From 606177a61de39ba5e96390d63cff536f895d8c39 Mon Sep 17 00:00:00 2001 From: Robin Krahl Date: Mon, 4 Feb 2019 00:29:11 +0000 Subject: Remove PIN constants from tests In a previous commit, we introduced the DEFAULT_{ADMIN,USER}_PIN constants. Therefore we no longer need in the {ADMIN,USER}_PASSWORD constants in the util module for the tests. --- tests/device.rs | 140 ++++++++++++++++++++++++++++++++------------------------ 1 file changed, 80 insertions(+), 60 deletions(-) (limited to 'tests/device.rs') diff --git a/tests/device.rs b/tests/device.rs index bffd767..ecc3cfa 100644 --- a/tests/device.rs +++ b/tests/device.rs @@ -10,11 +10,10 @@ use std::{thread, time}; use nitrokey::{ Authenticate, CommandError, CommunicationError, Config, ConfigureOtp, Device, Error, GenerateOtp, GetPasswordSafe, LibraryError, OtpMode, OtpSlotData, Storage, VolumeMode, + DEFAULT_ADMIN_PIN, DEFAULT_USER_PIN, }; use nitrokey_test::test as test_device; -use crate::util::{ADMIN_PASSWORD, USER_PASSWORD}; - static ADMIN_NEW_PASSWORD: &str = "1234567890"; static UPDATE_PIN: &str = "12345678"; static UPDATE_NEW_PIN: &str = "87654321"; @@ -99,12 +98,12 @@ fn get_firmware_version(device: Pro) { } fn admin_retry(device: &mut T, suffix: &str, count: u8) { - assert_any_ok!(device.authenticate_admin(&(ADMIN_PASSWORD.to_owned() + suffix))); + assert_any_ok!(device.authenticate_admin(&(DEFAULT_ADMIN_PIN.to_owned() + suffix))); assert_ok!(count, device.get_admin_retry_count()); } fn user_retry(device: &mut T, suffix: &str, count: u8) { - assert_any_ok!(device.authenticate_user(&(USER_PASSWORD.to_owned() + suffix))); + assert_any_ok!(device.authenticate_user(&(DEFAULT_USER_PIN.to_owned() + suffix))); assert_ok!(count, device.get_user_retry_count()); } @@ -126,7 +125,7 @@ fn get_retry_count(device: DeviceWrapper) { #[test_device] fn config(device: DeviceWrapper) { let mut device = device; - let mut admin = unwrap_ok!(device.authenticate_admin(ADMIN_PASSWORD)); + let mut admin = unwrap_ok!(device.authenticate_admin(DEFAULT_ADMIN_PIN)); let config = Config::new(None, None, None, true); assert_ok!((), admin.write_config(config)); @@ -147,26 +146,32 @@ fn config(device: DeviceWrapper) { #[test_device] fn change_user_pin(device: DeviceWrapper) { let mut device = device; - assert_any_ok!(device.authenticate_user(USER_PASSWORD)); + assert_any_ok!(device.authenticate_user(DEFAULT_USER_PIN)); assert_cmd_err!( CommandError::WrongPassword, device.authenticate_user(USER_NEW_PASSWORD) ); - assert_ok!((), device.change_user_pin(USER_PASSWORD, USER_NEW_PASSWORD)); + assert_ok!( + (), + device.change_user_pin(DEFAULT_USER_PIN, USER_NEW_PASSWORD) + ); assert_cmd_err!( CommandError::WrongPassword, - device.authenticate_user(USER_PASSWORD) + device.authenticate_user(DEFAULT_USER_PIN) ); assert_any_ok!(device.authenticate_user(USER_NEW_PASSWORD)); - let result = device.change_user_pin(USER_PASSWORD, USER_PASSWORD); + let result = device.change_user_pin(DEFAULT_USER_PIN, DEFAULT_USER_PIN); assert_cmd_err!(CommandError::WrongPassword, result); - assert_ok!((), device.change_user_pin(USER_NEW_PASSWORD, USER_PASSWORD)); + assert_ok!( + (), + device.change_user_pin(USER_NEW_PASSWORD, DEFAULT_USER_PIN) + ); - assert_any_ok!(device.authenticate_user(USER_PASSWORD)); + assert_any_ok!(device.authenticate_user(DEFAULT_USER_PIN)); assert_cmd_err!( CommandError::WrongPassword, device.authenticate_user(USER_NEW_PASSWORD) @@ -176,7 +181,7 @@ fn change_user_pin(device: DeviceWrapper) { #[test_device] fn change_admin_pin(device: DeviceWrapper) { let mut device = device; - assert_any_ok!(device.authenticate_admin(ADMIN_PASSWORD)); + assert_any_ok!(device.authenticate_admin(DEFAULT_ADMIN_PIN)); assert_cmd_err!( CommandError::WrongPassword, device.authenticate_admin(ADMIN_NEW_PASSWORD) @@ -184,26 +189,26 @@ fn change_admin_pin(device: DeviceWrapper) { assert_ok!( (), - device.change_admin_pin(ADMIN_PASSWORD, ADMIN_NEW_PASSWORD) + device.change_admin_pin(DEFAULT_ADMIN_PIN, ADMIN_NEW_PASSWORD) ); assert_cmd_err!( CommandError::WrongPassword, - device.authenticate_admin(ADMIN_PASSWORD) + device.authenticate_admin(DEFAULT_ADMIN_PIN) ); assert_any_ok!(device.authenticate_admin(ADMIN_NEW_PASSWORD)); assert_cmd_err!( CommandError::WrongPassword, - device.change_admin_pin(ADMIN_PASSWORD, ADMIN_PASSWORD) + device.change_admin_pin(DEFAULT_ADMIN_PIN, DEFAULT_ADMIN_PIN) ); assert_ok!( (), - device.change_admin_pin(ADMIN_NEW_PASSWORD, ADMIN_PASSWORD) + device.change_admin_pin(ADMIN_NEW_PASSWORD, DEFAULT_ADMIN_PIN) ); - assert_any_ok!(device.authenticate_admin(ADMIN_PASSWORD)); + assert_any_ok!(device.authenticate_admin(DEFAULT_ADMIN_PIN)); assert_cmd_err!( CommandError::WrongPassword, device.authenticate_admin(ADMIN_NEW_PASSWORD) @@ -220,46 +225,55 @@ fn require_failed_user_login(device: &mut D, password: #[test_device] fn unlock_user_pin(device: DeviceWrapper) { let mut device = device; - assert_any_ok!(device.authenticate_user(USER_PASSWORD)); - assert_ok!((), device.unlock_user_pin(ADMIN_PASSWORD, USER_PASSWORD)); + assert_any_ok!(device.authenticate_user(DEFAULT_USER_PIN)); + assert_ok!( + (), + device.unlock_user_pin(DEFAULT_ADMIN_PIN, DEFAULT_USER_PIN) + ); assert_cmd_err!( CommandError::WrongPassword, - device.unlock_user_pin(USER_PASSWORD, USER_PASSWORD) + device.unlock_user_pin(DEFAULT_USER_PIN, DEFAULT_USER_PIN) ); // block user PIN - let wrong_password = USER_PASSWORD.to_owned() + "foo"; + let wrong_password = DEFAULT_USER_PIN.to_owned() + "foo"; require_failed_user_login(&mut device, &wrong_password); require_failed_user_login(&mut device, &wrong_password); require_failed_user_login(&mut device, &wrong_password); - require_failed_user_login(&mut device, USER_PASSWORD); + require_failed_user_login(&mut device, DEFAULT_USER_PIN); // unblock with current PIN assert_cmd_err!( CommandError::WrongPassword, - device.unlock_user_pin(USER_PASSWORD, USER_PASSWORD) + device.unlock_user_pin(DEFAULT_USER_PIN, DEFAULT_USER_PIN) ); - assert_ok!((), device.unlock_user_pin(ADMIN_PASSWORD, USER_PASSWORD)); - assert_any_ok!(device.authenticate_user(USER_PASSWORD)); + assert_ok!( + (), + device.unlock_user_pin(DEFAULT_ADMIN_PIN, DEFAULT_USER_PIN) + ); + assert_any_ok!(device.authenticate_user(DEFAULT_USER_PIN)); // block user PIN require_failed_user_login(&mut device, &wrong_password); require_failed_user_login(&mut device, &wrong_password); require_failed_user_login(&mut device, &wrong_password); - require_failed_user_login(&mut device, USER_PASSWORD); + require_failed_user_login(&mut device, DEFAULT_USER_PIN); // unblock with new PIN assert_cmd_err!( CommandError::WrongPassword, - device.unlock_user_pin(USER_PASSWORD, USER_PASSWORD) + device.unlock_user_pin(DEFAULT_USER_PIN, DEFAULT_USER_PIN) ); assert_ok!( (), - device.unlock_user_pin(ADMIN_PASSWORD, USER_NEW_PASSWORD) + device.unlock_user_pin(DEFAULT_ADMIN_PIN, USER_NEW_PASSWORD) ); // reset user PIN - assert_ok!((), device.change_user_pin(USER_NEW_PASSWORD, USER_PASSWORD)); + assert_ok!( + (), + device.change_user_pin(USER_NEW_PASSWORD, DEFAULT_USER_PIN) + ); } fn assert_utf8_err_or_ne(left: &str, right: Result) { @@ -273,18 +287,21 @@ fn assert_utf8_err_or_ne(left: &str, right: Result) { #[test_device] fn factory_reset(device: DeviceWrapper) { let mut device = device; - let mut admin = unwrap_ok!(device.authenticate_admin(ADMIN_PASSWORD)); + let mut admin = unwrap_ok!(device.authenticate_admin(DEFAULT_ADMIN_PIN)); let otp_data = OtpSlotData::new(1, "test", "0123468790", OtpMode::SixDigits); assert_ok!((), admin.write_totp_slot(otp_data, 30)); - let mut pws = unwrap_ok!(device.get_password_safe(USER_PASSWORD)); + let mut pws = unwrap_ok!(device.get_password_safe(DEFAULT_USER_PIN)); assert_ok!((), pws.write_slot(0, "test", "testlogin", "testpw")); drop(pws); - assert_ok!((), device.change_user_pin(USER_PASSWORD, USER_NEW_PASSWORD)); assert_ok!( (), - device.change_admin_pin(ADMIN_PASSWORD, ADMIN_NEW_PASSWORD) + device.change_user_pin(DEFAULT_USER_PIN, USER_NEW_PASSWORD) + ); + assert_ok!( + (), + device.change_admin_pin(DEFAULT_ADMIN_PIN, ADMIN_NEW_PASSWORD) ); assert_cmd_err!( @@ -293,40 +310,40 @@ fn factory_reset(device: DeviceWrapper) { ); assert_cmd_err!( CommandError::WrongPassword, - device.factory_reset(ADMIN_PASSWORD) + device.factory_reset(DEFAULT_ADMIN_PIN) ); assert_ok!((), device.factory_reset(ADMIN_NEW_PASSWORD)); - assert_any_ok!(device.authenticate_admin(ADMIN_PASSWORD)); + assert_any_ok!(device.authenticate_admin(DEFAULT_ADMIN_PIN)); - let user = unwrap_ok!(device.authenticate_user(USER_PASSWORD)); + let user = unwrap_ok!(device.authenticate_user(DEFAULT_USER_PIN)); assert_cmd_err!(CommandError::SlotNotProgrammed, user.get_totp_slot_name(1)); - let pws = unwrap_ok!(device.get_password_safe(USER_PASSWORD)); + let pws = unwrap_ok!(device.get_password_safe(DEFAULT_USER_PIN)); assert_utf8_err_or_ne("test", pws.get_slot_name(0)); assert_utf8_err_or_ne("testlogin", pws.get_slot_login(0)); assert_utf8_err_or_ne("testpw", pws.get_slot_password(0)); drop(pws); - assert_ok!((), device.build_aes_key(ADMIN_PASSWORD)); + assert_ok!((), device.build_aes_key(DEFAULT_ADMIN_PIN)); } #[test_device] fn build_aes_key(device: DeviceWrapper) { let mut device = device; - let mut pws = unwrap_ok!(device.get_password_safe(USER_PASSWORD)); + let mut pws = unwrap_ok!(device.get_password_safe(DEFAULT_USER_PIN)); assert_ok!((), pws.write_slot(0, "test", "testlogin", "testpw")); drop(pws); assert_cmd_err!( CommandError::WrongPassword, - device.build_aes_key(USER_PASSWORD) + device.build_aes_key(DEFAULT_USER_PIN) ); - assert_ok!((), device.build_aes_key(ADMIN_PASSWORD)); + assert_ok!((), device.build_aes_key(DEFAULT_ADMIN_PIN)); - assert_any_ok!(device.authenticate_admin(ADMIN_PASSWORD)); + assert_any_ok!(device.authenticate_admin(DEFAULT_ADMIN_PIN)); - let pws = unwrap_ok!(device.get_password_safe(USER_PASSWORD)); + let pws = unwrap_ok!(device.get_password_safe(DEFAULT_USER_PIN)); assert_utf8_err_or_ne("test", pws.get_slot_name(0)); assert_utf8_err_or_ne("testlogin", pws.get_slot_login(0)); assert_utf8_err_or_ne("testpw", pws.get_slot_password(0)); @@ -356,7 +373,7 @@ fn encrypted_volume(device: Storage) { device.enable_encrypted_volume("123") ); assert_eq!(1, count_nitrokey_block_devices()); - assert_ok!((), device.enable_encrypted_volume(USER_PASSWORD)); + assert_ok!((), device.enable_encrypted_volume(DEFAULT_USER_PIN)); assert_eq!(2, count_nitrokey_block_devices()); assert_ok!((), device.disable_encrypted_volume()); assert_eq!(1, count_nitrokey_block_devices()); @@ -371,7 +388,7 @@ fn hidden_volume(device: Storage) { assert_ok!((), device.disable_hidden_volume()); assert_eq!(1, count_nitrokey_block_devices()); - assert_ok!((), device.enable_encrypted_volume(USER_PASSWORD)); + assert_ok!((), device.enable_encrypted_volume(DEFAULT_USER_PIN)); assert_eq!(2, count_nitrokey_block_devices()); // TODO: why this error code? @@ -401,7 +418,7 @@ fn hidden_volume(device: Storage) { #[test_device] fn lock(device: Storage) { let mut device = device; - assert_ok!((), device.enable_encrypted_volume(USER_PASSWORD)); + assert_ok!((), device.enable_encrypted_volume(DEFAULT_USER_PIN)); assert_ok!((), device.lock()); assert_eq!(1, count_nitrokey_block_devices()); } @@ -414,26 +431,26 @@ fn set_encrypted_volume_mode(device: Storage) { assert_ok!( (), - device.set_encrypted_volume_mode(ADMIN_PASSWORD, VolumeMode::ReadOnly) + device.set_encrypted_volume_mode(DEFAULT_ADMIN_PIN, VolumeMode::ReadOnly) ); // TODO: re-enable once the password is checked in the firmware // assert_cmd_err!( // CommandError::WrongPassword, - // device.set_encrypted_volume_mode(USER_PASSWORD, VolumeMode::ReadOnly) + // device.set_encrypted_volume_mode(DEFAULT_USER_PIN, VolumeMode::ReadOnly) // ); assert_ok!( (), - device.set_encrypted_volume_mode(ADMIN_PASSWORD, VolumeMode::ReadOnly) + device.set_encrypted_volume_mode(DEFAULT_ADMIN_PIN, VolumeMode::ReadOnly) ); assert_ok!( (), - device.set_encrypted_volume_mode(ADMIN_PASSWORD, VolumeMode::ReadWrite) + device.set_encrypted_volume_mode(DEFAULT_ADMIN_PIN, VolumeMode::ReadWrite) ); assert_ok!( (), - device.set_encrypted_volume_mode(ADMIN_PASSWORD, VolumeMode::ReadOnly) + device.set_encrypted_volume_mode(DEFAULT_ADMIN_PIN, VolumeMode::ReadOnly) ); } @@ -448,7 +465,10 @@ fn set_unencrypted_volume_mode(device: Storage) { } fn assert_success(device: &mut Storage, mode: VolumeMode) { - assert_ok!((), device.set_unencrypted_volume_mode(ADMIN_PASSWORD, mode)); + assert_ok!( + (), + device.set_unencrypted_volume_mode(DEFAULT_ADMIN_PIN, mode) + ); assert_mode(&device, mode); } @@ -457,7 +477,7 @@ fn set_unencrypted_volume_mode(device: Storage) { assert_cmd_err!( CommandError::WrongPassword, - device.set_unencrypted_volume_mode(USER_PASSWORD, VolumeMode::ReadOnly) + device.set_unencrypted_volume_mode(DEFAULT_USER_PIN, VolumeMode::ReadOnly) ); assert_mode(&device, VolumeMode::ReadOnly); @@ -496,9 +516,9 @@ fn get_production_info(device: Storage) { #[test_device] fn clear_new_sd_card_warning(device: Storage) { let mut device = device; - assert_ok!((), device.factory_reset(ADMIN_PASSWORD)); + assert_ok!((), device.factory_reset(DEFAULT_ADMIN_PIN)); thread::sleep(time::Duration::from_secs(3)); - assert_ok!((), device.build_aes_key(ADMIN_PASSWORD)); + assert_ok!((), device.build_aes_key(DEFAULT_ADMIN_PIN)); // We have to perform an SD card operation to reset the new_sd_card_found field assert_ok!((), device.lock()); @@ -506,7 +526,7 @@ fn clear_new_sd_card_warning(device: Storage) { let status = unwrap_ok!(device.get_status()); assert!(status.new_sd_card_found); - assert_ok!((), device.clear_new_sd_card_warning(ADMIN_PASSWORD)); + assert_ok!((), device.clear_new_sd_card_warning(DEFAULT_ADMIN_PIN)); let status = unwrap_ok!(device.get_status()); assert!(!status.new_sd_card_found); @@ -519,14 +539,14 @@ fn export_firmware(device: Storage) { CommandError::WrongPassword, device.export_firmware("someadminpn") ); - assert_ok!((), device.export_firmware(ADMIN_PASSWORD)); + assert_ok!((), device.export_firmware(DEFAULT_ADMIN_PIN)); assert_ok!( (), - device.set_unencrypted_volume_mode(ADMIN_PASSWORD, VolumeMode::ReadWrite) + device.set_unencrypted_volume_mode(DEFAULT_ADMIN_PIN, VolumeMode::ReadWrite) ); - assert_ok!((), device.export_firmware(ADMIN_PASSWORD)); + assert_ok!((), device.export_firmware(DEFAULT_ADMIN_PIN)); assert_ok!( (), - device.set_unencrypted_volume_mode(ADMIN_PASSWORD, VolumeMode::ReadOnly) + device.set_unencrypted_volume_mode(DEFAULT_ADMIN_PIN, VolumeMode::ReadOnly) ); } -- cgit v1.2.1