1# Copyright 2014 The Chromium OS Authors. All rights reserved. 2# Use of this source code is governed by a BSD-style license that can be 3# found in the LICENSE file. 4 5from autotest_lib.client.bin import test 6from autotest_lib.client.cros import cryptohome, pkcs11 7 8 9class platform_CryptohomeKeyEviction(test.test): 10 """Ensure that the cryptohome properly manages key eviction from the tpm. 11 This test verifies this behaviour by creating 30 keys using chaps, 12 and then remounting a user's cryptohome. Mount requires use of the 13 user's cryptohome key, and thus the mount only succeeds if the 14 cryptohome key was properly evicted and reloaded into the TPM. 15 """ 16 version = 1 17 18 19 def run_once(self): 20 # Make sure that the tpm is owned. 21 status = cryptohome.get_tpm_status() 22 if not status['Owned']: 23 cryptohome.take_tpm_ownership() 24 25 self.user = 'first_user@nowhere.com' 26 password = 'test_password' 27 cryptohome.ensure_clean_cryptohome_for(self.user, password) 28 29 30 # First we inject 30 tokens into chaps. This forces the cryptohome 31 # key to get evicted. 32 for i in range(30): 33 pkcs11.inject_and_test_key() 34 35 # Then we get a user to remount his cryptohome. This process uses 36 # the cryptohome key, and if the user was able to login, the 37 # cryptohome key was correctly reloaded. 38 cryptohome.unmount_vault(self.user) 39 cryptohome.mount_vault(self.user, password, create=True) 40 41 42 def cleanup(self): 43 cryptohome.unmount_vault(self.user) 44 cryptohome.remove_vault(self.user) 45