blob: d168e79c1cdf51c1c755ea723537bbfbc2f6fc55 [file] [log] [blame]
// Copyright 2020 The Chromium OS Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
package hwsec
import (
"context"
"time"
"chromiumos/tast/common/hwsec"
"chromiumos/tast/ctxutil"
"chromiumos/tast/local/bundles/cros/hwsec/util"
hwseclocal "chromiumos/tast/local/hwsec"
"chromiumos/tast/testing"
)
func init() {
testing.AddTest(&testing.Test{
Func: MountCombinations,
Desc: "Verifies we are able to signin/mount 2+ users with different combinations of pin/password",
Contacts: []string{
"cros-hwsec@chromium.org",
"zuan@chromium.org",
},
SoftwareDeps: []string{"tpm"},
Attr: []string{"group:mainline"},
})
}
type combinations struct {
password1 string
label1 string
password2 string
label2 string
}
// cleanupVault is a helper that unmount and removes a vault.
func cleanupVault(ctx context.Context, s *testing.State, utility *hwsec.CryptohomeClient, username string) {
if err := utility.UnmountAndRemoveVault(ctx, username); err != nil {
s.Errorf("Failed to remove user vault for %q: %v", username, err)
}
}
// MountCombinations tests that we are able to signin/mount 2+ users with different combinations of pin/password.
func MountCombinations(ctx context.Context, s *testing.State) {
cmdRunner := hwseclocal.NewCmdRunner()
helper, err := hwseclocal.NewHelper(cmdRunner)
if err != nil {
s.Fatal("Failed to create hwsec local helper: ", err)
}
utility := helper.CryptohomeClient()
mountInfo := hwsec.NewCryptohomeMountInfo(cmdRunner, utility)
ctxForCleanUp := ctx
ctx, cancel := ctxutil.Shorten(ctx, 10*time.Second)
defer cancel()
defer func(ctx context.Context) {
// Ensure we remove the user account after the test.
if err := mountInfo.CleanUpMount(ctx, util.FirstUsername); err != nil {
s.Error("Failed to cleanup first user: ", err)
}
if err := mountInfo.CleanUpMount(ctx, util.SecondUsername); err != nil {
s.Error("Failed to cleanup second user: ", err)
}
}(ctxForCleanUp)
// Ensure clean cryptohome.
if err := mountInfo.CleanUpMount(ctx, util.FirstUsername); err != nil {
s.Fatal("Failed to cleanup first user: ", err)
}
if err := mountInfo.CleanUpMount(ctx, util.SecondUsername); err != nil {
s.Fatal("Failed to cleanup second user: ", err)
}
// Take TPM ownership before running the test.
if err := helper.EnsureTPMIsReady(ctx, hwsec.DefaultTakingOwnershipTimeout); err != nil {
s.Fatal("Failed to wait for TPM to be owned: ", err)
}
// Create 2 users for testing.
if err := utility.MountVault(ctx, util.FirstUsername, util.FirstPassword, util.PasswordLabel, true, hwsec.NewVaultConfig()); err != nil {
s.Fatal("Failed to create first user vault: ", err)
}
defer cleanupVault(ctx, s, utility, util.FirstUsername)
if err := utility.MountVault(ctx, util.SecondUsername, util.SecondPassword, util.PasswordLabel, true, hwsec.NewVaultConfig()); err != nil {
s.Fatal("Failed to create second user vault: ", err)
}
defer cleanupVault(ctx, s, utility, util.SecondUsername)
// Add pins to them.
if err := utility.AddVaultKey(ctx, util.FirstUsername, util.FirstPassword, util.PasswordLabel, util.FirstPin, util.PinLabel, false /* not low entropy credential */); err != nil {
s.Fatal("Failed to add keys: ", err)
}
if err := utility.AddVaultKey(ctx, util.SecondUsername, util.SecondPassword, util.PasswordLabel, util.SecondPin, util.PinLabel, false /* not low entropy credential */); err != nil {
s.Fatal("Failed to add keys: ", err)
}
// Unmount before testing.
if err := utility.UnmountAll(ctx); err != nil {
s.Fatal("Failed to unmount user vaults: ", err)
}
TestCombinations := []combinations{
combinations{util.FirstPassword, util.PasswordLabel, util.SecondPassword, util.PasswordLabel},
combinations{util.FirstPin, util.PinLabel, util.SecondPassword, util.PasswordLabel},
combinations{util.FirstPassword, util.PasswordLabel, util.SecondPin, util.PinLabel},
combinations{util.FirstPin, util.PinLabel, util.SecondPin, util.PinLabel},
}
for _, c := range TestCombinations {
// Mount the first user.
if err := utility.MountVault(ctx, util.FirstUsername, c.password1, c.label1, false, hwsec.NewVaultConfig()); err != nil {
s.Fatal("Failed to mount first user vault: ", err)
}
// Mount the second user.
if err := utility.MountVault(ctx, util.SecondUsername, c.password2, c.label2, false, hwsec.NewVaultConfig()); err != nil {
s.Fatal("Failed to mount second user vault: ", err)
}
// Check if we are mounted.
if mounted, err := utility.IsMounted(ctx); err != nil {
s.Fatal("Failed to check is mounted: ", err)
} else if !mounted {
s.Errorf("Vault not mounted for label %q on first user and label %q on second user", c.label1, c.label2)
}
// Now unmount.
if err := utility.UnmountAll(ctx); err != nil {
s.Fatal("Failed to unmount user vaults: ", err)
}
}
}