use std::ffi::CStr; use std::marker::Sized; use {set_debug, AdminAuthenticatedDevice, CommandError, CommandStatus, Config, Device, Model, OtpMode, OtpSlotData, UnauthenticatedDevice}; static ADMIN_PASSWORD: &str = "12345678"; static ADMIN_NEW_PASSWORD: &str = "1234567890"; static USER_PASSWORD: &str = "123456"; static USER_NEW_PASSWORD: &str = "abcdefghij"; // test suite according to RFC 4226, Appendix D static HOTP_SECRET: &str = "3132333435363738393031323334353637383930"; static HOTP_CODES: &[&str] = &[ "755224", "287082", "359152", "969429", "338314", "254676", "287922", "162583", "399871", "520489", ]; // test suite according to RFC 6238, Appendix B static TOTP_SECRET: &str = "3132333435363738393031323334353637383930"; static TOTP_CODES: &[(u64, &str)] = &[ (59, "94287082"), (1111111109, "07081804"), (1111111111, "14050471"), (1234567890, "89005924"), (2000000000, "69279037"), (20000000000, "65353130"), ]; fn get_test_device() -> UnauthenticatedDevice { set_debug(false); ::connect_model(Model::Pro).expect("Could not connect to the Nitrokey Pro.") } fn get_admin_test_device() -> AdminAuthenticatedDevice { get_test_device().authenticate_admin(ADMIN_PASSWORD).expect("Could not login as admin.") } #[test] #[cfg_attr(not(feature = "test-pro"), ignore)] fn connect() { set_debug(false); assert!(::connect().is_ok()); assert!(::connect_model(Model::Pro).is_ok()); assert!(::connect_model(Model::Storage).is_err()); } #[test] #[cfg_attr(not(feature = "test-pro"), ignore)] fn disconnect() { set_debug(false); ::connect().unwrap(); unsafe { let ptr = ::nitrokey_sys::NK_device_serial_number(); assert!(!ptr.is_null()); let cstr = CStr::from_ptr(ptr); assert_eq!(cstr.to_string_lossy(), ""); } } #[test] #[cfg_attr(not(feature = "test-pro"), ignore)] fn get_serial_number() { let device = get_test_device(); let result = device.get_serial_number(); assert!(result.is_ok()); let serial_number = result.unwrap(); assert!(serial_number.is_ascii()); assert!(serial_number.chars().all(|c| c.is_ascii_hexdigit())); } fn configure_hotp(admin: &AdminAuthenticatedDevice) { let slot_data = OtpSlotData::new(1, "test-hotp", HOTP_SECRET, OtpMode::SixDigits); assert_eq!(CommandStatus::Success, admin.write_hotp_slot(slot_data, 0)); } fn check_hotp_codes(device: &T) where T: Sized, { for code in HOTP_CODES { let result = device.get_hotp_code(1); assert_eq!(code, &result.unwrap()); } } #[test] #[cfg_attr(not(feature = "test-pro"), ignore)] fn hotp() { let admin = get_admin_test_device(); let config = Config::new(None, None, None, false); assert_eq!(CommandStatus::Success, admin.write_config(config)); configure_hotp(&admin); check_hotp_codes(&admin); configure_hotp(&admin); check_hotp_codes(&admin.device()); } #[test] #[cfg_attr(not(feature = "test-pro"), ignore)] fn hotp_pin() { let admin = get_admin_test_device(); let config = Config::new(None, None, None, true); assert_eq!(CommandStatus::Success, admin.write_config(config)); configure_hotp(&admin); let user = admin.device().authenticate_user(USER_PASSWORD).unwrap(); check_hotp_codes(&user); assert!(user.device().get_hotp_code(1).is_err()); } #[test] #[cfg_attr(not(feature = "test-pro"), ignore)] fn hotp_slot_name() { let admin = get_admin_test_device(); let slot_data = OtpSlotData::new(1, "test-hotp", HOTP_SECRET, OtpMode::SixDigits); assert_eq!(CommandStatus::Success, admin.write_hotp_slot(slot_data, 0)); let device = admin.device(); let result = device.get_hotp_slot_name(1); assert_eq!("test-hotp", result.unwrap()); let result = device.get_hotp_slot_name(4); assert_eq!(CommandError::InvalidSlot, result.unwrap_err()); } #[test] #[cfg_attr(not(feature = "test-pro"), ignore)] fn hotp_error() { let admin = get_admin_test_device(); let slot_data = OtpSlotData::new(1, "", HOTP_SECRET, OtpMode::SixDigits); assert_eq!(CommandStatus::Error(CommandError::NoName), admin.write_hotp_slot(slot_data, 0)); let slot_data = OtpSlotData::new(4, "test", HOTP_SECRET, OtpMode::SixDigits); assert_eq!(CommandStatus::Error(CommandError::InvalidSlot), admin.write_hotp_slot(slot_data, 0)); let code = admin.get_hotp_code(4); assert_eq!(CommandError::InvalidSlot, code.unwrap_err()); } #[test] #[cfg_attr(not(feature = "test-pro"), ignore)] fn hotp_erase() { let admin = get_admin_test_device(); let config = Config::new(None, None, None, false); assert_eq!(CommandStatus::Success, admin.write_config(config)); let slot_data = OtpSlotData::new(1, "test1", HOTP_SECRET, OtpMode::SixDigits); assert_eq!(CommandStatus::Success, admin.write_hotp_slot(slot_data, 0)); let slot_data = OtpSlotData::new(2, "test2", HOTP_SECRET, OtpMode::SixDigits); assert_eq!(CommandStatus::Success, admin.write_hotp_slot(slot_data, 0)); assert_eq!(CommandStatus::Success, admin.erase_hotp_slot(1)); let device = admin.device(); let result = device.get_hotp_slot_name(1); assert_eq!(CommandError::SlotNotProgrammed, result.unwrap_err()); let result = device.get_hotp_code(1); assert_eq!(CommandError::SlotNotProgrammed, result.unwrap_err()); assert_eq!("test2", device.get_hotp_slot_name(2).unwrap()); } fn configure_totp(admin: &AdminAuthenticatedDevice) { let slot_data = OtpSlotData::new(1, "test-totp", TOTP_SECRET, OtpMode::EightDigits); assert_eq!(CommandStatus::Success, admin.write_totp_slot(slot_data, 30)); } fn check_totp_codes(device: &T) where T: Sized, { for (i, &(time, code)) in TOTP_CODES.iter().enumerate() { assert_eq!(CommandStatus::Success, device.set_time(time)); let result = device.get_totp_code(1); assert!(result.is_ok()); let result_code = result.unwrap(); assert_eq!( code, result_code, "TOTP code {} should be {} but is {}", i, code, result_code ); } } #[test] #[cfg_attr(not(feature = "test-pro"), ignore)] fn totp() { // TODO: this test may fail due to bad timing --> find solution let admin = get_admin_test_device(); let config = Config::new(None, None, None, false); assert_eq!(CommandStatus::Success, admin.write_config(config)); configure_totp(&admin); check_totp_codes(&admin); configure_totp(&admin); check_totp_codes(&admin.device()); } #[test] #[cfg_attr(not(feature = "test-pro"), ignore)] fn totp_pin() { // TODO: this test may fail due to bad timing --> find solution let admin = get_admin_test_device(); let config = Config::new(None, None, None, true); assert_eq!(CommandStatus::Success, admin.write_config(config)); configure_totp(&admin); let user = admin.device().authenticate_user(USER_PASSWORD).unwrap(); check_totp_codes(&user); assert!(user.device().get_totp_code(1).is_err()); } #[test] #[cfg_attr(not(feature = "test-pro"), ignore)] fn totp_slot_name() { let admin = get_admin_test_device(); let slot_data = OtpSlotData::new(1, "test-totp", TOTP_SECRET, OtpMode::EightDigits); assert_eq!(CommandStatus::Success, admin.write_totp_slot(slot_data, 0)); let device = admin.device(); let result = device.get_totp_slot_name(1); assert!(result.is_ok()); assert_eq!("test-totp", result.unwrap()); let result = device.get_totp_slot_name(16); assert_eq!(CommandError::InvalidSlot, result.unwrap_err()); } #[test] #[cfg_attr(not(feature = "test-pro"), ignore)] fn totp_error() { let admin = get_admin_test_device(); let slot_data = OtpSlotData::new(1, "", HOTP_SECRET, OtpMode::SixDigits); assert_eq!(CommandStatus::Error(CommandError::NoName), admin.write_hotp_slot(slot_data, 0)); let slot_data = OtpSlotData::new(4, "test", HOTP_SECRET, OtpMode::SixDigits); assert_eq!(CommandStatus::Error(CommandError::InvalidSlot), admin.write_hotp_slot(slot_data, 0)); let code = admin.get_hotp_code(4); assert_eq!(CommandError::InvalidSlot, code.unwrap_err()); } #[test] #[cfg_attr(not(feature = "test-pro"), ignore)] fn totp_erase() { let admin = get_admin_test_device(); let config = Config::new(None, None, None, false); assert_eq!(CommandStatus::Success, admin.write_config(config)); let slot_data = OtpSlotData::new(1, "test1", TOTP_SECRET, OtpMode::SixDigits); assert_eq!(CommandStatus::Success, admin.write_totp_slot(slot_data, 0)); let slot_data = OtpSlotData::new(2, "test2", TOTP_SECRET, OtpMode::SixDigits); assert_eq!(CommandStatus::Success, admin.write_totp_slot(slot_data, 0)); assert_eq!(CommandStatus::Success, admin.erase_totp_slot(1)); let device = admin.device(); let result = device.get_totp_slot_name(1); assert_eq!(CommandError::SlotNotProgrammed, result.unwrap_err()); let result = device.get_totp_code(1); assert_eq!(CommandError::SlotNotProgrammed, result.unwrap_err()); assert_eq!("test2", device.get_totp_slot_name(2).unwrap()); } #[test] #[cfg_attr(not(feature = "test-pro"), ignore)] fn get_firmware_version() { let device = get_test_device(); assert_eq!(0, device.get_major_firmware_version()); let minor = device.get_minor_firmware_version(); assert!(minor == 7 || minor == 8); } fn admin_retry(device: UnauthenticatedDevice, suffix: &str, count: u8) -> UnauthenticatedDevice { let result = device.authenticate_admin(&(ADMIN_PASSWORD.to_owned() + suffix)); let device = match result { Ok(admin) => admin.device(), Err((device, _)) => device, }; assert_eq!(count, device.get_admin_retry_count()); return device; } fn user_retry(device: UnauthenticatedDevice, suffix: &str, count: u8) -> UnauthenticatedDevice { let result = device.authenticate_user(&(USER_PASSWORD.to_owned() + suffix)); let device = match result { Ok(admin) => admin.device(), Err((device, _)) => device, }; assert_eq!(count, device.get_user_retry_count()); return device; } #[test] #[cfg_attr(not(feature = "test-pro"), ignore)] fn get_retry_count() { let device = get_test_device(); let device = admin_retry(device, "", 3); let device = admin_retry(device, "123", 2); let device = admin_retry(device, "456", 1); let device = admin_retry(device, "", 3); let device = user_retry(device, "", 3); let device = user_retry(device, "123", 2); let device = user_retry(device, "456", 1); user_retry(device, "", 3); } #[test] #[cfg_attr(not(feature = "test-pro"), ignore)] fn read_write_config() { let admin = get_admin_test_device(); let config = Config::new(None, None, None, true); assert_eq!(CommandStatus::Success, admin.write_config(config)); let get_config = admin.get_config().unwrap(); assert_eq!(config, get_config); let config = Config::new(None, Some(9), None, true); assert_eq!( CommandStatus::Error(CommandError::InvalidSlot), admin.write_config(config) ); let config = Config::new(Some(1), None, Some(0), false); assert_eq!(CommandStatus::Success, admin.write_config(config)); let get_config = admin.get_config().unwrap(); assert_eq!(config, get_config); let config = Config::new(None, None, None, false); assert_eq!(CommandStatus::Success, admin.write_config(config)); let get_config = admin.get_config().unwrap(); assert_eq!(config, get_config); } #[test] #[cfg_attr(not(feature = "test-pro"), ignore)] fn change_user_pin() { let device = get_test_device(); let device = device.authenticate_user(USER_PASSWORD).unwrap().device(); let device = device.authenticate_user(USER_NEW_PASSWORD).unwrap_err().0; let result = device.change_user_pin(USER_PASSWORD, USER_NEW_PASSWORD); assert_eq!(CommandStatus::Success, result); let device = device.authenticate_user(USER_PASSWORD).unwrap_err().0; let device = device.authenticate_user(USER_NEW_PASSWORD).unwrap().device(); let result = device.change_user_pin(USER_PASSWORD, USER_PASSWORD); assert_eq!(CommandStatus::Error(CommandError::WrongPassword), result); let result = device.change_user_pin(USER_NEW_PASSWORD, USER_PASSWORD); assert_eq!(CommandStatus::Success, result); let device = device.authenticate_user(USER_PASSWORD).unwrap().device(); device.authenticate_user(USER_NEW_PASSWORD).unwrap_err(); } #[test] #[cfg_attr(not(feature = "test-pro"), ignore)] fn change_admin_pin() { let device = get_test_device(); let device = device.authenticate_admin(ADMIN_PASSWORD).unwrap().device(); let device = device.authenticate_admin(ADMIN_NEW_PASSWORD).unwrap_err().0; let result = device.change_admin_pin(ADMIN_PASSWORD, ADMIN_NEW_PASSWORD); assert_eq!(CommandStatus::Success, result); let device = device.authenticate_admin(ADMIN_PASSWORD).unwrap_err().0; let device = device.authenticate_admin(ADMIN_NEW_PASSWORD).unwrap().device(); let result = device.change_admin_pin(ADMIN_PASSWORD, ADMIN_PASSWORD); assert_eq!(CommandStatus::Error(CommandError::WrongPassword), result); let result = device.change_admin_pin(ADMIN_NEW_PASSWORD, ADMIN_PASSWORD); assert_eq!(CommandStatus::Success, result); let device = device.authenticate_admin(ADMIN_PASSWORD).unwrap().device(); device.authenticate_admin(ADMIN_NEW_PASSWORD).unwrap_err(); }