Skip to content

Commit 5673e7d

Browse files
authored
Merge pull request #507 from aidangarske/empty-brace-scan-ci
Add empty brace scope CI scan
2 parents e9ef727 + 1e63939 commit 5673e7d

13 files changed

Lines changed: 474 additions & 269 deletions

File tree

Lines changed: 30 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,30 @@
1+
name: Empty Brace Scope Scan
2+
3+
on:
4+
push:
5+
branches: [ 'master', 'main', 'release/**' ]
6+
pull_request:
7+
branches: [ '**' ]
8+
repository_dispatch:
9+
types: [nightly-trigger]
10+
workflow_dispatch:
11+
12+
concurrency:
13+
group: ${{ github.workflow }}-${{ github.ref }}
14+
cancel-in-progress: true
15+
16+
jobs:
17+
empty-brace-scan:
18+
name: Empty Brace Scope Scan
19+
runs-on: ubuntu-22.04
20+
timeout-minutes: 5
21+
steps:
22+
- name: Checkout wolfTPM
23+
uses: actions/checkout@v4
24+
25+
- name: Check for bare C scope blocks
26+
run: |
27+
# Bare scope blocks are disallowed. If one is truly required, document
28+
# the exception directly above the brace or on the brace line:
29+
# /* empty-brace-scan: allow - required because <specific reason> */
30+
python3 scripts/check-empty-brace-scopes.py

examples/keygen/external_import.c

Lines changed: 9 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -101,6 +101,14 @@ int TPM2_ExternalImport_Example(void* userCtx, int argc, char *argv[])
101101
TPMI_ALG_PUBLIC alg = TPM_ALG_RSA;
102102
const char* keyblobFile = "keyblob.bin";
103103
int loadKeyBlob = 0;
104+
#ifdef USE_TEST_SEED
105+
const byte custSeed[] = {
106+
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
107+
0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
108+
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
109+
0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
110+
};
111+
#endif
104112

105113
if (argc >= 2) {
106114
if (XSTRCMP(argv[1], "-?") == 0 ||
@@ -167,15 +175,7 @@ int TPM2_ExternalImport_Example(void* userCtx, int argc, char *argv[])
167175
#ifndef USE_TEST_SEED
168176
TPM2_GetNonce(seedValue.buffer, seedValue.size);
169177
#else
170-
{
171-
const byte custSeed[] = {
172-
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
173-
0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
174-
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
175-
0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
176-
};
177-
XMEMCPY(seedValue.buffer, custSeed, seedValue.size);
178-
}
178+
XMEMCPY(seedValue.buffer, custSeed, seedValue.size);
179179
#endif
180180
printf("Import Seed %d\n", seedValue.size);
181181
TPM2_PrintBin(seedValue.buffer, seedValue.size);

examples/seal/seal_pcr.c

Lines changed: 7 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -245,6 +245,7 @@ int TPM2_Seal_PCR_Example(void* userCtx, int argc, char *argv[])
245245
/* ---- UNSEAL ---- */
246246
if (doUnseal) {
247247
WOLFTPM2_SESSION policySession;
248+
word32 sessionAttrs;
248249
XMEMSET(&policySession, 0, sizeof(policySession));
249250

250251
printf("\nUnsealing secret...\n");
@@ -296,15 +297,13 @@ int TPM2_Seal_PCR_Example(void* userCtx, int argc, char *argv[])
296297
}
297298

298299
/* Step 4: Use policy session for unseal (with param enc if set) */
299-
{
300-
word32 sessionAttrs = TPMA_SESSION_continueSession;
301-
if (paramEncAlg != TPM_ALG_NULL) {
302-
sessionAttrs |= (TPMA_SESSION_decrypt |
303-
TPMA_SESSION_encrypt);
304-
}
305-
rc = wolfTPM2_SetAuthSession(&dev, 0, &policySession,
306-
sessionAttrs);
300+
sessionAttrs = TPMA_SESSION_continueSession;
301+
if (paramEncAlg != TPM_ALG_NULL) {
302+
sessionAttrs |= (TPMA_SESSION_decrypt |
303+
TPMA_SESSION_encrypt);
307304
}
305+
rc = wolfTPM2_SetAuthSession(&dev, 0, &policySession,
306+
sessionAttrs);
308307
if (rc != 0) {
309308
wolfTPM2_UnloadHandle(&dev, &policySession.handle);
310309
wolfTPM2_UnloadHandle(&dev, &sealBlob.handle);

examples/seal/seal_policy_auth.c

Lines changed: 7 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -302,6 +302,7 @@ int TPM2_Seal_PolicyAuth_Example(void* userCtx, int argc, char *argv[])
302302
TPMI_ALG_SIG_SCHEME sigAlg;
303303
byte* policyRef = NULL;
304304
word32 policyRefSz = 0;
305+
word32 sessionAttrs;
305306

306307
XMEMSET(&policySession, 0, sizeof(policySession));
307308
XMEMSET(&checkTicket, 0, sizeof(checkTicket));
@@ -461,15 +462,13 @@ int TPM2_Seal_PolicyAuth_Example(void* userCtx, int argc, char *argv[])
461462
wolfTPM2_UnloadHandle(&dev, &authKeyBlob.handle);
462463

463464
/* Step 9: Unseal using the policy session (with param enc if set) */
464-
{
465-
word32 sessionAttrs = TPMA_SESSION_continueSession;
466-
if (paramEncAlg != TPM_ALG_NULL) {
467-
sessionAttrs |= (TPMA_SESSION_decrypt |
468-
TPMA_SESSION_encrypt);
469-
}
470-
rc = wolfTPM2_SetAuthSession(&dev, 0, &policySession,
471-
sessionAttrs);
465+
sessionAttrs = TPMA_SESSION_continueSession;
466+
if (paramEncAlg != TPM_ALG_NULL) {
467+
sessionAttrs |= (TPMA_SESSION_decrypt |
468+
TPMA_SESSION_encrypt);
472469
}
470+
rc = wolfTPM2_SetAuthSession(&dev, 0, &policySession,
471+
sessionAttrs);
473472
if (rc != 0) {
474473
wolfTPM2_UnloadHandle(&dev, &policySession.handle);
475474
wolfTPM2_UnloadHandle(&dev, &sealBlob.handle);

examples/tls/tls_client.c

Lines changed: 29 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -139,6 +139,11 @@ int TPM2_TLS_ClientArgs(void* userCtx, int argc, char *argv[])
139139
WOLFTPM2_SESSION tpmSession;
140140
TPMT_PUBLIC publicTemplate;
141141
word32 port = TLS_PORT;
142+
#ifndef NO_TLS_MUTUAL_AUTH
143+
byte der[1024];
144+
word32 derSz;
145+
void* pkey = NULL;
146+
#endif
142147

143148
/* initialize variables */
144149
XMEMSET(&storageKey, 0, sizeof(storageKey));
@@ -426,34 +431,31 @@ int TPM2_TLS_ClientArgs(void* userCtx, int argc, char *argv[])
426431
* public key instead (if crypto callbacks are enabled).
427432
*/
428433
#ifndef NO_TLS_MUTUAL_AUTH
429-
{
430-
/* Export TPM public key as DER */
431-
byte der[1024];
432-
word32 derSz = (word32)sizeof(der);
433-
#if defined(HAVE_ECC) && !defined(NO_RSA)
434-
void* pkey = !useECC ? &rsaKey : &eccKey;
435-
#elif !defined(NO_RSA)
436-
void* pkey = &rsaKey;
437-
#elif defined(HAVE_ECC)
438-
void* pkey = &eccKey;
439-
#else
440-
void* pkey = NULL;
441-
#endif
442-
rc = wolfTPM2_ExportPublicKeyBuffer(&dev, (WOLFTPM2_KEY*)pkey,
443-
ENCODING_TYPE_ASN1, der, &derSz);
444-
if (rc < 0) {
445-
printf("Failed to export TPM public key!\n");
446-
goto exit;
447-
}
434+
/* Export TPM public key as DER */
435+
derSz = (word32)sizeof(der);
436+
#if defined(HAVE_ECC) && !defined(NO_RSA)
437+
pkey = !useECC ? &rsaKey : &eccKey;
438+
#elif !defined(NO_RSA)
439+
pkey = &rsaKey;
440+
#elif defined(HAVE_ECC)
441+
pkey = &eccKey;
442+
#else
443+
pkey = NULL;
444+
#endif
445+
rc = wolfTPM2_ExportPublicKeyBuffer(&dev, (WOLFTPM2_KEY*)pkey,
446+
ENCODING_TYPE_ASN1, der, &derSz);
447+
if (rc < 0) {
448+
printf("Failed to export TPM public key!\n");
449+
goto exit;
450+
}
448451

449-
/* Private key only exists on the TPM and crypto callbacks are used for
450-
* signing. Public key is required to enable TLS client (mutual auth).
451-
* This API accepts public keys when crypto callbacks are enabled */
452-
if (wolfSSL_CTX_use_PrivateKey_buffer(ctx, der, derSz,
453-
WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) {
454-
printf("Failed to set RSA key!\n");
455-
goto exit;
456-
}
452+
/* Private key only exists on the TPM and crypto callbacks are used for
453+
* signing. Public key is required to enable TLS client (mutual auth).
454+
* This API accepts public keys when crypto callbacks are enabled */
455+
if (wolfSSL_CTX_use_PrivateKey_buffer(ctx, der, derSz,
456+
WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) {
457+
printf("Failed to set RSA key!\n");
458+
goto exit;
457459
}
458460

459461
/* Client Certificate (Mutual Authentication) */

examples/tls/tls_common.h

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -103,6 +103,9 @@ static inline int SockIORecv(WOLFSSL* ssl, char* buff, int sz, void* ctx)
103103
{
104104
SockIoCbCtx* sockCtx = (SockIoCbCtx*)ctx;
105105
int recvd;
106+
#ifdef TLS_BENCH_MODE
107+
const double zeroVal = 0.0;
108+
#endif
106109

107110
(void)ssl;
108111

@@ -147,11 +150,8 @@ static inline int SockIORecv(WOLFSSL* ssl, char* buff, int sz, void* ctx)
147150
}
148151

149152
#ifdef TLS_BENCH_MODE
150-
{
151-
const double zeroVal = 0.0;
152-
if (XMEMCMP(&benchStart, &zeroVal, sizeof(double)) == 0) {
153-
benchStart = gettime_secs(1);
154-
}
153+
if (XMEMCMP(&benchStart, &zeroVal, sizeof(double)) == 0) {
154+
benchStart = gettime_secs(1);
155155
}
156156
#endif
157157

examples/tls/tls_server.c

Lines changed: 27 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -177,6 +177,9 @@ int TPM2_TLS_ServerArgs(void* userCtx, int argc, char *argv[])
177177
WOLFTPM2_SESSION tpmSession;
178178
TPMT_PUBLIC publicTemplate;
179179
word32 port = TLS_PORT;
180+
byte der[1024];
181+
word32 derSz;
182+
void* pkey = NULL;
180183

181184
/* initialize variables */
182185
XMEMSET(&storageKey, 0, sizeof(storageKey));
@@ -447,34 +450,31 @@ int TPM2_TLS_ServerArgs(void* userCtx, int argc, char *argv[])
447450
#endif /* !NO_FILESYSTEM */
448451

449452

450-
{
451-
/* Export TPM public key as DER */
452-
byte der[1024];
453-
word32 derSz = (word32)sizeof(der);
454-
#if defined(HAVE_ECC) && !defined(NO_RSA)
455-
void* pkey = !useECC ? &rsaKey : &eccKey;
456-
#elif !defined(NO_RSA)
457-
void* pkey = &rsaKey;
458-
#elif defined(HAVE_ECC)
459-
void* pkey = &eccKey;
460-
#else
461-
void* pkey = NULL;
462-
#endif
463-
rc = wolfTPM2_ExportPublicKeyBuffer(&dev, (WOLFTPM2_KEY*)pkey,
464-
ENCODING_TYPE_ASN1, der, &derSz);
465-
if (rc < 0) {
466-
printf("Failed to export TPM public key!\n");
467-
goto exit;
468-
}
453+
/* Export TPM public key as DER */
454+
derSz = (word32)sizeof(der);
455+
#if defined(HAVE_ECC) && !defined(NO_RSA)
456+
pkey = !useECC ? &rsaKey : &eccKey;
457+
#elif !defined(NO_RSA)
458+
pkey = &rsaKey;
459+
#elif defined(HAVE_ECC)
460+
pkey = &eccKey;
461+
#else
462+
pkey = NULL;
463+
#endif
464+
rc = wolfTPM2_ExportPublicKeyBuffer(&dev, (WOLFTPM2_KEY*)pkey,
465+
ENCODING_TYPE_ASN1, der, &derSz);
466+
if (rc < 0) {
467+
printf("Failed to export TPM public key!\n");
468+
goto exit;
469+
}
469470

470-
/* Private key only exists on the TPM and crypto callbacks are used for
471-
* signing. Public key is required to enable TLS client (mutual auth).
472-
* This API accepts public keys when crypto callbacks are enabled */
473-
if (wolfSSL_CTX_use_PrivateKey_buffer(ctx, der, derSz,
474-
WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) {
475-
printf("Failed to set RSA key!\n");
476-
goto exit;
477-
}
471+
/* Private key only exists on the TPM and crypto callbacks are used for
472+
* signing. Public key is required to enable TLS client (mutual auth).
473+
* This API accepts public keys when crypto callbacks are enabled */
474+
if (wolfSSL_CTX_use_PrivateKey_buffer(ctx, der, derSz,
475+
WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) {
476+
printf("Failed to set RSA key!\n");
477+
goto exit;
478478
}
479479

480480
/* Server certificate */

examples/wrap/wrap_test.c

Lines changed: 29 additions & 32 deletions
Original file line numberDiff line numberDiff line change
@@ -79,6 +79,8 @@ int TPM2_Wrapper_TestArgs(void* userCtx, int argc, char *argv[])
7979
TPM2B_ECC_POINT pubPoint;
8080
#ifndef WOLFTPM_WINAPI
8181
word32 nvAttributes = 0;
82+
WOLFTPM2_HANDLE parent;
83+
WOLFTPM2_NV nv;
8284
#endif
8385
#ifdef WOLFTPM_CRYPTOCB
8486
TpmCryptoDevCtx tpmCtx;
@@ -753,47 +755,42 @@ int TPM2_Wrapper_TestArgs(void* userCtx, int argc, char *argv[])
753755
/*------------------------------------------------------------------------*/
754756
/* NV with Auth (preferred API's) */
755757
#ifndef WOLFTPM_WINAPI
756-
{
757-
WOLFTPM2_HANDLE parent;
758-
WOLFTPM2_NV nv;
758+
XMEMSET(&parent, 0, sizeof(parent));
759+
parent.hndl = TPM_RH_OWNER;
759760

760-
XMEMSET(&parent, 0, sizeof(parent));
761-
parent.hndl = TPM_RH_OWNER;
762-
763-
rc = wolfTPM2_GetNvAttributesTemplate(parent.hndl, &nvAttributes);
764-
if (rc != 0) goto exit;
765-
rc = wolfTPM2_NVCreateAuth(&dev, &parent, &nv, TPM2_DEMO_NV_TEST_AUTH_INDEX,
766-
nvAttributes, TPM2_DEMO_NV_TEST_SIZE, (byte*)gNvAuth, sizeof(gNvAuth)-1);
767-
if (rc != 0 && rc != TPM_RC_NV_DEFINED) goto exit;
768-
769-
wolfTPM2_SetAuthHandle(&dev, 0, &nv.handle);
761+
rc = wolfTPM2_GetNvAttributesTemplate(parent.hndl, &nvAttributes);
762+
if (rc != 0) goto exit;
763+
rc = wolfTPM2_NVCreateAuth(&dev, &parent, &nv, TPM2_DEMO_NV_TEST_AUTH_INDEX,
764+
nvAttributes, TPM2_DEMO_NV_TEST_SIZE, (byte*)gNvAuth, sizeof(gNvAuth)-1);
765+
if (rc != 0 && rc != TPM_RC_NV_DEFINED) goto exit;
770766

771-
message.size = TPM2_DEMO_NV_TEST_SIZE; /* test message 0x11,0x11,etc */
772-
XMEMSET(message.buffer, 0x11, message.size);
773-
rc = wolfTPM2_NVWriteAuth(&dev, &nv, TPM2_DEMO_NV_TEST_AUTH_INDEX,
774-
message.buffer, message.size, 0);
775-
if (rc != 0) goto exit;
767+
wolfTPM2_SetAuthHandle(&dev, 0, &nv.handle);
776768

777-
plain.size = TPM2_DEMO_NV_TEST_SIZE;
778-
rc = wolfTPM2_NVReadAuth(&dev, &nv, TPM2_DEMO_NV_TEST_AUTH_INDEX,
779-
plain.buffer, (word32*)&plain.size, 0);
780-
if (rc != 0) goto exit;
769+
message.size = TPM2_DEMO_NV_TEST_SIZE; /* test message 0x11,0x11,etc */
770+
XMEMSET(message.buffer, 0x11, message.size);
771+
rc = wolfTPM2_NVWriteAuth(&dev, &nv, TPM2_DEMO_NV_TEST_AUTH_INDEX,
772+
message.buffer, message.size, 0);
773+
if (rc != 0) goto exit;
781774

782-
rc = wolfTPM2_NVReadPublic(&dev, TPM2_DEMO_NV_TEST_AUTH_INDEX, NULL);
783-
if (rc != 0) goto exit;
775+
plain.size = TPM2_DEMO_NV_TEST_SIZE;
776+
rc = wolfTPM2_NVReadAuth(&dev, &nv, TPM2_DEMO_NV_TEST_AUTH_INDEX,
777+
plain.buffer, (word32*)&plain.size, 0);
778+
if (rc != 0) goto exit;
784779

785-
rc = wolfTPM2_NVDeleteAuth(&dev, &parent, TPM2_DEMO_NV_TEST_AUTH_INDEX);
786-
if (rc != 0) goto exit;
780+
rc = wolfTPM2_NVReadPublic(&dev, TPM2_DEMO_NV_TEST_AUTH_INDEX, NULL);
781+
if (rc != 0) goto exit;
787782

788-
if (message.size != plain.size ||
789-
XMEMCMP(message.buffer, plain.buffer, message.size) != 0) {
790-
rc = TPM_RC_TESTING; goto exit;
791-
}
783+
rc = wolfTPM2_NVDeleteAuth(&dev, &parent, TPM2_DEMO_NV_TEST_AUTH_INDEX);
784+
if (rc != 0) goto exit;
792785

793-
printf("NV Test (with auth) on index 0x%x with %d bytes passed\n",
794-
TPM2_DEMO_NV_TEST_AUTH_INDEX, TPM2_DEMO_NV_TEST_SIZE);
786+
if (message.size != plain.size ||
787+
XMEMCMP(message.buffer, plain.buffer, message.size) != 0) {
788+
rc = TPM_RC_TESTING; goto exit;
795789
}
796790

791+
printf("NV Test (with auth) on index 0x%x with %d bytes passed\n",
792+
TPM2_DEMO_NV_TEST_AUTH_INDEX, TPM2_DEMO_NV_TEST_SIZE);
793+
797794
/* NV Tests (older API's without auth) */
798795
rc = wolfTPM2_GetNvAttributesTemplate(TPM_RH_OWNER, &nvAttributes);
799796
if (rc != 0) goto exit;

0 commit comments

Comments
 (0)