From c5d5ab12ab8ca6b9889550f050b859b76fa4bdd7 Mon Sep 17 00:00:00 2001 From: Robin Krahl Date: Thu, 3 Jan 2019 23:48:22 +0000 Subject: Update documentation and test for factory_reset Contrary to my previous beliefs, build_aes_key has to be called even after a factory reset using the Nitrokey API. This patch updates the documentation and the unit tests based on this insight. --- src/device.rs | 11 +++++++++-- tests/device.rs | 2 ++ 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/src/device.rs b/src/device.rs index aaf6283..78d0d82 100644 --- a/src/device.rs +++ b/src/device.rs @@ -515,6 +515,8 @@ pub trait Device: Authenticate + GetPasswordSafe + GenerateOtp { /// /// This commands performs a factory reset on the smart card (like the factory reset via `gpg /// --card-edit`) and then clears the flash memory (password safe, one-time passwords etc.). + /// After a factory reset, [`build_aes_key`][] has to be called before the password safe or the + /// encrypted volume can be used. /// /// # Errors /// @@ -536,6 +538,8 @@ pub trait Device: Authenticate + GetPasswordSafe + GenerateOtp { /// # Ok(()) /// # } /// ``` + /// + /// [`build_aes_key`]: #method.build_aes_key fn factory_reset(&self, admin_pin: &str) -> Result<(), CommandError> { let admin_pin_string = get_cstring(admin_pin)?; unsafe { get_command_result(nitrokey_sys::NK_factory_reset(admin_pin_string.as_ptr())) } @@ -544,8 +548,9 @@ pub trait Device: Authenticate + GetPasswordSafe + GenerateOtp { /// Builds a new AES key on the Nitrokey. /// /// The AES key is used to encrypt the password safe and the encrypted volume. You may need - /// to call this method after a factory reset using `gpg --card-edit`. You can also use it to - /// destory the data stored in the password safe or on the encrypted volume. + /// to call this method after a factory reset, either using [`factory_reset`][] or using `gpg + /// --card-edit`. You can also use it to destory the data stored in the password safe or on + /// the encrypted volume. /// /// # Errors /// @@ -567,6 +572,8 @@ pub trait Device: Authenticate + GetPasswordSafe + GenerateOtp { /// # Ok(()) /// # } /// ``` + /// + /// [`factory_reset`]: #method.factory_reset fn build_aes_key(&self, admin_pin: &str) -> Result<(), CommandError> { let admin_pin_string = get_cstring(admin_pin)?; unsafe { get_command_result(nitrokey_sys::NK_build_aes_key(admin_pin_string.as_ptr())) } diff --git a/tests/device.rs b/tests/device.rs index 06e014e..0ad4987 100644 --- a/tests/device.rs +++ b/tests/device.rs @@ -344,6 +344,8 @@ fn factory_reset() { assert_ne!("test".to_string(), pws.get_slot_name(0).unwrap()); assert_ne!("testlogin".to_string(), pws.get_slot_login(0).unwrap()); assert_ne!("testpw".to_string(), pws.get_slot_password(0).unwrap()); + + assert_eq!(Ok(()), device.build_aes_key(ADMIN_PASSWORD)); } #[test] -- cgit v1.2.1