diff options
author | Andres Morales <anmorales@google.com> | 2015-12-18 11:57:34 -0800 |
---|---|---|
committer | Andres Morales <anmorales@google.com> | 2015-12-18 12:24:00 -0800 |
commit | d14f472dcc6742481f687cb16f5a3115026e1c74 (patch) | |
tree | 83681ad2aaa3a6e7fc990caba1da562ae2e651e1 /tests | |
parent | 15d6276da50408324a10e64743fd75b6f9c3d04e (diff) | |
download | gatekeeper-d14f472dcc6742481f687cb16f5a3115026e1c74.tar.gz |
[gatekeeeper] fix error in timeout computation
Missed else caused failures less than 10 but not a
multiple of 5 (i.e. 1) to be given a full day timeout.
Added test to catch error.
Bug: 26268204
Change-Id: I56d6cfb213bde77ab03540a5f55ffc9d1ee8dc91
Diffstat (limited to 'tests')
-rw-r--r-- | tests/gatekeeper_device_test.cpp | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/tests/gatekeeper_device_test.cpp b/tests/gatekeeper_device_test.cpp index eea523f..d2283ec 100644 --- a/tests/gatekeeper_device_test.cpp +++ b/tests/gatekeeper_device_test.cpp @@ -170,6 +170,35 @@ TEST_F(GateKeeperDeviceTest, EnrollAndVerifyBadPassword) { ASSERT_EQ(NULL, auth_token); } +TEST_F(GateKeeperDeviceTest, MinFailedAttemptsBeforeLockout) { + uint32_t password_len = 50; + uint8_t password_payload[password_len]; + uint8_t *password_handle; + uint32_t password_handle_length; + uint8_t *auth_token = NULL; + uint32_t auth_token_len; + int ret; + + ret = device->enroll(device, 400, NULL, 0, NULL, 0, password_payload, password_len, + &password_handle, &password_handle_length); + + ASSERT_EQ(0, ret); + + password_payload[0] = 4; + + // User should have at least 4 attempts before being locked out + static const int MIN_FAILED_ATTEMPTS = 4; + + bool should_reenroll; + for (int i = 0; i < MIN_FAILED_ATTEMPTS; i++) { + ret = device->verify(device, 400, 0, password_handle, password_handle_length, + password_payload, password_len, &auth_token, &auth_token_len, + &should_reenroll); + // shoudln't be a timeout + ASSERT_LT(0, ret); + } +} + TEST_F(GateKeeperDeviceTest, UntrustedReEnroll) { uint32_t password_len = 50; uint8_t password_payload[password_len]; |