| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/signin/local_auth.h" | 5 #include "chrome/browser/signin/local_auth.h" |
| 6 | 6 |
| 7 #include "base/base64.h" | 7 #include "base/base64.h" |
| 8 #include "base/prefs/pref_service.h" | 8 #include "base/prefs/pref_service.h" |
| 9 #include "chrome/browser/profiles/profile_manager.h" | 9 #include "chrome/browser/profiles/profile_manager.h" |
| 10 #include "chrome/test/base/testing_browser_process.h" | 10 #include "chrome/test/base/testing_browser_process.h" |
| 11 #include "chrome/test/base/testing_pref_service_syncable.h" | 11 #include "chrome/test/base/testing_pref_service_syncable.h" |
| 12 #include "chrome/test/base/testing_profile.h" | 12 #include "chrome/test/base/testing_profile.h" |
| 13 #include "chrome/test/base/testing_profile_manager.h" | 13 #include "chrome/test/base/testing_profile_manager.h" |
| 14 #include "components/os_crypt/os_crypt.h" | 14 #include "components/os_crypt/os_crypt.h" |
| 15 | 15 |
| 16 #include "testing/gtest/include/gtest/gtest.h" | 16 #include "testing/gtest/include/gtest/gtest.h" |
| 17 | 17 |
| 18 using namespace chrome; | |
| 19 | |
| 20 TEST(LocalAuthTest, SetAndCheckCredentials) { | 18 TEST(LocalAuthTest, SetAndCheckCredentials) { |
| 21 TestingProfileManager testing_profile_manager( | 19 TestingProfileManager testing_profile_manager( |
| 22 TestingBrowserProcess::GetGlobal()); | 20 TestingBrowserProcess::GetGlobal()); |
| 23 ASSERT_TRUE(testing_profile_manager.SetUp()); | 21 ASSERT_TRUE(testing_profile_manager.SetUp()); |
| 24 Profile* prof = testing_profile_manager.CreateTestingProfile("p1"); | 22 Profile* prof = testing_profile_manager.CreateTestingProfile("p1"); |
| 25 ProfileInfoCache& cache = | 23 ProfileInfoCache& cache = |
| 26 testing_profile_manager.profile_manager()->GetProfileInfoCache(); | 24 testing_profile_manager.profile_manager()->GetProfileInfoCache(); |
| 27 EXPECT_EQ(1U, cache.GetNumberOfProfiles()); | 25 EXPECT_EQ(1U, cache.GetNumberOfProfiles()); |
| 28 EXPECT_EQ("", cache.GetLocalAuthCredentialsOfProfileAtIndex(0)); | 26 EXPECT_EQ("", cache.GetLocalAuthCredentialsOfProfileAtIndex(0)); |
| 29 | 27 |
| 30 #if defined(OS_MACOSX) | 28 #if defined(OS_MACOSX) |
| 31 OSCrypt::UseMockKeychain(true); | 29 OSCrypt::UseMockKeychain(true); |
| 32 #endif | 30 #endif |
| 33 | 31 |
| 34 std::string password("Some Password"); | 32 std::string password("Some Password"); |
| 35 EXPECT_FALSE(ValidateLocalAuthCredentials(prof, password)); | 33 EXPECT_FALSE(LocalAuth::ValidateLocalAuthCredentials(prof, password)); |
| 36 | 34 |
| 37 SetLocalAuthCredentials(prof, password); | 35 LocalAuth::SetLocalAuthCredentials(prof, password); |
| 38 std::string passhash = cache.GetLocalAuthCredentialsOfProfileAtIndex(0); | 36 std::string passhash = cache.GetLocalAuthCredentialsOfProfileAtIndex(0); |
| 39 | 37 |
| 40 // We perform basic validation on the written record to ensure bugs don't slip | 38 // We perform basic validation on the written record to ensure bugs don't slip |
| 41 // in that cannot be seen from the API: | 39 // in that cannot be seen from the API: |
| 42 // - The encoding exists (we can guarantee future backward compatibility). | 40 // - The encoding exists (we can guarantee future backward compatibility). |
| 43 // - The plaintext version of the password is not mistakenly stored anywhere. | 41 // - The plaintext version of the password is not mistakenly stored anywhere. |
| 44 EXPECT_FALSE(passhash.empty()); | 42 EXPECT_FALSE(passhash.empty()); |
| 45 EXPECT_EQ('1', passhash[0]); | 43 EXPECT_EQ('2', passhash[0]); |
| 46 EXPECT_EQ(passhash.find(password), std::string::npos); | 44 EXPECT_EQ(passhash.find(password), std::string::npos); |
| 47 | 45 |
| 48 std::string decodedhash; | 46 std::string decodedhash; |
| 49 base::Base64Decode(passhash.substr(1), &decodedhash); | 47 base::Base64Decode(passhash.substr(1), &decodedhash); |
| 50 EXPECT_FALSE(decodedhash.empty()); | 48 EXPECT_FALSE(decodedhash.empty()); |
| 51 EXPECT_EQ(decodedhash.find(password), std::string::npos); | 49 EXPECT_EQ(decodedhash.find(password), std::string::npos); |
| 52 | 50 |
| 53 EXPECT_TRUE(ValidateLocalAuthCredentials(prof, password)); | 51 EXPECT_TRUE(LocalAuth::ValidateLocalAuthCredentials(prof, password)); |
| 54 EXPECT_FALSE(ValidateLocalAuthCredentials(prof, password + "1")); | 52 EXPECT_FALSE(LocalAuth::ValidateLocalAuthCredentials(prof, password + "1")); |
| 55 | 53 |
| 56 SetLocalAuthCredentials(prof, password); // makes different salt | 54 LocalAuth::SetLocalAuthCredentials(prof, password); // makes different salt |
| 57 EXPECT_NE(passhash, cache.GetLocalAuthCredentialsOfProfileAtIndex(0)); | 55 EXPECT_NE(passhash, cache.GetLocalAuthCredentialsOfProfileAtIndex(0)); |
| 58 } | 56 } |
| 57 |
| 58 |
| 59 TEST(LocalAuthTest, SetUpgradeAndCheckCredentials) { |
| 60 TestingProfileManager testing_profile_manager( |
| 61 TestingBrowserProcess::GetGlobal()); |
| 62 ASSERT_TRUE(testing_profile_manager.SetUp()); |
| 63 Profile* prof = testing_profile_manager.CreateTestingProfile("p1"); |
| 64 ProfileInfoCache& cache = |
| 65 testing_profile_manager.profile_manager()->GetProfileInfoCache(); |
| 66 |
| 67 std::string password("Some Password"); |
| 68 size_t profile_index = cache.GetIndexOfProfileWithPath(prof->GetPath()); |
| 69 LocalAuth::SetLocalAuthCredentialsWithEncoding(profile_index, password, '1'); |
| 70 |
| 71 // Ensure we indeed persisted the correct encoding. |
| 72 std::string oldpasshash = cache.GetLocalAuthCredentialsOfProfileAtIndex( |
| 73 profile_index); |
| 74 EXPECT_EQ('1', oldpasshash[0]); |
| 75 |
| 76 // Validate, ensure we can validate against the old encoding. |
| 77 EXPECT_TRUE(LocalAuth::ValidateLocalAuthCredentials(prof, password)); |
| 78 |
| 79 // Ensure we updated the encoding. |
| 80 std::string newpasshash = cache.GetLocalAuthCredentialsOfProfileAtIndex( |
| 81 profile_index); |
| 82 EXPECT_EQ('2', newpasshash[0]); |
| 83 // Encoding '2' writes fewer bytes than encoding '1'. |
| 84 EXPECT_LE(newpasshash.length(), oldpasshash.length()); |
| 85 |
| 86 // Validate, ensure we validate against the new encoding. |
| 87 EXPECT_TRUE(LocalAuth::ValidateLocalAuthCredentials(prof, password)); |
| 88 } |
| 89 |
| 90 // Test truncation where each byte is left whole. |
| 91 TEST(LocalAuthTest, TruncateStringEvenly) { |
| 92 std::string two_chars = "A6"; |
| 93 std::string three_chars = "A6C"; |
| 94 EXPECT_EQ(two_chars, LocalAuth::TruncateStringByBits(two_chars, 16)); |
| 95 EXPECT_EQ(two_chars, LocalAuth::TruncateStringByBits(three_chars, 16)); |
| 96 |
| 97 EXPECT_EQ(two_chars, LocalAuth::TruncateStringByBits(two_chars, 14)); |
| 98 EXPECT_EQ(two_chars, LocalAuth::TruncateStringByBits(three_chars, 14)); |
| 99 } |
| 100 |
| 101 // Test truncation that affects the results within a byte. |
| 102 TEST(LocalAuthTest, TruncateStringUnevenly) { |
| 103 std::string two_chars = "Az"; |
| 104 std::string three_chars = "AzC"; |
| 105 // 'z' = 0x7A, ':' = 0x3A. |
| 106 std::string two_chars_truncated = "A:"; |
| 107 EXPECT_EQ(two_chars_truncated, |
| 108 LocalAuth::TruncateStringByBits(two_chars, 14)); |
| 109 EXPECT_EQ(two_chars_truncated, |
| 110 LocalAuth::TruncateStringByBits(three_chars, 14)); |
| 111 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 862103002:
Only store leading 13 bits of password hash. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master