tequilaOS/platform_hardware_interfaces
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Test that the password isn't truncated (again)

Browse source 
Test that Gatekeeper doesn't truncate passwords, either due to them
containing NUL bytes or being long.

This is https://r.android.com/2151558 ported to the AIDL test.  Even
though the AIDL test wasn't added until after my change, it was forked
from an earlier version of the HIDL test that didn't have my change.

Bug: 238919794
Test: atest VtsHalGatekeeperTargetTest # on Cuttlefish
Change-Id: I6fec951e67a35d5275a67244fbef07d1435c9f4f
This commit is contained in:
Eric Biggers 2023-08-05 02:44:30 +00:00
parent e8d695d9b2
commit 8bf0780fd9
1 changed files with 41 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

41
gatekeeper/aidl/vts/functional/VtsHalGatekeeperTargetTest.cpp
View file

@ -220,6 +220,47 @@ TEST_P(GatekeeperAidlTest, VerifySuccess) {
ALOGI("Testing Enroll+Verify done");
}
/**
* Ensure that passwords containing a NUL byte aren't truncated
*/
TEST_P(GatekeeperAidlTest, PasswordIsBinaryData) {
GatekeeperEnrollResponse enrollRsp;
GatekeeperVerifyResponse verifyRsp;
std::vector<uint8_t> rightPassword = {'A', 'B', 'C', '\0', 'D', 'E', 'F'};
std::vector<uint8_t> wrongPassword = {'A', 'B', 'C', '\0', '\0', '\0', '\0'};
ALOGI("Testing Enroll+Verify of password with embedded NUL (expected success)");
enrollNewPassword(rightPassword, enrollRsp, true);
verifyPassword(rightPassword, enrollRsp.data, 1, verifyRsp, true);
ALOGI("Testing Verify of wrong password (expected failure)");
verifyPassword(wrongPassword, enrollRsp.data, 1, verifyRsp, false);
ALOGI("PasswordIsBinaryData test done");
}
/**
* Ensure that long passwords aren't truncated
*/
TEST_P(GatekeeperAidlTest, LongPassword) {
GatekeeperEnrollResponse enrollRsp;
GatekeeperVerifyResponse verifyRsp;
std::vector<uint8_t> password;
password.resize(64); // maximum length used by Android
memset(password.data(), 'A', password.size());
ALOGI("Testing Enroll+Verify of long password (expected success)");
enrollNewPassword(password, enrollRsp, true);
verifyPassword(password, enrollRsp.data, 1, verifyRsp, true);
ALOGI("Testing Verify of wrong password (expected failure)");
password[password.size() - 1] ^= 1;
verifyPassword(password, enrollRsp.data, 1, verifyRsp, false);
ALOGI("LongPassword test done");
}
/**
* Ensure we can securely update password (keep the same
* secure user_id) if we prove we know old password