def test_enable_password_safe_after_factory_reset(C):
assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK
if is_storage(C):
# for some reason storage likes to be authenticated before reset (to investigate)
assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
assert C.NK_factory_reset(DefaultPasswords.ADMIN) == DeviceErrorCode.STATUS_OK
wait(10)
if is_storage(C):
assert C.NK_clear_new_sd_card_warning(DefaultPasswords.ADMIN) == DeviceErrorCode.STATUS_OK
enable_password_safe_result = C.NK_enable_password_safe(DefaultPasswords.USER)
assert enable_password_safe_result == DeviceErrorCode.STATUS_AES_DEC_FAILED \
or is_storage(C) and enable_password_safe_result == DeviceErrorCode.WRONG_PASSWORD
assert C.NK_build_aes_key(DefaultPasswords.ADMIN) == DeviceErrorCode.STATUS_OK
assert C.NK_enable_password_safe(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK
def test_enable_password_safe_after_factory_reset(C):
assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK
if is_storage(C):
# for some reason storage likes to be authenticated before reset (to investigate)
assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
assert C.NK_factory_reset(DefaultPasswords.ADMIN) == DeviceErrorCode.STATUS_OK
wait(10)
if is_storage(C):
assert C.NK_clear_new_sd_card_warning(DefaultPasswords.ADMIN) == DeviceErrorCode.STATUS_OK
enable_password_safe_result = C.NK_enable_password_safe(DefaultPasswords.USER)
assert enable_password_safe_result == DeviceErrorCode.STATUS_AES_DEC_FAILED \
or is_storage(C) and enable_password_safe_result in \
[DeviceErrorCode.WRONG_PASSWORD, DeviceErrorCode.STATUS_UNKNOWN_ERROR] # UNKNOWN_ERROR since v0.51
assert C.NK_build_aes_key(DefaultPasswords.ADMIN) == DeviceErrorCode.STATUS_OK
assert C.NK_enable_password_safe(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK
def test_factory_reset(C):
assert C.NK_first_authenticate(
DefaultPasswords.ADMIN,
DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
assert C.NK_write_config(
255, 255, 255, False, True,
DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
assert C.NK_first_authenticate(
DefaultPasswords.ADMIN,
DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
assert C.NK_write_hotp_slot(
1, b'python_test', bbRFC_SECRET, 0, False, False, False, b"",
DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
assert gs(C.NK_get_hotp_code(1)) == b"755224"
assert C.NK_factory_reset(
DefaultPasswords.ADMIN) == DeviceErrorCode.STATUS_OK
wait(10)
assert gs(C.NK_get_hotp_code(1)) != b"287082"
assert C.NK_get_last_command_status() == DeviceErrorCode.NOT_PROGRAMMED
# restore AES key
assert C.NK_first_authenticate(
DefaultPasswords.ADMIN,
DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
assert C.NK_build_aes_key(
DefaultPasswords.ADMIN) == DeviceErrorCode.STATUS_OK
assert C.NK_enable_password_safe(
DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK
assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK
if is_storage(C):
assert C.NK_clear_new_sd_card_warning(
DefaultPasswords.ADMIN) == DeviceErrorCode.STATUS_OK
def test_TOTP_64bit_time(C):
if is_storage(C):
pytest.xfail('bug in NK Storage TOTP firmware')
oath = pytest.importorskip("oath")
T = 1
lib_at = lambda t: bb(oath.totp(RFC_SECRET, t=t))
PIN_protection = False
slot_number = 1
assert C.NK_first_authenticate(
DefaultPasswords.ADMIN,
DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
assert C.NK_write_config(
255, 255, 255, PIN_protection, not PIN_protection,
DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
assert C.NK_first_authenticate(
DefaultPasswords.ADMIN,
DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
assert C.NK_write_totp_slot(
slot_number, b'python_test', bbRFC_SECRET, 30, False, False, False,
b'', DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
dev_res = []
lib_res = []
for t in range(INT32_MAX - 5, INT32_MAX + 5, 1):
assert C.NK_first_authenticate(
DefaultPasswords.ADMIN,
DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
assert C.NK_totp_set_time(t) == DeviceErrorCode.STATUS_OK
code_device = gs((C.NK_get_totp_code(slot_number, T, 0, 30)))
dev_res += (t, code_device)
lib_res += (t, lib_at(t))
assert dev_res == lib_res
def test_HOTP_64bit_counter(C):
if is_storage(C):
pytest.xfail(
'bug in NK Storage HOTP firmware - counter is set with a 8 digits string, '
'however int32max takes 10 digits to be written')
oath = pytest.importorskip("oath")
lib_at = lambda t: bb(oath.hotp(RFC_SECRET, t, format='dec6'))
PIN_protection = False
use_8_digits = False
slot_number = 1
assert C.NK_first_authenticate(
DefaultPasswords.ADMIN,
DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
assert C.NK_write_config(
255, 255, 255, PIN_protection, not PIN_protection,
DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
dev_res = []
lib_res = []
for t in range(INT32_MAX - 5, INT32_MAX + 5, 1):
assert C.NK_first_authenticate(
DefaultPasswords.ADMIN,
DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
assert C.NK_write_hotp_slot(
slot_number, b'python_test', bbRFC_SECRET, t, use_8_digits, False,
False, b'',
DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
code_device = gs(C.NK_get_hotp_code(slot_number))
dev_res += (t, code_device)
lib_res += (t, lib_at(t))
assert dev_res == lib_res
def test_is_AES_supported(C):
if is_storage(C):
pytest.skip("Storage does not implement this command")
assert C.NK_is_AES_supported(b'wrong password') != 1
assert C.NK_get_last_command_status() == DeviceErrorCode.WRONG_PASSWORD
assert C.NK_is_AES_supported(DefaultPasswords.USER) == 1
assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK
def test_is_AES_supported(C):
if is_storage(C):
pytest.skip("Storage does not implement this command")
assert C.NK_is_AES_supported(b'wrong password') != 1
assert C.NK_get_last_command_status() == DeviceErrorCode.WRONG_PASSWORD
assert C.NK_is_AES_supported(DefaultPasswords.USER) == 1
assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK
def test_factory_reset(C):
assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
assert C.NK_write_config(255, 255, 255, False, True, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
assert C.NK_write_hotp_slot(1, b'python_test', bbRFC_SECRET, 0, False, False, False, b"",
DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
assert gs(C.NK_get_hotp_code(1)) == b"755224"
assert C.NK_factory_reset(DefaultPasswords.ADMIN) == DeviceErrorCode.STATUS_OK
wait(10)
assert gs(C.NK_get_hotp_code(1)) != b"287082"
assert C.NK_get_last_command_status() == DeviceErrorCode.NOT_PROGRAMMED
# restore AES key
assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
assert C.NK_build_aes_key(DefaultPasswords.ADMIN) == DeviceErrorCode.STATUS_OK
assert C.NK_enable_password_safe(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK
assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK
if is_storage(C):
assert C.NK_clear_new_sd_card_warning(DefaultPasswords.ADMIN) == DeviceErrorCode.STATUS_OK
