# Copyright (c) 2012 The Chromium OS Authors. All rights reserved. # Use of this source code is governed by a BSD-style license that can be # found in the LICENSE file. from autotest_lib.client.bin import test, utils from autotest_lib.client.common_lib import error from autotest_lib.client.cros import pkcs11 class platform_Pkcs11ChangeAuthData(test.test): version = 1 def run_once(self): pkcs11.setup_p11_test_token(True, 'auth1') pkcs11.load_p11_test_token('auth1') utils.system('p11_replay --inject --replay_wifi') # Change auth data while the token is not loaded. pkcs11.unload_p11_test_token() pkcs11.change_p11_test_token_auth_data('auth1', 'auth2') pkcs11.load_p11_test_token('auth2') result = utils.system('p11_replay --replay_wifi', ignore_status=True) if result != 0: raise error.TestFail('Change authorization data failed (1).') # Change auth data while the token is loaded. pkcs11.change_p11_test_token_auth_data('auth2', 'auth3') pkcs11.unload_p11_test_token() pkcs11.load_p11_test_token('auth3') result = utils.system('p11_replay --replay_wifi', ignore_status=True) if result != 0: raise error.TestFail('Change authorization data failed (2).') # Attempt change with incorrect current auth data. pkcs11.unload_p11_test_token() pkcs11.change_p11_test_token_auth_data('bad_auth', 'auth4') pkcs11.load_p11_test_token('auth3') result = utils.system('p11_replay --replay_wifi', ignore_status=True) if result != 0: raise error.TestFail('Change authorization data failed (3).') # Verify old auth data no longer works after change. This also verifies # recovery from bad auth data - expect a functional, empty token. pkcs11.unload_p11_test_token() pkcs11.change_p11_test_token_auth_data('auth3', 'auth5') pkcs11.load_p11_test_token('auth3') result = utils.system('p11_replay --replay_wifi', ignore_status=True) if result == 0: raise error.TestFail('Bad authorization data allowed (1).') utils.system('p11_replay --inject --replay_wifi') pkcs11.unload_p11_test_token() # Token should have been recreated with 'auth3'. pkcs11.load_p11_test_token('auth3') result = utils.system('p11_replay --replay_wifi', ignore_status=True) if result != 0: raise error.TestFail('Token not valid after recovery.') pkcs11.unload_p11_test_token() # Since token was recovered, previous correct auth should be rejected. pkcs11.load_p11_test_token('auth5') result = utils.system('p11_replay --replay_wifi', ignore_status=True) if result == 0: raise error.TestFail('Bad authorization data allowed (2).') pkcs11.unload_p11_test_token() pkcs11.cleanup_p11_test_token()