src/chromiumos/tast/remote/bundles/cros/hwsec/integrated_u2f.go - chromiumos/platform/tast-tests - Git at Google

 // Copyright 2021 The Chromium OS Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 package hwsec

 import (
 	"bufio"
 	"bytes"
 	"context"
 	"fmt"
 	"io"
 	"strings"
 	"time"

 	"github.com/golang/protobuf/ptypes/empty"

 	"chromiumos/tast/common/hwsec"
 	"chromiumos/tast/common/pkcs11"
 	"chromiumos/tast/common/servo"
 	"chromiumos/tast/dut"
 	"chromiumos/tast/errors"
 	hwsecremote "chromiumos/tast/remote/hwsec"
 	"chromiumos/tast/rpc"
 	"chromiumos/tast/services/cros/example"
 	"chromiumos/tast/testing"
 )

 func init() {
 	testing.AddTest(&testing.Test{
 		Func: IntegratedU2F,
 		Desc: "Verify U2F using the on-board cr50 firmware works",
 		Contacts: []string{
 			"cros-hwsec@chromium.org",
 			"yich@google.com",
 		},
 		SoftwareDeps: []string{"chrome", "gsc", "reboot"},
 		Attr:         []string{"group:firmware", "firmware_cr50"},
 		VarDeps:      []string{"servo"},
 		ServiceDeps: []string{
 			"tast.cros.example.ChromeService",
 			"tast.cros.hwsec.AttestationDBusService",
 		},
 		Timeout: 10 * time.Minute,
 	})
 }

 // IntegratedU2F verifies U2F using the on-board cr50 firmware works
 func IntegratedU2F(ctx context.Context, s *testing.State) {
 	// Create hwsec helper.
 	cmdRunner := hwsecremote.NewCmdRunner(s.DUT())
 	helper, err := hwsecremote.NewFullHelper(cmdRunner, s.DUT(), s.RPCHint())
 	if err != nil {
 		s.Fatal("Failed to create hwsec local helper: ", err)
 	}

 	// Ensure TPM is ready before running the tests.
 	if err := helper.EnsureTPMIsReady(ctx, hwsec.DefaultTakingOwnershipTimeout); err != nil {
 		s.Fatal("Failed to ensure TPM is ready: ", err)
 	}

 	// Connect to the chrome service server on the DUT.
 	cl, err := rpc.Dial(ctx, s.DUT(), s.RPCHint(), "cros")
 	if err != nil {
 		s.Fatal("Failed to connect to the RPC service on the DUT: ", err)
 	}
 	defer cl.Close(ctx)

 	// u2fd reads files from the user's home dir, so we need to log in.
 	cr := example.NewChromeServiceClient(cl.Conn)
 	if _, err := cr.New(ctx, &empty.Empty{}); err != nil {
 		s.Fatal("Failed to start Chrome: ", err)
 	}
 	defer cr.Close(ctx, &empty.Empty{})

 	// Ensure TPM is prepared for enrollment.
 	if err := helper.EnsureIsPreparedForEnrollment(ctx, hwsec.DefaultPreparationForEnrolmentTimeout); err != nil {
 		s.Fatal("Failed to ensure resetting TPM: ", err)
 	}

 	chaps, err := pkcs11.NewChaps(ctx, cmdRunner, helper.CryptohomeClient())
 	if err != nil {
 		s.Fatal("Failed to create chaps client: ", err)
 	}

 	// Ensure chaps finished the initialization.
 	// U2F didn't depend on chaps, but chaps would block the TPM operaions, and caused U2F timeout.
 	if err := ensureChapsSlotsInitialized(ctx, chaps); err != nil {
 		s.Fatal("Failed to ensure chaps slots: ", err)
 	}

 	// Connect to servo.
 	servoSpec, _ := s.Var("servo")
 	pxy, err := servo.NewProxy(ctx, servoSpec, s.DUT().KeyFile(), s.DUT().KeyDir())
 	if err != nil {
 		s.Fatal("Failed to connect to servo: ", err)
 	}
 	defer pxy.Close(ctx)
 	svo := pxy.Servo()

 	// Clean up the flags in u2fd after the tests finished.
 	defer setU2fdFlags(ctx, helper, false, false, false)

 	for _, tc := range []struct {
 		name     string
 		u2f      bool
 		g2f      bool
 		userKeys bool
 	}{
 		{
 			name:     "u2f",
 			u2f:      true,
 			g2f:      false,
 			userKeys: false,
 		},
 		{
 			name:     "g2f",
 			u2f:      false,
 			g2f:      true,
 			userKeys: false,
 		},
 		{
 			name:     "u2f_user_keys",
 			u2f:      true,
 			g2f:      false,
 			userKeys: true,
 		},
 		{
 			name:     "g2f_user_keys",
 			u2f:      false,
 			g2f:      true,
 			userKeys: true,
 		},
 	} {
 		s.Run(ctx, tc.name, func(ctx context.Context, s *testing.State) {
 			if err := setU2fdFlags(ctx, helper, tc.u2f, tc.g2f, tc.userKeys); err != nil {
 				s.Fatal("Failed to set u2fd flags: ", err)
 			}
 			device, err := u2fDevicePath(ctx, cmdRunner)
 			if err != nil {
 				s.Fatal("Failed to get u2f device path: ", err)
 			}

 			//  Wait for system become stable.
 			testing.Sleep(ctx, 3*time.Second)

 			if err := runU2Test(ctx, s.DUT(), device, svo); err != nil {
 				s.Fatal("U2F test filed: ", err)
 			}
 		})
 	}
 }

 // ensureChapsSlotsInitialized ensures chaps is initialized.
 func ensureChapsSlotsInitialized(ctx context.Context, chaps *pkcs11.Chaps) error {
 	return testing.Poll(ctx, func(context.Context) error {
 		slots, err := chaps.ListSlots(ctx)
 		if err != nil {
 			return errors.Wrap(err, "failed to list chaps slots")
 		}
 		testing.ContextLog(ctx, slots)
 		if len(slots) < 2 {
 			return errors.Wrap(err, "chaps initialization hasn't finished")
 		}
 		return nil
 	}, &testing.PollOptions{
 		Timeout:  30 * time.Second,
 		Interval: time.Second,
 	})
 }

 // setU2fdFlags sets the flags and restarts u2fd, which will re-create the u2f device.
 func setU2fdFlags(ctx context.Context, helper *hwsecremote.FullHelperRemote, u2f, g2f, userKeys bool) (retErr error) {
 	const (
 		uf2ForcePath      = "/var/lib/u2f/force/u2f.force"
 		gf2ForcePath      = "/var/lib/u2f/force/g2f.force"
 		userKeysForcePath = "/var/lib/u2f/force/user_keys.force"
 	)

 	cmd := helper.CmdRunner()
 	dCtl := helper.DaemonController()

 	if err := dCtl.Stop(ctx, hwsec.U2fdDaemon); err != nil {
 		return errors.Wrap(err, "failed to stop u2fd")
 	}
 	defer func() {
 		if err := dCtl.Start(ctx, hwsec.U2fdDaemon); err != nil {
 			if retErr != nil {
 				testing.ContextLog(ctx, "Failed to restart u2fd: ", err)
 			} else {
 				retErr = errors.Wrap(err, "failed to restart u2fd")
 			}
 		}
 	}()

 	// Remove flags.
 	if _, err := cmd.Run(ctx, "sh", "-c", "rm -f /var/lib/u2f/force/*.force"); err != nil {
 		return errors.Wrap(err, "failed to remove flags")
 	}
 	if u2f {
 		if _, err := cmd.Run(ctx, "touch", uf2ForcePath); err != nil {
 			return errors.Wrap(err, "failed to set u2f flag")
 		}
 	}
 	if g2f {
 		if _, err := cmd.Run(ctx, "touch", gf2ForcePath); err != nil {
 			return errors.Wrap(err, "failed to set g2f flag")
 		}
 	}
 	if userKeys {
 		if _, err := cmd.Run(ctx, "touch", userKeysForcePath); err != nil {
 			return errors.Wrap(err, "failed to set userKeys flag")
 		}
 	}
 	return nil
 }

 // u2fDevicePath returns the integrated u2f device path.
 func u2fDevicePath(ctx context.Context, cmd *hwsecremote.CmdRunnerRemote) (string, error) {
 	const (
 		VID = "18D1"
 		PID = "502C"
 	)

 	lsCmd := fmt.Sprintf("ls /sys/bus/hid/devices/*:%s:%s.*/hidraw", VID, PID)
 	var dev string
 	err := testing.Poll(ctx, func(context.Context) error {
 		data, err := cmd.Run(ctx, "sh", "-c", lsCmd)
 		if err != nil {
 			return errors.Wrap(err, "failed to list files")
 		}
 		dev = strings.TrimSpace(string(data))
 		return nil
 	}, &testing.PollOptions{
 		Timeout:  30 * time.Second,
 		Interval: time.Second,
 	})

 	if err != nil {
 		return "", errors.Wrap(err, "failed to find hid device")
 	}
 	return "/dev/" + dev, nil
 }

 // runU2Test runs the U2FTest with the U2F device.
 func runU2Test(ctx context.Context, dut *dut.DUT, device string, svo *servo.Servo) (retErr error) {
 	const (
 		u2fTestPath = "/usr/local/bin/U2FTest"
 		trigger     = "Touch device and hit enter."
 	)
 	cmd := dut.Conn().CommandContext(ctx, "stdbuf", "-o0", u2fTestPath, device)
 	stdout, err := cmd.StdoutPipe()
 	if err != nil {
 		return errors.Wrap(err, "failed to create stdout pipe")
 	}

 	stdin, err := cmd.StdinPipe()
 	if err != nil {
 		return errors.Wrap(err, "failed to create stdin pipe")
 	}

 	if err := cmd.Start(); err != nil {
 		return errors.Wrap(err, "failed to start U2fTest")
 	}
 	defer func() {
 		if err := cmd.Wait(); err != nil {
 			if retErr != nil {
 				testing.ContextLog(ctx, "Failed to wait U2fTest: ", err)
 			} else {
 				retErr = errors.Wrap(err, "failed to wait U2fTest")
 			}
 		}
 	}()

 	// Create the scanner.
 	scanner := bufio.NewScanner(stdout)
 	split := func(data []byte, atEOF bool) (advance int, token []byte, err error) {
 		index := bytes.IndexAny(data, ".\n")
 		if index != -1 {
 			return index + 1, data[:index+1], nil
 		}
 		if atEOF {
 			return len(data), nil, io.EOF
 		}
 		return 0, nil, nil
 	}
 	scanner.Split(split)

 	for scanner.Scan() {
 		line := scanner.Text()
 		if strings.Contains(line, trigger) {
 			testing.ContextLog(ctx, "Clicking power key")
 			if err := svo.KeypressWithDuration(ctx, servo.PowerKey, servo.DurTab); err != nil {
 				return errors.Wrap(err, "failed to press the power key")
 			}
 			if _, err := stdin.Write([]byte("\n")); err != nil {
 				return errors.Wrap(err, "failed to pipe the enter")
 			}
 		}
 	}
 	if err := scanner.Err(); err != nil {
 		return errors.Wrap(err, "failed to scan stdin")
 	}
 	return nil
 }
	// Copyright 2021 The Chromium OS Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	package hwsec

	import (
	"bufio"
	"bytes"
	"context"
	"fmt"
	"io"
	"strings"
	"time"

	"github.com/golang/protobuf/ptypes/empty"

	"chromiumos/tast/common/hwsec"
	"chromiumos/tast/common/pkcs11"
	"chromiumos/tast/common/servo"
	"chromiumos/tast/dut"
	"chromiumos/tast/errors"
	hwsecremote "chromiumos/tast/remote/hwsec"
	"chromiumos/tast/rpc"
	"chromiumos/tast/services/cros/example"
	"chromiumos/tast/testing"
	)

	func init() {
	testing.AddTest(&testing.Test{
	Func: IntegratedU2F,
	Desc: "Verify U2F using the on-board cr50 firmware works",
	Contacts: []string{
	"cros-hwsec@chromium.org",
	"yich@google.com",
	},
	SoftwareDeps: []string{"chrome", "gsc", "reboot"},
	Attr: []string{"group:firmware", "firmware_cr50"},
	VarDeps: []string{"servo"},
	ServiceDeps: []string{
	"tast.cros.example.ChromeService",
	"tast.cros.hwsec.AttestationDBusService",
	},
	Timeout: 10 * time.Minute,
	})
	}

	// IntegratedU2F verifies U2F using the on-board cr50 firmware works
	func IntegratedU2F(ctx context.Context, s *testing.State) {
	// Create hwsec helper.
	cmdRunner := hwsecremote.NewCmdRunner(s.DUT())
	helper, err := hwsecremote.NewFullHelper(cmdRunner, s.DUT(), s.RPCHint())
	if err != nil {
	s.Fatal("Failed to create hwsec local helper: ", err)
	}

	// Ensure TPM is ready before running the tests.
	if err := helper.EnsureTPMIsReady(ctx, hwsec.DefaultTakingOwnershipTimeout); err != nil {
	s.Fatal("Failed to ensure TPM is ready: ", err)
	}

	// Connect to the chrome service server on the DUT.
	cl, err := rpc.Dial(ctx, s.DUT(), s.RPCHint(), "cros")
	if err != nil {
	s.Fatal("Failed to connect to the RPC service on the DUT: ", err)
	}
	defer cl.Close(ctx)

	// u2fd reads files from the user's home dir, so we need to log in.
	cr := example.NewChromeServiceClient(cl.Conn)
	if _, err := cr.New(ctx, &empty.Empty{}); err != nil {
	s.Fatal("Failed to start Chrome: ", err)
	}
	defer cr.Close(ctx, &empty.Empty{})

	// Ensure TPM is prepared for enrollment.
	if err := helper.EnsureIsPreparedForEnrollment(ctx, hwsec.DefaultPreparationForEnrolmentTimeout); err != nil {
	s.Fatal("Failed to ensure resetting TPM: ", err)
	}

	chaps, err := pkcs11.NewChaps(ctx, cmdRunner, helper.CryptohomeClient())
	if err != nil {
	s.Fatal("Failed to create chaps client: ", err)
	}

	// Ensure chaps finished the initialization.
	// U2F didn't depend on chaps, but chaps would block the TPM operaions, and caused U2F timeout.
	if err := ensureChapsSlotsInitialized(ctx, chaps); err != nil {
	s.Fatal("Failed to ensure chaps slots: ", err)
	}

	// Connect to servo.
	servoSpec, _ := s.Var("servo")
	pxy, err := servo.NewProxy(ctx, servoSpec, s.DUT().KeyFile(), s.DUT().KeyDir())
	if err != nil {
	s.Fatal("Failed to connect to servo: ", err)
	}
	defer pxy.Close(ctx)
	svo := pxy.Servo()

	// Clean up the flags in u2fd after the tests finished.
	defer setU2fdFlags(ctx, helper, false, false, false)

	for _, tc := range []struct {
	name string
	u2f bool
	g2f bool
	userKeys bool
	}{
	{
	name: "u2f",
	u2f: true,
	g2f: false,
	userKeys: false,
	},
	{
	name: "g2f",
	u2f: false,
	g2f: true,
	userKeys: false,
	},
	{
	name: "u2f_user_keys",
	u2f: true,
	g2f: false,
	userKeys: true,
	},
	{
	name: "g2f_user_keys",
	u2f: false,
	g2f: true,
	userKeys: true,
	},
	} {
	s.Run(ctx, tc.name, func(ctx context.Context, s *testing.State) {
	if err := setU2fdFlags(ctx, helper, tc.u2f, tc.g2f, tc.userKeys); err != nil {
	s.Fatal("Failed to set u2fd flags: ", err)
	}
	device, err := u2fDevicePath(ctx, cmdRunner)
	if err != nil {
	s.Fatal("Failed to get u2f device path: ", err)
	}

	// Wait for system become stable.
	testing.Sleep(ctx, 3*time.Second)

	if err := runU2Test(ctx, s.DUT(), device, svo); err != nil {
	s.Fatal("U2F test filed: ", err)
	}
	})
	}
	}

	// ensureChapsSlotsInitialized ensures chaps is initialized.
	func ensureChapsSlotsInitialized(ctx context.Context, chaps *pkcs11.Chaps) error {
	return testing.Poll(ctx, func(context.Context) error {
	slots, err := chaps.ListSlots(ctx)
	if err != nil {
	return errors.Wrap(err, "failed to list chaps slots")
	}
	testing.ContextLog(ctx, slots)
	if len(slots) < 2 {
	return errors.Wrap(err, "chaps initialization hasn't finished")
	}
	return nil
	}, &testing.PollOptions{
	Timeout: 30 * time.Second,
	Interval: time.Second,
	})
	}

	// setU2fdFlags sets the flags and restarts u2fd, which will re-create the u2f device.
	func setU2fdFlags(ctx context.Context, helper *hwsecremote.FullHelperRemote, u2f, g2f, userKeys bool) (retErr error) {
	const (
	uf2ForcePath = "/var/lib/u2f/force/u2f.force"
	gf2ForcePath = "/var/lib/u2f/force/g2f.force"
	userKeysForcePath = "/var/lib/u2f/force/user_keys.force"
	)

	cmd := helper.CmdRunner()
	dCtl := helper.DaemonController()

	if err := dCtl.Stop(ctx, hwsec.U2fdDaemon); err != nil {
	return errors.Wrap(err, "failed to stop u2fd")
	}
	defer func() {
	if err := dCtl.Start(ctx, hwsec.U2fdDaemon); err != nil {
	if retErr != nil {
	testing.ContextLog(ctx, "Failed to restart u2fd: ", err)
	} else {
	retErr = errors.Wrap(err, "failed to restart u2fd")
	}
	}
	}()

	// Remove flags.
	if _, err := cmd.Run(ctx, "sh", "-c", "rm -f /var/lib/u2f/force/*.force"); err != nil {
	return errors.Wrap(err, "failed to remove flags")
	}
	if u2f {
	if _, err := cmd.Run(ctx, "touch", uf2ForcePath); err != nil {
	return errors.Wrap(err, "failed to set u2f flag")
	}
	}
	if g2f {
	if _, err := cmd.Run(ctx, "touch", gf2ForcePath); err != nil {
	return errors.Wrap(err, "failed to set g2f flag")
	}
	}
	if userKeys {
	if _, err := cmd.Run(ctx, "touch", userKeysForcePath); err != nil {
	return errors.Wrap(err, "failed to set userKeys flag")
	}
	}
	return nil
	}

	// u2fDevicePath returns the integrated u2f device path.
	func u2fDevicePath(ctx context.Context, cmd *hwsecremote.CmdRunnerRemote) (string, error) {
	const (
	VID = "18D1"
	PID = "502C"
	)

	lsCmd := fmt.Sprintf("ls /sys/bus/hid/devices/:%s:%s./hidraw", VID, PID)
	var dev string
	err := testing.Poll(ctx, func(context.Context) error {
	data, err := cmd.Run(ctx, "sh", "-c", lsCmd)
	if err != nil {
	return errors.Wrap(err, "failed to list files")
	}
	dev = strings.TrimSpace(string(data))
	return nil
	}, &testing.PollOptions{
	Timeout: 30 * time.Second,
	Interval: time.Second,
	})

	if err != nil {
	return "", errors.Wrap(err, "failed to find hid device")
	}
	return "/dev/" + dev, nil
	}

	// runU2Test runs the U2FTest with the U2F device.
	func runU2Test(ctx context.Context, dut dut.DUT, device string, svo servo.Servo) (retErr error) {
	const (
	u2fTestPath = "/usr/local/bin/U2FTest"
	trigger = "Touch device and hit enter."
	)
	cmd := dut.Conn().CommandContext(ctx, "stdbuf", "-o0", u2fTestPath, device)
	stdout, err := cmd.StdoutPipe()
	if err != nil {
	return errors.Wrap(err, "failed to create stdout pipe")
	}

	stdin, err := cmd.StdinPipe()
	if err != nil {
	return errors.Wrap(err, "failed to create stdin pipe")
	}

	if err := cmd.Start(); err != nil {
	return errors.Wrap(err, "failed to start U2fTest")
	}
	defer func() {
	if err := cmd.Wait(); err != nil {
	if retErr != nil {
	testing.ContextLog(ctx, "Failed to wait U2fTest: ", err)
	} else {
	retErr = errors.Wrap(err, "failed to wait U2fTest")
	}
	}
	}()

	// Create the scanner.
	scanner := bufio.NewScanner(stdout)
	split := func(data []byte, atEOF bool) (advance int, token []byte, err error) {
	index := bytes.IndexAny(data, ".\n")
	if index != -1 {
	return index + 1, data[:index+1], nil
	}
	if atEOF {
	return len(data), nil, io.EOF
	}
	return 0, nil, nil
	}
	scanner.Split(split)

	for scanner.Scan() {
	line := scanner.Text()
	if strings.Contains(line, trigger) {
	testing.ContextLog(ctx, "Clicking power key")
	if err := svo.KeypressWithDuration(ctx, servo.PowerKey, servo.DurTab); err != nil {
	return errors.Wrap(err, "failed to press the power key")
	}
	if _, err := stdin.Write([]byte("\n")); err != nil {
	return errors.Wrap(err, "failed to pipe the enter")
	}
	}
	}
	if err := scanner.Err(); err != nil {
	return errors.Wrap(err, "failed to scan stdin")
	}
	return nil
	}