Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 8bf0780f authored by Eric Biggers's avatar Eric Biggers
Browse files

Test that the password isn't truncated (again) 

Test that Gatekeeper doesn't truncate passwords, either due to them
containing NUL bytes or being long.

This is https://r.android.com/2151558 ported to the AIDL test.  Even
though the AIDL test wasn't added until after my change, it was forked
from an earlier version of the HIDL test that didn't have my change.

Bug: 238919794
Test: atest VtsHalGatekeeperTargetTest # on Cuttlefish
Change-Id: I6fec951e67a35d5275a67244fbef07d1435c9f4f
parent e8d695d9

gatekeeper/aidl/vts/functional/VtsHalGatekeeperTargetTest.cpp

+41 −0
Original line number Diff line number Diff line
@@ -220,6 +220,47 @@ TEST_P(GatekeeperAidlTest, VerifySuccess) { 
    ALOGI("Testing Enroll+Verify done");

}



/**

 * Ensure that passwords containing a NUL byte aren't truncated

 */

TEST_P(GatekeeperAidlTest, PasswordIsBinaryData) {

    GatekeeperEnrollResponse enrollRsp;

    GatekeeperVerifyResponse verifyRsp;

    std::vector<uint8_t> rightPassword = {'A', 'B', 'C', '\0', 'D', 'E', 'F'};

    std::vector<uint8_t> wrongPassword = {'A', 'B', 'C', '\0', '\0', '\0', '\0'};



    ALOGI("Testing Enroll+Verify of password with embedded NUL (expected success)");

    enrollNewPassword(rightPassword, enrollRsp, true);

    verifyPassword(rightPassword, enrollRsp.data, 1, verifyRsp, true);



    ALOGI("Testing Verify of wrong password (expected failure)");

    verifyPassword(wrongPassword, enrollRsp.data, 1, verifyRsp, false);



    ALOGI("PasswordIsBinaryData test done");

}



/**

 * Ensure that long passwords aren't truncated

 */

TEST_P(GatekeeperAidlTest, LongPassword) {

    GatekeeperEnrollResponse enrollRsp;

    GatekeeperVerifyResponse verifyRsp;

    std::vector<uint8_t> password;



    password.resize(64);  // maximum length used by Android

    memset(password.data(), 'A', password.size());



    ALOGI("Testing Enroll+Verify of long password (expected success)");

    enrollNewPassword(password, enrollRsp, true);

    verifyPassword(password, enrollRsp.data, 1, verifyRsp, true);



    ALOGI("Testing Verify of wrong password (expected failure)");

    password[password.size() - 1] ^= 1;

    verifyPassword(password, enrollRsp.data, 1, verifyRsp, false);



    ALOGI("LongPassword test done");

}



/**

 * Ensure we can securely update password (keep the same

 * secure user_id) if we prove we know old password