diff options
Diffstat (limited to 'src/tests')
-rw-r--r-- | src/tests/config.rs | 66 | ||||
-rw-r--r-- | src/tests/encrypted.rs | 95 | ||||
-rw-r--r-- | src/tests/hidden.rs | 49 | ||||
-rw-r--r-- | src/tests/lock.rs | 44 | ||||
-rw-r--r-- | src/tests/mod.rs | 180 | ||||
-rw-r--r-- | src/tests/otp.rs | 130 | ||||
-rw-r--r-- | src/tests/pin.rs | 84 | ||||
-rw-r--r-- | src/tests/pws.rs | 123 | ||||
-rw-r--r-- | src/tests/reset.rs | 60 | ||||
-rw-r--r-- | src/tests/run.rs | 103 | ||||
-rw-r--r-- | src/tests/status.rs | 81 | ||||
-rw-r--r-- | src/tests/unencrypted.rs | 46 |
12 files changed, 1061 insertions, 0 deletions
diff --git a/src/tests/config.rs b/src/tests/config.rs new file mode 100644 index 0000000..ea3a0e8 --- /dev/null +++ b/src/tests/config.rs @@ -0,0 +1,66 @@ +// config.rs + +// ************************************************************************* +// * Copyright (C) 2019 Daniel Mueller (deso@posteo.net) * +// * * +// * This program is free software: you can redistribute it and/or modify * +// * it under the terms of the GNU General Public License as published by * +// * the Free Software Foundation, either version 3 of the License, or * +// * (at your option) any later version. * +// * * +// * This program is distributed in the hope that it will be useful, * +// * but WITHOUT ANY WARRANTY; without even the implied warranty of * +// * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * +// * GNU General Public License for more details. * +// * * +// * You should have received a copy of the GNU General Public License * +// * along with this program. If not, see <http://www.gnu.org/licenses/>. * +// ************************************************************************* + +use super::*; + +#[test_device] +fn get(model: nitrokey::Model) -> crate::Result<()> { + let re = regex::Regex::new( + r#"^Config: + numlock binding: (not set|\d+) + capslock binding: (not set|\d+) + scrollock binding: (not set|\d+) + require user PIN for OTP: (true|false) +$"#, + ) + .unwrap(); + + let out = Nitrocli::with_model(model).handle(&["config", "get"])?; + assert!(re.is_match(&out), out); + Ok(()) +} + +#[test_device] +fn set_wrong_usage(model: nitrokey::Model) { + let res = Nitrocli::with_model(model).handle(&["config", "set", "--numlock", "2", "-N"]); + assert_eq!( + res.unwrap_str_err(), + "--numlock and --no-numlock are mutually exclusive" + ); +} + +#[test_device] +fn set_get(model: nitrokey::Model) -> crate::Result<()> { + let mut ncli = Nitrocli::with_model(model); + let _ = ncli.handle(&["config", "set", "-s", "1", "-c", "0", "-N"])?; + + let re = regex::Regex::new( + r#"^Config: + numlock binding: not set + capslock binding: 0 + scrollock binding: 1 + require user PIN for OTP: (true|false) +$"#, + ) + .unwrap(); + + let out = ncli.handle(&["config", "get"])?; + assert!(re.is_match(&out), out); + Ok(()) +} diff --git a/src/tests/encrypted.rs b/src/tests/encrypted.rs new file mode 100644 index 0000000..75b84c3 --- /dev/null +++ b/src/tests/encrypted.rs @@ -0,0 +1,95 @@ +// encrypted.rs + +// ************************************************************************* +// * Copyright (C) 2019 Daniel Mueller (deso@posteo.net) * +// * * +// * This program is free software: you can redistribute it and/or modify * +// * it under the terms of the GNU General Public License as published by * +// * the Free Software Foundation, either version 3 of the License, or * +// * (at your option) any later version. * +// * * +// * This program is distributed in the hope that it will be useful, * +// * but WITHOUT ANY WARRANTY; without even the implied warranty of * +// * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * +// * GNU General Public License for more details. * +// * * +// * You should have received a copy of the GNU General Public License * +// * along with this program. If not, see <http://www.gnu.org/licenses/>. * +// ************************************************************************* + +use super::*; + +#[test_device(storage)] +fn status_open_close(model: nitrokey::Model) -> crate::Result<()> { + fn make_re(open: Option<bool>) -> regex::Regex { + let encrypted = match open { + Some(open) => { + if open { + "active" + } else { + "(read-only|inactive)" + } + } + None => "(read-only|active|inactive)", + }; + let re = format!( + r#" + volumes: + unencrypted: (read-only|active|inactive) + encrypted: {} + hidden: (read-only|active|inactive) +$"#, + encrypted + ); + regex::Regex::new(&re).unwrap() + } + + let mut ncli = Nitrocli::with_model(model); + let out = ncli.handle(&["status"])?; + assert!(make_re(None).is_match(&out), out); + + let _ = ncli.handle(&["encrypted", "open"])?; + let out = ncli.handle(&["status"])?; + assert!(make_re(Some(true)).is_match(&out), out); + + let _ = ncli.handle(&["encrypted", "close"])?; + let out = ncli.handle(&["status"])?; + assert!(make_re(Some(false)).is_match(&out), out); + + Ok(()) +} + +#[test_device(pro)] +fn encrypted_open_on_pro(model: nitrokey::Model) { + let res = Nitrocli::with_model(model).handle(&["encrypted", "open"]); + assert_eq!( + res.unwrap_str_err(), + "This command is only available on the Nitrokey Storage", + ); +} + +#[test_device(storage)] +fn encrypted_open_close(model: nitrokey::Model) -> crate::Result<()> { + let mut ncli = Nitrocli::with_model(model); + let out = ncli.handle(&["encrypted", "open"])?; + assert!(out.is_empty()); + + { + let mut manager = nitrokey::force_take()?; + let device = manager.connect_storage()?; + assert!(device.get_status()?.encrypted_volume.active); + assert!(!device.get_status()?.hidden_volume.active); + } + + let out = ncli.handle(&["encrypted", "close"])?; + assert!(out.is_empty()); + + { + let mut manager = nitrokey::force_take()?; + let device = manager.connect_storage()?; + assert!(!device.get_status()?.encrypted_volume.active); + assert!(!device.get_status()?.hidden_volume.active); + } + + Ok(()) +} diff --git a/src/tests/hidden.rs b/src/tests/hidden.rs new file mode 100644 index 0000000..28a5d23 --- /dev/null +++ b/src/tests/hidden.rs @@ -0,0 +1,49 @@ +// hidden.rs + +// ************************************************************************* +// * Copyright (C) 2019 Daniel Mueller (deso@posteo.net) * +// * * +// * This program is free software: you can redistribute it and/or modify * +// * it under the terms of the GNU General Public License as published by * +// * the Free Software Foundation, either version 3 of the License, or * +// * (at your option) any later version. * +// * * +// * This program is distributed in the hope that it will be useful, * +// * but WITHOUT ANY WARRANTY; without even the implied warranty of * +// * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * +// * GNU General Public License for more details. * +// * * +// * You should have received a copy of the GNU General Public License * +// * along with this program. If not, see <http://www.gnu.org/licenses/>. * +// ************************************************************************* + +use super::*; + +#[test_device(storage)] +fn hidden_create_open_close(model: nitrokey::Model) -> crate::Result<()> { + let mut ncli = Nitrocli::with_model(model); + let out = ncli.handle(&["hidden", "create", "0", "50", "100"])?; + assert!(out.is_empty()); + + let out = ncli.handle(&["hidden", "open"])?; + assert!(out.is_empty()); + + { + let mut manager = nitrokey::force_take()?; + let device = manager.connect_storage()?; + assert!(!device.get_status()?.encrypted_volume.active); + assert!(device.get_status()?.hidden_volume.active); + } + + let out = ncli.handle(&["hidden", "close"])?; + assert!(out.is_empty()); + + { + let mut manager = nitrokey::force_take()?; + let device = manager.connect_storage()?; + assert!(!device.get_status()?.encrypted_volume.active); + assert!(!device.get_status()?.hidden_volume.active); + } + + Ok(()) +} diff --git a/src/tests/lock.rs b/src/tests/lock.rs new file mode 100644 index 0000000..5140152 --- /dev/null +++ b/src/tests/lock.rs @@ -0,0 +1,44 @@ +// lock.rs + +// ************************************************************************* +// * Copyright (C) 2019 Daniel Mueller (deso@posteo.net) * +// * * +// * This program is free software: you can redistribute it and/or modify * +// * it under the terms of the GNU General Public License as published by * +// * the Free Software Foundation, either version 3 of the License, or * +// * (at your option) any later version. * +// * * +// * This program is distributed in the hope that it will be useful, * +// * but WITHOUT ANY WARRANTY; without even the implied warranty of * +// * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * +// * GNU General Public License for more details. * +// * * +// * You should have received a copy of the GNU General Public License * +// * along with this program. If not, see <http://www.gnu.org/licenses/>. * +// ************************************************************************* + +use super::*; + +#[test_device(pro)] +fn lock_pro(model: nitrokey::Model) -> crate::Result<()> { + // We can't really test much more here than just success of the command. + let out = Nitrocli::with_model(model).handle(&["lock"])?; + assert!(out.is_empty()); + + Ok(()) +} + +#[test_device(storage)] +fn lock_storage(model: nitrokey::Model) -> crate::Result<()> { + let mut ncli = Nitrocli::with_model(model); + let _ = ncli.handle(&["encrypted", "open"])?; + + let out = ncli.handle(&["lock"])?; + assert!(out.is_empty()); + + let mut manager = nitrokey::force_take()?; + let device = manager.connect_storage()?; + assert!(!device.get_status()?.encrypted_volume.active); + + Ok(()) +} diff --git a/src/tests/mod.rs b/src/tests/mod.rs new file mode 100644 index 0000000..5ebf285 --- /dev/null +++ b/src/tests/mod.rs @@ -0,0 +1,180 @@ +// mod.rs + +// ************************************************************************* +// * Copyright (C) 2019-2020 Daniel Mueller (deso@posteo.net) * +// * * +// * This program is free software: you can redistribute it and/or modify * +// * it under the terms of the GNU General Public License as published by * +// * the Free Software Foundation, either version 3 of the License, or * +// * (at your option) any later version. * +// * * +// * This program is distributed in the hope that it will be useful, * +// * but WITHOUT ANY WARRANTY; without even the implied warranty of * +// * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * +// * GNU General Public License for more details. * +// * * +// * You should have received a copy of the GNU General Public License * +// * along with this program. If not, see <http://www.gnu.org/licenses/>. * +// ************************************************************************* + +use std::ffi; +use std::fmt; + +use nitrokey_test::test as test_device; + +mod config; +mod encrypted; +mod hidden; +mod lock; +mod otp; +mod pin; +mod pws; +mod reset; +mod run; +mod status; +mod unencrypted; + +/// A trait simplifying checking for expected errors. +pub trait UnwrapError { + /// Unwrap an Error::Error variant. + fn unwrap_str_err(self) -> String; + /// Unwrap a Error::CommandError variant. + fn unwrap_cmd_err(self) -> (Option<&'static str>, nitrokey::CommandError); + /// Unwrap a Error::LibraryError variant. + fn unwrap_lib_err(self) -> (Option<&'static str>, nitrokey::LibraryError); +} + +impl<T> UnwrapError for crate::Result<T> +where + T: fmt::Debug, +{ + fn unwrap_str_err(self) -> String { + match self.unwrap_err() { + crate::Error::Error(err) => err, + err => panic!("Unexpected error variant found: {:?}", err), + } + } + + fn unwrap_cmd_err(self) -> (Option<&'static str>, nitrokey::CommandError) { + match self.unwrap_err() { + crate::Error::NitrokeyError(ctx, err) => match err { + nitrokey::Error::CommandError(err) => (ctx, err), + err => panic!("Unexpected error variant found: {:?}", err), + }, + err => panic!("Unexpected error variant found: {:?}", err), + } + } + + fn unwrap_lib_err(self) -> (Option<&'static str>, nitrokey::LibraryError) { + match self.unwrap_err() { + crate::Error::NitrokeyError(ctx, err) => match err { + nitrokey::Error::LibraryError(err) => (ctx, err), + err => panic!("Unexpected error variant found: {:?}", err), + }, + err => panic!("Unexpected error variant found: {:?}", err), + } + } +} + +struct Nitrocli { + model: Option<nitrokey::Model>, + admin_pin: Option<ffi::OsString>, + user_pin: Option<ffi::OsString>, + new_admin_pin: Option<ffi::OsString>, + new_user_pin: Option<ffi::OsString>, + password: Option<ffi::OsString>, +} + +impl Nitrocli { + pub fn new() -> Self { + Self { + model: None, + admin_pin: Some(nitrokey::DEFAULT_ADMIN_PIN.into()), + user_pin: Some(nitrokey::DEFAULT_USER_PIN.into()), + new_admin_pin: None, + new_user_pin: None, + password: None, + } + } + + pub fn with_model<M>(model: M) -> Self + where + M: Into<nitrokey::Model>, + { + Self { + model: Some(model.into()), + admin_pin: Some(nitrokey::DEFAULT_ADMIN_PIN.into()), + user_pin: Some(nitrokey::DEFAULT_USER_PIN.into()), + new_admin_pin: None, + new_user_pin: None, + password: Some("1234567".into()), + } + } + + pub fn admin_pin(&mut self, pin: impl Into<ffi::OsString>) { + self.admin_pin = Some(pin.into()) + } + + pub fn new_admin_pin(&mut self, pin: impl Into<ffi::OsString>) { + self.new_admin_pin = Some(pin.into()) + } + + pub fn user_pin(&mut self, pin: impl Into<ffi::OsString>) { + self.user_pin = Some(pin.into()) + } + + pub fn new_user_pin(&mut self, pin: impl Into<ffi::OsString>) { + self.new_user_pin = Some(pin.into()) + } + + fn model_to_arg(model: nitrokey::Model) -> &'static str { + match model { + nitrokey::Model::Pro => "--model=pro", + nitrokey::Model::Storage => "--model=storage", + } + } + + fn do_run<F, R>(&mut self, args: &[&str], f: F) -> (R, Vec<u8>, Vec<u8>) + where + F: FnOnce(&mut crate::RunCtx<'_>, Vec<String>) -> R, + { + let args = ["nitrocli"] + .iter() + .cloned() + .chain(self.model.map(Self::model_to_arg)) + .chain(args.iter().cloned()) + .map(ToOwned::to_owned) + .collect(); + + let mut stdout = Vec::new(); + let mut stderr = Vec::new(); + + let ctx = &mut crate::RunCtx { + stdout: &mut stdout, + stderr: &mut stderr, + admin_pin: self.admin_pin.clone(), + user_pin: self.user_pin.clone(), + new_admin_pin: self.new_admin_pin.clone(), + new_user_pin: self.new_user_pin.clone(), + password: self.password.clone(), + no_cache: true, + }; + + (f(ctx, args), stdout, stderr) + } + + /// Run `nitrocli`'s `run` function. + pub fn run(&mut self, args: &[&str]) -> (i32, Vec<u8>, Vec<u8>) { + self.do_run(args, |c, a| crate::run(c, a)) + } + + /// Run `nitrocli`'s `handle_arguments` function. + pub fn handle(&mut self, args: &[&str]) -> crate::Result<String> { + let (res, out, _) = self.do_run(args, |c, a| crate::args::handle_arguments(c, a)); + res.map(|_| String::from_utf8_lossy(&out).into_owned()) + } + + pub fn model(&self) -> Option<nitrokey::Model> { + self.model + } +} diff --git a/src/tests/otp.rs b/src/tests/otp.rs new file mode 100644 index 0000000..0ccecf9 --- /dev/null +++ b/src/tests/otp.rs @@ -0,0 +1,130 @@ +// otp.rs + +// ************************************************************************* +// * Copyright (C) 2019 Daniel Mueller (deso@posteo.net) * +// * * +// * This program is free software: you can redistribute it and/or modify * +// * it under the terms of the GNU General Public License as published by * +// * the Free Software Foundation, either version 3 of the License, or * +// * (at your option) any later version. * +// * * +// * This program is distributed in the hope that it will be useful, * +// * but WITHOUT ANY WARRANTY; without even the implied warranty of * +// * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * +// * GNU General Public License for more details. * +// * * +// * You should have received a copy of the GNU General Public License * +// * along with this program. If not, see <http://www.gnu.org/licenses/>. * +// ************************************************************************* + +use super::*; + +use crate::args; + +#[test_device] +fn set_invalid_slot_raw(model: nitrokey::Model) { + let (rc, out, err) = Nitrocli::with_model(model).run(&["otp", "set", "100", "name", "1234"]); + + assert_ne!(rc, 0); + assert_eq!(out, b""); + assert_eq!(&err[..24], b"Could not write OTP slot"); +} + +#[test_device] +fn set_invalid_slot(model: nitrokey::Model) { + let res = Nitrocli::with_model(model).handle(&["otp", "set", "100", "name", "1234"]); + + assert_eq!( + res.unwrap_lib_err(), + ( + Some("Could not write OTP slot"), + nitrokey::LibraryError::InvalidSlot + ) + ); +} + +#[test_device] +fn status(model: nitrokey::Model) -> crate::Result<()> { + let re = regex::Regex::new( + r#"^alg\tslot\tname +((totp|hotp)\t\d+\t.+\n)+$"#, + ) + .unwrap(); + + let mut ncli = Nitrocli::with_model(model); + // Make sure that we have at least something to display by ensuring + // that there is one slot programmed. + let _ = ncli.handle(&["otp", "set", "0", "the-name", "123456"])?; + + let out = ncli.handle(&["otp", "status"])?; + assert!(re.is_match(&out), out); + Ok(()) +} + +#[test_device] +fn set_get_hotp(model: nitrokey::Model) -> crate::Result<()> { + // Secret and expected HOTP values as per RFC 4226: Appendix D -- HOTP + // Algorithm: Test Values. + const SECRET: &str = "12345678901234567890"; + const OTP1: &str = concat!(755224, "\n"); + const OTP2: &str = concat!(287082, "\n"); + + let mut ncli = Nitrocli::with_model(model); + let _ = ncli.handle(&[ + "otp", "set", "-a", "hotp", "-f", "ascii", "1", "name", &SECRET, + ])?; + + let out = ncli.handle(&["otp", "get", "-a", "hotp", "1"])?; + assert_eq!(out, OTP1); + + let out = ncli.handle(&["otp", "get", "-a", "hotp", "1"])?; + assert_eq!(out, OTP2); + Ok(()) +} + +#[test_device] +fn set_get_totp(model: nitrokey::Model) -> crate::Result<()> { + // Secret and expected TOTP values as per RFC 6238: Appendix B -- + // Test Vectors. + const SECRET: &str = "12345678901234567890"; + const TIME: &str = stringify!(1111111111); + const OTP: &str = concat!(14050471, "\n"); + + let mut ncli = Nitrocli::with_model(model); + let _ = ncli.handle(&["otp", "set", "-d", "8", "-f", "ascii", "2", "name", &SECRET])?; + + let out = ncli.handle(&["otp", "get", "-t", TIME, "2"])?; + assert_eq!(out, OTP); + Ok(()) +} + +#[test_device] +fn set_totp_uneven_chars(model: nitrokey::Model) -> crate::Result<()> { + let secrets = [ + (args::OtpSecretFormat::Hex, "123"), + (args::OtpSecretFormat::Base32, "FBILDWWGA2"), + ]; + + for (format, secret) in &secrets { + let mut ncli = Nitrocli::with_model(model); + let _ = ncli.handle(&["otp", "set", "-f", format.as_ref(), "3", "foobar", &secret])?; + } + Ok(()) +} + +#[test_device] +fn clear(model: nitrokey::Model) -> crate::Result<()> { + let mut ncli = Nitrocli::with_model(model); + let _ = ncli.handle(&["otp", "set", "3", "hotp-test", "abcdef"])?; + let _ = ncli.handle(&["otp", "clear", "3"])?; + let res = ncli.handle(&["otp", "get", "3"]); + + assert_eq!( + res.unwrap_cmd_err(), + ( + Some("Could not generate OTP"), + nitrokey::CommandError::SlotNotProgrammed + ) + ); + Ok(()) +} diff --git a/src/tests/pin.rs b/src/tests/pin.rs new file mode 100644 index 0000000..958a36d --- /dev/null +++ b/src/tests/pin.rs @@ -0,0 +1,84 @@ +// pin.rs + +// ************************************************************************* +// * Copyright (C) 2019 Daniel Mueller (deso@posteo.net) * +// * * +// * This program is free software: you can redistribute it and/or modify * +// * it under the terms of the GNU General Public License as published by * +// * the Free Software Foundation, either version 3 of the License, or * +// * (at your option) any later version. * +// * * +// * This program is distributed in the hope that it will be useful, * +// * but WITHOUT ANY WARRANTY; without even the implied warranty of * +// * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * +// * GNU General Public License for more details. * +// * * +// * You should have received a copy of the GNU General Public License * +// * along with this program. If not, see <http://www.gnu.org/licenses/>. * +// ************************************************************************* + +use nitrokey::Authenticate; +use nitrokey::Device; + +use super::*; + +#[test_device] +fn unblock(model: nitrokey::Model) -> crate::Result<()> { + { + let mut manager = nitrokey::force_take()?; + let device = manager.connect_model(model)?; + let (device, err) = device.authenticate_user("wrong-pin").unwrap_err(); + match err { + nitrokey::Error::CommandError(err) if err == nitrokey::CommandError::WrongPassword => (), + _ => panic!("Unexpected error variant found: {:?}", err), + } + assert!(device.get_user_retry_count()? < 3); + } + + let _ = Nitrocli::with_model(model).handle(&["pin", "unblock"])?; + + { + let mut manager = nitrokey::force_take()?; + let device = manager.connect_model(model)?; + assert_eq!(device.get_user_retry_count()?, 3); + } + Ok(()) +} + +#[test_device] +fn set_user(model: nitrokey::Model) -> crate::Result<()> { + let mut ncli = Nitrocli::with_model(model); + // Set a new user PIN. + ncli.new_user_pin("new-pin"); + let out = ncli.handle(&["pin", "set", "user"])?; + assert!(out.is_empty()); + + { + let mut manager = nitrokey::force_take()?; + let device = manager.connect_model(model)?; + let (_, err) = device + .authenticate_user(nitrokey::DEFAULT_USER_PIN) + .unwrap_err(); + + match err { + nitrokey::Error::CommandError(err) if err == nitrokey::CommandError::WrongPassword => (), + _ => panic!("Unexpected error variant found: {:?}", err), + } + } + + // Revert to the default user PIN. + ncli.user_pin("new-pin"); + ncli.new_user_pin(nitrokey::DEFAULT_USER_PIN); + + let out = ncli.handle(&["pin", "set", "user"])?; + assert!(out.is_empty()); + + { + let mut manager = nitrokey::force_take()?; + let device = manager.connect_model(ncli.model().unwrap())?; + let _ = device + .authenticate_user(nitrokey::DEFAULT_USER_PIN) + .unwrap(); + } + Ok(()) +} diff --git a/src/tests/pws.rs b/src/tests/pws.rs new file mode 100644 index 0000000..651b2d5 --- /dev/null +++ b/src/tests/pws.rs @@ -0,0 +1,123 @@ +// pws.rs + +// ************************************************************************* +// * Copyright (C) 2019 Daniel Mueller (deso@posteo.net) * +// * * +// * This program is free software: you can redistribute it and/or modify * +// * it under the terms of the GNU General Public License as published by * +// * the Free Software Foundation, either version 3 of the License, or * +// * (at your option) any later version. * +// * * +// * This program is distributed in the hope that it will be useful, * +// * but WITHOUT ANY WARRANTY; without even the implied warranty of * +// * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * +// * GNU General Public License for more details. * +// * * +// * You should have received a copy of the GNU General Public License * +// * along with this program. If not, see <http://www.gnu.org/licenses/>. * +// ************************************************************************* + +use super::*; + +#[test_device] +fn set_invalid_slot(model: nitrokey::Model) { + let res = Nitrocli::with_model(model).handle(&["pws", "set", "100", "name", "login", "1234"]); + + assert_eq!( + res.unwrap_lib_err(), + ( + Some("Could not write PWS slot"), + nitrokey::LibraryError::InvalidSlot + ) + ); +} + +#[test_device] +fn status(model: nitrokey::Model) -> crate::Result<()> { + let re = regex::Regex::new( + r#"^slot\tname +(\d+\t.+\n)+$"#, + ) + .unwrap(); + + let mut ncli = Nitrocli::with_model(model); + // Make sure that we have at least something to display by ensuring + // that there are there is one slot programmed. + let _ = ncli.handle(&["pws", "set", "0", "the-name", "the-login", "123456"])?; + + let out = ncli.handle(&["pws", "status"])?; + assert!(re.is_match(&out), out); + Ok(()) +} + +#[test_device] +fn set_get(model: nitrokey::Model) -> crate::Result<()> { + const NAME: &str = "dropbox"; + const LOGIN: &str = "d-e-s-o"; + const PASSWORD: &str = "my-secret-password"; + + let mut ncli = Nitrocli::with_model(model); + let _ = ncli.handle(&["pws", "set", "1", &NAME, &LOGIN, &PASSWORD])?; + + let out = ncli.handle(&["pws", "get", "1", "--quiet", "--name"])?; + assert_eq!(out, format!("{}\n", NAME)); + + let out = ncli.handle(&["pws", "get", "1", "--quiet", "--login"])?; + assert_eq!(out, format!("{}\n", LOGIN)); + + let out = ncli.handle(&["pws", "get", "1", "--quiet", "--password"])?; + assert_eq!(out, format!("{}\n", PASSWORD)); + + let out = ncli.handle(&["pws", "get", "1", "--quiet"])?; + assert_eq!(out, format!("{}\n{}\n{}\n", NAME, LOGIN, PASSWORD)); + + let out = ncli.handle(&["pws", "get", "1"])?; + assert_eq!( + out, + format!( + "name: {}\nlogin: {}\npassword: {}\n", + NAME, LOGIN, PASSWORD + ), + ); + Ok(()) +} + +#[test_device] +fn set_reset_get(model: nitrokey::Model) -> crate::Result<()> { + const NAME: &str = "some/svc"; + const LOGIN: &str = "a\\user"; + const PASSWORD: &str = "!@&-)*(&+%^@"; + + let mut ncli = Nitrocli::with_model(model); + let _ = ncli.handle(&["pws", "set", "2", &NAME, &LOGIN, &PASSWORD])?; + + let out = ncli.handle(&["reset"])?; + assert_eq!(out, ""); + + let res = ncli.handle(&["pws", "get", "2"]); + assert_eq!( + res.unwrap_cmd_err(), + ( + Some("Could not access PWS slot"), + nitrokey::CommandError::SlotNotProgrammed + ) + ); + Ok(()) +} + +#[test_device] +fn clear(model: nitrokey::Model) -> crate::Result<()> { + let mut ncli = Nitrocli::with_model(model); + let _ = ncli.handle(&["pws", "set", "10", "clear-test", "some-login", "abcdef"])?; + let _ = ncli.handle(&["pws", "clear", "10"])?; + let res = ncli.handle(&["pws", "get", "10"]); + + assert_eq!( + res.unwrap_cmd_err(), + ( + Some("Could not access PWS slot"), + nitrokey::CommandError::SlotNotProgrammed + ) + ); + Ok(()) +} diff --git a/src/tests/reset.rs b/src/tests/reset.rs new file mode 100644 index 0000000..e197970 --- /dev/null +++ b/src/tests/reset.rs @@ -0,0 +1,60 @@ +// reset.rs + +// ************************************************************************* +// * Copyright (C) 2019 Robin Krahl (robin.krahl@ireas.org) * +// * * +// * This program is free software: you can redistribute it and/or modify * +// * it under the terms of the GNU General Public License as published by * +// * the Free Software Foundation, either version 3 of the License, or * +// * (at your option) any later version. * +// * * +// * This program is distributed in the hope that it will be useful, * +// * but WITHOUT ANY WARRANTY; without even the implied warranty of * +// * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * +// * GNU General Public License for more details. * +// * * +// * You should have received a copy of the GNU General Public License * +// * along with this program. If not, see <http://www.gnu.org/licenses/>. * +// ************************************************************************* + +use nitrokey::Authenticate; +use nitrokey::GetPasswordSafe; + +use super::*; + +#[test_device] +fn reset(model: nitrokey::Model) -> crate::Result<()> { + let new_admin_pin = "87654321"; + let mut ncli = Nitrocli::with_model(model); + + // Change the admin PIN. + ncli.new_admin_pin(new_admin_pin); + let _ = ncli.handle(&["pin", "set", "admin"])?; + + { + let mut manager = nitrokey::force_take()?; + // Check that the admin PIN has been changed. + let device = manager.connect_model(ncli.model().unwrap())?; + let _ = device.authenticate_admin(new_admin_pin).unwrap(); + } + + // Perform factory reset + ncli.admin_pin(new_admin_pin); + let out = ncli.handle(&["reset"])?; + assert!(out.is_empty()); + + { + let mut manager = nitrokey::force_take()?; + // Check that the admin PIN has been reset. + let device = manager.connect_model(ncli.model().unwrap())?; + let mut device = device + .authenticate_admin(nitrokey::DEFAULT_ADMIN_PIN) + .unwrap(); + + // Check that the password store works, i.e., the AES key has been + // built. + let _ = device.get_password_safe(nitrokey::DEFAULT_USER_PIN)?; + } + + Ok(()) +} diff --git a/src/tests/run.rs b/src/tests/run.rs new file mode 100644 index 0000000..c59c660 --- /dev/null +++ b/src/tests/run.rs @@ -0,0 +1,103 @@ +// run.rs + +// ************************************************************************* +// * Copyright (C) 2019 Daniel Mueller (deso@posteo.net) * +// * * +// * This program is free software: you can redistribute it and/or modify * +// * it under the terms of the GNU General Public License as published by * +// * the Free Software Foundation, either version 3 of the License, or * +// * (at your option) any later version. * +// * * +// * This program is distributed in the hope that it will be useful, * +// * but WITHOUT ANY WARRANTY; without even the implied warranty of * +// * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * +// * GNU General Public License for more details. * +// * * +// * You should have received a copy of the GNU General Public License * +// * along with this program. If not, see <http://www.gnu.org/licenses/>. * +// ************************************************************************* + +use super::*; + +#[test] +fn no_command_or_option() { + let (rc, out, err) = Nitrocli::new().run(&[]); + + assert_ne!(rc, 0); + assert_eq!(out, b""); + + let s = String::from_utf8_lossy(&err).into_owned(); + assert!(s.starts_with("Usage:\n"), s); +} + +#[test] +fn help_options() { + fn test_run(args: &[&str], help: &str) { + let mut all = args.to_vec(); + all.push(help); + + let (rc, out, err) = Nitrocli::new().run(&all); + + assert_eq!(rc, 0); + assert_eq!(err, b""); + + let s = String::from_utf8_lossy(&out).into_owned(); + let expected = format!("Usage:\n nitrocli {}", args.join(" ")); + assert!(s.starts_with(&expected), s); + } + + fn test(args: &[&str]) { + test_run(args, "--help"); + test_run(args, "-h"); + } + + test(&[]); + test(&["config"]); + test(&["config", "get"]); + test(&["config", "set"]); + test(&["encrypted"]); + test(&["encrypted", "open"]); + test(&["encrypted", "close"]); + test(&["hidden"]); + test(&["hidden", "close"]); + test(&["hidden", "create"]); + test(&["hidden", "open"]); + test(&["lock"]); + test(&["otp"]); + test(&["otp", "clear"]); + test(&["otp", "get"]); + test(&["otp", "set"]); + test(&["otp", "status"]); + test(&["pin"]); + test(&["pin", "clear"]); + test(&["pin", "set"]); + test(&["pin", "unblock"]); + test(&["pws"]); + test(&["pws", "clear"]); + test(&["pws", "get"]); + test(&["pws", "set"]); + test(&["pws", "status"]); + test(&["reset"]); + test(&["status"]); + test(&["unencrypted"]); + test(&["unencrypted", "set"]); +} + +#[test] +fn version_option() { + fn test(re: ®ex::Regex, opt: &'static str) { + let (rc, out, err) = Nitrocli::new().run(&[opt]); + + assert_eq!(rc, 0); + assert_eq!(err, b""); + + let s = String::from_utf8_lossy(&out).into_owned(); + let _ = re; + assert!(re.is_match(&s), out); + } + + let re = regex::Regex::new(r"^nitrocli \d+.\d+.\d+(-[^-]+)*\n$").unwrap(); + + test(&re, "--version"); + test(&re, "-V"); +} diff --git a/src/tests/status.rs b/src/tests/status.rs new file mode 100644 index 0000000..c9f4976 --- /dev/null +++ b/src/tests/status.rs @@ -0,0 +1,81 @@ +// status.rs + +// ************************************************************************* +// * Copyright (C) 2019 Daniel Mueller (deso@posteo.net) * +// * * +// * This program is free software: you can redistribute it and/or modify * +// * it under the terms of the GNU General Public License as published by * +// * the Free Software Foundation, either version 3 of the License, or * +// * (at your option) any later version. * +// * * +// * This program is distributed in the hope that it will be useful, * +// * but WITHOUT ANY WARRANTY; without even the implied warranty of * +// * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * +// * GNU General Public License for more details. * +// * * +// * You should have received a copy of the GNU General Public License * +// * along with this program. If not, see <http://www.gnu.org/licenses/>. * +// ************************************************************************* + +use super::*; + +// This test acts as verification that conversion of Error::Error +// variants into the proper exit code works properly. +#[test_device] +fn not_found_raw() { + let (rc, out, err) = Nitrocli::new().run(&["status"]); + + assert_ne!(rc, 0); + assert_eq!(out, b""); + assert_eq!(err, b"Nitrokey device not found\n"); +} + +#[test_device] +fn not_found() { + let res = Nitrocli::new().handle(&["status"]); + assert_eq!(res.unwrap_str_err(), "Nitrokey device not found"); +} + +#[test_device(pro)] +fn output_pro(model: nitrokey::Model) -> crate::Result<()> { + let re = regex::Regex::new( + r#"^Status: + model: Pro + serial number: 0x[[:xdigit:]]{8} + firmware version: v\d+\.\d+ + user retry count: [0-3] + admin retry count: [0-3] +$"#, + ) + .unwrap(); + + let out = Nitrocli::with_model(model).handle(&["status"])?; + assert!(re.is_match(&out), out); + Ok(()) +} + +#[test_device(storage)] +fn output_storage(model: nitrokey::Model) -> crate::Result<()> { + let re = regex::Regex::new( + r#"^Status: + model: Storage + serial number: 0x[[:xdigit:]]{8} + firmware version: v\d+\.\d+ + user retry count: [0-3] + admin retry count: [0-3] + Storage: + SD card ID: 0x[[:xdigit:]]{8} + firmware: (un)?locked + storage keys: (not )?created + volumes: + unencrypted: (read-only|active|inactive) + encrypted: (read-only|active|inactive) + hidden: (read-only|active|inactive) +$"#, + ) + .unwrap(); + + let out = Nitrocli::with_model(model).handle(&["status"])?; + assert!(re.is_match(&out), out); + Ok(()) +} diff --git a/src/tests/unencrypted.rs b/src/tests/unencrypted.rs new file mode 100644 index 0000000..547dcaf --- /dev/null +++ b/src/tests/unencrypted.rs @@ -0,0 +1,46 @@ +// unencrypted.rs + +// ************************************************************************* +// * Copyright (C) 2019 Daniel Mueller (deso@posteo.net) * +// * * +// * This program is free software: you can redistribute it and/or modify * +// * it under the terms of the GNU General Public License as published by * +// * the Free Software Foundation, either version 3 of the License, or * +// * (at your option) any later version. * +// * * +// * This program is distributed in the hope that it will be useful, * +// * but WITHOUT ANY WARRANTY; without even the implied warranty of * +// * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * +// * GNU General Public License for more details. * +// * * +// * You should have received a copy of the GNU General Public License * +// * along with this program. If not, see <http://www.gnu.org/licenses/>. * +// ************************************************************************* + +use super::*; + +#[test_device(storage)] +fn unencrypted_set_read_write(model: nitrokey::Model) -> crate::Result<()> { + let mut ncli = Nitrocli::with_model(model); + let out = ncli.handle(&["unencrypted", "set", "read-write"])?; + assert!(out.is_empty()); + + { + let mut manager = nitrokey::force_take()?; + let device = manager.connect_storage()?; + assert!(device.get_status()?.unencrypted_volume.active); + assert!(!device.get_status()?.unencrypted_volume.read_only); + } + + let out = ncli.handle(&["unencrypted", "set", "read-only"])?; + assert!(out.is_empty()); + + { + let mut manager = nitrokey::force_take()?; + let device = manager.connect_storage()?; + assert!(device.get_status()?.unencrypted_volume.active); + assert!(device.get_status()?.unencrypted_volume.read_only); + } + + Ok(()) +} |