From 21b98b2174cc13b1fc99d4f1c2155e170465a37f Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Thu, 13 Oct 2016 17:02:09 +0200 Subject: xfail aes support test for now Signed-off-by: Szczepan Zalega --- unittest/test_bindings.py | 1 + 1 file changed, 1 insertion(+) (limited to 'unittest') diff --git a/unittest/test_bindings.py b/unittest/test_bindings.py index 9c266aa..17ebb38 100644 --- a/unittest/test_bindings.py +++ b/unittest/test_bindings.py @@ -181,6 +181,7 @@ def test_destroy_password_safe(C): assert is_slot_programmed[0] == 0 +@pytest.mark.xfail def test_is_AES_supported(C): assert C.NK_is_AES_supported('wrong password') != 1 assert C.NK_get_last_command_status() == DeviceErrorCode.WRONG_PASSWORD -- cgit v1.2.3 From 5e72941919f19c43c1cd7f79c5cb913caf2705e4 Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Fri, 14 Oct 2016 14:01:10 +0200 Subject: Test C API in C++ (Catch) Signed-off-by: Szczepan Zalega --- CMakeLists.txt | 4 +++- unittest/catch_main.cpp | 2 ++ unittest/test_C_API.cpp | 34 ++++++++++++++++++++++++++++++++++ 3 files changed, 39 insertions(+), 1 deletion(-) create mode 100644 unittest/catch_main.cpp create mode 100644 unittest/test_C_API.cpp (limited to 'unittest') diff --git a/CMakeLists.txt b/CMakeLists.txt index 803c465..eedfd35 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -28,6 +28,8 @@ set(SOURCE_FILES log.cc misc.cc NitrokeyManager.cc - NK_C_API.cc include/CommandFailedException.h include/LibraryException.h) + NK_C_API.cc include/CommandFailedException.h include/LibraryException.h + unittest/test_C_API.cpp + unittest/catch_main.cpp) add_executable(libnitrokey ${SOURCE_FILES}) \ No newline at end of file diff --git a/unittest/catch_main.cpp b/unittest/catch_main.cpp new file mode 100644 index 0000000..c8270db --- /dev/null +++ b/unittest/catch_main.cpp @@ -0,0 +1,2 @@ +#define CATCH_CONFIG_MAIN // This tells Catch to provide a main() +#include "catch.hpp" \ No newline at end of file diff --git a/unittest/test_C_API.cpp b/unittest/test_C_API.cpp new file mode 100644 index 0000000..37d3c7f --- /dev/null +++ b/unittest/test_C_API.cpp @@ -0,0 +1,34 @@ +static const int TOO_LONG_STRING = 200; + +#include "catch.hpp" + +#include +#include +#include "log.h" +#include "../NK_C_API.h" + +TEST_CASE("C API connect", "[BASIC]") { + auto login = NK_login_auto(); + REQUIRE(login != 0); + NK_logout(); + login = NK_login_auto(); + REQUIRE(login != 0); + NK_logout(); + login = NK_login_auto(); + REQUIRE(login != 0); +} + +TEST_CASE("Check retry count", "[BASIC]") { + REQUIRE(NK_get_admin_retry_count() == 3); + REQUIRE(NK_get_user_retry_count() == 3); +} + +TEST_CASE("Check long strings", "[STANDARD]") { + char* longPin = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"; + char *pin = "123123123"; + auto result = NK_change_user_PIN(longPin, pin); + REQUIRE(result == TOO_LONG_STRING); + result = NK_change_user_PIN(pin, longPin); + REQUIRE(result == TOO_LONG_STRING); + CAPTURE(result); +} \ No newline at end of file -- cgit v1.2.3 From 234b0dc39d17ab8b2c5d8ed7af5c5681fde84ae4 Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Fri, 14 Oct 2016 14:08:10 +0200 Subject: Tests: check user retry counter based on PIN changing. Lock device before tests. Signed-off-by: Szczepan Zalega --- unittest/test_bindings.py | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) (limited to 'unittest') diff --git a/unittest/test_bindings.py b/unittest/test_bindings.py index 17ebb38..e681085 100644 --- a/unittest/test_bindings.py +++ b/unittest/test_bindings.py @@ -238,6 +238,7 @@ def test_invalid_slot(C): def test_admin_retry_counts(C): default_admin_retry_count = 3 + assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK assert C.NK_get_admin_retry_count() == default_admin_retry_count assert C.NK_change_admin_PIN('wrong_password', DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.WRONG_PASSWORD assert C.NK_get_admin_retry_count() == default_admin_retry_count - 1 @@ -245,8 +246,20 @@ def test_admin_retry_counts(C): assert C.NK_get_admin_retry_count() == default_admin_retry_count -def test_user_retry_counts(C): +def test_user_retry_counts_change_PIN(C): + assert C.NK_change_user_PIN(DefaultPasswords.USER, DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK + wrong_password = 'wrong_password' + default_user_retry_count = 3 + assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK + assert C.NK_get_user_retry_count() == default_user_retry_count + assert C.NK_change_user_PIN(wrong_password, wrong_password) == DeviceErrorCode.WRONG_PASSWORD + assert C.NK_get_user_retry_count() == default_user_retry_count - 1 + assert C.NK_change_user_PIN(DefaultPasswords.USER, DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK + assert C.NK_get_user_retry_count() == default_user_retry_count + +def test_user_retry_counts_PWSafe(C): default_user_retry_count = 3 + assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK assert C.NK_get_user_retry_count() == default_user_retry_count assert C.NK_enable_password_safe('wrong_password') == DeviceErrorCode.WRONG_PASSWORD assert C.NK_get_user_retry_count() == default_user_retry_count - 1 -- cgit v1.2.3 From 8b59b30be4c021c912d2c16a5055168a83e36469 Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Fri, 14 Oct 2016 17:09:11 +0200 Subject: Improve TOTP test - check all codes before failing, use readable names for variables Signed-off-by: Szczepan Zalega --- unittest/test_bindings.py | 36 ++++++++++++++++++++---------------- 1 file changed, 20 insertions(+), 16 deletions(-) (limited to 'unittest') diff --git a/unittest/test_bindings.py b/unittest/test_bindings.py index e681085..f2055fe 100644 --- a/unittest/test_bindings.py +++ b/unittest/test_bindings.py @@ -348,16 +348,17 @@ def test_HOTP_token(C): assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK -@pytest.mark.xfail(reason="firmware bug: set time command not always changes the time on stick thus failing this test, " +@pytest.mark.xfail(reason="possible firmware bug or communication issue: set time command not always changes the time on stick thus failing this test, " "this does not influence normal use since setting time is not done every TOTP code request") @pytest.mark.parametrize("PIN_protection", [False, True, ]) def test_TOTP_RFC_usepin(C, PIN_protection): + slot_number = 1 assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK assert C.NK_write_config(255, 255, 255, PIN_protection, not PIN_protection, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK # test according to https://tools.ietf.org/html/rfc6238#appendix-B assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK - assert C.NK_write_totp_slot(1, 'python_test', RFC_SECRET, 30, True, False, False, "", + assert C.NK_write_totp_slot(slot_number, 'python_test', RFC_SECRET, 30, True, False, False, "", DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK get_func = None @@ -366,26 +367,29 @@ def test_TOTP_RFC_usepin(C, PIN_protection): else: get_func = C.NK_get_totp_code + # Mode: Sha1, time step X=30 test_data = [ - (59, 1, 94287082), - (1111111109, 0x00000000023523EC, 7081804), - (1111111111, 0x00000000023523ED, 14050471), - (1234567890, 0x000000000273EF07, 89005924), + #Time T (hex) TOTP + (59, 0x1, 94287082), + (1111111109, 0x00000000023523EC, 7081804), + (1111111111, 0x00000000023523ED, 14050471), + (1234567890, 0x000000000273EF07, 89005924), + (2000000000, 0x0000000003F940AA, 69279037), + (20000000000, 0x0000000027BC86AA, 65353130), ] - for t, T, code in test_data: - """ - FIXME without the delay 50% of tests fails, with it only 12%, higher delay removes fails - -> set_time function not always works, to investigate why - """ - # import time - # time.sleep(2) + responses = [] + data = [] + correct = 0 + for t, T, expected_code in test_data: if PIN_protection: C.NK_user_authenticate(DefaultPasswords.USER, DefaultPasswords.USER_TEMP) assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK assert C.NK_totp_set_time(t) == DeviceErrorCode.STATUS_OK - r = get_func(1, T, 0, 30) # FIXME T is not changing the outcome - assert code == r - + code_from_device = get_func(slot_number, T, 0, 30) # FIXME T is not changing the outcome + data += [ (t, expected_code) ] + responses += [ (t, code_from_device) ] + correct += expected_code == code_from_device + assert data == responses or correct == len(test_data) def test_get_slot_names(C): C.NK_set_debug(True) -- cgit v1.2.3 From 0435623f8198b9a8ea6c8e64ffd5b081d4639ba8 Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Sat, 15 Oct 2016 11:36:08 +0200 Subject: Skip factory reset until full recovery will be implemented for NK Storage, namely STICK20_CMD_CLEAR_NEW_SD_CARD_FOUND command Signed-off-by: Szczepan Zalega --- unittest/test_bindings.py | 1 + 1 file changed, 1 insertion(+) (limited to 'unittest') diff --git a/unittest/test_bindings.py b/unittest/test_bindings.py index f2055fe..3bb8ca8 100644 --- a/unittest/test_bindings.py +++ b/unittest/test_bindings.py @@ -493,6 +493,7 @@ def wait(t): time.sleep(t) +@pytest.mark.skip(reason='Recover not implemented for NK Storage') def test_factory_reset(C): C.NK_set_debug(True) assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK -- cgit v1.2.3 From 0840919b03fa58fdfe7e0bdbf24341aef1b0b9a9 Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Mon, 17 Oct 2016 20:03:51 +0200 Subject: Tests cleanup: move wait function up Signed-off-by: Szczepan Zalega --- unittest/test_bindings.py | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'unittest') diff --git a/unittest/test_bindings.py b/unittest/test_bindings.py index 3bb8ca8..a5ef607 100644 --- a/unittest/test_bindings.py +++ b/unittest/test_bindings.py @@ -10,6 +10,13 @@ def to_hex(s): return "".join("{:02x}".format(ord(c)) for c in s) +def wait(t): + import time + msg = 'Waiting for %d seconds' % t + print(msg.center(40, '=')) + time.sleep(t) + + RFC_SECRET_HR = '12345678901234567890' RFC_SECRET = to_hex(RFC_SECRET_HR) # '12345678901234567890' @@ -486,13 +493,6 @@ def test_read_write_config(C): assert config == (255, 255, 255, False, True) -def wait(t): - import time - msg = 'Waiting for %d seconds' % t - print(msg.center(40, '=')) - time.sleep(t) - - @pytest.mark.skip(reason='Recover not implemented for NK Storage') def test_factory_reset(C): C.NK_set_debug(True) -- cgit v1.2.3 From d9d010c43a1ea7a21b0bcc9e3175f9769afcc337 Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Mon, 17 Oct 2016 20:04:17 +0200 Subject: Tests: TOTP 64bit time test Signed-off-by: Szczepan Zalega --- unittest/test_bindings.py | 28 +++++++++++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) (limited to 'unittest') diff --git a/unittest/test_bindings.py b/unittest/test_bindings.py index a5ef607..438e88f 100644 --- a/unittest/test_bindings.py +++ b/unittest/test_bindings.py @@ -354,7 +354,33 @@ def test_HOTP_token(C): assert hotp_code != 0 assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK +# todo skip / xfail only for nk storage +@pytest.mark.xfail(reason="bug in NK Storage TOTP firmware") +def test_TOTP_64bit_time(C): + oath = pytest.importorskip("oath") + T = 1 + lib_at = lambda t: oath.totp(RFC_SECRET, t=t) + PIN_protection = False + int32_max = 2 ** 31 - 1 + slot_number = 1 + assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + assert C.NK_write_config(255, 255, 255, PIN_protection, not PIN_protection, + DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + assert C.NK_write_totp_slot(slot_number, 'python_test', RFC_SECRET, 30, False, False, False, "", + DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + dev_res = [] + lib_res = [] + for t in range(int32_max - 5, int32_max + 5, 1): + assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + assert C.NK_totp_set_time(t) == DeviceErrorCode.STATUS_OK + code_device = str((C.NK_get_totp_code(slot_number, T, 0, 30))) + dev_res += (t, code_device) + lib_res += (t, lib_at(t)) + assert dev_res == lib_res + +# todo skip / xfail only for nk pro @pytest.mark.xfail(reason="possible firmware bug or communication issue: set time command not always changes the time on stick thus failing this test, " "this does not influence normal use since setting time is not done every TOTP code request") @pytest.mark.parametrize("PIN_protection", [False, True, ]) @@ -382,7 +408,7 @@ def test_TOTP_RFC_usepin(C, PIN_protection): (1111111111, 0x00000000023523ED, 14050471), (1234567890, 0x000000000273EF07, 89005924), (2000000000, 0x0000000003F940AA, 69279037), - (20000000000, 0x0000000027BC86AA, 65353130), + (20000000000, 0x0000000027BC86AA, 65353130), # 64bit is also checked in other test ] responses = [] data = [] -- cgit v1.2.3 From b0a06732852f3cdf203949a117e41c4b6f5f144b Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Wed, 19 Oct 2016 11:03:41 +0200 Subject: Tests: detect device Pro/Storage. skip AES_support command test for Storage Signed-off-by: Szczepan Zalega --- include/stick10_commands.h | 5 ++++- unittest/test_bindings.py | 23 ++++++++++++++++++++++- 2 files changed, 26 insertions(+), 2 deletions(-) (limited to 'unittest') diff --git a/include/stick10_commands.h b/include/stick10_commands.h index a60be59..d1f12b6 100644 --- a/include/stick10_commands.h +++ b/include/stick10_commands.h @@ -331,7 +331,10 @@ class GetStatus : Command { std::string dissect() const { std::stringstream ss; - ss << "firmware_version:\t" << firmware_version << std::endl; + ss << "firmware_version:\t" + << "[" << firmware_version << "]" << "\t" + << ::nitrokey::misc::hexdump( + (const char *)(&firmware_version), 2, false); ss << "card_serial:\t" << ::nitrokey::misc::hexdump((const char *)(card_serial), sizeof card_serial, false); diff --git a/unittest/test_bindings.py b/unittest/test_bindings.py index 438e88f..7984848 100644 --- a/unittest/test_bindings.py +++ b/unittest/test_bindings.py @@ -85,6 +85,26 @@ def C(request): return C +def get_firmware_version_from_status(C): + status = gs(C.NK_status()) + status = [s if 'firmware_version' in s else '' for s in status.split('\n')] + firmware = status[0].split(':')[1] + return firmware + + +def is_pro_rtm_07(C): + firmware = get_firmware_version_from_status(C) + return '07 00' in firmware + + +def is_storage(C): + """ + exact firmware storage is sent by other function + """ + firmware = get_firmware_version_from_status(C) + return '01 00' in firmware + + def test_enable_password_safe(C): assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK assert C.NK_enable_password_safe('wrong_password') == DeviceErrorCode.WRONG_PASSWORD @@ -188,8 +208,9 @@ def test_destroy_password_safe(C): assert is_slot_programmed[0] == 0 -@pytest.mark.xfail def test_is_AES_supported(C): + if is_storage(C): + pytest.skip("Storage does not implement this command") assert C.NK_is_AES_supported('wrong password') != 1 assert C.NK_get_last_command_status() == DeviceErrorCode.WRONG_PASSWORD assert C.NK_is_AES_supported(DefaultPasswords.USER) == 1 -- cgit v1.2.3 From cc6274bf154754772819b9b53957f48d242f9783 Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Wed, 19 Oct 2016 11:14:59 +0200 Subject: Tests: xfail TOTP 64bit only for Storage Signed-off-by: Szczepan Zalega --- unittest/test_bindings.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'unittest') diff --git a/unittest/test_bindings.py b/unittest/test_bindings.py index 7984848..80aa122 100644 --- a/unittest/test_bindings.py +++ b/unittest/test_bindings.py @@ -375,9 +375,9 @@ def test_HOTP_token(C): assert hotp_code != 0 assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK -# todo skip / xfail only for nk storage -@pytest.mark.xfail(reason="bug in NK Storage TOTP firmware") def test_TOTP_64bit_time(C): + if is_storage(C): + pytest.xfail('bug in NK Storage TOTP firmware') oath = pytest.importorskip("oath") T = 1 lib_at = lambda t: oath.totp(RFC_SECRET, t=t) -- cgit v1.2.3 From 4f0f91d7aafd5d91b1a6b50155cb56af3cd82125 Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Wed, 19 Oct 2016 11:48:07 +0200 Subject: Tests: HOTP counters Signed-off-by: Szczepan Zalega --- unittest/test_bindings.py | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) (limited to 'unittest') diff --git a/unittest/test_bindings.py b/unittest/test_bindings.py index 80aa122..99be00a 100644 --- a/unittest/test_bindings.py +++ b/unittest/test_bindings.py @@ -375,6 +375,29 @@ def test_HOTP_token(C): assert hotp_code != 0 assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK +def test_HOTP_counters(C): + """ + # https://tools.ietf.org/html/rfc4226#page-32 + """ + use_pin_protection = False + assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + assert C.NK_write_config(255, 255, 255, use_pin_protection, not use_pin_protection, + DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + use_8_digits = True + HOTP_test_data = [ + 1284755224, 1094287082, 137359152, 1726969429, 1640338314, + 868254676, 1918287922, 82162583, 673399871, 645520489, + ] + slot_number = 1 + for counter, code in enumerate(HOTP_test_data): + assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + assert C.NK_write_hotp_slot(slot_number, 'python_test', RFC_SECRET, counter, use_8_digits, False, False, "", + DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + r = C.NK_get_hotp_code(slot_number) + code = str(code)[-8:] if use_8_digits else str(code)[-6:] + assert int(code) == r + + def test_TOTP_64bit_time(C): if is_storage(C): pytest.xfail('bug in NK Storage TOTP firmware') -- cgit v1.2.3 From 23160c4bb5b9f9aca7aaffce234d5aeaa3fcf534 Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Wed, 19 Oct 2016 13:11:59 +0200 Subject: Tests: HOTP 64bit counter Signed-off-by: Szczepan Zalega --- unittest/test_bindings.py | 28 ++++++++++++++++++++++++++-- 1 file changed, 26 insertions(+), 2 deletions(-) (limited to 'unittest') diff --git a/unittest/test_bindings.py b/unittest/test_bindings.py index 99be00a..33bdbf0 100644 --- a/unittest/test_bindings.py +++ b/unittest/test_bindings.py @@ -398,6 +398,31 @@ def test_HOTP_counters(C): assert int(code) == r +INT32_MAX = 2 ** 31 - 1 +def test_HOTP_64bit_counter(C): + if is_storage(C): + pytest.xfail('bug in NK Storage HOTP firmware - counter is set with a 8 digits string, ' + 'however int32max takes 10 digits to be written') + oath = pytest.importorskip("oath") + lib_at = lambda t: oath.hotp(RFC_SECRET, t, format='dec6') + PIN_protection = False + use_8_digits = False + slot_number = 1 + assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + assert C.NK_write_config(255, 255, 255, PIN_protection, not PIN_protection, + DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + dev_res = [] + lib_res = [] + for t in range(INT32_MAX - 5, INT32_MAX + 5, 1): + assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + assert C.NK_write_hotp_slot(slot_number, 'python_test', RFC_SECRET, t, use_8_digits, False, False, "", + DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + code_device = str(C.NK_get_hotp_code(slot_number)) + dev_res += (t, code_device) + lib_res += (t, lib_at(t)) + assert dev_res == lib_res + + def test_TOTP_64bit_time(C): if is_storage(C): pytest.xfail('bug in NK Storage TOTP firmware') @@ -405,7 +430,6 @@ def test_TOTP_64bit_time(C): T = 1 lib_at = lambda t: oath.totp(RFC_SECRET, t=t) PIN_protection = False - int32_max = 2 ** 31 - 1 slot_number = 1 assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK assert C.NK_write_config(255, 255, 255, PIN_protection, not PIN_protection, @@ -415,7 +439,7 @@ def test_TOTP_64bit_time(C): DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK dev_res = [] lib_res = [] - for t in range(int32_max - 5, int32_max + 5, 1): + for t in range(INT32_MAX - 5, INT32_MAX + 5, 1): assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK assert C.NK_totp_set_time(t) == DeviceErrorCode.STATUS_OK code_device = str((C.NK_get_totp_code(slot_number, T, 0, 30))) -- cgit v1.2.3 From 182e2d9b7b01ef0d681b9fb97d8bdc263507152c Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Wed, 19 Oct 2016 16:00:30 +0200 Subject: Tests: do not check 64bit TOTP time in general TOTP test Signed-off-by: Szczepan Zalega --- unittest/test_bindings.py | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'unittest') diff --git a/unittest/test_bindings.py b/unittest/test_bindings.py index 33bdbf0..5549606 100644 --- a/unittest/test_bindings.py +++ b/unittest/test_bindings.py @@ -448,8 +448,7 @@ def test_TOTP_64bit_time(C): assert dev_res == lib_res -# todo skip / xfail only for nk pro -@pytest.mark.xfail(reason="possible firmware bug or communication issue: set time command not always changes the time on stick thus failing this test, " +@pytest.mark.xfail(reason="NK Pro: possible firmware bug or communication issue: set time command not always changes the time on stick thus failing this test, " "this does not influence normal use since setting time is not done every TOTP code request") @pytest.mark.parametrize("PIN_protection", [False, True, ]) def test_TOTP_RFC_usepin(C, PIN_protection): @@ -476,7 +475,7 @@ def test_TOTP_RFC_usepin(C, PIN_protection): (1111111111, 0x00000000023523ED, 14050471), (1234567890, 0x000000000273EF07, 89005924), (2000000000, 0x0000000003F940AA, 69279037), - (20000000000, 0x0000000027BC86AA, 65353130), # 64bit is also checked in other test + # (20000000000, 0x0000000027BC86AA, 65353130), # 64bit is also checked in other test ] responses = [] data = [] -- cgit v1.2.3 From 48fba544b8fba67d9f624fa03e5db54461a452d4 Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Wed, 19 Oct 2016 16:05:46 +0200 Subject: Tests: template for testing OTP secrets starting from null Signed-off-by: Szczepan Zalega --- unittest/test_bindings.py | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'unittest') diff --git a/unittest/test_bindings.py b/unittest/test_bindings.py index 5549606..f011d9b 100644 --- a/unittest/test_bindings.py +++ b/unittest/test_bindings.py @@ -644,3 +644,8 @@ def test_warning_binary_bigger_than_secret_buffer(C): invalid_hex_string = to_hex('1234567890') * 3 assert C.NK_write_hotp_slot(1, 'slot_name', invalid_hex_string, 0, True, False, False, '', DefaultPasswords.ADMIN_TEMP) == LibraryErrors.TARGET_BUFFER_SIZE_SMALLER_THAN_SOURCE + + +@pytest.mark.xfail(reason="TODO") +def test_OTP_secret_started_from_null(C): + assert False -- cgit v1.2.3 From e81a132c210e03b6b0a7404a8c96ebda889a5676 Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Wed, 19 Oct 2016 16:09:16 +0200 Subject: Tests: xfail factory reset test for Storage Tests: updated skip/xfail actions Signed-off-by: Szczepan Zalega --- unittest/test_bindings.py | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) (limited to 'unittest') diff --git a/unittest/test_bindings.py b/unittest/test_bindings.py index f011d9b..f7ade46 100644 --- a/unittest/test_bindings.py +++ b/unittest/test_bindings.py @@ -161,9 +161,10 @@ def test_password_safe_slot_status(C): assert is_slot_programmed[1] == 1 -@pytest.mark.xfail(run=False, reason="issue to register: device locks up " - "after below commands sequence (reinsertion fixes), skipping for now") def test_issue_device_locks_on_second_key_generation_in_sequence(C): + if is_pro_rtm_07(C): + pytest.skip("issue to register: device locks up " + "after below commands sequence (reinsertion fixes), skipping for now") assert C.NK_build_aes_key(DefaultPasswords.ADMIN) == DeviceErrorCode.STATUS_OK assert C.NK_build_aes_key(DefaultPasswords.ADMIN) == DeviceErrorCode.STATUS_OK @@ -175,7 +176,7 @@ def test_regenerate_aes_key(C): assert C.NK_enable_password_safe(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK -@pytest.mark.xfail(reason="firmware bug: regenerating AES key command not always results in cleared slot data") +@pytest.mark.xfail(reason="NK Pro firmware bug: regenerating AES key command not always results in cleared slot data") def test_destroy_password_safe(C): """ Sometimes fails on NK Pro - slot name is not cleared ergo key generation has not succeed despite the success result @@ -449,7 +450,8 @@ def test_TOTP_64bit_time(C): @pytest.mark.xfail(reason="NK Pro: possible firmware bug or communication issue: set time command not always changes the time on stick thus failing this test, " - "this does not influence normal use since setting time is not done every TOTP code request") + "this does not influence normal use since setting time is not done every TOTP code request" + "Rarely fail occurs on NK Storage") @pytest.mark.parametrize("PIN_protection", [False, True, ]) def test_TOTP_RFC_usepin(C, PIN_protection): slot_number = 1 @@ -586,8 +588,9 @@ def test_read_write_config(C): assert config == (255, 255, 255, False, True) -@pytest.mark.skip(reason='Recover not implemented for NK Storage') def test_factory_reset(C): + if is_storage(C): + pytest.skip('Recovery not implemented for NK Storage') C.NK_set_debug(True) assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK assert C.NK_write_config(255, 255, 255, False, True, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK -- cgit v1.2.3