From 103f71bb4e06132e70eb26fc2f1c5ca560068107 Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Mon, 31 Oct 2016 20:47:23 +0100 Subject: Tests reorganization (Python) Signed-off-by: Szczepan Zalega --- unittest/conftest.py | 42 +++ unittest/constants.py | 30 +++ unittest/misc.py | 40 +++ unittest/test_bindings.py | 654 ---------------------------------------------- unittest/test_library.py | 67 +++++ unittest/test_pro.py | 488 ++++++++++++++++++++++++++++++++++ unittest/test_storage.py | 7 + 7 files changed, 674 insertions(+), 654 deletions(-) create mode 100644 unittest/conftest.py create mode 100644 unittest/constants.py create mode 100644 unittest/misc.py delete mode 100644 unittest/test_bindings.py create mode 100644 unittest/test_library.py create mode 100644 unittest/test_pro.py create mode 100644 unittest/test_storage.py diff --git a/unittest/conftest.py b/unittest/conftest.py new file mode 100644 index 0000000..68227d5 --- /dev/null +++ b/unittest/conftest.py @@ -0,0 +1,42 @@ +import pytest + +from misc import ffi + +@pytest.fixture(scope="module") +def C(request): + fp = '../NK_C_API.h' + + declarations = [] + with open(fp, 'r') as f: + declarations = f.readlines() + + a = iter(declarations) + for declaration in a: + if declaration.startswith('extern') and not '"C"' in declaration: + declaration = declaration.replace('extern', '').strip() + while not ';' in declaration: + declaration += (next(a)).strip() + print(declaration) + ffi.cdef(declaration, override=True) + + C = ffi.dlopen("../build/libnitrokey.so") + C.NK_set_debug(False) + nk_login = C.NK_login_auto() + if nk_login != 1: + print('No devices detected!') + assert nk_login == 1 # returns 0 if not connected or wrong model or 1 when connected + + # assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + # assert C.NK_user_authenticate(DefaultPasswords.USER, DefaultPasswords.USER_TEMP) == DeviceErrorCode.STATUS_OK + + # C.NK_status() + + def fin(): + print('\nFinishing connection to device') + C.NK_logout() + print('Finished') + + request.addfinalizer(fin) + C.NK_set_debug(True) + + return C diff --git a/unittest/constants.py b/unittest/constants.py new file mode 100644 index 0000000..e3caae3 --- /dev/null +++ b/unittest/constants.py @@ -0,0 +1,30 @@ +from enum import Enum +from misc import to_hex + +RFC_SECRET_HR = '12345678901234567890' +RFC_SECRET = to_hex(RFC_SECRET_HR) # '12345678901234567890' + + +# print( repr((RFC_SECRET, RFC_SECRET_, len(RFC_SECRET))) ) + +class DefaultPasswords(Enum): + ADMIN = '12345678' + USER = '123456' + ADMIN_TEMP = '123123123' + USER_TEMP = '234234234' + + +class DeviceErrorCode(Enum): + STATUS_OK = 0 + NOT_PROGRAMMED = 3 + WRONG_PASSWORD = 4 + STATUS_NOT_AUTHORIZED = 5 + STATUS_AES_DEC_FAILED = 0xa + + +class LibraryErrors(Enum): + TOO_LONG_STRING = 200 + INVALID_SLOT = 201 + INVALID_HEX_STRING = 202 + TARGET_BUFFER_SIZE_SMALLER_THAN_SOURCE = 203 + diff --git a/unittest/misc.py b/unittest/misc.py new file mode 100644 index 0000000..b45436d --- /dev/null +++ b/unittest/misc.py @@ -0,0 +1,40 @@ +import cffi + +ffi = cffi.FFI() +gs = ffi.string + + +def to_hex(s): + return "".join("{:02x}".format(ord(c)) for c in s) + + +def wait(t): + import time + msg = 'Waiting for %d seconds' % t + print(msg.center(40, '=')) + time.sleep(t) + + +def cast_pointer_to_tuple(obj, typen, len): + # usage: + # config = cast_pointer_to_tuple(config_raw_data, 'uint8_t', 5) + return tuple(ffi.cast("%s [%d]" % (typen, len), obj)[0:len]) + +def get_firmware_version_from_status(C): + status = gs(C.NK_status()) + status = [s if 'firmware_version' in s else '' for s in status.split('\n')] + firmware = status[0].split(':')[1] + return firmware + + +def is_pro_rtm_07(C): + firmware = get_firmware_version_from_status(C) + return '07 00' in firmware + + +def is_storage(C): + """ + exact firmware storage is sent by other function + """ + firmware = get_firmware_version_from_status(C) + return '01 00' in firmware \ No newline at end of file diff --git a/unittest/test_bindings.py b/unittest/test_bindings.py deleted file mode 100644 index f7ade46..0000000 --- a/unittest/test_bindings.py +++ /dev/null @@ -1,654 +0,0 @@ -import pytest -import cffi -from enum import Enum - -ffi = cffi.FFI() -gs = ffi.string - - -def to_hex(s): - return "".join("{:02x}".format(ord(c)) for c in s) - - -def wait(t): - import time - msg = 'Waiting for %d seconds' % t - print(msg.center(40, '=')) - time.sleep(t) - - -RFC_SECRET_HR = '12345678901234567890' -RFC_SECRET = to_hex(RFC_SECRET_HR) # '12345678901234567890' - - -# print( repr((RFC_SECRET, RFC_SECRET_, len(RFC_SECRET))) ) - -class DefaultPasswords(Enum): - ADMIN = '12345678' - USER = '123456' - ADMIN_TEMP = '123123123' - USER_TEMP = '234234234' - - -class DeviceErrorCode(Enum): - STATUS_OK = 0 - NOT_PROGRAMMED = 3 - WRONG_PASSWORD = 4 - STATUS_NOT_AUTHORIZED = 5 - STATUS_AES_DEC_FAILED = 0xa - - -class LibraryErrors(Enum): - TOO_LONG_STRING = 200 - INVALID_SLOT = 201 - INVALID_HEX_STRING = 202 - TARGET_BUFFER_SIZE_SMALLER_THAN_SOURCE = 203 - - -@pytest.fixture(scope="module") -def C(request): - fp = '../NK_C_API.h' - - declarations = [] - with open(fp, 'r') as f: - declarations = f.readlines() - - a = iter(declarations) - for declaration in a: - if declaration.startswith('extern') and not '"C"' in declaration: - declaration = declaration.replace('extern', '').strip() - while not ';' in declaration: - declaration += (next(a)).strip() - print(declaration) - ffi.cdef(declaration) - - C = ffi.dlopen("../build/libnitrokey.so") - C.NK_set_debug(False) - nk_login = C.NK_login_auto() - if nk_login != 1: - print('No devices detected!') - assert nk_login == 1 # returns 0 if not connected or wrong model or 1 when connected - - # assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK - # assert C.NK_user_authenticate(DefaultPasswords.USER, DefaultPasswords.USER_TEMP) == DeviceErrorCode.STATUS_OK - - # C.NK_status() - - def fin(): - print('\nFinishing connection to device') - C.NK_logout() - print('Finished') - - request.addfinalizer(fin) - C.NK_set_debug(True) - - return C - - -def get_firmware_version_from_status(C): - status = gs(C.NK_status()) - status = [s if 'firmware_version' in s else '' for s in status.split('\n')] - firmware = status[0].split(':')[1] - return firmware - - -def is_pro_rtm_07(C): - firmware = get_firmware_version_from_status(C) - return '07 00' in firmware - - -def is_storage(C): - """ - exact firmware storage is sent by other function - """ - firmware = get_firmware_version_from_status(C) - return '01 00' in firmware - - -def test_enable_password_safe(C): - assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK - assert C.NK_enable_password_safe('wrong_password') == DeviceErrorCode.WRONG_PASSWORD - assert C.NK_enable_password_safe(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK - - -def test_write_password_safe_slot(C): - assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK - assert C.NK_write_password_safe_slot(0, 'slotname1', 'login1', 'pass1') == DeviceErrorCode.STATUS_NOT_AUTHORIZED - assert C.NK_enable_password_safe(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK - assert C.NK_write_password_safe_slot(0, 'slotname1', 'login1', 'pass1') == DeviceErrorCode.STATUS_OK - - -def test_get_password_safe_slot_name(C): - assert C.NK_enable_password_safe(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK - assert C.NK_write_password_safe_slot(0, 'slotname1', 'login1', 'pass1') == DeviceErrorCode.STATUS_OK - assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK - assert gs(C.NK_get_password_safe_slot_name(0)) == '' - assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_NOT_AUTHORIZED - - assert C.NK_enable_password_safe(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK - assert gs(C.NK_get_password_safe_slot_name(0)) == 'slotname1' - assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK - - -def test_get_password_safe_slot_login_password(C): - assert C.NK_enable_password_safe(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK - assert C.NK_write_password_safe_slot(0, 'slotname1', 'login1', 'pass1') == DeviceErrorCode.STATUS_OK - slot_login = C.NK_get_password_safe_slot_login(0) - assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK - assert gs(slot_login) == 'login1' - slot_password = gs(C.NK_get_password_safe_slot_password(0)) - assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK - assert slot_password == 'pass1' - - -def test_erase_password_safe_slot(C): - assert C.NK_enable_password_safe(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK - assert C.NK_erase_password_safe_slot(0) == DeviceErrorCode.STATUS_OK - assert gs(C.NK_get_password_safe_slot_name(0)) == '' - assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK # TODO CHECK shouldn't this be DeviceErrorCode.NOT_PROGRAMMED ? - - -def test_password_safe_slot_status(C): - C.NK_set_debug(True) - assert C.NK_enable_password_safe(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK - assert C.NK_erase_password_safe_slot(0) == DeviceErrorCode.STATUS_OK - assert C.NK_write_password_safe_slot(1, 'slotname2', 'login2', 'pass2') == DeviceErrorCode.STATUS_OK - safe_slot_status = C.NK_get_password_safe_slot_status() - assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK - is_slot_programmed = list(ffi.cast("uint8_t [16]", safe_slot_status)[0:16]) - print((is_slot_programmed, len(is_slot_programmed))) - assert is_slot_programmed[0] == 0 - assert is_slot_programmed[1] == 1 - - -def test_issue_device_locks_on_second_key_generation_in_sequence(C): - if is_pro_rtm_07(C): - pytest.skip("issue to register: device locks up " - "after below commands sequence (reinsertion fixes), skipping for now") - assert C.NK_build_aes_key(DefaultPasswords.ADMIN) == DeviceErrorCode.STATUS_OK - assert C.NK_build_aes_key(DefaultPasswords.ADMIN) == DeviceErrorCode.STATUS_OK - - -def test_regenerate_aes_key(C): - C.NK_set_debug(True) - assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK - assert C.NK_build_aes_key(DefaultPasswords.ADMIN) == DeviceErrorCode.STATUS_OK - assert C.NK_enable_password_safe(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK - - -@pytest.mark.xfail(reason="NK Pro firmware bug: regenerating AES key command not always results in cleared slot data") -def test_destroy_password_safe(C): - """ - Sometimes fails on NK Pro - slot name is not cleared ergo key generation has not succeed despite the success result - returned from the device - """ - C.NK_set_debug(True) - assert C.NK_enable_password_safe(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK - # write password safe slot - assert C.NK_write_password_safe_slot(0, 'slotname1', 'login1', 'pass1') == DeviceErrorCode.STATUS_OK - # read slot - assert gs(C.NK_get_password_safe_slot_name(0)) == 'slotname1' - assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK - slot_login = C.NK_get_password_safe_slot_login(0) - assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK - assert gs(slot_login) == 'login1' - # destroy password safe by regenerating aes key - assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK - - assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK - assert C.NK_build_aes_key(DefaultPasswords.ADMIN) == DeviceErrorCode.STATUS_OK - assert C.NK_enable_password_safe(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK - - assert gs(C.NK_get_password_safe_slot_name(0)) != 'slotname1' - assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK - - # check was slot status cleared - safe_slot_status = C.NK_get_password_safe_slot_status() - assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK - is_slot_programmed = list(ffi.cast("uint8_t [16]", safe_slot_status)[0:16]) - assert is_slot_programmed[0] == 0 - - -def test_is_AES_supported(C): - if is_storage(C): - pytest.skip("Storage does not implement this command") - assert C.NK_is_AES_supported('wrong password') != 1 - assert C.NK_get_last_command_status() == DeviceErrorCode.WRONG_PASSWORD - assert C.NK_is_AES_supported(DefaultPasswords.USER) == 1 - assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK - - -def test_admin_PIN_change(C): - new_password = '123123123' - assert C.NK_change_admin_PIN('wrong_password', new_password) == DeviceErrorCode.WRONG_PASSWORD - assert C.NK_change_admin_PIN(DefaultPasswords.ADMIN, new_password) == DeviceErrorCode.STATUS_OK - assert C.NK_change_admin_PIN(new_password, DefaultPasswords.ADMIN) == DeviceErrorCode.STATUS_OK - - -def test_user_PIN_change(C): - new_password = '123123123' - assert C.NK_change_user_PIN('wrong_password', new_password) == DeviceErrorCode.WRONG_PASSWORD - assert C.NK_change_user_PIN(DefaultPasswords.USER, new_password) == DeviceErrorCode.STATUS_OK - assert C.NK_change_user_PIN(new_password, DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK - - -def test_too_long_strings(C): - new_password = '123123123' - long_string = 'a' * 100 - assert C.NK_change_user_PIN(long_string, new_password) == LibraryErrors.TOO_LONG_STRING - assert C.NK_change_user_PIN(new_password, long_string) == LibraryErrors.TOO_LONG_STRING - assert C.NK_change_admin_PIN(long_string, new_password) == LibraryErrors.TOO_LONG_STRING - assert C.NK_change_admin_PIN(new_password, long_string) == LibraryErrors.TOO_LONG_STRING - assert C.NK_first_authenticate(long_string, DefaultPasswords.ADMIN_TEMP) == LibraryErrors.TOO_LONG_STRING - assert C.NK_erase_totp_slot(0, long_string) == LibraryErrors.TOO_LONG_STRING - digits = False - assert C.NK_write_hotp_slot(1, long_string, RFC_SECRET, 0, digits, False, False, "", - DefaultPasswords.ADMIN_TEMP) == LibraryErrors.TOO_LONG_STRING - assert C.NK_write_hotp_slot(1, 'long_test', RFC_SECRET, 0, digits, False, False, "", - long_string) == LibraryErrors.TOO_LONG_STRING - assert C.NK_get_hotp_code_PIN(0, long_string) == 0 - assert C.NK_get_last_command_status() == LibraryErrors.TOO_LONG_STRING - - -def test_invalid_slot(C): - invalid_slot = 255 - assert C.NK_erase_totp_slot(invalid_slot, 'some password') == LibraryErrors.INVALID_SLOT - assert C.NK_write_hotp_slot(invalid_slot, 'long_test', RFC_SECRET, 0, False, False, False, "", - 'aaa') == LibraryErrors.INVALID_SLOT - assert C.NK_get_hotp_code_PIN(invalid_slot, 'some password') == 0 - assert C.NK_get_last_command_status() == LibraryErrors.INVALID_SLOT - assert C.NK_erase_password_safe_slot(invalid_slot) == LibraryErrors.INVALID_SLOT - assert C.NK_enable_password_safe(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK - assert gs(C.NK_get_password_safe_slot_name(invalid_slot)) == '' - assert C.NK_get_last_command_status() == LibraryErrors.INVALID_SLOT - assert gs(C.NK_get_password_safe_slot_login(invalid_slot)) == '' - assert C.NK_get_last_command_status() == LibraryErrors.INVALID_SLOT - - -def test_admin_retry_counts(C): - default_admin_retry_count = 3 - assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK - assert C.NK_get_admin_retry_count() == default_admin_retry_count - assert C.NK_change_admin_PIN('wrong_password', DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.WRONG_PASSWORD - assert C.NK_get_admin_retry_count() == default_admin_retry_count - 1 - assert C.NK_change_admin_PIN(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN) == DeviceErrorCode.STATUS_OK - assert C.NK_get_admin_retry_count() == default_admin_retry_count - - -def test_user_retry_counts_change_PIN(C): - assert C.NK_change_user_PIN(DefaultPasswords.USER, DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK - wrong_password = 'wrong_password' - default_user_retry_count = 3 - assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK - assert C.NK_get_user_retry_count() == default_user_retry_count - assert C.NK_change_user_PIN(wrong_password, wrong_password) == DeviceErrorCode.WRONG_PASSWORD - assert C.NK_get_user_retry_count() == default_user_retry_count - 1 - assert C.NK_change_user_PIN(DefaultPasswords.USER, DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK - assert C.NK_get_user_retry_count() == default_user_retry_count - -def test_user_retry_counts_PWSafe(C): - default_user_retry_count = 3 - assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK - assert C.NK_get_user_retry_count() == default_user_retry_count - assert C.NK_enable_password_safe('wrong_password') == DeviceErrorCode.WRONG_PASSWORD - assert C.NK_get_user_retry_count() == default_user_retry_count - 1 - assert C.NK_enable_password_safe(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK - assert C.NK_get_user_retry_count() == default_user_retry_count - - -def test_unlock_user_password(C): - C.NK_set_debug(True) - default_user_retry_count = 3 - default_admin_retry_count = 3 - new_password = '123123123' - assert C.NK_get_user_retry_count() == default_user_retry_count - assert C.NK_change_user_PIN('wrong_password', new_password) == DeviceErrorCode.WRONG_PASSWORD - assert C.NK_change_user_PIN('wrong_password', new_password) == DeviceErrorCode.WRONG_PASSWORD - assert C.NK_change_user_PIN('wrong_password', new_password) == DeviceErrorCode.WRONG_PASSWORD - assert C.NK_get_user_retry_count() == default_user_retry_count - 3 - assert C.NK_get_admin_retry_count() == default_admin_retry_count - - assert C.NK_unlock_user_password('wrong password', DefaultPasswords.USER) == DeviceErrorCode.WRONG_PASSWORD - assert C.NK_get_admin_retry_count() == default_admin_retry_count - 1 - assert C.NK_unlock_user_password(DefaultPasswords.ADMIN, DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK - assert C.NK_get_user_retry_count() == default_user_retry_count - assert C.NK_get_admin_retry_count() == default_admin_retry_count - - -def test_admin_auth(C): - assert C.NK_first_authenticate('wrong_password', DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.WRONG_PASSWORD - assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK - - -def test_user_auth(C): - assert C.NK_user_authenticate('wrong_password', DefaultPasswords.USER_TEMP) == DeviceErrorCode.WRONG_PASSWORD - assert C.NK_user_authenticate(DefaultPasswords.USER, DefaultPasswords.USER_TEMP) == DeviceErrorCode.STATUS_OK - - -def check_HOTP_RFC_codes(C, func, prep=None, use_8_digits=False): - """ - # https://tools.ietf.org/html/rfc4226#page-32 - """ - assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK - assert C.NK_write_hotp_slot(1, 'python_test', RFC_SECRET, 0, use_8_digits, False, False, "", - DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK - test_data = [ - 1284755224, 1094287082, 137359152, 1726969429, 1640338314, 868254676, 1918287922, 82162583, 673399871, - 645520489, - ] - for code in test_data: - if prep: - prep() - r = func(1) - code = str(code)[-8:] if use_8_digits else str(code)[-6:] - assert int(code) == r - - -@pytest.mark.parametrize("use_8_digits", [False, True, ]) -@pytest.mark.parametrize("use_pin_protection", [False, True, ]) -def test_HOTP_RFC_use8digits_usepin(C, use_8_digits, use_pin_protection): - assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK - assert C.NK_write_config(255, 255, 255, use_pin_protection, not use_pin_protection, - DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK - if use_pin_protection: - check_HOTP_RFC_codes(C, - lambda x: C.NK_get_hotp_code_PIN(x, DefaultPasswords.USER_TEMP), - lambda: C.NK_user_authenticate(DefaultPasswords.USER, DefaultPasswords.USER_TEMP), - use_8_digits=use_8_digits) - else: - check_HOTP_RFC_codes(C, C.NK_get_hotp_code, use_8_digits=use_8_digits) - - -def test_HOTP_token(C): - """ - Check HOTP routine with written token ID to slot. - """ - use_pin_protection = False - assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK - assert C.NK_write_config(255, 255, 255, use_pin_protection, not use_pin_protection, - DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK - assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK - token_ID = "AAV100000022" - assert C.NK_write_hotp_slot(1, 'python_test', RFC_SECRET, 0, False, False, True, token_ID, - DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK - for i in range(5): - hotp_code = C.NK_get_hotp_code(1) - assert hotp_code != 0 - assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK - -def test_HOTP_counters(C): - """ - # https://tools.ietf.org/html/rfc4226#page-32 - """ - use_pin_protection = False - assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK - assert C.NK_write_config(255, 255, 255, use_pin_protection, not use_pin_protection, - DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK - use_8_digits = True - HOTP_test_data = [ - 1284755224, 1094287082, 137359152, 1726969429, 1640338314, - 868254676, 1918287922, 82162583, 673399871, 645520489, - ] - slot_number = 1 - for counter, code in enumerate(HOTP_test_data): - assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK - assert C.NK_write_hotp_slot(slot_number, 'python_test', RFC_SECRET, counter, use_8_digits, False, False, "", - DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK - r = C.NK_get_hotp_code(slot_number) - code = str(code)[-8:] if use_8_digits else str(code)[-6:] - assert int(code) == r - - -INT32_MAX = 2 ** 31 - 1 -def test_HOTP_64bit_counter(C): - if is_storage(C): - pytest.xfail('bug in NK Storage HOTP firmware - counter is set with a 8 digits string, ' - 'however int32max takes 10 digits to be written') - oath = pytest.importorskip("oath") - lib_at = lambda t: oath.hotp(RFC_SECRET, t, format='dec6') - PIN_protection = False - use_8_digits = False - slot_number = 1 - assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK - assert C.NK_write_config(255, 255, 255, PIN_protection, not PIN_protection, - DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK - dev_res = [] - lib_res = [] - for t in range(INT32_MAX - 5, INT32_MAX + 5, 1): - assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK - assert C.NK_write_hotp_slot(slot_number, 'python_test', RFC_SECRET, t, use_8_digits, False, False, "", - DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK - code_device = str(C.NK_get_hotp_code(slot_number)) - dev_res += (t, code_device) - lib_res += (t, lib_at(t)) - assert dev_res == lib_res - - -def test_TOTP_64bit_time(C): - if is_storage(C): - pytest.xfail('bug in NK Storage TOTP firmware') - oath = pytest.importorskip("oath") - T = 1 - lib_at = lambda t: oath.totp(RFC_SECRET, t=t) - PIN_protection = False - slot_number = 1 - assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK - assert C.NK_write_config(255, 255, 255, PIN_protection, not PIN_protection, - DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK - assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK - assert C.NK_write_totp_slot(slot_number, 'python_test', RFC_SECRET, 30, False, False, False, "", - DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK - dev_res = [] - lib_res = [] - for t in range(INT32_MAX - 5, INT32_MAX + 5, 1): - assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK - assert C.NK_totp_set_time(t) == DeviceErrorCode.STATUS_OK - code_device = str((C.NK_get_totp_code(slot_number, T, 0, 30))) - dev_res += (t, code_device) - lib_res += (t, lib_at(t)) - assert dev_res == lib_res - - -@pytest.mark.xfail(reason="NK Pro: possible firmware bug or communication issue: set time command not always changes the time on stick thus failing this test, " - "this does not influence normal use since setting time is not done every TOTP code request" - "Rarely fail occurs on NK Storage") -@pytest.mark.parametrize("PIN_protection", [False, True, ]) -def test_TOTP_RFC_usepin(C, PIN_protection): - slot_number = 1 - assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK - assert C.NK_write_config(255, 255, 255, PIN_protection, not PIN_protection, - DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK - # test according to https://tools.ietf.org/html/rfc6238#appendix-B - assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK - assert C.NK_write_totp_slot(slot_number, 'python_test', RFC_SECRET, 30, True, False, False, "", - DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK - - get_func = None - if PIN_protection: - get_func = lambda x, y, z, r: C.NK_get_totp_code_PIN(x, y, z, r, DefaultPasswords.USER_TEMP) - else: - get_func = C.NK_get_totp_code - - # Mode: Sha1, time step X=30 - test_data = [ - #Time T (hex) TOTP - (59, 0x1, 94287082), - (1111111109, 0x00000000023523EC, 7081804), - (1111111111, 0x00000000023523ED, 14050471), - (1234567890, 0x000000000273EF07, 89005924), - (2000000000, 0x0000000003F940AA, 69279037), - # (20000000000, 0x0000000027BC86AA, 65353130), # 64bit is also checked in other test - ] - responses = [] - data = [] - correct = 0 - for t, T, expected_code in test_data: - if PIN_protection: - C.NK_user_authenticate(DefaultPasswords.USER, DefaultPasswords.USER_TEMP) - assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK - assert C.NK_totp_set_time(t) == DeviceErrorCode.STATUS_OK - code_from_device = get_func(slot_number, T, 0, 30) # FIXME T is not changing the outcome - data += [ (t, expected_code) ] - responses += [ (t, code_from_device) ] - correct += expected_code == code_from_device - assert data == responses or correct == len(test_data) - -def test_get_slot_names(C): - C.NK_set_debug(True) - assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK - assert C.NK_erase_totp_slot(0, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK - # erasing slot invalidates temporary password, so requesting authentication - assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK - assert C.NK_erase_hotp_slot(0, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK - - for i in range(15): - name = ffi.string(C.NK_get_totp_slot_name(i)) - if name == '': - assert C.NK_get_last_command_status() == DeviceErrorCode.NOT_PROGRAMMED - for i in range(3): - name = ffi.string(C.NK_get_hotp_slot_name(i)) - if name == '': - assert C.NK_get_last_command_status() == DeviceErrorCode.NOT_PROGRAMMED - - -def test_get_OTP_codes(C): - assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK - assert C.NK_write_config(255, 255, 255, False, True, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK - for i in range(15): - code = C.NK_get_totp_code(i, 0, 0, 0) - if code == 0: - assert C.NK_get_last_command_status() == DeviceErrorCode.NOT_PROGRAMMED - - for i in range(3): - code = C.NK_get_hotp_code(i) - if code == 0: - assert C.NK_get_last_command_status() == DeviceErrorCode.NOT_PROGRAMMED - - -def test_get_OTP_code_from_not_programmed_slot(C): - assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK - assert C.NK_write_config(255, 255, 255, False, True, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK - assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK - assert C.NK_erase_hotp_slot(0, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK - assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK - assert C.NK_erase_totp_slot(0, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK - - code = C.NK_get_hotp_code(0) - assert code == 0 - assert C.NK_get_last_command_status() == DeviceErrorCode.NOT_PROGRAMMED - - code = C.NK_get_totp_code(0, 0, 0, 0) - assert code == 0 - assert C.NK_get_last_command_status() == DeviceErrorCode.NOT_PROGRAMMED - - -def test_get_code_user_authorize(C): - C.NK_set_debug(True) - assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK - assert C.NK_write_totp_slot(0, 'python_otp_auth', RFC_SECRET, 30, True, False, False, "", - DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK - # enable PIN protection of OTP codes with write_config - # TODO create convinience function on C API side to enable/disable OTP USER_PIN protection - assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK - assert C.NK_write_config(255, 255, 255, True, False, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK - code = C.NK_get_totp_code(0, 0, 0, 0) - assert code == 0 - assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_NOT_AUTHORIZED - # disable PIN protection with write_config - assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK - assert C.NK_write_config(255, 255, 255, False, True, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK - code = C.NK_get_totp_code(0, 0, 0, 0) - assert code != 0 - assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK - - -def cast_pointer_to_tuple(obj, typen, len): - # usage: - # config = cast_pointer_to_tuple(config_raw_data, 'uint8_t', 5) - return tuple(ffi.cast("%s [%d]" % (typen, len), obj)[0:len]) - - -def test_read_write_config(C): - C.NK_set_debug(True) - - # let's set sample config with pin protection and disabled scrolllock - assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK - assert C.NK_write_config(0, 1, 2, True, False, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK - config_raw_data = C.NK_read_config() - assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK - config = cast_pointer_to_tuple(config_raw_data, 'uint8_t', 5) - assert config == (0, 1, 2, True, False) - - # restore defaults and check - assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK - assert C.NK_write_config(255, 255, 255, False, True, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK - config_raw_data = C.NK_read_config() - assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK - config = cast_pointer_to_tuple(config_raw_data, 'uint8_t', 5) - assert config == (255, 255, 255, False, True) - - -def test_factory_reset(C): - if is_storage(C): - pytest.skip('Recovery not implemented for NK Storage') - C.NK_set_debug(True) - assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK - assert C.NK_write_config(255, 255, 255, False, True, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK - assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK - assert C.NK_write_hotp_slot(1, 'python_test', RFC_SECRET, 0, False, False, False, "", - DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK - assert C.NK_get_hotp_code(1) == 755224 - assert C.NK_factory_reset(DefaultPasswords.ADMIN) == DeviceErrorCode.STATUS_OK - wait(10) - assert C.NK_get_hotp_code(1) != 287082 - assert C.NK_get_last_command_status() == DeviceErrorCode.NOT_PROGRAMMED - # restore AES key - assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK - assert C.NK_build_aes_key(DefaultPasswords.ADMIN) == DeviceErrorCode.STATUS_OK - assert C.NK_enable_password_safe(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK - assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK - - -@pytest.mark.skip(reason='Experimental') -def test_clear(C): - d = 'asdasdasd' - print(d) - C.clear_password(d) - print(d) - - -def test_get_status(C): - status = C.NK_status() - s = gs(status) - assert len(s) > 0 - - -def test_get_serial_number(C): - sn = C.NK_device_serial_number() - sn = gs(sn) - assert len(sn) > 0 - print(('Serial number of the device: ', sn)) - - -@pytest.mark.parametrize("invalid_hex_string", - ['text', '00 ', '0xff', 'zzzzzzzzzzzz', 'fff', '', 'f' * 257, 'f' * 258]) -def test_invalid_secret_hex_string_for_OTP_write(C, invalid_hex_string): - """ - Tests for invalid secret hex string during writing to OTP slot. Invalid strings are not hexadecimal number, - empty or longer than 255 characters. - """ - assert C.NK_write_hotp_slot(1, 'slot_name', invalid_hex_string, 0, True, False, False, '', - DefaultPasswords.ADMIN_TEMP) == LibraryErrors.INVALID_HEX_STRING - assert C.NK_write_totp_slot(1, 'python_test', invalid_hex_string, 30, True, False, False, "", - DefaultPasswords.ADMIN_TEMP) == LibraryErrors.INVALID_HEX_STRING - - -def test_warning_binary_bigger_than_secret_buffer(C): - invalid_hex_string = to_hex('1234567890') * 3 - assert C.NK_write_hotp_slot(1, 'slot_name', invalid_hex_string, 0, True, False, False, '', - DefaultPasswords.ADMIN_TEMP) == LibraryErrors.TARGET_BUFFER_SIZE_SMALLER_THAN_SOURCE - - -@pytest.mark.xfail(reason="TODO") -def test_OTP_secret_started_from_null(C): - assert False diff --git a/unittest/test_library.py b/unittest/test_library.py new file mode 100644 index 0000000..d0eef80 --- /dev/null +++ b/unittest/test_library.py @@ -0,0 +1,67 @@ +import pytest + +from misc import ffi, gs, to_hex +from constants import DefaultPasswords, DeviceErrorCode, RFC_SECRET, LibraryErrors + +def test_too_long_strings(C): + new_password = '123123123' + long_string = 'a' * 100 + assert C.NK_change_user_PIN(long_string, new_password) == LibraryErrors.TOO_LONG_STRING + assert C.NK_change_user_PIN(new_password, long_string) == LibraryErrors.TOO_LONG_STRING + assert C.NK_change_admin_PIN(long_string, new_password) == LibraryErrors.TOO_LONG_STRING + assert C.NK_change_admin_PIN(new_password, long_string) == LibraryErrors.TOO_LONG_STRING + assert C.NK_first_authenticate(long_string, DefaultPasswords.ADMIN_TEMP) == LibraryErrors.TOO_LONG_STRING + assert C.NK_erase_totp_slot(0, long_string) == LibraryErrors.TOO_LONG_STRING + digits = False + assert C.NK_write_hotp_slot(1, long_string, RFC_SECRET, 0, digits, False, False, "", + DefaultPasswords.ADMIN_TEMP) == LibraryErrors.TOO_LONG_STRING + assert C.NK_write_hotp_slot(1, 'long_test', RFC_SECRET, 0, digits, False, False, "", + long_string) == LibraryErrors.TOO_LONG_STRING + assert C.NK_get_hotp_code_PIN(0, long_string) == 0 + assert C.NK_get_last_command_status() == LibraryErrors.TOO_LONG_STRING + + +def test_invalid_slot(C): + invalid_slot = 255 + assert C.NK_erase_totp_slot(invalid_slot, 'some password') == LibraryErrors.INVALID_SLOT + assert C.NK_write_hotp_slot(invalid_slot, 'long_test', RFC_SECRET, 0, False, False, False, "", + 'aaa') == LibraryErrors.INVALID_SLOT + assert C.NK_get_hotp_code_PIN(invalid_slot, 'some password') == 0 + assert C.NK_get_last_command_status() == LibraryErrors.INVALID_SLOT + assert C.NK_erase_password_safe_slot(invalid_slot) == LibraryErrors.INVALID_SLOT + assert C.NK_enable_password_safe(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK + assert gs(C.NK_get_password_safe_slot_name(invalid_slot)) == '' + assert C.NK_get_last_command_status() == LibraryErrors.INVALID_SLOT + assert gs(C.NK_get_password_safe_slot_login(invalid_slot)) == '' + assert C.NK_get_last_command_status() == LibraryErrors.INVALID_SLOT + +@pytest.mark.parametrize("invalid_hex_string", + ['text', '00 ', '0xff', 'zzzzzzzzzzzz', 'fff', '', 'f' * 257, 'f' * 258]) +def test_invalid_secret_hex_string_for_OTP_write(C, invalid_hex_string): + """ + Tests for invalid secret hex string during writing to OTP slot. Invalid strings are not hexadecimal number, + empty or longer than 255 characters. + """ + assert C.NK_write_hotp_slot(1, 'slot_name', invalid_hex_string, 0, True, False, False, '', + DefaultPasswords.ADMIN_TEMP) == LibraryErrors.INVALID_HEX_STRING + assert C.NK_write_totp_slot(1, 'python_test', invalid_hex_string, 30, True, False, False, "", + DefaultPasswords.ADMIN_TEMP) == LibraryErrors.INVALID_HEX_STRING + + +def test_warning_binary_bigger_than_secret_buffer(C): + invalid_hex_string = to_hex('1234567890') * 3 + assert C.NK_write_hotp_slot(1, 'slot_name', invalid_hex_string, 0, True, False, False, '', + DefaultPasswords.ADMIN_TEMP) == LibraryErrors.TARGET_BUFFER_SIZE_SMALLER_THAN_SOURCE + + +@pytest.mark.xfail(reason="TODO") +def test_OTP_secret_started_from_null(C): + assert False + + +@pytest.mark.skip(reason='Experimental') +def test_clear(C): + d = 'asdasdasd' + print(d) + C.clear_password(d) + print(d) \ No newline at end of file diff --git a/unittest/test_pro.py b/unittest/test_pro.py new file mode 100644 index 0000000..6ab2af9 --- /dev/null +++ b/unittest/test_pro.py @@ -0,0 +1,488 @@ +import pytest + +from constants import DefaultPasswords, DeviceErrorCode, RFC_SECRET +from misc import ffi, gs, wait, cast_pointer_to_tuple +from misc import is_pro_rtm_07, is_storage + +def test_enable_password_safe(C): + assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK + assert C.NK_enable_password_safe('wrong_password') == DeviceErrorCode.WRONG_PASSWORD + assert C.NK_enable_password_safe(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK + + +def test_write_password_safe_slot(C): + assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK + assert C.NK_write_password_safe_slot(0, 'slotname1', 'login1', 'pass1') == DeviceErrorCode.STATUS_NOT_AUTHORIZED + assert C.NK_enable_password_safe(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK + assert C.NK_write_password_safe_slot(0, 'slotname1', 'login1', 'pass1') == DeviceErrorCode.STATUS_OK + + +def test_get_password_safe_slot_name(C): + assert C.NK_enable_password_safe(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK + assert C.NK_write_password_safe_slot(0, 'slotname1', 'login1', 'pass1') == DeviceErrorCode.STATUS_OK + assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK + assert gs(C.NK_get_password_safe_slot_name(0)) == '' + assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_NOT_AUTHORIZED + + assert C.NK_enable_password_safe(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK + assert gs(C.NK_get_password_safe_slot_name(0)) == 'slotname1' + assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK + + +def test_get_password_safe_slot_login_password(C): + assert C.NK_enable_password_safe(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK + assert C.NK_write_password_safe_slot(0, 'slotname1', 'login1', 'pass1') == DeviceErrorCode.STATUS_OK + slot_login = C.NK_get_password_safe_slot_login(0) + assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK + assert gs(slot_login) == 'login1' + slot_password = gs(C.NK_get_password_safe_slot_password(0)) + assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK + assert slot_password == 'pass1' + + +def test_erase_password_safe_slot(C): + assert C.NK_enable_password_safe(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK + assert C.NK_erase_password_safe_slot(0) == DeviceErrorCode.STATUS_OK + assert gs(C.NK_get_password_safe_slot_name(0)) == '' + assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK # TODO CHECK shouldn't this be DeviceErrorCode.NOT_PROGRAMMED ? + + +def test_password_safe_slot_status(C): + C.NK_set_debug(True) + assert C.NK_enable_password_safe(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK + assert C.NK_erase_password_safe_slot(0) == DeviceErrorCode.STATUS_OK + assert C.NK_write_password_safe_slot(1, 'slotname2', 'login2', 'pass2') == DeviceErrorCode.STATUS_OK + safe_slot_status = C.NK_get_password_safe_slot_status() + assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK + is_slot_programmed = list(ffi.cast("uint8_t [16]", safe_slot_status)[0:16]) + print((is_slot_programmed, len(is_slot_programmed))) + assert is_slot_programmed[0] == 0 + assert is_slot_programmed[1] == 1 + + +def test_issue_device_locks_on_second_key_generation_in_sequence(C): + if is_pro_rtm_07(C): + pytest.skip("issue to register: device locks up " + "after below commands sequence (reinsertion fixes), skipping for now") + assert C.NK_build_aes_key(DefaultPasswords.ADMIN) == DeviceErrorCode.STATUS_OK + assert C.NK_build_aes_key(DefaultPasswords.ADMIN) == DeviceErrorCode.STATUS_OK + + +def test_regenerate_aes_key(C): + C.NK_set_debug(True) + assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + assert C.NK_build_aes_key(DefaultPasswords.ADMIN) == DeviceErrorCode.STATUS_OK + assert C.NK_enable_password_safe(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK + + +@pytest.mark.xfail(reason="NK Pro firmware bug: regenerating AES key command not always results in cleared slot data") +def test_destroy_password_safe(C): + """ + Sometimes fails on NK Pro - slot name is not cleared ergo key generation has not succeed despite the success result + returned from the device + """ + C.NK_set_debug(True) + assert C.NK_enable_password_safe(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK + # write password safe slot + assert C.NK_write_password_safe_slot(0, 'slotname1', 'login1', 'pass1') == DeviceErrorCode.STATUS_OK + # read slot + assert gs(C.NK_get_password_safe_slot_name(0)) == 'slotname1' + assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK + slot_login = C.NK_get_password_safe_slot_login(0) + assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK + assert gs(slot_login) == 'login1' + # destroy password safe by regenerating aes key + assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK + + assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + assert C.NK_build_aes_key(DefaultPasswords.ADMIN) == DeviceErrorCode.STATUS_OK + assert C.NK_enable_password_safe(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK + + assert gs(C.NK_get_password_safe_slot_name(0)) != 'slotname1' + assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK + + # check was slot status cleared + safe_slot_status = C.NK_get_password_safe_slot_status() + assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK + is_slot_programmed = list(ffi.cast("uint8_t [16]", safe_slot_status)[0:16]) + assert is_slot_programmed[0] == 0 + + +def test_is_AES_supported(C): + if is_storage(C): + pytest.skip("Storage does not implement this command") + assert C.NK_is_AES_supported('wrong password') != 1 + assert C.NK_get_last_command_status() == DeviceErrorCode.WRONG_PASSWORD + assert C.NK_is_AES_supported(DefaultPasswords.USER) == 1 + assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK + + +def test_admin_PIN_change(C): + new_password = '123123123' + assert C.NK_change_admin_PIN('wrong_password', new_password) == DeviceErrorCode.WRONG_PASSWORD + assert C.NK_change_admin_PIN(DefaultPasswords.ADMIN, new_password) == DeviceErrorCode.STATUS_OK + assert C.NK_change_admin_PIN(new_password, DefaultPasswords.ADMIN) == DeviceErrorCode.STATUS_OK + + +def test_user_PIN_change(C): + new_password = '123123123' + assert C.NK_change_user_PIN('wrong_password', new_password) == DeviceErrorCode.WRONG_PASSWORD + assert C.NK_change_user_PIN(DefaultPasswords.USER, new_password) == DeviceErrorCode.STATUS_OK + assert C.NK_change_user_PIN(new_password, DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK + + +def test_admin_retry_counts(C): + default_admin_retry_count = 3 + assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK + assert C.NK_get_admin_retry_count() == default_admin_retry_count + assert C.NK_change_admin_PIN('wrong_password', DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.WRONG_PASSWORD + assert C.NK_get_admin_retry_count() == default_admin_retry_count - 1 + assert C.NK_change_admin_PIN(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN) == DeviceErrorCode.STATUS_OK + assert C.NK_get_admin_retry_count() == default_admin_retry_count + + +def test_user_retry_counts_change_PIN(C): + assert C.NK_change_user_PIN(DefaultPasswords.USER, DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK + wrong_password = 'wrong_password' + default_user_retry_count = 3 + assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK + assert C.NK_get_user_retry_count() == default_user_retry_count + assert C.NK_change_user_PIN(wrong_password, wrong_password) == DeviceErrorCode.WRONG_PASSWORD + assert C.NK_get_user_retry_count() == default_user_retry_count - 1 + assert C.NK_change_user_PIN(DefaultPasswords.USER, DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK + assert C.NK_get_user_retry_count() == default_user_retry_count + +def test_user_retry_counts_PWSafe(C): + default_user_retry_count = 3 + assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK + assert C.NK_get_user_retry_count() == default_user_retry_count + assert C.NK_enable_password_safe('wrong_password') == DeviceErrorCode.WRONG_PASSWORD + assert C.NK_get_user_retry_count() == default_user_retry_count - 1 + assert C.NK_enable_password_safe(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK + assert C.NK_get_user_retry_count() == default_user_retry_count + + +def test_unlock_user_password(C): + C.NK_set_debug(True) + default_user_retry_count = 3 + default_admin_retry_count = 3 + new_password = '123123123' + assert C.NK_get_user_retry_count() == default_user_retry_count + assert C.NK_change_user_PIN('wrong_password', new_password) == DeviceErrorCode.WRONG_PASSWORD + assert C.NK_change_user_PIN('wrong_password', new_password) == DeviceErrorCode.WRONG_PASSWORD + assert C.NK_change_user_PIN('wrong_password', new_password) == DeviceErrorCode.WRONG_PASSWORD + assert C.NK_get_user_retry_count() == default_user_retry_count - 3 + assert C.NK_get_admin_retry_count() == default_admin_retry_count + + assert C.NK_unlock_user_password('wrong password', DefaultPasswords.USER) == DeviceErrorCode.WRONG_PASSWORD + assert C.NK_get_admin_retry_count() == default_admin_retry_count - 1 + assert C.NK_unlock_user_password(DefaultPasswords.ADMIN, DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK + assert C.NK_get_user_retry_count() == default_user_retry_count + assert C.NK_get_admin_retry_count() == default_admin_retry_count + + +def test_admin_auth(C): + assert C.NK_first_authenticate('wrong_password', DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.WRONG_PASSWORD + assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + + +def test_user_auth(C): + assert C.NK_user_authenticate('wrong_password', DefaultPasswords.USER_TEMP) == DeviceErrorCode.WRONG_PASSWORD + assert C.NK_user_authenticate(DefaultPasswords.USER, DefaultPasswords.USER_TEMP) == DeviceErrorCode.STATUS_OK + + +def check_HOTP_RFC_codes(C, func, prep=None, use_8_digits=False): + """ + # https://tools.ietf.org/html/rfc4226#page-32 + """ + assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + assert C.NK_write_hotp_slot(1, 'python_test', RFC_SECRET, 0, use_8_digits, False, False, "", + DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + test_data = [ + 1284755224, 1094287082, 137359152, 1726969429, 1640338314, 868254676, 1918287922, 82162583, 673399871, + 645520489, + ] + for code in test_data: + if prep: + prep() + r = func(1) + code = str(code)[-8:] if use_8_digits else str(code)[-6:] + assert int(code) == r + + +@pytest.mark.parametrize("use_8_digits", [False, True, ]) +@pytest.mark.parametrize("use_pin_protection", [False, True, ]) +def test_HOTP_RFC_use8digits_usepin(C, use_8_digits, use_pin_protection): + assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + assert C.NK_write_config(255, 255, 255, use_pin_protection, not use_pin_protection, + DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + if use_pin_protection: + check_HOTP_RFC_codes(C, + lambda x: C.NK_get_hotp_code_PIN(x, DefaultPasswords.USER_TEMP), + lambda: C.NK_user_authenticate(DefaultPasswords.USER, DefaultPasswords.USER_TEMP), + use_8_digits=use_8_digits) + else: + check_HOTP_RFC_codes(C, C.NK_get_hotp_code, use_8_digits=use_8_digits) + + +def test_HOTP_token(C): + """ + Check HOTP routine with written token ID to slot. + """ + use_pin_protection = False + assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + assert C.NK_write_config(255, 255, 255, use_pin_protection, not use_pin_protection, + DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + token_ID = "AAV100000022" + assert C.NK_write_hotp_slot(1, 'python_test', RFC_SECRET, 0, False, False, True, token_ID, + DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + for i in range(5): + hotp_code = C.NK_get_hotp_code(1) + assert hotp_code != 0 + assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK + +def test_HOTP_counters(C): + """ + # https://tools.ietf.org/html/rfc4226#page-32 + """ + use_pin_protection = False + assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + assert C.NK_write_config(255, 255, 255, use_pin_protection, not use_pin_protection, + DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + use_8_digits = True + HOTP_test_data = [ + 1284755224, 1094287082, 137359152, 1726969429, 1640338314, + 868254676, 1918287922, 82162583, 673399871, 645520489, + ] + slot_number = 1 + for counter, code in enumerate(HOTP_test_data): + assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + assert C.NK_write_hotp_slot(slot_number, 'python_test', RFC_SECRET, counter, use_8_digits, False, False, "", + DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + r = C.NK_get_hotp_code(slot_number) + code = str(code)[-8:] if use_8_digits else str(code)[-6:] + assert int(code) == r + + +INT32_MAX = 2 ** 31 - 1 +def test_HOTP_64bit_counter(C): + if is_storage(C): + pytest.xfail('bug in NK Storage HOTP firmware - counter is set with a 8 digits string, ' + 'however int32max takes 10 digits to be written') + oath = pytest.importorskip("oath") + lib_at = lambda t: oath.hotp(RFC_SECRET, t, format='dec6') + PIN_protection = False + use_8_digits = False + slot_number = 1 + assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + assert C.NK_write_config(255, 255, 255, PIN_protection, not PIN_protection, + DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + dev_res = [] + lib_res = [] + for t in range(INT32_MAX - 5, INT32_MAX + 5, 1): + assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + assert C.NK_write_hotp_slot(slot_number, 'python_test', RFC_SECRET, t, use_8_digits, False, False, "", + DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + code_device = str(C.NK_get_hotp_code(slot_number)) + dev_res += (t, code_device) + lib_res += (t, lib_at(t)) + assert dev_res == lib_res + + +def test_TOTP_64bit_time(C): + if is_storage(C): + pytest.xfail('bug in NK Storage TOTP firmware') + oath = pytest.importorskip("oath") + T = 1 + lib_at = lambda t: oath.totp(RFC_SECRET, t=t) + PIN_protection = False + slot_number = 1 + assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + assert C.NK_write_config(255, 255, 255, PIN_protection, not PIN_protection, + DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + assert C.NK_write_totp_slot(slot_number, 'python_test', RFC_SECRET, 30, False, False, False, "", + DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + dev_res = [] + lib_res = [] + for t in range(INT32_MAX - 5, INT32_MAX + 5, 1): + assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + assert C.NK_totp_set_time(t) == DeviceErrorCode.STATUS_OK + code_device = str((C.NK_get_totp_code(slot_number, T, 0, 30))) + dev_res += (t, code_device) + lib_res += (t, lib_at(t)) + assert dev_res == lib_res + + +@pytest.mark.xfail(reason="NK Pro: possible firmware bug or communication issue: set time command not always changes the time on stick thus failing this test, " + "this does not influence normal use since setting time is not done every TOTP code request" + "Rarely fail occurs on NK Storage") +@pytest.mark.parametrize("PIN_protection", [False, True, ]) +def test_TOTP_RFC_usepin(C, PIN_protection): + slot_number = 1 + assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + assert C.NK_write_config(255, 255, 255, PIN_protection, not PIN_protection, + DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + # test according to https://tools.ietf.org/html/rfc6238#appendix-B + assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + assert C.NK_write_totp_slot(slot_number, 'python_test', RFC_SECRET, 30, True, False, False, "", + DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + + get_func = None + if PIN_protection: + get_func = lambda x, y, z, r: C.NK_get_totp_code_PIN(x, y, z, r, DefaultPasswords.USER_TEMP) + else: + get_func = C.NK_get_totp_code + + # Mode: Sha1, time step X=30 + test_data = [ + #Time T (hex) TOTP + (59, 0x1, 94287082), + (1111111109, 0x00000000023523EC, 7081804), + (1111111111, 0x00000000023523ED, 14050471), + (1234567890, 0x000000000273EF07, 89005924), + (2000000000, 0x0000000003F940AA, 69279037), + # (20000000000, 0x0000000027BC86AA, 65353130), # 64bit is also checked in other test + ] + responses = [] + data = [] + correct = 0 + for t, T, expected_code in test_data: + if PIN_protection: + C.NK_user_authenticate(DefaultPasswords.USER, DefaultPasswords.USER_TEMP) + assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + assert C.NK_totp_set_time(t) == DeviceErrorCode.STATUS_OK + code_from_device = get_func(slot_number, T, 0, 30) # FIXME T is not changing the outcome + data += [ (t, expected_code) ] + responses += [ (t, code_from_device) ] + correct += expected_code == code_from_device + assert data == responses or correct == len(test_data) + +def test_get_slot_names(C): + C.NK_set_debug(True) + assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + assert C.NK_erase_totp_slot(0, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + # erasing slot invalidates temporary password, so requesting authentication + assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + assert C.NK_erase_hotp_slot(0, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + + for i in range(15): + name = ffi.string(C.NK_get_totp_slot_name(i)) + if name == '': + assert C.NK_get_last_command_status() == DeviceErrorCode.NOT_PROGRAMMED + for i in range(3): + name = ffi.string(C.NK_get_hotp_slot_name(i)) + if name == '': + assert C.NK_get_last_command_status() == DeviceErrorCode.NOT_PROGRAMMED + + +def test_get_OTP_codes(C): + assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + assert C.NK_write_config(255, 255, 255, False, True, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + for i in range(15): + code = C.NK_get_totp_code(i, 0, 0, 0) + if code == 0: + assert C.NK_get_last_command_status() == DeviceErrorCode.NOT_PROGRAMMED + + for i in range(3): + code = C.NK_get_hotp_code(i) + if code == 0: + assert C.NK_get_last_command_status() == DeviceErrorCode.NOT_PROGRAMMED + + +def test_get_OTP_code_from_not_programmed_slot(C): + assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + assert C.NK_write_config(255, 255, 255, False, True, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + assert C.NK_erase_hotp_slot(0, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + assert C.NK_erase_totp_slot(0, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + + code = C.NK_get_hotp_code(0) + assert code == 0 + assert C.NK_get_last_command_status() == DeviceErrorCode.NOT_PROGRAMMED + + code = C.NK_get_totp_code(0, 0, 0, 0) + assert code == 0 + assert C.NK_get_last_command_status() == DeviceErrorCode.NOT_PROGRAMMED + + +def test_get_code_user_authorize(C): + C.NK_set_debug(True) + assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + assert C.NK_write_totp_slot(0, 'python_otp_auth', RFC_SECRET, 30, True, False, False, "", + DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + # enable PIN protection of OTP codes with write_config + # TODO create convinience function on C API side to enable/disable OTP USER_PIN protection + assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + assert C.NK_write_config(255, 255, 255, True, False, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + code = C.NK_get_totp_code(0, 0, 0, 0) + assert code == 0 + assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_NOT_AUTHORIZED + # disable PIN protection with write_config + assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + assert C.NK_write_config(255, 255, 255, False, True, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + code = C.NK_get_totp_code(0, 0, 0, 0) + assert code != 0 + assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK + + +def cast_pointer_to_tuple(obj, typen, len): + # usage: + # config = cast_pointer_to_tuple(config_raw_data, 'uint8_t', 5) + return tuple(ffi.cast("%s [%d]" % (typen, len), obj)[0:len]) + + +def test_read_write_config(C): + C.NK_set_debug(True) + + # let's set sample config with pin protection and disabled scrolllock + assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + assert C.NK_write_config(0, 1, 2, True, False, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + config_raw_data = C.NK_read_config() + assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK + config = cast_pointer_to_tuple(config_raw_data, 'uint8_t', 5) + assert config == (0, 1, 2, True, False) + + # restore defaults and check + assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + assert C.NK_write_config(255, 255, 255, False, True, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + config_raw_data = C.NK_read_config() + assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK + config = cast_pointer_to_tuple(config_raw_data, 'uint8_t', 5) + assert config == (255, 255, 255, False, True) + + +def test_factory_reset(C): + if is_storage(C): + pytest.skip('Recovery not implemented for NK Storage') + C.NK_set_debug(True) + assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + assert C.NK_write_config(255, 255, 255, False, True, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + assert C.NK_write_hotp_slot(1, 'python_test', RFC_SECRET, 0, False, False, False, "", + DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + assert C.NK_get_hotp_code(1) == 755224 + assert C.NK_factory_reset(DefaultPasswords.ADMIN) == DeviceErrorCode.STATUS_OK + wait(10) + assert C.NK_get_hotp_code(1) != 287082 + assert C.NK_get_last_command_status() == DeviceErrorCode.NOT_PROGRAMMED + # restore AES key + assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + assert C.NK_build_aes_key(DefaultPasswords.ADMIN) == DeviceErrorCode.STATUS_OK + assert C.NK_enable_password_safe(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK + assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK + + +def test_get_status(C): + status = C.NK_status() + s = gs(status) + assert len(s) > 0 + + +def test_get_serial_number(C): + sn = C.NK_device_serial_number() + sn = gs(sn) + assert len(sn) > 0 + print(('Serial number of the device: ', sn)) diff --git a/unittest/test_storage.py b/unittest/test_storage.py new file mode 100644 index 0000000..d6cc558 --- /dev/null +++ b/unittest/test_storage.py @@ -0,0 +1,7 @@ +import pytest + +from misc import ffi, gs, wait, cast_pointer_to_tuple +from constants import DefaultPasswords, DeviceErrorCode, RFC_SECRET, LibraryErrors + + + -- cgit v1.2.3