diff options
author | Andres Morales <anmorales@google.com> | 2015-05-29 10:13:31 -0700 |
---|---|---|
committer | Andres Morales <anmorales@google.com> | 2015-06-03 17:01:27 -0700 |
commit | b6fc8937b2f44e534053dc016a08e59eaba4bfe9 (patch) | |
tree | f05d94e841a87d29a57a455ef06c492bcf787ffe /include | |
parent | 52376c13af9efcd93cb59eadd84c605a046ba25e (diff) | |
download | gatekeeper-b6fc8937b2f44e534053dc016a08e59eaba4bfe9.tar.gz |
allow for non-throttling passwords
- Fix memory leak when acquiring auth token key
Bug: 21118563
Change-Id: I5f840728315eabd080fb23d945722679a692997a
Diffstat (limited to 'include')
-rw-r--r-- | include/gatekeeper/gatekeeper.h | 35 | ||||
-rw-r--r-- | include/gatekeeper/gatekeeper_messages.h | 4 | ||||
-rw-r--r-- | include/gatekeeper/password_handle.h | 9 |
3 files changed, 34 insertions, 14 deletions
diff --git a/include/gatekeeper/gatekeeper.h b/include/gatekeeper/gatekeeper.h index ff80b39..e1950f6 100644 --- a/include/gatekeeper/gatekeeper.h +++ b/include/gatekeeper/gatekeeper.h @@ -116,24 +116,41 @@ protected: /** * Returns the value of the current failure record for the user. + * * The failure record should be written to hardware-backed secure storage, such as - * RPMB. + * RPMB, if the target device supports it. + * + * If 'secure' is false, password is operating in a fallback mode. Implementations + * may store the failure record in memory or in non-secure storage if this value is false. * * Returns true on success, false if failure record cannot be retrieved. */ - virtual bool GetFailureRecord(uint32_t uid, secure_id_t user_id, failure_record_t *record) = 0; + virtual bool GetFailureRecord(uint32_t uid, secure_id_t user_id, failure_record_t *record, + bool secure) = 0; /** - * Clears the failure record for the current user. Returning the counter to 0, or deleting - * it entirely. + * Initializes or reinitializes the failure record for the current user. + * + * Must be persisted in secure storage if the target device supports it. + * + * If 'secure' is false, password is operating in a fallback mode. Implementations + * may store the failure record in memory or in non-secure storage if this value is false. + * + * Returns true if the failure record was successfully persisted. */ - virtual void ClearFailureRecord(uint32_t uid, secure_id_t user_id) = 0; + virtual bool ClearFailureRecord(uint32_t uid, secure_id_t user_id, bool secure) = 0; /* - * Persists the provided failure record to secure, persistent storage. + * Writes the provided failure record to persistent storage. + * + * Must be persisted in secure storage if the target device supports it. + * + * If 'secure' is false, password is operating in a fallback mode. Implementations + * may store the failure record in memory or in non-secure storage if this value is false. + * * Returns true if record was successfully written. */ - virtual bool WriteFailureRecord(uint32_t uid, failure_record_t *record) = 0; + virtual bool WriteFailureRecord(uint32_t uid, failure_record_t *record, bool secure) = 0; /** * Computes the amount of time to throttle the user due to the current failure_record @@ -177,7 +194,7 @@ private: * Returns true if failure record was successfully incremented. */ bool IncrementFailureRecord(uint32_t uid, secure_id_t user_id, uint64_t timestamp, - failure_record_t *record); + failure_record_t *record, bool secure); /** * Determines whether the request is within the current throttle window. @@ -188,7 +205,7 @@ private: * Returns true if the request is in the throttle window. */ bool ThrottleRequest(uint32_t uid, uint64_t timestamp, - failure_record_t *record, GateKeeperMessage *response); + failure_record_t *record, bool secure, GateKeeperMessage *response); }; } diff --git a/include/gatekeeper/gatekeeper_messages.h b/include/gatekeeper/gatekeeper_messages.h index cea7e1c..7c4ebf7 100644 --- a/include/gatekeeper/gatekeeper_messages.h +++ b/include/gatekeeper/gatekeeper_messages.h @@ -59,12 +59,12 @@ struct SizedBuffer { * Takes ownership of the buf pointer, and deallocates it * when destructed. */ - SizedBuffer(uint8_t *buf, uint32_t len) { + SizedBuffer(uint8_t buf[], uint32_t len) { buffer.reset(buf); length = len; } - UniquePtr<uint8_t> buffer; + UniquePtr<uint8_t[]> buffer; uint32_t length; }; diff --git a/include/gatekeeper/password_handle.h b/include/gatekeeper/password_handle.h index 3725f7c..c48e1de 100644 --- a/include/gatekeeper/password_handle.h +++ b/include/gatekeeper/password_handle.h @@ -17,6 +17,10 @@ #ifndef GATEKEEPER_PASSWORD_HANDLE_H_ #define GATEKEEPER_PASSWORD_HANDLE_H_ +#define HANDLE_FLAG_THROTTLE_SECURE 1 + +#define HANDLE_VERSION_THROTTLE 2 + namespace gatekeeper { typedef uint64_t secure_id_t; @@ -25,12 +29,12 @@ typedef uint64_t salt_t; * structure for easy serialization * and deserialization of password handles. */ -static const uint8_t HANDLE_VERSION = 1; +static const uint8_t HANDLE_VERSION = 2; struct __attribute__ ((__packed__)) password_handle_t { // fields included in signature uint8_t version; secure_id_t user_id; - secure_id_t authenticator_id; + uint64_t flags; // fields not included in signature salt_t salt; @@ -40,5 +44,4 @@ struct __attribute__ ((__packed__)) password_handle_t { }; } - #endif // GATEKEEPER_PASSWORD_HANDLE_H_ |