| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/signin/local_auth.h" | 5 #include "chrome/browser/signin/local_auth.h" |
| 6 | 6 |
| 7 #include "base/base64.h" | 7 #include "base/base64.h" |
| 8 #include "base/prefs/pref_service.h" | 8 #include "base/prefs/pref_service.h" |
| 9 #include "chrome/browser/profiles/profile_manager.h" | 9 #include "chrome/browser/profiles/profile_manager.h" |
| 10 #include "chrome/test/base/testing_browser_process.h" | 10 #include "chrome/test/base/testing_browser_process.h" |
| 11 #include "chrome/test/base/testing_pref_service_syncable.h" | 11 #include "chrome/test/base/testing_pref_service_syncable.h" |
| 12 #include "chrome/test/base/testing_profile.h" | 12 #include "chrome/test/base/testing_profile.h" |
| 13 #include "chrome/test/base/testing_profile_manager.h" | 13 #include "chrome/test/base/testing_profile_manager.h" |
| 14 #include "components/os_crypt/os_crypt.h" | 14 #include "components/os_crypt/os_crypt.h" |
| 15 | 15 |
| 16 #include "testing/gtest/include/gtest/gtest.h" | 16 #include "testing/gtest/include/gtest/gtest.h" |
| 17 | 17 |
| 18 using namespace chrome; |
| 19 |
| 18 TEST(LocalAuthTest, SetAndCheckCredentials) { | 20 TEST(LocalAuthTest, SetAndCheckCredentials) { |
| 19 TestingProfileManager testing_profile_manager( | 21 TestingProfileManager testing_profile_manager( |
| 20 TestingBrowserProcess::GetGlobal()); | 22 TestingBrowserProcess::GetGlobal()); |
| 21 ASSERT_TRUE(testing_profile_manager.SetUp()); | 23 ASSERT_TRUE(testing_profile_manager.SetUp()); |
| 22 Profile* prof = testing_profile_manager.CreateTestingProfile("p1"); | 24 Profile* prof = testing_profile_manager.CreateTestingProfile("p1"); |
| 23 ProfileInfoCache& cache = | 25 ProfileInfoCache& cache = |
| 24 testing_profile_manager.profile_manager()->GetProfileInfoCache(); | 26 testing_profile_manager.profile_manager()->GetProfileInfoCache(); |
| 25 EXPECT_EQ(1U, cache.GetNumberOfProfiles()); | 27 EXPECT_EQ(1U, cache.GetNumberOfProfiles()); |
| 26 EXPECT_EQ("", cache.GetLocalAuthCredentialsOfProfileAtIndex(0)); | 28 EXPECT_EQ("", cache.GetLocalAuthCredentialsOfProfileAtIndex(0)); |
| 27 | 29 |
| 28 #if defined(OS_MACOSX) | 30 #if defined(OS_MACOSX) |
| 29 OSCrypt::UseMockKeychain(true); | 31 OSCrypt::UseMockKeychain(true); |
| 30 #endif | 32 #endif |
| 31 | 33 |
| 32 std::string password("Some Password"); | 34 std::string password("Some Password"); |
| 33 EXPECT_FALSE(LocalAuth::ValidateLocalAuthCredentials(prof, password)); | 35 EXPECT_FALSE(ValidateLocalAuthCredentials(prof, password)); |
| 34 | 36 |
| 35 LocalAuth::SetLocalAuthCredentials(prof, password); | 37 SetLocalAuthCredentials(prof, password); |
| 36 std::string passhash = cache.GetLocalAuthCredentialsOfProfileAtIndex(0); | 38 std::string passhash = cache.GetLocalAuthCredentialsOfProfileAtIndex(0); |
| 37 | 39 |
| 38 // We perform basic validation on the written record to ensure bugs don't slip | 40 // We perform basic validation on the written record to ensure bugs don't slip |
| 39 // in that cannot be seen from the API: | 41 // in that cannot be seen from the API: |
| 40 // - The encoding exists (we can guarantee future backward compatibility). | 42 // - The encoding exists (we can guarantee future backward compatibility). |
| 41 // - The plaintext version of the password is not mistakenly stored anywhere. | 43 // - The plaintext version of the password is not mistakenly stored anywhere. |
| 42 EXPECT_FALSE(passhash.empty()); | 44 EXPECT_FALSE(passhash.empty()); |
| 43 EXPECT_EQ('2', passhash[0]); | 45 EXPECT_EQ('1', passhash[0]); |
| 44 EXPECT_EQ(passhash.find(password), std::string::npos); | 46 EXPECT_EQ(passhash.find(password), std::string::npos); |
| 45 | 47 |
| 46 std::string decodedhash; | 48 std::string decodedhash; |
| 47 base::Base64Decode(passhash.substr(1), &decodedhash); | 49 base::Base64Decode(passhash.substr(1), &decodedhash); |
| 48 EXPECT_FALSE(decodedhash.empty()); | 50 EXPECT_FALSE(decodedhash.empty()); |
| 49 EXPECT_EQ(decodedhash.find(password), std::string::npos); | 51 EXPECT_EQ(decodedhash.find(password), std::string::npos); |
| 50 | 52 |
| 51 EXPECT_TRUE(LocalAuth::ValidateLocalAuthCredentials(prof, password)); | 53 EXPECT_TRUE(ValidateLocalAuthCredentials(prof, password)); |
| 52 EXPECT_FALSE(LocalAuth::ValidateLocalAuthCredentials(prof, password + "1")); | 54 EXPECT_FALSE(ValidateLocalAuthCredentials(prof, password + "1")); |
| 53 | 55 |
| 54 LocalAuth::SetLocalAuthCredentials(prof, password); // makes different salt | 56 SetLocalAuthCredentials(prof, password); // makes different salt |
| 55 EXPECT_NE(passhash, cache.GetLocalAuthCredentialsOfProfileAtIndex(0)); | 57 EXPECT_NE(passhash, cache.GetLocalAuthCredentialsOfProfileAtIndex(0)); |
| 56 } | 58 } |
| 57 | |
| 58 | |
| 59 TEST(LocalAuthTest, SetUpgradeAndCheckCredentials) { | |
| 60 TestingProfileManager testing_profile_manager( | |
| 61 TestingBrowserProcess::GetGlobal()); | |
| 62 ASSERT_TRUE(testing_profile_manager.SetUp()); | |
| 63 Profile* prof = testing_profile_manager.CreateTestingProfile("p1"); | |
| 64 ProfileInfoCache& cache = | |
| 65 testing_profile_manager.profile_manager()->GetProfileInfoCache(); | |
| 66 | |
| 67 std::string password("Some Password"); | |
| 68 size_t profile_index = cache.GetIndexOfProfileWithPath(prof->GetPath()); | |
| 69 LocalAuth::SetLocalAuthCredentialsWithEncoding(profile_index, password, '1'); | |
| 70 | |
| 71 // Ensure we indeed persisted the correct encoding. | |
| 72 std::string oldpasshash = cache.GetLocalAuthCredentialsOfProfileAtIndex( | |
| 73 profile_index); | |
| 74 EXPECT_EQ('1', oldpasshash[0]); | |
| 75 | |
| 76 // Validate, ensure we can validate against the old encoding. | |
| 77 EXPECT_TRUE(LocalAuth::ValidateLocalAuthCredentials(prof, password)); | |
| 78 | |
| 79 // Ensure we updated the encoding. | |
| 80 std::string newpasshash = cache.GetLocalAuthCredentialsOfProfileAtIndex( | |
| 81 profile_index); | |
| 82 EXPECT_EQ('2', newpasshash[0]); | |
| 83 // Encoding '2' writes fewer bytes than encoding '1'. | |
| 84 EXPECT_LE(newpasshash.length(), oldpasshash.length()); | |
| 85 | |
| 86 // Validate, ensure we validate against the new encoding. | |
| 87 EXPECT_TRUE(LocalAuth::ValidateLocalAuthCredentials(prof, password)); | |
| 88 } | |
| 89 | |
| 90 // Test truncation where each byte is left whole. | |
| 91 TEST(LocalAuthTest, TruncateStringEvenly) { | |
| 92 std::string two_chars = "A6"; | |
| 93 std::string three_chars = "A6C"; | |
| 94 EXPECT_EQ(two_chars, LocalAuth::TruncateStringByBits(two_chars, 16)); | |
| 95 EXPECT_EQ(two_chars, LocalAuth::TruncateStringByBits(three_chars, 16)); | |
| 96 | |
| 97 EXPECT_EQ(two_chars, LocalAuth::TruncateStringByBits(two_chars, 14)); | |
| 98 EXPECT_EQ(two_chars, LocalAuth::TruncateStringByBits(three_chars, 14)); | |
| 99 } | |
| 100 | |
| 101 // Test truncation that affects the results within a byte. | |
| 102 TEST(LocalAuthTest, TruncateStringUnevenly) { | |
| 103 std::string two_chars = "Az"; | |
| 104 std::string three_chars = "AzC"; | |
| 105 // 'z' = 0x7A, ':' = 0x3A. | |
| 106 std::string two_chars_truncated = "A:"; | |
| 107 EXPECT_EQ(two_chars_truncated, | |
| 108 LocalAuth::TruncateStringByBits(two_chars, 14)); | |
| 109 EXPECT_EQ(two_chars_truncated, | |
| 110 LocalAuth::TruncateStringByBits(three_chars, 14)); | |
| 111 } | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 875983008:
Revert "Only store leading 13 bits of password hash." (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master