summaryrefslogtreecommitdiff
path: root/src/tests/otp.rs
blob: 59fd319c7799297957e0eaa7172c4ce7811dd719 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
// otp.rs

// *************************************************************************
// * Copyright (C) 2019-2020 The Nitrocli Developers                       *
// *                                                                       *
// * This program is free software: you can redistribute it and/or modify  *
// * it under the terms of the GNU General Public License as published by  *
// * the Free Software Foundation, either version 3 of the License, or     *
// * (at your option) any later version.                                   *
// *                                                                       *
// * This program is distributed in the hope that it will be useful,       *
// * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
// * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
// * GNU General Public License for more details.                          *
// *                                                                       *
// * You should have received a copy of the GNU General Public License     *
// * along with this program.  If not, see <http://www.gnu.org/licenses/>. *
// *************************************************************************

use super::*;

use crate::args;

#[test_device]
fn set_invalid_slot_raw(model: nitrokey::Model) {
  let (rc, out, err) =
    Nitrocli::with_model(model).run(&["otp", "set", "100", "name", "1234", "-f", "hex"]);

  assert_ne!(rc, 0);
  assert_eq!(out, b"");
  assert_eq!(&err[..24], b"Failed to write OTP slot");
}

#[test_device]
fn set_invalid_slot(model: nitrokey::Model) {
  let err = Nitrocli::with_model(model)
    .handle(&["otp", "set", "100", "name", "1234", "-f", "hex"])
    .unwrap_err()
    .to_string();

  assert_eq!(err, "Failed to write OTP slot");
}

#[test_device]
fn status(model: nitrokey::Model) -> anyhow::Result<()> {
  let re = regex::Regex::new(
    r#"^alg\tslot\tname
((totp|hotp)\t\d+\t.+\n)+$"#,
  )
  .unwrap();

  let mut ncli = Nitrocli::with_model(model);
  // Make sure that we have at least something to display by ensuring
  // that there is one slot programmed.
  let _ = ncli.handle(&["otp", "set", "0", "the-name", "123456", "-f", "hex"])?;

  let out = ncli.handle(&["otp", "status"])?;
  assert!(re.is_match(&out), out);
  Ok(())
}

#[test_device]
fn set_get_hotp(model: nitrokey::Model) -> anyhow::Result<()> {
  // Secret and expected HOTP values as per RFC 4226: Appendix D -- HOTP
  // Algorithm: Test Values.
  const SECRET: &str = "12345678901234567890";
  const OTP1: &str = concat!(755224, "\n");
  const OTP2: &str = concat!(287082, "\n");

  let mut ncli = Nitrocli::with_model(model);
  let _ = ncli.handle(&[
    "otp", "set", "-a", "hotp", "-f", "ascii", "1", "name", &SECRET,
  ])?;

  let out = ncli.handle(&["otp", "get", "-a", "hotp", "1"])?;
  assert_eq!(out, OTP1);

  let out = ncli.handle(&["otp", "get", "-a", "hotp", "1"])?;
  assert_eq!(out, OTP2);
  Ok(())
}

#[test_device]
fn set_get_totp(model: nitrokey::Model) -> anyhow::Result<()> {
  // Secret and expected TOTP values as per RFC 6238: Appendix B --
  // Test Vectors.
  const SECRET: &str = "12345678901234567890";
  const TIME: &str = stringify!(1111111111);
  const OTP: &str = concat!(14050471, "\n");

  let mut ncli = Nitrocli::with_model(model);
  let _ = ncli.handle(&["otp", "set", "-d", "8", "-f", "ascii", "2", "name", &SECRET])?;

  let out = ncli.handle(&["otp", "get", "-t", TIME, "2"])?;
  assert_eq!(out, OTP);
  Ok(())
}

#[test_device]
fn set_totp_uneven_chars(model: nitrokey::Model) -> anyhow::Result<()> {
  let secrets = [
    (args::OtpSecretFormat::Hex, "123"),
    (args::OtpSecretFormat::Base32, "FBILDWWGA2"),
  ];

  for (format, secret) in &secrets {
    let mut ncli = Nitrocli::with_model(model);
    let _ = ncli.handle(&["otp", "set", "-f", format.as_ref(), "3", "foobar", &secret])?;
  }
  Ok(())
}

#[test_device]
fn clear(model: nitrokey::Model) -> anyhow::Result<()> {
  let mut ncli = Nitrocli::with_model(model);
  let _ = ncli.handle(&["otp", "set", "3", "hotp-test", "abcdef"])?;
  let _ = ncli.handle(&["otp", "clear", "3"])?;
  let res = ncli.handle(&["otp", "get", "3"]);

  let err = res.unwrap_err().to_string();
  assert_eq!(err, "Failed to generate OTP");
  Ok(())
}