目錄

• • • • 1、authToken是什么
      • 2、authToken代碼精讀
      • • (1)、AddAuthenticationToken
        • (2)、FindAuthorization
        • (3)、getAuthToken

1、authToken是什么

在android中authToken是一串標致調(diào)用者身份的數(shù)據(jù)，是一個結(jié)構(gòu)體.
在gatekeeper和fingerprint的鑒權(quán)成功后(verify成功后)，都會返回一個authToken給android，然后加入到auth_token_table表中, 該表最大存儲32個authToken

typedef struct __attribute__((__packed__)) {uint8_t version; uint64_t challenge;uint64_t user_id; uint64_t authenticator_id; uint32_t authenticator_type;uint64_t timestamp; uint8_t hmac[32]; } hw_auth_token_t;

2、authToken代碼精讀

(1)、AddAuthenticationToken

(system/security/keystore/auth_token_table.cpp) void AuthTokenTable::AddAuthenticationToken(HardwareAuthToken&& auth_token) {Entry new_entry(std::move(auth_token), clock_function_());// STOPSHIP: debug only, to be removedALOGD("AddAuthenticationToken: timestamp = %llu, time_received = %lld",static_cast<unsigned long long>(new_entry.token().timestamp),static_cast<long long>(new_entry.time_received()));std::lock_guard<std::mutex> lock(entries_mutex_);RemoveEntriesSupersededBy(new_entry);if (entries_.size() >= max_entries_) {ALOGW("Auth token table filled up; replacing oldest entry");*min_element(entries_) = std::move(new_entry);} else {entries_.push_back(std::move(new_entry));} }

max_entries_為32，也就是最大存儲32個authToken

(2)、FindAuthorization

(system/security/keystore/auth_token_table.cpp) std::tuple<AuthTokenTable::Error, HardwareAuthToken> AuthTokenTable::FindAuthorization(const AuthorizationSet& key_info, KeyPurpose purpose,uint64_t op_handle) {std::lock_guard<std::mutex> lock(entries_mutex_);if (!KeyRequiresAuthentication(key_info, purpose)) return {AUTH_NOT_REQUIRED, {}};auto auth_type =defaultOr(key_info.GetTagValue(TAG_USER_AUTH_TYPE), HardwareAuthenticatorType::NONE);std::vector<uint64_t> key_sids;ExtractSids(key_info, &key_sids);if (KeyRequiresAuthPerOperation(key_info, purpose))return FindAuthPerOpAuthorization(key_sids, auth_type, op_handle);elsereturn FindTimedAuthorization(key_sids, auth_type, key_info); }

(3)、getAuthToken

(system/security/keystore/keymaster_worker.cpp) std::pair<KeyStoreServiceReturnCode, HardwareAuthToken> KeymasterWorker::getAuthToken(const KeyCharacteristics& characteristics, uint64_t handle,KeyPurpose purpose, bool failOnTokenMissing) {AuthorizationSet allCharacteristics(characteristics.softwareEnforced);allCharacteristics.append(characteristics.hardwareEnforced.begin(),characteristics.hardwareEnforced.end());HardwareAuthToken authToken;AuthTokenTable::Error err;std::tie(err, authToken) = keyStore_->getAuthTokenTable().FindAuthorization(allCharacteristics, static_cast<KeyPurpose>(purpose), handle);KeyStoreServiceReturnCode rc;switch (err) {case AuthTokenTable::OK:case AuthTokenTable::AUTH_NOT_REQUIRED:rc = ResponseCode::NO_ERROR;break;case AuthTokenTable::AUTH_TOKEN_NOT_FOUND:case AuthTokenTable::AUTH_TOKEN_EXPIRED:case AuthTokenTable::AUTH_TOKEN_WRONG_SID:ALOGE("getAuthToken failed: %d", err); // STOPSHIP: debug only, to be removedrc = ErrorCode::KEY_USER_NOT_AUTHENTICATED;break;case AuthTokenTable::OP_HANDLE_REQUIRED:rc = failOnTokenMissing ? KeyStoreServiceReturnCode(ErrorCode::KEY_USER_NOT_AUTHENTICATED): KeyStoreServiceReturnCode(ResponseCode::OP_AUTH_NEEDED);break;default:ALOGE("Unexpected FindAuthorization return value %d", err);rc = ErrorCode::INVALID_ARGUMENT;}return {rc, std::move(authToken)}; }

總結(jié)

以上是生活随笔為你收集整理的android密码解锁/指纹解锁返回的authToken深度解剖的全部內(nèi)容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網(wǎng)站內(nèi)容還不錯，歡迎將生活随笔推薦給好友。