summaryrefslogtreecommitdiff
path: root/nitrokey/src/tests/otp.rs
diff options
context:
space:
mode:
Diffstat (limited to 'nitrokey/src/tests/otp.rs')
-rw-r--r--nitrokey/src/tests/otp.rs283
1 files changed, 0 insertions, 283 deletions
diff --git a/nitrokey/src/tests/otp.rs b/nitrokey/src/tests/otp.rs
deleted file mode 100644
index cf71d9d..0000000
--- a/nitrokey/src/tests/otp.rs
+++ /dev/null
@@ -1,283 +0,0 @@
-use std::ops::Deref;
-use tests::util::{Target, ADMIN_PASSWORD, USER_PASSWORD};
-use {Admin, Authenticate, CommandError, Config, ConfigureOtp, GenerateOtp, OtpMode, OtpSlotData};
-
-// test suite according to RFC 4226, Appendix D
-static HOTP_SECRET: &str = "3132333435363738393031323334353637383930";
-static HOTP_CODES: &[&str] = &[
- "755224", "287082", "359152", "969429", "338314", "254676", "287922", "162583", "399871",
- "520489",
-];
-
-// test suite according to RFC 6238, Appendix B
-static TOTP_SECRET: &str = "3132333435363738393031323334353637383930";
-static TOTP_CODES: &[(u64, &str)] = &[
- (59, "94287082"),
- (1111111109, "07081804"),
- (1111111111, "14050471"),
- (1234567890, "89005924"),
- (2000000000, "69279037"),
- (20000000000, "65353130"),
-];
-
-#[derive(PartialEq)]
-enum TotpTimestampSize {
- U32,
- U64,
-}
-
-fn get_admin_test_device() -> Admin<Target> {
- Target::connect()
- .expect("Could not connect to the Nitrokey.")
- .authenticate_admin(ADMIN_PASSWORD)
- .expect("Could not login as admin.")
-}
-
-fn configure_hotp(admin: &ConfigureOtp, counter: u8) {
- let slot_data = OtpSlotData::new(1, "test-hotp", HOTP_SECRET, OtpMode::SixDigits);
- assert!(admin.write_hotp_slot(slot_data, counter.into()).is_ok());
-}
-
-fn check_hotp_codes(device: &GenerateOtp, offset: u8) {
- HOTP_CODES.iter().enumerate().for_each(|(i, code)| {
- if i >= offset as usize {
- let result = device.get_hotp_code(1);
- assert_eq!(code, &result.unwrap());
- }
- });
-}
-
-#[test]
-#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)]
-fn hotp_no_pin() {
- let admin = get_admin_test_device();
- let config = Config::new(None, None, None, false);
- assert!(admin.write_config(config).is_ok());
-
- configure_hotp(&admin, 0);
- check_hotp_codes(admin.deref(), 0);
-
- configure_hotp(&admin, 5);
- check_hotp_codes(admin.deref(), 5);
-
- configure_hotp(&admin, 0);
- check_hotp_codes(&admin.device(), 0);
-}
-
-#[test]
-#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)]
-fn hotp_pin() {
- let admin = get_admin_test_device();
- let config = Config::new(None, None, None, true);
- assert!(admin.write_config(config).is_ok());
-
- configure_hotp(&admin, 0);
- let user = admin.device().authenticate_user(USER_PASSWORD).unwrap();
- check_hotp_codes(&user, 0);
-
- assert!(user.device().get_hotp_code(1).is_err());
-}
-
-#[test]
-#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)]
-fn hotp_slot_name() {
- let admin = get_admin_test_device();
- let slot_data = OtpSlotData::new(1, "test-hotp", HOTP_SECRET, OtpMode::SixDigits);
- assert!(admin.write_hotp_slot(slot_data, 0).is_ok());
-
- let device = admin.device();
- let result = device.get_hotp_slot_name(1);
- assert_eq!("test-hotp", result.unwrap());
- let result = device.get_hotp_slot_name(4);
- assert_eq!(CommandError::InvalidSlot, result.unwrap_err());
-}
-
-#[test]
-#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)]
-fn hotp_error() {
- let admin = get_admin_test_device();
- let slot_data = OtpSlotData::new(1, "", HOTP_SECRET, OtpMode::SixDigits);
- assert_eq!(
- Err(CommandError::NoName),
- admin.write_hotp_slot(slot_data, 0)
- );
- let slot_data = OtpSlotData::new(4, "test", HOTP_SECRET, OtpMode::SixDigits);
- assert_eq!(
- Err(CommandError::InvalidSlot),
- admin.write_hotp_slot(slot_data, 0)
- );
- let code = admin.get_hotp_code(4);
- assert_eq!(CommandError::InvalidSlot, code.unwrap_err());
-}
-
-#[test]
-#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)]
-fn hotp_erase() {
- let admin = get_admin_test_device();
- let config = Config::new(None, None, None, false);
- assert!(admin.write_config(config).is_ok());
- let slot_data = OtpSlotData::new(1, "test1", HOTP_SECRET, OtpMode::SixDigits);
- assert!(admin.write_hotp_slot(slot_data, 0).is_ok());
- let slot_data = OtpSlotData::new(2, "test2", HOTP_SECRET, OtpMode::SixDigits);
- assert!(admin.write_hotp_slot(slot_data, 0).is_ok());
-
- assert!(admin.erase_hotp_slot(1).is_ok());
-
- let device = admin.device();
- let result = device.get_hotp_slot_name(1);
- assert_eq!(CommandError::SlotNotProgrammed, result.unwrap_err());
- let result = device.get_hotp_code(1);
- assert_eq!(CommandError::SlotNotProgrammed, result.unwrap_err());
-
- assert_eq!("test2", device.get_hotp_slot_name(2).unwrap());
-}
-
-fn configure_totp(admin: &ConfigureOtp, factor: u64) {
- let slot_data = OtpSlotData::new(1, "test-totp", TOTP_SECRET, OtpMode::EightDigits);
- let time_window = 30u64.checked_mul(factor).unwrap();
- assert!(admin.write_totp_slot(slot_data, time_window as u16).is_ok());
-}
-
-fn check_totp_codes(device: &GenerateOtp, factor: u64, timestamp_size: TotpTimestampSize) {
- for (i, &(base_time, code)) in TOTP_CODES.iter().enumerate() {
- let time = base_time.checked_mul(factor).unwrap();
- let is_u64 = time > u32::max_value() as u64;
- if is_u64 != (timestamp_size == TotpTimestampSize::U64) {
- continue;
- }
-
- assert!(device.set_time(time).is_ok());
- let result = device.get_totp_code(1);
- assert!(result.is_ok());
- let result_code = result.unwrap();
- assert_eq!(
- code, result_code,
- "TOTP code {} should be {} but is {}",
- i, code, result_code
- );
- }
-}
-
-#[test]
-#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)]
-fn totp_no_pin() {
- // TODO: this test may fail due to bad timing --> find solution
- let admin = get_admin_test_device();
- let config = Config::new(None, None, None, false);
- assert!(admin.write_config(config).is_ok());
-
- configure_totp(&admin, 1);
- check_totp_codes(admin.deref(), 1, TotpTimestampSize::U32);
-
- configure_totp(&admin, 2);
- check_totp_codes(admin.deref(), 2, TotpTimestampSize::U32);
-
- configure_totp(&admin, 1);
- check_totp_codes(&admin.device(), 1, TotpTimestampSize::U32);
-}
-
-#[test]
-#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)]
-#[cfg_attr(feature = "test-storage", should_panic(expected = "assertion failed"))]
-// Nitrokey Storage does only support timestamps that fit in a 32-bit unsigned integer. Therefore
-// the last RFC test case is expected to fail.
-fn totp_no_pin_64() {
- let admin = get_admin_test_device();
- let config = Config::new(None, None, None, false);
- assert!(admin.write_config(config).is_ok());
-
- configure_totp(&admin, 1);
- check_totp_codes(admin.deref(), 1, TotpTimestampSize::U64);
-
- configure_totp(&admin, 2);
- check_totp_codes(admin.deref(), 2, TotpTimestampSize::U64);
-
- configure_totp(&admin, 1);
- check_totp_codes(&admin.device(), 1, TotpTimestampSize::U64);
-}
-
-#[test]
-#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)]
-fn totp_pin() {
- // TODO: this test may fail due to bad timing --> find solution
- let admin = get_admin_test_device();
- let config = Config::new(None, None, None, true);
- assert!(admin.write_config(config).is_ok());
-
- configure_totp(&admin, 1);
- let user = admin.device().authenticate_user(USER_PASSWORD).unwrap();
- check_totp_codes(&user, 1, TotpTimestampSize::U32);
-
- assert!(user.device().get_totp_code(1).is_err());
-}
-
-#[test]
-#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)]
-#[cfg_attr(feature = "test-storage", should_panic(expected = "assertion failed"))]
-// See comment for totp_no_pin_64.
-fn totp_pin_64() {
- let admin = get_admin_test_device();
- let config = Config::new(None, None, None, true);
- assert!(admin.write_config(config).is_ok());
-
- configure_totp(&admin, 1);
- let user = admin.device().authenticate_user(USER_PASSWORD).unwrap();
- check_totp_codes(&user, 1, TotpTimestampSize::U64);
-
- assert!(user.device().get_totp_code(1).is_err());
-}
-
-#[test]
-#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)]
-fn totp_slot_name() {
- let admin = get_admin_test_device();
- let slot_data = OtpSlotData::new(1, "test-totp", TOTP_SECRET, OtpMode::EightDigits);
- assert!(admin.write_totp_slot(slot_data, 0).is_ok());
-
- let device = admin.device();
- let result = device.get_totp_slot_name(1);
- assert!(result.is_ok());
- assert_eq!("test-totp", result.unwrap());
- let result = device.get_totp_slot_name(16);
- assert_eq!(CommandError::InvalidSlot, result.unwrap_err());
-}
-
-#[test]
-#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)]
-fn totp_error() {
- let admin = get_admin_test_device();
- let slot_data = OtpSlotData::new(1, "", HOTP_SECRET, OtpMode::SixDigits);
- assert_eq!(
- Err(CommandError::NoName),
- admin.write_hotp_slot(slot_data, 0)
- );
- let slot_data = OtpSlotData::new(4, "test", HOTP_SECRET, OtpMode::SixDigits);
- assert_eq!(
- Err(CommandError::InvalidSlot),
- admin.write_hotp_slot(slot_data, 0)
- );
- let code = admin.get_hotp_code(4);
- assert_eq!(CommandError::InvalidSlot, code.unwrap_err());
-}
-
-#[test]
-#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)]
-fn totp_erase() {
- let admin = get_admin_test_device();
- let config = Config::new(None, None, None, false);
- assert!(admin.write_config(config).is_ok());
- let slot_data = OtpSlotData::new(1, "test1", TOTP_SECRET, OtpMode::SixDigits);
- assert!(admin.write_totp_slot(slot_data, 0).is_ok());
- let slot_data = OtpSlotData::new(2, "test2", TOTP_SECRET, OtpMode::SixDigits);
- assert!(admin.write_totp_slot(slot_data, 0).is_ok());
-
- assert!(admin.erase_totp_slot(1).is_ok());
-
- let device = admin.device();
- let result = device.get_totp_slot_name(1);
- assert_eq!(CommandError::SlotNotProgrammed, result.unwrap_err());
- let result = device.get_totp_code(1);
- assert_eq!(CommandError::SlotNotProgrammed, result.unwrap_err());
-
- assert_eq!("test2", device.get_totp_slot_name(2).unwrap());
-}