Clang format slam.

net/android/keystore_openssl.cc

 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/android/keystore_openssl.h"
 
 #include <jni.h>
 #include <openssl/bn.h>
 // This include is required to get the ECDSA_METHOD structure definition
 // which isn't currently part of the OpenSSL official ABI. This should
@@ skipping 118 matching lines @@
                     int padding) {
   NOTIMPLEMENTED();
   RSAerr(RSA_F_RSA_PUBLIC_DECRYPT, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);
   return -1;
 }
 
 // See RSA_eay_private_encrypt in
 // third_party/openssl/openssl/crypto/rsa/rsa_eay.c for the default
 // implementation of this function.
 int RsaMethodPrivEnc(int flen,
-                     const unsigned char *from,
-                     unsigned char *to,
-                     RSA *rsa,
+                     const unsigned char* from,
+                     unsigned char* to,
+                     RSA* rsa,
                      int padding) {
   DCHECK_EQ(RSA_PKCS1_PADDING, padding);
   if (padding != RSA_PKCS1_PADDING) {
     // TODO(davidben): If we need to, we can implement RSA_NO_PADDING
     // by using javax.crypto.Cipher and picking either the
     // "RSA/ECB/NoPadding" or "RSA/ECB/PKCS1Padding" transformation as
     // appropriate. I believe support for both of these was added in
     // the same Android version as the "NONEwithRSA"
     // java.security.Signature algorithm, so the same version checks
     // for GetRsaLegacyKey should work.
@@ skipping 14 matching lines @@
   // For RSA keys, this function behaves as RSA_private_encrypt with
   // PKCS#1 padding.
   if (!RawSignDigestWithPrivateKey(private_key, from_piece, &result)) {
     LOG(WARNING) << "Could not sign message in RsaMethodPrivEnc!";
     RSAerr(RSA_F_RSA_PRIVATE_ENCRYPT, ERR_R_INTERNAL_ERROR);
     return -1;
   }
 
   size_t expected_size = static_cast<size_t>(RSA_size(rsa));
   if (result.size() > expected_size) {
-    LOG(ERROR) << "RSA Signature size mismatch, actual: "
-               <<  result.size() << ", expected <= " << expected_size;
+    LOG(ERROR) << "RSA Signature size mismatch, actual: " << result.size()
+               << ", expected <= " << expected_size;
     RSAerr(RSA_F_RSA_PRIVATE_ENCRYPT, ERR_R_INTERNAL_ERROR);
     return -1;
   }
 
   // Copy result to OpenSSL-provided buffer. RawSignDigestWithPrivateKey
   // should pad with leading 0s, but if it doesn't, pad the result.
   size_t zero_pad = expected_size - result.size();
   memset(to, 0, zero_pad);
   memcpy(to + zero_pad, &result[0], result.size());
 
@@ skipping 21 matching lines @@
   if (key != NULL) {
     RSA_set_app_data(rsa, NULL);
     ReleaseKey(key);
   }
   // Actual return value is ignored by OpenSSL. There are no docs
   // explaining what this is supposed to be.
   return 0;
 }
 
 const RSA_METHOD android_rsa_method = {
-  /* .name = */ "Android signing-only RSA method",
-  /* .rsa_pub_enc = */ RsaMethodPubEnc,
-  /* .rsa_pub_dec = */ RsaMethodPubDec,
-  /* .rsa_priv_enc = */ RsaMethodPrivEnc,
-  /* .rsa_priv_dec = */ RsaMethodPrivDec,
-  /* .rsa_mod_exp = */ NULL,
-  /* .bn_mod_exp = */ NULL,
-  /* .init = */ RsaMethodInit,
-  /* .finish = */ RsaMethodFinish,
-  // This flag is necessary to tell OpenSSL to avoid checking the content
-  // (i.e. internal fields) of the private key. Otherwise, it will complain
-  // it's not valid for the certificate.
-  /* .flags = */ RSA_METHOD_FLAG_NO_CHECK,
-  /* .app_data = */ NULL,
-  /* .rsa_sign = */ NULL,
-  /* .rsa_verify = */ NULL,
-  /* .rsa_keygen = */ NULL,
+    /* .name = */ "Android signing-only RSA method",
+    /* .rsa_pub_enc = */ RsaMethodPubEnc,
+    /* .rsa_pub_dec = */ RsaMethodPubDec,
+    /* .rsa_priv_enc = */ RsaMethodPrivEnc,
+    /* .rsa_priv_dec = */ RsaMethodPrivDec,
+    /* .rsa_mod_exp = */ NULL,
+    /* .bn_mod_exp = */ NULL,
+    /* .init = */ RsaMethodInit,
+    /* .finish = */ RsaMethodFinish,
+    // This flag is necessary to tell OpenSSL to avoid checking the content
+    // (i.e. internal fields) of the private key. Otherwise, it will complain
+    // it's not valid for the certificate.
+    /* .flags = */ RSA_METHOD_FLAG_NO_CHECK,
+    /* .app_data = */ NULL,
+    /* .rsa_sign = */ NULL,
+    /* .rsa_verify = */ NULL,
+    /* .rsa_keygen = */ NULL,
 };
 
 // Copy the contents of an encoded big integer into an existing BIGNUM.
 // This function modifies |*num| in-place.
 // |new_bytes| is the byte encoding of the new value.
 // |num| points to the BIGNUM which will be assigned with the new value.
 // Returns true on success, false otherwise. On failure, |*num| is
 // not modified.
-bool CopyBigNumFromBytes(const std::vector<uint8>& new_bytes,
-                         BIGNUM* num) {
-  BIGNUM* ret = BN_bin2bn(
-      reinterpret_cast<const unsigned char*>(&new_bytes[0]),
-      static_cast<int>(new_bytes.size()),
-      num);
+bool CopyBigNumFromBytes(const std::vector<uint8>& new_bytes, BIGNUM* num) {
+  BIGNUM* ret = BN_bin2bn(reinterpret_cast<const unsigned char*>(&new_bytes[0]),
+                          static_cast<int>(new_bytes.size()),
+                          num);
   return (ret != NULL);
 }
 
 // Decode the contents of an encoded big integer and either create a new
 // BIGNUM object (if |*num_ptr| is NULL on input) or copy it (if
 // |*num_ptr| is not NULL).
 // |new_bytes| is the byte encoding of the new value.
 // |num_ptr| is the address of a BIGNUM pointer. |*num_ptr| can be NULL.
 // Returns true on success, false otherwise. On failure, |*num_ptr| is
 // not modified. On success, |*num_ptr| will always be non-NULL and
 // point to a valid BIGNUM object.
 bool SwapBigNumPtrFromBytes(const std::vector<uint8>& new_bytes,
                             BIGNUM** num_ptr) {
   BIGNUM* old_num = *num_ptr;
-  BIGNUM* new_num = BN_bin2bn(
-      reinterpret_cast<const unsigned char*>(&new_bytes[0]),
-      static_cast<int>(new_bytes.size()),
-      old_num);
+  BIGNUM* new_num =
+      BN_bin2bn(reinterpret_cast<const unsigned char*>(&new_bytes[0]),
+                static_cast<int>(new_bytes.size()),
+                old_num);
   if (new_num == NULL)
     return false;
 
   if (old_num == NULL)
     *num_ptr = new_num;
   return true;
 }
 
 // Setup an EVP_PKEY to wrap an existing platform RSA PrivateKey object.
 // |private_key| is the JNI reference (local or global) to the object.
@@ skipping 31 matching lines @@
   EVP_PKEY_assign_RSA(pkey, rsa.release());
   return true;
 }
 
 // Setup an EVP_PKEY to wrap an existing platform RSA PrivateKey object
 // for Android 4.0 to 4.1.x. Must only be used on Android < 4.2.
 // |private_key| is a JNI reference (local or global) to the object.
 // |pkey| is the EVP_PKEY to setup as a wrapper.
 // Returns true on success, false otherwise.
 EVP_PKEY* GetRsaLegacyKey(jobject private_key) {
-  EVP_PKEY* sys_pkey =
-      GetOpenSSLSystemHandleForPrivateKey(private_key);
+  EVP_PKEY* sys_pkey = GetOpenSSLSystemHandleForPrivateKey(private_key);
   if (sys_pkey != NULL) {
     CRYPTO_add(&sys_pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
   } else {
     // GetOpenSSLSystemHandleForPrivateKey() will fail on Android
     // 4.0.3 and earlier. However, it is possible to get the key
     // content with PrivateKey.getEncoded() on these platforms.
     // Note that this method may return NULL on 4.0.4 and later.
     std::vector<uint8> encoded;
     if (!GetPrivateKeyEncodedBytes(private_key, &encoded)) {
       LOG(ERROR) << "Can't get private key data!";
@@ skipping 14 matching lines @@
 // Custom DSA_METHOD that uses the platform APIs.
 // Note that for now, only signing through DSA_sign() is really supported.
 // all other method pointers are either stubs returning errors, or no-ops.
 // See <openssl/dsa.h> for exact declaration of DSA_METHOD.
 //
 // Note: There is no DSA_set_app_data() and DSA_get_app_data() functions,
 //       but RSA_set_app_data() is defined as a simple macro that calls
 //       RSA_set_ex_data() with a hard-coded index of 0, so this code
 //       does the same thing here.
 
-DSA_SIG* DsaMethodDoSign(const unsigned char* dgst,
-                         int dlen,
-                         DSA* dsa) {
+DSA_SIG* DsaMethodDoSign(const unsigned char* dgst, int dlen, DSA* dsa) {
   // Extract the JNI reference to the PrivateKey object.
   jobject private_key = reinterpret_cast<jobject>(DSA_get_ex_data(dsa, 0));
   if (private_key == NULL)
     return NULL;
 
   // Sign the message with it, calling platform APIs.
   std::vector<uint8> signature;
   if (!RawSignDigestWithPrivateKey(
           private_key,
-          base::StringPiece(
-              reinterpret_cast<const char*>(dgst),
-              static_cast<size_t>(dlen)),
+          base::StringPiece(reinterpret_cast<const char*>(dgst),
+                            static_cast<size_t>(dlen)),
           &signature)) {
     return NULL;
   }
 
   // Note: With DSA, the actual signature might be smaller than DSA_size().
   size_t max_expected_size = static_cast<size_t>(DSA_size(dsa));
   if (signature.size() > max_expected_size) {
-    LOG(ERROR) << "DSA Signature size mismatch, actual: "
-               << signature.size() << ", expected <= "
-               << max_expected_size;
+    LOG(ERROR) << "DSA Signature size mismatch, actual: " << signature.size()
+               << ", expected <= " << max_expected_size;
     return NULL;
   }
 
   // Convert the signature into a DSA_SIG object.
   const unsigned char* sigbuf =
       reinterpret_cast<const unsigned char*>(&signature[0]);
   int siglen = static_cast<size_t>(signature.size());
   DSA_SIG* dsa_sig = d2i_DSA_SIG(NULL, &sigbuf, siglen);
   return dsa_sig;
 }
 
-int DsaMethodSignSetup(DSA* dsa,
-                       BN_CTX* ctx_in,
-                       BIGNUM** kinvp,
-                       BIGNUM** rp) {
+int DsaMethodSignSetup(DSA* dsa, BN_CTX* ctx_in, BIGNUM** kinvp, BIGNUM** rp) {
   NOTIMPLEMENTED();
   DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_INVALID_DIGEST_TYPE);
   return -1;
 }
 
 int DsaMethodDoVerify(const unsigned char* dgst,
                       int dgst_len,
                       DSA_SIG* sig,
                       DSA* dsa) {
   NOTIMPLEMENTED();
   DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_INVALID_DIGEST_TYPE);
   return -1;
 }
 
 int DsaMethodFinish(DSA* dsa) {
   // Free the global JNI reference that was created with this
   // wrapper key.
-  jobject key = reinterpret_cast<jobject>(DSA_get_ex_data(dsa,0));
+  jobject key = reinterpret_cast<jobject>(DSA_get_ex_data(dsa, 0));
   if (key != NULL) {
     DSA_set_ex_data(dsa, 0, NULL);
     ReleaseKey(key);
   }
   // Actual return value is ignored by OpenSSL. There are no docs
   // explaining what this is supposed to be.
   return 0;
 }
 
 const DSA_METHOD android_dsa_method = {
-  /* .name = */ "Android signing-only DSA method",
-  /* .dsa_do_sign = */ DsaMethodDoSign,
-  /* .dsa_sign_setup = */ DsaMethodSignSetup,
-  /* .dsa_do_verify = */ DsaMethodDoVerify,
-  /* .dsa_mod_exp = */ NULL,
-  /* .bn_mod_exp = */ NULL,
-  /* .init = */ NULL,  // nothing to do here.
-  /* .finish = */ DsaMethodFinish,
-  /* .flags = */ 0,
-  /* .app_data = */ NULL,
-  /* .dsa_paramgem = */ NULL,
-  /* .dsa_keygen = */ NULL
-};
+    /* .name = */ "Android signing-only DSA method",
+    /* .dsa_do_sign = */ DsaMethodDoSign,
+    /* .dsa_sign_setup = */ DsaMethodSignSetup,
+    /* .dsa_do_verify = */ DsaMethodDoVerify,
+    /* .dsa_mod_exp = */ NULL,
+    /* .bn_mod_exp = */ NULL,
+    /* .init = */ NULL,  // nothing to do here.
+    /* .finish = */ DsaMethodFinish,
+    /* .flags = */ 0,
+    /* .app_data = */ NULL,
+    /* .dsa_paramgem = */ NULL,
+    /* .dsa_keygen = */ NULL};
 
 // Setup an EVP_PKEY to wrap an existing DSA platform PrivateKey object.
 // |private_key| is a JNI reference (local or global) to the object.
 // |pkey| is the EVP_PKEY to setup as a wrapper.
 // Returns true on success, false otherwise.
 // On success, this creates a global JNI reference to the same object
 // that will be owned by and destroyed with the EVP_PKEY.
 bool GetDsaPkeyWrapper(jobject private_key, EVP_PKEY* pkey) {
   ScopedDSA dsa(DSA_new());
   DSA_set_method(dsa.get(), &android_dsa_method);
@@ skipping 57 matching lines @@
   // This callback shall never be called with the current OpenSSL
   // implementation (the library only ever duplicates EX_DATA items
   // for SSL and BIO objects). But provide this to catch regressions
   // in the future.
   CHECK(false) << "ExDataDup was called for ECDSA custom key !?";
   // Return value is currently ignored by OpenSSL.
   return 0;
 }
 
 class EcdsaExDataIndex {
-public:
+ public:
   int ex_data_index() { return ex_data_index_; }
 
   EcdsaExDataIndex() {
-    ex_data_index_ = ECDSA_get_ex_new_index(0,           // argl
-                                            NULL,        // argp
-                                            NULL,        // new_func
-                                            ExDataDup,   // dup_func
-                                            ExDataFree); // free_func
+    ex_data_index_ = ECDSA_get_ex_new_index(0,            // argl
+                                            NULL,         // argp
+                                            NULL,         // new_func
+                                            ExDataDup,    // dup_func
+                                            ExDataFree);  // free_func
   }
 
-private:
+ private:
   int ex_data_index_;
 };
 
 // Returns the index of the custom EX_DATA used to store the JNI reference.
 int EcdsaGetExDataIndex(void) {
   // Use a LazyInstance to perform thread-safe lazy initialization.
   // Use a leaky one, since OpenSSL doesn't provide a way to release
   // allocated EX_DATA indices.
   static base::LazyInstance<EcdsaExDataIndex>::Leaky s_instance =
       LAZY_INSTANCE_INITIALIZER;
   return s_instance.Get().ex_data_index();
 }
 
 ECDSA_SIG* EcdsaMethodDoSign(const unsigned char* dgst,
                              int dgst_len,
                              const BIGNUM* inv,
                              const BIGNUM* rp,
                              EC_KEY* eckey) {
   // Retrieve private key JNI reference.
   jobject private_key = reinterpret_cast<jobject>(
       ECDSA_get_ex_data(eckey, EcdsaGetExDataIndex()));
   if (!private_key) {
     LOG(WARNING) << "Null JNI reference passed to EcdsaMethodDoSign!";
     return NULL;
   }
   // Sign message with it through JNI.
   std::vector<uint8> signature;
-  base::StringPiece digest(
-      reinterpret_cast<const char*>(dgst),
-      static_cast<size_t>(dgst_len));
-  if (!RawSignDigestWithPrivateKey(
-          private_key, digest, &signature)) {
+  base::StringPiece digest(reinterpret_cast<const char*>(dgst),
+                           static_cast<size_t>(dgst_len));
+  if (!RawSignDigestWithPrivateKey(private_key, digest, &signature)) {
     LOG(WARNING) << "Could not sign message in EcdsaMethodDoSign!";
     return NULL;
   }
 
   // Note: With ECDSA, the actual signature may be smaller than
   // ECDSA_size().
   size_t max_expected_size = static_cast<size_t>(ECDSA_size(eckey));
   if (signature.size() > max_expected_size) {
-    LOG(ERROR) << "ECDSA Signature size mismatch, actual: "
-               <<  signature.size() << ", expected <= "
-               << max_expected_size;
+    LOG(ERROR) << "ECDSA Signature size mismatch, actual: " << signature.size()
+               << ", expected <= " << max_expected_size;
     return NULL;
   }
 
   // Convert signature to ECDSA_SIG object
   const unsigned char* sigbuf =
       reinterpret_cast<const unsigned char*>(&signature[0]);
   long siglen = static_cast<long>(signature.size());
   return d2i_ECDSA_SIG(NULL, &sigbuf, siglen);
 }
 
 int EcdsaMethodSignSetup(EC_KEY* eckey,
                          BN_CTX* ctx,
                          BIGNUM** kinv,
                          BIGNUM** r) {
   NOTIMPLEMENTED();
   ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ECDSA_R_ERR_EC_LIB);
   return -1;
 }
 
 int EcdsaMethodDoVerify(const unsigned char* dgst,
                         int dgst_len,
                         const ECDSA_SIG* sig,
                         EC_KEY* eckey) {
   NOTIMPLEMENTED();
   ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_ERR_EC_LIB);
   return -1;
 }
 
 const ECDSA_METHOD android_ecdsa_method = {
-  /* .name = */ "Android signing-only ECDSA method",
-  /* .ecdsa_do_sign = */ EcdsaMethodDoSign,
-  /* .ecdsa_sign_setup = */ EcdsaMethodSignSetup,
-  /* .ecdsa_do_verify = */ EcdsaMethodDoVerify,
-  /* .flags = */ 0,
-  /* .app_data = */ NULL,
+    /* .name = */ "Android signing-only ECDSA method",
+    /* .ecdsa_do_sign = */ EcdsaMethodDoSign,
+    /* .ecdsa_sign_setup = */ EcdsaMethodSignSetup,
+    /* .ecdsa_do_verify = */ EcdsaMethodDoVerify,
+    /* .flags = */ 0,
+    /* .app_data = */ NULL,
 };
 
 // Setup an EVP_PKEY to wrap an existing platform PrivateKey object.
 // |private_key| is the JNI reference (local or global) to the object.
 // |pkey| is the EVP_PKEY to setup as a wrapper.
 // Returns true on success, false otherwise.
 // On success, this creates a global JNI reference to the object that
 // is owned by and destroyed with the EVP_PKEY. I.e. the caller shall
 // always free |private_key| after the call.
 bool GetEcdsaPkeyWrapper(jobject private_key, EVP_PKEY* pkey) {
@@ skipping 17 matching lines @@
     return false;
   }
   EC_KEY_set_group(eckey.get(), group.release());
 
   ScopedJavaGlobalRef<jobject> global_key;
   global_key.Reset(NULL, private_key);
   if (global_key.is_null()) {
     LOG(ERROR) << "Can't create global JNI reference";
     return false;
   }
-  ECDSA_set_ex_data(eckey.get(),
-                    EcdsaGetExDataIndex(),
-                    global_key.Release());
+  ECDSA_set_ex_data(eckey.get(), EcdsaGetExDataIndex(), global_key.Release());
 
   EVP_PKEY_assign_EC_KEY(pkey, eckey.release());
   return true;
 }
 
 }  // namespace
 
 EVP_PKEY* GetOpenSSLPrivateKeyWrapper(jobject private_key) {
   // Create new empty EVP_PKEY instance.
   ScopedEVP_PKEY pkey(EVP_PKEY_new());
   if (!pkey.get())
     return NULL;
 
   // Create sub key type, depending on private key's algorithm type.
   PrivateKeyType key_type = GetPrivateKeyType(private_key);
   switch (key_type) {
-    case PRIVATE_KEY_TYPE_RSA:
-      {
-        // Route around platform bug: if Android < 4.2, then
-        // base::android::RawSignDigestWithPrivateKey() cannot work, so
-        // instead, obtain a raw EVP_PKEY* to the system object
-        // backing this PrivateKey object.
-        const int kAndroid42ApiLevel = 17;
-        if (base::android::BuildInfo::GetInstance()->sdk_int() <
-            kAndroid42ApiLevel) {
-          EVP_PKEY* legacy_key = GetRsaLegacyKey(private_key);
-          if (legacy_key == NULL)
-            return NULL;
-          pkey.reset(legacy_key);
-        } else {
-          // Running on Android 4.2.
-          if (!GetRsaPkeyWrapper(private_key, pkey.get()))
-            return NULL;
-        }
+    case PRIVATE_KEY_TYPE_RSA: {
+      // Route around platform bug: if Android < 4.2, then
+      // base::android::RawSignDigestWithPrivateKey() cannot work, so
+      // instead, obtain a raw EVP_PKEY* to the system object
+      // backing this PrivateKey object.
+      const int kAndroid42ApiLevel = 17;
+      if (base::android::BuildInfo::GetInstance()->sdk_int() <
+          kAndroid42ApiLevel) {
+        EVP_PKEY* legacy_key = GetRsaLegacyKey(private_key);
+        if (legacy_key == NULL)
+          return NULL;
+        pkey.reset(legacy_key);
+      } else {
+        // Running on Android 4.2.
+        if (!GetRsaPkeyWrapper(private_key, pkey.get()))
+          return NULL;
       }
-      break;
+    } break;
     case PRIVATE_KEY_TYPE_DSA:
       if (!GetDsaPkeyWrapper(private_key, pkey.get()))
         return NULL;
       break;
     case PRIVATE_KEY_TYPE_ECDSA:
       if (!GetEcdsaPkeyWrapper(private_key, pkey.get()))
         return NULL;
       break;
     default:
       LOG(WARNING)
           << "GetOpenSSLPrivateKeyWrapper() called with invalid key type";
       return NULL;
   }
   return pkey.release();
 }
 
 }  // namespace android
 }  // namespace net