From 78f926456a07047c34dc20b97fe04e55ba443528 Mon Sep 17 00:00:00 2001
From: Robin Krahl <robin.krahl@ireas.org>
Date: Sat, 12 Jan 2019 17:37:21 +0000
Subject: Add export_firmware method to Storage

The export_firmware method writes the firmware of the Nitrokey Storage
to the unencrypted storage.  We only test that the command succeeds as
mounting the unencrypted storage and accessing the file is out of scope
for the tests.
---
 TODO.md         |  1 -
 src/device.rs   | 21 +++++++++++++++++++++
 tests/device.rs | 18 ++++++++++++++++++
 3 files changed, 39 insertions(+), 1 deletion(-)

diff --git a/TODO.md b/TODO.md
index 113858a..7c8c5e6 100644
--- a/TODO.md
+++ b/TODO.md
@@ -1,7 +1,6 @@
 - Add support for the currently unsupported commands:
     - `NK_is_AES_supported`
     - `NK_send_startup`
-    - `NK_export_firmware`
     - `NK_clear_new_sd_card_warning`
     - `NK_fill_SD_card_with_random_data`
     - `NK_get_SD_usage_data_as_string`
diff --git a/src/device.rs b/src/device.rs
index ee8e31c..f247f58 100644
--- a/src/device.rs
+++ b/src/device.rs
@@ -1170,6 +1170,27 @@ impl Storage {
     pub fn wink(&self) -> Result<(), CommandError> {
         get_command_result(unsafe { nitrokey_sys::NK_wink() })
     }
+
+    /// Exports the firmware to the unencrypted volume.
+    ///
+    /// This command requires the admin PIN.  The unencrypted volume must be in read-write mode
+    /// when this command is executed.  Otherwise, it will still return `Ok` but not write the
+    /// firmware.
+    ///
+    /// This command unmounts the unencrypted volume if it has been mounted, so all buffers should
+    /// be flushed.  The firmware is written to the `firmware.bin` file on the unencrypted volume.
+    ///
+    /// # Errors
+    ///
+    /// - [`InvalidString`][] if one of the provided passwords contains a null byte
+    /// - [`WrongPassword`][] if the admin password is wrong
+    ///
+    /// [`InvalidString`]: enum.CommandError.html#variant.InvalidString
+    /// [`WrongPassword`]: enum.CommandError.html#variant.WrongPassword
+    pub fn export_firmware(&self, admin_pin: &str) -> Result<(), CommandError> {
+        let admin_pin_string = get_cstring(admin_pin)?;
+        get_command_result(unsafe { nitrokey_sys::NK_export_firmware(admin_pin_string.as_ptr()) })
+    }
 }
 
 impl Drop for Storage {
diff --git a/tests/device.rs b/tests/device.rs
index 9985e7a..e40ae12 100644
--- a/tests/device.rs
+++ b/tests/device.rs
@@ -437,3 +437,21 @@ fn get_storage_status(device: Storage) {
     assert!(status.serial_number_sd_card > 0);
     assert!(status.serial_number_smart_card > 0);
 }
+
+#[test_device]
+fn export_firmware(device: Storage) {
+    assert_eq!(
+        Err(CommandError::WrongPassword),
+        device.export_firmware("someadminpn")
+    );
+    assert_eq!(Ok(()), device.export_firmware(ADMIN_PASSWORD));
+    assert_eq!(
+        Ok(()),
+        device.set_unencrypted_volume_mode(ADMIN_PASSWORD, VolumeMode::ReadWrite)
+    );
+    assert_eq!(Ok(()), device.export_firmware(ADMIN_PASSWORD));
+    assert_eq!(
+        Ok(()),
+        device.set_unencrypted_volume_mode(ADMIN_PASSWORD, VolumeMode::ReadOnly)
+    );
+}
-- 
cgit v1.2.1