aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--unittest/test_pro.py62
-rw-r--r--unittest/test_storage.py25
2 files changed, 79 insertions, 8 deletions
diff --git a/unittest/test_pro.py b/unittest/test_pro.py
index 99dcf4d..67fb5a3 100644
--- a/unittest/test_pro.py
+++ b/unittest/test_pro.py
@@ -5,7 +5,8 @@ from constants import DefaultPasswords, DeviceErrorCode, RFC_SECRET, bb, bbRFC_S
from misc import ffi, gs, wait, cast_pointer_to_tuple
from misc import is_pro_rtm_07, is_pro_rtm_08, is_storage
-
+@pytest.mark.lock_device
+@pytest.mark.PWS
def test_enable_password_safe(C):
"""
All Password Safe tests depend on AES keys being initialized. They will fail otherwise.
@@ -14,7 +15,8 @@ def test_enable_password_safe(C):
assert C.NK_enable_password_safe(b'wrong_password') == DeviceErrorCode.WRONG_PASSWORD
assert C.NK_enable_password_safe(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK
-
+@pytest.mark.lock_device
+@pytest.mark.PWS
def test_write_password_safe_slot(C):
assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK
assert C.NK_write_password_safe_slot(0, b'slotname1', b'login1', b'pass1') == DeviceErrorCode.STATUS_NOT_AUTHORIZED
@@ -22,6 +24,8 @@ def test_write_password_safe_slot(C):
assert C.NK_write_password_safe_slot(0, b'slotname1', b'login1', b'pass1') == DeviceErrorCode.STATUS_OK
+@pytest.mark.lock_device
+@pytest.mark.PWS
@pytest.mark.slowtest
def test_write_all_password_safe_slots_and_read_10_times(C):
def fill(s, wid):
@@ -57,6 +61,8 @@ def test_write_all_password_safe_slots_and_read_10_times(C):
assert gs(C.NK_get_password_safe_slot_password(i)) == get_pass(iss)
+@pytest.mark.lock_device
+@pytest.mark.PWS
@pytest.mark.slowtest
@pytest.mark.xfail(reason="This test should be run directly after test_write_all_password_safe_slots_and_read_10_times")
def test_read_all_password_safe_slots_10_times(C):
@@ -88,6 +94,8 @@ def test_read_all_password_safe_slots_10_times(C):
assert gs(C.NK_get_password_safe_slot_password(i)) == get_pass(iss)
+@pytest.mark.lock_device
+@pytest.mark.PWS
def test_get_password_safe_slot_name(C):
assert C.NK_enable_password_safe(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK
assert C.NK_write_password_safe_slot(0, b'slotname1', b'login1', b'pass1') == DeviceErrorCode.STATUS_OK
@@ -100,6 +108,7 @@ def test_get_password_safe_slot_name(C):
assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK
+@pytest.mark.PWS
def test_get_password_safe_slot_login_password(C):
assert C.NK_enable_password_safe(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK
assert C.NK_write_password_safe_slot(0, b'slotname1', b'login1', b'pass1') == DeviceErrorCode.STATUS_OK
@@ -111,6 +120,7 @@ def test_get_password_safe_slot_login_password(C):
assert slot_password == b'pass1'
+@pytest.mark.PWS
def test_erase_password_safe_slot(C):
assert C.NK_enable_password_safe(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK
assert C.NK_erase_password_safe_slot(0) == DeviceErrorCode.STATUS_OK
@@ -118,6 +128,7 @@ def test_erase_password_safe_slot(C):
assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK # TODO CHECK shouldn't this be DeviceErrorCode.NOT_PROGRAMMED ?
+@pytest.mark.PWS
def test_password_safe_slot_status(C):
C.NK_set_debug(True)
assert C.NK_enable_password_safe(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK
@@ -131,7 +142,7 @@ def test_password_safe_slot_status(C):
assert is_slot_programmed[1] == 1
-# TODO TOREGISTER
+@pytest.mark.aes
def test_issue_device_locks_on_second_key_generation_in_sequence(C):
if is_pro_rtm_07(C) or is_pro_rtm_08(C):
pytest.skip("issue to register: device locks up "
@@ -140,6 +151,7 @@ def test_issue_device_locks_on_second_key_generation_in_sequence(C):
assert C.NK_build_aes_key(DefaultPasswords.ADMIN) == DeviceErrorCode.STATUS_OK
+@pytest.mark.aes
def test_regenerate_aes_key(C):
C.NK_set_debug(True)
assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
@@ -147,7 +159,9 @@ def test_regenerate_aes_key(C):
assert C.NK_enable_password_safe(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK
-@pytest.mark.skip
+@pytest.mark.lock_device
+@pytest.mark.aes
+@pytest.mark.factory_reset
def test_enable_password_safe_after_factory_reset(C):
assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK
if is_storage(C):
@@ -163,7 +177,8 @@ def test_enable_password_safe_after_factory_reset(C):
assert C.NK_build_aes_key(DefaultPasswords.ADMIN) == DeviceErrorCode.STATUS_OK
assert C.NK_enable_password_safe(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK
-
+@pytest.mark.lock_device
+@pytest.mark.aes
@pytest.mark.xfail(reason="NK Pro firmware bug: regenerating AES key command not always results in cleared slot data")
def test_destroy_password_safe(C):
"""
@@ -198,6 +213,7 @@ def test_destroy_password_safe(C):
assert is_slot_programmed[0] == 0
+@pytest.mark.aes
def test_is_AES_supported(C):
if is_storage(C):
pytest.skip("Storage does not implement this command")
@@ -207,6 +223,7 @@ def test_is_AES_supported(C):
assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK
+@pytest.mark.pin
def test_admin_PIN_change(C):
new_password = b'123123123'
assert C.NK_change_admin_PIN(b'wrong_password', new_password) == DeviceErrorCode.WRONG_PASSWORD
@@ -214,6 +231,7 @@ def test_admin_PIN_change(C):
assert C.NK_change_admin_PIN(new_password, DefaultPasswords.ADMIN) == DeviceErrorCode.STATUS_OK
+@pytest.mark.pin
def test_user_PIN_change(C):
new_password = b'123123123'
assert C.NK_change_user_PIN(b'wrong_password', new_password) == DeviceErrorCode.WRONG_PASSWORD
@@ -221,6 +239,8 @@ def test_user_PIN_change(C):
assert C.NK_change_user_PIN(new_password, DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK
+@pytest.mark.lock_device
+@pytest.mark.pin
def test_admin_retry_counts(C):
default_admin_retry_count = 3
assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK
@@ -231,6 +251,8 @@ def test_admin_retry_counts(C):
assert C.NK_get_admin_retry_count() == default_admin_retry_count
+@pytest.mark.lock_device
+@pytest.mark.pin
def test_user_retry_counts_change_PIN(C):
assert C.NK_change_user_PIN(DefaultPasswords.USER, DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK
wrong_password = b'wrong_password'
@@ -242,6 +264,9 @@ def test_user_retry_counts_change_PIN(C):
assert C.NK_change_user_PIN(DefaultPasswords.USER, DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK
assert C.NK_get_user_retry_count() == default_user_retry_count
+
+@pytest.mark.lock_device
+@pytest.mark.pin
def test_user_retry_counts_PWSafe(C):
default_user_retry_count = 3
assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK
@@ -252,6 +277,7 @@ def test_user_retry_counts_PWSafe(C):
assert C.NK_get_user_retry_count() == default_user_retry_count
+@pytest.mark.pin
def test_unlock_user_password(C):
C.NK_set_debug(True)
default_user_retry_count = 3
@@ -271,16 +297,19 @@ def test_unlock_user_password(C):
assert C.NK_get_admin_retry_count() == default_admin_retry_count
+@pytest.mark.pin
def test_admin_auth(C):
assert C.NK_first_authenticate(b'wrong_password', DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.WRONG_PASSWORD
assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
+@pytest.mark.pin
def test_user_auth(C):
assert C.NK_user_authenticate(b'wrong_password', DefaultPasswords.USER_TEMP) == DeviceErrorCode.WRONG_PASSWORD
assert C.NK_user_authenticate(DefaultPasswords.USER, DefaultPasswords.USER_TEMP) == DeviceErrorCode.STATUS_OK
+@pytest.mark.otp
def check_HOTP_RFC_codes(C, func, prep=None, use_8_digits=False):
"""
# https://tools.ietf.org/html/rfc4226#page-32
@@ -300,6 +329,7 @@ def check_HOTP_RFC_codes(C, func, prep=None, use_8_digits=False):
assert bb(code) == r
+@pytest.mark.otp
@pytest.mark.parametrize("use_8_digits", [False, True, ])
@pytest.mark.parametrize("use_pin_protection", [False, True, ])
def test_HOTP_RFC_use8digits_usepin(C, use_8_digits, use_pin_protection):
@@ -315,6 +345,7 @@ def test_HOTP_RFC_use8digits_usepin(C, use_8_digits, use_pin_protection):
check_HOTP_RFC_codes(C, lambda x: gs(C.NK_get_hotp_code(x)), use_8_digits=use_8_digits)
+@pytest.mark.otp
def test_HOTP_token(C):
"""
Check HOTP routine with written token ID to slot.
@@ -333,6 +364,7 @@ def test_HOTP_token(C):
assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK
+@pytest.mark.otp
def test_HOTP_counters(C):
"""
# https://tools.ietf.org/html/rfc4226#page-32
@@ -357,6 +389,7 @@ def test_HOTP_counters(C):
INT32_MAX = 2 ** 31 - 1
+@pytest.mark.otp
def test_HOTP_64bit_counter(C):
if is_storage(C):
pytest.xfail('bug in NK Storage HOTP firmware - counter is set with a 8 digits string, '
@@ -381,6 +414,7 @@ def test_HOTP_64bit_counter(C):
assert dev_res == lib_res
+@pytest.mark.otp
def test_TOTP_64bit_time(C):
if is_storage(C):
pytest.xfail('bug in NK Storage TOTP firmware')
@@ -406,6 +440,7 @@ def test_TOTP_64bit_time(C):
assert dev_res == lib_res
+@pytest.mark.otp
@pytest.mark.xfail(reason="NK Pro: Test fails in 50% of cases due to test vectors set 1 second before interval count change"
"Here time is changed on seconds side only and miliseconds part is not being reset apparently"
"This results in available time to test of half a second on average, thus 50% failed cases"
@@ -454,6 +489,7 @@ def test_TOTP_RFC_usepin(C, PIN_protection):
assert data == responses or correct == len(test_data)
+@pytest.mark.otp
def test_get_slot_names(C):
C.NK_set_debug(True)
assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
@@ -472,6 +508,7 @@ def test_get_slot_names(C):
assert C.NK_get_last_command_status() == DeviceErrorCode.NOT_PROGRAMMED
+@pytest.mark.otp
def test_get_OTP_codes(C):
assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
assert C.NK_write_config(255, 255, 255, False, True, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
@@ -486,6 +523,7 @@ def test_get_OTP_codes(C):
assert C.NK_get_last_command_status() == DeviceErrorCode.NOT_PROGRAMMED
+@pytest.mark.otp
def test_get_OTP_code_from_not_programmed_slot(C):
assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
assert C.NK_write_config(255, 255, 255, False, True, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
@@ -503,6 +541,7 @@ def test_get_OTP_code_from_not_programmed_slot(C):
assert C.NK_get_last_command_status() == DeviceErrorCode.NOT_PROGRAMMED
+@pytest.mark.otp
def test_get_code_user_authorize(C):
C.NK_set_debug(True)
assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
@@ -549,7 +588,8 @@ def test_read_write_config(C):
assert config == (255, 255, 255, False, True)
-@pytest.mark.skip
+@pytest.mark.lock_device
+@pytest.mark.factory_reset
def test_factory_reset(C):
C.NK_set_debug(True)
assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
@@ -571,12 +611,13 @@ def test_factory_reset(C):
assert C.NK_clear_new_sd_card_warning(DefaultPasswords.ADMIN) == DeviceErrorCode.STATUS_OK
+@pytest.mark.status
def test_get_status(C):
status = C.NK_status()
s = gs(status)
assert len(s) > 0
-
+@pytest.mark.status
def test_get_serial_number(C):
sn = C.NK_device_serial_number()
sn = gs(sn)
@@ -584,6 +625,7 @@ def test_get_serial_number(C):
print(('Serial number of the device: ', sn))
+@pytest.mark.otp
@pytest.mark.parametrize("secret", ['000001', '00'*10+'ff', '00'*19+'ff', '000102',
'00'*29+'ff', '00'*39+'ff', '002EF43F51AFA97BA2B46418768123C9E1809A5B' ])
def test_OTP_secret_started_from_null(C, secret):
@@ -615,6 +657,7 @@ def test_OTP_secret_started_from_null(C, secret):
assert dev_res == lib_res
+@pytest.mark.otp
@pytest.mark.parametrize("counter", [0, 3, 7, 0xffff,
0xffffffff,
0xffffffffffffffff] )
@@ -647,6 +690,7 @@ def test_HOTP_slots_read_write_counter(C, counter):
assert dev_res == lib_res
+@pytest.mark.otp
@pytest.mark.parametrize("period", [30,60] )
@pytest.mark.parametrize("time", range(21,70,20) )
def test_TOTP_slots_read_write_at_time_period(C, time, period):
@@ -677,6 +721,7 @@ def test_TOTP_slots_read_write_at_time_period(C, time, period):
assert dev_res == lib_res
+@pytest.mark.otp
@pytest.mark.parametrize("secret", [RFC_SECRET, 2*RFC_SECRET, '12'*10, '12'*30] )
def test_TOTP_secrets(C, secret):
'''
@@ -709,6 +754,7 @@ def test_TOTP_secrets(C, secret):
assert dev_res == lib_res
+@pytest.mark.otp
@pytest.mark.parametrize("secret", [RFC_SECRET, 2*RFC_SECRET, '12'*10, '12'*30] )
def test_HOTP_secrets(C, secret):
"""
@@ -760,6 +806,7 @@ def test_special_double_press(C):
# requires manual check
+@pytest.mark.otp
def test_edit_OTP_slot(C):
"""
should change slots counter and name without changing its secret (using null secret for second update)
@@ -793,6 +840,7 @@ def test_edit_OTP_slot(C):
assert gs(C.NK_get_hotp_slot_name(slot_number)) == changed_name
+@pytest.mark.otp
@pytest.mark.skip
@pytest.mark.parametrize("secret", ['31323334353637383930'*2,'31323334353637383930'*4] )
def test_TOTP_codes_from_nitrokeyapp(secret, C):
diff --git a/unittest/test_storage.py b/unittest/test_storage.py
index 6671f5b..ec4004f 100644
--- a/unittest/test_storage.py
+++ b/unittest/test_storage.py
@@ -1,5 +1,4 @@
import pprint
-
import pytest
from conftest import skip_if_device_version_lower_than
@@ -22,6 +21,8 @@ def get_dict_from_dissect(status):
return d
+@pytest.mark.other
+@pytest.mark.info
def test_get_status_storage(C):
skip_if_device_version_lower_than({'S': 43})
status_pointer = C.NK_get_status_storage_as_string()
@@ -33,6 +34,8 @@ def test_get_status_storage(C):
assert int(status_dict['AdminPwRetryCount']) == default_admin_password_retry_count
+@pytest.mark.other
+@pytest.mark.info
def test_sd_card_usage(C):
skip_if_device_version_lower_than({'S': 43})
data_pointer = C.NK_get_SD_usage_data_as_string()
@@ -43,12 +46,14 @@ def test_sd_card_usage(C):
assert int(data_dict['WriteLevelMax']) <= 100
+@pytest.mark.encrypted
def test_encrypted_volume_unlock(C):
skip_if_device_version_lower_than({'S': 43})
assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK
assert C.NK_unlock_encrypted_volume(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK
+@pytest.mark.hidden
def test_encrypted_volume_unlock_hidden(C):
skip_if_device_version_lower_than({'S': 43})
hidden_volume_password = b'hiddenpassword'
@@ -58,6 +63,7 @@ def test_encrypted_volume_unlock_hidden(C):
assert C.NK_unlock_hidden_volume(hidden_volume_password) == DeviceErrorCode.STATUS_OK
+@pytest.mark.hidden
def test_encrypted_volume_setup_multiple_hidden_lock(C):
import random
skip_if_device_version_lower_than({'S': 45}) #hangs device on lower version
@@ -73,6 +79,7 @@ def test_encrypted_volume_setup_multiple_hidden_lock(C):
assert C.NK_unlock_hidden_volume(p(i)) == DeviceErrorCode.STATUS_OK
+@pytest.mark.hidden
@pytest.mark.parametrize("volumes_to_setup", range(1, 5))
def test_encrypted_volume_setup_multiple_hidden_no_lock_device_volumes(C, volumes_to_setup):
skip_if_device_version_lower_than({'S': 43})
@@ -92,6 +99,7 @@ def test_encrypted_volume_setup_multiple_hidden_no_lock_device_volumes(C, volume
assert C.NK_lock_hidden_volume() == DeviceErrorCode.STATUS_OK
+@pytest.mark.hidden
@pytest.mark.parametrize("volumes_to_setup", range(1, 5))
def test_encrypted_volume_setup_multiple_hidden_no_lock_device_volumes_unlock_at_once(C, volumes_to_setup):
skip_if_device_version_lower_than({'S': 43})
@@ -113,6 +121,7 @@ def test_encrypted_volume_setup_multiple_hidden_no_lock_device_volumes_unlock_at
assert C.NK_lock_hidden_volume() == DeviceErrorCode.STATUS_OK
+@pytest.mark.hidden
@pytest.mark.parametrize("use_slot", range(4))
def test_encrypted_volume_setup_one_hidden_no_lock_device_slot(C, use_slot):
skip_if_device_version_lower_than({'S': 43})
@@ -134,6 +143,8 @@ def test_encrypted_volume_setup_one_hidden_no_lock_device_slot(C, use_slot):
assert C.NK_lock_hidden_volume() == DeviceErrorCode.STATUS_OK
+@pytest.mark.hidden
+@pytest.mark.PWS
def test_password_safe_slot_name_corruption(C):
skip_if_device_version_lower_than({'S': 43})
volumes_to_setup = 4
@@ -204,6 +215,8 @@ def test_password_safe_slot_name_corruption(C):
check_volumes_correctness(C)
check_PWS_correctness(C)
+
+@pytest.mark.hidden
def test_hidden_volume_corruption(C):
# bug: this should return error without unlocking encrypted volume each hidden volume lock, but it does not
assert C.NK_lock_encrypted_volume() == DeviceErrorCode.STATUS_OK
@@ -216,28 +229,34 @@ def test_hidden_volume_corruption(C):
wait(2)
assert C.NK_lock_hidden_volume() == DeviceErrorCode.STATUS_OK
+
+@pytest.mark.unencrypted
def test_unencrypted_volume_set_read_only(C):
skip_if_device_version_lower_than({'S': 43})
assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK
assert C.NK_set_unencrypted_read_only(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK
+@pytest.mark.unencrypted
def test_unencrypted_volume_set_read_write(C):
skip_if_device_version_lower_than({'S': 43})
assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK
assert C.NK_set_unencrypted_read_write(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK
+@pytest.mark.other
def test_export_firmware(C):
skip_if_device_version_lower_than({'S': 43})
assert C.NK_export_firmware(DefaultPasswords.ADMIN) == DeviceErrorCode.STATUS_OK
+@pytest.mark.other
def test_clear_new_sd_card_notification(C):
skip_if_device_version_lower_than({'S': 43})
assert C.NK_clear_new_sd_card_warning(DefaultPasswords.ADMIN) == DeviceErrorCode.STATUS_OK
+@pytest.mark.encrypted
@pytest.mark.slowtest
@pytest.mark.skip(reason='long test (about 1h)')
def test_fill_SD_card(C):
@@ -252,6 +271,8 @@ def test_fill_SD_card(C):
wait(5)
+@pytest.mark.other
+@pytest.mark.info
def test_get_busy_progress_on_idle(C):
skip_if_device_version_lower_than({'S': 43})
value = C.NK_get_progress_bar_value()
@@ -259,6 +280,7 @@ def test_get_busy_progress_on_idle(C):
assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK
+@pytest.mark.update
def test_change_update_password(C):
skip_if_device_version_lower_than({'S': 43})
wrong_password = b'aaaaaaaaaaa'
@@ -267,6 +289,7 @@ def test_change_update_password(C):
assert C.NK_change_update_password(DefaultPasswords.UPDATE_TEMP, DefaultPasswords.UPDATE) == DeviceErrorCode.STATUS_OK
+@pytest.mark.other
def test_send_startup(C):
skip_if_device_version_lower_than({'S': 43})
time_seconds_from_epoch = 0 # FIXME set proper date