Backport yukikey module tests from v4

diff --git a/src/tests/modules/yubikey/all.mk b/src/tests/modules/yubikey/all.mk
new file mode 100644 (file)
index 0000000..b62dbc2
--- /dev/null
+++ b/src/tests/modules/yubikey/all.mk
@@ -0,0 +1,3 @@
+#
+#  Test the "yubikey" module xlat
+#

diff --git a/src/tests/modules/yubikey/module.conf b/src/tests/modules/yubikey/module.conf
new file mode 100644 (file)
index 0000000..a9549f3
--- /dev/null
+++ b/src/tests/modules/yubikey/module.conf
@@ -0,0 +1,11 @@
+yubikey {
+
+       id_length = 12
+
+       split = yes
+
+       decrypt = yes
+
+       validate = no
+
+}

diff --git a/src/tests/modules/yubikey/yubikey_auth.attrs b/src/tests/modules/yubikey/yubikey_auth.attrs
new file mode 100644 (file)
index 0000000..d1fa1de
--- /dev/null
+++ b/src/tests/modules/yubikey/yubikey_auth.attrs
@@ -0,0 +1,11 @@
+#
+#  Input packet
+#
+Packet-Type = Access-Request
+User-Name = "bob"
+User-Password = "helloddddgciilcjkjhlifidginuirlhgidcvbfnutjnibldi"
+
+#
+#  Expected answer
+#
+Response-Packet-Type == Access-Accept

diff --git a/src/tests/modules/yubikey/yubikey_auth.unlang b/src/tests/modules/yubikey/yubikey_auth.unlang
new file mode 100644 (file)
index 0000000..ae9f534
--- /dev/null
+++ b/src/tests/modules/yubikey/yubikey_auth.unlang
@@ -0,0 +1,56 @@
+# Call yubikey module to split OTP from password
+yubikey
+
+if !(&User-Password == 'hello') {
+       test_fail
+}
+if !(&Yubikey-OTP) {
+       test_fail
+}
+if !(&Yubikey-Public-Id == 'ddddgciilcjk') {
+       test_fail
+}
+
+update control {
+       &Yubikey-Counter := 1
+       &Yubikey-Key := 0xb8c56af07ff79b2230e04ab8891784ce
+}
+
+# Call module in authenticate mode to decrypt OTP
+yubikey.authenticate
+
+# Check all the attributes have been created
+if !(&Yubikey-Private-Id == 0x1dfc67f97828) {
+       test_fail
+}
+if !(&Yubikey-Timestamp) {
+       test_fail
+}
+if !(&Yubikey-Counter == 258) {
+       test_fail
+}
+if !(&Yubikey-Random) {
+       test_fail
+}
+
+
+# Increase the known "counter" value to detect a replay attack
+update {
+       &control:Yubikey-Counter := &Yubikey-Counter
+}
+
+yubikey.authenticate {
+       reject = 1
+}
+
+# Replay attack should result in a reject and a suitable module failure
+if !(reject) {
+       test_fail
+}
+debug_all
+
+if !(&Module-Failure-Message == 'yubikey: Replay attack detected! Counter value 258, is lt or eq to last known counter value 258') {
+       test_fail
+}
+
+test_pass

diff --git a/src/tests/modules/yubikey/yubikey_xlat.attrs b/src/tests/modules/yubikey/yubikey_xlat.attrs
new file mode 100644 (file)
index 0000000..1cce1c5
--- /dev/null
+++ b/src/tests/modules/yubikey/yubikey_xlat.attrs
@@ -0,0 +1,11 @@
+#
+#  Input packet
+#
+Packet-Type = Access-Request
+User-Name = "bob"
+User-Password = "hello"
+
+#
+#  Expected answer
+#
+Response-Packet-Type == Access-Accept

diff --git a/src/tests/modules/yubikey/yubikey_xlat.unlang b/src/tests/modules/yubikey/yubikey_xlat.unlang
new file mode 100644 (file)
index 0000000..bc17642
--- /dev/null
+++ b/src/tests/modules/yubikey/yubikey_xlat.unlang
@@ -0,0 +1,42 @@
+update {
+       &Tmp-String-0 := 'vvrbuctetdhc'
+       &Tmp-String-1 := "%{modhextohex:%{Tmp-String-0}}"
+}
+
+if (&Tmp-String-1 != 'ffc1e0d3d260') {
+       test_fail
+}
+
+#  Invalid modhex string - not even length
+update {
+       &Tmp-String-0 := 'vvrbuctetdh'
+       &Tmp-String-1 := "%{modhextohex:%{Tmp-String-0}}"
+}
+
+if (ok) {
+       test_fail
+}
+
+if (&Tmp-String-1 != "") {
+       test_fail
+}
+
+if (&Module-Failure-Message != "Modhex string invalid") {
+       test_fail
+}
+
+#  Invalid modhex string - invalid characters
+update {
+       &Tmp-String-0 := 'vxrbmctetdhc'
+       &Tmp-String-1 := "%{modhextohex:%{Tmp-String-0}}"
+}
+
+if (ok) {
+       test_fail
+}
+
+if (&Tmp-String-1 != "") {
+       test_fail
+}
+
+test_pass