def test_hidden_volume_corruption(C):
# bug: this should return error without unlocking encrypted volume each hidden volume lock, but it does not
skip_if_device_version_lower_than({'S': 43})
hidden_volume_password = b'hiddenpassword'
p = lambda i: hidden_volume_password + bb(str(i))
volumes_to_setup = 4
assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK
assert C.NK_unlock_encrypted_volume(
DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK
for i in range(volumes_to_setup):
assert C.NK_create_hidden_volume(i, 20 + i * 10, 20 + i * 10 + i + 1,
p(i)) == DeviceErrorCode.STATUS_OK
assert C.NK_unlock_hidden_volume(p(i)) == DeviceErrorCode.STATUS_OK
assert C.NK_lock_hidden_volume() == DeviceErrorCode.STATUS_OK
assert C.NK_lock_encrypted_volume() == DeviceErrorCode.STATUS_OK
assert C.NK_unlock_encrypted_volume(
DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK
for i in range(volumes_to_setup):
assert C.NK_unlock_encrypted_volume(
DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK
assert C.NK_unlock_hidden_volume(p(i)) == DeviceErrorCode.STATUS_OK
wait(2)
assert C.NK_lock_hidden_volume() == DeviceErrorCode.STATUS_OK
def test_encrypted_volume_setup_multiple_hidden_lock(C):
import random
skip_if_device_version_lower_than({'S':
45}) #hangs device on lower version
hidden_volume_password = b'hiddenpassword' + bb(str(random.randint(0,
100)))
p = lambda i: hidden_volume_password + bb(str(i))
assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK
assert C.NK_unlock_encrypted_volume(
DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK
for i in range(4):
assert C.NK_create_hidden_volume(i, 20 + i * 10, 20 + i * 10 + i + 1,
p(i)) == DeviceErrorCode.STATUS_OK
for i in range(4):
assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK
assert C.NK_unlock_encrypted_volume(
DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK
assert C.NK_unlock_hidden_volume(p(i)) == DeviceErrorCode.STATUS_OK
def test_encrypted_volume_setup_multiple_hidden_no_lock_device_volumes(
C, volumes_to_setup):
skip_if_device_version_lower_than({'S': 43})
hidden_volume_password = b'hiddenpassword'
p = lambda i: hidden_volume_password + bb(str(i))
assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK
assert C.NK_unlock_encrypted_volume(
DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK
for i in range(volumes_to_setup):
assert C.NK_create_hidden_volume(i, 20 + i * 10, 20 + i * 10 + i + 1,
p(i)) == DeviceErrorCode.STATUS_OK
assert C.NK_lock_encrypted_volume() == DeviceErrorCode.STATUS_OK
assert C.NK_unlock_encrypted_volume(
DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK
for i in range(volumes_to_setup):
assert C.NK_unlock_hidden_volume(p(i)) == DeviceErrorCode.STATUS_OK
# TODO mount and test for files
assert C.NK_lock_hidden_volume() == DeviceErrorCode.STATUS_OK
def fill(s, wid):
assert wid >= len(s)
numbers = '1234567890' * 4
s += numbers[:wid - len(s)]
assert len(s) == wid
return bb(s)
def test_password_safe_slot_name_corruption(C):
skip_if_device_version_lower_than({'S': 43})
volumes_to_setup = 4
# connected with encrypted volumes, possible also with hidden
def fill(s, wid):
assert wid >= len(s)
numbers = '1234567890' * 4
s += numbers[:wid - len(s)]
assert len(s) == wid
return bb(s)
def get_pass(suffix):
return fill('pass' + suffix, 20)
def get_loginname(suffix):
return fill('login' + suffix, 32)
def get_slotname(suffix):
return fill('slotname' + suffix, 11)
assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK
assert C.NK_enable_password_safe(
DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK
PWS_slot_count = 16
for i in range(0, PWS_slot_count):
iss = str(i)
assert C.NK_write_password_safe_slot(
i, get_slotname(iss), get_loginname(iss),
get_pass(iss)) == DeviceErrorCode.STATUS_OK
def check_PWS_correctness(C):
for i in range(0, PWS_slot_count):
iss = str(i)
assert gs(C.NK_get_password_safe_slot_name(i)) == get_slotname(iss)
assert gs(
C.NK_get_password_safe_slot_login(i)) == get_loginname(iss)
assert gs(C.NK_get_password_safe_slot_password(i)) == get_pass(iss)
hidden_volume_password = b'hiddenpassword'
p = lambda i: hidden_volume_password + bb(str(i))
def check_volumes_correctness(C):
for i in range(volumes_to_setup):
assert C.NK_unlock_hidden_volume(p(i)) == DeviceErrorCode.STATUS_OK
# TODO mount and test for files
assert C.NK_lock_hidden_volume() == DeviceErrorCode.STATUS_OK
check_PWS_correctness(C)
assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK
assert C.NK_unlock_encrypted_volume(
DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK
for i in range(volumes_to_setup):
assert C.NK_create_hidden_volume(i, 20 + i * 10, 20 + i * 10 + i + 1,
p(i)) == DeviceErrorCode.STATUS_OK
assert C.NK_unlock_hidden_volume(p(i)) == DeviceErrorCode.STATUS_OK
assert C.NK_lock_hidden_volume() == DeviceErrorCode.STATUS_OK
assert C.NK_lock_encrypted_volume() == DeviceErrorCode.STATUS_OK
assert C.NK_unlock_encrypted_volume(
DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK
check_volumes_correctness(C)
check_PWS_correctness(C)
check_volumes_correctness(C)
check_PWS_correctness(C)
assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK
assert C.NK_unlock_encrypted_volume(
DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK
check_volumes_correctness(C)
check_PWS_correctness(C)
assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK
assert C.NK_unlock_encrypted_volume(
DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK
check_volumes_correctness(C)
check_PWS_correctness(C)
libnitrokey is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU Lesser General Public License
along with libnitrokey. If not, see <http://www.gnu.org/licenses/>.
SPDX-License-Identifier: LGPL-3.0
"""
from misc import to_hex, bb
RFC_SECRET_HR = '12345678901234567890'
RFC_SECRET = to_hex(RFC_SECRET_HR) # '31323334353637383930...'
bbRFC_SECRET = bb(RFC_SECRET)
# print( repr((RFC_SECRET, RFC_SECRET_, len(RFC_SECRET))) )
class DefaultPasswords:
ADMIN = b'12345678'
USER = b'123456'
ADMIN_TEMP = b'123123123'
USER_TEMP = b'234234234'
UPDATE = b'12345678'
UPDATE_TEMP = b'123update123'
UPDATE_LONG = b'1234567890' * 2
UPDATE_TOO_LONG = UPDATE_LONG + b'x'
UPDATE_TOO_SHORT = UPDATE_LONG[:7]
def helper_fill(str_to_fill, target_width):
assert target_width >= len(str_to_fill)
numbers = '1234567890' * 4
str_to_fill += numbers[:target_width - len(str_to_fill)]
assert len(str_to_fill) == target_width
return bb(str_to_fill)