diff options
Diffstat (limited to 'unittest')
| -rw-r--r-- | unittest/conftest.py | 2 | ||||
| -rw-r--r-- | unittest/test_minimal.c | 28 | ||||
| -rw-r--r-- | unittest/test_offline.cc | 45 | ||||
| -rw-r--r-- | unittest/test_pro.py | 49 | ||||
| -rw-r--r-- | unittest/test_strdup.cpp | 2 |
5 files changed, 124 insertions, 2 deletions
diff --git a/unittest/conftest.py b/unittest/conftest.py index 49f1502..253e1d8 100644 --- a/unittest/conftest.py +++ b/unittest/conftest.py @@ -85,7 +85,7 @@ def C(request=None): assert nk_login != 0 # returns 0 if not connected or wrong model or 1 when connected global device_type firmware_version = C.NK_get_minor_firmware_version() - model = 'P' if firmware_version in [7,8] else 'S' + model = 'P' if firmware_version < 20 else 'S' device_type = (model, firmware_version) print('Connected device: {} {}'.format(model, firmware_version)) diff --git a/unittest/test_minimal.c b/unittest/test_minimal.c new file mode 100644 index 0000000..3cf3dd7 --- /dev/null +++ b/unittest/test_minimal.c @@ -0,0 +1,28 @@ +/* + * Copyright (c) 2018 Nitrokey UG + * + * This file is part of libnitrokey. + * + * libnitrokey is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * any later version. + * + * libnitrokey is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with libnitrokey. If not, see <http://www.gnu.org/licenses/>. + * + * SPDX-License-Identifier: LGPL-3.0 + */ + +#include "../NK_C_API.h" + +// This test is only intended to make sure that the C API header can be +// compiled by a C compiler. (All other tests are written in C++.) +int main() { + return 0; +} diff --git a/unittest/test_offline.cc b/unittest/test_offline.cc index 468849e..2ad6a0e 100644 --- a/unittest/test_offline.cc +++ b/unittest/test_offline.cc @@ -22,6 +22,8 @@ #include "catch.hpp" #include <NitrokeyManager.h> #include <memory> +#include <string> +#include <regex> #include "../NK_C_API.h" using namespace nitrokey::proto; @@ -160,3 +162,46 @@ TEST_CASE("Test device commands ids", "[fast]") { REQUIRE(STICK20_CMD_CHANGE_UPDATE_PIN == static_cast<uint8_t>(CommandID::CHANGE_UPDATE_PIN)); } + +#include "version.h" +TEST_CASE("Test version getter", "[fast]") { + REQUIRE(nitrokey::get_major_library_version() >= 3u); + REQUIRE(nitrokey::get_minor_library_version() >= 3u); + const char *library_version = nitrokey::get_library_version(); + REQUIRE(library_version != nullptr); + + // The library version has to match the pattern returned by git describe: + // v<major>.<minor> or v<major>.<minor>-<n>-g<hash>, where <n> is the number + // of commits since the last tag, and <hash> is the hash of the current + // commit. (This assumes that all tags have the name v<major>.<minor>.) + std::string s = library_version; + std::string version("v[0-9]+\\.[0-9]+"); + std::string git_suffix("-[0-9]+-g[0-9a-z]+"); + std::regex pattern(version + "(" + git_suffix + "|)"); + REQUIRE(std::regex_match(s, pattern)); +} + +TEST_CASE("Connect should not return true after the second attempt", "[fast]") { + int result = 0; + + result = NK_login("S"); + REQUIRE(result == 0); + + result = NK_login_auto(); + REQUIRE(result == 0); + + result = NK_logout(); + REQUIRE(result == 0); + + result = NK_logout(); + REQUIRE(result == 0); + + result = NK_login("P"); + REQUIRE(result == 0); + + result = NK_login_auto(); + REQUIRE(result == 0); + + result = NK_logout(); + REQUIRE(result == 0); +} diff --git a/unittest/test_pro.py b/unittest/test_pro.py index 6fac172..1c61399 100644 --- a/unittest/test_pro.py +++ b/unittest/test_pro.py @@ -577,6 +577,55 @@ def test_get_code_user_authorize(C): assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK +@pytest.mark.otp +def test_authorize_issue_admin(C): + skip_if_device_version_lower_than({'S': 43, 'P': 9}) + + assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK + + assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + assert C.NK_write_config(255, 255, 255, True, False, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + + assert C.NK_first_authenticate(b"wrong pass", b"another temp pass") == DeviceErrorCode.WRONG_PASSWORD + assert C.NK_write_config(255, 255, 255, False, True, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_NOT_AUTHORIZED + + assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + assert C.NK_write_config(255, 255, 255, True, False, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + +@pytest.mark.otp +def test_authorize_issue_user(C): + skip_if_device_version_lower_than({'S': 43, 'P': 9}) # issue fixed in Pro v0.9, Storage version chosen arbitrary + + assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK + + assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + assert C.NK_write_totp_slot(0, b'python_otp_auth', bbRFC_SECRET, 30, True, False, False, b'', + DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + # enable PIN protection of OTP codes with write_config + assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + assert C.NK_write_config(255, 255, 255, True, False, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + gs(C.NK_get_totp_code(0, 0, 0, 0)) + assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_NOT_AUTHORIZED + + assert C.NK_user_authenticate(DefaultPasswords.USER, DefaultPasswords.USER_TEMP) == DeviceErrorCode.STATUS_OK + gs(C.NK_get_totp_code_PIN(0, 0, 0, 0, DefaultPasswords.USER_TEMP)) + assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK + + assert C.NK_user_authenticate(b"wrong pass", b"another temp pass") == DeviceErrorCode.WRONG_PASSWORD + gs(C.NK_get_totp_code_PIN(0, 0, 0, 0, DefaultPasswords.USER_TEMP)) + assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_NOT_AUTHORIZED + + assert C.NK_user_authenticate(DefaultPasswords.USER, DefaultPasswords.USER_TEMP) == DeviceErrorCode.STATUS_OK + gs(C.NK_get_totp_code_PIN(0, 0, 0, 0, DefaultPasswords.USER_TEMP)) + assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK + + # disable PIN protection with write_config + assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + assert C.NK_write_config(255, 255, 255, False, True, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + code = gs(C.NK_get_totp_code(0, 0, 0, 0)) + assert code != b'' + assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK + def cast_pointer_to_tuple(obj, typen, len): # usage: # config = cast_pointer_to_tuple(config_raw_data, 'uint8_t', 5) diff --git a/unittest/test_strdup.cpp b/unittest/test_strdup.cpp index f980eb9..6c2cfb3 100644 --- a/unittest/test_strdup.cpp +++ b/unittest/test_strdup.cpp @@ -25,7 +25,7 @@ #include <cstdio> #include <memory.h> -#include "NK_C_API.h" +#include "../NK_C_API.h" #include "catch.hpp" |