diff options
| -rw-r--r-- | tests/device.rs | 140 | ||||
| -rw-r--r-- | tests/otp.rs | 12 | ||||
| -rw-r--r-- | tests/pws.rs | 15 | ||||
| -rw-r--r-- | tests/util/mod.rs | 5 |
4 files changed, 92 insertions, 80 deletions
diff --git a/tests/device.rs b/tests/device.rs index bffd767..ecc3cfa 100644 --- a/tests/device.rs +++ b/tests/device.rs @@ -10,11 +10,10 @@ use std::{thread, time}; use nitrokey::{ Authenticate, CommandError, CommunicationError, Config, ConfigureOtp, Device, Error, GenerateOtp, GetPasswordSafe, LibraryError, OtpMode, OtpSlotData, Storage, VolumeMode, + DEFAULT_ADMIN_PIN, DEFAULT_USER_PIN, }; use nitrokey_test::test as test_device; -use crate::util::{ADMIN_PASSWORD, USER_PASSWORD}; - static ADMIN_NEW_PASSWORD: &str = "1234567890"; static UPDATE_PIN: &str = "12345678"; static UPDATE_NEW_PIN: &str = "87654321"; @@ -99,12 +98,12 @@ fn get_firmware_version(device: Pro) { } fn admin_retry<T: Authenticate + Device>(device: &mut T, suffix: &str, count: u8) { - assert_any_ok!(device.authenticate_admin(&(ADMIN_PASSWORD.to_owned() + suffix))); + assert_any_ok!(device.authenticate_admin(&(DEFAULT_ADMIN_PIN.to_owned() + suffix))); assert_ok!(count, device.get_admin_retry_count()); } fn user_retry<T: Authenticate + Device>(device: &mut T, suffix: &str, count: u8) { - assert_any_ok!(device.authenticate_user(&(USER_PASSWORD.to_owned() + suffix))); + assert_any_ok!(device.authenticate_user(&(DEFAULT_USER_PIN.to_owned() + suffix))); assert_ok!(count, device.get_user_retry_count()); } @@ -126,7 +125,7 @@ fn get_retry_count(device: DeviceWrapper) { #[test_device] fn config(device: DeviceWrapper) { let mut device = device; - let mut admin = unwrap_ok!(device.authenticate_admin(ADMIN_PASSWORD)); + let mut admin = unwrap_ok!(device.authenticate_admin(DEFAULT_ADMIN_PIN)); let config = Config::new(None, None, None, true); assert_ok!((), admin.write_config(config)); @@ -147,26 +146,32 @@ fn config(device: DeviceWrapper) { #[test_device] fn change_user_pin(device: DeviceWrapper) { let mut device = device; - assert_any_ok!(device.authenticate_user(USER_PASSWORD)); + assert_any_ok!(device.authenticate_user(DEFAULT_USER_PIN)); assert_cmd_err!( CommandError::WrongPassword, device.authenticate_user(USER_NEW_PASSWORD) ); - assert_ok!((), device.change_user_pin(USER_PASSWORD, USER_NEW_PASSWORD)); + assert_ok!( + (), + device.change_user_pin(DEFAULT_USER_PIN, USER_NEW_PASSWORD) + ); assert_cmd_err!( CommandError::WrongPassword, - device.authenticate_user(USER_PASSWORD) + device.authenticate_user(DEFAULT_USER_PIN) ); assert_any_ok!(device.authenticate_user(USER_NEW_PASSWORD)); - let result = device.change_user_pin(USER_PASSWORD, USER_PASSWORD); + let result = device.change_user_pin(DEFAULT_USER_PIN, DEFAULT_USER_PIN); assert_cmd_err!(CommandError::WrongPassword, result); - assert_ok!((), device.change_user_pin(USER_NEW_PASSWORD, USER_PASSWORD)); + assert_ok!( + (), + device.change_user_pin(USER_NEW_PASSWORD, DEFAULT_USER_PIN) + ); - assert_any_ok!(device.authenticate_user(USER_PASSWORD)); + assert_any_ok!(device.authenticate_user(DEFAULT_USER_PIN)); assert_cmd_err!( CommandError::WrongPassword, device.authenticate_user(USER_NEW_PASSWORD) @@ -176,7 +181,7 @@ fn change_user_pin(device: DeviceWrapper) { #[test_device] fn change_admin_pin(device: DeviceWrapper) { let mut device = device; - assert_any_ok!(device.authenticate_admin(ADMIN_PASSWORD)); + assert_any_ok!(device.authenticate_admin(DEFAULT_ADMIN_PIN)); assert_cmd_err!( CommandError::WrongPassword, device.authenticate_admin(ADMIN_NEW_PASSWORD) @@ -184,26 +189,26 @@ fn change_admin_pin(device: DeviceWrapper) { assert_ok!( (), - device.change_admin_pin(ADMIN_PASSWORD, ADMIN_NEW_PASSWORD) + device.change_admin_pin(DEFAULT_ADMIN_PIN, ADMIN_NEW_PASSWORD) ); assert_cmd_err!( CommandError::WrongPassword, - device.authenticate_admin(ADMIN_PASSWORD) + device.authenticate_admin(DEFAULT_ADMIN_PIN) ); assert_any_ok!(device.authenticate_admin(ADMIN_NEW_PASSWORD)); assert_cmd_err!( CommandError::WrongPassword, - device.change_admin_pin(ADMIN_PASSWORD, ADMIN_PASSWORD) + device.change_admin_pin(DEFAULT_ADMIN_PIN, DEFAULT_ADMIN_PIN) ); assert_ok!( (), - device.change_admin_pin(ADMIN_NEW_PASSWORD, ADMIN_PASSWORD) + device.change_admin_pin(ADMIN_NEW_PASSWORD, DEFAULT_ADMIN_PIN) ); - assert_any_ok!(device.authenticate_admin(ADMIN_PASSWORD)); + assert_any_ok!(device.authenticate_admin(DEFAULT_ADMIN_PIN)); assert_cmd_err!( CommandError::WrongPassword, device.authenticate_admin(ADMIN_NEW_PASSWORD) @@ -220,46 +225,55 @@ fn require_failed_user_login<D: Authenticate + Device>(device: &mut D, password: #[test_device] fn unlock_user_pin(device: DeviceWrapper) { let mut device = device; - assert_any_ok!(device.authenticate_user(USER_PASSWORD)); - assert_ok!((), device.unlock_user_pin(ADMIN_PASSWORD, USER_PASSWORD)); + assert_any_ok!(device.authenticate_user(DEFAULT_USER_PIN)); + assert_ok!( + (), + device.unlock_user_pin(DEFAULT_ADMIN_PIN, DEFAULT_USER_PIN) + ); assert_cmd_err!( CommandError::WrongPassword, - device.unlock_user_pin(USER_PASSWORD, USER_PASSWORD) + device.unlock_user_pin(DEFAULT_USER_PIN, DEFAULT_USER_PIN) ); // block user PIN - let wrong_password = USER_PASSWORD.to_owned() + "foo"; + let wrong_password = DEFAULT_USER_PIN.to_owned() + "foo"; require_failed_user_login(&mut device, &wrong_password); require_failed_user_login(&mut device, &wrong_password); require_failed_user_login(&mut device, &wrong_password); - require_failed_user_login(&mut device, USER_PASSWORD); + require_failed_user_login(&mut device, DEFAULT_USER_PIN); // unblock with current PIN assert_cmd_err!( CommandError::WrongPassword, - device.unlock_user_pin(USER_PASSWORD, USER_PASSWORD) + device.unlock_user_pin(DEFAULT_USER_PIN, DEFAULT_USER_PIN) ); - assert_ok!((), device.unlock_user_pin(ADMIN_PASSWORD, USER_PASSWORD)); - assert_any_ok!(device.authenticate_user(USER_PASSWORD)); + assert_ok!( + (), + device.unlock_user_pin(DEFAULT_ADMIN_PIN, DEFAULT_USER_PIN) + ); + assert_any_ok!(device.authenticate_user(DEFAULT_USER_PIN)); // block user PIN require_failed_user_login(&mut device, &wrong_password); require_failed_user_login(&mut device, &wrong_password); require_failed_user_login(&mut device, &wrong_password); - require_failed_user_login(&mut device, USER_PASSWORD); + require_failed_user_login(&mut device, DEFAULT_USER_PIN); // unblock with new PIN assert_cmd_err!( CommandError::WrongPassword, - device.unlock_user_pin(USER_PASSWORD, USER_PASSWORD) + device.unlock_user_pin(DEFAULT_USER_PIN, DEFAULT_USER_PIN) ); assert_ok!( (), - device.unlock_user_pin(ADMIN_PASSWORD, USER_NEW_PASSWORD) + device.unlock_user_pin(DEFAULT_ADMIN_PIN, USER_NEW_PASSWORD) ); // reset user PIN - assert_ok!((), device.change_user_pin(USER_NEW_PASSWORD, USER_PASSWORD)); + assert_ok!( + (), + device.change_user_pin(USER_NEW_PASSWORD, DEFAULT_USER_PIN) + ); } fn assert_utf8_err_or_ne(left: &str, right: Result<String, Error>) { @@ -273,18 +287,21 @@ fn assert_utf8_err_or_ne(left: &str, right: Result<String, Error>) { #[test_device] fn factory_reset(device: DeviceWrapper) { let mut device = device; - let mut admin = unwrap_ok!(device.authenticate_admin(ADMIN_PASSWORD)); + let mut admin = unwrap_ok!(device.authenticate_admin(DEFAULT_ADMIN_PIN)); let otp_data = OtpSlotData::new(1, "test", "0123468790", OtpMode::SixDigits); assert_ok!((), admin.write_totp_slot(otp_data, 30)); - let mut pws = unwrap_ok!(device.get_password_safe(USER_PASSWORD)); + let mut pws = unwrap_ok!(device.get_password_safe(DEFAULT_USER_PIN)); assert_ok!((), pws.write_slot(0, "test", "testlogin", "testpw")); drop(pws); - assert_ok!((), device.change_user_pin(USER_PASSWORD, USER_NEW_PASSWORD)); assert_ok!( (), - device.change_admin_pin(ADMIN_PASSWORD, ADMIN_NEW_PASSWORD) + device.change_user_pin(DEFAULT_USER_PIN, USER_NEW_PASSWORD) + ); + assert_ok!( + (), + device.change_admin_pin(DEFAULT_ADMIN_PIN, ADMIN_NEW_PASSWORD) ); assert_cmd_err!( @@ -293,40 +310,40 @@ fn factory_reset(device: DeviceWrapper) { ); assert_cmd_err!( CommandError::WrongPassword, - device.factory_reset(ADMIN_PASSWORD) + device.factory_reset(DEFAULT_ADMIN_PIN) ); assert_ok!((), device.factory_reset(ADMIN_NEW_PASSWORD)); - assert_any_ok!(device.authenticate_admin(ADMIN_PASSWORD)); + assert_any_ok!(device.authenticate_admin(DEFAULT_ADMIN_PIN)); - let user = unwrap_ok!(device.authenticate_user(USER_PASSWORD)); + let user = unwrap_ok!(device.authenticate_user(DEFAULT_USER_PIN)); assert_cmd_err!(CommandError::SlotNotProgrammed, user.get_totp_slot_name(1)); - let pws = unwrap_ok!(device.get_password_safe(USER_PASSWORD)); + let pws = unwrap_ok!(device.get_password_safe(DEFAULT_USER_PIN)); assert_utf8_err_or_ne("test", pws.get_slot_name(0)); assert_utf8_err_or_ne("testlogin", pws.get_slot_login(0)); assert_utf8_err_or_ne("testpw", pws.get_slot_password(0)); drop(pws); - assert_ok!((), device.build_aes_key(ADMIN_PASSWORD)); + assert_ok!((), device.build_aes_key(DEFAULT_ADMIN_PIN)); } #[test_device] fn build_aes_key(device: DeviceWrapper) { let mut device = device; - let mut pws = unwrap_ok!(device.get_password_safe(USER_PASSWORD)); + let mut pws = unwrap_ok!(device.get_password_safe(DEFAULT_USER_PIN)); assert_ok!((), pws.write_slot(0, "test", "testlogin", "testpw")); drop(pws); assert_cmd_err!( CommandError::WrongPassword, - device.build_aes_key(USER_PASSWORD) + device.build_aes_key(DEFAULT_USER_PIN) ); - assert_ok!((), device.build_aes_key(ADMIN_PASSWORD)); + assert_ok!((), device.build_aes_key(DEFAULT_ADMIN_PIN)); - assert_any_ok!(device.authenticate_admin(ADMIN_PASSWORD)); + assert_any_ok!(device.authenticate_admin(DEFAULT_ADMIN_PIN)); - let pws = unwrap_ok!(device.get_password_safe(USER_PASSWORD)); + let pws = unwrap_ok!(device.get_password_safe(DEFAULT_USER_PIN)); assert_utf8_err_or_ne("test", pws.get_slot_name(0)); assert_utf8_err_or_ne("testlogin", pws.get_slot_login(0)); assert_utf8_err_or_ne("testpw", pws.get_slot_password(0)); @@ -356,7 +373,7 @@ fn encrypted_volume(device: Storage) { device.enable_encrypted_volume("123") ); assert_eq!(1, count_nitrokey_block_devices()); - assert_ok!((), device.enable_encrypted_volume(USER_PASSWORD)); + assert_ok!((), device.enable_encrypted_volume(DEFAULT_USER_PIN)); assert_eq!(2, count_nitrokey_block_devices()); assert_ok!((), device.disable_encrypted_volume()); assert_eq!(1, count_nitrokey_block_devices()); @@ -371,7 +388,7 @@ fn hidden_volume(device: Storage) { assert_ok!((), device.disable_hidden_volume()); assert_eq!(1, count_nitrokey_block_devices()); - assert_ok!((), device.enable_encrypted_volume(USER_PASSWORD)); + assert_ok!((), device.enable_encrypted_volume(DEFAULT_USER_PIN)); assert_eq!(2, count_nitrokey_block_devices()); // TODO: why this error code? @@ -401,7 +418,7 @@ fn hidden_volume(device: Storage) { #[test_device] fn lock(device: Storage) { let mut device = device; - assert_ok!((), device.enable_encrypted_volume(USER_PASSWORD)); + assert_ok!((), device.enable_encrypted_volume(DEFAULT_USER_PIN)); assert_ok!((), device.lock()); assert_eq!(1, count_nitrokey_block_devices()); } @@ -414,26 +431,26 @@ fn set_encrypted_volume_mode(device: Storage) { assert_ok!( (), - device.set_encrypted_volume_mode(ADMIN_PASSWORD, VolumeMode::ReadOnly) + device.set_encrypted_volume_mode(DEFAULT_ADMIN_PIN, VolumeMode::ReadOnly) ); // TODO: re-enable once the password is checked in the firmware // assert_cmd_err!( // CommandError::WrongPassword, - // device.set_encrypted_volume_mode(USER_PASSWORD, VolumeMode::ReadOnly) + // device.set_encrypted_volume_mode(DEFAULT_USER_PIN, VolumeMode::ReadOnly) // ); assert_ok!( (), - device.set_encrypted_volume_mode(ADMIN_PASSWORD, VolumeMode::ReadOnly) + device.set_encrypted_volume_mode(DEFAULT_ADMIN_PIN, VolumeMode::ReadOnly) ); assert_ok!( (), - device.set_encrypted_volume_mode(ADMIN_PASSWORD, VolumeMode::ReadWrite) + device.set_encrypted_volume_mode(DEFAULT_ADMIN_PIN, VolumeMode::ReadWrite) ); assert_ok!( (), - device.set_encrypted_volume_mode(ADMIN_PASSWORD, VolumeMode::ReadOnly) + device.set_encrypted_volume_mode(DEFAULT_ADMIN_PIN, VolumeMode::ReadOnly) ); } @@ -448,7 +465,10 @@ fn set_unencrypted_volume_mode(device: Storage) { } fn assert_success(device: &mut Storage, mode: VolumeMode) { - assert_ok!((), device.set_unencrypted_volume_mode(ADMIN_PASSWORD, mode)); + assert_ok!( + (), + device.set_unencrypted_volume_mode(DEFAULT_ADMIN_PIN, mode) + ); assert_mode(&device, mode); } @@ -457,7 +477,7 @@ fn set_unencrypted_volume_mode(device: Storage) { assert_cmd_err!( CommandError::WrongPassword, - device.set_unencrypted_volume_mode(USER_PASSWORD, VolumeMode::ReadOnly) + device.set_unencrypted_volume_mode(DEFAULT_USER_PIN, VolumeMode::ReadOnly) ); assert_mode(&device, VolumeMode::ReadOnly); @@ -496,9 +516,9 @@ fn get_production_info(device: Storage) { #[test_device] fn clear_new_sd_card_warning(device: Storage) { let mut device = device; - assert_ok!((), device.factory_reset(ADMIN_PASSWORD)); + assert_ok!((), device.factory_reset(DEFAULT_ADMIN_PIN)); thread::sleep(time::Duration::from_secs(3)); - assert_ok!((), device.build_aes_key(ADMIN_PASSWORD)); + assert_ok!((), device.build_aes_key(DEFAULT_ADMIN_PIN)); // We have to perform an SD card operation to reset the new_sd_card_found field assert_ok!((), device.lock()); @@ -506,7 +526,7 @@ fn clear_new_sd_card_warning(device: Storage) { let status = unwrap_ok!(device.get_status()); assert!(status.new_sd_card_found); - assert_ok!((), device.clear_new_sd_card_warning(ADMIN_PASSWORD)); + assert_ok!((), device.clear_new_sd_card_warning(DEFAULT_ADMIN_PIN)); let status = unwrap_ok!(device.get_status()); assert!(!status.new_sd_card_found); @@ -519,14 +539,14 @@ fn export_firmware(device: Storage) { CommandError::WrongPassword, device.export_firmware("someadminpn") ); - assert_ok!((), device.export_firmware(ADMIN_PASSWORD)); + assert_ok!((), device.export_firmware(DEFAULT_ADMIN_PIN)); assert_ok!( (), - device.set_unencrypted_volume_mode(ADMIN_PASSWORD, VolumeMode::ReadWrite) + device.set_unencrypted_volume_mode(DEFAULT_ADMIN_PIN, VolumeMode::ReadWrite) ); - assert_ok!((), device.export_firmware(ADMIN_PASSWORD)); + assert_ok!((), device.export_firmware(DEFAULT_ADMIN_PIN)); assert_ok!( (), - device.set_unencrypted_volume_mode(ADMIN_PASSWORD, VolumeMode::ReadOnly) + device.set_unencrypted_volume_mode(DEFAULT_ADMIN_PIN, VolumeMode::ReadOnly) ); } diff --git a/tests/otp.rs b/tests/otp.rs index 8ca8311..d55d54a 100644 --- a/tests/otp.rs +++ b/tests/otp.rs @@ -7,12 +7,10 @@ use std::ops::DerefMut; use nitrokey::{ Admin, Authenticate, CommandError, Config, ConfigureOtp, Device, GenerateOtp, LibraryError, - OtpMode, OtpSlotData, + OtpMode, OtpSlotData, DEFAULT_ADMIN_PIN, DEFAULT_USER_PIN, }; use nitrokey_test::test as test_device; -use crate::util::{ADMIN_PASSWORD, USER_PASSWORD}; - // test suite according to RFC 4226, Appendix D static HOTP_SECRET: &str = "3132333435363738393031323334353637383930"; static HOTP_CODES: &[&str] = &[ @@ -41,7 +39,7 @@ fn make_admin_test_device<'a, T>(device: &'a mut T) -> Admin<'a, T> where T: Device, { - unwrap_ok!(device.authenticate_admin(ADMIN_PASSWORD)) + unwrap_ok!(device.authenticate_admin(DEFAULT_ADMIN_PIN)) } fn configure_hotp(admin: &mut ConfigureOtp, counter: u8) { @@ -91,7 +89,7 @@ fn hotp_pin(device: DeviceWrapper) { assert_ok!((), admin.write_config(config)); configure_hotp(&mut admin, 0); - let mut user = unwrap_ok!(device.authenticate_user(USER_PASSWORD)); + let mut user = unwrap_ok!(device.authenticate_user(DEFAULT_USER_PIN)); check_hotp_codes(&mut user, 0); assert_cmd_err!(CommandError::NotAuthorized, user.get_hotp_code(1)); @@ -219,7 +217,7 @@ fn totp_pin(device: DeviceWrapper) { assert_ok!((), admin.write_config(config)); configure_totp(&mut admin, 1); - let mut user = unwrap_ok!(device.authenticate_user(USER_PASSWORD)); + let mut user = unwrap_ok!(device.authenticate_user(DEFAULT_USER_PIN)); check_totp_codes(&mut user, 1, TotpTimestampSize::U32); assert_cmd_err!(CommandError::NotAuthorized, user.get_totp_code(1)); @@ -234,7 +232,7 @@ fn totp_pin_64(device: Pro) { assert_ok!((), admin.write_config(config)); configure_totp(&mut admin, 1); - let mut user = unwrap_ok!(admin.authenticate_user(USER_PASSWORD)); + let mut user = unwrap_ok!(admin.authenticate_user(DEFAULT_USER_PIN)); check_totp_codes(&mut user, 1, TotpTimestampSize::U64); assert_cmd_err!(CommandError::NotAuthorized, device.get_totp_code(1)); diff --git a/tests/pws.rs b/tests/pws.rs index 7805803..b0e5abe 100644 --- a/tests/pws.rs +++ b/tests/pws.rs @@ -7,13 +7,12 @@ use std::ffi::CStr; use libc::{c_int, c_void, free}; use nitrokey::{ - CommandError, Device, Error, GetPasswordSafe, LibraryError, PasswordSafe, SLOT_COUNT, + CommandError, Device, Error, GetPasswordSafe, LibraryError, PasswordSafe, DEFAULT_ADMIN_PIN, + DEFAULT_USER_PIN, SLOT_COUNT, }; use nitrokey_sys; use nitrokey_test::test as test_device; -use crate::util::{ADMIN_PASSWORD, USER_PASSWORD}; - fn get_slot_name_direct(slot: u8) -> Result<String, Error> { let ptr = unsafe { nitrokey_sys::NK_get_password_safe_slot_name(slot) }; if ptr.is_null() { @@ -37,7 +36,7 @@ fn get_pws<T>(device: &mut T) -> PasswordSafe where T: Device, { - unwrap_ok!(device.get_password_safe(USER_PASSWORD)) + unwrap_ok!(device.get_password_safe(DEFAULT_USER_PIN)) } #[test_device] @@ -45,14 +44,14 @@ fn enable(device: DeviceWrapper) { let mut device = device; assert_cmd_err!( CommandError::WrongPassword, - device.get_password_safe(&(USER_PASSWORD.to_owned() + "123")) + device.get_password_safe(&(DEFAULT_USER_PIN.to_owned() + "123")) ); - assert_any_ok!(device.get_password_safe(USER_PASSWORD)); + assert_any_ok!(device.get_password_safe(DEFAULT_USER_PIN)); assert_cmd_err!( CommandError::WrongPassword, - device.get_password_safe(ADMIN_PASSWORD) + device.get_password_safe(DEFAULT_ADMIN_PIN) ); - assert_any_ok!(device.get_password_safe(USER_PASSWORD)); + assert_any_ok!(device.get_password_safe(DEFAULT_USER_PIN)); } #[test_device] diff --git a/tests/util/mod.rs b/tests/util/mod.rs index f80372d..5bd19d1 100644 --- a/tests/util/mod.rs +++ b/tests/util/mod.rs @@ -1,11 +1,6 @@ // Copyright (C) 2018-2019 Robin Krahl <robin.krahl@ireas.org> // SPDX-License-Identifier: MIT -#[allow(dead_code)] -pub static ADMIN_PASSWORD: &str = "12345678"; -#[allow(dead_code)] -pub static USER_PASSWORD: &str = "123456"; - #[macro_export] macro_rules! unwrap_ok { ($val:expr) => { |