diff options
author | Szczepan Zalega <szczepan@nitrokey.com> | 2019-03-19 08:20:01 +0100 |
---|---|---|
committer | Szczepan Zalega <szczepan@nitrokey.com> | 2019-03-19 08:20:01 +0100 |
commit | 07ab86a31ca07c58c58632d9b3845e9782855d0b (patch) | |
tree | e9efbc4a60a81bf7bfbe461691a916f9eccb6704 | |
parent | 3788515d6546971a3ac6e46769fb8d6e6d24e159 (diff) | |
parent | ee79dfdaf06a865cb4c5e26daac1280c9ca09905 (diff) | |
download | libnitrokey-07ab86a31ca07c58c58632d9b3845e9782855d0b.tar.gz libnitrokey-07ab86a31ca07c58c58632d9b3845e9782855d0b.tar.bz2 |
Merge branch '154-storage54'pre-v3.5
Add support for the Storage v0.54:
- use binary OTP counter
- handle 320 bit OTP secret
- enable tests for these features
Fixes #153
Fixes #154
-rw-r--r-- | NitrokeyManager.cc | 6 | ||||
-rw-r--r-- | unittest/misc.py | 6 | ||||
-rw-r--r-- | unittest/test_pro.py | 18 |
3 files changed, 17 insertions, 13 deletions
diff --git a/NitrokeyManager.cc b/NitrokeyManager.cc index 0320ebb..7b8deaa 100644 --- a/NitrokeyManager.cc +++ b/NitrokeyManager.cc @@ -906,16 +906,16 @@ using nitrokey::misc::strcpyT; //authorization command is supported for versions equal or below: auto m = std::unordered_map<DeviceModel , int, EnumClassHash>({ {DeviceModel::PRO, 7}, - {DeviceModel::STORAGE, 999}, + {DeviceModel::STORAGE, 53}, }); return get_minor_firmware_version() <= m[device->get_device_model()]; } bool NitrokeyManager::is_320_OTP_secret_supported(){ - //authorization command is supported for versions equal or below: + // 320 bit OTP secret is supported by version bigger or equal to: auto m = std::unordered_map<DeviceModel , int, EnumClassHash>({ {DeviceModel::PRO, 8}, - {DeviceModel::STORAGE, 999}, + {DeviceModel::STORAGE, 54}, }); return get_minor_firmware_version() >= m[device->get_device_model()]; } diff --git a/unittest/misc.py b/unittest/misc.py index 8be915d..c1c197b 100644 --- a/unittest/misc.py +++ b/unittest/misc.py @@ -67,4 +67,8 @@ def is_storage(C): def is_long_OTP_secret_handled(C): - return is_pro_rtm_08(C) or is_storage(C) and get_devices_firmware_version(C) > 43 + return is_pro_rtm_08(C) or is_storage(C) and get_devices_firmware_version(C) >= 54 + + +def has_binary_counter(C): + return is_pro_rtm_07(C) or is_storage(C) and get_devices_firmware_version(C) >= 54 diff --git a/unittest/test_pro.py b/unittest/test_pro.py index 6ab7c1d..d094dec 100644 --- a/unittest/test_pro.py +++ b/unittest/test_pro.py @@ -23,7 +23,7 @@ import pytest from conftest import skip_if_device_version_lower_than from constants import DefaultPasswords, DeviceErrorCode, RFC_SECRET, bb, bbRFC_SECRET -from misc import ffi, gs, wait, cast_pointer_to_tuple +from misc import ffi, gs, wait, cast_pointer_to_tuple, has_binary_counter from misc import is_pro_rtm_07, is_pro_rtm_08, is_storage @pytest.mark.lock_device @@ -409,7 +409,7 @@ def test_HOTP_counters(C): INT32_MAX = 2 ** 31 - 1 @pytest.mark.otp def test_HOTP_64bit_counter(C): - if is_storage(C): + if not has_binary_counter(C): pytest.xfail('bug in NK Storage HOTP firmware - counter is set with a 8 digits string, ' 'however int32max takes 10 digits to be written') oath = pytest.importorskip("oath") @@ -434,7 +434,7 @@ def test_HOTP_64bit_counter(C): @pytest.mark.otp def test_TOTP_64bit_time(C): - if is_storage(C): + if not has_binary_counter(C): pytest.xfail('bug in NK Storage TOTP firmware') oath = pytest.importorskip("oath") T = 1 @@ -709,7 +709,7 @@ def test_OTP_secret_started_from_null(C, secret): skip_if_device_version_lower_than({'S': 43, 'P': 8}) if len(secret) > 40: # feature: 320 bit long secret handling - skip_if_device_version_lower_than({'P': 8}) + skip_if_device_version_lower_than({'P': 8, 'S': 54}) oath = pytest.importorskip("oath") lib_at = lambda t: bb(oath.hotp(secret, t, format='dec6')) @@ -741,8 +741,8 @@ def test_HOTP_slots_read_write_counter(C, counter): :param counter: """ if counter >= 1e7: - # Storage does not handle counters longer than 7 digits - skip_if_device_version_lower_than({'P': 7}) + # Storage v0.53 and below does not handle counters longer than 7 digits + skip_if_device_version_lower_than({'P': 7, 'S': 54}) secret = RFC_SECRET oath = pytest.importorskip("oath") @@ -804,8 +804,8 @@ def test_TOTP_secrets(C, secret): skip_if_device_version_lower_than({'S': 44, 'P': 8}) if len(secret)>20*2: #*2 since secret is in hex - # pytest.skip("Secret lengths over 20 bytes are not supported by NK Pro 0.7 and NK Storage") - skip_if_device_version_lower_than({'P': 8}) + # pytest.skip("Secret lengths over 20 bytes are not supported by NK Pro 0.7 and NK Storage v0.53 and older") + skip_if_device_version_lower_than({'P': 8, 'S': 54}) slot_number = 0 time = 0 period = 30 @@ -836,7 +836,7 @@ def test_HOTP_secrets(C, secret): feature needed: support for 320bit secrets """ if len(secret)>40: - skip_if_device_version_lower_than({'P': 8}) + skip_if_device_version_lower_than({'P': 8, 'S': 54}) slot_number = 0 counter = 0 |