commit ce99f58cfe7b72cb9238006827e3cf59dd78a164
author Rubin Xu <rubinxu@google.com> Thu Oct 12 10:50:11 2017 +0100
committer Rubin Xu <rubinxu@google.com> Thu Oct 12 10:50:11 2017 +0100
tree 51bd86828d4d8905957ccecaea3880899bd8f454
parent af7783f735a56bebc5241bfe1a89db5944e3e06c

Fix int truncation in auth token handling

HardwareAuthToken.timestamp is uint64_t but got truncated to uint32_t by
timestamp_host_order(). Also add some logging to undertand the issue of
bad auth token on ryu.

Bug: 65283496
Test: builds and runs
Change-Id: Ia51d0880f47594e6ab02e46bec270ee68dc5823f

keystore/auth_token_table.cpp

diff --git a/keystore/auth_token_table.cpp b/keystore/auth_token_table.cpp
index eea24c9..8b81e47 100644
--- a/keystore/auth_token_table.cpp
+++ b/keystore/auth_token_table.cpp
@@ -14,6 +14,8 @@
  * limitations under the License.
  */
 
+#define LOG_TAG "keystore"
+
 #include "auth_token_table.h"
 
 #include <assert.h>
@@ -77,6 +79,12 @@
 
 void AuthTokenTable::AddAuthenticationToken(const HardwareAuthToken* auth_token) {
     Entry new_entry(auth_token, clock_function_());
+    //STOPSHIP: debug only, to be removed
+    ALOGD("AddAuthenticationToken: timestamp = %llu (%llu), time_received = %lld",
+        static_cast<unsigned long long>(new_entry.timestamp_host_order()),
+        static_cast<unsigned long long>(auth_token->timestamp),
+        static_cast<long long>(new_entry.time_received()));
+
     RemoveEntriesSupersededBy(new_entry);
     if (entries_.size() >= max_entries_) {
         ALOGW("Auth token table filled up; replacing oldest entry");
@@ -207,7 +215,7 @@
     : token_(token), time_received_(current_time), last_use_(current_time),
       operation_completed_(token_->challenge == 0) {}
 
-uint32_t AuthTokenTable::Entry::timestamp_host_order() const {
+uint64_t AuthTokenTable::Entry::timestamp_host_order() const {
     return ntoh(token_->timestamp);
 }
 

keystore/auth_token_table.h

diff --git a/keystore/auth_token_table.h b/keystore/auth_token_table.h
index 6f7aab1..422c710 100644
--- a/keystore/auth_token_table.h
+++ b/keystore/auth_token_table.h
@@ -124,7 +124,7 @@
         const HardwareAuthToken* token() { return token_.get(); }
         time_t time_received() const { return time_received_; }
         bool completed() const { return operation_completed_; }
-        uint32_t timestamp_host_order() const;
+        uint64_t timestamp_host_order() const;
         HardwareAuthenticatorType authenticator_type() const;
 
       private:

keystore/key_store_service.cpp

diff --git a/keystore/key_store_service.cpp b/keystore/key_store_service.cpp
index 85de181..eb5fe86 100644
--- a/keystore/key_store_service.cpp
+++ b/keystore/key_store_service.cpp
@@ -1717,6 +1717,7 @@
     case AuthTokenTable::AUTH_TOKEN_NOT_FOUND:
     case AuthTokenTable::AUTH_TOKEN_EXPIRED:
     case AuthTokenTable::AUTH_TOKEN_WRONG_SID:
+        ALOGE("getAuthToken failed: %d", err); //STOPSHIP: debug only, to be removed
         return ErrorCode::KEY_USER_NOT_AUTHENTICATED;
     case AuthTokenTable::OP_HANDLE_REQUIRED:
         return failOnTokenMissing ? KeyStoreServiceReturnCode(ErrorCode::KEY_USER_NOT_AUTHENTICATED)