diff options
Diffstat (limited to 'unittest')
-rw-r--r-- | unittest/Makefile | 2 | ||||
-rw-r--r-- | unittest/conftest.py | 42 | ||||
-rw-r--r-- | unittest/constants.py | 33 | ||||
-rw-r--r-- | unittest/misc.py | 40 | ||||
-rw-r--r-- | unittest/test2.cc | 254 | ||||
-rw-r--r-- | unittest/test_command_ids_header.h | 41 | ||||
-rw-r--r-- | unittest/test_library.py | 67 | ||||
-rw-r--r-- | unittest/test_pro.py (renamed from unittest/test_bindings.py) | 172 | ||||
-rw-r--r-- | unittest/test_storage.py | 114 |
9 files changed, 595 insertions, 170 deletions
diff --git a/unittest/Makefile b/unittest/Makefile index 9e8fbc1..dbd003e 100644 --- a/unittest/Makefile +++ b/unittest/Makefile @@ -8,7 +8,7 @@ LIB = -L../build LDLIBS = -lnitrokey BUILD = build -CXXFLAGS = -std=c++14 -fPIC +CXXFLAGS = -std=c++14 -fPIC -Wno-gnu-variable-sized-type-not-at-end CXXSOURCES = $(wildcard *.cc) TARGETS = $(CXXSOURCES:%.cc=$(BUILD)/%) diff --git a/unittest/conftest.py b/unittest/conftest.py new file mode 100644 index 0000000..68227d5 --- /dev/null +++ b/unittest/conftest.py @@ -0,0 +1,42 @@ +import pytest + +from misc import ffi + +@pytest.fixture(scope="module") +def C(request): + fp = '../NK_C_API.h' + + declarations = [] + with open(fp, 'r') as f: + declarations = f.readlines() + + a = iter(declarations) + for declaration in a: + if declaration.startswith('extern') and not '"C"' in declaration: + declaration = declaration.replace('extern', '').strip() + while not ';' in declaration: + declaration += (next(a)).strip() + print(declaration) + ffi.cdef(declaration, override=True) + + C = ffi.dlopen("../build/libnitrokey.so") + C.NK_set_debug(False) + nk_login = C.NK_login_auto() + if nk_login != 1: + print('No devices detected!') + assert nk_login == 1 # returns 0 if not connected or wrong model or 1 when connected + + # assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + # assert C.NK_user_authenticate(DefaultPasswords.USER, DefaultPasswords.USER_TEMP) == DeviceErrorCode.STATUS_OK + + # C.NK_status() + + def fin(): + print('\nFinishing connection to device') + C.NK_logout() + print('Finished') + + request.addfinalizer(fin) + C.NK_set_debug(True) + + return C diff --git a/unittest/constants.py b/unittest/constants.py new file mode 100644 index 0000000..78a219b --- /dev/null +++ b/unittest/constants.py @@ -0,0 +1,33 @@ +from enum import Enum +from misc import to_hex + +RFC_SECRET_HR = '12345678901234567890' +RFC_SECRET = to_hex(RFC_SECRET_HR) # '12345678901234567890' + + +# print( repr((RFC_SECRET, RFC_SECRET_, len(RFC_SECRET))) ) + +class DefaultPasswords(Enum): + ADMIN = '12345678' + USER = '123456' + ADMIN_TEMP = '123123123' + USER_TEMP = '234234234' + UPDATE = '12345678' + UPDATE_TEMP = '123update123' + + +class DeviceErrorCode(Enum): + STATUS_OK = 0 + BUSY = 1 # busy or busy progressbar in place of wrong_CRC status + NOT_PROGRAMMED = 3 + WRONG_PASSWORD = 4 + STATUS_NOT_AUTHORIZED = 5 + STATUS_AES_DEC_FAILED = 0xa + + +class LibraryErrors(Enum): + TOO_LONG_STRING = 200 + INVALID_SLOT = 201 + INVALID_HEX_STRING = 202 + TARGET_BUFFER_SIZE_SMALLER_THAN_SOURCE = 203 + diff --git a/unittest/misc.py b/unittest/misc.py new file mode 100644 index 0000000..b45436d --- /dev/null +++ b/unittest/misc.py @@ -0,0 +1,40 @@ +import cffi + +ffi = cffi.FFI() +gs = ffi.string + + +def to_hex(s): + return "".join("{:02x}".format(ord(c)) for c in s) + + +def wait(t): + import time + msg = 'Waiting for %d seconds' % t + print(msg.center(40, '=')) + time.sleep(t) + + +def cast_pointer_to_tuple(obj, typen, len): + # usage: + # config = cast_pointer_to_tuple(config_raw_data, 'uint8_t', 5) + return tuple(ffi.cast("%s [%d]" % (typen, len), obj)[0:len]) + +def get_firmware_version_from_status(C): + status = gs(C.NK_status()) + status = [s if 'firmware_version' in s else '' for s in status.split('\n')] + firmware = status[0].split(':')[1] + return firmware + + +def is_pro_rtm_07(C): + firmware = get_firmware_version_from_status(C) + return '07 00' in firmware + + +def is_storage(C): + """ + exact firmware storage is sent by other function + """ + firmware = get_firmware_version_from_status(C) + return '01 00' in firmware
\ No newline at end of file diff --git a/unittest/test2.cc b/unittest/test2.cc new file mode 100644 index 0000000..00e70e3 --- /dev/null +++ b/unittest/test2.cc @@ -0,0 +1,254 @@ +#define CATCH_CONFIG_MAIN // This tells Catch to provide a main() + +static const char *const default_admin_pin = "12345678"; +static const char *const default_user_pin = "123456"; + +#include "catch.hpp" + +#include <iostream> +#include <string.h> +#include <NitrokeyManager.h> +#include "device_proto.h" +#include "log.h" +//#include "stick10_commands.h" +#include "stick20_commands.h" + +using namespace std; +using namespace nitrokey::device; +using namespace nitrokey::proto; +using namespace nitrokey::proto::stick20; +using namespace nitrokey::log; +using namespace nitrokey::misc; + + +template<typename CMDTYPE> +void execute_password_command(Device &stick, const char *password, const char kind = 'P') { + auto p = get_payload<CMDTYPE>(); + if (kind == 'P'){ + p.set_kind_user(); + } else { + p.set_kind_admin(); + } + strcpyT(p.password, password); + CMDTYPE::CommandTransaction::run(stick, p); + this_thread::sleep_for(1000ms); +} + +/** + * fail on purpose (will result in failed test) + * disable from running unwillingly + */ +void SKIP_TEST() { + CAPTURE("Failing current test to SKIP it"); + REQUIRE(false); +} + + +TEST_CASE("long operation test", "[test_long]") { + SKIP_TEST(); + + Stick20 stick; + bool connected = stick.connect(); + REQUIRE(connected == true); + Log::instance().set_loglevel(Loglevel::DEBUG); + try{ + auto p = get_payload<FillSDCardWithRandomChars>(); + p.set_defaults(); + strcpyT(p.admin_pin, default_admin_pin); + FillSDCardWithRandomChars::CommandTransaction::run(stick, p); + this_thread::sleep_for(1000ms); + + CHECK(false); + } + catch (LongOperationInProgressException &progressException){ + CHECK(true); + } + + + for (int i = 0; i < 30; ++i) { + try { + stick10::GetStatus::CommandTransaction::run(stick); + } + catch (LongOperationInProgressException &progressException){ + CHECK((int)progressException.progress_bar_value>=0); + CAPTURE((int)progressException.progress_bar_value); + this_thread::sleep_for(2000ms); + } + + } + +} + + +#include "test_command_ids_header.h" + +TEST_CASE("test device commands ids", "[fast]") { + +// REQUIRE(STICK20_CMD_START_VALUE == static_cast<uint8_t>(CommandID::START_VALUE)); + REQUIRE(STICK20_CMD_ENABLE_CRYPTED_PARI == static_cast<uint8_t>(CommandID::ENABLE_CRYPTED_PARI)); + REQUIRE(STICK20_CMD_DISABLE_CRYPTED_PARI == static_cast<uint8_t>(CommandID::DISABLE_CRYPTED_PARI)); + REQUIRE(STICK20_CMD_ENABLE_HIDDEN_CRYPTED_PARI == static_cast<uint8_t>(CommandID::ENABLE_HIDDEN_CRYPTED_PARI)); + REQUIRE(STICK20_CMD_DISABLE_HIDDEN_CRYPTED_PARI == static_cast<uint8_t>(CommandID::DISABLE_HIDDEN_CRYPTED_PARI)); + REQUIRE(STICK20_CMD_ENABLE_FIRMWARE_UPDATE == static_cast<uint8_t>(CommandID::ENABLE_FIRMWARE_UPDATE)); + REQUIRE(STICK20_CMD_EXPORT_FIRMWARE_TO_FILE == static_cast<uint8_t>(CommandID::EXPORT_FIRMWARE_TO_FILE)); + REQUIRE(STICK20_CMD_GENERATE_NEW_KEYS == static_cast<uint8_t>(CommandID::GENERATE_NEW_KEYS)); + REQUIRE(STICK20_CMD_FILL_SD_CARD_WITH_RANDOM_CHARS == static_cast<uint8_t>(CommandID::FILL_SD_CARD_WITH_RANDOM_CHARS)); + + REQUIRE(STICK20_CMD_WRITE_STATUS_DATA == static_cast<uint8_t>(CommandID::WRITE_STATUS_DATA)); + REQUIRE(STICK20_CMD_ENABLE_READONLY_UNCRYPTED_LUN == static_cast<uint8_t>(CommandID::ENABLE_READONLY_UNCRYPTED_LUN)); + REQUIRE(STICK20_CMD_ENABLE_READWRITE_UNCRYPTED_LUN == static_cast<uint8_t>(CommandID::ENABLE_READWRITE_UNCRYPTED_LUN)); + + REQUIRE(STICK20_CMD_SEND_PASSWORD_MATRIX == static_cast<uint8_t>(CommandID::SEND_PASSWORD_MATRIX)); + REQUIRE(STICK20_CMD_SEND_PASSWORD_MATRIX_PINDATA == static_cast<uint8_t>(CommandID::SEND_PASSWORD_MATRIX_PINDATA)); + REQUIRE(STICK20_CMD_SEND_PASSWORD_MATRIX_SETUP == static_cast<uint8_t>(CommandID::SEND_PASSWORD_MATRIX_SETUP)); + + REQUIRE(STICK20_CMD_GET_DEVICE_STATUS == static_cast<uint8_t>(CommandID::GET_DEVICE_STATUS)); + REQUIRE(STICK20_CMD_SEND_DEVICE_STATUS == static_cast<uint8_t>(CommandID::SEND_DEVICE_STATUS)); + + REQUIRE(STICK20_CMD_SEND_HIDDEN_VOLUME_PASSWORD == static_cast<uint8_t>(CommandID::SEND_HIDDEN_VOLUME_PASSWORD)); + REQUIRE(STICK20_CMD_SEND_HIDDEN_VOLUME_SETUP == static_cast<uint8_t>(CommandID::SEND_HIDDEN_VOLUME_SETUP)); + REQUIRE(STICK20_CMD_SEND_PASSWORD == static_cast<uint8_t>(CommandID::SEND_PASSWORD)); + REQUIRE(STICK20_CMD_SEND_NEW_PASSWORD == static_cast<uint8_t>(CommandID::SEND_NEW_PASSWORD)); + REQUIRE(STICK20_CMD_CLEAR_NEW_SD_CARD_FOUND == static_cast<uint8_t>(CommandID::CLEAR_NEW_SD_CARD_FOUND)); + + REQUIRE(STICK20_CMD_SEND_STARTUP == static_cast<uint8_t>(CommandID::SEND_STARTUP)); + REQUIRE(STICK20_CMD_SEND_CLEAR_STICK_KEYS_NOT_INITIATED == static_cast<uint8_t>(CommandID::SEND_CLEAR_STICK_KEYS_NOT_INITIATED)); + REQUIRE(STICK20_CMD_SEND_LOCK_STICK_HARDWARE == static_cast<uint8_t>(CommandID::SEND_LOCK_STICK_HARDWARE)); + + REQUIRE(STICK20_CMD_PRODUCTION_TEST == static_cast<uint8_t>(CommandID::PRODUCTION_TEST)); + REQUIRE(STICK20_CMD_SEND_DEBUG_DATA == static_cast<uint8_t>(CommandID::SEND_DEBUG_DATA)); + + REQUIRE(STICK20_CMD_CHANGE_UPDATE_PIN == static_cast<uint8_t>(CommandID::CHANGE_UPDATE_PIN)); + +} + +TEST_CASE("test device internal status with various commands", "[fast]") { + Stick20 stick; + bool connected = stick.connect(); + REQUIRE(connected == true); + + Log::instance().set_loglevel(Loglevel::DEBUG); + auto p = get_payload<stick20::SendStartup>(); + p.set_defaults(); + auto device_status = stick20::SendStartup::CommandTransaction::run(stick, p); + REQUIRE(device_status.data().AdminPwRetryCount == 3); + REQUIRE(device_status.data().UserPwRetryCount == 3); + REQUIRE(device_status.data().ActiveSmartCardID_u32 != 0); + + auto production_status = stick20::ProductionTest::CommandTransaction::run(stick); + REQUIRE(production_status.data().SD_Card_Size_u8 == 8); + REQUIRE(production_status.data().SD_CardID_u32 != 0); + + auto sdcard_occupancy = stick20::GetSDCardOccupancy::CommandTransaction::run(stick); + REQUIRE((int) sdcard_occupancy.data().ReadLevelMin >= 0); + REQUIRE((int) sdcard_occupancy.data().ReadLevelMax <= 100); + REQUIRE((int) sdcard_occupancy.data().WriteLevelMin >= 0); + REQUIRE((int) sdcard_occupancy.data().WriteLevelMax <= 100); +} + +TEST_CASE("setup hidden volume test", "[hidden]") { + Stick20 stick; + bool connected = stick.connect(); + REQUIRE(connected == true); + Log::instance().set_loglevel(Loglevel::DEBUG); + stick10::LockDevice::CommandTransaction::run(stick); + this_thread::sleep_for(2000ms); + + auto user_pin = default_user_pin; + execute_password_command<EnableEncryptedPartition>(stick, user_pin); + + auto p = get_payload<stick20::SetupHiddenVolume>(); + p.SlotNr_u8 = 0; + p.StartBlockPercent_u8 = 70; + p.EndBlockPercent_u8 = 90; + auto hidden_volume_password = "123123123"; + strcpyT(p.HiddenVolumePassword_au8, hidden_volume_password); + stick20::SetupHiddenVolume::CommandTransaction::run(stick, p); + this_thread::sleep_for(2000ms); + + execute_password_command<EnableHiddenEncryptedPartition>(stick, hidden_volume_password); +} + +TEST_CASE("setup multiple hidden volumes", "[hidden]") { + Stick20 stick; + bool connected = stick.connect(); + REQUIRE(connected == true); + Log::instance().set_loglevel(Loglevel::DEBUG); + + auto user_pin = default_user_pin; + stick10::LockDevice::CommandTransaction::run(stick); + this_thread::sleep_for(2000ms); + execute_password_command<EnableEncryptedPartition>(stick, user_pin); + + constexpr int volume_count = 4; + for (int i = 0; i < volume_count; ++i) { + auto p = get_payload<stick20::SetupHiddenVolume>(); + p.SlotNr_u8 = i; + p.StartBlockPercent_u8 = 20 + 10*i; + p.EndBlockPercent_u8 = p.StartBlockPercent_u8+i+1; + auto hidden_volume_password = std::string("123123123")+std::to_string(i); + strcpyT(p.HiddenVolumePassword_au8, hidden_volume_password.c_str()); + stick20::SetupHiddenVolume::CommandTransaction::run(stick, p); + this_thread::sleep_for(2000ms); + } + + + for (int i = 0; i < volume_count; ++i) { + execute_password_command<EnableEncryptedPartition>(stick, user_pin); + auto hidden_volume_password = std::string("123123123")+std::to_string(i); + execute_password_command<EnableHiddenEncryptedPartition>(stick, hidden_volume_password.c_str()); + this_thread::sleep_for(2000ms); + } +} + + +//in case of a bug this could change update PIN to some unexpected value +// - please save log with packet dump if this test will not pass +TEST_CASE("update password change", "[dangerous]") { + SKIP_TEST(); + + Stick20 stick; + bool connected = stick.connect(); + REQUIRE(connected == true); + Log::instance().set_loglevel(Loglevel::DEBUG); + + auto pass1 = default_admin_pin; + auto pass2 = "12345678901234567890"; + + auto data = { + make_pair(pass1, pass2), + make_pair(pass2, pass1), + }; + for (auto && password: data) { + auto p = get_payload<stick20::ChangeUpdatePassword>(); + strcpyT(p.current_update_password, password.first); + strcpyT(p.new_update_password, password.second); + stick20::ChangeUpdatePassword::CommandTransaction::run(stick, p); + } +} + +TEST_CASE("general test", "[test]") { + Stick20 stick; + bool connected = stick.connect(); + REQUIRE(connected == true); + + Log::instance().set_loglevel(Loglevel::DEBUG); + + stick10::LockDevice::CommandTransaction::run(stick); +// execute_password_command<EnableEncryptedPartition>(stick, "123456"); +// execute_password_command<DisableEncryptedPartition>(stick, "123456"); +// execute_password_command<DisableHiddenEncryptedPartition>(stick, "123123123"); + + execute_password_command<SendSetReadonlyToUncryptedVolume>(stick, default_user_pin); + execute_password_command<SendSetReadwriteToUncryptedVolume>(stick, default_user_pin); + execute_password_command<SendClearNewSdCardFound>(stick, default_admin_pin, 'A'); + stick20::GetDeviceStatus::CommandTransaction::run(stick); + this_thread::sleep_for(1000ms); +// execute_password_command<LockFirmware>(stick, "123123123"); //CAUTION +// execute_password_command<EnableFirmwareUpdate>(stick, "123123123"); //CAUTION FIRMWARE PIN + + execute_password_command<ExportFirmware>(stick, "12345678", 'A'); +// execute_password_command<FillSDCardWithRandomChars>(stick, "12345678", 'A'); + + stick10::LockDevice::CommandTransaction::run(stick); +} diff --git a/unittest/test_command_ids_header.h b/unittest/test_command_ids_header.h new file mode 100644 index 0000000..cd55c8a --- /dev/null +++ b/unittest/test_command_ids_header.h @@ -0,0 +1,41 @@ +#ifndef LIBNITROKEY_TEST_COMMAND_IDS_HEADER_H_H +#define LIBNITROKEY_TEST_COMMAND_IDS_HEADER_H_H + +#define STICK20_CMD_START_VALUE 0x20 +#define STICK20_CMD_ENABLE_CRYPTED_PARI (STICK20_CMD_START_VALUE + 0) +#define STICK20_CMD_DISABLE_CRYPTED_PARI (STICK20_CMD_START_VALUE + 1) +#define STICK20_CMD_ENABLE_HIDDEN_CRYPTED_PARI (STICK20_CMD_START_VALUE + 2) +#define STICK20_CMD_DISABLE_HIDDEN_CRYPTED_PARI (STICK20_CMD_START_VALUE + 3) +#define STICK20_CMD_ENABLE_FIRMWARE_UPDATE (STICK20_CMD_START_VALUE + 4) +#define STICK20_CMD_EXPORT_FIRMWARE_TO_FILE (STICK20_CMD_START_VALUE + 5) +#define STICK20_CMD_GENERATE_NEW_KEYS (STICK20_CMD_START_VALUE + 6) +#define STICK20_CMD_FILL_SD_CARD_WITH_RANDOM_CHARS (STICK20_CMD_START_VALUE + 7) + +#define STICK20_CMD_WRITE_STATUS_DATA (STICK20_CMD_START_VALUE + 8) +#define STICK20_CMD_ENABLE_READONLY_UNCRYPTED_LUN (STICK20_CMD_START_VALUE + 9) +#define STICK20_CMD_ENABLE_READWRITE_UNCRYPTED_LUN (STICK20_CMD_START_VALUE + 10) + +#define STICK20_CMD_SEND_PASSWORD_MATRIX (STICK20_CMD_START_VALUE + 11) +#define STICK20_CMD_SEND_PASSWORD_MATRIX_PINDATA (STICK20_CMD_START_VALUE + 12) +#define STICK20_CMD_SEND_PASSWORD_MATRIX_SETUP (STICK20_CMD_START_VALUE + 13) + +#define STICK20_CMD_GET_DEVICE_STATUS (STICK20_CMD_START_VALUE + 14) +#define STICK20_CMD_SEND_DEVICE_STATUS (STICK20_CMD_START_VALUE + 15) + +#define STICK20_CMD_SEND_HIDDEN_VOLUME_PASSWORD (STICK20_CMD_START_VALUE + 16) +#define STICK20_CMD_SEND_HIDDEN_VOLUME_SETUP (STICK20_CMD_START_VALUE + 17) +#define STICK20_CMD_SEND_PASSWORD (STICK20_CMD_START_VALUE + 18) +#define STICK20_CMD_SEND_NEW_PASSWORD (STICK20_CMD_START_VALUE + 19) +#define STICK20_CMD_CLEAR_NEW_SD_CARD_FOUND (STICK20_CMD_START_VALUE + 20) + +#define STICK20_CMD_SEND_STARTUP (STICK20_CMD_START_VALUE + 21) +#define STICK20_CMD_SEND_CLEAR_STICK_KEYS_NOT_INITIATED (STICK20_CMD_START_VALUE + 22) +#define STICK20_CMD_SEND_LOCK_STICK_HARDWARE (STICK20_CMD_START_VALUE + 23) + +#define STICK20_CMD_PRODUCTION_TEST (STICK20_CMD_START_VALUE + 24) +#define STICK20_CMD_SEND_DEBUG_DATA (STICK20_CMD_START_VALUE + 25) + +#define STICK20_CMD_CHANGE_UPDATE_PIN (STICK20_CMD_START_VALUE + 26) + + +#endif //LIBNITROKEY_TEST_COMMAND_IDS_HEADER_H_H diff --git a/unittest/test_library.py b/unittest/test_library.py new file mode 100644 index 0000000..d0eef80 --- /dev/null +++ b/unittest/test_library.py @@ -0,0 +1,67 @@ +import pytest + +from misc import ffi, gs, to_hex +from constants import DefaultPasswords, DeviceErrorCode, RFC_SECRET, LibraryErrors + +def test_too_long_strings(C): + new_password = '123123123' + long_string = 'a' * 100 + assert C.NK_change_user_PIN(long_string, new_password) == LibraryErrors.TOO_LONG_STRING + assert C.NK_change_user_PIN(new_password, long_string) == LibraryErrors.TOO_LONG_STRING + assert C.NK_change_admin_PIN(long_string, new_password) == LibraryErrors.TOO_LONG_STRING + assert C.NK_change_admin_PIN(new_password, long_string) == LibraryErrors.TOO_LONG_STRING + assert C.NK_first_authenticate(long_string, DefaultPasswords.ADMIN_TEMP) == LibraryErrors.TOO_LONG_STRING + assert C.NK_erase_totp_slot(0, long_string) == LibraryErrors.TOO_LONG_STRING + digits = False + assert C.NK_write_hotp_slot(1, long_string, RFC_SECRET, 0, digits, False, False, "", + DefaultPasswords.ADMIN_TEMP) == LibraryErrors.TOO_LONG_STRING + assert C.NK_write_hotp_slot(1, 'long_test', RFC_SECRET, 0, digits, False, False, "", + long_string) == LibraryErrors.TOO_LONG_STRING + assert C.NK_get_hotp_code_PIN(0, long_string) == 0 + assert C.NK_get_last_command_status() == LibraryErrors.TOO_LONG_STRING + + +def test_invalid_slot(C): + invalid_slot = 255 + assert C.NK_erase_totp_slot(invalid_slot, 'some password') == LibraryErrors.INVALID_SLOT + assert C.NK_write_hotp_slot(invalid_slot, 'long_test', RFC_SECRET, 0, False, False, False, "", + 'aaa') == LibraryErrors.INVALID_SLOT + assert C.NK_get_hotp_code_PIN(invalid_slot, 'some password') == 0 + assert C.NK_get_last_command_status() == LibraryErrors.INVALID_SLOT + assert C.NK_erase_password_safe_slot(invalid_slot) == LibraryErrors.INVALID_SLOT + assert C.NK_enable_password_safe(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK + assert gs(C.NK_get_password_safe_slot_name(invalid_slot)) == '' + assert C.NK_get_last_command_status() == LibraryErrors.INVALID_SLOT + assert gs(C.NK_get_password_safe_slot_login(invalid_slot)) == '' + assert C.NK_get_last_command_status() == LibraryErrors.INVALID_SLOT + +@pytest.mark.parametrize("invalid_hex_string", + ['text', '00 ', '0xff', 'zzzzzzzzzzzz', 'fff', '', 'f' * 257, 'f' * 258]) +def test_invalid_secret_hex_string_for_OTP_write(C, invalid_hex_string): + """ + Tests for invalid secret hex string during writing to OTP slot. Invalid strings are not hexadecimal number, + empty or longer than 255 characters. + """ + assert C.NK_write_hotp_slot(1, 'slot_name', invalid_hex_string, 0, True, False, False, '', + DefaultPasswords.ADMIN_TEMP) == LibraryErrors.INVALID_HEX_STRING + assert C.NK_write_totp_slot(1, 'python_test', invalid_hex_string, 30, True, False, False, "", + DefaultPasswords.ADMIN_TEMP) == LibraryErrors.INVALID_HEX_STRING + + +def test_warning_binary_bigger_than_secret_buffer(C): + invalid_hex_string = to_hex('1234567890') * 3 + assert C.NK_write_hotp_slot(1, 'slot_name', invalid_hex_string, 0, True, False, False, '', + DefaultPasswords.ADMIN_TEMP) == LibraryErrors.TARGET_BUFFER_SIZE_SMALLER_THAN_SOURCE + + +@pytest.mark.xfail(reason="TODO") +def test_OTP_secret_started_from_null(C): + assert False + + +@pytest.mark.skip(reason='Experimental') +def test_clear(C): + d = 'asdasdasd' + print(d) + C.clear_password(d) + print(d)
\ No newline at end of file diff --git a/unittest/test_bindings.py b/unittest/test_pro.py index f7ade46..6ab2af9 100644 --- a/unittest/test_bindings.py +++ b/unittest/test_pro.py @@ -1,109 +1,8 @@ import pytest -import cffi -from enum import Enum - -ffi = cffi.FFI() -gs = ffi.string - - -def to_hex(s): - return "".join("{:02x}".format(ord(c)) for c in s) - - -def wait(t): - import time - msg = 'Waiting for %d seconds' % t - print(msg.center(40, '=')) - time.sleep(t) - - -RFC_SECRET_HR = '12345678901234567890' -RFC_SECRET = to_hex(RFC_SECRET_HR) # '12345678901234567890' - - -# print( repr((RFC_SECRET, RFC_SECRET_, len(RFC_SECRET))) ) - -class DefaultPasswords(Enum): - ADMIN = '12345678' - USER = '123456' - ADMIN_TEMP = '123123123' - USER_TEMP = '234234234' - - -class DeviceErrorCode(Enum): - STATUS_OK = 0 - NOT_PROGRAMMED = 3 - WRONG_PASSWORD = 4 - STATUS_NOT_AUTHORIZED = 5 - STATUS_AES_DEC_FAILED = 0xa - - -class LibraryErrors(Enum): - TOO_LONG_STRING = 200 - INVALID_SLOT = 201 - INVALID_HEX_STRING = 202 - TARGET_BUFFER_SIZE_SMALLER_THAN_SOURCE = 203 - - -@pytest.fixture(scope="module") -def C(request): - fp = '../NK_C_API.h' - - declarations = [] - with open(fp, 'r') as f: - declarations = f.readlines() - - a = iter(declarations) - for declaration in a: - if declaration.startswith('extern') and not '"C"' in declaration: - declaration = declaration.replace('extern', '').strip() - while not ';' in declaration: - declaration += (next(a)).strip() - print(declaration) - ffi.cdef(declaration) - - C = ffi.dlopen("../build/libnitrokey.so") - C.NK_set_debug(False) - nk_login = C.NK_login_auto() - if nk_login != 1: - print('No devices detected!') - assert nk_login == 1 # returns 0 if not connected or wrong model or 1 when connected - - # assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK - # assert C.NK_user_authenticate(DefaultPasswords.USER, DefaultPasswords.USER_TEMP) == DeviceErrorCode.STATUS_OK - - # C.NK_status() - - def fin(): - print('\nFinishing connection to device') - C.NK_logout() - print('Finished') - - request.addfinalizer(fin) - C.NK_set_debug(True) - - return C - - -def get_firmware_version_from_status(C): - status = gs(C.NK_status()) - status = [s if 'firmware_version' in s else '' for s in status.split('\n')] - firmware = status[0].split(':')[1] - return firmware - - -def is_pro_rtm_07(C): - firmware = get_firmware_version_from_status(C) - return '07 00' in firmware - - -def is_storage(C): - """ - exact firmware storage is sent by other function - """ - firmware = get_firmware_version_from_status(C) - return '01 00' in firmware +from constants import DefaultPasswords, DeviceErrorCode, RFC_SECRET +from misc import ffi, gs, wait, cast_pointer_to_tuple +from misc import is_pro_rtm_07, is_storage def test_enable_password_safe(C): assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK @@ -232,39 +131,6 @@ def test_user_PIN_change(C): assert C.NK_change_user_PIN(new_password, DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK -def test_too_long_strings(C): - new_password = '123123123' - long_string = 'a' * 100 - assert C.NK_change_user_PIN(long_string, new_password) == LibraryErrors.TOO_LONG_STRING - assert C.NK_change_user_PIN(new_password, long_string) == LibraryErrors.TOO_LONG_STRING - assert C.NK_change_admin_PIN(long_string, new_password) == LibraryErrors.TOO_LONG_STRING - assert C.NK_change_admin_PIN(new_password, long_string) == LibraryErrors.TOO_LONG_STRING - assert C.NK_first_authenticate(long_string, DefaultPasswords.ADMIN_TEMP) == LibraryErrors.TOO_LONG_STRING - assert C.NK_erase_totp_slot(0, long_string) == LibraryErrors.TOO_LONG_STRING - digits = False - assert C.NK_write_hotp_slot(1, long_string, RFC_SECRET, 0, digits, False, False, "", - DefaultPasswords.ADMIN_TEMP) == LibraryErrors.TOO_LONG_STRING - assert C.NK_write_hotp_slot(1, 'long_test', RFC_SECRET, 0, digits, False, False, "", - long_string) == LibraryErrors.TOO_LONG_STRING - assert C.NK_get_hotp_code_PIN(0, long_string) == 0 - assert C.NK_get_last_command_status() == LibraryErrors.TOO_LONG_STRING - - -def test_invalid_slot(C): - invalid_slot = 255 - assert C.NK_erase_totp_slot(invalid_slot, 'some password') == LibraryErrors.INVALID_SLOT - assert C.NK_write_hotp_slot(invalid_slot, 'long_test', RFC_SECRET, 0, False, False, False, "", - 'aaa') == LibraryErrors.INVALID_SLOT - assert C.NK_get_hotp_code_PIN(invalid_slot, 'some password') == 0 - assert C.NK_get_last_command_status() == LibraryErrors.INVALID_SLOT - assert C.NK_erase_password_safe_slot(invalid_slot) == LibraryErrors.INVALID_SLOT - assert C.NK_enable_password_safe(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK - assert gs(C.NK_get_password_safe_slot_name(invalid_slot)) == '' - assert C.NK_get_last_command_status() == LibraryErrors.INVALID_SLOT - assert gs(C.NK_get_password_safe_slot_login(invalid_slot)) == '' - assert C.NK_get_last_command_status() == LibraryErrors.INVALID_SLOT - - def test_admin_retry_counts(C): default_admin_retry_count = 3 assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK @@ -609,14 +475,6 @@ def test_factory_reset(C): assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK -@pytest.mark.skip(reason='Experimental') -def test_clear(C): - d = 'asdasdasd' - print(d) - C.clear_password(d) - print(d) - - def test_get_status(C): status = C.NK_status() s = gs(status) @@ -628,27 +486,3 @@ def test_get_serial_number(C): sn = gs(sn) assert len(sn) > 0 print(('Serial number of the device: ', sn)) - - -@pytest.mark.parametrize("invalid_hex_string", - ['text', '00 ', '0xff', 'zzzzzzzzzzzz', 'fff', '', 'f' * 257, 'f' * 258]) -def test_invalid_secret_hex_string_for_OTP_write(C, invalid_hex_string): - """ - Tests for invalid secret hex string during writing to OTP slot. Invalid strings are not hexadecimal number, - empty or longer than 255 characters. - """ - assert C.NK_write_hotp_slot(1, 'slot_name', invalid_hex_string, 0, True, False, False, '', - DefaultPasswords.ADMIN_TEMP) == LibraryErrors.INVALID_HEX_STRING - assert C.NK_write_totp_slot(1, 'python_test', invalid_hex_string, 30, True, False, False, "", - DefaultPasswords.ADMIN_TEMP) == LibraryErrors.INVALID_HEX_STRING - - -def test_warning_binary_bigger_than_secret_buffer(C): - invalid_hex_string = to_hex('1234567890') * 3 - assert C.NK_write_hotp_slot(1, 'slot_name', invalid_hex_string, 0, True, False, False, '', - DefaultPasswords.ADMIN_TEMP) == LibraryErrors.TARGET_BUFFER_SIZE_SMALLER_THAN_SOURCE - - -@pytest.mark.xfail(reason="TODO") -def test_OTP_secret_started_from_null(C): - assert False diff --git a/unittest/test_storage.py b/unittest/test_storage.py new file mode 100644 index 0000000..01276ce --- /dev/null +++ b/unittest/test_storage.py @@ -0,0 +1,114 @@ +import pytest + +from misc import ffi, gs, wait, cast_pointer_to_tuple +from constants import DefaultPasswords, DeviceErrorCode, RFC_SECRET, LibraryErrors + +import pprint +pprint = pprint.PrettyPrinter(indent=4).pprint + + +def get_dict_from_dissect(status): + x = [] + for s in status.split('\n'): + try: + if not ':' in s: continue + ss = s.replace('\t', '').replace(' (int) ', '').split(':') + if not len(ss) == 2: continue + x.append(ss) + except: + pass + d = {k.strip(): v.strip() for k, v in x} + return d + + +def test_get_status_storage(C): + status_pointer = C.NK_get_status_storage_as_string() + assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK + status_string = gs(status_pointer) + assert len(status_string) > 0 + status_dict = get_dict_from_dissect(status_string) + default_admin_password_retry_count = 3 + assert int(status_dict['AdminPwRetryCount']) == default_admin_password_retry_count + + +def test_sd_card_usage(C): + data_pointer = C.NK_get_SD_usage_data_as_string() + assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK + data_string = gs(data_pointer) + assert len(data_string) > 0 + data_dict = get_dict_from_dissect(data_string) + assert int(data_dict['WriteLevelMax']) <= 100 + + +def test_encrypted_volume_unlock(C): + assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK + assert C.NK_unlock_encrypted_volume(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK + + +def test_encrypted_volume_unlock_hidden(C): + hidden_volume_password = 'hiddenpassword' + assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK + assert C.NK_unlock_encrypted_volume(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK + assert C.NK_create_hidden_volume(0, 20, 21, hidden_volume_password) == DeviceErrorCode.STATUS_OK + assert C.NK_unlock_hidden_volume(hidden_volume_password) == DeviceErrorCode.STATUS_OK + +@pytest.mark.skip(reason='hangs device, to report') +def test_encrypted_volume_setup_multiple_hidden(C): + hidden_volume_password = 'hiddenpassword' + p = lambda i: hidden_volume_password + str(i) + assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK + assert C.NK_unlock_encrypted_volume(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK + for i in range(4): + assert C.NK_create_hidden_volume(i, 20+i*10, 20+i*10+i+1, p(i) ) == DeviceErrorCode.STATUS_OK + for i in range(4): + assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK + assert C.NK_unlock_encrypted_volume(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK + assert C.NK_unlock_hidden_volume(p(i)) == DeviceErrorCode.STATUS_OK + + +def test_unencrypted_volume_set_read_only(C): + assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK + assert C.NK_set_unencrypted_read_only(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK + + +def test_unencrypted_volume_set_read_write(C): + assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK + assert C.NK_set_unencrypted_read_write(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK + + +def test_export_firmware(C): + assert C.NK_export_firmware(DefaultPasswords.ADMIN) == DeviceErrorCode.STATUS_OK + + +def test_clear_new_sd_card_notification(C): + assert C.NK_clear_new_sd_card_warning(DefaultPasswords.ADMIN) == DeviceErrorCode.STATUS_OK + + +@pytest.mark.skip +def test_fill_SD_card(C): + status = C.NK_fill_SD_card_with_random_data(DefaultPasswords.ADMIN) + assert status == DeviceErrorCode.STATUS_OK or status == DeviceErrorCode.BUSY + while 1: + value = C.NK_get_progress_bar_value() + if value == -1: break + assert 0 <= value <= 100 + assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK + wait(5) + + +def test_get_busy_progress_on_idle(C): + value = C.NK_get_progress_bar_value() + assert value == -1 + assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK + + +def test_change_update_password(C): + wrong_password = 'aaaaaaaaaaa' + assert C.NK_change_update_password(wrong_password, DefaultPasswords.UPDATE_TEMP) == DeviceErrorCode.WRONG_PASSWORD + assert C.NK_change_update_password(DefaultPasswords.UPDATE, DefaultPasswords.UPDATE_TEMP) == DeviceErrorCode.STATUS_OK + assert C.NK_change_update_password(DefaultPasswords.UPDATE_TEMP, DefaultPasswords.UPDATE) == DeviceErrorCode.STATUS_OK + + +def test_send_startup(C): + time_seconds_from_epoch = 0 # FIXME set proper date + assert C.NK_send_startup(time_seconds_from_epoch) == DeviceErrorCode.STATUS_OK |