Align with internal linter (#4978)

b/332740854

.clang-format

@@ -2,3 +2,10 @@ BasedOnStyle: Google
 ColumnLimit: 100
 DerivePointerAlignment: false
 PointerAlignment: Left
+---
+Language: Cpp
+ColumnLimit: 80
+---
+Language: Proto
+ColumnLimit: 80
+---

cc/attestation/verification/insecure_attestation_verifier.cc

@@ -34,9 +34,10 @@ using ::oak::attestation::v1::Evidence;
 }  // namespace
 
 absl::StatusOr<AttestationResults> InsecureAttestationVerifier::Verify(
-    std::chrono::time_point<std::chrono::system_clock> now, const Evidence& evidence,
-    const Endorsements& endorsements) const {
-  absl::StatusOr<std::string> encryption_public_key = ExtractEncryptionPublicKey(evidence);
+    std::chrono::time_point<std::chrono::system_clock> now,
+    const Evidence& evidence, const Endorsements& endorsements) const {
+  absl::StatusOr<std::string> encryption_public_key =
+      ExtractEncryptionPublicKey(evidence);
   if (!encryption_public_key.ok()) {
     return encryption_public_key.status();
   }

cc/attestation/verification/insecure_attestation_verifier.h

@@ -28,7 +28,8 @@
 
 namespace oak::attestation::verification {
 
-// Verifier implementation that doesn't verify attestation evidence and is used for testing.
+// Verifier implementation that doesn't verify attestation evidence and is used
+// for testing.
 class InsecureAttestationVerifier : public AttestationVerifier {
  public:
   // Doesn't perform attestation verification and just returns a success value.

cc/attestation/verification/utils.cc

@@ -39,12 +39,15 @@ absl::StatusOr<std::string> ExtractPublicKey(absl::string_view certificate) {
   return std::string(public_key.begin(), public_key.end());
 }
 
-absl::StatusOr<std::string> ExtractEncryptionPublicKey(const Evidence& evidence) {
-  return ExtractPublicKey(evidence.application_keys().encryption_public_key_certificate());
+absl::StatusOr<std::string> ExtractEncryptionPublicKey(
+    const Evidence& evidence) {
+  return ExtractPublicKey(
+      evidence.application_keys().encryption_public_key_certificate());
 }
 
 absl::StatusOr<std::string> ExtractSigningPublicKey(const Evidence& evidence) {
-  return ExtractPublicKey(evidence.application_keys().signing_public_key_certificate());
+  return ExtractPublicKey(
+      evidence.application_keys().signing_public_key_certificate());
 }
 
 }  // namespace oak::attestation::verification

cc/client/client.cc

@@ -51,26 +51,29 @@ using ::oak::transport::TransportWrapper;
 constexpr absl::string_view kEmptyAssociatedData = "";
 
 absl::StatusOr<std::unique_ptr<OakClient>> OakClient::Create(
-    std::unique_ptr<TransportWrapper> transport, AttestationVerifier& verifier) {
-  absl::StatusOr<EndorsedEvidence> endorsed_evidence = transport->GetEndorsedEvidence();
+    std::unique_ptr<TransportWrapper> transport,
+    AttestationVerifier& verifier) {
+  absl::StatusOr<EndorsedEvidence> endorsed_evidence =
+      transport->GetEndorsedEvidence();
   if (!endorsed_evidence.ok()) {
     return endorsed_evidence.status();
   }
 
-  absl::StatusOr<AttestationResults> attestation_results =
-      verifier.Verify(std::chrono::system_clock::now(), endorsed_evidence->evidence(),
-                      endorsed_evidence->endorsements());
+  absl::StatusOr<AttestationResults> attestation_results = verifier.Verify(
+      std::chrono::system_clock::now(), endorsed_evidence->evidence(),
+      endorsed_evidence->endorsements());
   if (!attestation_results.ok()) {
     return attestation_results.status();
   }
 
   switch (attestation_results->status()) {
     case AttestationResults::STATUS_SUCCESS:
-      return absl::WrapUnique(
-          new OakClient(std::move(transport), attestation_results->encryption_public_key()));
+      return absl::WrapUnique(new OakClient(
+          std::move(transport), attestation_results->encryption_public_key()));
     case AttestationResults::STATUS_GENERIC_FAILURE:
       return absl::FailedPreconditionError(
-          absl::StrCat("couldn't verify endorsed evidence: ", attestation_results->reason()));
+          absl::StrCat("couldn't verify endorsed evidence: ",
+                       attestation_results->reason()));
     case AttestationResults::STATUS_UNSPECIFIED:
     default:
       return absl::InternalError("illegal status code in attestation results");
@@ -93,13 +96,15 @@ absl::StatusOr<std::string> OakClient::Invoke(absl::string_view request_body) {
   }
 
   // Send request.
-  absl::StatusOr<EncryptedResponse> encrypted_response = transport_->Invoke(*encrypted_request);
+  absl::StatusOr<EncryptedResponse> encrypted_response =
+      transport_->Invoke(*encrypted_request);
   if (!encrypted_response.ok()) {
     return encrypted_response.status();
   }
 
   // Decrypt response.
-  absl::StatusOr<DecryptionResult> response = (*client_encryptor)->Decrypt(*encrypted_response);
+  absl::StatusOr<DecryptionResult> response =
+      (*client_encryptor)->Decrypt(*encrypted_response);
   if (!response.ok()) {
     return response.status();
   }

cc/client/client.h

@@ -47,7 +47,8 @@ class OakClient {
 
  private:
   std::unique_ptr<oak::transport::Transport> transport_;
-  // TODO(#4157): Store client encryptor once crypto sessions are implemented on the server.
+  // TODO(#4157): Store client encryptor once crypto sessions are implemented on
+  // the server.
   std::string server_encryption_public_key_;
 
   OakClient(std::unique_ptr<oak::transport::Transport> transport,

cc/client/client_test.cc

@@ -65,25 +65,30 @@ class OakClientTest : public testing::Test {
   std::shared_ptr<EncryptionKeyProvider> encryption_key_;
 };
 
-// TODO(#3641): Send test remote attestation report to the client and add corresponding tests.
+// TODO(#3641): Send test remote attestation report to the client and add
+// corresponding tests.
 class TestTransport : public TransportWrapper {
  public:
   explicit TestTransport(std::shared_ptr<EncryptionKeyProvider> encryption_key)
       : encryption_key_(encryption_key) {}
 
-  absl::StatusOr<EndorsedEvidence> GetEndorsedEvidence() override { return EndorsedEvidence(); }
+  absl::StatusOr<EndorsedEvidence> GetEndorsedEvidence() override {
+    return EndorsedEvidence();
+  }
 
-  absl::StatusOr<EncryptedResponse> Invoke(const EncryptedRequest& encrypted_request) override {
+  absl::StatusOr<EncryptedResponse> Invoke(
+      const EncryptedRequest& encrypted_request) override {
     ServerEncryptor server_encryptor = ServerEncryptor(*encryption_key_);
     auto decrypted_request = server_encryptor.Decrypt(encrypted_request);
     if (!decrypted_request.ok()) {
       return decrypted_request.status();
     }
 
     if (decrypted_request->plaintext != kTestRequest) {
-      return absl::InvalidArgumentError(std::string("incorrect request, expected: ") +
-                                        std::string(kTestRequest) +
-                                        ", got : " + decrypted_request->plaintext);
+      return absl::InvalidArgumentError(
+          std::string("incorrect request, expected: ") +
+          std::string(kTestRequest) +
+          ", got : " + decrypted_request->plaintext);
     }
 
     return server_encryptor.Encrypt(kTestResponse, kTestAssociatedData);
@@ -95,11 +100,13 @@ class TestTransport : public TransportWrapper {
 
 class TestAttestationVerifier : public AttestationVerifier {
  public:
-  explicit TestAttestationVerifier(std::shared_ptr<EncryptionKeyProvider> encryption_key)
+  explicit TestAttestationVerifier(
+      std::shared_ptr<EncryptionKeyProvider> encryption_key)
       : encryption_key_(encryption_key) {}
 
   absl::StatusOr<::oak::attestation::v1::AttestationResults> Verify(
-      std::chrono::time_point<std::chrono::system_clock> now, const Evidence& evidence,
+      std::chrono::time_point<std::chrono::system_clock> now,
+      const Evidence& evidence,
       const Endorsements& endorsements) const override {
     AttestationResults attestation_results;
     attestation_results.set_status(AttestationResults::STATUS_SUCCESS);

cc/client/grpc_client_cli.cc

@@ -52,17 +52,19 @@ int main(int argc, char* argv[]) {
 
   // Create gRPC client stub.
   LOG(INFO) << "connecting to: " << address;
-  std::shared_ptr<Channel> channel = CreateChannel(address, InsecureChannelCredentials());
+  std::shared_ptr<Channel> channel =
+      CreateChannel(address, InsecureChannelCredentials());
   std::shared_ptr<oak::session::v1::StreamingSession::Stub> stub =
       StreamingSession::NewStub(channel);
   ClientContext context;
-  std::unique_ptr<ClientReaderWriter<RequestWrapper, ResponseWrapper>> channel_reader_writer =
-      stub->Stream(&context);
+  std::unique_ptr<ClientReaderWriter<RequestWrapper, ResponseWrapper>>
+      channel_reader_writer = stub->Stream(&context);
 
   // Create Oak Client.
   LOG(INFO) << "creating Oak Client";
   std::unique_ptr<GrpcStreamingTransport> transport =
-      std::make_unique<GrpcStreamingTransport>(std::move(channel_reader_writer));
+      std::make_unique<GrpcStreamingTransport>(
+          std::move(channel_reader_writer));
   InsecureAttestationVerifier verifier = InsecureAttestationVerifier();
   absl::StatusOr<std::unique_ptr<OakClient>> oak_client =
       OakClient::Create(std::move(transport), verifier);

cc/containers/hello_world_trusted_app/app_service.cc

@@ -38,23 +38,27 @@ using ::oak::crypto::v1::EncryptedResponse;
 constexpr absl::string_view kEmptyAssociatedData = "";
 
 grpc::Status TrustedApplicationImpl::Hello(grpc::ServerContext* context,
-                                           const HelloRequest* request, HelloResponse* response) {
+                                           const HelloRequest* request,
+                                           HelloResponse* response) {
   ServerEncryptor server_encryptor(*encryption_key_handle_);
   absl::StatusOr<DecryptionResult> decrypted_request =
       server_encryptor.Decrypt(request->encrypted_request());
   if (!decrypted_request.ok()) {
-    return grpc::Status(static_cast<grpc::StatusCode>(decrypted_request.status().code()),
-                        std::string(decrypted_request.status().message()));
+    return grpc::Status(
+        static_cast<grpc::StatusCode>(decrypted_request.status().code()),
+        std::string(decrypted_request.status().message()));
   }
 
-  std::string greeting = absl::StrCat("Hello from the trusted side, ", decrypted_request->plaintext,
-                                      "! Btw, the Trusted App has a config with a length of ",
-                                      application_config_.size(), " bytes.");
+  std::string greeting = absl::StrCat(
+      "Hello from the trusted side, ", decrypted_request->plaintext,
+      "! Btw, the Trusted App has a config with a length of ",
+      application_config_.size(), " bytes.");
   absl::StatusOr<EncryptedResponse> encrypted_response =
       server_encryptor.Encrypt(greeting, kEmptyAssociatedData);
   if (!encrypted_response.ok()) {
-    return grpc::Status(static_cast<grpc::StatusCode>(encrypted_response.status().code()),
-                        std::string(encrypted_response.status().message()));
+    return grpc::Status(
+        static_cast<grpc::StatusCode>(encrypted_response.status().code()),
+        std::string(encrypted_response.status().message()));
   }
 
   *response->mutable_encrypted_response() = *std::move(encrypted_response);

cc/containers/hello_world_trusted_app/app_service.h

@@ -28,14 +28,17 @@
 
 namespace oak::oak_containers_hello_world_trusted_app {
 
-class TrustedApplicationImpl : public containers::example::TrustedApplication::Service {
+class TrustedApplicationImpl
+    : public containers::example::TrustedApplication::Service {
  public:
-  TrustedApplicationImpl(std::unique_ptr<::oak::crypto::EncryptionKeyHandle> encryption_key_handle,
-                         absl::string_view application_config)
+  TrustedApplicationImpl(
+      std::unique_ptr<::oak::crypto::EncryptionKeyHandle> encryption_key_handle,
+      absl::string_view application_config)
       : encryption_key_handle_(std::move(encryption_key_handle)),
         application_config_(application_config) {}
 
-  grpc::Status Hello(grpc::ServerContext* context, const containers::example::HelloRequest* request,
+  grpc::Status Hello(grpc::ServerContext* context,
+                     const containers::example::HelloRequest* request,
                      containers::example::HelloResponse* response) override;
 
  private:

cc/containers/hello_world_trusted_app/main.cc

@@ -33,10 +33,12 @@ int main(int argc, char* argv[]) {
   absl::InitializeLog();
 
   OrchestratorClient client;
-  absl::StatusOr<std::string> application_config = client.GetApplicationConfig();
+  absl::StatusOr<std::string> application_config =
+      client.GetApplicationConfig();
   QCHECK_OK(application_config);
   TrustedApplicationImpl service(
-      std::make_unique<::oak::containers::sdk::InstanceEncryptionKeyHandle>(), *application_config);
+      std::make_unique<::oak::containers::sdk::InstanceEncryptionKeyHandle>(),
+      *application_config);
 
   grpc::ServerBuilder builder;
   builder.AddListeningPort("[::]:8080", grpc::InsecureServerCredentials());

cc/containers/sdk/common.h

@@ -20,7 +20,8 @@
 namespace oak::containers::sdk {
 
 // Unix socket used to connect to the Orchestrator.
-inline static const char kOrchestratorSocket[] = "unix:/oak_utils/orchestrator_ipc";
+inline static const char kOrchestratorSocket[] =
+    "unix:/oak_utils/orchestrator_ipc";
 
 inline static const char kContextAuthority[] = "[::]:0";
 

cc/containers/sdk/encryption_key_handle.cc

@@ -35,8 +35,9 @@ using ::oak::crypto::v1::SessionKeys;
 absl::StatusOr<std::unique_ptr<RecipientContext>>
 InstanceEncryptionKeyHandle::GenerateRecipientContext(
     absl::string_view serialized_encapsulated_public_key) {
-  absl::StatusOr<SessionKeys> session_keys = orchestrator_crypto_client_.DeriveSessionKeys(
-      KeyOrigin::INSTANCE, serialized_encapsulated_public_key);
+  absl::StatusOr<SessionKeys> session_keys =
+      orchestrator_crypto_client_.DeriveSessionKeys(
+          KeyOrigin::INSTANCE, serialized_encapsulated_public_key);
   if (!session_keys.ok()) {
     return absl::InternalError("couldn't derive session keys");
   }
@@ -47,8 +48,9 @@ InstanceEncryptionKeyHandle::GenerateRecipientContext(
 absl::StatusOr<std::unique_ptr<RecipientContext>>
 GroupEncryptionKeyHandle::GenerateRecipientContext(
     absl::string_view serialized_encapsulated_public_key) {
-  absl::StatusOr<SessionKeys> session_keys = orchestrator_crypto_client_.DeriveSessionKeys(
-      KeyOrigin::GROUP, serialized_encapsulated_public_key);
+  absl::StatusOr<SessionKeys> session_keys =
+      orchestrator_crypto_client_.DeriveSessionKeys(
+          KeyOrigin::GROUP, serialized_encapsulated_public_key);
   if (!session_keys.ok()) {
     return absl::InternalError("couldn't derive session keys");
   }

cc/containers/sdk/encryption_key_handle.h

@@ -30,7 +30,8 @@ namespace oak::containers::sdk {
 
 class InstanceEncryptionKeyHandle : public ::oak::crypto::EncryptionKeyHandle {
  public:
-  absl::StatusOr<std::unique_ptr<::oak::crypto::RecipientContext>> GenerateRecipientContext(
+  absl::StatusOr<std::unique_ptr<::oak::crypto::RecipientContext>>
+  GenerateRecipientContext(
       absl::string_view serialized_encapsulated_public_key) override;
 
  private:
@@ -39,7 +40,8 @@ class InstanceEncryptionKeyHandle : public ::oak::crypto::EncryptionKeyHandle {
 
 class GroupEncryptionKeyHandle : public ::oak::crypto::EncryptionKeyHandle {
  public:
-  absl::StatusOr<std::unique_ptr<::oak::crypto::RecipientContext>> GenerateRecipientContext(
+  absl::StatusOr<std::unique_ptr<::oak::crypto::RecipientContext>>
+  GenerateRecipientContext(
       absl::string_view serialized_encapsulated_public_key) override;
 
  private:

cc/containers/sdk/orchestrator_client.cc

@@ -38,8 +38,10 @@ absl::StatusOr<std::string> OrchestratorClient::GetApplicationConfig() const {
   grpc::ClientContext context;
   context.set_authority(kContextAuthority);
   GetApplicationConfigResponse response;
-  if (auto status = stub_->GetApplicationConfig(&context, {}, &response); !status.ok()) {
-    return absl::Status(static_cast<absl::StatusCode>(status.error_code()), status.error_message());
+  if (auto status = stub_->GetApplicationConfig(&context, {}, &response);
+      !status.ok()) {
+    return absl::Status(static_cast<absl::StatusCode>(status.error_code()),
+                        status.error_message());
   }
   return std::move(*response.mutable_config());
 }
@@ -48,8 +50,10 @@ absl::Status OrchestratorClient::NotifyAppReady() const {
   grpc::ClientContext context;
   context.set_authority(kContextAuthority);
   google::protobuf::Empty response;
-  if (auto status = stub_->NotifyAppReady(&context, {}, &response); !status.ok()) {
-    return absl::Status(static_cast<absl::StatusCode>(status.error_code()), status.error_message());
+  if (auto status = stub_->NotifyAppReady(&context, {}, &response);
+      !status.ok()) {
+    return absl::Status(static_cast<absl::StatusCode>(status.error_code()),
+                        status.error_message());
   }
   return absl::OkStatus();
 }

cc/containers/sdk/orchestrator_client.h

@@ -34,8 +34,8 @@ namespace oak::containers::sdk {
 class OrchestratorClient {
  public:
   OrchestratorClient()
-      : OrchestratorClient(
-            grpc::CreateChannel(kOrchestratorSocket, grpc::InsecureChannelCredentials())) {}
+      : OrchestratorClient(grpc::CreateChannel(
+            kOrchestratorSocket, grpc::InsecureChannelCredentials())) {}
 
   absl::StatusOr<std::string> GetApplicationConfig() const;
   absl::Status NotifyAppReady() const;

cc/containers/sdk/orchestrator_crypto_client.cc

@@ -39,15 +39,18 @@ using ::oak::crypto::v1::SessionKeys;
 }  // namespace
 
 absl::StatusOr<SessionKeys> OrchestratorCryptoClient::DeriveSessionKeys(
-    KeyOrigin key_origin, absl::string_view serialized_encapsulated_public_key) const {
+    KeyOrigin key_origin,
+    absl::string_view serialized_encapsulated_public_key) const {
   ClientContext context;
   context.set_authority(kContextAuthority);
   DeriveSessionKeysRequest request;
   request.set_key_origin(key_origin);
-  request.set_serialized_encapsulated_public_key(serialized_encapsulated_public_key);
+  request.set_serialized_encapsulated_public_key(
+      serialized_encapsulated_public_key);
   DeriveSessionKeysResponse response;
 
-  ::grpc::Status status = stub_->DeriveSessionKeys(&context, request, &response);
+  ::grpc::Status status =
+      stub_->DeriveSessionKeys(&context, request, &response);
   if (!status.ok()) {
     return absl::InternalError("couldn't derive session keys");
   }