server/site_tests/firmware_Cr50PinWeaverServer/firmware_Cr50PinWeaverServer.py

# Copyright 2018 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.

from hashlib import sha256
import logging
from pprint import pformat

from autotest_lib.client.common_lib import error
from autotest_lib.client.common_lib.cros import pinweaver_client
from autotest_lib.server import test


def compute_empty_tree_auxilary_hashes(bits_per_level=2, height=6):
    """Returns a binary string representation of the auxilary digests of an
    empty path in a Merkle tree with the specified parameters.
    """
    num_siblings = 2 ^ bits_per_level - 1
    child = '\0' * 32
    result = ''
    for _ in range(height):
        part = child * num_siblings
        child = sha256(part + child).digest()
        result += part
    return result

class firmware_Cr50PinWeaverServer(test.test):
    """Tests the PinWeaver functionality on Cr50 using pinweaver_client through
    trunksd.
    """

    version = 1

    RESULT_CODE_SUCCESS = 'EC_SUCCESS'
    RESULT_CODE_AUTH_FAILED = 'PW_ERR_LOWENT_AUTH_FAILED'
    RESULT_CODE_RATE_LIMITED = 'PW_ERR_RATE_LIMIT_REACHED'

    def run_once(self, host):
        """Runs the firmware_Cr50PinWeaverServer test.
        This test is made up of the pinweaver_client self test, and a test that
        checks that PinWeaver works as expected across device reboots.
        """

        # Run "pinweaver_client selftest".
        try:
            if not pinweaver_client.SelfTest(host):
                raise error.TestFail('Failed SelfTest: %s' %
                                     self.__class__.__name__)
        except pinweaver_client.PinWeaverNotAvailableError:
            logging.info('PinWeaver not supported!')
            raise error.TestNAError('PinWeaver is not available')

        # Check PinWeaver logic across reboots including the reboot counter.
        # Insert an entry.
        #
        # Label 0 is guaranteed to be empty because the self test above resets
        # the tree and removes the leaf it adds.
        label = 0
        h_aux = compute_empty_tree_auxilary_hashes().encode('hex')
        le_secret = sha256('1234').hexdigest()
        he_secret = sha256('ag3#l4Z9').hexdigest()
        reset_secret = sha256('W8oE@Ja2mq.R1').hexdigest()
        delay_schedule = '5 %d' % 0x00ffffffff
        result = pinweaver_client.InsertLeaf(host, label, h_aux, le_secret,
                                             he_secret, reset_secret,
                                             delay_schedule)
        logging.info('Insert: %s', pformat(result))
        if (result['result_code']['name'] !=
            firmware_Cr50PinWeaverServer.RESULT_CODE_SUCCESS):
            raise error.TestFail('Failed InsertLeaf: %s' %
                                 self.__class__.__name__)
        cred_metadata = result['cred_metadata']

        # Exhaust the allowed number of attempts.
        for i in range(6):
            result = pinweaver_client.TryAuth(host, h_aux, '0' * 64,
                                              cred_metadata)
            if result['cred_metadata']:
                cred_metadata = result['cred_metadata']
            logging.info('TryAuth: %s', pformat(result))
            if ((i <= 4 and result['result_code']['name'] !=
                 firmware_Cr50PinWeaverServer.RESULT_CODE_AUTH_FAILED) or
                (i > 4 and result['result_code']['name'] !=
                 firmware_Cr50PinWeaverServer.RESULT_CODE_RATE_LIMITED)):
                raise error.TestFail('Failed TryAuth: %s' %
                                     self.__class__.__name__)

        if result['seconds_to_wait'] == 0:
            raise error.TestFail('Failed TryAuth: %s' %
                                 self.__class__.__name__)

        # Reboot the device. This calls TPM_startup() which reloads the Merkle
        # tree from NVRAM. Note that this doesn't reset the timer on Cr50, so
        # restart_count doesn't increment.
        host.reboot()

        # Verify that the lockout is still enforced.
        result = pinweaver_client.TryAuth(host, h_aux, le_secret, cred_metadata)
        logging.info('TryAuth: %s', pformat(result))
        if (result['result_code']['name'] !=
            firmware_Cr50PinWeaverServer.RESULT_CODE_RATE_LIMITED):
            raise error.TestFail('Failed TryAuth: %s' %
                                 self.__class__.__name__)
        if result['seconds_to_wait'] == 0:
            raise error.TestFail('Failed TryAuth: %s' %
                                 self.__class__.__name__)

        # Perform a reset.
        result = pinweaver_client.ResetAuth(host, h_aux, reset_secret,
                                            cred_metadata)
        if (result['result_code']['name'] !=
            firmware_Cr50PinWeaverServer.RESULT_CODE_SUCCESS):
            raise error.TestFail('Failed ResetAuth: %s' %
                                 self.__class__.__name__)
        cred_metadata = result['cred_metadata']
        logging.info('ResetAuth: %s', pformat(result))

        # Verify that using a PIN would work.
        result = pinweaver_client.TryAuth(host, h_aux, le_secret, cred_metadata)
        mac = result['mac']
        logging.info('TryAuth: %s', pformat(result))
        if (result['result_code']['name'] !=
            firmware_Cr50PinWeaverServer.RESULT_CODE_SUCCESS):
            raise error.TestFail('Failed TryAuth: %s' %
                                 self.__class__.__name__)

        # Remove the leaf.
        result = pinweaver_client.RemoveLeaf(host, label, h_aux, mac)
        logging.info('RemoveLeaf: %s', pformat(result))
        if (result['result_code']['name'] !=
            firmware_Cr50PinWeaverServer.RESULT_CODE_SUCCESS):
            raise error.TestFail('Failed RemoveLeaf: %s' %
                                 self.__class__.__name__)