src/chromiumos/tast/local/bundles/cros/hwsec/recreate_user_vault_tpm2.go - chromiumos/platform/tast-tests - Git at Google

 // Copyright 2020 The Chromium OS Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 package hwsec

 import (
 	"bytes"
 	"context"
 	"time"

 	"chromiumos/tast/common/hwsec"
 	"chromiumos/tast/local/bundles/cros/hwsec/util"
 	"chromiumos/tast/local/cryptohome"
 	hwseclocal "chromiumos/tast/local/hwsec"
 	"chromiumos/tast/testing"
 )

 // NOTE: This test is largely similar to hwsec.RecreateUserVaultTPM1 (a remote test), if change is made to one,
 // it is likely that the other have to be changed as well.
 // The referred test is specifically for TPMv1.2, while this test is for TPMv2.0.
 // Both versions of TPM are incompatible with each other and the way we handle reboot for the 2 versions are
 // different and thus the need for 2 versions of the same test.

 func init() {
 	testing.AddTest(&testing.Test{
 		Func: RecreateUserVaultTPM2,
 		Desc: "Verifies that for TPMv2.0 devices, cryptohome recreates user's vault directory when the TPM is re-owned",
 		Contacts: []string{
 			"cros-hwsec@chromium.org",
 			"garryxiao@chromium.org",
 		},
 		SoftwareDeps: []string{"tpm2"},
 		Attr:         []string{"group:mainline"},
 		Timeout:      3 * time.Minute,
 	})
 }

 // RecreateUserVaultTPM2 is ported from the autotest test platform_CryptohomeTPMReOwn and renamed to
 // reflects what's being tested. It avoids reboots in the original test by using the soft-clearing
 // TPM utils and restarting TPM-related daemons.
 func RecreateUserVaultTPM2(ctx context.Context, s *testing.State) {
 	cmdRunner := hwseclocal.NewCmdRunner()

 	helper, err := hwseclocal.NewHelper(cmdRunner)
 	if err != nil {
 		s.Fatal("Failed to create hwsec local helper: ", err)
 	}

 	utility := helper.CryptohomeClient()

 	// Resets the TPM, system, and user states before running the tests.
 	if err := helper.EnsureTPMAndSystemStateAreReset(ctx); err != nil {
 		s.Fatal("Failed to reset TPM or system states: ", err)
 	}
 	if err = cryptohome.CheckService(ctx); err != nil {
 		s.Fatal("Cryptohome D-Bus service didn't come back: ", err)
 	}
 	if err := helper.EnsureTPMIsReadyAndBackupSecrets(ctx, hwsec.DefaultTakingOwnershipTimeout); err != nil {
 		s.Fatal("Failed to wait for TPM to be owned: ", err)
 	}
 	if _, err := utility.RemoveVault(ctx, util.FirstUsername); err != nil {
 		s.Fatal("Failed to remove user vault: ", err)
 	}

 	s.Log("Phase 1: mounts vault for the test user")

 	if err := utility.MountVault(ctx, util.FirstUsername, util.FirstPassword, util.PasswordLabel, true, hwsec.NewVaultConfig()); err != nil {
 		s.Fatal("Failed to create user vault: ", err)
 	}
 	if err := utility.CheckTPMWrappedUserKeyset(ctx, util.FirstUsername); err != nil {
 		s.Fatal("Check user keyset failed: ", err)
 	}
 	if err := hwsec.WriteUserTestContent(ctx, utility, cmdRunner, util.FirstUsername, util.TestFileName1, util.TestFileContent); err != nil {
 		s.Fatal("Failed to write user test content: ", err)
 	}
 	if _, err := utility.Unmount(ctx, util.FirstUsername); err != nil {
 		s.Fatal("Failed to remove user vault: ", err)
 	}

 	s.Log("Phase 2: restarts TPM daemons and mounts user vault")

 	// Restarts all TPM daemons to simulate a reboot in the original autotest test.
 	if err := helper.DaemonController().RestartTPMDaemons(ctx); err != nil {
 		s.Fatal("Failed to restart TPM-related daemons to simulate reboot: ", err)
 	}
 	if err = cryptohome.CheckService(ctx); err != nil {
 		s.Fatal("Cryptohome D-Bus service didn't come back: ", err)
 	}
 	if err := utility.MountVault(ctx, util.FirstUsername, util.FirstPassword, util.PasswordLabel, false, hwsec.NewVaultConfig()); err != nil {
 		s.Fatal("Failed to mount user vault: ", err)
 	}
 	if err := utility.CheckTPMWrappedUserKeyset(ctx, util.FirstUsername); err != nil {
 		s.Fatal("Check user keyset failed: ", err)
 	}

 	// User vault should already exist and shouldn't be recreated.
 	if content, err := hwsec.ReadUserTestContent(ctx, utility, cmdRunner, util.FirstUsername, util.TestFileName1); err != nil {
 		s.Fatal("Failed to read user test content: ", err)
 	} else if !bytes.Equal(content, []byte(util.TestFileContent)) {
 		s.Fatalf("Unexpected test file content: got %q, want %q", string(content), util.TestFileContent)
 	}

 	if _, err := utility.Unmount(ctx, util.FirstUsername); err != nil {
 		s.Fatal("Failed to remove user vault: ", err)
 	}

 	s.Log("Phase 3: clears TPM and mounts user vault again")

 	if err := helper.EnsureTPMAndSystemStateAreReset(ctx); err != nil {
 		s.Fatal("Failed to reset TPM or system states: ", err)
 	}
 	if err = cryptohome.CheckService(ctx); err != nil {
 		s.Fatal("Cryptohome D-Bus service didn't come back: ", err)
 	}
 	if err := helper.EnsureTPMIsReadyAndBackupSecrets(ctx, hwsec.DefaultTakingOwnershipTimeout); err != nil {
 		s.Fatal("Failed to wait for TPM to be owned: ", err)
 	}
 	if err := utility.MountVault(ctx, util.FirstUsername, util.FirstPassword, util.PasswordLabel, true, hwsec.NewVaultConfig()); err != nil {
 		s.Fatal("Failed to create user vault: ", err)
 	}
 	if err := utility.CheckTPMWrappedUserKeyset(ctx, util.FirstUsername); err != nil {
 		s.Fatal("Check user keyset failed: ", err)
 	}

 	// User vault should be recreated after TPM is cleared.
 	if exists, err := hwsec.DoesUserTestFileExist(ctx, utility, cmdRunner, util.FirstUsername, util.TestFileName1); err != nil {
 		s.Fatal("Failed to check user test file: ", err)
 	} else if exists {
 		s.Fatal("Cryptohome didn't recreate user vault; original test file still exists")
 	}
 }
	// Copyright 2020 The Chromium OS Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	package hwsec

	import (
	"bytes"
	"context"
	"time"

	"chromiumos/tast/common/hwsec"
	"chromiumos/tast/local/bundles/cros/hwsec/util"
	"chromiumos/tast/local/cryptohome"
	hwseclocal "chromiumos/tast/local/hwsec"
	"chromiumos/tast/testing"
	)

	// NOTE: This test is largely similar to hwsec.RecreateUserVaultTPM1 (a remote test), if change is made to one,
	// it is likely that the other have to be changed as well.
	// The referred test is specifically for TPMv1.2, while this test is for TPMv2.0.
	// Both versions of TPM are incompatible with each other and the way we handle reboot for the 2 versions are
	// different and thus the need for 2 versions of the same test.

	func init() {
	testing.AddTest(&testing.Test{
	Func: RecreateUserVaultTPM2,
	Desc: "Verifies that for TPMv2.0 devices, cryptohome recreates user's vault directory when the TPM is re-owned",
	Contacts: []string{
	"cros-hwsec@chromium.org",
	"garryxiao@chromium.org",
	},
	SoftwareDeps: []string{"tpm2"},
	Attr: []string{"group:mainline"},
	Timeout: 3 * time.Minute,
	})
	}

	// RecreateUserVaultTPM2 is ported from the autotest test platform_CryptohomeTPMReOwn and renamed to
	// reflects what's being tested. It avoids reboots in the original test by using the soft-clearing
	// TPM utils and restarting TPM-related daemons.
	func RecreateUserVaultTPM2(ctx context.Context, s *testing.State) {
	cmdRunner := hwseclocal.NewCmdRunner()

	helper, err := hwseclocal.NewHelper(cmdRunner)
	if err != nil {
	s.Fatal("Failed to create hwsec local helper: ", err)
	}

	utility := helper.CryptohomeClient()

	// Resets the TPM, system, and user states before running the tests.
	if err := helper.EnsureTPMAndSystemStateAreReset(ctx); err != nil {
	s.Fatal("Failed to reset TPM or system states: ", err)
	}
	if err = cryptohome.CheckService(ctx); err != nil {
	s.Fatal("Cryptohome D-Bus service didn't come back: ", err)
	}
	if err := helper.EnsureTPMIsReadyAndBackupSecrets(ctx, hwsec.DefaultTakingOwnershipTimeout); err != nil {
	s.Fatal("Failed to wait for TPM to be owned: ", err)
	}
	if _, err := utility.RemoveVault(ctx, util.FirstUsername); err != nil {
	s.Fatal("Failed to remove user vault: ", err)
	}

	s.Log("Phase 1: mounts vault for the test user")

	if err := utility.MountVault(ctx, util.FirstUsername, util.FirstPassword, util.PasswordLabel, true, hwsec.NewVaultConfig()); err != nil {
	s.Fatal("Failed to create user vault: ", err)
	}
	if err := utility.CheckTPMWrappedUserKeyset(ctx, util.FirstUsername); err != nil {
	s.Fatal("Check user keyset failed: ", err)
	}
	if err := hwsec.WriteUserTestContent(ctx, utility, cmdRunner, util.FirstUsername, util.TestFileName1, util.TestFileContent); err != nil {
	s.Fatal("Failed to write user test content: ", err)
	}
	if _, err := utility.Unmount(ctx, util.FirstUsername); err != nil {
	s.Fatal("Failed to remove user vault: ", err)
	}

	s.Log("Phase 2: restarts TPM daemons and mounts user vault")

	// Restarts all TPM daemons to simulate a reboot in the original autotest test.
	if err := helper.DaemonController().RestartTPMDaemons(ctx); err != nil {
	s.Fatal("Failed to restart TPM-related daemons to simulate reboot: ", err)
	}
	if err = cryptohome.CheckService(ctx); err != nil {
	s.Fatal("Cryptohome D-Bus service didn't come back: ", err)
	}
	if err := utility.MountVault(ctx, util.FirstUsername, util.FirstPassword, util.PasswordLabel, false, hwsec.NewVaultConfig()); err != nil {
	s.Fatal("Failed to mount user vault: ", err)
	}
	if err := utility.CheckTPMWrappedUserKeyset(ctx, util.FirstUsername); err != nil {
	s.Fatal("Check user keyset failed: ", err)
	}

	// User vault should already exist and shouldn't be recreated.
	if content, err := hwsec.ReadUserTestContent(ctx, utility, cmdRunner, util.FirstUsername, util.TestFileName1); err != nil {
	s.Fatal("Failed to read user test content: ", err)
	} else if !bytes.Equal(content, []byte(util.TestFileContent)) {
	s.Fatalf("Unexpected test file content: got %q, want %q", string(content), util.TestFileContent)
	}

	if _, err := utility.Unmount(ctx, util.FirstUsername); err != nil {
	s.Fatal("Failed to remove user vault: ", err)
	}

	s.Log("Phase 3: clears TPM and mounts user vault again")

	if err := helper.EnsureTPMAndSystemStateAreReset(ctx); err != nil {
	s.Fatal("Failed to reset TPM or system states: ", err)
	}
	if err = cryptohome.CheckService(ctx); err != nil {
	s.Fatal("Cryptohome D-Bus service didn't come back: ", err)
	}
	if err := helper.EnsureTPMIsReadyAndBackupSecrets(ctx, hwsec.DefaultTakingOwnershipTimeout); err != nil {
	s.Fatal("Failed to wait for TPM to be owned: ", err)
	}
	if err := utility.MountVault(ctx, util.FirstUsername, util.FirstPassword, util.PasswordLabel, true, hwsec.NewVaultConfig()); err != nil {
	s.Fatal("Failed to create user vault: ", err)
	}
	if err := utility.CheckTPMWrappedUserKeyset(ctx, util.FirstUsername); err != nil {
	s.Fatal("Check user keyset failed: ", err)
	}

	// User vault should be recreated after TPM is cleared.
	if exists, err := hwsec.DoesUserTestFileExist(ctx, utility, cmdRunner, util.FirstUsername, util.TestFileName1); err != nil {
	s.Fatal("Failed to check user test file: ", err)
	} else if exists {
	s.Fatal("Cryptohome didn't recreate user vault; original test file still exists")
	}
	}