From 99ac7ee964bf273708441a3012ba89c7729ceadb Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Mon, 11 Dec 2017 18:40:00 +0100 Subject: Add new commands for Storage v0.49 Signed-off-by: Szczepan Zalega --- command_id.cc | 11 +++++++++++ include/command_id.h | 7 +++++++ 2 files changed, 18 insertions(+) diff --git a/command_id.cc b/command_id.cc index 9c6c590..d81d487 100644 --- a/command_id.cc +++ b/command_id.cc @@ -134,6 +134,17 @@ const char *commandid_to_string(CommandID id) { case CommandID::CHANGE_UPDATE_PIN: return "CHANGE_UPDATE_PIN"; + case CommandID::ENABLE_ADMIN_READONLY_UNCRYPTED_LUN: + return "ENABLE_ADMIN_READONLY_UNCRYPTED_LUN"; + case CommandID::ENABLE_ADMIN_READWRITE_UNCRYPTED_LUN: + return "ENABLE_ADMIN_READWRITE_UNCRYPTED_LUN"; + case CommandID::ENABLE_ADMIN_READONLY_ENCRYPTED_LUN: + return "ENABLE_ADMIN_READONLY_ENCRYPTED_LUN"; + case CommandID::ENABLE_ADMIN_READWRITE_ENCRYPTED_LUN: + return "ENABLE_ADMIN_READWRITE_ENCRYPTED_LUN"; + case CommandID::CHECK_SMARTCARD_USAGE: + return "CHECK_SMARTCARD_USAGE"; + case CommandID::GET_PW_SAFE_SLOT_STATUS: return "GET_PW_SAFE_SLOT_STATUS"; case CommandID::GET_PW_SAFE_SLOT_NAME: diff --git a/include/command_id.h b/include/command_id.h index 7608201..1092ea9 100644 --- a/include/command_id.h +++ b/include/command_id.h @@ -124,6 +124,13 @@ enum class CommandID : uint8_t { CHANGE_UPDATE_PIN = 0x20 + 26, + //added in v0.48.5 + ENABLE_ADMIN_READONLY_UNCRYPTED_LUN = 0x20 + 28, + ENABLE_ADMIN_READWRITE_UNCRYPTED_LUN = 0x20 + 29, + ENABLE_ADMIN_READONLY_ENCRYPTED_LUN = 0x20 + 30, + ENABLE_ADMIN_READWRITE_ENCRYPTED_LUN = 0x20 + 31, + CHECK_SMARTCARD_USAGE = 0x20 + 32, + GET_PW_SAFE_SLOT_STATUS = 0x60, GET_PW_SAFE_SLOT_NAME = 0x61, GET_PW_SAFE_SLOT_PASSWORD = 0x62, -- cgit v1.2.3 From 0b0898f2b5d88738aa8f49ce6b9ba98db1c775f7 Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Tue, 12 Dec 2017 14:21:19 +0100 Subject: Support execution of the 0.49 commands Signed-off-by: Szczepan Zalega --- NitrokeyManager.cc | 20 ++++++++++++++++++++ include/NitrokeyManager.h | 8 ++++++++ include/stick20_commands.h | 15 +++++++++++++++ 3 files changed, 43 insertions(+) diff --git a/NitrokeyManager.cc b/NitrokeyManager.cc index 814c4a6..14e3952 100644 --- a/NitrokeyManager.cc +++ b/NitrokeyManager.cc @@ -789,6 +789,14 @@ using nitrokey::misc::strcpyT; misc::execute_password_command(device, hidden_volume_password); } + void NitrokeyManager::set_encrypted_volume_read_only(const char* admin_pin) { + misc::execute_password_command(device, admin_pin); + } + + void NitrokeyManager::set_encrypted_volume_read_write(const char* admin_pin) { + misc::execute_password_command(device, admin_pin); + } + //TODO check is encrypted volume unlocked before execution //if not return library exception void NitrokeyManager::create_hidden_volume(uint8_t slot_nr, uint8_t start_percent, uint8_t end_percent, @@ -802,13 +810,25 @@ using nitrokey::misc::strcpyT; } void NitrokeyManager::set_unencrypted_read_only(const char* user_pin) { + //available until 0.48 misc::execute_password_command(device, user_pin); } void NitrokeyManager::set_unencrypted_read_write(const char* user_pin) { + //available until 0.48 misc::execute_password_command(device, user_pin); } + void NitrokeyManager::set_unencrypted_read_only_admin_pin(const char* admin_pin) { + //available from 0.49 + misc::execute_password_command(device, admin_pin); + } + + void NitrokeyManager::set_unencrypted_read_write_admin_pin(const char* admin_pin) { + //available from 0.49 + misc::execute_password_command(device, admin_pin); + } + void NitrokeyManager::export_firmware(const char* admin_pin) { misc::execute_password_command(device, admin_pin); } diff --git a/include/NitrokeyManager.h b/include/NitrokeyManager.h index 9a1686c..8f47860 100644 --- a/include/NitrokeyManager.h +++ b/include/NitrokeyManager.h @@ -202,6 +202,14 @@ char * strndup(const char* str, size_t maxlen); void set_loglevel(Loglevel loglevel); void set_loglevel(int loglevel); + + void set_encrypted_volume_read_only(const char *admin_pin); + + void set_encrypted_volume_read_write(const char *admin_pin); + + void set_unencrypted_read_write_admin_pin(const char *admin_pin); + + void set_unencrypted_read_only_admin_pin(const char *admin_pin); }; } diff --git a/include/stick20_commands.h b/include/stick20_commands.h index 34bd547..f45283f 100644 --- a/include/stick20_commands.h +++ b/include/stick20_commands.h @@ -52,6 +52,15 @@ namespace nitrokey { class EnableEncryptedPartition : public PasswordCommand {}; class EnableHiddenEncryptedPartition : public PasswordCommand {}; + class SetUnencryptedVolumeReadOnlyAdmin : + public PasswordCommand {}; + class SetUnencryptedVolumeReadWriteAdmin : + public PasswordCommand {}; + class SetEncryptedVolumeReadOnly : + public PasswordCommand {}; + class SetEncryptedVolumeReadWrite : + public PasswordCommand {}; + //FIXME the volume disabling commands do not need password class DisableEncryptedPartition : public PasswordCommand {}; class DisableHiddenEncryptedPartition : public PasswordCommand {}; @@ -265,6 +274,12 @@ namespace nitrokey { CommandTransaction; }; + class CheckSmartcardUsage : Command { + public: + typedef Transaction + CommandTransaction; + }; + class GetSDCardOccupancy : Command { public: struct ResponsePayload { -- cgit v1.2.3 From 809b618d4d064cedc7070cac5ccc8797e5d89f54 Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Tue, 12 Dec 2017 16:58:24 +0100 Subject: Correct getting minor and major from firmware version Add get_minor_firmware_version Correct get_major_firmware version (was returning minor instead) Name 3rd version field for test builds Use minor firmware version in tests Signed-off-by: Szczepan Zalega --- NK_C_API.cc | 7 +++++++ NK_C_API.h | 8 +++++++- NitrokeyManager.cc | 18 ++++++++++++++++-- include/NitrokeyManager.h | 2 ++ include/stick10_commands.h | 8 +++++++- include/stick20_commands.h | 9 +++++---- unittest/conftest.py | 2 +- 7 files changed, 45 insertions(+), 9 deletions(-) diff --git a/NK_C_API.cc b/NK_C_API.cc index 33a5fbb..c886b6a 100644 --- a/NK_C_API.cc +++ b/NK_C_API.cc @@ -567,6 +567,13 @@ extern "C" { } NK_C_API int NK_get_major_firmware_version() { + auto m = NitrokeyManager::instance(); + return get_with_result([&]() { + return m->get_major_firmware_version(); + }); + } + + NK_C_API int NK_get_minor_firmware_version() { auto m = NitrokeyManager::instance(); return get_with_result([&]() { return m->get_minor_firmware_version(); diff --git a/NK_C_API.h b/NK_C_API.h index a4fb088..0131caa 100644 --- a/NK_C_API.h +++ b/NK_C_API.h @@ -360,10 +360,16 @@ extern "C" { /** * Get device's major firmware version - * @return 7,8 for Pro and major for Storage + * @return major part of the version number (e.g. 0 from 0.48, 0 from 0.7 etc.) */ NK_C_API int NK_get_major_firmware_version(); + /** + * Get device's minor firmware version + * @return minor part of the version number (e.g. 7 from 0.7, 48 from 0.48 etc.) + */ + NK_C_API int NK_get_minor_firmware_version(); + /** diff --git a/NitrokeyManager.cc b/NitrokeyManager.cc index 14e3952..d12bf54 100644 --- a/NitrokeyManager.cc +++ b/NitrokeyManager.cc @@ -755,11 +755,25 @@ using nitrokey::misc::strcpyT; switch(device->get_device_model()){ case DeviceModel::PRO:{ auto status_p = GetStatus::CommandTransaction::run(device); - return status_p.data().firmware_version; //7 or 8 + return status_p.data().firmware_version_st.minor; //7 or 8 } case DeviceModel::STORAGE:{ auto status = stick20::GetDeviceStatus::CommandTransaction::run(device); - return status.data().versionInfo.minor; + auto test_firmware = status.data().versionInfo.build_iteration != 0; + return status.data().versionInfo.minor + (test_firmware? 1 : 0); + } + } + return 0; + } + int NitrokeyManager::get_major_firmware_version(){ + switch(device->get_device_model()){ + case DeviceModel::PRO:{ + auto status_p = GetStatus::CommandTransaction::run(device); + return status_p.data().firmware_version_st.major; //0 + } + case DeviceModel::STORAGE:{ + auto status = stick20::GetDeviceStatus::CommandTransaction::run(device); + return status.data().versionInfo.major; } } return 0; diff --git a/include/NitrokeyManager.h b/include/NitrokeyManager.h index 8f47860..f6e02cc 100644 --- a/include/NitrokeyManager.h +++ b/include/NitrokeyManager.h @@ -210,6 +210,8 @@ char * strndup(const char* str, size_t maxlen); void set_unencrypted_read_write_admin_pin(const char *admin_pin); void set_unencrypted_read_only_admin_pin(const char *admin_pin); + + int get_major_firmware_version(); }; } diff --git a/include/stick10_commands.h b/include/stick10_commands.h index c9a5e5b..893b98f 100644 --- a/include/stick10_commands.h +++ b/include/stick10_commands.h @@ -367,7 +367,13 @@ class ReadSlot : Command { class GetStatus : Command { public: struct ResponsePayload { - uint16_t firmware_version; + union { + uint16_t firmware_version; + struct { + uint8_t minor; + uint8_t major; + } firmware_version_st; + }; union{ uint8_t card_serial[4]; uint32_t card_serial_u32; diff --git a/include/stick20_commands.h b/include/stick20_commands.h index f45283f..4b75e6a 100644 --- a/include/stick20_commands.h +++ b/include/stick20_commands.h @@ -168,10 +168,10 @@ namespace nitrokey { union{ uint8_t VersionInfo_au8[4]; struct { - uint8_t _reserved; + uint8_t major; uint8_t minor; uint8_t _reserved2; - uint8_t major; + uint8_t build_iteration; } __packed versionInfo; } __packed; @@ -215,8 +215,9 @@ namespace nitrokey { print_to_ss((int) ReadWriteFlagUncryptedVolume_u8 ); print_to_ss((int) ReadWriteFlagCryptedVolume_u8 ); print_to_ss((int) ReadWriteFlagHiddenVolume_u8 ); - print_to_ss((int) VersionInfo_au8[1] ); - print_to_ss((int) VersionInfo_au8[3] ); + print_to_ss((int) versionInfo.major ); + print_to_ss((int) versionInfo.minor ); + print_to_ss((int) versionInfo.build_iteration ); print_to_ss((int) FirmwareLocked_u8 ); print_to_ss((int) NewSDCardFound_u8 ); print_to_ss((int) NewSDCardFound_st.NewCard ); diff --git a/unittest/conftest.py b/unittest/conftest.py index 8f386e0..edcbff4 100644 --- a/unittest/conftest.py +++ b/unittest/conftest.py @@ -83,7 +83,7 @@ def C(request): print('No devices detected!') assert nk_login != 0 # returns 0 if not connected or wrong model or 1 when connected global device_type - firmware_version = C.NK_get_major_firmware_version() + firmware_version = C.NK_get_minor_firmware_version() model = 'P' if firmware_version in [7,8] else 'S' device_type = (model, firmware_version) -- cgit v1.2.3 From 1411b1bd795bcf4a382dd8ed2aa09f94e352f848 Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Tue, 12 Dec 2017 17:24:55 +0100 Subject: Unify unencrypted volume ro/rw switching For 0.49 run new command, which needs Admin PIN For 0.48 and lower run old command Signed-off-by: Szczepan Zalega --- NitrokeyManager.cc | 24 ++++++++++-------------- include/NitrokeyManager.h | 4 ---- 2 files changed, 10 insertions(+), 18 deletions(-) diff --git a/NitrokeyManager.cc b/NitrokeyManager.cc index d12bf54..eb52eee 100644 --- a/NitrokeyManager.cc +++ b/NitrokeyManager.cc @@ -824,23 +824,19 @@ using nitrokey::misc::strcpyT; } void NitrokeyManager::set_unencrypted_read_only(const char* user_pin) { - //available until 0.48 - misc::execute_password_command(device, user_pin); + //until 0.48 User PIN was sufficient, from 0.49 it needs Admin PIN + if (get_minor_firmware_version()<=48) + misc::execute_password_command(device, user_pin); + else + misc::execute_password_command(device, user_pin); } void NitrokeyManager::set_unencrypted_read_write(const char* user_pin) { - //available until 0.48 - misc::execute_password_command(device, user_pin); - } - - void NitrokeyManager::set_unencrypted_read_only_admin_pin(const char* admin_pin) { - //available from 0.49 - misc::execute_password_command(device, admin_pin); - } - - void NitrokeyManager::set_unencrypted_read_write_admin_pin(const char* admin_pin) { - //available from 0.49 - misc::execute_password_command(device, admin_pin); + //until 0.48 User PIN was sufficient, from 0.49 it needs Admin PIN + if (get_minor_firmware_version()<=48) + misc::execute_password_command(device, user_pin); + else + misc::execute_password_command(device, user_pin); } void NitrokeyManager::export_firmware(const char* admin_pin) { diff --git a/include/NitrokeyManager.h b/include/NitrokeyManager.h index f6e02cc..e0aa59f 100644 --- a/include/NitrokeyManager.h +++ b/include/NitrokeyManager.h @@ -207,10 +207,6 @@ char * strndup(const char* str, size_t maxlen); void set_encrypted_volume_read_write(const char *admin_pin); - void set_unencrypted_read_write_admin_pin(const char *admin_pin); - - void set_unencrypted_read_only_admin_pin(const char *admin_pin); - int get_major_firmware_version(); }; } -- cgit v1.2.3 From 0363caa230c06f920c9bd6bd9ecc349d322af016 Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Tue, 12 Dec 2017 17:25:46 +0100 Subject: Tests for unencrypted volume switching with Admin PIN Signed-off-by: Szczepan Zalega --- unittest/test_storage.py | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/unittest/test_storage.py b/unittest/test_storage.py index 67bbf8b..9d39371 100644 --- a/unittest/test_storage.py +++ b/unittest/test_storage.py @@ -273,6 +273,20 @@ def test_unencrypted_volume_set_read_write(C): assert C.NK_set_unencrypted_read_write(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK +@pytest.mark.unencrypted +def test_unencrypted_volume_set_read_only(C): + skip_if_device_version_lower_than({'S': 49}) + assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK + assert C.NK_set_unencrypted_read_only(DefaultPasswords.ADMIN) == DeviceErrorCode.STATUS_OK + + +@pytest.mark.unencrypted +def test_unencrypted_volume_set_read_write(C): + skip_if_device_version_lower_than({'S': 49}) + assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK + assert C.NK_set_unencrypted_read_write(DefaultPasswords.ADMIN) == DeviceErrorCode.STATUS_OK + + @pytest.mark.other def test_export_firmware(C): skip_if_device_version_lower_than({'S': 43}) -- cgit v1.2.3 From 025774fc3759683a8ec0f6b1598b1e34b550e6d5 Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Tue, 12 Dec 2017 17:31:36 +0100 Subject: Tests: set debug level from environment variable, show connected device model and version Signed-off-by: Szczepan Zalega --- NitrokeyManager.cc | 1 + unittest/conftest.py | 6 ++++-- unittest/test_storage.py | 2 ++ 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/NitrokeyManager.cc b/NitrokeyManager.cc index eb52eee..de52e25 100644 --- a/NitrokeyManager.cc +++ b/NitrokeyManager.cc @@ -30,6 +30,7 @@ #include #include "include/cxx_semantics.h" #include +#include std::mutex nitrokey::proto::send_receive_mtx; diff --git a/unittest/conftest.py b/unittest/conftest.py index edcbff4..26536cf 100644 --- a/unittest/conftest.py +++ b/unittest/conftest.py @@ -77,7 +77,8 @@ def C(request): print("No library file found") sys.exit(1) - C.NK_set_debug(False) + C.NK_set_debug_level(int(os.environ.get('LIBNK_DEBUG', 2))) + nk_login = C.NK_login_auto() if nk_login != 1: print('No devices detected!') @@ -86,6 +87,7 @@ def C(request): firmware_version = C.NK_get_minor_firmware_version() model = 'P' if firmware_version in [7,8] else 'S' device_type = (model, firmware_version) + print('Connected device: {} {}'.format(model, firmware_version)) # assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK # assert C.NK_user_authenticate(DefaultPasswords.USER, DefaultPasswords.USER_TEMP) == DeviceErrorCode.STATUS_OK @@ -99,6 +101,6 @@ def C(request): request.addfinalizer(fin) # C.NK_set_debug(True) - C.NK_set_debug_level(3) + C.NK_set_debug_level(int(os.environ.get('LIBNK_DEBUG', 3))) return C diff --git a/unittest/test_storage.py b/unittest/test_storage.py index 9d39371..f3fd801 100644 --- a/unittest/test_storage.py +++ b/unittest/test_storage.py @@ -53,6 +53,8 @@ def test_get_status_storage(C): status_dict = get_dict_from_dissect(status_string.decode('ascii')) default_admin_password_retry_count = 3 assert int(status_dict['AdminPwRetryCount']) == default_admin_password_retry_count + print('C.NK_get_major_firmware_version(): {}'.format(C.NK_get_major_firmware_version())) + print('C.NK_get_minor_firmware_version(): {}'.format(C.NK_get_minor_firmware_version())) @pytest.mark.other -- cgit v1.2.3 From 66a67b7b69b9cb43a810449761c78883e9e11bd6 Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Tue, 12 Dec 2017 17:41:01 +0100 Subject: C API for Encrypted volume ro/rw switch Signed-off-by: Szczepan Zalega --- NK_C_API.cc | 14 ++++++++++++++ NK_C_API.h | 23 +++++++++++++++++++++++ 2 files changed, 37 insertions(+) diff --git a/NK_C_API.cc b/NK_C_API.cc index c886b6a..9b53b49 100644 --- a/NK_C_API.cc +++ b/NK_C_API.cc @@ -509,6 +509,20 @@ extern "C" { }); } + NK_C_API int NK_set_encrypted_read_only(const char* admin_pin) { + auto m = NitrokeyManager::instance(); + return get_without_result([&]() { + m->set_encrypted_volume_read_only(admin_pin); + }); + } + + NK_C_API int NK_set_encrypted_read_write(const char* admin_pin) { + auto m = NitrokeyManager::instance(); + return get_without_result([&]() { + m->set_encrypted_volume_read_write(admin_pin); + }); + } + NK_C_API int NK_export_firmware(const char* admin_pin) { auto m = NitrokeyManager::instance(); return get_without_result([&]() { diff --git a/NK_C_API.h b/NK_C_API.h index 0131caa..bd7130f 100644 --- a/NK_C_API.h +++ b/NK_C_API.h @@ -444,6 +444,29 @@ extern "C" { */ NK_C_API int NK_set_unencrypted_read_write(const char* user_pin); + /** + * Make encrypted volume read-only. + * Device hides encrypted volume for a second therefore make sure + * buffers are flushed before running. + * Storage only + * @param admin_pin 20 characters + * @return command processing error code + */ + NK_C_API int NK_set_encrypted_read_only(const char* admin_pin); + + /** + * Make encrypted volume read-write. + * Device hides encrypted volume for a second therefore make sure + * buffers are flushed before running. + * Storage only + * @param admin_pin 20 characters + * @return command processing error code + */ + NK_C_API int NK_set_encrypted_read_write(const char* admin_pin); + + + + /** * Exports device's firmware to unencrypted volume. * Storage only -- cgit v1.2.3 From 08e0a45a8f10ae4fbe294a903b3a6264aa3c4333 Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Tue, 12 Dec 2017 17:45:35 +0100 Subject: Correct variable name for unencrypted ro/rw switch Signed-off-by: Szczepan Zalega --- NK_C_API.cc | 8 ++++---- NK_C_API.h | 10 ++++++---- NitrokeyManager.cc | 12 ++++++------ include/NitrokeyManager.h | 4 ++-- 4 files changed, 18 insertions(+), 16 deletions(-) diff --git a/NK_C_API.cc b/NK_C_API.cc index 9b53b49..8ce318f 100644 --- a/NK_C_API.cc +++ b/NK_C_API.cc @@ -495,17 +495,17 @@ extern "C" { }); } - NK_C_API int NK_set_unencrypted_read_only(const char* user_pin) { + NK_C_API int NK_set_unencrypted_read_only(const char* user_admin_pin) { auto m = NitrokeyManager::instance(); return get_without_result([&]() { - m->set_unencrypted_read_only(user_pin); + m->set_unencrypted_read_only(user_admin_pin); }); } - NK_C_API int NK_set_unencrypted_read_write(const char* user_pin) { + NK_C_API int NK_set_unencrypted_read_write(const char* user_admin_pin) { auto m = NitrokeyManager::instance(); return get_without_result([&]() { - m->set_unencrypted_read_write(user_pin); + m->set_unencrypted_read_write(user_admin_pin); }); } diff --git a/NK_C_API.h b/NK_C_API.h index bd7130f..9ab29b5 100644 --- a/NK_C_API.h +++ b/NK_C_API.h @@ -428,21 +428,23 @@ extern "C" { * Make unencrypted volume read-only. * Device hides unencrypted volume for a second therefore make sure * buffers are flushed before running. + * Accepts: User PIN for Storage v0.48 and below, Admin PIN for Storage v0.49+ * Storage only - * @param user_pin 20 characters + * @param user_admin_pin 20 characters * @return command processing error code */ - NK_C_API int NK_set_unencrypted_read_only(const char* user_pin); + NK_C_API int NK_set_unencrypted_read_only(const char* user_admin_pin); /** * Make unencrypted volume read-write. * Device hides unencrypted volume for a second therefore make sure * buffers are flushed before running. + * Accepts: User PIN for Storage v0.48 and below, Admin PIN for Storage v0.49+ * Storage only - * @param user_pin 20 characters + * @param user_admin_pin 20 characters * @return command processing error code */ - NK_C_API int NK_set_unencrypted_read_write(const char* user_pin); + NK_C_API int NK_set_unencrypted_read_write(const char* user_admin_pin); /** * Make encrypted volume read-only. diff --git a/NitrokeyManager.cc b/NitrokeyManager.cc index de52e25..d4a13d1 100644 --- a/NitrokeyManager.cc +++ b/NitrokeyManager.cc @@ -824,20 +824,20 @@ using nitrokey::misc::strcpyT; stick20::SetupHiddenVolume::CommandTransaction::run(device, p); } - void NitrokeyManager::set_unencrypted_read_only(const char* user_pin) { + void NitrokeyManager::set_unencrypted_read_only(const char* user_admin_pin) { //until 0.48 User PIN was sufficient, from 0.49 it needs Admin PIN if (get_minor_firmware_version()<=48) - misc::execute_password_command(device, user_pin); + misc::execute_password_command(device, user_admin_pin); else - misc::execute_password_command(device, user_pin); + misc::execute_password_command(device, user_admin_pin); } - void NitrokeyManager::set_unencrypted_read_write(const char* user_pin) { + void NitrokeyManager::set_unencrypted_read_write(const char* user_admin_pin) { //until 0.48 User PIN was sufficient, from 0.49 it needs Admin PIN if (get_minor_firmware_version()<=48) - misc::execute_password_command(device, user_pin); + misc::execute_password_command(device, user_admin_pin); else - misc::execute_password_command(device, user_pin); + misc::execute_password_command(device, user_admin_pin); } void NitrokeyManager::export_firmware(const char* admin_pin) { diff --git a/include/NitrokeyManager.h b/include/NitrokeyManager.h index e0aa59f..67dd128 100644 --- a/include/NitrokeyManager.h +++ b/include/NitrokeyManager.h @@ -126,9 +126,9 @@ char * strndup(const char* str, size_t maxlen); void unlock_hidden_volume(const char *hidden_volume_password); void lock_hidden_volume(); - void set_unencrypted_read_only(const char *user_pin); + void set_unencrypted_read_only(const char *user_admin_pin); - void set_unencrypted_read_write(const char *user_pin); + void set_unencrypted_read_write(const char *user_admin_pin); void export_firmware(const char *admin_pin); void enable_firmware_update(const char *firmware_pin); -- cgit v1.2.3 From 60b14805b2cb80808c2fcf644699e7cde8e088ac Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Tue, 12 Dec 2017 18:10:28 +0100 Subject: Add tests for Encrypted volume ro/rw switch Signed-off-by: Szczepan Zalega --- unittest/test_storage.py | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/unittest/test_storage.py b/unittest/test_storage.py index f3fd801..9897727 100644 --- a/unittest/test_storage.py +++ b/unittest/test_storage.py @@ -289,6 +289,20 @@ def test_unencrypted_volume_set_read_write(C): assert C.NK_set_unencrypted_read_write(DefaultPasswords.ADMIN) == DeviceErrorCode.STATUS_OK +@pytest.mark.encrypted +def test_encrypted_volume_set_read_only(C): + skip_if_device_version_lower_than({'S': 49}) + assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK + assert C.NK_set_encrypted_read_only(DefaultPasswords.ADMIN) == DeviceErrorCode.STATUS_OK + + +@pytest.mark.encrypted +def test_encrypted_volume_set_read_write(C): + skip_if_device_version_lower_than({'S': 49}) + assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK + assert C.NK_set_encrypted_read_write(DefaultPasswords.ADMIN) == DeviceErrorCode.STATUS_OK + + @pytest.mark.other def test_export_firmware(C): skip_if_device_version_lower_than({'S': 43}) -- cgit v1.2.3 From 87478e8a8a5329a4f5e4a59364bd1f7f359b71e6 Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Tue, 12 Dec 2017 18:12:43 +0100 Subject: Allow to call CFFI loading function from Python console Signed-off-by: Szczepan Zalega --- unittest/conftest.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/unittest/conftest.py b/unittest/conftest.py index 26536cf..49f1502 100644 --- a/unittest/conftest.py +++ b/unittest/conftest.py @@ -34,7 +34,7 @@ def skip_if_device_version_lower_than(allowed_devices): @pytest.fixture(scope="module") -def C(request): +def C(request=None): fp = '../NK_C_API.h' declarations = [] @@ -99,7 +99,8 @@ def C(request): C.NK_logout() print('Finished') - request.addfinalizer(fin) + if request: + request.addfinalizer(fin) # C.NK_set_debug(True) C.NK_set_debug_level(int(os.environ.get('LIBNK_DEBUG', 3))) -- cgit v1.2.3 From c0ee79f93a97b511661f99d45606e2c433d15344 Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Wed, 20 Dec 2017 20:00:05 +0100 Subject: Do not run C_API tests if not connected Signed-off-by: Szczepan Zalega --- unittest/test_C_API.cpp | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/unittest/test_C_API.cpp b/unittest/test_C_API.cpp index d5076c4..be47f08 100644 --- a/unittest/test_C_API.cpp +++ b/unittest/test_C_API.cpp @@ -28,8 +28,10 @@ static const int TOO_LONG_STRING = 200; #include "log.h" #include "../NK_C_API.h" +int login; + TEST_CASE("C API connect", "[BASIC]") { - auto login = NK_login_auto(); + login = NK_login_auto(); REQUIRE(login != 0); NK_logout(); login = NK_login_auto(); @@ -40,11 +42,13 @@ TEST_CASE("C API connect", "[BASIC]") { } TEST_CASE("Check retry count", "[BASIC]") { + REQUIRE(login != 0); REQUIRE(NK_get_admin_retry_count() == 3); REQUIRE(NK_get_user_retry_count() == 3); } TEST_CASE("Check long strings", "[STANDARD]") { + REQUIRE(login != 0); const char* longPin = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"; const char* pin = "123123123"; auto result = NK_change_user_PIN(longPin, pin); -- cgit v1.2.3 From c93fdb6625ee952e5cf17e4caaeddf2975276f90 Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Wed, 20 Dec 2017 20:00:44 +0100 Subject: Implement command for testing smartcard status Signed-off-by: Szczepan Zalega --- NitrokeyManager.cc | 10 ++++++++++ include/CommandFailedException.h | 5 +++++ include/NitrokeyManager.h | 2 ++ 3 files changed, 17 insertions(+) diff --git a/NitrokeyManager.cc b/NitrokeyManager.cc index d4a13d1..fff5d64 100644 --- a/NitrokeyManager.cc +++ b/NitrokeyManager.cc @@ -752,6 +752,16 @@ using nitrokey::misc::strcpyT; return device->get_device_model(); } + bool NitrokeyManager::is_smartcard_in_use(){ + try{ + stick20::CheckSmartcardUsage::CommandTransaction::run(device); + } + catch(const CommandFailedException & e){ + return e.reason_smartcard_busy(); + } + return false; + } + int NitrokeyManager::get_minor_firmware_version(){ switch(device->get_device_model()){ case DeviceModel::PRO:{ diff --git a/include/CommandFailedException.h b/include/CommandFailedException.h index 42fad73..32bd6b7 100644 --- a/include/CommandFailedException.h +++ b/include/CommandFailedException.h @@ -28,6 +28,7 @@ #include "command_id.h" using cs = nitrokey::proto::stick10::command_status; +using cs2 = nitrokey::proto::stick20::device_status; class CommandFailedException : public std::exception { public: @@ -65,6 +66,10 @@ public: return last_command_status == static_cast(cs::wrong_password); } + bool reason_smartcard_busy() const throw(){ + return last_command_status == static_cast(cs2::smartcard_error); + } + }; diff --git a/include/NitrokeyManager.h b/include/NitrokeyManager.h index 67dd128..12aae0d 100644 --- a/include/NitrokeyManager.h +++ b/include/NitrokeyManager.h @@ -208,6 +208,8 @@ char * strndup(const char* str, size_t maxlen); void set_encrypted_volume_read_write(const char *admin_pin); int get_major_firmware_version(); + + bool is_smartcard_in_use(); }; } -- cgit v1.2.3 From caa4a0246d9ebe956d725feaa773eca2c8bd8f11 Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Fri, 22 Dec 2017 13:50:00 +0100 Subject: Extend busy status description Signed-off-by: Szczepan Zalega --- include/device_proto.h | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/include/device_proto.h b/include/device_proto.h index 7873a0a..50aea38 100644 --- a/include/device_proto.h +++ b/include/device_proto.h @@ -351,12 +351,14 @@ namespace nitrokey { LOG("Status busy, decreasing receiving_retry_counter counter: " + std::to_string(receiving_retry_counter) + ", current delay:" + std::to_string(retry_timeout.count()), Loglevel::DEBUG); - LOG(std::string("Busy retry ") + LOG(std::string("Busy retry: status ") + std::to_string(resp.storage_status.device_status) - + " " + + ", " + std::to_string(retry_timeout.count()) - + " " + + "ms, counter " + std::to_string(receiving_retry_counter) + + ", progress: " + + std::to_string(resp.storage_status.progress_bar_value) , Loglevel::DEBUG_L1); } } -- cgit v1.2.3 From 9b37634dd5c0783cc73e0317979968d0c454155e Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Fri, 22 Dec 2017 13:52:41 +0100 Subject: Add device status in logged CommandFailed throw Signed-off-by: Szczepan Zalega --- include/device_proto.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/device_proto.h b/include/device_proto.h index 50aea38..ebdcdbd 100644 --- a/include/device_proto.h +++ b/include/device_proto.h @@ -456,7 +456,7 @@ namespace nitrokey { if (resp.last_command_status != static_cast(stick10::command_status::ok)){ dev->m_counters.command_result_not_equal_0_recv++; - LOG(std::string("Throw: CommandFailedException"), Loglevel::DEBUG_L1); + LOG(std::string("Throw: CommandFailedException ") + std::to_string(resp.last_command_status), Loglevel::DEBUG_L1); throw CommandFailedException(resp.command_id, resp.last_command_status); } -- cgit v1.2.3 From 4e6d39e9aae54658eb68a739d9eff55ab797c204 Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Fri, 23 Feb 2018 09:37:31 +0100 Subject: Divide unencrypted volume ro/rw commands for backward compatibility Unencrypted volume ro/rw: rename user_admin_pin -> admin_pin to be consistent with latest API. Update description. Document PIN requirements in C++ API Extract pin type function Add C API for separate unencrypted volume read write handling Use correct commands to set ro/rw mode of unencrypted volume Signed-off-by: Szczepan Zalega --- NK_C_API.cc | 22 +++++++++++++---- NK_C_API.h | 43 ++++++++++++++++++++++++++------- NitrokeyManager.cc | 60 +++++++++++++++++++++++++++++++++++++---------- include/NitrokeyManager.h | 55 +++++++++++++++++++++++++++++++++++++++---- 4 files changed, 149 insertions(+), 31 deletions(-) diff --git a/NK_C_API.cc b/NK_C_API.cc index 8ce318f..f881caf 100644 --- a/NK_C_API.cc +++ b/NK_C_API.cc @@ -495,17 +495,31 @@ extern "C" { }); } - NK_C_API int NK_set_unencrypted_read_only(const char* user_admin_pin) { + NK_C_API int NK_set_unencrypted_read_only(const char *user_pin) { auto m = NitrokeyManager::instance(); return get_without_result([&]() { - m->set_unencrypted_read_only(user_admin_pin); + m->set_unencrypted_read_only(user_pin); }); } - NK_C_API int NK_set_unencrypted_read_write(const char* user_admin_pin) { + NK_C_API int NK_set_unencrypted_read_write(const char *user_pin) { auto m = NitrokeyManager::instance(); return get_without_result([&]() { - m->set_unencrypted_read_write(user_admin_pin); + m->set_unencrypted_read_write(user_pin); + }); + } + + NK_C_API int NK_set_unencrypted_read_only_admin(const char *admin_pin) { + auto m = NitrokeyManager::instance(); + return get_without_result([&]() { + m->set_unencrypted_read_only_admin(admin_pin); + }); + } + + NK_C_API int NK_set_unencrypted_read_write_admin(const char *admin_pin) { + auto m = NitrokeyManager::instance(); + return get_without_result([&]() { + m->set_unencrypted_read_write_admin(admin_pin); }); } diff --git a/NK_C_API.h b/NK_C_API.h index 9ab29b5..73022b2 100644 --- a/NK_C_API.h +++ b/NK_C_API.h @@ -428,28 +428,55 @@ extern "C" { * Make unencrypted volume read-only. * Device hides unencrypted volume for a second therefore make sure * buffers are flushed before running. - * Accepts: User PIN for Storage v0.48 and below, Admin PIN for Storage v0.49+ + * Does nothing if firmware version is not matched + * Firmware range: Storage v0.50, v0.48 and below * Storage only - * @param user_admin_pin 20 characters + * @param user_pin 20 characters User PIN * @return command processing error code */ - NK_C_API int NK_set_unencrypted_read_only(const char* user_admin_pin); + NK_C_API int NK_set_unencrypted_read_only(const char *user_pin); /** * Make unencrypted volume read-write. * Device hides unencrypted volume for a second therefore make sure * buffers are flushed before running. - * Accepts: User PIN for Storage v0.48 and below, Admin PIN for Storage v0.49+ + * Does nothing if firmware version is not matched + * Firmware range: Storage v0.50, v0.48 and below * Storage only - * @param user_admin_pin 20 characters + * @param user_pin 20 characters User PIN * @return command processing error code */ - NK_C_API int NK_set_unencrypted_read_write(const char* user_admin_pin); + NK_C_API int NK_set_unencrypted_read_write(const char *user_pin); + + /** + * Make unencrypted volume read-only. + * Device hides unencrypted volume for a second therefore make sure + * buffers are flushed before running. + * Does nothing if firmware version is not matched + * Firmware range: Storage v0.49, v0.51+ + * Storage only + * @param admin_pin 20 characters Admin PIN + * @return command processing error code + */ + NK_C_API int NK_set_unencrypted_read_only_admin(const char* admin_pin); + + /** + * Make unencrypted volume read-write. + * Device hides unencrypted volume for a second therefore make sure + * buffers are flushed before running. + * Does nothing if firmware version is not matched + * Firmware range: Storage v0.49, v0.51+ + * Storage only + * @param admin_pin 20 characters Admin PIN + * @return command processing error code + */ + NK_C_API int NK_set_unencrypted_read_write_admin(const char* admin_pin); /** * Make encrypted volume read-only. * Device hides encrypted volume for a second therefore make sure * buffers are flushed before running. + * Firmware range: v0.49 only, future (see firmware release notes) * Storage only * @param admin_pin 20 characters * @return command processing error code @@ -460,15 +487,13 @@ extern "C" { * Make encrypted volume read-write. * Device hides encrypted volume for a second therefore make sure * buffers are flushed before running. + * Firmware range: v0.49 only, future (see firmware release notes) * Storage only * @param admin_pin 20 characters * @return command processing error code */ NK_C_API int NK_set_encrypted_read_write(const char* admin_pin); - - - /** * Exports device's firmware to unencrypted volume. * Storage only diff --git a/NitrokeyManager.cc b/NitrokeyManager.cc index fff5d64..f912c7c 100644 --- a/NitrokeyManager.cc +++ b/NitrokeyManager.cc @@ -771,6 +771,8 @@ using nitrokey::misc::strcpyT; case DeviceModel::STORAGE:{ auto status = stick20::GetDeviceStatus::CommandTransaction::run(device); auto test_firmware = status.data().versionInfo.build_iteration != 0; + if (test_firmware) + LOG("Development firmware detected. Increasing minor version number.", nitrokey::log::Loglevel::WARNING); return status.data().versionInfo.minor + (test_firmware? 1 : 0); } } @@ -834,23 +836,55 @@ using nitrokey::misc::strcpyT; stick20::SetupHiddenVolume::CommandTransaction::run(device, p); } - void NitrokeyManager::set_unencrypted_read_only(const char* user_admin_pin) { - //until 0.48 User PIN was sufficient, from 0.49 it needs Admin PIN - if (get_minor_firmware_version()<=48) - misc::execute_password_command(device, user_admin_pin); - else - misc::execute_password_command(device, user_admin_pin); + void NitrokeyManager::set_unencrypted_read_only_admin(const char* admin_pin) { + //from v0.49, v0.51+ it needs Admin PIN + if (set_unencrypted_volume_rorw_pin_type_user(get_minor_firmware_version())){ + LOG("set_unencrypted_read_only_admin is not supported for this version of Storage device. " + "Please update firmware to v0.51+", nitrokey::log::Loglevel::WARNING); + return; + } + misc::execute_password_command(device, admin_pin); + } + + void NitrokeyManager::set_unencrypted_read_only(const char *user_pin) { + //until v0.48 (incl. v0.50) User PIN was sufficient + LOG("set_unencrypted_read_only is deprecated. Use set_unencrypted_read_only_admin instead.", + nitrokey::log::Loglevel::WARNING); + if (!set_unencrypted_volume_rorw_pin_type_user(get_minor_firmware_version())){ + LOG("set_unencrypted_read_only is not supported for this version of Storage device. Doing nothing.", + nitrokey::log::Loglevel::WARNING); + return; + } + misc::execute_password_command(device, user_pin); + } + + void NitrokeyManager::set_unencrypted_read_write_admin(const char* admin_pin) { + //from v0.49, v0.51+ it needs Admin PIN + if (set_unencrypted_volume_rorw_pin_type_user(get_minor_firmware_version())){ + LOG("set_unencrypted_read_write_admin is not supported for this version of Storage device. " + "Please update firmware to v0.51+.", nitrokey::log::Loglevel::WARNING); + return; + } + misc::execute_password_command(device, admin_pin); + } + + void NitrokeyManager::set_unencrypted_read_write(const char *user_pin) { + //until v0.48 (incl. v0.50) User PIN was sufficient + LOG("set_unencrypted_read_write is deprecated. Use set_unencrypted_read_write_admin instead.", + nitrokey::log::Loglevel::WARNING); + if (!set_unencrypted_volume_rorw_pin_type_user(get_minor_firmware_version())){ + LOG("set_unencrypted_read_write is not supported for this version of Storage device. Doing nothing.", + nitrokey::log::Loglevel::WARNING); + return; + } + misc::execute_password_command(device, user_pin); } - void NitrokeyManager::set_unencrypted_read_write(const char* user_admin_pin) { - //until 0.48 User PIN was sufficient, from 0.49 it needs Admin PIN - if (get_minor_firmware_version()<=48) - misc::execute_password_command(device, user_admin_pin); - else - misc::execute_password_command(device, user_admin_pin); + bool NitrokeyManager::set_unencrypted_volume_rorw_pin_type_user(const int minor_firmware_version) const { + return minor_firmware_version <= 48 || minor_firmware_version == 50; } - void NitrokeyManager::export_firmware(const char* admin_pin) { + void NitrokeyManager::export_firmware(const char* admin_pin) { misc::execute_password_command(device, admin_pin); } diff --git a/include/NitrokeyManager.h b/include/NitrokeyManager.h index 12aae0d..08da8ba 100644 --- a/include/NitrokeyManager.h +++ b/include/NitrokeyManager.h @@ -126,9 +126,37 @@ char * strndup(const char* str, size_t maxlen); void unlock_hidden_volume(const char *hidden_volume_password); void lock_hidden_volume(); - void set_unencrypted_read_only(const char *user_admin_pin); - - void set_unencrypted_read_write(const char *user_admin_pin); + /** + * Sets unencrypted volume read-only. + * Works until v0.48 (incl. v0.50), where User PIN was sufficient + * Does nothing otherwise. + * @param user_pin User PIN + */ + void set_unencrypted_read_only(const char *user_pin); + + /** + * Sets unencrypted volume read-only. + * Works from v0.49 (except v0.50) accepts Admin PIN + * Does nothing otherwise. + * @param admin_pin Admin PIN + */ + void set_unencrypted_read_only_admin(const char *admin_pin); + + /** + * Sets unencrypted volume read-write. + * Works until v0.48 (incl. v0.50), where User PIN was sufficient + * Does nothing otherwise. + * @param user_pin User PIN + */ + void set_unencrypted_read_write(const char *user_pin); + + /** + * Sets unencrypted volume read-write. + * Works from v0.49 (except v0.50) accepts Admin PIN + * Does nothing otherwise. + * @param admin_pin Admin PIN + */ + void set_unencrypted_read_write_admin(const char *admin_pin); void export_firmware(const char *admin_pin); void enable_firmware_update(const char *firmware_pin); @@ -203,13 +231,30 @@ char * strndup(const char* str, size_t maxlen); void set_loglevel(int loglevel); - void set_encrypted_volume_read_only(const char *admin_pin); + /** + * Sets encrypted volume read-only. + * Supported from future versions of Storage. + * @param admin_pin Admin PIN + */ + void set_encrypted_volume_read_only(const char *admin_pin); - void set_encrypted_volume_read_write(const char *admin_pin); + /** + * Sets encrypted volume read-write. + * Supported from future versions of Storage. + * @param admin_pin Admin PIN + */ + void set_encrypted_volume_read_write(const char *admin_pin); int get_major_firmware_version(); bool is_smartcard_in_use(); + + /** + * Function to determine unencrypted volume PIN type + * @param minor_firmware_version + * @return Returns true, if set unencrypted volume ro/rw pin type is User, false otherwise. + */ + bool set_unencrypted_volume_rorw_pin_type_user(int minor_firmware_version) const; }; } -- cgit v1.2.3 From df36c4bf6b60903e458b86af89e2750dbcf263ff Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Fri, 23 Feb 2018 12:51:49 +0100 Subject: Tests: rename _admin related and skip not supported encrypted volume ro/rw tests Signed-off-by: Szczepan Zalega --- unittest/test_storage.py | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/unittest/test_storage.py b/unittest/test_storage.py index 9897727..41c785f 100644 --- a/unittest/test_storage.py +++ b/unittest/test_storage.py @@ -276,29 +276,31 @@ def test_unencrypted_volume_set_read_write(C): @pytest.mark.unencrypted -def test_unencrypted_volume_set_read_only(C): - skip_if_device_version_lower_than({'S': 49}) +def test_unencrypted_volume_set_read_only_admin(C): + skip_if_device_version_lower_than({'S': 51}) assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK - assert C.NK_set_unencrypted_read_only(DefaultPasswords.ADMIN) == DeviceErrorCode.STATUS_OK + assert C.NK_set_unencrypted_read_only_admin(DefaultPasswords.ADMIN) == DeviceErrorCode.STATUS_OK @pytest.mark.unencrypted -def test_unencrypted_volume_set_read_write(C): - skip_if_device_version_lower_than({'S': 49}) +def test_unencrypted_volume_set_read_write_admin(C): + skip_if_device_version_lower_than({'S': 51}) assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK - assert C.NK_set_unencrypted_read_write(DefaultPasswords.ADMIN) == DeviceErrorCode.STATUS_OK + assert C.NK_set_unencrypted_read_write_admin(DefaultPasswords.ADMIN) == DeviceErrorCode.STATUS_OK @pytest.mark.encrypted +@pytest.mark.skip(reason='not supported on recent firmware, except v0.49') def test_encrypted_volume_set_read_only(C): - skip_if_device_version_lower_than({'S': 49}) + skip_if_device_version_lower_than({'S': 99}) assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK assert C.NK_set_encrypted_read_only(DefaultPasswords.ADMIN) == DeviceErrorCode.STATUS_OK @pytest.mark.encrypted +@pytest.mark.skip(reason='not supported on recent firmware, except v0.49') def test_encrypted_volume_set_read_write(C): - skip_if_device_version_lower_than({'S': 49}) + skip_if_device_version_lower_than({'S': 99}) assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK assert C.NK_set_encrypted_read_write(DefaultPasswords.ADMIN) == DeviceErrorCode.STATUS_OK -- cgit v1.2.3 From bca1d0c3e458b3a12fe0117d1c7bd50548bef777 Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Fri, 23 Feb 2018 10:08:55 +0100 Subject: Tests: make sure encrypted volume is enabled before unlocking hidden volume Signed-off-by: Szczepan Zalega --- unittest/test_storage.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/unittest/test_storage.py b/unittest/test_storage.py index 41c785f..096709d 100644 --- a/unittest/test_storage.py +++ b/unittest/test_storage.py @@ -246,6 +246,8 @@ def test_hidden_volume_corruption(C): hidden_volume_password = b'hiddenpassword' p = lambda i: hidden_volume_password + bb(str(i)) volumes_to_setup = 4 + assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK + assert C.NK_unlock_encrypted_volume(DefaultPasswords.USER) == DeviceErrorCode.STATUS_OK for i in range(volumes_to_setup): assert C.NK_create_hidden_volume(i, 20 + i * 10, 20 + i * 10 + i + 1, p(i)) == DeviceErrorCode.STATUS_OK assert C.NK_unlock_hidden_volume(p(i)) == DeviceErrorCode.STATUS_OK -- cgit v1.2.3 From a262472826830ea0a98a4da2fa8f665d359b8789 Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Fri, 23 Feb 2018 14:02:06 +0100 Subject: Handle getting firmware version internally Signed-off-by: Szczepan Zalega --- NitrokeyManager.cc | 11 ++++++----- include/NitrokeyManager.h | 2 +- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/NitrokeyManager.cc b/NitrokeyManager.cc index f912c7c..d563b26 100644 --- a/NitrokeyManager.cc +++ b/NitrokeyManager.cc @@ -838,7 +838,7 @@ using nitrokey::misc::strcpyT; void NitrokeyManager::set_unencrypted_read_only_admin(const char* admin_pin) { //from v0.49, v0.51+ it needs Admin PIN - if (set_unencrypted_volume_rorw_pin_type_user(get_minor_firmware_version())){ + if (set_unencrypted_volume_rorw_pin_type_user()){ LOG("set_unencrypted_read_only_admin is not supported for this version of Storage device. " "Please update firmware to v0.51+", nitrokey::log::Loglevel::WARNING); return; @@ -850,7 +850,7 @@ using nitrokey::misc::strcpyT; //until v0.48 (incl. v0.50) User PIN was sufficient LOG("set_unencrypted_read_only is deprecated. Use set_unencrypted_read_only_admin instead.", nitrokey::log::Loglevel::WARNING); - if (!set_unencrypted_volume_rorw_pin_type_user(get_minor_firmware_version())){ + if (!set_unencrypted_volume_rorw_pin_type_user()){ LOG("set_unencrypted_read_only is not supported for this version of Storage device. Doing nothing.", nitrokey::log::Loglevel::WARNING); return; @@ -860,7 +860,7 @@ using nitrokey::misc::strcpyT; void NitrokeyManager::set_unencrypted_read_write_admin(const char* admin_pin) { //from v0.49, v0.51+ it needs Admin PIN - if (set_unencrypted_volume_rorw_pin_type_user(get_minor_firmware_version())){ + if (set_unencrypted_volume_rorw_pin_type_user()){ LOG("set_unencrypted_read_write_admin is not supported for this version of Storage device. " "Please update firmware to v0.51+.", nitrokey::log::Loglevel::WARNING); return; @@ -872,7 +872,7 @@ using nitrokey::misc::strcpyT; //until v0.48 (incl. v0.50) User PIN was sufficient LOG("set_unencrypted_read_write is deprecated. Use set_unencrypted_read_write_admin instead.", nitrokey::log::Loglevel::WARNING); - if (!set_unencrypted_volume_rorw_pin_type_user(get_minor_firmware_version())){ + if (!set_unencrypted_volume_rorw_pin_type_user()){ LOG("set_unencrypted_read_write is not supported for this version of Storage device. Doing nothing.", nitrokey::log::Loglevel::WARNING); return; @@ -880,7 +880,8 @@ using nitrokey::misc::strcpyT; misc::execute_password_command(device, user_pin); } - bool NitrokeyManager::set_unencrypted_volume_rorw_pin_type_user(const int minor_firmware_version) const { + bool NitrokeyManager::set_unencrypted_volume_rorw_pin_type_user(){ + auto minor_firmware_version = get_minor_firmware_version(); return minor_firmware_version <= 48 || minor_firmware_version == 50; } diff --git a/include/NitrokeyManager.h b/include/NitrokeyManager.h index 08da8ba..0db0856 100644 --- a/include/NitrokeyManager.h +++ b/include/NitrokeyManager.h @@ -254,7 +254,7 @@ char * strndup(const char* str, size_t maxlen); * @param minor_firmware_version * @return Returns true, if set unencrypted volume ro/rw pin type is User, false otherwise. */ - bool set_unencrypted_volume_rorw_pin_type_user(int minor_firmware_version) const; + bool set_unencrypted_volume_rorw_pin_type_user(); }; } -- cgit v1.2.3