From ce99f58cfe7b72cb9238006827e3cf59dd78a164 Mon Sep 17 00:00:00 2001 From: Rubin Xu Date: Thu, 12 Oct 2017 10:50:11 +0100 Subject: Fix int truncation in auth token handling HardwareAuthToken.timestamp is uint64_t but got truncated to uint32_t by timestamp_host_order(). Also add some logging to undertand the issue of bad auth token on ryu. Bug: 65283496 Test: builds and runs Change-Id: Ia51d0880f47594e6ab02e46bec270ee68dc5823f --- keystore/auth_token_table.cpp | 10 +++++++++- keystore/auth_token_table.h | 2 +- keystore/key_store_service.cpp | 1 + 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/keystore/auth_token_table.cpp b/keystore/auth_token_table.cpp index eea24c97..8b81e472 100644 --- a/keystore/auth_token_table.cpp +++ b/keystore/auth_token_table.cpp @@ -14,6 +14,8 @@ * limitations under the License. */ +#define LOG_TAG "keystore" + #include "auth_token_table.h" #include @@ -77,6 +79,12 @@ time_t clock_gettime_raw() { void AuthTokenTable::AddAuthenticationToken(const HardwareAuthToken* auth_token) { Entry new_entry(auth_token, clock_function_()); + //STOPSHIP: debug only, to be removed + ALOGD("AddAuthenticationToken: timestamp = %llu (%llu), time_received = %lld", + static_cast(new_entry.timestamp_host_order()), + static_cast(auth_token->timestamp), + static_cast(new_entry.time_received())); + RemoveEntriesSupersededBy(new_entry); if (entries_.size() >= max_entries_) { ALOGW("Auth token table filled up; replacing oldest entry"); @@ -207,7 +215,7 @@ AuthTokenTable::Entry::Entry(const HardwareAuthToken* token, time_t current_time : token_(token), time_received_(current_time), last_use_(current_time), operation_completed_(token_->challenge == 0) {} -uint32_t AuthTokenTable::Entry::timestamp_host_order() const { +uint64_t AuthTokenTable::Entry::timestamp_host_order() const { return ntoh(token_->timestamp); } diff --git a/keystore/auth_token_table.h b/keystore/auth_token_table.h index 6f7aab1d..422c7102 100644 --- a/keystore/auth_token_table.h +++ b/keystore/auth_token_table.h @@ -124,7 +124,7 @@ class AuthTokenTable { const HardwareAuthToken* token() { return token_.get(); } time_t time_received() const { return time_received_; } bool completed() const { return operation_completed_; } - uint32_t timestamp_host_order() const; + uint64_t timestamp_host_order() const; HardwareAuthenticatorType authenticator_type() const; private: diff --git a/keystore/key_store_service.cpp b/keystore/key_store_service.cpp index 85de1813..eb5fe86b 100644 --- a/keystore/key_store_service.cpp +++ b/keystore/key_store_service.cpp @@ -1717,6 +1717,7 @@ KeyStoreServiceReturnCode KeyStoreService::getAuthToken(const KeyCharacteristics case AuthTokenTable::AUTH_TOKEN_NOT_FOUND: case AuthTokenTable::AUTH_TOKEN_EXPIRED: case AuthTokenTable::AUTH_TOKEN_WRONG_SID: + ALOGE("getAuthToken failed: %d", err); //STOPSHIP: debug only, to be removed return ErrorCode::KEY_USER_NOT_AUTHENTICATED; case AuthTokenTable::OP_HANDLE_REQUIRED: return failOnTokenMissing ? KeyStoreServiceReturnCode(ErrorCode::KEY_USER_NOT_AUTHENTICATED) -- cgit v1.2.3