Skip to content

Commit

Permalink
[clean] clang-format
Browse files Browse the repository at this point in the history
  • Loading branch information
lpascal-ledger committed Nov 6, 2024
1 parent dede15a commit 0a18d10
Show file tree
Hide file tree
Showing 11 changed files with 44 additions and 33 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/lint-workflow.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ jobs:
uses: actions/checkout@v3

- name: Lint C code
run: clang-format --dry-run --Werror include/* src/* cbor-src/*
run: find src/ include/ cbor-src/ -iname "*.c" -or -iname "*.h" | xargs clang-format --dry-run -Werror

job_lint_python:
name: Lint Python code
Expand Down
11 changes: 8 additions & 3 deletions src/ctap2/get_assertion/get_assertion.c
Original file line number Diff line number Diff line change
Expand Up @@ -259,7 +259,8 @@ static void nfc_handle_get_assertion() {
// the first one & the number of compatible credentials, so that the client is able then to
// call getNextAssertion to fetch other possible credentials.
uint16_t slotIdx;
ctap2AssertData->availableCredentials = rk_build_RKList_from_rpID(ctap2AssertData->rpIdHash);
ctap2AssertData->availableCredentials =
rk_build_RKList_from_rpID(ctap2AssertData->rpIdHash);
if (ctap2AssertData->availableCredentials > 1) {
// This settings will disable the app_nbgl_status call (nothing displayed on SK)
// Else, this would lead the app to respond too slowly, and the client to bug out
Expand All @@ -270,7 +271,10 @@ static void nfc_handle_get_assertion() {
&ctap2AssertData->nonce,
&ctap2AssertData->credential,
&ctap2AssertData->credentialLen);
PRINTF("Go for index %d - %.*H\n", slotIdx, ctap2AssertData->credentialLen, ctap2AssertData->credential);
PRINTF("Go for index %d - %.*H\n",
slotIdx,
ctap2AssertData->credentialLen,
ctap2AssertData->credential);
get_assertion_send();
}
}
Expand Down Expand Up @@ -352,7 +356,8 @@ void ctap2_get_assertion_handle(u2f_service_t *service, uint8_t *buffer, uint16_
} else {
// Look for a potential rk entry if no allow list was provided
if (!ctap2AssertData->allowListPresent) {
ctap2AssertData->availableCredentials = rk_build_RKList_from_rpID(ctap2AssertData->rpIdHash);
ctap2AssertData->availableCredentials =
rk_build_RKList_from_rpID(ctap2AssertData->rpIdHash);
if (ctap2AssertData->availableCredentials == 1) {
// Single resident credential load it to go through the usual flow
PRINTF("Single resident credential\n");
Expand Down
2 changes: 0 additions & 2 deletions src/ctap2/get_assertion/get_assertion_ui.c
Original file line number Diff line number Diff line change
Expand Up @@ -419,7 +419,6 @@ void get_assertion_ux(ctap2_ux_state_t state) {
#endif

switch (state) {

// Only one possible credential
case CTAP2_UX_STATE_GET_ASSERTION: {
ux_display_user_assertion(g.buffer2_65);
Expand Down Expand Up @@ -447,7 +446,6 @@ void get_assertion_ux(ctap2_ux_state_t state) {
break;
}
default: {

// No credential possible
#if defined(HAVE_BAGL)
ux_flow_init(0, ux_ctap2_no_assertion_flow, NULL);
Expand Down
14 changes: 5 additions & 9 deletions src/ctap2/get_assertion/get_assertion_utils.c
Original file line number Diff line number Diff line change
Expand Up @@ -36,10 +36,7 @@
#define TAG_RESP_USER 0x04
#define TAG_RESP_NB_OF_CREDS 0x05


static int compute_hmacSecret_output(uint8_t **output,
uint32_t *outputLen,
uint8_t *credRandom) {
static int compute_hmacSecret_output(uint8_t **output, uint32_t *outputLen, uint8_t *credRandom) {
ctap2_assert_data_t *ctap2AssertData = globals_get_ctap2_assert_data();
cbipDecoder_t decoder;
cbipItem_t mapItem, tmpItem;
Expand Down Expand Up @@ -409,7 +406,6 @@ static int build_and_encode_getAssertion_response(uint8_t *buffer,
return encoder.offset;
}


int handle_allowList_item(cbipDecoder_t *decoder, cbipItem_t *item, bool unwrap) {
ctap2_assert_data_t *ctap2AssertData = globals_get_ctap2_assert_data();
int status;
Expand Down Expand Up @@ -513,10 +509,10 @@ void get_assertion_credential_idx(uint16_t idx) {
}
ctap2AssertData->multipleFlowData.allowList.currentCredential++;

status = handle_allowList_item(
&decoder,
&ctap2AssertData->multipleFlowData.allowList.credentialItem,
false);
status =
handle_allowList_item(&decoder,
&ctap2AssertData->multipleFlowData.allowList.credentialItem,
false);
if (status == ERROR_INVALID_CREDENTIAL) {
// Just ignore this credential
continue;
Expand Down
2 changes: 1 addition & 1 deletion src/ctap2/rk_storage.c
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ typedef struct __attribute__((__packed__)) rk_header_s {
uint16_t idx; // used as "age" (increases only)
} rk_header_t;

#define SLOT_SIZE 256
#define SLOT_SIZE 256
// Currently 24 on all devices, except NanoS which only allows 8
#define CREDENTIAL_MAX_NUMBER (RK_SIZE / SLOT_SIZE)
#define CREDENTIAL_MAX_SIZE (SLOT_SIZE - sizeof(rk_header_t))
Expand Down
1 change: 0 additions & 1 deletion src/globals.c
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,6 @@ static void ctap2_display_copy_username(const char *name, uint8_t nameLength) {

static void ctap2_display_copy_rp(const char *name, uint8_t nameLength) {
copy_name_in_buffer65(g.buffer1_65, name, nameLength);

}

void ctap2_copy_info_on_buffers(void) {
Expand Down
4 changes: 2 additions & 2 deletions tests/functional/ctap2/test_interop.py
Original file line number Diff line number Diff line change
Expand Up @@ -41,8 +41,8 @@ def test_interop_ctap2_reg_then_u2f_auth(client):

# Create credential through CTAP2
args = MakeCredentialArguments(generate_random_bytes(32),
rp = {"id": rp_id},
user = {"id": generate_random_bytes(64)},
rp={"id": rp_id},
user={"id": generate_random_bytes(64)},
key_params=[{"type": "public-key", "alg": ES256.ALGORITHM}])

attestation = client.ctap2.make_credential(args)
Expand Down
11 changes: 8 additions & 3 deletions tests/functional/ctap2/test_make_credential.py
Original file line number Diff line number Diff line change
Expand Up @@ -90,13 +90,18 @@ def test_make_credential_exclude_list_ok(client, test_name):
compare_args = (TESTS_SPECULOS_DIR, test_name)
# First check with an absent credential in exclude list
args1 = generate_make_credentials_params(client, ref=0,
exclude_list=[{"id": generate_random_bytes(64), "type": "public-key"}])
attestation = client.ctap2.make_credential(args1, check_screens="full", compare_args=compare_args)
exclude_list=[{"id": generate_random_bytes(64),
"type": "public-key"}])
attestation = client.ctap2.make_credential(args1,
check_screens="full",
compare_args=compare_args)

credential_data = AttestedCredentialData(attestation.auth_data.credential_data)

# Then check with the credential we have just created in exclude list
args2 = generate_make_credentials_params(client, exclude_list=[{"id": credential_data.credential_id, "type": "public-key"}])
args2 = generate_make_credentials_params(client,
exclude_list=[{"id": credential_data.credential_id,
"type": "public-key"}])
args2.rp = args1.rp

with pytest.raises(CtapError) as e:
Expand Down
17 changes: 10 additions & 7 deletions tests/functional/ctap2/test_option_rk.py
Original file line number Diff line number Diff line change
Expand Up @@ -102,16 +102,17 @@ def test_option_rk_make_cred_exclude_refused(client, test_name):
# CTAP2_ERR_CREDENTIAL_EXCLUDED.

# Create a first credential with rk=True
transaction = generate_get_assertion_params(client, rk=True)
t = generate_get_assertion_params(client, rk=True)

# Now create a new one with:
# - Same RP
# - Previous credential in excludeList
# leads to a CREDENTIAL_EXCLUDED error.
args = generate_make_credentials_params(client, exclude_list=[{"id": transaction.credential_data.credential_id,
"type": "public-key"}])
args.rp = transaction.args.rp
args.credential_data = transaction.credential_data
args = generate_make_credentials_params(client,
exclude_list=[{"id": t.credential_data.credential_id,
"type": "public-key"}])
args.rp = t.args.rp
args.credential_data = t.credential_data

with pytest.raises(CtapError) as e:
client.ctap2.make_credential(args, user_accept=None)
Expand All @@ -123,7 +124,8 @@ def test_option_rk_make_cred_exclude_refused(client, test_name):

# Check that if the RP didn't match, the request is accepted
args = generate_make_credentials_params(client, ref=0,
exclude_list=[{"id": transaction.credential_data.credential_id, "type": "public-key"}])
exclude_list=[{"id": t.credential_data.credential_id,
"type": "public-key"}])

client.ctap2.make_credential(args, check_screens="fast", compare_args=compare_args)

Expand Down Expand Up @@ -175,7 +177,8 @@ def test_option_rk_get_assertion(client, test_name):
compare_args = (TESTS_SPECULOS_DIR, test_name + "/" + str(idx) + "/get_allow_list")
assertion = client.ctap2.get_assertion(user.rp["id"], client_data_hash,
allow_list=allow_list,
check_users=[u.user for u in users], check_screens="fast",
check_users=[u.user for u in users],
check_screens="fast",
login_type=login_type, compare_args=compare_args)
assertion.verify(client_data_hash, credential_data.public_key)
assert assertion.user["id"] == users[0].user["id"] # first of allow_list selected
Expand Down
3 changes: 2 additions & 1 deletion tests/functional/ctap2_client.py
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,8 @@ class LedgerCtap2(Ctap2, LedgerCTAP):
- directly in CTAPHID.CBOR command
- encapsulated in U2F APDU with INS=0x10 in CTAPHID.MSG command
"""
def __init__(self, device, firmware: Firmware, navigator: Navigator, ctap2_u2f_proxy, debug: bool = False):
def __init__(self, device, firmware: Firmware, navigator: Navigator,
ctap2_u2f_proxy, debug: bool = False):
self.ctap2_u2f_proxy = ctap2_u2f_proxy
Ctap2.__init__(self, device)
LedgerCTAP.__init__(self, firmware, navigator, debug)
Expand Down
10 changes: 7 additions & 3 deletions tests/functional/utils.py
Original file line number Diff line number Diff line change
Expand Up @@ -101,15 +101,17 @@ def generate_make_credentials_params(client,
user = {"id": user_id}
if user_name:
user["name"] = user_name
key_params = key_params if key_params is not None else [{"type": "public-key", "alg": ES256.ALGORITHM}]
key_params = (key_params if key_params is not None
else [{"type": "public-key", "alg": ES256.ALGORITHM}])
if rk is not None or uv is not None:
options = options if options is not None else {}
if rk is not None:
options["rk"] = rk
if uv is not None:
options["uv"] = uv

params = MakeCredentialArguments(client_data_hash, rp, user, key_params, exclude_list, extensions, options)
params = MakeCredentialArguments(client_data_hash, rp, user, key_params,
exclude_list, extensions, options)

if pin is not None or pin_uv_param is not None:
if pin:
Expand All @@ -125,7 +127,9 @@ def generate_make_credentials_params(client,
return params


def generate_get_assertion_params(client, user_accept: Optional[bool] = True, **kwargs) -> MakeCredentialTransaction:
def generate_get_assertion_params(client,
user_accept: Optional[bool] = True,
**kwargs) -> MakeCredentialTransaction:
make_credentials_arguments = generate_make_credentials_params(client, **kwargs)
attestation = client.ctap2.make_credential(make_credentials_arguments, user_accept=user_accept)
return MakeCredentialTransaction(make_credentials_arguments, attestation)
Expand Down

0 comments on commit 0a18d10

Please sign in to comment.