster(appId, encryptedMessage, key)) return false;
}
@@ -536,9 +537,7 @@
}
bool runSecdiscardSingle(const std::string& file) {
- if (ForkExecvp(
- std::vector<std::string>{kSecdiscardPath, "--",
- file}) != 0) {
+ if (ForkExecvp(std::vector<std::string>{kSecdiscardPath, "--", file}) != 0) {
LOG(ERROR) << "secdiscard failed";
return false;
}