summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRobin Krahl <robin.krahl@ireas.org>2019-01-03 23:48:22 +0000
committerRobin Krahl <robin.krahl@ireas.org>2019-01-04 00:51:00 +0100
commitc5d5ab12ab8ca6b9889550f050b859b76fa4bdd7 (patch)
treedf703b4b54ac890b200b432207ba8d5c18322ec5
parent7b4c1f73be9d430ebff698794a482d0a374b8dc9 (diff)
downloadnitrokey-rs-c5d5ab12ab8ca6b9889550f050b859b76fa4bdd7.tar.gz
nitrokey-rs-c5d5ab12ab8ca6b9889550f050b859b76fa4bdd7.tar.bz2
Update documentation and test for factory_reset
Contrary to my previous beliefs, build_aes_key has to be called even after a factory reset using the Nitrokey API. This patch updates the documentation and the unit tests based on this insight.
-rw-r--r--src/device.rs11
-rw-r--r--tests/device.rs2
2 files changed, 11 insertions, 2 deletions
diff --git a/src/device.rs b/src/device.rs
index aaf6283..78d0d82 100644
--- a/src/device.rs
+++ b/src/device.rs
@@ -515,6 +515,8 @@ pub trait Device: Authenticate + GetPasswordSafe + GenerateOtp {
///
/// This commands performs a factory reset on the smart card (like the factory reset via `gpg
/// --card-edit`) and then clears the flash memory (password safe, one-time passwords etc.).
+ /// After a factory reset, [`build_aes_key`][] has to be called before the password safe or the
+ /// encrypted volume can be used.
///
/// # Errors
///
@@ -536,6 +538,8 @@ pub trait Device: Authenticate + GetPasswordSafe + GenerateOtp {
/// # Ok(())
/// # }
/// ```
+ ///
+ /// [`build_aes_key`]: #method.build_aes_key
fn factory_reset(&self, admin_pin: &str) -> Result<(), CommandError> {
let admin_pin_string = get_cstring(admin_pin)?;
unsafe { get_command_result(nitrokey_sys::NK_factory_reset(admin_pin_string.as_ptr())) }
@@ -544,8 +548,9 @@ pub trait Device: Authenticate + GetPasswordSafe + GenerateOtp {
/// Builds a new AES key on the Nitrokey.
///
/// The AES key is used to encrypt the password safe and the encrypted volume. You may need
- /// to call this method after a factory reset using `gpg --card-edit`. You can also use it to
- /// destory the data stored in the password safe or on the encrypted volume.
+ /// to call this method after a factory reset, either using [`factory_reset`][] or using `gpg
+ /// --card-edit`. You can also use it to destory the data stored in the password safe or on
+ /// the encrypted volume.
///
/// # Errors
///
@@ -567,6 +572,8 @@ pub trait Device: Authenticate + GetPasswordSafe + GenerateOtp {
/// # Ok(())
/// # }
/// ```
+ ///
+ /// [`factory_reset`]: #method.factory_reset
fn build_aes_key(&self, admin_pin: &str) -> Result<(), CommandError> {
let admin_pin_string = get_cstring(admin_pin)?;
unsafe { get_command_result(nitrokey_sys::NK_build_aes_key(admin_pin_string.as_ptr())) }
diff --git a/tests/device.rs b/tests/device.rs
index 06e014e..0ad4987 100644
--- a/tests/device.rs
+++ b/tests/device.rs
@@ -344,6 +344,8 @@ fn factory_reset() {
assert_ne!("test".to_string(), pws.get_slot_name(0).unwrap());
assert_ne!("testlogin".to_string(), pws.get_slot_login(0).unwrap());
assert_ne!("testpw".to_string(), pws.get_slot_password(0).unwrap());
+
+ assert_eq!(Ok(()), device.build_aes_key(ADMIN_PASSWORD));
}
#[test]