summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRobin Krahl <robin.krahl@ireas.org>2018-06-06 15:34:21 +0200
committerRobin Krahl <robin.krahl@ireas.org>2018-06-06 15:34:21 +0200
commitc595fecc9cb857c41d6a90fe24fdb5c18f3e8958 (patch)
tree1c13c47ce5628ffa9d392fd9adad535145818909
parentf8a9c031ff6c0d543318e0f88be48e945d115514 (diff)
downloadnitrokey-rs-c595fecc9cb857c41d6a90fe24fdb5c18f3e8958.tar.gz
nitrokey-rs-c595fecc9cb857c41d6a90fe24fdb5c18f3e8958.tar.bz2
Adapt TOTP test cases for Nitrokey Storage
The current Nitrokey Storage firmware does not support timestamps that do not fit into an unsigned integer. Therefore, the tests totp_pin and totp_no_pin are restricted to 32-bit timestamps. New tests totp_pin_64 and totp_no_pin_64 are introduced for 64-bit timestamps. These are expected to panic for the Nitrokey Storage.
-rw-r--r--src/tests/otp.rs57
1 files changed, 52 insertions, 5 deletions
diff --git a/src/tests/otp.rs b/src/tests/otp.rs
index ea41e68..91f9f1b 100644
--- a/src/tests/otp.rs
+++ b/src/tests/otp.rs
@@ -21,6 +21,12 @@ static TOTP_CODES: &[(u64, &str)] = &[
(20000000000, "65353130"),
];
+#[derive(PartialEq)]
+enum TotpTimestampSize {
+ U32,
+ U64,
+}
+
fn get_admin_test_device() -> Admin<Target> {
Target::connect()
.expect("Could not connect to the Nitrokey.")
@@ -139,9 +145,14 @@ fn configure_totp(admin: &ConfigureOtp, factor: u64) {
);
}
-fn check_totp_codes(device: &GenerateOtp, factor: u64) {
+fn check_totp_codes(device: &GenerateOtp, factor: u64, timestamp_size: TotpTimestampSize) {
for (i, &(base_time, code)) in TOTP_CODES.iter().enumerate() {
let time = base_time.checked_mul(factor).unwrap();
+ let is_u64 = time > u32::max_value() as u64;
+ if is_u64 != (timestamp_size == TotpTimestampSize::U64) {
+ continue;
+ }
+
assert_eq!(CommandStatus::Success, device.set_time(time));
let result = device.get_totp_code(1);
assert!(result.is_ok());
@@ -163,13 +174,33 @@ fn totp_no_pin() {
assert_eq!(CommandStatus::Success, admin.write_config(config));
configure_totp(&admin, 1);
- check_totp_codes(admin.deref(), 1);
+ check_totp_codes(admin.deref(), 1, TotpTimestampSize::U32);
configure_totp(&admin, 2);
- check_totp_codes(admin.deref(), 2);
+ check_totp_codes(admin.deref(), 2, TotpTimestampSize::U32);
configure_totp(&admin, 1);
- check_totp_codes(&admin.device(), 1);
+ check_totp_codes(&admin.device(), 1, TotpTimestampSize::U32);
+}
+
+#[test]
+#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)]
+#[cfg_attr(feature = "test-storage", should_panic(expected = "assertion failed"))]
+// Nitrokey Storage does only support timestamps that fit in a 32-bit unsigned integer. Therefore
+// the last RFC test case is expected to fail.
+fn totp_no_pin_64() {
+ let admin = get_admin_test_device();
+ let config = Config::new(None, None, None, false);
+ assert_eq!(CommandStatus::Success, admin.write_config(config));
+
+ configure_totp(&admin, 1);
+ check_totp_codes(admin.deref(), 1, TotpTimestampSize::U64);
+
+ configure_totp(&admin, 2);
+ check_totp_codes(admin.deref(), 2, TotpTimestampSize::U64);
+
+ configure_totp(&admin, 1);
+ check_totp_codes(&admin.device(), 1, TotpTimestampSize::U64);
}
#[test]
@@ -182,7 +213,23 @@ fn totp_pin() {
configure_totp(&admin, 1);
let user = admin.device().authenticate_user(USER_PASSWORD).unwrap();
- check_totp_codes(&user, 1);
+ check_totp_codes(&user, 1, TotpTimestampSize::U32);
+
+ assert!(user.device().get_totp_code(1).is_err());
+}
+
+#[test]
+#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)]
+#[cfg_attr(feature = "test-storage", should_panic(expected = "assertion failed"))]
+// See comment for totp_no_pin_64.
+fn totp_pin_64() {
+ let admin = get_admin_test_device();
+ let config = Config::new(None, None, None, true);
+ assert_eq!(CommandStatus::Success, admin.write_config(config));
+
+ configure_totp(&admin, 1);
+ let user = admin.device().authenticate_user(USER_PASSWORD).unwrap();
+ check_totp_codes(&user, 1, TotpTimestampSize::U64);
assert!(user.device().get_totp_code(1).is_err());
}