# Copyright 2014 The Chromium OS Authors. All rights reserved. # Use of this source code is governed by a BSD-style license that can be # found in the LICENSE file. from autotest_lib.client.bin import test from autotest_lib.client.common_lib import error from autotest_lib.client.cros import cryptohome, pkcs11 class platform_CryptohomeKeyEviction(test.test): """Ensure that the cryptohome properly manages key eviction from the tpm. This test verifies this behaviour by creating 30 keys using chaps, and then remounting a user's cryptohome. Mount requires use of the user's cryptohome key, and thus the mount only succeeds if the cryptohome key was properly evicted and reloaded into the TPM. """ version = 1 def initialize(self): super(platform_CryptohomeKeyEviction, self).initialize() self._cryptohome_proxy = cryptohome.CryptohomeProxy() def run_once(self): # Make sure that the tpm is owned. status = cryptohome.get_tpm_status() if not status['Owned']: cryptohome.take_tpm_ownership() self.user = 'first_user@nowhere.com' password = 'test_password' self._cryptohome_proxy.ensure_clean_cryptohome_for(self.user, password) # First we inject 30 tokens into chaps. This forces the cryptohome # key to get evicted. for i in range(30): pkcs11.inject_and_test_key() # Then we get a user to remount his cryptohome. This process uses # the cryptohome key, and if the user was able to login, the # cryptohome key was correctly reloaded. self._cryptohome_proxy.unmount(self.user) if not self._cryptohome_proxy.mount(self.user, password, create=True): raise error.TestFail('Failed to remount user\'s cryptohome') def cleanup(self): self._cryptohome_proxy.remove(self.user)