From 9435c006d14a48e1a7f3a1384ea538ac1c525087 Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Sat, 19 Aug 2023 12:23:06 +0200 Subject: [PATCH 1/3] Remove obsolete command ID --- pynitrokey/nk3/secrets_app.py | 1 - 1 file changed, 1 deletion(-) diff --git a/pynitrokey/nk3/secrets_app.py b/pynitrokey/nk3/secrets_app.py index b3e9da4e..473cd6c8 100644 --- a/pynitrokey/nk3/secrets_app.py +++ b/pynitrokey/nk3/secrets_app.py @@ -216,7 +216,6 @@ class Instruction(Enum): ChangePIN = 0xB3 SetPIN = 0xB4 GetCredential = 0xB5 - RenameCredential = 0xB6 UpdateCredential = 0xB7 From 3714063c15d212a35d01d12fd37e188cb0dd556f Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Sat, 19 Aug 2023 12:24:33 +0200 Subject: [PATCH 2/3] Remove previous credential with the same name Needed due to the introduced overwrite protection --- pynitrokey/test_secrets_app.py | 32 ++++++++++++++++++++++++++++---- 1 file changed, 28 insertions(+), 4 deletions(-) diff --git a/pynitrokey/test_secrets_app.py b/pynitrokey/test_secrets_app.py index b3c15da4..d049b87a 100644 --- a/pynitrokey/test_secrets_app.py +++ b/pynitrokey/test_secrets_app.py @@ -9,6 +9,7 @@ import hmac import logging import time +from contextlib import suppress from datetime import timedelta from os import environ, wait from sys import stderr @@ -287,11 +288,13 @@ def test_reverse_hotp_failure(secretsAppRaw): assert not secretsApp.verify_code(CREDID, 10**5) helper_wait_after_failed_hotp_verification_request() + secretsApp.delete(CREDID) secretsApp.register(CREDID, secretb, digits=7, kind=Kind.Hotp, algo=Algorithm.Sha1) with pytest.raises(SecretsAppException, match="ConditionsOfUseNotSatisfied"): assert not secretsApp.verify_code(CREDID, 10**6) helper_wait_after_failed_hotp_verification_request() + secretsApp.delete(CREDID) secretsApp.register(CREDID, secretb, digits=8, kind=Kind.Hotp, algo=Algorithm.Sha1) with pytest.raises(SecretsAppException, match="ConditionsOfUseNotSatisfied"): assert not secretsApp.verify_code(CREDID, 10**7) @@ -641,8 +644,10 @@ def test_too_long_message2(secretsAppRaw): for i in range(1, 255, 5): secretsApp.logfn(f"Testing secret length {i} bytes") try: - secretsApp.register("C", too_long_name[:i], DIGITS, kind=Kind.Hotp) - codes.append(secretsApp.calculate("C")) + with suppress(SecretsAppException): + secretsAppRaw.delete(CREDID) + secretsApp.register(CREDID, too_long_name[:i], DIGITS, kind=Kind.Hotp) + codes.append(secretsApp.calculate(CREDID)) except Exception: break assert i >= 40, "Maximum secret length should be at least 320 bits" @@ -1495,12 +1500,17 @@ def test_hmac_low_level(secretsAppRaw): "1c e3 0f d7 8d 20 dc fa 40 b5 0c 18 77 9a fb 0f 02 28 8d b7".replace(" ", "") ) for slot_name in [b"HmacSlot2", b"HmacSlot1"]: + with suppress(SecretsAppException): + secretsAppRaw.delete(slot_name) secretsAppRaw.register( slot_name, secret=secret, kind=Kind.Hmac, ) + with suppress(SecretsAppException): + secretsAppRaw.delete(slot_name) + # Do not allow to register secret with different lengths than expected 20 bytes for secret_len in [18, 21, 200]: with pytest.raises(SecretsAppException, match="IncorrectDataParameter"): @@ -1535,13 +1545,27 @@ def test_hmac_low_level(secretsAppRaw): */ """ - # The length of "1" is used by KeepassXC for test purposes. "63" is the maximum. + # Prepare HmacSlot2 again + slot_name = b"HmacSlot2" + with suppress(SecretsAppException): + secretsAppRaw.delete(slot_name) + secretsAppRaw.register( + slot_name, + secret=secret, + kind=Kind.Hmac, + ) + + # The length of "1" is used by KeepassXC for the purposes. "63" is the maximum. # "64" should not work, as the last byte is always treated as the padding byte value. for challenge_len in [1, 32, 63]: challenge = b"c" * challenge_len challenge_padded = helper_get_padded(challenge) status, response_device = helper_send_receive_ins( - secretsAppRaw, YK_API_REQ, p1=slot, le=20, data_raw=challenge_padded + secretsAppRaw, + YK_API_REQ, + p1=YK_P1_CMD_HMAC_2, + le=20, + data_raw=challenge_padded, ) response_lib = secretsAppRaw.get_response_for_secret(challenge, secret) assert response_lib == response_device From 59b1eae0c74eb431997c540724f107cdb12d9b2f Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Sat, 19 Aug 2023 12:24:44 +0200 Subject: [PATCH 3/3] Comments --- pynitrokey/test_secrets_app.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pynitrokey/test_secrets_app.py b/pynitrokey/test_secrets_app.py index d049b87a..b47d2767 100644 --- a/pynitrokey/test_secrets_app.py +++ b/pynitrokey/test_secrets_app.py @@ -1099,7 +1099,7 @@ def test_check_commands_access(secretsAppRaw): ): secretsAppRaw._send_receive(ins, structure) else: - # These commands do not accept arguments, so there is no parsing error + # These commands do not expect arguments, so there is no parsing error secretsAppRaw._send_receive(ins, structure)