Divide unencrypted volume ro/rw commands for backward compatibility

Unencrypted volume ro/rw: rename user_admin_pin -> admin_pin to be consistent with latest API. Update description.
Document PIN requirements in C++ API
Extract pin type function
Add C API for separate unencrypted volume read write handling
Use correct commands to set ro/rw mode of unencrypted volume

Signed-off-by: Szczepan Zalega <szczepan@nitrokey.com>

4 files changed, 149 insertions, 31 deletions

diff --git a/NK_C_API.cc b/NK_C_API.cc
index 8ce318f..f881caf 100644
--- a/NK_C_API.cc
+++ b/NK_C_API.cc
@@ -495,17 +495,31 @@ extern "C" {
 		});
 	}
 
-	NK_C_API int NK_set_unencrypted_read_only(const char* user_admin_pin) {
+	NK_C_API int NK_set_unencrypted_read_only(const char *user_pin) {
 		auto m = NitrokeyManager::instance();
 		return get_without_result([&]() {
-			m->set_unencrypted_read_only(user_admin_pin);
+			m->set_unencrypted_read_only(user_pin);
 		});
 	}
 
-	NK_C_API int NK_set_unencrypted_read_write(const char* user_admin_pin) {
+	NK_C_API int NK_set_unencrypted_read_write(const char *user_pin) {
 		auto m = NitrokeyManager::instance();
 		return get_without_result([&]() {
-			m->set_unencrypted_read_write(user_admin_pin);
+			m->set_unencrypted_read_write(user_pin);
+		});
+	}
+
+	NK_C_API int NK_set_unencrypted_read_only_admin(const char *admin_pin) {
+		auto m = NitrokeyManager::instance();
+		return get_without_result([&]() {
+			m->set_unencrypted_read_only_admin(admin_pin);
+		});
+	}
+
+	NK_C_API int NK_set_unencrypted_read_write_admin(const char *admin_pin) {
+		auto m = NitrokeyManager::instance();
+		return get_without_result([&]() {
+			m->set_unencrypted_read_write_admin(admin_pin);
 		});
 	}
 
diff --git a/NK_C_API.h b/NK_C_API.h
index 9ab29b5..73022b2 100644
--- a/NK_C_API.h
+++ b/NK_C_API.h
@@ -428,28 +428,55 @@ extern "C" {
 	 * Make unencrypted volume read-only.
 	 * Device hides unencrypted volume for a second therefore make sure
 	 * buffers are flushed before running.
-	 * Accepts: User PIN for Storage v0.48 and below, Admin PIN for Storage v0.49+
+	 * Does nothing if firmware version is not matched
+	 * Firmware range: Storage v0.50, v0.48 and below
 	 * Storage only
-	 * @param user_admin_pin 20 characters
+	 * @param user_pin 20 characters User PIN
 	 * @return command processing error code
 	 */
-	NK_C_API int NK_set_unencrypted_read_only(const char* user_admin_pin);
+	NK_C_API int NK_set_unencrypted_read_only(const char *user_pin);
 
 	/**
 	 * Make unencrypted volume read-write.
 	 * Device hides unencrypted volume for a second therefore make sure
 	 * buffers are flushed before running.
-	 * Accepts: User PIN for Storage v0.48 and below, Admin PIN for Storage v0.49+
+	 * Does nothing if firmware version is not matched
+	 * Firmware range: Storage v0.50, v0.48 and below
 	 * Storage only
-	 * @param user_admin_pin 20 characters
+	 * @param user_pin 20 characters User PIN
 	 * @return command processing error code
 	 */
-	NK_C_API int NK_set_unencrypted_read_write(const char* user_admin_pin);
+	NK_C_API int NK_set_unencrypted_read_write(const char *user_pin);
+
+	/**
+	 * Make unencrypted volume read-only.
+	 * Device hides unencrypted volume for a second therefore make sure
+	 * buffers are flushed before running.
+	 * Does nothing if firmware version is not matched
+	 * Firmware range: Storage v0.49, v0.51+
+	 * Storage only
+	 * @param admin_pin 20 characters Admin PIN
+	 * @return command processing error code
+	 */
+	NK_C_API int NK_set_unencrypted_read_only_admin(const char* admin_pin);
+
+	/**
+	 * Make unencrypted volume read-write.
+	 * Device hides unencrypted volume for a second therefore make sure
+	 * buffers are flushed before running.
+	 * Does nothing if firmware version is not matched
+	 * Firmware range: Storage v0.49, v0.51+
+	 * Storage only
+	 * @param admin_pin 20 characters Admin PIN
+	 * @return command processing error code
+	 */
+	NK_C_API int NK_set_unencrypted_read_write_admin(const char* admin_pin);
 
 	/**
 	 * Make encrypted volume read-only.
 	 * Device hides encrypted volume for a second therefore make sure
 	 * buffers are flushed before running.
+	 * Firmware range: v0.49 only, future (see firmware release notes)
 	 * Storage only
 	 * @param admin_pin 20 characters
 	 * @return command processing error code
@@ -460,15 +487,13 @@ extern "C" {
 	 * Make encrypted volume read-write.
 	 * Device hides encrypted volume for a second therefore make sure
 	 * buffers are flushed before running.
+	 * Firmware range: v0.49 only, future (see firmware release notes)
 	 * Storage only
 	 * @param admin_pin 20 characters
 	 * @return command processing error code
 	 */
 	NK_C_API int NK_set_encrypted_read_write(const char* admin_pin);
 
-
-
-
 	/**
 	 * Exports device's firmware to unencrypted volume.
 	 * Storage only
diff --git a/NitrokeyManager.cc b/NitrokeyManager.cc
index fff5d64..f912c7c 100644
--- a/NitrokeyManager.cc
+++ b/NitrokeyManager.cc
@@ -771,6 +771,8 @@ using nitrokey::misc::strcpyT;
         case DeviceModel::STORAGE:{
           auto status = stick20::GetDeviceStatus::CommandTransaction::run(device);
           auto test_firmware = status.data().versionInfo.build_iteration != 0;
+          if (test_firmware)
+            LOG("Development firmware detected. Increasing minor version number.", nitrokey::log::Loglevel::WARNING);
           return status.data().versionInfo.minor + (test_firmware? 1 : 0);
         }
       }
@@ -834,23 +836,55 @@ using nitrokey::misc::strcpyT;
       stick20::SetupHiddenVolume::CommandTransaction::run(device, p);
     }
 
-    void NitrokeyManager::set_unencrypted_read_only(const char* user_admin_pin) {
-      //until 0.48 User PIN was sufficient, from 0.49 it needs Admin PIN
-      if (get_minor_firmware_version()<=48)
-        misc::execute_password_command<stick20::SendSetReadonlyToUncryptedVolume>(device, user_admin_pin);
-      else
-        misc::execute_password_command<stick20::SetUnencryptedVolumeReadOnlyAdmin>(device, user_admin_pin);
+    void NitrokeyManager::set_unencrypted_read_only_admin(const char* admin_pin) {
+      //from v0.49, v0.51+ it needs Admin PIN
+      if (set_unencrypted_volume_rorw_pin_type_user(get_minor_firmware_version())){
+        LOG("set_unencrypted_read_only_admin is not supported for this version of Storage device. "
+                "Please update firmware to v0.51+", nitrokey::log::Loglevel::WARNING);
+        return;
+      }
+      misc::execute_password_command<stick20::SetUnencryptedVolumeReadOnlyAdmin>(device, admin_pin);
+    }
+
+    void NitrokeyManager::set_unencrypted_read_only(const char *user_pin) {
+        //until v0.48 (incl. v0.50) User PIN was sufficient
+        LOG("set_unencrypted_read_only is deprecated. Use set_unencrypted_read_only_admin instead.",
+            nitrokey::log::Loglevel::WARNING);
+      if (!set_unencrypted_volume_rorw_pin_type_user(get_minor_firmware_version())){
+        LOG("set_unencrypted_read_only is not supported for this version of Storage device. Doing nothing.",
+            nitrokey::log::Loglevel::WARNING);
+        return;
+      }
+      misc::execute_password_command<stick20::SendSetReadonlyToUncryptedVolume>(device, user_pin);
+    }
+
+    void NitrokeyManager::set_unencrypted_read_write_admin(const char* admin_pin) {
+      //from v0.49, v0.51+ it needs Admin PIN
+      if (set_unencrypted_volume_rorw_pin_type_user(get_minor_firmware_version())){
+        LOG("set_unencrypted_read_write_admin is not supported for this version of Storage device. "
+                "Please update firmware to v0.51+.", nitrokey::log::Loglevel::WARNING);
+        return;
+      }
+      misc::execute_password_command<stick20::SetUnencryptedVolumeReadWriteAdmin>(device, admin_pin);
+    }
+
+    void NitrokeyManager::set_unencrypted_read_write(const char *user_pin) {
+        //until v0.48 (incl. v0.50) User PIN was sufficient
+      LOG("set_unencrypted_read_write is deprecated. Use set_unencrypted_read_write_admin instead.",
+          nitrokey::log::Loglevel::WARNING);
+      if (!set_unencrypted_volume_rorw_pin_type_user(get_minor_firmware_version())){
+        LOG("set_unencrypted_read_write is not supported for this version of Storage device. Doing nothing.",
+            nitrokey::log::Loglevel::WARNING);
+        return;
+      }
+      misc::execute_password_command<stick20::SendSetReadwriteToUncryptedVolume>(device, user_pin);
     }
 
-    void NitrokeyManager::set_unencrypted_read_write(const char* user_admin_pin) {
-        //until 0.48 User PIN was sufficient, from 0.49 it needs Admin PIN
-      if (get_minor_firmware_version()<=48)
-        misc::execute_password_command<stick20::SendSetReadwriteToUncryptedVolume>(device, user_admin_pin);
-      else
-        misc::execute_password_command<stick20::SetUnencryptedVolumeReadWriteAdmin>(device, user_admin_pin);
+    bool NitrokeyManager::set_unencrypted_volume_rorw_pin_type_user(const int minor_firmware_version) const {
+      return minor_firmware_version <= 48 || minor_firmware_version == 50;
     }
 
-    void NitrokeyManager::export_firmware(const char* admin_pin) {
+  void NitrokeyManager::export_firmware(const char* admin_pin) {
       misc::execute_password_command<stick20::ExportFirmware>(device, admin_pin);
     }
 
diff --git a/include/NitrokeyManager.h b/include/NitrokeyManager.h
index 12aae0d..08da8ba 100644
--- a/include/NitrokeyManager.h
+++ b/include/NitrokeyManager.h
@@ -126,9 +126,37 @@ char * strndup(const char* str, size_t maxlen);
         void unlock_hidden_volume(const char *hidden_volume_password);
         void lock_hidden_volume();
 
-        void set_unencrypted_read_only(const char *user_admin_pin);
-
-        void set_unencrypted_read_write(const char *user_admin_pin);
+        /**
+         * Sets unencrypted volume read-only.
+         * Works until v0.48 (incl. v0.50), where User PIN was sufficient
+         * Does nothing otherwise.
+         * @param user_pin User PIN
+         */
+        void set_unencrypted_read_only(const char *user_pin);
+
+        /**
+         * Sets unencrypted volume read-only.
+         * Works from v0.49 (except v0.50) accepts Admin PIN
+         * Does nothing otherwise.
+         * @param admin_pin Admin PIN
+         */
+        void set_unencrypted_read_only_admin(const char *admin_pin);
+
+        /**
+         * Sets unencrypted volume read-write.
+         * Works until v0.48 (incl. v0.50), where User PIN was sufficient
+         * Does nothing otherwise.
+         * @param user_pin User PIN
+         */
+        void set_unencrypted_read_write(const char *user_pin);
+
+        /**
+         * Sets unencrypted volume read-write.
+         * Works from v0.49 (except v0.50) accepts Admin PIN
+         * Does nothing otherwise.
+         * @param admin_pin Admin PIN
+         */
+        void set_unencrypted_read_write_admin(const char *admin_pin);
 
         void export_firmware(const char *admin_pin);
         void enable_firmware_update(const char *firmware_pin);
@@ -203,13 +231,30 @@ char * strndup(const char* str, size_t maxlen);
 
       void set_loglevel(int loglevel);
 
-        void set_encrypted_volume_read_only(const char *admin_pin);
+      /**
+       * Sets encrypted volume read-only.
+       * Supported from future versions of Storage.
+       * @param admin_pin Admin PIN
+       */
+      void set_encrypted_volume_read_only(const char *admin_pin);
 
-        void set_encrypted_volume_read_write(const char *admin_pin);
+      /**
+       * Sets encrypted volume read-write.
+       * Supported from future versions of Storage.
+       * @param admin_pin Admin PIN
+       */
+      void set_encrypted_volume_read_write(const char *admin_pin);
 
       int get_major_firmware_version();
 
       bool is_smartcard_in_use();
+
+      /**
+       * Function to determine unencrypted volume PIN type
+       * @param minor_firmware_version
+       * @return Returns true, if set unencrypted volume ro/rw pin type is User, false otherwise.
+       */
+      bool set_unencrypted_volume_rorw_pin_type_user(int minor_firmware_version) const;
     };
 }