1 # Copyright (c) 2010 The Chromium OS Authors. All rights reserved. 2 # Use of this source code is governed by a BSD-style license that can be 3 # found in the LICENSE file. 4 5 import contextlib, logging, time 6 from autotest_lib.client.bin import test, utils 7 from autotest_lib.client.common_lib import error 8 from autotest_lib.client.cros import cryptohome 9 10 11 def run_cmd(cmd): 12 return utils.system_output(cmd + ' 2>&1', retain_output=True, 13 ignore_status=True) 14 15 16 def wait_for_tpm_ready(): 17 for n in xrange(0, 20): 18 tpm_status = cryptohome.get_tpm_status() 19 if tpm_status['Ready'] == True: 20 return 21 time.sleep(10) 22 raise error.TestError("TPM never became ready") 23 24 25 # This context manager ensures we mount a vault and don't forget 26 # to unmount it at the end of the test. 27 @contextlib.contextmanager 28 def vault_mounted(user, password): 29 cryptohome.mount_vault(user, password, create=True) 30 yield 31 try: 32 cryptohome.unmount_vault(user) 33 except: 34 pass 35 36 37 def test_file_path(user): 38 return "%s/TESTFILE" % cryptohome.user_path(user) 39 40 41 # TODO(ejcaruso): add dump_keyset action to cryptohome utils instead 42 # of calling it directly here 43 def expect_wrapped_keyset(user): 44 output = run_cmd( 45 "/usr/sbin/cryptohome --action=dump_keyset --user=%s" % user) 46 if output.find("TPM_WRAPPED") < 0: 47 raise error.TestError( 48 "Cryptohome did not create a TPM-wrapped keyset.") 49 50 51 class platform_CryptohomeTPMReOwn(test.test): 52 """ 53 Test of cryptohome functionality to re-create a user's vault directory if 54 the TPM is cleared and re-owned and the vault keyset is TPM-wrapped. 55 """ 56 version = 1 57 preserve_srcdir = True 58 59 def _test_mount_cryptohome(self): 60 cryptohome.remove_vault(self.user) 61 wait_for_tpm_ready() 62 with vault_mounted(self.user, self.password): 63 run_cmd("echo TEST_CONTENT > %s" % test_file_path(self.user)) 64 expect_wrapped_keyset(self.user) 65 66 67 def _test_mount_cryptohome_after_reboot(self): 68 wait_for_tpm_ready() 69 with vault_mounted(self.user, self.password): 70 output = run_cmd("cat %s" % test_file_path(self.user)) 71 if output.find("TEST_CONTENT") < 0: 72 raise error.TestError( 73 "Cryptohome did not contain original test file") 74 75 76 def _test_mount_cryptohome_check_recreate(self): 77 wait_for_tpm_ready() 78 with vault_mounted(self.user, self.password): 79 output = run_cmd("cat %s" % test_file_path(self.user)) 80 if output.find("TEST_CONTENT") >= 0: 81 raise error.TestError( 82 "Cryptohome not re-created, found original test file") 83 expect_wrapped_keyset(self.user) 84 85 86 def run_once(self, subtest='None'): 87 self.user = 'this_is_a_local_test_account (at] chromium.org' 88 self.password = 'this_is_a_test_password' 89 90 logging.info("Running client subtest %s", subtest) 91 if subtest == 'take_tpm_ownership': 92 cryptohome.take_tpm_ownership() 93 elif subtest == 'mount_cryptohome': 94 self._test_mount_cryptohome() 95 elif subtest == 'mount_cryptohome_after_reboot': 96 self._test_mount_cryptohome_after_reboot() 97 elif subtest == 'mount_cryptohome_check_recreate': 98 self._test_mount_cryptohome_check_recreate() 99
