[clean] clang-format

.github/workflows/lint-workflow.yml

@@ -16,7 +16,7 @@ jobs:
         uses: actions/checkout@v3
 
       - name: Lint C code
-        run: clang-format --dry-run --Werror include/* src/* cbor-src/*
+        run: find src/ include/ cbor-src/ -iname "*.c" -or -iname "*.h" | xargs clang-format --dry-run -Werror
 
   job_lint_python:
     name: Lint Python code

src/ctap2/get_assertion/get_assertion.c

@@ -259,7 +259,8 @@ static void nfc_handle_get_assertion() {
         // the first one & the number of compatible credentials, so that the client is able then to
         // call getNextAssertion to fetch other possible credentials.
         uint16_t slotIdx;
-        ctap2AssertData->availableCredentials = rk_build_RKList_from_rpID(ctap2AssertData->rpIdHash);
+        ctap2AssertData->availableCredentials =
+            rk_build_RKList_from_rpID(ctap2AssertData->rpIdHash);
         if (ctap2AssertData->availableCredentials > 1) {
             // This settings will disable the app_nbgl_status call (nothing displayed on SK)
             // Else, this would lead the app to respond too slowly, and the client to bug out
@@ -270,7 +271,10 @@ static void nfc_handle_get_assertion() {
                                        &ctap2AssertData->nonce,
                                        &ctap2AssertData->credential,
                                        &ctap2AssertData->credentialLen);
-        PRINTF("Go for index %d - %.*H\n", slotIdx, ctap2AssertData->credentialLen, ctap2AssertData->credential);
+        PRINTF("Go for index %d - %.*H\n",
+               slotIdx,
+               ctap2AssertData->credentialLen,
+               ctap2AssertData->credential);
         get_assertion_send();
     }
 }
@@ -352,7 +356,8 @@ void ctap2_get_assertion_handle(u2f_service_t *service, uint8_t *buffer, uint16_
     } else {
         // Look for a potential rk entry if no allow list was provided
         if (!ctap2AssertData->allowListPresent) {
-            ctap2AssertData->availableCredentials = rk_build_RKList_from_rpID(ctap2AssertData->rpIdHash);
+            ctap2AssertData->availableCredentials =
+                rk_build_RKList_from_rpID(ctap2AssertData->rpIdHash);
             if (ctap2AssertData->availableCredentials == 1) {
                 // Single resident credential load it to go through the usual flow
                 PRINTF("Single resident credential\n");

src/ctap2/get_assertion/get_assertion_ui.c

@@ -419,7 +419,6 @@ void get_assertion_ux(ctap2_ux_state_t state) {
 #endif
 
     switch (state) {
-
         // Only one possible credential
         case CTAP2_UX_STATE_GET_ASSERTION: {
             ux_display_user_assertion(g.buffer2_65);
@@ -447,7 +446,6 @@ void get_assertion_ux(ctap2_ux_state_t state) {
             break;
         }
         default: {
-
             // No credential possible
 #if defined(HAVE_BAGL)
             ux_flow_init(0, ux_ctap2_no_assertion_flow, NULL);

src/ctap2/get_assertion/get_assertion_utils.c

@@ -36,10 +36,7 @@
 #define TAG_RESP_USER        0x04
 #define TAG_RESP_NB_OF_CREDS 0x05
 
-
-static int compute_hmacSecret_output(uint8_t **output,
-                                     uint32_t *outputLen,
-                                     uint8_t *credRandom) {
+static int compute_hmacSecret_output(uint8_t **output, uint32_t *outputLen, uint8_t *credRandom) {
     ctap2_assert_data_t *ctap2AssertData = globals_get_ctap2_assert_data();
     cbipDecoder_t decoder;
     cbipItem_t mapItem, tmpItem;
@@ -409,7 +406,6 @@ static int build_and_encode_getAssertion_response(uint8_t *buffer,
     return encoder.offset;
 }
 
-
 int handle_allowList_item(cbipDecoder_t *decoder, cbipItem_t *item, bool unwrap) {
     ctap2_assert_data_t *ctap2AssertData = globals_get_ctap2_assert_data();
     int status;
@@ -513,10 +509,10 @@ void get_assertion_credential_idx(uint16_t idx) {
             }
             ctap2AssertData->multipleFlowData.allowList.currentCredential++;
 
-            status = handle_allowList_item(
-                &decoder,
-                &ctap2AssertData->multipleFlowData.allowList.credentialItem,
-                false);
+            status =
+                handle_allowList_item(&decoder,
+                                      &ctap2AssertData->multipleFlowData.allowList.credentialItem,
+                                      false);
             if (status == ERROR_INVALID_CREDENTIAL) {
                 // Just ignore this credential
                 continue;

src/ctap2/rk_storage.c

@@ -34,7 +34,7 @@ typedef struct __attribute__((__packed__)) rk_header_s {
     uint16_t idx;  // used as "age" (increases only)
 } rk_header_t;
 
-#define SLOT_SIZE             256
+#define SLOT_SIZE 256
 // Currently 24 on all devices, except NanoS which only allows 8
 #define CREDENTIAL_MAX_NUMBER (RK_SIZE / SLOT_SIZE)
 #define CREDENTIAL_MAX_SIZE   (SLOT_SIZE - sizeof(rk_header_t))

src/globals.c

@@ -57,7 +57,6 @@ static void ctap2_display_copy_username(const char *name, uint8_t nameLength) {
 
 static void ctap2_display_copy_rp(const char *name, uint8_t nameLength) {
     copy_name_in_buffer65(g.buffer1_65, name, nameLength);
-
 }
 
 void ctap2_copy_info_on_buffers(void) {

tests/functional/ctap2/test_interop.py

@@ -41,8 +41,8 @@ def test_interop_ctap2_reg_then_u2f_auth(client):
 
     # Create credential through CTAP2
     args = MakeCredentialArguments(generate_random_bytes(32),
-                                   rp = {"id": rp_id},
-                                   user = {"id": generate_random_bytes(64)},
+                                   rp={"id": rp_id},
+                                   user={"id": generate_random_bytes(64)},
                                    key_params=[{"type": "public-key", "alg": ES256.ALGORITHM}])
 
     attestation = client.ctap2.make_credential(args)

tests/functional/ctap2/test_make_credential.py

@@ -90,13 +90,18 @@ def test_make_credential_exclude_list_ok(client, test_name):
     compare_args = (TESTS_SPECULOS_DIR, test_name)
     # First check with an absent credential in exclude list
     args1 = generate_make_credentials_params(client, ref=0,
-                                             exclude_list=[{"id": generate_random_bytes(64), "type": "public-key"}])
-    attestation = client.ctap2.make_credential(args1, check_screens="full", compare_args=compare_args)
+                                             exclude_list=[{"id": generate_random_bytes(64),
+                                                            "type": "public-key"}])
+    attestation = client.ctap2.make_credential(args1,
+                                               check_screens="full",
+                                               compare_args=compare_args)
 
     credential_data = AttestedCredentialData(attestation.auth_data.credential_data)
 
     # Then check with the credential we have just created in exclude list
-    args2 = generate_make_credentials_params(client, exclude_list=[{"id": credential_data.credential_id, "type": "public-key"}])
+    args2 = generate_make_credentials_params(client,
+                                             exclude_list=[{"id": credential_data.credential_id,
+                                                            "type": "public-key"}])
     args2.rp = args1.rp
 
     with pytest.raises(CtapError) as e:

tests/functional/ctap2/test_option_rk.py

@@ -102,16 +102,17 @@ def test_option_rk_make_cred_exclude_refused(client, test_name):
     # CTAP2_ERR_CREDENTIAL_EXCLUDED.
 
     # Create a first credential with rk=True
-    transaction = generate_get_assertion_params(client, rk=True)
+    t = generate_get_assertion_params(client, rk=True)
 
     # Now create a new one with:
     # - Same RP
     # - Previous credential in excludeList
     # leads to a CREDENTIAL_EXCLUDED error.
-    args = generate_make_credentials_params(client, exclude_list=[{"id": transaction.credential_data.credential_id,
-                                                                   "type": "public-key"}])
-    args.rp = transaction.args.rp
-    args.credential_data = transaction.credential_data
+    args = generate_make_credentials_params(client,
+                                            exclude_list=[{"id": t.credential_data.credential_id,
+                                                           "type": "public-key"}])
+    args.rp = t.args.rp
+    args.credential_data = t.credential_data
 
     with pytest.raises(CtapError) as e:
         client.ctap2.make_credential(args, user_accept=None)
@@ -123,7 +124,8 @@ def test_option_rk_make_cred_exclude_refused(client, test_name):
 
     # Check that if the RP didn't match, the request is accepted
     args = generate_make_credentials_params(client, ref=0,
-                                            exclude_list=[{"id": transaction.credential_data.credential_id, "type": "public-key"}])
+                                            exclude_list=[{"id": t.credential_data.credential_id,
+                                                           "type": "public-key"}])
 
     client.ctap2.make_credential(args, check_screens="fast", compare_args=compare_args)
 
@@ -175,7 +177,8 @@ def test_option_rk_get_assertion(client, test_name):
         compare_args = (TESTS_SPECULOS_DIR, test_name + "/" + str(idx) + "/get_allow_list")
         assertion = client.ctap2.get_assertion(user.rp["id"], client_data_hash,
                                                allow_list=allow_list,
-                                               check_users=[u.user for u in users], check_screens="fast",
+                                               check_users=[u.user for u in users],
+                                               check_screens="fast",
                                                login_type=login_type, compare_args=compare_args)
         assertion.verify(client_data_hash, credential_data.public_key)
         assert assertion.user["id"] == users[0].user["id"]  # first of allow_list selected

tests/functional/ctap2_client.py

@@ -28,7 +28,8 @@ class LedgerCtap2(Ctap2, LedgerCTAP):
     - directly in CTAPHID.CBOR command
     - encapsulated in U2F APDU with INS=0x10 in CTAPHID.MSG command
     """
-    def __init__(self, device, firmware: Firmware, navigator: Navigator, ctap2_u2f_proxy, debug: bool = False):
+    def __init__(self, device, firmware: Firmware, navigator: Navigator,
+                 ctap2_u2f_proxy, debug: bool = False):
         self.ctap2_u2f_proxy = ctap2_u2f_proxy
         Ctap2.__init__(self, device)
         LedgerCTAP.__init__(self, firmware, navigator, debug)

tests/functional/utils.py

@@ -101,15 +101,17 @@ def generate_make_credentials_params(client,
     user = {"id": user_id}
     if user_name:
         user["name"] = user_name
-    key_params = key_params if key_params is not None else [{"type": "public-key", "alg": ES256.ALGORITHM}]
+    key_params = (key_params if key_params is not None
+                  else [{"type": "public-key", "alg": ES256.ALGORITHM}])
     if rk is not None or uv is not None:
         options = options if options is not None else {}
         if rk is not None:
             options["rk"] = rk
         if uv is not None:
             options["uv"] = uv
 
-    params = MakeCredentialArguments(client_data_hash, rp, user, key_params, exclude_list, extensions, options)
+    params = MakeCredentialArguments(client_data_hash, rp, user, key_params,
+                                     exclude_list, extensions, options)
 
     if pin is not None or pin_uv_param is not None:
         if pin:
@@ -125,7 +127,9 @@ def generate_make_credentials_params(client,
     return params
 
 
-def generate_get_assertion_params(client, user_accept: Optional[bool] = True, **kwargs) -> MakeCredentialTransaction:
+def generate_get_assertion_params(client,
+                                  user_accept: Optional[bool] = True,
+                                  **kwargs) -> MakeCredentialTransaction:
     make_credentials_arguments = generate_make_credentials_params(client, **kwargs)
     attestation = client.ctap2.make_credential(make_credentials_arguments, user_accept=user_accept)
     return MakeCredentialTransaction(make_credentials_arguments, attestation)