commit 8f737ad2c452d589a6670decaed52b00043d6785
author Janis Danisevskis <jdanis@google.com> Tue Nov 21 12:30:15 2017 -0800
committer Janis Danisevskis <jdanis@google.com> Wed Nov 22 13:59:40 2017 -0800
tree 5e3419d80af940645fcd3af79daf783f61c67e42
parent 4a182800b14326134f5c4e4ec2795f8686aff1f4

Fixed auth_token_table tests

auth_token_table tests did not make the transition to hidle types and
were broken.
Noww they use the hidle types as well.

Also this patch fixes an awkward ownership transfer of an object
referred to by a const pointer and reduses the use of the type hw_auth_token.

Test: Ran all keystore CTS test as well as the fixed auth_token_table
      tests
Bug: 68149839

Change-Id: Ia69a80fad12edc134646a7b340f8e27ea4da2210

keystore/keymaster_enforcement.cpp

diff --git a/keystore/keymaster_enforcement.cpp b/keystore/keymaster_enforcement.cpp
index 4cee57d..c27ec6b 100644
--- a/keystore/keymaster_enforcement.cpp
+++ b/keystore/keymaster_enforcement.cpp
@@ -29,6 +29,8 @@
 #include <hardware/hw_auth_token.h>
 #include <list>
 
+#include <keystore/keystore_hidl_support.h>
+
 namespace keystore {
 
 class AccessTimeMap {
@@ -482,12 +484,11 @@
               sizeof(hw_auth_token_t), auth_token_blob.value().size());
         return false;
     }
-
-    hw_auth_token_t auth_token;
-    memcpy(&auth_token, &auth_token_blob.value()[0], sizeof(hw_auth_token_t));
-    if (auth_token.version != HW_AUTH_TOKEN_VERSION) {
+    uint8_t auth_token_version = auth_token_blob.value()[0];
+    HardwareAuthToken auth_token = hidlVec2AuthToken(auth_token_blob.value());
+    if (auth_token_version != HW_AUTH_TOKEN_VERSION) {
         ALOGE("Bug: Auth token is the version %hhu (or is not an auth token). Expected %d",
-              auth_token.version, HW_AUTH_TOKEN_VERSION);
+              auth_token_version, HW_AUTH_TOKEN_VERSION);
         return false;
     }
 
@@ -502,9 +503,9 @@
         return false;
     }
 
-    if (user_secure_id != auth_token.user_id && user_secure_id != auth_token.authenticator_id) {
+    if (user_secure_id != auth_token.userId && user_secure_id != auth_token.authenticatorId) {
         ALOGI("Auth token SIDs %" PRIu64 " and %" PRIu64 " do not match key SID %" PRIu64,
-              auth_token.user_id, auth_token.authenticator_id, user_secure_id);
+              auth_token.userId, auth_token.authenticatorId, user_secure_id);
         return false;
     }
 
@@ -513,11 +514,11 @@
         return false;
     }
 
-    assert(auth_set[auth_type_index].tag == KM_TAG_USER_AUTH_TYPE);
+    assert(auth_set[auth_type_index].tag == TAG_USER_AUTH_TYPE);
     auto key_auth_type_mask = authorizationValue(TAG_USER_AUTH_TYPE, auth_set[auth_type_index]);
     if (!key_auth_type_mask.isOk()) return false;
 
-    uint32_t token_auth_type = ntoh(auth_token.authenticator_type);
+    uint32_t token_auth_type = ntoh(auth_token.authenticatorType);
     if ((uint32_t(key_auth_type_mask.value()) & token_auth_type) == 0) {
         ALOGE("Key requires match of auth type mask 0%uo, but token contained 0%uo",
               key_auth_type_mask.value(), token_auth_type);
@@ -525,7 +526,7 @@
     }
 
     if (auth_timeout_index != -1 && is_begin_operation) {
-        assert(auth_set[auth_timeout_index].tag == KM_TAG_AUTH_TIMEOUT);
+        assert(auth_set[auth_timeout_index].tag == TAG_AUTH_TIMEOUT);
         auto auth_token_timeout =
             authorizationValue(TAG_AUTH_TIMEOUT, auth_set[auth_timeout_index]);
         if (!auth_token_timeout.isOk()) return false;