Home | History | Annotate | Download | only in platform_Pkcs11ChangeAuthData 
      1 # Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
      2 # Use of this source code is governed by a BSD-style license that can be
      3 # found in the LICENSE file.
      4 
      5 from autotest_lib.client.bin import test, utils
      6 from autotest_lib.client.common_lib import error
      7 from autotest_lib.client.cros import pkcs11
      8 
      9 class platform_Pkcs11ChangeAuthData(test.test):
     10     version = 1
     11 
     12     def run_once(self):
     13         pkcs11.setup_p11_test_token(True, 'auth1')
     14         pkcs11.load_p11_test_token('auth1')
     15         utils.system('p11_replay --inject --replay_wifi')
     16         # Change auth data while the token is not loaded.
     17         pkcs11.unload_p11_test_token()
     18         pkcs11.change_p11_test_token_auth_data('auth1', 'auth2')
     19         pkcs11.load_p11_test_token('auth2')
     20         result = utils.system('p11_replay --replay_wifi', ignore_status=True)
     21         if result != 0:
     22             raise error.TestFail('Change authorization data failed (1).')
     23         # Change auth data while the token is loaded.
     24         pkcs11.change_p11_test_token_auth_data('auth2', 'auth3')
     25         pkcs11.unload_p11_test_token()
     26         pkcs11.load_p11_test_token('auth3')
     27         result = utils.system('p11_replay --replay_wifi', ignore_status=True)
     28         if result != 0:
     29             raise error.TestFail('Change authorization data failed (2).')
     30         # Attempt change with incorrect current auth data.
     31         pkcs11.unload_p11_test_token()
     32         pkcs11.change_p11_test_token_auth_data('bad_auth', 'auth4')
     33         pkcs11.load_p11_test_token('auth3')
     34         result = utils.system('p11_replay --replay_wifi', ignore_status=True)
     35         if result != 0:
     36             raise error.TestFail('Change authorization data failed (3).')
     37         # Verify old auth data no longer works after change. This also verifies
     38         # recovery from bad auth data - expect a functional, empty token.
     39         pkcs11.unload_p11_test_token()
     40         pkcs11.change_p11_test_token_auth_data('auth3', 'auth5')
     41         pkcs11.load_p11_test_token('auth3')
     42         result = utils.system('p11_replay --replay_wifi', ignore_status=True)
     43         if result == 0:
     44             raise error.TestFail('Bad authorization data allowed (1).')
     45         utils.system('p11_replay --inject --replay_wifi')
     46         pkcs11.unload_p11_test_token()
     47         # Token should have been recreated with 'auth3'.
     48         pkcs11.load_p11_test_token('auth3')
     49         result = utils.system('p11_replay --replay_wifi', ignore_status=True)
     50         if result != 0:
     51             raise error.TestFail('Token not valid after recovery.')
     52         pkcs11.unload_p11_test_token()
     53         # Since token was recovered, previous correct auth should be rejected.
     54         pkcs11.load_p11_test_token('auth5')
     55         result = utils.system('p11_replay --replay_wifi', ignore_status=True)
     56         if result == 0:
     57             raise error.TestFail('Bad authorization data allowed (2).')
     58         pkcs11.unload_p11_test_token()
     59         pkcs11.cleanup_p11_test_token()
     60