aboutsummaryrefslogtreecommitdiff
path: root/unittest
diff options
context:
space:
mode:
Diffstat (limited to 'unittest')
-rw-r--r--unittest/conftest.py2
-rw-r--r--unittest/test_minimal.c28
-rw-r--r--unittest/test_offline.cc45
-rw-r--r--unittest/test_pro.py49
-rw-r--r--unittest/test_strdup.cpp2
5 files changed, 124 insertions, 2 deletions
diff --git a/unittest/conftest.py b/unittest/conftest.py
index 49f1502..253e1d8 100644
--- a/unittest/conftest.py
+++ b/unittest/conftest.py
@@ -85,7 +85,7 @@ def C(request=None):
assert nk_login != 0 # returns 0 if not connected or wrong model or 1 when connected
global device_type
firmware_version = C.NK_get_minor_firmware_version()
- model = 'P' if firmware_version in [7,8] else 'S'
+ model = 'P' if firmware_version < 20 else 'S'
device_type = (model, firmware_version)
print('Connected device: {} {}'.format(model, firmware_version))
diff --git a/unittest/test_minimal.c b/unittest/test_minimal.c
new file mode 100644
index 0000000..3cf3dd7
--- /dev/null
+++ b/unittest/test_minimal.c
@@ -0,0 +1,28 @@
+/*
+ * Copyright (c) 2018 Nitrokey UG
+ *
+ * This file is part of libnitrokey.
+ *
+ * libnitrokey is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * any later version.
+ *
+ * libnitrokey is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with libnitrokey. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * SPDX-License-Identifier: LGPL-3.0
+ */
+
+#include "../NK_C_API.h"
+
+// This test is only intended to make sure that the C API header can be
+// compiled by a C compiler. (All other tests are written in C++.)
+int main() {
+ return 0;
+}
diff --git a/unittest/test_offline.cc b/unittest/test_offline.cc
index 468849e..2ad6a0e 100644
--- a/unittest/test_offline.cc
+++ b/unittest/test_offline.cc
@@ -22,6 +22,8 @@
#include "catch.hpp"
#include <NitrokeyManager.h>
#include <memory>
+#include <string>
+#include <regex>
#include "../NK_C_API.h"
using namespace nitrokey::proto;
@@ -160,3 +162,46 @@ TEST_CASE("Test device commands ids", "[fast]") {
REQUIRE(STICK20_CMD_CHANGE_UPDATE_PIN == static_cast<uint8_t>(CommandID::CHANGE_UPDATE_PIN));
}
+
+#include "version.h"
+TEST_CASE("Test version getter", "[fast]") {
+ REQUIRE(nitrokey::get_major_library_version() >= 3u);
+ REQUIRE(nitrokey::get_minor_library_version() >= 3u);
+ const char *library_version = nitrokey::get_library_version();
+ REQUIRE(library_version != nullptr);
+
+ // The library version has to match the pattern returned by git describe:
+ // v<major>.<minor> or v<major>.<minor>-<n>-g<hash>, where <n> is the number
+ // of commits since the last tag, and <hash> is the hash of the current
+ // commit. (This assumes that all tags have the name v<major>.<minor>.)
+ std::string s = library_version;
+ std::string version("v[0-9]+\\.[0-9]+");
+ std::string git_suffix("-[0-9]+-g[0-9a-z]+");
+ std::regex pattern(version + "(" + git_suffix + "|)");
+ REQUIRE(std::regex_match(s, pattern));
+}
+
+TEST_CASE("Connect should not return true after the second attempt", "[fast]") {
+ int result = 0;
+
+ result = NK_login("S");
+ REQUIRE(result == 0);
+
+ result = NK_login_auto();
+ REQUIRE(result == 0);
+
+ result = NK_logout();
+ REQUIRE(result == 0);
+
+ result = NK_logout();
+ REQUIRE(result == 0);
+
+ result = NK_login("P");
+ REQUIRE(result == 0);
+
+ result = NK_login_auto();
+ REQUIRE(result == 0);
+
+ result = NK_logout();
+ REQUIRE(result == 0);
+}
diff --git a/unittest/test_pro.py b/unittest/test_pro.py
index 6fac172..1c61399 100644
--- a/unittest/test_pro.py
+++ b/unittest/test_pro.py
@@ -577,6 +577,55 @@ def test_get_code_user_authorize(C):
assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK
+@pytest.mark.otp
+def test_authorize_issue_admin(C):
+ skip_if_device_version_lower_than({'S': 43, 'P': 9})
+
+ assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK
+
+ assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
+ assert C.NK_write_config(255, 255, 255, True, False, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
+
+ assert C.NK_first_authenticate(b"wrong pass", b"another temp pass") == DeviceErrorCode.WRONG_PASSWORD
+ assert C.NK_write_config(255, 255, 255, False, True, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_NOT_AUTHORIZED
+
+ assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
+ assert C.NK_write_config(255, 255, 255, True, False, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
+
+@pytest.mark.otp
+def test_authorize_issue_user(C):
+ skip_if_device_version_lower_than({'S': 43, 'P': 9}) # issue fixed in Pro v0.9, Storage version chosen arbitrary
+
+ assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK
+
+ assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
+ assert C.NK_write_totp_slot(0, b'python_otp_auth', bbRFC_SECRET, 30, True, False, False, b'',
+ DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
+ # enable PIN protection of OTP codes with write_config
+ assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
+ assert C.NK_write_config(255, 255, 255, True, False, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
+ gs(C.NK_get_totp_code(0, 0, 0, 0))
+ assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_NOT_AUTHORIZED
+
+ assert C.NK_user_authenticate(DefaultPasswords.USER, DefaultPasswords.USER_TEMP) == DeviceErrorCode.STATUS_OK
+ gs(C.NK_get_totp_code_PIN(0, 0, 0, 0, DefaultPasswords.USER_TEMP))
+ assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK
+
+ assert C.NK_user_authenticate(b"wrong pass", b"another temp pass") == DeviceErrorCode.WRONG_PASSWORD
+ gs(C.NK_get_totp_code_PIN(0, 0, 0, 0, DefaultPasswords.USER_TEMP))
+ assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_NOT_AUTHORIZED
+
+ assert C.NK_user_authenticate(DefaultPasswords.USER, DefaultPasswords.USER_TEMP) == DeviceErrorCode.STATUS_OK
+ gs(C.NK_get_totp_code_PIN(0, 0, 0, 0, DefaultPasswords.USER_TEMP))
+ assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK
+
+ # disable PIN protection with write_config
+ assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
+ assert C.NK_write_config(255, 255, 255, False, True, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
+ code = gs(C.NK_get_totp_code(0, 0, 0, 0))
+ assert code != b''
+ assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK
+
def cast_pointer_to_tuple(obj, typen, len):
# usage:
# config = cast_pointer_to_tuple(config_raw_data, 'uint8_t', 5)
diff --git a/unittest/test_strdup.cpp b/unittest/test_strdup.cpp
index f980eb9..6c2cfb3 100644
--- a/unittest/test_strdup.cpp
+++ b/unittest/test_strdup.cpp
@@ -25,7 +25,7 @@
#include <cstdio>
#include <memory.h>
-#include "NK_C_API.h"
+#include "../NK_C_API.h"
#include "catch.hpp"