Merge branch 'tests_update_Pro_v0.9'

Add tests for authorization issue https://github.com/Nitrokey/nitrokey-pro-firmware/issues/45
author: Szczepan Zalega <szczepan@nitrokey.com> 2018-05-24 15:23:39 +0200
committer: Szczepan Zalega <szczepan@nitrokey.com> 2018-05-24 15:23:39 +0200
commit: aee920b21d3951d2166ff73a533461e1bdd16e7f (patch)
tree: d36609694406dc00a8aa0784ca5c6b091220c86c /unittest
parent: e91e21d5aa6c885fcb0c04ea130c93b72ce9a92b (diff)
parent: d5afa492be65f509345617f139c1600980bb6cce (diff)
download: libnitrokey-aee920b21d3951d2166ff73a533461e1bdd16e7f.tar.gz
libnitrokey-aee920b21d3951d2166ff73a533461e1bdd16e7f.tar.bz2
2 files changed, 50 insertions, 1 deletions
diff --git a/unittest/conftest.py b/unittest/conftest.py
index 9af67ac..35cc714 100644
--- a/unittest/conftest.py
+++ b/unittest/conftest.py
@@ -86,7 +86,7 @@ def C(request=None):
     assert nk_login != 0  # returns 0 if not connected or wrong model or 1 when connected
     global device_type
     firmware_version = C.NK_get_minor_firmware_version()
-    model = 'P' if firmware_version in [7,8] else 'S'
+    model = 'P' if firmware_version < 20 else 'S'
     device_type = (model, firmware_version)
     print('Connected device: {} {}'.format(model, firmware_version))
 
diff --git a/unittest/test_pro.py b/unittest/test_pro.py
index 53588f6..fb936f8 100644
--- a/unittest/test_pro.py
+++ b/unittest/test_pro.py
@@ -577,6 +577,55 @@ def test_get_code_user_authorize(C):
     assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK
 
 
+@pytest.mark.otp
+def test_authorize_issue_admin(C):
+    skip_if_device_version_lower_than({'S': 43, 'P': 9})
+
+    assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK
+
+    assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
+    assert C.NK_write_config(255, 255, 255, True, False, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
+
+    assert C.NK_first_authenticate(b"wrong pass", b"another temp pass") == DeviceErrorCode.WRONG_PASSWORD
+    assert C.NK_write_config(255, 255, 255, False, True, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_NOT_AUTHORIZED
+
+    assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
+    assert C.NK_write_config(255, 255, 255, True, False, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
+
+@pytest.mark.otp
+def test_authorize_issue_user(C):
+    skip_if_device_version_lower_than({'S': 43, 'P': 9})  # issue fixed in Pro v0.9, Storage version chosen arbitrary
+
+    assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK
+
+    assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
+    assert C.NK_write_totp_slot(0, b'python_otp_auth', bbRFC_SECRET, 30, True, False, False, b'',
+                                DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
+    # enable PIN protection of OTP codes with write_config
+    assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
+    assert C.NK_write_config(255, 255, 255, True, False, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
+    gs(C.NK_get_totp_code(0, 0, 0, 0))
+    assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_NOT_AUTHORIZED
+
+    assert C.NK_user_authenticate(DefaultPasswords.USER, DefaultPasswords.USER_TEMP) == DeviceErrorCode.STATUS_OK
+    gs(C.NK_get_totp_code_PIN(0, 0, 0, 0, DefaultPasswords.USER_TEMP))
+    assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK
+
+    assert C.NK_user_authenticate(b"wrong pass", b"another temp pass") == DeviceErrorCode.WRONG_PASSWORD
+    gs(C.NK_get_totp_code_PIN(0, 0, 0, 0, DefaultPasswords.USER_TEMP))
+    assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_NOT_AUTHORIZED
+
+    assert C.NK_user_authenticate(DefaultPasswords.USER, DefaultPasswords.USER_TEMP) == DeviceErrorCode.STATUS_OK
+    gs(C.NK_get_totp_code_PIN(0, 0, 0, 0, DefaultPasswords.USER_TEMP))
+    assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK
+
+    # disable PIN protection with write_config
+    assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
+    assert C.NK_write_config(255, 255, 255, False, True, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
+    code = gs(C.NK_get_totp_code(0, 0, 0, 0))
+    assert code != b''
+    assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK
+
 def cast_pointer_to_tuple(obj, typen, len):
     # usage:
     #     config = cast_pointer_to_tuple(config_raw_data, 'uint8_t', 5)
author	Szczepan Zalega <szczepan@nitrokey.com>	2018-05-24 15:23:39 +0200
committer	Szczepan Zalega <szczepan@nitrokey.com>	2018-05-24 15:23:39 +0200
commit	aee920b21d3951d2166ff73a533461e1bdd16e7f (patch)
tree	d36609694406dc00a8aa0784ca5c6b091220c86c /unittest
parent	e91e21d5aa6c885fcb0c04ea130c93b72ce9a92b (diff)
parent	d5afa492be65f509345617f139c1600980bb6cce (diff)
download	libnitrokey-aee920b21d3951d2166ff73a533461e1bdd16e7f.tar.gz libnitrokey-aee920b21d3951d2166ff73a533461e1bdd16e7f.tar.bz2