• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
2# Use of this source code is governed by a BSD-style license that can be
3# found in the LICENSE file.
4
5import contextlib, logging, time
6from autotest_lib.client.bin import test, utils
7from autotest_lib.client.common_lib import error
8from autotest_lib.client.cros import cryptohome
9
10
11def run_cmd(cmd):
12    return utils.system_output(cmd + ' 2>&1', retain_output=True,
13                               ignore_status=True)
14
15
16def wait_for_tpm_ready():
17    for n in xrange(0, 20):
18        tpm_status = cryptohome.get_tpm_status()
19        if tpm_status['Ready'] == True:
20            return
21        time.sleep(10)
22    raise error.TestError("TPM never became ready")
23
24
25# This context manager ensures we mount a vault and don't forget
26# to unmount it at the end of the test.
27@contextlib.contextmanager
28def vault_mounted(user, password):
29    cryptohome.mount_vault(user, password, create=True)
30    yield
31    try:
32        cryptohome.unmount_vault(user)
33    except:
34        pass
35
36
37def test_file_path(user):
38    return "%s/TESTFILE" % cryptohome.user_path(user)
39
40
41# TODO(ejcaruso): add dump_keyset action to cryptohome utils instead
42# of calling it directly here
43def expect_wrapped_keyset(user):
44    output = run_cmd(
45        "/usr/sbin/cryptohome --action=dump_keyset --user=%s" % user)
46    if output.find("TPM_WRAPPED") < 0:
47        raise error.TestError(
48            "Cryptohome did not create a TPM-wrapped keyset.")
49
50
51class platform_CryptohomeTPMReOwn(test.test):
52    """
53    Test of cryptohome functionality to re-create a user's vault directory if
54    the TPM is cleared and re-owned and the vault keyset is TPM-wrapped.
55    """
56    version = 1
57    preserve_srcdir = True
58
59    def _test_mount_cryptohome(self):
60        cryptohome.remove_vault(self.user)
61        wait_for_tpm_ready()
62        with vault_mounted(self.user, self.password):
63            run_cmd("echo TEST_CONTENT > %s" % test_file_path(self.user))
64        expect_wrapped_keyset(self.user)
65
66
67    def _test_mount_cryptohome_after_reboot(self):
68        wait_for_tpm_ready()
69        with vault_mounted(self.user, self.password):
70            output = run_cmd("cat %s" % test_file_path(self.user))
71        if output.find("TEST_CONTENT") < 0:
72            raise error.TestError(
73                "Cryptohome did not contain original test file")
74
75
76    def _test_mount_cryptohome_check_recreate(self):
77        wait_for_tpm_ready()
78        with vault_mounted(self.user, self.password):
79            output = run_cmd("cat %s" % test_file_path(self.user))
80        if output.find("TEST_CONTENT") >= 0:
81            raise error.TestError(
82                "Cryptohome not re-created, found original test file")
83        expect_wrapped_keyset(self.user)
84
85
86    def run_once(self, subtest='None'):
87        self.user = 'this_is_a_local_test_account@chromium.org'
88        self.password = 'this_is_a_test_password'
89
90        logging.info("Running client subtest %s", subtest)
91        if subtest == 'take_tpm_ownership':
92            cryptohome.take_tpm_ownership()
93        elif subtest == 'mount_cryptohome':
94            self._test_mount_cryptohome()
95        elif subtest == 'mount_cryptohome_after_reboot':
96            self._test_mount_cryptohome_after_reboot()
97        elif subtest == 'mount_cryptohome_check_recreate':
98            self._test_mount_cryptohome_check_recreate()
99