Gitiles
Code Review Sign In
gerrit.omnirom.org / android_hardware_interfaces / 8bf0780fd9d417064ed0f47b9ef8714c53d7b4ef^! / . / gatekeeper / aidl / vts / functional / VtsHalGatekeeperTargetTest.cpp
commit8bf0780fd9d417064ed0f47b9ef8714c53d7b4ef[log] [tgz]
authorEric Biggers <ebiggers@google.com>Sat Aug 05 02:44:30 2023 +0000
committerEric Biggers <ebiggers@google.com>Sat Aug 05 02:47:59 2023 +0000
treecf967c98918b310f93c9471dcc84575fe660f94d
parente8d695d9b2716c593996e2d228473443435d4ac6 [diff] [blame]
Test that the password isn't truncated (again)

Test that Gatekeeper doesn't truncate passwords, either due to them
containing NUL bytes or being long.

This is https://r.android.com/2151558 ported to the AIDL test.  Even
though the AIDL test wasn't added until after my change, it was forked
from an earlier version of the HIDL test that didn't have my change.

Bug: 238919794
Test: atest VtsHalGatekeeperTargetTest # on Cuttlefish
Change-Id: I6fec951e67a35d5275a67244fbef07d1435c9f4f

diff --git a/gatekeeper/aidl/vts/functional/VtsHalGatekeeperTargetTest.cpp b/gatekeeper/aidl/vts/functional/VtsHalGatekeeperTargetTest.cpp
index c89243b..032f7e2 100644
--- a/gatekeeper/aidl/vts/functional/VtsHalGatekeeperTargetTest.cpp
+++ b/gatekeeper/aidl/vts/functional/VtsHalGatekeeperTargetTest.cpp

@@ -221,6 +221,47 @@
 }
 
 /**
+ * Ensure that passwords containing a NUL byte aren't truncated
+ */
+TEST_P(GatekeeperAidlTest, PasswordIsBinaryData) {
+    GatekeeperEnrollResponse enrollRsp;
+    GatekeeperVerifyResponse verifyRsp;
+    std::vector<uint8_t> rightPassword = {'A', 'B', 'C', '\0', 'D', 'E', 'F'};
+    std::vector<uint8_t> wrongPassword = {'A', 'B', 'C', '\0', '\0', '\0', '\0'};
+
+    ALOGI("Testing Enroll+Verify of password with embedded NUL (expected success)");
+    enrollNewPassword(rightPassword, enrollRsp, true);
+    verifyPassword(rightPassword, enrollRsp.data, 1, verifyRsp, true);
+
+    ALOGI("Testing Verify of wrong password (expected failure)");
+    verifyPassword(wrongPassword, enrollRsp.data, 1, verifyRsp, false);
+
+    ALOGI("PasswordIsBinaryData test done");
+}
+
+/**
+ * Ensure that long passwords aren't truncated
+ */
+TEST_P(GatekeeperAidlTest, LongPassword) {
+    GatekeeperEnrollResponse enrollRsp;
+    GatekeeperVerifyResponse verifyRsp;
+    std::vector<uint8_t> password;
+
+    password.resize(64);  // maximum length used by Android
+    memset(password.data(), 'A', password.size());
+
+    ALOGI("Testing Enroll+Verify of long password (expected success)");
+    enrollNewPassword(password, enrollRsp, true);
+    verifyPassword(password, enrollRsp.data, 1, verifyRsp, true);
+
+    ALOGI("Testing Verify of wrong password (expected failure)");
+    password[password.size() - 1] ^= 1;
+    verifyPassword(password, enrollRsp.data, 1, verifyRsp, false);
+
+    ALOGI("LongPassword test done");
+}
+
+/**
  * Ensure we can securely update password (keep the same
  * secure user_id) if we prove we know old password
  */