From 4d50580fa9d7f205f88d0648c18138faadf4cfc9 Mon Sep 17 00:00:00 2001 From: Dmitry Muhomor Date: Sat, 1 Jun 2024 22:50:27 +0300 Subject: [PATCH] duress password test: check that Weaver is wiped as part of duress wipe --- .../duresspassword/DuressPasswordTest.java | 28 +++++++++++++------ 1 file changed, 19 insertions(+), 9 deletions(-) diff --git a/tests/DuressPasswordTest/src/grapheneos/test/duresspassword/DuressPasswordTest.java b/tests/DuressPasswordTest/src/grapheneos/test/duresspassword/DuressPasswordTest.java index 11556aa52220..4cf5b91d9056 100644 --- a/tests/DuressPasswordTest/src/grapheneos/test/duresspassword/DuressPasswordTest.java +++ b/tests/DuressPasswordTest/src/grapheneos/test/duresspassword/DuressPasswordTest.java @@ -11,6 +11,9 @@ import org.junit.Test; import org.junit.runner.RunWith; +import java.util.Arrays; +import java.util.List; + import static com.google.common.truth.Truth.assertThat; import static java.util.concurrent.TimeUnit.MINUTES; @@ -43,7 +46,11 @@ private void testDuressCredential(boolean isPin) throws DeviceNotAvailableExcept // check that credential verifies before duress wipe CommandResult vcr = verifyCredential(dev, userId, credential); - assertThat(vcr.getStdout()).isEqualTo("Lock credential verified successfully\n"); + List lines = lines(vcr.getStdout()); + assertThat(lines.get(0)).isEqualTo("Lock credential verified successfully"); + // check that Weaver slot value is non-zero + assertThat(lines.get(1)).matches("WeaverRead\\[slot=., responseStatus=0, valueType=NON_ZERO, valueLength=16, ex=null]"); + assertThat(lines).hasSize(2); assertThat(vcr.getExitCode()).isEqualTo(0); } @@ -88,14 +95,12 @@ private void testDuressCredential(boolean isPin) throws DeviceNotAvailableExcept assertThat(checkNonCeStorageEncryptionKeys(dev)).hasLength(0); for (int userId : userIds) { - // check that user credentials no longer verify due to now-missing underlying keys, - // which are used for CE storage CommandResult r = verifyCredential(dev, userId, makeUserCredential(userId)); - String stderr = r.getStderr(); - assertThat(stderr).contains("\njava.lang.IllegalStateException: Failed to decrypt blob"); - assertThat(stderr).contains("\nCaused by: java.security.InvalidKeyException: Keystore operation failed"); - assertThat(stderr).contains("\nCaused by: android.security.KeyStoreException: Invalid key blob (internal Keystore code: -33"); - assertThat(stderr).contains(": Error::Km(r#INVALID_KEY_BLOB)) (public error code: 10 internal Keystore code: -33)"); + List stdout = lines(r.getStdout()); + // check that Weaver slot is now zeroed + assertThat(stdout.get(0)).matches("WeaverRead\\[slot=., responseStatus=0, valueType=ZERO, valueLength=16, ex=null]"); + assertThat(stdout).hasSize(1); + // credential verification should now fail assertThat(r.getExitCode()).isEqualTo(255); } } @@ -115,7 +120,8 @@ private static String[] checkNonCeStorageEncryptionKeys(ITestDevice dev) private static CommandResult verifyCredential(ITestDevice dev, int userId, String credential) throws DeviceNotAvailableException { - return dev.executeShellV2Command("cmd lock_settings verify --old " + credential + " --user " + userId); + return dev.executeShellV2Command("cmd lock_settings verify --old " + credential + + " --user " + userId + " --capture-weaver-ops"); } private static void inputKeyEvent(ITestDevice dev, String ev) throws DeviceNotAvailableException { @@ -125,4 +131,8 @@ private static void inputKeyEvent(ITestDevice dev, String ev) throws DeviceNotAv private static String makeUserCredential(int userId) { return Integer.toString(userId).repeat(5); } + + private static List lines(String s) { + return Arrays.asList(s.split("\n")); + } }