Merge pull request #413 from Nitrokey/secrets-tests-update

Update tests for the Secrets App
Nitrokey · Jun 28, 2023 · 2c57d06 · 2c57d06
2 parents 25a47a4 + 12c5c66
commit 2c57d06
Showing 1 changed file with 42 additions and 18 deletions.
diff --git a/pynitrokey/test_secrets_app.py b/pynitrokey/test_secrets_app.py
@@ -10,7 +10,7 @@
 import logging
 import time
 from datetime import timedelta
-from os import wait
+from os import environ, wait
 from sys import stderr
 from typing import Any, Callable, List, Optional, Tuple
 
@@ -1414,7 +1414,7 @@ def test_hmac_low_level(secretsAppRaw):
     YK_STATUS = 0x03
     status, data = helper_send_receive_ins(secretsAppRaw, YK_STATUS, le=6)
     assert len(data) == 6
-    assert data.hex()[:6] == "040b00"
+    # assert data.hex()[:6] == "040b00"
 
     # getting serial number works
     YK_API_REQ = 0x01
@@ -1588,29 +1588,52 @@ def test_list_with_properties(secretsAppResetLogin, touch, pws):
 
 def test_light_load(secretsAppRaw):
     """
-    Add a couple of different Credentials' types for the manual CLI listing tests
+    Add a couple of different Credentials' types for the manual CLI listing tests.
+    When `NKPRE` env variable is set, the factory reset is not called, and Credentials
+    are prefixed with this string.
+    Example call:
+    ```
+    env NKPRE=0.12-2- make secrets-test LOG=debug TESTADD="-k light"
+    ```
     """
     secretb = binascii.a2b_hex(SECRET)
-
-    secretsAppRaw.reset()
-    secretsAppRaw.set_pin_raw(PIN)
+    pre = environ.get("NKPRE", "")
+    if not pre:
+        secretsAppRaw.reset()
+        secretsAppRaw.set_pin_raw(PIN)
+    else:
+        print(f"Using {pre} prefix for credential names")
 
     for encrypted in [True, False]:
         for touch in [True, False]:
-            secretsAppRaw.verify_pin_raw(PIN)
-            secretsAppRaw.register(
-                f'otp:{"t" if touch else ""}:{"enc" if encrypted else ""}'.encode(),
-                secretb,
-                digits=6,
-                kind=Kind.Totp,
-                algo=Algorithm.Sha1,
-                touch_button_required=touch,
-                pin_based_encryption=encrypted,
-            )
+            for kind in [Kind.Totp, Kind.Hotp]:
+                ks = "h" if kind == Kind.Hotp else "t"
+                secretsAppRaw.verify_pin_raw(PIN)
+                secretsAppRaw.register(
+                    f'{pre}otp:{"t" if touch else ""}:{"enc" if encrypted else ""}:{ks}'.encode(),
+                    secretb,
+                    digits=6,
+                    kind=kind,
+                    algo=Algorithm.Sha1,
+                    touch_button_required=touch,
+                    pin_based_encryption=encrypted,
+                )
+
+    # reverse OTP only
+    secretsAppRaw.verify_pin_raw(PIN)
+    secretsAppRaw.register(
+        f"{pre}reverse".encode(),
+        secretb,
+        digits=6,
+        kind=Kind.HotpReverse,
+        algo=Algorithm.Sha1,
+        touch_button_required=False,
+    )
 
+    # OTP + PWS test
     for pws in [True, False]:
         secretsAppRaw.register(
-            f'otp:{"pws" if pws else ""}'.encode(),
+            f'{pre}otp:{"pws" if pws else "e"}'.encode(),
             secretb,
             digits=6,
             kind=Kind.Totp,
@@ -1621,8 +1644,9 @@ def test_light_load(secretsAppRaw):
             touch_button_required=False,
         )
 
+    # PWS only test
     secretsAppRaw.register(
-        b"pws",
+        f"{pre}pws".encode(),
         login=b"login",
         password=b"password",
         metadata=b"metadata",