diff options
Diffstat (limited to 'nitrokey/src')
| -rw-r--r-- | nitrokey/src/auth.rs | 14 | ||||
| -rw-r--r-- | nitrokey/src/config.rs | 2 | ||||
| -rw-r--r-- | nitrokey/src/device.rs | 99 | ||||
| -rw-r--r-- | nitrokey/src/lib.rs | 22 | ||||
| -rw-r--r-- | nitrokey/src/otp.rs | 8 | ||||
| -rw-r--r-- | nitrokey/src/pws.rs | 19 | ||||
| -rw-r--r-- | nitrokey/src/tests/device.rs | 304 | ||||
| -rw-r--r-- | nitrokey/src/tests/mod.rs | 4 | ||||
| -rw-r--r-- | nitrokey/src/tests/otp.rs | 283 | ||||
| -rw-r--r-- | nitrokey/src/tests/pws.rs | 143 | ||||
| -rw-r--r-- | nitrokey/src/tests/util.rs | 11 | ||||
| -rw-r--r-- | nitrokey/src/util.rs | 19 |
12 files changed, 131 insertions, 797 deletions
diff --git a/nitrokey/src/auth.rs b/nitrokey/src/auth.rs index 0918222..017cdbb 100644 --- a/nitrokey/src/auth.rs +++ b/nitrokey/src/auth.rs @@ -1,10 +1,14 @@ -use config::{Config, RawConfig}; -use device::{Device, DeviceWrapper, Pro, Storage}; -use nitrokey_sys; -use otp::{ConfigureOtp, GenerateOtp, OtpMode, OtpSlotData, RawOtpSlotData}; use std::ops::Deref; use std::os::raw::c_int; -use util::{generate_password, get_command_result, get_cstring, result_from_string, CommandError}; + +use nitrokey_sys; + +use crate::config::{Config, RawConfig}; +use crate::device::{Device, DeviceWrapper, Pro, Storage}; +use crate::otp::{ConfigureOtp, GenerateOtp, OtpMode, OtpSlotData, RawOtpSlotData}; +use crate::util::{ + generate_password, get_command_result, get_cstring, result_from_string, CommandError, +}; static TEMPORARY_PASSWORD_LENGTH: usize = 25; diff --git a/nitrokey/src/config.rs b/nitrokey/src/config.rs index 33bf256..2ce6f77 100644 --- a/nitrokey/src/config.rs +++ b/nitrokey/src/config.rs @@ -1,4 +1,4 @@ -use util::CommandError; +use crate::util::CommandError; /// The configuration for a Nitrokey. #[derive(Clone, Copy, Debug, PartialEq)] diff --git a/nitrokey/src/device.rs b/nitrokey/src/device.rs index f135261..9c6608d 100644 --- a/nitrokey/src/device.rs +++ b/nitrokey/src/device.rs @@ -1,20 +1,38 @@ -use auth::Authenticate; -use config::{Config, RawConfig}; +use std::fmt; + use libc; use nitrokey_sys; -use otp::GenerateOtp; -use pws::GetPasswordSafe; -use util::{get_command_result, get_cstring, get_last_error, result_from_string, CommandError}; + +use crate::auth::Authenticate; +use crate::config::{Config, RawConfig}; +use crate::otp::GenerateOtp; +use crate::pws::GetPasswordSafe; +use crate::util::{ + get_command_result, get_cstring, get_last_error, result_from_string, CommandError, +}; /// Available Nitrokey models. -#[derive(Debug, PartialEq)] -enum Model { +#[derive(Clone, Copy, Debug, PartialEq)] +pub enum Model { /// The Nitrokey Storage. Storage, /// The Nitrokey Pro. Pro, } +impl fmt::Display for Model { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + write!( + f, + "{}", + match *self { + Model::Pro => "Pro", + Model::Storage => "Storage", + } + ) + } +} + /// A wrapper for a Nitrokey device of unknown type. /// /// Use the function [`connect`][] to obtain a wrapped instance. The wrapper implements all traits @@ -210,6 +228,21 @@ pub struct StorageStatus { /// This trait provides the commands that can be executed without authentication and that are /// present on all supported Nitrokey devices. pub trait Device: Authenticate + GetPasswordSafe + GenerateOtp { + /// Returns the model of the connected Nitrokey device. + /// + /// # Example + /// + /// ```no_run + /// use nitrokey::Device; + /// # use nitrokey::CommandError; + /// + /// # fn try_main() -> Result<(), CommandError> { + /// let device = nitrokey::connect()?; + /// println!("Connected to a Nitrokey {}", device.get_model()); + /// # Ok(()) + /// # } + fn get_model(&self) -> Model; + /// Returns the serial number of the Nitrokey device. The serial number is the string /// representation of a hex number. /// @@ -536,7 +569,7 @@ fn connect_model(model: Model) -> bool { } impl DeviceWrapper { - fn device(&self) -> &Device { + fn device(&self) -> &dyn Device { match *self { DeviceWrapper::Storage(ref storage) => storage, DeviceWrapper::Pro(ref pro) => pro, @@ -562,9 +595,30 @@ impl GenerateOtp for DeviceWrapper { } } -impl Device for DeviceWrapper {} +impl Device for DeviceWrapper { + fn get_model(&self) -> Model { + match *self { + DeviceWrapper::Pro(_) => Model::Pro, + DeviceWrapper::Storage(_) => Model::Storage, + } + } +} impl Pro { + /// Connects to a Nitrokey Pro. + /// + /// # Example + /// + /// ``` + /// use nitrokey::Pro; + /// + /// fn use_pro(device: Pro) {} + /// + /// match nitrokey::Pro::connect() { + /// Ok(device) => use_pro(device), + /// Err(err) => println!("Could not connect to the Nitrokey Pro: {}", err), + /// } + /// ``` pub fn connect() -> Result<Pro, CommandError> { // TODO: maybe Option instead of Result? match connect_model(Model::Pro) { @@ -582,11 +636,29 @@ impl Drop for Pro { } } -impl Device for Pro {} +impl Device for Pro { + fn get_model(&self) -> Model { + Model::Pro + } +} impl GenerateOtp for Pro {} impl Storage { + /// Connects to a Nitrokey Storage. + /// + /// # Example + /// + /// ``` + /// use nitrokey::Storage; + /// + /// fn use_storage(device: Storage) {} + /// + /// match nitrokey::Storage::connect() { + /// Ok(device) => use_storage(device), + /// Err(err) => println!("Could not connect to the Nitrokey Storage: {}", err), + /// } + /// ``` pub fn connect() -> Result<Storage, CommandError> { // TODO: maybe Option instead of Result? match connect_model(Model::Storage) { @@ -661,7 +733,6 @@ impl Storage { unsafe { get_command_result(nitrokey_sys::NK_lock_encrypted_volume()) } } - /// Returns the status of the connected storage device. /// /// # Example @@ -715,7 +786,11 @@ impl Drop for Storage { } } -impl Device for Storage {} +impl Device for Storage { + fn get_model(&self) -> Model { + Model::Storage + } +} impl GenerateOtp for Storage {} diff --git a/nitrokey/src/lib.rs b/nitrokey/src/lib.rs index e70aa73..9f21518 100644 --- a/nitrokey/src/lib.rs +++ b/nitrokey/src/lib.rs @@ -84,25 +84,25 @@ //! [`DeviceWrapper`]: enum.DeviceWrapper.html //! [`User`]: struct.User.html -extern crate libc; -extern crate nitrokey_sys; -extern crate rand; +#![warn(missing_docs, rust_2018_compatibility, rust_2018_idioms, unused)] mod auth; mod config; mod device; mod otp; mod pws; -#[cfg(test)] -mod tests; mod util; -pub use auth::{Admin, Authenticate, User}; -pub use config::Config; -pub use device::{connect, Device, DeviceWrapper, Pro, Storage, StorageStatus, VolumeStatus}; -pub use otp::{ConfigureOtp, GenerateOtp, OtpMode, OtpSlotData}; -pub use pws::{GetPasswordSafe, PasswordSafe, SLOT_COUNT}; -pub use util::{CommandError, LogLevel}; +use nitrokey_sys; + +pub use crate::auth::{Admin, Authenticate, User}; +pub use crate::config::Config; +pub use crate::device::{ + connect, Device, DeviceWrapper, Model, Pro, Storage, StorageStatus, VolumeStatus, +}; +pub use crate::otp::{ConfigureOtp, GenerateOtp, OtpMode, OtpSlotData}; +pub use crate::pws::{GetPasswordSafe, PasswordSafe, SLOT_COUNT}; +pub use crate::util::{CommandError, LogLevel}; /// Enables or disables debug output. Calling this method with `true` is equivalent to setting the /// log level to `Debug`; calling it with `false` is equivalent to the log level `Error` (see diff --git a/nitrokey/src/otp.rs b/nitrokey/src/otp.rs index 00a5e5e..6f6bd80 100644 --- a/nitrokey/src/otp.rs +++ b/nitrokey/src/otp.rs @@ -1,9 +1,11 @@ -use nitrokey_sys; use std::ffi::CString; -use util::{get_command_result, get_cstring, result_from_string, CommandError}; + +use nitrokey_sys; + +use crate::util::{get_command_result, get_cstring, result_from_string, CommandError}; /// Modes for one-time password generation. -#[derive(Debug, PartialEq)] +#[derive(Clone, Copy, Debug, PartialEq)] pub enum OtpMode { /// Generate one-time passwords with six digits. SixDigits, diff --git a/nitrokey/src/pws.rs b/nitrokey/src/pws.rs index c20fe9d..08ac365 100644 --- a/nitrokey/src/pws.rs +++ b/nitrokey/src/pws.rs @@ -1,7 +1,10 @@ -use device::{Device, DeviceWrapper, Pro, Storage}; use libc; use nitrokey_sys; -use util::{get_command_result, get_cstring, get_last_error, result_from_string, CommandError}; + +use crate::device::{Device, DeviceWrapper, Pro, Storage}; +use crate::util::{ + get_command_result, get_cstring, get_last_error, result_from_string, CommandError, +}; /// The number of slots in a [`PasswordSafe`][]. /// @@ -51,7 +54,7 @@ pub const SLOT_COUNT: u8 = 16; /// [`lock`]: trait.Device.html#method.lock /// [`GetPasswordSafe`]: trait.GetPasswordSafe.html pub struct PasswordSafe<'a> { - _device: &'a Device, + _device: &'a dyn Device, } /// Provides access to a [`PasswordSafe`][]. @@ -98,11 +101,11 @@ pub trait GetPasswordSafe { /// [`lock`]: trait.Device.html#method.lock /// [`InvalidString`]: enum.CommandError.html#variant.InvalidString /// [`WrongPassword`]: enum.CommandError.html#variant.WrongPassword - fn get_password_safe(&self, user_pin: &str) -> Result<PasswordSafe, CommandError>; + fn get_password_safe(&self, user_pin: &str) -> Result<PasswordSafe<'_>, CommandError>; } fn get_password_safe<'a>( - device: &'a Device, + device: &'a dyn Device, user_pin: &str, ) -> Result<PasswordSafe<'a>, CommandError> { let user_pin_string = get_cstring(user_pin)?; @@ -333,19 +336,19 @@ impl<'a> Drop for PasswordSafe<'a> { } impl GetPasswordSafe for Pro { - fn get_password_safe(&self, user_pin: &str) -> Result<PasswordSafe, CommandError> { + fn get_password_safe(&self, user_pin: &str) -> Result<PasswordSafe<'_>, CommandError> { get_password_safe(self, user_pin) } } impl GetPasswordSafe for Storage { - fn get_password_safe(&self, user_pin: &str) -> Result<PasswordSafe, CommandError> { + fn get_password_safe(&self, user_pin: &str) -> Result<PasswordSafe<'_>, CommandError> { get_password_safe(self, user_pin) } } impl GetPasswordSafe for DeviceWrapper { - fn get_password_safe(&self, user_pin: &str) -> Result<PasswordSafe, CommandError> { + fn get_password_safe(&self, user_pin: &str) -> Result<PasswordSafe<'_>, CommandError> { get_password_safe(self, user_pin) } } diff --git a/nitrokey/src/tests/device.rs b/nitrokey/src/tests/device.rs deleted file mode 100644 index fed465d..0000000 --- a/nitrokey/src/tests/device.rs +++ /dev/null @@ -1,304 +0,0 @@ -use std::ffi::CStr; -use std::process::Command; -use std::{thread, time}; -use tests::util::{Target, ADMIN_PASSWORD, USER_PASSWORD}; -use {Authenticate, CommandError, Config, Device, Storage}; - -static ADMIN_NEW_PASSWORD: &str = "1234567890"; -static USER_NEW_PASSWORD: &str = "abcdefghij"; - -fn count_nitrokey_block_devices() -> usize { - thread::sleep(time::Duration::from_secs(2)); - let output = Command::new("lsblk") - .args(&["-o", "MODEL"]) - .output() - .expect("Could not list block devices"); - String::from_utf8_lossy(&output.stdout) - .split("\n") - .filter(|&s| s == "Nitrokey Storage") - .count() -} - -#[test] -#[cfg_attr(not(feature = "test-no-device"), ignore)] -fn connect_no_device() { - assert!(::connect().is_err()); - assert!(::Pro::connect().is_err()); - assert!(::Storage::connect().is_err()); -} - -#[test] -#[cfg_attr(not(feature = "test-pro"), ignore)] -fn connect_pro() { - assert!(::connect().is_ok()); - assert!(::Pro::connect().is_ok()); - assert!(::Storage::connect().is_err()); - match ::connect().unwrap() { - ::DeviceWrapper::Pro(_) => assert!(true), - ::DeviceWrapper::Storage(_) => assert!(false), - }; -} - -#[test] -#[cfg_attr(not(feature = "test-storage"), ignore)] -fn connect_storage() { - assert!(::connect().is_ok()); - assert!(::Pro::connect().is_err()); - assert!(::Storage::connect().is_ok()); - match ::connect().unwrap() { - ::DeviceWrapper::Pro(_) => assert!(false), - ::DeviceWrapper::Storage(_) => assert!(true), - }; -} - -fn assert_empty_serial_number() { - unsafe { - let ptr = ::nitrokey_sys::NK_device_serial_number(); - assert!(!ptr.is_null()); - let cstr = CStr::from_ptr(ptr); - assert_eq!(cstr.to_string_lossy(), ""); - } -} - -#[test] -#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)] -fn disconnect() { - Target::connect().unwrap(); - assert_empty_serial_number(); - Target::connect() - .unwrap() - .authenticate_admin(ADMIN_PASSWORD) - .unwrap(); - assert_empty_serial_number(); - Target::connect() - .unwrap() - .authenticate_user(USER_PASSWORD) - .unwrap(); - assert_empty_serial_number(); -} - -#[test] -#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)] -fn get_serial_number() { - let device = Target::connect().unwrap(); - let result = device.get_serial_number(); - assert!(result.is_ok()); - let serial_number = result.unwrap(); - assert!(serial_number.is_ascii()); - assert!(serial_number.chars().all(|c| c.is_ascii_hexdigit())); -} -#[test] -#[cfg_attr(not(feature = "test-pro"), ignore)] -fn get_firmware_version() { - let device = Target::connect().unwrap(); - assert_eq!(0, device.get_major_firmware_version()); - let minor = device.get_minor_firmware_version(); - assert!(minor > 0); -} - -fn admin_retry<T: Authenticate + Device>(device: T, suffix: &str, count: u8) -> T { - let result = device.authenticate_admin(&(ADMIN_PASSWORD.to_owned() + suffix)); - let device = match result { - Ok(admin) => admin.device(), - Err((device, _)) => device, - }; - assert_eq!(count, device.get_admin_retry_count()); - return device; -} - -fn user_retry<T: Authenticate + Device>(device: T, suffix: &str, count: u8) -> T { - let result = device.authenticate_user(&(USER_PASSWORD.to_owned() + suffix)); - let device = match result { - Ok(admin) => admin.device(), - Err((device, _)) => device, - }; - assert_eq!(count, device.get_user_retry_count()); - return device; -} - -#[test] -#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)] -fn get_retry_count() { - let device = Target::connect().unwrap(); - - let device = admin_retry(device, "", 3); - let device = admin_retry(device, "123", 2); - let device = admin_retry(device, "456", 1); - let device = admin_retry(device, "", 3); - - let device = user_retry(device, "", 3); - let device = user_retry(device, "123", 2); - let device = user_retry(device, "456", 1); - user_retry(device, "", 3); -} - -#[test] -#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)] -fn config() { - let device = Target::connect().unwrap(); - let admin = device.authenticate_admin(ADMIN_PASSWORD).unwrap(); - let config = Config::new(None, None, None, true); - assert!(admin.write_config(config).is_ok()); - let get_config = admin.get_config().unwrap(); - assert_eq!(config, get_config); - - let config = Config::new(None, Some(9), None, true); - assert_eq!(Err(CommandError::InvalidSlot), admin.write_config(config)); - - let config = Config::new(Some(1), None, Some(0), false); - assert!(admin.write_config(config).is_ok()); - let get_config = admin.get_config().unwrap(); - assert_eq!(config, get_config); - - let config = Config::new(None, None, None, false); - assert!(admin.write_config(config).is_ok()); - let get_config = admin.get_config().unwrap(); - assert_eq!(config, get_config); -} - -#[test] -#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)] -fn change_user_pin() { - let device = Target::connect().unwrap(); - let device = device.authenticate_user(USER_PASSWORD).unwrap().device(); - let device = device.authenticate_user(USER_NEW_PASSWORD).unwrap_err().0; - - assert!( - device - .change_user_pin(USER_PASSWORD, USER_NEW_PASSWORD) - .is_ok() - ); - - let device = device.authenticate_user(USER_PASSWORD).unwrap_err().0; - let device = device - .authenticate_user(USER_NEW_PASSWORD) - .unwrap() - .device(); - - let result = device.change_user_pin(USER_PASSWORD, USER_PASSWORD); - assert_eq!(Err(CommandError::WrongPassword), result); - - assert!( - device - .change_user_pin(USER_NEW_PASSWORD, USER_PASSWORD) - .is_ok() - ); - - let device = device.authenticate_user(USER_PASSWORD).unwrap().device(); - assert!(device.authenticate_user(USER_NEW_PASSWORD).is_err()); -} - -#[test] -#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)] -fn change_admin_pin() { - let device = Target::connect().unwrap(); - let device = device.authenticate_admin(ADMIN_PASSWORD).unwrap().device(); - let device = device.authenticate_admin(ADMIN_NEW_PASSWORD).unwrap_err().0; - - assert!( - device - .change_admin_pin(ADMIN_PASSWORD, ADMIN_NEW_PASSWORD) - .is_ok() - ); - - let device = device.authenticate_admin(ADMIN_PASSWORD).unwrap_err().0; - let device = device - .authenticate_admin(ADMIN_NEW_PASSWORD) - .unwrap() - .device(); - - assert_eq!( - Err(CommandError::WrongPassword), - device.change_admin_pin(ADMIN_PASSWORD, ADMIN_PASSWORD) - ); - - assert!( - device - .change_admin_pin(ADMIN_NEW_PASSWORD, ADMIN_PASSWORD) - .is_ok() - ); - - let device = device.authenticate_admin(ADMIN_PASSWORD).unwrap().device(); - device.authenticate_admin(ADMIN_NEW_PASSWORD).unwrap_err(); -} - -fn require_failed_user_login(device: Target, password: &str, error: CommandError) -> Target { - let result = device.authenticate_user(password); - assert!(result.is_err()); - let err = result.unwrap_err(); - assert_eq!(error, err.1); - err.0 -} - -#[test] -#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)] -fn unlock_user_pin() { - let device = Target::connect().unwrap(); - let device = device.authenticate_user(USER_PASSWORD).unwrap().device(); - assert!( - device - .unlock_user_pin(ADMIN_PASSWORD, USER_PASSWORD) - .is_ok() - ); - assert_eq!( - Err(CommandError::WrongPassword), - device.unlock_user_pin(USER_PASSWORD, USER_PASSWORD) - ); - - let wrong_password = USER_PASSWORD.to_owned() + "foo"; - let device = require_failed_user_login(device, &wrong_password, CommandError::WrongPassword); - let device = require_failed_user_login(device, &wrong_password, CommandError::WrongPassword); - let device = require_failed_user_login(device, &wrong_password, CommandError::WrongPassword); - let device = require_failed_user_login(device, USER_PASSWORD, CommandError::WrongPassword); - - assert_eq!( - Err(CommandError::WrongPassword), - device.unlock_user_pin(USER_PASSWORD, USER_PASSWORD) - ); - assert!( - device - .unlock_user_pin(ADMIN_PASSWORD, USER_PASSWORD) - .is_ok() - ); - device.authenticate_user(USER_PASSWORD).unwrap(); -} - -#[test] -#[cfg_attr(not(feature = "test-storage"), ignore)] -fn encrypted_volume() { - let device = Storage::connect().unwrap(); - assert!(device.lock().is_ok()); - - assert_eq!(1, count_nitrokey_block_devices()); - assert!(device.disable_encrypted_volume().is_ok()); - assert_eq!(1, count_nitrokey_block_devices()); - assert_eq!( - Err(CommandError::WrongPassword), - device.enable_encrypted_volume("123") - ); - assert_eq!(1, count_nitrokey_block_devices()); - assert!(device.enable_encrypted_volume(USER_PASSWORD).is_ok()); - assert_eq!(2, count_nitrokey_block_devices()); - assert!(device.disable_encrypted_volume().is_ok()); - assert_eq!(1, count_nitrokey_block_devices()); -} - -#[test] -#[cfg_attr(not(feature = "test-storage"), ignore)] -fn lock() { - let device = Storage::connect().unwrap(); - - assert!(device.enable_encrypted_volume(USER_PASSWORD).is_ok()); - assert!(device.lock().is_ok()); - assert_eq!(1, count_nitrokey_block_devices()); -} - -#[test] -#[cfg_attr(not(feature = "test-storage"), ignore)] -fn get_storage_status() { - let device = Storage::connect().unwrap(); - let status = device.get_status().unwrap(); - - assert!(status.serial_number_sd_card > 0); - assert!(status.serial_number_smart_card > 0); -} diff --git a/nitrokey/src/tests/mod.rs b/nitrokey/src/tests/mod.rs deleted file mode 100644 index 34ca0aa..0000000 --- a/nitrokey/src/tests/mod.rs +++ /dev/null @@ -1,4 +0,0 @@ -mod device; -mod otp; -mod pws; -mod util; diff --git a/nitrokey/src/tests/otp.rs b/nitrokey/src/tests/otp.rs deleted file mode 100644 index cf71d9d..0000000 --- a/nitrokey/src/tests/otp.rs +++ /dev/null @@ -1,283 +0,0 @@ -use std::ops::Deref; -use tests::util::{Target, ADMIN_PASSWORD, USER_PASSWORD}; -use {Admin, Authenticate, CommandError, Config, ConfigureOtp, GenerateOtp, OtpMode, OtpSlotData}; - -// test suite according to RFC 4226, Appendix D -static HOTP_SECRET: &str = "3132333435363738393031323334353637383930"; -static HOTP_CODES: &[&str] = &[ - "755224", "287082", "359152", "969429", "338314", "254676", "287922", "162583", "399871", - "520489", -]; - -// test suite according to RFC 6238, Appendix B -static TOTP_SECRET: &str = "3132333435363738393031323334353637383930"; -static TOTP_CODES: &[(u64, &str)] = &[ - (59, "94287082"), - (1111111109, "07081804"), - (1111111111, "14050471"), - (1234567890, "89005924"), - (2000000000, "69279037"), - (20000000000, "65353130"), -]; - -#[derive(PartialEq)] -enum TotpTimestampSize { - U32, - U64, -} - -fn get_admin_test_device() -> Admin<Target> { - Target::connect() - .expect("Could not connect to the Nitrokey.") - .authenticate_admin(ADMIN_PASSWORD) - .expect("Could not login as admin.") -} - -fn configure_hotp(admin: &ConfigureOtp, counter: u8) { - let slot_data = OtpSlotData::new(1, "test-hotp", HOTP_SECRET, OtpMode::SixDigits); - assert!(admin.write_hotp_slot(slot_data, counter.into()).is_ok()); -} - -fn check_hotp_codes(device: &GenerateOtp, offset: u8) { - HOTP_CODES.iter().enumerate().for_each(|(i, code)| { - if i >= offset as usize { - let result = device.get_hotp_code(1); - assert_eq!(code, &result.unwrap()); - } - }); -} - -#[test] -#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)] -fn hotp_no_pin() { - let admin = get_admin_test_device(); - let config = Config::new(None, None, None, false); - assert!(admin.write_config(config).is_ok()); - - configure_hotp(&admin, 0); - check_hotp_codes(admin.deref(), 0); - - configure_hotp(&admin, 5); - check_hotp_codes(admin.deref(), 5); - - configure_hotp(&admin, 0); - check_hotp_codes(&admin.device(), 0); -} - -#[test] -#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)] -fn hotp_pin() { - let admin = get_admin_test_device(); - let config = Config::new(None, None, None, true); - assert!(admin.write_config(config).is_ok()); - - configure_hotp(&admin, 0); - let user = admin.device().authenticate_user(USER_PASSWORD).unwrap(); - check_hotp_codes(&user, 0); - - assert!(user.device().get_hotp_code(1).is_err()); -} - -#[test] -#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)] -fn hotp_slot_name() { - let admin = get_admin_test_device(); - let slot_data = OtpSlotData::new(1, "test-hotp", HOTP_SECRET, OtpMode::SixDigits); - assert!(admin.write_hotp_slot(slot_data, 0).is_ok()); - - let device = admin.device(); - let result = device.get_hotp_slot_name(1); - assert_eq!("test-hotp", result.unwrap()); - let result = device.get_hotp_slot_name(4); - assert_eq!(CommandError::InvalidSlot, result.unwrap_err()); -} - -#[test] -#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)] -fn hotp_error() { - let admin = get_admin_test_device(); - let slot_data = OtpSlotData::new(1, "", HOTP_SECRET, OtpMode::SixDigits); - assert_eq!( - Err(CommandError::NoName), - admin.write_hotp_slot(slot_data, 0) - ); - let slot_data = OtpSlotData::new(4, "test", HOTP_SECRET, OtpMode::SixDigits); - assert_eq!( - Err(CommandError::InvalidSlot), - admin.write_hotp_slot(slot_data, 0) - ); - let code = admin.get_hotp_code(4); - assert_eq!(CommandError::InvalidSlot, code.unwrap_err()); -} - -#[test] -#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)] -fn hotp_erase() { - let admin = get_admin_test_device(); - let config = Config::new(None, None, None, false); - assert!(admin.write_config(config).is_ok()); - let slot_data = OtpSlotData::new(1, "test1", HOTP_SECRET, OtpMode::SixDigits); - assert!(admin.write_hotp_slot(slot_data, 0).is_ok()); - let slot_data = OtpSlotData::new(2, "test2", HOTP_SECRET, OtpMode::SixDigits); - assert!(admin.write_hotp_slot(slot_data, 0).is_ok()); - - assert!(admin.erase_hotp_slot(1).is_ok()); - - let device = admin.device(); - let result = device.get_hotp_slot_name(1); - assert_eq!(CommandError::SlotNotProgrammed, result.unwrap_err()); - let result = device.get_hotp_code(1); - assert_eq!(CommandError::SlotNotProgrammed, result.unwrap_err()); - - assert_eq!("test2", device.get_hotp_slot_name(2).unwrap()); -} - -fn configure_totp(admin: &ConfigureOtp, factor: u64) { - let slot_data = OtpSlotData::new(1, "test-totp", TOTP_SECRET, OtpMode::EightDigits); - let time_window = 30u64.checked_mul(factor).unwrap(); - assert!(admin.write_totp_slot(slot_data, time_window as u16).is_ok()); -} - -fn check_totp_codes(device: &GenerateOtp, factor: u64, timestamp_size: TotpTimestampSize) { - for (i, &(base_time, code)) in TOTP_CODES.iter().enumerate() { - let time = base_time.checked_mul(factor).unwrap(); - let is_u64 = time > u32::max_value() as u64; - if is_u64 != (timestamp_size == TotpTimestampSize::U64) { - continue; - } - - assert!(device.set_time(time).is_ok()); - let result = device.get_totp_code(1); - assert!(result.is_ok()); - let result_code = result.unwrap(); - assert_eq!( - code, result_code, - "TOTP code {} should be {} but is {}", - i, code, result_code - ); - } -} - -#[test] -#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)] -fn totp_no_pin() { - // TODO: this test may fail due to bad timing --> find solution - let admin = get_admin_test_device(); - let config = Config::new(None, None, None, false); - assert!(admin.write_config(config).is_ok()); - - configure_totp(&admin, 1); - check_totp_codes(admin.deref(), 1, TotpTimestampSize::U32); - - configure_totp(&admin, 2); - check_totp_codes(admin.deref(), 2, TotpTimestampSize::U32); - - configure_totp(&admin, 1); - check_totp_codes(&admin.device(), 1, TotpTimestampSize::U32); -} - -#[test] -#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)] -#[cfg_attr(feature = "test-storage", should_panic(expected = "assertion failed"))] -// Nitrokey Storage does only support timestamps that fit in a 32-bit unsigned integer. Therefore -// the last RFC test case is expected to fail. -fn totp_no_pin_64() { - let admin = get_admin_test_device(); - let config = Config::new(None, None, None, false); - assert!(admin.write_config(config).is_ok()); - - configure_totp(&admin, 1); - check_totp_codes(admin.deref(), 1, TotpTimestampSize::U64); - - configure_totp(&admin, 2); - check_totp_codes(admin.deref(), 2, TotpTimestampSize::U64); - - configure_totp(&admin, 1); - check_totp_codes(&admin.device(), 1, TotpTimestampSize::U64); -} - -#[test] -#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)] -fn totp_pin() { - // TODO: this test may fail due to bad timing --> find solution - let admin = get_admin_test_device(); - let config = Config::new(None, None, None, true); - assert!(admin.write_config(config).is_ok()); - - configure_totp(&admin, 1); - let user = admin.device().authenticate_user(USER_PASSWORD).unwrap(); - check_totp_codes(&user, 1, TotpTimestampSize::U32); - - assert!(user.device().get_totp_code(1).is_err()); -} - -#[test] -#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)] -#[cfg_attr(feature = "test-storage", should_panic(expected = "assertion failed"))] -// See comment for totp_no_pin_64. -fn totp_pin_64() { - let admin = get_admin_test_device(); - let config = Config::new(None, None, None, true); - assert!(admin.write_config(config).is_ok()); - - configure_totp(&admin, 1); - let user = admin.device().authenticate_user(USER_PASSWORD).unwrap(); - check_totp_codes(&user, 1, TotpTimestampSize::U64); - - assert!(user.device().get_totp_code(1).is_err()); -} - -#[test] -#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)] -fn totp_slot_name() { - let admin = get_admin_test_device(); - let slot_data = OtpSlotData::new(1, "test-totp", TOTP_SECRET, OtpMode::EightDigits); - assert!(admin.write_totp_slot(slot_data, 0).is_ok()); - - let device = admin.device(); - let result = device.get_totp_slot_name(1); - assert!(result.is_ok()); - assert_eq!("test-totp", result.unwrap()); - let result = device.get_totp_slot_name(16); - assert_eq!(CommandError::InvalidSlot, result.unwrap_err()); -} - -#[test] -#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)] -fn totp_error() { - let admin = get_admin_test_device(); - let slot_data = OtpSlotData::new(1, "", HOTP_SECRET, OtpMode::SixDigits); - assert_eq!( - Err(CommandError::NoName), - admin.write_hotp_slot(slot_data, 0) - ); - let slot_data = OtpSlotData::new(4, "test", HOTP_SECRET, OtpMode::SixDigits); - assert_eq!( - Err(CommandError::InvalidSlot), - admin.write_hotp_slot(slot_data, 0) - ); - let code = admin.get_hotp_code(4); - assert_eq!(CommandError::InvalidSlot, code.unwrap_err()); -} - -#[test] -#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)] -fn totp_erase() { - let admin = get_admin_test_device(); - let config = Config::new(None, None, None, false); - assert!(admin.write_config(config).is_ok()); - let slot_data = OtpSlotData::new(1, "test1", TOTP_SECRET, OtpMode::SixDigits); - assert!(admin.write_totp_slot(slot_data, 0).is_ok()); - let slot_data = OtpSlotData::new(2, "test2", TOTP_SECRET, OtpMode::SixDigits); - assert!(admin.write_totp_slot(slot_data, 0).is_ok()); - - assert!(admin.erase_totp_slot(1).is_ok()); - - let device = admin.device(); - let result = device.get_totp_slot_name(1); - assert_eq!(CommandError::SlotNotProgrammed, result.unwrap_err()); - let result = device.get_totp_code(1); - assert_eq!(CommandError::SlotNotProgrammed, result.unwrap_err()); - - assert_eq!("test2", device.get_totp_slot_name(2).unwrap()); -} diff --git a/nitrokey/src/tests/pws.rs b/nitrokey/src/tests/pws.rs deleted file mode 100644 index f581515..0000000 --- a/nitrokey/src/tests/pws.rs +++ /dev/null @@ -1,143 +0,0 @@ -use device::Device; -use nitrokey_sys; -use pws::{GetPasswordSafe, PasswordSafe, SLOT_COUNT}; -use tests::util::{Target, ADMIN_PASSWORD, USER_PASSWORD}; -use util::{result_from_string, CommandError}; - -fn get_pws(device: &Target) -> PasswordSafe { - device.get_password_safe(USER_PASSWORD).unwrap() -} - -#[test] -#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)] -fn enable() { - let device = Target::connect().unwrap(); - assert!( - device - .get_password_safe(&(USER_PASSWORD.to_owned() + "123")) - .is_err() - ); - assert!(device.get_password_safe(USER_PASSWORD).is_ok()); - assert!(device.get_password_safe(ADMIN_PASSWORD).is_err()); - assert!(device.get_password_safe(USER_PASSWORD).is_ok()); -} - -#[test] -#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)] -fn drop() { - let device = Target::connect().unwrap(); - { - let pws = get_pws(&device); - assert!(pws.write_slot(1, "name", "login", "password").is_ok()); - assert_eq!("name", pws.get_slot_name(1).unwrap()); - let result = result_from_string(unsafe { nitrokey_sys::NK_get_password_safe_slot_name(1) }); - assert_eq!(Ok(String::from("name")), result); - } - let result = result_from_string(unsafe { nitrokey_sys::NK_get_password_safe_slot_name(1) }); - assert_eq!(Ok(String::from("name")), result); - assert!(device.lock().is_ok()); - let result = result_from_string(unsafe { nitrokey_sys::NK_get_password_safe_slot_name(1) }); - assert_eq!(Err(CommandError::NotAuthorized), result); -} - -#[test] -#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)] -fn get_status() { - let device = Target::connect().unwrap(); - let pws = get_pws(&device); - for i in 0..SLOT_COUNT { - assert!(pws.erase_slot(i).is_ok(), "Could not erase slot {}", i); - } - let status = pws.get_slot_status().unwrap(); - assert_eq!(status, [false; SLOT_COUNT as usize]); - - assert!(pws.write_slot(1, "name", "login", "password").is_ok()); - let status = pws.get_slot_status().unwrap(); - for i in 0..SLOT_COUNT { - assert_eq!(i == 1, status[i as usize]); - } - - for i in 0..SLOT_COUNT { - assert!(pws.write_slot(i, "name", "login", "password").is_ok()); - } - let status = pws.get_slot_status().unwrap(); - assert_eq!(status, [true; SLOT_COUNT as usize]); -} - -#[test] -#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)] -fn get_data() { - let device = Target::connect().unwrap(); - let pws = get_pws(&device); - assert!(pws.write_slot(1, "name", "login", "password").is_ok()); - assert_eq!("name", pws.get_slot_name(1).unwrap()); - assert_eq!("login", pws.get_slot_login(1).unwrap()); - assert_eq!("password", pws.get_slot_password(1).unwrap()); - - assert!(pws.erase_slot(1).is_ok()); - // TODO: check error codes - assert_eq!(Err(CommandError::Unknown), pws.get_slot_name(1)); - assert_eq!(Err(CommandError::Unknown), pws.get_slot_login(1)); - assert_eq!(Err(CommandError::Unknown), pws.get_slot_password(1)); - - let name = "with å"; - let login = "pär@test.com"; - let password = "'i3lJc[09?I:,[u7dWz9"; - assert!(pws.write_slot(1, name, login, password).is_ok()); - assert_eq!(name, pws.get_slot_name(1).unwrap()); - assert_eq!(login, pws.get_slot_login(1).unwrap()); - assert_eq!(password, pws.get_slot_password(1).unwrap()); - - assert_eq!( - Err(CommandError::InvalidSlot), - pws.get_slot_name(SLOT_COUNT) - ); - assert_eq!( - Err(CommandError::InvalidSlot), - pws.get_slot_login(SLOT_COUNT) - ); - assert_eq!( - Err(CommandError::InvalidSlot), - pws.get_slot_password(SLOT_COUNT) - ); -} - -#[test] -#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)] -fn write() { - let device = Target::connect().unwrap(); - let pws = get_pws(&device); - - assert_eq!( - Err(CommandError::InvalidSlot), - pws.write_slot(SLOT_COUNT, "name", "login", "password") - ); - - assert!(pws.write_slot(0, "", "login", "password").is_ok()); - assert_eq!(Err(CommandError::Unknown), pws.get_slot_name(0)); - assert_eq!(Ok(String::from("login")), pws.get_slot_login(0)); - assert_eq!(Ok(String::from("password")), pws.get_slot_password(0)); - - assert!(pws.write_slot(0, "name", "", "password").is_ok()); - assert_eq!(Ok(String::from("name")), pws.get_slot_name(0)); - assert_eq!(Err(CommandError::Unknown), pws.get_slot_login(0)); - assert_eq!(Ok(String::from("password")), pws.get_slot_password(0)); - - assert!(pws.write_slot(0, "name", "login", "").is_ok()); - assert_eq!(Ok(String::from("name")), pws.get_slot_name(0)); - assert_eq!(Ok(String::from("login")), pws.get_slot_login(0)); - assert_eq!(Err(CommandError::Unknown), pws.get_slot_password(0)); -} - -#[test] -#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)] -fn erase() { - let device = Target::connect().unwrap(); - let pws = get_pws(&device); - assert_eq!(Err(CommandError::InvalidSlot), pws.erase_slot(SLOT_COUNT)); - - assert!(pws.write_slot(0, "name", "login", "password").is_ok()); - assert!(pws.erase_slot(0).is_ok()); - assert!(pws.erase_slot(0).is_ok()); - assert_eq!(Err(CommandError::Unknown), pws.get_slot_name(0)); -} diff --git a/nitrokey/src/tests/util.rs b/nitrokey/src/tests/util.rs deleted file mode 100644 index c6fbb8f..0000000 --- a/nitrokey/src/tests/util.rs +++ /dev/null @@ -1,11 +0,0 @@ -pub static ADMIN_PASSWORD: &str = "12345678"; -pub static USER_PASSWORD: &str = "123456"; - -#[cfg(feature = "test-no-device")] -pub type Target = ::Pro; - -#[cfg(feature = "test-pro")] -pub type Target = ::Pro; - -#[cfg(feature = "test-storage")] -pub type Target = ::Storage; diff --git a/nitrokey/src/util.rs b/nitrokey/src/util.rs index 6f4fbb0..a2e957e 100644 --- a/nitrokey/src/util.rs +++ b/nitrokey/src/util.rs @@ -1,13 +1,12 @@ -use libc::{c_void, free}; -use nitrokey_sys; -use rand::{OsRng, Rng}; -use std; use std::ffi::{CStr, CString}; use std::fmt; use std::os::raw::{c_char, c_int}; +use libc::{c_void, free}; +use rand::Rng; + /// Error types returned by Nitrokey device or by the library. -#[derive(Debug, PartialEq)] +#[derive(Clone, Copy, Debug, PartialEq)] pub enum CommandError { /// A packet with a wrong checksum has been sent or received. WrongCrc, @@ -44,7 +43,7 @@ pub enum CommandError { /// /// Setting the log level to a lower level enables all output from higher levels too. Currently, /// only the log levels `Warning`, `DebugL1`, `Debug` and `DebugL2` are actually used. -#[derive(Debug, PartialEq)] +#[derive(Clone, Copy, Debug, PartialEq)] pub enum LogLevel { /// Error messages. Currently not used. Error, @@ -101,12 +100,8 @@ pub fn get_last_error() -> CommandError { } pub fn generate_password(length: usize) -> std::io::Result<Vec<u8>> { - let mut rng = match OsRng::new() { - Ok(rng) => rng, - Err(err) => return Err(err), - }; let mut data = vec![0u8; length]; - rng.fill_bytes(&mut data[..]); + rand::thread_rng().fill(&mut data[..]); return Ok(data); } @@ -115,7 +110,7 @@ pub fn get_cstring<T: Into<Vec<u8>>>(s: T) -> Result<CString, CommandError> { } impl fmt::Display for CommandError { - fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { let msg = match *self { CommandError::WrongCrc => "A packet with a wrong checksum has been sent or received", CommandError::WrongSlot => "The given OTP slot does not exist", |