diff options
Diffstat (limited to 'nitrokey/tests')
-rw-r--r-- | nitrokey/tests/device.rs | 118 | ||||
-rw-r--r-- | nitrokey/tests/otp.rs | 12 | ||||
-rw-r--r-- | nitrokey/tests/pws.rs | 18 | ||||
-rw-r--r-- | nitrokey/tests/util/mod.rs | 1 |
4 files changed, 136 insertions, 13 deletions
diff --git a/nitrokey/tests/device.rs b/nitrokey/tests/device.rs index 26afa62..0ad4987 100644 --- a/nitrokey/tests/device.rs +++ b/nitrokey/tests/device.rs @@ -4,11 +4,15 @@ use std::ffi::CStr; use std::process::Command; use std::{thread, time}; -use nitrokey::{Authenticate, CommandError, Config, Device, Storage}; +use nitrokey::{ + Authenticate, CommandError, Config, ConfigureOtp, Device, GenerateOtp, GetPasswordSafe, + OtpMode, OtpSlotData, Storage, +}; -use crate::util::{Target, ADMIN_PASSWORD, USER_PASSWORD}; +use crate::util::{Target, ADMIN_PASSWORD, UPDATE_PIN, USER_PASSWORD}; static ADMIN_NEW_PASSWORD: &str = "1234567890"; +static UPDATE_NEW_PIN: &str = "87654321"; static USER_NEW_PASSWORD: &str = "abcdefghij"; fn count_nitrokey_block_devices() -> usize { @@ -256,12 +260,14 @@ fn unlock_user_pin() { device.unlock_user_pin(USER_PASSWORD, USER_PASSWORD) ); + // block user PIN let wrong_password = USER_PASSWORD.to_owned() + "foo"; let device = require_failed_user_login(device, &wrong_password, CommandError::WrongPassword); let device = require_failed_user_login(device, &wrong_password, CommandError::WrongPassword); let device = require_failed_user_login(device, &wrong_password, CommandError::WrongPassword); let device = require_failed_user_login(device, USER_PASSWORD, CommandError::WrongPassword); + // unblock with current PIN assert_eq!( Err(CommandError::WrongPassword), device.unlock_user_pin(USER_PASSWORD, USER_PASSWORD) @@ -269,7 +275,113 @@ fn unlock_user_pin() { assert!(device .unlock_user_pin(ADMIN_PASSWORD, USER_PASSWORD) .is_ok()); - device.authenticate_user(USER_PASSWORD).unwrap(); + let device = device.authenticate_user(USER_PASSWORD).unwrap().device(); + + // block user PIN + let device = require_failed_user_login(device, &wrong_password, CommandError::WrongPassword); + let device = require_failed_user_login(device, &wrong_password, CommandError::WrongPassword); + let device = require_failed_user_login(device, &wrong_password, CommandError::WrongPassword); + let device = require_failed_user_login(device, USER_PASSWORD, CommandError::WrongPassword); + + // unblock with new PIN + assert_eq!( + Err(CommandError::WrongPassword), + device.unlock_user_pin(USER_PASSWORD, USER_PASSWORD) + ); + assert!(device + .unlock_user_pin(ADMIN_PASSWORD, USER_NEW_PASSWORD) + .is_ok()); + + // reset user PIN + assert!(device + .change_user_pin(USER_NEW_PASSWORD, USER_PASSWORD) + .is_ok()); +} + +#[test] +#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)] +fn factory_reset() { + let device = Target::connect().unwrap(); + + assert_eq!( + Ok(()), + device.change_user_pin(USER_PASSWORD, USER_NEW_PASSWORD) + ); + assert_eq!( + Ok(()), + device.change_admin_pin(ADMIN_PASSWORD, ADMIN_NEW_PASSWORD) + ); + + let admin = device.authenticate_admin(ADMIN_NEW_PASSWORD).unwrap(); + let otp_data = OtpSlotData::new(1, "test", "0123468790", OtpMode::SixDigits); + assert_eq!(Ok(()), admin.write_totp_slot(otp_data, 30)); + + let device = admin.device(); + let pws = device.get_password_safe(USER_NEW_PASSWORD).unwrap(); + assert_eq!(Ok(()), pws.write_slot(0, "test", "testlogin", "testpw")); + drop(pws); + + assert_eq!( + Err(CommandError::WrongPassword), + device.factory_reset(USER_NEW_PASSWORD) + ); + assert_eq!( + Err(CommandError::WrongPassword), + device.factory_reset(ADMIN_PASSWORD) + ); + assert_eq!(Ok(()), device.factory_reset(ADMIN_NEW_PASSWORD)); + + let device = device.authenticate_admin(ADMIN_PASSWORD).unwrap().device(); + + let user = device.authenticate_user(USER_PASSWORD).unwrap(); + assert_eq!( + Err(CommandError::SlotNotProgrammed), + user.get_totp_slot_name(1) + ); + + let device = user.device(); + let pws = device.get_password_safe(USER_PASSWORD).unwrap(); + assert_ne!("test".to_string(), pws.get_slot_name(0).unwrap()); + assert_ne!("testlogin".to_string(), pws.get_slot_login(0).unwrap()); + assert_ne!("testpw".to_string(), pws.get_slot_password(0).unwrap()); + + assert_eq!(Ok(()), device.build_aes_key(ADMIN_PASSWORD)); +} + +#[test] +#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)] +fn build_aes_key() { + let device = Target::connect().unwrap(); + + let pws = device.get_password_safe(USER_PASSWORD).unwrap(); + assert_eq!(Ok(()), pws.write_slot(0, "test", "testlogin", "testpw")); + drop(pws); + + assert_eq!( + Err(CommandError::WrongPassword), + device.build_aes_key(USER_PASSWORD) + ); + assert_eq!(Ok(()), device.build_aes_key(ADMIN_PASSWORD)); + + let device = device.authenticate_admin(ADMIN_PASSWORD).unwrap().device(); + + let pws = device.get_password_safe(USER_PASSWORD).unwrap(); + assert_ne!("test".to_string(), pws.get_slot_name(0).unwrap()); + assert_ne!("testlogin".to_string(), pws.get_slot_login(0).unwrap()); + assert_ne!("testpw".to_string(), pws.get_slot_password(0).unwrap()); +} + +#[test] +#[cfg_attr(not(feature = "test-storage"), ignore)] +fn change_update_pin() { + let device = Storage::connect().unwrap(); + + assert_eq!( + Err(CommandError::WrongPassword), + device.change_update_pin(UPDATE_NEW_PIN, UPDATE_PIN) + ); + assert_eq!(Ok(()), device.change_update_pin(UPDATE_PIN, UPDATE_NEW_PIN)); + assert_eq!(Ok(()), device.change_update_pin(UPDATE_NEW_PIN, UPDATE_PIN)); } #[test] diff --git a/nitrokey/tests/otp.rs b/nitrokey/tests/otp.rs index 8e7ae08..c7d6e68 100644 --- a/nitrokey/tests/otp.rs +++ b/nitrokey/tests/otp.rs @@ -55,6 +55,16 @@ fn check_hotp_codes(device: &GenerateOtp, offset: u8) { #[test] #[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)] +fn set_time() { + let device = Target::connect().expect("Could not connect to the Nitrokey."); + assert_eq!(Ok(()), device.set_time(1546385382, true)); + assert_eq!(Ok(()), device.set_time(1546385392, false)); + assert_eq!(Err(CommandError::Timestamp), device.set_time(1546385292, false)); + assert_eq!(Ok(()), device.set_time(1546385382, true)); +} + +#[test] +#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)] fn hotp_no_pin() { let admin = get_admin_test_device(); let config = Config::new(None, None, None, false); @@ -152,7 +162,7 @@ fn check_totp_codes(device: &GenerateOtp, factor: u64, timestamp_size: TotpTimes continue; } - assert!(device.set_time(time).is_ok()); + assert!(device.set_time(time, true).is_ok()); let result = device.get_totp_code(1); assert!(result.is_ok()); let result_code = result.unwrap(); diff --git a/nitrokey/tests/pws.rs b/nitrokey/tests/pws.rs index 875324b..5061298 100644 --- a/nitrokey/tests/pws.rs +++ b/nitrokey/tests/pws.rs @@ -11,7 +11,7 @@ use crate::util::{Target, ADMIN_PASSWORD, USER_PASSWORD}; fn get_slot_name_direct(slot: u8) -> Result<String, CommandError> { let ptr = unsafe { nitrokey_sys::NK_get_password_safe_slot_name(slot) }; if ptr.is_null() { - return Err(CommandError::Unknown); + return Err(CommandError::Undefined); } let s = unsafe { CStr::from_ptr(ptr).to_string_lossy().into_owned() }; unsafe { free(ptr as *mut c_void) }; @@ -19,7 +19,7 @@ fn get_slot_name_direct(slot: u8) -> Result<String, CommandError> { true => { let error = unsafe { nitrokey_sys::NK_get_last_command_status() } as c_int; match error { - 0 => Err(CommandError::Unknown), + 0 => Err(CommandError::Undefined), other => Err(CommandError::from(other)), } } @@ -97,9 +97,9 @@ fn get_data() { assert!(pws.erase_slot(1).is_ok()); // TODO: check error codes - assert_eq!(Err(CommandError::Unknown), pws.get_slot_name(1)); - assert_eq!(Err(CommandError::Unknown), pws.get_slot_login(1)); - assert_eq!(Err(CommandError::Unknown), pws.get_slot_password(1)); + assert_eq!(Err(CommandError::Undefined), pws.get_slot_name(1)); + assert_eq!(Err(CommandError::Undefined), pws.get_slot_login(1)); + assert_eq!(Err(CommandError::Undefined), pws.get_slot_password(1)); let name = "with å"; let login = "pär@test.com"; @@ -135,19 +135,19 @@ fn write() { ); assert!(pws.write_slot(0, "", "login", "password").is_ok()); - assert_eq!(Err(CommandError::Unknown), pws.get_slot_name(0)); + assert_eq!(Err(CommandError::Undefined), pws.get_slot_name(0)); assert_eq!(Ok(String::from("login")), pws.get_slot_login(0)); assert_eq!(Ok(String::from("password")), pws.get_slot_password(0)); assert!(pws.write_slot(0, "name", "", "password").is_ok()); assert_eq!(Ok(String::from("name")), pws.get_slot_name(0)); - assert_eq!(Err(CommandError::Unknown), pws.get_slot_login(0)); + assert_eq!(Err(CommandError::Undefined), pws.get_slot_login(0)); assert_eq!(Ok(String::from("password")), pws.get_slot_password(0)); assert!(pws.write_slot(0, "name", "login", "").is_ok()); assert_eq!(Ok(String::from("name")), pws.get_slot_name(0)); assert_eq!(Ok(String::from("login")), pws.get_slot_login(0)); - assert_eq!(Err(CommandError::Unknown), pws.get_slot_password(0)); + assert_eq!(Err(CommandError::Undefined), pws.get_slot_password(0)); } #[test] @@ -160,5 +160,5 @@ fn erase() { assert!(pws.write_slot(0, "name", "login", "password").is_ok()); assert!(pws.erase_slot(0).is_ok()); assert!(pws.erase_slot(0).is_ok()); - assert_eq!(Err(CommandError::Unknown), pws.get_slot_name(0)); + assert_eq!(Err(CommandError::Undefined), pws.get_slot_name(0)); } diff --git a/nitrokey/tests/util/mod.rs b/nitrokey/tests/util/mod.rs index c2c94e2..5e495d8 100644 --- a/nitrokey/tests/util/mod.rs +++ b/nitrokey/tests/util/mod.rs @@ -1,4 +1,5 @@ pub static ADMIN_PASSWORD: &str = "12345678"; +pub static UPDATE_PIN: &str = "12345678"; pub static USER_PASSWORD: &str = "123456"; #[cfg(not(feature = "test-storage"))] |