From b1fbfa8eede1f2f9d003e49c027d5e4cb8a56bfe Mon Sep 17 00:00:00 2001
From: Szczepan Zalega <szczepan@nitrokey.com>
Date: Tue, 2 Aug 2016 13:38:22 +0200
Subject: Support for command: is_aes_supported

Signed-off-by: Szczepan Zalega <szczepan@nitrokey.com>
---
 NK_C_API.cc                |  8 ++++++++
 NK_C_API.h                 |  6 ++++++
 NitrokeyManager.cc         | 15 +++++++++++++++
 include/NitrokeyManager.h  |  2 ++
 include/device.h           |  2 +-
 include/stick10_commands.h |  8 ++++++--
 unittest/test_bindings.py  |  6 ++++++
 7 files changed, 44 insertions(+), 3 deletions(-)

diff --git a/NK_C_API.cc b/NK_C_API.cc
index 81a18b5..0e3a642 100644
--- a/NK_C_API.cc
+++ b/NK_C_API.cc
@@ -415,5 +415,13 @@ extern int NK_erase_password_safe_slot(uint8_t slot_number) {
     });
 }
 
+extern int NK_is_AES_supported(const char *user_password) {
+    auto m = NitrokeyManager::instance();
+    return get_with_result([&](){
+       return (uint8_t) m->is_AES_supported(user_password);
+    });
+}
+
+
 }
 
diff --git a/NK_C_API.h b/NK_C_API.h
index 1882545..af226ac 100644
--- a/NK_C_API.h
+++ b/NK_C_API.h
@@ -292,6 +292,12 @@ extern int NK_write_password_safe_slot(uint8_t slot_number, const char *slot_nam
  * @return command processing error code
  */
 extern int NK_erase_password_safe_slot(uint8_t slot_number);
+
+/**
+ * Check whether AES is supported by the device
+ * @return 0 for no and 1 for yes
+ */
+extern int NK_is_AES_supported(const char *user_password);
 }
 
 
diff --git a/NitrokeyManager.cc b/NitrokeyManager.cc
index fc1daa5..ef7358f 100644
--- a/NitrokeyManager.cc
+++ b/NitrokeyManager.cc
@@ -270,6 +270,11 @@ namespace nitrokey{
     }
 
     void NitrokeyManager::enable_password_safe(const char *user_pin) {
+        //The following command will cancel enabling PWS if it is not supported
+        auto a = get_payload<IsAESSupported>();
+        strcpyT(a.user_password, user_pin);
+        IsAESSupported::CommandTransaction::run(*device, a);
+
         auto p = get_payload<EnablePasswordSafe>();
         strcpyT(p.user_password, user_pin);
         EnablePasswordSafe::CommandTransaction::run(*device, p);
@@ -390,4 +395,14 @@ namespace nitrokey{
         return v;
     }
 
+    bool NitrokeyManager::is_AES_supported(const char *user_password) {
+        try {
+            auto a = get_payload<IsAESSupported>();
+            strcpyT(a.user_password, user_password);
+                IsAESSupported::CommandTransaction::run(*device, a);
+            }
+        catch (CommandFailedException &ex) {};
+        return device->get_last_command_status() == 0;
+    }
+
 }
\ No newline at end of file
diff --git a/include/NitrokeyManager.h b/include/NitrokeyManager.h
index 4f1dcfa..e9b3be2 100644
--- a/include/NitrokeyManager.h
+++ b/include/NitrokeyManager.h
@@ -75,6 +75,8 @@ namespace nitrokey {
 
         vector<uint8_t> read_config();
 
+        bool is_AES_supported(const char *user_password);
+
     private:
         NitrokeyManager();
         ~NitrokeyManager();
diff --git a/include/device.h b/include/device.h
index ffc38e5..a27c019 100644
--- a/include/device.h
+++ b/include/device.h
@@ -50,7 +50,7 @@ public:
   std::chrono::milliseconds get_retry_timeout() const { return m_retry_timeout; };
     std::chrono::milliseconds get_send_receive_delay() const {return m_send_receive_delay;}
 
-    int get_last_command_status() const;
+    int get_last_command_status() const {return last_command_status;};
     void set_last_command_status(uint8_t _err) { last_command_status = _err;} ;
     bool last_command_sucessfull() const {return last_command_status == 0;};
     DeviceModel get_device_model() const {return m_model;}
diff --git a/include/stick10_commands.h b/include/stick10_commands.h
index 6df8727..e49e2a4 100644
--- a/include/stick10_commands.h
+++ b/include/stick10_commands.h
@@ -714,11 +714,15 @@ class ChangeUserPin : Command<CommandID::CHANGE_USER_PIN> {
       CommandTransaction;
 };
 
-// TODO why is it needed?
 class IsAESSupported : Command<CommandID::DETECT_SC_AES> {
  public:
   struct CommandPayload {
-    uint8_t password[20];
+    uint8_t user_password[20];
+      std::string dissect() const {
+          std::stringstream ss;
+          ss << " user_password:\t" <<  user_password<< std::endl;
+          return ss.str();
+      }
   } __packed;
 
   typedef Transaction<command_id(), struct CommandPayload, struct EmptyPayload>
diff --git a/unittest/test_bindings.py b/unittest/test_bindings.py
index ddae6e7..d65eeaf 100644
--- a/unittest/test_bindings.py
+++ b/unittest/test_bindings.py
@@ -121,6 +121,7 @@ def test_issue_device_locks_on_second_key_generation_in_sequence(C):
 
 def test_regenerate_aes_key(C):
     C.NK_set_debug(True)
+    assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
     assert C.NK_build_aes_key(DefaultPasswords.ADMIN) == DeviceErrorCode.STATUS_OK
     assert C.NK_enable_password_safe(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK
 
@@ -157,6 +158,11 @@ def test_destroy_password_safe(C):
     assert is_slot_programmed[0] == 0
 
 
+def test_is_AES_supported(C):
+    aes_supported = C.NK_is_AES_supported(DefaultPasswords.USER)
+    assert aes_supported == 1
+    assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK
+
 
 def test_admin_PIN_change(C):
     new_password = '123123123'
-- 
cgit v1.2.1