android密码解锁/指纹解锁返回的authToken深度解剖
16lz
2021-01-23
目录
- 1、authToken是什么
- 2、authToken代码精读
- (1)、AddAuthenticationToken
- (2)、FindAuthorization
- (3)、getAuthToken
1、authToken是什么
在android中authToken是一串标致调用者身份的数据,是一个结构体.
在gatekeeper和fingerprint的鉴权成功后(verify成功后),都会返回一个authToken给android,然后加入到auth_token_table表中, 该表最大存储32个authToken
typedef struct __attribute__((__packed__)) { uint8_t version; uint64_t challenge; uint64_t user_id; uint64_t authenticator_id; uint32_t authenticator_type; uint64_t timestamp; uint8_t hmac[32];} hw_auth_token_t;
2、authToken代码精读
(1)、AddAuthenticationToken
(system/security/keystore/auth_token_table.cpp)void AuthTokenTable::AddAuthenticationToken(HardwareAuthToken&& auth_token) { Entry new_entry(std::move(auth_token), clock_function_()); // STOPSHIP: debug only, to be removed ALOGD("AddAuthenticationToken: timestamp = %llu, time_received = %lld", static_cast<unsigned long long>(new_entry.token().timestamp), static_cast<long long>(new_entry.time_received())); std::lock_guard<std::mutex> lock(entries_mutex_); RemoveEntriesSupersededBy(new_entry); if (entries_.size() >= max_entries_) { ALOGW("Auth token table filled up; replacing oldest entry"); *min_element(entries_) = std::move(new_entry); } else { entries_.push_back(std::move(new_entry)); }}
max_entries_为32,也就是最大存储32个authToken
(2)、FindAuthorization
(system/security/keystore/auth_token_table.cpp)std::tuple<AuthTokenTable::Error, HardwareAuthToken>AuthTokenTable::FindAuthorization(const AuthorizationSet& key_info, KeyPurpose purpose, uint64_t op_handle) { std::lock_guard<std::mutex> lock(entries_mutex_); if (!KeyRequiresAuthentication(key_info, purpose)) return {AUTH_NOT_REQUIRED, {}}; auto auth_type = defaultOr(key_info.GetTagValue(TAG_USER_AUTH_TYPE), HardwareAuthenticatorType::NONE); std::vector<uint64_t> key_sids; ExtractSids(key_info, &key_sids); if (KeyRequiresAuthPerOperation(key_info, purpose)) return FindAuthPerOpAuthorization(key_sids, auth_type, op_handle); else return FindTimedAuthorization(key_sids, auth_type, key_info);}
(3)、getAuthToken
(system/security/keystore/keymaster_worker.cpp)std::pair<KeyStoreServiceReturnCode, HardwareAuthToken>KeymasterWorker::getAuthToken(const KeyCharacteristics& characteristics, uint64_t handle, KeyPurpose purpose, bool failOnTokenMissing) { AuthorizationSet allCharacteristics(characteristics.softwareEnforced); allCharacteristics.append(characteristics.hardwareEnforced.begin(), characteristics.hardwareEnforced.end()); HardwareAuthToken authToken; AuthTokenTable::Error err; std::tie(err, authToken) = keyStore_->getAuthTokenTable().FindAuthorization( allCharacteristics, static_cast<KeyPurpose>(purpose), handle); KeyStoreServiceReturnCode rc; switch (err) { case AuthTokenTable::OK: case AuthTokenTable::AUTH_NOT_REQUIRED: rc = ResponseCode::NO_ERROR; break; case AuthTokenTable::AUTH_TOKEN_NOT_FOUND: case AuthTokenTable::AUTH_TOKEN_EXPIRED: case AuthTokenTable::AUTH_TOKEN_WRONG_SID: ALOGE("getAuthToken failed: %d", err); // STOPSHIP: debug only, to be removed rc = ErrorCode::KEY_USER_NOT_AUTHENTICATED; break; case AuthTokenTable::OP_HANDLE_REQUIRED: rc = failOnTokenMissing ? KeyStoreServiceReturnCode(ErrorCode::KEY_USER_NOT_AUTHENTICATED) : KeyStoreServiceReturnCode(ResponseCode::OP_AUTH_NEEDED); break; default: ALOGE("Unexpected FindAuthorization return value %d", err); rc = ErrorCode::INVALID_ARGUMENT; } return {rc, std::move(authToken)};}
更多相关文章
- 一行代码搞定三级缓存
- Android代码混淆-添加了Gson遇到的问题
- Android实现自定义dialog的代码
- java代码控制layout_Margin参数
- Android 的 dex2jar 和 jd-gui 反编译 apk 源代码
- Android Menu详解及示例代码
- 在android中利用多线程实现对控件的更新(动态修改文本框中的值)。
- 用HTML+JS实现Android闹钟功能,附带Alarm代码分享
- Android JUnit Test——批量运行测试代码