Fix all formatting to align with presubmit checks
As a side effect also fixed a broken link in src/android/README.md.
Test: pw presubmit --full
Change-Id: I5ecde1dbc2d47f6074d62e9d26474d037f4859af
Reviewed-on: https://pigweed-review.googlesource.com/c/open-dice/+/152950
Presubmit-Verified: CQ Bot Account <pigweed-scoped@luci-project-accounts.iam.gserviceaccount.com>
Pigweed-Auto-Submit: Darren Krahn <dkrahn@google.com>
Commit-Queue: Auto-Submit <auto-submit@pigweed.google.com.iam.gserviceaccount.com>
Reviewed-by: Rob Mohr <mohrr@google.com>
diff --git a/BUILD.gn b/BUILD.gn
index 0d65eaa..a21b3d5 100644
--- a/BUILD.gn
+++ b/BUILD.gn
@@ -23,8 +23,8 @@
group("default") {
deps = [
":fuzzers(//toolchains:host_fuzz)",
- ":python.install",
":optimized_libs(//toolchains:host_optimized)",
+ ":python.install",
":tests.run(//toolchains:host_debug)",
]
}
@@ -545,18 +545,14 @@
# This group is built during bootstrap to setup the interactive Python
# environment.
pw_python_group("python") {
- python_deps = [
- ":pip_install_open_dice_tools",
- ]
+ python_deps = [ ":pip_install_open_dice_tools" ]
}
# In-tree Python packages
_open_dice_python_packages = [ "//tools:tools" ]
# Pigweed Python packages to include
-_pigweed_python_packages = [
- "$dir_pw_env_setup:core_pigweed_python_packages",
-]
+_pigweed_python_packages = [ "$dir_pw_env_setup:core_pigweed_python_packages" ]
_all_python_packages = _open_dice_python_packages + _pigweed_python_packages
diff --git a/generate_test_values.py b/generate_test_values.py
index f4afd4f..41be12f 100644
--- a/generate_test_values.py
+++ b/generate_test_values.py
@@ -39,7 +39,8 @@
FLAGS = flags.FLAGS
-_FILE_HEADER = textwrap.dedent("""\
+_FILE_HEADER = textwrap.dedent(
+ """\
// Copyright 2020 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License"); you may not
@@ -65,66 +66,88 @@
namespace dice {
namespace test {
- """)
+ """
+)
-_FILE_FOOTER = textwrap.dedent("""\
+_FILE_FOOTER = textwrap.dedent(
+ """\
} // namespace test
} // namespace dice
#endif // DICE_KNOWN_TEST_VALUES_H_
- """)
+ """
+)
def _to_camel_case(s):
- return ''.join(tmp.capitalize() for tmp in s.split('_'))
+ return "".join(tmp.capitalize() for tmp in s.split("_"))
def _read_file(name):
try:
- with open(name, 'rb') as f:
+ with open(name, "rb") as f:
return f.read()
except OSError:
- return ''
+ return ""
def _generate_array(name, data):
- return 'constexpr uint8_t %s[%d] = {%s};\n\n' % (
- name, len(data), ', '.join('0x%02x' % tmp for tmp in data))
+ return "constexpr uint8_t %s[%d] = {%s};\n\n" % (
+ name,
+ len(data),
+ ", ".join("0x%02x" % tmp for tmp in data),
+ )
def _generate_cert_comment(data):
- return re.sub('^',
- '// ',
- subprocess.run([
- 'openssl', 'x509', '-inform', 'DER', '-noout', '-text',
- '-certopt', 'ext_parse'
- ],
- input=data,
- capture_output=True,
- check=True).stdout.decode(),
- flags=re.MULTILINE)[:-3]
+ return re.sub(
+ "^",
+ "// ",
+ subprocess.run(
+ [
+ "openssl",
+ "x509",
+ "-inform",
+ "DER",
+ "-noout",
+ "-text",
+ "-certopt",
+ "ext_parse",
+ ],
+ input=data,
+ capture_output=True,
+ check=True,
+ ).stdout.decode(),
+ flags=re.MULTILINE,
+ )[:-3]
def _generate_c(name):
"""Generates C declarations from dumps identified by |name|."""
- content = ''
- attest_cdi_data = _read_file('_attest_cdi_%s.bin' % name)
- content += _generate_array('kExpectedCdiAttest_%s' % _to_camel_case(name),
- attest_cdi_data)
- seal_cdi_data = _read_file('_seal_cdi_%s.bin' % name)
- content += _generate_array('kExpectedCdiSeal_%s' % _to_camel_case(name),
- seal_cdi_data)
- for cert_type in ('X509', 'CBOR'):
- for key_type in ('Ed25519', 'P256', 'P384'):
- var_name = 'kExpected%s%sCert_%s' % (_to_camel_case(cert_type),
- _to_camel_case(key_type),
- _to_camel_case(name))
- cert_data = _read_file('_%s_%s_cert_%s.cert' %
- (cert_type, key_type, name))
- if cert_type == 'X509' and key_type != 'P384':
+ content = ""
+ attest_cdi_data = _read_file("_attest_cdi_%s.bin" % name)
+ content += _generate_array(
+ "kExpectedCdiAttest_%s" % _to_camel_case(name), attest_cdi_data
+ )
+ seal_cdi_data = _read_file("_seal_cdi_%s.bin" % name)
+ content += _generate_array(
+ "kExpectedCdiSeal_%s" % _to_camel_case(name), seal_cdi_data
+ )
+ for cert_type in ("X509", "CBOR"):
+ for key_type in ("Ed25519", "P256", "P384"):
+ var_name = "kExpected%s%sCert_%s" % (
+ _to_camel_case(cert_type),
+ _to_camel_case(key_type),
+ _to_camel_case(name),
+ )
+ cert_data = _read_file(
+ "_%s_%s_cert_%s.cert" % (cert_type, key_type, name)
+ )
+ if cert_type == "X509" and key_type != "P384":
content += (
- '// $ openssl x509 -inform DER -noout -text -certopt '
- 'ext_parse\n')
+ "// $ openssl x509 -inform DER -noout -text -certopt "
+ "ext_parse\n"
+ )
content += _generate_cert_comment(cert_data)
content += _generate_array(var_name, cert_data)
return content
@@ -132,17 +155,17 @@
def main(argv):
if len(argv) > 1:
- raise app.UsageError('Too many command-line arguments.')
+ raise app.UsageError("Too many command-line arguments.")
content = _FILE_HEADER
- content += _generate_c('zero_input')
- content += _generate_c('hash_only_input')
- content += _generate_c('descriptor_input')
+ content += _generate_c("zero_input")
+ content += _generate_c("hash_only_input")
+ content += _generate_c("descriptor_input")
content += _FILE_FOOTER
- subprocess.run(['clang-format', '--style=file'],
- input=content.encode(),
- check=True)
+ subprocess.run(
+ ["clang-format", "--style=file"], input=content.encode(), check=True
+ )
-if __name__ == '__main__':
+if __name__ == "__main__":
app.run(main)
diff --git a/pigweed.json b/pigweed.json
index afb6cad..11071ff 100644
--- a/pigweed.json
+++ b/pigweed.json
@@ -12,7 +12,8 @@
"format": {
"python_formatter": "black",
"exclude": [
- "third_party/.*/src"
+ "third_party/.*/src",
+ "third_party/boringssl/err_data.c"
]
}
},
diff --git a/pyproject.toml b/pyproject.toml
new file mode 100644
index 0000000..36318de
--- /dev/null
+++ b/pyproject.toml
@@ -0,0 +1,17 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy of
+# the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations under
+# the License.
+
+[tool.black]
+line-length = 80
+exclude = '^/(out|\.?environment)'
diff --git a/src/android/README.md b/src/android/README.md
index 99d9395..c9b308f 100644
--- a/src/android/README.md
+++ b/src/android/README.md
@@ -4,5 +4,6 @@
used by Android that conforms to the specification and goes further to more
strictly define the configuration descriptor.
-A [CDDL](https://tools.ietf.org/html/rfc8610) definition of the BCC can be
-found int the [KeyMint AIDL definitions](https://cs.android.com/android/platform/superproject/+/master:hardware/interfaces/security/keymint/aidl/android/hardware/security/keymint/ProtectedData.aidl).
+A [CDDL](https://tools.ietf.org/html/rfc8610) definition of the BCC can be found
+in the
+[KeyMint AIDL definitions](https://cs.android.com/android/platform/superproject/+/main:hardware/interfaces/security/rkp/aidl/android/hardware/security/keymint/ProtectedData.aidl).
diff --git a/src/boringssl_ecdsa_utils.c b/src/boringssl_ecdsa_utils.c
index ef31812..0c7b4a1 100644
--- a/src/boringssl_ecdsa_utils.c
+++ b/src/boringssl_ecdsa_utils.c
@@ -55,7 +55,7 @@
}
static int hmac3(uint8_t k[64], uint8_t in1[64], uint8_t in2,
- const uint8_t *in3, unsigned int in3_len, uint8_t out[64]) {
+ const uint8_t *in3, unsigned int in3_len, uint8_t out[64]) {
int ret = 0;
HMAC_CTX ctx;
@@ -154,7 +154,8 @@
goto out;
}
- pD = derivePrivateKey(group, seed, DICE_PRIVATE_KEY_SEED_SIZE, P384_PRIVATE_KEY_SIZE);
+ pD = derivePrivateKey(group, seed, DICE_PRIVATE_KEY_SEED_SIZE,
+ P384_PRIVATE_KEY_SIZE);
if (!pD) {
goto out;
}
@@ -269,7 +270,8 @@
if (!y) {
goto out;
}
- bn_ret = BN_bin2bn(&public_key[P384_PUBLIC_KEY_SIZE / 2], P384_PUBLIC_KEY_SIZE / 2, y);
+ bn_ret = BN_bin2bn(&public_key[P384_PUBLIC_KEY_SIZE / 2],
+ P384_PUBLIC_KEY_SIZE / 2, y);
if (!bn_ret) {
goto out;
}
@@ -277,7 +279,6 @@
goto out;
}
-
sig = ECDSA_SIG_new();
if (!sig) {
goto out;
@@ -286,8 +287,8 @@
if (!bn_ret) {
goto out;
}
- bn_ret = BN_bin2bn(&signature[P384_SIGNATURE_SIZE / 2], P384_SIGNATURE_SIZE / 2,
- sig->s);
+ bn_ret = BN_bin2bn(&signature[P384_SIGNATURE_SIZE / 2],
+ P384_SIGNATURE_SIZE / 2, sig->s);
if (!bn_ret) {
goto out;
}
diff --git a/src/cbor_reader_test.cc b/src/cbor_reader_test.cc
index 7b14475..9d2332b 100644
--- a/src/cbor_reader_test.cc
+++ b/src/cbor_reader_test.cc
@@ -250,22 +250,22 @@
}
TEST(CborReaderTest, TagEncoding) {
- const uint8_t buffer[] = {0xcf, 0xd8, 0x18, 0xd9, 0xd9, 0xf8, 0xda, 0x4f,
- 0x50, 0x53, 0x4e, 0xdb, 0x10, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00};
+ const uint8_t buffer[] = {0xcf, 0xd8, 0x18, 0xd9, 0xd9, 0xf8, 0xda,
+ 0x4f, 0x50, 0x53, 0x4e, 0xdb, 0x10, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
CborIn in;
uint64_t tag;
CborInInit(buffer, sizeof(buffer), &in);
EXPECT_EQ(CBOR_READ_RESULT_OK, CborReadTag(&in, &tag));
- EXPECT_EQ(/* Unassigned */15u, tag);
+ EXPECT_EQ(/* Unassigned */ 15u, tag);
EXPECT_EQ(CBOR_READ_RESULT_OK, CborReadTag(&in, &tag));
- EXPECT_EQ(/* COSE_Sign1 */24u, tag);
+ EXPECT_EQ(/* COSE_Sign1 */ 24u, tag);
EXPECT_EQ(CBOR_READ_RESULT_OK, CborReadTag(&in, &tag));
- EXPECT_EQ(/* Byte string */0xd9f8u, tag);
+ EXPECT_EQ(/* Byte string */ 0xd9f8u, tag);
EXPECT_EQ(CBOR_READ_RESULT_OK, CborReadTag(&in, &tag));
- EXPECT_EQ(/* Openswan cfg */0x4f50534eu, tag);
+ EXPECT_EQ(/* Openswan cfg */ 0x4f50534eu, tag);
EXPECT_EQ(CBOR_READ_RESULT_OK, CborReadTag(&in, &tag));
- EXPECT_EQ(/* Unassigned */0x1000000000000000u, tag);
+ EXPECT_EQ(/* Unassigned */ 0x1000000000000000u, tag);
EXPECT_TRUE(CborInAtEnd(&in));
}
@@ -274,8 +274,8 @@
// Reference https://www.iana.org/assignments/cbor-tags/cbor-tags.xhtml.
const uint8_t invalid16[] = {0xd9, 0xff, 0xff};
const uint8_t invalid32[] = {0xda, 0xff, 0xff, 0xff, 0xff};
- const uint8_t invalid64[] = {0xdb, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff};
+ const uint8_t invalid64[] = {0xdb, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff};
CborIn in;
uint64_t tag;
CborInInit(invalid16, sizeof(invalid16), &in);
diff --git a/src/dice_test.cc b/src/dice_test.cc
index a5d3b9e..b7a34d9 100644
--- a/src/dice_test.cc
+++ b/src/dice_test.cc
@@ -191,7 +191,7 @@
sizeof(next_state.certificate), next_state.certificate,
&next_state.certificate_size, next_state.cdi_attest, next_state.cdi_seal);
EXPECT_EQ(kDiceResultOk, result);
- // These are brittle, but can act as a good sanity check that we're not
+ // These are brittle, but can act as an effective check that we're not
// regressing in how many expensive operations we call.
EXPECT_LE(ops.hash_count_, 2);
EXPECT_LE(ops.kdf_count_, 4);
diff --git a/third_party/cose-c/cose_ed25519_deps.cc b/third_party/cose-c/cose_ed25519_deps.cc
index 1eb8a15..3d78b60 100644
--- a/third_party/cose-c/cose_ed25519_deps.cc
+++ b/third_party/cose-c/cose_ed25519_deps.cc
@@ -23,7 +23,8 @@
// Gets the public key from a well-formed Ed25519 COSE_Key. On success populates
// |public_key| and returns true.
-static bool GetPublicKeyFromCbor(const cn_cbor *key, uint8_t public_key[PUBLIC_KEY_SIZE]) {
+static bool GetPublicKeyFromCbor(const cn_cbor *key,
+ uint8_t public_key[PUBLIC_KEY_SIZE]) {
const int64_t kCoseKeyAlgLabel = 3;
const int64_t kCoseKeyOpsLabel = 4;
const uint64_t kCoseKeyOpsVerify = 2;
diff --git a/third_party/cose-c/cose_p384_deps.cc b/third_party/cose-c/cose_p384_deps.cc
index 795b080..3b9a9d9 100644
--- a/third_party/cose-c/cose_p384_deps.cc
+++ b/third_party/cose-c/cose_p384_deps.cc
@@ -28,8 +28,8 @@
#include "openssl/sha.h"
// Gets the public key from a well-formed ECDSA P-384 COSE_Key. On
-// success populates |public_key| and returns true; public_key must hold 96 bytes
-// (uncompressed format).
+// success populates |public_key| and returns true; public_key must hold 96
+// bytes (uncompressed format).
static bool GetPublicKeyFromCbor(const cn_cbor *key, uint8_t *public_key) {
const int64_t kCoseKeyAlgLabel = 3;
const int64_t kCoseKeyOpsLabel = 4;
@@ -101,7 +101,8 @@
if (!signature || !key) {
return false;
}
- if (signature->type != CN_CBOR_BYTES || signature->length != PUBLIC_KEY_SIZE) {
+ if (signature->type != CN_CBOR_BYTES ||
+ signature->length != PUBLIC_KEY_SIZE) {
return false;
}
uint8_t public_key[PUBLIC_KEY_SIZE];
diff --git a/toolchains/BUILD.gn b/toolchains/BUILD.gn
index 16abe57..93bc01e 100644
--- a/toolchains/BUILD.gn
+++ b/toolchains/BUILD.gn
@@ -34,7 +34,7 @@
filter_path = rebase_path("sanitize_filter.txt", root_build_dir)
cflags = [
"-fsanitize=address,undefined,integer",
- "-fsanitize-blacklist=$filter_path",
+ "-fsanitize-blacklist=$filter_path", # inclusive-language: ignore
]
ldflags = cflags
inputs = [ "sanitize_filter.txt" ]
diff --git a/tools/open_dice_tools/presubmit.py b/tools/open_dice_tools/presubmit.py
index 1b1160e..f8126c6 100644
--- a/tools/open_dice_tools/presubmit.py
+++ b/tools/open_dice_tools/presubmit.py
@@ -17,13 +17,11 @@
import logging
import os
from pathlib import Path
-import re
import sys
import pw_cli.log
import pw_presubmit
from pw_presubmit import (
- PresubmitContext,
build,
cli,
format_code,
@@ -38,25 +36,23 @@
# Set up variables for key project paths.
try:
- PROJECT_ROOT = Path(os.environ['PW_PROJECT_ROOT'])
+ PROJECT_ROOT = Path(os.environ["PW_PROJECT_ROOT"])
except KeyError:
print(
"ERROR: The presubmit checks must be run in the Open Dice project's "
- 'root directory',
+ "root directory",
file=sys.stderr,
)
sys.exit(2)
-PIGWEED_ROOT = PROJECT_ROOT / 'third_party' / 'pigweed' / 'src'
+PIGWEED_ROOT = PROJECT_ROOT / "third_party" / "pigweed" / "src"
# Rerun the build if files with these extensions change.
_BUILD_EXTENSIONS = frozenset(
- ['.rst', '.gn', '.gni', *format_code.C_FORMAT.extensions]
+ [".rst", ".gn", ".gni", *format_code.C_FORMAT.extensions]
)
-
-default_build = build.GnGenNinja(name='default_build')
-
+default_build = build.GnGenNinja(name="default_build")
OTHER_CHECKS = (build.gn_gen_check,)
@@ -97,15 +93,15 @@
# Install the presubmit Git pre-push hook, if requested.
if install:
install_hook.install_git_hook(
- 'pre-push',
+ "pre-push",
[
- 'python',
- '-m',
- 'sample_project_tools.presubmit_checks',
- '--base',
- 'origin/main..HEAD',
- '--program',
- 'quick',
+ "python",
+ "-m",
+ "sample_project_tools.presubmit_checks",
+ "--base",
+ "origin/main..HEAD",
+ "--program",
+ "quick",
],
)
return 0
@@ -119,18 +115,18 @@
def main() -> int:
"""Run the presubmit checks for this repository."""
parser = argparse.ArgumentParser(description=__doc__)
- cli.add_arguments(parser, PROGRAMS, 'quick')
+ cli.add_arguments(parser, PROGRAMS, "quick")
# Define an option for installing a Git pre-push hook for this script.
parser.add_argument(
- '--install',
- action='store_true',
- help='Install the presubmit as a Git pre-push hook and exit.',
+ "--install",
+ action="store_true",
+ help="Install the presubmit as a Git pre-push hook and exit.",
)
return run(**vars(parser.parse_args()))
-if __name__ == '__main__':
+if __name__ == "__main__":
pw_cli.log.install(logging.INFO)
sys.exit(main())
