From 43bb63424fb7e78c245341c1baf326557ef896e8 Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Tue, 31 Jan 2017 18:53:14 +0100 Subject: C++ tests fixed Signed-off-by: Szczepan Zalega --- unittest/test.cc | 9 +++++---- unittest/test2.cc | 27 ++++++++++++++------------- unittest/test3.cc | 21 ++++++++++++--------- unittest/test_HOTP.cc | 6 +++--- 4 files changed, 34 insertions(+), 29 deletions(-) (limited to 'unittest') diff --git a/unittest/test.cc b/unittest/test.cc index 6744b45..99f96ac 100644 --- a/unittest/test.cc +++ b/unittest/test.cc @@ -13,8 +13,9 @@ using namespace nitrokey::proto::stick10; using namespace nitrokey::log; using namespace nitrokey::misc; +using Dev10 = std::shared_ptr; -std::string getSlotName(Stick10 &stick, int slotNo) { +std::string getSlotName(Dev10 stick, int slotNo) { auto slot_req = get_payload(); slot_req.slot_number = slotNo; auto slot = ReadSlot::CommandTransaction::run(stick, slot_req); @@ -23,8 +24,8 @@ std::string getSlotName(Stick10 &stick, int slotNo) { } TEST_CASE("Slot names are correct", "[slotNames]") { - Stick10 stick; - bool connected = stick.connect(); + auto stick = make_shared(); + bool connected = stick->connect(); REQUIRE(connected == true); Log::instance().set_loglevel(Loglevel::DEBUG); @@ -79,5 +80,5 @@ TEST_CASE("Slot names are correct", "[slotNames]") { REQUIRE(sName == std::string("login1")); } - stick.disconnect(); + stick->disconnect(); } diff --git a/unittest/test2.cc b/unittest/test2.cc index 00e70e3..4b61a3c 100644 --- a/unittest/test2.cc +++ b/unittest/test2.cc @@ -20,9 +20,10 @@ using namespace nitrokey::proto::stick20; using namespace nitrokey::log; using namespace nitrokey::misc; +#include template -void execute_password_command(Device &stick, const char *password, const char kind = 'P') { +void execute_password_command(std::shared_ptr stick, const char *password, const char kind = 'P') { auto p = get_payload(); if (kind == 'P'){ p.set_kind_user(); @@ -47,8 +48,8 @@ void SKIP_TEST() { TEST_CASE("long operation test", "[test_long]") { SKIP_TEST(); - Stick20 stick; - bool connected = stick.connect(); + auto stick = make_shared(); + bool connected = stick->connect(); REQUIRE(connected == true); Log::instance().set_loglevel(Loglevel::DEBUG); try{ @@ -123,8 +124,8 @@ TEST_CASE("test device commands ids", "[fast]") { } TEST_CASE("test device internal status with various commands", "[fast]") { - Stick20 stick; - bool connected = stick.connect(); + auto stick = make_shared(); + bool connected = stick->connect(); REQUIRE(connected == true); Log::instance().set_loglevel(Loglevel::DEBUG); @@ -147,8 +148,8 @@ TEST_CASE("test device internal status with various commands", "[fast]") { } TEST_CASE("setup hidden volume test", "[hidden]") { - Stick20 stick; - bool connected = stick.connect(); + auto stick = make_shared(); + bool connected = stick->connect(); REQUIRE(connected == true); Log::instance().set_loglevel(Loglevel::DEBUG); stick10::LockDevice::CommandTransaction::run(stick); @@ -170,8 +171,8 @@ TEST_CASE("setup hidden volume test", "[hidden]") { } TEST_CASE("setup multiple hidden volumes", "[hidden]") { - Stick20 stick; - bool connected = stick.connect(); + auto stick = make_shared(); + bool connected = stick->connect(); REQUIRE(connected == true); Log::instance().set_loglevel(Loglevel::DEBUG); @@ -207,8 +208,8 @@ TEST_CASE("setup multiple hidden volumes", "[hidden]") { TEST_CASE("update password change", "[dangerous]") { SKIP_TEST(); - Stick20 stick; - bool connected = stick.connect(); + auto stick = make_shared(); + bool connected = stick->connect(); REQUIRE(connected == true); Log::instance().set_loglevel(Loglevel::DEBUG); @@ -228,8 +229,8 @@ TEST_CASE("update password change", "[dangerous]") { } TEST_CASE("general test", "[test]") { - Stick20 stick; - bool connected = stick.connect(); + auto stick = make_shared(); + bool connected = stick->connect(); REQUIRE(connected == true); Log::instance().set_loglevel(Loglevel::DEBUG); diff --git a/unittest/test3.cc b/unittest/test3.cc index 9049365..215df78 100644 --- a/unittest/test3.cc +++ b/unittest/test3.cc @@ -26,13 +26,15 @@ using namespace nitrokey::proto::stick10_08; using namespace nitrokey::log; using namespace nitrokey::misc; -void connect_and_setup(Stick10 &stick) { - bool connected = stick.connect(); +using Dev10 = std::shared_ptr; + +void connect_and_setup(Dev10 stick) { + bool connected = stick->connect(); REQUIRE(connected == true); Log::instance().set_loglevel(Loglevel::DEBUG); } -void authorize(Stick10 &stick) { +void authorize(Dev10 stick) { auto authreq = get_payload(); strcpy((char *) (authreq.card_password), default_admin_pin); strcpy((char *) (authreq.temporary_password), temporary_password); @@ -45,7 +47,8 @@ void authorize(Stick10 &stick) { } TEST_CASE("write slot", "[pronew]"){ - Stick10 stick; + auto stick = make_shared(); + connect_and_setup(stick); authorize(stick); @@ -81,7 +84,7 @@ TEST_CASE("write slot", "[pronew]"){ TEST_CASE("erase slot", "[pronew]"){ - Stick10 stick; + auto stick = make_shared(); connect_and_setup(stick); authorize(stick); @@ -107,7 +110,7 @@ TEST_CASE("erase slot", "[pronew]"){ } TEST_CASE("write general config", "[pronew]") { - Stick10 stick; + auto stick = make_shared(); connect_and_setup(stick); authorize(stick); @@ -121,7 +124,7 @@ TEST_CASE("write general config", "[pronew]") { } TEST_CASE("authorize user HOTP", "[pronew]") { - Stick10 stick; + auto stick = make_shared(); connect_and_setup(stick); authorize(stick); @@ -164,7 +167,7 @@ TEST_CASE("authorize user HOTP", "[pronew]") { } TEST_CASE("check firmware version", "[pronew]") { - Stick10 stick; + auto stick = make_shared(); connect_and_setup(stick); auto p = GetStatus::CommandTransaction::run(stick); @@ -172,7 +175,7 @@ TEST_CASE("check firmware version", "[pronew]") { } TEST_CASE("authorize user TOTP", "[pronew]") { - Stick10 stick; + auto stick = make_shared(); connect_and_setup(stick); authorize(stick); diff --git a/unittest/test_HOTP.cc b/unittest/test_HOTP.cc index d31df55..c6b62a3 100644 --- a/unittest/test_HOTP.cc +++ b/unittest/test_HOTP.cc @@ -34,8 +34,8 @@ TEST_CASE("test secret", "[functions]") { } TEST_CASE("Test HOTP codes according to RFC", "[HOTP]") { - Stick10 stick; - bool connected = stick.connect(); + std::shared_ptr stick = make_shared(); + bool connected = stick->connect(); REQUIRE(connected == true); @@ -98,5 +98,5 @@ TEST_CASE("Test HOTP codes according to RFC", "[HOTP]") { } - stick.disconnect(); + stick->disconnect(); } -- cgit v1.2.1 From fa02c23ee2f4bef6be8a502e11fc568dc74b4235 Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Mon, 6 Feb 2017 09:25:03 +0100 Subject: Use CMake instead of Make Signed-off-by: Szczepan Zalega --- unittest/test.cc | 1 - unittest/test2.cc | 1 - unittest/test3.cc | 5 ----- unittest/test_HOTP.cc | 3 +-- 4 files changed, 1 insertion(+), 9 deletions(-) (limited to 'unittest') diff --git a/unittest/test.cc b/unittest/test.cc index 99f96ac..15235bd 100644 --- a/unittest/test.cc +++ b/unittest/test.cc @@ -1,4 +1,3 @@ -#define CATCH_CONFIG_MAIN // This tells Catch to provide a main() #include "catch.hpp" #include diff --git a/unittest/test2.cc b/unittest/test2.cc index 4b61a3c..31dbce8 100644 --- a/unittest/test2.cc +++ b/unittest/test2.cc @@ -1,4 +1,3 @@ -#define CATCH_CONFIG_MAIN // This tells Catch to provide a main() static const char *const default_admin_pin = "12345678"; static const char *const default_user_pin = "123456"; diff --git a/unittest/test3.cc b/unittest/test3.cc index 215df78..5302044 100644 --- a/unittest/test3.cc +++ b/unittest/test3.cc @@ -1,8 +1,3 @@ -// -// Created by sz on 08.11.16. -// - -#define CATCH_CONFIG_MAIN // This tells Catch to provide a main() static const char *const default_admin_pin = "12345678"; static const char *const default_user_pin = "123456"; diff --git a/unittest/test_HOTP.cc b/unittest/test_HOTP.cc index c6b62a3..e6f7d7c 100644 --- a/unittest/test_HOTP.cc +++ b/unittest/test_HOTP.cc @@ -1,4 +1,3 @@ -#define CATCH_CONFIG_MAIN // This tells Catch to provide a main() #include "catch.hpp" #include #include "device_proto.h" @@ -14,7 +13,7 @@ using namespace nitrokey::log; using namespace nitrokey::misc; void hexStringToByte(uint8_t data[], const char* hexString){ - assert(strlen(hexString)%2==0); + REQUIRE(strlen(hexString)%2==0); char buf[2]; for(int i=0; i Date: Mon, 6 Feb 2017 10:53:08 +0100 Subject: Use alias for easy device change Signed-off-by: Szczepan Zalega --- unittest/test3.cc | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) (limited to 'unittest') diff --git a/unittest/test3.cc b/unittest/test3.cc index 5302044..9e0ef11 100644 --- a/unittest/test3.cc +++ b/unittest/test3.cc @@ -21,7 +21,8 @@ using namespace nitrokey::proto::stick10_08; using namespace nitrokey::log; using namespace nitrokey::misc; -using Dev10 = std::shared_ptr; +using Dev = Stick10; +using Dev10 = std::shared_ptr; void connect_and_setup(Dev10 stick) { bool connected = stick->connect(); @@ -42,7 +43,7 @@ void authorize(Dev10 stick) { } TEST_CASE("write slot", "[pronew]"){ - auto stick = make_shared(); + auto stick = make_shared(); connect_and_setup(stick); authorize(stick); @@ -79,7 +80,7 @@ TEST_CASE("write slot", "[pronew]"){ TEST_CASE("erase slot", "[pronew]"){ - auto stick = make_shared(); + auto stick = make_shared(); connect_and_setup(stick); authorize(stick); @@ -105,7 +106,7 @@ TEST_CASE("erase slot", "[pronew]"){ } TEST_CASE("write general config", "[pronew]") { - auto stick = make_shared(); + auto stick = make_shared(); connect_and_setup(stick); authorize(stick); @@ -119,7 +120,7 @@ TEST_CASE("write general config", "[pronew]") { } TEST_CASE("authorize user HOTP", "[pronew]") { - auto stick = make_shared(); + auto stick = make_shared(); connect_and_setup(stick); authorize(stick); @@ -162,7 +163,7 @@ TEST_CASE("authorize user HOTP", "[pronew]") { } TEST_CASE("check firmware version", "[pronew]") { - auto stick = make_shared(); + auto stick = make_shared(); connect_and_setup(stick); auto p = GetStatus::CommandTransaction::run(stick); @@ -170,7 +171,7 @@ TEST_CASE("check firmware version", "[pronew]") { } TEST_CASE("authorize user TOTP", "[pronew]") { - auto stick = make_shared(); + auto stick = make_shared(); connect_and_setup(stick); authorize(stick); -- cgit v1.2.1 From 2d518b08787575914160ea0b1057c26d1d05b764 Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Mon, 6 Feb 2017 10:54:34 +0100 Subject: Remove Makefile Signed-off-by: Szczepan Zalega --- unittest/Makefile | 33 --------------------------------- 1 file changed, 33 deletions(-) delete mode 100644 unittest/Makefile (limited to 'unittest') diff --git a/unittest/Makefile b/unittest/Makefile deleted file mode 100644 index dbd003e..0000000 --- a/unittest/Makefile +++ /dev/null @@ -1,33 +0,0 @@ -CC = $(PREFIX)-gcc -#CXX = $(PREFIX)-g++ -CXX = clang++-3.8 -LD = $(CXX) - -INCLUDE = -I../include -ICatch/single_include/ -LIB = -L../build -LDLIBS = -lnitrokey -BUILD = build - -CXXFLAGS = -std=c++14 -fPIC -Wno-gnu-variable-sized-type-not-at-end - -CXXSOURCES = $(wildcard *.cc) -TARGETS = $(CXXSOURCES:%.cc=$(BUILD)/%) -DEPENDS = $(CXXSOURCES:%.cc=$(BUILD)/%.d) - -$(BUILD)/%.d: %.cc - $(CXX) -M $< -o $@ $(INCLUDE) $(CXXFLAGS) - -$(BUILD)/%: %.cc $(DEPENDS) - $(CXX) $< -o $@ $(INCLUDE) $(LIB) $(CXXFLAGS) $(LDLIBS) - -all: $(TARGETS) - -clean: - rm -f $(TARGETS) - -mrproper: clean - rm -f $(BUILD)/*.d - -.PHONY: all clean mrproper - -include $(wildcard build/*.d) -- cgit v1.2.1 From 735d7eebcf132c1146da14989ed70fda2f01c06f Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Sat, 18 Feb 2017 17:02:33 +0100 Subject: Add script for installing python dependencies for unit tests Signed-off-by: Szczepan Zalega --- unittest/setup_python_dependencies.sh | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 unittest/setup_python_dependencies.sh (limited to 'unittest') diff --git a/unittest/setup_python_dependencies.sh b/unittest/setup_python_dependencies.sh new file mode 100644 index 0000000..0f1a0f7 --- /dev/null +++ b/unittest/setup_python_dependencies.sh @@ -0,0 +1,3 @@ +#!/bin/bash + +pip install -r requirements.txt --user -- cgit v1.2.1 From bd5fd5d6cf42732c4a34c10d390d3596615e9a47 Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Sat, 18 Feb 2017 17:03:16 +0100 Subject: Remove unnecessary extern keyword from C API Signed-off-by: Szczepan Zalega --- unittest/conftest.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'unittest') diff --git a/unittest/conftest.py b/unittest/conftest.py index 88bf7d0..f43f153 100644 --- a/unittest/conftest.py +++ b/unittest/conftest.py @@ -22,8 +22,8 @@ def C(request): a = iter(declarations) for declaration in a: - if declaration.startswith('extern') and not '"C"' in declaration: - declaration = declaration.replace('extern', '').strip() + if declaration.startswith('NK_C_API'): + declaration = declaration.replace('NK_C_API', '').strip() while not ';' in declaration: declaration += (next(a)).strip() print(declaration) -- cgit v1.2.1 From bbbb596a0e6e5b22a19d5543d20e7b2dfc1a0f83 Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Sat, 18 Feb 2017 17:06:32 +0100 Subject: Add oath to Pythons unittest requirements Signed-off-by: Szczepan Zalega --- unittest/requirements.txt | 1 + 1 file changed, 1 insertion(+) (limited to 'unittest') diff --git a/unittest/requirements.txt b/unittest/requirements.txt index 7224741..2cb9c05 100644 --- a/unittest/requirements.txt +++ b/unittest/requirements.txt @@ -2,3 +2,4 @@ cffi pytest-repeat pytest-randomly enum +oath \ No newline at end of file -- cgit v1.2.1 From 544d68631303fa35b5e6a538f8afb4e054ad9302 Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Sat, 18 Feb 2017 17:08:07 +0100 Subject: Add some complex unit tests to find out corruption cause Signed-off-by: Szczepan Zalega --- unittest/test_pro.py | 70 +++++++++++++++++++++- unittest/test_storage.py | 147 ++++++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 214 insertions(+), 3 deletions(-) (limited to 'unittest') diff --git a/unittest/test_pro.py b/unittest/test_pro.py index 4a2a504..0ad42e1 100644 --- a/unittest/test_pro.py +++ b/unittest/test_pro.py @@ -22,6 +22,71 @@ def test_write_password_safe_slot(C): assert C.NK_write_password_safe_slot(0, 'slotname1', 'login1', 'pass1') == DeviceErrorCode.STATUS_OK +@pytest.mark.slowtest +def test_write_all_password_safe_slots_and_read_10_times(C): + def fill(s, wid): + assert wid >= len(s) + numbers = '1234567890'*4 + s += numbers[:wid-len(s)] + assert len(s) == wid + return s + + def get_pass(suffix): + return fill('pass' + suffix, 20) + + def get_loginname(suffix): + return fill('login' + suffix, 32) + + def get_slotname(suffix): + return fill('slotname' + suffix, 11) + + assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK + assert C.NK_enable_password_safe(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK + PWS_slot_count = 16 + for i in range(0, PWS_slot_count): + iss = str(i) + assert C.NK_write_password_safe_slot(i, + get_slotname(iss), get_loginname(iss), + get_pass(iss)) == DeviceErrorCode.STATUS_OK + + for j in range(0, 10): + for i in range(0, PWS_slot_count): + iss = str(i) + assert gs(C.NK_get_password_safe_slot_name(i)) == get_slotname(iss) + assert gs(C.NK_get_password_safe_slot_login(i)) == get_loginname(iss) + assert gs(C.NK_get_password_safe_slot_password(i)) == get_pass(iss) + + +@pytest.mark.slowtest +def test_read_all_password_safe_slots_10_times(C): + def fill(s, wid): + assert wid >= len(s) + numbers = '1234567890'*4 + s += numbers[:wid-len(s)] + assert len(s) == wid + return s + + def get_pass(suffix): + return fill('pass' + suffix, 20) + + def get_loginname(suffix): + return fill('login' + suffix, 32) + + def get_slotname(suffix): + return fill('slotname' + suffix, 11) + + assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK + assert C.NK_enable_password_safe(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK + PWS_slot_count = 16 + + for j in range(0, 10): + for i in range(0, PWS_slot_count): + iss = str(i) + assert gs(C.NK_get_password_safe_slot_name(i)) == get_slotname(iss) + assert gs(C.NK_get_password_safe_slot_login(i)) == get_loginname(iss) + assert gs(C.NK_get_password_safe_slot_password(i)) == get_pass(iss) + + def test_get_password_safe_slot_name(C): assert C.NK_enable_password_safe(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK assert C.NK_write_password_safe_slot(0, 'slotname1', 'login1', 'pass1') == DeviceErrorCode.STATUS_OK @@ -645,10 +710,11 @@ def test_TOTP_secrets(C, secret): @pytest.mark.parametrize("secret", [RFC_SECRET, 2*RFC_SECRET, '12'*10, '12'*30] ) def test_HOTP_secrets(C, secret): """ - NK Pro 0.8+, NK Storage 0.44+ + NK Pro 0.8+ feature needed: support for 320bit secrets """ - skip_if_device_version_lower_than({'S': 44, 'P': 8}) + if len(secret)>40: + skip_if_device_version_lower_than({'P': 8}) slot_number = 0 counter = 0 diff --git a/unittest/test_storage.py b/unittest/test_storage.py index a1c59aa..9c01382 100644 --- a/unittest/test_storage.py +++ b/unittest/test_storage.py @@ -57,6 +57,7 @@ def test_encrypted_volume_unlock_hidden(C): assert C.NK_create_hidden_volume(0, 20, 21, hidden_volume_password) == DeviceErrorCode.STATUS_OK assert C.NK_unlock_hidden_volume(hidden_volume_password) == DeviceErrorCode.STATUS_OK + @pytest.mark.skip(reason='hangs device, to report') def test_encrypted_volume_setup_multiple_hidden(C): skip_if_device_version_lower_than({'S': 43}) @@ -72,6 +73,149 @@ def test_encrypted_volume_setup_multiple_hidden(C): assert C.NK_unlock_hidden_volume(p(i)) == DeviceErrorCode.STATUS_OK +@pytest.mark.parametrize("volumes_to_setup", range(1, 5)) +def test_encrypted_volume_setup_multiple_hidden_no_lock_device_volumes(C, volumes_to_setup): + skip_if_device_version_lower_than({'S': 43}) + hidden_volume_password = 'hiddenpassword' + p = lambda i: hidden_volume_password + str(i) + assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK + assert C.NK_unlock_encrypted_volume(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK + for i in range(volumes_to_setup): + assert C.NK_create_hidden_volume(i, 20+i*10, 20+i*10+i+1, p(i)) == DeviceErrorCode.STATUS_OK + + assert C.NK_lock_encrypted_volume() == DeviceErrorCode.STATUS_OK + assert C.NK_unlock_encrypted_volume(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK + + for i in range(volumes_to_setup): + assert C.NK_unlock_hidden_volume(p(i)) == DeviceErrorCode.STATUS_OK + # TODO mount and test for files + assert C.NK_lock_hidden_volume() == DeviceErrorCode.STATUS_OK + + +@pytest.mark.parametrize("volumes_to_setup", range(1, 5)) +def test_encrypted_volume_setup_multiple_hidden_no_lock_device_volumes_unlock_at_once(C, volumes_to_setup): + skip_if_device_version_lower_than({'S': 43}) + hidden_volume_password = 'hiddenpassword' + p = lambda i: hidden_volume_password + str(i) + assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK + assert C.NK_unlock_encrypted_volume(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK + for i in range(volumes_to_setup): + assert C.NK_create_hidden_volume(i, 20+i*10, 20+i*10+i+1, p(i)) == DeviceErrorCode.STATUS_OK + assert C.NK_unlock_hidden_volume(p(i)) == DeviceErrorCode.STATUS_OK + assert C.NK_lock_hidden_volume() == DeviceErrorCode.STATUS_OK + + assert C.NK_lock_encrypted_volume() == DeviceErrorCode.STATUS_OK + assert C.NK_unlock_encrypted_volume(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK + + for i in range(volumes_to_setup): + assert C.NK_unlock_hidden_volume(p(i)) == DeviceErrorCode.STATUS_OK + # TODO mount and test for files + assert C.NK_lock_hidden_volume() == DeviceErrorCode.STATUS_OK + + +@pytest.mark.parametrize("use_slot", range(4)) +def test_encrypted_volume_setup_one_hidden_no_lock_device_slot(C, use_slot): + skip_if_device_version_lower_than({'S': 43}) + hidden_volume_password = 'hiddenpassword' + p = lambda i: hidden_volume_password + str(i) + assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK + assert C.NK_unlock_encrypted_volume(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK + i = use_slot + assert C.NK_create_hidden_volume(i, 20+i*10, 20+i*10+i+1, p(i)) == DeviceErrorCode.STATUS_OK + assert C.NK_unlock_hidden_volume(p(i)) == DeviceErrorCode.STATUS_OK + assert C.NK_lock_hidden_volume() == DeviceErrorCode.STATUS_OK + + assert C.NK_lock_encrypted_volume() == DeviceErrorCode.STATUS_OK + assert C.NK_unlock_encrypted_volume(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK + + for j in range(3): + assert C.NK_unlock_hidden_volume(p(i)) == DeviceErrorCode.STATUS_OK + # TODO mount and test for files + assert C.NK_lock_hidden_volume() == DeviceErrorCode.STATUS_OK + + +def test_password_safe_slot_name_corruption(C): + skip_if_device_version_lower_than({'S': 43}) + volumes_to_setup = 4 + # connected with encrypted volumes, possible also with hidden + def fill(s, wid): + assert wid >= len(s) + numbers = '1234567890' * 4 + s += numbers[:wid - len(s)] + assert len(s) == wid + return s + + def get_pass(suffix): + return fill('pass' + suffix, 20) + + def get_loginname(suffix): + return fill('login' + suffix, 32) + + def get_slotname(suffix): + return fill('slotname' + suffix, 11) + + assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK + assert C.NK_enable_password_safe(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK + PWS_slot_count = 16 + for i in range(0, PWS_slot_count): + iss = str(i) + assert C.NK_write_password_safe_slot(i, + get_slotname(iss), get_loginname(iss), + get_pass(iss)) == DeviceErrorCode.STATUS_OK + + def check_PWS_correctness(C): + for i in range(0, PWS_slot_count): + iss = str(i) + assert gs(C.NK_get_password_safe_slot_name(i)) == get_slotname(iss) + assert gs(C.NK_get_password_safe_slot_login(i)) == get_loginname(iss) + assert gs(C.NK_get_password_safe_slot_password(i)) == get_pass(iss) + + hidden_volume_password = 'hiddenpassword' + p = lambda i: hidden_volume_password + str(i) + def check_volumes_correctness(C): + for i in range(volumes_to_setup): + assert C.NK_unlock_hidden_volume(p(i)) == DeviceErrorCode.STATUS_OK + # TODO mount and test for files + assert C.NK_lock_hidden_volume() == DeviceErrorCode.STATUS_OK + + check_PWS_correctness(C) + + assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK + assert C.NK_unlock_encrypted_volume(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK + for i in range(volumes_to_setup): + assert C.NK_create_hidden_volume(i, 20+i*10, 20+i*10+i+1, p(i)) == DeviceErrorCode.STATUS_OK + assert C.NK_unlock_hidden_volume(p(i)) == DeviceErrorCode.STATUS_OK + assert C.NK_lock_hidden_volume() == DeviceErrorCode.STATUS_OK + + assert C.NK_lock_encrypted_volume() == DeviceErrorCode.STATUS_OK + assert C.NK_unlock_encrypted_volume(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK + + check_volumes_correctness(C) + check_PWS_correctness(C) + check_volumes_correctness(C) + check_PWS_correctness(C) + + assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK + assert C.NK_unlock_encrypted_volume(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK + check_volumes_correctness(C) + check_PWS_correctness(C) + assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK + assert C.NK_unlock_encrypted_volume(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK + check_volumes_correctness(C) + check_PWS_correctness(C) + +def test_hidden_volume_corruption(C): + # bug: this should return error without unlocking encrypted volume each hidden volume lock, but it does not + assert C.NK_lock_encrypted_volume() == DeviceErrorCode.STATUS_OK + assert C.NK_unlock_encrypted_volume(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK + hidden_volume_password = 'hiddenpassword' + p = lambda i: hidden_volume_password + str(i) + for i in range(4): + assert C.NK_unlock_encrypted_volume(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK + assert C.NK_unlock_hidden_volume(p(i)) == DeviceErrorCode.STATUS_OK + wait(2) + assert C.NK_lock_hidden_volume() == DeviceErrorCode.STATUS_OK + def test_unencrypted_volume_set_read_only(C): skip_if_device_version_lower_than({'S': 43}) assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK @@ -94,7 +238,8 @@ def test_clear_new_sd_card_notification(C): assert C.NK_clear_new_sd_card_warning(DefaultPasswords.ADMIN) == DeviceErrorCode.STATUS_OK -@pytest.mark.skip +@pytest.mark.slowtest +@pytest.mark.skip(reason='long test (about 1h)') def test_fill_SD_card(C): skip_if_device_version_lower_than({'S': 43}) status = C.NK_fill_SD_card_with_random_data(DefaultPasswords.ADMIN) -- cgit v1.2.1 From 097c9ecf42d2724a074ea9e0d317ed5f38b5ca37 Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Mon, 6 Mar 2017 13:47:52 +0100 Subject: Prefer to use log-enabled library in tests Signed-off-by: Szczepan Zalega --- unittest/conftest.py | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) (limited to 'unittest') diff --git a/unittest/conftest.py b/unittest/conftest.py index f43f153..67b45aa 100644 --- a/unittest/conftest.py +++ b/unittest/conftest.py @@ -29,7 +29,23 @@ def C(request): print(declaration) ffi.cdef(declaration, override=True) - C = ffi.dlopen("../build/libnitrokey.so") + C = None + import os, sys + path_build = os.path.join("..", "build") + paths = [ os.path.join(path_build,"libnitrokey-log.so"), + os.path.join(path_build,"libnitrokey.so")] + for p in paths: + print p + if os.path.exists(p): + C = ffi.dlopen(p) + break + else: + print("File does not exist: " + p) + print("Trying another") + if not C: + print("No library file found") + sys.exit(1) + C.NK_set_debug(False) nk_login = C.NK_login_auto() if nk_login != 1: -- cgit v1.2.1 From f7101225f26176f62ef3df48bd20d43521210987 Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Mon, 6 Mar 2017 13:49:13 +0100 Subject: Update encrypted volume test. Use random password. Randomizing password to ensure correctness of setting up hidden volume in current iteration Signed-off-by: Szczepan Zalega --- unittest/test_storage.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'unittest') diff --git a/unittest/test_storage.py b/unittest/test_storage.py index 9c01382..da7c9a3 100644 --- a/unittest/test_storage.py +++ b/unittest/test_storage.py @@ -58,10 +58,10 @@ def test_encrypted_volume_unlock_hidden(C): assert C.NK_unlock_hidden_volume(hidden_volume_password) == DeviceErrorCode.STATUS_OK -@pytest.mark.skip(reason='hangs device, to report') -def test_encrypted_volume_setup_multiple_hidden(C): - skip_if_device_version_lower_than({'S': 43}) - hidden_volume_password = 'hiddenpassword' +def test_encrypted_volume_setup_multiple_hidden_lock(C): + import random + skip_if_device_version_lower_than({'S': 45}) #hangs device on lower version + hidden_volume_password = 'hiddenpassword' + str(random.randint(0,100)) p = lambda i: hidden_volume_password + str(i) assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK assert C.NK_unlock_encrypted_volume(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK -- cgit v1.2.1 From 9e659919a4b2da8855a1c7ec83edb685e6fec663 Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Mon, 6 Mar 2017 15:43:28 +0100 Subject: Authenticate before factory reset so the command will not timeout To investigate later Signed-off-by: Szczepan Zalega --- unittest/test_pro.py | 3 +++ 1 file changed, 3 insertions(+) (limited to 'unittest') diff --git a/unittest/test_pro.py b/unittest/test_pro.py index 0ad42e1..67fc585 100644 --- a/unittest/test_pro.py +++ b/unittest/test_pro.py @@ -147,6 +147,9 @@ def test_regenerate_aes_key(C): def test_enable_password_safe_after_factory_reset(C): assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK + if is_storage(C): + # for some reason storage likes to be authenticated before reset (to investigate) + assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK assert C.NK_factory_reset(DefaultPasswords.ADMIN) == DeviceErrorCode.STATUS_OK wait(10) if is_storage(C): -- cgit v1.2.1 From 1b1a3211faa806d656b0ebb50864348c595857ed Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Mon, 6 Mar 2017 15:43:52 +0100 Subject: Correct comments and fix firmware version requirements Signed-off-by: Szczepan Zalega --- unittest/test_pro.py | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'unittest') diff --git a/unittest/test_pro.py b/unittest/test_pro.py index 67fc585..0140994 100644 --- a/unittest/test_pro.py +++ b/unittest/test_pro.py @@ -58,6 +58,7 @@ def test_write_all_password_safe_slots_and_read_10_times(C): @pytest.mark.slowtest +@pytest.mark.xfail(reason="This test should be run directly after test_write_all_password_safe_slots_and_read_10_times") def test_read_all_password_safe_slots_10_times(C): def fill(s, wid): assert wid >= len(s) @@ -591,7 +592,7 @@ def test_OTP_secret_started_from_null(C, secret): skip_if_device_version_lower_than({'S': 43, 'P': 8}) if len(secret) > 40: # feature: 320 bit long secret handling - skip_if_device_version_lower_than({'S': 44, 'P': 8}) + skip_if_device_version_lower_than({'P': 8}) oath = pytest.importorskip("oath") lib_at = lambda t: oath.hotp(secret, t, format='dec6') @@ -685,8 +686,9 @@ def test_TOTP_secrets(C, secret): ''' skip_if_device_version_lower_than({'S': 44, 'P': 8}) - if is_pro_rtm_07(C) and len(secret)>20*2: #*2 since secret is in hex - pytest.skip("Secret lengths over 20 bytes are not supported by NK Pro 0.7 ") + if len(secret)>20*2: #*2 since secret is in hex + # pytest.skip("Secret lengths over 20 bytes are not supported by NK Pro 0.7 and NK Storage") + skip_if_device_version_lower_than({'P': 8}) slot_number = 0 time = 0 period = 30 @@ -764,7 +766,7 @@ def test_edit_OTP_slot(C): """ should change slots counter and name without changing its secret (using null secret for second update) """ - # counter does not reset under Storage v0.43 + # counter is not getting updated under Storage v0.43 - #TOREPORT skip_if_device_version_lower_than({'S': 44, 'P': 7}) secret = RFC_SECRET -- cgit v1.2.1 From 9cfce3cf6b531b01296dbebc1cc7844c1e049478 Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Sat, 11 Mar 2017 13:48:02 +0100 Subject: Fix compilation warnings Signed-off-by: Szczepan Zalega --- unittest/test_C_API.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'unittest') diff --git a/unittest/test_C_API.cpp b/unittest/test_C_API.cpp index 37d3c7f..160145b 100644 --- a/unittest/test_C_API.cpp +++ b/unittest/test_C_API.cpp @@ -24,8 +24,8 @@ TEST_CASE("Check retry count", "[BASIC]") { } TEST_CASE("Check long strings", "[STANDARD]") { - char* longPin = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"; - char *pin = "123123123"; + const char* longPin = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"; + const char* pin = "123123123"; auto result = NK_change_user_PIN(longPin, pin); REQUIRE(result == TOO_LONG_STRING); result = NK_change_user_PIN(pin, longPin); -- cgit v1.2.1