diff options
| author | Rubin Xu <rubinxu@google.com> | 2017-10-12 10:50:11 +0100 |
|---|---|---|
| committer | Rubin Xu <rubinxu@google.com> | 2017-10-12 10:50:11 +0100 |
| commit | ce99f58cfe7b72cb9238006827e3cf59dd78a164 (patch) | |
| tree | 51bd86828d4d8905957ccecaea3880899bd8f454 | |
| parent | af7783f735a56bebc5241bfe1a89db5944e3e06c (diff) | |
| download | security-oreo-mr1-dev.tar.gz | |
Fix int truncation in auth token handlingoreo-mr1-dev
HardwareAuthToken.timestamp is uint64_t but got truncated to uint32_t by
timestamp_host_order(). Also add some logging to undertand the issue of
bad auth token on ryu.
Bug: 65283496
Test: builds and runs
Change-Id: Ia51d0880f47594e6ab02e46bec270ee68dc5823f
| -rw-r--r-- | keystore/auth_token_table.cpp | 10 | ||||
| -rw-r--r-- | keystore/auth_token_table.h | 2 | ||||
| -rw-r--r-- | keystore/key_store_service.cpp | 1 |
3 files changed, 11 insertions, 2 deletions
diff --git a/keystore/auth_token_table.cpp b/keystore/auth_token_table.cpp index eea24c97..8b81e472 100644 --- a/keystore/auth_token_table.cpp +++ b/keystore/auth_token_table.cpp @@ -14,6 +14,8 @@ * limitations under the License. */ +#define LOG_TAG "keystore" + #include "auth_token_table.h" #include <assert.h> @@ -77,6 +79,12 @@ time_t clock_gettime_raw() { void AuthTokenTable::AddAuthenticationToken(const HardwareAuthToken* auth_token) { Entry new_entry(auth_token, clock_function_()); + //STOPSHIP: debug only, to be removed + ALOGD("AddAuthenticationToken: timestamp = %llu (%llu), time_received = %lld", + static_cast<unsigned long long>(new_entry.timestamp_host_order()), + static_cast<unsigned long long>(auth_token->timestamp), + static_cast<long long>(new_entry.time_received())); + RemoveEntriesSupersededBy(new_entry); if (entries_.size() >= max_entries_) { ALOGW("Auth token table filled up; replacing oldest entry"); @@ -207,7 +215,7 @@ AuthTokenTable::Entry::Entry(const HardwareAuthToken* token, time_t current_time : token_(token), time_received_(current_time), last_use_(current_time), operation_completed_(token_->challenge == 0) {} -uint32_t AuthTokenTable::Entry::timestamp_host_order() const { +uint64_t AuthTokenTable::Entry::timestamp_host_order() const { return ntoh(token_->timestamp); } diff --git a/keystore/auth_token_table.h b/keystore/auth_token_table.h index 6f7aab1d..422c7102 100644 --- a/keystore/auth_token_table.h +++ b/keystore/auth_token_table.h @@ -124,7 +124,7 @@ class AuthTokenTable { const HardwareAuthToken* token() { return token_.get(); } time_t time_received() const { return time_received_; } bool completed() const { return operation_completed_; } - uint32_t timestamp_host_order() const; + uint64_t timestamp_host_order() const; HardwareAuthenticatorType authenticator_type() const; private: diff --git a/keystore/key_store_service.cpp b/keystore/key_store_service.cpp index 85de1813..eb5fe86b 100644 --- a/keystore/key_store_service.cpp +++ b/keystore/key_store_service.cpp @@ -1717,6 +1717,7 @@ KeyStoreServiceReturnCode KeyStoreService::getAuthToken(const KeyCharacteristics case AuthTokenTable::AUTH_TOKEN_NOT_FOUND: case AuthTokenTable::AUTH_TOKEN_EXPIRED: case AuthTokenTable::AUTH_TOKEN_WRONG_SID: + ALOGE("getAuthToken failed: %d", err); //STOPSHIP: debug only, to be removed return ErrorCode::KEY_USER_NOT_AUTHENTICATED; case AuthTokenTable::OP_HANDLE_REQUIRED: return failOnTokenMissing ? KeyStoreServiceReturnCode(ErrorCode::KEY_USER_NOT_AUTHENTICATED) |