1# Copyright 2014 The Chromium OS Authors. All rights reserved.
2# Use of this source code is governed by a BSD-style license that can be
3# found in the LICENSE file.
4
5from autotest_lib.client.bin import test
6from autotest_lib.client.common_lib import error
7from autotest_lib.client.cros import cryptohome, pkcs11
8
9class platform_CryptohomeKeyEviction(test.test):
10    """Ensure that the cryptohome properly manages key eviction from the tpm.
11       This test verifies this behaviour by creating 30 keys using chaps,
12       and then remounting a user's cryptohome. Mount requires use of the
13       user's cryptohome key, and thus the mount only succeeds if the
14       cryptohome key was properly evicted and reloaded into the TPM.
15    """
16    version = 1
17
18
19    def initialize(self):
20        super(platform_CryptohomeKeyEviction, self).initialize()
21        self._cryptohome_proxy = cryptohome.CryptohomeProxy()
22
23
24    def run_once(self):
25        # Make sure that the tpm is owned.
26        status = cryptohome.get_tpm_status()
27        if not status['Owned']:
28            cryptohome.take_tpm_ownership()
29
30        self.user = 'first_user@nowhere.com'
31        password = 'test_password'
32        self._cryptohome_proxy.ensure_clean_cryptohome_for(self.user, password)
33
34        # First we inject 30 tokens into chaps. This forces the cryptohome
35        # key to get evicted.
36        for i in range(30):
37            pkcs11.inject_and_test_key()
38
39        # Then we get a user to remount his cryptohome. This process uses
40        # the cryptohome key, and if the user was able to login, the
41        # cryptohome key was correctly reloaded.
42        self._cryptohome_proxy.unmount(self.user)
43        if not self._cryptohome_proxy.mount(self.user, password, create=True):
44          raise error.TestFail('Failed to remount user\'s cryptohome')
45
46
47    def cleanup(self):
48        self._cryptohome_proxy.remove(self.user)
49