allow for non-throttling passwords

- Fix memory leak when acquiring auth token key

Bug: 21118563
Change-Id: I5f840728315eabd080fb23d945722679a692997a

3 files changed, 34 insertions, 14 deletions

diff --git a/include/gatekeeper/gatekeeper.h b/include/gatekeeper/gatekeeper.h
index ff80b39..e1950f6 100644
--- a/include/gatekeeper/gatekeeper.h
+++ b/include/gatekeeper/gatekeeper.h
@@ -116,24 +116,41 @@ protected:
 
     /**
      * Returns the value of the current failure record for the user.
+     *
      * The failure record should be written to hardware-backed secure storage, such as
-     * RPMB.
+     * RPMB, if the target device supports it.
+     *
+     * If 'secure' is false, password is operating in a fallback mode. Implementations
+     * may store the failure record in memory or in non-secure storage if this value is false.
      *
      * Returns true on success, false if failure record cannot be retrieved.
      */
-    virtual bool GetFailureRecord(uint32_t uid, secure_id_t user_id, failure_record_t *record) = 0;
+    virtual bool GetFailureRecord(uint32_t uid, secure_id_t user_id, failure_record_t *record,
+            bool secure) = 0;
 
     /**
-     * Clears the failure record for the current user. Returning the counter to 0, or deleting
-     * it entirely.
+     * Initializes or reinitializes the failure record for the current user.
+     *
+     * Must be persisted in secure storage if the target device supports it.
+     *
+     * If 'secure' is false, password is operating in a fallback mode. Implementations
+     * may store the failure record in memory or in non-secure storage if this value is false.
+     *
+     * Returns true if the failure record was successfully persisted.
      */
-    virtual void ClearFailureRecord(uint32_t uid, secure_id_t user_id) = 0;
+    virtual bool ClearFailureRecord(uint32_t uid, secure_id_t user_id, bool secure) = 0;
 
     /*
-     * Persists the provided failure record to secure, persistent storage.
+     * Writes the provided failure record to persistent storage.
+     *
+     * Must be persisted in secure storage if the target device supports it.
+     *
+     * If 'secure' is false, password is operating in a fallback mode. Implementations
+     * may store the failure record in memory or in non-secure storage if this value is false.
+     *
      * Returns true if record was successfully written.
      */
-    virtual bool WriteFailureRecord(uint32_t uid, failure_record_t *record) = 0;
+    virtual bool WriteFailureRecord(uint32_t uid, failure_record_t *record, bool secure) = 0;
 
     /**
      * Computes the amount of time to throttle the user due to the current failure_record
@@ -177,7 +194,7 @@ private:
      * Returns true if failure record was successfully incremented.
      */
     bool IncrementFailureRecord(uint32_t uid, secure_id_t user_id, uint64_t timestamp,
-            failure_record_t *record);
+            failure_record_t *record, bool secure);
 
     /**
      * Determines whether the request is within the current throttle window.
@@ -188,7 +205,7 @@ private:
      * Returns true if the request is in the throttle window.
      */
     bool ThrottleRequest(uint32_t uid, uint64_t timestamp,
-            failure_record_t *record, GateKeeperMessage *response);
+            failure_record_t *record, bool secure, GateKeeperMessage *response);
 };
 
 }
diff --git a/include/gatekeeper/gatekeeper_messages.h b/include/gatekeeper/gatekeeper_messages.h
index cea7e1c..7c4ebf7 100644
--- a/include/gatekeeper/gatekeeper_messages.h
+++ b/include/gatekeeper/gatekeeper_messages.h
@@ -59,12 +59,12 @@ struct SizedBuffer {
      * Takes ownership of the buf pointer, and deallocates it
      * when destructed.
      */
-    SizedBuffer(uint8_t *buf, uint32_t len) {
+    SizedBuffer(uint8_t buf[], uint32_t len) {
         buffer.reset(buf);
         length = len;
     }
 
-    UniquePtr<uint8_t> buffer;
+    UniquePtr<uint8_t[]> buffer;
     uint32_t length;
 };
 
diff --git a/include/gatekeeper/password_handle.h b/include/gatekeeper/password_handle.h
index 3725f7c..c48e1de 100644
--- a/include/gatekeeper/password_handle.h
+++ b/include/gatekeeper/password_handle.h
@@ -17,6 +17,10 @@
 #ifndef GATEKEEPER_PASSWORD_HANDLE_H_
 #define GATEKEEPER_PASSWORD_HANDLE_H_
 
+#define HANDLE_FLAG_THROTTLE_SECURE 1
+
+#define HANDLE_VERSION_THROTTLE 2
+
 namespace gatekeeper {
 
 typedef uint64_t secure_id_t;
@@ -25,12 +29,12 @@ typedef uint64_t salt_t;
  * structure for easy serialization
  * and deserialization of password handles.
  */
-static const uint8_t HANDLE_VERSION = 1;
+static const uint8_t HANDLE_VERSION = 2;
 struct __attribute__ ((__packed__)) password_handle_t {
     // fields included in signature
     uint8_t version;
     secure_id_t user_id;
-    secure_id_t authenticator_id;
+    uint64_t flags;
 
     // fields not included in signature
     salt_t salt;
@@ -40,5 +44,4 @@ struct __attribute__ ((__packed__)) password_handle_t {
 };
 }
 
-
 #endif // GATEKEEPER_PASSWORD_HANDLE_H_