diff options
Diffstat (limited to 'src/tests')
-rw-r--r-- | src/tests/mod.rs | 2 | ||||
-rw-r--r-- | src/tests/no_device.rs | 9 | ||||
-rw-r--r-- | src/tests/pro.rs | 268 |
3 files changed, 279 insertions, 0 deletions
diff --git a/src/tests/mod.rs b/src/tests/mod.rs new file mode 100644 index 0000000..5f01b67 --- /dev/null +++ b/src/tests/mod.rs @@ -0,0 +1,2 @@ +mod no_device; +mod pro; diff --git a/src/tests/no_device.rs b/src/tests/no_device.rs new file mode 100644 index 0000000..04c5c8a --- /dev/null +++ b/src/tests/no_device.rs @@ -0,0 +1,9 @@ +use Model; + +#[test] +#[cfg_attr(not(feature = "test-no-device"), ignore)] +fn connect() { + assert!(::connect().is_err()); + assert!(::connect_model(Model::Storage).is_err()); + assert!(::connect_model(Model::Pro).is_err()); +} diff --git a/src/tests/pro.rs b/src/tests/pro.rs new file mode 100644 index 0000000..7fa8ec3 --- /dev/null +++ b/src/tests/pro.rs @@ -0,0 +1,268 @@ +use std::ffi::CStr; +use std::marker::Sized; +use {set_debug, AdminAuthenticatedDevice, CommandError, CommandStatus, Config, Device, Model, + OtpMode, OtpSlotData, UnauthenticatedDevice}; + +static ADMIN_PASSWORD: &str = "12345678"; +static USER_PASSWORD: &str = "123456"; + +// test suite according to RFC 4226, Appendix D +static HOTP_SECRET: &str = "3132333435363738393031323334353637383930"; +static HOTP_CODES: &[&str] = &[ + "755224", "287082", "359152", "969429", "338314", "254676", "287922", "162583", "399871", + "520489", +]; + +// test suite according to RFC 6238, Appendix B +static TOTP_SECRET: &str = "3132333435363738393031323334353637383930"; +static TOTP_CODES: &[(u64, &str)] = &[ + (59, "94287082"), + (1111111109, "07081804"), + (1111111111, "14050471"), + (1234567890, "89005924"), + (2000000000, "69279037"), + (20000000000, "65353130"), +]; + +#[test] +#[cfg_attr(not(feature = "test-pro"), ignore)] +fn connect() { + set_debug(false); + assert!(::connect().is_ok()); + assert!(::connect_model(Model::Pro).is_ok()); + assert!(::connect_model(Model::Storage).is_err()); +} + +#[test] +#[cfg_attr(not(feature = "test-pro"), ignore)] +fn disconnect() { + set_debug(false); + ::connect().unwrap().disconnect(); + unsafe { + let ptr = ::nitrokey_sys::NK_device_serial_number(); + assert!(!ptr.is_null()); + let cstr = CStr::from_ptr(ptr); + assert_eq!(cstr.to_string_lossy(), ""); + } +} + +#[test] +#[cfg_attr(not(feature = "test-pro"), ignore)] +fn get_serial_number() { + set_debug(false); + let device = ::connect().unwrap(); + let result = device.get_serial_number(); + assert!(result.is_ok()); + let serial_number = result.unwrap(); + assert!(serial_number.is_ascii()); + assert!(serial_number.chars().all(|c| c.is_ascii_hexdigit())); +} + +fn configure_hotp(admin: &AdminAuthenticatedDevice) { + let slot_data = OtpSlotData::new(1, "test-hotp", HOTP_SECRET, OtpMode::SixDigits); + assert_eq!(CommandStatus::Success, admin.write_hotp_slot(slot_data, 0)); +} + +fn check_hotp_codes<T: Device>(device: &T) +where + T: Sized, +{ + for code in HOTP_CODES { + let result = device.get_hotp_code(1); + assert_eq!(code, &result.unwrap()); + } +} + +#[test] +#[cfg_attr(not(feature = "test-pro"), ignore)] +fn hotp() { + set_debug(false); + let device = ::connect().unwrap(); + let admin = device.authenticate_admin(ADMIN_PASSWORD).unwrap(); + let config = Config::new(None, None, None, false); + assert_eq!(CommandStatus::Success, admin.write_config(config)); + + configure_hotp(&admin); + check_hotp_codes(&admin); + + configure_hotp(&admin); + check_hotp_codes(&admin.device()); +} + +#[test] +#[cfg_attr(not(feature = "test-pro"), ignore)] +fn hotp_pin() { + set_debug(false); + let device = ::connect().unwrap(); + let admin = device.authenticate_admin(ADMIN_PASSWORD).unwrap(); + let config = Config::new(None, None, None, true); + assert_eq!(CommandStatus::Success, admin.write_config(config)); + + configure_hotp(&admin); + let user = admin.device().authenticate_user(USER_PASSWORD).unwrap(); + check_hotp_codes(&user); + + // TODO: enable for newer libnitrokey + // assert!(user.device().get_hotp_code(1).is_err()); +} + +#[test] +#[cfg_attr(not(feature = "test-pro"), ignore)] +fn hotp_slot_name() { + set_debug(false); + let device = ::connect().unwrap(); + + let admin = device.authenticate_admin(ADMIN_PASSWORD).unwrap(); + let slot_data = OtpSlotData::new(1, "test-hotp", HOTP_SECRET, OtpMode::SixDigits); + assert_eq!(CommandStatus::Success, admin.write_hotp_slot(slot_data, 0)); + + let result = admin.device().get_hotp_slot_name(1); + assert_eq!("test-hotp", result.unwrap()); +} + +fn configure_totp(admin: &AdminAuthenticatedDevice) { + let slot_data = OtpSlotData::new(1, "test-totp", TOTP_SECRET, OtpMode::EightDigits); + assert_eq!(CommandStatus::Success, admin.write_totp_slot(slot_data, 30)); +} + +fn check_totp_codes<T: Device>(device: &T) +where + T: Sized, +{ + for (i, &(time, code)) in TOTP_CODES.iter().enumerate() { + assert_eq!(CommandStatus::Success, device.set_time(time)); + let result = device.get_totp_code(1); + assert!(result.is_ok()); + let result_code = result.unwrap(); + assert_eq!( + code, result_code, + "TOTP code {} should be {} but is {}", + i, code, result_code + ); + } +} + +#[test] +#[cfg_attr(not(feature = "test-pro"), ignore)] +fn totp() { + // TODO: this test may fail due to bad timing --> find solution + set_debug(false); + let device = ::connect().unwrap(); + let admin = device.authenticate_admin(ADMIN_PASSWORD).unwrap(); + let config = Config::new(None, None, None, false); + assert_eq!(CommandStatus::Success, admin.write_config(config)); + + configure_totp(&admin); + check_totp_codes(&admin); + + configure_totp(&admin); + check_totp_codes(&admin.device()); +} + +#[test] +#[cfg_attr(not(feature = "test-pro"), ignore)] +fn totp_pin() { + // TODO: this test may fail due to bad timing --> find solution + set_debug(false); + let device = ::connect().unwrap(); + let admin = device.authenticate_admin(ADMIN_PASSWORD).unwrap(); + let config = Config::new(None, None, None, true); + assert_eq!(CommandStatus::Success, admin.write_config(config)); + + configure_totp(&admin); + let user = admin.device().authenticate_user(USER_PASSWORD).unwrap(); + check_totp_codes(&user); + + // TODO: enable for newer libnitrokey + // assert!(user.device().get_totp_code(1).is_err()); +} + +#[test] +#[cfg_attr(not(feature = "test-pro"), ignore)] +fn totp_slot_name() { + set_debug(false); + let device = ::connect().unwrap(); + + let admin = device.authenticate_admin(ADMIN_PASSWORD).unwrap(); + let slot_data = OtpSlotData::new(1, "test-totp", TOTP_SECRET, OtpMode::EightDigits); + assert_eq!(CommandStatus::Success, admin.write_totp_slot(slot_data, 0)); + + let result = admin.device().get_totp_slot_name(1); + assert!(result.is_ok()); + assert_eq!("test-totp", result.unwrap()); +} + +#[test] +#[cfg_attr(not(feature = "test-pro"), ignore)] +fn get_major_firmware_version() { + set_debug(false); + // TODO fix for different libnitrokey versions + assert_eq!(8, ::connect().unwrap().get_major_firmware_version()); +} + +fn admin_retry(device: UnauthenticatedDevice, suffix: &str, count: u8) -> UnauthenticatedDevice { + let result = device.authenticate_admin(&(ADMIN_PASSWORD.to_owned() + suffix)); + let device = match result { + Ok(admin) => admin.device(), + Err((device, _)) => device, + }; + assert_eq!(count, device.get_admin_retry_count()); + return device; +} + +fn user_retry(device: UnauthenticatedDevice, suffix: &str, count: u8) -> UnauthenticatedDevice { + let result = device.authenticate_user(&(USER_PASSWORD.to_owned() + suffix)); + let device = match result { + Ok(admin) => admin.device(), + Err((device, _)) => device, + }; + assert_eq!(count, device.get_user_retry_count()); + return device; +} + +#[test] +#[cfg_attr(not(feature = "test-pro"), ignore)] +fn get_retry_count() { + set_debug(false); + let device = ::connect().unwrap(); + + let device = admin_retry(device, "", 3); + let device = admin_retry(device, "123", 2); + let device = admin_retry(device, "456", 1); + let device = admin_retry(device, "", 3); + + let device = user_retry(device, "", 3); + let device = user_retry(device, "123", 2); + let device = user_retry(device, "456", 1); + user_retry(device, "", 3); +} + +#[test] +#[cfg_attr(not(feature = "test-pro"), ignore)] +fn read_write_config() { + set_debug(false); + let device = ::connect().unwrap(); + + let admin = device.authenticate_admin(ADMIN_PASSWORD).unwrap(); + + let config = Config::new(None, None, None, true); + assert_eq!(CommandStatus::Success, admin.write_config(config)); + let get_config = admin.get_config().unwrap(); + assert_eq!(config, get_config); + + let config = Config::new(None, Some(9), None, true); + assert_eq!( + CommandStatus::Error(CommandError::InvalidSlot), + admin.write_config(config) + ); + + let config = Config::new(Some(1), None, Some(0), false); + assert_eq!(CommandStatus::Success, admin.write_config(config)); + let get_config = admin.get_config().unwrap(); + assert_eq!(config, get_config); + + let config = Config::new(None, None, None, false); + assert_eq!(CommandStatus::Success, admin.write_config(config)); + let get_config = admin.get_config().unwrap(); + assert_eq!(config, get_config); +} |