diff options
author | Szczepan Zalega <szczepan@nitrokey.com> | 2016-12-06 20:22:37 +0100 |
---|---|---|
committer | Szczepan Zalega <szczepan@nitrokey.com> | 2016-12-09 14:04:20 +0100 |
commit | 4ab91aae6c101b72a94d3785dbdad117354b87d5 (patch) | |
tree | dd5cf87b68b5bac0dd7e1c7bb9ae9da5f04d334c | |
parent | 279a310d6710908943237f5528d64a94ecd45885 (diff) | |
download | libnitrokey-4ab91aae6c101b72a94d3785dbdad117354b87d5.tar.gz libnitrokey-4ab91aae6c101b72a94d3785dbdad117354b87d5.tar.bz2 |
Check maximum OTP secret size in new authorization style commands
Authenticate before testing invalid hex strings
Remove invalid test for empty string for writing otp slot (empty string allows editing)
Signed-off-by: Szczepan Zalega <szczepan@nitrokey.com>
-rw-r--r-- | NitrokeyManager.cc | 4 | ||||
-rw-r--r-- | unittest/test_library.py | 3 |
2 files changed, 6 insertions, 1 deletions
diff --git a/NitrokeyManager.cc b/NitrokeyManager.cc index da31c8d..a15b9c8 100644 --- a/NitrokeyManager.cc +++ b/NitrokeyManager.cc @@ -302,6 +302,10 @@ namespace nitrokey{ payload2.id = 0; auto secret_bin = misc::hex_string_to_byte(secret); auto remaining_secret_length = secret_bin.size(); + const auto maximum_OTP_secret_size = 40; + if(remaining_secret_length > maximum_OTP_secret_size){ + throw TargetBufferSmallerThanSource(remaining_secret_length, maximum_OTP_secret_size); + } while (remaining_secret_length>0){ const auto bytesToCopy = std::min(sizeof(payload2.data), remaining_secret_length); diff --git a/unittest/test_library.py b/unittest/test_library.py index 7b05c58..bd44e89 100644 --- a/unittest/test_library.py +++ b/unittest/test_library.py @@ -36,12 +36,13 @@ def test_invalid_slot(C): assert C.NK_get_last_command_status() == LibraryErrors.INVALID_SLOT @pytest.mark.parametrize("invalid_hex_string", - ['text', '00 ', '0xff', 'zzzzzzzzzzzz', 'fff', '', 'f' * 257, 'f' * 258]) + ['text', '00 ', '0xff', 'zzzzzzzzzzzz', 'fff', 'f' * 257, 'f' * 258]) def test_invalid_secret_hex_string_for_OTP_write(C, invalid_hex_string): """ Tests for invalid secret hex string during writing to OTP slot. Invalid strings are not hexadecimal number, empty or longer than 255 characters. """ + assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK assert C.NK_write_hotp_slot(1, 'slot_name', invalid_hex_string, 0, True, False, False, '', DefaultPasswords.ADMIN_TEMP) == LibraryErrors.INVALID_HEX_STRING assert C.NK_write_totp_slot(1, 'python_test', invalid_hex_string, 30, True, False, False, "", |