From 9d84244156e8abd93a7c1d4326231bcd1abb909d Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Fri, 9 Sep 2016 15:27:42 +0200 Subject: C++ test update (compilation fix) Signed-off-by: Szczepan Zalega --- unittest/test.cc | 12 ++++++------ unittest/test_HOTP.cc | 2 +- 2 files changed, 7 insertions(+), 7 deletions(-) (limited to 'unittest') diff --git a/unittest/test.cc b/unittest/test.cc index 6267512..6744b45 100644 --- a/unittest/test.cc +++ b/unittest/test.cc @@ -18,7 +18,7 @@ std::string getSlotName(Stick10 &stick, int slotNo) { auto slot_req = get_payload(); slot_req.slot_number = slotNo; auto slot = ReadSlot::CommandTransaction::run(stick, slot_req); - std::string sName(reinterpret_cast(slot.slot_name)); + std::string sName(reinterpret_cast(slot.data().slot_name)); return sName; } @@ -47,18 +47,18 @@ TEST_CASE("Slot names are correct", "[slotNames]") { { auto resp = GetPasswordRetryCount::CommandTransaction::run(stick); - REQUIRE(resp.password_retry_count == 3); + REQUIRE(resp.data().password_retry_count == 3); } { auto resp = GetUserPasswordRetryCount::CommandTransaction::run(stick); - REQUIRE(resp.password_retry_count == 3); + REQUIRE(resp.data().password_retry_count == 3); } { auto slot = get_payload(); slot.slot_number = 0; auto resp2 = GetPasswordSafeSlotName::CommandTransaction::run(stick, slot); - std::string sName(reinterpret_cast(resp2.slot_name)); + std::string sName(reinterpret_cast(resp2.data().slot_name)); REQUIRE(sName == std::string("web1")); } @@ -67,7 +67,7 @@ TEST_CASE("Slot names are correct", "[slotNames]") { slot.slot_number = 0; auto resp2 = GetPasswordSafeSlotPassword::CommandTransaction::run(stick, slot); - std::string sName(reinterpret_cast(resp2.slot_password)); + std::string sName(reinterpret_cast(resp2.data().slot_password)); REQUIRE(sName == std::string("pass1")); } @@ -75,7 +75,7 @@ TEST_CASE("Slot names are correct", "[slotNames]") { auto slot = get_payload(); slot.slot_number = 0; auto resp2 = GetPasswordSafeSlotLogin::CommandTransaction::run(stick, slot); - std::string sName(reinterpret_cast(resp2.slot_login)); + std::string sName(reinterpret_cast(resp2.data().slot_login)); REQUIRE(sName == std::string("login1")); } diff --git a/unittest/test_HOTP.cc b/unittest/test_HOTP.cc index f25bad4..d31df55 100644 --- a/unittest/test_HOTP.cc +++ b/unittest/test_HOTP.cc @@ -84,7 +84,7 @@ TEST_CASE("Test HOTP codes according to RFC", "[HOTP]") { auto gh = get_payload(); gh.slot_number = 0x10; auto resp = GetHOTP::CommandTransaction::run(stick, gh); - REQUIRE( resp.code == code); + REQUIRE( resp.data().code == code); } //checking slot programmed before with nitro-app /* -- cgit v1.2.1 From 3632e8a32d47950102bc077fd32f9c88316370e9 Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Sat, 10 Sep 2016 10:50:59 +0200 Subject: Assume secret is coded in hex for OTP slot write #31 Signed-off-by: Szczepan Zalega --- unittest/test_bindings.py | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) (limited to 'unittest') diff --git a/unittest/test_bindings.py b/unittest/test_bindings.py index eeda247..377203e 100644 --- a/unittest/test_bindings.py +++ b/unittest/test_bindings.py @@ -5,8 +5,15 @@ from enum import Enum ffi = cffi.FFI() gs = ffi.string -RFC_SECRET = '12345678901234567890' +def to_hex(s): + return "".join("{:02x}".format(ord(c)) for c in s) + + +RFC_SECRET_HR = '12345678901234567890' +RFC_SECRET = to_hex(RFC_SECRET_HR) #'12345678901234567890' + +# print( repr((RFC_SECRET, RFC_SECRET_, len(RFC_SECRET))) ) class DefaultPasswords(Enum): ADMIN = '12345678' @@ -214,7 +221,7 @@ def test_invalid_slot(C): invalid_slot = 255 assert C.NK_erase_totp_slot(invalid_slot, 'some password') == LibraryErrors.INVALID_SLOT assert C.NK_write_hotp_slot(invalid_slot, 'long_test', RFC_SECRET, 0, False, False, False, "", - 'aaa') == LibraryErrors.INVALID_SLOT + 'aaa') == LibraryErrors.INVALID_SLOT assert C.NK_get_hotp_code_PIN(invalid_slot, 'some password') == 0 assert C.NK_get_last_command_status() == LibraryErrors.INVALID_SLOT assert C.NK_erase_password_safe_slot(invalid_slot) == LibraryErrors.INVALID_SLOT -- cgit v1.2.1 From a46491a97da08e495c92bba8046426678b5564f7 Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Fri, 9 Sep 2016 16:42:31 +0200 Subject: Remove asserts in favor of exceptions or warnings. Test changes in Python. On possible data truncation return LibraryError(exception) instead of silently truncating and logging warning Signed-off-by: Szczepan Zalega --- unittest/test_bindings.py | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) (limited to 'unittest') diff --git a/unittest/test_bindings.py b/unittest/test_bindings.py index 377203e..9c266aa 100644 --- a/unittest/test_bindings.py +++ b/unittest/test_bindings.py @@ -11,7 +11,8 @@ def to_hex(s): RFC_SECRET_HR = '12345678901234567890' -RFC_SECRET = to_hex(RFC_SECRET_HR) #'12345678901234567890' +RFC_SECRET = to_hex(RFC_SECRET_HR) # '12345678901234567890' + # print( repr((RFC_SECRET, RFC_SECRET_, len(RFC_SECRET))) ) @@ -33,6 +34,8 @@ class DeviceErrorCode(Enum): class LibraryErrors(Enum): TOO_LONG_STRING = 200 INVALID_SLOT = 201 + INVALID_HEX_STRING = 202 + TARGET_BUFFER_SIZE_SMALLER_THAN_SOURCE = 203 @pytest.fixture(scope="module") @@ -510,3 +513,22 @@ def test_get_serial_number(C): sn = gs(sn) assert len(sn) > 0 print(('Serial number of the device: ', sn)) + + +@pytest.mark.parametrize("invalid_hex_string", + ['text', '00 ', '0xff', 'zzzzzzzzzzzz', 'fff', '', 'f' * 257, 'f' * 258]) +def test_invalid_secret_hex_string_for_OTP_write(C, invalid_hex_string): + """ + Tests for invalid secret hex string during writing to OTP slot. Invalid strings are not hexadecimal number, + empty or longer than 255 characters. + """ + assert C.NK_write_hotp_slot(1, 'slot_name', invalid_hex_string, 0, True, False, False, '', + DefaultPasswords.ADMIN_TEMP) == LibraryErrors.INVALID_HEX_STRING + assert C.NK_write_totp_slot(1, 'python_test', invalid_hex_string, 30, True, False, False, "", + DefaultPasswords.ADMIN_TEMP) == LibraryErrors.INVALID_HEX_STRING + + +def test_warning_binary_bigger_than_secret_buffer(C): + invalid_hex_string = to_hex('1234567890') * 3 + assert C.NK_write_hotp_slot(1, 'slot_name', invalid_hex_string, 0, True, False, False, '', + DefaultPasswords.ADMIN_TEMP) == LibraryErrors.TARGET_BUFFER_SIZE_SMALLER_THAN_SOURCE -- cgit v1.2.1