diff options
author | Robin Krahl <robin.krahl@ireas.org> | 2019-01-03 23:48:22 +0000 |
---|---|---|
committer | Robin Krahl <robin.krahl@ireas.org> | 2019-01-04 00:51:00 +0100 |
commit | c5d5ab12ab8ca6b9889550f050b859b76fa4bdd7 (patch) | |
tree | df703b4b54ac890b200b432207ba8d5c18322ec5 | |
parent | 7b4c1f73be9d430ebff698794a482d0a374b8dc9 (diff) | |
download | nitrokey-rs-c5d5ab12ab8ca6b9889550f050b859b76fa4bdd7.tar.gz nitrokey-rs-c5d5ab12ab8ca6b9889550f050b859b76fa4bdd7.tar.bz2 |
Update documentation and test for factory_reset
Contrary to my previous beliefs, build_aes_key has to be called even
after a factory reset using the Nitrokey API. This patch updates the
documentation and the unit tests based on this insight.
-rw-r--r-- | src/device.rs | 11 | ||||
-rw-r--r-- | tests/device.rs | 2 |
2 files changed, 11 insertions, 2 deletions
diff --git a/src/device.rs b/src/device.rs index aaf6283..78d0d82 100644 --- a/src/device.rs +++ b/src/device.rs @@ -515,6 +515,8 @@ pub trait Device: Authenticate + GetPasswordSafe + GenerateOtp { /// /// This commands performs a factory reset on the smart card (like the factory reset via `gpg /// --card-edit`) and then clears the flash memory (password safe, one-time passwords etc.). + /// After a factory reset, [`build_aes_key`][] has to be called before the password safe or the + /// encrypted volume can be used. /// /// # Errors /// @@ -536,6 +538,8 @@ pub trait Device: Authenticate + GetPasswordSafe + GenerateOtp { /// # Ok(()) /// # } /// ``` + /// + /// [`build_aes_key`]: #method.build_aes_key fn factory_reset(&self, admin_pin: &str) -> Result<(), CommandError> { let admin_pin_string = get_cstring(admin_pin)?; unsafe { get_command_result(nitrokey_sys::NK_factory_reset(admin_pin_string.as_ptr())) } @@ -544,8 +548,9 @@ pub trait Device: Authenticate + GetPasswordSafe + GenerateOtp { /// Builds a new AES key on the Nitrokey. /// /// The AES key is used to encrypt the password safe and the encrypted volume. You may need - /// to call this method after a factory reset using `gpg --card-edit`. You can also use it to - /// destory the data stored in the password safe or on the encrypted volume. + /// to call this method after a factory reset, either using [`factory_reset`][] or using `gpg + /// --card-edit`. You can also use it to destory the data stored in the password safe or on + /// the encrypted volume. /// /// # Errors /// @@ -567,6 +572,8 @@ pub trait Device: Authenticate + GetPasswordSafe + GenerateOtp { /// # Ok(()) /// # } /// ``` + /// + /// [`factory_reset`]: #method.factory_reset fn build_aes_key(&self, admin_pin: &str) -> Result<(), CommandError> { let admin_pin_string = get_cstring(admin_pin)?; unsafe { get_command_result(nitrokey_sys::NK_build_aes_key(admin_pin_string.as_ptr())) } diff --git a/tests/device.rs b/tests/device.rs index 06e014e..0ad4987 100644 --- a/tests/device.rs +++ b/tests/device.rs @@ -344,6 +344,8 @@ fn factory_reset() { assert_ne!("test".to_string(), pws.get_slot_name(0).unwrap()); assert_ne!("testlogin".to_string(), pws.get_slot_login(0).unwrap()); assert_ne!("testpw".to_string(), pws.get_slot_password(0).unwrap()); + + assert_eq!(Ok(()), device.build_aes_key(ADMIN_PASSWORD)); } #[test] |