From ecf3474223ca3d16a10f12dc2272e3b0ed72c1bb Mon Sep 17 00:00:00 2001 From: Daniel Mueller Date: Wed, 2 Jan 2019 21:14:10 -0800 Subject: Update nitrokey crate to 0.2.3 This change updates the nitrokey crate to version 0.2.3. This version bumps the rand crate used to 0.6.1, which in turn requires an additional set of dependencies. Import subrepo nitrokey/:nitrokey at b3e2adc5bb1300441ca74cc7672617c042f3ea31 Import subrepo rand/:rand at 73613ff903512e9503e41cc8ba9eae76269dc598 Import subrepo rustc_version/:rustc_version at 0294f2ba2018bf7be672abd53db351ce5055fa02 Import subrepo semver-parser/:semver-parser at 750da9b11a04125231b1fb293866ca036845acee Import subrepo semver/:semver at 5eb6db94fa03f4d5c64a625a56188f496be47598 --- nitrokey/CHANGELOG.md | 13 ++ nitrokey/Cargo.toml | 6 +- nitrokey/README.md | 15 +-- nitrokey/src/auth.rs | 14 +- nitrokey/src/config.rs | 2 +- nitrokey/src/device.rs | 99 ++++++++++++-- nitrokey/src/lib.rs | 22 +-- nitrokey/src/otp.rs | 8 +- nitrokey/src/pws.rs | 19 +-- nitrokey/src/tests/device.rs | 304 ----------------------------------------- nitrokey/src/tests/mod.rs | 4 - nitrokey/src/tests/otp.rs | 283 -------------------------------------- nitrokey/src/tests/pws.rs | 143 -------------------- nitrokey/src/tests/util.rs | 11 -- nitrokey/src/util.rs | 19 +-- nitrokey/tests/device.rs | 313 +++++++++++++++++++++++++++++++++++++++++++ nitrokey/tests/otp.rs | 289 +++++++++++++++++++++++++++++++++++++++ nitrokey/tests/pws.rs | 164 +++++++++++++++++++++++ nitrokey/tests/util/mod.rs | 8 ++ 19 files changed, 926 insertions(+), 810 deletions(-) delete mode 100644 nitrokey/src/tests/device.rs delete mode 100644 nitrokey/src/tests/mod.rs delete mode 100644 nitrokey/src/tests/otp.rs delete mode 100644 nitrokey/src/tests/pws.rs delete mode 100644 nitrokey/src/tests/util.rs create mode 100644 nitrokey/tests/device.rs create mode 100644 nitrokey/tests/otp.rs create mode 100644 nitrokey/tests/pws.rs create mode 100644 nitrokey/tests/util/mod.rs (limited to 'nitrokey') diff --git a/nitrokey/CHANGELOG.md b/nitrokey/CHANGELOG.md index a60d6a7..5064d4f 100644 --- a/nitrokey/CHANGELOG.md +++ b/nitrokey/CHANGELOG.md @@ -1,3 +1,16 @@ +# v0.2.3 (2018-12-31) + +- Dummy release to fix an issue with the crates.io tarball. + +# v0.2.2 (2018-12-30) + +- Update to Rust edition 2018. +- Remove the `test-no-device` feature. +- Update the rand dependency to version 0.6. +- Add function `Device::get_model` that returns the connected model. +- Derive the `Copy` and `Clone` traits for the enums `CommandError`, `LogLevel` + and `OtpMode` + # v0.2.1 (2018-12-10) - Re-export `device::{StorageStatus, VolumeStatus}` in `lib.rs`. diff --git a/nitrokey/Cargo.toml b/nitrokey/Cargo.toml index dad751b..6369fba 100644 --- a/nitrokey/Cargo.toml +++ b/nitrokey/Cargo.toml @@ -1,7 +1,8 @@ [package] name = "nitrokey" -version = "0.2.1" +version = "0.2.3" authors = ["Robin Krahl "] +edition = "2018" homepage = "https://code.ireas.org/nitrokey-rs/" repository = "https://git.ireas.org/nitrokey-rs/" documentation = "https://docs.rs/nitrokey" @@ -12,11 +13,10 @@ readme = "README.md" license = "MIT" [features] -test-no-device = [] test-pro = [] test-storage = [] [dependencies] libc = "0.2" nitrokey-sys = "3.4.1" -rand = "0.4" +rand = "0.6" diff --git a/nitrokey/README.md b/nitrokey/README.md index 6039943..568b1d4 100644 --- a/nitrokey/README.md +++ b/nitrokey/README.md @@ -4,11 +4,6 @@ A libnitrokey wrapper for Rust providing access to Nitrokey devices. [Documentation][] -```toml -[dependencies] -nitrokey = "0.2.1" -``` - ## Compatibility The required [`libnitrokey`][] version is built from source. The host system @@ -35,12 +30,12 @@ supported by `nitrokey-rs`: ## Tests This crate has three test suites that can be selected using features. One test -suite (feature `test-no-device`) assumes that no Nitrokey device is connected. -The two other test suites require a Nitrokey Pro (feature `test-pro`) or a -Nitrokey Storage (feature `test-storage`) to be connected. +suite assumes that no Nitrokey device is connected. It is run if no other test +suite is selected. The two other test suites require a Nitrokey Pro (feature +`test-pro`) or a Nitrokey Storage (feature `test-storage`) to be connected. Use the `--features` option for Cargo to select one of the test suites. You -cannot select more than one of the test suites at the same time. Note that the +should select more than one of the test suites at the same time. Note that the test suites that require a Nitrokey device assume that the device’s passwords are the factory defaults (admin password `12345678` and user password `123456`). Running the test suite with a device with different passwords might @@ -54,7 +49,7 @@ the test executable. In conclusion, you can use these commands to run the test suites: ``` -$ cargo test --features test-no-device -- --test-threads 1 +$ cargo test $ cargo test --features test-pro -- --test-threads 1 $ cargo test --features test-storage -- --test-threads 1 ``` diff --git a/nitrokey/src/auth.rs b/nitrokey/src/auth.rs index 0918222..017cdbb 100644 --- a/nitrokey/src/auth.rs +++ b/nitrokey/src/auth.rs @@ -1,10 +1,14 @@ -use config::{Config, RawConfig}; -use device::{Device, DeviceWrapper, Pro, Storage}; -use nitrokey_sys; -use otp::{ConfigureOtp, GenerateOtp, OtpMode, OtpSlotData, RawOtpSlotData}; use std::ops::Deref; use std::os::raw::c_int; -use util::{generate_password, get_command_result, get_cstring, result_from_string, CommandError}; + +use nitrokey_sys; + +use crate::config::{Config, RawConfig}; +use crate::device::{Device, DeviceWrapper, Pro, Storage}; +use crate::otp::{ConfigureOtp, GenerateOtp, OtpMode, OtpSlotData, RawOtpSlotData}; +use crate::util::{ + generate_password, get_command_result, get_cstring, result_from_string, CommandError, +}; static TEMPORARY_PASSWORD_LENGTH: usize = 25; diff --git a/nitrokey/src/config.rs b/nitrokey/src/config.rs index 33bf256..2ce6f77 100644 --- a/nitrokey/src/config.rs +++ b/nitrokey/src/config.rs @@ -1,4 +1,4 @@ -use util::CommandError; +use crate::util::CommandError; /// The configuration for a Nitrokey. #[derive(Clone, Copy, Debug, PartialEq)] diff --git a/nitrokey/src/device.rs b/nitrokey/src/device.rs index f135261..9c6608d 100644 --- a/nitrokey/src/device.rs +++ b/nitrokey/src/device.rs @@ -1,20 +1,38 @@ -use auth::Authenticate; -use config::{Config, RawConfig}; +use std::fmt; + use libc; use nitrokey_sys; -use otp::GenerateOtp; -use pws::GetPasswordSafe; -use util::{get_command_result, get_cstring, get_last_error, result_from_string, CommandError}; + +use crate::auth::Authenticate; +use crate::config::{Config, RawConfig}; +use crate::otp::GenerateOtp; +use crate::pws::GetPasswordSafe; +use crate::util::{ + get_command_result, get_cstring, get_last_error, result_from_string, CommandError, +}; /// Available Nitrokey models. -#[derive(Debug, PartialEq)] -enum Model { +#[derive(Clone, Copy, Debug, PartialEq)] +pub enum Model { /// The Nitrokey Storage. Storage, /// The Nitrokey Pro. Pro, } +impl fmt::Display for Model { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + write!( + f, + "{}", + match *self { + Model::Pro => "Pro", + Model::Storage => "Storage", + } + ) + } +} + /// A wrapper for a Nitrokey device of unknown type. /// /// Use the function [`connect`][] to obtain a wrapped instance. The wrapper implements all traits @@ -210,6 +228,21 @@ pub struct StorageStatus { /// This trait provides the commands that can be executed without authentication and that are /// present on all supported Nitrokey devices. pub trait Device: Authenticate + GetPasswordSafe + GenerateOtp { + /// Returns the model of the connected Nitrokey device. + /// + /// # Example + /// + /// ```no_run + /// use nitrokey::Device; + /// # use nitrokey::CommandError; + /// + /// # fn try_main() -> Result<(), CommandError> { + /// let device = nitrokey::connect()?; + /// println!("Connected to a Nitrokey {}", device.get_model()); + /// # Ok(()) + /// # } + fn get_model(&self) -> Model; + /// Returns the serial number of the Nitrokey device. The serial number is the string /// representation of a hex number. /// @@ -536,7 +569,7 @@ fn connect_model(model: Model) -> bool { } impl DeviceWrapper { - fn device(&self) -> &Device { + fn device(&self) -> &dyn Device { match *self { DeviceWrapper::Storage(ref storage) => storage, DeviceWrapper::Pro(ref pro) => pro, @@ -562,9 +595,30 @@ impl GenerateOtp for DeviceWrapper { } } -impl Device for DeviceWrapper {} +impl Device for DeviceWrapper { + fn get_model(&self) -> Model { + match *self { + DeviceWrapper::Pro(_) => Model::Pro, + DeviceWrapper::Storage(_) => Model::Storage, + } + } +} impl Pro { + /// Connects to a Nitrokey Pro. + /// + /// # Example + /// + /// ``` + /// use nitrokey::Pro; + /// + /// fn use_pro(device: Pro) {} + /// + /// match nitrokey::Pro::connect() { + /// Ok(device) => use_pro(device), + /// Err(err) => println!("Could not connect to the Nitrokey Pro: {}", err), + /// } + /// ``` pub fn connect() -> Result { // TODO: maybe Option instead of Result? match connect_model(Model::Pro) { @@ -582,11 +636,29 @@ impl Drop for Pro { } } -impl Device for Pro {} +impl Device for Pro { + fn get_model(&self) -> Model { + Model::Pro + } +} impl GenerateOtp for Pro {} impl Storage { + /// Connects to a Nitrokey Storage. + /// + /// # Example + /// + /// ``` + /// use nitrokey::Storage; + /// + /// fn use_storage(device: Storage) {} + /// + /// match nitrokey::Storage::connect() { + /// Ok(device) => use_storage(device), + /// Err(err) => println!("Could not connect to the Nitrokey Storage: {}", err), + /// } + /// ``` pub fn connect() -> Result { // TODO: maybe Option instead of Result? match connect_model(Model::Storage) { @@ -661,7 +733,6 @@ impl Storage { unsafe { get_command_result(nitrokey_sys::NK_lock_encrypted_volume()) } } - /// Returns the status of the connected storage device. /// /// # Example @@ -715,7 +786,11 @@ impl Drop for Storage { } } -impl Device for Storage {} +impl Device for Storage { + fn get_model(&self) -> Model { + Model::Storage + } +} impl GenerateOtp for Storage {} diff --git a/nitrokey/src/lib.rs b/nitrokey/src/lib.rs index e70aa73..9f21518 100644 --- a/nitrokey/src/lib.rs +++ b/nitrokey/src/lib.rs @@ -84,25 +84,25 @@ //! [`DeviceWrapper`]: enum.DeviceWrapper.html //! [`User`]: struct.User.html -extern crate libc; -extern crate nitrokey_sys; -extern crate rand; +#![warn(missing_docs, rust_2018_compatibility, rust_2018_idioms, unused)] mod auth; mod config; mod device; mod otp; mod pws; -#[cfg(test)] -mod tests; mod util; -pub use auth::{Admin, Authenticate, User}; -pub use config::Config; -pub use device::{connect, Device, DeviceWrapper, Pro, Storage, StorageStatus, VolumeStatus}; -pub use otp::{ConfigureOtp, GenerateOtp, OtpMode, OtpSlotData}; -pub use pws::{GetPasswordSafe, PasswordSafe, SLOT_COUNT}; -pub use util::{CommandError, LogLevel}; +use nitrokey_sys; + +pub use crate::auth::{Admin, Authenticate, User}; +pub use crate::config::Config; +pub use crate::device::{ + connect, Device, DeviceWrapper, Model, Pro, Storage, StorageStatus, VolumeStatus, +}; +pub use crate::otp::{ConfigureOtp, GenerateOtp, OtpMode, OtpSlotData}; +pub use crate::pws::{GetPasswordSafe, PasswordSafe, SLOT_COUNT}; +pub use crate::util::{CommandError, LogLevel}; /// Enables or disables debug output. Calling this method with `true` is equivalent to setting the /// log level to `Debug`; calling it with `false` is equivalent to the log level `Error` (see diff --git a/nitrokey/src/otp.rs b/nitrokey/src/otp.rs index 00a5e5e..6f6bd80 100644 --- a/nitrokey/src/otp.rs +++ b/nitrokey/src/otp.rs @@ -1,9 +1,11 @@ -use nitrokey_sys; use std::ffi::CString; -use util::{get_command_result, get_cstring, result_from_string, CommandError}; + +use nitrokey_sys; + +use crate::util::{get_command_result, get_cstring, result_from_string, CommandError}; /// Modes for one-time password generation. -#[derive(Debug, PartialEq)] +#[derive(Clone, Copy, Debug, PartialEq)] pub enum OtpMode { /// Generate one-time passwords with six digits. SixDigits, diff --git a/nitrokey/src/pws.rs b/nitrokey/src/pws.rs index c20fe9d..08ac365 100644 --- a/nitrokey/src/pws.rs +++ b/nitrokey/src/pws.rs @@ -1,7 +1,10 @@ -use device::{Device, DeviceWrapper, Pro, Storage}; use libc; use nitrokey_sys; -use util::{get_command_result, get_cstring, get_last_error, result_from_string, CommandError}; + +use crate::device::{Device, DeviceWrapper, Pro, Storage}; +use crate::util::{ + get_command_result, get_cstring, get_last_error, result_from_string, CommandError, +}; /// The number of slots in a [`PasswordSafe`][]. /// @@ -51,7 +54,7 @@ pub const SLOT_COUNT: u8 = 16; /// [`lock`]: trait.Device.html#method.lock /// [`GetPasswordSafe`]: trait.GetPasswordSafe.html pub struct PasswordSafe<'a> { - _device: &'a Device, + _device: &'a dyn Device, } /// Provides access to a [`PasswordSafe`][]. @@ -98,11 +101,11 @@ pub trait GetPasswordSafe { /// [`lock`]: trait.Device.html#method.lock /// [`InvalidString`]: enum.CommandError.html#variant.InvalidString /// [`WrongPassword`]: enum.CommandError.html#variant.WrongPassword - fn get_password_safe(&self, user_pin: &str) -> Result; + fn get_password_safe(&self, user_pin: &str) -> Result, CommandError>; } fn get_password_safe<'a>( - device: &'a Device, + device: &'a dyn Device, user_pin: &str, ) -> Result, CommandError> { let user_pin_string = get_cstring(user_pin)?; @@ -333,19 +336,19 @@ impl<'a> Drop for PasswordSafe<'a> { } impl GetPasswordSafe for Pro { - fn get_password_safe(&self, user_pin: &str) -> Result { + fn get_password_safe(&self, user_pin: &str) -> Result, CommandError> { get_password_safe(self, user_pin) } } impl GetPasswordSafe for Storage { - fn get_password_safe(&self, user_pin: &str) -> Result { + fn get_password_safe(&self, user_pin: &str) -> Result, CommandError> { get_password_safe(self, user_pin) } } impl GetPasswordSafe for DeviceWrapper { - fn get_password_safe(&self, user_pin: &str) -> Result { + fn get_password_safe(&self, user_pin: &str) -> Result, CommandError> { get_password_safe(self, user_pin) } } diff --git a/nitrokey/src/tests/device.rs b/nitrokey/src/tests/device.rs deleted file mode 100644 index fed465d..0000000 --- a/nitrokey/src/tests/device.rs +++ /dev/null @@ -1,304 +0,0 @@ -use std::ffi::CStr; -use std::process::Command; -use std::{thread, time}; -use tests::util::{Target, ADMIN_PASSWORD, USER_PASSWORD}; -use {Authenticate, CommandError, Config, Device, Storage}; - -static ADMIN_NEW_PASSWORD: &str = "1234567890"; -static USER_NEW_PASSWORD: &str = "abcdefghij"; - -fn count_nitrokey_block_devices() -> usize { - thread::sleep(time::Duration::from_secs(2)); - let output = Command::new("lsblk") - .args(&["-o", "MODEL"]) - .output() - .expect("Could not list block devices"); - String::from_utf8_lossy(&output.stdout) - .split("\n") - .filter(|&s| s == "Nitrokey Storage") - .count() -} - -#[test] -#[cfg_attr(not(feature = "test-no-device"), ignore)] -fn connect_no_device() { - assert!(::connect().is_err()); - assert!(::Pro::connect().is_err()); - assert!(::Storage::connect().is_err()); -} - -#[test] -#[cfg_attr(not(feature = "test-pro"), ignore)] -fn connect_pro() { - assert!(::connect().is_ok()); - assert!(::Pro::connect().is_ok()); - assert!(::Storage::connect().is_err()); - match ::connect().unwrap() { - ::DeviceWrapper::Pro(_) => assert!(true), - ::DeviceWrapper::Storage(_) => assert!(false), - }; -} - -#[test] -#[cfg_attr(not(feature = "test-storage"), ignore)] -fn connect_storage() { - assert!(::connect().is_ok()); - assert!(::Pro::connect().is_err()); - assert!(::Storage::connect().is_ok()); - match ::connect().unwrap() { - ::DeviceWrapper::Pro(_) => assert!(false), - ::DeviceWrapper::Storage(_) => assert!(true), - }; -} - -fn assert_empty_serial_number() { - unsafe { - let ptr = ::nitrokey_sys::NK_device_serial_number(); - assert!(!ptr.is_null()); - let cstr = CStr::from_ptr(ptr); - assert_eq!(cstr.to_string_lossy(), ""); - } -} - -#[test] -#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)] -fn disconnect() { - Target::connect().unwrap(); - assert_empty_serial_number(); - Target::connect() - .unwrap() - .authenticate_admin(ADMIN_PASSWORD) - .unwrap(); - assert_empty_serial_number(); - Target::connect() - .unwrap() - .authenticate_user(USER_PASSWORD) - .unwrap(); - assert_empty_serial_number(); -} - -#[test] -#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)] -fn get_serial_number() { - let device = Target::connect().unwrap(); - let result = device.get_serial_number(); - assert!(result.is_ok()); - let serial_number = result.unwrap(); - assert!(serial_number.is_ascii()); - assert!(serial_number.chars().all(|c| c.is_ascii_hexdigit())); -} -#[test] -#[cfg_attr(not(feature = "test-pro"), ignore)] -fn get_firmware_version() { - let device = Target::connect().unwrap(); - assert_eq!(0, device.get_major_firmware_version()); - let minor = device.get_minor_firmware_version(); - assert!(minor > 0); -} - -fn admin_retry(device: T, suffix: &str, count: u8) -> T { - let result = device.authenticate_admin(&(ADMIN_PASSWORD.to_owned() + suffix)); - let device = match result { - Ok(admin) => admin.device(), - Err((device, _)) => device, - }; - assert_eq!(count, device.get_admin_retry_count()); - return device; -} - -fn user_retry(device: T, suffix: &str, count: u8) -> T { - let result = device.authenticate_user(&(USER_PASSWORD.to_owned() + suffix)); - let device = match result { - Ok(admin) => admin.device(), - Err((device, _)) => device, - }; - assert_eq!(count, device.get_user_retry_count()); - return device; -} - -#[test] -#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)] -fn get_retry_count() { - let device = Target::connect().unwrap(); - - let device = admin_retry(device, "", 3); - let device = admin_retry(device, "123", 2); - let device = admin_retry(device, "456", 1); - let device = admin_retry(device, "", 3); - - let device = user_retry(device, "", 3); - let device = user_retry(device, "123", 2); - let device = user_retry(device, "456", 1); - user_retry(device, "", 3); -} - -#[test] -#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)] -fn config() { - let device = Target::connect().unwrap(); - let admin = device.authenticate_admin(ADMIN_PASSWORD).unwrap(); - let config = Config::new(None, None, None, true); - assert!(admin.write_config(config).is_ok()); - let get_config = admin.get_config().unwrap(); - assert_eq!(config, get_config); - - let config = Config::new(None, Some(9), None, true); - assert_eq!(Err(CommandError::InvalidSlot), admin.write_config(config)); - - let config = Config::new(Some(1), None, Some(0), false); - assert!(admin.write_config(config).is_ok()); - let get_config = admin.get_config().unwrap(); - assert_eq!(config, get_config); - - let config = Config::new(None, None, None, false); - assert!(admin.write_config(config).is_ok()); - let get_config = admin.get_config().unwrap(); - assert_eq!(config, get_config); -} - -#[test] -#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)] -fn change_user_pin() { - let device = Target::connect().unwrap(); - let device = device.authenticate_user(USER_PASSWORD).unwrap().device(); - let device = device.authenticate_user(USER_NEW_PASSWORD).unwrap_err().0; - - assert!( - device - .change_user_pin(USER_PASSWORD, USER_NEW_PASSWORD) - .is_ok() - ); - - let device = device.authenticate_user(USER_PASSWORD).unwrap_err().0; - let device = device - .authenticate_user(USER_NEW_PASSWORD) - .unwrap() - .device(); - - let result = device.change_user_pin(USER_PASSWORD, USER_PASSWORD); - assert_eq!(Err(CommandError::WrongPassword), result); - - assert!( - device - .change_user_pin(USER_NEW_PASSWORD, USER_PASSWORD) - .is_ok() - ); - - let device = device.authenticate_user(USER_PASSWORD).unwrap().device(); - assert!(device.authenticate_user(USER_NEW_PASSWORD).is_err()); -} - -#[test] -#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)] -fn change_admin_pin() { - let device = Target::connect().unwrap(); - let device = device.authenticate_admin(ADMIN_PASSWORD).unwrap().device(); - let device = device.authenticate_admin(ADMIN_NEW_PASSWORD).unwrap_err().0; - - assert!( - device - .change_admin_pin(ADMIN_PASSWORD, ADMIN_NEW_PASSWORD) - .is_ok() - ); - - let device = device.authenticate_admin(ADMIN_PASSWORD).unwrap_err().0; - let device = device - .authenticate_admin(ADMIN_NEW_PASSWORD) - .unwrap() - .device(); - - assert_eq!( - Err(CommandError::WrongPassword), - device.change_admin_pin(ADMIN_PASSWORD, ADMIN_PASSWORD) - ); - - assert!( - device - .change_admin_pin(ADMIN_NEW_PASSWORD, ADMIN_PASSWORD) - .is_ok() - ); - - let device = device.authenticate_admin(ADMIN_PASSWORD).unwrap().device(); - device.authenticate_admin(ADMIN_NEW_PASSWORD).unwrap_err(); -} - -fn require_failed_user_login(device: Target, password: &str, error: CommandError) -> Target { - let result = device.authenticate_user(password); - assert!(result.is_err()); - let err = result.unwrap_err(); - assert_eq!(error, err.1); - err.0 -} - -#[test] -#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)] -fn unlock_user_pin() { - let device = Target::connect().unwrap(); - let device = device.authenticate_user(USER_PASSWORD).unwrap().device(); - assert!( - device - .unlock_user_pin(ADMIN_PASSWORD, USER_PASSWORD) - .is_ok() - ); - assert_eq!( - Err(CommandError::WrongPassword), - device.unlock_user_pin(USER_PASSWORD, USER_PASSWORD) - ); - - let wrong_password = USER_PASSWORD.to_owned() + "foo"; - let device = require_failed_user_login(device, &wrong_password, CommandError::WrongPassword); - let device = require_failed_user_login(device, &wrong_password, CommandError::WrongPassword); - let device = require_failed_user_login(device, &wrong_password, CommandError::WrongPassword); - let device = require_failed_user_login(device, USER_PASSWORD, CommandError::WrongPassword); - - assert_eq!( - Err(CommandError::WrongPassword), - device.unlock_user_pin(USER_PASSWORD, USER_PASSWORD) - ); - assert!( - device - .unlock_user_pin(ADMIN_PASSWORD, USER_PASSWORD) - .is_ok() - ); - device.authenticate_user(USER_PASSWORD).unwrap(); -} - -#[test] -#[cfg_attr(not(feature = "test-storage"), ignore)] -fn encrypted_volume() { - let device = Storage::connect().unwrap(); - assert!(device.lock().is_ok()); - - assert_eq!(1, count_nitrokey_block_devices()); - assert!(device.disable_encrypted_volume().is_ok()); - assert_eq!(1, count_nitrokey_block_devices()); - assert_eq!( - Err(CommandError::WrongPassword), - device.enable_encrypted_volume("123") - ); - assert_eq!(1, count_nitrokey_block_devices()); - assert!(device.enable_encrypted_volume(USER_PASSWORD).is_ok()); - assert_eq!(2, count_nitrokey_block_devices()); - assert!(device.disable_encrypted_volume().is_ok()); - assert_eq!(1, count_nitrokey_block_devices()); -} - -#[test] -#[cfg_attr(not(feature = "test-storage"), ignore)] -fn lock() { - let device = Storage::connect().unwrap(); - - assert!(device.enable_encrypted_volume(USER_PASSWORD).is_ok()); - assert!(device.lock().is_ok()); - assert_eq!(1, count_nitrokey_block_devices()); -} - -#[test] -#[cfg_attr(not(feature = "test-storage"), ignore)] -fn get_storage_status() { - let device = Storage::connect().unwrap(); - let status = device.get_status().unwrap(); - - assert!(status.serial_number_sd_card > 0); - assert!(status.serial_number_smart_card > 0); -} diff --git a/nitrokey/src/tests/mod.rs b/nitrokey/src/tests/mod.rs deleted file mode 100644 index 34ca0aa..0000000 --- a/nitrokey/src/tests/mod.rs +++ /dev/null @@ -1,4 +0,0 @@ -mod device; -mod otp; -mod pws; -mod util; diff --git a/nitrokey/src/tests/otp.rs b/nitrokey/src/tests/otp.rs deleted file mode 100644 index cf71d9d..0000000 --- a/nitrokey/src/tests/otp.rs +++ /dev/null @@ -1,283 +0,0 @@ -use std::ops::Deref; -use tests::util::{Target, ADMIN_PASSWORD, USER_PASSWORD}; -use {Admin, Authenticate, CommandError, Config, ConfigureOtp, GenerateOtp, OtpMode, OtpSlotData}; - -// test suite according to RFC 4226, Appendix D -static HOTP_SECRET: &str = "3132333435363738393031323334353637383930"; -static HOTP_CODES: &[&str] = &[ - "755224", "287082", "359152", "969429", "338314", "254676", "287922", "162583", "399871", - "520489", -]; - -// test suite according to RFC 6238, Appendix B -static TOTP_SECRET: &str = "3132333435363738393031323334353637383930"; -static TOTP_CODES: &[(u64, &str)] = &[ - (59, "94287082"), - (1111111109, "07081804"), - (1111111111, "14050471"), - (1234567890, "89005924"), - (2000000000, "69279037"), - (20000000000, "65353130"), -]; - -#[derive(PartialEq)] -enum TotpTimestampSize { - U32, - U64, -} - -fn get_admin_test_device() -> Admin { - Target::connect() - .expect("Could not connect to the Nitrokey.") - .authenticate_admin(ADMIN_PASSWORD) - .expect("Could not login as admin.") -} - -fn configure_hotp(admin: &ConfigureOtp, counter: u8) { - let slot_data = OtpSlotData::new(1, "test-hotp", HOTP_SECRET, OtpMode::SixDigits); - assert!(admin.write_hotp_slot(slot_data, counter.into()).is_ok()); -} - -fn check_hotp_codes(device: &GenerateOtp, offset: u8) { - HOTP_CODES.iter().enumerate().for_each(|(i, code)| { - if i >= offset as usize { - let result = device.get_hotp_code(1); - assert_eq!(code, &result.unwrap()); - } - }); -} - -#[test] -#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)] -fn hotp_no_pin() { - let admin = get_admin_test_device(); - let config = Config::new(None, None, None, false); - assert!(admin.write_config(config).is_ok()); - - configure_hotp(&admin, 0); - check_hotp_codes(admin.deref(), 0); - - configure_hotp(&admin, 5); - check_hotp_codes(admin.deref(), 5); - - configure_hotp(&admin, 0); - check_hotp_codes(&admin.device(), 0); -} - -#[test] -#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)] -fn hotp_pin() { - let admin = get_admin_test_device(); - let config = Config::new(None, None, None, true); - assert!(admin.write_config(config).is_ok()); - - configure_hotp(&admin, 0); - let user = admin.device().authenticate_user(USER_PASSWORD).unwrap(); - check_hotp_codes(&user, 0); - - assert!(user.device().get_hotp_code(1).is_err()); -} - -#[test] -#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)] -fn hotp_slot_name() { - let admin = get_admin_test_device(); - let slot_data = OtpSlotData::new(1, "test-hotp", HOTP_SECRET, OtpMode::SixDigits); - assert!(admin.write_hotp_slot(slot_data, 0).is_ok()); - - let device = admin.device(); - let result = device.get_hotp_slot_name(1); - assert_eq!("test-hotp", result.unwrap()); - let result = device.get_hotp_slot_name(4); - assert_eq!(CommandError::InvalidSlot, result.unwrap_err()); -} - -#[test] -#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)] -fn hotp_error() { - let admin = get_admin_test_device(); - let slot_data = OtpSlotData::new(1, "", HOTP_SECRET, OtpMode::SixDigits); - assert_eq!( - Err(CommandError::NoName), - admin.write_hotp_slot(slot_data, 0) - ); - let slot_data = OtpSlotData::new(4, "test", HOTP_SECRET, OtpMode::SixDigits); - assert_eq!( - Err(CommandError::InvalidSlot), - admin.write_hotp_slot(slot_data, 0) - ); - let code = admin.get_hotp_code(4); - assert_eq!(CommandError::InvalidSlot, code.unwrap_err()); -} - -#[test] -#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)] -fn hotp_erase() { - let admin = get_admin_test_device(); - let config = Config::new(None, None, None, false); - assert!(admin.write_config(config).is_ok()); - let slot_data = OtpSlotData::new(1, "test1", HOTP_SECRET, OtpMode::SixDigits); - assert!(admin.write_hotp_slot(slot_data, 0).is_ok()); - let slot_data = OtpSlotData::new(2, "test2", HOTP_SECRET, OtpMode::SixDigits); - assert!(admin.write_hotp_slot(slot_data, 0).is_ok()); - - assert!(admin.erase_hotp_slot(1).is_ok()); - - let device = admin.device(); - let result = device.get_hotp_slot_name(1); - assert_eq!(CommandError::SlotNotProgrammed, result.unwrap_err()); - let result = device.get_hotp_code(1); - assert_eq!(CommandError::SlotNotProgrammed, result.unwrap_err()); - - assert_eq!("test2", device.get_hotp_slot_name(2).unwrap()); -} - -fn configure_totp(admin: &ConfigureOtp, factor: u64) { - let slot_data = OtpSlotData::new(1, "test-totp", TOTP_SECRET, OtpMode::EightDigits); - let time_window = 30u64.checked_mul(factor).unwrap(); - assert!(admin.write_totp_slot(slot_data, time_window as u16).is_ok()); -} - -fn check_totp_codes(device: &GenerateOtp, factor: u64, timestamp_size: TotpTimestampSize) { - for (i, &(base_time, code)) in TOTP_CODES.iter().enumerate() { - let time = base_time.checked_mul(factor).unwrap(); - let is_u64 = time > u32::max_value() as u64; - if is_u64 != (timestamp_size == TotpTimestampSize::U64) { - continue; - } - - assert!(device.set_time(time).is_ok()); - let result = device.get_totp_code(1); - assert!(result.is_ok()); - let result_code = result.unwrap(); - assert_eq!( - code, result_code, - "TOTP code {} should be {} but is {}", - i, code, result_code - ); - } -} - -#[test] -#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)] -fn totp_no_pin() { - // TODO: this test may fail due to bad timing --> find solution - let admin = get_admin_test_device(); - let config = Config::new(None, None, None, false); - assert!(admin.write_config(config).is_ok()); - - configure_totp(&admin, 1); - check_totp_codes(admin.deref(), 1, TotpTimestampSize::U32); - - configure_totp(&admin, 2); - check_totp_codes(admin.deref(), 2, TotpTimestampSize::U32); - - configure_totp(&admin, 1); - check_totp_codes(&admin.device(), 1, TotpTimestampSize::U32); -} - -#[test] -#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)] -#[cfg_attr(feature = "test-storage", should_panic(expected = "assertion failed"))] -// Nitrokey Storage does only support timestamps that fit in a 32-bit unsigned integer. Therefore -// the last RFC test case is expected to fail. -fn totp_no_pin_64() { - let admin = get_admin_test_device(); - let config = Config::new(None, None, None, false); - assert!(admin.write_config(config).is_ok()); - - configure_totp(&admin, 1); - check_totp_codes(admin.deref(), 1, TotpTimestampSize::U64); - - configure_totp(&admin, 2); - check_totp_codes(admin.deref(), 2, TotpTimestampSize::U64); - - configure_totp(&admin, 1); - check_totp_codes(&admin.device(), 1, TotpTimestampSize::U64); -} - -#[test] -#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)] -fn totp_pin() { - // TODO: this test may fail due to bad timing --> find solution - let admin = get_admin_test_device(); - let config = Config::new(None, None, None, true); - assert!(admin.write_config(config).is_ok()); - - configure_totp(&admin, 1); - let user = admin.device().authenticate_user(USER_PASSWORD).unwrap(); - check_totp_codes(&user, 1, TotpTimestampSize::U32); - - assert!(user.device().get_totp_code(1).is_err()); -} - -#[test] -#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)] -#[cfg_attr(feature = "test-storage", should_panic(expected = "assertion failed"))] -// See comment for totp_no_pin_64. -fn totp_pin_64() { - let admin = get_admin_test_device(); - let config = Config::new(None, None, None, true); - assert!(admin.write_config(config).is_ok()); - - configure_totp(&admin, 1); - let user = admin.device().authenticate_user(USER_PASSWORD).unwrap(); - check_totp_codes(&user, 1, TotpTimestampSize::U64); - - assert!(user.device().get_totp_code(1).is_err()); -} - -#[test] -#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)] -fn totp_slot_name() { - let admin = get_admin_test_device(); - let slot_data = OtpSlotData::new(1, "test-totp", TOTP_SECRET, OtpMode::EightDigits); - assert!(admin.write_totp_slot(slot_data, 0).is_ok()); - - let device = admin.device(); - let result = device.get_totp_slot_name(1); - assert!(result.is_ok()); - assert_eq!("test-totp", result.unwrap()); - let result = device.get_totp_slot_name(16); - assert_eq!(CommandError::InvalidSlot, result.unwrap_err()); -} - -#[test] -#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)] -fn totp_error() { - let admin = get_admin_test_device(); - let slot_data = OtpSlotData::new(1, "", HOTP_SECRET, OtpMode::SixDigits); - assert_eq!( - Err(CommandError::NoName), - admin.write_hotp_slot(slot_data, 0) - ); - let slot_data = OtpSlotData::new(4, "test", HOTP_SECRET, OtpMode::SixDigits); - assert_eq!( - Err(CommandError::InvalidSlot), - admin.write_hotp_slot(slot_data, 0) - ); - let code = admin.get_hotp_code(4); - assert_eq!(CommandError::InvalidSlot, code.unwrap_err()); -} - -#[test] -#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)] -fn totp_erase() { - let admin = get_admin_test_device(); - let config = Config::new(None, None, None, false); - assert!(admin.write_config(config).is_ok()); - let slot_data = OtpSlotData::new(1, "test1", TOTP_SECRET, OtpMode::SixDigits); - assert!(admin.write_totp_slot(slot_data, 0).is_ok()); - let slot_data = OtpSlotData::new(2, "test2", TOTP_SECRET, OtpMode::SixDigits); - assert!(admin.write_totp_slot(slot_data, 0).is_ok()); - - assert!(admin.erase_totp_slot(1).is_ok()); - - let device = admin.device(); - let result = device.get_totp_slot_name(1); - assert_eq!(CommandError::SlotNotProgrammed, result.unwrap_err()); - let result = device.get_totp_code(1); - assert_eq!(CommandError::SlotNotProgrammed, result.unwrap_err()); - - assert_eq!("test2", device.get_totp_slot_name(2).unwrap()); -} diff --git a/nitrokey/src/tests/pws.rs b/nitrokey/src/tests/pws.rs deleted file mode 100644 index f581515..0000000 --- a/nitrokey/src/tests/pws.rs +++ /dev/null @@ -1,143 +0,0 @@ -use device::Device; -use nitrokey_sys; -use pws::{GetPasswordSafe, PasswordSafe, SLOT_COUNT}; -use tests::util::{Target, ADMIN_PASSWORD, USER_PASSWORD}; -use util::{result_from_string, CommandError}; - -fn get_pws(device: &Target) -> PasswordSafe { - device.get_password_safe(USER_PASSWORD).unwrap() -} - -#[test] -#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)] -fn enable() { - let device = Target::connect().unwrap(); - assert!( - device - .get_password_safe(&(USER_PASSWORD.to_owned() + "123")) - .is_err() - ); - assert!(device.get_password_safe(USER_PASSWORD).is_ok()); - assert!(device.get_password_safe(ADMIN_PASSWORD).is_err()); - assert!(device.get_password_safe(USER_PASSWORD).is_ok()); -} - -#[test] -#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)] -fn drop() { - let device = Target::connect().unwrap(); - { - let pws = get_pws(&device); - assert!(pws.write_slot(1, "name", "login", "password").is_ok()); - assert_eq!("name", pws.get_slot_name(1).unwrap()); - let result = result_from_string(unsafe { nitrokey_sys::NK_get_password_safe_slot_name(1) }); - assert_eq!(Ok(String::from("name")), result); - } - let result = result_from_string(unsafe { nitrokey_sys::NK_get_password_safe_slot_name(1) }); - assert_eq!(Ok(String::from("name")), result); - assert!(device.lock().is_ok()); - let result = result_from_string(unsafe { nitrokey_sys::NK_get_password_safe_slot_name(1) }); - assert_eq!(Err(CommandError::NotAuthorized), result); -} - -#[test] -#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)] -fn get_status() { - let device = Target::connect().unwrap(); - let pws = get_pws(&device); - for i in 0..SLOT_COUNT { - assert!(pws.erase_slot(i).is_ok(), "Could not erase slot {}", i); - } - let status = pws.get_slot_status().unwrap(); - assert_eq!(status, [false; SLOT_COUNT as usize]); - - assert!(pws.write_slot(1, "name", "login", "password").is_ok()); - let status = pws.get_slot_status().unwrap(); - for i in 0..SLOT_COUNT { - assert_eq!(i == 1, status[i as usize]); - } - - for i in 0..SLOT_COUNT { - assert!(pws.write_slot(i, "name", "login", "password").is_ok()); - } - let status = pws.get_slot_status().unwrap(); - assert_eq!(status, [true; SLOT_COUNT as usize]); -} - -#[test] -#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)] -fn get_data() { - let device = Target::connect().unwrap(); - let pws = get_pws(&device); - assert!(pws.write_slot(1, "name", "login", "password").is_ok()); - assert_eq!("name", pws.get_slot_name(1).unwrap()); - assert_eq!("login", pws.get_slot_login(1).unwrap()); - assert_eq!("password", pws.get_slot_password(1).unwrap()); - - assert!(pws.erase_slot(1).is_ok()); - // TODO: check error codes - assert_eq!(Err(CommandError::Unknown), pws.get_slot_name(1)); - assert_eq!(Err(CommandError::Unknown), pws.get_slot_login(1)); - assert_eq!(Err(CommandError::Unknown), pws.get_slot_password(1)); - - let name = "with å"; - let login = "pär@test.com"; - let password = "'i3lJc[09?I:,[u7dWz9"; - assert!(pws.write_slot(1, name, login, password).is_ok()); - assert_eq!(name, pws.get_slot_name(1).unwrap()); - assert_eq!(login, pws.get_slot_login(1).unwrap()); - assert_eq!(password, pws.get_slot_password(1).unwrap()); - - assert_eq!( - Err(CommandError::InvalidSlot), - pws.get_slot_name(SLOT_COUNT) - ); - assert_eq!( - Err(CommandError::InvalidSlot), - pws.get_slot_login(SLOT_COUNT) - ); - assert_eq!( - Err(CommandError::InvalidSlot), - pws.get_slot_password(SLOT_COUNT) - ); -} - -#[test] -#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)] -fn write() { - let device = Target::connect().unwrap(); - let pws = get_pws(&device); - - assert_eq!( - Err(CommandError::InvalidSlot), - pws.write_slot(SLOT_COUNT, "name", "login", "password") - ); - - assert!(pws.write_slot(0, "", "login", "password").is_ok()); - assert_eq!(Err(CommandError::Unknown), pws.get_slot_name(0)); - assert_eq!(Ok(String::from("login")), pws.get_slot_login(0)); - assert_eq!(Ok(String::from("password")), pws.get_slot_password(0)); - - assert!(pws.write_slot(0, "name", "", "password").is_ok()); - assert_eq!(Ok(String::from("name")), pws.get_slot_name(0)); - assert_eq!(Err(CommandError::Unknown), pws.get_slot_login(0)); - assert_eq!(Ok(String::from("password")), pws.get_slot_password(0)); - - assert!(pws.write_slot(0, "name", "login", "").is_ok()); - assert_eq!(Ok(String::from("name")), pws.get_slot_name(0)); - assert_eq!(Ok(String::from("login")), pws.get_slot_login(0)); - assert_eq!(Err(CommandError::Unknown), pws.get_slot_password(0)); -} - -#[test] -#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)] -fn erase() { - let device = Target::connect().unwrap(); - let pws = get_pws(&device); - assert_eq!(Err(CommandError::InvalidSlot), pws.erase_slot(SLOT_COUNT)); - - assert!(pws.write_slot(0, "name", "login", "password").is_ok()); - assert!(pws.erase_slot(0).is_ok()); - assert!(pws.erase_slot(0).is_ok()); - assert_eq!(Err(CommandError::Unknown), pws.get_slot_name(0)); -} diff --git a/nitrokey/src/tests/util.rs b/nitrokey/src/tests/util.rs deleted file mode 100644 index c6fbb8f..0000000 --- a/nitrokey/src/tests/util.rs +++ /dev/null @@ -1,11 +0,0 @@ -pub static ADMIN_PASSWORD: &str = "12345678"; -pub static USER_PASSWORD: &str = "123456"; - -#[cfg(feature = "test-no-device")] -pub type Target = ::Pro; - -#[cfg(feature = "test-pro")] -pub type Target = ::Pro; - -#[cfg(feature = "test-storage")] -pub type Target = ::Storage; diff --git a/nitrokey/src/util.rs b/nitrokey/src/util.rs index 6f4fbb0..a2e957e 100644 --- a/nitrokey/src/util.rs +++ b/nitrokey/src/util.rs @@ -1,13 +1,12 @@ -use libc::{c_void, free}; -use nitrokey_sys; -use rand::{OsRng, Rng}; -use std; use std::ffi::{CStr, CString}; use std::fmt; use std::os::raw::{c_char, c_int}; +use libc::{c_void, free}; +use rand::Rng; + /// Error types returned by Nitrokey device or by the library. -#[derive(Debug, PartialEq)] +#[derive(Clone, Copy, Debug, PartialEq)] pub enum CommandError { /// A packet with a wrong checksum has been sent or received. WrongCrc, @@ -44,7 +43,7 @@ pub enum CommandError { /// /// Setting the log level to a lower level enables all output from higher levels too. Currently, /// only the log levels `Warning`, `DebugL1`, `Debug` and `DebugL2` are actually used. -#[derive(Debug, PartialEq)] +#[derive(Clone, Copy, Debug, PartialEq)] pub enum LogLevel { /// Error messages. Currently not used. Error, @@ -101,12 +100,8 @@ pub fn get_last_error() -> CommandError { } pub fn generate_password(length: usize) -> std::io::Result> { - let mut rng = match OsRng::new() { - Ok(rng) => rng, - Err(err) => return Err(err), - }; let mut data = vec![0u8; length]; - rng.fill_bytes(&mut data[..]); + rand::thread_rng().fill(&mut data[..]); return Ok(data); } @@ -115,7 +110,7 @@ pub fn get_cstring>>(s: T) -> Result { } impl fmt::Display for CommandError { - fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { let msg = match *self { CommandError::WrongCrc => "A packet with a wrong checksum has been sent or received", CommandError::WrongSlot => "The given OTP slot does not exist", diff --git a/nitrokey/tests/device.rs b/nitrokey/tests/device.rs new file mode 100644 index 0000000..26afa62 --- /dev/null +++ b/nitrokey/tests/device.rs @@ -0,0 +1,313 @@ +mod util; + +use std::ffi::CStr; +use std::process::Command; +use std::{thread, time}; + +use nitrokey::{Authenticate, CommandError, Config, Device, Storage}; + +use crate::util::{Target, ADMIN_PASSWORD, USER_PASSWORD}; + +static ADMIN_NEW_PASSWORD: &str = "1234567890"; +static USER_NEW_PASSWORD: &str = "abcdefghij"; + +fn count_nitrokey_block_devices() -> usize { + thread::sleep(time::Duration::from_secs(2)); + let output = Command::new("lsblk") + .args(&["-o", "MODEL"]) + .output() + .expect("Could not list block devices"); + String::from_utf8_lossy(&output.stdout) + .split("\n") + .filter(|&s| s.replace("_", " ") == "Nitrokey Storage") + .count() +} + +#[test] +#[cfg_attr(any(feature = "test-pro", feature = "test-storage"), ignore)] +fn connect_no_device() { + assert!(nitrokey::connect().is_err()); + assert!(nitrokey::Pro::connect().is_err()); + assert!(nitrokey::Storage::connect().is_err()); +} + +#[test] +#[cfg_attr(not(feature = "test-pro"), ignore)] +fn connect_pro() { + assert!(nitrokey::connect().is_ok()); + assert!(nitrokey::Pro::connect().is_ok()); + assert!(nitrokey::Storage::connect().is_err()); + match nitrokey::connect().unwrap() { + nitrokey::DeviceWrapper::Pro(_) => assert!(true), + nitrokey::DeviceWrapper::Storage(_) => assert!(false), + }; +} + +#[test] +#[cfg_attr(not(feature = "test-storage"), ignore)] +fn connect_storage() { + assert!(nitrokey::connect().is_ok()); + assert!(nitrokey::Pro::connect().is_err()); + assert!(nitrokey::Storage::connect().is_ok()); + match nitrokey::connect().unwrap() { + nitrokey::DeviceWrapper::Pro(_) => assert!(false), + nitrokey::DeviceWrapper::Storage(_) => assert!(true), + }; +} + +fn assert_empty_serial_number() { + unsafe { + let ptr = nitrokey_sys::NK_device_serial_number(); + assert!(!ptr.is_null()); + let cstr = CStr::from_ptr(ptr); + assert_eq!(cstr.to_string_lossy(), ""); + } +} + +#[test] +#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)] +fn disconnect() { + Target::connect().unwrap(); + assert_empty_serial_number(); + Target::connect() + .unwrap() + .authenticate_admin(ADMIN_PASSWORD) + .unwrap(); + assert_empty_serial_number(); + Target::connect() + .unwrap() + .authenticate_user(USER_PASSWORD) + .unwrap(); + assert_empty_serial_number(); +} + +fn require_model(model: nitrokey::Model) { + assert_eq!(model, nitrokey::connect().unwrap().get_model()); + assert_eq!(model, Target::connect().unwrap().get_model()); +} + +#[test] +#[cfg_attr(not(feature = "test-pro"), ignore)] +fn get_model_pro() { + require_model(nitrokey::Model::Pro); +} + +#[test] +#[cfg_attr(not(feature = "test-storage"), ignore)] +fn get_model_storage() { + require_model(nitrokey::Model::Storage); +} + +#[test] +#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)] +fn get_serial_number() { + let device = Target::connect().unwrap(); + let result = device.get_serial_number(); + assert!(result.is_ok()); + let serial_number = result.unwrap(); + assert!(serial_number.is_ascii()); + assert!(serial_number.chars().all(|c| c.is_ascii_hexdigit())); +} +#[test] +#[cfg_attr(not(feature = "test-pro"), ignore)] +fn get_firmware_version() { + let device = Target::connect().unwrap(); + assert_eq!(0, device.get_major_firmware_version()); + let minor = device.get_minor_firmware_version(); + assert!(minor > 0); +} + +fn admin_retry(device: T, suffix: &str, count: u8) -> T { + let result = device.authenticate_admin(&(ADMIN_PASSWORD.to_owned() + suffix)); + let device = match result { + Ok(admin) => admin.device(), + Err((device, _)) => device, + }; + assert_eq!(count, device.get_admin_retry_count()); + return device; +} + +fn user_retry(device: T, suffix: &str, count: u8) -> T { + let result = device.authenticate_user(&(USER_PASSWORD.to_owned() + suffix)); + let device = match result { + Ok(admin) => admin.device(), + Err((device, _)) => device, + }; + assert_eq!(count, device.get_user_retry_count()); + return device; +} + +#[test] +#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)] +fn get_retry_count() { + let device = Target::connect().unwrap(); + + let device = admin_retry(device, "", 3); + let device = admin_retry(device, "123", 2); + let device = admin_retry(device, "456", 1); + let device = admin_retry(device, "", 3); + + let device = user_retry(device, "", 3); + let device = user_retry(device, "123", 2); + let device = user_retry(device, "456", 1); + user_retry(device, "", 3); +} + +#[test] +#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)] +fn config() { + let device = Target::connect().unwrap(); + let admin = device.authenticate_admin(ADMIN_PASSWORD).unwrap(); + let config = Config::new(None, None, None, true); + assert!(admin.write_config(config).is_ok()); + let get_config = admin.get_config().unwrap(); + assert_eq!(config, get_config); + + let config = Config::new(None, Some(9), None, true); + assert_eq!(Err(CommandError::InvalidSlot), admin.write_config(config)); + + let config = Config::new(Some(1), None, Some(0), false); + assert!(admin.write_config(config).is_ok()); + let get_config = admin.get_config().unwrap(); + assert_eq!(config, get_config); + + let config = Config::new(None, None, None, false); + assert!(admin.write_config(config).is_ok()); + let get_config = admin.get_config().unwrap(); + assert_eq!(config, get_config); +} + +#[test] +#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)] +fn change_user_pin() { + let device = Target::connect().unwrap(); + let device = device.authenticate_user(USER_PASSWORD).unwrap().device(); + let device = device.authenticate_user(USER_NEW_PASSWORD).unwrap_err().0; + + assert!(device + .change_user_pin(USER_PASSWORD, USER_NEW_PASSWORD) + .is_ok()); + + let device = device.authenticate_user(USER_PASSWORD).unwrap_err().0; + let device = device + .authenticate_user(USER_NEW_PASSWORD) + .unwrap() + .device(); + + let result = device.change_user_pin(USER_PASSWORD, USER_PASSWORD); + assert_eq!(Err(CommandError::WrongPassword), result); + + assert!(device + .change_user_pin(USER_NEW_PASSWORD, USER_PASSWORD) + .is_ok()); + + let device = device.authenticate_user(USER_PASSWORD).unwrap().device(); + assert!(device.authenticate_user(USER_NEW_PASSWORD).is_err()); +} + +#[test] +#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)] +fn change_admin_pin() { + let device = Target::connect().unwrap(); + let device = device.authenticate_admin(ADMIN_PASSWORD).unwrap().device(); + let device = device.authenticate_admin(ADMIN_NEW_PASSWORD).unwrap_err().0; + + assert!(device + .change_admin_pin(ADMIN_PASSWORD, ADMIN_NEW_PASSWORD) + .is_ok()); + + let device = device.authenticate_admin(ADMIN_PASSWORD).unwrap_err().0; + let device = device + .authenticate_admin(ADMIN_NEW_PASSWORD) + .unwrap() + .device(); + + assert_eq!( + Err(CommandError::WrongPassword), + device.change_admin_pin(ADMIN_PASSWORD, ADMIN_PASSWORD) + ); + + assert!(device + .change_admin_pin(ADMIN_NEW_PASSWORD, ADMIN_PASSWORD) + .is_ok()); + + let device = device.authenticate_admin(ADMIN_PASSWORD).unwrap().device(); + device.authenticate_admin(ADMIN_NEW_PASSWORD).unwrap_err(); +} + +fn require_failed_user_login(device: Target, password: &str, error: CommandError) -> Target { + let result = device.authenticate_user(password); + assert!(result.is_err()); + let err = result.unwrap_err(); + assert_eq!(error, err.1); + err.0 +} + +#[test] +#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)] +fn unlock_user_pin() { + let device = Target::connect().unwrap(); + let device = device.authenticate_user(USER_PASSWORD).unwrap().device(); + assert!(device + .unlock_user_pin(ADMIN_PASSWORD, USER_PASSWORD) + .is_ok()); + assert_eq!( + Err(CommandError::WrongPassword), + device.unlock_user_pin(USER_PASSWORD, USER_PASSWORD) + ); + + let wrong_password = USER_PASSWORD.to_owned() + "foo"; + let device = require_failed_user_login(device, &wrong_password, CommandError::WrongPassword); + let device = require_failed_user_login(device, &wrong_password, CommandError::WrongPassword); + let device = require_failed_user_login(device, &wrong_password, CommandError::WrongPassword); + let device = require_failed_user_login(device, USER_PASSWORD, CommandError::WrongPassword); + + assert_eq!( + Err(CommandError::WrongPassword), + device.unlock_user_pin(USER_PASSWORD, USER_PASSWORD) + ); + assert!(device + .unlock_user_pin(ADMIN_PASSWORD, USER_PASSWORD) + .is_ok()); + device.authenticate_user(USER_PASSWORD).unwrap(); +} + +#[test] +#[cfg_attr(not(feature = "test-storage"), ignore)] +fn encrypted_volume() { + let device = Storage::connect().unwrap(); + assert!(device.lock().is_ok()); + + assert_eq!(1, count_nitrokey_block_devices()); + assert!(device.disable_encrypted_volume().is_ok()); + assert_eq!(1, count_nitrokey_block_devices()); + assert_eq!( + Err(CommandError::WrongPassword), + device.enable_encrypted_volume("123") + ); + assert_eq!(1, count_nitrokey_block_devices()); + assert!(device.enable_encrypted_volume(USER_PASSWORD).is_ok()); + assert_eq!(2, count_nitrokey_block_devices()); + assert!(device.disable_encrypted_volume().is_ok()); + assert_eq!(1, count_nitrokey_block_devices()); +} + +#[test] +#[cfg_attr(not(feature = "test-storage"), ignore)] +fn lock() { + let device = Storage::connect().unwrap(); + + assert!(device.enable_encrypted_volume(USER_PASSWORD).is_ok()); + assert!(device.lock().is_ok()); + assert_eq!(1, count_nitrokey_block_devices()); +} + +#[test] +#[cfg_attr(not(feature = "test-storage"), ignore)] +fn get_storage_status() { + let device = Storage::connect().unwrap(); + let status = device.get_status().unwrap(); + + assert!(status.serial_number_sd_card > 0); + assert!(status.serial_number_smart_card > 0); +} diff --git a/nitrokey/tests/otp.rs b/nitrokey/tests/otp.rs new file mode 100644 index 0000000..8e7ae08 --- /dev/null +++ b/nitrokey/tests/otp.rs @@ -0,0 +1,289 @@ +mod util; + +use std::ops::Deref; + +use nitrokey::{ + Admin, Authenticate, CommandError, Config, ConfigureOtp, GenerateOtp, OtpMode, OtpSlotData, +}; + +use crate::util::{Target, ADMIN_PASSWORD, USER_PASSWORD}; + +// test suite according to RFC 4226, Appendix D +static HOTP_SECRET: &str = "3132333435363738393031323334353637383930"; +static HOTP_CODES: &[&str] = &[ + "755224", "287082", "359152", "969429", "338314", "254676", "287922", "162583", "399871", + "520489", +]; + +// test suite according to RFC 6238, Appendix B +static TOTP_SECRET: &str = "3132333435363738393031323334353637383930"; +static TOTP_CODES: &[(u64, &str)] = &[ + (59, "94287082"), + (1111111109, "07081804"), + (1111111111, "14050471"), + (1234567890, "89005924"), + (2000000000, "69279037"), + (20000000000, "65353130"), +]; + +#[derive(PartialEq)] +enum TotpTimestampSize { + U32, + U64, +} + +fn get_admin_test_device() -> Admin { + Target::connect() + .expect("Could not connect to the Nitrokey.") + .authenticate_admin(ADMIN_PASSWORD) + .expect("Could not login as admin.") +} + +fn configure_hotp(admin: &ConfigureOtp, counter: u8) { + let slot_data = OtpSlotData::new(1, "test-hotp", HOTP_SECRET, OtpMode::SixDigits); + assert!(admin.write_hotp_slot(slot_data, counter.into()).is_ok()); +} + +fn check_hotp_codes(device: &GenerateOtp, offset: u8) { + HOTP_CODES.iter().enumerate().for_each(|(i, code)| { + if i >= offset as usize { + let result = device.get_hotp_code(1); + assert_eq!(code, &result.unwrap()); + } + }); +} + +#[test] +#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)] +fn hotp_no_pin() { + let admin = get_admin_test_device(); + let config = Config::new(None, None, None, false); + assert!(admin.write_config(config).is_ok()); + + configure_hotp(&admin, 0); + check_hotp_codes(admin.deref(), 0); + + configure_hotp(&admin, 5); + check_hotp_codes(admin.deref(), 5); + + configure_hotp(&admin, 0); + check_hotp_codes(&admin.device(), 0); +} + +#[test] +#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)] +fn hotp_pin() { + let admin = get_admin_test_device(); + let config = Config::new(None, None, None, true); + assert!(admin.write_config(config).is_ok()); + + configure_hotp(&admin, 0); + let user = admin.device().authenticate_user(USER_PASSWORD).unwrap(); + check_hotp_codes(&user, 0); + + assert!(user.device().get_hotp_code(1).is_err()); +} + +#[test] +#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)] +fn hotp_slot_name() { + let admin = get_admin_test_device(); + let slot_data = OtpSlotData::new(1, "test-hotp", HOTP_SECRET, OtpMode::SixDigits); + assert!(admin.write_hotp_slot(slot_data, 0).is_ok()); + + let device = admin.device(); + let result = device.get_hotp_slot_name(1); + assert_eq!("test-hotp", result.unwrap()); + let result = device.get_hotp_slot_name(4); + assert_eq!(CommandError::InvalidSlot, result.unwrap_err()); +} + +#[test] +#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)] +fn hotp_error() { + let admin = get_admin_test_device(); + let slot_data = OtpSlotData::new(1, "", HOTP_SECRET, OtpMode::SixDigits); + assert_eq!( + Err(CommandError::NoName), + admin.write_hotp_slot(slot_data, 0) + ); + let slot_data = OtpSlotData::new(4, "test", HOTP_SECRET, OtpMode::SixDigits); + assert_eq!( + Err(CommandError::InvalidSlot), + admin.write_hotp_slot(slot_data, 0) + ); + let code = admin.get_hotp_code(4); + assert_eq!(CommandError::InvalidSlot, code.unwrap_err()); +} + +#[test] +#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)] +fn hotp_erase() { + let admin = get_admin_test_device(); + let config = Config::new(None, None, None, false); + assert!(admin.write_config(config).is_ok()); + let slot_data = OtpSlotData::new(1, "test1", HOTP_SECRET, OtpMode::SixDigits); + assert!(admin.write_hotp_slot(slot_data, 0).is_ok()); + let slot_data = OtpSlotData::new(2, "test2", HOTP_SECRET, OtpMode::SixDigits); + assert!(admin.write_hotp_slot(slot_data, 0).is_ok()); + + assert!(admin.erase_hotp_slot(1).is_ok()); + + let device = admin.device(); + let result = device.get_hotp_slot_name(1); + assert_eq!(CommandError::SlotNotProgrammed, result.unwrap_err()); + let result = device.get_hotp_code(1); + assert_eq!(CommandError::SlotNotProgrammed, result.unwrap_err()); + + assert_eq!("test2", device.get_hotp_slot_name(2).unwrap()); +} + +fn configure_totp(admin: &ConfigureOtp, factor: u64) { + let slot_data = OtpSlotData::new(1, "test-totp", TOTP_SECRET, OtpMode::EightDigits); + let time_window = 30u64.checked_mul(factor).unwrap(); + assert!(admin.write_totp_slot(slot_data, time_window as u16).is_ok()); +} + +fn check_totp_codes(device: &GenerateOtp, factor: u64, timestamp_size: TotpTimestampSize) { + for (i, &(base_time, code)) in TOTP_CODES.iter().enumerate() { + let time = base_time.checked_mul(factor).unwrap(); + let is_u64 = time > u32::max_value() as u64; + if is_u64 != (timestamp_size == TotpTimestampSize::U64) { + continue; + } + + assert!(device.set_time(time).is_ok()); + let result = device.get_totp_code(1); + assert!(result.is_ok()); + let result_code = result.unwrap(); + assert_eq!( + code, result_code, + "TOTP code {} should be {} but is {}", + i, code, result_code + ); + } +} + +#[test] +#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)] +fn totp_no_pin() { + // TODO: this test may fail due to bad timing --> find solution + let admin = get_admin_test_device(); + let config = Config::new(None, None, None, false); + assert!(admin.write_config(config).is_ok()); + + configure_totp(&admin, 1); + check_totp_codes(admin.deref(), 1, TotpTimestampSize::U32); + + configure_totp(&admin, 2); + check_totp_codes(admin.deref(), 2, TotpTimestampSize::U32); + + configure_totp(&admin, 1); + check_totp_codes(&admin.device(), 1, TotpTimestampSize::U32); +} + +#[test] +#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)] +#[cfg_attr(feature = "test-storage", should_panic(expected = "assertion failed"))] +// Nitrokey Storage does only support timestamps that fit in a 32-bit unsigned integer. Therefore +// the last RFC test case is expected to fail. +fn totp_no_pin_64() { + let admin = get_admin_test_device(); + let config = Config::new(None, None, None, false); + assert!(admin.write_config(config).is_ok()); + + configure_totp(&admin, 1); + check_totp_codes(admin.deref(), 1, TotpTimestampSize::U64); + + configure_totp(&admin, 2); + check_totp_codes(admin.deref(), 2, TotpTimestampSize::U64); + + configure_totp(&admin, 1); + check_totp_codes(&admin.device(), 1, TotpTimestampSize::U64); +} + +#[test] +#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)] +fn totp_pin() { + // TODO: this test may fail due to bad timing --> find solution + let admin = get_admin_test_device(); + let config = Config::new(None, None, None, true); + assert!(admin.write_config(config).is_ok()); + + configure_totp(&admin, 1); + let user = admin.device().authenticate_user(USER_PASSWORD).unwrap(); + check_totp_codes(&user, 1, TotpTimestampSize::U32); + + assert!(user.device().get_totp_code(1).is_err()); +} + +#[test] +#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)] +#[cfg_attr(feature = "test-storage", should_panic(expected = "assertion failed"))] +// See comment for totp_no_pin_64. +fn totp_pin_64() { + let admin = get_admin_test_device(); + let config = Config::new(None, None, None, true); + assert!(admin.write_config(config).is_ok()); + + configure_totp(&admin, 1); + let user = admin.device().authenticate_user(USER_PASSWORD).unwrap(); + check_totp_codes(&user, 1, TotpTimestampSize::U64); + + assert!(user.device().get_totp_code(1).is_err()); +} + +#[test] +#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)] +fn totp_slot_name() { + let admin = get_admin_test_device(); + let slot_data = OtpSlotData::new(1, "test-totp", TOTP_SECRET, OtpMode::EightDigits); + assert!(admin.write_totp_slot(slot_data, 0).is_ok()); + + let device = admin.device(); + let result = device.get_totp_slot_name(1); + assert!(result.is_ok()); + assert_eq!("test-totp", result.unwrap()); + let result = device.get_totp_slot_name(16); + assert_eq!(CommandError::InvalidSlot, result.unwrap_err()); +} + +#[test] +#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)] +fn totp_error() { + let admin = get_admin_test_device(); + let slot_data = OtpSlotData::new(1, "", HOTP_SECRET, OtpMode::SixDigits); + assert_eq!( + Err(CommandError::NoName), + admin.write_hotp_slot(slot_data, 0) + ); + let slot_data = OtpSlotData::new(4, "test", HOTP_SECRET, OtpMode::SixDigits); + assert_eq!( + Err(CommandError::InvalidSlot), + admin.write_hotp_slot(slot_data, 0) + ); + let code = admin.get_hotp_code(4); + assert_eq!(CommandError::InvalidSlot, code.unwrap_err()); +} + +#[test] +#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)] +fn totp_erase() { + let admin = get_admin_test_device(); + let config = Config::new(None, None, None, false); + assert!(admin.write_config(config).is_ok()); + let slot_data = OtpSlotData::new(1, "test1", TOTP_SECRET, OtpMode::SixDigits); + assert!(admin.write_totp_slot(slot_data, 0).is_ok()); + let slot_data = OtpSlotData::new(2, "test2", TOTP_SECRET, OtpMode::SixDigits); + assert!(admin.write_totp_slot(slot_data, 0).is_ok()); + + assert!(admin.erase_totp_slot(1).is_ok()); + + let device = admin.device(); + let result = device.get_totp_slot_name(1); + assert_eq!(CommandError::SlotNotProgrammed, result.unwrap_err()); + let result = device.get_totp_code(1); + assert_eq!(CommandError::SlotNotProgrammed, result.unwrap_err()); + + assert_eq!("test2", device.get_totp_slot_name(2).unwrap()); +} diff --git a/nitrokey/tests/pws.rs b/nitrokey/tests/pws.rs new file mode 100644 index 0000000..875324b --- /dev/null +++ b/nitrokey/tests/pws.rs @@ -0,0 +1,164 @@ +mod util; + +use std::ffi::CStr; + +use libc::{c_int, c_void, free}; +use nitrokey::{CommandError, Device, GetPasswordSafe, PasswordSafe, SLOT_COUNT}; +use nitrokey_sys; + +use crate::util::{Target, ADMIN_PASSWORD, USER_PASSWORD}; + +fn get_slot_name_direct(slot: u8) -> Result { + let ptr = unsafe { nitrokey_sys::NK_get_password_safe_slot_name(slot) }; + if ptr.is_null() { + return Err(CommandError::Unknown); + } + let s = unsafe { CStr::from_ptr(ptr).to_string_lossy().into_owned() }; + unsafe { free(ptr as *mut c_void) }; + match s.is_empty() { + true => { + let error = unsafe { nitrokey_sys::NK_get_last_command_status() } as c_int; + match error { + 0 => Err(CommandError::Unknown), + other => Err(CommandError::from(other)), + } + } + false => Ok(s), + } +} + +fn get_pws(device: &Target) -> PasswordSafe { + device.get_password_safe(USER_PASSWORD).unwrap() +} + +#[test] +#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)] +fn enable() { + let device = Target::connect().unwrap(); + assert!(device + .get_password_safe(&(USER_PASSWORD.to_owned() + "123")) + .is_err()); + assert!(device.get_password_safe(USER_PASSWORD).is_ok()); + assert!(device.get_password_safe(ADMIN_PASSWORD).is_err()); + assert!(device.get_password_safe(USER_PASSWORD).is_ok()); +} + +#[test] +#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)] +fn drop() { + let device = Target::connect().unwrap(); + { + let pws = get_pws(&device); + assert!(pws.write_slot(1, "name", "login", "password").is_ok()); + assert_eq!("name", pws.get_slot_name(1).unwrap()); + let result = get_slot_name_direct(1); + assert_eq!(Ok(String::from("name")), result); + } + let result = get_slot_name_direct(1); + assert_eq!(Ok(String::from("name")), result); + assert!(device.lock().is_ok()); + let result = get_slot_name_direct(1); + assert_eq!(Err(CommandError::NotAuthorized), result); +} + +#[test] +#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)] +fn get_status() { + let device = Target::connect().unwrap(); + let pws = get_pws(&device); + for i in 0..SLOT_COUNT { + assert!(pws.erase_slot(i).is_ok(), "Could not erase slot {}", i); + } + let status = pws.get_slot_status().unwrap(); + assert_eq!(status, [false; SLOT_COUNT as usize]); + + assert!(pws.write_slot(1, "name", "login", "password").is_ok()); + let status = pws.get_slot_status().unwrap(); + for i in 0..SLOT_COUNT { + assert_eq!(i == 1, status[i as usize]); + } + + for i in 0..SLOT_COUNT { + assert!(pws.write_slot(i, "name", "login", "password").is_ok()); + } + let status = pws.get_slot_status().unwrap(); + assert_eq!(status, [true; SLOT_COUNT as usize]); +} + +#[test] +#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)] +fn get_data() { + let device = Target::connect().unwrap(); + let pws = get_pws(&device); + assert!(pws.write_slot(1, "name", "login", "password").is_ok()); + assert_eq!("name", pws.get_slot_name(1).unwrap()); + assert_eq!("login", pws.get_slot_login(1).unwrap()); + assert_eq!("password", pws.get_slot_password(1).unwrap()); + + assert!(pws.erase_slot(1).is_ok()); + // TODO: check error codes + assert_eq!(Err(CommandError::Unknown), pws.get_slot_name(1)); + assert_eq!(Err(CommandError::Unknown), pws.get_slot_login(1)); + assert_eq!(Err(CommandError::Unknown), pws.get_slot_password(1)); + + let name = "with å"; + let login = "pär@test.com"; + let password = "'i3lJc[09?I:,[u7dWz9"; + assert!(pws.write_slot(1, name, login, password).is_ok()); + assert_eq!(name, pws.get_slot_name(1).unwrap()); + assert_eq!(login, pws.get_slot_login(1).unwrap()); + assert_eq!(password, pws.get_slot_password(1).unwrap()); + + assert_eq!( + Err(CommandError::InvalidSlot), + pws.get_slot_name(SLOT_COUNT) + ); + assert_eq!( + Err(CommandError::InvalidSlot), + pws.get_slot_login(SLOT_COUNT) + ); + assert_eq!( + Err(CommandError::InvalidSlot), + pws.get_slot_password(SLOT_COUNT) + ); +} + +#[test] +#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)] +fn write() { + let device = Target::connect().unwrap(); + let pws = get_pws(&device); + + assert_eq!( + Err(CommandError::InvalidSlot), + pws.write_slot(SLOT_COUNT, "name", "login", "password") + ); + + assert!(pws.write_slot(0, "", "login", "password").is_ok()); + assert_eq!(Err(CommandError::Unknown), pws.get_slot_name(0)); + assert_eq!(Ok(String::from("login")), pws.get_slot_login(0)); + assert_eq!(Ok(String::from("password")), pws.get_slot_password(0)); + + assert!(pws.write_slot(0, "name", "", "password").is_ok()); + assert_eq!(Ok(String::from("name")), pws.get_slot_name(0)); + assert_eq!(Err(CommandError::Unknown), pws.get_slot_login(0)); + assert_eq!(Ok(String::from("password")), pws.get_slot_password(0)); + + assert!(pws.write_slot(0, "name", "login", "").is_ok()); + assert_eq!(Ok(String::from("name")), pws.get_slot_name(0)); + assert_eq!(Ok(String::from("login")), pws.get_slot_login(0)); + assert_eq!(Err(CommandError::Unknown), pws.get_slot_password(0)); +} + +#[test] +#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)] +fn erase() { + let device = Target::connect().unwrap(); + let pws = get_pws(&device); + assert_eq!(Err(CommandError::InvalidSlot), pws.erase_slot(SLOT_COUNT)); + + assert!(pws.write_slot(0, "name", "login", "password").is_ok()); + assert!(pws.erase_slot(0).is_ok()); + assert!(pws.erase_slot(0).is_ok()); + assert_eq!(Err(CommandError::Unknown), pws.get_slot_name(0)); +} diff --git a/nitrokey/tests/util/mod.rs b/nitrokey/tests/util/mod.rs new file mode 100644 index 0000000..c2c94e2 --- /dev/null +++ b/nitrokey/tests/util/mod.rs @@ -0,0 +1,8 @@ +pub static ADMIN_PASSWORD: &str = "12345678"; +pub static USER_PASSWORD: &str = "123456"; + +#[cfg(not(feature = "test-storage"))] +pub type Target = nitrokey::Pro; + +#[cfg(feature = "test-storage")] +pub type Target = nitrokey::Storage; -- cgit v1.2.3