From 0ee7ef7705ebfc0d419bba9a61db55fccd14b638 Mon Sep 17 00:00:00 2001
From: Robin Krahl <robin.krahl@ireas.org>
Date: Sat, 12 Jan 2019 16:51:47 +0000
Subject: Add set_unencrypted_volume_mode to Storage

The new set_unencrypted_volume_mode method sets the access mode of the
unencrypted volume on the Nitrokey Storage.  Depending on the requested
access mode, it calls either NK_set_unencrypted_read_only_admin or
NK_set_unencrypted_read_write_admin.

Note that this function requires firmware version 0.51 or later.
(Earlier firmware versions used the user PIN.)
---
 tests/device.rs | 34 +++++++++++++++++++++++++++++++++-
 1 file changed, 33 insertions(+), 1 deletion(-)

(limited to 'tests')

diff --git a/tests/device.rs b/tests/device.rs
index 6f21dcb..9985e7a 100644
--- a/tests/device.rs
+++ b/tests/device.rs
@@ -6,7 +6,7 @@ use std::{thread, time};
 
 use nitrokey::{
     Authenticate, CommandError, Config, ConfigureOtp, Device, GenerateOtp, GetPasswordSafe,
-    OtpMode, OtpSlotData,
+    OtpMode, OtpSlotData, Storage, VolumeMode,
 };
 use nitrokey_test::test as test_device;
 
@@ -398,6 +398,38 @@ fn lock(device: Storage) {
     assert_eq!(1, count_nitrokey_block_devices());
 }
 
+#[test_device]
+fn set_unencrypted_volume_mode(device: Storage) {
+    fn assert_mode(device: &Storage, mode: VolumeMode) {
+        let status = device.get_status();
+        assert!(status.is_ok());
+        assert_eq!(
+            status.unwrap().unencrypted_volume.read_only,
+            mode == VolumeMode::ReadOnly
+        );
+    }
+
+    fn assert_success(device: &Storage, mode: VolumeMode) {
+        assert_eq!(
+            Ok(()),
+            device.set_unencrypted_volume_mode(ADMIN_PASSWORD, mode)
+        );
+        assert_mode(&device, mode);
+    }
+
+    assert_success(&device, VolumeMode::ReadOnly);
+
+    assert_eq!(
+        Err(CommandError::WrongPassword),
+        device.set_unencrypted_volume_mode(USER_PASSWORD, VolumeMode::ReadOnly)
+    );
+    assert_mode(&device, VolumeMode::ReadOnly);
+
+    assert_success(&device, VolumeMode::ReadWrite);
+    assert_success(&device, VolumeMode::ReadWrite);
+    assert_success(&device, VolumeMode::ReadOnly);
+}
+
 #[test_device]
 fn get_storage_status(device: Storage) {
     let status = device.get_status().unwrap();
-- 
cgit v1.2.3