From b7899aebf5622a1c5186d848bebbbb7846dad4f6 Mon Sep 17 00:00:00 2001 From: Lucas PASCAL Date: Mon, 4 Nov 2024 14:52:35 +0100 Subject: [PATCH] [clean] clang-format --- .github/workflows/lint-workflow.yml | 2 +- src/ctap2/get_assertion/get_assertion.c | 11 ++++++++--- src/ctap2/get_assertion/get_assertion_ui.c | 2 -- src/ctap2/get_assertion/get_assertion_utils.c | 14 +++++--------- src/ctap2/rk_storage.c | 2 +- src/globals.c | 1 - tests/functional/ctap2/test_interop.py | 4 ++-- tests/functional/ctap2/test_make_credential.py | 11 ++++++++--- tests/functional/ctap2/test_option_rk.py | 17 ++++++++++------- tests/functional/ctap2_client.py | 3 ++- tests/functional/utils.py | 10 +++++++--- 11 files changed, 44 insertions(+), 33 deletions(-) diff --git a/.github/workflows/lint-workflow.yml b/.github/workflows/lint-workflow.yml index 6d0d616b..0ac546b8 100644 --- a/.github/workflows/lint-workflow.yml +++ b/.github/workflows/lint-workflow.yml @@ -16,7 +16,7 @@ jobs: uses: actions/checkout@v3 - name: Lint C code - run: clang-format --dry-run --Werror include/* src/* cbor-src/* + run: find src/ include/ cbor-src/ -iname "*.c" -or -iname "*.h" | xargs clang-format --dry-run -Werror job_lint_python: name: Lint Python code diff --git a/src/ctap2/get_assertion/get_assertion.c b/src/ctap2/get_assertion/get_assertion.c index 91311458..d01edd96 100644 --- a/src/ctap2/get_assertion/get_assertion.c +++ b/src/ctap2/get_assertion/get_assertion.c @@ -259,7 +259,8 @@ static void nfc_handle_get_assertion() { // the first one & the number of compatible credentials, so that the client is able then to // call getNextAssertion to fetch other possible credentials. uint16_t slotIdx; - ctap2AssertData->availableCredentials = rk_build_RKList_from_rpID(ctap2AssertData->rpIdHash); + ctap2AssertData->availableCredentials = + rk_build_RKList_from_rpID(ctap2AssertData->rpIdHash); if (ctap2AssertData->availableCredentials > 1) { // This settings will disable the app_nbgl_status call (nothing displayed on SK) // Else, this would lead the app to respond too slowly, and the client to bug out @@ -270,7 +271,10 @@ static void nfc_handle_get_assertion() { &ctap2AssertData->nonce, &ctap2AssertData->credential, &ctap2AssertData->credentialLen); - PRINTF("Go for index %d - %.*H\n", slotIdx, ctap2AssertData->credentialLen, ctap2AssertData->credential); + PRINTF("Go for index %d - %.*H\n", + slotIdx, + ctap2AssertData->credentialLen, + ctap2AssertData->credential); get_assertion_send(); } } @@ -352,7 +356,8 @@ void ctap2_get_assertion_handle(u2f_service_t *service, uint8_t *buffer, uint16_ } else { // Look for a potential rk entry if no allow list was provided if (!ctap2AssertData->allowListPresent) { - ctap2AssertData->availableCredentials = rk_build_RKList_from_rpID(ctap2AssertData->rpIdHash); + ctap2AssertData->availableCredentials = + rk_build_RKList_from_rpID(ctap2AssertData->rpIdHash); if (ctap2AssertData->availableCredentials == 1) { // Single resident credential load it to go through the usual flow PRINTF("Single resident credential\n"); diff --git a/src/ctap2/get_assertion/get_assertion_ui.c b/src/ctap2/get_assertion/get_assertion_ui.c index d5d8c26b..6994bedf 100644 --- a/src/ctap2/get_assertion/get_assertion_ui.c +++ b/src/ctap2/get_assertion/get_assertion_ui.c @@ -419,7 +419,6 @@ void get_assertion_ux(ctap2_ux_state_t state) { #endif switch (state) { - // Only one possible credential case CTAP2_UX_STATE_GET_ASSERTION: { ux_display_user_assertion(g.buffer2_65); @@ -447,7 +446,6 @@ void get_assertion_ux(ctap2_ux_state_t state) { break; } default: { - // No credential possible #if defined(HAVE_BAGL) ux_flow_init(0, ux_ctap2_no_assertion_flow, NULL); diff --git a/src/ctap2/get_assertion/get_assertion_utils.c b/src/ctap2/get_assertion/get_assertion_utils.c index fdac244d..af4e1990 100644 --- a/src/ctap2/get_assertion/get_assertion_utils.c +++ b/src/ctap2/get_assertion/get_assertion_utils.c @@ -36,10 +36,7 @@ #define TAG_RESP_USER 0x04 #define TAG_RESP_NB_OF_CREDS 0x05 - -static int compute_hmacSecret_output(uint8_t **output, - uint32_t *outputLen, - uint8_t *credRandom) { +static int compute_hmacSecret_output(uint8_t **output, uint32_t *outputLen, uint8_t *credRandom) { ctap2_assert_data_t *ctap2AssertData = globals_get_ctap2_assert_data(); cbipDecoder_t decoder; cbipItem_t mapItem, tmpItem; @@ -409,7 +406,6 @@ static int build_and_encode_getAssertion_response(uint8_t *buffer, return encoder.offset; } - int handle_allowList_item(cbipDecoder_t *decoder, cbipItem_t *item, bool unwrap) { ctap2_assert_data_t *ctap2AssertData = globals_get_ctap2_assert_data(); int status; @@ -513,10 +509,10 @@ void get_assertion_credential_idx(uint16_t idx) { } ctap2AssertData->multipleFlowData.allowList.currentCredential++; - status = handle_allowList_item( - &decoder, - &ctap2AssertData->multipleFlowData.allowList.credentialItem, - false); + status = + handle_allowList_item(&decoder, + &ctap2AssertData->multipleFlowData.allowList.credentialItem, + false); if (status == ERROR_INVALID_CREDENTIAL) { // Just ignore this credential continue; diff --git a/src/ctap2/rk_storage.c b/src/ctap2/rk_storage.c index ef51c2c4..bc7e472f 100644 --- a/src/ctap2/rk_storage.c +++ b/src/ctap2/rk_storage.c @@ -34,7 +34,7 @@ typedef struct __attribute__((__packed__)) rk_header_s { uint16_t idx; // used as "age" (increases only) } rk_header_t; -#define SLOT_SIZE 256 +#define SLOT_SIZE 256 // Currently 24 on all devices, except NanoS which only allows 8 #define CREDENTIAL_MAX_NUMBER (RK_SIZE / SLOT_SIZE) #define CREDENTIAL_MAX_SIZE (SLOT_SIZE - sizeof(rk_header_t)) diff --git a/src/globals.c b/src/globals.c index 074074ce..7b2e62d5 100644 --- a/src/globals.c +++ b/src/globals.c @@ -57,7 +57,6 @@ static void ctap2_display_copy_username(const char *name, uint8_t nameLength) { static void ctap2_display_copy_rp(const char *name, uint8_t nameLength) { copy_name_in_buffer65(g.buffer1_65, name, nameLength); - } void ctap2_copy_info_on_buffers(void) { diff --git a/tests/functional/ctap2/test_interop.py b/tests/functional/ctap2/test_interop.py index 00bee363..b465d7e0 100644 --- a/tests/functional/ctap2/test_interop.py +++ b/tests/functional/ctap2/test_interop.py @@ -41,8 +41,8 @@ def test_interop_ctap2_reg_then_u2f_auth(client): # Create credential through CTAP2 args = MakeCredentialArguments(generate_random_bytes(32), - rp = {"id": rp_id}, - user = {"id": generate_random_bytes(64)}, + rp={"id": rp_id}, + user={"id": generate_random_bytes(64)}, key_params=[{"type": "public-key", "alg": ES256.ALGORITHM}]) attestation = client.ctap2.make_credential(args) diff --git a/tests/functional/ctap2/test_make_credential.py b/tests/functional/ctap2/test_make_credential.py index 7059e6bf..c9b9707c 100644 --- a/tests/functional/ctap2/test_make_credential.py +++ b/tests/functional/ctap2/test_make_credential.py @@ -90,13 +90,18 @@ def test_make_credential_exclude_list_ok(client, test_name): compare_args = (TESTS_SPECULOS_DIR, test_name) # First check with an absent credential in exclude list args1 = generate_make_credentials_params(client, ref=0, - exclude_list=[{"id": generate_random_bytes(64), "type": "public-key"}]) - attestation = client.ctap2.make_credential(args1, check_screens="full", compare_args=compare_args) + exclude_list=[{"id": generate_random_bytes(64), + "type": "public-key"}]) + attestation = client.ctap2.make_credential(args1, + check_screens="full", + compare_args=compare_args) credential_data = AttestedCredentialData(attestation.auth_data.credential_data) # Then check with the credential we have just created in exclude list - args2 = generate_make_credentials_params(client, exclude_list=[{"id": credential_data.credential_id, "type": "public-key"}]) + args2 = generate_make_credentials_params(client, + exclude_list=[{"id": credential_data.credential_id, + "type": "public-key"}]) args2.rp = args1.rp with pytest.raises(CtapError) as e: diff --git a/tests/functional/ctap2/test_option_rk.py b/tests/functional/ctap2/test_option_rk.py index 42ab61b6..bf33955f 100644 --- a/tests/functional/ctap2/test_option_rk.py +++ b/tests/functional/ctap2/test_option_rk.py @@ -102,16 +102,17 @@ def test_option_rk_make_cred_exclude_refused(client, test_name): # CTAP2_ERR_CREDENTIAL_EXCLUDED. # Create a first credential with rk=True - transaction = generate_get_assertion_params(client, rk=True) + t = generate_get_assertion_params(client, rk=True) # Now create a new one with: # - Same RP # - Previous credential in excludeList # leads to a CREDENTIAL_EXCLUDED error. - args = generate_make_credentials_params(client, exclude_list=[{"id": transaction.credential_data.credential_id, - "type": "public-key"}]) - args.rp = transaction.args.rp - args.credential_data = transaction.credential_data + args = generate_make_credentials_params(client, + exclude_list=[{"id": t.credential_data.credential_id, + "type": "public-key"}]) + args.rp = t.args.rp + args.credential_data = t.credential_data with pytest.raises(CtapError) as e: client.ctap2.make_credential(args, user_accept=None) @@ -123,7 +124,8 @@ def test_option_rk_make_cred_exclude_refused(client, test_name): # Check that if the RP didn't match, the request is accepted args = generate_make_credentials_params(client, ref=0, - exclude_list=[{"id": transaction.credential_data.credential_id, "type": "public-key"}]) + exclude_list=[{"id": t.credential_data.credential_id, + "type": "public-key"}]) client.ctap2.make_credential(args, check_screens="fast", compare_args=compare_args) @@ -175,7 +177,8 @@ def test_option_rk_get_assertion(client, test_name): compare_args = (TESTS_SPECULOS_DIR, test_name + "/" + str(idx) + "/get_allow_list") assertion = client.ctap2.get_assertion(user.rp["id"], client_data_hash, allow_list=allow_list, - check_users=[u.user for u in users], check_screens="fast", + check_users=[u.user for u in users], + check_screens="fast", login_type=login_type, compare_args=compare_args) assertion.verify(client_data_hash, credential_data.public_key) assert assertion.user["id"] == users[0].user["id"] # first of allow_list selected diff --git a/tests/functional/ctap2_client.py b/tests/functional/ctap2_client.py index 8815f29b..8e6b2154 100644 --- a/tests/functional/ctap2_client.py +++ b/tests/functional/ctap2_client.py @@ -28,7 +28,8 @@ class LedgerCtap2(Ctap2, LedgerCTAP): - directly in CTAPHID.CBOR command - encapsulated in U2F APDU with INS=0x10 in CTAPHID.MSG command """ - def __init__(self, device, firmware: Firmware, navigator: Navigator, ctap2_u2f_proxy, debug: bool = False): + def __init__(self, device, firmware: Firmware, navigator: Navigator, + ctap2_u2f_proxy, debug: bool = False): self.ctap2_u2f_proxy = ctap2_u2f_proxy Ctap2.__init__(self, device) LedgerCTAP.__init__(self, firmware, navigator, debug) diff --git a/tests/functional/utils.py b/tests/functional/utils.py index 0890cfb9..e9e39f48 100644 --- a/tests/functional/utils.py +++ b/tests/functional/utils.py @@ -101,7 +101,8 @@ def generate_make_credentials_params(client, user = {"id": user_id} if user_name: user["name"] = user_name - key_params = key_params if key_params is not None else [{"type": "public-key", "alg": ES256.ALGORITHM}] + key_params = (key_params if key_params is not None + else [{"type": "public-key", "alg": ES256.ALGORITHM}]) if rk is not None or uv is not None: options = options if options is not None else {} if rk is not None: @@ -109,7 +110,8 @@ def generate_make_credentials_params(client, if uv is not None: options["uv"] = uv - params = MakeCredentialArguments(client_data_hash, rp, user, key_params, exclude_list, extensions, options) + params = MakeCredentialArguments(client_data_hash, rp, user, key_params, + exclude_list, extensions, options) if pin is not None or pin_uv_param is not None: if pin: @@ -125,7 +127,9 @@ def generate_make_credentials_params(client, return params -def generate_get_assertion_params(client, user_accept: Optional[bool] = True, **kwargs) -> MakeCredentialTransaction: +def generate_get_assertion_params(client, + user_accept: Optional[bool] = True, + **kwargs) -> MakeCredentialTransaction: make_credentials_arguments = generate_make_credentials_params(client, **kwargs) attestation = client.ctap2.make_credential(make_credentials_arguments, user_accept=user_accept) return MakeCredentialTransaction(make_credentials_arguments, attestation)