1 # Copyright 2014 The Chromium OS Authors. All rights reserved. 2 # Use of this source code is governed by a BSD-style license that can be 3 # found in the LICENSE file. 4 5 from autotest_lib.client.bin import test 6 from autotest_lib.client.common_lib import error 7 from autotest_lib.client.cros import cryptohome, pkcs11 8 9 class platform_CryptohomeKeyEviction(test.test): 10 """Ensure that the cryptohome properly manages key eviction from the tpm. 11 This test verifies this behaviour by creating 30 keys using chaps, 12 and then remounting a user's cryptohome. Mount requires use of the 13 user's cryptohome key, and thus the mount only succeeds if the 14 cryptohome key was properly evicted and reloaded into the TPM. 15 """ 16 version = 1 17 18 19 def initialize(self): 20 super(platform_CryptohomeKeyEviction, self).initialize() 21 self._cryptohome_proxy = cryptohome.CryptohomeProxy() 22 23 24 def run_once(self): 25 self.user = 'first_user (at] nowhere.com' 26 password = 'test_password' 27 self._cryptohome_proxy.ensure_clean_cryptohome_for(self.user, password) 28 29 # First we inject 30 tokens into chaps. This forces the cryptohome 30 # key to get evicted. 31 for i in range(30): 32 pkcs11.inject_and_test_key() 33 34 # Then we get a user to remount his cryptohome. This process uses 35 # the cryptohome key, and if the user was able to login, the 36 # cryptohome key was correctly reloaded. 37 self._cryptohome_proxy.unmount(self.user) 38 if not self._cryptohome_proxy.mount(self.user, password, create=True): 39 raise error.TestFail('Failed to remount user\'s cryptohome') 40 41 42 def cleanup(self): 43 self._cryptohome_proxy.remove(self.user) 44
