-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathauth_test.go
146 lines (110 loc) · 3.95 KB
/
auth_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
// SPDX-FileCopyrightText: 2023-2024 Steffen Vogel <[email protected]>
// SPDX-License-Identifier: Apache-2.0
package openpgp_test
import (
"fmt"
"testing"
iso "cunicu.li/go-iso7816"
"github.com/stretchr/testify/require"
opc "cunicu.li/go-openpgp-card"
)
func TestVerifyPassword(t *testing.T) {
for pwType, pw := range map[byte]string{
opc.PW1: opc.DefaultPW1,
opc.PW3: opc.DefaultPW3,
} {
testName := fmt.Sprintf("pw%d", pwType-0x80)
t.Run(testName, func(t *testing.T) {
withCard(t, true, func(t *testing.T, c *opc.Card) {
require := require.New(t)
err := c.VerifyPassword(pwType, "wrong")
require.ErrorIs(err, iso.ErrIncorrectData)
err = c.VerifyPassword(pwType, pw)
require.NoError(err)
err = c.VerifyPassword(pwType, pw)
require.NoError(err)
})
})
}
}
func TestChangePassword(t *testing.T) {
withCard(t, true, func(t *testing.T, c *opc.Card) {
require := require.New(t)
err := c.ChangePassword(opc.PW1, opc.DefaultPW1, "hallo")
require.ErrorIs(err, opc.ErrInvalidLength)
err = c.ChangePassword(opc.PW1, "wrong", "hallohallo")
require.ErrorIs(err, iso.ErrSecurityStatusNotSatisfied)
err = c.ChangePassword(opc.PW1, opc.DefaultPW1, "hallohallo")
require.NoError(err)
err = c.VerifyPassword(opc.PW1, "hallohallo")
require.NoError(err)
})
}
func TestResetRetryCounter(t *testing.T) {
withCard(t, true, func(t *testing.T, c *opc.Card) {
require := require.New(t)
require.Equal(byte(3), c.PasswordStatus.AttemptsPW1, "Initial attempts are not as expected")
err := c.VerifyPassword(opc.PW1, "some wrong password")
require.ErrorIs(err, iso.ErrSecurityStatusNotSatisfied)
sts, err := c.GetPasswordStatus()
require.NoError(err)
require.Equal(byte(2), sts.AttemptsPW1)
err = c.VerifyPassword(opc.PW3, opc.DefaultPW3)
require.NoError(err)
err = c.ResetRetryCounter(opc.DefaultPW1)
require.NoError(err)
sts, err = c.GetPasswordStatus()
require.NoError(err)
require.Equal(byte(3), sts.AttemptsPW1)
})
}
func TestResetRetryCounterWithResettingCode(t *testing.T) {
withCard(t, true, func(t *testing.T, c *opc.Card) {
require := require.New(t)
err := c.ChangeResettingCode("my reset code")
require.NoError(err, "Failed to setup resetting code")
require.Equal(byte(3), c.PasswordStatus.AttemptsPW1, "Initial attempts are not as expected")
err = c.VerifyPassword(opc.PW1, "some wrong password")
require.ErrorIs(err, iso.ErrSecurityStatusNotSatisfied)
sts, err := c.GetPasswordStatus()
require.NoError(err)
require.Equal(byte(2), sts.AttemptsPW1)
err = c.ResetRetryCounterWithResettingCode("my reset code", opc.DefaultPW1)
require.NoError(err)
sts, err = c.GetPasswordStatus()
require.NoError(err)
require.Equal(byte(3), sts.AttemptsPW1)
})
}
func TestSetRetryCounters(t *testing.T) {
withCard(t, true, func(t *testing.T, c *opc.Card) {
require := require.New(t)
require.Equal(byte(3), c.PasswordStatus.AttemptsPW1, "Initial attempts are not as expected")
err := c.VerifyPassword(opc.PW3, opc.DefaultPW3)
require.NoError(err)
err = c.SetRetryCounters(11, 12, 13)
require.NoError(err)
// Check that resetting code attempts are zero when not resetting code is set
sts, err := c.GetPasswordStatus()
require.NoError(err)
require.Equal(byte(0), sts.AttemptsRC)
err = c.ChangeResettingCode("my reset code")
require.NoError(err, "Failed to setup resetting code")
// Once set, we get the correct number
sts, err = c.GetPasswordStatus()
require.NoError(err)
require.Equal(byte(11), sts.AttemptsPW1)
require.Equal(byte(12), sts.AttemptsRC)
require.Equal(byte(13), sts.AttemptsPW3)
// Try if the new counters are in effect
for i := 0; i < 5; i++ {
err = c.VerifyPassword(opc.PW1, "some wrong password")
require.ErrorIs(err, iso.ErrSecurityStatusNotSatisfied)
}
sts, err = c.GetPasswordStatus()
require.NoError(err)
require.Equal(byte(11-5), sts.AttemptsPW1)
require.Equal(byte(12), sts.AttemptsRC)
require.Equal(byte(13), sts.AttemptsPW3)
})
}