|
1 | 1 | // Copyright (C) 2022 Nitrokey GmbH |
2 | 2 | // SPDX-License-Identifier: LGPL-3.0-only |
3 | 3 |
|
4 | | -mod card; |
| 4 | +use openpgp_card::StatusBytes; |
5 | 5 | use test_log::test; |
6 | 6 |
|
| 7 | +mod card; |
| 8 | + |
7 | 9 | use card::{error_to_retries, with_card}; |
8 | 10 | use opcard::{DEFAULT_ADMIN_PIN, DEFAULT_USER_PIN}; |
9 | 11 |
|
| 12 | +macro_rules! assert_checks { |
| 13 | + ($tx:expr, $sign:expr, $user:expr, $admin:expr) => {{ |
| 14 | + let sign_expected = $sign; |
| 15 | + let sign_retries = error_to_retries($tx.check_pw1_sign()); |
| 16 | + assert_eq!( |
| 17 | + sign_retries, sign_expected, |
| 18 | + "Incorrect sign retries. Expected {:?}, got {:?}", |
| 19 | + sign_expected, sign_retries |
| 20 | + ); |
| 21 | + let user_expected = $user; |
| 22 | + let user_retries = error_to_retries($tx.check_pw1_user()); |
| 23 | + assert_eq!( |
| 24 | + user_retries, user_expected, |
| 25 | + "Incorrect user retries. Expected {:?}, got {:?}", |
| 26 | + user_expected, user_retries |
| 27 | + ); |
| 28 | + let admin_expected = $admin; |
| 29 | + let admin_retries = error_to_retries($tx.check_pw3()); |
| 30 | + assert_eq!( |
| 31 | + admin_retries, admin_expected, |
| 32 | + "Incorrect admin retries. Expected {:?}, got {:?}", |
| 33 | + admin_expected, admin_retries |
| 34 | + ); |
| 35 | + }}; |
| 36 | +} |
| 37 | + |
10 | 38 | #[test] |
11 | 39 | fn change() { |
12 | 40 | with_card(|mut card| { |
@@ -71,6 +99,58 @@ fn change() { |
71 | 99 | assert!(tx.verify_pw3(b"new pin2").is_ok()); |
72 | 100 | assert!(tx.verify_pw3(DEFAULT_ADMIN_PIN).is_err()); |
73 | 101 | assert!(tx.verify_pw3(b"new pin2").is_ok()); |
| 102 | + |
| 103 | + tx.set_resetting_code(&[0; 127]).unwrap(); |
| 104 | + tx.set_resetting_code(&[0; 128]).unwrap_err(); |
| 105 | + }); |
| 106 | + card.reset(); |
| 107 | + card.with_tx(|mut tx| { |
| 108 | + tx.reset_retry_counter_pw1(b"123456", Some(&[0; 127])) |
| 109 | + .unwrap(); |
| 110 | + assert_checks!(tx, Some(3), Some(3), Some(3)); |
| 111 | + tx.verify_pw1_user(b"123456").unwrap(); |
| 112 | + }); |
| 113 | + card.reset(); |
| 114 | + card.with_tx(|mut tx| { |
| 115 | + assert!(tx.reset_retry_counter_pw1(b"new code", None).is_err()); |
| 116 | + assert!(tx.verify_pw1_user(b"new code").is_err()); |
| 117 | + assert_eq!( |
| 118 | + error_to_retries(tx.reset_retry_counter_pw1(b"new code", Some(b"12345678"))), |
| 119 | + Some(2) |
| 120 | + ); |
| 121 | + let short_reset = tx.reset_retry_counter_pw1(b"short", Some(&[0; 127])); |
| 122 | + assert!( |
| 123 | + matches!( |
| 124 | + short_reset, |
| 125 | + Err(openpgp_card::Error::CardStatus( |
| 126 | + StatusBytes::IncorrectParametersCommandDataField |
| 127 | + )) |
| 128 | + ), |
| 129 | + "Got: {short_reset:?}" |
| 130 | + ); |
| 131 | + assert_eq!( |
| 132 | + error_to_retries(tx.reset_retry_counter_pw1(b"new code", Some(b"12345678"))), |
| 133 | + Some(2) |
| 134 | + ); |
| 135 | + assert!(tx.verify_pw1_user(b"new code").is_err()); |
| 136 | + assert_eq!( |
| 137 | + error_to_retries(tx.reset_retry_counter_pw1(b"new code", Some(b"12345678"))), |
| 138 | + Some(1) |
| 139 | + ); |
| 140 | + assert!(tx.verify_pw1_user(b"new code").is_err()); |
| 141 | + assert_eq!( |
| 142 | + error_to_retries(tx.reset_retry_counter_pw1(b"new code", Some(b"12345678"))), |
| 143 | + Some(0) |
| 144 | + ); |
| 145 | + assert!(tx.verify_pw1_user(b"new code").is_err()); |
| 146 | + assert_eq!( |
| 147 | + error_to_retries(tx.reset_retry_counter_pw1(b"new code", Some(b"12345678"))), |
| 148 | + Some(0) |
| 149 | + ); |
| 150 | + assert!(tx.verify_pw1_user(b"new code").is_err()); |
| 151 | + tx.reset_retry_counter_pw1(b"123456", Some(b"1234567890")) |
| 152 | + .unwrap_err(); |
| 153 | + assert!(tx.verify_pw1_user(b"new code").is_err()); |
74 | 154 | }); |
75 | 155 | }); |
76 | 156 | } |
0 commit comments