1# Copyright (c) 2012 The Chromium OS Authors. All rights reserved. 2# Use of this source code is governed by a BSD-style license that can be 3# found in the LICENSE file. 4 5from autotest_lib.client.bin import test, utils 6from autotest_lib.client.common_lib import error 7from autotest_lib.client.cros import pkcs11 8 9class platform_Pkcs11ChangeAuthData(test.test): 10 version = 1 11 12 def run_once(self): 13 pkcs11.setup_p11_test_token(True, 'auth1') 14 pkcs11.load_p11_test_token('auth1') 15 utils.system('p11_replay --inject --replay_wifi') 16 # Change auth data while the token is not loaded. 17 pkcs11.unload_p11_test_token() 18 pkcs11.change_p11_test_token_auth_data('auth1', 'auth2') 19 pkcs11.load_p11_test_token('auth2') 20 result = utils.system('p11_replay --replay_wifi', ignore_status=True) 21 if result != 0: 22 raise error.TestFail('Change authorization data failed (1).') 23 # Change auth data while the token is loaded. 24 pkcs11.change_p11_test_token_auth_data('auth2', 'auth3') 25 pkcs11.unload_p11_test_token() 26 pkcs11.load_p11_test_token('auth3') 27 result = utils.system('p11_replay --replay_wifi', ignore_status=True) 28 if result != 0: 29 raise error.TestFail('Change authorization data failed (2).') 30 # Attempt change with incorrect current auth data. 31 pkcs11.unload_p11_test_token() 32 pkcs11.change_p11_test_token_auth_data('bad_auth', 'auth4') 33 pkcs11.load_p11_test_token('auth3') 34 result = utils.system('p11_replay --replay_wifi', ignore_status=True) 35 if result != 0: 36 raise error.TestFail('Change authorization data failed (3).') 37 # Verify old auth data no longer works after change. This also verifies 38 # recovery from bad auth data - expect a functional, empty token. 39 pkcs11.unload_p11_test_token() 40 pkcs11.change_p11_test_token_auth_data('auth3', 'auth5') 41 pkcs11.load_p11_test_token('auth3') 42 result = utils.system('p11_replay --replay_wifi', ignore_status=True) 43 if result == 0: 44 raise error.TestFail('Bad authorization data allowed (1).') 45 utils.system('p11_replay --inject --replay_wifi') 46 pkcs11.unload_p11_test_token() 47 # Token should have been recreated with 'auth3'. 48 pkcs11.load_p11_test_token('auth3') 49 result = utils.system('p11_replay --replay_wifi', ignore_status=True) 50 if result != 0: 51 raise error.TestFail('Token not valid after recovery.') 52 pkcs11.unload_p11_test_token() 53 # Since token was recovered, previous correct auth should be rejected. 54 pkcs11.load_p11_test_token('auth5') 55 result = utils.system('p11_replay --replay_wifi', ignore_status=True) 56 if result == 0: 57 raise error.TestFail('Bad authorization data allowed (2).') 58 pkcs11.unload_p11_test_token() 59 pkcs11.cleanup_p11_test_token() 60