app-openpgp/tests/test_password.py at develop · Alva072/app-openpgp · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
# -*- coding: utf-8 -*-
# SPDX-FileCopyrightText: 2023 Ledger SAS
# SPDX-License-Identifier: LicenseRef-LEDGER
"""
This module provides Ragger tests for Password feature
"""

from pathlib import Path
import pytest
from ledgered.devices import Device
from ragger.error import ExceptionRAPDU
from ragger.backend import BackendInterface
from ragger.navigator import Navigator

from application_client.command_sender import CommandSender
from application_client.app_def import Errors, PassWord


from utils import util_navigate


# In this test we check the card Password verification
@pytest.mark.parametrize(
    "pwd, value",
    [
        (PassWord.PW1, "123456"),
        (PassWord.PW2, "123456"),
        (PassWord.PW3, "12345678"),
    ],
)
def test_verify(backend: BackendInterface, pwd: PassWord, value: str) -> None:
    # Use the app interface instead of raw interface
    client = CommandSender(backend)

    # Verify PW status - Not yet verified
    with pytest.raises(ExceptionRAPDU) as err:
        client.send_verify_pw(pwd)
    assert err.value.status & 0xFFF0 == 0x63c0

    # Verify PW with its value
    rapdu = client.send_verify_pw(pwd, value)
    assert rapdu.status == Errors.SW_OK

    # Verify PW status
    rapdu = client.send_verify_pw(pwd)
    assert rapdu.status == Errors.SW_OK

    # Verify PW Reset Status
    rapdu = client.send_verify_pw(pwd, reset=True)
    assert rapdu.status == Errors.SW_OK

    # Verify PW status - Not yet verified
    with pytest.raises(ExceptionRAPDU) as err:
        client.send_verify_pw(pwd)
    assert err.value.status & 0xFFF0 == 0x63c0


def test_verify_wrong(backend: BackendInterface) -> None:
    # Use the app interface instead of raw interface
    client = CommandSender(backend)

    # Verify PW status - Wrong Password
    with pytest.raises(ExceptionRAPDU) as err:
        client.send_verify_pw(PassWord.PW1, "999999")
    assert err.value.status == Errors.SW_SECURITY_STATUS_NOT_SATISFIED


# In this test we check the card Password verification with Pinpad
def test_verify_confirm_accepted(device: Device,
                                 backend: BackendInterface,
                                 navigator: Navigator,
                                 test_name: Path) -> None:
    # Use the app interface instead of raw interface
    client = CommandSender(backend)

    # Send the APDU (Asynchronous)
    with client.send_verify_pw_with_confirmation(PassWord.PW1):
        util_navigate(device, navigator, test_name, "Confirm_Yes")

    # Check the status (Asynchronous)
    response = client.get_async_response()
    assert response and response.status == Errors.SW_OK


# In this test we check the Rejected card Password verification with Pinpad
def test_verify_confirm_refused(device: Device,
                                backend: BackendInterface,
                                navigator: Navigator,
                                test_name: Path) -> None:
    # Use the app interface instead of raw interface
    client = CommandSender(backend)

    # Send the APDU (Asynchronous)
    with pytest.raises(ExceptionRAPDU) as err:
        with client.send_verify_pw_with_confirmation(PassWord.PW1):
            util_navigate(device, navigator, test_name, "Confirm_No")

    # Assert we have received a refusal
    assert err.value.status == Errors.SW_CONDITIONS_NOT_SATISFIED
    assert len(err.value.data) == 0


# In this test we check the Password Update
@pytest.mark.parametrize(
    "pwd, actual, new",
    [
        (PassWord.PW1, "123456",   "654321"),
        (PassWord.PW3, "12345678", "87654321"),
    ],
)
def test_change(backend: BackendInterface, pwd: PassWord, actual: str, new: str) -> None:
    # Use the app interface instead of raw interface
    client = CommandSender(backend)

    # Verify PW with its value
    rapdu = client.send_verify_pw(pwd, actual)
    assert rapdu.status == Errors.SW_OK

    # Change PW value
    rapdu = client.send_change_pw(pwd, actual, new)
    assert rapdu.status == Errors.SW_OK

    # Verify PW status
    rapdu = client.send_verify_pw(pwd, new)
    assert rapdu.status == Errors.SW_OK


# In this test we check the Password Reset
def test_reset(backend: BackendInterface) -> None:
    # Use the app interface instead of raw interface
    client = CommandSender(backend)

    # Verify PW1
    rapdu = client.send_verify_pw(PassWord.PW1, "123456")
    assert rapdu.status == Errors.SW_OK

    # Verify PW3 (Admin)
    rapdu = client.send_verify_pw(PassWord.PW3, "12345678")
    assert rapdu.status == Errors.SW_OK

    # Reset PW1 with a new value
    rapdu = client.send_reset_pw("654321")
    assert rapdu.status == Errors.SW_OK

    # Verify PW status
    rapdu = client.send_verify_pw(PassWord.PW1, "654321")
    assert rapdu.status == Errors.SW_OK


# In this test we check the Get Challenge
def test_challenge(backend: BackendInterface) -> None:
    # Use the app interface instead of raw interface
    client = CommandSender(backend)

    # Get Random number
    rapdu = client.get_challenge(32)
    assert rapdu.status == Errors.SW_OK
    print(f"Random: {rapdu.data.hex()}")