aboutsummaryrefslogtreecommitdiff
path: root/tests/device.rs
Commit message (Collapse)AuthorAge
* Fix serial number check in device testsRobin Krahl2020-09-06
| | | | | | | | | | The serial numuer check in the device tests are different for Storage devices because the Nitrokey Storage currently does not report its serial number in the status. Our previous implementation matched the model to determine how to check the serial number. This no longer works as we marked the model as non-exhaustive and was unnecessary. This patch changes the test logic to perform the serial number test for all devices except the Nitrokey Storage.
* Represent serial numbers using SerialNumber structRobin Krahl2020-02-03
| | | | | | | | | | | | | | | | | In a previous commit, we changed the serial number representation from a string to an integer. This made it easier to compare serial numbers, but also introduced new problems: - Serial numbers should be formatted consistently, for example as "{:#010x}". It is hard to ensure this for an integer value. - The format of the serial number may be subject to change. Users should not rely too much on the u32 representation. Therefore we introduce a new SerialNumber struct that represents a serial number. Currently it only stores a u32 value. The following traits and functions can be used to access its value: - FromStr for string parsing - ToString/Display for string formatting - as_u32 to access the underlying integer value
* Always store serial numbers as integersRobin Krahl2020-01-28
| | | | | | | | This patch consistently uses u32 integers to store and return the serial number of a Nitrokey device. This makes it easier to convert and compare the serial number, as it is a unique representation and as formatting an integer cannot fail. For more details, see this RFC: https://lists.sr.ht/~ireas/nitrokey-rs-dev/%3C20200126074816.GA1314%40ireas.org%3E
* Add the fill_sd_card function to StorageRobin Krahl2020-01-14
| | | | | | | | This patch adds support for libnitrokey’s NK_fill_SD_card_with_random_data function. It is executed by the fill_sd_card function of the Storage struct. We also add a new test case that is set to ignore because it takes between 30 and 60 minutes to run.
* Add the get_operation_status function to the Storage structRobin Krahl2020-01-14
| | | | | | | This patch adds support for the NK_get_progress_bar_value function: It adds the OperationStatus enum that stores the return value of this command and adds the get_operation_status function to the Storage struct that executes the command.
* Add the get_sd_card_usage function to the Storage structRobin Krahl2020-01-14
| | | | | | This patch adds support for the NK_get_SD_usage_data function. It returns a range of the SD card that has not been accessed during this power cycle.
* Rename Status::get_status to get_storage_statusRobin Krahl2020-01-11
| | | | | | | In the last patch, we added the get_status function to the Device trait. This patch renames the Storage::get_status function to get_storage_status to resolve the name clash – though allowed by the compiler, it is rather confusing for the end user.
* Add support for the GET_STATUS commandRobin Krahl2020-01-11
| | | | | | | | | | | | | | | | | This patch adds support for the GET_STATUS command that returns the status information common to all Nitrokey devices. It can be accessed using the Device::get_status function and is stored in a Status struct. Due to a bug in the Storage firmware [0], the GET_STATUS command returns wrong firmware versions and serial numbers. Until this is fixed in libnitrokey [1], we have to manually execute the GET_DEVICE_STATUS command to fix these values for the Nitrokey Storage. Also, this leads to a name clash with the existing Storage::get_status function, which will be renamed in an upcoming patch. [0] https://github.com/Nitrokey/nitrokey-storage-firmware/issues/96 [1] https://github.com/Nitrokey/libnitrokey/issues/166
* Add the connect_path function to the Manager structRobin Krahl2020-01-07
| | | | | | This patch adds the connect_path function to the Manager struct that uses NK_connect_with_path to connect to a Nitrokey device at a given USB path.
* Add list_devices functionRobin Krahl2020-01-07
| | | | | | | This patch adds support for libnitrokey’s NK_list_devices function by introducing the top-level list_devices function. It returns a vector of DeviceInfo structs with information about all connected Nitrokey devices.
* Check retry count before building AES key in testRobin Krahl2019-07-09
| | | | | | | | Due to a timing issue, some calls to the build_aes_key function may fail after a factory reset. As a workaround for this firmware bug, we check the user retry count before building the aes key in the factory_reset test. For details, see the upstream issue: https://github.com/Nitrokey/nitrokey-pro-firmware/issues/57
* Use into_manager in device connection testsRobin Krahl2019-07-09
| | | | | | To avoid a ConcurrentAccessError, we have to use the Device::into_manager function instead of calling take to obtain a Manager instance.
* Use Manager in device connection testsRobin Krahl2019-07-09
| | | | | | The previous patches refactored the connection handling to use the Manager struct. This patch changes the tests to use the new Manager methods instead of the deprecated functions.
* Introduce into_manager for DeviceRobin Krahl2019-07-09
| | | | | | | | To enable applications like nitrokey-test to go back to a manager instance from a Device instance, we add the into_manager function to the Device trait. To do that, we have to keep track of the Manager’s lifetime by adding a lifetime to Device (and then to some other traits that use Device).
* Move {Pro, Storage}::connect into ManagerRobin Krahl2019-07-08
| | | | | | | As part of the connection refactoring, this patch moves the connect methods of the Pro and Storage structs into the Manager struct. To maintain compatibility with nitrokey-test, the old methods are not removed but marked as deprecated.
* Move the connect_model function into ManagerRobin Krahl2019-07-08
| | | | | | As part of the connection refactoring, this patch moves the connect_model function to the Manager struct. As the connect_model function is not used by nitrokey-test, it is removed.
* Revert "Store mutable reference to Device in PasswordSafe"Robin Krahl2019-02-05
| | | | This reverts commit 13006c00dcbd570cf8347d89557834e320427377.
* Revert "Refactor User and Admin to use a mutable reference"Robin Krahl2019-02-05
| | | | This reverts commit 0972bbe82623c3d9649b6023d8f50d304aa0cde6.
* Remove PIN constants from testsRobin Krahl2019-02-04
| | | | | | In a previous commit, we introduced the DEFAULT_{ADMIN,USER}_PIN constants. Therefore we no longer need in the {ADMIN,USER}_PASSWORD constants in the util module for the tests.
* Refactor User and Admin to use a mutable referenceRobin Krahl2019-02-02
| | | | | | | | | | | | In the initial nitrokey-rs implementation, the Admin and the User struct take the Device by value to make sure that the user cannot initiate a second authentication while this first is still active (which would invalidate the temporary password). Now we realized that this is not necessary – taking a mutable reference has the same effect, but leads to a much cleaner API. This patch refactors the Admin and User structs – and all dependent code – to use a mutable reference instead of a Device value.
* Require mutable reference if method changes device stateRobin Krahl2019-02-02
| | | | | | | | | | | | Previously, all methods that access a Nitrokey device took a reference to the device as input. This method changes methods that change the device state to require a mutable reference instead. In most case, this is straightforward as the method writes data to the device (for example write_config or change_user_pin). But there are two edge cases: - Authenticating with a PIN changes the device state as it may decrease the PIN retry counter if the authentication fails. - Generating an HOTP code changes the device state as it increases the HOTP counter.
* Add set_encrypted_volume_mode method to StorageRobin Krahl2019-01-31
| | | | | | | | | | Previously, we considered this command as unsupported as it only was available with firmware version 0.49. But as discussed in nitrocli issue 80 [0], it will probably be re-enabled in future firmware versions. Therefore this patch adds the set_encrypted_volume_mode to Storage. [0] https://github.com/d-e-s-o/nitrocli/issues/80
* Add assert_any_ok macro to unit testsRobin Krahl2019-01-28
| | | | | | | | Sometimes we cannot use assert_ok! as we can’t compare the Ok value (or do not want to). For these cases, this patch adds the new assert_any_ok macro to use instead of assert!(x.is_ok()). The advantage is that the error information is not discarded but printed in a helpful error message.
* Add unwrap_ok macro to replace unwrap in unit testsRobin Krahl2019-01-28
| | | | | | The unwrap error message is not very useful. This patch adds the unwrap_ok macro that is basically the same as unwrap but prints a more readable error message.
* Accept UTF-8 errors in password safe testsRobin Krahl2019-01-28
| | | | | | | After a factory reset or after building the AES key, the password safe contains garbage data. This will most likely not be valid UTF-8. Therefore we change the tests to also accept an UTF-8 error in these cases.
* Add get_firmware_version methodRobin Krahl2019-01-28
| | | | | | | | This patch combines the get_{major,minor}_firmware_version methods into the new get_firmware_version method that returns a FirmwareVersion struct. Currently, this requires casting from i32 to u8. But this will be fixed with the next libnitrokey version as we change the return types for the firmware getters.
* Always return a Result when communicating with a deviceRobin Krahl2019-01-27
| | | | | | | | Previously, we sometimes returned a value without wrapping it in a result if the API method did not indicate errors in the return value. But we can detect errors using the NK_get_last_command_status function. This patch changes the return types of these methods to Result<_, Error> and adds error checks.
* Add license and copyright informationRobin Krahl2019-01-23
| | | | | | | This patch adds license and copyright information to all files to make nitrokey-rs compliant with the REUSE practices [0]. [0] https://reuse.software/practices/2.0/
* Refactor device::config test caseRobin Krahl2019-01-23
|
* Fix formatting in testsRobin Krahl2019-01-20
|
* Check specific error codes in the testsRobin Krahl2019-01-20
| | | | | | | | | | If possible, check specific error codes instead of `is_err()`. This makes the code more readable and catches bugs resulting in the wrong error code. Also, using the assert_*_err and assert_ok macros yields error messages containing the expected and the actual value. To be able to use these macros with the `get_password_safe` method, we also have to implement `Debug` for `PasswordSafe` and `Device`.
* Refactor library errors into LibraryError enumRobin Krahl2019-01-20
| | | | | | Previously, library errors were part of the CommandError enum. As command errors and library errors are two different error types, they should be split into two enums.
* Add assert_cmd_err and assert_ok macros to testsRobin Krahl2019-01-20
| | | | | | | | | These macros allow easier comparisions using the new error type. This patch fixes all tests and updates nitrokey-test to 0.2.0 so that it integrates with the new error structure. Some tests may still fail until CommunicationError::NotConnected is actually returned.
* Introduce the FirmwareVersion structRobin Krahl2019-01-17
| | | | | | The FirmwareVersion struct stores the major and minor firmware version of a Nitrokey device. We refactor the StorageProductionInfo and StorageStatus structs to use this new struct.
* Add delay between factory reset and building AES key in testsRobin Krahl2019-01-16
| | | | | | | | There seems to be a bug in libnitrokey or the Nitrokey Storage firmware that causes problems when chaining factory reset and build_AES_keys without delay (upstream issue [0]). [0] https://github.com/Nitrokey/nitrokey-storage-firmware/issues/80
* Build AES key after factory reset in testsRobin Krahl2019-01-16
| | | | | | The device::clear_new_sd_card_warning used to perform a factory reset without building an AES key. This led to errors in tests that assume that an AES key is present.
* Make device::factory_reset test more robustRobin Krahl2019-01-16
| | | | | | | | | | | The device::factory_reset test used to first change the PINs and then access the PWS and the OTP data. If for example the PWS access failed due to an problem with the AES key, the PINs were not reset. Now we perform the PWS and OTP access with the old PINs – which is okay as we do not want to test the PIN change but the factory reset. If these preparations fail, the tests is cancelled before the PINs are changed.
* Add the clear_new_sd_card_warning method to StorageRobin Krahl2019-01-14
| | | | | | The clear_new_sd_card_warning method calls the libnitrokey NK_clear_new_sd_card_warning function to reset the corresponding flag in the Storage status.
* Add the get_production_info method to the Storage structRobin Krahl2019-01-14
| | | | | | | | | | | The get_production_info method maps to the NK_get_production_info function of libnitrokey. The Storage firmware supports two query modes: with or without a write test. libnitrokey only performs the query without write test, so the fields that are only set for the write test are ignored in our implementation. This affects: - user and admin retry counts - smart card ID - SD card size
* Add export_firmware method to StorageRobin Krahl2019-01-12
| | | | | | | The export_firmware method writes the firmware of the Nitrokey Storage to the unencrypted storage. We only test that the command succeeds as mounting the unencrypted storage and accessing the file is out of scope for the tests.
* Add set_unencrypted_volume_mode to StorageRobin Krahl2019-01-12
| | | | | | | | | | The new set_unencrypted_volume_mode method sets the access mode of the unencrypted volume on the Nitrokey Storage. Depending on the requested access mode, it calls either NK_set_unencrypted_read_only_admin or NK_set_unencrypted_read_write_admin. Note that this function requires firmware version 0.51 or later. (Earlier firmware versions used the user PIN.)
* Move the update PIN from tests/util to tests/deviceRobin Krahl2019-01-12
| | | | | | The update PIN is only used in the Storage tests, so it is moved from the common tests/util module to the tests/device module. This fixes compiler warnings when compiling the other test modules.
* Do not check for errors in connect testsDaniel Mueller2019-01-09
| | | | | | | | | The connect_* device tests fail when run in a setup with a Pro and Storage stick present. The problem is that these tests assume only one stick to be present, and that the corresponding connect function for the other stick reports an error. However, in a two stick setup there is no such guarantee. This patch removes tests for those assumptions.
* Add the connect_model functionRobin Krahl2019-01-07
| | | | | | This patch adds the global connect_model function that can be used to connect to a Nitrokey device of a given model. Contrary to Pro::connect and Storage::connect, the model does not have to be set at compile time.
* Add support for the hidden volumes on a Nitrokey StorageRobin Krahl2019-01-06
| | | | | | | | | | This patch introduces the methods enable_hidden_volume, disable_hidden_volume and create_hidden_volume for the Storage struct to support the hidden volumes on the Nitrokey Storage. The enable and create methods require that the encrypted storage has been enabled. Contrary to authentication and password safe access, we do not enforce this requirement in the API as file system operations could have unwanted side effects and should not performed implicitly.
* Prefer assert_eq over is_ok() checksDaniel Mueller2019-01-05
| | | | | | | | | | We experienced various problems running the tests and while they may or may not be caused by local setup issues, it is helpful to have more information than just an indication that an assertion (true/false) was violated. To that end, this change adjusts some of the assert!(<func>().is_ok()) to compare against Ok(()) instead. This way, if the result is not the Ok variant, the error code will get printed.
* Use nitrokey-test for nitrokey device testsDaniel Mueller2019-01-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This change is the first in a series to migrate the existing tests to using the nitrokey-test crate. The crate provides a couple of benefits over the existing way testing works: - test execution is automatically serialized (i.e., no more need for --test-threads) - available devices are detected at runtime (i.e., no more need for --features test-pro) - tests capable of running only on a specific device are automatically skipped if this device is not present In addition to that, the crate also offers selection of particular groups of tests by virtue of the NITROKEY_TEST_GROUP environment variable. If set (valid values are "nodev", "pro", and "storage") only tests of the particular group are run (those tests will fail if a required precondition is not met, i.e., if a device is present but "nodev" is set, or if the "pro" group is run but no device or a storage device is present). Unfortunately, it has some limitations as well. Most importantly Rust does not allow us to indicate whether a test has been skipped or not. While it has #[ignore] support, that strictly is a compile-time feature and, hence, not usable. This patch in particular pulls in the nitrokey-test crate and adjusts the existing device tests to make use of it.
* Update documentation and test for factory_resetRobin Krahl2019-01-04
| | | | | | Contrary to my previous beliefs, build_aes_key has to be called even after a factory reset using the Nitrokey API. This patch updates the documentation and the unit tests based on this insight.
* Add Device::build_aes_key methodRobin Krahl2019-01-03
| | | | | | | | This patch adds the build_aes_key method to the Device trait that uses the NK_build_aes_key function to build new AES keys on the device. This effectively resets the password safe and the encrypted storage. It is unclear whether other data (e. g. the one-time passwords) are affected too.
* Add Device::factory_reset methodRobin Krahl2019-01-03
| | | | | | | This patch adds the factory_reset_method to the Device trait that uses the NK_factory_reset function to perform a factory reset. The tests verify that the user and admin PIN are reset and that the OTP storage and the password safe are deleted.