def test_hidden_volume_corruption(C): # bug: this should return error without unlocking encrypted volume each hidden volume lock, but it does not skip_if_device_version_lower_than({'S': 43}) hidden_volume_password = b'hiddenpassword' p = lambda i: hidden_volume_password + bb(str(i)) volumes_to_setup = 4 assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK assert C.NK_unlock_encrypted_volume( DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK for i in range(volumes_to_setup): assert C.NK_create_hidden_volume(i, 20 + i * 10, 20 + i * 10 + i + 1, p(i)) == DeviceErrorCode.STATUS_OK assert C.NK_unlock_hidden_volume(p(i)) == DeviceErrorCode.STATUS_OK assert C.NK_lock_hidden_volume() == DeviceErrorCode.STATUS_OK assert C.NK_lock_encrypted_volume() == DeviceErrorCode.STATUS_OK assert C.NK_unlock_encrypted_volume( DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK for i in range(volumes_to_setup): assert C.NK_unlock_encrypted_volume( DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK assert C.NK_unlock_hidden_volume(p(i)) == DeviceErrorCode.STATUS_OK wait(2) assert C.NK_lock_hidden_volume() == DeviceErrorCode.STATUS_OK
def test_bootloader_password_change_pro_too_long(C): skip_if_device_version_lower_than({'P': 11}) long_string = b'a' * 100 assert C.NK_change_firmware_password_pro( long_string, long_string) == LibraryErrors.TOO_LONG_STRING assert C.NK_change_firmware_password_pro( DefaultPasswords.UPDATE, long_string) == LibraryErrors.TOO_LONG_STRING
def test_edit_OTP_slot(C): """ should change slots counter and name without changing its secret (using null secret for second update) """ # counter is not getting updated under Storage v0.43 - #TOREPORT skip_if_device_version_lower_than({'S': 44, 'P': 7}) secret = RFC_SECRET counter = 0 PIN_protection = False use_8_digits = False assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK assert C.NK_write_config(255, 255, 255, PIN_protection, not PIN_protection, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK slot_number = 0 assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK first_name = b'edit slot' assert C.NK_write_hotp_slot(slot_number, first_name, bb(secret), counter, use_8_digits, False, False, b"", DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK assert gs(C.NK_get_hotp_slot_name(slot_number)) == first_name first_code = gs(C.NK_get_hotp_code(slot_number)) changed_name = b'changedname' empty_secret = b'' assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK assert C.NK_write_hotp_slot(slot_number, changed_name, empty_secret, counter, use_8_digits, False, False, b"", DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK second_code = gs(C.NK_get_hotp_code(slot_number)) assert first_code == second_code assert gs(C.NK_get_hotp_slot_name(slot_number)) == changed_name
def test_TOTP_secrets(C, secret): ''' NK Pro 0.8+, NK Storage 0.44+ ''' skip_if_device_version_lower_than({'S': 44, 'P': 8}) if len(secret)>20*2: #*2 since secret is in hex # pytest.skip("Secret lengths over 20 bytes are not supported by NK Pro 0.7 and NK Storage v0.53 and older") skip_if_device_version_lower_than({'P': 8, 'S': 54}) slot_number = 0 time = 0 period = 30 oath = pytest.importorskip("oath") lib_at = lambda t: bb(oath.totp(secret, t=t, period=period)) PIN_protection = False use_8_digits = False T = 0 assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK assert C.NK_write_config(255, 255, 255, PIN_protection, not PIN_protection, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK dev_res = [] lib_res = [] assert C.NK_write_totp_slot(slot_number, b'secret' + bytes(len(secret)), bb(secret), period, use_8_digits, False, False, b"", DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK assert C.NK_totp_set_time(time) == DeviceErrorCode.STATUS_OK code_device = gs(C.NK_get_totp_code(slot_number, T, 0, period)) dev_res += (time, code_device) lib_res += (time, lib_at(time)) assert dev_res == lib_res
def test_HOTP_secrets(C, secret): """ NK Pro 0.8+ feature needed: support for 320bit secrets """ if len(secret)>40: skip_if_device_version_lower_than({'P': 8, 'S': 54}) slot_number = 0 counter = 0 oath = pytest.importorskip("oath") lib_at = lambda t: bb(oath.hotp(secret, counter=t)) PIN_protection = False use_8_digits = False T = 0 assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK assert C.NK_write_config(255, 255, 255, PIN_protection, not PIN_protection, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK dev_res = [] lib_res = [] # repeat authentication for Pro 0.7 assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK assert C.NK_write_hotp_slot(slot_number, b'secret' + bytes(len(secret)), bb(secret), counter, use_8_digits, False, False, b"", DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK code_device = gs(C.NK_get_hotp_code(slot_number)) dev_res += (counter, code_device) lib_res += (counter, lib_at(counter)) assert dev_res == lib_res
def test_OTP_secret_started_from_null(C, secret): """ NK Pro 0.8+, NK Storage 0.43+ """ skip_if_device_version_lower_than({'S': 43, 'P': 8}) if len(secret) > 40: # feature: 320 bit long secret handling skip_if_device_version_lower_than({'P': 8, 'S': 54}) oath = pytest.importorskip("oath") lib_at = lambda t: bb(oath.hotp(secret, t, format='dec6')) PIN_protection = False use_8_digits = False slot_number = 1 assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK assert C.NK_write_config(255, 255, 255, PIN_protection, not PIN_protection, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK dev_res = [] lib_res = [] for t in range(1,5): assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK assert C.NK_write_hotp_slot(slot_number, b'null_secret', bb(secret), t, use_8_digits, False, False, b'', DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK code_device = gs(C.NK_get_hotp_code(slot_number)) dev_res += (t, code_device) lib_res += (t, lib_at(t)) assert dev_res == lib_res
def test_HOTP_secrets(C, secret): """ NK Pro 0.8+ feature needed: support for 320bit secrets """ if len(secret) > 40: skip_if_device_version_lower_than({'P': 8}) slot_number = 0 counter = 0 oath = pytest.importorskip("oath") lib_at = lambda t: bb(oath.hotp(secret, counter=t)) PIN_protection = False use_8_digits = False T = 0 assert C.NK_first_authenticate( DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK assert C.NK_write_config( 255, 255, 255, PIN_protection, not PIN_protection, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK dev_res = [] lib_res = [] # repeat authentication for Pro 0.7 assert C.NK_first_authenticate( DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK assert C.NK_write_hotp_slot( slot_number, b'secret' + bytes(len(secret)), bb(secret), counter, use_8_digits, False, False, b"", DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK code_device = gs(C.NK_get_hotp_code(slot_number)) dev_res += (counter, code_device) lib_res += (counter, lib_at(counter)) assert dev_res == lib_res
def test_authorize_issue_user(C): skip_if_device_version_lower_than({'S': 43, 'P': 9}) # issue fixed in Pro v0.9, Storage version chosen arbitrary assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK assert C.NK_write_totp_slot(0, b'python_otp_auth', bbRFC_SECRET, 30, True, False, False, b'', DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK # enable PIN protection of OTP codes with write_config assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK assert C.NK_write_config(255, 255, 255, True, False, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK gs(C.NK_get_totp_code(0, 0, 0, 0)) assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_NOT_AUTHORIZED assert C.NK_user_authenticate(DefaultPasswords.USER, DefaultPasswords.USER_TEMP) == DeviceErrorCode.STATUS_OK gs(C.NK_get_totp_code_PIN(0, 0, 0, 0, DefaultPasswords.USER_TEMP)) assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK assert C.NK_user_authenticate(b"wrong pass", b"another temp pass") == DeviceErrorCode.WRONG_PASSWORD gs(C.NK_get_totp_code_PIN(0, 0, 0, 0, DefaultPasswords.USER_TEMP)) assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_NOT_AUTHORIZED assert C.NK_user_authenticate(DefaultPasswords.USER, DefaultPasswords.USER_TEMP) == DeviceErrorCode.STATUS_OK gs(C.NK_get_totp_code_PIN(0, 0, 0, 0, DefaultPasswords.USER_TEMP)) assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK # disable PIN protection with write_config assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK assert C.NK_write_config(255, 255, 255, False, True, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK code = gs(C.NK_get_totp_code(0, 0, 0, 0)) assert code != b'' assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK
def test_enable_firmware_update(C): skip_if_device_version_lower_than({'S': 50}) wrong_password = b'aaaaaaaaaaa' assert C.NK_enable_firmware_update( wrong_password) == DeviceErrorCode.WRONG_PASSWORD assert C.NK_enable_firmware_update( DefaultPasswords.UPDATE) == DeviceErrorCode.STATUS_OK
def test_encrypted_volume_unlock_hidden(C): skip_if_device_version_lower_than({'S': 43}) hidden_volume_password = b'hiddenpassword' assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK assert C.NK_unlock_encrypted_volume(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK assert C.NK_create_hidden_volume(0, 20, 21, hidden_volume_password) == DeviceErrorCode.STATUS_OK assert C.NK_unlock_hidden_volume(hidden_volume_password) == DeviceErrorCode.STATUS_OK
def test_HOTP_slots_read_write_counter(C, counter): """ Write different counters to all HOTP slots, read code and compare with 3rd party :param counter: """ if counter >= 1e7: # Storage does not handle counters longer than 7 digits skip_if_device_version_lower_than({'P': 7}) secret = RFC_SECRET oath = pytest.importorskip("oath") lib_at = lambda t: bb(oath.hotp(secret, t, format='dec6')) PIN_protection = False use_8_digits = False assert C.NK_first_authenticate( DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK assert C.NK_write_config( 255, 255, 255, PIN_protection, not PIN_protection, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK dev_res = [] lib_res = [] for slot_number in range(3): assert C.NK_first_authenticate( DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK assert C.NK_write_hotp_slot( slot_number, b'HOTP rw' + bytes(slot_number), bb(secret), counter, use_8_digits, False, False, b"", DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK code_device = gs(C.NK_get_hotp_code(slot_number)) dev_res += (counter, code_device) lib_res += (counter, lib_at(counter)) assert dev_res == lib_res
def test_HOTP_slots_read_write_counter(C, counter): """ Write different counters to all HOTP slots, read code and compare with 3rd party :param counter: """ if counter >= 1e7: # Storage v0.53 and below does not handle counters longer than 7 digits skip_if_device_version_lower_than({'P': 7, 'S': 54}) secret = RFC_SECRET oath = pytest.importorskip("oath") lib_at = lambda t: bb(oath.hotp(secret, t, format='dec6')) PIN_protection = False use_8_digits = False assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK assert C.NK_write_config(255, 255, 255, PIN_protection, not PIN_protection, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK dev_res = [] lib_res = [] for slot_number in range(3): assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK assert C.NK_write_hotp_slot(slot_number, b'HOTP rw' + bytes(slot_number), bb(secret), counter, use_8_digits, False, False, b"", DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK code_device = gs(C.NK_get_hotp_code(slot_number)) dev_res += (counter, code_device) lib_res += (counter, lib_at(counter)) assert dev_res == lib_res
def test_TOTP_secrets(C, secret): ''' NK Pro 0.8+, NK Storage 0.44+ ''' skip_if_device_version_lower_than({'S': 44, 'P': 8}) if len(secret) > 20 * 2: #*2 since secret is in hex # pytest.skip("Secret lengths over 20 bytes are not supported by NK Pro 0.7 and NK Storage") skip_if_device_version_lower_than({'P': 8}) slot_number = 0 time = 0 period = 30 oath = pytest.importorskip("oath") lib_at = lambda t: bb(oath.totp(secret, t=t, period=period)) PIN_protection = False use_8_digits = False T = 0 assert C.NK_first_authenticate( DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK assert C.NK_write_config( 255, 255, 255, PIN_protection, not PIN_protection, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK dev_res = [] lib_res = [] assert C.NK_write_totp_slot( slot_number, b'secret' + bytes(len(secret)), bb(secret), period, use_8_digits, False, False, b"", DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK assert C.NK_totp_set_time(time) == DeviceErrorCode.STATUS_OK code_device = gs(C.NK_get_totp_code(slot_number, T, 0, period)) dev_res += (time, code_device) lib_res += (time, lib_at(time)) assert dev_res == lib_res
def test_OTP_secret_started_from_null(C, secret): """ NK Pro 0.8+, NK Storage 0.43+ """ skip_if_device_version_lower_than({'S': 43, 'P': 8}) if len(secret) > 40: # feature: 320 bit long secret handling skip_if_device_version_lower_than({'P': 8}) oath = pytest.importorskip("oath") lib_at = lambda t: bb(oath.hotp(secret, t, format='dec6')) PIN_protection = False use_8_digits = False slot_number = 1 assert C.NK_first_authenticate( DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK assert C.NK_write_config( 255, 255, 255, PIN_protection, not PIN_protection, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK dev_res = [] lib_res = [] for t in range(1, 5): assert C.NK_first_authenticate( DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK assert C.NK_write_hotp_slot( slot_number, b'null_secret', bb(secret), t, use_8_digits, False, False, b'', DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK code_device = gs(C.NK_get_hotp_code(slot_number)) dev_res += (t, code_device) lib_res += (t, lib_at(t)) assert dev_res == lib_res
def test_sd_card_usage(C): skip_if_device_version_lower_than({'S': 43}) data_pointer = C.NK_get_SD_usage_data_as_string() assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK data_string = gs(data_pointer) assert len(data_string) > 0 data_dict = get_dict_from_dissect(data_string.decode("ascii")) assert int(data_dict['WriteLevelMax']) <= 100
def test_destroy_encrypted_data_leaves_OTP_intact(C): """ Make sure AES key regeneration will not remove OTP records. Test for Nitrokey Storage. Details: https://github.com/Nitrokey/libnitrokey/issues/199 """ skip_if_device_version_lower_than({'S': 55}) assert C.NK_enable_password_safe( DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK # write password safe slot assert C.NK_write_password_safe_slot(0, b'slotname1', b'login1', b'pass1') == DeviceErrorCode.STATUS_OK # read slot assert gs(C.NK_get_password_safe_slot_name(0)) == b'slotname1' assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK slot_login = C.NK_get_password_safe_slot_login(0) assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK assert gs(slot_login) == b'login1' # write OTP use_8_digits = False use_pin_protection = False assert C.NK_first_authenticate( DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK assert C.NK_write_config( 255, 255, 255, use_pin_protection, not use_pin_protection, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK check_HOTP_RFC_codes(C, lambda x: gs(C.NK_get_hotp_code(x)), use_8_digits=use_8_digits) # confirm OTP assert C.NK_first_authenticate( DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK assert gs(C.NK_get_hotp_slot_name(1)) == b'python_test' # destroy password safe by regenerating aes key assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK assert C.NK_first_authenticate( DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK assert C.NK_build_aes_key( DefaultPasswords.ADMIN) == DeviceErrorCode.STATUS_OK assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK assert C.NK_enable_password_safe( DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK assert gs(C.NK_get_password_safe_slot_name(0)) != b'slotname1' assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK # confirm OTP assert C.NK_first_authenticate( DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK assert gs(C.NK_get_hotp_slot_name(1)) == b'python_test'
def test_get_status_storage(C): skip_if_device_version_lower_than({'S': 43}) status_pointer = C.NK_get_status_storage_as_string() assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK status_string = gs(status_pointer) assert len(status_string) > 0 status_dict = get_dict_from_dissect(status_string.decode('ascii')) default_admin_password_retry_count = 3 assert int(status_dict['AdminPwRetryCount']) == default_admin_password_retry_count
def test_bootloader_data_rention(C): skip_if_device_version_lower_than({'P': 11}) assert helper_populate_device(C) assert C.NK_enable_firmware_update_pro( DefaultPasswords.UPDATE) == DeviceErrorCode.STATUS_DISCONNECTED input('Please press ENTER after uploading new firmware to the device') C = library_device_reconnect(C) assert helper_check_device_for_data(C)
def test_fill_SD_card(C): skip_if_device_version_lower_than({'S': 43}) status = C.NK_fill_SD_card_with_random_data(DefaultPasswords.ADMIN) assert status == DeviceErrorCode.STATUS_OK or status == DeviceErrorCode.BUSY while 1: value = C.NK_get_progress_bar_value() if value == -1: break assert 0 <= value <= 100 assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK wait(5)
def test_get_status_storage(C): skip_if_device_version_lower_than({'S': 43}) status_pointer = C.NK_get_status_storage_as_string() assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK status_string = gs(status_pointer) assert len(status_string) > 0 status_dict = get_dict_from_dissect(status_string.decode('ascii')) default_admin_password_retry_count = 3 assert int(status_dict['AdminPwRetryCount']) == default_admin_password_retry_count print('C.NK_get_major_firmware_version(): {}'.format(C.NK_get_major_firmware_version())) print('C.NK_get_minor_firmware_version(): {}'.format(C.NK_get_minor_firmware_version()))
def test_change_update_password(C): skip_if_device_version_lower_than({'S': 43}) wrong_password = b'aaaaaaaaaaa' assert C.NK_change_update_password( wrong_password, DefaultPasswords.UPDATE_TEMP) == DeviceErrorCode.WRONG_PASSWORD assert C.NK_change_update_password( DefaultPasswords.UPDATE, DefaultPasswords.UPDATE_TEMP) == DeviceErrorCode.STATUS_OK assert C.NK_change_update_password( DefaultPasswords.UPDATE_TEMP, DefaultPasswords.UPDATE) == DeviceErrorCode.STATUS_OK
def test_encrypted_volume_setup_multiple_hidden_lock(C): import random skip_if_device_version_lower_than({'S': 45}) #hangs device on lower version hidden_volume_password = b'hiddenpassword' + bb(str(random.randint(0,100))) p = lambda i: hidden_volume_password + bb(str(i)) assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK assert C.NK_unlock_encrypted_volume(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK for i in range(4): assert C.NK_create_hidden_volume(i, 20+i*10, 20+i*10+i+1, p(i) ) == DeviceErrorCode.STATUS_OK for i in range(4): assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK assert C.NK_unlock_encrypted_volume(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK assert C.NK_unlock_hidden_volume(p(i)) == DeviceErrorCode.STATUS_OK
def test_authorize_issue_admin(C): skip_if_device_version_lower_than({'S': 43, 'P': 9}) assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK assert C.NK_write_config(255, 255, 255, True, False, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK assert C.NK_first_authenticate(b"wrong pass", b"another temp pass") == DeviceErrorCode.WRONG_PASSWORD assert C.NK_write_config(255, 255, 255, False, True, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_NOT_AUTHORIZED assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK assert C.NK_write_config(255, 255, 255, True, False, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
def test_encrypted_volume_setup_multiple_hidden_no_lock_device_volumes(C, volumes_to_setup): skip_if_device_version_lower_than({'S': 43}) hidden_volume_password = b'hiddenpassword' p = lambda i: hidden_volume_password + bb(str(i)) assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK assert C.NK_unlock_encrypted_volume(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK for i in range(volumes_to_setup): assert C.NK_create_hidden_volume(i, 20+i*10, 20+i*10+i+1, p(i)) == DeviceErrorCode.STATUS_OK assert C.NK_lock_encrypted_volume() == DeviceErrorCode.STATUS_OK assert C.NK_unlock_encrypted_volume(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK for i in range(volumes_to_setup): assert C.NK_unlock_hidden_volume(p(i)) == DeviceErrorCode.STATUS_OK # TODO mount and test for files assert C.NK_lock_hidden_volume() == DeviceErrorCode.STATUS_OK
def test_bootloader_password_change_pro_length(C): skip_if_device_version_lower_than({'P': 11}) # Test whether the correct password is set assert C.NK_change_firmware_password_pro( DefaultPasswords.UPDATE, DefaultPasswords.UPDATE) == DeviceErrorCode.STATUS_OK # Change to the longest possible password assert C.NK_change_firmware_password_pro( DefaultPasswords.UPDATE, DefaultPasswords.UPDATE_LONG) == DeviceErrorCode.STATUS_OK assert C.NK_change_firmware_password_pro( DefaultPasswords.UPDATE_LONG, DefaultPasswords.UPDATE) == DeviceErrorCode.STATUS_OK # Use longer or shorter passwords than possible assert C.NK_change_firmware_password_pro( DefaultPasswords.UPDATE, DefaultPasswords.UPDATE_TOO_LONG) == LibraryErrors.TOO_LONG_STRING assert C.NK_change_firmware_password_pro( DefaultPasswords.UPDATE, DefaultPasswords.UPDATE_TOO_SHORT) == DeviceErrorCode.WRONG_PASSWORD
def test_encrypted_volume_setup_one_hidden_no_lock_device_slot(C, use_slot): skip_if_device_version_lower_than({'S': 43}) hidden_volume_password = '******' p = lambda i: hidden_volume_password + str(i) assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK assert C.NK_unlock_encrypted_volume( DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK i = use_slot assert C.NK_create_hidden_volume(i, 20 + i * 10, 20 + i * 10 + i + 1, p(i)) == DeviceErrorCode.STATUS_OK assert C.NK_unlock_hidden_volume(p(i)) == DeviceErrorCode.STATUS_OK assert C.NK_lock_hidden_volume() == DeviceErrorCode.STATUS_OK assert C.NK_lock_encrypted_volume() == DeviceErrorCode.STATUS_OK assert C.NK_unlock_encrypted_volume( DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK for j in range(3): assert C.NK_unlock_hidden_volume(p(i)) == DeviceErrorCode.STATUS_OK # TODO mount and test for files assert C.NK_lock_hidden_volume() == DeviceErrorCode.STATUS_OK
def test_factory_reset_does_not_change_update_password(C): """ Check if factory reset changes the update password, which should not happen """ skip_if_device_version_lower_than({'P': 13}) from test_pro import test_factory_reset # Revert effects of a broken test run, if needed C.NK_change_firmware_password_pro(DefaultPasswords.UPDATE_TEMP, DefaultPasswords.UPDATE) # actual test assert C.NK_change_firmware_password_pro( DefaultPasswords.UPDATE, DefaultPasswords.UPDATE_TEMP) == DeviceErrorCode.STATUS_OK test_factory_reset(C) assert C.NK_change_firmware_password_pro( DefaultPasswords.UPDATE, DefaultPasswords.UPDATE_TEMP) == DeviceErrorCode.WRONG_PASSWORD assert C.NK_change_firmware_password_pro( DefaultPasswords.UPDATE_TEMP, DefaultPasswords.UPDATE) == DeviceErrorCode.STATUS_OK
def test_hidden_volume_corruption(C): # bug: this should return error without unlocking encrypted volume each hidden volume lock, but it does not skip_if_device_version_lower_than({'S': 43}) hidden_volume_password = b'hiddenpassword' p = lambda i: hidden_volume_password + bb(str(i)) volumes_to_setup = 4 assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK assert C.NK_unlock_encrypted_volume(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK for i in range(volumes_to_setup): assert C.NK_create_hidden_volume(i, 20 + i * 10, 20 + i * 10 + i + 1, p(i)) == DeviceErrorCode.STATUS_OK assert C.NK_unlock_hidden_volume(p(i)) == DeviceErrorCode.STATUS_OK assert C.NK_lock_hidden_volume() == DeviceErrorCode.STATUS_OK assert C.NK_lock_encrypted_volume() == DeviceErrorCode.STATUS_OK assert C.NK_unlock_encrypted_volume(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK for i in range(volumes_to_setup): assert C.NK_unlock_encrypted_volume(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK assert C.NK_unlock_hidden_volume(p(i)) == DeviceErrorCode.STATUS_OK wait(2) assert C.NK_lock_hidden_volume() == DeviceErrorCode.STATUS_OK
def test_pro_factory_reset_breaks_update_password(C, mode: Modes): from test_pro_bootloader import test_bootloader_password_change_pro, test_bootloader_password_change_pro_length from test_pro import test_factory_reset skip_if_device_version_lower_than({'P': 14}) func = { Modes.EmptyBody: lambda: True, Modes.FactoryResetWithAES: lambda: test_factory_reset(C) or True, Modes.FactoryReset: lambda: C.NK_factory_reset(DefaultPasswords.ADMIN ) == DeviceErrorCode.STATUS_OK, Modes.AESGeneration: lambda: C.NK_build_aes_key(DefaultPasswords.ADMIN) == DeviceErrorCode. STATUS_OK, } def boot_test(C): test_bootloader_password_change_pro(C) # test_bootloader_password_change_pro_length(C) def random(C): data = ffi.new('struct GetRandom_t *') req_count = 50 res = C.NK_get_random(req_count, data) assert res == DeviceErrorCode.STATUS_OK assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK assert data.op_success == 1 assert data.size_effective == req_count random(C) boot_test(C) random(C) func[mode]() random(C) # fails here boot_test(C) random(C)
def test_bootloader_password_change_pro(C): skip_if_device_version_lower_than({'P': 11}) assert C.NK_change_firmware_password_pro( b'zxcasd', b'zxcasd') == DeviceErrorCode.WRONG_PASSWORD # Revert effects of broken test run, if needed C.NK_change_firmware_password_pro(DefaultPasswords.UPDATE_TEMP, DefaultPasswords.UPDATE) # Change to the same password assert C.NK_change_firmware_password_pro( DefaultPasswords.UPDATE, DefaultPasswords.UPDATE) == DeviceErrorCode.STATUS_OK assert C.NK_change_firmware_password_pro( DefaultPasswords.UPDATE, DefaultPasswords.UPDATE) == DeviceErrorCode.STATUS_OK # Change password assert C.NK_change_firmware_password_pro( DefaultPasswords.UPDATE, DefaultPasswords.UPDATE_TEMP) == DeviceErrorCode.STATUS_OK assert C.NK_change_firmware_password_pro( DefaultPasswords.UPDATE_TEMP, DefaultPasswords.UPDATE) == DeviceErrorCode.STATUS_OK
def test_clear_new_sd_card_notification(C): skip_if_device_version_lower_than({'S': 43}) assert C.NK_clear_new_sd_card_warning( DefaultPasswords.ADMIN) == DeviceErrorCode.STATUS_OK
def test_password_safe_slot_name_corruption(C): skip_if_device_version_lower_than({'S': 43}) volumes_to_setup = 4 # connected with encrypted volumes, possible also with hidden def fill(s, wid): assert wid >= len(s) numbers = '1234567890' * 4 s += numbers[:wid - len(s)] assert len(s) == wid return bb(s) def get_pass(suffix): return fill('pass' + suffix, 20) def get_loginname(suffix): return fill('login' + suffix, 32) def get_slotname(suffix): return fill('slotname' + suffix, 11) assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK assert C.NK_enable_password_safe(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK PWS_slot_count = 16 for i in range(0, PWS_slot_count): iss = str(i) assert C.NK_write_password_safe_slot(i, get_slotname(iss), get_loginname(iss), get_pass(iss)) == DeviceErrorCode.STATUS_OK def check_PWS_correctness(C): for i in range(0, PWS_slot_count): iss = str(i) assert gs(C.NK_get_password_safe_slot_name(i)) == get_slotname(iss) assert gs(C.NK_get_password_safe_slot_login(i)) == get_loginname(iss) assert gs(C.NK_get_password_safe_slot_password(i)) == get_pass(iss) hidden_volume_password = b'hiddenpassword' p = lambda i: hidden_volume_password + bb(str(i)) def check_volumes_correctness(C): for i in range(volumes_to_setup): assert C.NK_unlock_hidden_volume(p(i)) == DeviceErrorCode.STATUS_OK # TODO mount and test for files assert C.NK_lock_hidden_volume() == DeviceErrorCode.STATUS_OK check_PWS_correctness(C) assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK assert C.NK_unlock_encrypted_volume(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK for i in range(volumes_to_setup): assert C.NK_create_hidden_volume(i, 20+i*10, 20+i*10+i+1, p(i)) == DeviceErrorCode.STATUS_OK assert C.NK_unlock_hidden_volume(p(i)) == DeviceErrorCode.STATUS_OK assert C.NK_lock_hidden_volume() == DeviceErrorCode.STATUS_OK assert C.NK_lock_encrypted_volume() == DeviceErrorCode.STATUS_OK assert C.NK_unlock_encrypted_volume(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK check_volumes_correctness(C) check_PWS_correctness(C) check_volumes_correctness(C) check_PWS_correctness(C) assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK assert C.NK_unlock_encrypted_volume(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK check_volumes_correctness(C) check_PWS_correctness(C) assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK assert C.NK_unlock_encrypted_volume(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK check_volumes_correctness(C) check_PWS_correctness(C)
def test_export_firmware_extended_macos(C): """ Check, whether the firmware file is exported correctly, and in correct size. Apparently, the auto-remounting side effect of the v0.46 change, is disturbing the export process. Unmounting the UV just before the export gives the device 20/20 success rate. Test case for issue https://github.com/Nitrokey/nitrokey-app/issues/399 """ skip_if_device_version_lower_than({'S': 43}) skip_if_not_macos('macOS specific test, due to the mount path and command.') import pexpect from time import sleep import os from os.path import exists as exist import plistlib usb_devices = pexpect.run('system_profiler -xml SPUSBDataType') assert b'Nitrokey' in usb_devices, 'No Nitrokey devices connected' usb_devices_parsed = plistlib.loads(usb_devices) assert isinstance(usb_devices_parsed, list), 'usb_devices_parsed has unexpected type' # Try to get all USB devices try: devices = usb_devices_parsed[0]['_items'][0]['_items'] except KeyError: devices = None assert devices is not None, 'could not list USB devices' device_item = None for item in devices: if '_items' in item: # Fix for macOS 10.13.6, Python 3.6.2 item = item['_items'][0] if 'manufacturer' in item and item['manufacturer'] == 'Nitrokey': device_item = item # Try to get first volume of USB device try: volume = device_item['Media'][0]['volumes'][0] except (KeyError, TypeError): volume = None assert volume is not None, 'could not determine volume' assert 'bsd_name' in volume, 'could not get BSD style device name' device = '/dev/' + volume['bsd_name'] pexpect.run(f'diskutil mount {device}') sleep(3) assert 'mount_point' in volume, 'could not get mount point' firmware_abs_path = volume['mount_point'] + '/firmware.bin' checks = 0 print('path: {}, device: {}'.format(firmware_abs_path, device)) checks_add = 0 if exist(firmware_abs_path): os.remove(firmware_abs_path) assert not exist(firmware_abs_path) ATTEMPTS = 20 for i in range(ATTEMPTS): # if umount is disabled, success rate is 3/10, enabled: 10/10 pexpect.run(f'diskutil unmount {device}') assert C.NK_export_firmware(DefaultPasswords.ADMIN) == DeviceErrorCode.STATUS_OK pexpect.run(f'diskutil mount {device}') sleep(1) firmware_file_exist = exist(firmware_abs_path) if firmware_file_exist: checks += 1 getsize = os.path.getsize(firmware_abs_path) print('Firmware file exist, size: {}'.format(getsize)) checks_add += 1 if getsize >= 100 * 1024 else 0 # checks_add += 1 if os.path.getsize(firmware_abs_path) == 256*1024 else 0 os.remove(firmware_abs_path) assert not exist(firmware_abs_path) print('CHECK {} ; CHECK ADDITIONAL {}'.format(checks, checks_add)) assert checks == ATTEMPTS assert checks_add == checks
def test_encrypted_volume_set_read_write(C): skip_if_device_version_lower_than({'S': 99}) assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK assert C.NK_set_encrypted_read_write(DefaultPasswords.ADMIN) == DeviceErrorCode.STATUS_OK
def test_export_firmware(C): skip_if_device_version_lower_than({'S': 43}) assert C.NK_export_firmware(DefaultPasswords.ADMIN) == DeviceErrorCode.STATUS_OK
def test_clear_new_sd_card_notification(C): skip_if_device_version_lower_than({'S': 43}) assert C.NK_clear_new_sd_card_warning(DefaultPasswords.ADMIN) == DeviceErrorCode.STATUS_OK
def test_export_firmware_extended_fedora29(C): """ Check, whether the firmware file is exported correctly, and in correct size. Apparently, the auto-remounting side effect of the v0.46 change, is disturbing the export process. Unmounting the UV just before the export gives the device 20/20 success rate. Test case for issue https://github.com/Nitrokey/nitrokey-app/issues/399 """ skip_if_device_version_lower_than({'S': 43}) skip_if_not_fedora('Tested on Fedora only. To check on other distros.') from time import sleep import os from os.path import exists as exist import re try: import pyudev as pu import pexpect except: pytest.skip( 'Skipping due to missing required packages: pyudev and pexpect.') ctx = pu.Context() devices = ctx.list_devices(subsystem='block', ID_VENDOR='Nitrokey') device = None for d in devices: if d.device_type == 'partition': device = '/dev/{}'.format(d.sys_name) break assert device, 'Device could not be found' pexpect.run(f'udisksctl unmount -b {device}').decode() sleep(1) _res = pexpect.run(f'udisksctl mount -b {device}').decode() firmware_abs_path = re.findall('at (/.*)\.', _res) assert firmware_abs_path, 'Cannot get mount point' firmware_abs_path = firmware_abs_path[0] print('path: {}, device: {}'.format(firmware_abs_path, device)) assert firmware_abs_path, 'Cannot get mount point' firmware_abs_path = firmware_abs_path + '/firmware.bin' checks = 0 checks_add = 0 if exist(firmware_abs_path): os.remove(firmware_abs_path) assert not exist(firmware_abs_path) ATTEMPTS = 20 for i in range(ATTEMPTS): # if umount is disabled, success rate is 3/10, enabled: 10/10 pexpect.run(f'udisksctl unmount -b {device}') assert C.NK_export_firmware( DefaultPasswords.ADMIN) == DeviceErrorCode.STATUS_OK pexpect.run(f'udisksctl mount -b {device}') sleep(1) firmware_file_exist = exist(firmware_abs_path) if firmware_file_exist: checks += 1 getsize = os.path.getsize(firmware_abs_path) print('Firmware file exist, size: {}'.format(getsize)) checks_add += 1 if getsize >= 100 * 1024 else 0 # checks_add += 1 if os.path.getsize(firmware_abs_path) == 256*1024 else 0 os.remove(firmware_abs_path) assert not exist(firmware_abs_path) print('CHECK {} ; CHECK ADDITIONAL {}'.format(checks, checks_add)) assert checks == ATTEMPTS assert checks_add == checks
def test_enable_firmware_update(C): skip_if_device_version_lower_than({'S': 50}) wrong_password = b'aaaaaaaaaaa' assert C.NK_enable_firmware_update(wrong_password) == DeviceErrorCode.WRONG_PASSWORD
def test_encrypted_volume_unlock(C): skip_if_device_version_lower_than({'S': 43}) assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK assert C.NK_unlock_encrypted_volume(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK
def test_send_startup(C): skip_if_device_version_lower_than({'S': 43}) time_seconds_from_epoch = 0 # FIXME set proper date assert C.NK_send_startup(time_seconds_from_epoch) == DeviceErrorCode.STATUS_OK
def test_get_busy_progress_on_idle(C): skip_if_device_version_lower_than({'S': 43}) value = C.NK_get_progress_bar_value() assert value == -1 assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK
def test_unencrypted_volume_set_read_only_admin(C): skip_if_device_version_lower_than({'S': 51}) assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK assert C.NK_set_unencrypted_read_only_admin(DefaultPasswords.ADMIN) == DeviceErrorCode.STATUS_OK
def test_send_startup(C): skip_if_device_version_lower_than({'S': 43}) time_seconds_from_epoch = 0 # FIXME set proper date assert C.NK_send_startup( time_seconds_from_epoch) == DeviceErrorCode.STATUS_OK
def test_export_firmware_extended_fedora29(C): """ Check, whether the firmware file is exported correctly, and in correct size. Apparently, the auto-remounting side effect of the v0.46 change, is disturbing the export process. Unmounting the UV just before the export gives the device 20/20 success rate. Test case for issue https://github.com/Nitrokey/nitrokey-app/issues/399 """ skip_if_device_version_lower_than({'S': 43}) skip_if_not_fedora('Tested on Fedora only. To check on other distros.') from time import sleep import os from os.path import exists as exist import re try: import pyudev as pu import pexpect except: pytest.skip('Skipping due to missing required packages: pyudev and pexpect.') ctx = pu.Context() devices = ctx.list_devices(subsystem='block', ID_VENDOR='Nitrokey') device = None for d in devices: if d.device_type == 'partition': device = '/dev/{}'.format(d.sys_name) break assert device, 'Device could not be found' pexpect.run(f'udisksctl unmount -b {device}').decode() sleep(1) _res = pexpect.run(f'udisksctl mount -b {device}').decode() firmware_abs_path = re.findall('at (/.*)\.', _res) assert firmware_abs_path, 'Cannot get mount point' firmware_abs_path = firmware_abs_path[0] print('path: {}, device: {}'.format(firmware_abs_path, device)) assert firmware_abs_path, 'Cannot get mount point' firmware_abs_path = firmware_abs_path + '/firmware.bin' checks = 0 checks_add = 0 if exist(firmware_abs_path): os.remove(firmware_abs_path) assert not exist(firmware_abs_path) ATTEMPTS = 20 for i in range(ATTEMPTS): # if umount is disabled, success rate is 3/10, enabled: 10/10 pexpect.run(f'udisksctl unmount -b {device}') assert C.NK_export_firmware(DefaultPasswords.ADMIN) == DeviceErrorCode.STATUS_OK pexpect.run(f'udisksctl mount -b {device}') sleep(1) firmware_file_exist = exist(firmware_abs_path) if firmware_file_exist: checks += 1 getsize = os.path.getsize(firmware_abs_path) print('Firmware file exist, size: {}'.format(getsize)) checks_add += 1 if getsize >= 100 * 1024 else 0 # checks_add += 1 if os.path.getsize(firmware_abs_path) == 256*1024 else 0 os.remove(firmware_abs_path) assert not exist(firmware_abs_path) print('CHECK {} ; CHECK ADDITIONAL {}'.format(checks, checks_add)) assert checks == ATTEMPTS assert checks_add == checks
def test_export_firmware_extended_macos(C): """ Check, whether the firmware file is exported correctly, and in correct size. Apparently, the auto-remounting side effect of the v0.46 change, is disturbing the export process. Unmounting the UV just before the export gives the device 20/20 success rate. Test case for issue https://github.com/Nitrokey/nitrokey-app/issues/399 """ skip_if_device_version_lower_than({'S': 43}) skip_if_not_macos( 'macOS specific test, due to the mount path and command.') import pexpect from time import sleep import os from os.path import exists as exist import plistlib usb_devices = pexpect.run('system_profiler -xml SPUSBDataType') assert b'Nitrokey' in usb_devices, 'No Nitrokey devices connected' usb_devices_parsed = plistlib.loads(usb_devices) assert isinstance(usb_devices_parsed, list), 'usb_devices_parsed has unexpected type' # Try to get all USB devices try: devices = usb_devices_parsed[0]['_items'][0]['_items'] except KeyError: devices = None assert devices is not None, 'could not list USB devices' device_item = None for item in devices: if '_items' in item: # Fix for macOS 10.13.6, Python 3.6.2 item = item['_items'][0] if 'manufacturer' in item and item['manufacturer'] == 'Nitrokey': device_item = item # Try to get first volume of USB device try: volume = device_item['Media'][0]['volumes'][0] except (KeyError, TypeError): volume = None assert volume is not None, 'could not determine volume' assert 'bsd_name' in volume, 'could not get BSD style device name' device = '/dev/' + volume['bsd_name'] pexpect.run(f'diskutil mount {device}') sleep(3) assert 'mount_point' in volume, 'could not get mount point' firmware_abs_path = volume['mount_point'] + '/firmware.bin' checks = 0 print('path: {}, device: {}'.format(firmware_abs_path, device)) checks_add = 0 if exist(firmware_abs_path): os.remove(firmware_abs_path) assert not exist(firmware_abs_path) ATTEMPTS = 20 for i in range(ATTEMPTS): # if umount is disabled, success rate is 3/10, enabled: 10/10 pexpect.run(f'diskutil unmount {device}') assert C.NK_export_firmware( DefaultPasswords.ADMIN) == DeviceErrorCode.STATUS_OK pexpect.run(f'diskutil mount {device}') sleep(1) firmware_file_exist = exist(firmware_abs_path) if firmware_file_exist: checks += 1 getsize = os.path.getsize(firmware_abs_path) print('Firmware file exist, size: {}'.format(getsize)) checks_add += 1 if getsize >= 100 * 1024 else 0 # checks_add += 1 if os.path.getsize(firmware_abs_path) == 256*1024 else 0 os.remove(firmware_abs_path) assert not exist(firmware_abs_path) print('CHECK {} ; CHECK ADDITIONAL {}'.format(checks, checks_add)) assert checks == ATTEMPTS assert checks_add == checks
def test_encrypted_volume_unlock(C): skip_if_device_version_lower_than({'S': 43}) assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK assert C.NK_unlock_encrypted_volume( DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK
def test_change_update_password(C): skip_if_device_version_lower_than({'S': 43}) wrong_password = b'aaaaaaaaaaa' assert C.NK_change_update_password(wrong_password, DefaultPasswords.UPDATE_TEMP) == DeviceErrorCode.WRONG_PASSWORD assert C.NK_change_update_password(DefaultPasswords.UPDATE, DefaultPasswords.UPDATE_TEMP) == DeviceErrorCode.STATUS_OK assert C.NK_change_update_password(DefaultPasswords.UPDATE_TEMP, DefaultPasswords.UPDATE) == DeviceErrorCode.STATUS_OK