summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSzczepan Zalega <szczepan@nitrokey.com>2017-02-18 17:08:07 +0100
committerSzczepan Zalega <szczepan@nitrokey.com>2017-03-11 15:41:49 +0100
commit544d68631303fa35b5e6a538f8afb4e054ad9302 (patch)
treeaeb71157046ef20be506d1fe26d0b984f713a85c
parentbbbb596a0e6e5b22a19d5543d20e7b2dfc1a0f83 (diff)
downloadlibnitrokey-544d68631303fa35b5e6a538f8afb4e054ad9302.tar.gz
libnitrokey-544d68631303fa35b5e6a538f8afb4e054ad9302.tar.bz2
Add some complex unit tests to find out corruption cause
Signed-off-by: Szczepan Zalega <szczepan@nitrokey.com>
-rw-r--r--unittest/test_pro.py70
-rw-r--r--unittest/test_storage.py147
2 files changed, 214 insertions, 3 deletions
diff --git a/unittest/test_pro.py b/unittest/test_pro.py
index 4a2a504..0ad42e1 100644
--- a/unittest/test_pro.py
+++ b/unittest/test_pro.py
@@ -22,6 +22,71 @@ def test_write_password_safe_slot(C):
assert C.NK_write_password_safe_slot(0, 'slotname1', 'login1', 'pass1') == DeviceErrorCode.STATUS_OK
+@pytest.mark.slowtest
+def test_write_all_password_safe_slots_and_read_10_times(C):
+ def fill(s, wid):
+ assert wid >= len(s)
+ numbers = '1234567890'*4
+ s += numbers[:wid-len(s)]
+ assert len(s) == wid
+ return s
+
+ def get_pass(suffix):
+ return fill('pass' + suffix, 20)
+
+ def get_loginname(suffix):
+ return fill('login' + suffix, 32)
+
+ def get_slotname(suffix):
+ return fill('slotname' + suffix, 11)
+
+ assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK
+ assert C.NK_enable_password_safe(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK
+ PWS_slot_count = 16
+ for i in range(0, PWS_slot_count):
+ iss = str(i)
+ assert C.NK_write_password_safe_slot(i,
+ get_slotname(iss), get_loginname(iss),
+ get_pass(iss)) == DeviceErrorCode.STATUS_OK
+
+ for j in range(0, 10):
+ for i in range(0, PWS_slot_count):
+ iss = str(i)
+ assert gs(C.NK_get_password_safe_slot_name(i)) == get_slotname(iss)
+ assert gs(C.NK_get_password_safe_slot_login(i)) == get_loginname(iss)
+ assert gs(C.NK_get_password_safe_slot_password(i)) == get_pass(iss)
+
+
+@pytest.mark.slowtest
+def test_read_all_password_safe_slots_10_times(C):
+ def fill(s, wid):
+ assert wid >= len(s)
+ numbers = '1234567890'*4
+ s += numbers[:wid-len(s)]
+ assert len(s) == wid
+ return s
+
+ def get_pass(suffix):
+ return fill('pass' + suffix, 20)
+
+ def get_loginname(suffix):
+ return fill('login' + suffix, 32)
+
+ def get_slotname(suffix):
+ return fill('slotname' + suffix, 11)
+
+ assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK
+ assert C.NK_enable_password_safe(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK
+ PWS_slot_count = 16
+
+ for j in range(0, 10):
+ for i in range(0, PWS_slot_count):
+ iss = str(i)
+ assert gs(C.NK_get_password_safe_slot_name(i)) == get_slotname(iss)
+ assert gs(C.NK_get_password_safe_slot_login(i)) == get_loginname(iss)
+ assert gs(C.NK_get_password_safe_slot_password(i)) == get_pass(iss)
+
+
def test_get_password_safe_slot_name(C):
assert C.NK_enable_password_safe(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK
assert C.NK_write_password_safe_slot(0, 'slotname1', 'login1', 'pass1') == DeviceErrorCode.STATUS_OK
@@ -645,10 +710,11 @@ def test_TOTP_secrets(C, secret):
@pytest.mark.parametrize("secret", [RFC_SECRET, 2*RFC_SECRET, '12'*10, '12'*30] )
def test_HOTP_secrets(C, secret):
"""
- NK Pro 0.8+, NK Storage 0.44+
+ NK Pro 0.8+
feature needed: support for 320bit secrets
"""
- skip_if_device_version_lower_than({'S': 44, 'P': 8})
+ if len(secret)>40:
+ skip_if_device_version_lower_than({'P': 8})
slot_number = 0
counter = 0
diff --git a/unittest/test_storage.py b/unittest/test_storage.py
index a1c59aa..9c01382 100644
--- a/unittest/test_storage.py
+++ b/unittest/test_storage.py
@@ -57,6 +57,7 @@ def test_encrypted_volume_unlock_hidden(C):
assert C.NK_create_hidden_volume(0, 20, 21, hidden_volume_password) == DeviceErrorCode.STATUS_OK
assert C.NK_unlock_hidden_volume(hidden_volume_password) == DeviceErrorCode.STATUS_OK
+
@pytest.mark.skip(reason='hangs device, to report')
def test_encrypted_volume_setup_multiple_hidden(C):
skip_if_device_version_lower_than({'S': 43})
@@ -72,6 +73,149 @@ def test_encrypted_volume_setup_multiple_hidden(C):
assert C.NK_unlock_hidden_volume(p(i)) == DeviceErrorCode.STATUS_OK
+@pytest.mark.parametrize("volumes_to_setup", range(1, 5))
+def test_encrypted_volume_setup_multiple_hidden_no_lock_device_volumes(C, volumes_to_setup):
+ skip_if_device_version_lower_than({'S': 43})
+ hidden_volume_password = 'hiddenpassword'
+ p = lambda i: hidden_volume_password + str(i)
+ assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK
+ assert C.NK_unlock_encrypted_volume(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK
+ for i in range(volumes_to_setup):
+ assert C.NK_create_hidden_volume(i, 20+i*10, 20+i*10+i+1, p(i)) == DeviceErrorCode.STATUS_OK
+
+ assert C.NK_lock_encrypted_volume() == DeviceErrorCode.STATUS_OK
+ assert C.NK_unlock_encrypted_volume(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK
+
+ for i in range(volumes_to_setup):
+ assert C.NK_unlock_hidden_volume(p(i)) == DeviceErrorCode.STATUS_OK
+ # TODO mount and test for files
+ assert C.NK_lock_hidden_volume() == DeviceErrorCode.STATUS_OK
+
+
+@pytest.mark.parametrize("volumes_to_setup", range(1, 5))
+def test_encrypted_volume_setup_multiple_hidden_no_lock_device_volumes_unlock_at_once(C, volumes_to_setup):
+ skip_if_device_version_lower_than({'S': 43})
+ hidden_volume_password = 'hiddenpassword'
+ p = lambda i: hidden_volume_password + str(i)
+ assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK
+ assert C.NK_unlock_encrypted_volume(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK
+ for i in range(volumes_to_setup):
+ assert C.NK_create_hidden_volume(i, 20+i*10, 20+i*10+i+1, p(i)) == DeviceErrorCode.STATUS_OK
+ assert C.NK_unlock_hidden_volume(p(i)) == DeviceErrorCode.STATUS_OK
+ assert C.NK_lock_hidden_volume() == DeviceErrorCode.STATUS_OK
+
+ assert C.NK_lock_encrypted_volume() == DeviceErrorCode.STATUS_OK
+ assert C.NK_unlock_encrypted_volume(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK
+
+ for i in range(volumes_to_setup):
+ assert C.NK_unlock_hidden_volume(p(i)) == DeviceErrorCode.STATUS_OK
+ # TODO mount and test for files
+ assert C.NK_lock_hidden_volume() == DeviceErrorCode.STATUS_OK
+
+
+@pytest.mark.parametrize("use_slot", range(4))
+def test_encrypted_volume_setup_one_hidden_no_lock_device_slot(C, use_slot):
+ skip_if_device_version_lower_than({'S': 43})
+ hidden_volume_password = 'hiddenpassword'
+ p = lambda i: hidden_volume_password + str(i)
+ assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK
+ assert C.NK_unlock_encrypted_volume(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK
+ i = use_slot
+ assert C.NK_create_hidden_volume(i, 20+i*10, 20+i*10+i+1, p(i)) == DeviceErrorCode.STATUS_OK
+ assert C.NK_unlock_hidden_volume(p(i)) == DeviceErrorCode.STATUS_OK
+ assert C.NK_lock_hidden_volume() == DeviceErrorCode.STATUS_OK
+
+ assert C.NK_lock_encrypted_volume() == DeviceErrorCode.STATUS_OK
+ assert C.NK_unlock_encrypted_volume(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK
+
+ for j in range(3):
+ assert C.NK_unlock_hidden_volume(p(i)) == DeviceErrorCode.STATUS_OK
+ # TODO mount and test for files
+ assert C.NK_lock_hidden_volume() == DeviceErrorCode.STATUS_OK
+
+
+def test_password_safe_slot_name_corruption(C):
+ skip_if_device_version_lower_than({'S': 43})
+ volumes_to_setup = 4
+ # connected with encrypted volumes, possible also with hidden
+ def fill(s, wid):
+ assert wid >= len(s)
+ numbers = '1234567890' * 4
+ s += numbers[:wid - len(s)]
+ assert len(s) == wid
+ return s
+
+ def get_pass(suffix):
+ return fill('pass' + suffix, 20)
+
+ def get_loginname(suffix):
+ return fill('login' + suffix, 32)
+
+ def get_slotname(suffix):
+ return fill('slotname' + suffix, 11)
+
+ assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK
+ assert C.NK_enable_password_safe(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK
+ PWS_slot_count = 16
+ for i in range(0, PWS_slot_count):
+ iss = str(i)
+ assert C.NK_write_password_safe_slot(i,
+ get_slotname(iss), get_loginname(iss),
+ get_pass(iss)) == DeviceErrorCode.STATUS_OK
+
+ def check_PWS_correctness(C):
+ for i in range(0, PWS_slot_count):
+ iss = str(i)
+ assert gs(C.NK_get_password_safe_slot_name(i)) == get_slotname(iss)
+ assert gs(C.NK_get_password_safe_slot_login(i)) == get_loginname(iss)
+ assert gs(C.NK_get_password_safe_slot_password(i)) == get_pass(iss)
+
+ hidden_volume_password = 'hiddenpassword'
+ p = lambda i: hidden_volume_password + str(i)
+ def check_volumes_correctness(C):
+ for i in range(volumes_to_setup):
+ assert C.NK_unlock_hidden_volume(p(i)) == DeviceErrorCode.STATUS_OK
+ # TODO mount and test for files
+ assert C.NK_lock_hidden_volume() == DeviceErrorCode.STATUS_OK
+
+ check_PWS_correctness(C)
+
+ assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK
+ assert C.NK_unlock_encrypted_volume(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK
+ for i in range(volumes_to_setup):
+ assert C.NK_create_hidden_volume(i, 20+i*10, 20+i*10+i+1, p(i)) == DeviceErrorCode.STATUS_OK
+ assert C.NK_unlock_hidden_volume(p(i)) == DeviceErrorCode.STATUS_OK
+ assert C.NK_lock_hidden_volume() == DeviceErrorCode.STATUS_OK
+
+ assert C.NK_lock_encrypted_volume() == DeviceErrorCode.STATUS_OK
+ assert C.NK_unlock_encrypted_volume(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK
+
+ check_volumes_correctness(C)
+ check_PWS_correctness(C)
+ check_volumes_correctness(C)
+ check_PWS_correctness(C)
+
+ assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK
+ assert C.NK_unlock_encrypted_volume(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK
+ check_volumes_correctness(C)
+ check_PWS_correctness(C)
+ assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK
+ assert C.NK_unlock_encrypted_volume(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK
+ check_volumes_correctness(C)
+ check_PWS_correctness(C)
+
+def test_hidden_volume_corruption(C):
+ # bug: this should return error without unlocking encrypted volume each hidden volume lock, but it does not
+ assert C.NK_lock_encrypted_volume() == DeviceErrorCode.STATUS_OK
+ assert C.NK_unlock_encrypted_volume(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK
+ hidden_volume_password = 'hiddenpassword'
+ p = lambda i: hidden_volume_password + str(i)
+ for i in range(4):
+ assert C.NK_unlock_encrypted_volume(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK
+ assert C.NK_unlock_hidden_volume(p(i)) == DeviceErrorCode.STATUS_OK
+ wait(2)
+ assert C.NK_lock_hidden_volume() == DeviceErrorCode.STATUS_OK
+
def test_unencrypted_volume_set_read_only(C):
skip_if_device_version_lower_than({'S': 43})
assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK
@@ -94,7 +238,8 @@ def test_clear_new_sd_card_notification(C):
assert C.NK_clear_new_sd_card_warning(DefaultPasswords.ADMIN) == DeviceErrorCode.STATUS_OK
-@pytest.mark.skip
+@pytest.mark.slowtest
+@pytest.mark.skip(reason='long test (about 1h)')
def test_fill_SD_card(C):
skip_if_device_version_lower_than({'S': 43})
status = C.NK_fill_SD_card_with_random_data(DefaultPasswords.ADMIN)