9 files changed, 595 insertions, 170 deletions
diff --git a/unittest/Makefile b/unittest/Makefile
index 9e8fbc1..dbd003e 100644
--- a/unittest/Makefile
+++ b/unittest/Makefile
@@ -8,7 +8,7 @@ LIB = -L../build
 LDLIBS = -lnitrokey
 BUILD = build
 
-CXXFLAGS = -std=c++14 -fPIC
+CXXFLAGS = -std=c++14 -fPIC -Wno-gnu-variable-sized-type-not-at-end
 
 CXXSOURCES = $(wildcard *.cc)
 TARGETS = $(CXXSOURCES:%.cc=$(BUILD)/%)
diff --git a/unittest/conftest.py b/unittest/conftest.py
new file mode 100644
index 0000000..68227d5
--- /dev/null
+++ b/unittest/conftest.py
@@ -0,0 +1,42 @@
+import pytest
+
+from misc import ffi
+
+@pytest.fixture(scope="module")
+def C(request):
+    fp = '../NK_C_API.h'
+
+    declarations = []
+    with open(fp, 'r') as f:
+        declarations = f.readlines()
+
+    a = iter(declarations)
+    for declaration in a:
+        if declaration.startswith('extern') and not '"C"' in declaration:
+            declaration = declaration.replace('extern', '').strip()
+            while not ';' in declaration:
+                declaration += (next(a)).strip()
+            print(declaration)
+            ffi.cdef(declaration, override=True)
+
+    C = ffi.dlopen("../build/libnitrokey.so")
+    C.NK_set_debug(False)
+    nk_login = C.NK_login_auto()
+    if nk_login != 1:
+        print('No devices detected!')
+    assert nk_login == 1  # returns 0 if not connected or wrong model or 1 when connected
+
+    # assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
+    # assert C.NK_user_authenticate(DefaultPasswords.USER, DefaultPasswords.USER_TEMP) == DeviceErrorCode.STATUS_OK
+
+    # C.NK_status()
+
+    def fin():
+        print('\nFinishing connection to device')
+        C.NK_logout()
+        print('Finished')
+
+    request.addfinalizer(fin)
+    C.NK_set_debug(True)
+
+    return C
diff --git a/unittest/constants.py b/unittest/constants.py
new file mode 100644
index 0000000..78a219b
--- /dev/null
+++ b/unittest/constants.py
@@ -0,0 +1,33 @@
+from enum import Enum
+from misc import to_hex
+
+RFC_SECRET_HR = '12345678901234567890'
+RFC_SECRET = to_hex(RFC_SECRET_HR)  # '12345678901234567890'
+
+
+# print( repr((RFC_SECRET, RFC_SECRET_, len(RFC_SECRET))) )
+
+class DefaultPasswords(Enum):
+    ADMIN = '12345678'
+    USER = '123456'
+    ADMIN_TEMP = '123123123'
+    USER_TEMP = '234234234'
+    UPDATE = '12345678'
+    UPDATE_TEMP = '123update123'
+
+
+class DeviceErrorCode(Enum):
+    STATUS_OK = 0
+    BUSY = 1 # busy or busy progressbar in place of wrong_CRC status
+    NOT_PROGRAMMED = 3
+    WRONG_PASSWORD = 4
+    STATUS_NOT_AUTHORIZED = 5
+    STATUS_AES_DEC_FAILED = 0xa
+
+
+class LibraryErrors(Enum):
+    TOO_LONG_STRING = 200
+    INVALID_SLOT = 201
+    INVALID_HEX_STRING = 202
+    TARGET_BUFFER_SIZE_SMALLER_THAN_SOURCE = 203
+
diff --git a/unittest/misc.py b/unittest/misc.py
new file mode 100644
index 0000000..b45436d
--- /dev/null
+++ b/unittest/misc.py
@@ -0,0 +1,40 @@
+import cffi
+
+ffi = cffi.FFI()
+gs = ffi.string
+
+
+def to_hex(s):
+    return "".join("{:02x}".format(ord(c)) for c in s)
+
+
+def wait(t):
+    import time
+    msg = 'Waiting for %d seconds' % t
+    print(msg.center(40, '='))
+    time.sleep(t)
+
+
+def cast_pointer_to_tuple(obj, typen, len):
+    # usage:
+    #     config = cast_pointer_to_tuple(config_raw_data, 'uint8_t', 5)
+    return tuple(ffi.cast("%s [%d]" % (typen, len), obj)[0:len])
+
+def get_firmware_version_from_status(C):
+    status = gs(C.NK_status())
+    status = [s if 'firmware_version' in s else '' for s in status.split('\n')]
+    firmware = status[0].split(':')[1]
+    return firmware
+
+
+def is_pro_rtm_07(C):
+    firmware = get_firmware_version_from_status(C)
+    return '07 00' in firmware
+
+
+def is_storage(C):
+    """
+    exact firmware storage is sent by other function
+    """
+    firmware = get_firmware_version_from_status(C)
+    return '01 00' in firmware
+\ No newline at end of file
diff --git a/unittest/test2.cc b/unittest/test2.cc
new file mode 100644
index 0000000..00e70e3
--- /dev/null
+++ b/unittest/test2.cc
@@ -0,0 +1,254 @@
+#define CATCH_CONFIG_MAIN  // This tells Catch to provide a main()
+
+static const char *const default_admin_pin = "12345678";
+static const char *const default_user_pin = "123456";
+
+#include "catch.hpp"
+
+#include <iostream>
+#include <string.h>
+#include <NitrokeyManager.h>
+#include "device_proto.h"
+#include "log.h"
+//#include "stick10_commands.h"
+#include "stick20_commands.h"
+
+using namespace std;
+using namespace nitrokey::device;
+using namespace nitrokey::proto;
+using namespace nitrokey::proto::stick20;
+using namespace nitrokey::log;
+using namespace nitrokey::misc;
+
+
+template<typename CMDTYPE>
+void execute_password_command(Device &stick, const char *password, const char kind = 'P') {
+  auto p = get_payload<CMDTYPE>();
+  if (kind == 'P'){
+    p.set_kind_user();
+  } else {
+    p.set_kind_admin();
+  }
+  strcpyT(p.password, password);
+  CMDTYPE::CommandTransaction::run(stick, p);
+  this_thread::sleep_for(1000ms);
+}
+
+/**
+ *  fail on purpose (will result in failed test)
+ *  disable from running unwillingly
+ */
+void SKIP_TEST() {
+  CAPTURE("Failing current test to SKIP it");
+  REQUIRE(false);
+}
+
+
+TEST_CASE("long operation test", "[test_long]") {
+  SKIP_TEST();
+
+  Stick20 stick;
+  bool connected = stick.connect();
+  REQUIRE(connected == true);
+  Log::instance().set_loglevel(Loglevel::DEBUG);
+  try{
+    auto p = get_payload<FillSDCardWithRandomChars>();
+    p.set_defaults();
+    strcpyT(p.admin_pin, default_admin_pin);
+    FillSDCardWithRandomChars::CommandTransaction::run(stick, p);
+    this_thread::sleep_for(1000ms);
+
+    CHECK(false);
+  }
+  catch (LongOperationInProgressException &progressException){
+    CHECK(true);
+  }
+
+
+  for (int i = 0; i < 30; ++i) {
+    try {
+      stick10::GetStatus::CommandTransaction::run(stick);
+    }
+    catch (LongOperationInProgressException &progressException){
+      CHECK((int)progressException.progress_bar_value>=0);
+      CAPTURE((int)progressException.progress_bar_value);
+      this_thread::sleep_for(2000ms);
+    }
+
+  }
+
+}
+
+
+#include "test_command_ids_header.h"
+
+TEST_CASE("test device commands ids", "[fast]") {
+
+//  REQUIRE(STICK20_CMD_START_VALUE == static_cast<uint8_t>(CommandID::START_VALUE));
+  REQUIRE(STICK20_CMD_ENABLE_CRYPTED_PARI == static_cast<uint8_t>(CommandID::ENABLE_CRYPTED_PARI));
+  REQUIRE(STICK20_CMD_DISABLE_CRYPTED_PARI == static_cast<uint8_t>(CommandID::DISABLE_CRYPTED_PARI));
+  REQUIRE(STICK20_CMD_ENABLE_HIDDEN_CRYPTED_PARI == static_cast<uint8_t>(CommandID::ENABLE_HIDDEN_CRYPTED_PARI));
+  REQUIRE(STICK20_CMD_DISABLE_HIDDEN_CRYPTED_PARI == static_cast<uint8_t>(CommandID::DISABLE_HIDDEN_CRYPTED_PARI));
+  REQUIRE(STICK20_CMD_ENABLE_FIRMWARE_UPDATE == static_cast<uint8_t>(CommandID::ENABLE_FIRMWARE_UPDATE));
+  REQUIRE(STICK20_CMD_EXPORT_FIRMWARE_TO_FILE == static_cast<uint8_t>(CommandID::EXPORT_FIRMWARE_TO_FILE));
+  REQUIRE(STICK20_CMD_GENERATE_NEW_KEYS == static_cast<uint8_t>(CommandID::GENERATE_NEW_KEYS));
+  REQUIRE(STICK20_CMD_FILL_SD_CARD_WITH_RANDOM_CHARS == static_cast<uint8_t>(CommandID::FILL_SD_CARD_WITH_RANDOM_CHARS));
+
+  REQUIRE(STICK20_CMD_WRITE_STATUS_DATA == static_cast<uint8_t>(CommandID::WRITE_STATUS_DATA));
+  REQUIRE(STICK20_CMD_ENABLE_READONLY_UNCRYPTED_LUN == static_cast<uint8_t>(CommandID::ENABLE_READONLY_UNCRYPTED_LUN));
+  REQUIRE(STICK20_CMD_ENABLE_READWRITE_UNCRYPTED_LUN == static_cast<uint8_t>(CommandID::ENABLE_READWRITE_UNCRYPTED_LUN));
+
+  REQUIRE(STICK20_CMD_SEND_PASSWORD_MATRIX == static_cast<uint8_t>(CommandID::SEND_PASSWORD_MATRIX));
+  REQUIRE(STICK20_CMD_SEND_PASSWORD_MATRIX_PINDATA == static_cast<uint8_t>(CommandID::SEND_PASSWORD_MATRIX_PINDATA));
+  REQUIRE(STICK20_CMD_SEND_PASSWORD_MATRIX_SETUP == static_cast<uint8_t>(CommandID::SEND_PASSWORD_MATRIX_SETUP));
+
+  REQUIRE(STICK20_CMD_GET_DEVICE_STATUS == static_cast<uint8_t>(CommandID::GET_DEVICE_STATUS));
+  REQUIRE(STICK20_CMD_SEND_DEVICE_STATUS == static_cast<uint8_t>(CommandID::SEND_DEVICE_STATUS));
+
+  REQUIRE(STICK20_CMD_SEND_HIDDEN_VOLUME_PASSWORD == static_cast<uint8_t>(CommandID::SEND_HIDDEN_VOLUME_PASSWORD));
+  REQUIRE(STICK20_CMD_SEND_HIDDEN_VOLUME_SETUP == static_cast<uint8_t>(CommandID::SEND_HIDDEN_VOLUME_SETUP));
+  REQUIRE(STICK20_CMD_SEND_PASSWORD == static_cast<uint8_t>(CommandID::SEND_PASSWORD));
+  REQUIRE(STICK20_CMD_SEND_NEW_PASSWORD == static_cast<uint8_t>(CommandID::SEND_NEW_PASSWORD));
+  REQUIRE(STICK20_CMD_CLEAR_NEW_SD_CARD_FOUND == static_cast<uint8_t>(CommandID::CLEAR_NEW_SD_CARD_FOUND));
+
+  REQUIRE(STICK20_CMD_SEND_STARTUP == static_cast<uint8_t>(CommandID::SEND_STARTUP));
+  REQUIRE(STICK20_CMD_SEND_CLEAR_STICK_KEYS_NOT_INITIATED == static_cast<uint8_t>(CommandID::SEND_CLEAR_STICK_KEYS_NOT_INITIATED));
+  REQUIRE(STICK20_CMD_SEND_LOCK_STICK_HARDWARE == static_cast<uint8_t>(CommandID::SEND_LOCK_STICK_HARDWARE));
+
+  REQUIRE(STICK20_CMD_PRODUCTION_TEST == static_cast<uint8_t>(CommandID::PRODUCTION_TEST));
+  REQUIRE(STICK20_CMD_SEND_DEBUG_DATA == static_cast<uint8_t>(CommandID::SEND_DEBUG_DATA));
+
+  REQUIRE(STICK20_CMD_CHANGE_UPDATE_PIN == static_cast<uint8_t>(CommandID::CHANGE_UPDATE_PIN));
+
+}
+
+TEST_CASE("test device internal status with various commands", "[fast]") {
+  Stick20 stick;
+  bool connected = stick.connect();
+  REQUIRE(connected == true);
+
+  Log::instance().set_loglevel(Loglevel::DEBUG);
+  auto p = get_payload<stick20::SendStartup>();
+  p.set_defaults();
+  auto device_status = stick20::SendStartup::CommandTransaction::run(stick, p);
+  REQUIRE(device_status.data().AdminPwRetryCount == 3);
+  REQUIRE(device_status.data().UserPwRetryCount == 3);
+  REQUIRE(device_status.data().ActiveSmartCardID_u32 != 0);
+
+  auto production_status = stick20::ProductionTest::CommandTransaction::run(stick);
+  REQUIRE(production_status.data().SD_Card_Size_u8 == 8);
+  REQUIRE(production_status.data().SD_CardID_u32 != 0);
+
+  auto sdcard_occupancy = stick20::GetSDCardOccupancy::CommandTransaction::run(stick);
+  REQUIRE((int) sdcard_occupancy.data().ReadLevelMin >= 0);
+  REQUIRE((int) sdcard_occupancy.data().ReadLevelMax <= 100);
+  REQUIRE((int) sdcard_occupancy.data().WriteLevelMin >= 0);
+  REQUIRE((int) sdcard_occupancy.data().WriteLevelMax <= 100);
+}
+
+TEST_CASE("setup hidden volume test", "[hidden]") {
+  Stick20 stick;
+  bool connected = stick.connect();
+  REQUIRE(connected == true);
+  Log::instance().set_loglevel(Loglevel::DEBUG);
+  stick10::LockDevice::CommandTransaction::run(stick);
+  this_thread::sleep_for(2000ms);
+
+  auto user_pin = default_user_pin;
+  execute_password_command<EnableEncryptedPartition>(stick, user_pin);
+
+  auto p = get_payload<stick20::SetupHiddenVolume>();
+  p.SlotNr_u8 = 0;
+  p.StartBlockPercent_u8 = 70;
+  p.EndBlockPercent_u8 = 90;
+  auto hidden_volume_password = "123123123";
+  strcpyT(p.HiddenVolumePassword_au8, hidden_volume_password);
+  stick20::SetupHiddenVolume::CommandTransaction::run(stick, p);
+  this_thread::sleep_for(2000ms);
+
+  execute_password_command<EnableHiddenEncryptedPartition>(stick, hidden_volume_password);
+}
+
+TEST_CASE("setup multiple hidden volumes", "[hidden]") {
+  Stick20 stick;
+  bool connected = stick.connect();
+  REQUIRE(connected == true);
+  Log::instance().set_loglevel(Loglevel::DEBUG);
+
+  auto user_pin = default_user_pin;
+  stick10::LockDevice::CommandTransaction::run(stick);
+  this_thread::sleep_for(2000ms);
+  execute_password_command<EnableEncryptedPartition>(stick, user_pin);
+
+  constexpr int volume_count = 4;
+  for (int i = 0; i < volume_count; ++i) {
+    auto p = get_payload<stick20::SetupHiddenVolume>();
+    p.SlotNr_u8 = i;
+    p.StartBlockPercent_u8 = 20 + 10*i;
+    p.EndBlockPercent_u8 = p.StartBlockPercent_u8+i+1;
+    auto hidden_volume_password = std::string("123123123")+std::to_string(i);
+    strcpyT(p.HiddenVolumePassword_au8, hidden_volume_password.c_str());
+    stick20::SetupHiddenVolume::CommandTransaction::run(stick, p);
+    this_thread::sleep_for(2000ms);
+  }
+
+
+  for (int i = 0; i < volume_count; ++i) {
+    execute_password_command<EnableEncryptedPartition>(stick, user_pin);
+    auto hidden_volume_password = std::string("123123123")+std::to_string(i);
+    execute_password_command<EnableHiddenEncryptedPartition>(stick, hidden_volume_password.c_str());
+    this_thread::sleep_for(2000ms);
+  }
+}
+
+
+//in case of a bug this could change update PIN to some unexpected value
+// - please save log with packet dump if this test will not pass
+TEST_CASE("update password change", "[dangerous]") {
+  SKIP_TEST();
+
+  Stick20 stick;
+  bool connected = stick.connect();
+  REQUIRE(connected == true);
+  Log::instance().set_loglevel(Loglevel::DEBUG);
+
+  auto pass1 = default_admin_pin;
+  auto pass2 = "12345678901234567890";
+
+  auto data = {
+      make_pair(pass1, pass2),
+      make_pair(pass2, pass1),
+  };
+  for (auto &&  password: data) {
+    auto p = get_payload<stick20::ChangeUpdatePassword>();
+    strcpyT(p.current_update_password, password.first);
+    strcpyT(p.new_update_password, password.second);
+    stick20::ChangeUpdatePassword::CommandTransaction::run(stick, p);
+  }
+}
+
+TEST_CASE("general test", "[test]") {
+  Stick20 stick;
+  bool connected = stick.connect();
+  REQUIRE(connected == true);
+
+  Log::instance().set_loglevel(Loglevel::DEBUG);
+
+  stick10::LockDevice::CommandTransaction::run(stick);
+//  execute_password_command<EnableEncryptedPartition>(stick, "123456");
+//  execute_password_command<DisableEncryptedPartition>(stick, "123456");
+//  execute_password_command<DisableHiddenEncryptedPartition>(stick, "123123123");
+
+  execute_password_command<SendSetReadonlyToUncryptedVolume>(stick, default_user_pin);
+  execute_password_command<SendSetReadwriteToUncryptedVolume>(stick, default_user_pin);
+  execute_password_command<SendClearNewSdCardFound>(stick, default_admin_pin, 'A');
+  stick20::GetDeviceStatus::CommandTransaction::run(stick);
+  this_thread::sleep_for(1000ms);
+//  execute_password_command<LockFirmware>(stick, "123123123"); //CAUTION
+//  execute_password_command<EnableFirmwareUpdate>(stick, "123123123"); //CAUTION FIRMWARE PIN
+
+  execute_password_command<ExportFirmware>(stick, "12345678", 'A');
+//  execute_password_command<FillSDCardWithRandomChars>(stick, "12345678", 'A');
+
+  stick10::LockDevice::CommandTransaction::run(stick);
+}
diff --git a/unittest/test_command_ids_header.h b/unittest/test_command_ids_header.h
new file mode 100644
index 0000000..cd55c8a
--- /dev/null
+++ b/unittest/test_command_ids_header.h
@@ -0,0 +1,41 @@
+#ifndef LIBNITROKEY_TEST_COMMAND_IDS_HEADER_H_H
+#define LIBNITROKEY_TEST_COMMAND_IDS_HEADER_H_H
+
+#define STICK20_CMD_START_VALUE 0x20
+#define STICK20_CMD_ENABLE_CRYPTED_PARI (STICK20_CMD_START_VALUE + 0)
+#define STICK20_CMD_DISABLE_CRYPTED_PARI (STICK20_CMD_START_VALUE + 1)
+#define STICK20_CMD_ENABLE_HIDDEN_CRYPTED_PARI (STICK20_CMD_START_VALUE + 2)
+#define STICK20_CMD_DISABLE_HIDDEN_CRYPTED_PARI (STICK20_CMD_START_VALUE + 3)
+#define STICK20_CMD_ENABLE_FIRMWARE_UPDATE (STICK20_CMD_START_VALUE + 4)
+#define STICK20_CMD_EXPORT_FIRMWARE_TO_FILE (STICK20_CMD_START_VALUE + 5)
+#define STICK20_CMD_GENERATE_NEW_KEYS (STICK20_CMD_START_VALUE + 6)
+#define STICK20_CMD_FILL_SD_CARD_WITH_RANDOM_CHARS (STICK20_CMD_START_VALUE + 7)
+
+#define STICK20_CMD_WRITE_STATUS_DATA (STICK20_CMD_START_VALUE + 8)
+#define STICK20_CMD_ENABLE_READONLY_UNCRYPTED_LUN (STICK20_CMD_START_VALUE + 9)
+#define STICK20_CMD_ENABLE_READWRITE_UNCRYPTED_LUN (STICK20_CMD_START_VALUE + 10)
+
+#define STICK20_CMD_SEND_PASSWORD_MATRIX (STICK20_CMD_START_VALUE + 11)
+#define STICK20_CMD_SEND_PASSWORD_MATRIX_PINDATA (STICK20_CMD_START_VALUE + 12)
+#define STICK20_CMD_SEND_PASSWORD_MATRIX_SETUP (STICK20_CMD_START_VALUE + 13)
+
+#define STICK20_CMD_GET_DEVICE_STATUS (STICK20_CMD_START_VALUE + 14)
+#define STICK20_CMD_SEND_DEVICE_STATUS (STICK20_CMD_START_VALUE + 15)
+
+#define STICK20_CMD_SEND_HIDDEN_VOLUME_PASSWORD (STICK20_CMD_START_VALUE + 16)
+#define STICK20_CMD_SEND_HIDDEN_VOLUME_SETUP (STICK20_CMD_START_VALUE + 17)
+#define STICK20_CMD_SEND_PASSWORD (STICK20_CMD_START_VALUE + 18)
+#define STICK20_CMD_SEND_NEW_PASSWORD (STICK20_CMD_START_VALUE + 19)
+#define STICK20_CMD_CLEAR_NEW_SD_CARD_FOUND (STICK20_CMD_START_VALUE + 20)
+
+#define STICK20_CMD_SEND_STARTUP (STICK20_CMD_START_VALUE + 21)
+#define STICK20_CMD_SEND_CLEAR_STICK_KEYS_NOT_INITIATED (STICK20_CMD_START_VALUE + 22)
+#define STICK20_CMD_SEND_LOCK_STICK_HARDWARE (STICK20_CMD_START_VALUE + 23)
+
+#define STICK20_CMD_PRODUCTION_TEST (STICK20_CMD_START_VALUE + 24)
+#define STICK20_CMD_SEND_DEBUG_DATA (STICK20_CMD_START_VALUE + 25)
+
+#define STICK20_CMD_CHANGE_UPDATE_PIN (STICK20_CMD_START_VALUE + 26)
+
+
+#endif //LIBNITROKEY_TEST_COMMAND_IDS_HEADER_H_H
diff --git a/unittest/test_library.py b/unittest/test_library.py
new file mode 100644
index 0000000..d0eef80
--- /dev/null
+++ b/unittest/test_library.py
@@ -0,0 +1,67 @@
+import pytest
+
+from misc import ffi, gs, to_hex
+from constants import DefaultPasswords, DeviceErrorCode, RFC_SECRET, LibraryErrors
+
+def test_too_long_strings(C):
+    new_password = '123123123'
+    long_string = 'a' * 100
+    assert C.NK_change_user_PIN(long_string, new_password) == LibraryErrors.TOO_LONG_STRING
+    assert C.NK_change_user_PIN(new_password, long_string) == LibraryErrors.TOO_LONG_STRING
+    assert C.NK_change_admin_PIN(long_string, new_password) == LibraryErrors.TOO_LONG_STRING
+    assert C.NK_change_admin_PIN(new_password, long_string) == LibraryErrors.TOO_LONG_STRING
+    assert C.NK_first_authenticate(long_string, DefaultPasswords.ADMIN_TEMP) == LibraryErrors.TOO_LONG_STRING
+    assert C.NK_erase_totp_slot(0, long_string) == LibraryErrors.TOO_LONG_STRING
+    digits = False
+    assert C.NK_write_hotp_slot(1, long_string, RFC_SECRET, 0, digits, False, False, "",
+                                DefaultPasswords.ADMIN_TEMP) == LibraryErrors.TOO_LONG_STRING
+    assert C.NK_write_hotp_slot(1, 'long_test', RFC_SECRET, 0, digits, False, False, "",
+                                long_string) == LibraryErrors.TOO_LONG_STRING
+    assert C.NK_get_hotp_code_PIN(0, long_string) == 0
+    assert C.NK_get_last_command_status() == LibraryErrors.TOO_LONG_STRING
+
+
+def test_invalid_slot(C):
+    invalid_slot = 255
+    assert C.NK_erase_totp_slot(invalid_slot, 'some password') == LibraryErrors.INVALID_SLOT
+    assert C.NK_write_hotp_slot(invalid_slot, 'long_test', RFC_SECRET, 0, False, False, False, "",
+                                'aaa') == LibraryErrors.INVALID_SLOT
+    assert C.NK_get_hotp_code_PIN(invalid_slot, 'some password') == 0
+    assert C.NK_get_last_command_status() == LibraryErrors.INVALID_SLOT
+    assert C.NK_erase_password_safe_slot(invalid_slot) == LibraryErrors.INVALID_SLOT
+    assert C.NK_enable_password_safe(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK
+    assert gs(C.NK_get_password_safe_slot_name(invalid_slot)) == ''
+    assert C.NK_get_last_command_status() == LibraryErrors.INVALID_SLOT
+    assert gs(C.NK_get_password_safe_slot_login(invalid_slot)) == ''
+    assert C.NK_get_last_command_status() == LibraryErrors.INVALID_SLOT
+
+@pytest.mark.parametrize("invalid_hex_string",
+                         ['text', '00  ', '0xff', 'zzzzzzzzzzzz', 'fff', '', 'f' * 257, 'f' * 258])
+def test_invalid_secret_hex_string_for_OTP_write(C, invalid_hex_string):
+    """
+    Tests for invalid secret hex string during writing to OTP slot. Invalid strings are not hexadecimal number,
+    empty or longer than 255 characters.
+    """
+    assert C.NK_write_hotp_slot(1, 'slot_name', invalid_hex_string, 0, True, False, False, '',
+                                DefaultPasswords.ADMIN_TEMP) == LibraryErrors.INVALID_HEX_STRING
+    assert C.NK_write_totp_slot(1, 'python_test', invalid_hex_string, 30, True, False, False, "",
+                                DefaultPasswords.ADMIN_TEMP) == LibraryErrors.INVALID_HEX_STRING
+
+
+def test_warning_binary_bigger_than_secret_buffer(C):
+    invalid_hex_string = to_hex('1234567890') * 3
+    assert C.NK_write_hotp_slot(1, 'slot_name', invalid_hex_string, 0, True, False, False, '',
+                                DefaultPasswords.ADMIN_TEMP) == LibraryErrors.TARGET_BUFFER_SIZE_SMALLER_THAN_SOURCE
+
+
+@pytest.mark.xfail(reason="TODO")
+def test_OTP_secret_started_from_null(C):
+    assert False
+
+
+@pytest.mark.skip(reason='Experimental')
+def test_clear(C):
+    d = 'asdasdasd'
+    print(d)
+    C.clear_password(d)
+    print(d)
+\ No newline at end of file
diff --git a/unittest/test_bindings.py b/unittest/test_pro.py
index f7ade46..6ab2af9 100644
--- a/unittest/test_bindings.py
+++ b/unittest/test_pro.py
@@ -1,109 +1,8 @@
 import pytest
-import cffi
-from enum import Enum
-
-ffi = cffi.FFI()
-gs = ffi.string
-
-
-def to_hex(s):
-    return "".join("{:02x}".format(ord(c)) for c in s)
-
-
-def wait(t):
-    import time
-    msg = 'Waiting for %d seconds' % t
-    print(msg.center(40, '='))
-    time.sleep(t)
-
-
-RFC_SECRET_HR = '12345678901234567890'
-RFC_SECRET = to_hex(RFC_SECRET_HR)  # '12345678901234567890'
-
-
-# print( repr((RFC_SECRET, RFC_SECRET_, len(RFC_SECRET))) )
-
-class DefaultPasswords(Enum):
-    ADMIN = '12345678'
-    USER = '123456'
-    ADMIN_TEMP = '123123123'
-    USER_TEMP = '234234234'
-
-
-class DeviceErrorCode(Enum):
-    STATUS_OK = 0
-    NOT_PROGRAMMED = 3
-    WRONG_PASSWORD = 4
-    STATUS_NOT_AUTHORIZED = 5
-    STATUS_AES_DEC_FAILED = 0xa
-
-
-class LibraryErrors(Enum):
-    TOO_LONG_STRING = 200
-    INVALID_SLOT = 201
-    INVALID_HEX_STRING = 202
-    TARGET_BUFFER_SIZE_SMALLER_THAN_SOURCE = 203
-
-
-@pytest.fixture(scope="module")
-def C(request):
-    fp = '../NK_C_API.h'
-
-    declarations = []
-    with open(fp, 'r') as f:
-        declarations = f.readlines()
-
-    a = iter(declarations)
-    for declaration in a:
-        if declaration.startswith('extern') and not '"C"' in declaration:
-            declaration = declaration.replace('extern', '').strip()
-            while not ';' in declaration:
-                declaration += (next(a)).strip()
-            print(declaration)
-            ffi.cdef(declaration)
-
-    C = ffi.dlopen("../build/libnitrokey.so")
-    C.NK_set_debug(False)
-    nk_login = C.NK_login_auto()
-    if nk_login != 1:
-        print('No devices detected!')
-    assert nk_login == 1  # returns 0 if not connected or wrong model or 1 when connected
-
-    # assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
-    # assert C.NK_user_authenticate(DefaultPasswords.USER, DefaultPasswords.USER_TEMP) == DeviceErrorCode.STATUS_OK
-
-    # C.NK_status()
-
-    def fin():
-        print('\nFinishing connection to device')
-        C.NK_logout()
-        print('Finished')
-
-    request.addfinalizer(fin)
-    C.NK_set_debug(True)
-
-    return C
-
-
-def get_firmware_version_from_status(C):
-    status = gs(C.NK_status())
-    status = [s if 'firmware_version' in s else '' for s in status.split('\n')]
-    firmware = status[0].split(':')[1]
-    return firmware
-
-
-def is_pro_rtm_07(C):
-    firmware = get_firmware_version_from_status(C)
-    return '07 00' in firmware
-
-
-def is_storage(C):
-    """
-    exact firmware storage is sent by other function
-    """
-    firmware = get_firmware_version_from_status(C)
-    return '01 00' in firmware
 
+from constants import DefaultPasswords, DeviceErrorCode, RFC_SECRET
+from misc import ffi, gs, wait, cast_pointer_to_tuple
+from misc import is_pro_rtm_07, is_storage
 
 def test_enable_password_safe(C):
     assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK
@@ -232,39 +131,6 @@ def test_user_PIN_change(C):
     assert C.NK_change_user_PIN(new_password, DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK
 
 
-def test_too_long_strings(C):
-    new_password = '123123123'
-    long_string = 'a' * 100
-    assert C.NK_change_user_PIN(long_string, new_password) == LibraryErrors.TOO_LONG_STRING
-    assert C.NK_change_user_PIN(new_password, long_string) == LibraryErrors.TOO_LONG_STRING
-    assert C.NK_change_admin_PIN(long_string, new_password) == LibraryErrors.TOO_LONG_STRING
-    assert C.NK_change_admin_PIN(new_password, long_string) == LibraryErrors.TOO_LONG_STRING
-    assert C.NK_first_authenticate(long_string, DefaultPasswords.ADMIN_TEMP) == LibraryErrors.TOO_LONG_STRING
-    assert C.NK_erase_totp_slot(0, long_string) == LibraryErrors.TOO_LONG_STRING
-    digits = False
-    assert C.NK_write_hotp_slot(1, long_string, RFC_SECRET, 0, digits, False, False, "",
-                                DefaultPasswords.ADMIN_TEMP) == LibraryErrors.TOO_LONG_STRING
-    assert C.NK_write_hotp_slot(1, 'long_test', RFC_SECRET, 0, digits, False, False, "",
-                                long_string) == LibraryErrors.TOO_LONG_STRING
-    assert C.NK_get_hotp_code_PIN(0, long_string) == 0
-    assert C.NK_get_last_command_status() == LibraryErrors.TOO_LONG_STRING
-
-
-def test_invalid_slot(C):
-    invalid_slot = 255
-    assert C.NK_erase_totp_slot(invalid_slot, 'some password') == LibraryErrors.INVALID_SLOT
-    assert C.NK_write_hotp_slot(invalid_slot, 'long_test', RFC_SECRET, 0, False, False, False, "",
-                                'aaa') == LibraryErrors.INVALID_SLOT
-    assert C.NK_get_hotp_code_PIN(invalid_slot, 'some password') == 0
-    assert C.NK_get_last_command_status() == LibraryErrors.INVALID_SLOT
-    assert C.NK_erase_password_safe_slot(invalid_slot) == LibraryErrors.INVALID_SLOT
-    assert C.NK_enable_password_safe(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK
-    assert gs(C.NK_get_password_safe_slot_name(invalid_slot)) == ''
-    assert C.NK_get_last_command_status() == LibraryErrors.INVALID_SLOT
-    assert gs(C.NK_get_password_safe_slot_login(invalid_slot)) == ''
-    assert C.NK_get_last_command_status() == LibraryErrors.INVALID_SLOT
-
-
 def test_admin_retry_counts(C):
     default_admin_retry_count = 3
     assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK
@@ -609,14 +475,6 @@ def test_factory_reset(C):
     assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK
 
 
-@pytest.mark.skip(reason='Experimental')
-def test_clear(C):
-    d = 'asdasdasd'
-    print(d)
-    C.clear_password(d)
-    print(d)
-
-
 def test_get_status(C):
     status = C.NK_status()
     s = gs(status)
@@ -628,27 +486,3 @@ def test_get_serial_number(C):
     sn = gs(sn)
     assert len(sn) > 0
     print(('Serial number of the device: ', sn))
-
-
-@pytest.mark.parametrize("invalid_hex_string",
-                         ['text', '00  ', '0xff', 'zzzzzzzzzzzz', 'fff', '', 'f' * 257, 'f' * 258])
-def test_invalid_secret_hex_string_for_OTP_write(C, invalid_hex_string):
-    """
-    Tests for invalid secret hex string during writing to OTP slot. Invalid strings are not hexadecimal number,
-    empty or longer than 255 characters.
-    """
-    assert C.NK_write_hotp_slot(1, 'slot_name', invalid_hex_string, 0, True, False, False, '',
-                                DefaultPasswords.ADMIN_TEMP) == LibraryErrors.INVALID_HEX_STRING
-    assert C.NK_write_totp_slot(1, 'python_test', invalid_hex_string, 30, True, False, False, "",
-                                DefaultPasswords.ADMIN_TEMP) == LibraryErrors.INVALID_HEX_STRING
-
-
-def test_warning_binary_bigger_than_secret_buffer(C):
-    invalid_hex_string = to_hex('1234567890') * 3
-    assert C.NK_write_hotp_slot(1, 'slot_name', invalid_hex_string, 0, True, False, False, '',
-                                DefaultPasswords.ADMIN_TEMP) == LibraryErrors.TARGET_BUFFER_SIZE_SMALLER_THAN_SOURCE
-
-
-@pytest.mark.xfail(reason="TODO")
-def test_OTP_secret_started_from_null(C):
-    assert False
diff --git a/unittest/test_storage.py b/unittest/test_storage.py
new file mode 100644
index 0000000..01276ce
--- /dev/null
+++ b/unittest/test_storage.py
@@ -0,0 +1,114 @@
+import pytest
+
+from misc import ffi, gs, wait, cast_pointer_to_tuple
+from constants import DefaultPasswords, DeviceErrorCode, RFC_SECRET, LibraryErrors
+
+import pprint
+pprint = pprint.PrettyPrinter(indent=4).pprint
+
+
+def get_dict_from_dissect(status):
+    x = []
+    for s in status.split('\n'):
+        try:
+            if not ':' in s: continue
+            ss = s.replace('\t', '').replace(' (int) ', '').split(':')
+            if not len(ss) == 2: continue
+            x.append(ss)
+        except:
+            pass
+    d = {k.strip(): v.strip() for k, v in x}
+    return d
+
+
+def test_get_status_storage(C):
+    status_pointer = C.NK_get_status_storage_as_string()
+    assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK
+    status_string = gs(status_pointer)
+    assert len(status_string) > 0
+    status_dict = get_dict_from_dissect(status_string)
+    default_admin_password_retry_count = 3
+    assert int(status_dict['AdminPwRetryCount']) == default_admin_password_retry_count
+
+
+def test_sd_card_usage(C):
+    data_pointer = C.NK_get_SD_usage_data_as_string()
+    assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK
+    data_string = gs(data_pointer)
+    assert len(data_string) > 0
+    data_dict = get_dict_from_dissect(data_string)
+    assert int(data_dict['WriteLevelMax']) <= 100
+
+
+def test_encrypted_volume_unlock(C):
+    assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK
+    assert C.NK_unlock_encrypted_volume(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK
+
+
+def test_encrypted_volume_unlock_hidden(C):
+    hidden_volume_password = 'hiddenpassword'
+    assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK
+    assert C.NK_unlock_encrypted_volume(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK
+    assert C.NK_create_hidden_volume(0, 20, 21, hidden_volume_password) == DeviceErrorCode.STATUS_OK
+    assert C.NK_unlock_hidden_volume(hidden_volume_password) == DeviceErrorCode.STATUS_OK
+
+@pytest.mark.skip(reason='hangs device, to report')
+def test_encrypted_volume_setup_multiple_hidden(C):
+    hidden_volume_password = 'hiddenpassword'
+    p = lambda i: hidden_volume_password + str(i)
+    assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK
+    assert C.NK_unlock_encrypted_volume(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK
+    for i in range(4):
+        assert C.NK_create_hidden_volume(i, 20+i*10, 20+i*10+i+1, p(i) ) == DeviceErrorCode.STATUS_OK
+    for i in range(4):
+        assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK
+        assert C.NK_unlock_encrypted_volume(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK
+        assert C.NK_unlock_hidden_volume(p(i)) == DeviceErrorCode.STATUS_OK
+
+
+def test_unencrypted_volume_set_read_only(C):
+    assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK
+    assert C.NK_set_unencrypted_read_only(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK
+
+
+def test_unencrypted_volume_set_read_write(C):
+    assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK
+    assert C.NK_set_unencrypted_read_write(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK
+
+
+def test_export_firmware(C):
+    assert C.NK_export_firmware(DefaultPasswords.ADMIN) == DeviceErrorCode.STATUS_OK
+
+
+def test_clear_new_sd_card_notification(C):
+    assert C.NK_clear_new_sd_card_warning(DefaultPasswords.ADMIN) == DeviceErrorCode.STATUS_OK
+
+
+@pytest.mark.skip
+def test_fill_SD_card(C):
+    status = C.NK_fill_SD_card_with_random_data(DefaultPasswords.ADMIN)
+    assert status == DeviceErrorCode.STATUS_OK or status == DeviceErrorCode.BUSY
+    while 1:
+        value = C.NK_get_progress_bar_value()
+        if value == -1: break
+        assert 0 <= value <= 100
+        assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK
+        wait(5)
+
+
+def test_get_busy_progress_on_idle(C):
+    value = C.NK_get_progress_bar_value()
+    assert value == -1
+    assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK
+
+
+def test_change_update_password(C):
+    wrong_password = 'aaaaaaaaaaa'
+    assert C.NK_change_update_password(wrong_password, DefaultPasswords.UPDATE_TEMP) == DeviceErrorCode.WRONG_PASSWORD
+    assert C.NK_change_update_password(DefaultPasswords.UPDATE, DefaultPasswords.UPDATE_TEMP) == DeviceErrorCode.STATUS_OK
+    assert C.NK_change_update_password(DefaultPasswords.UPDATE_TEMP, DefaultPasswords.UPDATE) == DeviceErrorCode.STATUS_OK
+
+
+def test_send_startup(C):
+    time_seconds_from_epoch = 0 # FIXME set proper date
+    assert C.NK_send_startup(time_seconds_from_epoch) == DeviceErrorCode.STATUS_OK